diff --git a/.editorconfig b/.editorconfig
index 6e1b7d5ab..0c95aa667 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -6,6 +6,7 @@ indent_size = 2
 insert_final_newline = true
 charset = utf-8
 end_of_line = lf
+trim_trailing_whitespace = true
 
 [{pom.xml,*.md}]
 indent_style = space
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 000000000..3fef52615
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,2 @@
+* text eol=lf
+*.bin binary
diff --git a/.github/actions/download-artifact/action.yml b/.github/actions/download-artifact/action.yml
new file mode 100644
index 000000000..1063946ba
--- /dev/null
+++ b/.github/actions/download-artifact/action.yml
@@ -0,0 +1,62 @@
+name: Download artifact
+description: Wrapper around GitHub's official action, with additional extraction before download
+
+# https://github.com/actions/download-artifact/blob/main/action.yml
+inputs:
+  name:
+    description: Artifact name
+    required: true
+  path:
+    description: Destination path
+    required: false
+    default: .
+
+runs:
+  using: composite
+  steps:
+    - name: Download artifacts
+      if: github.event_name != 'workflow_run'
+      uses: actions/download-artifact@v7
+      with:
+        pattern: ${{ inputs.name }}
+        path: ${{ inputs.path }}
+        merge-multiple: true
+
+    - name: Download artifacts
+      if: github.event_name == 'workflow_run'
+      #v12
+      uses: dawidd6/action-download-artifact@0bd50d53a6d7fb5cb921e607957e9cc12b4ce392
+      with:
+        workflow: ${{ github.event.workflow_run.name }}
+        run_id: ${{ github.event.workflow_run.id }}
+        name: ${{ inputs.name }}
+        path: ${{ inputs.path }}
+        name_is_regexp: true
+
+    - name: Extract artifacts
+      if: github.event_name != 'workflow_run'
+      run: |
+        for t in ${{ inputs.name }}*.tar
+        do
+          tar -xvf "${t}"
+        done
+      shell: bash
+      working-directory: ${{ inputs.path }}
+
+    - name: Extract artifacts
+      if: github.event_name == 'workflow_run'
+      run: |
+        for t in ${{ inputs.name }}/${{ inputs.name }}*.tar
+        do
+          mv "${t}" .
+          tar -xvf "${t}"
+        done
+      shell: bash
+      working-directory: ${{ inputs.path }}
+
+    - name: Remove archive
+      run: |
+        rm -f ${{ inputs.name }}.tar
+        rm -f ${{ inputs.name }}.zip
+      shell: bash
+      working-directory: ${{ inputs.path }}
diff --git a/.github/actions/prepare-analysis/action.yml b/.github/actions/prepare-analysis/action.yml
new file mode 100644
index 000000000..7a7b9fad7
--- /dev/null
+++ b/.github/actions/prepare-analysis/action.yml
@@ -0,0 +1,64 @@
+name: Prepare code analysis
+description: Prepare the working directory for SonarQube code analysis
+
+inputs:
+  cache:
+    description: Cache type
+
+runs:
+  using: composite
+  steps:
+    - name: Get reports
+      uses: ./.github/actions/download-artifact
+      with:
+        name: reports-*
+
+    - name: Get coverage
+      uses: ./.github/actions/download-artifact
+      with:
+        name: merged-coverage
+
+    - name: Get classes
+      uses: ./.github/actions/download-artifact
+      with:
+        name: classes
+
+    - name: Create paths for JUnit reporting
+      id: junit_paths
+      shell: bash
+      run: |
+        report_paths=""
+        check_name=""
+        for file in target/surefire-reports-*
+        do
+          report_paths="${file}/TEST-*.xml"$'\n'"${report_paths}"
+          check_name="JUnit Report ${file##target/surefire-reports-}"$'\n'"${check_name}"
+        done
+        echo "report_paths<<EOF"$'\n'"${report_paths}EOF" >> $GITHUB_OUTPUT
+        echo "check_name<<EOF"$'\n'"${check_name}EOF" >> $GITHUB_OUTPUT
+
+    - name: Publish Test Report
+      #v6.1.0
+      uses: mikepenz/action-junit-report@a294a61c909bd8a4b563024a2faa28897fd53ebc
+      with:
+        commit: ${{ github.event.workflow_run.head_sha }}
+        report_paths: ${{ steps.junit_paths.outputs.report_paths }}
+        check_name: ${{ steps.junit_paths.outputs.check_name }}
+        require_tests: true
+        check_retries: true
+        detailed_summary: true
+
+    - name: Set up JDK
+      uses: actions/setup-java@v5
+      with:
+        java-version: ${{ env.BUILD_JAVA_VERSION }}
+        distribution: temurin
+        cache: ${{ inputs.cache }}
+
+    - name: Cache SonarCloud packages
+      if: inputs.cache
+      uses: actions/cache@v5
+      with:
+        path: ~/.sonar/cache
+        key: ${{ runner.os }}-sonar
+        restore-keys: ${{ runner.os }}-sonar
diff --git a/.github/actions/upload-artifact/action.yml b/.github/actions/upload-artifact/action.yml
new file mode 100644
index 000000000..ab93f1fbc
--- /dev/null
+++ b/.github/actions/upload-artifact/action.yml
@@ -0,0 +1,50 @@
+name: Upload artifact
+description: Wrapper around GitHub's official action, with additional archiving before upload
+
+# https://github.com/actions/upload-artifact/blob/main/action.yml
+inputs:
+  name:
+    description: Artifact name
+    required: true
+  filename:
+    description: Tar filename in artifact
+    required: false
+    default: ''
+  path:
+    description: One or more files, directories or wildcard pattern that describes what to upload
+    required: true
+  if-no-files-found:
+    description: >
+      The desired behavior if no files are found using the provided path.
+      Available Options:
+        warn: Output a warning but do not fail the action
+        error: Fail the action with an error message
+        ignore: Do not output any warnings or errors, the action does not fail
+    required: false
+    default: warn
+  retention-days:
+    description: >
+      Duration after which artifact will expire in days. 0 means using default retention.
+      Minimum 1 day.
+      Maximum 90 days unless changed from the repository settings page.
+    required: false
+    default: '1'
+
+runs:
+  using: composite
+  steps:
+    - name: Archive artifacts
+      run: tar -cvf "${{inputs.name}}${{ inputs.filename }}.tar" $(echo "${{ inputs.path }}" | tr '\n' ' ')
+      shell: bash
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v6
+      with:
+        if-no-files-found: ${{ inputs.if-no-files-found }}
+        name: ${{ inputs.name }}
+        path: ${{ inputs.name }}${{ inputs.filename }}.tar
+        retention-days: ${{ inputs.retention-days }}
+
+    - name: Remove archive
+      run: rm -f ${{ inputs.name }}.tar
+      shell: bash
diff --git a/.github/workflows/analyze.yml b/.github/workflows/analyze.yml
new file mode 100644
index 000000000..31b3c7775
--- /dev/null
+++ b/.github/workflows/analyze.yml
@@ -0,0 +1,91 @@
+name: Analyze PR
+
+on:
+  workflow_run:
+    workflows:
+      - 'Build'
+    types:
+      - completed
+
+permissions:
+  pull-requests: read
+  contents: read
+  checks: write
+
+env:
+  BUILD_JAVA_VERSION: '25'
+
+jobs:
+  analyze:
+    name: Analyze Code
+    # Only run on forks, in-repo PRs are analyzed directly
+    if: github.event.workflow_run.head_repository.owner.login != 'dnsjava'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download PR number artifact
+        id: get_pr_number
+        #v12
+        uses: dawidd6/action-download-artifact@0bd50d53a6d7fb5cb921e607957e9cc12b4ce392
+        with:
+          workflow: ${{ github.event.workflow_run.name }}
+          run_id: ${{ github.event.workflow_run.id }}
+          name: pr_number
+
+      - name: Read Pull Request Number
+        id: pr_number
+        run: |
+          PR=$(cat pr_number.txt)
+          echo "pr_number=${PR}" >> "$GITHUB_OUTPUT"
+
+      - name: Request PR data from GitHub API
+        id: get_pr_data
+        if: steps.get_pr_number.outputs.found_artifact
+        #v2.4.0
+        uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          route: GET /repos/{full_name}/pulls/{number}
+          full_name: ${{ github.event.repository.full_name }}
+          number: ${{ steps.pr_number.outputs.pr_number }}
+
+      - name: Checkout PR
+        uses: actions/checkout@v6
+        with:
+          repository: ${{ github.event.workflow_run.head_repository.full_name }}
+          ref: ${{ github.event.workflow_run.head_sha }}
+          persist-credentials: false
+          path: pr
+          # for Sonar
+          fetch-depth: 0
+
+      - name: Checkout base
+        uses: actions/checkout@v6
+        with:
+          repository: ${{ github.event.repository.full_name }}
+          ref: ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}
+          persist-credentials: false
+          path: base
+
+      - name: Get analysis data
+        uses: ./base/.github/actions/prepare-analysis
+
+      - name: Run SonarQube
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          WF_REVISION: ${{ github.event.workflow_run.head_sha }}
+          WF_PRKEY: ${{ fromJson(steps.get_pr_data.outputs.data).number }}
+          WF_BRANCH: ${{ fromJson(steps.get_pr_data.outputs.data).head.ref }}
+          WF_BASE: ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}
+        run: |
+          cp -f base/pom.xml pr/
+          cd pr
+          mvn -B \
+          -f pom.xml \
+          -Dsonar.scm.revision='${WF_REVISION}' \
+          -Dsonar.pullrequest.key='${WF_PRKEY}' \
+          -Dsonar.pullrequest.branch='${WF_BRANCH}' \
+          -Dsonar.pullrequest.base='${WF_BASE}' \
+          properties:read-project-properties \
+          org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 000000000..b1f3c236a
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,228 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - master
+      - 'release/**'
+  pull_request:
+    branches:
+      - master
+      - 'release/**'
+
+env:
+  BUILD_JAVA_VERSION: '25'
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest, windows-latest ]
+        java: [ '8', '11', '17', '21', '25' ]
+        arch: [ 'x64' ]
+        include:
+          - os: windows-latest
+            java: '17'
+            arch: x86
+
+    name: Java ${{ matrix.java }}/${{ matrix.arch }}/${{ matrix.os }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Set up JDK ${{ matrix.java }}
+        uses: actions/setup-java@v5
+        with:
+          java-version: ${{ matrix.java }}
+          architecture: ${{ matrix.arch }}
+          distribution: temurin
+          cache: maven
+
+      - name: Build with Maven
+        shell: bash
+        run: |
+          TEST_EXCLUSIONS=$([ '${{ matrix.java }}' == '25' ] && echo "" || echo "concurrency" )
+          mvn verify \
+            -B \
+            -Dsurefire.rerunFailingTestsCount=2 \
+            -"Dgpg.skip" \
+            -DexcludedGroups="${TEST_EXCLUSIONS}" \
+            jacoco:report
+
+      - name: Copy build reports
+        shell: bash
+        if: always() # always run even if the previous step fails
+        run: |
+          cd target
+          mv jacoco.exec jacoco-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}.exec
+          mv surefire-reports surefire-reports-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}
+
+      - name: Verify that the main classes are really compiled for Java 8
+        if: matrix.os == 'ubuntu-latest'
+        run: |
+          class_file_version=$(javap -v target/classes/org/xbill/DNS/SimpleResolver.class | grep -oP "major version: \K\d+")
+          echo "::notice file=SimpleResolver.class::Class file version ${class_file_version}"
+          if [ "${class_file_version}" != "52" ]; then
+            echo "::error file=SimpleResolver.class::Class file version is not Java 8"
+            exit 1
+          fi
+
+      - name: Upload classes
+        uses: ./.github/actions/upload-artifact
+        if: always() && matrix.java == env.BUILD_JAVA_VERSION && matrix.arch == 'x64' && matrix.os == 'ubuntu-latest'
+        with:
+          name: classes
+          path: target/*classes
+
+      - name: Upload JUnit Reports
+        uses: ./.github/actions/upload-artifact
+        if: always() # always run even if the previous step fails
+        with:
+          name: reports-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}
+          filename: ${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}
+          path: target/surefire-reports-*/TEST-*.xml
+
+      - name: Upload Coverage Reports
+        uses: ./.github/actions/upload-artifact
+        if: always() # always run even if the previous step fails
+        with:
+          name: coverage-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}
+          filename: ${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}
+          path: target/jacoco-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}.exec
+
+  report:
+    name: JUnit Reports/JaCoCo Merge
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Set up JDK
+        uses: actions/setup-java@v5
+        with:
+          java-version: ${{ env.BUILD_JAVA_VERSION }}
+          distribution: temurin
+          cache: maven
+
+      - name: Get coverage artifact
+        uses: ./.github/actions/download-artifact
+        with:
+          name: coverage-*
+
+      - name: Get classes
+        uses: ./.github/actions/download-artifact
+        with:
+          name: classes
+
+      - name: Merge JaCoCo and output
+        run: mvn -B jacoco:merge jacoco:report
+
+      - name: Upload
+        uses: ./.github/actions/upload-artifact
+        with:
+          name: merged-coverage
+          path: |
+            target/site/jacoco
+            target/jacoco.exec
+
+      - name: Save PR number to file
+        if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.owner.login != 'dnsjava'
+        run: echo ${{ github.event.number }} > pr_number.txt
+
+      - name: Archive PR number
+        if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.owner.login != 'dnsjava'
+        uses: actions/upload-artifact@v6
+        with:
+          name: pr_number
+          path: pr_number.txt
+
+  analyze:
+    name: Analyze Code
+    runs-on: ubuntu-latest
+    needs: report
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.owner.login == 'dnsjava'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          # for Sonar
+          fetch-depth: 0
+
+      - name: Get analysis data
+        uses: ./.github/actions/prepare-analysis
+        with:
+          cache: maven
+
+      - name: Run codecov
+        #v5.5.2
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de
+
+      # doesn't work with PRs from forks, see
+      # https://portal.productboard.com/sonarsource/1-sonarcloud/c/50-sonarcloud-analyzes-external-pull-request
+      # or https://jira.sonarsource.com/browse/MMF-1371 (not public anymore)
+      - name: Run SonarQube
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: mvn -B properties:read-project-properties org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+
+  release:
+    if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release/')
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Set up JDK ${{ env.BUILD_JAVA_VERSION }}
+        uses: actions/setup-java@v5
+        with:
+          java-version: ${{ env.BUILD_JAVA_VERSION }}
+          architecture: 'x64'
+          distribution: temurin
+          cache: maven
+          server-id: central
+          server-username: SONATYPE_USER
+          server-password: SONATYPE_PW
+
+      - name: Release to Maven Central
+        env:
+          SONATYPE_USER: ${{ secrets.SONATYPE_USER }}
+          SONATYPE_PW: ${{ secrets.SONATYPE_PW }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PW }}
+        run: |
+          cat <(echo -e "${{ secrets.GPG_KEY }}") | gpg --batch --import
+          gpg --list-secret-keys --keyid-format LONG
+          mvn \
+            --no-transfer-progress \
+            --batch-mode \
+            compile
+          # Verify that the main classes are really compiled for Java 8
+          class_file_version=$(javap -v target/classes/org/xbill/DNS/SimpleResolver.class | grep -oP "major version: \K\d+")
+          echo "::notice file=SimpleResolver.class::Class file version ${class_file_version}"
+          if [ "${class_file_version}" == "52" ]; then
+            mvn \
+              --no-transfer-progress \
+              --batch-mode \
+              -DperformRelease=true \
+              -DskipTests \
+              -Dcheckstyle.skip \
+              -Dspotless.check.skip=true \
+              -Danimal.sniffer.skip=true \
+              deploy
+          else
+            echo "::error file=SimpleResolver.class::Class file version is not Java 8"
+            exit 1
+          fi
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 000000000..f3280389c
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,61 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+      - master
+      - 'release/**'
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches:
+      - master
+      - 'release/**'
+  schedule:
+    #daily at 01:19 UTC
+    - cron: '19 1 * * *'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: java
+
+      - name: Set up JDK 25
+        uses: actions/setup-java@v5
+        with:
+          java-version: 25
+          distribution: temurin
+          check-latest: true
+          cache: maven
+
+      - name: Build with Maven
+        # Skip tests, code style, etc. This is handled in the regular CI workflows.
+        run: |
+          mvn clean package -B -V \
+            -DskipTests \
+            -Dgpg.skip \
+            -Dcheckstyle.skip \
+            -Denforcer.skip \
+            -Dmaven.javadoc.skip \
+            -Dspotless.check.skip=true \
+            -Danimal.sniffer.skip=true \
+            compile \
+            test-compile
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
diff --git a/.gitignore b/.gitignore
index 4c4dfaab2..7ea6feabc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@
 *.iml
 target/
 .DS_Store
-
+.vscode/
+jcstress-results-*
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index f7d6f2e3a..000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-branches:
-  only:
-    - master
-
-language: java
-jdk:
-  - openjdk8
-
-install: mvn install -DskipTests=true -Dmaven.javadoc.skip=true -Dgpg.skip -B -V
-script: mvn test jacoco:report coveralls:report -Dgpg.skip -B
diff --git a/Changelog b/Changelog
index 72f0610ff..9356884fd 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,231 @@
+01/18/2026
+	- 3.6.4 released
+	- Fix Zone-class serialization (#391)
+	- Avoid Double DNS Lookup for Names with Labels >= ndots (#388)
+	- Prevent NPE when calling Message#getTSIG() on DNS request with
+	  bad header (#384)
+	- Unwrap an exception in the legacy callback-based async interface (#383)
+	- Prevent ConcurrentModificationException in NIO clients
+	  (#379, @bhaveshthakker)
+	- Handle `null` in all setSearchPath overloads equally (#157)
+	- Reduce warning level of invalid `hosts` file entries (#371)
+	- Remove a lock on the hot-path in the `hosts` file parser (#371)
+	- DoH Resolver makes use of the Multi-Release jar and tests are executed
+	  for Java 8 and 11+ implementations (#385)
+	- Fix DoH Resolver initial request delay (#385)
+
+01/26/2025
+	- 3.6.3 released
+	- Support custom hosts file size (@flaming-archer, #349)
+	- Fix origin handling in zone loaded from file or stream (#346)
+	- Prevent TCP port leak when closing IO (#351)
+	- Fix confusing parameter name in CNAMERecord (@chkal, #354)
+	- Optionally disable ShutdownHook in NioClient (@SvenssonWeb, #359)
+	- TSIG algorithm names from RFC 8945
+	- Message.toWire can exceed MAXLENGTH (#355)
+	- TCP query might fail if the shared buffer is full (#357)
+	- Dynamic updates silently truncates records (#356)
+	- Fix DoH initial request using recommended nanoTime calculation
+	 (@LinZong, #345)
+
+09/21/2024
+	- 3.6.2 released
+	- Add new IANA Trust Anchor (@technolord, #337)
+	- Fix Zone handling with signed SOA (@frankarinnet, #335)
+
+07/28/2024
+	- 3.6.1 released
+	- Properly fix LookupSession doesn't cache CNAMEs (#316)
+	- Move JEP-418 SPI to Java 18 to support EOL workflows (#329)
+
+07/21/2024
+	- 3.6.0 released
+	- Fix CVE-2024-25638 (GHSA-cfxw-4h78-h7fw)
+	  Lookup and LookupSession do not sanitize input properly,
+	  allowing to smuggle additional responses, even with DNSSEC.
+	  I would like to thank Thomas Bellebaum from Fraunhofer AISEC
+	  (@bellebaum) and Martin Schanzenbach (@schanzen) for reporting
+	  and assisting me with this issue.
+	- Fix CVE-2023-50387 (GHSA-crjg-w57m-rqqf)
+	  Denial-of-Service Algorithmic Complexity Attacks (KeyTrap)
+	- Fix CVE-2023-50868 (GHSA-mmwx-rj87-vfgr)
+	  NSEC3 closest encloser proof can exhaust CPU resources (KeyTrap)
+	- Fix running all DNSSEC on the specified executor
+	- Add new DNSSEC algorithm constants for SM2SM3 and ECC-GOST12
+	- Add A/AAAA record constructor with IP address byte array
+	- Validate DS record digest lengths (#250)
+	- Fix NPE in SimpleResolver on invalid responses (#277)
+	- Add support for JEP 418: Internet-Address Resolution SPI (#290)
+	- Full JPMS support (#246)
+	- Pluggable I/O for SimpleResolver
+	  (@chrisruffalo, #253)
+	- UDP port leak in SimpleResolver (#318)
+	- Fix clean shutdown in app containers when never used (#319)
+	- Fix concurrency issue in I/O clients (#315, #323)
+	- LookupSession doesn't cache CNAMEs (#316)
+	- SimpleResolver can fail with UPDATE response (#322)
+	- Replace synchronization in Zone with locks
+	  (#305, based on work from @srijeet0406 in #306)
+
+11/11/2023
+	- 3.5.3 released
+	- Fix CNAME in LookupSession (#279)
+	- Fix Name constructor failing with max length, relative name
+	  and root origin (#289, @MMauro94)
+	- Add config option for Resolver I/O timeout (#273, @vmarian2)
+	- Extend I/O logging
+	- Prevent exception during TCP I/O with missing or truncated
+	  length prefix
+	- Use internal base64 codec for Android compatibility (#271)
+	- Fix multi-message TSIG stream verification for pre-RFC8945
+	  servers (#295, @frankarinnet and @nguichon)
+	- Add StreamGenerator for generating RFC8945 compliant
+	  multi-message streams (related to #295)
+
+11/16/2022
+	- 3.5.2 released
+	- Correctly render empty TXT records (#254)
+	- More validation on TLSA data input (#257)
+
+05/15/2022
+	- 3.5.1 released
+	- Fix validation of TSIG signed responses (#249)
+	- DS rdata digest validation hexadecimal digits (#252)
+
+02/05/2022
+	- 3.5.0 released
+	- Add full built-in support for DNSSEC based on dnssecjava (#209)
+	- Make Record classes serializable again (#242)
+	- Allow SVCB ServiceMode records without params
+	  (#244, @adam-stoler)
+	- Fix TCPClient receive timeouts
+	  (#218 @nguydavi, #219)
+
+12/05/2021
+	- 3.4.3 released
+	- Fix handling of buffers in DNSInput
+	  (#224, #225 @nresare)
+	- Clear existing nameservers on config refresh (#226)
+	- Fix exception when calling ResolverConfig.refresh (#234)
+
+09/19/2021
+	- 3.4.2 released
+	- Document behavior of ExtendedResolver.setTimeout (#206)
+	- Add overloads to use an Executor when sending queries in
+	  resolvers (#211)
+	- Remove synchronous locks in DoH Resolver (related to #211)
+	- Fix broken CNAME handling in LookupSession (#212)
+	- "WireParseException: bad label type" when parsing Message
+	  from ByteBuffer (#213)
+	- Remove unnecessary synchronization in org.xbill.DNS.Header::getID
+	  (#215, @maltalex)
+	- Add examples for the LookupSession and direct Resolver usage
+
+07/30/2021
+	- 3.4.1 released
+	- Allow signing with ED25519 and ED448 algorithms
+	  (#200, Klaus Malorny)
+	- Rename echconfig to ech in SVCB/HTTPS records
+	  (#202, @adam-stoler)
+	- Fix bug in Name.compareTo with byte-values >= 128
+	  (#205, @adam-stoler)
+
+06/09/2021
+	- 3.4.0 released
+	- UnknownHostException provides details in message (#154)
+	- Limit length of relative Name to 254 (#165)
+	- Fix wildcard lookups in Zone (#169)
+	- Properly close UDP channel upon error
+	  (#177, Walter Scott Johnson)
+	- Fix load balancing in ExtendedResolver
+	  (#179, Paulo Costa)
+	- Add method to shutdown NIO threads (#180)
+	- Fix restoring active position on byte buffers
+	  (#184, @ryru)
+	- Add support for extended DNS errors (RFC8914, #187)
+	- Fix TTL for SOA record to minimum of TTL and minimum field
+	  (#191, @amitknx)
+	- Add support for hosts file in lookups (#195)
+
+10/28/2020
+	- 3.3.1 released
+	- Fix value of getAlias in C/DNameRecord (#136)
+	- Fix bug with SVCB/HTTPS parsing of master file format
+	  (PR#135, @adam-stoler)
+
+09/27/2020
+	 - 3.3.0 released
+	 - Add support for SVCB and HTTPS records
+	   (PR#116, @adam-stoler)
+	 - Fix an issue with ndots in Lookup (#118)
+	 - Support IPv4 mapped IPv6 address in AAAA record
+	   (PR#120, @spwei)
+	 - Validate range in Type
+	 - Improve DOH Resolver (#123, #127)
+	   Note that this resolver is more a proof of concept and not
+	   production ready. See Javadoc and issue #123.
+
+07/11/2020
+	- 3.2.2 released
+	- Fix JNA access violation in WindowsResolverConfigProvider
+	  on 32bit JVMs
+
+06/22/2020
+	- 3.2.1 released
+	- Include sources and Javadoc
+
+06/22/2020
+	- 3.2.0 released
+	- Add Javadoc @since tags for APIs introduced since 3.0
+	- Fix requiring JNA in certain classloaders (#112)
+	- Add property to skip initializing builtin resolver config (#112)
+	- Make ResolverConfig and Resolver API public (#111)
+	- Add properties for a fallback resolver config provider (#111)
+	- Close UDP socket on failures (#110)
+	- Refactor TSIG code and add trace logging (#109)
+
+05/15/2020
+	- 3.1.0 released
+	- Fix order of OPT and TSIG records in messages (#108)
+	- Fix RRset.cycle() short overflows (#102)
+	- Fix race condition in resolver I/O (#104)
+	- Add support for custom record types
+	  (#94, Klaus Malorny <Klaus.Malorny@knipp.de>)
+
+03/19/2020
+	- 3.0.2 released
+	- Only select for tcp write when there is something to write
+	  (PR#96, Rouzbeh Delavari)
+
+02/23/2020
+	- 3.0.1 released
+	- Fix toString of RRset reporting empty when it contains signatures
+	- Fix a potential sorting bug when creating a DNSSEC digest
+	- Fix getting the resolvers of an ExtendedResolver (#92)
+
+02/15/2020
+	- 3.0.0 released
+	- Parse RRsig records with epoch time format
+	- Add support for EdDSA DNSSEC signatures if BouncyCastle is available
+	  (Ed25519 and Ed448, RFC 8080)
+	- Add missing RCode, OpCode and RR type mnemonics
+
+01/19/2020:
+	- 3.0.0-next.1 released
+	- Requires Java 8 and slf4j-api
+	- Adds support for Java 9+ and Android O+ via a new server config
+	  lookup system (#6, #9)
+	- Resolving is now fully asynchronous, no new thread per query anymore
+	- Message provides information about the resolver that produced it (#41)
+	- Add support for Host Identity Protocol (HIP) records (RFC 8005, #47)
+	- Adds a DNS over HTTP (DoH) resolver (#66)
+	- Fixes some issues with the OSGi manifest (#70)
+	- Add support for the RES_OPTIONS environment variable (#57)
+	- Add support for relative $INCLUDE paths in master files (#75)
+	- Add support for custom DNS server port in config properties (#80)
+	- Adds new EDNS(0) options
+	- See the README for hints on migrating from v2.1.x to v3
+
 05/25/2019:
 	- 2.1.9 released
 	- Fix getRRsetType for empty RRSIG records.
@@ -301,7 +529,7 @@
 	- The TSIG verification routines (TSIG.verify,
 	  TSIG.StreamVerifier.verify() now update the Message object with the
 	  status of the verification in addition to returning the status.
-	
+
 6/03/2009
 	- The lists of servers and searchlist entries in ResolverConfig should
 	  not be static.
@@ -536,7 +764,7 @@
 
 5/7/2005
 	- Fix several problems with empty names.
-	  (Matt Rutherford <rutherfo@cs.colorado.edu>)  
+	  (Matt Rutherford <rutherfo@cs.colorado.edu>)
 
 4/23/2005
 	- As per RFC 2181, the maximum allowed TTL value is 0x7FFFFFFF.
@@ -960,7 +1188,7 @@
 	- Converting some types of records (TXT, for example) to wire format
 	  could throw an IndexOutOfBoundsException.
 	- TSIG signed UDP queries weren't properly verified by jnamed.
-	- Add a method to render a Message with a specified maximum size - 
+	- Add a method to render a Message with a specified maximum size -
 	  this method will properly truncate large responses and apply
 	  TSIG signatures.
 
@@ -1026,7 +1254,7 @@
 
 10/6/2002
 	- Fix minor bugs in Name code (Bob Halley <bob.halley@nominum.com>)
-	  
+
 10/1/2002
 	- Memory usage and speed improvements to the TypeMap class.
 
@@ -1259,7 +1487,7 @@
 	  (Christopher Fitch <cfitch@sbti.com>)
 	- Added a routine to build a SIG record based on the results of
 	  a DSA signature (Pasi Eronen <pe@iki.fi>)
-	
+
 8/13/2000
 	- Added 'clear' command to update client
 	- Removed some deprecated code
@@ -1529,21 +1757,21 @@
 5/13/1999
 	- split WorkerThread into WorkerThread and ResolveThread
 
-4/25/1999	
+4/25/1999
 	- moved files to org.xbill.DNS
 	- Cache round-robins RRsets before handing them out
 	- changed the way ExtendedResolver decides when to send queries
 	- various reflection changes
 
-4/21/1999	
+4/21/1999
 	- minor WorkerThread fixes
 
-4/19/1999	
+4/19/1999
 	- 0.9.1 released
 	- WorkerThreads should die after 15 minutes of idle time
 	- Address.getByName/getAllByName handle dotted quad IP addresses
 
-4/18/1999	
+4/18/1999
 	- 0.9 released
 	- Finished javadoc-ing classes in DNS.*
 	- Server should work now
diff --git a/EXAMPLES.md b/EXAMPLES.md
index 629411ce8..fd4cc7a38 100644
--- a/EXAMPLES.md
+++ b/EXAMPLES.md
@@ -1,6 +1,6 @@
-# dnsjava examples
+# dnsjava Examples
 
-All of these examples are code fragments.  Code using these fragments should
+All of these examples are code fragments. Code using these fragments should
 check exceptions when appropriate, and should:
 
 ```java
@@ -13,33 +13,78 @@ import org.xbill.DNS.*;
 InetAddress addr = Address.getByName("www.dnsjava.org");
 ```
 
-## Get the MX target and preference of a name
+## Get the MX target and preference of a name (modern)
+```java
+LookupSession s = LookupSession.defaultBuilder().build();
+Name mxLookup = Name.fromString("gmail.com.");
+s.lookupAsync(mxLookup, Type.MX)
+    .whenComplete(
+        (answers, ex) -> {
+          if (ex == null) {
+            if (answers.getRecords().isEmpty()) {
+              System.out.println(mxLookup + " has no MX");
+            } else {
+              for (Record rec : answers.getRecords()) {
+                MXRecord mx = ((MXRecord) rec);
+                System.out.println(
+                    "Host " + mx.getTarget() + " has preference " + mx.getPriority());
+              }
+            }
+          } else {
+            ex.printStackTrace();
+          }
+        })
+    .toCompletableFuture()
+    .get();
+```
+
+## Get the MX target and preference of a name (legacy)
 
 ```java
-Record [] records = new Lookup("gmail.com", Type.MX).run();
-for (int i = 0; i &lt; records.length; i++) {
+Record[] records = new Lookup("gmail.com", Type.MX).run();
+for (int i = 0; i < records.length; i++) {
     MXRecord mx = (MXRecord) records[i];
     System.out.println("Host " + mx.getTarget() + " has preference " + mx.getPriority());
 }
 ```
 
+## Simple lookup with a Resolver
+```java
+Record queryRecord = Record.newRecord(Name.fromString("dnsjava.org."), Type.A, DClass.IN);
+Message queryMessage = Message.newQuery(queryRecord);
+Resolver r = new SimpleResolver("8.8.8.8");
+r.sendAsync(queryMessage)
+    .whenComplete(
+        (answer, ex) -> {
+          if (ex == null) {
+            System.out.println(answer);
+          } else {
+            ex.printStackTrace();
+          }
+        })
+    .toCompletableFuture()
+    .get();
+```
+
 ## Query a remote name server for its version
 
 ```java
 Lookup l = new Lookup("version.bind.", Type.TXT, DClass.CH);
 l.setResolver(new SimpleResolver(args[0]));
 l.run();
-if (l.getResult() == Lookup.SUCCESSFUL)
+if (l.getResult() == Lookup.SUCCESSFUL) {
     System.out.println(l.getAnswers()[0].rdataToString());
+}
 ```
 
 ## Transfer a zone from a server and print it
 
 ```java
-ZoneTransferIn xfr = ZoneTransferIn.newAXFR(new Name("."), "192.5.5.241", null);
-List records = xfr.run();
-for (Iterator it = records.iterator(); it.hasNext(); )
-    System.out.println(it.next());
+ZoneTransferIn xfr = ZoneTransferIn.newAXFR(Name.root, "192.5.5.241", null);
+xfr.run();
+for (Record r : xfr.getAXFR()) {
+    System.out.println(r);
+}
 ```
 
 ## Use DNS dynamic update to set the address of a host to a value specified on the command line
@@ -73,6 +118,75 @@ System.out.println(n2.equals(n));              // True
 // www
 // dnsjava
 // org
-for (int i = 0; i &lt; n.labels(); i++)
+for (int i = 0; i < n.labels(); i++) {
     System.out.println(n.getLabelString(i));
+}
+```
+
+## DNSSEC Resolver
+
+```java
+import java.io.*;
+
+import java.nio.charset.StandardCharsets;
+import org.xbill.DNS.*;
+
+public class ResolveExample {
+    // Root anchors, see https://data.iana.org/root-anchors/root-anchors.xml
+    static String ROOT =
+        ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n" +
+        ". IN DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16";
+
+    public static void main(String[] args) throws Exception {
+        // Send two sample queries using a standard resolver
+        SimpleResolver sr = new SimpleResolver("4.2.2.1");
+        System.out.println("Standard resolver:");
+        sendAndPrint(sr, "www.dnssec-failed.org.");
+        sendAndPrint(sr, "nic.ch.");
+
+        // Send the same queries using the validating resolver with the
+        // trust anchor of the root zone
+        // https://data.iana.org/root-anchors/root-anchors.xml
+        ValidatingResolver vr = new ValidatingResolver(sr);
+        vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII)));
+        System.out.println("\n\nValidating resolver:");
+        sendAndPrint(vr, "www.dnssec-failed.org.");
+        sendAndPrint(vr, "nic.ch.");
+    }
+
+    private static void sendAndPrint(Resolver vr, String name) throws IOException {
+        System.out.println("\n---" + name);
+        Record qr = Record.newRecord(Name.fromConstantString(name), Type.A, DClass.IN);
+        Message response = vr.send(Message.newQuery(qr));
+        System.out.println("AD-Flag: " + response.getHeader().getFlag(Flags.AD));
+        System.out.println("RCode:   " + Rcode.string(response.getRcode()));
+        for (RRset set : response.getSectionRRsets(Section.ADDITIONAL)) {
+            if (set.getName().equals(Name.root) && set.getType() == Type.TXT
+                && set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) {
+                System.out.println("Reason:  " + ((TXTRecord) set.first()).getStrings().get(0));
+            }
+        }
+    }
+}
+
+```
+
+This should result in an output like
+```
+Standard resolver:
+---www.dnssec-failed.org.
+AD-Flag: false
+RCode:   NOERROR
+---nic.ch.
+AD-Flag: false
+RCode:   NOERROR
+
+Validating resolver:
+---www.dnssec-failed.org.
+AD-Flag: false
+RCode:   SERVFAIL
+Reason:  Could not establish a chain of trust to keys for [dnssec-failed.org.]. Reason: No keys for dnssec-failed.org. have a DS for alg RSASHA1
+---nic.ch.
+AD-Flag: true
+RCode:   NOERROR
 ```
diff --git a/LICENSE b/LICENSE
index 70bae6b99..60bca5d90 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,24 +1,30 @@
-Copyright (c) 1998-2011, Brian Wellington.
+Copyright (c) 1998-2019, Brian Wellington
+Copyright (c) 2005 VeriSign. All rights reserved.
+Copyright (c) 2019-2023, dnsjava authors
+
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
 
-  * Redistributions of source code must retain the above copyright notice,
-    this list of conditions and the following disclaimer.
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
 
-  * Redistributions in binary form must reproduce the above copyright notice,
-    this list of conditions and the following disclaimer in the documentation
-    and/or other materials provided with the distribution.
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/README.adoc b/README.adoc
new file mode 100644
index 000000000..8f70f19be
--- /dev/null
+++ b/README.adoc
@@ -0,0 +1,408 @@
+= dnsjava
+
+image:https://github.com/dnsjava/dnsjava/actions/workflows/build.yml/badge.svg["GitHub CI Build Status",link="https://github.com/dnsjava/dnsjava/actions/workflows/build.yml"]
+image:https://codecov.io/gh/dnsjava/dnsjava/branch/master/graph/badge.svg?token=FKmcwl1Oys["codecov",link="https://codecov.io/gh/dnsjava/dnsjava"]
+image:https://img.shields.io/maven-central/v/dnsjava/dnsjava["Maven Central",link="https://central.sonatype.com/artifact/dnsjava/dnsjava"]
+image:https://javadoc.io/badge/dnsjava/dnsjava.svg["Javadocs",link="https://javadoc.io/doc/dnsjava/dnsjava"]
+
+== Overview
+
+dnsjava is an implementation of DNS in Java.
+It
+
+* supports almost all defined record types (including the DNSSEC types), and unknown types.
+* can be used for queries, zone transfers, and dynamic updates.
+* includes a cache which can be used by clients, and an authoritative only server.
+* supports TSIG authenticated messages, DNSSEC verification, and EDNS0.
+* is fully thread safe.
+
+== Getting started
+
+Have a look at the basic link:EXAMPLES.md[examples].
+
+=== Config options
+
+Some settings of dnsjava can be configured via Java
+https://docs.oracle.com/javase/tutorial/essential/environment/sysprop.html[system properties]:
+
+[cols=4*]
+|===
+.2+h|Property
+3+h|Explanation
+h|Type
+h|Default
+h|Example
+
+.2+|dns[.fallback].server
+3+|DNS server(s) to use for resolving.
+Comma separated list.
+Can be IPv4/IPv6 addresses or hostnames (which are resolved using Java's built in DNS support).
+|String
+|-
+|8.8.8.8,[2001:4860:4860::8888]:853,dns.google
+
+.2+|dns[.fallback].search
+3+|Comma separated list of DNS search paths.
+|String
+|-
+|ds.example.com,example.com
+
+.2+|dns[.fallback].ndots
+3+|Sets a threshold for the number of dots which must appear in a name given to resolve before an initial absolute query will be made.
+|Integer
+|1
+|2
+
+.2+|dnsjava.options
+3+|Comma separated key-value pairs, see <<_optionpairs>>.
+|option list
+|-
+|BINDTTL,tsigfudge=1
+
+.2+|dnsjava.configprovider.skipinit
+3+|Set to true to disable static ResolverConfig initialization.
+|Boolean
+|false
+|true
+
+.2+|dnsjava.configprovider.sunjvm.enabled
+3+|Set to true to enable the reflection based DNS server lookup, see <<_limitations>>.
+|Boolean
+|false
+|true
+
+.2+|dnsjava.udp.ephemeral.start
+3+|First ephemeral port for UDP-based DNS queries.
+|Integer
+|49152 (Linux: 32768)
+|50000
+
+.2+|dnsjava.udp.ephemeral.end
+3+|Last ephemeral port for UDP-based DNS queries.
+|Integer
+|65535 (Linux: 60999)
+|60000
+
+.2+|dnsjava.udp.ephemeral.use_ephemeral_port
+3+|Use an OS-assigned ephemeral port for UDP queries.
+Enabling this option is *insecure*!
+Do NOT use it.
+|Boolean
+|false
+|true
+
+.2+|dnsjava.lookup.max_iterations
+3+|Maximum number of CNAMEs to follow in a chain.
+|Integer
+|16
+|20
+
+.2+|dnsjava.lookup.use_hosts_file
+3+|Use the system's hosts file for lookups before resorting to a resolver.
+|Boolean
+|true
+|false
+
+.2+|dnsjava.hostsfile.max_size_bytes
+3+|Set the size of the hosts file to be loaded at a time, in bytes.
+|Integer
+|16384
+|1000000
+
+.2+|dnsjava.nio.selector_timeout
+3+|Set selector timeout in milliseconds. Default/Max 1000, Min 1.
+|Integer
+|1000
+|700
+
+.2+|dnsjava.nio.register_shutdown_hook
+3+|Register Shutdown Hook for automatic termination of NIO.
+If disabled, the nio selector thread will not automatically clean up on JVM termination.
+|Boolean
+|True
+|False
+
+.2+|dnsjava.harden_unknown_additional
+3+|Harden against unknown records in the authority section and additional section.
+If disabled, such records are copied from the upstream and presented to the client together with the answer.
+|Boolean
+|True
+|False
+
+4+h|DNSSEC Options
+.2+|dnsjava.dnssec.keycache.max_ttl
+3+|Maximum time-to-live (TTL) of entries in the key cache in seconds.
+|Integer
+|900
+|1800
+
+.2+|dnsjava.dnssec.keycache.max_size
+3+|Maximum number of entries in the key cache.
+|Integer
+|1000
+|5000
+
+.2+|dnsjava.dnssec.nsec3.iterations.N
+3+a|Maximum iteration count for the NSEC3 hashing function depending on the key size N. The defaults are from https://datatracker.ietf.org/doc/html/rfc5155#section-10.3[RFC5155].
+|Integer
+2+a|- 1024 bit keys: 150 iterations
+- 2048 bit keys: 500 iterations
+- 4096 bit keys: 2500 iterations
+
+e.g. dnsjava.dnssec.nsec3.iterations.1024=200
+
+.2+|dnsjava.dnssec.trust_anchor_file
+3+|The file from which the trust anchor should be loaded.
+The file must be formatted like a DNS zone master file.
+It can only contain DS or DNSKEY records.
+|String
+|-
+|/etc/dnssec-root-anchors
+
+.2+|dnsjava.dnssec.digest_preference
+3+|Defines the preferred DS record digest algorithm if a zone has registered multiple DS records.
+The list is comma-separated, the highest preference first.
+
+If this property is not specified, the DS record with the highest
+https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml[digest ID] is chosen.
+To stay compliant with the RFCs, the mandatory digest IDs must be listed in this property.
+
+The GOST digest requires https://www.bouncycastle.org/java.html[BouncyCastle] on the classpath.
+|String
+|-
+|2,1,4
+
+.2+|dnsjava.dnssec.harden_algo_downgrade
+3+|Prevent algorithm downgrade when multiple algorithms are advertised in a zone's DS records.
+If `false`, allows any algorithm to validate the zone.
+|Boolean
+|true
+|false
+
+.2+|dnsjava.dnssec.max_validate_rrsigs
+3+|Maximum number of RRSig records to validate until the response is considered bogus.
+This is limited to avoid the 'KeyTrap' vulnerability (CVE-2023-50387).
+|Integer
+|8
+|4
+
+.2+|dnsjava.dnssec.max_ds_match_failures
+3+|Maximum number of DS records to validate until the response is considered bogus.
+This is limited to avoid the 'KeyTrap' vulnerability (CVE-2023-50387).
+|Integer
+|4
+|2
+
+.2+|dnsjava.dnssec.algorithm.ID
+3+|Enable or disable a DS/DNSKEY algorithm.
+See
+https://datatracker.ietf.org/doc/html/rfc8624#section-3.1[RFC8624] for recommended values.
+Note that algorithm number 1, `RSAMD5`, is disabled and cannot be enabled with this property.
+|Boolean
+2+|Disable ED448:
+`dnsjava.dnssec.algorithm.16=false`
+
+.2+|dnsjava.dnssec.algorithm_rsa_min_key_size
+3+|Set the minimum size, in bits, for RSA keys.
+|Integer
+|1024
+|512
+
+.2+|dnsjava.dnssec.digest.ID
+3+|Enable or disable a DS record digest algorithm.
+See
+https://datatracker.ietf.org/doc/html/rfc8624#section-3.3[RFC8624] for recommended values.
+|Boolean
+2+|Disable SHA.1:
+`dnsjava.dnssec.digest.1=false`
+
+|===
+
+[#_optionpairs]
+==== dnsjava.options pairs
+
+The `dnsjava.options` configuration options can also be set programmatically through the `Options` class.
+Please refer to the Javadoc for details.
+
+[cols="1,1,1,4",options=header]
+|===
+| Key | Type | Default | Explanation
+| `BINDTTL` | Boolean | false | Print TTLs in BIND format
+| `multiline` | Boolean | false | Print records in multiline format
+| `noPrintIN` | Boolean | false | Do not print the class of a record if it is `IN`
+| `tsigfudge` | Integer | 300 | Sets the default TSIG fudge value (in seconds)
+| `sig0validity` | Integer | 300 | Sets the default SIG(0) validity period (in seconds)
+|===
+
+=== Resolvers
+
+==== SimpleResolver
+
+Basic resolver that uses UDP by default and falls back to TCP if required.
+
+==== ExtendedResolver
+
+A `Resolver` that uses multiple ``Resolver``s to send the queries, defaulting to ``SimpleResolver``s.
+Can be configured to query the servers in a round-robin order.
+Blacklists a server if it times out.
+
+==== DohResolver
+
+Proof-of-concept DNS over HTTP resolver, e.g. to use https://dns.google/query.
+
+==== ValidatingResolver
+
+DNSSEC validating stub resolver.
+Originally based on the work of the Unbound Java prototype from 2005/2006.
+The Unbound prototype was stripped from all unnecessary parts, heavily modified, complemented with more than 300 unit test and found bugs were fixed.
+Before the import into dnsjava, the resolver was developed as an independent library at https://github.com/ibauersachs/dnssecjava.
+To migrate from dnssecjava, replace `org.jitsi` with `org.xbill.DNS` in Java packages and `org.jitsi` with `dnsjava` in property prefixes.
+
+Validated, secure responses contain the DNS `AD`-flag, while responses that failed validation return the `SERVFAIL`-RCode.
+Insecure responses return the actual return code without the `AD`-flag set.
+The reason why the validation failed or is insecure is provided as a localized string in the additional section under the record ./65280/TXT (a TXT record for the owner name of the root zone in the private query class `ValidatingResolver.VALIDATION_REASON_QCLASS`).
+The Extended DNS Errors (EDE, https://datatracker.ietf.org/doc/html/rfc8914[RFC8914]) also provides the failure reason, although in less detail.
+
+The link:EXAMPLES.md[examples] contain a small demo.
+
+[IMPORTANT]
+.Do not use the `ValidatingResolver` standalone.
+A response will need CNAME/DNAME post-processing, and DNS messages can still be manipulated with DNSSEC alone.
+Subsequent processing and validation of messages is intricate and best done using the built-in `LookupSession` (or the legacy `Lookup`) class.
+
+=== Migrating from version 2.1.x to v3
+
+dnsjava v3 has significant API changes compared to version 2.1.x and is neither source nor binary compatible.
+The most important changes are:
+
+* Requires at least Java 8
+
+* Uses https://www.slf4j.org/[slf4j] for logging and thus needs `slf4j-api`
+on the classpath
+
+* The link:USAGE.md[command line tools] were moved to the `org.xbill.DNS.tools`
+package
+
+* On Windows, https://github.com/java-native-access/jna[JNA] should be on the classpath for the search path and proper DNS server finding.
+As of Java 24, note that additional JVM config is required, see https://javadoc.io/doc/net.java.dev.jna/jna/latest/index.html#special-considerations-for-jdk24--heading[Special considerations for JDK24+].
+
+* The `Resolver` API for custom resolvers has changed to use
+`CompletionStage<Message>` for asynchronous resolving.
+The built-in resolvers are now fully non-blocking and do not start a thread per query anymore.
+
+* Many methods return a `List<T>` instead of an array.
+Ideally, use a for-each loop.
+If this is not possible, call `size()` instead of using `length`:
+** Cache#findAnyRecords
+** Cache#findRecords
+** Lookup#getDefaultSearchPath
+** Message#getSectionRRsets
+** SetResponse#answers
+** ResolverConfig
+
+* RRset returns a List<T> instead of an `Iterator`.
+Ideally, modify your code to use a for-each loop.
+If this is not possible, create an iterator on the returned list:
+** RRset#rrs
+** RRset#sigs
+
+* Methods using `java.util.Date` are deprecated.
+Use the new versions with
+`java.time.Instant` or `java.time.Duration` instead
+
+* The type hierarchy of `SMIMEARecord` changed, it now inherits from
+`TLSARecord` and constants are shared
+
+* ``Record``s are no longer marked as `Serializable` after 3.0.
+While 3.5 reintroduced `Serializable`, it is preferred to use the RFC defined serialization formats directly:
+** `toString()`, `rrToString()` ↔ `fromString()`
+** `toWire()` ↔ `fromWire()`, `newRecord()`
+
+* `Message` and `Header` properly support `clone()`
+
+=== Replacing the standard Java DNS functionality
+
+==== Java 1.4 to 8
+
+Java versions from 1.4 to 8 can load DNS service providers at runtime.
+To load the dnsjava service provider, build dnsjava on JDK 8 and set the system property:
+
+	sun.net.spi.nameservice.provider.1=dns,dnsjava
+
+This instructs the JVM to use the dnsjava service provide for DNS at the highest priority.
+
+==== Java 9 to 17
+
+The functionality to load a DNS SPI was https://bugs.openjdk.java.net/browse/JDK-8134577[removed in JDK 9] and a replacement API was https://bugs.openjdk.java.net/browse/JDK-8192780[requested].
+
+==== Java 18+
+
+https://bugs.openjdk.java.net/browse/JDK-8263693[JEP 418: Internet-Address Resolution SPI] reintroduces a DNS SPI.
+See https://github.com/dnsjava/dnsjava/issues/245[#245] for the support status in dnsjava.
+
+=== Build
+
+dnsjava uses https://maven.apache.org/[Maven] as the build system.
+Run `mvn package` from the toplevel directory to build dnsjava.
+JDK 8 or higher is required.
+
+=== Testing dnsjava
+
+mailto:rutherfo@cs.colorado.edu[Matt Rutherford] contributed a number of unit tests, which are in the tests subdirectory.
+
+The hierarchy under tests mirrors the `org.xbill.DNS` classes.
+To run the unit tests, execute `mvn test`.
+
+[#_limitations]
+== Limitations
+
+There is no standard way to determine what the local nameserver or DNS search path is at runtime from within the JVM.
+dnsjava attempts several methods until one succeeds.
+
+- The properties `dns.server` and `dns.search` (comma delimited lists) are checked.
+The servers can either be IP addresses or hostnames (which are resolved using Java's built in DNS support).
+- On Unix/Solaris, `/etc/resolv.conf` is parsed.
+- On Windows, if https://github.com/java-native-access/jna[JNA] is available on the classpath, the `GetAdaptersAddresses` API is used.
+- On Android the `ConnectivityManager` is used (requires initialization using `org.xbill.DNS.config.AndroidResolverConfigProvider.setContext`).
+- The `sun.net.dns.ResolverConfiguration` class is queried if enabled.
+As of Java 16 the JVM flag `--add-opens java.base/sun.net.dns=ALL-UNNAMED` (classpath) or `--add-opens java.base/sun.net.dns=org.dnsjava` (modules) is also required.
+- If available and no servers have been found yet, https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-dns.html[JNDI-DNS] is used.
+- If still no servers have been found yet, use the fallback properties.
+This can be used to query e.g. a well-known public DNS server instead of localhost.
+- As a last resort, `localhost` is used as the nameserver, and the search path is empty.
+
+== Additional documentation
+
+Javadoc documentation can be built with `mvn javadoc:javadoc` or viewed online at https://javadoc.io/doc/dnsjava/dnsjava[javadoc.io].
+See the link:EXAMPLES.md[examples] for some basic usage information.
+
+== License
+
+dnsjava is placed under the link:LICENSE[BSD-3-Clause license].
+
+== History
+
+dnsjava was started as an excuse to learn Java.
+It was useful for testing new features in BIND without rewriting the C resolver.
+It was then cleaned up and extended in order to be used as a testing framework for DNS interoperability testing.
+The high level API and caching resolver were added to make it useful to a wider audience.
+The authoritative only server was added as proof of concept.
+
+=== dnsjava on GitHub
+
+This repository has been a mirror of the dnsjava project at Sourceforge since 2014 to maintain the Maven build for publishing to https://search.maven.org/artifact/dnsjava/dnsjava[Maven Central].
+As of 2019-05-15, GitHub is https://sourceforge.net/p/dnsjava/mailman/message/36666800/[officially] the new home of dnsjava.
+The mailto:dnsjava-users@lists.sourceforge.net[dnsjava-users] mailing list (https://sourceforge.net/p/dnsjava/mailman/dnsjava-users/[archive]) still exists but is mostly inactive.
+
+Please use the GitHub https://github.com/dnsjava/dnsjava/issues[issue tracker] and send - well tested - pull requests.
+
+== Authors
+
+- Brian Wellington (@bwelling), March 12, 2004
+- Various contributors, see the link:Changelog[Changelog]
+- Ingo Bauersachs (@ibauersachs), current maintainer
+
+== Final notes
+
+- Thanks to Network Associates, Inc. for sponsoring some of the original dnsjava work in 1999-2000.
+- Thanks to Nominum, Inc. for sponsoring some work on dnsjava from 2000 through 2017.
diff --git a/README.md b/README.md
deleted file mode 100644
index aa55b2dab..000000000
--- a/README.md
+++ /dev/null
@@ -1,109 +0,0 @@
-[![Build Status](https://travis-ci.org/dnsjava/dnsjava.svg?branch=master)](https://travis-ci.org/dnsjava/dnsjava)
-[![Coverage Status](https://coveralls.io/repos/dnsjava/dnsjava/badge.svg)](https://coveralls.io/r/dnsjava/dnsjava)
-[![Maven Central](https://maven-badges.herokuapp.com/maven-central/dnsjava/dnsjava/badge.svg)](https://search.maven.org/artifact/dnsjava/dnsjava)
-[![Javadocs](http://javadoc.io/badge/dnsjava/dnsjava.svg)](http://javadoc.io/doc/dnsjava/dnsjava)
-
-# dnsjava
-
-## Overview
-
-dnsjava is an implementation of DNS in Java.  It supports all defined record
-types (including the DNSSEC types), and unknown types.  It can be used for
-queries, zone transfers, and dynamic updates.  It includes a cache which can be
-used by clients, and an authoritative only server.  It supports TSIG
-authenticated messages, partial DNSSEC verification, and EDNS0.  It is fully
-thread safe.  It can be used to replace the native DNS support in Java.
-
-dnsjava was started as an excuse to learn Java.  It was useful for testing new
-features in BIND without rewriting the C resolver.  It was then cleaned up and
-extended in order to be used as a testing framework for DNS interoperability
-testing.  The high level API and caching resolver were added to make it useful
-to a wider audience.  The authoritative only server was added as proof of
-concept.
-
-## dnsjava on Github
-
-This repository has been a mirror of the dnsjava project at Sourceforge
-since 2014 to maintain the Maven build for publishing to
-[Maven Central](https://search.maven.org/artifact/dnsjava/dnsjava).
-As of 2019-05-15, Github is
-[officially](https://sourceforge.net/p/dnsjava/mailman/message/36666800/)
-the new home of dnsjava.
-
-Please use the Github [issue tracker](https://github.com/dnsjava/dnsjava/issues) and send - well tested - pull
-requests. The
-[dnsjava-users@lists.sourceforge.net](mailto:dnsjava-users@lists.sourceforge.net)
-mailing list still exists.
-
-## Author
-
-- Brian Wellington (@bwelling), March 12, 2004
-- Various contributors, see [Changelog](Changelog)
-
-## Getting started
-
-Run `mvn package` from the toplevel directory to build dnsjava. JDK 1.4
-or higher is required.
-
-### Replacing the standard Java DNS functionality:
-
-Java versions from 1.4 to 1.8 can load DNS service providers at runtime. The
-functionality was [removed in JDK 9](https://bugs.openjdk.java.net/browse/JDK-8134577),
-a replacement is [requested](https://bugs.openjdk.java.net/browse/JDK-8192780),
-but so far has not been implemented.
-
-To load the dnsjava service provider, build dnsjava on a JDK that still
-supports the SPI and set the system property:
-
-	sun.net.spi.nameservice.provider.1=dns,dnsjava
-
-This instructs the JVM to use the dnsjava service provide for DNS at the
-highest priority.
-
-
-## Testing dnsjava
-
-[Matt Rutherford](mailto:rutherfo@cs.colorado.edu) contributed a number of unit
-tests, which are in the tests subdirectory.  The hierarchy under tests
-mirrors the org.xbill.DNS classes.  To run the unit tests, execute
-`mvn test`. The tests require JUnit.
-
-Some high-level test programs are in `org/xbill/DNS/tests`.
-
-
-## Limitations
-
-There's no standard way to determine what the local nameserver or DNS search
-path is at runtime from within the JVM.  dnsjava attempts several methods
-until one succeeds.
-
-- The properties `dns.server` and `dns.search` (comma delimited lists) are
-  checked.  The servers can either be IP addresses or hostnames (which are
-  resolved using Java's built in DNS support).
-- The `sun.net.dns.ResolverConfiguration` class is queried.
-- On Unix, `/etc/resolv.conf` is parsed.
-- On Windows, `ipconfig`/`winipcfg` is called and its output parsed.  This may
-  fail for non-English versions on Windows.
-- As a last resort, `localhost` is used as the nameserver, and the search
-  path is empty.
-
-The underlying platform must use an ASCII encoding of characters.  This means
-that dnsjava will not work on OS/390, for example.
-
-
-## Additional documentation
-
-Javadoc documentation can be built with `mvn javadoc:javadoc` or viewed online
-at [javadoc.io](http://javadoc.io/doc/dnsjava/dnsjava). See the
-[examples](EXAMPLES.md) for some basic usage information.
-
-
-## License
-
-dnsjava is placed under the [BSD license](LICENSE). Several files are also under
-additional licenses; see the individual files for details.
-
-## Final notes
-- Thanks to Network Associates, Inc. for sponsoring some of the original
-  dnsjava work in 1999-2000.
-- Thanks to Nominum, Inc. for sponsoring some work on dnsjava from 2000 through 2017.
diff --git a/TODO.dnssec.md b/TODO.dnssec.md
new file mode 100644
index 000000000..7f0e73a01
--- /dev/null
+++ b/TODO.dnssec.md
@@ -0,0 +1,69 @@
+<del>CNAME Handling
+--------------
+<del>The CNAME handling is terribly inefficient. A recursive nameserver is required
+to deliver all intermediate results in the response to the original query. The
+code however still splits up the query into each part and performs a query for
+each CNAME till the end of the chain is reached.
+This should be changed to follow the chain in the response of the original
+query, but is not so easy because the validation only has the keys for each
+original query.
+A possible workaround would be to synthesize the intermediate responses from
+the original query. Easy for positive responses, but for NXDOMAIN - which
+NSEC(3)s are to be included...?
+
+<del>DNAME Handling
+--------------
+<del>A DNAME causes validation failures during priming because the synthesized
+CNAME is not considered valid. Some unit-tests are failing due to this.
+
+API
+---
+- <del>Provide the final failure reason as a (localizable) string
+
+Code Coverage / Bugs
+--------------------
+- The code still has some untested parts:
+  - <del>Wildcard/ENT DS delegations!!!
+  - ANY responses, especially wildcard expansion
+  - Insecure NSEC3 NODATA responses
+  - <del>Wildcard NODATA responses might pass too broad cases
+  - <del>Behavior if all NSEC3s are not understandable
+  - NXDOMAIN when a NSEC would prove that a wildcard exists
+  - Exceptions thrown by the head resolver
+  - Bogus/Insecure handling of CNAME answer to DS query
+  - <del>Async calling of the validator
+  - <del>Passthrough without validation if the CD flag is set
+  - Various cases in dsReponseToKeForNodata
+  - <del>longestCommonName
+  - <del>Various NSEC NODATA cases
+  - <del>Unsupported algorithm or digest ID cases
+  - <del>NSEC3 iteration count configuration
+  - <del>NSEC3 with unsupported hash algorithm
+  - Multiple NSEC3s for a zone
+  - NSEC3: proveClosestEncloser
+  - NSEC3: proveNodata
+  - NSEC3: proveNoDS
+  - <del>Implement http://tools.ietf.org/html/rfc4509#section-3 to prevent downgrade attacks
+  - <del>http://tools.ietf.org/html/rfc6840#section-4.3 (CNAME bit check)
+  - http://tools.ietf.org/html/rfc6840#section-4.4 (Insecure Delegation Proofs)
+  - http://tools.ietf.org/html/rfc6840#section-5.4 (Caution about Local Policy and Multiple RRSIGs)
+  - <del>Refuse DNAME wildcards (RFC4597)
+  - Test validating against a non-Bind9 head solver
+  - Rate limit queries to be able to validate against Google's public resolvers
+
+Unit Tests
+----------
+- <del>The tests currently rely on an online connection to a recursive server and
+  external zones. They must be able to run offline.
+- <del>Some tests will start to fail after June 9, 2013 because the signature date
+  is compared against the current system time. This must be changed to take
+  the test authoring time. To make this possible DNSJAVA must probably be
+  changed.
+
+DNSJAVA
+-------
+- <del>Fix the Maven project definition to build correctly with a local lib folder
+  as it is not officially distributed on Maven central
+- <del>Version 2.1.5 contains a bug in the Name constructor and needs at least
+  SVN rev. 1686
+- <del>Remove local-repo once 2.1.6 appears on Maven central
diff --git a/USAGE b/USAGE
deleted file mode 100644
index cb74210f9..000000000
--- a/USAGE
+++ /dev/null
@@ -1,60 +0,0 @@
-dnsjava v2.0
-
-dnsjava provides several command line programs, which are documented here.
-For examples of API usage, see examples.html.
-
-- dig:
-	A clone of dig (as distributed with BIND)
-	dig @server [-x] name type [class] [-p port] [-k name/secret] [-t] \
-	[-i] [-e n] [-d]
-		-x  : reverse lookup, name must be a dotted quad
-		-k  : use TSIG transaction security
-		-t  : use TCP by default
-		-i  : ignore truncation errors
-		-e n: Use EDNS level n (only 0 is defined)
-		-d  : Set the DNSSEC OK bit
-
-- update:
-	A dynamic update client with some extra functionality.  This can be
-	used either interactively or by specifying a file containing commands
-	to be executed.  Running 'help' lists all other commands.
-	update [file]
-
-
-- jnamed:
-	A basic authoritative only (non-caching, non-recursive) server.  It's
-	not very good, but it's also a whole lot better than it used to be.
-
-	The config file (jnamed.conf by default) supports the following
-	directives:
-		primary <zonename> <masterfile>
-		secondary <zonename> <IP address>
-		cache <hintfile>
-		key [algorithm] <name> <base 64 encoded secret>
-		address <IP address>
-		port <port number>
-
-	If no addresses are specified, jnamed will listen on all addresses,
-	using a wildcard socket.  If no ports are specified, jnamed will
-	listen on port 53.
-
-	The following is an example:
-		primary internal /etc/namedb/internal.db
-		secondary xbill.org 127.0.0.1
-		cache /etc/namedb/cache.db
-		key xbill.org 1234
-		address 127.0.0.1
-		port 12345
-
-	To run:
-		jnamed [config_file]
-
-	jnamed should not be used for production, and should probably
-	not be used for testing.  If the above documentation is not enough,
-	please do not ask for more, because it really should not be used.
-
-- lookup:
-	A simple program that looks up records associated with names.
-	If no type is specified, address lookups are done.
-
-	lookup [-t type] name ...
diff --git a/USAGE.md b/USAGE.md
new file mode 100644
index 000000000..18729d1c0
--- /dev/null
+++ b/USAGE.md
@@ -0,0 +1,73 @@
+dnsjava Command Line Tools
+==========================
+
+dnsjava provides several command line programs, which are documented here.
+For examples of API usage, see the [examples](EXAMPLES.md). To run them,
+at least `dnsjava` and `slf4j-api` need to be on the classpath. A basic
+invocation could thus look as follows:
+
+	java -cp dnsjava.jar;slf4-api.jar org.xbill.DNS.tools.Tools [tool]
+
+dig
+---
+A basic, incomplete clone of dig (as distributed with BIND)
+
+	dig @server [-x] name type [class] [-p port] [-k name/secret] [-t] \
+	[-i] [-e n] [-d]
+		-x  : reverse lookup, name must be a dotted quad
+		-k  : use TSIG transaction security
+		-t  : use TCP by default
+		-i  : ignore truncation errors
+		-e n: Use EDNS level n (only 0 is defined)
+		-d  : Set the DNSSEC OK bit
+
+update
+------
+A dynamic update client with some extra functionality.  This can be
+used either interactively or by specifying a file containing commands
+to be executed. Running 'help' lists all other commands.
+
+	update [file]
+
+jnamed
+------
+A basic authoritative only (non-caching, non-recursive) server. It's
+not very good, but it's also a whole lot better than it used to be.
+
+The config file (`jnamed.conf` by default) supports the following
+directives:
+
+	primary <zonename> <masterfile>
+	secondary <zonename> <IP address>
+	cache <hintfile>
+	key [algorithm] <name> <base 64 encoded secret>
+	address <IP address>
+	port <port number>
+
+If no addresses are specified, jnamed will listen on all addresses,
+using a wildcard socket. If no ports are specified, jnamed will
+listen on port 53.
+
+The following is an example:
+
+	primary internal /etc/namedb/internal.db
+	secondary xbill.org 127.0.0.1
+	cache /etc/namedb/cache.db
+	key xbill.org 1234
+	address 127.0.0.1
+	port 12345
+
+To run:
+
+	jnamed [config_file]
+
+jnamed should not be used for production, and should probably
+not be used for testing.  If the above documentation is not enough,
+please do not ask for more, because it really should not be used.
+
+lookup
+------
+A simple program that looks up records associated with names.
+If no type is specified, address lookups (A) are done.
+
+	lookup [-t type] name ...
diff --git a/checkstyle/checkstyle-config.xml b/checkstyle/checkstyle-config.xml
new file mode 100644
index 000000000..f99d54197
--- /dev/null
+++ b/checkstyle/checkstyle-config.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+<!DOCTYPE module PUBLIC "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN" "https://checkstyle.org/dtds/configuration_1_3.dtd">
+<module name="Checker">
+  <module name="TreeWalker">
+    <module name="AvoidStarImport"/>
+    <module name="HiddenField">
+      <property name="tokens" value="VARIABLE_DEF"/>
+    </module>
+    <module name="MissingOverride"/>
+    <module name="NeedBraces"/>
+    <module name="OneTopLevelClass"/>
+  </module>
+  <module name="RegexpHeader">
+    <property name="headerFile" value="checkstyle/header.template.txt"/>
+    <property name="fileExtensions" value="java"/>
+  </module>
+  <!-- Excludes all 'module-info.java' files, see https://github.com/checkstyle/checkstyle/issues/8240 -->
+  <module name="BeforeExecutionExclusionFileFilter">
+    <property name="fileNamePattern" value="module\-info\.java$"/>
+  </module>
+</module>
diff --git a/checkstyle/checkstyle-suppressions.xml b/checkstyle/checkstyle-suppressions.xml
new file mode 100644
index 000000000..dded17094
--- /dev/null
+++ b/checkstyle/checkstyle-suppressions.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<!DOCTYPE suppressions PUBLIC
+  "-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
+  "https://checkstyle.org/dtds/suppressions_1_2.dtd">
+<suppressions>
+  <!-- Exclude generated files in the output directory -->
+  <suppress files="[/\\]target[/\\]" checks=".*"/>
+</suppressions>
diff --git a/checkstyle/header.template.txt b/checkstyle/header.template.txt
new file mode 100644
index 000000000..1113d25c2
--- /dev/null
+++ b/checkstyle/header.template.txt
@@ -0,0 +1 @@
+// SPDX-License-Identifier: BSD-3-Clause
diff --git a/pom.xml b/pom.xml
index 63cfa39b6..678cd3d00 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,28 +1,28 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project
-    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"
     xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>dnsjava</groupId>
     <artifactId>dnsjava</artifactId>
     <packaging>bundle</packaging>
-    <version>3.0.0-SNAPSHOT</version>
+    <version>3.6.5-SNAPSHOT</version>
     <name>dnsjava</name>
     <description>dnsjava is an implementation of DNS in Java. It supports all defined record types (including the DNSSEC
         types), and unknown types. It can be used for queries, zone transfers, and dynamic updates. It includes a cache
         which can be used by clients, and a minimal implementation of a server. It supports TSIG authenticated messages,
         partial DNSSEC verification, and EDNS0.
     </description>
-    <url>http://www.dnsjava.org</url>
+    <url>https://github.com/dnsjava/dnsjava</url>
     <organization>
         <name>dnsjava.org</name>
-        <url>http://www.dnsjava.org</url>
+        <url>https://github.com/dnsjava/dnsjava</url>
     </organization>
     <licenses>
         <license>
-            <name>BSD-2-Clause</name>
-            <url>https://opensource.org/licenses/BSD-2-Clause</url>
+            <name>BSD-3-Clause</name>
+            <url>https://opensource.org/licenses/BSD-3-Clause</url>
             <distribution>repo</distribution>
         </license>
     </licenses>
@@ -37,20 +37,119 @@
             <id>bwelling</id>
             <name>Brian Wellington</name>
         </developer>
+        <developer>
+            <id>ibauersachs</id>
+            <name>Ingo Bauersachs</name>
+        </developer>
     </developers>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <target.jdk>1.8</target.jdk>
-        <org.junit.version>5.4.2</org.junit.version>
+        <target.jdk>8</target.jdk>
+        <maven.compiler.showCompilationChanges>true</maven.compiler.showCompilationChanges>
+        <maven.compiler.createMissingPackageInfoClass>false</maven.compiler.createMissingPackageInfoClass>
+
+        <!-- Stay on 5.x for Java 8 compatibility. -->
+        <org.junit.version>5.14.2</org.junit.version>
+        <!-- Stay on 4.x for Java 8 compatibility. Newer versions are used for Java 11+ builds -->
+        <mockito.version>4.11.0</mockito.version>
+        <slf4j.version>1.7.36</slf4j.version>
+        <lombok.version>1.18.42</lombok.version>
+        <jna.version>5.18.1</jna.version>
+        <bouncycastle.version>1.83</bouncycastle.version>
+        <!-- Stay on 5.x for Java 8 compatibility. -->
+        <vertx.version>4.5.24</vertx.version>
+        <!-- Stay on 1.7 for Java 8 compatibility. Newer versions are used for Java 11+ builds -->
+        <google-java-format.version>1.7</google-java-format.version>
+        <spotless.version>2.30.0</spotless.version>
+
+        <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
+        <delombok.output>${project.build.directory}/delombok</delombok.output>
     </properties>
 
     <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-antrun-plugin</artifactId>
+                    <version>3.2.0</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-assembly-plugin</artifactId>
+                    <version>3.8.0</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-dependency-plugin</artifactId>
+                    <version>3.9.0</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-deploy-plugin</artifactId>
+                    <version>3.1.4</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-install-plugin</artifactId>
+                    <version>3.1.4</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-release-plugin</artifactId>
+                    <version>3.3.1</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-resources-plugin</artifactId>
+                    <version>3.4.0</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-site-plugin</artifactId>
+                    <version>3.21.0</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>build-helper-maven-plugin</artifactId>
+                    <version>3.6.1</version>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+
         <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>properties-maven-plugin</artifactId>
+                <version>1.2.1</version>
+                <executions>
+                    <execution>
+                        <phase>initialize</phase>
+                        <goals>
+                            <goal>read-project-properties</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <files>
+                        <file>sonar-project.properties</file>
+                    </files>
+                </configuration>
+            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-gpg-plugin</artifactId>
-                <version>1.6</version>
+                <version>3.2.8</version>
                 <executions>
                     <execution>
                         <id>sign-artifacts</id>
@@ -60,72 +159,152 @@
                         </goals>
                     </execution>
                 </executions>
+                <configuration>
+                    <gpgArguments>
+                        <arg>--pinentry-mode</arg>
+                        <arg>loopback</arg>
+                    </gpgArguments>
+                    <useAgent>false</useAgent>
+                </configuration>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.8.1</version>
+                <version>3.14.1</version>
                 <configuration>
-                    <source>${target.jdk}</source>
-                    <target>${target.jdk}</target>
-                    <compilerArgument>-Xlint:unchecked</compilerArgument>
+                    <compilerArgs>
+                        <arg>-Xlint:all,-serial,-processing</arg>
+                        <arg>-Xpkginfo:always</arg>
+                    </compilerArgs>
+                    <annotationProcessorPaths>
+                        <path>
+                            <groupId>org.projectlombok</groupId>
+                            <artifactId>lombok</artifactId>
+                            <version>${lombok.version}</version>
+                        </path>
+                        <path>
+                            <groupId>org.openjdk.jcstress</groupId>
+                            <artifactId>jcstress-core</artifactId>
+                            <version>0.16</version>
+                            <exclusions>
+                                <exclusion>
+                                    <groupId>*</groupId>
+                                    <artifactId>*</artifactId>
+                                </exclusion>
+                            </exclusions>
+                        </path>
+                    </annotationProcessorPaths>
                 </configuration>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>3.0.1</version>
+                <version>3.4.0</version>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.felix</groupId>
                 <artifactId>maven-bundle-plugin</artifactId>
-                <version>4.2.0</version>
+                <!-- Stay before v6 for Java 8 compatibility -->
+                <version>5.1.9</version>
                 <extensions>true</extensions>
                 <configuration>
+                    <niceManifest>true</niceManifest>
+                    <excludeDependencies>lombok</excludeDependencies>
                     <instructions>
-                        <Bundle-Name>dnsjava is an implementation of DNS in Java</Bundle-Name>
+                        <Bundle-Name>dnsjava</Bundle-Name>
+                        <Bundle-Description>dnsjava is an implementation of DNS in Java</Bundle-Description>
                         <Bundle-SymbolicName>org.xbill.dns</Bundle-SymbolicName>
-                        <Automatic-Module-Name>org.dnsjava</Automatic-Module-Name>
+                        <Bundle-DocURL>https://javadoc.io/doc/dnsjava/dnsjava</Bundle-DocURL>
+                        <_noclassforname>true</_noclassforname>
+                        <_donotcopy>android|sun</_donotcopy>
+                        <_nouses>true</_nouses>
+                        <_noee>true</_noee>
                         <Export-Package>
                             org.xbill.DNS.*
                         </Export-Package>
+                        <Private-Package>!android.*,!sun.*,.</Private-Package>
                         <Import-Package>
-                            !org.xbill.DNS*,!sun.*,android.os;resolution:=optional,*
+                            !org.xbill.DNS*,
+                            !sun.*,
+                            !lombok,
+                            !android.*,
+                            javax.naming.*;resolution:=optional,
+                            org.slf4j;version="[1.7,3)",
+                            com.sun.jna.*;resolution:=optional;version="[5,6)",
+                            *
                         </Import-Package>
-                        <Bundle-RequiredExecutionEnvironment>JavaSE-1.8</Bundle-RequiredExecutionEnvironment>
                         <Bundle-License>
-                            BSD-2-Clause;link="https://raw.githubusercontent.com/dnsjava/dnsjava/master/LICENSE"
+                            BSD-3-Clause;link="https://raw.githubusercontent.com/dnsjava/dnsjava/master/LICENSE"
                         </Bundle-License>
-                        <_removeheaders>Bnd-*, Tool, Require-Capability, Include-Resource</_removeheaders>
+                        <_removeheaders>Bnd-*, Tool, Require-Capability, Include-Resource, Private-Package</_removeheaders>
+                        <_snapshot>SNAPSHOT</_snapshot>
                         <Include-Resource>
                             {maven-resources},
                             META-INF/LICENSE=LICENSE
                         </Include-Resource>
                         <Main-Class>org.xbill.DNS.tools.Tools</Main-Class>
+                        <_fixupmessages>"Classes found in the wrong directory";is:=ignore</_fixupmessages>
+                        <Multi-Release>true</Multi-Release>
                     </instructions>
                 </configuration>
             </plugin>
 
+            <plugin>
+                <groupId>org.projectlombok</groupId>
+                <artifactId>lombok-maven-plugin</artifactId>
+                <version>1.18.20.0</version>
+                <configuration>
+                    <sourceDirectory>${project.build.sourceDirectory}</sourceDirectory>
+                    <addOutputDirectory>false</addOutputDirectory>
+                    <outputDirectory>${delombok.output}</outputDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <phase>generate-sources</phase>
+                        <goals>
+                            <goal>delombok</goal>
+                        </goals>
+                    </execution>
+                </executions>
+
+                <dependencies>
+                    <dependency>
+                        <groupId>org.projectlombok</groupId>
+                        <artifactId>lombok</artifactId>
+                        <version>${lombok.version}</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.0.1</version>
+                <version>3.12.0</version>
                 <configuration>
+                    <source>${target.jdk}</source>
+                    <sourcepath>${delombok.output}</sourcepath>
                     <debug>true</debug>
                     <windowtitle>dnsjava documentation</windowtitle>
                     <footer/>
                     <doclint>none</doclint>
+                    <excludePackageNames>android,android.*,sun.*</excludePackageNames>
                 </configuration>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>2.22.2</version>
+                <version>3.5.4</version>
                 <configuration>
+                    <argLine>
+                        @{argLine}
+                        -Djava.util.logging.config.file=${project.build.testOutputDirectory}/logging.properties
+                    </argLine>
+                    <rerunFailingTestsCount>3</rerunFailingTestsCount>
+                    <redirectTestOutputToFile>true</redirectTestOutputToFile>
                     <includes>
                         <!-- Override default config to include inner test classes -->
                         <include>**/*Test*</include>
@@ -140,7 +319,7 @@
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.8.4</version>
+                <version>0.8.14</version>
                 <executions>
                     <execution>
                         <id>prepare-agent</id>
@@ -148,33 +327,88 @@
                             <goal>prepare-agent</goal>
                         </goals>
                     </execution>
+                    <execution>
+                        <id>report</id>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>report</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>default-cli</id>
+                        <goals>
+                            <goal>merge</goal>
+                        </goals>
+                        <configuration>
+                            <fileSets>
+                                <fileSet>
+                                    <directory>${project.build.directory}</directory>
+                                    <includes>
+                                        <include>jacoco-*.exec</include>
+                                    </includes>
+                                </fileSet>
+                            </fileSets>
+                            <destFile>${project.build.directory}/jacoco.exec</destFile>
+                        </configuration>
+                    </execution>
                 </executions>
             </plugin>
 
-            <plugin>
-                <groupId>org.eluder.coveralls</groupId>
-                <artifactId>coveralls-maven-plugin</artifactId>
-                <version>4.3.0</version>
-            </plugin>
-
             <plugin>
                 <groupId>com.github.siom79.japicmp</groupId>
                 <artifactId>japicmp-maven-plugin</artifactId>
-                <version>0.14.0</version>
+                <version>0.25.4</version>
                 <configuration>
+                    <newVersion>
+                        <file>
+                            <path>${project.build.directory}/${project.artifactId}-${project.version}.jar</path>
+                        </file>
+                    </newVersion>
                     <parameter>
                         <onlyModified>true</onlyModified>
+                        <accessModifier>public</accessModifier>
                         <breakBuildBasedOnSemanticVersioning>true</breakBuildBasedOnSemanticVersioning>
+                        <breakBuildOnBinaryIncompatibleModifications>true</breakBuildOnBinaryIncompatibleModifications>
+                        <breakBuildOnSourceIncompatibleModifications>true</breakBuildOnSourceIncompatibleModifications>
                         <excludes>
-                            <!-- JDK9 removed the Nameservice SPI as per bug 8134577. -->
-                            <exclude>org.xbill.DNS.spi</exclude>
+                            <!-- Ignore classes that we need for compilation only -->
+                            <exclude>android</exclude>
+                            <exclude>sun</exclude>
+                            <!-- internal API detected as public -->
+                            <exclude>org.xbill.DNS.config.IPHlpAPI</exclude>
+                            <exclude>org.xbill.DNS.spi.DnsjavaInetAddressResolver</exclude>
+                            <exclude>org.xbill.DNS.spi.DNSJavaNameService</exclude>
+                            <exclude>org.xbill.DNS.spi.DNSJavaNameServiceDescriptor</exclude>
+                            <!-- Not available before Java 18 -->
+                            <exclude>org.xbill.DNS.spi.DnsjavaInetAddressResolver</exclude>
+                            <exclude>org.xbill.DNS.spi.DnsjavaInetAddressResolverProvider</exclude>
                         </excludes>
+                        <overrideCompatibilityChangeParameters>
+                            <overrideCompatibilityChangeParameter>
+                                <compatibilityChange>INTERFACE_ADDED</compatibilityChange>
+                                <binaryCompatible>true</binaryCompatible>
+                                <sourceCompatible>true</sourceCompatible>
+                                <semanticVersionLevel>PATCH</semanticVersionLevel>
+                            </overrideCompatibilityChangeParameter>
+                            <overrideCompatibilityChangeParameter>
+                                <compatibilityChange>SUPERCLASS_ADDED</compatibilityChange>
+                                <binaryCompatible>true</binaryCompatible>
+                                <sourceCompatible>true</sourceCompatible>
+                                <semanticVersionLevel>PATCH</semanticVersionLevel>
+                            </overrideCompatibilityChangeParameter>
+                            <overrideCompatibilityChangeParameter>
+                                <compatibilityChange>ANNOTATION_DEPRECATED_ADDED</compatibilityChange>
+                                <semanticVersionLevel>PATCH</semanticVersionLevel>
+                                <sourceCompatible>true</sourceCompatible>
+                                <binaryCompatible>true</binaryCompatible>
+                            </overrideCompatibilityChangeParameter>
+                        </overrideCompatibilityChangeParameters>
                     </parameter>
                 </configuration>
                 <executions>
                     <execution>
                         <id>check-compatibility</id>
-                        <phase>package</phase>
+                        <phase>verify</phase>
                         <goals>
                             <goal>cmp</goal>
                         </goals>
@@ -183,17 +417,161 @@
             </plugin>
 
             <plugin>
-                <groupId>com.coveo</groupId>
-                <artifactId>fmt-maven-plugin</artifactId>
-                <version>2.9</version>
+                <groupId>com.diffplug.spotless</groupId>
+                <artifactId>spotless-maven-plugin</artifactId>
+                <version>${spotless.version}</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                        <phase>verify</phase>
+                    </execution>
+                </executions>
+                <configuration>
+                    <formats>
+                        <format>
+                            <includes>
+                                <include>*.*</include>
+                            </includes>
+                            <excludes>
+                                <exclude>*.iml</exclude>
+                                <exclude>jcstress-*</exclude>
+                            </excludes>
+                            <trimTrailingWhitespace/>
+                            <endWithNewline/>
+                        </format>
+                    </formats>
+
+                    <java>
+                        <includes>
+                            <include>src/main/java/**/*.java</include>
+                            <include>src/main/java11/**/*.java</include>
+                            <include>src/main/java18/**/*.java</include>
+                            <include>src/test/java/**/*.java</include>
+                        </includes>
+                        <googleJavaFormat>
+                            <version>${google-java-format.version}</version>
+                        </googleJavaFormat>
+                        <removeUnusedImports/>
+                        <importOrder/>
+                    </java>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-checkstyle-plugin</artifactId>
+                <version>3.6.0</version>
                 <executions>
                     <execution>
+                        <id>check</id>
                         <goals>
                             <goal>check</goal>
                         </goals>
+                        <phase>verify</phase>
+                    </execution>
+                </executions>
+                <configuration>
+                    <!--
+                    Still too many failure (mostly in Javadoc) to enable it fully:
+                    <configLocation>google_checks.xml</configLocation>
+                    -->
+                    <configLocation>checkstyle/checkstyle-config.xml</configLocation>
+                    <suppressionsLocation>checkstyle/checkstyle-suppressions.xml</suppressionsLocation>
+                    <includeTestSourceDirectory>true</includeTestSourceDirectory>
+                    <linkXRef>false</linkXRef>
+                    <consoleOutput>true</consoleOutput>
+                    <failsOnError>true</failsOnError>
+                </configuration>
+                <dependencies>
+                    <dependency>
+                        <groupId>com.puppycrawl.tools</groupId>
+                        <artifactId>checkstyle</artifactId>
+                        <version>9.3</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-clean-plugin</artifactId>
+                <version>3.5.0</version>
+                <configuration>
+                    <filesets>
+                        <fileset>
+                            <!-- JCStress writes to the project directory without any option to configure the target -->
+                            <directory>${project.basedir}</directory>
+                            <includes>
+                                <include>jcstress-*</include>
+                            </includes>
+                        </fileset>
+                    </filesets>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.sonatype.central</groupId>
+                <artifactId>central-publishing-maven-plugin</artifactId>
+                <version>0.10.0</version>
+                <extensions>true</extensions>
+                <configuration>
+                    <publishingServerId>central</publishingServerId>
+                    <autoPublish>true</autoPublish>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <version>3.6.2</version>
+                <executions>
+                    <execution>
+                        <id>enforce-maven</id>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                        <configuration>
+                            <rules>
+                                <requireMavenVersion>
+                                    <version>3.6.3</version>
+                                </requireMavenVersion>
+                            </rules>
+                        </configuration>
                     </execution>
                 </executions>
             </plugin>
+
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>versions-maven-plugin</artifactId>
+                <version>2.20.1</version>
+                <configuration>
+                    <ignoredVersions>
+                        <!-- Ignore Alpha's, Beta's, release candidates and milestones -->
+                        <ignoreVersion type="regex">(?i).*Alpha(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*a(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*Beta(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*-B(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*RC(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*CR(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*M(?:-?\d+)?</ignoreVersion>
+                    </ignoredVersions>
+                    <ruleSet>
+                        <rules>
+                            <rule>
+                                <!-- stay on slf4j 1.x -->
+                                <groupId>org.slf4j</groupId>
+                                <ignoreVersions><ignoreVersion>
+                                    <type>range</type>
+                                    <version>[2.0,)</version>
+                                </ignoreVersion>
+                                </ignoreVersions>
+                            </rule>
+                        </rules>
+                    </ruleSet>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
 
@@ -201,18 +579,36 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.28</version>
+            <version>${slf4j.version}</version>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
-            <version>1.18.8</version>
+            <version>${lombok.version}</version>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>net.java.dev.jna</groupId>
+            <artifactId>jna</artifactId>
+            <version>${jna.version}</version>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>net.java.dev.jna</groupId>
+            <artifactId>jna-platform</artifactId>
+            <version>${jna.version}</version>
+            <optional>true</optional>
+        </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.61</version>
+            <artifactId>bcprov-jdk18on</artifactId>
+            <version>${bouncycastle.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcutil-jdk18on</artifactId>
+            <version>${bouncycastle.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -227,61 +623,433 @@
             <version>${org.junit.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-params</artifactId>
+            <version>${org.junit.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.assertj</groupId>
+            <artifactId>assertj-core</artifactId>
+            <version>3.27.7</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <version>${mockito.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-junit-jupiter</artifactId>
+            <version>${mockito.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>net.bytebuddy</groupId>
+            <artifactId>byte-buddy-agent</artifactId>
+            <version>1.18.4</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-simple</artifactId>
+            <version>${slf4j.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>jul-to-slf4j</artifactId>
+            <version>${slf4j.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.vertx</groupId>
+            <artifactId>vertx-core</artifactId>
+            <version>${vertx.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.vertx</groupId>
+            <artifactId>vertx-junit5</artifactId>
+            <version>${vertx.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <!-- Not actually needed, but required to silence javac annotation processor warnings -->
+            <groupId>io.vertx</groupId>
+            <artifactId>vertx-codegen</artifactId>
+            <version>${vertx.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.21.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.openjdk.jcstress</groupId>
+            <artifactId>jcstress-core</artifactId>
+            <version>0.16</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <profiles>
         <profile>
-            <!-- JDK9 removed the Nameservice SPI as per bug 8134577. There's no replacement. -->
-            <id>no-spi-on-java9</id>
+            <id>java8</id>
+            <activation>
+                <jdk>[,9)</jdk>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-compiler-plugin</artifactId>
+                        <configuration>
+                            <source>${target.jdk}</source>
+                            <target>${target.jdk}</target>
+                        </configuration>
+                    </plugin>
+
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>animal-sniffer-maven-plugin</artifactId>
+                        <version>1.24</version>
+                        <configuration>
+                            <signature>
+                                <groupId>com.toasttab.android</groupId>
+                                <artifactId>gummy-bears-api-26</artifactId>
+                                <version>0.12.0</version>
+                            </signature>
+                            <ignores>
+                                <ignore>javax.naming.NamingException</ignore>
+                                <ignore>javax.naming.directory.*</ignore>
+                                <ignore>sun.net.spi.nameservice.*</ignore>
+                                <ignore>java.net.spi.*</ignore>
+                            </ignores>
+                        </configuration>
+                        <dependencies>
+                            <dependency>
+                                <groupId>org.ow2.asm</groupId>
+                                <artifactId>asm</artifactId>
+                                <version>9.8</version>
+                            </dependency>
+                        </dependencies>
+                        <executions>
+                            <execution>
+                                <id>animal-sniffer</id>
+                                <phase>test</phase>
+                                <goals>
+                                    <goal>check</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+
+                    <plugin>
+                        <groupId>org.jacoco</groupId>
+                        <artifactId>jacoco-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>report</id>
+                                <phase>verify</phase>
+                                <goals>
+                                    <goal>report</goal>
+                                </goals>
+                                <configuration>
+                                    <excludes>
+                                        <exclude>META-INF/**</exclude>
+                                    </excludes>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+
+        <profile>
+            <id>java11</id>
             <activation>
-                <jdk>[1.9,)</jdk>
+                <jdk>[11,)</jdk>
             </activation>
 
             <properties>
-                <target.jdk>9</target.jdk>
-                <maven.compiler.release>${target.jdk}</maven.compiler.release>
+                <mockito.version>5.21.0</mockito.version>
+                <!--
+                 Stay on 1.24 as 1.25 requires JDK 17
+                -->
+                <google-java-format.version>1.24.0</google-java-format.version>
+                <!--
+                 Stay on 2x as 3.x requires JDK 17
+                -->
+                <spotless.version>2.46.1</spotless.version>
             </properties>
+
             <build>
                 <plugins>
+                    <plugin>
+                        <groupId>org.apache.felix</groupId>
+                        <artifactId>maven-bundle-plugin</artifactId>
+                        <configuration>
+                            <instructions>
+                                <Include-Resource>
+                                    {maven-resources},
+                                    META-INF/versions=-target/classes/META-INF/versions,
+                                    META-INF/LICENSE=LICENSE
+                                </Include-Resource>
+                            </instructions>
+                        </configuration>
+                    </plugin>
+
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-compiler-plugin</artifactId>
+                        <configuration>
+                            <release>${target.jdk}</release>
+                            <compilerArgs>
+                                <arg>-Xlint:all,-serial,-processing,-requires-automatic</arg>
+                                <arg>-Xpkginfo:always</arg>
+                            </compilerArgs>
+                        </configuration>
+
+                        <executions>
+                            <!-- Compile by default for Java 8 -->
+                            <execution>
+                                <id>default-compile</id>
+                                <goals>
+                                    <goal>compile</goal>
+                                </goals>
+                                <configuration>
+                                    <release>${target.jdk}</release>
+                                    <compileSourceRoots>
+                                        <compileSourceRoot>${project.basedir}/src/main/java</compileSourceRoot>
+                                    </compileSourceRoots>
+                                </configuration>
+                            </execution>
+
+                            <!-- Compile Java 11+ stuff (module-info) -->
+                            <execution>
+                                <id>compile-java11</id>
+                                <goals>
+                                    <goal>compile</goal>
+                                </goals>
+                                <configuration>
+                                    <release>11</release>
+                                    <multiReleaseOutput>true</multiReleaseOutput>
+                                    <compileSourceRoots>
+                                        <compileSourceRoot>${project.basedir}/src/main/java11</compileSourceRoot>
+                                    </compileSourceRoots>
+                                </configuration>
+                            </execution>
+
+                            <execution>
+                                <id>default-testCompile</id>
+                                <configuration>
+                                    <release>${target.jdk}</release>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-surefire-plugin</artifactId>
+                        <configuration>
+                            <argLine>
+                                @{argLine}
+                                -Djava.util.logging.config.file=${project.build.testOutputDirectory}/logging.properties
+                                --add-opens java.base/sun.net.dns=ALL-UNNAMED
+                            </argLine>
+
+                            <!--
+                              Workaround to actually use / prefer the versioned classes
+                              https://issues.apache.org/jira/browse/SUREFIRE-1731
+                            -->
+                            <useModulePath>false</useModulePath>
+                            <classesDirectory>${project.build.outputDirectory}/META-INF/versions/11</classesDirectory>
+                            <additionalClasspathElements>
+                                <additionalClasspathElement>${project.build.outputDirectory}</additionalClasspathElement>
+                            </additionalClasspathElements>
+                        </configuration>
+                    </plugin>
+
+                    <plugin>
+                        <groupId>org.jacoco</groupId>
+                        <artifactId>jacoco-maven-plugin</artifactId>
                         <configuration>
                             <excludes>
-                                <exclude>org/xbill/DNS/spi/**</exclude>
+                                <exclude>org/xbill/DNS/AsyncSemaphore*</exclude>
+                                <exclude>org/xbill/DNS/DohResolver*</exclude>
                             </excludes>
                         </configuration>
                     </plugin>
+                </plugins>
+            </build>
+        </profile>
+
+        <profile>
+            <!--
+              Required only for maven-source-plugin, but needs to be hidden from IntelliJ
+              https://github.com/apache/maven-source-plugin/issues/215
+            -->
+            <id>java11-not-idea</id>
+            <activation>
+                <activeByDefault>false</activeByDefault>
+                <jdk>[11,)</jdk>
+                <property>
+                    <name>!idea.version</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>build-helper-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>add-java11-source</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>add-source</goal>
+                                </goals>
+                                <configuration>
+                                    <sources>
+                                        <source>src/main/java11</source>
+                                    </sources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+
+        <profile>
+            <id>java18</id>
+            <activation>
+                <jdk>[18,)</jdk>
+            </activation>
+
+            <properties>
+                <google-java-format.version>1.27.0</google-java-format.version>
+                <spotless.version>3.1.0</spotless.version>
+            </properties>
+
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>com.diffplug.spotless</groupId>
+                        <artifactId>spotless-maven-plugin</artifactId>
+                        <configuration>
+                            <java>
+                                <forbidWildcardImports/>
+                            </java>
+                        </configuration>
+                    </plugin>
 
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-javadoc-plugin</artifactId>
+                        <artifactId>maven-compiler-plugin</artifactId>
+                        <executions>
+                            <!-- Compile Java 18+ stuff (DNS SPI) -->
+                            <execution>
+                                <id>compile-java18</id>
+                                <goals>
+                                    <goal>compile</goal>
+                                </goals>
+                                <configuration>
+                                    <release>18</release>
+                                    <multiReleaseOutput>true</multiReleaseOutput>
+                                    <compileSourceRoots>
+                                        <compileSourceRoot>${project.basedir}/src/main/java18</compileSourceRoot>
+                                    </compileSourceRoots>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-dependency-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <phase>initialize</phase>
+                                <goals>
+                                    <goal>properties</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-surefire-plugin</artifactId>
                         <configuration>
-                            <excludePackageNames>*.spi.*</excludePackageNames>
+                            <argLine>
+                                @{argLine}
+                                -Djava.util.logging.config.file=${project.build.testOutputDirectory}/logging.properties
+                                --enable-native-access=ALL-UNNAMED
+                                --add-opens java.base/sun.net.dns=ALL-UNNAMED
+                                -javaagent:${net.bytebuddy:byte-buddy-agent:jar}
+                                -javaagent:${org.mockito:mockito-core:jar}
+                            </argLine>
+
+                            <!--
+                              Workaround to actually use / prefer the versioned classes
+                              https://issues.apache.org/jira/browse/SUREFIRE-1731
+                            -->
+                            <useModulePath>false</useModulePath>
+                            <classesDirectory>${project.build.outputDirectory}/META-INF/versions/18</classesDirectory>
+                            <additionalClasspathElements>
+                                <additionalClasspathElement>${project.build.outputDirectory}/META-INF/versions/11</additionalClasspathElement>
+                                <additionalClasspathElement>${project.build.outputDirectory}</additionalClasspathElement>
+                            </additionalClasspathElements>
                         </configuration>
                     </plugin>
                 </plugins>
+            </build>
+        </profile>
 
-                <resources>
-                    <resource>
-                        <directory>src/main/resources</directory>
-                        <excludes>
-                            <exclude>META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor</exclude>
-                        </excludes>
-                    </resource>
-                </resources>
+        <profile>
+            <!--
+              Required only for maven-source-plugin, but needs to be hidden from IntelliJ
+              https://github.com/apache/maven-source-plugin/issues/215
+            -->
+            <id>java18-not-idea</id>
+            <activation>
+                <activeByDefault>false</activeByDefault>
+                <jdk>[18,)</jdk>
+                <property>
+                    <name>!idea.version</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>build-helper-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>add-java18-source</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>add-source</goal>
+                                </goals>
+                                <configuration>
+                                    <sources>
+                                        <source>src/main/java18</source>
+                                    </sources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
             </build>
         </profile>
     </profiles>
-
-    <distributionManagement>
-        <snapshotRepository>
-            <id>ossrh</id>
-            <url>https://oss.sonatype.org/content/repositories/snapshots</url>
-        </snapshotRepository>
-        <repository>
-            <id>ossrh</id>
-            <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-        </repository>
-    </distributionManagement>
 </project>
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 000000000..cd8976375
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,35 @@
+sonar.projectKey=dnsjava_dnsjava
+sonar.organization=dnsjava
+sonar.host.url=https://sonarcloud.io
+sonar.java.source=8
+sonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml
+sonar.scanner.skipJreProvisioning=true
+
+sonar.issue.ignore.multicriteria=S106,S107,S120,S1948,S2160
+
+# Standard outputs should not be used directly to log anything
+# The tools are intended for command line usage, it's not logging
+sonar.issue.ignore.multicriteria.S106.ruleKey=java:S106
+sonar.issue.ignore.multicriteria.S106.resourceKey=**/tools/*.java
+
+# Package names should comply with a naming convention
+# org.xbill.DNS - api compatibility
+sonar.issue.ignore.multicriteria.S120.ruleKey=java:S120
+sonar.issue.ignore.multicriteria.S120.resourceKey=**
+
+# Methods should not have too many parameters
+# The Record implementations have these for their definition
+sonar.issue.ignore.multicriteria.S107.ruleKey=java:S107
+sonar.issue.ignore.multicriteria.S107.resourceKey=**/*Record.java
+
+# Fields in a "Serializable" class should either be transient or serializable
+# Serialization should use the wire format, supported for EJB scenarios. See
+# https://github.com/dnsjava/dnsjava/issues/114
+# https://github.com/dnsjava/dnsjava/issues/132
+sonar.issue.ignore.multicriteria.S1948.ruleKey=java:S1948
+sonar.issue.ignore.multicriteria.S1948.resourceKey=**/*Record.java
+
+# Subclasses that add fields to classes that override "equals" should also override "equals"
+# The Record base class implements equals based on the record's wire format
+sonar.issue.ignore.multicriteria.S2160.ruleKey=java:S2160
+sonar.issue.ignore.multicriteria.S2160.resourceKey=**/*Record.java
diff --git a/src/main/java/android/content/Context.java b/src/main/java/android/content/Context.java
new file mode 100644
index 000000000..45628bc73
--- /dev/null
+++ b/src/main/java/android/content/Context.java
@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package android.content;
+
+public class Context {
+  public <T> T getSystemService(Class<T> serviceClass) {
+    throw new UnsupportedOperationException();
+  }
+}
diff --git a/src/main/java/android/net/ConnectivityManager.java b/src/main/java/android/net/ConnectivityManager.java
new file mode 100644
index 000000000..2c3c44d3e
--- /dev/null
+++ b/src/main/java/android/net/ConnectivityManager.java
@@ -0,0 +1,12 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package android.net;
+
+public class ConnectivityManager {
+  public Network getActiveNetwork() {
+    throw new UnsupportedOperationException();
+  }
+
+  public LinkProperties getLinkProperties(Network network) {
+    throw new UnsupportedOperationException();
+  }
+}
diff --git a/src/main/java/android/net/LinkProperties.java b/src/main/java/android/net/LinkProperties.java
new file mode 100644
index 000000000..ad264e794
--- /dev/null
+++ b/src/main/java/android/net/LinkProperties.java
@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package android.net;
+
+import java.net.InetAddress;
+import java.util.List;
+
+public class LinkProperties {
+  public List<InetAddress> getDnsServers() {
+    throw new UnsupportedOperationException();
+  }
+
+  public String getDomains() {
+    throw new UnsupportedOperationException();
+  }
+}
diff --git a/src/main/java/android/net/Network.java b/src/main/java/android/net/Network.java
new file mode 100644
index 000000000..afa217c19
--- /dev/null
+++ b/src/main/java/android/net/Network.java
@@ -0,0 +1,5 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package android.net;
+
+@SuppressWarnings("java:S2094")
+public class Network {}
diff --git a/src/main/java/android/package-info.java b/src/main/java/android/package-info.java
new file mode 100644
index 000000000..5e78b1b4b
--- /dev/null
+++ b/src/main/java/android/package-info.java
@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+/**
+ * The interfaces in this package were automatically extracted and are used to compile on against
+ * the Android SDK without installing it. The RoboElectric dependency does not work with JPMS.
+ */
+package android;
diff --git a/src/main/java/lombok.config b/src/main/java/lombok.config
new file mode 100644
index 000000000..7a21e8804
--- /dev/null
+++ b/src/main/java/lombok.config
@@ -0,0 +1 @@
+lombok.addLombokGeneratedAnnotation = true
diff --git a/src/main/java/org/xbill/DNS/A6Record.java b/src/main/java/org/xbill/DNS/A6Record.java
index de4fe52d2..7f1915240 100644
--- a/src/main/java/org/xbill/DNS/A6Record.java
+++ b/src/main/java/org/xbill/DNS/A6Record.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -10,23 +11,16 @@
  * A6 Record - maps a domain name to an IPv6 address (historic)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc6563">RFC 6563: Moving A6 to Historic Status</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc6563">RFC 6563: Moving A6 to Historic
+ *     Status</a>
  */
 public class A6Record extends Record {
-
-  private static final long serialVersionUID = -8815026887337346789L;
-
   private int prefixBits;
   private InetAddress suffix;
   private Name prefix;
 
   A6Record() {}
 
-  @Override
-  Record getObject() {
-    return new A6Record();
-  }
-
   /**
    * Creates an A6 Record from the given data
    *
@@ -48,7 +42,7 @@ public A6Record(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     prefixBits = in.readU8();
     int suffixbits = 128 - prefixBits;
     int suffixbytes = (suffixbits + 7) / 8;
@@ -63,7 +57,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     prefixBits = st.getUInt8();
     if (prefixBits > 128) {
       throw st.exception("prefix bits must be [0..128]");
@@ -82,7 +76,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(prefixBits);
     if (suffix != null) {
@@ -112,7 +106,7 @@ public Name getPrefix() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU8(prefixBits);
     if (suffix != null) {
       int suffixbits = 128 - prefixBits;
diff --git a/src/main/java/org/xbill/DNS/AAAARecord.java b/src/main/java/org/xbill/DNS/AAAARecord.java
index e9b0eea0e..a834c2ff1 100644
--- a/src/main/java/org/xbill/DNS/AAAARecord.java
+++ b/src/main/java/org/xbill/DNS/AAAARecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -10,48 +11,54 @@
  * IPv6 Address Record - maps a domain name to an IPv6 address
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc3596">RFC 3596: DNS Extensions to Support IP Version
- *     6</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc3596">RFC 3596: DNS Extensions to Support
+ *     IP Version 6</a>
  */
 public class AAAARecord extends Record {
-
-  private static final long serialVersionUID = -4588601512069748050L;
-
   private byte[] address;
 
   AAAARecord() {}
 
-  @Override
-  Record getObject() {
-    return new AAAARecord();
+  /**
+   * Creates an AAAA record from the given address.
+   *
+   * @param address The address that the name refers to.
+   */
+  public AAAARecord(Name name, int dclass, long ttl, InetAddress address) {
+    super(name, Type.AAAA, dclass, ttl);
+    if (Address.familyOf(address) != Address.IPv4 && Address.familyOf(address) != Address.IPv6) {
+      throw new IllegalArgumentException("invalid IPv4/IPv6 address");
+    }
+    this.address = address.getAddress();
   }
 
   /**
-   * Creates an AAAA Record from the given data
+   * Creates an AAAA record from the given data.
    *
-   * @param address The address suffix
+   * @param address The address that the name refers to
+   * @since 3.6
    */
-  public AAAARecord(Name name, int dclass, long ttl, InetAddress address) {
+  public AAAARecord(Name name, int dclass, long ttl, byte[] address) {
     super(name, Type.AAAA, dclass, ttl);
-    if (Address.familyOf(address) != Address.IPv6) {
+    if (address == null || address.length != 16) {
       throw new IllegalArgumentException("invalid IPv6 address");
     }
-    this.address = address.getAddress();
+    this.address = address;
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     address = in.readByteArray(16);
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     address = st.getAddressBytes(Address.IPv6);
   }
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     InetAddress addr;
     try {
       addr = InetAddress.getByAddress(null, address);
@@ -60,13 +67,7 @@ String rrToString() {
     }
     if (addr.getAddress().length == 4) {
       // Deal with Java's broken handling of mapped IPv4 addresses.
-      StringBuilder sb = new StringBuilder("0:0:0:0:0:ffff:");
-      int high = ((address[12] & 0xFF) << 8) + (address[13] & 0xFF);
-      int low = ((address[14] & 0xFF) << 8) + (address[15] & 0xFF);
-      sb.append(Integer.toHexString(high));
-      sb.append(':');
-      sb.append(Integer.toHexString(low));
-      return sb.toString();
+      return "::ffff:" + addr.getHostAddress();
     }
     return addr.getHostAddress();
   }
@@ -85,7 +86,7 @@ public InetAddress getAddress() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeByteArray(address);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/AFSDBRecord.java b/src/main/java/org/xbill/DNS/AFSDBRecord.java
index 02061e50d..6ca2f0524 100644
--- a/src/main/java/org/xbill/DNS/AFSDBRecord.java
+++ b/src/main/java/org/xbill/DNS/AFSDBRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,19 +7,11 @@
  * AFS Data Base Record - maps a domain name to the name of an AFS cell database server.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
  */
 public class AFSDBRecord extends U16NameBase {
-
-  private static final long serialVersionUID = 3034379930729102437L;
-
   AFSDBRecord() {}
 
-  @Override
-  Record getObject() {
-    return new AFSDBRecord();
-  }
-
   /**
    * Creates an AFSDB Record from the given data.
    *
diff --git a/src/main/java/org/xbill/DNS/APLRecord.java b/src/main/java/org/xbill/DNS/APLRecord.java
index ee0486c92..cdfc805fe 100644
--- a/src/main/java/org/xbill/DNS/APLRecord.java
+++ b/src/main/java/org/xbill/DNS/APLRecord.java
@@ -1,29 +1,26 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.io.IOException;
+import java.io.Serializable;
 import java.net.InetAddress;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 import org.xbill.DNS.utils.base16;
 
-/*
- * Note: this currently uses the same constants as the Address class;
- * this could change if more constants are defined for APL records.
- */
-
 /**
  * APL - Address Prefix List.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc3123">RFC 3123: A DNS RR Type for Lists of Address
- *     Prefixes (APL RR)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc3123">RFC 3123: A DNS RR Type for Lists of
+ *     Address Prefixes (APL RR)</a>
  */
 public class APLRecord extends Record {
 
-  public static class Element {
+  public static class Element implements Serializable {
     public final int family;
     public final boolean negative;
     public final int prefixLength;
@@ -35,7 +32,7 @@ private Element(int family, boolean negative, Object address, int prefixLength)
       this.address = address;
       this.prefixLength = prefixLength;
       if (!validatePrefixLength(family, prefixLength)) {
-        throw new IllegalArgumentException("invalid prefix " + "length");
+        throw new IllegalArgumentException("invalid prefix length");
       }
     }
 
@@ -75,10 +72,10 @@ public boolean equals(Object arg) {
         return false;
       }
       Element elt = (Element) arg;
-      return (family == elt.family
+      return family == elt.family
           && negative == elt.negative
           && prefixLength == elt.prefixLength
-          && address.equals(elt.address));
+          && address.equals(elt.address);
     }
 
     @Override
@@ -87,17 +84,10 @@ public int hashCode() {
     }
   }
 
-  private static final long serialVersionUID = -1348173791712935864L;
-
   private List<Element> elements;
 
   APLRecord() {}
 
-  @Override
-  Record getObject() {
-    return new APLRecord();
-  }
-
   private static boolean validatePrefixLength(int family, int prefixLength) {
     if (prefixLength < 0 || prefixLength >= 256) {
       return false;
@@ -135,7 +125,7 @@ private static byte[] parseAddress(byte[] in, int length) throws WireParseExcept
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     elements = new ArrayList<>(1);
     while (in.remaining() != 0) {
       int family = in.readU16();
@@ -162,7 +152,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     elements = new ArrayList<>(1);
     while (true) {
       Tokenizer.Token t = st.get();
@@ -174,7 +164,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
       int family;
       int prefix;
 
-      String s = t.value;
+      String s = t.value();
       int start = 0;
       if (s.startsWith("!")) {
         negative = true;
@@ -224,7 +214,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
   }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     for (Iterator<Element> it = elements.iterator(); it.hasNext(); ) {
       Element element = it.next();
@@ -251,7 +241,7 @@ private static int addressLength(byte[] addr) {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     for (Element element : elements) {
       int length;
       byte[] data;
diff --git a/src/main/java/org/xbill/DNS/ARecord.java b/src/main/java/org/xbill/DNS/ARecord.java
index 934c31d40..e5cd28f94 100644
--- a/src/main/java/org/xbill/DNS/ARecord.java
+++ b/src/main/java/org/xbill/DNS/ARecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -10,27 +11,19 @@
  * Address Record - maps a domain name to an Internet address
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class ARecord extends Record {
-
-  private static final long serialVersionUID = -2172609200849142323L;
-
   private int addr;
 
   ARecord() {}
 
-  @Override
-  Record getObject() {
-    return new ARecord();
-  }
-
   private static int fromArray(byte[] array) {
-    return (((array[0] & 0xFF) << 24)
+    return ((array[0] & 0xFF) << 24)
         | ((array[1] & 0xFF) << 16)
         | ((array[2] & 0xFF) << 8)
-        | (array[3] & 0xFF));
+        | (array[3] & 0xFF);
   }
 
   private static byte[] toArray(int addr) {
@@ -55,20 +48,34 @@ public ARecord(Name name, int dclass, long ttl, InetAddress address) {
     addr = fromArray(address.getAddress());
   }
 
+  /**
+   * Creates an A Record from the given data
+   *
+   * @param address The address that the name refers to
+   * @since 3.6
+   */
+  public ARecord(Name name, int dclass, long ttl, byte[] address) {
+    super(name, Type.A, dclass, ttl);
+    if (address == null || address.length != 4) {
+      throw new IllegalArgumentException("invalid IPv4 address");
+    }
+    addr = fromArray(address);
+  }
+
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     addr = fromArray(in.readByteArray(4));
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     addr = fromArray(st.getAddressBytes(Address.IPv4));
   }
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
-    return (Address.toDottedQuad(toArray(addr)));
+  protected String rrToString() {
+    return Address.toDottedQuad(toArray(addr));
   }
 
   /** Returns the Internet address */
@@ -85,7 +92,7 @@ public InetAddress getAddress() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
-    out.writeU32(((long) addr) & 0xFFFFFFFFL);
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+    out.writeU32(addr & 0xFFFFFFFFL);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/Address.java b/src/main/java/org/xbill/DNS/Address.java
index 4b5b96fac..c2bc669e0 100644
--- a/src/main/java/org/xbill/DNS/Address.java
+++ b/src/main/java/org/xbill/DNS/Address.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,6 +7,7 @@
 import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
+import lombok.experimental.UtilityClass;
 
 /**
  * Routines dealing with IP addresses. Includes functions similar to those in the
@@ -13,166 +15,12 @@
  *
  * @author Brian Wellington
  */
+@UtilityClass
 public final class Address {
 
   public static final int IPv4 = 1;
   public static final int IPv6 = 2;
 
-  private Address() {}
-
-  private static byte[] parseV4(String s) {
-    int numDigits;
-    int currentOctet;
-    byte[] values = new byte[4];
-    int currentValue;
-    int length = s.length();
-
-    currentOctet = 0;
-    currentValue = 0;
-    numDigits = 0;
-    for (int i = 0; i < length; i++) {
-      char c = s.charAt(i);
-      if (c >= '0' && c <= '9') {
-        /* Can't have more than 3 digits per octet. */
-        if (numDigits == 3) {
-          return null;
-        }
-        /* Octets shouldn't start with 0, unless they are 0. */
-        if (numDigits > 0 && currentValue == 0) {
-          return null;
-        }
-        numDigits++;
-        currentValue *= 10;
-        currentValue += (c - '0');
-        /* 255 is the maximum value for an octet. */
-        if (currentValue > 255) {
-          return null;
-        }
-      } else if (c == '.') {
-        /* Can't have more than 3 dots. */
-        if (currentOctet == 3) {
-          return null;
-        }
-        /* Two consecutive dots are bad. */
-        if (numDigits == 0) {
-          return null;
-        }
-        values[currentOctet++] = (byte) currentValue;
-        currentValue = 0;
-        numDigits = 0;
-      } else {
-        return null;
-      }
-    }
-    /* Must have 4 octets. */
-    if (currentOctet != 3) {
-      return null;
-    }
-    /* The fourth octet can't be empty. */
-    if (numDigits == 0) {
-      return null;
-    }
-    values[currentOctet] = (byte) currentValue;
-    return values;
-  }
-
-  private static byte[] parseV6(String s) {
-    int range = -1;
-    byte[] data = new byte[16];
-
-    String[] tokens = s.split(":", -1);
-
-    int first = 0;
-    int last = tokens.length - 1;
-
-    if (tokens[0].length() == 0) {
-      // If the first two tokens are empty, it means the string
-      // started with ::, which is fine.  If only the first is
-      // empty, the string started with :, which is bad.
-      if (last - first > 0 && tokens[1].length() == 0) {
-        first++;
-      } else {
-        return null;
-      }
-    }
-
-    if (tokens[last].length() == 0) {
-      // If the last two tokens are empty, it means the string
-      // ended with ::, which is fine.  If only the last is
-      // empty, the string ended with :, which is bad.
-      if (last - first > 0 && tokens[last - 1].length() == 0) {
-        last--;
-      } else {
-        return null;
-      }
-    }
-
-    if (last - first + 1 > 8) {
-      return null;
-    }
-
-    int i, j;
-    for (i = first, j = 0; i <= last; i++) {
-      if (tokens[i].length() == 0) {
-        if (range >= 0) {
-          return null;
-        }
-        range = j;
-        continue;
-      }
-
-      if (tokens[i].indexOf('.') >= 0) {
-        // An IPv4 address must be the last component
-        if (i < last) {
-          return null;
-        }
-        // There can't have been more than 6 components.
-        if (i > 6) {
-          return null;
-        }
-        byte[] v4addr = Address.toByteArray(tokens[i], IPv4);
-        if (v4addr == null) {
-          return null;
-        }
-        for (int k = 0; k < 4; k++) {
-          data[j++] = v4addr[k];
-        }
-        break;
-      }
-
-      try {
-        for (int k = 0; k < tokens[i].length(); k++) {
-          char c = tokens[i].charAt(k);
-          if (Character.digit(c, 16) < 0) {
-            return null;
-          }
-        }
-        int x = Integer.parseInt(tokens[i], 16);
-        if (x > 0xFFFF || x < 0) {
-          return null;
-        }
-        data[j++] = (byte) (x >>> 8);
-        data[j++] = (byte) (x & 0xFF);
-      } catch (NumberFormatException e) {
-        return null;
-      }
-    }
-
-    if (j < 16 && range < 0) {
-      return null;
-    }
-
-    if (range >= 0) {
-      int empty = 16 - j;
-      System.arraycopy(data, range, data, range + empty, j - range);
-      for (i = range; i < range + empty; i++) {
-        data[i] = 0;
-      }
-    }
-
-    return data;
-  }
-
   /**
    * Convert a string containing an IP address to an array of 4 or 16 integers.
    *
@@ -211,9 +59,9 @@ public static int[] toArray(String s) {
    */
   public static byte[] toByteArray(String s, int family) {
     if (family == IPv4) {
-      return parseV4(s);
+      return IPAddressUtils.parseV4(s);
     } else if (family == IPv6) {
-      return parseV6(s);
+      return IPAddressUtils.parseV6(s);
     } else {
       throw new IllegalArgumentException("unknown address family");
     }
@@ -227,7 +75,7 @@ public static byte[] toByteArray(String s, int family) {
    */
   public static boolean isDottedQuad(String s) {
     byte[] address = Address.toByteArray(s, IPv4);
-    return (address != null);
+    return address != null;
   }
 
   /**
@@ -237,13 +85,13 @@ public static boolean isDottedQuad(String s) {
    * @return The string representation
    */
   public static String toDottedQuad(byte[] addr) {
-    return ((addr[0] & 0xFF)
+    return (addr[0] & 0xFF)
         + "."
         + (addr[1] & 0xFF)
         + "."
         + (addr[2] & 0xFF)
         + "."
-        + (addr[3] & 0xFF));
+        + (addr[3] & 0xFF);
   }
 
   /**
@@ -253,7 +101,7 @@ public static String toDottedQuad(byte[] addr) {
    * @return The string representation
    */
   public static String toDottedQuad(int[] addr) {
-    return (addr[0] + "." + addr[1] + "." + addr[2] + "." + addr[3]);
+    return addr[0] + "." + addr[1] + "." + addr[2] + "." + addr[3];
   }
 
   private static Record[] lookupHostName(String name, boolean all) throws UnknownHostException {
@@ -267,7 +115,8 @@ private static Record[] lookupHostName(String name, boolean all) throws UnknownH
             return aaaa;
           }
         }
-        throw new UnknownHostException("unknown host");
+        throw new UnknownHostException(
+            "<" + name + "> could not be resolved: " + lookup.getErrorString());
       }
       if (!all) {
         return a;
@@ -281,7 +130,7 @@ private static Record[] lookupHostName(String name, boolean all) throws UnknownH
       System.arraycopy(aaaa, 0, merged, a.length, aaaa.length);
       return merged;
     } catch (TextParseException e) {
-      throw new UnknownHostException("invalid name");
+      throw new UnknownHostException("<" + name + "> is invalid: " + e.getMessage());
     }
   }
 
@@ -385,7 +234,7 @@ public static String getHostName(InetAddress addr) throws UnknownHostException {
     Name name = ReverseMap.fromAddress(addr);
     Record[] records = new Lookup(name, Type.PTR).run();
     if (records == null) {
-      throw new UnknownHostException("unknown address");
+      throw new UnknownHostException("unknown address: " + name);
     }
     PTRRecord ptr = (PTRRecord) records[0];
     return ptr.getTarget().toString();
@@ -446,9 +295,9 @@ public static InetAddress truncate(InetAddress address, int maskLength) {
     int maskBits = maskLength % 8;
     int bitmask = 0;
     for (int i = 0; i < maskBits; i++) {
-      bitmask |= (1 << (7 - i));
+      bitmask |= 1 << (7 - i);
     }
-    bytes[maskLength / 8] &= bitmask;
+    bytes[maskLength / 8] &= (byte) bitmask;
     try {
       return InetAddress.getByAddress(bytes);
     } catch (UnknownHostException e) {
diff --git a/src/main/java/org/xbill/DNS/AsyncSemaphore.java b/src/main/java/org/xbill/DNS/AsyncSemaphore.java
new file mode 100644
index 000000000..0d704913a
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/AsyncSemaphore.java
@@ -0,0 +1,66 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.time.Duration;
+import java.util.ArrayDeque;
+import java.util.Queue;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.Executor;
+import java.util.concurrent.TimeUnit;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+final class AsyncSemaphore {
+  private final Queue<CompletableFuture<Permit>> queue = new ArrayDeque<>();
+  private final Permit singletonPermit = new Permit();
+  private final String name;
+  private volatile int permits;
+
+  final class Permit {
+    public void release(int id, Executor executor) {
+      synchronized (queue) {
+        CompletableFuture<Permit> next = queue.poll();
+        if (next == null) {
+          permits++;
+          log.trace("{} permit released id={}, available={}", name, id, permits);
+        } else {
+          log.trace("{} permit released id={}, available={}, immediate next", name, id, permits);
+          executor.execute(() -> next.complete(this));
+        }
+      }
+    }
+  }
+
+  AsyncSemaphore(int permits, String name) {
+    this.permits = permits;
+    this.name = name;
+    log.debug("Using Java 8 implementation for {}", name);
+  }
+
+  CompletionStage<Permit> acquire(Duration timeout, int id, Executor executor) {
+    synchronized (queue) {
+      if (permits > 0) {
+        permits--;
+        log.trace("{} permit acquired id={}, available={}", name, id, permits);
+        return CompletableFuture.completedFuture(singletonPermit);
+      } else {
+        TimeoutCompletableFuture<Permit> f = new TimeoutCompletableFuture<>();
+        f.compatTimeout(timeout.toNanos(), TimeUnit.NANOSECONDS)
+            .whenCompleteAsync(
+                (result, ex) -> {
+                  synchronized (queue) {
+                    if (ex != null) {
+                      log.trace("{} permit timed out id={}, available={}", name, id, permits);
+                    }
+                    queue.remove(f);
+                  }
+                },
+                executor);
+        log.trace("{} permit queued id={}, available={}", name, id, permits);
+        queue.add(f);
+        return f;
+      }
+    }
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/CAARecord.java b/src/main/java/org/xbill/DNS/CAARecord.java
index bf3231e37..2fc61cee8 100644
--- a/src/main/java/org/xbill/DNS/CAARecord.java
+++ b/src/main/java/org/xbill/DNS/CAARecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -8,13 +9,10 @@
  * Certification Authority Authorization
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc6844">RFC 6844: DNS Certification Authority
- *     Authorization (CAA) Resource Record</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc6844">RFC 6844: DNS Certification
+ *     Authority Authorization (CAA) Resource Record</a>
  */
 public class CAARecord extends Record {
-
-  private static final long serialVersionUID = 8544304287274216443L;
-
   public static class Flags {
     private Flags() {}
 
@@ -27,11 +25,6 @@ private Flags() {}
 
   CAARecord() {}
 
-  @Override
-  Record getObject() {
-    return new CAARecord();
-  }
-
   /**
    * Creates an CAA Record from the given data.
    *
@@ -51,14 +44,14 @@ public CAARecord(Name name, int dclass, long ttl, int flags, String tag, String
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     flags = in.readU8();
     tag = in.readCountedString();
     value = in.readByteArray();
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     flags = st.getUInt8();
     try {
       tag = byteArrayFromString(st.getString());
@@ -69,7 +62,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
   }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(flags);
     sb.append(" ");
@@ -95,7 +88,7 @@ public String getValue() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU8(flags);
     out.writeCountedString(tag);
     out.writeByteArray(value);
diff --git a/src/main/java/org/xbill/DNS/CDNSKEYRecord.java b/src/main/java/org/xbill/DNS/CDNSKEYRecord.java
index 0a24208d5..778ac69a6 100644
--- a/src/main/java/org/xbill/DNS/CDNSKEYRecord.java
+++ b/src/main/java/org/xbill/DNS/CDNSKEYRecord.java
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: BSD-2-Clause
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import java.security.PublicKey;
@@ -7,20 +7,12 @@
  * Child DNSKEY record as specified in RFC 8078.
  *
  * @see DNSSEC
- * @see <a href="https://tools.ietf.org/html/rfc8078">RFC 8078: Managing DS Records from the Parent
- *     via CDS/CDNSKEY</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc8078">RFC 8078: Managing DS Records from
+ *     the Parent via CDS/CDNSKEY</a>
  */
 public class CDNSKEYRecord extends DNSKEYRecord {
-
-  private static final long serialVersionUID = 1307874430666933615L;
-
   CDNSKEYRecord() {}
 
-  @Override
-  Record getObject() {
-    return new CDNSKEYRecord();
-  }
-
   /**
    * Creates a CDNSKEY Record from the given data
    *
diff --git a/src/main/java/org/xbill/DNS/CDSRecord.java b/src/main/java/org/xbill/DNS/CDSRecord.java
index fcacd8e47..c9eee1fd8 100644
--- a/src/main/java/org/xbill/DNS/CDSRecord.java
+++ b/src/main/java/org/xbill/DNS/CDSRecord.java
@@ -1,24 +1,16 @@
-// SPDX-License-Identifier: BSD-2-Clause
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 /**
  * Child Delegation Signer record as specified in RFC 8078.
  *
  * @see DNSSEC
- * @see <a href="https://tools.ietf.org/html/rfc8078">RFC 8078: Managing DS Records from the Parent
- *     via CDS/CDNSKEY</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc8078">RFC 8078: Managing DS Records from
+ *     the Parent via CDS/CDNSKEY</a>
  */
 public class CDSRecord extends DSRecord {
-
-  private static final long serialVersionUID = -3156174257356976006L;
-
   CDSRecord() {}
 
-  @Override
-  Record getObject() {
-    return new CDSRecord();
-  }
-
   /**
    * Creates a CDS Record from the given data
    *
diff --git a/src/main/java/org/xbill/DNS/CERTRecord.java b/src/main/java/org/xbill/DNS/CERTRecord.java
index 4ac1aaf42..fb7c73695 100644
--- a/src/main/java/org/xbill/DNS/CERTRecord.java
+++ b/src/main/java/org/xbill/DNS/CERTRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -11,8 +12,8 @@
  *
  * @see KEYRecord
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4398">RFC 4398: Storing Certificates in the Domain
- *     Name System (DNS)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4398">RFC 4398: Storing Certificates in
+ *     the Domain Name System (DNS)</a>
  */
 public class CERTRecord extends Record {
 
@@ -51,7 +52,7 @@ private CertificateType() {}
     /** Certificate format defined by OID */
     public static final int OID = 254;
 
-    private static Mnemonic types = new Mnemonic("Certificate type", Mnemonic.CASE_UPPER);
+    private static final Mnemonic types = new Mnemonic("Certificate type", Mnemonic.CASE_UPPER);
 
     static {
       types.setMaximum(0xFFFF);
@@ -101,19 +102,13 @@ public static int value(String s) {
   /** Certificate format defined by IOD */
   public static final int OID = CertificateType.OID;
 
-  private static final long serialVersionUID = 4763014646517016835L;
-
-  private int certType, keyTag;
+  private int certType;
+  private int keyTag;
   private int alg;
   private byte[] cert;
 
   CERTRecord() {}
 
-  @Override
-  Record getObject() {
-    return new CERTRecord();
-  }
-
   /**
    * Creates a CERT Record from the given data
    *
@@ -132,7 +127,7 @@ public CERTRecord(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     certType = in.readU16();
     keyTag = in.readU16();
     alg = in.readU8();
@@ -140,7 +135,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     String certTypeString = st.getString();
     certType = CertificateType.value(certTypeString);
     if (certType < 0) {
@@ -157,7 +152,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(certType);
     sb.append(" ");
@@ -165,7 +160,7 @@ String rrToString() {
     sb.append(" ");
     sb.append(alg);
     if (cert != null) {
-      if (Options.check("multiline")) {
+      if (Options.multiline()) {
         sb.append(" (\n");
         sb.append(base64.formatString(cert, 64, "\t", true));
       } else {
@@ -197,7 +192,7 @@ public byte[] getCert() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(certType);
     out.writeU16(keyTag);
     out.writeU8(alg);
diff --git a/src/main/java/org/xbill/DNS/CNAMERecord.java b/src/main/java/org/xbill/DNS/CNAMERecord.java
index 8f64e50de..1449e4e20 100644
--- a/src/main/java/org/xbill/DNS/CNAMERecord.java
+++ b/src/main/java/org/xbill/DNS/CNAMERecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,27 +7,19 @@
  * CNAME Record - maps an alias to its real name
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class CNAMERecord extends SingleCompressedNameBase {
-
-  private static final long serialVersionUID = -4020373886892538580L;
-
   CNAMERecord() {}
 
-  @Override
-  Record getObject() {
-    return new CNAMERecord();
-  }
-
   /**
    * Creates a new CNAMERecord with the given data
    *
-   * @param alias The name to which the CNAME alias points
+   * @param target The name to which the CNAME alias points
    */
-  public CNAMERecord(Name name, int dclass, long ttl, Name alias) {
-    super(name, Type.CNAME, dclass, ttl, alias, "alias");
+  public CNAMERecord(Name name, int dclass, long ttl, Name target) {
+    super(name, Type.CNAME, dclass, ttl, target, "target");
   }
 
   /** Gets the target of the CNAME Record */
@@ -34,8 +27,14 @@ public Name getTarget() {
     return getSingleName();
   }
 
-  /** Gets the alias specified by the CNAME Record */
+  /**
+   * Gets the name of this record, aka the <i>alias</i> or <i>label</i> to the <i>canonical name</i>
+   * specified in {@link #getTarget()}.
+   *
+   * @deprecated use {@link #getName()}
+   */
+  @Deprecated
   public Name getAlias() {
-    return getSingleName();
+    return getName();
   }
 }
diff --git a/src/main/java/org/xbill/DNS/Cache.java b/src/main/java/org/xbill/DNS/Cache.java
index 706059dfa..3a6da65ce 100644
--- a/src/main/java/org/xbill/DNS/Cache.java
+++ b/src/main/java/org/xbill/DNS/Cache.java
@@ -1,8 +1,10 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.LinkedList;
@@ -30,6 +32,8 @@ private interface Element {
     int compareCredibility(int cred);
 
     int getType();
+
+    boolean isAuthenticated();
   }
 
   private static int limitExpire(long ttl, long maxttl) {
@@ -43,29 +47,29 @@ private static int limitExpire(long ttl, long maxttl) {
     return (int) expire;
   }
 
-  private static class CacheRRset<T extends Record> extends RRset<T> implements Element {
-    private static final long serialVersionUID = 5971755205903597024L;
-
+  static class CacheRRset extends RRset implements Element {
     int credibility;
     int expire;
+    boolean isAuthenticated;
 
-    public CacheRRset(T rec, int cred, long maxttl) {
-      super();
+    public CacheRRset(Record rec, int cred, long maxttl, boolean isAuthenticated) {
       this.credibility = cred;
       this.expire = limitExpire(rec.getTTL(), maxttl);
+      this.isAuthenticated = isAuthenticated;
       addRR(rec);
     }
 
-    public CacheRRset(RRset<T> rrset, int cred, long maxttl) {
+    public CacheRRset(RRset rrset, int cred, long maxttl, boolean isAuthenticated) {
       super(rrset);
       this.credibility = cred;
       this.expire = limitExpire(rrset.getTTL(), maxttl);
+      this.isAuthenticated = isAuthenticated;
     }
 
     @Override
     public final boolean expired() {
       int now = (int) (System.currentTimeMillis() / 1000);
-      return (now >= expire);
+      return now >= expire;
     }
 
     @Override
@@ -75,11 +79,12 @@ public final int compareCredibility(int cred) {
 
     @Override
     public String toString() {
-      StringBuilder sb = new StringBuilder();
-      sb.append(super.toString());
-      sb.append(" cl = ");
-      sb.append(credibility);
-      return sb.toString();
+      return super.toString() + " cl = " + credibility;
+    }
+
+    @Override
+    public boolean isAuthenticated() {
+      return isAuthenticated;
     }
   }
 
@@ -88,16 +93,19 @@ private static class NegativeElement implements Element {
     Name name;
     int credibility;
     int expire;
+    boolean isAuthenticated;
 
-    public NegativeElement(Name name, int type, SOARecord soa, int cred, long maxttl) {
+    public NegativeElement(
+        Name name, int type, SOARecord soa, int cred, long maxttl, boolean isAuthenticated) {
       this.name = name;
       this.type = type;
       long cttl = 0;
       if (soa != null) {
-        cttl = soa.getMinimum();
+        cttl = Math.min(soa.getMinimum(), soa.getTTL());
       }
       this.credibility = cred;
       this.expire = limitExpire(cttl, maxttl);
+      this.isAuthenticated = isAuthenticated;
     }
 
     @Override
@@ -108,7 +116,7 @@ public int getType() {
     @Override
     public final boolean expired() {
       int now = (int) (System.currentTimeMillis() / 1000);
-      return (now >= expire);
+      return now >= expire;
     }
 
     @Override
@@ -116,6 +124,11 @@ public final int compareCredibility(int cred) {
       return credibility - cred;
     }
 
+    @Override
+    public boolean isAuthenticated() {
+      return isAuthenticated;
+    }
+
     @Override
     public String toString() {
       StringBuilder sb = new StringBuilder();
@@ -152,17 +165,17 @@ void setMaxSize(int maxsize) {
     }
 
     @Override
-    protected boolean removeEldestEntry(Map.Entry eldest) {
+    protected boolean removeEldestEntry(Map.Entry<Name, Object> eldest) {
       return maxsize >= 0 && size() > maxsize;
     }
   }
 
-  private CacheMap data;
+  private final CacheMap data;
+  private final int dclass;
   private int maxncache = -1;
   private int maxcache = -1;
-  private int dclass;
 
-  private static final int defaultMaxEntries = 50000;
+  private static final int DEFAULT_MAX_ENTRIES = 50000;
 
   /**
    * Creates an empty Cache
@@ -172,7 +185,7 @@ protected boolean removeEldestEntry(Map.Entry eldest) {
    */
   public Cache(int dclass) {
     this.dclass = dclass;
-    data = new CacheMap(defaultMaxEntries);
+    data = new CacheMap(DEFAULT_MAX_ENTRIES);
   }
 
   /**
@@ -186,11 +199,27 @@ public Cache() {
 
   /** Creates a Cache which initially contains all records in the specified file. */
   public Cache(String file) throws IOException {
-    data = new CacheMap(defaultMaxEntries);
-    Master m = new Master(file);
-    Record record;
-    while ((record = m.nextRecord()) != null) {
-      addRecord(record, Credibility.HINT);
+    this(new Master(file));
+  }
+
+  /**
+   * Creates a Cache which initially contains all records in the specified stream.
+   *
+   * @since 3.6.2
+   */
+  public Cache(InputStream input) throws IOException {
+    this(new Master(input));
+  }
+
+  private <T> Cache(Master m) throws IOException {
+    this();
+    try {
+      Record r;
+      while ((r = m.nextRecord()) != null) {
+        addRecord(r, Credibility.HINT);
+      }
+    } finally {
+      m.close();
     }
   }
 
@@ -221,9 +250,9 @@ private synchronized Element oneElement(Name name, Object types, int type, int m
       throw new IllegalArgumentException("oneElement(ANY)");
     }
     if (types instanceof List) {
-      List list = (List) types;
-      for (Object o : list) {
-        Element set = (Element) o;
+      @SuppressWarnings("unchecked")
+      List<Element> list = (List<Element>) types;
+      for (Element set : list) {
         if (set.getType() == type) {
           found = set;
           break;
@@ -293,12 +322,13 @@ private synchronized void removeElement(Name name, int type) {
       return;
     }
     if (types instanceof List) {
-      List list = (List) types;
+      @SuppressWarnings("unchecked")
+      List<Element> list = (List<Element>) types;
       for (int i = 0; i < list.size(); i++) {
-        Element elt = (Element) list.get(i);
+        Element elt = list.get(i);
         if (elt.getType() == type) {
           list.remove(i);
-          if (list.size() == 0) {
+          if (list.isEmpty()) {
             data.remove(name);
           }
           return;
@@ -318,6 +348,19 @@ public synchronized void clearCache() {
     data.clear();
   }
 
+  /**
+   * Adds a record to the Cache.
+   *
+   * @param r The record to be added
+   * @param cred The credibility of the record
+   * @param o unused
+   * @deprecated use {@link #addRecord(Record, int)}
+   */
+  @Deprecated
+  public synchronized void addRecord(Record r, int cred, Object o) {
+    addRecord(r, cred, false);
+  }
+
   /**
    * Adds a record to the Cache.
    *
@@ -326,6 +369,10 @@ public synchronized void clearCache() {
    * @see Record
    */
   public synchronized void addRecord(Record r, int cred) {
+    addRecord(r, cred, false);
+  }
+
+  private synchronized void addRecord(Record r, int cred, boolean isAuthenticated) {
     Name name = r.getName();
     int type = r.getRRsetType();
     if (!Type.isRR(type)) {
@@ -333,14 +380,11 @@ public synchronized void addRecord(Record r, int cred) {
     }
     Element element = findElement(name, type, cred);
     if (element == null) {
-      CacheRRset<Record> crrset = new CacheRRset<>(r, cred, maxcache);
-      addRRset(crrset, cred);
-    } else if (element.compareCredibility(cred) == 0) {
-      if (element instanceof CacheRRset) {
-        @SuppressWarnings("unchecked")
-        CacheRRset<Record> crrset = (CacheRRset<Record>) element;
-        crrset.addRR(r);
-      }
+      CacheRRset crrset = new CacheRRset(r, cred, maxcache, isAuthenticated);
+      addRRset(crrset, cred, isAuthenticated);
+    } else if (element.compareCredibility(cred) == 0 && element instanceof CacheRRset) {
+      CacheRRset crrset = (CacheRRset) element;
+      crrset.addRR(r);
     }
   }
 
@@ -351,7 +395,12 @@ public synchronized void addRecord(Record r, int cred) {
    * @param cred The credibility of these records
    * @see RRset
    */
-  public synchronized <T extends Record> void addRRset(RRset<T> rrset, int cred) {
+  public synchronized <T extends Record> void addRRset(RRset rrset, int cred) {
+    addRRset(rrset, cred, false);
+  }
+
+  private synchronized <T extends Record> void addRRset(
+      RRset rrset, int cred, boolean isAuthenticated) {
     long ttl = rrset.getTTL();
     Name name = rrset.getName();
     int type = rrset.getType();
@@ -365,11 +414,11 @@ public synchronized <T extends Record> void addRRset(RRset<T> rrset, int cred) {
         element = null;
       }
       if (element == null) {
-        CacheRRset<T> crrset;
+        CacheRRset crrset;
         if (rrset instanceof CacheRRset) {
-          crrset = (CacheRRset<T>) rrset;
+          crrset = (CacheRRset) rrset;
         } else {
-          crrset = new CacheRRset<>(rrset, cred, maxcache);
+          crrset = new CacheRRset(rrset, cred, maxcache, isAuthenticated);
         }
         addElement(name, crrset);
       }
@@ -386,9 +435,14 @@ public synchronized <T extends Record> void addRRset(RRset<T> rrset, int cred) {
    * @param cred The credibility of the negative entry
    */
   public synchronized void addNegative(Name name, int type, SOARecord soa, int cred) {
+    addNegative(name, type, soa, cred, false);
+  }
+
+  private synchronized void addNegative(
+      Name name, int type, SOARecord soa, int cred, boolean isAuthenticated) {
     long ttl = 0;
     if (soa != null) {
-      ttl = soa.getTTL();
+      ttl = Math.min(soa.getMinimum(), soa.getTTL());
     }
     Element element = findElement(name, type, 0);
     if (ttl == 0) {
@@ -400,7 +454,7 @@ public synchronized void addNegative(Name name, int type, SOARecord soa, int cre
         element = null;
       }
       if (element == null) {
-        addElement(name, new NegativeElement(name, type, soa, cred, maxncache));
+        addElement(name, new NegativeElement(name, type, soa, cred, maxncache, isAuthenticated));
       }
     }
   }
@@ -412,13 +466,12 @@ protected synchronized SetResponse lookup(Name name, int type, int minCred) {
     Element element;
     Name tname;
     Object types;
-    SetResponse sr;
 
     labels = name.labels();
 
     for (tlabels = labels; tlabels >= 1; tlabels--) {
-      boolean isRoot = (tlabels == 1);
-      boolean isExact = (tlabels == labels);
+      boolean isRoot = tlabels == 1;
+      boolean isExact = tlabels == labels;
 
       if (isRoot) {
         tname = Name.root;
@@ -439,8 +492,8 @@ protected synchronized SetResponse lookup(Name name, int type, int minCred) {
        * Otherwise, look for a DNAME.
        */
       if (isExact && type == Type.ANY) {
-        sr = new SetResponse(SetResponse.SUCCESSFUL);
         Element[] elements = allElements(types);
+        SetResponse sr = SetResponse.ofType(SetResponseType.SUCCESSFUL);
         int added = 0;
         for (Element value : elements) {
           element = value;
@@ -454,7 +507,7 @@ protected synchronized SetResponse lookup(Name name, int type, int minCred) {
           if (element.compareCredibility(minCred) < 0) {
             continue;
           }
-          sr.addRRset((CacheRRset<?>) element);
+          sr.addRRset((CacheRRset) element);
           added++;
         }
         /* There were positive entries */
@@ -464,40 +517,37 @@ protected synchronized SetResponse lookup(Name name, int type, int minCred) {
       } else if (isExact) {
         element = oneElement(tname, types, type, minCred);
         if (element instanceof CacheRRset) {
-          sr = new SetResponse(SetResponse.SUCCESSFUL);
-          sr.addRRset((CacheRRset) element);
-          return sr;
+          return SetResponse.ofType(SetResponseType.SUCCESSFUL, (CacheRRset) element);
         } else if (element != null) {
-          sr = new SetResponse(SetResponse.NXRRSET);
-          return sr;
+          return SetResponse.ofType(SetResponseType.NXRRSET);
         }
 
         element = oneElement(tname, types, Type.CNAME, minCred);
         if (element instanceof CacheRRset) {
-          return new SetResponse(SetResponse.CNAME, (CacheRRset) element);
+          return SetResponse.ofType(SetResponseType.CNAME, (CacheRRset) element);
         }
       } else {
         element = oneElement(tname, types, Type.DNAME, minCred);
         if (element instanceof CacheRRset) {
-          return new SetResponse(SetResponse.DNAME, (CacheRRset) element);
+          return SetResponse.ofType(SetResponseType.DNAME, (CacheRRset) element);
         }
       }
 
       /* Look for an NS */
       element = oneElement(tname, types, Type.NS, minCred);
       if (element instanceof CacheRRset) {
-        return new SetResponse(SetResponse.DELEGATION, (CacheRRset) element);
+        return SetResponse.ofType(SetResponseType.DELEGATION, (CacheRRset) element);
       }
 
       /* Check for the special NXDOMAIN element. */
       if (isExact) {
         element = oneElement(tname, types, 0, minCred);
         if (element != null) {
-          return SetResponse.ofType(SetResponse.NXDOMAIN);
+          return SetResponse.ofType(SetResponseType.NXDOMAIN);
         }
       }
     }
-    return SetResponse.ofType(SetResponse.UNKNOWN);
+    return SetResponse.ofType(SetResponseType.UNKNOWN);
   }
 
   /**
@@ -514,11 +564,10 @@ public SetResponse lookupRecords(Name name, int type, int minCred) {
     return lookup(name, type, minCred);
   }
 
-  @SuppressWarnings("unchecked")
-  private <T extends Record> List<RRset<T>> findRecords(Name name, int type, int minCred) {
+  private List<RRset> findRecords(Name name, int type, int minCred) {
     SetResponse cr = lookupRecords(name, type, minCred);
     if (cr.isSuccessful()) {
-      return (List<RRset<T>>) (List) cr.answers();
+      return cr.answers();
     } else {
       return null;
     }
@@ -530,10 +579,10 @@ private <T extends Record> List<RRset<T>> findRecords(Name name, int type, int m
    *
    * @param name The name to look up
    * @param type The type to look up
-   * @return An array of RRsets, or null
+   * @return A list of matching RRsets, or {@code null}.
    * @see Credibility
    */
-  public <T extends Record> List<RRset<T>> findRecords(Name name, int type) {
+  public List<RRset> findRecords(Name name, int type) {
     return findRecords(name, type, Credibility.NORMAL);
   }
 
@@ -543,10 +592,10 @@ public <T extends Record> List<RRset<T>> findRecords(Name name, int type) {
    *
    * @param name The name to look up
    * @param type The type to look up
-   * @return An array of RRsets, or null
+   * @return A list of matching RRsets, or {@code null}.
    * @see Credibility
    */
-  public <T extends Record> List<RRset<T>> findAnyRecords(Name name, int type) {
+  public List<RRset> findAnyRecords(Name name, int type) {
     return findRecords(name, type, Credibility.GLUE);
   }
 
@@ -570,7 +619,7 @@ private int getCred(int section, boolean isAuth) {
     }
   }
 
-  private static void markAdditional(RRset<?> rrset, Set<Name> names) {
+  private static void markAdditional(RRset rrset, Set<Name> names) {
     Record first = rrset.first();
     if (first.getAdditionalName() == null) {
       return;
@@ -593,9 +642,9 @@ private static void markAdditional(RRset<?> rrset, Set<Name> names) {
    *     nothing useful could be cached from the message.
    * @see Message
    */
-  @SuppressWarnings("unchecked")
   public SetResponse addMessage(Message in) {
-    boolean isAuth = in.getHeader().getFlag(Flags.AA);
+    boolean isAuthoritative = in.getHeader().getFlag(Flags.AA);
+    boolean isAuthenticated = in.getHeader().getFlag(Flags.AD);
     Record question = in.getQuestion();
     Name qname;
     Name curname;
@@ -604,7 +653,6 @@ public SetResponse addMessage(Message in) {
     int cred;
     int rcode = in.getHeader().getRcode();
     boolean completed = false;
-    RRset[] answers, auth, addl;
     SetResponse response = null;
     HashSet<Name> additionalNames;
 
@@ -620,55 +668,66 @@ public SetResponse addMessage(Message in) {
 
     additionalNames = new HashSet<>();
 
-    answers = in.getSectionRRsets(Section.ANSWER);
-    for (RRset<?> answer : answers) {
+    List<RRset> answers = in.getSectionRRsets(Section.ANSWER);
+    for (int i = 0; i < answers.size(); i++) {
+      RRset answer = answers.get(i);
       if (answer.getDClass() != qclass) {
         continue;
       }
       int type = answer.getType();
       Name name = answer.getName();
-      cred = getCred(Section.ANSWER, isAuth);
+      cred = getCred(Section.ANSWER, isAuthoritative);
       if ((type == qtype || qtype == Type.ANY) && name.equals(curname)) {
-        addRRset(answer, cred);
+        addRRset(answer, cred, isAuthenticated);
         completed = true;
         if (curname == qname) {
           if (response == null) {
-            response = new SetResponse(SetResponse.SUCCESSFUL);
+            response = SetResponse.ofType(SetResponseType.SUCCESSFUL);
           }
           response.addRRset(answer);
         }
         markAdditional(answer, additionalNames);
-      } else if (type == Type.CNAME && name.equals(curname)) {
-        CNAMERecord cname;
-        addRRset(answer, cred);
-        if (curname == qname) {
-          response = new SetResponse(SetResponse.CNAME, answer);
-        }
-        cname = (CNAMERecord) answer.first();
-        curname = cname.getTarget();
       } else if (type == Type.DNAME && curname.subdomain(name)) {
         DNAMERecord dname;
-        addRRset(answer, cred);
+        addRRset(answer, cred, isAuthenticated);
         if (curname == qname) {
-          response = new SetResponse(SetResponse.DNAME, answer);
+          response = SetResponse.ofType(SetResponseType.DNAME, answer, isAuthenticated);
+        }
+
+        if (i + 1 < answers.size()) {
+          RRset next = answers.get(i + 1);
+          if (next.getType() == Type.CNAME && next.getName().equals(curname)) {
+            // Skip generating the next name from the current DNAME, the synthesized CNAME did that
+            // for us
+            continue;
+          }
         }
+
         dname = (DNAMERecord) answer.first();
         try {
           curname = curname.fromDNAME(dname);
         } catch (NameTooLongException e) {
           break;
         }
+      } else if (type == Type.CNAME && name.equals(curname)) {
+        CNAMERecord cname;
+        addRRset(answer, cred, isAuthenticated);
+        if (curname == qname) {
+          response = SetResponse.ofType(SetResponseType.CNAME, answer, isAuthenticated);
+        }
+        cname = (CNAMERecord) answer.first();
+        curname = cname.getTarget();
       }
     }
 
-    auth = in.getSectionRRsets(Section.AUTHORITY);
-    RRset<SOARecord> soa = null;
-    RRset<NSRecord> ns = null;
-    for (RRset<?> rset : auth) {
+    List<RRset> auth = in.getSectionRRsets(Section.AUTHORITY);
+    RRset soa = null;
+    RRset ns = null;
+    for (RRset rset : auth) {
       if (rset.getType() == Type.SOA && curname.subdomain(rset.getName())) {
-        soa = (RRset<SOARecord>) rset;
+        soa = rset;
       } else if (rset.getType() == Type.NS && curname.subdomain(rset.getName())) {
-        ns = (RRset<NSRecord>) rset;
+        ns = rset;
       }
     }
     if (!completed) {
@@ -676,40 +735,40 @@ public SetResponse addMessage(Message in) {
       int cachetype = (rcode == Rcode.NXDOMAIN) ? 0 : qtype;
       if (rcode == Rcode.NXDOMAIN || soa != null || ns == null) {
         /* Negative response */
-        cred = getCred(Section.AUTHORITY, isAuth);
+        cred = getCred(Section.AUTHORITY, isAuthoritative);
         SOARecord soarec = null;
         if (soa != null) {
           soarec = (SOARecord) soa.first();
         }
-        addNegative(curname, cachetype, soarec, cred);
+        addNegative(curname, cachetype, soarec, cred, isAuthenticated);
         if (response == null) {
-          int responseType;
+          SetResponseType responseType;
           if (rcode == Rcode.NXDOMAIN) {
-            responseType = SetResponse.NXDOMAIN;
+            responseType = SetResponseType.NXDOMAIN;
           } else {
-            responseType = SetResponse.NXRRSET;
+            responseType = SetResponseType.NXRRSET;
           }
           response = SetResponse.ofType(responseType);
         }
         /* DNSSEC records are not cached. */
       } else {
         /* Referral response */
-        cred = getCred(Section.AUTHORITY, isAuth);
-        addRRset(ns, cred);
+        cred = getCred(Section.AUTHORITY, isAuthoritative);
+        addRRset(ns, cred, isAuthenticated);
         markAdditional(ns, additionalNames);
         if (response == null) {
-          response = new SetResponse(SetResponse.DELEGATION, ns);
+          response = SetResponse.ofType(SetResponseType.DELEGATION, ns, isAuthenticated);
         }
       }
     } else if (rcode == Rcode.NOERROR && ns != null) {
       /* Cache the NS set from a positive response. */
-      cred = getCred(Section.AUTHORITY, isAuth);
-      addRRset(ns, cred);
+      cred = getCred(Section.AUTHORITY, isAuthoritative);
+      addRRset(ns, cred, isAuthenticated);
       markAdditional(ns, additionalNames);
     }
 
-    addl = in.getSectionRRsets(Section.ADDITIONAL);
-    for (RRset<?> rRset : addl) {
+    List<RRset> additional = in.getSectionRRsets(Section.ADDITIONAL);
+    for (RRset rRset : additional) {
       int type = rRset.getType();
       if (type != Type.A && type != Type.AAAA && type != Type.A6) {
         continue;
@@ -718,11 +777,16 @@ public SetResponse addMessage(Message in) {
       if (!additionalNames.contains(name)) {
         continue;
       }
-      cred = getCred(Section.ADDITIONAL, isAuth);
-      addRRset(rRset, cred);
+      cred = getCred(Section.ADDITIONAL, isAuthoritative);
+      addRRset(rRset, cred, isAuthenticated);
     }
-    log.debug("addMessage: {}", response);
-    return (response);
+
+    log.debug(
+        "Caching {} for {}/{}",
+        response,
+        in.getQuestion().getName(),
+        Type.string(in.getQuestion().getType()));
+    return response;
   }
 
   /**
diff --git a/src/main/java/org/xbill/DNS/Client.java b/src/main/java/org/xbill/DNS/Client.java
deleted file mode 100644
index c97daaa00..000000000
--- a/src/main/java/org/xbill/DNS/Client.java
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright (c) 2005 Brian Wellington (bwelling@xbill.org)
-
-package org.xbill.DNS;
-
-import java.io.IOException;
-import java.net.SocketAddress;
-import java.net.SocketTimeoutException;
-import java.nio.channels.SelectableChannel;
-import java.nio.channels.SelectionKey;
-import java.nio.channels.Selector;
-import lombok.extern.slf4j.Slf4j;
-import org.xbill.DNS.utils.hexdump;
-
-@Slf4j
-class Client {
-
-  protected long endTime;
-  protected SelectionKey key;
-
-  /** Packet logger, if available. */
-  private static PacketLogger packetLogger = null;
-
-  protected Client(SelectableChannel channel, long endTime) throws IOException {
-    boolean done = false;
-    Selector selector = null;
-    this.endTime = endTime;
-    try {
-      selector = Selector.open();
-      channel.configureBlocking(false);
-      key = channel.register(selector, SelectionKey.OP_READ);
-      done = true;
-    } finally {
-      if (!done && selector != null) {
-        selector.close();
-      }
-      if (!done) {
-        channel.close();
-      }
-    }
-  }
-
-  protected static void blockUntil(SelectionKey key, long endTime) throws IOException {
-    long timeout = endTime - System.currentTimeMillis();
-    int nkeys = 0;
-    if (timeout > 0) {
-      nkeys = key.selector().select(timeout);
-    } else if (timeout == 0) {
-      nkeys = key.selector().selectNow();
-    }
-    if (nkeys == 0) {
-      throw new SocketTimeoutException();
-    }
-  }
-
-  protected static void verboseLog(
-      String prefix, SocketAddress local, SocketAddress remote, byte[] data) {
-    if (log.isDebugEnabled()) {
-      log.debug(hexdump.dump(prefix, data));
-    }
-    if (packetLogger != null) {
-      packetLogger.log(prefix, local, remote, data);
-    }
-  }
-
-  void cleanup() throws IOException {
-    key.selector().close();
-    key.channel().close();
-  }
-
-  static void setPacketLogger(PacketLogger logger) {
-    packetLogger = logger;
-  }
-}
diff --git a/src/main/java/org/xbill/DNS/ClientSubnetOption.java b/src/main/java/org/xbill/DNS/ClientSubnetOption.java
index 032b03e77..6d8df8d0f 100644
--- a/src/main/java/org/xbill/DNS/ClientSubnetOption.java
+++ b/src/main/java/org/xbill/DNS/ClientSubnetOption.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,32 +7,28 @@
 import java.net.UnknownHostException;
 
 /**
- * The Client Subnet EDNS Option, defined in
- * http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-00 ("Client subnet in DNS
- * requests").
+ * The Client Subnet EDNS Option.
  *
  * <p>The option is used to convey information about the IP address of the originating client, so
  * that an authoritative server can make decisions based on this address, rather than the address of
  * the intermediate caching name server.
  *
  * <p>The option is transmitted as part of an OPTRecord in the additional section of a DNS message,
- * as defined by RFC 2671 (EDNS0).
+ * as defined by RFC 6891 (EDNS0).
  *
  * <p>The wire format of the option contains a 2-byte length field (1 for IPv4, 2 for IPv6), a
  * 1-byte source netmask, a 1-byte scope netmask, and an address truncated to the source netmask
  * length (where the final octet is padded with bits set to 0)
  *
  * @see OPTRecord
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7871">RFC 7871</a>
  * @author Brian Wellington
  * @author Ming Zhou &lt;mizhou@bnivideo.com&gt;, Beaumaris Networks
  */
 public class ClientSubnetOption extends EDNSOption {
-
-  private static final long serialVersionUID = -3868158449890266347L;
-
   private int family;
-  private int sourceNetmask;
-  private int scopeNetmask;
+  private int sourcePrefixLength;
+  private int scopePrefixLength;
   private InetAddress address;
 
   ClientSubnetOption() {
@@ -42,7 +39,7 @@ private static int checkMaskLength(String field, int family, int val) {
     int max = Address.addressLength(family) * 8;
     if (val < 0 || val > max) {
       throw new IllegalArgumentException(
-          "\"" + field + "\" " + val + " must be in the range " + "[0.." + max + "]");
+          "\"" + field + "\" " + val + " must be in the range [0.." + max + "]");
     }
     return val;
   }
@@ -52,35 +49,35 @@ private static int checkMaskLength(String field, int family, int val) {
    * not be greater than the supplied source netmask. There may also be issues related to Java's
    * handling of mapped addresses
    *
-   * @param sourceNetmask The length of the netmask pertaining to the query. In replies, it mirrors
-   *     the same value as in the requests.
-   * @param scopeNetmask The length of the netmask pertaining to the reply. In requests, it MUST be
-   *     set to 0. In responses, this may or may not match the source netmask.
+   * @param sourcePrefixLength The length of the netmask pertaining to the query. In replies, it
+   *     mirrors the same value as in the requests.
+   * @param scopePrefixLength The length of the netmask pertaining to the reply. In requests, it
+   *     MUST be set to 0. In responses, this may or may not match the source netmask.
    * @param address The address of the client.
    */
-  public ClientSubnetOption(int sourceNetmask, int scopeNetmask, InetAddress address) {
+  public ClientSubnetOption(int sourcePrefixLength, int scopePrefixLength, InetAddress address) {
     super(EDNSOption.Code.CLIENT_SUBNET);
 
     this.family = Address.familyOf(address);
-    this.sourceNetmask = checkMaskLength("source netmask", this.family, sourceNetmask);
-    this.scopeNetmask = checkMaskLength("scope netmask", this.family, scopeNetmask);
-    this.address = Address.truncate(address, sourceNetmask);
+    this.sourcePrefixLength = checkMaskLength("source netmask", this.family, sourcePrefixLength);
+    this.scopePrefixLength = checkMaskLength("scope netmask", this.family, scopePrefixLength);
+    this.address = Address.truncate(address, sourcePrefixLength);
 
     if (!address.equals(this.address)) {
-      throw new IllegalArgumentException("source netmask is not " + "valid for address");
+      throw new IllegalArgumentException("source netmask is not valid for address");
     }
   }
 
   /**
    * Construct a Client Subnet option with scope netmask set to 0.
    *
-   * @param sourceNetmask The length of the netmask pertaining to the query. In replies, it mirrors
-   *     the same value as in the requests.
+   * @param sourcePrefixLength The length of the netmask pertaining to the query. In replies, it
+   *     mirrors the same value as in the requests.
    * @param address The address of the client.
    * @see ClientSubnetOption
    */
-  public ClientSubnetOption(int sourceNetmask, InetAddress address) {
-    this(sourceNetmask, 0, address);
+  public ClientSubnetOption(int sourcePrefixLength, InetAddress address) {
+    this(sourcePrefixLength, 0, address);
   }
 
   /** Returns the family of the network address. This will be either IPv4 (1) or IPv6 (2). */
@@ -89,13 +86,13 @@ public int getFamily() {
   }
 
   /** Returns the source netmask. */
-  public int getSourceNetmask() {
-    return sourceNetmask;
+  public int getSourcePrefixLength() {
+    return sourcePrefixLength;
   }
 
   /** Returns the scope netmask. */
-  public int getScopeNetmask() {
-    return scopeNetmask;
+  public int getScopePrefixLength() {
+    return scopePrefixLength;
   }
 
   /** Returns the IP address of the client. */
@@ -109,18 +106,18 @@ void optionFromWire(DNSInput in) throws WireParseException {
     if (family != Address.IPv4 && family != Address.IPv6) {
       throw new WireParseException("unknown address family");
     }
-    sourceNetmask = in.readU8();
-    if (sourceNetmask > Address.addressLength(family) * 8) {
+    sourcePrefixLength = in.readU8();
+    if (sourcePrefixLength > Address.addressLength(family) * 8) {
       throw new WireParseException("invalid source netmask");
     }
-    scopeNetmask = in.readU8();
-    if (scopeNetmask > Address.addressLength(family) * 8) {
+    scopePrefixLength = in.readU8();
+    if (scopePrefixLength > Address.addressLength(family) * 8) {
       throw new WireParseException("invalid scope netmask");
     }
 
     // Read the truncated address
     byte[] addr = in.readByteArray();
-    if (addr.length != (sourceNetmask + 7) / 8) {
+    if (addr.length != (sourcePrefixLength + 7) / 8) {
       throw new WireParseException("invalid address");
     }
 
@@ -134,7 +131,7 @@ void optionFromWire(DNSInput in) throws WireParseException {
       throw new WireParseException("invalid address", e);
     }
 
-    InetAddress tmp = Address.truncate(address, sourceNetmask);
+    InetAddress tmp = Address.truncate(address, sourcePrefixLength);
     if (!tmp.equals(address)) {
       throw new WireParseException("invalid padding");
     }
@@ -143,9 +140,9 @@ void optionFromWire(DNSInput in) throws WireParseException {
   @Override
   void optionToWire(DNSOutput out) {
     out.writeU16(family);
-    out.writeU8(sourceNetmask);
-    out.writeU8(scopeNetmask);
-    out.writeByteArray(address.getAddress(), 0, (sourceNetmask + 7) / 8);
+    out.writeU8(sourcePrefixLength);
+    out.writeU8(scopePrefixLength);
+    out.writeByteArray(address.getAddress(), 0, (sourcePrefixLength + 7) / 8);
   }
 
   @Override
@@ -153,9 +150,9 @@ String optionToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(address.getHostAddress());
     sb.append("/");
-    sb.append(sourceNetmask);
+    sb.append(sourcePrefixLength);
     sb.append(", scope netmask ");
-    sb.append(scopeNetmask);
+    sb.append(scopePrefixLength);
     return sb.toString();
   }
 }
diff --git a/src/main/java/org/xbill/DNS/Compression.java b/src/main/java/org/xbill/DNS/Compression.java
index 8f4f06517..5effa8001 100644
--- a/src/main/java/org/xbill/DNS/Compression.java
+++ b/src/main/java/org/xbill/DNS/Compression.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -22,7 +23,7 @@ private static class Entry {
 
   private static final int TABLE_SIZE = 17;
   private static final int MAX_POINTER = 0x3FFF;
-  private Entry[] table;
+  private final Entry[] table;
 
   /** Creates a new Compression object. */
   public Compression() {
@@ -45,7 +46,7 @@ public void add(int pos, Name name) {
     entry.pos = pos;
     entry.next = table[row];
     table[row] = entry;
-    log.debug("Adding {} at {}", name, pos);
+    log.trace("Adding {} at {}", name, pos);
   }
 
   /**
@@ -62,7 +63,7 @@ public int get(Name name) {
         pos = entry.pos;
       }
     }
-    log.debug("Looking for {}, found {}", name, pos);
+    log.trace("Looking for {}, found {}", name, pos);
     return pos;
   }
 }
diff --git a/src/main/java/org/xbill/DNS/CookieOption.java b/src/main/java/org/xbill/DNS/CookieOption.java
new file mode 100644
index 000000000..5228f31bf
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/CookieOption.java
@@ -0,0 +1,125 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.IOException;
+import java.util.Optional;
+import org.xbill.DNS.utils.base16;
+
+/**
+ * Cookie EDNS0 Option.
+ *
+ * @see OPTRecord
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7873">RFC 7873</a>
+ * @author Klaus Malorny
+ */
+public class CookieOption extends EDNSOption {
+
+  /** client cookie */
+  private byte[] clientCookie;
+
+  /** server cookie */
+  private byte[] serverCookie;
+
+  /** Default constructor for constructing instance from binary representation. */
+  CookieOption() {
+    super(EDNSOption.Code.COOKIE);
+  }
+
+  /**
+   * Constructor.
+   *
+   * @param clientCookie the client cookie, which must consist of eight bytes
+   */
+  public CookieOption(byte[] clientCookie) {
+    this(clientCookie, null);
+  }
+
+  /**
+   * Constructor.
+   *
+   * @param clientCookie the client cookie, which must consist of eight bytes
+   * @param serverCookie the server cookie, which must consist of 8 to 32 bytes if present
+   */
+  public CookieOption(byte[] clientCookie, byte[] serverCookie) {
+    this();
+    if (clientCookie == null) {
+      throw new IllegalArgumentException("client cookie must not be null");
+    }
+    if (clientCookie.length != 8) {
+      throw new IllegalArgumentException("client cookie must consist of eight bytes");
+    }
+    this.clientCookie = clientCookie;
+
+    if (serverCookie != null) {
+      int length = serverCookie.length;
+      if (length < 8 || length > 32) {
+        throw new IllegalArgumentException("server cookie must consist of 8 to 32 bytes");
+      }
+    }
+    this.serverCookie = serverCookie;
+  }
+
+  /**
+   * Returns the client cookie.
+   *
+   * @return the client cookie
+   */
+  public byte[] getClientCookie() {
+    return clientCookie;
+  }
+
+  /**
+   * Returns the server cookie.
+   *
+   * @return the server cookie
+   */
+  public Optional<byte[]> getServerCookie() {
+    return Optional.ofNullable(serverCookie);
+  }
+
+  /**
+   * Converts the wire format of an EDNS Option (the option data only) into the type-specific
+   * format.
+   *
+   * @param in The input stream.
+   */
+  @Override
+  void optionFromWire(DNSInput in) throws IOException {
+    int length = in.remaining();
+    if (length < 8) {
+      throw new WireParseException("invalid length of client cookie");
+    }
+    clientCookie = in.readByteArray(8);
+    if (length > 8) {
+      if (length < 16 || length > 40) {
+        throw new WireParseException("invalid length of server cookie");
+      }
+      serverCookie = in.readByteArray();
+    }
+  }
+
+  /**
+   * Converts an EDNS Option (the type-specific option data only) into wire format.
+   *
+   * @param out The output stream.
+   */
+  @Override
+  void optionToWire(DNSOutput out) {
+    out.writeByteArray(clientCookie);
+    if (serverCookie != null) {
+      out.writeByteArray(serverCookie);
+    }
+  }
+
+  /**
+   * Returns a string representation of the option parameters
+   *
+   * @return the string representation
+   */
+  @Override
+  String optionToString() {
+    return serverCookie != null
+        ? base16.toString(clientCookie) + " " + base16.toString(serverCookie)
+        : base16.toString(clientCookie);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/Credibility.java b/src/main/java/org/xbill/DNS/Credibility.java
index cafc1f52f..066c8c728 100644
--- a/src/main/java/org/xbill/DNS/Credibility.java
+++ b/src/main/java/org/xbill/DNS/Credibility.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -23,16 +24,16 @@ private Credibility() {}
   /** The additional section of a response. */
   public static final int GLUE = 2;
 
-  /** The authority section of a nonauthoritative response. */
+  /** The authority section of a non-authoritative response. */
   public static final int NONAUTH_AUTHORITY = 3;
 
-  /** The answer section of a nonauthoritative response. */
+  /** The answer section of a non-authoritative response. */
   public static final int NONAUTH_ANSWER = 3;
 
   /** The authority section of an authoritative response. */
   public static final int AUTH_AUTHORITY = 4;
 
-  /** The answer section of a authoritative response. */
+  /** The answer section of an authoritative response. */
   public static final int AUTH_ANSWER = 4;
 
   /** A zone. */
diff --git a/src/main/java/org/xbill/DNS/DClass.java b/src/main/java/org/xbill/DNS/DClass.java
index 42f5c09b7..9b8dff5e4 100644
--- a/src/main/java/org/xbill/DNS/DClass.java
+++ b/src/main/java/org/xbill/DNS/DClass.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -43,7 +44,7 @@ public void check(int val) {
     }
   }
 
-  private static Mnemonic classes = new DClassMnemonic();
+  private static final Mnemonic classes = new DClassMnemonic();
 
   static {
     classes.add(IN, "IN");
diff --git a/src/main/java/org/xbill/DNS/DHCIDRecord.java b/src/main/java/org/xbill/DNS/DHCIDRecord.java
index 5cf3c91fc..be3947074 100644
--- a/src/main/java/org/xbill/DNS/DHCIDRecord.java
+++ b/src/main/java/org/xbill/DNS/DHCIDRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2008 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,22 +10,14 @@
  * DHCID - Dynamic Host Configuration Protocol (DHCP) ID (RFC 4701)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4701">RFC 4701: A DNS Resource Record (RR) for
- *     Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4701">RFC 4701: A DNS Resource Record (RR)
+ *     for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR)</a>
  */
 public class DHCIDRecord extends Record {
-
-  private static final long serialVersionUID = -8214820200808997707L;
-
   private byte[] data;
 
   DHCIDRecord() {}
 
-  @Override
-  Record getObject() {
-    return new DHCIDRecord();
-  }
-
   /**
    * Creates an DHCID Record from the given data
    *
@@ -36,22 +29,22 @@ public DHCIDRecord(Name name, int dclass, long ttl, byte[] data) {
   }
 
   @Override
-  void rrFromWire(DNSInput in) {
+  protected void rrFromWire(DNSInput in) {
     data = in.readByteArray();
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     data = st.getBase64();
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeByteArray(data);
   }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     return base64.toString(data);
   }
 
diff --git a/src/main/java/org/xbill/DNS/DLVRecord.java b/src/main/java/org/xbill/DNS/DLVRecord.java
index d78c5ca07..88d16e453 100644
--- a/src/main/java/org/xbill/DNS/DLVRecord.java
+++ b/src/main/java/org/xbill/DNS/DLVRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2002-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -13,15 +14,24 @@
  * @see DSRecord
  * @author David Blacka
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4431">RFC 4431: The DNSSEC Lookaside Validation
- *     (DLV) DNS Resource Record</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4431">RFC 4431: The DNSSEC Lookaside
+ *     Validation (DLV) DNS Resource Record</a>
  */
 public class DLVRecord extends Record {
 
-  public static final int SHA1_DIGEST_ID = DSRecord.Digest.SHA1;
-  public static final int SHA256_DIGEST_ID = DSRecord.Digest.SHA1;
+  /**
+   * SHA1 digest ID for DLV records.
+   *
+   * @deprecated use {@link DNSSEC.Digest#SHA1}
+   */
+  @Deprecated public static final int SHA1_DIGEST_ID = DNSSEC.Digest.SHA1;
 
-  private static final long serialVersionUID = 1960742375677534148L;
+  /**
+   * SHA256 digest ID for DLV records.
+   *
+   * @deprecated use {@link DNSSEC.Digest#SHA256}
+   */
+  @Deprecated public static final int SHA256_DIGEST_ID = DNSSEC.Digest.SHA256;
 
   private int footprint;
   private int alg;
@@ -30,11 +40,6 @@ public class DLVRecord extends Record {
 
   DLVRecord() {}
 
-  @Override
-  Record getObject() {
-    return new DLVRecord();
-  }
-
   /**
    * Creates a DLV Record from the given data
    *
@@ -53,7 +58,7 @@ public DLVRecord(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     footprint = in.readU16();
     alg = in.readU8();
     digestid = in.readU8();
@@ -61,16 +66,16 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     footprint = st.getUInt16();
     alg = st.getUInt8();
     digestid = st.getUInt8();
-    digest = st.getHex();
+    digest = st.getHex(true);
   }
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(footprint);
     sb.append(" ");
@@ -106,7 +111,7 @@ public int getFootprint() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(footprint);
     out.writeU8(alg);
     out.writeU8(digestid);
diff --git a/src/main/java/org/xbill/DNS/DNAMERecord.java b/src/main/java/org/xbill/DNS/DNAMERecord.java
index 8e497c121..d088d8f6d 100644
--- a/src/main/java/org/xbill/DNS/DNAMERecord.java
+++ b/src/main/java/org/xbill/DNS/DNAMERecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,19 +7,12 @@
  * DNAME Record - maps a nonterminal alias (subtree) to a different domain
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc6672">RFC 6672: DNAME Redirection in the DNS</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc6672">RFC 6672: DNAME Redirection in the
+ *     DNS</a>
  */
 public class DNAMERecord extends SingleNameBase {
-
-  private static final long serialVersionUID = 2670767677200844154L;
-
   DNAMERecord() {}
 
-  @Override
-  Record getObject() {
-    return new DNAMERecord();
-  }
-
   /**
    * Creates a new DNAMERecord with the given data
    *
@@ -33,8 +27,14 @@ public Name getTarget() {
     return getSingleName();
   }
 
-  /** Gets the alias specified by the DNAME Record */
+  /**
+   * Gets the name of this record, aka the <i>alias</i> or <i>label</i> to the <i>delegation
+   * name</i> specified in {@link #getTarget()}.
+   *
+   * @deprecated use {@link #getName()}
+   */
+  @Deprecated
   public Name getAlias() {
-    return getSingleName();
+    return getName();
   }
 }
diff --git a/src/main/java/org/xbill/DNS/DNSInput.java b/src/main/java/org/xbill/DNS/DNSInput.java
index 42f175fda..fb26cb580 100644
--- a/src/main/java/org/xbill/DNS/DNSInput.java
+++ b/src/main/java/org/xbill/DNS/DNSInput.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -5,15 +6,16 @@
 import java.nio.ByteBuffer;
 
 /**
- * An class for parsing DNS messages.
+ * A class for parsing DNS messages.
  *
  * @author Brian Wellington
  */
 public class DNSInput {
-
-  private ByteBuffer byteBuffer;
-  private int saved_pos;
-  private int saved_end;
+  private final ByteBuffer byteBuffer;
+  private final int offset;
+  private final int limit;
+  private int savedPos;
+  private int savedEnd;
 
   /**
    * Creates a new DNSInput
@@ -21,9 +23,7 @@ public class DNSInput {
    * @param input The byte array to read from
    */
   public DNSInput(byte[] input) {
-    byteBuffer = ByteBuffer.wrap(input);
-    saved_pos = -1;
-    saved_end = -1;
+    this(ByteBuffer.wrap(input));
   }
 
   /**
@@ -33,13 +33,15 @@ public DNSInput(byte[] input) {
    */
   public DNSInput(ByteBuffer byteBuffer) {
     this.byteBuffer = byteBuffer;
-    saved_pos = -1;
-    saved_end = -1;
+    offset = byteBuffer.position();
+    limit = byteBuffer.limit();
+    savedPos = -1;
+    savedEnd = -1;
   }
 
   /** Returns the current position. */
   public int current() {
-    return byteBuffer.position();
+    return byteBuffer.position() - offset;
   }
 
   /** Returns the number of bytes that can be read from this stream before reaching the end. */
@@ -61,8 +63,8 @@ private void require(int n) throws WireParseException {
    *     remainder of the input.
    */
   public void setActive(int len) {
-    if (len > byteBuffer.capacity() - byteBuffer.position()) {
-      throw new IllegalArgumentException("cannot set active " + "region past end of input");
+    if (len > limit - byteBuffer.position()) {
+      throw new IllegalArgumentException("cannot set active region past end of input");
     }
     byteBuffer.limit(byteBuffer.position() + len);
   }
@@ -72,12 +74,12 @@ public void setActive(int len) {
    * input.
    */
   public void clearActive() {
-    byteBuffer.limit(byteBuffer.capacity());
+    byteBuffer.limit(limit);
   }
 
   /** Returns the position of the end of the current active region. */
   public int saveActive() {
-    return byteBuffer.limit();
+    return byteBuffer.limit() - offset;
   }
 
   /**
@@ -88,10 +90,10 @@ public int saveActive() {
    * @param pos The end of the active region.
    */
   public void restoreActive(int pos) {
-    if (pos > byteBuffer.capacity()) {
-      throw new IllegalArgumentException("cannot set active " + "region past end of input");
+    if (pos + offset > limit) {
+      throw new IllegalArgumentException("cannot set active region past end of input");
     }
-    byteBuffer.limit(byteBuffer.position());
+    byteBuffer.limit(pos + offset);
   }
 
   /**
@@ -102,11 +104,11 @@ public void restoreActive(int pos) {
    * @throws IllegalArgumentException The index is not within the input.
    */
   public void jump(int index) {
-    if (index >= byteBuffer.capacity()) {
-      throw new IllegalArgumentException("cannot jump past " + "end of input");
+    if (index + offset >= limit) {
+      throw new IllegalArgumentException("cannot jump past end of input");
     }
-    byteBuffer.position(index);
-    byteBuffer.limit(byteBuffer.capacity());
+    byteBuffer.position(offset + index);
+    byteBuffer.limit(limit);
   }
 
   /**
@@ -116,19 +118,19 @@ public void jump(int index) {
    * @throws IllegalArgumentException The index is not within the input.
    */
   public void save() {
-    saved_pos = byteBuffer.position();
-    saved_end = byteBuffer.limit();
+    savedPos = byteBuffer.position();
+    savedEnd = byteBuffer.limit();
   }
 
   /** Restores the input stream to its state before the call to {@link #save}. */
   public void restore() {
-    if (saved_pos < 0) {
+    if (savedPos < 0) {
       throw new IllegalStateException("no previous state");
     }
-    byteBuffer.position(saved_pos);
-    byteBuffer.limit(saved_end);
-    saved_pos = -1;
-    saved_end = -1;
+    byteBuffer.position(savedPos);
+    byteBuffer.limit(savedEnd);
+    savedPos = -1;
+    savedEnd = -1;
   }
 
   /**
@@ -139,7 +141,7 @@ public void restore() {
    */
   public int readU8() throws WireParseException {
     require(1);
-    return (byteBuffer.get() & 0xFF);
+    return byteBuffer.get() & 0xFF;
   }
 
   /**
@@ -150,7 +152,7 @@ public int readU8() throws WireParseException {
    */
   public int readU16() throws WireParseException {
     require(2);
-    return (byteBuffer.getShort() & 0xFFFF);
+    return byteBuffer.getShort() & 0xFFFF;
   }
 
   /**
@@ -161,7 +163,7 @@ public int readU16() throws WireParseException {
    */
   public long readU32() throws WireParseException {
     require(4);
-    return (byteBuffer.getInt() & 0xFFFFFFFFL);
+    return byteBuffer.getInt() & 0xFFFFFFFFL;
   }
 
   /**
diff --git a/src/main/java/org/xbill/DNS/DNSKEYRecord.java b/src/main/java/org/xbill/DNS/DNSKEYRecord.java
index 37ffca0df..1b868992f 100644
--- a/src/main/java/org/xbill/DNS/DNSKEYRecord.java
+++ b/src/main/java/org/xbill/DNS/DNSKEYRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -11,8 +12,8 @@
  *
  * @see DNSSEC
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4034">RFC 4034: Resource Records for the DNS
- *     Security Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4034">RFC 4034: Resource Records for the
+ *     DNS Security Extensions</a>
  */
 public class DNSKEYRecord extends KEYBase {
 
@@ -23,6 +24,10 @@ private Protocol() {}
     public static final int DNSSEC = 3;
   }
 
+  /**
+   * {@code DNSKEY} flags as defined in the <a
+   * href="https://www.iana.org/assignments/dnskey-flags/dnskey-flags.xhtml">IANA registry</a>.
+   */
   public static class Flags {
     private Flags() {}
 
@@ -36,15 +41,8 @@ private Flags() {}
     public static final int REVOKE = 0x80;
   }
 
-  private static final long serialVersionUID = -8679800040426675002L;
-
   DNSKEYRecord() {}
 
-  @Override
-  Record getObject() {
-    return new DNSKEYRecord();
-  }
-
   /**
    * Creates a DNSKEY Record from the given data
    *
@@ -86,7 +84,7 @@ public DNSKEYRecord(Name name, int dclass, long ttl, int flags, int proto, int a
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     flags = st.getUInt16();
     proto = st.getUInt8();
     String algString = st.getString();
diff --git a/src/main/java/org/xbill/DNS/DNSOutput.java b/src/main/java/org/xbill/DNS/DNSOutput.java
index d0974768c..204fda0e6 100644
--- a/src/main/java/org/xbill/DNS/DNSOutput.java
+++ b/src/main/java/org/xbill/DNS/DNSOutput.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -11,7 +12,7 @@ public class DNSOutput {
 
   private byte[] array;
   private int pos;
-  private int saved_pos;
+  private int savedPos;
 
   /**
    * Create a new DNSOutput with a specified size.
@@ -21,7 +22,7 @@ public class DNSOutput {
   public DNSOutput(int size) {
     array = new byte[size];
     pos = 0;
-    saved_pos = -1;
+    savedPos = -1;
   }
 
   /** Create a new DNSOutput */
@@ -63,7 +64,7 @@ private void need(int n) {
    */
   public void jump(int index) {
     if (index > pos) {
-      throw new IllegalArgumentException("cannot jump past " + "end of data");
+      throw new IllegalArgumentException("cannot jump past end of data");
     }
     pos = index;
   }
@@ -74,16 +75,16 @@ public void jump(int index) {
    * @throws IllegalArgumentException The index is not within the output.
    */
   public void save() {
-    saved_pos = pos;
+    savedPos = pos;
   }
 
   /** Restores the input stream to its state before the call to {@link #save}. */
   public void restore() {
-    if (saved_pos < 0) {
+    if (savedPos < 0) {
       throw new IllegalStateException("no previous state");
     }
-    pos = saved_pos;
-    saved_pos = -1;
+    pos = savedPos;
+    savedPos = -1;
   }
 
   /**
@@ -118,10 +119,10 @@ public void writeU16(int val) {
   public void writeU16At(int val, int where) {
     check(val, 16);
     if (where > pos - 2) {
-      throw new IllegalArgumentException("cannot write past " + "end of data");
+      throw new IllegalArgumentException("cannot write past end of data");
     }
     array[where++] = (byte) ((val >>> 8) & 0xFF);
-    array[where++] = (byte) (val & 0xFF);
+    array[where] = (byte) (val & 0xFF);
   }
 
   /**
@@ -181,4 +182,8 @@ public byte[] toByteArray() {
     System.arraycopy(array, 0, out, 0, pos);
     return out;
   }
+
+  static byte[] toU16(int val) {
+    return new byte[] {(byte) ((val >>> 8) & 0xFF), (byte) (val & 0xFF)};
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/DNSSEC.java b/src/main/java/org/xbill/DNS/DNSSEC.java
index c84ae2792..ff8e7efa3 100644
--- a/src/main/java/org/xbill/DNS/DNSSEC.java
+++ b/src/main/java/org/xbill/DNS/DNSSEC.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2010 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -21,23 +22,37 @@
 import java.security.spec.ECPublicKeySpec;
 import java.security.spec.EllipticCurve;
 import java.security.spec.RSAPublicKeySpec;
+import java.security.spec.X509EncodedKeySpec;
 import java.time.Instant;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import lombok.Getter;
 
 /**
  * Constants and methods relating to DNSSEC.
  *
  * <p>DNSSEC provides authentication for DNS information.
  *
+ * @author Brian Wellington
  * @see RRSIGRecord
  * @see DNSKEYRecord
  * @see RRset
- * @author Brian Wellington
  */
 public class DNSSEC {
-
+  /** Domain Name System Security (DNSSEC) Algorithm Numbers. */
   public static class Algorithm {
     private Algorithm() {}
 
+    /**
+     * Delete DS record in parent zone.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8078/">RFC 8078</a>
+     * @since 3.5
+     */
+    public static final int DELETE = 0;
+
     /** RSA/MD5 public key (deprecated) */
     public static final int RSAMD5 = 1;
 
@@ -65,12 +80,43 @@ private Algorithm() {}
     /** GOST R 34.10-2001. This requires an external cryptography provider, such as BouncyCastle. */
     public static final int ECC_GOST = 12;
 
-    /** ECDSA Curve P-256 with SHA-256 public key * */
+    /** ECDSA Curve P-256 with SHA-256 public key. */
     public static final int ECDSAP256SHA256 = 13;
 
-    /** ECDSA Curve P-384 with SHA-384 public key * */
+    /** ECDSA Curve P-384 with SHA-384 public key. */
     public static final int ECDSAP384SHA384 = 14;
 
+    /**
+     * Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8080/">RFC 8080</a>
+     */
+    public static final int ED25519 = 15;
+
+    /**
+     * Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8080/">RFC 8080</a>
+     */
+    public static final int ED448 = 16;
+
+    /**
+     * SM2 signing algorithm with SM3 hashing algorithm.
+     *
+     * @see <a
+     *     href="https://datatracker.ietf.org/doc/draft-cuiling-dnsop-sm2-alg/15/">draft-cuiling-dnsop-sm2-alg-15</a>
+     * @since 3.6
+     */
+    public static final int SM2SM3 = 17;
+
+    /**
+     * GOST R 34.10-2012.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc9558/">RFC 9558</a>
+     * @since 3.6
+     */
+    public static final int ECC_GOST12 = 23;
+
     /** Indirect keys; the actual key is elsewhere. */
     public static final int INDIRECT = 252;
 
@@ -80,23 +126,28 @@ private Algorithm() {}
     /** Private algorithm, specified by OID */
     public static final int PRIVATEOID = 254;
 
-    private static Mnemonic algs = new Mnemonic("DNSSEC algorithm", Mnemonic.CASE_UPPER);
+    private static final Mnemonic algs = new Mnemonic("DNSSEC algorithm", Mnemonic.CASE_UPPER);
 
     static {
       algs.setMaximum(0xFF);
       algs.setNumericAllowed(true);
 
+      algs.add(DELETE, "DELETE");
       algs.add(RSAMD5, "RSAMD5");
       algs.add(DH, "DH");
       algs.add(DSA, "DSA");
       algs.add(RSASHA1, "RSASHA1");
       algs.add(DSA_NSEC3_SHA1, "DSA-NSEC3-SHA1");
-      algs.add(RSA_NSEC3_SHA1, "RSA-NSEC3-SHA1");
+      algs.add(RSA_NSEC3_SHA1, "RSASHA1-NSEC3-SHA1");
       algs.add(RSASHA256, "RSASHA256");
       algs.add(RSASHA512, "RSASHA512");
       algs.add(ECC_GOST, "ECC-GOST");
       algs.add(ECDSAP256SHA256, "ECDSAP256SHA256");
       algs.add(ECDSAP384SHA384, "ECDSAP384SHA384");
+      algs.add(ED25519, "ED25519");
+      algs.add(ED448, "ED448");
+      algs.add(SM2SM3, "SM2SM3");
+      algs.add(ECC_GOST12, "ECC-GOST12");
       algs.add(INDIRECT, "INDIRECT");
       algs.add(PRIVATEDNS, "PRIVATEDNS");
       algs.add(PRIVATEOID, "PRIVATEOID");
@@ -117,6 +168,114 @@ public static String string(int alg) {
     public static int value(String s) {
       return algs.getValue(s);
     }
+
+    /** Checks that a numeric value is within the range [0..max] */
+    public static void check(int val) {
+      algs.check(val);
+    }
+  }
+
+  /**
+   * DNSSEC Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms.
+   *
+   * @since 3.5
+   */
+  public static class Digest {
+    private Digest() {}
+
+    /**
+     * SHA-1.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc3658/">RFC 3658</a>
+     */
+    public static final int SHA1 = 1;
+
+    /**
+     * SHA-256.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc4509/">RFC 4509</a>
+     */
+    public static final int SHA256 = 2;
+
+    /**
+     * GOST R 34.11-94.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc5933/">RFC 5933</a>
+     */
+    public static final int GOST3411 = 3;
+
+    /**
+     * SHA-384.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6605/">RFC 6605</a>
+     */
+    public static final int SHA384 = 4;
+
+    /**
+     * GOST R 34.11-2012.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc9558/">RFC 9558</a>
+     * @since 3.6
+     */
+    public static final int GOST3411_12 = 5;
+
+    /**
+     * SM3 hashing algorithm.
+     *
+     * @see <a
+     *     href="https://datatracker.ietf.org/doc/draft-cuiling-dnsop-sm2-alg/15/">draft-cuiling-dnsop-sm2-alg-15</a>
+     * @since 3.6
+     */
+    public static final int SM3 = 6;
+
+    private static final Mnemonic algs =
+        new Mnemonic("DNSSEC Digest Algorithm", Mnemonic.CASE_UPPER);
+    private static final Map<Integer, Integer> algLengths = new HashMap<>(4);
+
+    static {
+      algs.setMaximum(0xFF);
+      algs.setNumericAllowed(true);
+
+      algs.add(SHA1, "SHA-1");
+      algLengths.put(SHA1, 20);
+      algs.add(SHA256, "SHA-256");
+      algLengths.put(SHA256, 32);
+      algs.add(GOST3411, "GOST R 34.11-94");
+      algLengths.put(GOST3411, 32);
+      algs.add(SHA384, "SHA-384");
+      algLengths.put(SHA384, 48);
+      algs.add(GOST3411_12, "GOST12");
+      algLengths.put(GOST3411_12, 64);
+      algs.add(SM3, "SM3");
+      algLengths.put(SM3, 32);
+    }
+
+    /** Converts an algorithm into its textual representation */
+    public static String string(int alg) {
+      return algs.getText(alg);
+    }
+
+    /**
+     * Converts a textual representation of an algorithm into its numeric code. Integers in the
+     * range 0..255 are also accepted.
+     *
+     * @param s The textual representation of the algorithm
+     * @return The algorithm code, or -1 on error.
+     */
+    public static int value(String s) {
+      return algs.getValue(s);
+    }
+
+    /**
+     * Gets the length, in bytes, of the specified digest id.
+     *
+     * @return The length, in bytes, or -1 for an unknown digest.
+     * @since 3.6
+     */
+    public static int algLength(int alg) {
+      Integer len = algLengths.get(alg);
+      return len == null ? -1 : len;
+    }
   }
 
   private DNSSEC() {}
@@ -140,7 +299,7 @@ private static void digestSIG(DNSOutput out, SIGBase sig) {
    * @param rrset The data to be signed/verified.
    * @return The data to be cryptographically signed or verified.
    */
-  public static <T extends Record> byte[] digestRRset(RRSIGRecord rrsig, RRset<T> rrset) {
+  public static byte[] digestRRset(RRSIGRecord rrsig, RRset rrset) {
     DNSOutput out = new DNSOutput();
     digestSIG(out, rrsig);
 
@@ -160,14 +319,14 @@ public static <T extends Record> byte[] digestRRset(RRSIGRecord rrsig, RRset<T>
     header.writeU16(rrset.getType());
     header.writeU16(rrset.getDClass());
     header.writeU32(rrsig.getOrigTTL());
-    rrset.rrs().stream()
+    rrset.rrs(false).stream()
         .sorted()
-        .forEach(
-            record -> {
+        .forEachOrdered(
+            r -> {
               out.writeByteArray(header.toByteArray());
               int lengthPosition = out.current();
               out.writeU16(0);
-              out.writeByteArray(record.rdataToWireCanonical());
+              r.rrToWire(out, null, true);
               int rrlength = out.current() - lengthPosition - 2;
               out.save();
               out.jump(lengthPosition);
@@ -200,8 +359,16 @@ public static byte[] digestMessage(SIGRecord sig, Message msg, byte[] previous)
 
   /** A DNSSEC exception. */
   public static class DNSSECException extends Exception {
-    DNSSECException(String s) {
-      super(s);
+    DNSSECException(String message, Throwable cause) {
+      super(message, cause);
+    }
+
+    DNSSECException(Throwable cause) {
+      super(cause);
+    }
+
+    DNSSECException(String message) {
+      super(message);
     }
   }
 
@@ -212,18 +379,29 @@ public static class UnsupportedAlgorithmException extends DNSSECException {
     }
   }
 
+  /** The {@link DNSKEYRecord} used for the validation is not a zone signing key. */
+  public static class InvalidDnskeyException extends DNSSECException {
+    @Getter private final int edeCode;
+
+    InvalidDnskeyException(DNSKEYRecord dnskey, String message, int edeCode) {
+      super("DNSKEY " + dnskey.getName() + " is invalid, " + message);
+      this.edeCode = edeCode;
+    }
+  }
+
   /** The cryptographic data in a DNSSEC key is malformed. */
   public static class MalformedKeyException extends DNSSECException {
-    MalformedKeyException(KEYBase rec) {
-      super("Invalid key data: " + rec.rdataToString());
+    MalformedKeyException(String message) {
+      super(message);
+    }
+
+    MalformedKeyException(Record rec, Throwable cause) {
+      super("Invalid key data: " + rec.rdataToString(), cause);
     }
   }
 
   /** A DNSSEC verification failed because fields in the DNSKEY and RRSIG records do not match. */
   public static class KeyMismatchException extends DNSSECException {
-    private KEYBase key;
-    private SIGBase sig;
-
     KeyMismatchException(KEYBase key, SIGBase sig) {
       super(
           "key "
@@ -244,7 +422,8 @@ public static class KeyMismatchException extends DNSSECException {
 
   /** A DNSSEC verification failed because the signature has expired. */
   public static class SignatureExpiredException extends DNSSECException {
-    private Instant when, now;
+    private final Instant when;
+    private final Instant now;
 
     SignatureExpiredException(Instant when, Instant now) {
       super("signature expired");
@@ -252,12 +431,12 @@ public static class SignatureExpiredException extends DNSSECException {
       this.now = now;
     }
 
-    /** @return When the signature expired */
+    /** When the signature expired. */
     public Instant getExpiration() {
       return when;
     }
 
-    /** @return When the verification was attempted */
+    /** When the verification was attempted. */
     public Instant getVerifyTime() {
       return now;
     }
@@ -265,7 +444,8 @@ public Instant getVerifyTime() {
 
   /** A DNSSEC verification failed because the signature has not yet become valid. */
   public static class SignatureNotYetValidException extends DNSSECException {
-    private Instant when, now;
+    private final Instant when;
+    private final Instant now;
 
     SignatureNotYetValidException(Instant when, Instant now) {
       super("signature is not yet valid");
@@ -273,12 +453,12 @@ public static class SignatureNotYetValidException extends DNSSECException {
       this.now = now;
     }
 
-    /** @return When the signature will become valid */
+    /** When the signature will become valid. */
     public Instant getExpiration() {
       return when;
     }
 
-    /** @return When the verification was attempted */
+    /** When the verification was attempted. */
     public Instant getVerifyTime() {
       return now;
     }
@@ -286,8 +466,12 @@ public Instant getVerifyTime() {
 
   /** A DNSSEC verification failed because the cryptographic signature verification failed. */
   public static class SignatureVerificationException extends DNSSECException {
-    SignatureVerificationException() {
-      super("signature verification failed");
+    SignatureVerificationException(Throwable inner) {
+      super("Signature verification failed", inner);
+    }
+
+    SignatureVerificationException(String message) {
+      super("Signature verification failed: " + message);
     }
   }
 
@@ -305,7 +489,7 @@ public static class NoSignatureException extends DNSSECException {
     }
   }
 
-  private static int BigIntegerLength(BigInteger i) {
+  private static int bigIntegerLength(BigInteger i) {
     return (i.bitLength() + 7) / 8;
   }
 
@@ -380,8 +564,8 @@ private static void writePaddedBigIntegerLittleEndian(DNSOutput out, BigInteger
     }
   }
 
-  private static PublicKey toRSAPublicKey(KEYBase r) throws IOException, GeneralSecurityException {
-    DNSInput in = new DNSInput(r.getKey());
+  private static PublicKey toRSAPublicKey(byte[] key) throws IOException, GeneralSecurityException {
+    DNSInput in = new DNSInput(key);
     int exponentLength = in.readU8();
     if (exponentLength == 0) {
       exponentLength = in.readU16();
@@ -393,13 +577,13 @@ private static PublicKey toRSAPublicKey(KEYBase r) throws IOException, GeneralSe
     return factory.generatePublic(new RSAPublicKeySpec(modulus, exponent));
   }
 
-  private static PublicKey toDSAPublicKey(KEYBase r)
+  private static PublicKey toDSAPublicKey(byte[] key)
       throws IOException, GeneralSecurityException, MalformedKeyException {
-    DNSInput in = new DNSInput(r.getKey());
+    DNSInput in = new DNSInput(key);
 
     int t = in.readU8();
     if (t > 8) {
-      throw new MalformedKeyException(r);
+      throw new MalformedKeyException("t is too large");
     }
 
     BigInteger q = readBigInteger(in, 20);
@@ -413,27 +597,19 @@ private static PublicKey toDSAPublicKey(KEYBase r)
 
   private static class ECKeyInfo {
     int length;
-    public BigInteger p, a, b, gx, gy, n;
     EllipticCurve curve;
     ECParameterSpec spec;
 
-    ECKeyInfo(
-        int length,
-        String p_str,
-        String a_str,
-        String b_str,
-        String gx_str,
-        String gy_str,
-        String n_str) {
+    ECKeyInfo(int length, String p, String a, String b, String gx, String gy, String n) {
       this.length = length;
-      p = new BigInteger(p_str, 16);
-      a = new BigInteger(a_str, 16);
-      b = new BigInteger(b_str, 16);
-      gx = new BigInteger(gx_str, 16);
-      gy = new BigInteger(gy_str, 16);
-      n = new BigInteger(n_str, 16);
-      curve = new EllipticCurve(new ECFieldFp(p), a, b);
-      spec = new ECParameterSpec(curve, new ECPoint(gx, gy), n, 1);
+      BigInteger pi = new BigInteger(p, 16);
+      BigInteger ai = new BigInteger(a, 16);
+      BigInteger bi = new BigInteger(b, 16);
+      BigInteger gxi = new BigInteger(gx, 16);
+      BigInteger gyi = new BigInteger(gy, 16);
+      BigInteger ni = new BigInteger(n, 16);
+      curve = new EllipticCurve(new ECFieldFp(pi), ai, bi);
+      spec = new ECParameterSpec(curve, new ECPoint(gxi, gyi), ni, 1);
     }
   }
 
@@ -470,9 +646,9 @@ private static class ECKeyInfo {
           "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
           "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973");
 
-  private static PublicKey toECGOSTPublicKey(KEYBase r, ECKeyInfo keyinfo)
+  private static PublicKey toECGOSTPublicKey(byte[] key, ECKeyInfo keyinfo)
       throws IOException, GeneralSecurityException {
-    DNSInput in = new DNSInput(r.getKey());
+    DNSInput in = new DNSInput(key);
 
     BigInteger x = readBigIntegerLittleEndian(in, keyinfo.length);
     BigInteger y = readBigIntegerLittleEndian(in, keyinfo.length);
@@ -482,9 +658,9 @@ private static PublicKey toECGOSTPublicKey(KEYBase r, ECKeyInfo keyinfo)
     return factory.generatePublic(new ECPublicKeySpec(q, keyinfo.spec));
   }
 
-  private static PublicKey toECDSAPublicKey(KEYBase r, ECKeyInfo keyinfo)
+  private static PublicKey toECDSAPublicKey(byte[] key, ECKeyInfo keyinfo)
       throws IOException, GeneralSecurityException {
-    DNSInput in = new DNSInput(r.getKey());
+    DNSInput in = new DNSInput(key);
 
     // RFC 6605 Section 4
     BigInteger x = readBigInteger(in, keyinfo.length);
@@ -495,9 +671,35 @@ private static PublicKey toECDSAPublicKey(KEYBase r, ECKeyInfo keyinfo)
     return factory.generatePublic(new ECPublicKeySpec(q, keyinfo.spec));
   }
 
+  private static PublicKey toEdDSAPublicKey(byte[] key, byte algId)
+      throws GeneralSecurityException {
+    // Key is encoded as plain octets, rfc8080#section-3
+    // wrap it in ASN.1 format so we can use X509EncodedKeySpec to read it as JCA
+    byte[] encoded = new byte[12 + key.length];
+    encoded[0] = ASN1_SEQ;
+    encoded[1] = (byte) (10 + key.length); // length
+    encoded[2] = ASN1_SEQ;
+    encoded[3] = 5; // length
+    encoded[4] = ASN1_OID; // OID
+    encoded[5] = 3; // length
+    encoded[6] = 0x2b; // iso.org
+    encoded[7] = 0x65; // 101 thawte
+    encoded[8] = algId;
+    encoded[9] = ASN1_BITSTRING; // sequence
+    encoded[10] = (byte) (key.length + 1); // length
+    System.arraycopy(key, 0, encoded, 12, key.length);
+    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
+    KeyFactory keyFactory = KeyFactory.getInstance("EdDSA");
+    return keyFactory.generatePublic(keySpec);
+  }
+
   /** Converts a KEY/DNSKEY record into a PublicKey */
   static PublicKey toPublicKey(KEYBase r) throws DNSSECException {
-    int alg = r.getAlgorithm();
+    return toPublicKey(r.getAlgorithm(), r.getKey(), r);
+  }
+
+  /** Converts a KEY/DNSKEY record into a PublicKey */
+  static PublicKey toPublicKey(int alg, byte[] key, Record r) throws DNSSECException {
     try {
       switch (alg) {
         case Algorithm.RSAMD5:
@@ -505,23 +707,27 @@ static PublicKey toPublicKey(KEYBase r) throws DNSSECException {
         case Algorithm.RSA_NSEC3_SHA1:
         case Algorithm.RSASHA256:
         case Algorithm.RSASHA512:
-          return toRSAPublicKey(r);
+          return toRSAPublicKey(key);
         case Algorithm.DSA:
         case Algorithm.DSA_NSEC3_SHA1:
-          return toDSAPublicKey(r);
+          return toDSAPublicKey(key);
         case Algorithm.ECC_GOST:
-          return toECGOSTPublicKey(r, GOST);
+          return toECGOSTPublicKey(key, GOST);
         case Algorithm.ECDSAP256SHA256:
-          return toECDSAPublicKey(r, ECDSA_P256);
+          return toECDSAPublicKey(key, ECDSA_P256);
         case Algorithm.ECDSAP384SHA384:
-          return toECDSAPublicKey(r, ECDSA_P384);
+          return toECDSAPublicKey(key, ECDSA_P384);
+        case Algorithm.ED25519:
+          return toEdDSAPublicKey(key, (byte) 112);
+        case Algorithm.ED448:
+          return toEdDSAPublicKey(key, (byte) 113);
         default:
           throw new UnsupportedAlgorithmException(alg);
       }
     } catch (IOException e) {
-      throw new MalformedKeyException(r);
+      throw new MalformedKeyException(r, e);
     } catch (GeneralSecurityException e) {
-      throw new DNSSECException(e.toString());
+      throw new DNSSECException(e);
     }
   }
 
@@ -529,7 +735,7 @@ private static byte[] fromRSAPublicKey(RSAPublicKey key) {
     DNSOutput out = new DNSOutput();
     BigInteger exponent = key.getPublicExponent();
     BigInteger modulus = key.getModulus();
-    int exponentLength = BigIntegerLength(exponent);
+    int exponentLength = bigIntegerLength(exponent);
 
     if (exponentLength < 256) {
       out.writeU8(exponentLength);
@@ -584,6 +790,12 @@ private static byte[] fromECDSAPublicKey(ECPublicKey key, ECKeyInfo keyinfo) {
     return out.toByteArray();
   }
 
+  private static byte[] fromEdDSAPublicKey(PublicKey key) {
+    // The key is a signed DER BitString, starting at index 10. Drop the leading zero if necessary
+    byte[] encoded = key.getEncoded();
+    return Arrays.copyOfRange(encoded, 12, encoded.length);
+  }
+
   /** Builds a DNSKEY record from a PublicKey */
   static byte[] fromPublicKey(PublicKey key, int alg) throws DNSSECException {
     switch (alg) {
@@ -617,6 +829,12 @@ static byte[] fromPublicKey(PublicKey key, int alg) throws DNSSECException {
           throw new IncompatibleKeyException();
         }
         return fromECDSAPublicKey((ECPublicKey) key, ECDSA_P384);
+      case Algorithm.ED25519:
+      case Algorithm.ED448:
+        if (!key.getFormat().equalsIgnoreCase("X.509")) {
+          throw new IncompatibleKeyException();
+        }
+        return fromEdDSAPublicKey(key);
       default:
         throw new UnsupportedAlgorithmException(alg);
     }
@@ -648,273 +866,155 @@ public static String algString(int alg) throws UnsupportedAlgorithmException {
         return "SHA256withECDSA";
       case Algorithm.ECDSAP384SHA384:
         return "SHA384withECDSA";
+      case Algorithm.ED25519:
+        return "Ed25519";
+      case Algorithm.ED448:
+        return "Ed448";
       default:
         throw new UnsupportedAlgorithmException(alg);
     }
   }
 
-  private static final int ASN1_SEQ = 0x30;
-  private static final int ASN1_INT = 0x2;
+  static final int ASN1_SEQ = 0x30;
+  static final int ASN1_INT = 0x2;
+  static final int ASN1_BITSTRING = 0x3;
+  static final int ASN1_OID = 0x6;
 
   private static final int DSA_LEN = 20;
 
-  private static byte[] DSASignaturefromDNS(byte[] dns) throws DNSSECException, IOException {
-    if (dns.length != 1 + DSA_LEN * 2) {
-      throw new SignatureVerificationException();
+  private static IOException asn1ParseException(Object expected, Object actual) {
+    return new IOException("Invalid ASN.1 data, expected " + expected + " got " + actual);
+  }
+
+  private static byte[] dsaSignatureFromDNS(byte[] signature, int keyLength, boolean skipT)
+      throws DNSSECException, IOException {
+    if (signature.length != keyLength * 2 + (skipT ? 1 : 0)) {
+      throw new SignatureVerificationException("input has unexpected length " + signature.length);
     }
 
-    DNSInput in = new DNSInput(dns);
+    DNSInput in = new DNSInput(signature);
     DNSOutput out = new DNSOutput();
 
-    int t = in.readU8();
-
-    byte[] r = in.readByteArray(DSA_LEN);
-    int rlen = DSA_LEN;
-    if (r[0] < 0) {
-      rlen++;
-    } else {
-      for (int i = 0; i < DSA_LEN - 1 && r[i] == 0 && r[i + 1] >= 0; i++) {
-        rlen--;
-      }
+    if (skipT) {
+      // rfc2536#section-3, this applies to DSA only, not ECDSA
+      in.readU8();
     }
 
-    byte[] s = in.readByteArray(DSA_LEN);
-    int slen = DSA_LEN;
-    if (s[0] < 0) {
-      slen++;
-    } else {
-      for (int i = 0; i < DSA_LEN - 1 && s[i] == 0 && s[i + 1] >= 0; i++) {
-        slen--;
-      }
-    }
+    byte[] r = in.readByteArray(keyLength);
+    int rlen = getDsaIntLen(r, keyLength);
+
+    byte[] s = in.readByteArray(keyLength);
+    int slen = getDsaIntLen(s, keyLength);
 
     out.writeU8(ASN1_SEQ);
     out.writeU8(rlen + slen + 4);
 
-    out.writeU8(ASN1_INT);
-    out.writeU8(rlen);
-    if (rlen > DSA_LEN) {
-      out.writeU8(0);
-    }
-    if (rlen >= DSA_LEN) {
-      out.writeByteArray(r);
-    } else {
-      out.writeByteArray(r, DSA_LEN - rlen, rlen);
-    }
-
-    out.writeU8(ASN1_INT);
-    out.writeU8(slen);
-    if (slen > DSA_LEN) {
-      out.writeU8(0);
-    }
-    if (slen >= DSA_LEN) {
-      out.writeByteArray(s);
-    } else {
-      out.writeByteArray(s, DSA_LEN - slen, slen);
-    }
+    writeAsn1Int(keyLength, out, r, rlen);
+    writeAsn1Int(keyLength, out, s, slen);
 
     return out.toByteArray();
   }
 
-  private static byte[] DSASignaturetoDNS(byte[] signature, int t) throws IOException {
-    DNSInput in = new DNSInput(signature);
-    DNSOutput out = new DNSOutput();
-
-    out.writeU8(t);
-
-    int tmp = in.readU8();
-    if (tmp != ASN1_SEQ) {
-      throw new IOException("Invalid ASN.1 data, expected " + ASN1_SEQ + " got " + tmp);
-    }
-    int seqlen = in.readU8();
-
-    tmp = in.readU8();
-    if (tmp != ASN1_INT) {
-      throw new IOException("Invalid ASN.1 data, expected " + ASN1_INT + " got " + tmp);
-    }
-
-    // r must be of DSA_LEN or +1 if it has a leading zero for negative
-    // ASN.1 integers
-    int rlen = in.readU8();
-    if (rlen == DSA_LEN + 1 && in.readU8() == 0) {
-      --rlen;
-    } else if (rlen <= DSA_LEN) {
-      // pad with leading zeros, rfc2536#section-3
-      for (int i = 0; i < DSA_LEN - rlen; i++) {
-        out.writeU8(0);
-      }
+  private static int getDsaIntLen(byte[] bigint, int dsaLen) {
+    int len = dsaLen;
+    if (bigint[0] < 0) {
+      len++;
     } else {
-      throw new IOException("Invalid r-value in ASN.1 DER encoded DSA signature: " + rlen);
-    }
-
-    out.writeByteArray(in.readByteArray(rlen));
-
-    tmp = in.readU8();
-    if (tmp != ASN1_INT) {
-      throw new IOException("Invalid ASN.1 data, expected " + ASN1_INT + " got " + tmp);
-    }
-
-    // s must be of DSA_LEN or +1 if it has a leading zero for negative
-    // ASN.1 integers
-    int slen = in.readU8();
-    if (slen == DSA_LEN + 1 && in.readU8() == 0) {
-      --slen;
-    } else if (slen <= DSA_LEN) {
-      // pad with leading zeros, rfc2536#section-3
-      for (int i = 0; i < DSA_LEN - slen; i++) {
-        out.writeU8(0);
+      for (int i = 0; i < dsaLen - 1 && bigint[i] == 0 && bigint[i + 1] >= 0; i++) {
+        len--;
       }
-    } else {
-      throw new IOException("Invalid s-value in ASN.1 DER encoded DSA signature: " + slen);
     }
-
-    out.writeByteArray(in.readByteArray(slen));
-
-    return out.toByteArray();
+    return len;
   }
 
-  private static byte[] ECGOSTSignaturefromDNS(byte[] signature, ECKeyInfo keyinfo)
-      throws DNSSECException {
-    if (signature.length != keyinfo.length * 2) {
-      throw new SignatureVerificationException();
+  private static void writeAsn1Int(int keyLength, DNSOutput out, byte[] bigint, int bigintLen) {
+    out.writeU8(ASN1_INT);
+    out.writeU8(bigintLen);
+    if (bigintLen > keyLength) {
+      out.writeU8(0);
     }
-    // Wire format is equal to the engine input
-    return signature;
-  }
-
-  private static byte[] ECDSASignaturefromDNS(byte[] signature, ECKeyInfo keyinfo)
-      throws DNSSECException, IOException {
-    if (signature.length != keyinfo.length * 2) {
-      throw new SignatureVerificationException();
+    if (bigintLen >= keyLength) {
+      out.writeByteArray(bigint);
+    } else {
+      out.writeByteArray(bigint, keyLength - bigintLen, bigintLen);
     }
+  }
 
+  private static byte[] dsaSignatureToDNS(byte[] signature, int rsLen, int t) throws IOException {
     DNSInput in = new DNSInput(signature);
     DNSOutput out = new DNSOutput();
 
-    byte[] r = in.readByteArray(keyinfo.length);
-    int rlen = keyinfo.length;
-    if (r[0] < 0) {
-      rlen++;
-    } else {
-      for (int i = 0; i < keyinfo.length - 1 && r[i] == 0 && r[i + 1] >= 0; i++) {
-        rlen--;
-      }
-    }
-
-    byte[] s = in.readByteArray(keyinfo.length);
-    int slen = keyinfo.length;
-    if (s[0] < 0) {
-      slen++;
-    } else {
-      for (int i = 0; i < keyinfo.length - 1 && s[i] == 0 && s[i + 1] >= 0; i++) {
-        slen--;
-      }
-    }
-
-    out.writeU8(ASN1_SEQ);
-    out.writeU8(rlen + slen + 4);
-
-    out.writeU8(ASN1_INT);
-    out.writeU8(rlen);
-    if (rlen > keyinfo.length) {
-      out.writeU8(0);
-    }
-    if (rlen >= keyinfo.length) {
-      out.writeByteArray(r);
-    } else {
-      out.writeByteArray(r, keyinfo.length - rlen, rlen);
+    if (t > -1) {
+      out.writeU8(t);
     }
 
-    out.writeU8(ASN1_INT);
-    out.writeU8(slen);
-    if (slen > keyinfo.length) {
-      out.writeU8(0);
-    }
-    if (slen >= keyinfo.length) {
-      out.writeByteArray(s);
-    } else {
-      out.writeByteArray(s, keyinfo.length - slen, slen);
+    int tmp = in.readU8();
+    if (tmp != ASN1_SEQ) {
+      throw asn1ParseException(ASN1_SEQ, tmp);
     }
+    /*int seqlen =*/ in.readU8();
 
+    transformAns1IntToDns(rsLen, in, out);
+    transformAns1IntToDns(rsLen, in, out);
     return out.toByteArray();
   }
 
-  private static byte[] ECDSASignaturetoDNS(byte[] signature, ECKeyInfo keyinfo)
+  private static void transformAns1IntToDns(int rsLen, DNSInput in, DNSOutput out)
       throws IOException {
-    DNSInput in = new DNSInput(signature);
-    DNSOutput out = new DNSOutput();
-
     int tmp = in.readU8();
-    if (tmp != ASN1_SEQ) {
-      throw new IOException("Invalid ASN.1 data, expected " + ASN1_SEQ + " got " + tmp);
-    }
-    int seqlen = in.readU8();
-
-    tmp = in.readU8();
     if (tmp != ASN1_INT) {
-      throw new IOException("Invalid ASN.1 data, expected " + ASN1_INT + " got " + tmp);
-    }
-
-    int rlen = in.readU8();
-    if (rlen == keyinfo.length + 1 && in.readU8() == 0) {
-      --rlen;
-    } else if (rlen <= keyinfo.length) {
-      // pad with leading zeros, rfc2536#section-3
-      for (int i = 0; i < keyinfo.length - rlen; i++) {
-        out.writeU8(0);
-      }
-    } else {
-      throw new IOException("Invalid r-value in ASN.1 DER encoded ECDSA signature: " + rlen);
+      throw asn1ParseException(ASN1_INT, tmp);
     }
 
-    out.writeByteArray(in.readByteArray(rlen));
-
-    tmp = in.readU8();
-    if (tmp != ASN1_INT) {
-      throw new IOException("Invalid ASN.1 data, expected " + ASN1_INT + " got " + tmp);
-    }
-    int slen = in.readU8();
-    if (slen == keyinfo.length + 1 && in.readU8() == 0) {
-      --slen;
-    } else if (slen <= keyinfo.length) {
+    // the int must be of rsLen or +1 if it has a leading zero for negative
+    // ASN.1 integers
+    int len = in.readU8();
+    if (len == rsLen + 1 && in.readU8() == 0) {
+      --len;
+    } else if (len <= rsLen) {
       // pad with leading zeros, rfc2536#section-3
-      for (int i = 0; i < keyinfo.length - slen; i++) {
+      for (int i = 0; i < rsLen - len; i++) {
         out.writeU8(0);
       }
     } else {
-      throw new IOException("Invalid s-value in ASN.1 DER encoded ECDSA signature: " + slen);
+      throw new IOException("Invalid r/s-value in ASN.1 DER encoded signature: " + len);
     }
 
-    out.writeByteArray(in.readByteArray(slen));
-
-    return out.toByteArray();
+    out.writeByteArray(in.readByteArray(len));
   }
 
-  private static void verify(PublicKey key, int alg, byte[] data, byte[] signature)
+  private static void verify(KEYBase keyRecord, SIGBase sigRecord, byte[] data, int coveredType)
       throws DNSSECException {
+    PublicKey key = keyRecord.getPublicKey();
+    int alg = sigRecord.getAlgorithm();
+    byte[] signature = sigRecord.getSignature();
     if (key instanceof DSAPublicKey) {
       try {
-        signature = DSASignaturefromDNS(signature);
+        signature = dsaSignatureFromDNS(signature, DSA_LEN, true);
       } catch (IOException e) {
-        throw new IllegalStateException();
+        throw new SignatureVerificationException(e);
       }
     } else if (key instanceof ECPublicKey) {
       try {
         switch (alg) {
           case Algorithm.ECC_GOST:
-            signature = ECGOSTSignaturefromDNS(signature, GOST);
+            // Wire format is equal to the engine input
+            if (signature.length != GOST.length * 2) {
+              throw new SignatureVerificationException(
+                  "input has unexpected length " + signature.length);
+            }
             break;
           case Algorithm.ECDSAP256SHA256:
-            signature = ECDSASignaturefromDNS(signature, ECDSA_P256);
+            signature = dsaSignatureFromDNS(signature, ECDSA_P256.length, false);
             break;
           case Algorithm.ECDSAP384SHA384:
-            signature = ECDSASignaturefromDNS(signature, ECDSA_P384);
+            signature = dsaSignatureFromDNS(signature, ECDSA_P384.length, false);
             break;
           default:
             throw new UnsupportedAlgorithmException(alg);
         }
       } catch (IOException e) {
-        throw new IllegalStateException();
+        throw new SignatureVerificationException(e);
       }
     }
 
@@ -923,17 +1023,34 @@ private static void verify(PublicKey key, int alg, byte[] data, byte[] signature
       s.initVerify(key);
       s.update(data);
       if (!s.verify(signature)) {
-        throw new SignatureVerificationException();
+        throw new SignatureVerificationException(
+            "Key "
+                + keyRecord.getName()
+                + " (alg="
+                + keyRecord.getAlgorithm()
+                + ",id="
+                + keyRecord.getFootprint()
+                + ") doesn't validate <"
+                + sigRecord.getName()
+                + "/"
+                + DClass.string(sigRecord.getDClass())
+                + "/"
+                + Type.string(coveredType)
+                + "> (alg="
+                + sigRecord.getAlgorithm()
+                + ",id="
+                + sigRecord.getFootprint()
+                + ")");
       }
     } catch (GeneralSecurityException e) {
-      throw new DNSSECException(e.toString());
+      throw new DNSSECException(e);
     }
   }
 
   private static boolean matches(SIGBase sig, KEYBase key) {
-    return (key.getAlgorithm() == sig.getAlgorithm()
+    return key.getAlgorithm() == sig.getAlgorithm()
         && key.getFootprint() == sig.getFootprint()
-        && key.getName().equals(sig.getSigner()));
+        && key.getName().equals(sig.getSigner());
   }
 
   /**
@@ -969,23 +1086,59 @@ public static void verify(RRset rrset, RRSIGRecord rrsig, DNSKEYRecord key)
    * @throws SignatureNotYetValidException The signature is not yet valid
    * @throws SignatureVerificationException The signature does not verify.
    * @throws DNSSECException Some other error occurred.
+   * @deprecated use {@link #verify(RRset, RRSIGRecord, DNSKEYRecord, Instant)}
    */
-  public static void verify(RRset<?> rrset, RRSIGRecord rrsig, DNSKEYRecord key, Instant date)
+  @Deprecated
+  public static void verify(RRset rrset, RRSIGRecord rrsig, DNSKEYRecord key, Date date)
       throws DNSSECException {
-    if (!matches(rrsig, key)) {
-      throw new KeyMismatchException(key, rrsig);
+    verify(rrset, rrsig, key, date.toInstant());
+  }
+
+  /**
+   * Verify a DNSSEC signature.
+   *
+   * @param rrset The data to be verified.
+   * @param rrsig The RRSIG record containing the signature.
+   * @param key The DNSKEY record to verify the signature with.
+   * @param date The date against which the signature is verified.
+   * @throws UnsupportedAlgorithmException The algorithm is unknown
+   * @throws MalformedKeyException The key is malformed
+   * @throws KeyMismatchException The key and signature do not match
+   * @throws SignatureExpiredException The signature has expired
+   * @throws SignatureNotYetValidException The signature is not yet valid
+   * @throws SignatureVerificationException The signature does not verify.
+   * @throws DNSSECException Some other error occurred.
+   */
+  public static void verify(RRset rrset, RRSIGRecord rrsig, DNSKEYRecord key, Instant date)
+      throws DNSSECException {
+    if ((key.getFlags() & DNSKEYRecord.Flags.ZONE_KEY) != DNSKEYRecord.Flags.ZONE_KEY) {
+      throw new InvalidDnskeyException(
+          key, "zone key flag is not set", ExtendedErrorCodeOption.NO_ZONE_KEY_BIT_SET);
+    }
+
+    if (key.getProtocol() != DNSKEYRecord.Protocol.DNSSEC) {
+      throw new InvalidDnskeyException(
+          key, "invalid protocol", ExtendedErrorCodeOption.DNSSEC_BOGUS);
     }
 
-    if (date.compareTo(rrsig.getExpire()) > 0) {
-      throw new SignatureExpiredException(rrsig.getExpire(), date);
+    checkKeyAndSigRecord(rrsig, key, date);
+
+    verify(key, rrsig, digestRRset(rrsig, rrset), rrset.getType());
+  }
+
+  private static void checkKeyAndSigRecord(SIGBase sig, KEYBase key, Instant date)
+      throws DNSSECException {
+    if (!matches(sig, key)) {
+      throw new KeyMismatchException(key, sig);
     }
-    if (date.compareTo(rrsig.getTimeSigned()) < 0) {
-      throw new SignatureNotYetValidException(rrsig.getTimeSigned(), date);
+
+    if (date.compareTo(sig.getExpire()) > 0) {
+      throw new SignatureExpiredException(sig.getExpire(), date);
     }
 
-    verify(
-        key.getPublicKey(), rrsig.getAlgorithm(),
-        digestRRset(rrsig, rrset), rrsig.getSignature());
+    if (date.compareTo(sig.getTimeSigned()) < 0) {
+      throw new SignatureNotYetValidException(sig.getTimeSigned(), date);
+    }
   }
 
   static byte[] sign(PrivateKey privkey, PublicKey pubkey, int alg, byte[] data, String provider)
@@ -1002,17 +1155,17 @@ static byte[] sign(PrivateKey privkey, PublicKey pubkey, int alg, byte[] data, S
       s.update(data);
       signature = s.sign();
     } catch (GeneralSecurityException e) {
-      throw new DNSSECException(e.toString());
+      throw new DNSSECException(e);
     }
 
     if (pubkey instanceof DSAPublicKey) {
       try {
         DSAPublicKey dsa = (DSAPublicKey) pubkey;
-        BigInteger P = dsa.getParams().getP();
-        int t = (BigIntegerLength(P) - 64) / 8;
-        signature = DSASignaturetoDNS(signature, t);
+        BigInteger p = dsa.getParams().getP();
+        int t = (bigIntegerLength(p) - 64) / 8;
+        signature = dsaSignatureToDNS(signature, DSA_LEN, t);
       } catch (IOException e) {
-        throw new IllegalStateException(e);
+        throw new DNSSECException(e);
       }
     } else if (pubkey instanceof ECPublicKey) {
       try {
@@ -1021,16 +1174,16 @@ static byte[] sign(PrivateKey privkey, PublicKey pubkey, int alg, byte[] data, S
             // Wire format is equal to the engine output
             break;
           case Algorithm.ECDSAP256SHA256:
-            signature = ECDSASignaturetoDNS(signature, ECDSA_P256);
+            signature = dsaSignatureToDNS(signature, ECDSA_P256.length, -1);
             break;
           case Algorithm.ECDSAP384SHA384:
-            signature = ECDSASignaturetoDNS(signature, ECDSA_P384);
+            signature = dsaSignatureToDNS(signature, ECDSA_P384.length, -1);
             break;
           default:
             throw new UnsupportedAlgorithmException(alg);
         }
       } catch (IOException e) {
-        throw new IllegalStateException(e);
+        throw new DNSSECException(e);
       }
     }
 
@@ -1044,20 +1197,30 @@ static void checkAlgorithm(PrivateKey key, int alg) throws UnsupportedAlgorithmE
       case Algorithm.RSA_NSEC3_SHA1:
       case Algorithm.RSASHA256:
       case Algorithm.RSASHA512:
-        if (!("RSA".equals(key.getAlgorithm()))) {
+        if (!"RSA".equals(key.getAlgorithm())) {
           throw new IncompatibleKeyException();
         }
         break;
       case Algorithm.DSA:
       case Algorithm.DSA_NSEC3_SHA1:
-        if (!("DSA".equals(key.getAlgorithm()))) {
+        if (!"DSA".equals(key.getAlgorithm())) {
           throw new IncompatibleKeyException();
         }
         break;
       case Algorithm.ECC_GOST:
       case Algorithm.ECDSAP256SHA256:
       case Algorithm.ECDSAP384SHA384:
-        if (!("EC".equals(key.getAlgorithm()))) {
+        if (!"EC".equals(key.getAlgorithm()) && !"ECDSA".equals(key.getAlgorithm())) {
+          throw new IncompatibleKeyException();
+        }
+        break;
+      case Algorithm.ED25519:
+        if (!"Ed25519".equals(key.getAlgorithm()) && !"EdDSA".equals(key.getAlgorithm())) {
+          throw new IncompatibleKeyException();
+        }
+        break;
+      case Algorithm.ED448:
+        if (!"Ed448".equals(key.getAlgorithm()) && !"EdDSA".equals(key.getAlgorithm())) {
           throw new IncompatibleKeyException();
         }
         break;
@@ -1075,10 +1238,59 @@ static void checkAlgorithm(PrivateKey key, int alg) throws UnsupportedAlgorithmE
    * @param privkey The PrivateKey to use when signing
    * @param inception The time at which the signatures should become valid
    * @param expiration The time at which the signatures should expire
+   * @return The generated signature
    * @throws UnsupportedAlgorithmException The algorithm is unknown
    * @throws MalformedKeyException The key is malformed
    * @throws DNSSECException Some other error occurred.
+   * @deprecated use {@link #sign(RRset, DNSKEYRecord, PrivateKey, Instant, Instant)}
+   */
+  @Deprecated
+  public static RRSIGRecord sign(
+      RRset rrset, DNSKEYRecord key, PrivateKey privkey, Date inception, Date expiration)
+      throws DNSSECException {
+    return sign(rrset, key, privkey, inception.toInstant(), expiration.toInstant(), null);
+  }
+
+  /**
+   * Generate a DNSSEC signature. key and privateKey must refer to the same underlying cryptographic
+   * key.
+   *
+   * @param rrset The data to be signed
+   * @param key The DNSKEY record to use as part of signing
+   * @param privkey The PrivateKey to use when signing
+   * @param inception The time at which the signatures should become valid
+   * @param expiration The time at which the signatures should expire
    * @return The generated signature
+   * @throws UnsupportedAlgorithmException The algorithm is unknown
+   * @throws MalformedKeyException The key is malformed
+   * @throws DNSSECException Some other error occurred.
+   * @deprecated use {@link #sign(RRset, DNSKEYRecord, PrivateKey, Instant, Instant, String)}
+   */
+  @Deprecated
+  public static RRSIGRecord sign(
+      RRset rrset,
+      DNSKEYRecord key,
+      PrivateKey privkey,
+      Date inception,
+      Date expiration,
+      String provider)
+      throws DNSSECException {
+    return sign(rrset, key, privkey, inception.toInstant(), expiration.toInstant(), provider);
+  }
+
+  /**
+   * Generate a DNSSEC signature. key and privateKey must refer to the same underlying cryptographic
+   * key.
+   *
+   * @param rrset The data to be signed
+   * @param key The DNSKEY record to use as part of signing
+   * @param privkey The PrivateKey to use when signing
+   * @param inception The time at which the signatures should become valid
+   * @param expiration The time at which the signatures should expire
+   * @return The generated signature
+   * @throws UnsupportedAlgorithmException The algorithm is unknown
+   * @throws MalformedKeyException The key is malformed
+   * @throws DNSSECException Some other error occurred.
    */
   public static RRSIGRecord sign(
       RRset rrset, DNSKEYRecord key, PrivateKey privkey, Instant inception, Instant expiration)
@@ -1097,13 +1309,13 @@ public static RRSIGRecord sign(
    * @param expiration The time at which the signatures should expire
    * @param provider The name of the JCA provider. If non-null, it will be passed to JCA
    *     getInstance() methods.
+   * @return The generated signature
    * @throws UnsupportedAlgorithmException The algorithm is unknown
    * @throws MalformedKeyException The key is malformed
    * @throws DNSSECException Some other error occurred.
-   * @return The generated signature
    */
   public static RRSIGRecord sign(
-      RRset<?> rrset,
+      RRset rrset,
       DNSKEYRecord key,
       PrivateKey privkey,
       Instant inception,
@@ -1167,24 +1379,13 @@ static SIGRecord signMessage(
   }
 
   static void verifyMessage(
-      Message message, byte[] bytes, SIGRecord sig, SIGRecord previous, KEYRecord key)
+      Message message, byte[] bytes, SIGRecord sig, SIGRecord previous, KEYRecord key, Instant now)
       throws DNSSECException {
     if (message.sig0start == 0) {
       throw new NoSignatureException();
     }
 
-    if (!matches(sig, key)) {
-      throw new KeyMismatchException(key, sig);
-    }
-
-    Instant now = Instant.now();
-
-    if (now.compareTo(sig.getExpire()) > 0) {
-      throw new SignatureExpiredException(sig.getExpire(), now);
-    }
-    if (now.compareTo(sig.getTimeSigned()) < 0) {
-      throw new SignatureNotYetValidException(sig.getTimeSigned(), now);
-    }
+    checkKeyAndSigRecord(sig, key, now);
 
     DNSOutput out = new DNSOutput();
     digestSIG(out, sig);
@@ -1192,15 +1393,13 @@ static void verifyMessage(
       out.writeByteArray(previous.getSignature());
     }
 
-    Header header = (Header) message.getHeader().clone();
+    Header header = message.getHeader().clone();
     header.decCount(Section.ADDITIONAL);
     out.writeByteArray(header.toWire());
 
     out.writeByteArray(bytes, Header.LENGTH, message.sig0start - Header.LENGTH);
 
-    verify(
-        key.getPublicKey(), sig.getAlgorithm(),
-        out.toByteArray(), sig.getSignature());
+    verify(key, sig, out.toByteArray(), 0);
   }
 
   /**
@@ -1214,16 +1413,16 @@ static byte[] generateDSDigest(DNSKEYRecord key, int digestid) {
     MessageDigest digest;
     try {
       switch (digestid) {
-        case DSRecord.Digest.SHA1:
+        case Digest.SHA1:
           digest = MessageDigest.getInstance("sha-1");
           break;
-        case DSRecord.Digest.SHA256:
+        case Digest.SHA256:
           digest = MessageDigest.getInstance("sha-256");
           break;
-        case DSRecord.Digest.GOST3411:
+        case Digest.GOST3411:
           digest = MessageDigest.getInstance("GOST3411");
           break;
-        case DSRecord.Digest.SHA384:
+        case Digest.SHA384:
           digest = MessageDigest.getInstance("sha-384");
           break;
         default:
diff --git a/src/main/java/org/xbill/DNS/DSRecord.java b/src/main/java/org/xbill/DNS/DSRecord.java
index b527516e1..ab2794188 100644
--- a/src/main/java/org/xbill/DNS/DSRecord.java
+++ b/src/main/java/org/xbill/DNS/DSRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2002-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -12,33 +13,60 @@
  * @see DNSSEC
  * @author David Blacka
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4034">RFC 4034: Resource Records for the DNS
- *     Security Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4034">RFC 4034: Resource Records for the
+ *     DNS Security Extensions</a>
  */
 public class DSRecord extends Record {
 
+  /**
+   * DS digest constants.
+   *
+   * @deprecated use {@link DNSSEC.Digest}
+   */
+  @Deprecated
   public static class Digest {
     private Digest() {}
 
     /** SHA-1 */
-    public static final int SHA1 = 1;
+    public static final int SHA1 = DNSSEC.Digest.SHA1;
 
     /** SHA-256 */
-    public static final int SHA256 = 2;
+    public static final int SHA256 = DNSSEC.Digest.SHA256;
 
     /** GOST R 34.11-94 */
-    public static final int GOST3411 = 3;
+    public static final int GOST3411 = DNSSEC.Digest.GOST3411;
 
     /** SHA-384 */
-    public static final int SHA384 = 4;
+    public static final int SHA384 = DNSSEC.Digest.SHA384;
   }
 
-  public static final int SHA1_DIGEST_ID = Digest.SHA1;
-  public static final int SHA256_DIGEST_ID = Digest.SHA256;
-  public static final int GOST3411_DIGEST_ID = Digest.GOST3411;
-  public static final int SHA384_DIGEST_ID = Digest.SHA384;
+  /**
+   * SHA1 delegation signer digest ID.
+   *
+   * @deprecated use {@link DNSSEC.Digest#SHA1}
+   */
+  @Deprecated public static final int SHA1_DIGEST_ID = DNSSEC.Digest.SHA1;
+
+  /**
+   * SHA256 delegation signer digest ID.
+   *
+   * @deprecated use {@link DNSSEC.Digest#SHA256}
+   */
+  @Deprecated public static final int SHA256_DIGEST_ID = DNSSEC.Digest.SHA256;
+
+  /**
+   * GOST4311 delegation signer digest ID.
+   *
+   * @deprecated use {@link DNSSEC.Digest#GOST3411}
+   */
+  @Deprecated public static final int GOST3411_DIGEST_ID = DNSSEC.Digest.GOST3411;
 
-  private static final long serialVersionUID = -9001819329700081493L;
+  /**
+   * SHA384 delegation signer digest ID.
+   *
+   * @deprecated use {@link DNSSEC.Digest#SHA384}
+   */
+  @Deprecated public static final int SHA384_DIGEST_ID = DNSSEC.Digest.SHA384;
 
   private int footprint;
   private int alg;
@@ -47,11 +75,6 @@ private Digest() {}
 
   DSRecord() {}
 
-  @Override
-  Record getObject() {
-    return new DSRecord();
-  }
-
   /**
    * Creates a DS Record from the given data
    *
@@ -70,6 +93,18 @@ protected DSRecord(
       int digestid,
       byte[] digest) {
     super(name, type, dclass, ttl);
+
+    int len = DNSSEC.Digest.algLength(digestid);
+    if (len > -1 && len != digest.length) {
+      throw new IllegalArgumentException(
+          "Expected "
+              + len
+              + " bytes for "
+              + DNSSEC.Digest.string(digestid)
+              + ", got "
+              + digest.length);
+    }
+
     this.footprint = checkU16("footprint", footprint);
     this.alg = checkU8("alg", alg);
     this.digestid = checkU8("digestid", digestid);
@@ -107,7 +142,7 @@ public DSRecord(Name name, int dclass, long ttl, int digestid, DNSKEYRecord key)
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     footprint = in.readU16();
     alg = in.readU8();
     digestid = in.readU8();
@@ -115,16 +150,26 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     footprint = st.getUInt16();
     alg = st.getUInt8();
     digestid = st.getUInt8();
-    digest = st.getHex();
+    digest = st.getHex(true);
+    int len = DNSSEC.Digest.algLength(digestid);
+    if (len > -1 && len != digest.length) {
+      throw st.exception(
+          "Expected "
+              + len
+              + " bytes for "
+              + DNSSEC.Digest.string(digestid)
+              + ", got "
+              + digest.length);
+    }
   }
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(footprint);
     sb.append(" ");
@@ -160,7 +205,7 @@ public int getFootprint() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(footprint);
     out.writeU8(alg);
     out.writeU8(digestid);
diff --git a/src/main/java/org/xbill/DNS/DefaultIoClient.java b/src/main/java/org/xbill/DNS/DefaultIoClient.java
new file mode 100644
index 000000000..0f6cd407a
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/DefaultIoClient.java
@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.net.InetSocketAddress;
+import java.time.Duration;
+import java.util.concurrent.CompletableFuture;
+import org.xbill.DNS.io.TcpIoClient;
+import org.xbill.DNS.io.UdpIoClient;
+
+/**
+ * An implementation of the IO clients that use the internal NIO-based clients.
+ *
+ * @see NioUdpClient
+ * @see NioTcpClient
+ * @since 3.6
+ */
+public class DefaultIoClient implements TcpIoClient, UdpIoClient {
+  private final TcpIoClient tcpIoClient;
+  private final UdpIoClient udpIoClient;
+
+  public DefaultIoClient() {
+    tcpIoClient = new NioTcpClient();
+    udpIoClient = new NioUdpClient();
+  }
+
+  @Override
+  public CompletableFuture<byte[]> sendAndReceiveTcp(
+      InetSocketAddress local,
+      InetSocketAddress remote,
+      Message query,
+      byte[] data,
+      Duration timeout) {
+    return tcpIoClient.sendAndReceiveTcp(local, remote, query, data, timeout);
+  }
+
+  @Override
+  public CompletableFuture<byte[]> sendAndReceiveUdp(
+      InetSocketAddress local,
+      InetSocketAddress remote,
+      Message query,
+      byte[] data,
+      int max,
+      Duration timeout) {
+    return udpIoClient.sendAndReceiveUdp(local, remote, query, data, max, timeout);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/DnssecAlgorithmOption.java b/src/main/java/org/xbill/DNS/DnssecAlgorithmOption.java
new file mode 100644
index 000000000..01994ef1c
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/DnssecAlgorithmOption.java
@@ -0,0 +1,82 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.DNSSEC.Digest;
+
+/**
+ * The EDNS0 Option for Signaling Cryptographic Algorithm Understanding in DNS Security Extensions
+ * (DNSSEC), RFC 6975.
+ */
+public class DnssecAlgorithmOption extends EDNSOption {
+  private final List<Integer> algCodes;
+
+  private DnssecAlgorithmOption(int code) {
+    super(code);
+    switch (code) {
+      case Code.DAU:
+      case Code.DHU:
+      case Code.N3U:
+        break;
+      default:
+        throw new IllegalArgumentException("Invalid option code, must be one of DAU, DHU, N3U");
+    }
+    algCodes = new ArrayList<>();
+  }
+
+  public DnssecAlgorithmOption(int code, List<Integer> algCodes) {
+    this(code);
+    this.algCodes.addAll(algCodes);
+  }
+
+  public DnssecAlgorithmOption(int code, int... algCodes) {
+    this(code);
+    if (algCodes != null) {
+      for (int algCode : algCodes) {
+        this.algCodes.add(algCode);
+      }
+    }
+  }
+
+  public List<Integer> getAlgorithms() {
+    return Collections.unmodifiableList(algCodes);
+  }
+
+  @Override
+  void optionFromWire(DNSInput in) throws IOException {
+    algCodes.clear();
+    while (in.remaining() > 0) {
+      algCodes.add(in.readU8());
+    }
+  }
+
+  @Override
+  void optionToWire(DNSOutput out) {
+    algCodes.forEach(out::writeU8);
+  }
+
+  @Override
+  String optionToString() {
+    Function<Integer, String> mapper;
+    switch (getCode()) {
+      case Code.DAU:
+        mapper = Algorithm::string;
+        break;
+      case Code.DHU:
+        mapper = Digest::string;
+        break;
+      case Code.N3U:
+        mapper = NSEC3Record.Digest::string;
+        break;
+      default:
+        throw new IllegalStateException("Unknown option code");
+    }
+    return "[" + algCodes.stream().map(mapper).collect(Collectors.joining(", ")) + "]";
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/DohResolver.java b/src/main/java/org/xbill/DNS/DohResolver.java
new file mode 100644
index 000000000..fa150cc09
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/DohResolver.java
@@ -0,0 +1,282 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.ByteArrayOutputStream;
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.net.SocketTimeoutException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.NoSuchAlgorithmException;
+import java.time.Duration;
+import java.time.temporal.ChronoUnit;
+import java.util.List;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionException;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.Executor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.function.Function;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import lombok.Value;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Proof-of-concept <a href="https://datatracker.ietf.org/doc/html/rfc8484">DNS over HTTP (DoH)</a>
+ * resolver. This class is not suitable for high load scenarios because of the shortcomings of
+ * Java's built-in HTTP clients. For more control, implement your own {@link Resolver} using e.g. <a
+ * href="https://github.com/square/okhttp/">OkHttp</a>.
+ *
+ * <p>On Java 8, it uses HTTP/1.1, which is against the recommendation of RFC 8484 to use HTTP/2 and
+ * thus slower. On Java 11 or newer, HTTP/2 is always used, but the built-in HttpClient has its own
+ * <a href="https://bugs.openjdk.java.net/browse/JDK-8225647">issues</a> with connection handling.
+ *
+ * <p>As of 2020-09-13, the following limits of public resolvers for HTTP/2 were observed:
+ * <li>https://cloudflare-dns.com/dns-query: max streams=250, idle timeout=400s
+ * <li>https://dns.google/dns-query: max streams=100, idle timeout=240s
+ *
+ * @since 3.0
+ */
+@Slf4j
+public final class DohResolver extends DohResolverCommon {
+  private final SSLSocketFactory sslSocketFactory;
+
+  /**
+   * Creates a new DoH resolver that performs lookups with HTTP GET and the default timeout (5s).
+   *
+   * @param uriTemplate the URI to use for resolving, e.g. {@code https://dns.google/dns-query}
+   */
+  public DohResolver(String uriTemplate) {
+    this(uriTemplate, 100, Duration.ZERO);
+  }
+
+  /**
+   * Creates a new DoH resolver that performs lookups with HTTP GET and the default timeout (5s).
+   *
+   * @param uriTemplate the URI to use for resolving, e.g. {@code https://dns.google/dns-query}
+   * @param maxConcurrentRequests Maximum concurrent HTTP/2 streams for Java 11+ or HTTP/1.1
+   *     connections for Java 8. On Java 8 this cannot exceed the system property {@code
+   *     http.maxConnections}.
+   * @param idleConnectionTimeout Max. idle time for HTTP/2 connections until a request is
+   *     serialized. Applies to Java 11+ only.
+   * @since 3.3
+   */
+  public DohResolver(
+      String uriTemplate, int maxConcurrentRequests, Duration idleConnectionTimeout) {
+    super(uriTemplate, maxConcurrentRequests);
+
+    log.debug("Using Java 8 implementation");
+    try {
+      sslSocketFactory = SSLContext.getDefault().getSocketFactory();
+    } catch (NoSuchAlgorithmException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  /**
+   * Sets the EDNS information on outgoing messages.
+   *
+   * @param version The EDNS version to use. 0 indicates EDNS0 and -1 indicates no EDNS.
+   * @param payloadSize ignored
+   * @param flags EDNS extended flags to be set in the OPT record.
+   * @param options EDNS options to be set in the OPT record
+   */
+  @Override
+  @SuppressWarnings("java:S1185") // required for source- and binary compatibility
+  public void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options) {
+    // required for source- and binary compatibility
+    super.setEDNS(version, payloadSize, flags, options);
+  }
+
+  @Override
+  @SuppressWarnings("java:S1185") // required for source- and binary compatibility
+  public CompletionStage<Message> sendAsync(Message query) {
+    // required for source- and binary compatibility
+    return this.sendAsync(query, defaultExecutor);
+  }
+
+  @Override
+  public CompletionStage<Message> sendAsync(Message query, Executor executor) {
+    byte[] queryBytes = prepareQuery(query).toWire();
+    String url = getUrl(queryBytes);
+    long startTime = getNanoTime();
+    int queryId = query.getHeader().getID();
+
+    CompletableFuture<Message> f =
+        maxConcurrentRequests
+            .acquire(timeout, queryId, executor)
+            .handleAsync(
+                (permit, ex) -> {
+                  if (ex != null) {
+                    return this.<Message>timeoutFailedFuture(
+                        query, "could not acquire lock to send request", ex);
+                  } else {
+                    try {
+                      SendAndGetMessageBytesResponse result =
+                          sendAndGetMessageBytes(url, queryBytes, startTime);
+                      Message response;
+                      if (result.rc == Rcode.NOERROR) {
+                        response = new Message(result.responseBytes);
+                        verifyTSIG(query, response, result.responseBytes, tsig);
+                      } else {
+                        response = new Message(0);
+                        response.getHeader().setRcode(result.rc);
+                      }
+
+                      response.setResolver(this);
+                      return CompletableFuture.completedFuture(response);
+                    } catch (SocketTimeoutException e) {
+                      return this.<Message>timeoutFailedFuture(query, e);
+                    } catch (IOException | URISyntaxException e) {
+                      return this.<Message>failedFuture(e);
+                    } finally {
+                      permit.release(queryId, executor);
+                    }
+                  }
+                },
+                executor)
+            .thenCompose(Function.identity())
+            .toCompletableFuture();
+
+    Duration remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    return TimeoutCompletableFuture.compatTimeout(
+            f, remainingTimeout.toMillis(), TimeUnit.MILLISECONDS)
+        .exceptionally(
+            ex -> {
+              if (ex instanceof TimeoutException) {
+                throw new CompletionException(
+                    new TimeoutException(
+                        "Query "
+                            + queryId
+                            + " for "
+                            + query.getQuestion().getName()
+                            + "/"
+                            + Type.string(query.getQuestion().getType())
+                            + " timed out in remaining "
+                            + remainingTimeout.toMillis()
+                            + "ms"));
+              } else if (ex instanceof CompletionException) {
+                throw (CompletionException) ex;
+              }
+
+              throw new CompletionException(ex);
+            });
+  }
+
+  @Value
+  private static class SendAndGetMessageBytesResponse {
+    int rc;
+    byte[] responseBytes;
+  }
+
+  private SendAndGetMessageBytesResponse sendAndGetMessageBytes(
+      String url, byte[] queryBytes, long startTime) throws IOException, URISyntaxException {
+    HttpURLConnection conn = (HttpURLConnection) new URI(url).toURL().openConnection();
+    if (conn instanceof HttpsURLConnection) {
+      ((HttpsURLConnection) conn).setSSLSocketFactory(sslSocketFactory);
+    }
+    conn.setRequestMethod(usePost ? "POST" : "GET");
+    conn.setRequestProperty("Content-Type", APPLICATION_DNS_MESSAGE);
+    conn.setRequestProperty("Accept", APPLICATION_DNS_MESSAGE);
+
+    Duration remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    if (remainingTimeout.toMillis() <= 0) {
+      throw new SocketTimeoutException("No time left to connect");
+    }
+
+    conn.setConnectTimeout((int) remainingTimeout.toMillis());
+    if (usePost) {
+      conn.setDoOutput(true);
+    }
+
+    conn.connect();
+    remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    if (remainingTimeout.toMillis() <= 0) {
+      throw new SocketTimeoutException("No time left to request data");
+    }
+
+    conn.setReadTimeout((int) remainingTimeout.toMillis());
+    if (usePost) {
+      conn.getOutputStream().write(queryBytes);
+    }
+
+    int rc = conn.getResponseCode();
+    if (rc < 200 || rc >= 300) {
+      discardStream(conn.getInputStream());
+      discardStream(conn.getErrorStream());
+      return new SendAndGetMessageBytesResponse(Rcode.SERVFAIL, null);
+    }
+
+    try (InputStream is = conn.getInputStream()) {
+      int length = conn.getContentLength();
+      if (length > -1) {
+        byte[] responseBytes = new byte[conn.getContentLength()];
+        int r;
+        int offset = 0;
+        while ((r = is.read(responseBytes, offset, responseBytes.length - offset)) > 0) {
+          offset += r;
+          remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+
+          // Don't throw if we just received all data
+          if (offset != responseBytes.length
+              && (remainingTimeout.isNegative() || remainingTimeout.isZero())) {
+            throw new SocketTimeoutException(
+                "Timed out waiting for response data, got "
+                    + offset
+                    + " of "
+                    + responseBytes.length
+                    + " expected bytes");
+          }
+        }
+
+        if (offset < responseBytes.length) {
+          throw new EOFException("Could not read expected content length");
+        }
+
+        return new SendAndGetMessageBytesResponse(Rcode.NOERROR, responseBytes);
+      } else {
+        try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
+          byte[] buffer = new byte[4096];
+          int r;
+          while ((r = is.read(buffer, 0, buffer.length)) > 0) {
+            remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+            if (remainingTimeout.isNegative() || remainingTimeout.isZero()) {
+              throw new SocketTimeoutException(
+                  "Timed out waiting for response data, got " + bos.size() + " bytes so far");
+            }
+            bos.write(buffer, 0, r);
+          }
+          return new SendAndGetMessageBytesResponse(Rcode.NOERROR, bos.toByteArray());
+        }
+      }
+    } catch (IOException ioe) {
+      discardStream(conn.getErrorStream());
+      throw ioe;
+    }
+  }
+
+  private void discardStream(InputStream es) throws IOException {
+    if (es != null) {
+      try (InputStream in = es) {
+        byte[] buf = new byte[4096];
+        while (in.read(buf) > 0) {
+          // discard
+        }
+      } catch (IOException ioe) {
+        // ignore
+      }
+    }
+  }
+
+  @Override
+  protected <T> CompletableFuture<T> failedFuture(Throwable e) {
+    CompletableFuture<T> f = new CompletableFuture<>();
+    f.completeExceptionally(e);
+    return f;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/DohResolverCommon.java b/src/main/java/org/xbill/DNS/DohResolverCommon.java
new file mode 100644
index 000000000..c584fa2da
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/DohResolverCommon.java
@@ -0,0 +1,233 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.time.Duration;
+import java.util.List;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ForkJoinPool;
+import java.util.concurrent.TimeoutException;
+import java.util.concurrent.atomic.AtomicLong;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.utils.base64;
+
+@Slf4j
+abstract class DohResolverCommon implements Resolver {
+  /**
+   * Maximum concurrent HTTP/2 streams or HTTP/1.1 connections.
+   *
+   * <p>rfc7540#section-6.5.2 recommends a minimum of 100 streams for HTTP/2.
+   */
+  protected final AsyncSemaphore maxConcurrentRequests;
+
+  protected final AtomicLong lastRequest = new AtomicLong(0);
+
+  protected static final String APPLICATION_DNS_MESSAGE = "application/dns-message";
+
+  protected boolean usePost = false;
+  protected Duration timeout = Duration.ofSeconds(5);
+  protected String uriTemplate;
+  protected OPTRecord queryOPT = new OPTRecord(0, 0, 0);
+  protected TSIG tsig;
+  protected Executor defaultExecutor = ForkJoinPool.commonPool();
+
+  // package-visible for testing
+  long getNanoTime() {
+    return System.nanoTime();
+  }
+
+  /**
+   * Creates a new DoH resolver that performs lookups with HTTP GET and the default timeout (5s).
+   *
+   * @param uriTemplate the URI to use for resolving, e.g. {@code https://dns.google/dns-query}
+   * @param maxConcurrentRequests Maximum concurrent HTTP/2 streams for Java 11+ or HTTP/1.1
+   *     connections for Java 8. On Java 8 this cannot exceed the system property {@code
+   *     http.maxConnections}.
+   */
+  protected DohResolverCommon(String uriTemplate, int maxConcurrentRequests) {
+    this.uriTemplate = uriTemplate;
+    if (maxConcurrentRequests <= 0) {
+      throw new IllegalArgumentException("maxConcurrentRequests must be > 0");
+    }
+
+    try {
+      int javaMaxConn = Integer.parseInt(System.getProperty("http.maxConnections", "5"));
+      if (maxConcurrentRequests > javaMaxConn) {
+        maxConcurrentRequests = javaMaxConn;
+      }
+    } catch (NumberFormatException nfe) {
+      // well, use what we got
+    }
+
+    this.maxConcurrentRequests =
+        new AsyncSemaphore(maxConcurrentRequests, "concurrent request limit");
+  }
+
+  /** Not implemented. Specify the port in {@link #setUriTemplate(String)} if required. */
+  @Override
+  public void setPort(int port) {
+    // Not implemented, port is part of the URI
+  }
+
+  /** Not implemented. */
+  @Override
+  public void setTCP(boolean flag) {
+    // Not implemented, HTTP is always TCP
+  }
+
+  /** Not implemented. */
+  @Override
+  public void setIgnoreTruncation(boolean flag) {
+    // Not implemented, protocol uses TCP and doesn't have truncation
+  }
+
+  /**
+   * Sets the EDNS information on outgoing messages.
+   *
+   * @param version The EDNS version to use. 0 indicates EDNS0 and -1 indicates no EDNS.
+   * @param payloadSize ignored
+   * @param flags EDNS extended flags to be set in the OPT record.
+   * @param options EDNS options to be set in the OPT record
+   */
+  @Override
+  public void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options) {
+    switch (version) {
+      case -1:
+        queryOPT = null;
+        break;
+
+      case 0:
+        queryOPT = new OPTRecord(0, 0, version, flags, options);
+        break;
+
+      default:
+        throw new IllegalArgumentException("invalid EDNS version - must be 0 or -1 to disable");
+    }
+  }
+
+  @Override
+  public void setTSIGKey(TSIG key) {
+    this.tsig = key;
+  }
+
+  @Override
+  public void setTimeout(Duration timeout) {
+    this.timeout = timeout;
+  }
+
+  @Override
+  public Duration getTimeout() {
+    return timeout;
+  }
+
+  protected String getUrl(byte[] queryBytes) {
+    String url = uriTemplate;
+    if (!usePost) {
+      url += "?dns=" + base64.toString(queryBytes, true);
+    }
+    return url;
+  }
+
+  protected Message prepareQuery(Message query) {
+    Message preparedQuery = query.clone();
+    preparedQuery.getHeader().setID(0);
+    if (queryOPT != null && preparedQuery.getOPT() == null) {
+      preparedQuery.addRecord(queryOPT, Section.ADDITIONAL);
+    }
+
+    if (tsig != null) {
+      tsig.apply(preparedQuery, null);
+    }
+
+    return preparedQuery;
+  }
+
+  protected void verifyTSIG(Message query, Message response, byte[] b, TSIG tsig) {
+    if (tsig == null) {
+      return;
+    }
+
+    int error = tsig.verify(response, b, query.getGeneratedTSIG());
+    log.debug(
+        "TSIG verify for query {}, {}/{}: {}",
+        query.getHeader().getID(),
+        query.getQuestion().getName(),
+        Type.string(query.getQuestion().getType()),
+        Rcode.TSIGstring(error));
+  }
+
+  /** Returns {@code true} if the HTTP method POST to resolve, {@code false} if GET is used. */
+  public boolean isUsePost() {
+    return usePost;
+  }
+
+  /**
+   * Sets the HTTP method to use for resolving.
+   *
+   * @param usePost {@code true} to use POST, {@code false} to use GET (the default).
+   */
+  public void setUsePost(boolean usePost) {
+    this.usePost = usePost;
+  }
+
+  /** Gets the current URI used for resolving. */
+  public String getUriTemplate() {
+    return uriTemplate;
+  }
+
+  /** Sets the URI to use for resolving, e.g. {@code https://dns.google/dns-query} */
+  public void setUriTemplate(String uriTemplate) {
+    this.uriTemplate = uriTemplate;
+  }
+
+  /**
+   * Gets the default {@link Executor} for request handling, defaults to {@link
+   * ForkJoinPool#commonPool()}.
+   *
+   * @since 3.3
+   * @deprecated not applicable if {@link #sendAsync(Message, Executor)} is used.
+   */
+  @Deprecated
+  public Executor getExecutor() {
+    return defaultExecutor;
+  }
+
+  /**
+   * Sets the default {@link Executor} for request handling.
+   *
+   * @param executor The new {@link Executor}, can be {@code null} (which is equivalent to {@link
+   *     ForkJoinPool#commonPool()}).
+   * @since 3.3
+   * @deprecated Use {@link #sendAsync(Message, Executor)}.
+   */
+  @Deprecated
+  public void setExecutor(Executor executor) {
+    this.defaultExecutor = executor == null ? ForkJoinPool.commonPool() : executor;
+  }
+
+  @Override
+  public String toString() {
+    return "DohResolver {" + (usePost ? "POST " : "GET ") + uriTemplate + "}";
+  }
+
+  protected abstract <T> CompletableFuture<T> failedFuture(Throwable e);
+
+  protected final <T> CompletableFuture<T> timeoutFailedFuture(Message query, Throwable inner) {
+    return timeoutFailedFuture(query, null, inner);
+  }
+
+  protected final <T> CompletableFuture<T> timeoutFailedFuture(
+      Message query, String message, Throwable inner) {
+    return failedFuture(
+        new TimeoutException(
+            "Query "
+                + query.getHeader().getID()
+                + " for "
+                + query.getQuestion().getName()
+                + "/"
+                + Type.string(query.getQuestion().getType())
+                + " timed out"
+                + (message != null ? ": " + message : "")
+                + (inner != null && inner.getMessage() != null ? ", " + inner.getMessage() : "")));
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/EDNSOption.java b/src/main/java/org/xbill/DNS/EDNSOption.java
index e4c110d70..b8dc7ca1f 100644
--- a/src/main/java/org/xbill/DNS/EDNSOption.java
+++ b/src/main/java/org/xbill/DNS/EDNSOption.java
@@ -1,36 +1,177 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 package org.xbill.DNS;
 
 import java.io.IOException;
+import java.io.Serializable;
 import java.util.Arrays;
 
 /**
- * DNS extension options, as described in RFC 2671. The rdata of an OPT record is defined as a list
+ * DNS extension options, as described in RFC 6891. The rdata of an OPT record is defined as a list
  * of options; this represents a single option.
  *
  * @author Brian Wellington
  * @author Ming Zhou &lt;mizhou@bnivideo.com&gt;, Beaumaris Networks
  */
-public abstract class EDNSOption {
+public abstract class EDNSOption implements Serializable {
 
+  /**
+   * @see <a
+   *     href="https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-11">IANA
+   *     DNS EDNS0 Option Codes (OPT)</a>
+   */
   public static class Code {
     private Code() {}
 
-    /** Name Server Identifier, RFC 5001 */
+    /**
+     * Apple's DNS Long-Lived Queries protocol.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8764/">RFC 8764</a>
+     */
+    public static final int LLQ = 1;
+
+    /**
+     * Dynamic DNS Update Leases.
+     *
+     * @see <a
+     *     href="https://datatracker.ietf.org/doc/html/draft-sekar-dns-ul-03">draft-sekar-dns-ul-03</a>
+     */
+    public static final int UL = 2;
+
+    /**
+     * Name Server Identifier.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc5001/">RFC 5001</a>
+     */
     public static final int NSID = 3;
 
-    /** Client Subnet, defined in draft-vandergaast-edns-client-subnet-02 */
+    /**
+     * DNSSEC Algorithm Understood (DAU).
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6975/">RFC 6975</a>
+     */
+    public static final int DAU = 5;
+
+    /**
+     * DNSSEC DS Hash Understood (DHU).
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8764/">RFC 8764</a>
+     */
+    public static final int DHU = 6;
+
+    /**
+     * DNSSEC NSEC3 Hash Understood (N3U).
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6975/">RFC 6975</a>
+     */
+    public static final int N3U = 7;
+
+    /**
+     * Client Subnet.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7871/">RFC 7871</a>
+     */
     public static final int CLIENT_SUBNET = 8;
 
-    private static Mnemonic codes = new Mnemonic("EDNS Option Codes", Mnemonic.CASE_UPPER);
+    /**
+     * (EDNS) EXPIRE Option.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7314/">RFC 7314</a>
+     */
+    public static final int EDNS_EXPIRE = 9;
+
+    /**
+     * Cookie.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7873/">RFC 7873</a>
+     */
+    public static final int COOKIE = 10;
+
+    /**
+     * TCP Keepalive.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7828/">RFC 7828</a>
+     */
+    public static final int TCP_KEEPALIVE = 11;
+
+    /**
+     * EDNS(0) Padding Option.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7830/">RFC 7830</a>
+     */
+    public static final int PADDING = 12;
+
+    /**
+     * CHAIN Query Requests in DNS.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7901/">RFC 7901</a>
+     */
+    public static final int CHAIN = 13;
+
+    /**
+     * Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC).
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8145/">RFC 8145</a>
+     */
+    public static final int EDNS_KEY_TAG = 14;
+
+    /**
+     * Extended DNS Errors.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8914/">RFC 8914</a>
+     */
+    public static final int EDNS_EXTENDED_ERROR = 15;
+
+    /**
+     * DNS EDNS Tags.
+     *
+     * @see <a
+     *     href="https://datatracker.ietf.org/doc/html/draft-bellis-dnsop-edns-tags-01">draft-bellis-dnsop-edns-tags-01</a>
+     */
+    public static final int EDNS_CLIENT_TAG = 16;
+
+    /**
+     * DNS EDNS Tags.
+     *
+     * @see <a
+     *     href="https://datatracker.ietf.org/doc/html/draft-bellis-dnsop-edns-tags-01">draft-bellis-dnsop-edns-tags-01</a>
+     */
+    public static final int EDNS_SERVER_TAG = 17;
+
+    /**
+     * Report Channel.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc9567/">RFC 9567</a>
+     * @since 3.6
+     */
+    public static final int REPORT_CHANNEL = 18;
+
+    private static final Mnemonic codes =
+        new Mnemonic("EDNS Option Codes", Mnemonic.CASE_SENSITIVE);
 
     static {
       codes.setMaximum(0xFFFF);
       codes.setPrefix("CODE");
       codes.setNumericAllowed(true);
 
+      codes.add(LLQ, "LLQ");
+      codes.add(UL, "UL");
       codes.add(NSID, "NSID");
-      codes.add(CLIENT_SUBNET, "CLIENT_SUBNET");
+
+      codes.add(DAU, "DAU");
+      codes.add(DHU, "DHU");
+      codes.add(N3U, "N3U");
+      codes.add(CLIENT_SUBNET, "edns-client-subnet");
+      codes.add(EDNS_EXPIRE, "EDNS_EXPIRE");
+      codes.add(COOKIE, "COOKIE");
+      codes.add(TCP_KEEPALIVE, "edns-tcp-keepalive");
+      codes.add(PADDING, "Padding");
+      codes.add(CHAIN, "CHAIN");
+      codes.add(EDNS_KEY_TAG, "edns-key-tag");
+      codes.add(EDNS_EXTENDED_ERROR, "Extended_DNS_Error");
+      codes.add(EDNS_CLIENT_TAG, "EDNS-Client-Tag");
+      codes.add(EDNS_SERVER_TAG, "EDNS-Server-Tag");
+      codes.add(REPORT_CHANNEL, "Report-Channel");
     }
 
     /** Converts an EDNS Option Code into its textual representation */
@@ -58,15 +199,7 @@ public EDNSOption(int code) {
 
   @Override
   public String toString() {
-    StringBuilder sb = new StringBuilder();
-
-    sb.append("{");
-    sb.append(EDNSOption.Code.string(code));
-    sb.append(": ");
-    sb.append(optionToString());
-    sb.append("}");
-
-    return sb.toString();
+    return "{" + Code.string(code) + ": " + optionToString() + "}";
   }
 
   /**
@@ -104,7 +237,8 @@ byte[] getData() {
    * @param in The input stream.
    */
   static EDNSOption fromWire(DNSInput in) throws IOException {
-    int code, length;
+    int code;
+    int length;
 
     code = in.readU16();
     length = in.readU16();
@@ -121,6 +255,20 @@ static EDNSOption fromWire(DNSInput in) throws IOException {
       case Code.CLIENT_SUBNET:
         option = new ClientSubnetOption();
         break;
+      case Code.DAU:
+      case Code.DHU:
+      case Code.N3U:
+        option = new DnssecAlgorithmOption(code);
+        break;
+      case Code.COOKIE:
+        option = new CookieOption();
+        break;
+      case Code.TCP_KEEPALIVE:
+        option = new TcpKeepaliveOption();
+        break;
+      case Code.EDNS_EXTENDED_ERROR:
+        option = new ExtendedErrorCodeOption();
+        break;
       default:
         option = new GenericEDNSOption(code);
         break;
@@ -197,7 +345,7 @@ public int hashCode() {
     byte[] array = getData();
     int hashval = 0;
     for (byte b : array) {
-      hashval += ((hashval << 3) + (b & 0xFF));
+      hashval += (hashval << 3) + (b & 0xFF);
     }
     return hashval;
   }
diff --git a/src/main/java/org/xbill/DNS/EmptyRecord.java b/src/main/java/org/xbill/DNS/EmptyRecord.java
index 91f0cca24..0f24109a7 100644
--- a/src/main/java/org/xbill/DNS/EmptyRecord.java
+++ b/src/main/java/org/xbill/DNS/EmptyRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,27 +10,25 @@
  * @author Brian Wellington
  */
 class EmptyRecord extends Record {
-
-  private static final long serialVersionUID = 3601852050646429582L;
-
   EmptyRecord() {}
 
   @Override
-  Record getObject() {
-    return new EmptyRecord();
+  protected void rrFromWire(DNSInput in) {
+    // The empty record doesn't have any data to parse
   }
 
   @Override
-  void rrFromWire(DNSInput in) {}
-
-  @Override
-  void rdataFromString(Tokenizer st, Name origin) {}
+  protected void rdataFromString(Tokenizer st, Name origin) {
+    // The empty record doesn't have any data to parse
+  }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     return "";
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {}
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+    // The empty record doesn't have any data to write
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java b/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java
new file mode 100644
index 000000000..1c40d5714
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java
@@ -0,0 +1,314 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import lombok.Getter;
+
+/**
+ * EDNS option to provide additional information about the cause of DNS errors (RFC 8914).
+ *
+ * @since 3.4
+ */
+public class ExtendedErrorCodeOption extends EDNSOption {
+
+  /** The error in question falls into a category that does not match known extended error codes. */
+  public static final int OTHER = 0;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but a {@link DNSKEYRecord} {@link RRset}
+   * contained only unsupported DNSSEC algorithms.
+   */
+  public static final int UNSUPPORTED_DNSKEY_ALGORITHM = 1;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but a {@link DSRecord} {@link RRset}
+   * contained only unsupported Digest Types.
+   */
+  public static final int UNSUPPORTED_DS_DIGEST_TYPE = 2;
+
+  /**
+   * The resolver was unable to resolve the answer within its time limits and decided to answer with
+   * previously cached data instead of answering with an error.
+   */
+  public static final int STALE_ANSWER = 3;
+
+  /**
+   * For policy reasons (legal obligation or malware filtering, for instance), an answer was forged.
+   */
+  public static final int FORGED_ANSWER = 4;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but validation ended in the Indeterminate
+   * state.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc4035>RFC 4035</a>
+   */
+  public static final int DNSSEC_INDETERMINATE = 5;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but validation ended in the Bogus state.
+   */
+  public static final int DNSSEC_BOGUS = 6;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no signatures are presently valid and
+   * some (often all) are expired.
+   */
+  public static final int SIGNATURE_EXPIRED = 7;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no signatures are presently valid and
+   * at least some are not yet valid.
+   */
+  public static final int SIGNATURE_NOT_YET_VALID = 8;
+
+  /**
+   * A {@link DSRecord} existed at a parent, but no supported matching {@link DNSKEYRecord} could be
+   * found for the child.
+   */
+  public static final int DNSKEY_MISSING = 9;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no {@link RRSIGRecord}s could be found
+   * for at least one {@link RRset} where {@link RRSIGRecord}s were expected.
+   */
+  public static final int RRSIGS_MISSING = 10;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no Zone Key Bit was set in a DNSKEY.
+   */
+  public static final int NO_ZONE_KEY_BIT_SET = 11;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but the requested data was missing and a
+   * covering {@link NSECRecord} or {@link NSEC3Record} was not provided
+   */
+  public static final int NSEC_MISSING = 12;
+
+  /** The resolver is returning the {@link Rcode#SERVFAIL} from its cache. */
+  public static final int CACHED_ERROR = 13;
+
+  /**
+   * The server is unable to answer the query, as it was not fully functional when the query was
+   * received.
+   */
+  public static final int NOT_READY = 14;
+
+  /**
+   * The server is unable to respond to the request because the domain is on a blocklist due to an
+   * internal security policy imposed by the operator of the server resolving or forwarding the
+   * query.
+   */
+  public static final int BLOCKED = 15;
+
+  /**
+   * The server is unable to respond to the request because the domain is on a blocklist due to an
+   * external requirement imposed by an entity other than the operator of the server resolving or
+   * forwarding the query.
+   */
+  public static final int CENSORED = 16;
+
+  /**
+   * The server is unable to respond to the request because the domain is on a blocklist as
+   * requested by the client.
+   */
+  public static final int FILTERED = 17;
+
+  /**
+   * An authoritative server or recursive resolver that receives a query from an "unauthorized"
+   * client can annotate its {@link Rcode#REFUSED} message with this code.
+   */
+  public static final int PROHIBITED = 18;
+
+  /**
+   * The resolver was unable to resolve an answer within its configured time limits and decided to
+   * answer with a previously cached {@link Rcode#NXDOMAIN} answer instead of answering with an
+   * error.
+   */
+  public static final int STALE_NXDOMAIN_ANSWER = 19;
+
+  /**
+   * Response to a query with the Recursion Desired (RD) bit clear, or when the server is not
+   * configured for recursion (and the query is for a domain for which it is not authoritative).
+   */
+  public static final int NOT_AUTHORITATIVE = 20;
+
+  /** The requested operation or query is not supported. */
+  public static final int NOT_SUPPORTED = 21;
+
+  /**
+   * The resolver could not reach any of the authoritative name servers (or they potentially refused
+   * to reply).
+   */
+  public static final int NO_REACHABLE_AUTHORITY = 22;
+
+  /** An unrecoverable error occurred while communicating with another server. */
+  public static final int NETWORK_ERROR = 23;
+
+  /**
+   * The authoritative server cannot answer with data for a zone it is otherwise configured to
+   * support.
+   */
+  public static final int INVALID_DATA = 24;
+
+  /**
+   * The signature expired before it started to become valid.
+   *
+   * @since 3.6
+   * @see <a href="https://github.com/NLnetLabs/unbound/pull/604#discussion_r802678343">Unbound
+   *     PR#604</a>
+   */
+  public static final int SIGNATURE_EXPIRED_BEFORE_VALID = 25;
+
+  /**
+   * DNS over QUIC session resumption error.
+   *
+   * @since 3.6
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc9250#section-4.5-3">RFC 9250, 4.5</a>
+   */
+  public static final int TOO_EARLY = 26;
+
+  /**
+   * The NSEC3 iterations value is not supported.
+   *
+   * @since 3.6
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc9276#section-3.2">RFC 9276, 3.2</a>
+   */
+  public static final int UNSUPPORTED_NSEC3_ITERATIONS_VALUE = 27;
+
+  /**
+   * Unable to conform to policy.
+   *
+   * @since 3.6
+   * @see <a
+   *     href="https://datatracker.ietf.org/doc/draft-homburg-dnsop-codcp/01/">draft-homburg-dnsop-codcp-01</a>
+   */
+  public static final int UNABLE_TO_CONFORM_TO_POLICY = 28;
+
+  /**
+   * Result synthesized from aggressive NSEC cache.
+   *
+   * @since 3.6
+   * @see <a href="https://github.com/PowerDNS/pdns/pull/12334">PowerDNS PR#12334</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8198">RFC 8198</a>
+   */
+  public static final int SYNTHESIZED = 29;
+
+  @Getter private int errorCode;
+  @Getter private String text;
+
+  private static final Mnemonic codes =
+      new Mnemonic("EDNS Extended Error Codes", Mnemonic.CASE_SENSITIVE);
+
+  static {
+    codes.setMaximum(0xFFFF);
+    codes.setPrefix("EDE");
+    codes.add(OTHER, "OTHER");
+    codes.add(UNSUPPORTED_DNSKEY_ALGORITHM, "UNSUPPORTED_DNSKEY_ALGORITHM");
+    codes.add(UNSUPPORTED_DS_DIGEST_TYPE, "UNSUPPORTED_DS_DIGEST_TYPE");
+    codes.add(STALE_ANSWER, "STALE_ANSWER");
+    codes.add(FORGED_ANSWER, "FORGED_ANSWER");
+    codes.add(DNSSEC_INDETERMINATE, "DNSSEC_INDETERMINATE");
+    codes.add(DNSSEC_BOGUS, "DNSSEC_BOGUS");
+    codes.add(SIGNATURE_EXPIRED, "SIGNATURE_EXPIRED");
+    codes.add(SIGNATURE_NOT_YET_VALID, "SIGNATURE_NOT_YET_VALID");
+    codes.add(DNSKEY_MISSING, "DNSKEY_MISSING");
+    codes.add(RRSIGS_MISSING, "RRSIGS_MISSING");
+    codes.add(NO_ZONE_KEY_BIT_SET, "NO_ZONE_KEY_BIT_SET");
+    codes.add(NSEC_MISSING, "NSEC_MISSING");
+    codes.add(CACHED_ERROR, "CACHED_ERROR");
+    codes.add(NOT_READY, "NOT_READY");
+    codes.add(BLOCKED, "BLOCKED");
+    codes.add(CENSORED, "CENSORED");
+    codes.add(FILTERED, "FILTERED");
+    codes.add(PROHIBITED, "PROHIBITED");
+    codes.add(STALE_NXDOMAIN_ANSWER, "STALE_NXDOMAIN_ANSWER");
+    codes.add(NOT_AUTHORITATIVE, "NOT_AUTHORITATIVE");
+    codes.add(NOT_SUPPORTED, "NOT_SUPPORTED");
+    codes.add(NO_REACHABLE_AUTHORITY, "NO_REACHABLE_AUTHORITY");
+    codes.add(NETWORK_ERROR, "NETWORK_ERROR");
+    codes.add(INVALID_DATA, "INVALID_DATA");
+    codes.add(SIGNATURE_EXPIRED_BEFORE_VALID, "SIGNATURE_EXPIRED_BEFORE_VALID");
+    codes.add(TOO_EARLY, "TOO_EARLY");
+    codes.add(UNSUPPORTED_NSEC3_ITERATIONS_VALUE, "UNSUPPORTED_NSEC3_ITERATIONS_VALUE");
+    codes.add(UNABLE_TO_CONFORM_TO_POLICY, "UNABLE_TO_CONFORM_TO_POLICY");
+    codes.add(SYNTHESIZED, "SYNTHESIZED");
+  }
+
+  /**
+   * Gets the text mnemonic corresponding to an EDE value.
+   *
+   * @since 3.5
+   */
+  public static String text(int code) {
+    return codes.getText(code);
+  }
+
+  /**
+   * Gets the numeric value corresponding to an EDE text mnemonic.
+   *
+   * @since 3.5
+   */
+  public static int code(String text) {
+    return codes.getValue(text);
+  }
+
+  /** Creates an extended error code EDNS option. */
+  ExtendedErrorCodeOption() {
+    super(Code.EDNS_EXTENDED_ERROR);
+  }
+
+  /**
+   * Creates an extended error code EDNS option.
+   *
+   * @param errorCode the extended error.
+   * @param text optional error message intended for human readers.
+   */
+  public ExtendedErrorCodeOption(int errorCode, String text) {
+    super(Code.EDNS_EXTENDED_ERROR);
+    this.errorCode = errorCode;
+    this.text = text;
+  }
+
+  /**
+   * Creates an extended error code EDNS option.
+   *
+   * @param errorCode the extended error.
+   */
+  public ExtendedErrorCodeOption(int errorCode) {
+    this(errorCode, null);
+  }
+
+  @Override
+  void optionFromWire(DNSInput in) throws IOException {
+    errorCode = in.readU16();
+    if (in.remaining() > 0) {
+      byte[] data = in.readByteArray();
+      int len = data.length;
+
+      // EDE text may be null terminated but MUST NOT be assumed to be
+      if (data[data.length - 1] == 0) {
+        len--;
+      }
+
+      text = new String(data, 0, len, StandardCharsets.UTF_8);
+    }
+  }
+
+  @Override
+  void optionToWire(DNSOutput out) {
+    out.writeU16(errorCode);
+    if (text != null && !text.isEmpty()) {
+      out.writeByteArray(text.getBytes(StandardCharsets.UTF_8));
+    }
+  }
+
+  @Override
+  String optionToString() {
+    if (text == null) {
+      return codes.getText(errorCode);
+    }
+    return codes.getText(errorCode) + ": " + text;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/ExtendedFlags.java b/src/main/java/org/xbill/DNS/ExtendedFlags.java
index 68d327c79..8efa3498a 100644
--- a/src/main/java/org/xbill/DNS/ExtendedFlags.java
+++ b/src/main/java/org/xbill/DNS/ExtendedFlags.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,7 +10,7 @@
  */
 public final class ExtendedFlags {
 
-  private static Mnemonic extflags = new Mnemonic("EDNS Flag", Mnemonic.CASE_LOWER);
+  private static final Mnemonic extflags = new Mnemonic("EDNS Flag", Mnemonic.CASE_LOWER);
 
   /** dnssec ok */
   public static final int DO = 0x8000;
@@ -29,6 +30,15 @@ public static String string(int i) {
     return extflags.getText(i);
   }
 
+  /**
+   * Converts a numeric extended flag into a String
+   *
+   * @param bit the flag as a bit value according to IANA allocation
+   */
+  public static String stringFromBit(int bit) {
+    return extflags.getText((1 << (15 - bit)));
+  }
+
   /** Converts a textual representation of an extended flag into its numeric value */
   public static int value(String s) {
     return extflags.getValue(s);
diff --git a/src/main/java/org/xbill/DNS/ExtendedResolver.java b/src/main/java/org/xbill/DNS/ExtendedResolver.java
index c56bde05d..2ea38aef3 100644
--- a/src/main/java/org/xbill/DNS/ExtendedResolver.java
+++ b/src/main/java/org/xbill/DNS/ExtendedResolver.java
@@ -1,414 +1,345 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.io.IOException;
-import java.io.InterruptedIOException;
-import java.net.SocketException;
+import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
+import java.time.Duration;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Comparator;
 import java.util.List;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ForkJoinPool;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * An implementation of Resolver that can send queries to multiple servers, sending the queries
- * multiple times if necessary.
+ * An implementation of {@link Resolver} that can send queries to multiple servers, sending the
+ * queries multiple times if necessary.
  *
  * @see Resolver
  * @author Brian Wellington
  */
 @Slf4j
 public class ExtendedResolver implements Resolver {
-
-  private static class Resolution implements ResolverListener {
-    Resolver[] resolvers;
-    int[] sent;
-    Object[] inprogress;
-    int retries;
-    int outstanding;
-    boolean done;
-    Message query;
-    Message response;
-    Throwable thrown;
-    ResolverListener listener;
-
-    public Resolution(ExtendedResolver eres, Message query) {
-      List<Resolver> l = eres.resolvers;
-      resolvers = l.toArray(new Resolver[0]);
+  private static class Resolution {
+    private final Message query;
+    private final int[] attempts;
+    private final int retriesPerResolver;
+    private final long endTime;
+    private List<ResolverEntry> resolvers;
+    private int currentResolver;
+
+    Resolution(ExtendedResolver eres, Message query) {
+      resolvers = new ArrayList<>(eres.resolvers);
+      endTime = System.nanoTime() + eres.timeout.toNanos();
       if (eres.loadBalance) {
-        int nresolvers = resolvers.length;
-        /*
-         * Note: this is not synchronized, since the
-         * worst thing that can happen is a random
-         * ordering, which is ok.
-         */
-        int start = eres.lbStart++ % nresolvers;
-        if (eres.lbStart > nresolvers) {
-          eres.lbStart %= nresolvers;
-        }
+        int start = eres.lbStart.updateAndGet(i -> (i + 1) % resolvers.size());
         if (start > 0) {
-          Resolver[] shuffle = new Resolver[nresolvers];
-          for (int i = 0; i < nresolvers; i++) {
-            int pos = (i + start) % nresolvers;
-            shuffle[i] = resolvers[pos];
+          List<ResolverEntry> shuffle = new ArrayList<>(resolvers.size());
+          for (int i = 0; i < resolvers.size(); i++) {
+            int pos = (i + start) % resolvers.size();
+            shuffle.add(resolvers.get(pos));
           }
+
           resolvers = shuffle;
         }
+      } else {
+        resolvers =
+            resolvers.stream()
+                .sorted(Comparator.comparingInt(re -> re.failures.get()))
+                .collect(Collectors.toList());
       }
-      sent = new int[resolvers.length];
-      inprogress = new Object[resolvers.length];
-      retries = eres.retries;
+
+      attempts = new int[resolvers.size()];
+      retriesPerResolver = eres.retries;
       this.query = query;
     }
 
     /* Asynchronously sends a message. */
-    public void send(int n) {
-      sent[n]++;
-      outstanding++;
-      try {
-        inprogress[n] = resolvers[n].sendAsync(query, this);
-      } catch (Throwable t) {
-        synchronized (this) {
-          thrown = t;
-          done = true;
-          if (listener == null) {
-            notifyAll();
-          }
-        }
-      }
+    private CompletionStage<Message> send(Executor executorService) {
+      ResolverEntry r = resolvers.get(currentResolver);
+      log.debug(
+          "Sending {}/{}, id={} to resolver {} ({}), attempt {} of {}",
+          query.getQuestion().getName(),
+          Type.string(query.getQuestion().getType()),
+          query.getHeader().getID(),
+          currentResolver,
+          r.resolver,
+          attempts[currentResolver] + 1,
+          retriesPerResolver);
+      attempts[currentResolver]++;
+      return r.resolver.sendAsync(query, executorService);
     }
 
-    /* Start a synchronous resolution */
-    public Message start() throws IOException {
-      try {
-        /*
-         * First, try sending synchronously.  If this works,
-         * we're done.  Otherwise, we'll get an exception
-         * and continue.  It would be easier to call send(0),
-         * but this avoids a thread creation.  If and when
-         * SimpleResolver.sendAsync() can be made to not
-         * create a thread, this could be changed.
-         */
-        sent[0]++;
-        outstanding++;
-        inprogress[0] = new Object();
-        return resolvers[0].send(query);
-      } catch (Exception e) {
-        /*
-         * This will either cause more queries to be sent
-         * asynchronously or will set the 'done' flag.
-         */
-        handleException(inprogress[0], e);
-      }
-      /*
-       * Wait for a successful response or for each
-       * subresolver to fail.
-       */
-      synchronized (this) {
-        while (!done) {
-          try {
-            wait();
-          } catch (InterruptedException e) {
-            throw new IOException(e);
+    /* Start an asynchronous resolution */
+    private CompletionStage<Message> startAsync(Executor executorService) {
+      return send(executorService)
+          .handle((result, ex) -> handle(result, ex, executorService))
+          .thenCompose(Function.identity());
+    }
+
+    private CompletionStage<Message> handle(
+        Message result, Throwable ex, Executor executorService) {
+      AtomicInteger failureCounter = resolvers.get(currentResolver).failures;
+      if (ex != null) {
+        log.debug(
+            "Failed to resolve {}/{}, id={} with resolver {} ({}) on attempt {} of {}, reason={}",
+            query.getQuestion().getName(),
+            Type.string(query.getQuestion().getType()),
+            query.getHeader().getID(),
+            currentResolver,
+            resolvers.get(currentResolver).resolver,
+            attempts[currentResolver],
+            retriesPerResolver,
+            ex.getMessage());
+
+        failureCounter.incrementAndGet();
+
+        if (endTime - System.nanoTime() < 0) {
+          CompletableFuture<Message> f = new CompletableFuture<>();
+          f.completeExceptionally(
+              new IOException(
+                  "Timed out while trying to resolve "
+                      + query.getQuestion().getName()
+                      + "/"
+                      + Type.string(query.getQuestion().type)
+                      + ", id="
+                      + query.getHeader().getID()));
+          return f;
+        } else {
+          // go to next resolver, until retries on all resolvers are exhausted
+          currentResolver = (currentResolver + 1) % resolvers.size();
+          if (attempts[currentResolver] < retriesPerResolver) {
+            return send(executorService)
+                .handle((r, t) -> handle(r, t, executorService))
+                .thenCompose(Function.identity());
           }
+
+          CompletableFuture<Message> f = new CompletableFuture<>();
+          f.completeExceptionally(ex);
+          return f;
         }
-      }
-      /* Return the response or throw an exception */
-      if (response != null) {
-        return response;
-      } else if (thrown instanceof IOException) {
-        throw (IOException) thrown;
-      } else if (thrown instanceof RuntimeException) {
-        throw (RuntimeException) thrown;
-      } else if (thrown instanceof Error) {
-        throw (Error) thrown;
       } else {
-        throw new IllegalStateException("ExtendedResolver failure");
+        failureCounter.updateAndGet(i -> i > 0 ? (int) Math.log(i) : 0);
+        return CompletableFuture.completedFuture(result);
       }
     }
+  }
 
-    /* Start an asynchronous resolution */
-    public void startAsync(ResolverListener listener) {
-      this.listener = listener;
-      send(0);
-    }
+  @RequiredArgsConstructor
+  private static class ResolverEntry {
+    private final Resolver resolver;
+    private final AtomicInteger failures;
 
-    /*
-     * Receive a response.  If the resolution hasn't been completed,
-     * either wake up the blocking thread or call the callback.
-     */
-    @Override
-    public void receiveMessage(Object id, Message m) {
-      log.debug("received message");
-      synchronized (this) {
-        if (done) {
-          return;
-        }
-        response = m;
-        done = true;
-        if (listener == null) {
-          notifyAll();
-          return;
-        }
-      }
-      listener.receiveMessage(this, response);
+    ResolverEntry(Resolver r) {
+      this(r, new AtomicInteger(0));
     }
 
-    /*
-     * Receive an exception.  If the resolution has been completed,
-     * do nothing.  Otherwise make progress.
-     */
     @Override
-    public void handleException(Object id, Exception e) {
-      log.debug("resolving failed", e);
-      synchronized (this) {
-        outstanding--;
-        if (done) {
-          return;
-        }
-        int n;
-        for (n = 0; n < inprogress.length; n++) {
-          if (inprogress[n] == id) {
-            break;
-          }
-        }
-        /* If we don't know what this is, do nothing. */
-        if (n == inprogress.length) {
-          return;
-        }
-        boolean startnext = false;
-        /*
-         * If this is the first response from server n,
-         * we should start sending queries to server n + 1.
-         */
-        if (sent[n] == 1 && n < resolvers.length - 1) {
-          startnext = true;
-        }
-        if (e instanceof InterruptedIOException) {
-          /* Got a timeout; resend */
-          if (sent[n] < retries) {
-            send(n);
-          }
-          if (thrown == null) {
-            thrown = e;
-          }
-        } else if (e instanceof SocketException) {
-          /*
-           * Problem with the socket; don't resend
-           * on it
-           */
-          if (thrown == null || thrown instanceof InterruptedIOException) {
-            thrown = e;
-          }
-        } else {
-          /*
-           * Problem with the response; don't resend
-           * on the same socket.
-           */
-          thrown = e;
-        }
-        if (done) {
-          return;
-        }
-        if (startnext) {
-          send(n + 1);
-        }
-        if (done) {
-          return;
-        }
-        if (outstanding == 0) {
-          /*
-           * If we're done and this is synchronous,
-           * wake up the blocking thread.
-           */
-          done = true;
-          if (listener == null) {
-            notifyAll();
-            return;
-          }
-        }
-        if (!done) {
-          return;
-        }
-      }
-      /* If we're done and this is asynchronous, call the callback. */
-      if (!(thrown instanceof Exception)) {
-        thrown = new RuntimeException(thrown.getMessage());
-      }
-      listener.handleException(this, (Exception) thrown);
+    public String toString() {
+      return resolver.toString();
     }
   }
 
-  private static final int quantum = 5;
+  /**
+   * Default timeout until resolving is aborted.
+   *
+   * @since 3.2
+   */
+  public static final Duration DEFAULT_TIMEOUT = Duration.ofSeconds(10);
+
+  /**
+   * Default timeout until resolving with one of the used resolvers fails.
+   *
+   * @since 3.2
+   */
+  public static final Duration DEFAULT_RESOLVER_TIMEOUT = Duration.ofSeconds(5);
 
-  private List<Resolver> resolvers;
-  private boolean loadBalance = false;
-  private int lbStart = 0;
+  private final List<ResolverEntry> resolvers = new CopyOnWriteArrayList<>();
+  private final AtomicInteger lbStart = new AtomicInteger();
+  private boolean loadBalance;
   private int retries = 3;
-
-  private void init() {
-    resolvers = new ArrayList<>();
-  }
+  private Duration timeout = DEFAULT_TIMEOUT;
 
   /**
-   * Creates a new Extended Resolver. The default ResolverConfig is used to determine the servers
-   * for which SimpleResolver contexts should be initialized.
-   *
-   * @see SimpleResolver
-   * @see ResolverConfig
-   * @exception UnknownHostException Failure occured initializing SimpleResolvers
+   * Creates a new Extended Resolver. The default {@link ResolverConfig} is used to determine the
+   * servers for which {@link SimpleResolver}s are initialized. The timeout for each server is
+   * initialized with {@link #DEFAULT_RESOLVER_TIMEOUT}.
    */
-  public ExtendedResolver() throws UnknownHostException {
-    init();
-    String[] servers = ResolverConfig.getCurrentConfig().servers();
-    if (servers != null) {
-      for (String server : servers) {
-        Resolver r = new SimpleResolver(server);
-        r.setTimeout(quantum);
-        resolvers.add(r);
-      }
-    } else {
-      resolvers.add(new SimpleResolver());
-    }
+  public ExtendedResolver() {
+    List<InetSocketAddress> servers = ResolverConfig.getCurrentConfig().servers();
+    resolvers.addAll(
+        servers.stream()
+            .map(
+                server -> {
+                  Resolver r = new SimpleResolver(server);
+                  r.setTimeout(DEFAULT_RESOLVER_TIMEOUT);
+                  return new ResolverEntry(r);
+                })
+            .collect(Collectors.toList()));
   }
 
   /**
-   * Creates a new Extended Resolver
+   * Creates a new instance with {@link SimpleResolver}s. The timeout for each server is initialized
+   * with {@link #DEFAULT_RESOLVER_TIMEOUT}.
    *
-   * @param servers An array of server names for which SimpleResolver contexts should be
+   * @param servers An array of server names or IP addresses for which {@link SimpleResolver}s are
    *     initialized.
-   * @see SimpleResolver
-   * @exception UnknownHostException Failure occured initializing SimpleResolvers
+   * @exception UnknownHostException A server name could not be resolved
    */
   public ExtendedResolver(String[] servers) throws UnknownHostException {
-    init();
     for (String server : servers) {
       Resolver r = new SimpleResolver(server);
-      r.setTimeout(quantum);
-      resolvers.add(r);
+      r.setTimeout(DEFAULT_RESOLVER_TIMEOUT);
+      resolvers.add(new ResolverEntry(r));
     }
   }
 
   /**
    * Creates a new Extended Resolver
    *
-   * @param res An array of pre-initialized Resolvers is provided.
-   * @see SimpleResolver
+   * @param resolvers An array of pre-initialized {@link Resolver}s.
+   */
+  public ExtendedResolver(Resolver[] resolvers) {
+    this(Arrays.asList(resolvers));
+  }
+
+  /**
+   * Creates a new {@link ExtendedResolver}. No timeout value is applied to the individual
+   * resolvers, make sure their timeout is smaller than the timeout of this {@link
+   * ExtendedResolver}.
+   *
+   * @param resolvers An iterable of pre-initialized {@link Resolver}s.
    */
-  public ExtendedResolver(Resolver[] res) {
-    init();
-    for (Resolver re : res) {
-      resolvers.add(re);
+  public ExtendedResolver(Iterable<Resolver> resolvers) {
+    for (Resolver r : resolvers) {
+      this.resolvers.add(new ResolverEntry(r));
     }
   }
 
   @Override
   public void setPort(int port) {
-    for (Resolver resolver : resolvers) {
-      resolver.setPort(port);
+    for (ResolverEntry re : resolvers) {
+      re.resolver.setPort(port);
     }
   }
 
   @Override
   public void setTCP(boolean flag) {
-    for (Resolver resolver : resolvers) {
-      resolver.setTCP(flag);
+    for (ResolverEntry re : resolvers) {
+      re.resolver.setTCP(flag);
     }
   }
 
   @Override
   public void setIgnoreTruncation(boolean flag) {
-    for (Resolver resolver : resolvers) {
-      resolver.setIgnoreTruncation(flag);
-    }
-  }
-
-  @Override
-  public void setEDNS(int level) {
-    for (Resolver resolver : resolvers) {
-      resolver.setEDNS(level);
+    for (ResolverEntry re : resolvers) {
+      re.resolver.setIgnoreTruncation(flag);
     }
   }
 
   @Override
-  public void setEDNS(int level, int payloadSize, int flags, List<EDNSOption> options) {
-    for (Resolver resolver : resolvers) {
-      resolver.setEDNS(level, payloadSize, flags, options);
+  public void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options) {
+    for (ResolverEntry re : resolvers) {
+      re.resolver.setEDNS(version, payloadSize, flags, options);
     }
   }
 
   @Override
   public void setTSIGKey(TSIG key) {
-    for (Resolver resolver : resolvers) {
-      resolver.setTSIGKey(key);
+    for (ResolverEntry re : resolvers) {
+      re.resolver.setTSIGKey(key);
     }
   }
 
   @Override
-  public void setTimeout(int secs, int msecs) {
-    for (Resolver resolver : resolvers) {
-      resolver.setTimeout(secs, msecs);
-    }
+  public Duration getTimeout() {
+    return timeout;
   }
 
+  /**
+   * Sets the timeout for the {@link ExtendedResolver}.
+   *
+   * <p>Note that this <i>only</i> sets the timeout for the {@link ExtendedResolver}, not the
+   * individual {@link Resolver}s. If the timeout expires, the {@link ExtendedResolver} simply stops
+   * retrying, it does not abort running queries. The timeout value must be larger than that for the
+   * individual resolver to have any effect.
+   *
+   * @see #ExtendedResolver()
+   * @see #ExtendedResolver(String[])
+   * @param timeout The amount of time to wait before sending further queries.
+   */
   @Override
-  public void setTimeout(int secs) {
-    setTimeout(secs, 0);
+  public void setTimeout(Duration timeout) {
+    this.timeout = timeout;
   }
 
   /**
-   * Sends a message and waits for a response. Multiple servers are queried, and queries are sent
-   * multiple times until either a successful response is received, or it is clear that there is no
-   * successful response.
+   * Sends a message to multiple servers, and queries are sent multiple times until either a
+   * successful response is received, or it is clear that there is no successful response.
    *
    * @param query The query to send.
-   * @return The response.
-   * @throws IOException An error occurred while sending or receiving.
+   * @return A future that completes when the query is finished.
    */
   @Override
-  public Message send(Message query) throws IOException {
-    Resolution res = new Resolution(this, query);
-    return res.start();
+  public CompletionStage<Message> sendAsync(Message query) {
+    return sendAsync(query, ForkJoinPool.commonPool());
   }
 
   /**
-   * Asynchronously sends a message to multiple servers, potentially multiple times, registering a
-   * listener to receive a callback on success or exception. Multiple asynchronous lookups can be
-   * performed in parallel. Since the callback may be invoked before the function returns, external
-   * synchronization is necessary.
+   * Sends a message to multiple servers, and queries are sent multiple times until either a
+   * successful response is received, or it is clear that there is no successful response.
    *
-   * @param query The query to send
-   * @param listener The object containing the callbacks.
-   * @return An identifier, which is also a parameter in the callback
+   * @param query The query to send.
+   * @param executor The service to use for async operations.
+   * @return A future that completes when the query is finished.
    */
   @Override
-  public Resolution sendAsync(final Message query, final ResolverListener listener) {
+  public CompletionStage<Message> sendAsync(Message query, Executor executor) {
     Resolution res = new Resolution(this, query);
-    res.startAsync(listener);
-    return res;
+    return res.startAsync(executor);
   }
 
   /** Returns the nth resolver used by this ExtendedResolver */
   public Resolver getResolver(int n) {
     if (n < resolvers.size()) {
-      return resolvers.get(n);
+      return resolvers.get(n).resolver;
     }
     return null;
   }
 
   /** Returns all resolvers used by this ExtendedResolver */
   public Resolver[] getResolvers() {
-    return resolvers.toArray(new Resolver[0]);
+    return resolvers.stream().map(re -> re.resolver).toArray(Resolver[]::new);
   }
 
   /** Adds a new resolver to be used by this ExtendedResolver */
   public void addResolver(Resolver r) {
-    resolvers.add(r);
+    resolvers.add(new ResolverEntry(r));
   }
 
   /** Deletes a resolver used by this ExtendedResolver */
   public void deleteResolver(Resolver r) {
-    resolvers.remove(r);
+    resolvers.removeIf(re -> re.resolver == r);
+  }
+
+  /**
+   * Gets whether the servers receive queries load balanced.
+   *
+   * @since 3.2
+   */
+  public boolean getLoadBalance() {
+    return loadBalance;
   }
 
   /**
@@ -421,8 +352,22 @@ public void setLoadBalance(boolean flag) {
     loadBalance = flag;
   }
 
+  /**
+   * Gets the number of retries sent to each server per query.
+   *
+   * @since 3.2
+   */
+  public int getRetries() {
+    return retries;
+  }
+
   /** Sets the number of retries sent to each server per query */
   public void setRetries(int retries) {
     this.retries = retries;
   }
+
+  @Override
+  public String toString() {
+    return "ExtendedResolver of " + resolvers;
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/Flags.java b/src/main/java/org/xbill/DNS/Flags.java
index a5e094e2f..d71c5c337 100644
--- a/src/main/java/org/xbill/DNS/Flags.java
+++ b/src/main/java/org/xbill/DNS/Flags.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,7 +10,7 @@
  */
 public final class Flags {
 
-  private static Mnemonic flags = new Mnemonic("DNS Header Flag", Mnemonic.CASE_LOWER);
+  private static final Mnemonic HEADER_FLAGS = new Mnemonic("DNS Header Flag", Mnemonic.CASE_LOWER);
 
   /** query/response */
   public static final byte QR = 0;
@@ -36,29 +37,29 @@ public final class Flags {
   public static final int DO = ExtendedFlags.DO;
 
   static {
-    flags.setMaximum(0xF);
-    flags.setPrefix("FLAG");
-    flags.setNumericAllowed(true);
-
-    flags.add(QR, "qr");
-    flags.add(AA, "aa");
-    flags.add(TC, "tc");
-    flags.add(RD, "rd");
-    flags.add(RA, "ra");
-    flags.add(AD, "ad");
-    flags.add(CD, "cd");
+    HEADER_FLAGS.setMaximum(0xF);
+    HEADER_FLAGS.setPrefix("FLAG");
+    HEADER_FLAGS.setNumericAllowed(true);
+
+    HEADER_FLAGS.add(QR, "qr");
+    HEADER_FLAGS.add(AA, "aa");
+    HEADER_FLAGS.add(TC, "tc");
+    HEADER_FLAGS.add(RD, "rd");
+    HEADER_FLAGS.add(RA, "ra");
+    HEADER_FLAGS.add(AD, "ad");
+    HEADER_FLAGS.add(CD, "cd");
   }
 
   private Flags() {}
 
   /** Converts a numeric Flag into a String */
   public static String string(int i) {
-    return flags.getText(i);
+    return HEADER_FLAGS.getText(i);
   }
 
   /** Converts a String representation of an Flag into its numeric value */
   public static int value(String s) {
-    return flags.getValue(s);
+    return HEADER_FLAGS.getValue(s);
   }
 
   /**
@@ -66,7 +67,7 @@ public static int value(String s) {
    * it's not.
    */
   public static boolean isFlag(int index) {
-    flags.check(index);
+    HEADER_FLAGS.check(index);
     return (index < 1 || index > 4) && (index < 12);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/FormattedTime.java b/src/main/java/org/xbill/DNS/FormattedTime.java
index a66c5502e..e13ff9564 100644
--- a/src/main/java/org/xbill/DNS/FormattedTime.java
+++ b/src/main/java/org/xbill/DNS/FormattedTime.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -31,11 +32,18 @@ public static String format(Instant date) {
   /**
    * Parses a formatted time string into an Instant.
    *
-   * @param s The string, in the form YYYYMMDDHHMMSS.
+   * @param s The string, in the form YYYYMMDDHHMMSS or seconds since epoch (1 January 1970 00:00:00
+   *     UTC).
    * @return The Instant object.
    * @throws DateTimeParseException The string was invalid.
    */
   public static Instant parse(String s) throws DateTimeParseException {
-    return DEFAULT_FORMAT.parse(s, Instant::from);
+    // rfc4034#section-3.2
+    if (s.length() == 14) {
+      return DEFAULT_FORMAT.parse(s, Instant::from);
+    } else if (s.length() <= 10) {
+      return Instant.ofEpochSecond(Long.parseLong(s));
+    }
+    throw new DateTimeParseException("Invalid time encoding: ", s, 0);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/GPOSRecord.java b/src/main/java/org/xbill/DNS/GPOSRecord.java
index 45f5ce729..e9fee7cc9 100644
--- a/src/main/java/org/xbill/DNS/GPOSRecord.java
+++ b/src/main/java/org/xbill/DNS/GPOSRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,22 +10,16 @@
  * limited early version of {@link LOCRecord})
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1712">RFC 1712: DNS Encoding of Geographical
- *     Location</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1712">RFC 1712: DNS Encoding of
+ *     Geographical Location</a>
  */
 public class GPOSRecord extends Record {
-
-  private static final long serialVersionUID = -6349714958085750705L;
-
-  private byte[] latitude, longitude, altitude;
+  private byte[] latitude;
+  private byte[] longitude;
+  private byte[] altitude;
 
   GPOSRecord() {}
 
-  @Override
-  Record getObject() {
-    return new GPOSRecord();
-  }
-
   private void validate(double longitude, double latitude) throws IllegalArgumentException {
     if (longitude < -90.0 || longitude > 90.0) {
       throw new IllegalArgumentException("illegal longitude " + longitude);
@@ -71,7 +66,7 @@ public GPOSRecord(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     longitude = in.readCountedString();
     latitude = in.readCountedString();
     altitude = in.readCountedString();
@@ -83,7 +78,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     try {
       longitude = byteArrayFromString(st.getString());
       latitude = byteArrayFromString(st.getString());
@@ -100,7 +95,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Convert to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(byteArrayToString(longitude, true));
     sb.append(" ");
@@ -153,7 +148,7 @@ public double getAltitude() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeCountedString(longitude);
     out.writeCountedString(latitude);
     out.writeCountedString(altitude);
diff --git a/src/main/java/org/xbill/DNS/Generator.java b/src/main/java/org/xbill/DNS/Generator.java
index d9ceb1c21..ec04d85dc 100644
--- a/src/main/java/org/xbill/DNS/Generator.java
+++ b/src/main/java/org/xbill/DNS/Generator.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -49,12 +50,12 @@ public class Generator {
    */
   public static boolean supportedType(int type) {
     Type.check(type);
-    return (type == Type.PTR
+    return type == Type.PTR
         || type == Type.CNAME
         || type == Type.DNAME
         || type == Type.A
         || type == Type.AAAA
-        || type == Type.NS);
+        || type == Type.NS;
   }
 
   /**
diff --git a/src/main/java/org/xbill/DNS/GenericEDNSOption.java b/src/main/java/org/xbill/DNS/GenericEDNSOption.java
index 6c0684987..af754b42f 100644
--- a/src/main/java/org/xbill/DNS/GenericEDNSOption.java
+++ b/src/main/java/org/xbill/DNS/GenericEDNSOption.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 package org.xbill.DNS;
 
diff --git a/src/main/java/org/xbill/DNS/HINFORecord.java b/src/main/java/org/xbill/DNS/HINFORecord.java
index 0c9124b9a..90b0192b0 100644
--- a/src/main/java/org/xbill/DNS/HINFORecord.java
+++ b/src/main/java/org/xbill/DNS/HINFORecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -8,22 +9,15 @@
  * Host Information - describes the CPU and OS of a host
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class HINFORecord extends Record {
-
-  private static final long serialVersionUID = -4732870630947452112L;
-
-  private byte[] cpu, os;
+  private byte[] cpu;
+  private byte[] os;
 
   HINFORecord() {}
 
-  @Override
-  Record getObject() {
-    return new HINFORecord();
-  }
-
   /**
    * Creates an HINFO Record from the given data
    *
@@ -42,13 +36,13 @@ public HINFORecord(Name name, int dclass, long ttl, String cpu, String os) {
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     cpu = in.readCountedString();
     os = in.readCountedString();
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     try {
       cpu = byteArrayFromString(st.getString());
       os = byteArrayFromString(st.getString());
@@ -68,14 +62,14 @@ public String getOS() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeCountedString(cpu);
     out.writeCountedString(os);
   }
 
   /** Converts to a string */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(byteArrayToString(cpu, true));
     sb.append(" ");
diff --git a/src/main/java/org/xbill/DNS/HIPRecord.java b/src/main/java/org/xbill/DNS/HIPRecord.java
new file mode 100644
index 000000000..257334d90
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/HIPRecord.java
@@ -0,0 +1,158 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.IOException;
+import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+import org.xbill.DNS.DNSSEC.DNSSECException;
+import org.xbill.DNS.DNSSEC.UnsupportedAlgorithmException;
+import org.xbill.DNS.IPSECKEYRecord.Algorithm;
+import org.xbill.DNS.Tokenizer.Token;
+import org.xbill.DNS.utils.base16;
+import org.xbill.DNS.utils.base64;
+
+/**
+ * Host Identity Protocol (HIP) Record as defined in RFC 8005.
+ *
+ * @see IPSECKEYRecord.Algorithm for PK algorithm numbers
+ */
+public class HIPRecord extends Record {
+  private byte[] hit;
+  private int pkAlgorithm;
+  private byte[] publicKey;
+  private final List<Name> rvServers = new ArrayList<>();
+
+  HIPRecord() {}
+
+  public HIPRecord(
+      Name name, int dclass, long ttl, byte[] hit, int alg, byte[] key, List<Name> servers) {
+    super(name, Type.HIP, dclass, ttl);
+    this.hit = hit;
+    this.pkAlgorithm = alg;
+    this.publicKey = key;
+    if (servers != null) {
+      this.rvServers.addAll(servers);
+    }
+  }
+
+  public HIPRecord(Name name, int dclass, long ttl, byte[] hit, int alg, byte[] key) {
+    this(name, dclass, ttl, hit, alg, key, null);
+  }
+
+  public HIPRecord(
+      Name name, int dclass, long ttl, byte[] hit, int alg, PublicKey key, List<Name> servers)
+      throws DNSSECException {
+    this(name, dclass, ttl, hit, alg, DNSSEC.fromPublicKey(key, mapAlgTypeToDnssec(alg)), servers);
+  }
+
+  public HIPRecord(Name name, int dclass, long ttl, byte[] hit, int alg, PublicKey key)
+      throws DNSSECException {
+    this(name, dclass, ttl, hit, alg, key, null);
+  }
+
+  public byte[] getHit() {
+    return hit;
+  }
+
+  /**
+   * Gets the PK algorithm number as defined in <a
+   * href="https://www.iana.org/assignments/ipseckey-rr-parameters/ipseckey-rr-parameters.xhtml#ipseckey-rr-parameters-1">IPSECKEY
+   * Resource Record Parameters</a>
+   *
+   * @see IPSECKEYRecord.Algorithm
+   */
+  public int getAlgorithm() {
+    return pkAlgorithm;
+  }
+
+  /** Gets the raw public key bytes. The format is defined by {@link #getAlgorithm()}. */
+  public byte[] getKey() {
+    return publicKey;
+  }
+
+  /**
+   * Gets the public key of this RR as a Java {@link PublicKey}. Only supported for RSA/DSA PK
+   * algorithm (ECDSA lacks the information about which curve is used).
+   */
+  public PublicKey getPublicKey() throws DNSSECException {
+    return DNSSEC.toPublicKey(mapAlgTypeToDnssec(pkAlgorithm), publicKey, this);
+  }
+
+  public List<Name> getRvServers() {
+    return Collections.unmodifiableList(rvServers);
+  }
+
+  private static int mapAlgTypeToDnssec(int alg) throws UnsupportedAlgorithmException {
+    switch (alg) {
+      case Algorithm.DSA:
+        return DNSSEC.Algorithm.DSA;
+      case Algorithm.RSA:
+        return DNSSEC.Algorithm.RSASHA1;
+      case Algorithm.ECDSA:
+      default:
+        throw new UnsupportedAlgorithmException(alg);
+    }
+  }
+
+  @Override
+  protected String rrToString() {
+    StringBuilder sb = new StringBuilder();
+    if (Options.multiline()) {
+      sb.append("( ");
+    }
+
+    String separator = Options.multiline() ? "\n\t" : " ";
+    sb.append(pkAlgorithm);
+    sb.append(" ");
+    sb.append(base16.toString(hit));
+    sb.append(separator);
+
+    sb.append(base64.toString(publicKey));
+    if (!rvServers.isEmpty()) {
+      sb.append(separator);
+    }
+
+    sb.append(rvServers.stream().map(Name::toString).collect(Collectors.joining(separator)));
+    if (Options.multiline()) {
+      sb.append(" )");
+    }
+
+    return sb.toString();
+  }
+
+  @Override
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
+    pkAlgorithm = st.getUInt8();
+    hit = st.getHexString();
+    publicKey = base64.fromString(st.getString());
+    Token t;
+    while ((t = st.get()).isString()) {
+      rvServers.add(new Name(t.value()));
+    }
+  }
+
+  @Override
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+    out.writeU8(hit.length);
+    out.writeU8(pkAlgorithm);
+    out.writeU16(publicKey.length);
+    out.writeByteArray(hit);
+    out.writeByteArray(publicKey);
+    rvServers.forEach(n -> n.toWire(out, null, canonical));
+  }
+
+  @Override
+  protected void rrFromWire(DNSInput in) throws IOException {
+    int hitLength = in.readU8();
+    pkAlgorithm = in.readU8();
+    int pkLength = in.readU16();
+    hit = in.readByteArray(hitLength);
+    publicKey = in.readByteArray(pkLength);
+    while (in.remaining() > 0) {
+      rvServers.add(new Name(in));
+    }
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/HTTPSRecord.java b/src/main/java/org/xbill/DNS/HTTPSRecord.java
new file mode 100644
index 000000000..785401c4c
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/HTTPSRecord.java
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.util.List;
+
+/**
+ * HTTPS Service Location and Parameter Binding Record.
+ *
+ * @since 3.3
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc9460">RFC 9460</a>
+ */
+public class HTTPSRecord extends SVCBBase {
+  HTTPSRecord() {}
+
+  public HTTPSRecord(
+      Name name, int dclass, long ttl, int priority, Name domain, List<ParameterBase> params) {
+    super(name, Type.HTTPS, dclass, ttl, priority, domain, params);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/Header.java b/src/main/java/org/xbill/DNS/Header.java
index b37a15681..5f7dd421a 100644
--- a/src/main/java/org/xbill/DNS/Header.java
+++ b/src/main/java/org/xbill/DNS/Header.java
@@ -1,9 +1,12 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.io.IOException;
+import java.security.SecureRandom;
 import java.util.Random;
+import lombok.SneakyThrows;
 
 /**
  * A DNS message header
@@ -17,30 +20,28 @@ public class Header implements Cloneable {
   private int flags;
   private int[] counts;
 
-  private static Random random = new Random();
+  private static final Random random = new SecureRandom();
 
   /** The length of a DNS Header in wire format. */
   public static final int LENGTH = 12;
 
-  private void init() {
-    counts = new int[4];
-    flags = 0;
-    id = -1;
-  }
-
   /**
    * Create a new empty header.
    *
    * @param id The message id
    */
   public Header(int id) {
-    init();
-    setID(id);
+    if (!Utils.isUInt16(id)) {
+      throw new IllegalArgumentException("DNS message ID " + id + " is out of range");
+    }
+    counts = new int[4];
+    flags = 0;
+    this.id = id;
   }
 
   /** Create a new empty header with a random message id */
   public Header() {
-    init();
+    this(random.nextInt(0xffff));
   }
 
   /** Parses a Header from a stream containing DNS wire format. */
@@ -76,7 +77,7 @@ public byte[] toWire() {
   }
 
   private static boolean validFlag(int bit) {
-    return (bit >= 0 && bit <= 0xF && Flags.isFlag(bit));
+    return bit >= 0 && bit <= 0xF && Flags.isFlag(bit);
   }
 
   private static void checkFlag(int bit) {
@@ -90,12 +91,19 @@ static int setFlag(int flags, int bit, boolean value) {
 
     // bits are indexed from left to right
     if (value) {
-      return flags |= (1 << (15 - bit));
+      return flags | (1 << (15 - bit));
     } else {
-      return flags &= ~(1 << (15 - bit));
+      return flags & ~(1 << (15 - bit));
     }
   }
 
+  static boolean getFlag(int flags, int bit) {
+    checkFlag(bit);
+
+    // bits are indexed from left to right
+    return (flags & (1 << (15 - bit))) != 0;
+  }
+
   /**
    * Sets a flag to the supplied value
    *
@@ -122,9 +130,7 @@ public void unsetFlag(int bit) {
    * @see Flags
    */
   public boolean getFlag(int bit) {
-    checkFlag(bit);
-    // bits are indexed from left to right
-    return (flags & (1 << (15 - bit))) != 0;
+    return getFlag(flags, bit);
   }
 
   boolean[] getFlags() {
@@ -139,20 +145,12 @@ boolean[] getFlags() {
 
   /** Retrieves the message ID */
   public int getID() {
-    if (id >= 0) {
-      return id;
-    }
-    synchronized (this) {
-      if (id < 0) {
-        id = random.nextInt(0xffff);
-      }
-      return id;
-    }
+    return id;
   }
 
   /** Sets the message ID */
   public void setID(int id) {
-    if (id < 0 || id > 0xffff) {
+    if (!Utils.isUInt16(id)) {
       throw new IllegalArgumentException("DNS message ID " + id + " is out of range");
     }
     this.id = id;
@@ -190,7 +188,7 @@ public void setOpcode(int value) {
       throw new IllegalArgumentException("DNS Opcode " + value + "is out of range");
     }
     flags &= 0x87FF;
-    flags |= (value << 11);
+    flags |= value << 11;
   }
 
   /**
@@ -203,7 +201,7 @@ public int getOpcode() {
   }
 
   void setCount(int field, int value) {
-    if (value < 0 || value > 0xFFFF) {
+    if (!Utils.isUInt16(value)) {
       throw new IllegalArgumentException("DNS section count " + value + " is out of range");
     }
     counts[field] = value;
@@ -211,14 +209,14 @@ void setCount(int field, int value) {
 
   void incCount(int field) {
     if (counts[field] == 0xFFFF) {
-      throw new IllegalStateException("DNS section count cannot " + "be incremented");
+      throw new IllegalStateException("DNS section count cannot be incremented");
     }
     counts[field]++;
   }
 
   void decCount(int field) {
     if (counts[field] == 0) {
-      throw new IllegalStateException("DNS section count cannot " + "be decremented");
+      throw new IllegalStateException("DNS section count cannot be decremented");
     }
     counts[field]--;
   }
@@ -239,14 +237,17 @@ int getFlagsByte() {
   /** Converts the header's flags into a String */
   public String printFlags() {
     StringBuilder sb = new StringBuilder();
+    printFlags(sb);
+    return sb.toString();
+  }
 
+  private void printFlags(StringBuilder sb) {
     for (int i = 0; i < 16; i++) {
       if (validFlag(i) && getFlag(i)) {
         sb.append(Flags.string(i));
         sb.append(" ");
       }
     }
-    return sb.toString();
   }
 
   String toStringWithRcode(int newrcode) {
@@ -258,7 +259,8 @@ String toStringWithRcode(int newrcode) {
     sb.append(", id: ").append(getID());
     sb.append("\n");
 
-    sb.append(";; flags: ").append(printFlags());
+    sb.append(";; flags: ");
+    printFlags(sb);
     sb.append("; ");
     for (int i = 0; i < 4; i++) {
       sb.append(Section.string(i)).append(": ").append(getCount(i)).append(" ");
@@ -274,10 +276,12 @@ public String toString() {
 
   /* Creates a new Header identical to the current one */
   @Override
-  public Object clone() {
-    Header h = new Header();
+  @SneakyThrows(CloneNotSupportedException.class)
+  public Header clone() {
+    Header h = (Header) super.clone();
     h.id = id;
     h.flags = flags;
+    h.counts = new int[h.counts.length];
     System.arraycopy(counts, 0, h.counts, 0, counts.length);
     return h;
   }
diff --git a/src/main/java/org/xbill/DNS/IPAddressUtils.java b/src/main/java/org/xbill/DNS/IPAddressUtils.java
new file mode 100644
index 000000000..8f0aac23c
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/IPAddressUtils.java
@@ -0,0 +1,165 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import lombok.experimental.UtilityClass;
+
+@UtilityClass
+@SuppressWarnings({"java:S115", "java:S1168"})
+class IPAddressUtils {
+  static final int IPv4 = 1;
+  static final int IPv6 = 2;
+
+  static byte[] parseV4(String s) {
+    int numDigits;
+    int currentOctet;
+    byte[] values = new byte[4];
+    int currentValue;
+    int length = s.length();
+
+    currentOctet = 0;
+    currentValue = 0;
+    numDigits = 0;
+    for (int i = 0; i < length; i++) {
+      char c = s.charAt(i);
+      if (c >= '0' && c <= '9') {
+        /* Can't have more than 3 digits per octet. */
+        if (numDigits == 3) {
+          return null;
+        }
+        /* Octets shouldn't start with 0, unless they are 0. */
+        if (numDigits > 0 && currentValue == 0) {
+          return null;
+        }
+        numDigits++;
+        currentValue *= 10;
+        currentValue += c - '0';
+        /* 255 is the maximum value for an octet. */
+        if (currentValue > 255) {
+          return null;
+        }
+      } else if (c == '.') {
+        /* Can't have more than 3 dots. */
+        if (currentOctet == 3) {
+          return null;
+        }
+        /* Two consecutive dots are bad. */
+        if (numDigits == 0) {
+          return null;
+        }
+        values[currentOctet++] = (byte) currentValue;
+        currentValue = 0;
+        numDigits = 0;
+      } else {
+        return null;
+      }
+    }
+    /* Must have 4 octets. */
+    if (currentOctet != 3) {
+      return null;
+    }
+    /* The fourth octet can't be empty. */
+    if (numDigits == 0) {
+      return null;
+    }
+    values[currentOctet] = (byte) currentValue;
+    return values;
+  }
+
+  static byte[] parseV6(String s) {
+    int range = -1;
+    byte[] data = new byte[16];
+
+    String[] tokens = s.split(":", -1);
+
+    int first = 0;
+    int last = tokens.length - 1;
+
+    if (tokens[0].isEmpty()) {
+      // If the first two tokens are empty, it means the string
+      // started with ::, which is fine.  If only the first is
+      // empty, the string started with :, which is bad.
+      if (last - first > 0 && tokens[1].isEmpty()) {
+        first++;
+      } else {
+        return null;
+      }
+    }
+
+    if (tokens[last].isEmpty()) {
+      // If the last two tokens are empty, it means the string
+      // ended with ::, which is fine.  If only the last is
+      // empty, the string ended with :, which is bad.
+      if (last - first > 0 && tokens[last - 1].isEmpty()) {
+        last--;
+      } else {
+        return null;
+      }
+    }
+
+    if (last - first + 1 > 8) {
+      return null;
+    }
+
+    int i;
+    int j;
+    for (i = first, j = 0; i <= last; i++) {
+      if (tokens[i].isEmpty()) {
+        if (range >= 0) {
+          return null;
+        }
+        range = j;
+        continue;
+      }
+
+      if (tokens[i].indexOf('.') >= 0) {
+        // An IPv4 address must be the last component
+        if (i < last) {
+          return null;
+        }
+        // There can't have been more than 6 components.
+        if (i > 6) {
+          return null;
+        }
+        byte[] v4addr = Address.toByteArray(tokens[i], Address.IPv4);
+        if (v4addr == null) {
+          return null;
+        }
+        for (int k = 0; k < 4; k++) {
+          data[j++] = v4addr[k];
+        }
+        break;
+      }
+
+      try {
+        for (int k = 0; k < tokens[i].length(); k++) {
+          char c = tokens[i].charAt(k);
+          if (Character.digit(c, 16) < 0) {
+            return null;
+          }
+        }
+        int x = Integer.parseInt(tokens[i], 16);
+        if (!Utils.isUInt16(x)) {
+          return null;
+        }
+        data[j++] = (byte) (x >>> 8);
+        data[j++] = (byte) (x & 0xFF);
+      } catch (NumberFormatException e) {
+        return null;
+      }
+    }
+
+    if (j < 16 && range < 0) {
+      return null;
+    }
+
+    if (range >= 0) {
+      int empty = 16 - j;
+      System.arraycopy(data, range, data, range + empty, j - range);
+      for (i = range; i < range + empty; i++) {
+        data[i] = 0;
+      }
+    }
+
+    return data;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/IPSECKEYRecord.java b/src/main/java/org/xbill/DNS/IPSECKEYRecord.java
index 3e1e492cc..59c5be20f 100644
--- a/src/main/java/org/xbill/DNS/IPSECKEYRecord.java
+++ b/src/main/java/org/xbill/DNS/IPSECKEYRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -11,26 +12,58 @@
  * IPsec Keying Material (RFC 4025)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4025">RFC 4025: A Method for Storing IPsec Keying
- *     Material in DNS</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4025">RFC 4025: A Method for Storing IPsec
+ *     Keying Material in DNS</a>
  */
 public class IPSECKEYRecord extends Record {
-
-  private static final long serialVersionUID = 3050449702765909687L;
-
+  /**
+   * Algorithm types for IPSECKEY RRs as defined in <a
+   * href="https://www.iana.org/assignments/ipseckey-rr-parameters/ipseckey-rr-parameters.xhtml#ipseckey-rr-parameters-1">IPSECKEY
+   * Resource Record Parameters</a>.
+   */
   public static class Algorithm {
     private Algorithm() {}
 
+    /**
+     * A DSA key is present.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc2536">RFC 2536</a>
+     */
     public static final int DSA = 1;
+
+    /**
+     * A RSA key is present.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc3110">RFC 3110</a>
+     */
     public static final int RSA = 2;
+
+    /**
+     * An ECDSA key is present.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6605">RFC 6605</a>
+     */
+    public static final int ECDSA = 3;
   }
 
+  /**
+   * Gateway types for IPSECKEY RRs as defined in <a
+   * href="https://www.iana.org/assignments/ipseckey-rr-parameters/ipseckey-rr-parameters.xhtml#ipseckey-rr-parameters-2">IPSECKEY
+   * Resource Record Parameters</a>.
+   */
   public static class Gateway {
     private Gateway() {}
 
+    /** No gateway is present */
     public static final int None = 0;
+
+    /** A 4-byte IPv4 address is present */
     public static final int IPv4 = 1;
+
+    /** A 16-byte IPv6 address is present */
     public static final int IPv6 = 2;
+
+    /** A wire-encoded domain name is present */
     public static final int Name = 3;
   }
 
@@ -42,11 +75,6 @@ private Gateway() {}
 
   IPSECKEYRecord() {}
 
-  @Override
-  Record getObject() {
-    return new IPSECKEYRecord();
-  }
-
   /**
    * Creates an IPSECKEY Record from the given data.
    *
@@ -75,31 +103,31 @@ public IPSECKEYRecord(
         break;
       case Gateway.IPv4:
         if (!(gateway instanceof InetAddress)) {
-          throw new IllegalArgumentException("\"gateway\" " + "must be an IPv4 " + "address");
+          throw new IllegalArgumentException("\"gateway\" must be an IPv4 address");
         }
         this.gateway = gateway;
         break;
       case Gateway.IPv6:
         if (!(gateway instanceof Inet6Address)) {
-          throw new IllegalArgumentException("\"gateway\" " + "must be an IPv6 " + "address");
+          throw new IllegalArgumentException("\"gateway\" must be an IPv6 address");
         }
         this.gateway = gateway;
         break;
       case Gateway.Name:
         if (!(gateway instanceof Name)) {
-          throw new IllegalArgumentException("\"gateway\" " + "must be a DNS " + "name");
+          throw new IllegalArgumentException("\"gateway\" must be a DNS name");
         }
         this.gateway = checkName("gateway", (Name) gateway);
         break;
       default:
-        throw new IllegalArgumentException("\"gatewayType\" " + "must be between 0 and 3");
+        throw new IllegalArgumentException("\"gatewayType\" must be between 0 and 3");
     }
 
     this.key = key;
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     precedence = in.readU8();
     gatewayType = in.readU8();
     algorithmType = in.readU8();
@@ -125,7 +153,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     precedence = st.getUInt8();
     gatewayType = st.getUInt8();
     algorithmType = st.getUInt8();
@@ -153,7 +181,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
   }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(precedence);
     sb.append(" ");
@@ -207,7 +235,7 @@ public byte[] getKey() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU8(precedence);
     out.writeU8(gatewayType);
     out.writeU8(algorithmType);
diff --git a/src/main/java/org/xbill/DNS/ISDNRecord.java b/src/main/java/org/xbill/DNS/ISDNRecord.java
index 155aefd7d..4e2757425 100644
--- a/src/main/java/org/xbill/DNS/ISDNRecord.java
+++ b/src/main/java/org/xbill/DNS/ISDNRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -8,22 +9,14 @@
  * ISDN - identifies the ISDN number and subaddress associated with a name.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
  */
 public class ISDNRecord extends Record {
-
-  private static final long serialVersionUID = -8730801385178968798L;
-
   private byte[] address;
   private byte[] subAddress;
 
   ISDNRecord() {}
 
-  @Override
-  Record getObject() {
-    return new ISDNRecord();
-  }
-
   /**
    * Creates an ISDN Record from the given data
    *
@@ -44,7 +37,7 @@ public ISDNRecord(Name name, int dclass, long ttl, String address, String subAdd
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     address = in.readCountedString();
     if (in.remaining() > 0) {
       subAddress = in.readCountedString();
@@ -52,12 +45,12 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     try {
       address = byteArrayFromString(st.getString());
       Tokenizer.Token t = st.get();
       if (t.isString()) {
-        subAddress = byteArrayFromString(t.value);
+        subAddress = byteArrayFromString(t.value());
       } else {
         st.unget();
       }
@@ -80,7 +73,7 @@ public String getSubAddress() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeCountedString(address);
     if (subAddress != null) {
       out.writeCountedString(subAddress);
@@ -88,7 +81,7 @@ void rrToWire(DNSOutput out, Compression c, boolean canonical) {
   }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(byteArrayToString(address, true));
     if (subAddress != null) {
diff --git a/src/main/java/org/xbill/DNS/InvalidDClassException.java b/src/main/java/org/xbill/DNS/InvalidDClassException.java
index 3508cad61..b8ea15420 100644
--- a/src/main/java/org/xbill/DNS/InvalidDClassException.java
+++ b/src/main/java/org/xbill/DNS/InvalidDClassException.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2003-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
diff --git a/src/main/java/org/xbill/DNS/InvalidTTLException.java b/src/main/java/org/xbill/DNS/InvalidTTLException.java
index 6f6e347e7..62e5ae417 100644
--- a/src/main/java/org/xbill/DNS/InvalidTTLException.java
+++ b/src/main/java/org/xbill/DNS/InvalidTTLException.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2003-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
diff --git a/src/main/java/org/xbill/DNS/InvalidTypeException.java b/src/main/java/org/xbill/DNS/InvalidTypeException.java
index 7e721e6f5..e7aee8ced 100644
--- a/src/main/java/org/xbill/DNS/InvalidTypeException.java
+++ b/src/main/java/org/xbill/DNS/InvalidTypeException.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2003-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
diff --git a/src/main/java/org/xbill/DNS/KEYBase.java b/src/main/java/org/xbill/DNS/KEYBase.java
index 5835d2eac..fce471302 100644
--- a/src/main/java/org/xbill/DNS/KEYBase.java
+++ b/src/main/java/org/xbill/DNS/KEYBase.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -12,17 +13,16 @@
  * @author Brian Wellington
  */
 abstract class KEYBase extends Record {
-
-  private static final long serialVersionUID = 3469321722693285454L;
-
-  protected int flags, proto, alg;
+  protected int flags;
+  protected int proto;
+  protected int alg;
   protected byte[] key;
   protected int footprint = -1;
   protected PublicKey publicKey = null;
 
   protected KEYBase() {}
 
-  public KEYBase(
+  protected KEYBase(
       Name name, int type, int dclass, long ttl, int flags, int proto, int alg, byte[] key) {
     super(name, type, dclass, ttl);
     this.flags = checkU16("flags", flags);
@@ -32,7 +32,7 @@ public KEYBase(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     flags = in.readU16();
     proto = in.readU8();
     alg = in.readU8();
@@ -43,7 +43,7 @@ void rrFromWire(DNSInput in) throws IOException {
 
   /** Converts the DNSKEY/KEY Record to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(flags);
     sb.append(" ");
@@ -51,7 +51,7 @@ String rrToString() {
     sb.append(" ");
     sb.append(alg);
     if (key != null) {
-      if (Options.check("multiline")) {
+      if (Options.multiline()) {
         sb.append(" (\n");
         sb.append(base64.formatString(key, 64, "\t", true));
         sb.append(" ; key_tag = ");
@@ -105,15 +105,15 @@ public int getFootprint() {
       for (i = 0; i < rdata.length - 1; i += 2) {
         int d1 = rdata[i] & 0xFF;
         int d2 = rdata[i + 1] & 0xFF;
-        foot += ((d1 << 8) + d2);
+        foot += (d1 << 8) + d2;
       }
       if (i < rdata.length) {
         int d1 = rdata[i] & 0xFF;
-        foot += (d1 << 8);
+        foot += d1 << 8;
       }
-      foot += ((foot >> 16) & 0xFFFF);
+      foot += (foot >> 16) & 0xFFFF;
     }
-    footprint = (foot & 0xFFFF);
+    footprint = foot & 0xFFFF;
     return footprint;
   }
 
@@ -132,7 +132,7 @@ public PublicKey getPublicKey() throws DNSSEC.DNSSECException {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(flags);
     out.writeU8(proto);
     out.writeU8(alg);
diff --git a/src/main/java/org/xbill/DNS/KEYRecord.java b/src/main/java/org/xbill/DNS/KEYRecord.java
index 4a9b024f1..83570866d 100644
--- a/src/main/java/org/xbill/DNS/KEYRecord.java
+++ b/src/main/java/org/xbill/DNS/KEYRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -13,15 +14,12 @@
  * @see DNSSEC
  * @see DNSKEYRecord
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2535">RFC 2535: Domain Name System Security
- *     Extensions</a>
- * @see <a href="https://tools.ietf.org/html/rfc3755">RFC 3755: Legacy Resolver Compatibility for
- *     Delegation Signer (DS)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2535">RFC 2535: Domain Name System
+ *     Security Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc3755">RFC 3755: Legacy Resolver
+ *     Compatibility for Delegation Signer (DS)</a>
  */
 public class KEYRecord extends KEYBase {
-
-  private static final long serialVersionUID = 6385613447571488906L;
-
   /** KEY protocol identifiers. */
   public static class Protocol {
 
@@ -45,7 +43,7 @@ private Protocol() {}
     /** Any protocol */
     public static final int ANY = 255;
 
-    private static Mnemonic protocols = new Mnemonic("KEY protocol", Mnemonic.CASE_UPPER);
+    private static final Mnemonic protocols = new Mnemonic("KEY protocol", Mnemonic.CASE_UPPER);
 
     static {
       protocols.setMaximum(0xFF);
@@ -180,43 +178,43 @@ private Flags() {}
     /** Signatory value 15 */
     public static final int SIG15 = 15;
 
-    private static Mnemonic flags = new Mnemonic("KEY flags", Mnemonic.CASE_UPPER);
+    private static final Mnemonic KEY_FLAGS = new Mnemonic("KEY flags", Mnemonic.CASE_UPPER);
 
     static {
-      flags.setMaximum(0xFFFF);
-      flags.setNumericAllowed(false);
-
-      flags.add(NOCONF, "NOCONF");
-      flags.add(NOAUTH, "NOAUTH");
-      flags.add(NOKEY, "NOKEY");
-      flags.add(FLAG2, "FLAG2");
-      flags.add(EXTEND, "EXTEND");
-      flags.add(FLAG4, "FLAG4");
-      flags.add(FLAG5, "FLAG5");
-      flags.add(USER, "USER");
-      flags.add(ZONE, "ZONE");
-      flags.add(HOST, "HOST");
-      flags.add(NTYP3, "NTYP3");
-      flags.add(FLAG8, "FLAG8");
-      flags.add(FLAG9, "FLAG9");
-      flags.add(FLAG10, "FLAG10");
-      flags.add(FLAG11, "FLAG11");
-      flags.add(SIG0, "SIG0");
-      flags.add(SIG1, "SIG1");
-      flags.add(SIG2, "SIG2");
-      flags.add(SIG3, "SIG3");
-      flags.add(SIG4, "SIG4");
-      flags.add(SIG5, "SIG5");
-      flags.add(SIG6, "SIG6");
-      flags.add(SIG7, "SIG7");
-      flags.add(SIG8, "SIG8");
-      flags.add(SIG9, "SIG9");
-      flags.add(SIG10, "SIG10");
-      flags.add(SIG11, "SIG11");
-      flags.add(SIG12, "SIG12");
-      flags.add(SIG13, "SIG13");
-      flags.add(SIG14, "SIG14");
-      flags.add(SIG15, "SIG15");
+      KEY_FLAGS.setMaximum(0xFFFF);
+      KEY_FLAGS.setNumericAllowed(false);
+
+      KEY_FLAGS.add(NOCONF, "NOCONF");
+      KEY_FLAGS.add(NOAUTH, "NOAUTH");
+      KEY_FLAGS.add(NOKEY, "NOKEY");
+      KEY_FLAGS.add(FLAG2, "FLAG2");
+      KEY_FLAGS.add(EXTEND, "EXTEND");
+      KEY_FLAGS.add(FLAG4, "FLAG4");
+      KEY_FLAGS.add(FLAG5, "FLAG5");
+      KEY_FLAGS.add(USER, "USER");
+      KEY_FLAGS.add(ZONE, "ZONE");
+      KEY_FLAGS.add(HOST, "HOST");
+      KEY_FLAGS.add(NTYP3, "NTYP3");
+      KEY_FLAGS.add(FLAG8, "FLAG8");
+      KEY_FLAGS.add(FLAG9, "FLAG9");
+      KEY_FLAGS.add(FLAG10, "FLAG10");
+      KEY_FLAGS.add(FLAG11, "FLAG11");
+      KEY_FLAGS.add(SIG0, "SIG0");
+      KEY_FLAGS.add(SIG1, "SIG1");
+      KEY_FLAGS.add(SIG2, "SIG2");
+      KEY_FLAGS.add(SIG3, "SIG3");
+      KEY_FLAGS.add(SIG4, "SIG4");
+      KEY_FLAGS.add(SIG5, "SIG5");
+      KEY_FLAGS.add(SIG6, "SIG6");
+      KEY_FLAGS.add(SIG7, "SIG7");
+      KEY_FLAGS.add(SIG8, "SIG8");
+      KEY_FLAGS.add(SIG9, "SIG9");
+      KEY_FLAGS.add(SIG10, "SIG10");
+      KEY_FLAGS.add(SIG11, "SIG11");
+      KEY_FLAGS.add(SIG12, "SIG12");
+      KEY_FLAGS.add(SIG13, "SIG13");
+      KEY_FLAGS.add(SIG14, "SIG14");
+      KEY_FLAGS.add(SIG15, "SIG15");
     }
 
     /**
@@ -230,16 +228,17 @@ public static int value(String s) {
       int value;
       try {
         value = Integer.parseInt(s);
-        if (value >= 0 && value <= 0xFFFF) {
+        if (Utils.isUInt16(value)) {
           return value;
         }
         return -1;
       } catch (NumberFormatException e) {
+        // Ignore
       }
       StringTokenizer st = new StringTokenizer(s, "|");
       value = 0;
       while (st.hasMoreTokens()) {
-        int val = flags.getValue(st.nextToken());
+        int val = KEY_FLAGS.getValue(st.nextToken());
         if (val < 0) {
           return -1;
         }
@@ -286,11 +285,6 @@ public static int value(String s) {
 
   KEYRecord() {}
 
-  @Override
-  Record getObject() {
-    return new KEYRecord();
-  }
-
   /**
    * Creates a KEY Record from the given data
    *
@@ -319,7 +313,7 @@ public KEYRecord(Name name, int dclass, long ttl, int flags, int proto, int alg,
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     String flagString = st.getIdentifier();
     flags = Flags.value(flagString);
     if (flags < 0) {
diff --git a/src/main/java/org/xbill/DNS/KXRecord.java b/src/main/java/org/xbill/DNS/KXRecord.java
index f2e504b93..7ea5cf9f6 100644
--- a/src/main/java/org/xbill/DNS/KXRecord.java
+++ b/src/main/java/org/xbill/DNS/KXRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,20 +7,12 @@
  * Key Exchange - delegation of authority
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2230">RFC 2230: Key Exchange Delegation Record for
- *     the DNS</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2230">RFC 2230: Key Exchange Delegation
+ *     Record for the DNS</a>
  */
 public class KXRecord extends U16NameBase {
-
-  private static final long serialVersionUID = 7448568832769757809L;
-
   KXRecord() {}
 
-  @Override
-  Record getObject() {
-    return new KXRecord();
-  }
-
   /**
    * Creates a KX Record from the given data
    *
diff --git a/src/main/java/org/xbill/DNS/LOCRecord.java b/src/main/java/org/xbill/DNS/LOCRecord.java
index ec9669e79..ca51dbb63 100644
--- a/src/main/java/org/xbill/DNS/LOCRecord.java
+++ b/src/main/java/org/xbill/DNS/LOCRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -10,16 +11,18 @@
  * Location - describes the physical location of hosts, networks, subnets.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1876">RFC 1876: A Means for Expressing Location
- *     Information in the Domain Name System</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1876">RFC 1876: A Means for Expressing
+ *     Location Information in the Domain Name System</a>
  */
 public class LOCRecord extends Record {
-
-  private static final long serialVersionUID = 9058224788126750409L;
-
-  private static NumberFormat w2, w3;
-  private long size, hPrecision, vPrecision;
-  private long latitude, longitude, altitude;
+  private static final NumberFormat w2;
+  private static final NumberFormat w3;
+  private long size;
+  private long hPrecision;
+  private long vPrecision;
+  private long latitude;
+  private long longitude;
+  private long altitude;
 
   static {
     w2 = new DecimalFormat();
@@ -31,11 +34,6 @@ public class LOCRecord extends Record {
 
   LOCRecord() {}
 
-  @Override
-  Record getObject() {
-    return new LOCRecord();
-  }
-
   /**
    * Creates an LOC Record from the given data
    *
@@ -66,7 +64,7 @@ public LOCRecord(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     int version;
 
     version = in.readU8();
@@ -101,7 +99,8 @@ private double parseFixedPoint(String s) {
 
   private long parsePosition(Tokenizer st, String type) throws IOException {
     boolean isLatitude = type.equals("latitude");
-    int deg, min = 0;
+    int deg;
+    int min = 0;
     double sec = 0;
     long value;
     String s;
@@ -139,7 +138,7 @@ private long parsePosition(Tokenizer st, String type) throws IOException {
       throw st.exception("Invalid LOC " + type);
     }
 
-    value += (1L << 31);
+    value += 1L << 31;
 
     return value;
   }
@@ -155,7 +154,7 @@ private long parseDouble(
       st.unget();
       return defaultValue;
     }
-    String s = token.value;
+    String s = token.value();
     if (s.length() > 1 && s.charAt(s.length() - 1) == 'm') {
       s = s.substring(0, s.length() - 1);
     }
@@ -171,7 +170,7 @@ private long parseDouble(
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     latitude = parsePosition(st, "latitude");
     longitude = parsePosition(st, "longitude");
     altitude = parseDouble(st, "altitude", true, -10000000, 4284967295L, 0) + 10000000;
@@ -180,7 +179,8 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
     vPrecision = parseDouble(st, "vertical precision", false, 0, 9000000000L, 1000);
   }
 
-  private void renderFixedPoint(StringBuffer sb, NumberFormat formatter, long value, long divisor) {
+  private void renderFixedPoint(
+      StringBuilder sb, NumberFormat formatter, long value, long divisor) {
     sb.append(value / divisor);
     value %= divisor;
     if (value != 0) {
@@ -190,7 +190,7 @@ private void renderFixedPoint(StringBuffer sb, NumberFormat formatter, long valu
   }
 
   private String positionToString(long value, char pos, char neg) {
-    StringBuffer sb = new StringBuffer();
+    StringBuilder sb = new StringBuilder();
     char direction;
 
     long temp = value - (1L << 31);
@@ -219,8 +219,8 @@ private String positionToString(long value, char pos, char neg) {
 
   /** Convert to a String */
   @Override
-  String rrToString() {
-    StringBuffer sb = new StringBuffer();
+  protected String rrToString() {
+    StringBuilder sb = new StringBuilder();
 
     /* Latitude */
     sb.append(positionToString(latitude, 'N', 'S'));
@@ -251,36 +251,36 @@ String rrToString() {
 
   /** Returns the latitude */
   public double getLatitude() {
-    return ((double) (latitude - (1L << 31))) / (3600 * 1000);
+    return (double) (latitude - (1L << 31)) / (3600 * 1000);
   }
 
   /** Returns the longitude */
   public double getLongitude() {
-    return ((double) (longitude - (1L << 31))) / (3600 * 1000);
+    return (double) (longitude - (1L << 31)) / (3600 * 1000);
   }
 
   /** Returns the altitude */
   public double getAltitude() {
-    return ((double) (altitude - 10000000)) / 100;
+    return (double) (altitude - 10000000) / 100;
   }
 
   /** Returns the diameter of the enclosing sphere */
   public double getSize() {
-    return ((double) size) / 100;
+    return (double) size / 100;
   }
 
   /** Returns the horizontal precision */
   public double getHPrecision() {
-    return ((double) hPrecision) / 100;
+    return (double) hPrecision / 100;
   }
 
   /** Returns the horizontal precision */
   public double getVPrecision() {
-    return ((double) vPrecision) / 100;
+    return (double) vPrecision / 100;
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU8(0); /* version */
     out.writeU8(toLOCformat(size));
     out.writeU8(toLOCformat(hPrecision));
@@ -299,7 +299,7 @@ private static long parseLOCformat(int b) throws WireParseException {
     while (exp-- > 0) {
       out *= 10;
     }
-    return (out);
+    return out;
   }
 
   private int toLOCformat(long l) {
@@ -308,6 +308,6 @@ private int toLOCformat(long l) {
       exp++;
       l /= 10;
     }
-    return (int) ((l << 4) + exp);
+    return (int) ((l << 4) + (exp & 0xFF));
   }
 }
diff --git a/src/main/java/org/xbill/DNS/Lookup.java b/src/main/java/org/xbill/DNS/Lookup.java
index 1d6f026b2..6a7ae8fb2 100644
--- a/src/main/java/org/xbill/DNS/Lookup.java
+++ b/src/main/java/org/xbill/DNS/Lookup.java
@@ -1,47 +1,63 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2002-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.io.IOException;
 import java.io.InterruptedIOException;
-import java.net.UnknownHostException;
+import java.net.InetAddress;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import lombok.Getter;
+import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.hosts.HostsFileParser;
 
 /**
- * The Lookup object issues queries to caching DNS servers. The input consists of a name, an
- * optional type, and an optional class. Caching is enabled by default and used when possible to
- * reduce the number of DNS requests. A Resolver, which defaults to an ExtendedResolver initialized
- * with the resolvers located by the ResolverConfig class, performs the queries. A search path of
- * domain suffixes is used to resolve relative names, and is also determined by the ResolverConfig
+ * The Lookup object issues queries to the local hosts database ({@code /etc/hosts}) and to
+ * recursive DNS servers. The input consists of a name, an optional type, and an optional class.
+ * Caching is enabled by default and used when possible to reduce the number of DNS requests. A
+ * {@link Resolver}, which defaults to an {@link ExtendedResolver} initialized with the resolvers
+ * located by the {@link ResolverConfig} class, performs the queries. A search path of domain
+ * suffixes is used to resolve relative names, and is also determined by the {@link ResolverConfig}
  * class.
  *
  * <p>A Lookup object may be reused, but should not be used by multiple threads.
  *
+ * <p>Lookup is considered legacy (but not yet deprecated). Use {@link
+ * org.xbill.DNS.lookup.LookupSession} instead, which is thread safe and fully async.
+ *
+ * @see org.xbill.DNS.lookup.LookupSession
  * @see Cache
  * @see Resolver
  * @see ResolverConfig
+ * @see HostsFileParser
  * @author Brian Wellington
  */
 @Slf4j
 public final class Lookup {
 
   private static Resolver defaultResolver;
-  private static Name[] defaultSearchPath;
+  private static List<Name> defaultSearchPath = Collections.emptyList();
   private static Map<Integer, Cache> defaultCaches;
   private static int defaultNdots;
+  private static HostsFileParser defaultHostsFileParser;
 
   private Resolver resolver;
-  private Name[] searchPath;
+  private List<Name> searchPath;
+  private int ndots;
   private Cache cache;
-  private boolean temporary_cache;
+  private boolean temporaryCache;
   private int credibility;
-  private Name name;
-  private int type;
-  private int dclass;
+  private final Name name;
+  private final int type;
+  private final int dclass;
   private int iterations;
   private boolean foundAlias;
   private boolean done;
@@ -52,11 +68,20 @@ public final class Lookup {
   private String error;
   private boolean nxdomain;
   private boolean badresponse;
-  private String badresponse_error;
+  private String badresponseError;
   private boolean networkerror;
   private boolean timedout;
   private boolean nametoolong;
   private boolean referral;
+  private boolean cycleResults = true;
+  private final int maxIterations;
+
+  /**
+   * Gets or sets the local hosts database parser to use for lookup before using a {@link Resolver}.
+   *
+   * @since 3.4
+   */
+  @Getter @Setter private HostsFileParser hostsFileParser;
 
   private static final Name[] noAliases = new Name[0];
 
@@ -76,15 +101,11 @@ public final class Lookup {
   public static final int TYPE_NOT_FOUND = 4;
 
   public static synchronized void refreshDefault() {
-
-    try {
-      defaultResolver = new ExtendedResolver();
-    } catch (UnknownHostException e) {
-      throw new RuntimeException("Failed to initialize resolver");
-    }
+    defaultResolver = new ExtendedResolver();
     defaultSearchPath = ResolverConfig.getCurrentConfig().searchPath();
     defaultCaches = new HashMap<>();
     defaultNdots = ResolverConfig.getCurrentConfig().ndots();
+    defaultHostsFileParser = new HostsFileParser();
   }
 
   static {
@@ -141,7 +162,7 @@ public static synchronized void setDefaultCache(Cache cache, int dclass) {
    *
    * @return The default search path.
    */
-  public static synchronized Name[] getDefaultSearchPath() {
+  public static synchronized List<Name> getDefaultSearchPath() {
     return defaultSearchPath;
   }
 
@@ -149,9 +170,32 @@ public static synchronized Name[] getDefaultSearchPath() {
    * Sets the search path to be used as the default by future Lookups.
    *
    * @param domains The default search path.
+   * @throws IllegalArgumentException if a domain in the search path is not absolute and cannot be
+   *     made absolute.
    */
-  public static synchronized void setDefaultSearchPath(Name[] domains) {
-    defaultSearchPath = domains;
+  public static synchronized void setDefaultSearchPath(List<Name> domains) {
+    if (domains == null) {
+      defaultSearchPath = Collections.emptyList();
+      return;
+    }
+
+    defaultSearchPath = convertSearchPathDomainList(domains);
+  }
+
+  /**
+   * Sets the search path to be used as the default by future Lookups.
+   *
+   * @param domains The default search path.
+   * @throws IllegalArgumentException if a domain in the search path is not absolute and cannot be
+   *     made absolute.
+   */
+  public static synchronized void setDefaultSearchPath(Name... domains) {
+    if (domains == null) {
+      defaultSearchPath = Collections.emptyList();
+      return;
+    }
+
+    setDefaultSearchPath(Arrays.asList(domains));
   }
 
   /**
@@ -160,25 +204,68 @@ public static synchronized void setDefaultSearchPath(Name[] domains) {
    * @param domains The default search path.
    * @throws TextParseException A name in the array is not a valid DNS name.
    */
-  public static synchronized void setDefaultSearchPath(String[] domains) throws TextParseException {
+  public static synchronized void setDefaultSearchPath(String... domains)
+      throws TextParseException {
     if (domains == null) {
-      defaultSearchPath = null;
+      defaultSearchPath = Collections.emptyList();
       return;
     }
-    Name[] newdomains = new Name[domains.length];
-    for (int i = 0; i < domains.length; i++) {
-      newdomains[i] = Name.fromString(domains[i], Name.root);
+
+    List<Name> newDomains = new ArrayList<>(domains.length);
+    for (String domain : domains) {
+      newDomains.add(Name.fromString(domain, Name.root));
+    }
+
+    defaultSearchPath = newDomains;
+  }
+
+  /**
+   * Gets the default {@link HostsFileParser} to use for new Lookup instances.
+   *
+   * @since 3.4
+   */
+  public static synchronized HostsFileParser getDefaultHostsFileParser() {
+    return defaultHostsFileParser;
+  }
+
+  /**
+   * Sets the default {@link HostsFileParser} to use for new Lookup instances.
+   *
+   * @since 3.4
+   */
+  public static synchronized void setDefaultHostsFileParser(HostsFileParser hostsFileParser) {
+    defaultHostsFileParser = hostsFileParser;
+  }
+
+  private static List<Name> convertSearchPathDomainList(List<Name> domains) {
+    try {
+      return domains.stream()
+          .map(
+              n -> {
+                try {
+                  return Name.concatenate(n, Name.root);
+                } catch (NameTooLongException e) {
+                  throw new RuntimeException(e);
+                }
+              })
+          .collect(Collectors.toList());
+    } catch (RuntimeException e) {
+      if (e.getCause() instanceof NameTooLongException) {
+        throw new IllegalArgumentException(e.getCause());
+      } else {
+        throw e;
+      }
     }
-    defaultSearchPath = newdomains;
   }
 
   /**
-   * Sets a custom logger that will be used to log the send and received packets.
+   * Sets a custom logger that will be used to log the sent and received packets. This is only
+   * applicable to the default I/O implementations.
    *
    * @param logger The logger
    */
   public static synchronized void setPacketLogger(PacketLogger logger) {
-    Client.setPacketLogger(logger);
+    NioClient.setPacketLogger(logger);
   }
 
   private void reset() {
@@ -192,12 +279,12 @@ private void reset() {
     error = null;
     nxdomain = false;
     badresponse = false;
-    badresponse_error = null;
+    badresponseError = null;
     networkerror = false;
     timedout = false;
     nametoolong = false;
     referral = false;
-    if (temporary_cache) {
+    if (temporaryCache) {
       cache.clearCache();
     }
   }
@@ -222,7 +309,7 @@ public Lookup(Name name, int type, int dclass) {
     Type.check(type);
     DClass.check(dclass);
     if (!Type.isRR(type) && type != Type.ANY) {
-      throw new IllegalArgumentException("Cannot query for " + "meta-types other than ANY");
+      throw new IllegalArgumentException("Cannot query for meta-types other than ANY");
     }
     this.name = name;
     this.type = type;
@@ -232,8 +319,14 @@ public Lookup(Name name, int type, int dclass) {
       this.searchPath = getDefaultSearchPath();
       this.cache = getDefaultCache(dclass);
     }
+    this.ndots = defaultNdots;
     this.credibility = Credibility.NORMAL;
     this.result = -1;
+    this.maxIterations =
+        Integer.parseInt(System.getProperty("dnsjava.lookup.max_iterations", "16"));
+    if (Boolean.parseBoolean(System.getProperty("dnsjava.lookup.use_hosts_file", "true"))) {
+      this.hostsFileParser = getDefaultHostsFileParser();
+    }
   }
 
   /**
@@ -309,9 +402,32 @@ public void setResolver(Resolver resolver) {
    * Sets the search path to use when performing this lookup. This overrides the default value.
    *
    * @param domains An array of names containing the search path.
+   * @throws IllegalArgumentException if a domain in the search path is not absolute and cannot be
+   *     made absolute.
    */
-  public void setSearchPath(Name[] domains) {
-    this.searchPath = domains;
+  public void setSearchPath(List<Name> domains) {
+    if (domains == null) {
+      this.searchPath = Collections.emptyList();
+      return;
+    }
+
+    this.searchPath = convertSearchPathDomainList(domains);
+  }
+
+  /**
+   * Sets the search path to use when performing this lookup. This overrides the default value.
+   *
+   * @param domains An array of names containing the search path.
+   * @throws IllegalArgumentException if a domain in the search path is not absolute and cannot be
+   *     made absolute.
+   */
+  public void setSearchPath(Name... domains) {
+    if (domains == null) {
+      this.searchPath = Collections.emptyList();
+      return;
+    }
+
+    setSearchPath(Arrays.asList(domains));
   }
 
   /**
@@ -320,16 +436,18 @@ public void setSearchPath(Name[] domains) {
    * @param domains An array of names containing the search path.
    * @throws TextParseException A name in the array is not a valid DNS name.
    */
-  public void setSearchPath(String[] domains) throws TextParseException {
+  public void setSearchPath(String... domains) throws TextParseException {
     if (domains == null) {
-      this.searchPath = null;
+      this.searchPath = Collections.emptyList();
       return;
     }
-    Name[] newdomains = new Name[domains.length];
-    for (int i = 0; i < domains.length; i++) {
-      newdomains[i] = Name.fromString(domains[i], Name.root);
+
+    List<Name> newDomains = new ArrayList<>(domains.length);
+    for (String domain : domains) {
+      newDomains.add(Name.fromString(domain, Name.root));
     }
-    this.searchPath = newdomains;
+
+    this.searchPath = newDomains;
   }
 
   /**
@@ -337,17 +455,37 @@ public void setSearchPath(String[] domains) throws TextParseException {
    * results of this lookup should not be permanently cached, null can be provided here.
    *
    * @param cache The cache to use.
+   * @throws IllegalArgumentException If the DClass of the cache doesn't match this Lookup's DClass.
    */
   public void setCache(Cache cache) {
     if (cache == null) {
       this.cache = new Cache(dclass);
-      this.temporary_cache = true;
+      this.temporaryCache = true;
     } else {
+      if (cache.getDClass() != dclass) {
+        throw new IllegalArgumentException(
+            "DClass of cache doesn't match DClass of this Lookup instance");
+      }
+
       this.cache = cache;
-      this.temporary_cache = false;
+      this.temporaryCache = false;
     }
   }
 
+  /**
+   * Sets the default ndots to use when performing a lookup, overriding the default value.
+   * Specifically, this refers to the number of "dots" which, if present in a name, indicate that a
+   * lookup for the absolute name should be attempted before appending any search path elements.
+   *
+   * @param ndots The ndots value to use, which must be greater than or equal to 0.
+   */
+  public static void setDefaultNdots(int ndots) {
+    if (ndots < 0) {
+      throw new IllegalArgumentException("Illegal ndots value: " + ndots);
+    }
+    defaultNdots = ndots;
+  }
+
   /**
    * Sets ndots to use when performing this lookup, overriding the default value. Specifically, this
    * refers to the number of "dots" which, if present in a name, indicate that a lookup for the
@@ -359,7 +497,7 @@ public void setNdots(int ndots) {
     if (ndots < 0) {
       throw new IllegalArgumentException("Illegal ndots value: " + ndots);
     }
-    defaultNdots = ndots;
+    this.ndots = ndots;
   }
 
   /**
@@ -372,6 +510,16 @@ public void setCredibility(int credibility) {
     this.credibility = credibility;
   }
 
+  /**
+   * Controls the behavior if results being returned from the cache should be cycled in a
+   * round-robin style (true) or if the raw lookup results should be returned (false).
+   *
+   * @param cycleResults The desired behavior of the order of the results
+   */
+  public void setCycleResults(boolean cycleResults) {
+    this.cycleResults = cycleResults;
+  }
+
   private void follow(Name name, Name oldname) {
     foundAlias = true;
     badresponse = false;
@@ -380,7 +528,7 @@ private void follow(Name name, Name oldname) {
     nxdomain = false;
     referral = false;
     iterations++;
-    if (iterations >= 10 || name.equals(oldname)) {
+    if (iterations >= maxIterations || name.equals(oldname)) {
       result = UNRECOVERABLE;
       error = "CNAME loop";
       done = true;
@@ -395,11 +543,11 @@ private void follow(Name name, Name oldname) {
 
   private void processResponse(Name name, SetResponse response) {
     if (response.isSuccessful()) {
-      List<RRset<?>> rrsets = response.answers();
+      List<RRset> rrsets = response.answers();
       List<Record> l = new ArrayList<>();
 
-      for (RRset<?> set : rrsets) {
-        l.addAll(set.rrs());
+      for (RRset set : rrsets) {
+        l.addAll(set.rrs(cycleResults));
       }
 
       result = SUCCESSFUL;
@@ -435,11 +583,13 @@ private void processResponse(Name name, SetResponse response) {
   }
 
   private void lookup(Name current) {
-    SetResponse sr = cache.lookupRecords(current, type, credibility);
-    if (log.isDebugEnabled()) {
-      log.debug("lookup {} {}", current, Type.string(type));
-      log.debug(sr.toString());
+    if (lookupFromHostsFile(current)) {
+      return;
     }
+
+    SetResponse sr = cache.lookupRecords(current, type, credibility);
+    log.debug("Lookup for {}/{}, cache answer: {}", current, Type.string(type), sr);
+
     processResponse(current, sr);
     if (done || doneCurrent) {
       return;
@@ -449,9 +599,15 @@ private void lookup(Name current) {
     Message query = Message.newQuery(question);
     Message response;
     try {
-      response = resolver.send(query);
+      response = resolver.send(query).normalize(query);
     } catch (IOException e) {
-      log.debug("Lookup failed", e);
+      log.debug(
+          "Lookup for {}/{}, id={} failed using resolver {}",
+          current,
+          Type.string(query.getQuestion().getType()),
+          query.getHeader().getID(),
+          resolver,
+          e);
 
       // A network error occurred.  Press on.
       if (e instanceof InterruptedIOException) {
@@ -466,14 +622,14 @@ private void lookup(Name current) {
       // The server we contacted is broken or otherwise unhelpful.
       // Press on.
       badresponse = true;
-      badresponse_error = Rcode.string(rcode);
+      badresponseError = Rcode.string(rcode);
       return;
     }
 
     if (!query.getQuestion().equals(response.getQuestion())) {
       // The answer doesn't match the question.  That's not good.
       badresponse = true;
-      badresponse_error = "response does not match query";
+      badresponseError = "response does not match query";
       return;
     }
 
@@ -481,27 +637,46 @@ private void lookup(Name current) {
     if (sr == null) {
       sr = cache.lookupRecords(current, type, credibility);
     }
-    if (log.isDebugEnabled()) {
-      log.debug("queried {} {}", current, Type.string(type));
-      log.debug(sr.toString());
-    }
+
+    log.debug(
+        "Queried {}/{}, id={}: {}", current, Type.string(type), response.getHeader().getID(), sr);
     processResponse(current, sr);
   }
 
+  private boolean lookupFromHostsFile(Name current) {
+    if (hostsFileParser != null && (type == Type.A || type == Type.AAAA)) {
+      try {
+        Optional<InetAddress> localLookup = hostsFileParser.getAddressForHost(current, type);
+        if (localLookup.isPresent()) {
+          result = SUCCESSFUL;
+          done = true;
+          if (type == Type.A) {
+            answers = new ARecord[] {new ARecord(current, dclass, 0L, localLookup.get())};
+          } else {
+            answers = new AAAARecord[] {new AAAARecord(current, dclass, 0L, localLookup.get())};
+          }
+
+          return true;
+        }
+      } catch (IOException e) {
+        log.debug("Local hosts database parsing failed, ignoring and using resolver", e);
+      }
+    }
+
+    return false;
+  }
+
   private void resolve(Name current, Name suffix) {
     doneCurrent = false;
-    Name tname;
     if (suffix == null) {
-      tname = current;
+      lookup(current);
     } else {
       try {
-        tname = Name.concatenate(current, suffix);
+        lookup(Name.concatenate(current, suffix));
       } catch (NameTooLongException e) {
         nametoolong = true;
-        return;
       }
     }
-    lookup(tname);
   }
 
   /**
@@ -515,14 +690,14 @@ public Record[] run() {
     }
     if (name.isAbsolute()) {
       resolve(name, null);
-    } else if (searchPath == null) {
-      resolve(name, Name.root);
     } else {
-      if (name.labels() > defaultNdots) {
+      // Save absolute query attempt state to prevent a double absolute lookup
+      boolean absoluteNameAttempted = name.labels() > ndots;
+      if (absoluteNameAttempted) {
         resolve(name, Name.root);
-      }
-      if (done) {
-        return answers;
+        if (done) {
+          return answers;
+        }
       }
 
       for (Name value : searchPath) {
@@ -533,11 +708,16 @@ public Record[] run() {
           break;
         }
       }
+
+      if (!absoluteNameAttempted) {
+        resolve(name, Name.root);
+      }
     }
+
     if (!done) {
       if (badresponse) {
         result = TRY_AGAIN;
-        error = badresponse_error;
+        error = badresponseError;
         done = true;
       } else if (timedout) {
         result = TRY_AGAIN;
diff --git a/src/main/java/org/xbill/DNS/MBRecord.java b/src/main/java/org/xbill/DNS/MBRecord.java
index 0646d3861..a2fbc91e5 100644
--- a/src/main/java/org/xbill/DNS/MBRecord.java
+++ b/src/main/java/org/xbill/DNS/MBRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,20 +7,12 @@
  * Mailbox Record - specifies a host containing a mailbox.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc883">RFC 883: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc883">RFC 883: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class MBRecord extends SingleNameBase {
-
-  private static final long serialVersionUID = 532349543479150419L;
-
   MBRecord() {}
 
-  @Override
-  Record getObject() {
-    return new MBRecord();
-  }
-
   /**
    * Creates a new MB Record with the given data
    *
diff --git a/src/main/java/org/xbill/DNS/MDRecord.java b/src/main/java/org/xbill/DNS/MDRecord.java
index 7a3bf0859..78c6a18d8 100644
--- a/src/main/java/org/xbill/DNS/MDRecord.java
+++ b/src/main/java/org/xbill/DNS/MDRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,20 +7,12 @@
  * Mail Destination Record - specifies a mail agent which delivers mail for a domain (obsolete)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc973">RFC 973: Domain System Changes and
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc973">RFC 973: Domain System Changes and
  *     Observations</a>
  */
 public class MDRecord extends SingleNameBase {
-
-  private static final long serialVersionUID = 5268878603762942202L;
-
   MDRecord() {}
 
-  @Override
-  Record getObject() {
-    return new MDRecord();
-  }
-
   /**
    * Creates a new MD Record with the given data
    *
diff --git a/src/main/java/org/xbill/DNS/MFRecord.java b/src/main/java/org/xbill/DNS/MFRecord.java
index c3558c66e..0e0d59c3c 100644
--- a/src/main/java/org/xbill/DNS/MFRecord.java
+++ b/src/main/java/org/xbill/DNS/MFRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,20 +7,12 @@
  * Mail Forwarder Record - specifies a mail agent which forwards mail for a domain (obsolete)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc973">RFC 973: Domain System Changes and
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc973">RFC 973: Domain System Changes and
  *     Observations</a>
  */
 public class MFRecord extends SingleNameBase {
-
-  private static final long serialVersionUID = -6670449036843028169L;
-
   MFRecord() {}
 
-  @Override
-  Record getObject() {
-    return new MFRecord();
-  }
-
   /**
    * Creates a new MF Record with the given data
    *
diff --git a/src/main/java/org/xbill/DNS/MGRecord.java b/src/main/java/org/xbill/DNS/MGRecord.java
index 3ce52c7ab..fd5077b1f 100644
--- a/src/main/java/org/xbill/DNS/MGRecord.java
+++ b/src/main/java/org/xbill/DNS/MGRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,20 +7,12 @@
  * Mail Group Record - specifies a mailbox which is a member of a mail group.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc883">RFC 883: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc883">RFC 883: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class MGRecord extends SingleNameBase {
-
-  private static final long serialVersionUID = -3980055550863644582L;
-
   MGRecord() {}
 
-  @Override
-  Record getObject() {
-    return new MGRecord();
-  }
-
   /**
    * Creates a new MG Record with the given data
    *
diff --git a/src/main/java/org/xbill/DNS/MINFORecord.java b/src/main/java/org/xbill/DNS/MINFORecord.java
index 97340ecc0..a73009548 100644
--- a/src/main/java/org/xbill/DNS/MINFORecord.java
+++ b/src/main/java/org/xbill/DNS/MINFORecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,23 +10,15 @@
  * address to receive error messages relating to the mailing list/mailbox.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc883">RFC 883: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc883">RFC 883: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class MINFORecord extends Record {
-
-  private static final long serialVersionUID = -3962147172340353796L;
-
   private Name responsibleAddress;
   private Name errorAddress;
 
   MINFORecord() {}
 
-  @Override
-  Record getObject() {
-    return new MINFORecord();
-  }
-
   /**
    * Creates an MINFO Record from the given data
    *
@@ -40,20 +33,20 @@ public MINFORecord(Name name, int dclass, long ttl, Name responsibleAddress, Nam
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     responsibleAddress = new Name(in);
     errorAddress = new Name(in);
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     responsibleAddress = st.getName(origin);
     errorAddress = st.getName(origin);
   }
 
   /** Converts the MINFO Record to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(responsibleAddress);
     sb.append(" ");
@@ -72,7 +65,7 @@ public Name getErrorAddress() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     responsibleAddress.toWire(out, null, canonical);
     errorAddress.toWire(out, null, canonical);
   }
diff --git a/src/main/java/org/xbill/DNS/MRRecord.java b/src/main/java/org/xbill/DNS/MRRecord.java
index 3458479ed..68e9f152e 100644
--- a/src/main/java/org/xbill/DNS/MRRecord.java
+++ b/src/main/java/org/xbill/DNS/MRRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,20 +7,12 @@
  * Mailbox Rename Record - specifies a rename of a mailbox.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc883">RFC 883: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc883">RFC 883: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class MRRecord extends SingleNameBase {
-
-  private static final long serialVersionUID = -5617939094209927533L;
-
   MRRecord() {}
 
-  @Override
-  Record getObject() {
-    return new MRRecord();
-  }
-
   /**
    * Creates a new MR Record with the given data
    *
diff --git a/src/main/java/org/xbill/DNS/MXRecord.java b/src/main/java/org/xbill/DNS/MXRecord.java
index 7f148d4d6..f5ec13c7f 100644
--- a/src/main/java/org/xbill/DNS/MXRecord.java
+++ b/src/main/java/org/xbill/DNS/MXRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,22 +7,14 @@
  * Mail Exchange - specifies where mail to a domain is sent
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
- * @see <a href="https://tools.ietf.org/html/rfc7505">RFC 7505: A "Null MX" No Service Resource
- *     Record for Domains That Accept No Mail</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7505">RFC 7505: A "Null MX" No Service
+ *     Resource Record for Domains That Accept No Mail</a>
  */
 public class MXRecord extends U16NameBase {
-
-  private static final long serialVersionUID = 2914841027584208546L;
-
   MXRecord() {}
 
-  @Override
-  Record getObject() {
-    return new MXRecord();
-  }
-
   /**
    * Creates an MX Record from the given data
    *
@@ -43,7 +36,7 @@ public int getPriority() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(u16Field);
     nameField.toWire(out, c, canonical);
   }
diff --git a/src/main/java/org/xbill/DNS/Master.java b/src/main/java/org/xbill/DNS/Master.java
index 7b9095e1f..0c35de146 100644
--- a/src/main/java/org/xbill/DNS/Master.java
+++ b/src/main/java/org/xbill/DNS/Master.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -23,7 +24,7 @@ public class Master implements AutoCloseable {
   private Record last = null;
   private long defaultTTL;
   private Master included = null;
-  private Tokenizer st;
+  private final Tokenizer st;
   private int currentType;
   private int currentDClass;
   private long currentTTL;
@@ -123,7 +124,7 @@ private Name parseName(String s, Name origin) throws TextParseException {
 
   private void parseTTLClassAndType() throws IOException {
     String s;
-    boolean seen_class;
+    boolean seenClass;
 
     // This is a bit messy, since any of the following are legal:
     //   class ttl type
@@ -131,11 +132,11 @@ private void parseTTLClassAndType() throws IOException {
     //   class type
     //   ttl type
     //   type
-    seen_class = false;
+    seenClass = false;
     s = st.getString();
     if ((currentDClass = DClass.value(s)) >= 0) {
       s = st.getString();
-      seen_class = true;
+      seenClass = true;
     }
 
     currentTTL = -1;
@@ -150,7 +151,7 @@ private void parseTTLClassAndType() throws IOException {
       }
     }
 
-    if (!seen_class) {
+    if (!seenClass) {
       if ((currentDClass = DClass.value(s)) >= 0) {
         s = st.getString();
       } else {
@@ -180,7 +181,7 @@ private long parseUInt32(String s) {
     }
     try {
       long l = Long.parseLong(s);
-      if (l < 0 || l > 0xFFFFFFFFL) {
+      if (!Utils.isUInt32(l)) {
         return -1;
       }
       return l;
@@ -269,7 +270,7 @@ private Record nextGenerated() throws IOException {
    * @return The next record.
    * @throws IOException The master file could not be read, or was syntactically invalid.
    */
-  private Record _nextRecord() throws IOException {
+  private Record nextRecordInternal() throws IOException {
     Tokenizer.Token token;
     String s;
 
@@ -291,11 +292,11 @@ private Record _nextRecord() throws IOException {
       Name name;
 
       token = st.get(true, false);
-      if (token.type == Tokenizer.WHITESPACE) {
+      if (token.type() == Tokenizer.WHITESPACE) {
         Tokenizer.Token next = st.get();
-        if (next.type == Tokenizer.EOL) {
+        if (next.type() == Tokenizer.EOL) {
           continue;
-        } else if (next.type == Tokenizer.EOF) {
+        } else if (next.type() == Tokenizer.EOF) {
           return null;
         } else {
           st.unget();
@@ -304,12 +305,12 @@ private Record _nextRecord() throws IOException {
           throw st.exception("no owner");
         }
         name = last.getName();
-      } else if (token.type == Tokenizer.EOL) {
+      } else if (token.type() == Tokenizer.EOL) {
         continue;
-      } else if (token.type == Tokenizer.EOF) {
+      } else if (token.type() == Tokenizer.EOF) {
         return null;
-      } else if ((token.value).charAt(0) == '$') {
-        s = token.value;
+      } else if (token.value().charAt(0) == '$') {
+        s = token.value();
 
         if (s.equalsIgnoreCase("$ORIGIN")) {
           origin = st.getName(Name.root);
@@ -324,23 +325,28 @@ private Record _nextRecord() throws IOException {
             if (includeThrowsException) {
               throw st.exception("$INCLUDE encountered, but processing disabled in strict mode");
             }
+            st.getString();
+            st.getEOL();
             continue;
           }
+
           String filename = st.getString();
-          File newfile;
-          if (file != null) {
-            String parent = file.getParent();
-            newfile = new File(parent, filename);
-          } else {
-            newfile = new File(filename);
+          File includeFile = new File(filename);
+          if (!includeFile.isAbsolute()) {
+            if (file != null) {
+              includeFile = new File(file.getParent(), filename);
+            } else {
+              throw st.exception("Cannot $INCLUDE using relative path when parsing from stream");
+            }
           }
-          Name incorigin = origin;
+
+          Name includeOrigin = origin;
           token = st.get();
           if (token.isString()) {
-            incorigin = parseName(token.value, Name.root);
+            includeOrigin = parseName(token.value(), Name.root);
             st.getEOL();
           }
-          included = new Master(newfile, incorigin, defaultTTL);
+          included = new Master(includeFile, includeOrigin, defaultTTL);
           /*
            * If we continued, we wouldn't be looking in
            * the new file.  Recursing works better.
@@ -360,7 +366,7 @@ private Record _nextRecord() throws IOException {
           throw st.exception("Invalid directive: " + s);
         }
       } else {
-        s = token.value;
+        s = token.value();
         name = parseName(s, origin);
         if (last != null && name.equals(last.getName())) {
           name = last.getName();
@@ -389,7 +395,7 @@ private Record _nextRecord() throws IOException {
   public Record nextRecord() throws IOException {
     Record rec = null;
     try {
-      rec = _nextRecord();
+      rec = nextRecordInternal();
     } finally {
       if (rec == null) {
         st.close();
@@ -399,7 +405,7 @@ public Record nextRecord() throws IOException {
   }
 
   /**
-   * Disable processing of $INCLUDE directives. When disabled, $INCUDE statements will not be
+   * Disable processing of $INCLUDE directives. When disabled, $INCLUDE statements will not be
    * processed. Depending on the contents of the file that would have been included, this may cause
    * the zone to be invalid. (e.g. if there is no SOA or NS at the apex)
    */
diff --git a/src/main/java/org/xbill/DNS/Message.java b/src/main/java/org/xbill/DNS/Message.java
index 0f626b21e..dc24516ca 100644
--- a/src/main/java/org/xbill/DNS/Message.java
+++ b/src/main/java/org/xbill/DNS/Message.java
@@ -1,14 +1,18 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
+// Copyright (c) 2007-2023 NLnet Labs
 
 package org.xbill.DNS;
 
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.util.ArrayList;
-import java.util.HashSet;
+import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
-import java.util.Set;
+import java.util.Optional;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
 
 /**
  * A DNS Message. A message is the basic unit of communication between the client and server of a
@@ -19,6 +23,7 @@
  * @see Section
  * @author Brian Wellington
  */
+@Slf4j
 public class Message implements Cloneable {
 
   /** The maximum length of a message in wire format. */
@@ -28,37 +33,35 @@ public class Message implements Cloneable {
   private List<Record>[] sections;
   private int size;
   private TSIG tsigkey;
+  private TSIGRecord generatedTsig;
   private TSIGRecord querytsig;
   private int tsigerror;
+  private Resolver resolver;
 
   int tsigstart;
   int tsigState;
   int sig0start;
 
-  /* The message was not signed */
+  /** The message was not signed */
   static final int TSIG_UNSIGNED = 0;
 
-  /* The message was signed and verification succeeded */
+  /** The message was signed and verification succeeded */
   static final int TSIG_VERIFIED = 1;
 
-  /* The message was an unsigned message in multiple-message response */
+  /** The message was an unsigned message in multiple-message response */
   static final int TSIG_INTERMEDIATE = 2;
 
-  /* The message was signed and no verification was attempted.  */
+  /** The message was signed and no verification was attempted. */
   static final int TSIG_SIGNED = 3;
 
-  /*
-   * The message was signed and verification failed, or was not signed
-   * when it should have been.
-   */
+  /** The message was signed and verification failed, or was not signed when it should have been. */
   static final int TSIG_FAILED = 4;
 
-  private static Record[] emptyRecordArray = new Record[0];
-  private static RRset[] emptyRRsetArray = new RRset[0];
+  private static final Record[] emptyRecordArray = new Record[0];
 
-  @SuppressWarnings("unchecked")
+  @SuppressWarnings({"unchecked"})
   private Message(Header header) {
-    sections = new List[4];
+    sections = (List<Record>[]) new List<?>[4];
     this.header = header;
   }
 
@@ -97,7 +100,7 @@ public static Message newUpdate(Name zone) {
 
   Message(DNSInput in) throws IOException {
     this(new Header(in));
-    boolean isUpdate = (header.getOpcode() == Opcode.UPDATE);
+    boolean isUpdate = header.getOpcode() == Opcode.UPDATE;
     boolean truncated = header.getFlag(Flags.TC);
     try {
       for (int i = 0; i < 4; i++) {
@@ -112,6 +115,9 @@ public static Message newUpdate(Name zone) {
           if (i == Section.ADDITIONAL) {
             if (rec.getType() == Type.TSIG) {
               tsigstart = pos;
+              if (j != count - 1) {
+                throw new WireParseException("TSIG is not the last record in the message");
+              }
             }
             if (rec.getType() == Type.SIG) {
               SIGRecord sig = (SIGRecord) rec;
@@ -187,6 +193,7 @@ public void addRecord(Record r, int section) {
    * @see Section
    */
   public boolean removeRecord(Record r, int section) {
+    Section.check(section);
     if (sections[section] != null && sections[section].remove(r)) {
       header.decCount(section);
       return true;
@@ -202,6 +209,7 @@ public boolean removeRecord(Record r, int section) {
    * @see Section
    */
   public void removeAllRecords(int section) {
+    Section.check(section);
     sections[section] = null;
     header.setCount(section, 0);
   }
@@ -213,7 +221,8 @@ public void removeAllRecords(int section) {
    * @see Section
    */
   public boolean findRecord(Record r, int section) {
-    return (sections[section] != null && sections[section].contains(r));
+    Section.check(section);
+    return sections[section] != null && sections[section].contains(r);
   }
 
   /**
@@ -238,6 +247,8 @@ public boolean findRecord(Record r) {
    * @see Section
    */
   public boolean findRRset(Name name, int type, int section) {
+    Type.check(type);
+    Section.check(section);
     if (sections[section] == null) {
       return false;
     }
@@ -257,9 +268,9 @@ public boolean findRRset(Name name, int type, int section) {
    * @see Section
    */
   public boolean findRRset(Name name, int type) {
-    return (findRRset(name, type, Section.ANSWER)
+    return findRRset(name, type, Section.ANSWER)
         || findRRset(name, type, Section.AUTHORITY)
-        || findRRset(name, type, Section.ADDITIONAL));
+        || findRRset(name, type, Section.ADDITIONAL);
   }
 
   /**
@@ -269,11 +280,11 @@ public boolean findRRset(Name name, int type) {
    * @see Section
    */
   public Record getQuestion() {
-    List l = sections[Section.QUESTION];
-    if (l == null || l.size() == 0) {
+    List<Record> l = sections[Section.QUESTION];
+    if (l == null || l.isEmpty()) {
       return null;
     }
-    return (Record) l.get(0);
+    return l.get(0);
   }
 
   /**
@@ -288,21 +299,31 @@ public TSIGRecord getTSIG() {
     if (count == 0) {
       return null;
     }
-    List l = sections[Section.ADDITIONAL];
-    Record rec = (Record) l.get(count - 1);
+    List<Record> l = sections[Section.ADDITIONAL];
+    Record rec = l.get(count - 1);
     if (rec.type != Type.TSIG) {
       return null;
     }
     return (TSIGRecord) rec;
   }
 
+  /**
+   * Gets the generated {@link TSIGRecord}. Only valid if the messages has been converted to wire
+   * format with {@link #toWire(int)} before.
+   *
+   * @return A generated TSIG record or {@code null}.
+   */
+  TSIGRecord getGeneratedTSIG() {
+    return generatedTsig;
+  }
+
   /**
    * Was this message signed by a TSIG?
    *
    * @see TSIG
    */
   public boolean isSigned() {
-    return (tsigState == TSIG_SIGNED || tsigState == TSIG_VERIFIED || tsigState == TSIG_FAILED);
+    return tsigState == TSIG_SIGNED || tsigState == TSIG_VERIFIED || tsigState == TSIG_FAILED;
   }
 
   /**
@@ -311,7 +332,7 @@ public boolean isSigned() {
    * @see TSIG
    */
   public boolean isVerified() {
-    return (tsigState == TSIG_VERIFIED);
+    return tsigState == TSIG_VERIFIED;
   }
 
   /**
@@ -321,10 +342,9 @@ public boolean isVerified() {
    * @see Section
    */
   public OPTRecord getOPT() {
-    Record[] additional = getSectionArray(Section.ADDITIONAL);
-    for (Record record : additional) {
-      if (record instanceof OPTRecord) {
-        return (OPTRecord) record;
+    for (Record r : getSection(Section.ADDITIONAL)) {
+      if (r instanceof OPTRecord) {
+        return (OPTRecord) r;
       }
     }
     return null;
@@ -335,7 +355,7 @@ public int getRcode() {
     int rcode = header.getRcode();
     OPTRecord opt = getOPT();
     if (opt != null) {
-      rcode += (opt.getExtendedRcode() << 4);
+      rcode += opt.getExtendedRcode() << 4;
     }
     return rcode;
   }
@@ -346,8 +366,11 @@ public int getRcode() {
    *
    * @see Record
    * @see Section
+   * @deprecated use {@link #getSection(int)}
    */
+  @Deprecated
   public Record[] getSectionArray(int section) {
+    Section.check(section);
     if (sections[section] == null) {
       return emptyRecordArray;
     }
@@ -355,10 +378,18 @@ public Record[] getSectionArray(int section) {
     return l.toArray(new Record[0]);
   }
 
-  private static boolean sameSet(Record r1, Record r2) {
-    return (r1.getRRsetType() == r2.getRRsetType()
-        && r1.getDClass() == r2.getDClass()
-        && r1.getName().equals(r2.getName()));
+  /**
+   * Returns all records in the given section, or an empty list if the section is empty.
+   *
+   * @see Record
+   * @see Section
+   */
+  public List<Record> getSection(int section) {
+    Section.check(section);
+    if (sections[section] == null) {
+      return Collections.emptyList();
+    }
+    return Collections.unmodifiableList(sections[section]);
   }
 
   /**
@@ -367,35 +398,31 @@ private static boolean sameSet(Record r1, Record r2) {
    * @see RRset
    * @see Section
    */
-  public RRset[] getSectionRRsets(int section) {
+  @SuppressWarnings("java:S1119") // label
+  public List<RRset> getSectionRRsets(int section) {
+    Section.check(section);
     if (sections[section] == null) {
-      return emptyRRsetArray;
-    }
-    List<RRset<Record>> sets = new LinkedList<>();
-    Record[] recs = getSectionArray(section);
-    Set<Name> hash = new HashSet<>();
-    for (Record rec : recs) {
-      Name name = rec.getName();
-      boolean newset = true;
-      if (hash.contains(name)) {
-        for (int j = sets.size() - 1; j >= 0; j--) {
-          RRset<Record> set = sets.get(j);
-          if (set.getType() == rec.getRRsetType()
-              && set.getDClass() == rec.getDClass()
-              && set.getName().equals(name)) {
-            set.addRR(rec);
-            newset = false;
-            break;
-          }
+      return Collections.emptyList();
+    }
+
+    List<RRset> sets = new LinkedList<>();
+    record_iteration:
+    for (Record rec : sections[section]) {
+      for (int j = sets.size() - 1; j >= 0; j--) {
+        RRset set = sets.get(j);
+        if (rec.sameRRset(set)) {
+          set.addRR(rec);
+
+          // Existing set found, continue with the next record
+          continue record_iteration;
         }
       }
-      if (newset) {
-        RRset<Record> set = new RRset<>(rec);
-        sets.add(set);
-        hash.add(name);
-      }
+
+      // No existing set found, create a new one
+      sets.add(new RRset(rec));
     }
-    return sets.toArray(new RRset[0]);
+
+    return sets;
   }
 
   void toWire(DNSOutput out) {
@@ -425,7 +452,7 @@ private int sectionToWire(DNSOutput out, int section, Compression c, int maxLeng
         continue;
       }
 
-      if (lastrec != null && !sameSet(rec, lastrec)) {
+      if (lastrec != null && !rec.sameRRset(lastrec)) {
         pos = out.current();
         rendered = count;
       }
@@ -440,7 +467,7 @@ private int sectionToWire(DNSOutput out, int section, Compression c, int maxLeng
     return n - count;
   }
 
-  /* Returns true if the message could be rendered. */
+  /* Returns true if the message could be completely rendered (i.e. not truncated). */
   private boolean toWire(DNSOutput out, int maxLength) {
     if (maxLength < Header.LENGTH) {
       return false;
@@ -499,13 +526,19 @@ private boolean toWire(DNSOutput out, int maxLength) {
       TSIGRecord tsigrec = tsigkey.generate(this, out.toByteArray(), tsigerror, querytsig);
 
       tsigrec.toWire(out, Section.ADDITIONAL, c);
+      generatedTsig = tsigrec;
       out.writeU16At(additionalCount + 1, startpos + 10);
     }
 
-    return true;
+    return !Header.getFlag(flags, Flags.TC);
   }
 
-  /** Returns an array containing the wire format representation of the Message. */
+  /**
+   * Returns an array containing the wire format representation of the {@link Message}, but does not
+   * do any additional processing (e.g. OPT/TSIG records, truncation).
+   *
+   * <p>Do NOT use this to actually transmit a message, use {@link #toWire(int)} instead.
+   */
   public byte[] toWire() {
     DNSOutput out = new DNSOutput();
     toWire(out);
@@ -515,14 +548,15 @@ public byte[] toWire() {
 
   /**
    * Returns an array containing the wire format representation of the Message with the specified
-   * maximum length. This will generate a truncated message (with the TC bit) if the message doesn't
-   * fit, and will also sign the message with the TSIG key set by a call to setTSIG(). This method
-   * may return null if the message could not be rendered at all; this could happen if maxLength is
-   * smaller than a DNS header, for example.
+   * maximum length. Equivalent to calling {@link #toWire(int maxLength, boolean truncate)
+   * toWire(maxLength, true)}.
+   *
+   * <p>Do NOT use this method in conjunction with {@link TSIG#apply(Message, TSIGRecord)}, it
+   * produces inconsistent results! Use {@link #setTSIG(TSIG, int, TSIGRecord)} instead.
    *
    * @param maxLength The maximum length of the message.
-   * @return The wire format of the message, or null if the message could not be rendered into the
-   *     specified length.
+   * @return The wire format of the message, or an empty array if the message could not be rendered
+   *     into the specified length.
    * @see Flags
    * @see TSIG
    */
@@ -533,6 +567,46 @@ public byte[] toWire(int maxLength) {
     return out.toByteArray();
   }
 
+  /**
+   * Returns an array containing the wire format representation of the Message with the specified
+   * maximum length. If {@code truncate} is {@code true} it will generate a truncated message (with
+   * the TC bit) if the message doesn't fit, otherwise an exception will be thrown. It will also
+   * sign the message with the TSIG key set by a call to {@link #setTSIG(TSIG, int, TSIGRecord)}.
+   * This method may return an empty byte array if the message could not be rendered at all; this
+   * could happen if maxLength is smaller than a DNS header, for example.
+   *
+   * <p>Do NOT use this method in conjunction with {@link TSIG#apply(Message, TSIGRecord)}, it
+   * produces inconsistent results! Use {@link #setTSIG(TSIG, int, TSIGRecord)} instead.
+   *
+   * @param maxLength The maximum length of the message.
+   * @return The wire format of the message, or an empty array if the message could not be rendered
+   *     into the specified length.
+   * @throws MessageSizeExceededException When the message size would exceed the specified {@code
+   *     maxLength}.
+   * @see Flags
+   * @see TSIG
+   */
+  public byte[] toWire(int maxLength, boolean truncate) throws MessageSizeExceededException {
+    DNSOutput out = new DNSOutput();
+    boolean completelyRendered = toWire(out, maxLength);
+    if (!completelyRendered && !truncate) {
+      throw new MessageSizeExceededException(maxLength);
+    }
+
+    size = out.current();
+    return out.toByteArray();
+  }
+
+  /**
+   * Sets the TSIG key to sign a message.
+   *
+   * @param key The TSIG key.
+   * @since 3.5.1
+   */
+  public void setTSIG(TSIG key) {
+    setTSIG(key, Rcode.NOERROR, null);
+  }
+
   /**
    * Sets the TSIG key and other necessary information to sign a message.
    *
@@ -559,25 +633,30 @@ public int numBytes() {
    *
    * @see Section
    */
-  public String sectionToString(int i) {
+  public String sectionToString(int section) {
+    Section.check(section);
+    StringBuilder sb = new StringBuilder();
+    sectionToString(sb, section);
+    return sb.toString();
+  }
+
+  private void sectionToString(StringBuilder sb, int i) {
     if (i > 3) {
-      return null;
+      return;
     }
 
-    StringBuilder sb = new StringBuilder();
-
-    Record[] records = getSectionArray(i);
-    for (Record rec : records) {
+    for (Record rec : getSection(i)) {
       if (i == Section.QUESTION) {
         sb.append(";;\t").append(rec.name);
         sb.append(", type = ").append(Type.string(rec.type));
         sb.append(", class = ").append(DClass.string(rec.dclass));
       } else {
-        sb.append(rec);
+        if (!(rec instanceof OPTRecord)) {
+          sb.append(rec);
+        }
       }
       sb.append("\n");
     }
-    return sb.toString();
   }
 
   /** Converts the Message to a String. */
@@ -586,9 +665,11 @@ public String toString() {
     StringBuilder sb = new StringBuilder();
     OPTRecord opt = getOPT();
     if (opt != null) {
-      sb.append(header.toStringWithRcode(getRcode())).append("\n");
+      sb.append(header.toStringWithRcode(getRcode())).append("\n\n");
+      opt.printPseudoSection(sb);
+      sb.append('\n');
     } else {
-      sb.append(header).append("\n");
+      sb.append(header).append('\n');
     }
     if (isSigned()) {
       sb.append(";; TSIG ");
@@ -605,7 +686,8 @@ public String toString() {
       } else {
         sb.append(";; ").append(Section.updString(i)).append(":\n");
       }
-      sb.append(sectionToString(i)).append("\n");
+      sectionToString(sb, i);
+      sb.append("\n");
     }
     sb.append(";; Message size: ").append(numBytes()).append(" bytes");
     return sb.toString();
@@ -620,15 +702,443 @@ public String toString() {
    * @see OPTRecord
    */
   @Override
-  public Object clone() {
-    Message m = new Message();
+  @SneakyThrows(CloneNotSupportedException.class)
+  @SuppressWarnings({"unchecked", "java:S2975"})
+  public Message clone() {
+    Message m = (Message) super.clone();
+    m.sections = (List<Record>[]) new List<?>[sections.length];
     for (int i = 0; i < sections.length; i++) {
       if (sections[i] != null) {
         m.sections[i] = new LinkedList<>(sections[i]);
       }
     }
-    m.header = (Header) header.clone();
-    m.size = size;
+    m.header = header.clone();
+    if (querytsig != null) {
+      m.querytsig = (TSIGRecord) querytsig.cloneRecord();
+    }
+    if (generatedTsig != null) {
+      m.generatedTsig = (TSIGRecord) generatedTsig.cloneRecord();
+    }
     return m;
   }
+
+  /** Sets the resolver that originally received this Message from a server. */
+  public void setResolver(Resolver resolver) {
+    this.resolver = resolver;
+  }
+
+  /** Gets the resolver that originally received this Message from a server. */
+  public Optional<Resolver> getResolver() {
+    return Optional.ofNullable(resolver);
+  }
+
+  /**
+   * Checks if a record {@link Type} is allowed within a {@link Section}.
+   *
+   * @return {@code true} if the type is allowed, {@code false} otherwise.
+   */
+  boolean isTypeAllowedInSection(int type, int section) {
+    Type.check(type);
+    Section.check(section);
+    switch (section) {
+      case Section.AUTHORITY:
+        if (type == Type.SOA
+            || type == Type.NS
+            || type == Type.DS
+            || type == Type.NSEC
+            || type == Type.NSEC3) {
+          return true;
+        }
+        break;
+      case Section.ADDITIONAL:
+        if (type == Type.A || type == Type.AAAA) {
+          return true;
+        }
+        break;
+    }
+
+    return !Boolean.parseBoolean(System.getProperty("dnsjava.harden_unknown_additional", "true"));
+  }
+
+  /**
+   * Creates a normalized copy of this message by following xNAME chains, synthesizing CNAMEs from
+   * DNAMEs if necessary, and removing illegal RRsets from {@link Section#AUTHORITY} and {@link
+   * Section#ADDITIONAL}.
+   *
+   * <p>Normalization is only applied to {@link Rcode#NOERROR} and {@link Rcode#NXDOMAIN} responses.
+   *
+   * <p>This method is equivalent to calling {@link #normalize(Message, boolean)} with {@code
+   * false}.
+   *
+   * @param query The query that produced this message.
+   * @return {@code null} if the message could not be normalized or is otherwise invalid.
+   * @since 3.6
+   */
+  public Message normalize(Message query) {
+    try {
+      return normalize(query, false);
+    } catch (WireParseException e) {
+      // Cannot happen with 'false'
+    }
+
+    return null;
+  }
+
+  /**
+   * Creates a normalized copy of this message by following xNAME chains, synthesizing CNAMEs from
+   * DNAMEs if necessary, and removing illegal RRsets from {@link Section#AUTHORITY} and {@link
+   * Section#ADDITIONAL}.
+   *
+   * <p>Normalization is only applied to {@link Rcode#NOERROR} and {@link Rcode#NXDOMAIN} responses.
+   *
+   * @param query The query that produced this message.
+   * @param throwOnIrrelevantRecord If {@code true}, throw an exception instead of silently ignoring
+   *     irrelevant records.
+   * @return {@code null} if the message could not be normalized or is otherwise invalid.
+   * @throws WireParseException when {@code throwOnIrrelevantRecord} is {@code true} and an invalid
+   *     or irrelevant record was found.
+   * @since 3.6
+   */
+  public Message normalize(Message query, boolean throwOnIrrelevantRecord)
+      throws WireParseException {
+    if (getRcode() != Rcode.NOERROR && getRcode() != Rcode.NXDOMAIN) {
+      return this;
+    }
+
+    Name sname = query.getQuestion().getName();
+    List<RRset> answerSectionSets = getSectionRRsets(Section.ANSWER);
+    List<RRset> additionalSectionSets = getSectionRRsets(Section.ADDITIONAL);
+    List<RRset> authoritySectionSets = getSectionRRsets(Section.AUTHORITY);
+
+    @SuppressWarnings({"unchecked", "rawtypes"})
+    List<RRset>[] cleanedSection = new ArrayList[4];
+    cleanedSection[Section.ANSWER] = new ArrayList<>();
+    cleanedSection[Section.AUTHORITY] = new ArrayList<>();
+    cleanedSection[Section.ADDITIONAL] = new ArrayList<>();
+    boolean hadNsInAuthority = false;
+
+    // For the ANSWER section, remove all "irrelevant" records and add synthesized CNAMEs from
+    // DNAMEs. This will strip out-of-order CNAMEs as well.
+    for (int i = 0; i < answerSectionSets.size(); i++) {
+      RRset rrset = answerSectionSets.get(i);
+      Name oldSname = sname;
+
+      if (rrset.getType() == Type.DNAME && sname.subdomain(rrset.getName())) {
+        if (rrset.size() > 1) {
+          String template =
+              "Normalization failed in response to <{}/{}/{}> (id {}), found {} entries (instead of just one) in DNAME RRSet <{}/{}>";
+          if (throwOnIrrelevantRecord) {
+            throw new WireParseException(template.replace("{}", "%s"));
+          }
+          log.warn(
+              template,
+              sname,
+              Type.string(query.getQuestion().getType()),
+              DClass.string(query.getQuestion().getDClass()),
+              getHeader().getID(),
+              rrset.size(),
+              rrset.getName(),
+              DClass.string(rrset.getDClass()));
+          return null;
+        }
+
+        // If DNAME was queried, don't attempt to synthesize CNAME
+        if (query.getQuestion().getType() != Type.DNAME) {
+          // The DNAME is valid, accept it
+          cleanedSection[Section.ANSWER].add(rrset);
+
+          // Check if the next rrset is correct CNAME, otherwise synthesize a CNAME
+          RRset nextRRSet = answerSectionSets.size() >= i + 2 ? answerSectionSets.get(i + 1) : null;
+          DNAMERecord dname = ((DNAMERecord) rrset.first());
+          try {
+            // Validate that an existing CNAME matches what we would synthesize
+            if (nextRRSet != null
+                && nextRRSet.getType() == Type.CNAME
+                && nextRRSet.getName().equals(sname)) {
+              Name expected =
+                  Name.concatenate(
+                      nextRRSet.getName().relativize(dname.getName()), dname.getTarget());
+              if (expected.equals(((CNAMERecord) nextRRSet.first()).getTarget())) {
+                continue;
+              }
+            }
+
+            // Add a synthesized CNAME; TTL=0 to avoid caching
+            Name dnameTarget = sname.fromDNAME(dname);
+            cleanedSection[Section.ANSWER].add(
+                new RRset(new CNAMERecord(sname, dname.getDClass(), 0, dnameTarget)));
+            sname = dnameTarget;
+
+            // In DNAME ANY response, can have data after DNAME
+            if (query.getQuestion().getType() == Type.ANY) {
+              for (i++; i < answerSectionSets.size(); i++) {
+                rrset = answerSectionSets.get(i);
+                if (rrset.getName().equals(oldSname)) {
+                  cleanedSection[Section.ANSWER].add(rrset);
+                } else {
+                  break;
+                }
+              }
+            }
+
+            continue;
+          } catch (NameTooLongException e) {
+            String template =
+                "Normalization failed in response to <{}/{}/{}> (id {}), could not synthesize CNAME for DNAME <{}/{}>";
+            if (throwOnIrrelevantRecord) {
+              throw new WireParseException(template.replace("{}", "%s"), e);
+            }
+            log.warn(
+                template,
+                sname,
+                Type.string(query.getQuestion().getType()),
+                DClass.string(query.getQuestion().getDClass()),
+                getHeader().getID(),
+                rrset.getName(),
+                DClass.string(rrset.getDClass()));
+            return null;
+          }
+        }
+      }
+
+      // Ignore irrelevant records
+      if (!sname.equals(rrset.getName())) {
+        logOrThrow(
+            throwOnIrrelevantRecord,
+            "Ignoring irrelevant RRset <{}/{}/{}> in response to <{}/{}/{}> (id {})",
+            rrset,
+            sname,
+            query);
+        continue;
+      }
+
+      // Follow CNAMEs
+      if (rrset.getType() == Type.CNAME && query.getQuestion().getType() != Type.CNAME) {
+        if (rrset.size() > 1) {
+          String template =
+              "Found {} CNAMEs in <{}/{}> response to <{}/{}/{}> (id {}), removing all but the first";
+          if (throwOnIrrelevantRecord) {
+            throw new WireParseException(
+                String.format(
+                    template.replace("{}", "%s"),
+                    rrset.rrs(false).size(),
+                    rrset.getName(),
+                    DClass.string(rrset.getDClass()),
+                    sname,
+                    Type.string(query.getQuestion().getType()),
+                    DClass.string(query.getQuestion().getDClass()),
+                    getHeader().getID()));
+          }
+          log.warn(
+              template,
+              rrset.rrs(false).size(),
+              rrset.getName(),
+              DClass.string(rrset.getDClass()),
+              sname,
+              Type.string(query.getQuestion().getType()),
+              DClass.string(query.getQuestion().getDClass()),
+              getHeader().getID());
+          List<Record> cnameRRset = rrset.rrs(false);
+          for (int cnameIndex = 1; cnameIndex < cnameRRset.size(); cnameIndex++) {
+            rrset.deleteRR(cnameRRset.get(i));
+          }
+        }
+
+        sname = ((CNAMERecord) rrset.first()).getTarget();
+        cleanedSection[Section.ANSWER].add(rrset);
+
+        // In CNAME ANY response, can have data after CNAME
+        if (query.getQuestion().getType() == Type.ANY) {
+          for (i++; i < answerSectionSets.size(); i++) {
+            rrset = answerSectionSets.get(i);
+            if (rrset.getName().equals(oldSname)) {
+              cleanedSection[Section.ANSWER].add(rrset);
+            } else {
+              break;
+            }
+          }
+        }
+
+        continue;
+      }
+
+      // Remove records that don't match the queried type
+      int qtype = getQuestion().getType();
+      if (qtype != Type.ANY && rrset.getActualType() != qtype) {
+        logOrThrow(
+            throwOnIrrelevantRecord,
+            "Ignoring irrelevant RRset <{}/{}/{}> in ANSWER section response to <{}/{}/{}> (id {})",
+            rrset,
+            sname,
+            query);
+        continue;
+      }
+
+      // Mark the additional names from relevant RRset as OK
+      cleanedSection[Section.ANSWER].add(rrset);
+      if (sname.equals(rrset.getName())) {
+        addAdditionalRRset(rrset, additionalSectionSets, cleanedSection[Section.ADDITIONAL]);
+      }
+    }
+
+    for (RRset rrset : authoritySectionSets) {
+      switch (rrset.getType()) {
+        case Type.DNAME:
+        case Type.CNAME:
+        case Type.A:
+        case Type.AAAA:
+          logOrThrow(
+              throwOnIrrelevantRecord,
+              "Ignoring forbidden RRset <{}/{}/{}> in AUTHORITY section response to <{}/{}/{}> (id {})",
+              rrset,
+              sname,
+              query);
+          continue;
+      }
+
+      if (!isTypeAllowedInSection(rrset.getType(), Section.AUTHORITY)) {
+        logOrThrow(
+            throwOnIrrelevantRecord,
+            "Ignoring disallowed RRset <{}/{}/{}> in AUTHORITY section response to <{}/{}/{}> (id {})",
+            rrset,
+            sname,
+            query);
+        continue;
+      }
+
+      if (rrset.getType() == Type.NS) {
+        // NS set must be pertinent to the query
+        if (!sname.subdomain(rrset.getName())) {
+          logOrThrow(
+              throwOnIrrelevantRecord,
+              "Ignoring disallowed RRset <{}/{}/{}> in AUTHORITY section response to <{}/{}/{}> (id {}), not a subdomain of the query",
+              rrset,
+              sname,
+              query);
+          continue;
+        }
+
+        // We don't want NS sets for NODATA or NXDOMAIN answers, because they could contain
+        // poisonous contents, from e.g. fragmentation attacks, inserted after long RRSIGs in the
+        // packet get to the packet border and such
+        if (getRcode() == Rcode.NXDOMAIN
+            || (getRcode() == Rcode.NOERROR
+                && authoritySectionSets.stream().anyMatch(set -> set.getType() == Type.SOA)
+                && sections[Section.ANSWER] == null)) {
+          logOrThrow(
+              throwOnIrrelevantRecord,
+              "Ignoring disallowed RRset <{}/{}/{}> in AUTHORITY section response to <{}/{}/{}> (id {}), NXDOMAIN or NODATA",
+              rrset,
+              sname,
+              query);
+          continue;
+        }
+
+        if (!hadNsInAuthority) {
+          hadNsInAuthority = true;
+        } else {
+          logOrThrow(
+              throwOnIrrelevantRecord,
+              "Ignoring disallowed RRset <{}/{}/{}> in AUTHORITY section response to <{}/{}/{}> (id {}), already seen another NS",
+              rrset,
+              sname,
+              query);
+          continue;
+        }
+      }
+
+      cleanedSection[Section.AUTHORITY].add(rrset);
+      addAdditionalRRset(rrset, additionalSectionSets, cleanedSection[Section.ADDITIONAL]);
+    }
+
+    Message cleanedMessage = new Message(this.getHeader());
+    cleanedMessage.sections[Section.QUESTION] = this.sections[Section.QUESTION];
+    for (int section : new int[] {Section.ANSWER, Section.AUTHORITY, Section.ADDITIONAL}) {
+      cleanedMessage.sections[section] = rrsetListToRecords(cleanedSection[section]);
+
+      // Fixup counts in the header
+      cleanedMessage
+          .getHeader()
+          .setCount(
+              section,
+              cleanedMessage.sections[section] == null
+                  ? 0
+                  : cleanedMessage.sections[section].size());
+    }
+
+    return cleanedMessage;
+  }
+
+  private void logOrThrow(
+      boolean throwOnIrrelevantRecord, String format, RRset rrset, Name sname, Message query)
+      throws WireParseException {
+    if (throwOnIrrelevantRecord) {
+      throw new WireParseException(
+          String.format(
+              format.replace("{}", "%s"),
+              rrset.getName(),
+              DClass.string(rrset.getDClass()),
+              Type.string(rrset.getType()),
+              sname,
+              DClass.string(query.getQuestion().getDClass()),
+              Type.string(query.getQuestion().getType()),
+              getHeader().getID()));
+    }
+
+    log.debug(
+        format,
+        rrset.getName(),
+        DClass.string(rrset.getDClass()),
+        Type.string(rrset.getType()),
+        sname,
+        DClass.string(query.getQuestion().getDClass()),
+        Type.string(query.getQuestion().getType()),
+        getHeader().getID());
+  }
+
+  private List<Record> rrsetListToRecords(List<RRset> rrsets) {
+    if (rrsets.isEmpty()) {
+      return null;
+    }
+
+    List<Record> result = new ArrayList<>(rrsets.size());
+    for (RRset set : rrsets) {
+      result.addAll(set.rrs(false));
+      result.addAll(set.sigs());
+    }
+
+    return result;
+  }
+
+  private void addAdditionalRRset(
+      RRset rrset, List<RRset> additionalSectionSets, List<RRset> cleanedAdditionalSection) {
+    if (!doesTypeHaveAdditionalRecords(rrset.getType())) {
+      return;
+    }
+
+    for (Record r : rrset.rrs(false)) {
+      for (RRset set : additionalSectionSets) {
+        if (set.getName().equals(r.getAdditionalName())
+            && isTypeAllowedInSection(set.getType(), Section.ADDITIONAL)) {
+          cleanedAdditionalSection.add(set);
+        }
+      }
+    }
+  }
+
+  private boolean doesTypeHaveAdditionalRecords(int type) {
+    switch (type) {
+      case Type.MB:
+      case Type.MD:
+      case Type.MF:
+      case Type.NS:
+      case Type.MX:
+      case Type.KX:
+      case Type.SRV:
+      case Type.NAPTR:
+        return true;
+    }
+
+    return false;
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/MessageSizeExceededException.java b/src/main/java/org/xbill/DNS/MessageSizeExceededException.java
new file mode 100644
index 000000000..4387bee4a
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/MessageSizeExceededException.java
@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import lombok.Getter;
+
+/** Indicates that converting a {@link Message} to wire format exceeded the maximum length. */
+@Getter
+public final class MessageSizeExceededException extends Exception {
+  /** Gets the maximum allowed size (in bytes). */
+  private final int maxSize;
+
+  MessageSizeExceededException(int maxSize) {
+    super("Message size would exceed the allowed maximum of " + maxSize + " bytes");
+    this.maxSize = maxSize;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/Mnemonic.java b/src/main/java/org/xbill/DNS/Mnemonic.java
index 68f8eb30c..912ecab13 100644
--- a/src/main/java/org/xbill/DNS/Mnemonic.java
+++ b/src/main/java/org/xbill/DNS/Mnemonic.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -21,10 +22,10 @@ class Mnemonic {
   /* Strings will be stored/searched for in lowercase. */
   static final int CASE_LOWER = 3;
 
-  private HashMap<String, Integer> strings;
-  private HashMap<Integer, String> values;
-  private String description;
-  private int wordcase;
+  private final HashMap<String, Integer> strings;
+  private final HashMap<Integer, String> values;
+  private final String description;
+  private final int wordcase;
   private String prefix;
   private int max;
   private boolean numericok;
@@ -62,7 +63,7 @@ public void setNumericAllowed(boolean numeric) {
   /** Checks that a numeric value is within the range [0..max] */
   public void check(int val) {
     if (val < 0 || val > max) {
-      throw new IllegalArgumentException(description + " " + val + "is out of range");
+      throw new IllegalArgumentException(description + " " + val + " is out of range");
     }
   }
 
@@ -83,6 +84,7 @@ private int parseNumeric(String s) {
         return val;
       }
     } catch (NumberFormatException e) {
+      // Ignore
     }
     return -1;
   }
@@ -100,6 +102,17 @@ public void add(int val, String str) {
     values.put(val, str);
   }
 
+  /**
+   * Removes both the numeric value and its text representation, including all aliases.
+   *
+   * @param val The numeric value
+   * @since 3.1
+   */
+  public void remove(int val) {
+    values.remove(val);
+    strings.entrySet().removeIf(entry -> entry.getValue() == val);
+  }
+
   /**
    * Defines an additional text representation of a numeric value. This will be used by getValue(),
    * but not getText().
@@ -113,6 +126,17 @@ public void addAlias(int val, String str) {
     strings.put(str, val);
   }
 
+  /**
+   * Removes an additional text representation of a numeric value.
+   *
+   * @param str The text string
+   * @since 3.1
+   */
+  public void removeAlias(String str) {
+    str = sanitize(str);
+    strings.remove(str);
+  }
+
   /**
    * Copies all mnemonics from one table into another.
    *
@@ -158,12 +182,10 @@ public int getValue(String str) {
     if (value != null) {
       return value;
     }
-    if (prefix != null) {
-      if (str.startsWith(prefix)) {
-        int val = parseNumeric(str.substring(prefix.length()));
-        if (val >= 0) {
-          return val;
-        }
+    if (prefix != null && str.startsWith(prefix)) {
+      int val = parseNumeric(str.substring(prefix.length()));
+      if (val >= 0) {
+        return val;
       }
     }
     if (numericok) {
diff --git a/src/main/java/org/xbill/DNS/NAPTRRecord.java b/src/main/java/org/xbill/DNS/NAPTRRecord.java
index 6e5a7042a..87d5f9720 100644
--- a/src/main/java/org/xbill/DNS/NAPTRRecord.java
+++ b/src/main/java/org/xbill/DNS/NAPTRRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2000-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,24 +10,19 @@
  * will produce a new domain.
  *
  * @author Chuck Santos
- * @see <a href="https://tools.ietf.org/html/rfc3403">RFC 3403: Dynamic Delegation Discovery System
- *     (DDDS) Part Three: The Domain Name System (DNS) Database</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc3403">RFC 3403: Dynamic Delegation
+ *     Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database</a>
  */
 public class NAPTRRecord extends Record {
-
-  private static final long serialVersionUID = 5191232392044947002L;
-
-  private int order, preference;
-  private byte[] flags, service, regexp;
+  private int order;
+  private int preference;
+  private byte[] flags;
+  private byte[] service;
+  private byte[] regexp;
   private Name replacement;
 
   NAPTRRecord() {}
 
-  @Override
-  Record getObject() {
-    return new NAPTRRecord();
-  }
-
   /**
    * Creates an NAPTR Record from the given data
    *
@@ -63,7 +59,7 @@ public NAPTRRecord(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     order = in.readU16();
     preference = in.readU16();
     flags = in.readCountedString();
@@ -73,7 +69,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     order = st.getUInt16();
     preference = st.getUInt16();
     try {
@@ -88,7 +84,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(order);
     sb.append(" ");
@@ -135,7 +131,7 @@ public Name getReplacement() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(order);
     out.writeU16(preference);
     out.writeCountedString(flags);
diff --git a/src/main/java/org/xbill/DNS/NSAPRecord.java b/src/main/java/org/xbill/DNS/NSAPRecord.java
index 6af7a921e..8b881757b 100644
--- a/src/main/java/org/xbill/DNS/NSAPRecord.java
+++ b/src/main/java/org/xbill/DNS/NSAPRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -10,21 +11,14 @@
  * NSAP Address Record.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1706">RFC 1706: DNS NSAP Resource Records</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1706">RFC 1706: DNS NSAP Resource
+ *     Records</a>
  */
 public class NSAPRecord extends Record {
-
-  private static final long serialVersionUID = -1037209403185658593L;
-
   private byte[] address;
 
   NSAPRecord() {}
 
-  @Override
-  Record getObject() {
-    return new NSAPRecord();
-  }
-
   private static byte[] checkAndConvertAddress(String address) {
     if (!address.substring(0, 2).equalsIgnoreCase("0x")) {
       return null;
@@ -71,12 +65,12 @@ public NSAPRecord(Name name, int dclass, long ttl, String address) {
   }
 
   @Override
-  void rrFromWire(DNSInput in) {
+  protected void rrFromWire(DNSInput in) {
     address = in.readByteArray();
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     String addr = st.getString();
     this.address = checkAndConvertAddress(addr);
     if (this.address == null) {
@@ -90,12 +84,12 @@ public String getAddress() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeByteArray(address);
   }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     return "0x" + base16.toString(address);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java b/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java
index 8d7fbf618..478ddd15b 100644
--- a/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java
+++ b/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,19 +7,12 @@
  * NSAP Pointer Record - maps a domain name representing an NSAP Address to a hostname. (obsolete)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1706">RFC 1706: DNS NSAP Resource Records</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1706">RFC 1706: DNS NSAP Resource
+ *     Records</a>
  */
 public class NSAP_PTRRecord extends SingleNameBase {
-
-  private static final long serialVersionUID = 2386284746382064904L;
-
   NSAP_PTRRecord() {}
 
-  @Override
-  Record getObject() {
-    return new NSAP_PTRRecord();
-  }
-
   /**
    * Creates a new NSAP_PTR Record with the given data
    *
diff --git a/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java b/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java
index fe048e2ae..ce5ce4b93 100644
--- a/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java
+++ b/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -14,13 +15,10 @@
  *
  * @author Brian Wellington
  * @author David Blacka
- * @see <a href="https://tools.ietf.org/html/rfc5155">RFC 5155: DNS Security (DNSSEC) Hashed
- *     Authenticated Denial of Existence</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc5155">RFC 5155: DNS Security (DNSSEC)
+ *     Hashed Authenticated Denial of Existence</a>
  */
 public class NSEC3PARAMRecord extends Record {
-
-  private static final long serialVersionUID = -8689038598776316533L;
-
   private int hashAlg;
   private int flags;
   private int iterations;
@@ -28,11 +26,6 @@ public class NSEC3PARAMRecord extends Record {
 
   NSEC3PARAMRecord() {}
 
-  @Override
-  Record getObject() {
-    return new NSEC3PARAMRecord();
-  }
-
   /**
    * Creates an NSEC3PARAM record from the given data.
    *
@@ -53,7 +46,7 @@ public NSEC3PARAMRecord(
 
     if (salt != null) {
       if (salt.length > 255) {
-        throw new IllegalArgumentException("Invalid salt " + "length");
+        throw new IllegalArgumentException("Invalid salt length");
       }
       if (salt.length > 0) {
         this.salt = new byte[salt.length];
@@ -63,21 +56,21 @@ public NSEC3PARAMRecord(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     hashAlg = in.readU8();
     flags = in.readU8();
     iterations = in.readU16();
 
-    int salt_length = in.readU8();
-    if (salt_length > 0) {
-      salt = in.readByteArray(salt_length);
+    int saltLength = in.readU8();
+    if (saltLength > 0) {
+      salt = in.readByteArray(saltLength);
     } else {
       salt = null;
     }
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU8(hashAlg);
     out.writeU8(flags);
     out.writeU16(iterations);
@@ -91,7 +84,7 @@ void rrToWire(DNSOutput out, Compression c, boolean canonical) {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     hashAlg = st.getUInt8();
     flags = st.getUInt8();
     iterations = st.getUInt16();
@@ -110,7 +103,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(hashAlg);
     sb.append(' ');
diff --git a/src/main/java/org/xbill/DNS/NSEC3Record.java b/src/main/java/org/xbill/DNS/NSEC3Record.java
index 6e13538c4..aaad185b9 100644
--- a/src/main/java/org/xbill/DNS/NSEC3Record.java
+++ b/src/main/java/org/xbill/DNS/NSEC3Record.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -17,8 +18,8 @@
  *
  * @author Brian Wellington
  * @author David Blacka
- * @see <a href="https://tools.ietf.org/html/rfc5155">RFC 5155: DNS Security (DNSSEC) Hashed
- *     Authenticated Denial of Existence</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc5155">RFC 5155: DNS Security (DNSSEC)
+ *     Hashed Authenticated Denial of Existence</a>
  */
 public class NSEC3Record extends Record {
 
@@ -33,14 +34,35 @@ private Flags() {}
   public static class Digest {
     private Digest() {}
 
+    private static final Mnemonic digests =
+        new Mnemonic("DNSSEC NSEC3 Hash Algorithms", Mnemonic.CASE_SENSITIVE);
+
+    static {
+      digests.add(1, "SHA-1");
+    }
+
+    /** Converts an algorithm into its textual representation */
+    public static String string(int alg) {
+      return digests.getText(alg);
+    }
+
+    /**
+     * Converts a textual representation of an algorithm into its numeric code. Integers in the
+     * range 0..255 are also accepted.
+     *
+     * @param s The textual representation of the algorithm
+     * @return The algorithm code, or -1 on error.
+     */
+    public static int value(String s) {
+      return digests.getValue(s);
+    }
+
     /** SHA-1 */
     public static final int SHA1 = 1;
   }
 
   public static final int SHA1_DIGEST_ID = Digest.SHA1;
 
-  private static final long serialVersionUID = -7123504635968932855L;
-
   private int hashAlg;
   private int flags;
   private int iterations;
@@ -52,11 +74,6 @@ private Digest() {}
 
   NSEC3Record() {}
 
-  @Override
-  Record getObject() {
-    return new NSEC3Record();
-  }
-
   /**
    * Creates an NSEC3 record from the given data.
    *
@@ -104,25 +121,25 @@ public NSEC3Record(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     hashAlg = in.readU8();
     flags = in.readU8();
     iterations = in.readU16();
 
-    int salt_length = in.readU8();
-    if (salt_length > 0) {
-      salt = in.readByteArray(salt_length);
+    int saltLength = in.readU8();
+    if (saltLength > 0) {
+      salt = in.readByteArray(saltLength);
     } else {
       salt = null;
     }
 
-    int next_length = in.readU8();
-    next = in.readByteArray(next_length);
+    int nextLength = in.readU8();
+    next = in.readByteArray(nextLength);
     types = new TypeBitmap(in);
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU8(hashAlg);
     out.writeU8(flags);
     out.writeU16(iterations);
@@ -140,7 +157,7 @@ void rrToWire(DNSOutput out, Compression c, boolean canonical) {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     hashAlg = st.getUInt8();
     flags = st.getUInt8();
     iterations = st.getUInt16();
@@ -162,7 +179,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(hashAlg);
     sb.append(' ');
diff --git a/src/main/java/org/xbill/DNS/NSECRecord.java b/src/main/java/org/xbill/DNS/NSECRecord.java
index 0f0a42106..67375944e 100644
--- a/src/main/java/org/xbill/DNS/NSECRecord.java
+++ b/src/main/java/org/xbill/DNS/NSECRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -13,23 +14,15 @@
  *
  * @author Brian Wellington
  * @author David Blacka
- * @see <a href="https://tools.ietf.org/html/rfc4034">RFC 4034: Resource Records for the DNS
- *     Security Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4034">RFC 4034: Resource Records for the
+ *     DNS Security Extensions</a>
  */
 public class NSECRecord extends Record {
-
-  private static final long serialVersionUID = -5165065768816265385L;
-
   private Name next;
   private TypeBitmap types;
 
   NSECRecord() {}
 
-  @Override
-  Record getObject() {
-    return new NSECRecord();
-  }
-
   /**
    * Creates an NSEC Record from the given data.
    *
@@ -46,27 +39,27 @@ public NSECRecord(Name name, int dclass, long ttl, Name next, int[] types) {
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     next = new Name(in);
     types = new TypeBitmap(in);
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     // Note: The next name is not lowercased.
     next.toWire(out, null, false);
     types.toWire(out);
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     next = st.getName(origin);
     types = new TypeBitmap(st);
   }
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(next);
     if (!types.empty()) {
diff --git a/src/main/java/org/xbill/DNS/NSIDOption.java b/src/main/java/org/xbill/DNS/NSIDOption.java
index 11f92fe29..477e36ebe 100644
--- a/src/main/java/org/xbill/DNS/NSIDOption.java
+++ b/src/main/java/org/xbill/DNS/NSIDOption.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -7,13 +8,10 @@
  *
  * @see OPTRecord
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc5001">RFC 5001: DNS Name Server Identifier (NSID)
- *     Option</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc5001">RFC 5001: DNS Name Server Identifier
+ *     (NSID) Option</a>
  */
 public class NSIDOption extends GenericEDNSOption {
-
-  private static final long serialVersionUID = 74739759292589056L;
-
   NSIDOption() {
     super(EDNSOption.Code.NSID);
   }
diff --git a/src/main/java/org/xbill/DNS/NSRecord.java b/src/main/java/org/xbill/DNS/NSRecord.java
index 1ed2d7cf3..e5a075717 100644
--- a/src/main/java/org/xbill/DNS/NSRecord.java
+++ b/src/main/java/org/xbill/DNS/NSRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,20 +7,12 @@
  * Name Server Record - contains the name server serving the named zone
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class NSRecord extends SingleCompressedNameBase {
-
-  private static final long serialVersionUID = 487170758138268838L;
-
   NSRecord() {}
 
-  @Override
-  Record getObject() {
-    return new NSRecord();
-  }
-
   /**
    * Creates a new NS Record with the given data
    *
diff --git a/src/main/java/org/xbill/DNS/NULLRecord.java b/src/main/java/org/xbill/DNS/NULLRecord.java
index 4aabed60d..a96554fe4 100644
--- a/src/main/java/org/xbill/DNS/NULLRecord.java
+++ b/src/main/java/org/xbill/DNS/NULLRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -8,22 +9,14 @@
  * The NULL Record. This has no defined purpose, but can be used to hold arbitrary data.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class NULLRecord extends Record {
-
-  private static final long serialVersionUID = -5796493183235216538L;
-
   private byte[] data;
 
   NULLRecord() {}
 
-  @Override
-  Record getObject() {
-    return new NULLRecord();
-  }
-
   /**
    * Creates a NULL record from the given data.
    *
@@ -39,17 +32,17 @@ public NULLRecord(Name name, int dclass, long ttl, byte[] data) {
   }
 
   @Override
-  void rrFromWire(DNSInput in) {
+  protected void rrFromWire(DNSInput in) {
     data = in.readByteArray();
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     throw st.exception("no defined text format for NULL records");
   }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     return unknownToString(data);
   }
 
@@ -59,7 +52,7 @@ public byte[] getData() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeByteArray(data);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/NXTRecord.java b/src/main/java/org/xbill/DNS/NXTRecord.java
index 6a0da4cd8..ac1347fc1 100644
--- a/src/main/java/org/xbill/DNS/NXTRecord.java
+++ b/src/main/java/org/xbill/DNS/NXTRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -11,23 +12,15 @@
  * signifies a failed query for data in a DNSSEC-signed zone.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2065">RFC 2065: Domain Name System Security
- *     Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2065">RFC 2065: Domain Name System
+ *     Security Extensions</a>
  */
 public class NXTRecord extends Record {
-
-  private static final long serialVersionUID = -8851454400765507520L;
-
   private Name next;
   private BitSet bitmap;
 
   NXTRecord() {}
 
-  @Override
-  Record getObject() {
-    return new NXTRecord();
-  }
-
   /**
    * Creates an NXT Record from the given data
    *
@@ -41,7 +34,7 @@ public NXTRecord(Name name, int dclass, long ttl, Name next, BitSet bitmap) {
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     next = new Name(in);
     bitmap = new BitSet();
     int bitmapLength = in.remaining();
@@ -56,7 +49,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     next = st.getName(origin);
     bitmap = new BitSet();
     while (true) {
@@ -64,9 +57,9 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
       if (!t.isString()) {
         break;
       }
-      int typecode = Type.value(t.value, true);
+      int typecode = Type.value(t.value(), true);
       if (typecode <= 0 || typecode > 128) {
-        throw st.exception("Invalid type: " + t.value);
+        throw st.exception("Invalid type: " + t.value());
       }
       bitmap.set(typecode);
     }
@@ -75,7 +68,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(next);
     int length = bitmap.length();
@@ -99,11 +92,11 @@ public BitSet getBitmap() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     next.toWire(out, null, canonical);
     int length = bitmap.length();
     for (int i = 0, t = 0; i < length; i++) {
-      t |= (bitmap.get(i) ? (1 << (7 - i % 8)) : 0);
+      t |= bitmap.get(i) ? (1 << (7 - i % 8)) : 0;
       if (i % 8 == 7 || i == length - 1) {
         out.writeU8(t);
         t = 0;
diff --git a/src/main/java/org/xbill/DNS/Name.java b/src/main/java/org/xbill/DNS/Name.java
index 8dc894de5..99580d3e4 100644
--- a/src/main/java/org/xbill/DNS/Name.java
+++ b/src/main/java/org/xbill/DNS/Name.java
@@ -1,10 +1,11 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.io.IOException;
 import java.io.Serializable;
-import java.text.DecimalFormat;
+import java.util.Arrays;
 import lombok.extern.slf4j.Slf4j;
 
 /**
@@ -13,9 +14,9 @@
  * @author Brian Wellington
  */
 @Slf4j
-public class Name implements Comparable, Serializable {
+public class Name implements Comparable<Name>, Serializable {
 
-  private static final long serialVersionUID = -7257019940971525644L;
+  private static final long serialVersionUID = -6036624806201621219L;
 
   private static final int LABEL_NORMAL = 0;
   private static final int LABEL_COMPRESSION = 0xC0;
@@ -24,14 +25,14 @@ public class Name implements Comparable, Serializable {
   /* The name data */
   private byte[] name;
 
-  /*
-   * Effectively an 8 byte array, where the low order byte stores the number
-   * of labels and the 7 higher order bytes store per-label offsets.
-   */
+  /* Effectively an 8 byte array, where the bytes store per-label offsets. */
   private long offsets;
 
   /* Precomputed hashcode. */
-  private int hashcode;
+  private transient int hashcode;
+
+  /* The number of labels in this name. */
+  private int labels;
 
   private static final byte[] emptyLabel = new byte[] {(byte) 0};
   private static final byte[] wildLabel = new byte[] {(byte) 1, (byte) '*'};
@@ -48,14 +49,8 @@ public class Name implements Comparable, Serializable {
   /** The maximum length of a label a Name */
   private static final int MAXLABEL = 63;
 
-  /** The maximum number of labels in a Name */
-  private static final int MAXLABELS = 128;
-
-  /** The maximum number of cached offsets */
-  private static final int MAXOFFSETS = 7;
-
-  /* Used for printing non-printable characters */
-  private static final DecimalFormat byteFormat = new DecimalFormat();
+  /** The maximum number of cached offsets, the first offset (always zero) is not stored. */
+  private static final int MAXOFFSETS = 9;
 
   /* Used to efficiently convert bytes to lowercase */
   private static final byte[] lowercase = new byte[256];
@@ -64,7 +59,6 @@ public class Name implements Comparable, Serializable {
   private static final Name wild;
 
   static {
-    byteFormat.setMinimumIntegerDigits(3);
     for (int i = 0; i < lowercase.length; i++) {
       if (i < 'A' || i > 'Z') {
         lowercase[i] = (byte) i;
@@ -73,120 +67,120 @@ public class Name implements Comparable, Serializable {
       }
     }
     root = new Name();
-    root.appendSafe(emptyLabel, 0, 1);
+    root.name = emptyLabel;
+    root.labels = 1;
     empty = new Name();
     empty.name = new byte[0];
     wild = new Name();
-    wild.appendSafe(wildLabel, 0, 1);
+    wild.name = wildLabel;
+    wild.labels = 1;
   }
 
   private Name() {}
 
-  private void setoffset(int n, int offset) {
-    if (n >= MAXOFFSETS) {
+  private void setOffset(int n, int offset) {
+    if (n == 0 || n >= MAXOFFSETS) {
       return;
     }
-    int shift = 8 * (7 - n);
-    offsets &= (~(0xFFL << shift));
-    offsets |= ((long) offset << shift);
+    int shift = 8 * (n - 1);
+    offsets &= ~(0xFFL << shift);
+    offsets |= (long) offset << shift;
   }
 
   private int offset(int n) {
-    if (n == 0 && getlabels() == 0) {
+    if (n == 0) {
       return 0;
     }
-    if (n < 0 || n >= getlabels()) {
+    if (n < 1 || n >= labels) {
       throw new IllegalArgumentException("label out of range");
     }
     if (n < MAXOFFSETS) {
-      int shift = 8 * (7 - n);
-      return ((int) (offsets >>> shift) & 0xFF);
+      int shift = 8 * (n - 1);
+      return (int) (offsets >>> shift) & 0xFF;
     } else {
-      int pos = offset(MAXOFFSETS - 1);
+      int pos = (int) (offsets >>> (8 * (MAXOFFSETS - 2))) & 0xFF;
       for (int i = MAXOFFSETS - 1; i < n; i++) {
-        pos += (name[pos] + 1);
+        pos += name[pos] + 1;
       }
-      return (pos);
+      return pos;
     }
   }
 
-  private void setlabels(int labels) {
-    offsets &= ~(0xFF);
-    offsets |= labels;
-  }
-
-  private int getlabels() {
-    return (int) (offsets & 0xFF);
-  }
-
   private static void copy(Name src, Name dst) {
-    if (src.offset(0) == 0) {
-      dst.name = src.name;
-      dst.offsets = src.offsets;
-    } else {
-      int offset0 = src.offset(0);
-      int namelen = src.name.length - offset0;
-      int labels = src.labels();
-      dst.name = new byte[namelen];
-      System.arraycopy(src.name, offset0, dst.name, 0, namelen);
-      for (int i = 0; i < labels && i < MAXOFFSETS; i++) {
-        dst.setoffset(i, src.offset(i) - offset0);
-      }
-      dst.setlabels(labels);
-    }
+    dst.name = src.name;
+    dst.offsets = src.offsets;
+    dst.labels = src.labels;
   }
 
-  private void append(byte[] array, int start, int n) throws NameTooLongException {
-    int length = (name == null ? 0 : (name.length - offset(0)));
-    int alength = 0;
-    for (int i = 0, pos = start; i < n; i++) {
-      int len = array[pos];
-      if (len > MAXLABEL) {
-        throw new IllegalStateException("invalid label");
-      }
-      len++;
+  private void append(byte[] array, int arrayOffset, int numLabels) throws NameTooLongException {
+    int length = name == null ? 0 : name.length;
+    int appendLength = 0;
+    for (int i = 0, pos = arrayOffset; i < numLabels; i++) {
+      // add one byte for the label length
+      int len = array[pos] + 1;
       pos += len;
-      alength += len;
+      appendLength += len;
     }
-    int newlength = length + alength;
+    int newlength = length + appendLength;
     if (newlength > MAXNAME) {
       throw new NameTooLongException();
     }
-    int labels = getlabels();
-    int newlabels = labels + n;
-    if (newlabels > MAXLABELS) {
-      throw new IllegalStateException("too many labels");
-    }
-    byte[] newname = new byte[newlength];
-    if (length != 0) {
-      System.arraycopy(name, offset(0), newname, 0, length);
+    byte[] newname;
+    if (name != null) {
+      newname = Arrays.copyOf(name, newlength);
+    } else {
+      newname = new byte[newlength];
     }
-    System.arraycopy(array, start, newname, length, alength);
+    System.arraycopy(array, arrayOffset, newname, length, appendLength);
     name = newname;
-    for (int i = 0, pos = length; i < n; i++) {
-      setoffset(labels + i, pos);
-      pos += (newname[pos] + 1);
+    for (int i = 0, pos = length; i < numLabels && i < MAXOFFSETS; i++) {
+      setOffset(labels + i, pos);
+      pos += newname[pos] + 1;
+    }
+    labels += numLabels;
+  }
+
+  private void append(char[] label, int len) throws NameTooLongException {
+    int destPos = prepareAppend(len);
+    for (int i = 0; i < len; i++) {
+      name[destPos + i] = (byte) label[i];
     }
-    setlabels(newlabels);
   }
 
-  private static TextParseException parseException(String str, String message) {
-    return new TextParseException("'" + str + "': " + message);
+  private int prepareAppend(int len) throws NameTooLongException {
+    int length = name == null ? 0 : name.length;
+    // add one byte for the label length
+    int newlength = length + 1 + len;
+    if (newlength > MAXNAME) {
+      throw new NameTooLongException();
+    }
+    byte[] newname;
+    if (name != null) {
+      newname = Arrays.copyOf(name, newlength);
+    } else {
+      newname = new byte[newlength];
+    }
+    newname[length] = (byte) len;
+    name = newname;
+    setOffset(labels, length);
+    labels++;
+    return length + 1;
   }
 
-  private void appendFromString(String fullName, byte[] array, int start, int n)
+  private void appendFromString(String fullName, char[] label, int length)
       throws TextParseException {
     try {
-      append(array, start, n);
+      append(label, length);
     } catch (NameTooLongException e) {
-      throw parseException(fullName, "Name too long");
+      throw new TextParseException(fullName, "Name too long", e);
     }
   }
 
-  private void appendSafe(byte[] array, int start, int n) {
+  private void appendFromString(String fullName, byte[] label, int n) throws TextParseException {
     try {
-      append(array, start, n);
+      append(label, 0, n);
     } catch (NameTooLongException e) {
+      throw new TextParseException(fullName, "Name too long");
     }
   }
 
@@ -201,7 +195,7 @@ private void appendSafe(byte[] array, int start, int n) {
   public Name(String s, Name origin) throws TextParseException {
     switch (s) {
       case "":
-        throw parseException(s, "empty name");
+        throw new TextParseException("empty name");
       case "@":
         if (origin == null) {
           copy(empty, this);
@@ -209,77 +203,84 @@ public Name(String s, Name origin) throws TextParseException {
           copy(origin, this);
         }
         return;
-      case ".":
+      case ".": // full stop
         copy(root, this);
         return;
     }
     int labelstart = -1;
-    int pos = 1;
-    byte[] label = new byte[MAXLABEL + 1];
+    int pos = 0;
+    char[] label = new char[MAXLABEL];
     boolean escaped = false;
     int digits = 0;
     int intval = 0;
     boolean absolute = false;
     for (int i = 0; i < s.length(); i++) {
-      byte b = (byte) s.charAt(i);
+      char c = s.charAt(i);
+      if (c > 0xff) {
+        throw new TextParseException(s, "Illegal character in name");
+      }
       if (escaped) {
-        if (b >= '0' && b <= '9' && digits < 3) {
+        if (c >= '0' && c <= '9' && digits < 3) {
           digits++;
           intval *= 10;
-          intval += (b - '0');
+          intval += c - '0';
           if (intval > 255) {
-            throw parseException(s, "bad escape");
+            throw new TextParseException(s, "bad escape");
           }
           if (digits < 3) {
             continue;
           }
-          b = (byte) intval;
+          c = (char) intval;
         } else if (digits > 0 && digits < 3) {
-          throw parseException(s, "bad escape");
+          throw new TextParseException(s, "bad escape");
         }
-        if (pos > MAXLABEL) {
-          throw parseException(s, "label too long");
+        if (pos >= MAXLABEL) {
+          throw new TextParseException(s, "label too long");
         }
         labelstart = pos;
-        label[pos++] = b;
+        label[pos++] = c;
         escaped = false;
-      } else if (b == '\\') {
+      } else if (c == '\\') {
         escaped = true;
         digits = 0;
         intval = 0;
-      } else if (b == '.') {
+      } else if (c == '.') {
         if (labelstart == -1) {
-          throw parseException(s, "invalid empty label");
+          throw new TextParseException(s, "invalid empty label");
         }
-        label[0] = (byte) (pos - 1);
-        appendFromString(s, label, 0, 1);
+        appendFromString(s, label, pos);
         labelstart = -1;
-        pos = 1;
+        pos = 0;
       } else {
         if (labelstart == -1) {
           labelstart = i;
         }
-        if (pos > MAXLABEL) {
-          throw parseException(s, "label too long");
+        if (pos >= MAXLABEL) {
+          throw new TextParseException(s, "label too long");
         }
-        label[pos++] = b;
+        label[pos++] = c;
       }
     }
-    if (digits > 0 && digits < 3) {
-      throw parseException(s, "bad escape");
-    }
-    if (escaped) {
-      throw parseException(s, "bad escape");
+    if (digits > 0 && digits < 3 || escaped) {
+      throw new TextParseException(s, "bad escape");
     }
     if (labelstart == -1) {
-      appendFromString(s, emptyLabel, 0, 1);
+      appendFromString(s, emptyLabel, 1);
       absolute = true;
     } else {
-      label[0] = (byte) (pos - 1);
-      appendFromString(s, label, 0, 1);
+      appendFromString(s, label, pos);
     }
     if (origin != null && !absolute) {
-      appendFromString(s, origin.name, origin.offset(0), origin.getlabels());
+      absolute = origin.isAbsolute();
+      appendFromString(s, origin.name, origin.labels);
+    }
+    // A relative name that is MAXNAME octets long is a strange and wonderful thing.
+    // Not technically in violation, but it can not be used for queries as it needs
+    // to be made absolute by appending at the very least the empty label at the
+    // end, which there is no room for. To make life easier for everyone, let's only
+    // allow Names that are MAXNAME long if they are absolute.
+    if (!absolute && length() == MAXNAME) {
+      throw new TextParseException(s, "Name too long");
     }
   }
 
@@ -304,10 +305,10 @@ public Name(String s) throws TextParseException {
    * @throws TextParseException The name is invalid.
    */
   public static Name fromString(String s, Name origin) throws TextParseException {
-    if (s.equals("@") && origin != null) {
-      return origin;
+    if (s.equals("@")) {
+      return origin != null ? origin : empty;
     } else if (s.equals(".")) {
-      return (root);
+      return root;
     }
 
     return new Name(s, origin);
@@ -347,7 +348,8 @@ public static Name fromConstantString(String s) {
    *     name to be read.
    */
   public Name(DNSInput in) throws WireParseException {
-    int len, pos;
+    int len;
+    int pos;
     boolean done = false;
     byte[] label = new byte[MAXLABEL + 1];
     boolean savedState = false;
@@ -356,9 +358,6 @@ public Name(DNSInput in) throws WireParseException {
       len = in.readU8();
       switch (len & LABEL_MASK) {
         case LABEL_NORMAL:
-          if (getlabels() >= MAXLABELS) {
-            throw new WireParseException("too many labels");
-          }
           if (len == 0) {
             append(emptyLabel, 0, 1);
             done = true;
@@ -370,8 +369,8 @@ public Name(DNSInput in) throws WireParseException {
           break;
         case LABEL_COMPRESSION:
           pos = in.readU8();
-          pos += ((len & ~LABEL_MASK) << 8);
-          log.debug("currently {}, pointer to {}", in.current(), pos);
+          pos += (len & ~LABEL_MASK) << 8;
+          log.trace("currently {}, pointer to {}", in.current(), pos);
 
           if (pos >= in.current() - 2) {
             throw new WireParseException("bad compression");
@@ -381,7 +380,7 @@ public Name(DNSInput in) throws WireParseException {
             savedState = true;
           }
           in.jump(pos);
-          log.debug("current name '{}', seeking to {}", this, pos);
+          log.trace("current name '{}', seeking to {}", this, pos);
           break;
         default:
           throw new WireParseException("bad label type");
@@ -408,32 +407,38 @@ public Name(byte[] b) throws IOException {
    * @param n The number of labels to remove from the beginning in the copy
    */
   public Name(Name src, int n) {
-    int slabels = src.labels();
-    if (n > slabels) {
-      throw new IllegalArgumentException("attempted to remove too " + "many labels");
+    if (n > src.labels) {
+      throw new IllegalArgumentException("attempted to remove too many labels");
     }
-    name = src.name;
-    setlabels(slabels - n);
-    for (int i = 0; i < MAXOFFSETS && i < slabels - n; i++) {
-      setoffset(i, src.offset(i + n));
+    if (n == src.labels) {
+      copy(empty, this);
+      return;
+    }
+
+    labels = src.labels - n;
+    name = Arrays.copyOfRange(src.name, src.offset(n), src.name.length);
+    int strippedBytes = src.offset(n);
+    for (int i = 1; i < MAXOFFSETS && i < labels; i++) {
+      setOffset(i, src.offset(i + n) - strippedBytes);
     }
   }
 
   /**
-   * Creates a new name by concatenating two existing names.
+   * Creates a new name by concatenating two existing names. If the {@code prefix} name is absolute
+   * {@code prefix} is returned unmodified.
    *
-   * @param prefix The prefix name.
+   * @param prefix The prefix name. Must be relative.
    * @param suffix The suffix name.
    * @return The concatenated name.
    * @throws NameTooLongException The name is too long.
    */
   public static Name concatenate(Name prefix, Name suffix) throws NameTooLongException {
     if (prefix.isAbsolute()) {
-      return (prefix);
+      return prefix;
     }
     Name newname = new Name();
-    copy(prefix, newname);
-    newname.append(suffix.name, suffix.offset(0), suffix.getlabels());
+    newname.append(prefix.name, 0, prefix.labels);
+    newname.append(suffix.name, 0, suffix.labels);
     return newname;
   }
 
@@ -449,12 +454,11 @@ public Name relativize(Name origin) {
       return this;
     }
     Name newname = new Name();
-    copy(this, newname);
     int length = length() - origin.length();
-    int labels = newname.labels() - origin.labels();
-    newname.setlabels(labels);
+    newname.labels = labels - origin.labels;
+    newname.offsets = offsets;
     newname.name = new byte[length];
-    System.arraycopy(name, offset(0), newname.name, 0, length);
+    System.arraycopy(name, 0, newname.name, 0, length);
     return newname;
   }
 
@@ -465,12 +469,12 @@ public Name relativize(Name origin) {
    */
   public Name wild(int n) {
     if (n < 1) {
-      throw new IllegalArgumentException("must replace 1 or more " + "labels");
+      throw new IllegalArgumentException("must replace 1 or more labels");
     }
     try {
       Name newname = new Name();
       copy(wild, newname);
-      newname.append(name, offset(n), getlabels() - n);
+      newname.append(name, offset(n), labels - n);
       return newname;
     } catch (NameTooLongException e) {
       throw new IllegalStateException("Name.wild: concatenate failed");
@@ -494,9 +498,11 @@ public Name canonicalize() {
     }
 
     Name newname = new Name();
-    newname.appendSafe(name, offset(0), getlabels());
+    newname.offsets = offsets;
+    newname.labels = labels;
+    newname.name = new byte[length()];
     for (int i = 0; i < newname.name.length; i++) {
-      newname.name[i] = lowercase[newname.name[i] & 0xFF];
+      newname.name[i] = lowercase[name[i] & 0xFF];
     }
 
     return newname;
@@ -506,7 +512,8 @@ public Name canonicalize() {
    * Generates a new Name to be used when following a DNAME.
    *
    * @param dname The DNAME record to follow.
-   * @return The constructed name.
+   * @return The constructed name or {@code null} if this Name is not a subdomain of the {@code
+   *     dname} name.
    * @throws NameTooLongException The resulting name is too long.
    */
   public Name fromDNAME(DNAMERecord dname) throws NameTooLongException {
@@ -516,11 +523,10 @@ public Name fromDNAME(DNAMERecord dname) throws NameTooLongException {
       return null;
     }
 
-    int plabels = labels() - dnameowner.labels();
+    int plabels = labels - dnameowner.labels;
     int plength = length() - dnameowner.length();
-    int pstart = offset(0);
 
-    int dlabels = dnametarget.labels();
+    int dlabels = dnametarget.labels;
     int dlength = dnametarget.length();
 
     if (plength + dlength > MAXNAME) {
@@ -528,52 +534,49 @@ public Name fromDNAME(DNAMERecord dname) throws NameTooLongException {
     }
 
     Name newname = new Name();
-    newname.setlabels(plabels + dlabels);
-    newname.name = new byte[plength + dlength];
-    System.arraycopy(name, pstart, newname.name, 0, plength);
+    newname.labels = plabels + dlabels;
+    newname.name = Arrays.copyOf(name, plength + dlength);
     System.arraycopy(dnametarget.name, 0, newname.name, plength, dlength);
 
     for (int i = 0, pos = 0; i < MAXOFFSETS && i < plabels + dlabels; i++) {
-      newname.setoffset(i, pos);
-      pos += (newname.name[pos] + 1);
+      newname.setOffset(i, pos);
+      pos += newname.name[pos] + 1;
     }
     return newname;
   }
 
   /** Is this name a wildcard? */
   public boolean isWild() {
-    if (labels() == 0) {
+    if (labels == 0) {
       return false;
     }
-    return (name[0] == (byte) 1 && name[1] == (byte) '*');
+    return name[0] == (byte) 1 && name[1] == (byte) '*';
   }
 
   /** Is this name absolute? */
   public boolean isAbsolute() {
-    int nlabels = labels();
-    if (nlabels == 0) {
+    if (labels == 0) {
       return false;
     }
-    return name[offset(nlabels - 1)] == 0;
+    return name[offset(labels - 1)] == 0;
   }
 
-  /** The length of the name. */
+  /** The length of the name (in bytes). */
   public short length() {
-    if (getlabels() == 0) {
+    if (labels == 0) {
       return 0;
     }
-    return (short) (name.length - offset(0));
+    return (short) (name.length);
   }
 
   /** The number of labels in the name. */
   public int labels() {
-    return getlabels();
+    return labels;
   }
 
-  /** Is the current Name a subdomain of the specified name? */
+  /** Returns {@code true} if this {@link Name} a subdomain of {@code domain}. */
   public boolean subdomain(Name domain) {
-    int labels = labels();
-    int dlabels = domain.labels();
+    int dlabels = domain.labels;
     if (dlabels > labels) {
       return false;
     }
@@ -590,7 +593,12 @@ private String byteString(byte[] array, int pos) {
       int b = array[i] & 0xFF;
       if (b <= 0x20 || b >= 0x7f) {
         sb.append('\\');
-        sb.append(byteFormat.format(b));
+        if (b < 10) {
+          sb.append("00");
+        } else if (b < 100) {
+          sb.append('0');
+        }
+        sb.append(b);
       } else if (b == '"' || b == '(' || b == ')' || b == '.' || b == ';' || b == '\\' || b == '@'
           || b == '$') {
         sb.append('\\');
@@ -609,29 +617,25 @@ private String byteString(byte[] array, int pos) {
    * @return The representation of this name as a (printable) String.
    */
   public String toString(boolean omitFinalDot) {
-    int labels = labels();
     if (labels == 0) {
       return "@";
-    } else if (labels == 1 && name[offset(0)] == 0) {
+    } else if (labels == 1 && name[0] == 0) {
       return ".";
     }
     StringBuilder sb = new StringBuilder();
-    for (int i = 0, pos = offset(0); i < labels; i++) {
+    for (int label = 0, pos = 0; label < labels; label++) {
       int len = name[pos];
-      if (len > MAXLABEL) {
-        throw new IllegalStateException("invalid label");
-      }
       if (len == 0) {
         if (!omitFinalDot) {
           sb.append('.');
         }
         break;
       }
-      if (i > 0) {
+      if (label > 0) {
         sb.append('.');
       }
       sb.append(byteString(name, pos));
-      pos += (1 + len);
+      pos += 1 + len;
     }
     return sb.toString();
   }
@@ -648,16 +652,14 @@ public String toString() {
 
   /**
    * Retrieve the nth label of a Name. This makes a copy of the label; changing this does not change
-   * the Name.
+   * the Name. The returned byte array includes the label length as the first byte.
    *
    * @param n The label to be retrieved. The first label is 0.
    */
   public byte[] getLabel(int n) {
     int pos = offset(n);
     byte len = (byte) (name[pos] + 1);
-    byte[] label = new byte[len];
-    System.arraycopy(name, pos, label, 0, len);
-    return label;
+    return Arrays.copyOfRange(name, pos, pos + len);
   }
 
   /**
@@ -679,10 +681,9 @@ public String getLabelString(int n) {
    */
   public void toWire(DNSOutput out, Compression c) {
     if (!isAbsolute()) {
-      throw new IllegalArgumentException("toWire() called on " + "non-absolute name");
+      throw new IllegalArgumentException("toWire() called on non-absolute name");
     }
 
-    int labels = labels();
     for (int i = 0; i < labels - 1; i++) {
       Name tname;
       if (i == 0) {
@@ -695,7 +696,7 @@ public void toWire(DNSOutput out, Compression c) {
         pos = c.get(tname);
       }
       if (pos >= 0) {
-        pos |= (LABEL_MASK << 8);
+        pos |= LABEL_MASK << 8;
         out.writeU16(pos);
         return;
       } else {
@@ -736,19 +737,15 @@ public void toWireCanonical(DNSOutput out) {
    * @return The canonical form of the name.
    */
   public byte[] toWireCanonical() {
-    int labels = labels();
     if (labels == 0) {
-      return (new byte[0]);
+      return new byte[0];
     }
-    byte[] b = new byte[name.length - offset(0)];
-    for (int i = 0, spos = offset(0), dpos = 0; i < labels; i++) {
+    byte[] b = new byte[name.length];
+    for (int i = 0, spos = 0, dpos = 0; i < labels; i++) {
       int len = name[spos];
-      if (len > MAXLABEL) {
-        throw new IllegalStateException("invalid label");
-      }
       b[dpos++] = name[spos++];
       for (int j = 0; j < len; j++) {
-        b[dpos++] = lowercase[(name[spos++] & 0xFF)];
+        b[dpos++] = lowercase[name[spos++] & 0xFF];
       }
     }
     return b;
@@ -771,18 +768,14 @@ public void toWire(DNSOutput out, Compression c, boolean canonical) {
   }
 
   private boolean equals(byte[] b, int bpos) {
-    int labels = labels();
-    for (int i = 0, pos = offset(0); i < labels; i++) {
+    for (int i = 0, pos = 0; i < labels; i++) {
       if (name[pos] != b[bpos]) {
         return false;
       }
       int len = name[pos++];
       bpos++;
-      if (len > MAXLABEL) {
-        throw new IllegalStateException("invalid label");
-      }
       for (int j = 0; j < len; j++) {
-        if (lowercase[(name[pos++] & 0xFF)] != lowercase[(b[bpos++] & 0xFF)]) {
+        if (lowercase[name[pos++] & 0xFF] != lowercase[b[bpos++] & 0xFF]) {
           return false;
         }
       }
@@ -799,31 +792,25 @@ public boolean equals(Object arg) {
     if (!(arg instanceof Name)) {
       return false;
     }
-    Name d = (Name) arg;
-    if (d.hashcode == 0) {
-      d.hashCode();
-    }
-    if (hashcode == 0) {
-      hashCode();
-    }
-    if (d.hashcode != hashcode) {
+    Name other = (Name) arg;
+    if (other.labels != labels) {
       return false;
     }
-    if (d.labels() != labels()) {
+    if (other.hashCode() != hashCode()) {
       return false;
     }
-    return equals(d.name, d.offset(0));
+    return equals(other.name, 0);
   }
 
   /** Computes a hashcode based on the value */
   @Override
   public int hashCode() {
     if (hashcode != 0) {
-      return (hashcode);
+      return hashcode;
     }
     int code = 0;
     for (int i = offset(0); i < name.length; i++) {
-      code += ((code << 3) + lowercase[(name[i] & 0xFF)]);
+      code += (code << 3) + (lowercase[name[i] & 0xFF] & 0xFF);
     }
     hashcode = code;
     return hashcode;
@@ -832,23 +819,20 @@ public int hashCode() {
   /**
    * Compares this Name to another Object.
    *
-   * @param o The Object to be compared.
+   * @param arg The name to be compared.
    * @return The value 0 if the argument is a name equivalent to this name; a value less than 0 if
    *     the argument is less than this name in the canonical ordering, and a value greater than 0
    *     if the argument is greater than this name in the canonical ordering.
    * @throws ClassCastException if the argument is not a Name.
    */
   @Override
-  public int compareTo(Object o) {
-    Name arg = (Name) o;
-
+  public int compareTo(Name arg) {
     if (this == arg) {
-      return (0);
+      return 0;
     }
 
-    int labels = labels();
-    int alabels = arg.labels();
-    int compares = labels > alabels ? alabels : labels;
+    int alabels = arg.labels;
+    int compares = Math.min(labels, alabels);
 
     for (int i = 1; i <= compares; i++) {
       int start = offset(labels - i);
@@ -857,15 +841,16 @@ public int compareTo(Object o) {
       int alength = arg.name[astart];
       for (int j = 0; j < length && j < alength; j++) {
         int n =
-            lowercase[(name[j + start + 1]) & 0xFF] - lowercase[(arg.name[j + astart + 1]) & 0xFF];
+            (lowercase[name[j + start + 1] & 0xFF] & 0xFF)
+                - (lowercase[arg.name[j + astart + 1] & 0xFF] & 0xFF);
         if (n != 0) {
-          return (n);
+          return n;
         }
       }
       if (length != alength) {
-        return (length - alength);
+        return length - alength;
       }
     }
-    return (labels - alabels);
+    return labels - alabels;
   }
 }
diff --git a/src/main/java/org/xbill/DNS/NameTooLongException.java b/src/main/java/org/xbill/DNS/NameTooLongException.java
index 61387f190..126568636 100644
--- a/src/main/java/org/xbill/DNS/NameTooLongException.java
+++ b/src/main/java/org/xbill/DNS/NameTooLongException.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2002-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
diff --git a/src/main/java/org/xbill/DNS/NioClient.java b/src/main/java/org/xbill/DNS/NioClient.java
new file mode 100644
index 000000000..1a4311d62
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/NioClient.java
@@ -0,0 +1,282 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 Brian Wellington (bwelling@xbill.org)
+
+package org.xbill.DNS;
+
+import java.io.IOException;
+import java.net.SocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.ClosedSelectorException;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
+import java.util.Iterator;
+import java.util.function.Consumer;
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.utils.hexdump;
+
+/**
+ * Manages the network I/O for the {@link SimpleResolver}. It is mostly an implementation detail of
+ * {@code dnsjava} and the only method intended to be called is {@link #close()} - and only if
+ * {@code dnsjava} is used in an application container like Tomcat. In a normal JVM setup {@link
+ * #close()} is called by a shutdown hook.
+ *
+ * <p>The following configuration parameter is available:
+ *
+ * <dl>
+ *   <dt>{@value SELECTOR_TIMEOUT_PROPERTY}
+ *   <dd>Set selector timeout in milliseconds. Default/Max 1000, Min 1.
+ *   <dt>{@value REGISTER_SHUTDOWN_HOOK_PROPERTY}
+ *   <dd>Register Shutdown Hook termination of NIO. Default True.
+ * </dl>
+ *
+ * @since 3.4
+ */
+@Slf4j
+@NoArgsConstructor(access = AccessLevel.NONE)
+public abstract class NioClient {
+  static final String SELECTOR_TIMEOUT_PROPERTY = "dnsjava.nio.selector_timeout";
+  static final String REGISTER_SHUTDOWN_HOOK_PROPERTY = "dnsjava.nio.register_shutdown_hook";
+  private static final Object NIO_CLIENT_LOCK = new Object();
+
+  /** Packet logger, if available. */
+  private static PacketLogger packetLogger = null;
+
+  private static final Runnable[] TIMEOUT_TASKS = new Runnable[2];
+  private static final Runnable[] CLOSE_TASKS = new Runnable[2];
+
+  private static Consumer<Selector> tcpRegistrationsTask;
+  private static Consumer<Selector> udpRegistrationsTask;
+
+  private static Thread selectorThread;
+  private static Thread closeThread;
+  private static volatile Selector selector;
+  private static volatile boolean run;
+  private static volatile boolean closeDone;
+
+  interface KeyProcessor {
+    void processReadyKey(SelectionKey key);
+  }
+
+  static Selector selector() throws IOException {
+    if (selector == null) {
+      synchronized (NIO_CLIENT_LOCK) {
+        if (selector == null) {
+          selector = Selector.open();
+          log.debug("Starting dnsjava NIO selector thread");
+          run = true;
+          selectorThread = new Thread(NioClient::runSelector);
+          selectorThread.setDaemon(true);
+          selectorThread.setName("dnsjava NIO selector");
+          selectorThread.start();
+          closeThread = new Thread(() -> close(true));
+          closeThread.setName("dnsjava NIO shutdown hook");
+          if (Boolean.parseBoolean(System.getProperty(REGISTER_SHUTDOWN_HOOK_PROPERTY, "true"))) {
+            Runtime.getRuntime().addShutdownHook(closeThread);
+          }
+        }
+      }
+    }
+
+    return selector;
+  }
+
+  /**
+   * Shutdown the network I/O used by the {@link SimpleResolver}.
+   *
+   * @implNote Does not wait until the selector thread has stopped. But users may immediately start
+   *     using the {@link NioClient} again.
+   * @since 3.4.0
+   */
+  public static void close() {
+    close(false);
+  }
+
+  private static void close(boolean fromHook) {
+    log.debug("Closing dnsjava NIO selector, fromHook={}", fromHook);
+    run = false;
+    Selector localSelector = selector;
+    if (localSelector != null) {
+      selector.wakeup();
+    }
+
+    if (!fromHook) {
+      synchronized (NIO_CLIENT_LOCK) {
+        if (closeThread != null) {
+          try {
+            Runtime.getRuntime().removeShutdownHook(closeThread);
+          } catch (Exception ex) {
+            log.warn("Failed to remove shutdown hook, ignoring and continuing close", ex);
+          }
+        }
+      }
+    }
+
+    if (localSelector == null) {
+      // Prevent hanging when close() was called without starting
+      return;
+    }
+
+    synchronized (NIO_CLIENT_LOCK) {
+      try {
+        while (!closeDone) {
+          NIO_CLIENT_LOCK.wait();
+        }
+      } catch (InterruptedException e) {
+        Thread.currentThread().interrupt();
+      } finally {
+        closeDone = false;
+      }
+    }
+  }
+
+  static void runSelector() {
+    int timeout = Integer.getInteger(SELECTOR_TIMEOUT_PROPERTY, 1000);
+
+    if (timeout <= 0 || timeout > 1000) {
+      throw new IllegalArgumentException("Invalid selector_timeout, must be between 1 and 1000");
+    }
+
+    while (run) {
+      try {
+        int numSelects = selector.select(timeout);
+        if (Thread.currentThread().isInterrupted()) {
+          log.debug("Sector thread was interrupted, stopping");
+          close();
+          break;
+        }
+
+        if (numSelects == 0) {
+          runTasks(TIMEOUT_TASKS);
+        }
+
+        if (run) {
+          runRegistrationTasks();
+          processReadyKeys();
+        }
+      } catch (IOException e) {
+        log.error("A selection operation failed", e);
+      } catch (ClosedSelectorException e) {
+        // ignore
+      }
+    }
+
+    runClose();
+    log.debug("dnsjava NIO selector thread stopped");
+  }
+
+  private static void runClose() {
+    try {
+      runTasks(CLOSE_TASKS);
+    } catch (Exception e) {
+      log.warn("Failed to execute shutdown task, ignoring and continuing close", e);
+    }
+
+    Selector localSelector = selector;
+    Thread localSelectorThread = selectorThread;
+    synchronized (NIO_CLIENT_LOCK) {
+      selector = null;
+      selectorThread = null;
+      closeThread = null;
+      closeDone = true;
+      NIO_CLIENT_LOCK.notifyAll();
+    }
+
+    if (localSelector != null) {
+      try {
+        localSelector.close();
+      } catch (IOException e) {
+        log.warn("Failed to properly close selector, ignoring and continuing close", e);
+      }
+    }
+
+    if (localSelectorThread != null) {
+      try {
+        localSelectorThread.join();
+      } catch (InterruptedException e) {
+        Thread.currentThread().interrupt();
+      }
+    }
+  }
+
+  static void setTimeoutTask(Runnable r, boolean isTcpClient) {
+    addTask(TIMEOUT_TASKS, r, isTcpClient);
+  }
+
+  static void setRegistrationsTask(Consumer<Selector> r, boolean isTcpClient) {
+    if (isTcpClient) {
+      tcpRegistrationsTask = r;
+    } else {
+      udpRegistrationsTask = r;
+    }
+  }
+
+  static void setCloseTask(Runnable r, boolean isTcpClient) {
+    addTask(CLOSE_TASKS, r, isTcpClient);
+  }
+
+  private static void addTask(Runnable[] tasks, Runnable r, boolean isTcpClient) {
+    if (isTcpClient) {
+      tasks[0] = r;
+    } else {
+      tasks[1] = r;
+    }
+  }
+
+  private static void runTasks(Runnable[] runnables) {
+    Runnable r0 = runnables[0];
+    if (r0 != null) {
+      r0.run();
+    }
+    Runnable r1 = runnables[1];
+    if (r1 != null) {
+      r1.run();
+    }
+  }
+
+  private static void runRegistrationTasks() {
+    Consumer<Selector> tcpTask = tcpRegistrationsTask;
+    if (tcpTask != null) {
+      tcpTask.accept(selector);
+    }
+    Consumer<Selector> udpTask = udpRegistrationsTask;
+    if (udpTask != null) {
+      udpTask.accept(selector);
+    }
+  }
+
+  private static void processReadyKeys() {
+    Iterator<SelectionKey> it = selector.selectedKeys().iterator();
+    while (it.hasNext()) {
+      SelectionKey key = it.next();
+      it.remove();
+      KeyProcessor t = (KeyProcessor) key.attachment();
+      t.processReadyKey(key);
+    }
+  }
+
+  static void verboseLog(
+      String prefix, SocketAddress local, SocketAddress remote, ByteBuffer data) {
+    if (log.isTraceEnabled() || packetLogger != null) {
+      byte[] dst = new byte[data.remaining()];
+      int pos = data.position();
+      data.get(dst, 0, data.remaining());
+      data.position(pos);
+      verboseLog(prefix, local, remote, dst);
+    }
+  }
+
+  static void verboseLog(String prefix, SocketAddress local, SocketAddress remote, byte[] data) {
+    if (log.isTraceEnabled()) {
+      log.trace(hexdump.dump(prefix, data));
+    }
+    if (packetLogger != null) {
+      packetLogger.log(prefix, local, remote, data);
+    }
+  }
+
+  static void setPacketLogger(PacketLogger logger) {
+    packetLogger = logger;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/NioTcpClient.java b/src/main/java/org/xbill/DNS/NioTcpClient.java
new file mode 100644
index 000000000..72df9827f
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/NioTcpClient.java
@@ -0,0 +1,348 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.SocketTimeoutException;
+import java.nio.ByteBuffer;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
+import java.nio.channels.SocketChannel;
+import java.time.Duration;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Queue;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentLinkedQueue;
+import lombok.EqualsAndHashCode;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.io.TcpIoClient;
+
+@Slf4j
+final class NioTcpClient extends NioClient implements TcpIoClient {
+  private final Queue<ChannelState> registrationQueue = new ConcurrentLinkedQueue<>();
+  private final Map<ChannelKey, ChannelState> channelMap = new ConcurrentHashMap<>();
+
+  NioTcpClient() {
+    setRegistrationsTask(this::processPendingRegistrations, true);
+    setTimeoutTask(this::checkTransactionTimeouts, true);
+    setCloseTask(this::closeTcp, true);
+  }
+
+  private void processPendingRegistrations(Selector selector) {
+    while (!registrationQueue.isEmpty()) {
+      ChannelState state = registrationQueue.poll();
+      if (state == null) {
+        continue;
+      }
+
+      try {
+        if (!state.channel.isConnected()) {
+          state.channel.register(selector, SelectionKey.OP_CONNECT, state);
+        } else {
+          state.channel.keyFor(selector).interestOps(SelectionKey.OP_WRITE);
+        }
+      } catch (IOException e) {
+        state.handleChannelException(e);
+      }
+    }
+  }
+
+  private void checkTransactionTimeouts() {
+    for (ChannelState state : channelMap.values()) {
+      for (Iterator<Transaction> it = state.pendingTransactions.iterator(); it.hasNext(); ) {
+        Transaction t = it.next();
+        if (t.endTime - System.nanoTime() < 0) {
+          t.f.completeExceptionally(new SocketTimeoutException("Query timed out"));
+          it.remove();
+        }
+      }
+    }
+  }
+
+  private void closeTcp() {
+    registrationQueue.clear();
+    EOFException closing = new EOFException("Client is closing");
+    for (ChannelState state : channelMap.values()) {
+      state.handleTransactionException(closing);
+      state.handleChannelException(closing);
+    }
+    channelMap.clear();
+  }
+
+  @RequiredArgsConstructor
+  private static final class Transaction {
+    private final Message query;
+    private final byte[] queryData;
+    private final long endTime;
+    private final SocketChannel channel;
+    private final CompletableFuture<byte[]> f;
+    private ByteBuffer queryDataBuffer;
+    long bytesWrittenTotal = 0;
+
+    boolean send() throws IOException {
+      // send can be invoked multiple times if the entire buffer couldn't be written at once
+      if (bytesWrittenTotal == queryData.length + 2) {
+        return true;
+      }
+
+      if (queryDataBuffer == null) {
+        // combine length+message to avoid multiple TCP packets
+        // https://datatracker.ietf.org/doc/html/rfc7766#section-8
+        queryDataBuffer = ByteBuffer.allocate(queryData.length + 2);
+        queryDataBuffer.put((byte) (queryData.length >>> 8));
+        queryDataBuffer.put((byte) (queryData.length & 0xFF));
+        queryDataBuffer.put(queryData);
+        queryDataBuffer.flip();
+      }
+
+      verboseLog(
+          "TCP write: transaction id=" + query.getHeader().getID(),
+          channel.socket().getLocalSocketAddress(),
+          channel.socket().getRemoteSocketAddress(),
+          queryDataBuffer);
+
+      while (queryDataBuffer.hasRemaining()) {
+        long bytesWritten = channel.write(queryDataBuffer);
+        bytesWrittenTotal += bytesWritten;
+        if (bytesWritten == 0) {
+          log.debug(
+              "Insufficient room for the data in the underlying output buffer for transaction {}, retrying",
+              query.getHeader().getID());
+          return false;
+        } else if (bytesWrittenTotal < queryData.length) {
+          log.debug(
+              "Wrote {} of {} bytes data for transaction {}",
+              bytesWrittenTotal,
+              queryData.length,
+              query.getHeader().getID());
+        }
+      }
+
+      log.debug(
+          "Send for transaction {} is complete, wrote {} bytes",
+          query.getHeader().getID(),
+          bytesWrittenTotal);
+      return true;
+    }
+  }
+
+  @RequiredArgsConstructor
+  private class ChannelState implements KeyProcessor {
+    private final SocketChannel channel;
+    final Queue<Transaction> pendingTransactions = new ConcurrentLinkedQueue<>();
+    ByteBuffer responseLengthData = ByteBuffer.allocate(2);
+    ByteBuffer responseData = ByteBuffer.allocate(Message.MAXLENGTH);
+    int readState = 0;
+
+    @Override
+    public void processReadyKey(SelectionKey key) {
+      if (key.isValid()) {
+        if (key.isConnectable()) {
+          processConnect(key);
+        } else {
+          if (key.isWritable()) {
+            processWrite(key);
+          }
+          if (key.isReadable()) {
+            processRead(key);
+          }
+        }
+      } else {
+        handleTransactionException(new EOFException("Invalid key"));
+      }
+    }
+
+    void handleTransactionException(IOException e) {
+      for (Iterator<Transaction> it = pendingTransactions.iterator(); it.hasNext(); ) {
+        Transaction t = it.next();
+        t.f.completeExceptionally(e);
+        it.remove();
+      }
+    }
+
+    private void handleChannelException(IOException e) {
+      handleTransactionException(e);
+      for (Map.Entry<ChannelKey, ChannelState> entry : channelMap.entrySet()) {
+        if (entry.getValue() == this) {
+          channelMap.remove(entry.getKey());
+          try {
+            channel.close();
+          } catch (IOException ex) {
+            log.warn(
+                "Failed to close channel l={}/r={}",
+                entry.getKey().local,
+                entry.getKey().remote,
+                ex);
+          }
+          return;
+        }
+      }
+    }
+
+    private void processConnect(SelectionKey key) {
+      try {
+        channel.finishConnect();
+        key.interestOps(SelectionKey.OP_WRITE);
+      } catch (IOException e) {
+        handleChannelException(e);
+        key.cancel();
+      }
+    }
+
+    private void processRead(SelectionKey key) {
+      try {
+        if (readState == 0) {
+          int read = channel.read(responseLengthData);
+          if (read < 0) {
+            handleChannelException(new EOFException());
+            key.cancel();
+            return;
+          }
+
+          if (responseLengthData.position() == 2) {
+            int length =
+                ((responseLengthData.get(0) & 0xFF) << 8) + (responseLengthData.get(1) & 0xFF);
+            responseLengthData.flip();
+            responseData.limit(length);
+            readState = 1;
+          }
+        }
+
+        int read = channel.read(responseData);
+        if (read < 0) {
+          handleChannelException(new EOFException());
+          key.cancel();
+          return;
+        } else if (responseData.hasRemaining()) {
+          return;
+        }
+      } catch (IOException e) {
+        handleChannelException(e);
+        key.cancel();
+        return;
+      }
+
+      readState = 0;
+      responseData.flip();
+      byte[] data = new byte[responseData.limit()];
+      System.arraycopy(
+          responseData.array(), responseData.arrayOffset(), data, 0, responseData.limit());
+
+      // The message was shorter than the minimum length to find the transaction, abort
+      if (data.length < 2) {
+        verboseLog(
+            "TCP read: response too short for a valid reply, discarding",
+            channel.socket().getLocalSocketAddress(),
+            channel.socket().getRemoteSocketAddress(),
+            data);
+        return;
+      }
+
+      int id = ((data[0] & 0xFF) << 8) + (data[1] & 0xFF);
+      verboseLog(
+          "TCP read: transaction id=" + id,
+          channel.socket().getLocalSocketAddress(),
+          channel.socket().getRemoteSocketAddress(),
+          data);
+
+      for (Iterator<Transaction> it = pendingTransactions.iterator(); it.hasNext(); ) {
+        Transaction t = it.next();
+        int qid = t.query.getHeader().getID();
+        if (id == qid) {
+          t.f.complete(data);
+          it.remove();
+          return;
+        }
+      }
+
+      log.warn("Transaction for answer to id {} not found", id);
+    }
+
+    private void processWrite(SelectionKey key) {
+      for (Iterator<Transaction> it = pendingTransactions.iterator(); it.hasNext(); ) {
+        Transaction t = it.next();
+        try {
+          if (!t.send()) {
+            // Write was incomplete because the output buffer was full. Wait until the selector
+            // tells us that we can write again
+            key.interestOps(SelectionKey.OP_WRITE);
+            return;
+          }
+        } catch (IOException e) {
+          t.f.completeExceptionally(e);
+          it.remove();
+          key.cancel();
+        }
+      }
+
+      key.interestOps(SelectionKey.OP_READ);
+    }
+  }
+
+  @RequiredArgsConstructor
+  @EqualsAndHashCode
+  private static class ChannelKey {
+    final InetSocketAddress local;
+    final InetSocketAddress remote;
+  }
+
+  @Override
+  public CompletableFuture<byte[]> sendAndReceiveTcp(
+      InetSocketAddress local,
+      InetSocketAddress remote,
+      Message query,
+      byte[] data,
+      Duration timeout) {
+    CompletableFuture<byte[]> f = new CompletableFuture<>();
+    try {
+      final Selector selector = selector();
+      long endTime = System.nanoTime() + timeout.toNanos();
+      ChannelState channel =
+          channelMap.computeIfAbsent(
+              new ChannelKey(local, remote),
+              key -> {
+                log.debug("Opening async channel for l={}/r={}", local, remote);
+                SocketChannel c = null;
+                try {
+                  c = SocketChannel.open();
+                  c.configureBlocking(false);
+                  if (local != null) {
+                    c.bind(local);
+                  }
+
+                  c.connect(remote);
+                  return new ChannelState(c);
+                } catch (IOException e) {
+                  if (c != null) {
+                    try {
+                      c.close();
+                    } catch (IOException ee) {
+                      // ignore
+                    }
+                  }
+                  f.completeExceptionally(e);
+                  return null;
+                }
+              });
+      if (channel != null) {
+        log.trace(
+            "Creating transaction for id {} ({}/{})",
+            query.getHeader().getID(),
+            query.getQuestion().getName(),
+            Type.string(query.getQuestion().getType()));
+        Transaction t = new Transaction(query, data, endTime, channel.channel, f);
+        channel.pendingTransactions.add(t);
+        registrationQueue.add(channel);
+        selector.wakeup();
+      }
+    } catch (IOException e) {
+      f.completeExceptionally(e);
+    }
+
+    return f;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/NioUdpClient.java b/src/main/java/org/xbill/DNS/NioUdpClient.java
new file mode 100644
index 000000000..bfd2da3e0
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/NioUdpClient.java
@@ -0,0 +1,258 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.SocketException;
+import java.net.SocketTimeoutException;
+import java.nio.ByteBuffer;
+import java.nio.channels.DatagramChannel;
+import java.nio.channels.NotYetConnectedException;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
+import java.security.SecureRandom;
+import java.time.Duration;
+import java.util.Iterator;
+import java.util.Queue;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ConcurrentLinkedQueue;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.io.UdpIoClient;
+
+@Slf4j
+final class NioUdpClient extends NioClient implements UdpIoClient {
+  private final int ephemeralStart;
+  private final int ephemeralRange;
+
+  private final SecureRandom prng;
+  private final Queue<Transaction> registrationQueue = new ConcurrentLinkedQueue<>();
+  private final Queue<Transaction> pendingTransactions = new ConcurrentLinkedQueue<>();
+
+  NioUdpClient() {
+    // https://datatracker.ietf.org/doc/html/rfc6335#section-6
+    int ephemeralStartDefault = 49152;
+    int ephemeralEndDefault = 65535;
+
+    // Linux usually uses 32768-60999
+    if (System.getProperty("os.name").toLowerCase().contains("linux")) {
+      ephemeralStartDefault = 32768;
+      ephemeralEndDefault = 60999;
+    }
+
+    ephemeralStart = Integer.getInteger("dnsjava.udp.ephemeral.start", ephemeralStartDefault);
+    int ephemeralEnd = Integer.getInteger("dnsjava.udp.ephemeral.end", ephemeralEndDefault);
+    ephemeralRange = ephemeralEnd - ephemeralStart;
+
+    if (Boolean.getBoolean("dnsjava.udp.ephemeral.use_ephemeral_port")) {
+      prng = null;
+    } else {
+      prng = new SecureRandom();
+    }
+    setRegistrationsTask(this::processPendingRegistrations, false);
+    setTimeoutTask(this::checkTransactionTimeouts, false);
+    setCloseTask(this::closeUdp, false);
+  }
+
+  private void processPendingRegistrations(Selector selector) {
+    while (!registrationQueue.isEmpty()) {
+      Transaction t = registrationQueue.poll();
+      if (t == null) {
+        continue;
+      }
+
+      try {
+        log.trace("Registering OP_READ for transaction with id {}", t.id);
+        t.channel.register(selector, SelectionKey.OP_READ, t);
+        t.send();
+      } catch (IOException e) {
+        t.completeExceptionally(e);
+      }
+    }
+  }
+
+  private void checkTransactionTimeouts() {
+    for (Iterator<Transaction> it = pendingTransactions.iterator(); it.hasNext(); ) {
+      Transaction t = it.next();
+      if (t.endTime - System.nanoTime() < 0) {
+        t.completeExceptionally(new SocketTimeoutException("Query timed out"));
+        it.remove();
+      }
+    }
+  }
+
+  @RequiredArgsConstructor
+  private final class Transaction implements KeyProcessor {
+    private final int id;
+    private final byte[] data;
+    private final int max;
+    private final long endTime;
+    private final DatagramChannel channel;
+    private final CompletableFuture<byte[]> f;
+
+    void send() throws IOException {
+      ByteBuffer buffer = ByteBuffer.wrap(data);
+      verboseLog(
+          "UDP write: transaction id=" + id,
+          channel.socket().getLocalSocketAddress(),
+          channel.socket().getRemoteSocketAddress(),
+          data);
+      int n = channel.send(buffer, channel.socket().getRemoteSocketAddress());
+      if (n == 0) {
+        throw new EOFException(
+            "Insufficient room for the datagram in the underlying output buffer for transaction "
+                + id);
+      } else if (n < data.length) {
+        throw new EOFException("Could not send all data for transaction " + id);
+      }
+    }
+
+    @Override
+    public void processReadyKey(SelectionKey key) {
+      if (!key.isValid()) {
+        completeExceptionally(new EOFException("Key for transaction " + id + " is invalid"));
+        pendingTransactions.remove(this);
+        return;
+      }
+
+      if (!key.isReadable()) {
+        completeExceptionally(new EOFException("Key for transaction " + id + " is not readable"));
+        pendingTransactions.remove(this);
+        key.cancel();
+        return;
+      }
+
+      DatagramChannel keyChannel = (DatagramChannel) key.channel();
+      ByteBuffer buffer = ByteBuffer.allocate(max);
+      int read;
+      try {
+        read = keyChannel.read(buffer);
+        if (read <= 0) {
+          throw new EOFException("Could not read expected data for transaction " + id);
+        }
+      } catch (IOException | NotYetConnectedException e) {
+        completeExceptionally(e);
+        pendingTransactions.remove(this);
+        key.cancel();
+        return;
+      }
+
+      buffer.flip();
+      byte[] resultingData = new byte[read];
+      System.arraycopy(buffer.array(), 0, resultingData, 0, read);
+      verboseLog(
+          "UDP read: transaction id=" + id,
+          keyChannel.socket().getLocalSocketAddress(),
+          keyChannel.socket().getRemoteSocketAddress(),
+          resultingData);
+      key.cancel();
+      silentDisconnectAndCloseChannel();
+      f.complete(resultingData);
+      pendingTransactions.remove(this);
+    }
+
+    private void completeExceptionally(Exception e) {
+      silentDisconnectAndCloseChannel();
+      f.completeExceptionally(e);
+    }
+
+    private void silentDisconnectAndCloseChannel() {
+      try {
+        channel.disconnect();
+      } catch (IOException e) {
+        // ignore, we either already have everything we need or can't do anything
+      } finally {
+        NioUdpClient.silentCloseChannel(channel);
+      }
+    }
+  }
+
+  @Override
+  public CompletableFuture<byte[]> sendAndReceiveUdp(
+      InetSocketAddress local,
+      InetSocketAddress remote,
+      Message query,
+      byte[] data,
+      int max,
+      Duration timeout) {
+    long endTime = System.nanoTime() + timeout.toNanos();
+    CompletableFuture<byte[]> f = new CompletableFuture<>();
+    DatagramChannel channel = null;
+    try {
+      final Selector selector = selector();
+      channel = DatagramChannel.open();
+      channel.configureBlocking(false);
+
+      Transaction t = new Transaction(query.getHeader().getID(), data, max, endTime, channel, f);
+      if (local == null || local.getPort() == 0) {
+        boolean bound = false;
+        for (int i = 0; i < 1024 && !bound; i++) {
+          bound = tryBindToSocket(local, channel);
+        }
+
+        if (!bound) {
+          t.completeExceptionally(new IOException("No available source port found"));
+          return f;
+        }
+      }
+
+      channel.connect(remote);
+      pendingTransactions.add(t);
+      registrationQueue.add(t);
+      selector.wakeup();
+    } catch (IOException e) {
+      silentCloseChannel(channel);
+      f.completeExceptionally(e);
+    } catch (Throwable e) {
+      // Make sure to close the channel, no matter what, but only handle the declared IOException
+      silentCloseChannel(channel);
+      throw e;
+    }
+
+    return f;
+  }
+
+  private boolean tryBindToSocket(InetSocketAddress local, DatagramChannel channel)
+      throws IOException {
+    try {
+      InetSocketAddress address = null;
+      if (local == null) {
+        if (prng != null) {
+          address = new InetSocketAddress(prng.nextInt(ephemeralRange) + ephemeralStart);
+        }
+      } else {
+        int port = local.getPort();
+        if (port == 0 && prng != null) {
+          port = prng.nextInt(ephemeralRange) + ephemeralStart;
+        }
+
+        address = new InetSocketAddress(local.getAddress(), port);
+      }
+
+      channel.bind(address);
+      return true;
+    } catch (SocketException e) {
+      // ignore, we'll try another random port
+    }
+
+    return false;
+  }
+
+  private static void silentCloseChannel(DatagramChannel channel) {
+    if (channel != null) {
+      try {
+        channel.close();
+      } catch (IOException ioe) {
+        // ignore
+      }
+    }
+  }
+
+  private void closeUdp() {
+    registrationQueue.clear();
+    EOFException closing = new EOFException("Client is closing");
+    pendingTransactions.forEach(t -> t.completeExceptionally(closing));
+    pendingTransactions.clear();
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java b/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java
index e66553e45..ab43bfe61 100644
--- a/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java
+++ b/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import java.io.IOException;
@@ -8,22 +9,14 @@
  *
  * @author Brian Wellington
  * @author Valentin Hauner
- * @see <a href="https://tools.ietf.org/html/rfc7929">RFC 7929: DNS-Based Authentication of Named
- *     Entities (DANE) Bindings for OpenPGP</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7929">RFC 7929: DNS-Based Authentication
+ *     of Named Entities (DANE) Bindings for OpenPGP</a>
  */
 public class OPENPGPKEYRecord extends Record {
-
-  private static final long serialVersionUID = -1277262990243423062L;
-
   private byte[] cert;
 
   OPENPGPKEYRecord() {}
 
-  @Override
-  Record getObject() {
-    return new OPENPGPKEYRecord();
-  }
-
   /**
    * Creates an OPENPGPKEY Record from the given data
    *
@@ -35,21 +28,21 @@ public OPENPGPKEYRecord(Name name, int dclass, long ttl, byte[] cert) {
   }
 
   @Override
-  void rrFromWire(DNSInput in) {
+  protected void rrFromWire(DNSInput in) {
     cert = in.readByteArray();
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     cert = st.getBase64();
   }
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     if (cert != null) {
-      if (Options.check("multiline")) {
+      if (Options.multiline()) {
         sb.append("(\n");
         sb.append(base64.formatString(cert, 64, "\t", true));
       } else {
@@ -65,7 +58,7 @@ public byte[] getCert() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeByteArray(cert);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/OPTRecord.java b/src/main/java/org/xbill/DNS/OPTRecord.java
index d1246b2c7..a8d7cae86 100644
--- a/src/main/java/org/xbill/DNS/OPTRecord.java
+++ b/src/main/java/org/xbill/DNS/OPTRecord.java
@@ -1,9 +1,11 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
@@ -16,20 +18,33 @@
  *
  * @see Message
  * @see Resolver
- * @see <a href="https://tools.ietf.org/html/rfc6891">RFC 6891: Extension Mechanisms for DNS</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc6891">RFC 6891: Extension Mechanisms for
+ *     DNS</a>
  * @author Brian Wellington
  */
 public class OPTRecord extends Record {
-
-  private static final long serialVersionUID = -6254521894809367938L;
-
   private List<EDNSOption> options;
 
   OPTRecord() {}
 
-  @Override
-  Record getObject() {
-    return new OPTRecord();
+  /**
+   * Creates an OPT Record. This is normally called by SimpleResolver, but can also be called by a
+   * server.
+   *
+   * @param payloadSize The size of a packet that can be reassembled on the sending host.
+   * @param xrcode The value of the extended rcode field. This is the upper 16 bits of the full
+   *     rcode.
+   * @param flags Additional message flags.
+   * @param version The EDNS version that this DNS implementation supports. This should be 0 for
+   *     dnsjava.
+   * @param options The options that comprise the data field.
+   * @see ExtendedFlags
+   */
+  public OPTRecord(int payloadSize, int xrcode, int version, int flags, EDNSOption... options) {
+    this(payloadSize, xrcode, version, flags);
+    if (options != null) {
+      this.options = new ArrayList<>(Arrays.asList(options));
+    }
   }
 
   /**
@@ -42,17 +57,11 @@ Record getObject() {
    * @param flags Additional message flags.
    * @param version The EDNS version that this DNS implementation supports. This should be 0 for
    *     dnsjava.
-   * @param options The list of options that comprise the data field. There are currently no defined
-   *     options.
+   * @param options The list of options that comprise the data field.
    * @see ExtendedFlags
    */
   public OPTRecord(int payloadSize, int xrcode, int version, int flags, List<EDNSOption> options) {
-    super(Name.root, Type.OPT, payloadSize, 0);
-    checkU16("payloadSize", payloadSize);
-    checkU8("xrcode", xrcode);
-    checkU8("version", version);
-    checkU16("flags", flags);
-    ttl = ((long) xrcode << 24) + ((long) version << 16) + flags;
+    this(payloadSize, xrcode, version, flags);
     if (options != null) {
       this.options = new ArrayList<>(options);
     }
@@ -71,7 +80,12 @@ public OPTRecord(int payloadSize, int xrcode, int version, int flags, List<EDNSO
    * @see ExtendedFlags
    */
   public OPTRecord(int payloadSize, int xrcode, int version, int flags) {
-    this(payloadSize, xrcode, version, flags, null);
+    super(Name.root, Type.OPT, payloadSize, 0);
+    checkU16("payloadSize", payloadSize);
+    checkU8("xrcode", xrcode);
+    checkU8("version", version);
+    checkU16("flags", flags);
+    ttl = ((long) xrcode << 24) + ((long) version << 16) + flags;
   }
 
   /**
@@ -79,11 +93,11 @@ public OPTRecord(int payloadSize, int xrcode, int version, int flags) {
    * called by a server.
    */
   public OPTRecord(int payloadSize, int xrcode, int version) {
-    this(payloadSize, xrcode, version, 0, null);
+    this(payloadSize, xrcode, version, 0);
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     if (in.remaining() > 0) {
       options = new ArrayList<>();
     }
@@ -94,13 +108,13 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     throw st.exception("no text format defined for OPT");
   }
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     if (options != null) {
       sb.append(options);
@@ -117,6 +131,34 @@ String rrToString() {
     return sb.toString();
   }
 
+  /** Converts this record to a String representation */
+  @Override
+  public String toString() {
+    return Name.root + "\t\t\t\t" + Type.string(type) + "\t" + rrToString();
+  }
+
+  void printPseudoSection(StringBuilder sb) {
+    sb.append(";; OPT PSEUDOSECTION: \n; EDNS: version: ");
+    sb.append(getVersion());
+    sb.append("; flags: ");
+
+    for (int i = 0; i < 16; i++) {
+      if ((getFlags() & (1 << (15 - i))) != 0) {
+        sb.append(ExtendedFlags.stringFromBit(i));
+        sb.append(" ");
+      }
+    }
+    sb.append("; udp: ").append(getPayloadSize());
+    if (options != null) {
+      for (EDNSOption o : options) {
+        sb.append("\n; ")
+            .append(EDNSOption.Code.string(o.getCode()))
+            .append(": ")
+            .append(o.optionToString());
+      }
+    }
+  }
+
   /** Returns the maximum allowed payload size. */
   public int getPayloadSize() {
     return dclass;
@@ -142,7 +184,7 @@ public int getFlags() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     if (options == null) {
       return;
     }
@@ -185,4 +227,14 @@ public List<EDNSOption> getOptions(int code) {
   public boolean equals(final Object arg) {
     return super.equals(arg) && ttl == ((OPTRecord) arg).ttl;
   }
+
+  @Override
+  public int hashCode() {
+    byte[] array = toWireCanonical();
+    int code = 0;
+    for (byte b : array) {
+      code += (code << 3) + (b & 0xFF);
+    }
+    return code;
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/Opcode.java b/src/main/java/org/xbill/DNS/Opcode.java
index 869aaa40a..55414b1ff 100644
--- a/src/main/java/org/xbill/DNS/Opcode.java
+++ b/src/main/java/org/xbill/DNS/Opcode.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -19,12 +20,20 @@ public final class Opcode {
   public static final int STATUS = 2;
 
   /** A message from a primary to a secondary server to initiate a zone transfer */
+  @SuppressWarnings("java:S1845")
   public static final int NOTIFY = 4;
 
   /** A dynamic update message */
   public static final int UPDATE = 5;
 
-  private static Mnemonic opcodes = new Mnemonic("DNS Opcode", Mnemonic.CASE_UPPER);
+  /**
+   * DNS Stateful Operations (DSO).
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8490">RFC 8490</a>
+   */
+  public static final int DSO = 6;
+
+  private static final Mnemonic opcodes = new Mnemonic("DNS Opcode", Mnemonic.CASE_UPPER);
 
   static {
     opcodes.setMaximum(0xF);
@@ -36,6 +45,7 @@ public final class Opcode {
     opcodes.add(STATUS, "STATUS");
     opcodes.add(NOTIFY, "NOTIFY");
     opcodes.add(UPDATE, "UPDATE");
+    opcodes.add(DSO, "DSO");
   }
 
   private Opcode() {}
diff --git a/src/main/java/org/xbill/DNS/Options.java b/src/main/java/org/xbill/DNS/Options.java
index 275f2e112..4459a6320 100644
--- a/src/main/java/org/xbill/DNS/Options.java
+++ b/src/main/java/org/xbill/DNS/Options.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -7,14 +8,22 @@
 import java.util.StringTokenizer;
 
 /**
- * Boolean options:<br>
- * BINDTTL - Print TTLs in BIND format<br>
- * multiline - Print records in multiline format<br>
- * noPrintIN - Don't print the class of a record if it's IN<br>
- * <br>
- * Valued options:<br>
- * tsigfudge=n - Sets the default TSIG fudge value (in seconds)<br>
- * sig0validity=n - Sets the default SIG(0) validity period (in seconds)<br>
+ * Configuration options for dnsjava.
+ *
+ * <p>Boolean options:
+ *
+ * <ul>
+ *   <li>BINDTTL - Print TTLs in BIND format
+ *   <li>multiline - Print records in multiline format<br>
+ *   <li>noPrintIN - Don't print the class of a record if it's IN<br>
+ * </ul>
+ *
+ * <p>Valued options:
+ *
+ * <ul>
+ *   <li>tsigfudge=n - Sets the default TSIG fudge value (in seconds)
+ *   <li>sig0validity=n - Sets the default SIG(0) validity period (in seconds)
+ * </ul>
  *
  * @author Brian Wellington
  */
@@ -26,6 +35,7 @@ public final class Options {
     try {
       refresh();
     } catch (SecurityException e) {
+      // Ignore
     }
   }
 
@@ -54,7 +64,7 @@ public static void clear() {
     table = null;
   }
 
-  /** Sets an option to "true" */
+  /** Sets an option to {@code true}. */
   public static void set(String option) {
     if (table == null) {
       table = new HashMap<>();
@@ -62,7 +72,7 @@ public static void set(String option) {
     table.put(option.toLowerCase(), "true");
   }
 
-  /** Sets an option to the the supplied value */
+  /** Sets an option to the supplied value */
   public static void set(String option, String value) {
     if (table == null) {
       table = new HashMap<>();
@@ -83,7 +93,7 @@ public static boolean check(String option) {
     if (table == null) {
       return false;
     }
-    return (table.get(option.toLowerCase()) != null);
+    return table.get(option.toLowerCase()) != null;
   }
 
   /** Returns the value of an option */
@@ -91,7 +101,7 @@ public static String value(String option) {
     if (table == null) {
       return null;
     }
-    return (table.get(option.toLowerCase()));
+    return table.get(option.toLowerCase());
   }
 
   /** Returns the value of an option as an integer, or -1 if not defined. */
@@ -101,11 +111,20 @@ public static int intValue(String option) {
       try {
         int val = Integer.parseInt(s);
         if (val > 0) {
-          return (val);
+          return val;
         }
       } catch (NumberFormatException e) {
+        // Ignore
       }
     }
-    return (-1);
+    return -1;
+  }
+
+  static boolean multiline() {
+    if (table == null) {
+      return false;
+    }
+
+    return table.get("multiline") != null;
   }
 }
diff --git a/src/main/java/org/xbill/DNS/PTRRecord.java b/src/main/java/org/xbill/DNS/PTRRecord.java
index f0110c40d..68c139deb 100644
--- a/src/main/java/org/xbill/DNS/PTRRecord.java
+++ b/src/main/java/org/xbill/DNS/PTRRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,20 +7,12 @@
  * Pointer Record - maps a domain name representing an Internet Address to a hostname.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class PTRRecord extends SingleCompressedNameBase {
-
-  private static final long serialVersionUID = -8321636610425434192L;
-
   PTRRecord() {}
 
-  @Override
-  Record getObject() {
-    return new PTRRecord();
-  }
-
   /**
    * Creates a new PTR Record with the given data
    *
diff --git a/src/main/java/org/xbill/DNS/PXRecord.java b/src/main/java/org/xbill/DNS/PXRecord.java
index 34307fa2b..135de5dff 100644
--- a/src/main/java/org/xbill/DNS/PXRecord.java
+++ b/src/main/java/org/xbill/DNS/PXRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -8,24 +9,16 @@
  * X.400 mail mapping record.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2163">RFC 2163: Using the Internet DNS to Distribute
- *     MIXER Conformant Global Address Mapping (MCGAM)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2163">RFC 2163: Using the Internet DNS to
+ *     Distribute MIXER Conformant Global Address Mapping (MCGAM)</a>
  */
 public class PXRecord extends Record {
-
-  private static final long serialVersionUID = 1811540008806660667L;
-
   private int preference;
   private Name map822;
   private Name mapX400;
 
   PXRecord() {}
 
-  @Override
-  Record getObject() {
-    return new PXRecord();
-  }
-
   /**
    * Creates an PX Record from the given data
    *
@@ -42,14 +35,14 @@ public PXRecord(Name name, int dclass, long ttl, int preference, Name map822, Na
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     preference = in.readU16();
     map822 = new Name(in);
     mapX400 = new Name(in);
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     preference = st.getUInt16();
     map822 = st.getName(origin);
     mapX400 = st.getName(origin);
@@ -57,7 +50,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Converts the PX Record to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(preference);
     sb.append(" ");
@@ -68,7 +61,7 @@ String rrToString() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(preference);
     map822.toWire(out, null, canonical);
     mapX400.toWire(out, null, canonical);
diff --git a/src/main/java/org/xbill/DNS/PacketLogger.java b/src/main/java/org/xbill/DNS/PacketLogger.java
index c13dbcc0c..f5477fdc6 100644
--- a/src/main/java/org/xbill/DNS/PacketLogger.java
+++ b/src/main/java/org/xbill/DNS/PacketLogger.java
@@ -1,12 +1,24 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import java.net.SocketAddress;
 
 /**
- * Custom logger that can log all the packets that were send or received.
+ * Custom logger that can log all packets that were sent or received.
  *
  * @author Damian Minkov
  */
 public interface PacketLogger {
+  /**
+   * Logs data (usually a DNS message in wire format) that was sent or received within the dnsjava
+   * library.
+   *
+   * <p>This method can be invoked concurrently from any thread.
+   *
+   * @param prefix a note of where the package originated, e.g. {@code TCP read}.
+   * @param local the local (i.e. this pc) socket address of the communication channel.
+   * @param remote the remote (i.e. the server) socket address of the communication channel.
+   * @param data the transferred data, usually a complete DNS message.
+   */
   void log(String prefix, SocketAddress local, SocketAddress remote, byte[] data);
 }
diff --git a/src/main/java/org/xbill/DNS/RPRecord.java b/src/main/java/org/xbill/DNS/RPRecord.java
index ea546db55..93c7eb5ec 100644
--- a/src/main/java/org/xbill/DNS/RPRecord.java
+++ b/src/main/java/org/xbill/DNS/RPRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -10,22 +11,14 @@
  *
  * @author Tom Scola (tscola@research.att.com)
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
  */
 public class RPRecord extends Record {
-
-  private static final long serialVersionUID = 8124584364211337460L;
-
   private Name mailbox;
   private Name textDomain;
 
   RPRecord() {}
 
-  @Override
-  Record getObject() {
-    return new RPRecord();
-  }
-
   /**
    * Creates an RP Record from the given data
    *
@@ -40,20 +33,20 @@ public RPRecord(Name name, int dclass, long ttl, Name mailbox, Name textDomain)
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     mailbox = new Name(in);
     textDomain = new Name(in);
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     mailbox = st.getName(origin);
     textDomain = st.getName(origin);
   }
 
   /** Converts the RP Record to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(mailbox);
     sb.append(" ");
@@ -72,7 +65,7 @@ public Name getTextDomain() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     mailbox.toWire(out, null, canonical);
     textDomain.toWire(out, null, canonical);
   }
diff --git a/src/main/java/org/xbill/DNS/RRSIGRecord.java b/src/main/java/org/xbill/DNS/RRSIGRecord.java
index 6475b772a..a7fef0c89 100644
--- a/src/main/java/org/xbill/DNS/RRSIGRecord.java
+++ b/src/main/java/org/xbill/DNS/RRSIGRecord.java
@@ -1,8 +1,10 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.time.Instant;
+import java.util.Date;
 
 /**
  * Resource Record Signature - An RRSIG provides the digital signature of an RRset, so that the data
@@ -12,21 +14,13 @@
  * @see RRset
  * @see DNSSEC
  * @see KEYRecord
- * @see <a href="https://tools.ietf.org/html/rfc4034">RFC 4034: Resource Records for the DNS
- *     Security Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4034">RFC 4034: Resource Records for the
+ *     DNS Security Extensions</a>
  * @author Brian Wellington
  */
 public class RRSIGRecord extends SIGBase {
-
-  private static final long serialVersionUID = -2609150673537226317L;
-
   RRSIGRecord() {}
 
-  @Override
-  Record getObject() {
-    return new RRSIGRecord();
-  }
-
   /**
    * Creates an RRSIG Record from the given data
    *
@@ -65,4 +59,46 @@ public RRSIGRecord(
         signer,
         signature);
   }
+
+  /**
+   * Creates an RRSIG Record from the given data
+   *
+   * @param covered The RRset type covered by this signature
+   * @param alg The cryptographic algorithm of the key that generated the signature
+   * @param origttl The original TTL of the RRset
+   * @param expire The time at which the signature expires
+   * @param timeSigned The time at which this signature was generated
+   * @param footprint The footprint/key id of the signing key.
+   * @param signer The owner of the signing key
+   * @param signature Binary data representing the signature
+   * @deprecated use {@link #RRSIGRecord(Name, int, long, int, int, long, Instant, Instant, int,
+   *     Name, byte[])}
+   */
+  @Deprecated
+  public RRSIGRecord(
+      Name name,
+      int dclass,
+      long ttl,
+      int covered,
+      int alg,
+      long origttl,
+      Date expire,
+      Date timeSigned,
+      int footprint,
+      Name signer,
+      byte[] signature) {
+    super(
+        name,
+        Type.RRSIG,
+        dclass,
+        ttl,
+        covered,
+        alg,
+        origttl,
+        expire.toInstant(),
+        timeSigned.toInstant(),
+        footprint,
+        signer,
+        signature);
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/RRset.java b/src/main/java/org/xbill/DNS/RRset.java
index af5696424..afeef6190 100644
--- a/src/main/java/org/xbill/DNS/RRset.java
+++ b/src/main/java/org/xbill/DNS/RRset.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -7,6 +8,8 @@
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Objects;
+import lombok.EqualsAndHashCode;
 
 /**
  * A set of Records with the same name, type, and class. Also included are all RRSIG records signing
@@ -16,15 +19,9 @@
  * @see RRSIGRecord
  * @author Brian Wellington
  */
-public class RRset<T extends Record> implements Serializable {
-
-  private static final long serialVersionUID = -3270249290171239695L;
-
-  /*
-   * rrs contains both normal and RRSIG records, with the RRSIG records
-   * at the end.
-   */
-  private final ArrayList<T> rrs;
+@EqualsAndHashCode(of = {"rrs", "sigs"})
+public class RRset implements Serializable, Iterable<Record> {
+  private final ArrayList<Record> rrs;
   private final ArrayList<RRSIGRecord> sigs;
   private short position;
   private long ttl;
@@ -36,13 +33,40 @@ public RRset() {
   }
 
   /** Creates an RRset and sets its contents to the specified record */
-  public RRset(T record) {
+  public RRset(Record r) {
+    this();
+    addRR(r);
+  }
+
+  /**
+   * Creates an RRset and sets its contents to the specified record(s)
+   *
+   * @param records The records to add to the set. See {@link #addRR(Record)} for restrictions.
+   */
+  public RRset(Record... records) {
+    this();
+    Objects.requireNonNull(records);
+    for (Record r : records) {
+      addRR(r);
+    }
+  }
+
+  /**
+   * Creates an RRset and sets its contents to the specified record(s)
+   *
+   * @param records The records to add to the set. See {@link #addRR(Record)} for restrictions.
+   * @since 3.6
+   */
+  public RRset(Iterable<Record> records) {
     this();
-    addRR(record);
+    Objects.requireNonNull(records);
+    for (Record r : records) {
+      addRR(r);
+    }
   }
 
   /** Creates an RRset with the contents of an existing RRset */
-  public RRset(RRset<T> rrset) {
+  public RRset(RRset rrset) {
     rrs = new ArrayList<>(rrset.rrs);
     sigs = new ArrayList<>(rrset.sigs);
     position = rrset.position;
@@ -53,6 +77,9 @@ public RRset(RRset<T> rrset) {
    * Adds a signature to this RRset. If the TTL of the added signature is not the same as existing
    * records in the RRset, all records are set to the lowest TTL of either the added record or the
    * existing records.
+   *
+   * @throws IllegalArgumentException if the RRset already contains records and the signature to add
+   *     does not match.
    */
   public void addRR(RRSIGRecord r) {
     addRR(r, sigs);
@@ -62,8 +89,11 @@ public void addRR(RRSIGRecord r) {
    * Adds a Record to this RRset. If the TTL of the added record is not the same as existing records
    * in the RRset, all records are set to the lowest TTL of either the added record or the existing
    * records.
+   *
+   * @throws IllegalArgumentException if the RRset already contains records and the record to add
+   *     does not match.
    */
-  public void addRR(T r) {
+  public void addRR(Record r) {
     if (r instanceof RRSIGRecord) {
       addRR((RRSIGRecord) r, sigs);
       return;
@@ -126,7 +156,7 @@ public void deleteRR(RRSIGRecord r) {
   }
 
   /** Deletes a record from this RRset */
-  public void deleteRR(T r) {
+  public void deleteRR(Record r) {
     if (r instanceof RRSIGRecord) {
       sigs.remove(r);
       return;
@@ -147,12 +177,15 @@ public void clear() {
    * @param cycle If true, cycle through the records so that each list will start with a different
    *     record.
    */
-  public List<T> rrs(boolean cycle) {
+  public List<Record> rrs(boolean cycle) {
     if (!cycle || rrs.size() <= 1) {
       return Collections.unmodifiableList(rrs);
     }
 
-    List<T> l = new ArrayList<>(rrs.size());
+    List<Record> l = new ArrayList<>(rrs.size());
+    if (position == Short.MAX_VALUE) {
+      position = 0;
+    }
     int start = position++ % rrs.size();
     l.addAll(rrs.subList(start, rrs.size()));
     l.addAll(rrs.subList(0, start));
@@ -163,7 +196,7 @@ public List<T> rrs(boolean cycle) {
    * Returns a list of all data records. This cycles through the records, so that each returned list
    * will start with a different record.
    */
-  public List<T> rrs() {
+  public List<Record> rrs() {
     return rrs(true);
   }
 
@@ -172,11 +205,30 @@ public List<RRSIGRecord> sigs() {
     return Collections.unmodifiableList(sigs);
   }
 
-  /** Returns the number of (data) records */
+  /** Returns the number of data records. */
   public int size() {
     return rrs.size();
   }
 
+  /**
+   * Returns the number of signature records.
+   *
+   * @since 3.6
+   */
+  public int sigSize() {
+    return sigs.size();
+  }
+
+  /**
+   * Returns {@code true} if this RRset is empty, i.e. if there are neither data nor signature
+   * records.
+   *
+   * @since 3.6
+   */
+  public boolean isEmpty() {
+    return rrs.isEmpty() && sigs.isEmpty();
+  }
+
   /**
    * Returns the name of the records
    *
@@ -187,7 +239,8 @@ public Name getName() {
   }
 
   /**
-   * Returns the type of the records
+   * Returns the type of the records. If this set contains only signatures, it returns the covered
+   * type.
    *
    * @see Type
    */
@@ -195,6 +248,16 @@ public int getType() {
     return first().getRRsetType();
   }
 
+  /**
+   * Returns the actual type of the records, i.e. for signatures not the type covered but {@link
+   * Type#RRSIG}.
+   *
+   * @see Type
+   */
+  int getActualType() {
+    return first().getType();
+  }
+
   /**
    * Returns the class of the records
    *
@@ -240,8 +303,8 @@ private void appendRrList(Iterator<? extends Record> it, StringBuilder sb) {
   /** Converts the RRset to a String */
   @Override
   public String toString() {
-    if (rrs.size() == 0) {
-      return ("{empty}");
+    if (rrs.isEmpty() && sigs.isEmpty()) {
+      return "{empty}";
     }
 
     StringBuilder sb = new StringBuilder();
@@ -259,4 +322,15 @@ public String toString() {
     sb.append(" }");
     return sb.toString();
   }
+
+  /**
+   * Returns an {@link Iterator} over the resource records. This is a convenience method / interface
+   * implementation and equivalent to calling {@code rrs().iterator()}.
+   *
+   * @since 3.6
+   */
+  @Override
+  public Iterator<Record> iterator() {
+    return rrs().iterator();
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/RTRecord.java b/src/main/java/org/xbill/DNS/RTRecord.java
index 3738680a9..143cfecc8 100644
--- a/src/main/java/org/xbill/DNS/RTRecord.java
+++ b/src/main/java/org/xbill/DNS/RTRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,20 +7,12 @@
  * Route Through Record - lists a route preference and intermediate host.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class RTRecord extends U16NameBase {
-
-  private static final long serialVersionUID = -3206215651648278098L;
-
   RTRecord() {}
 
-  @Override
-  Record getObject() {
-    return new RTRecord();
-  }
-
   /**
    * Creates an RT Record from the given data
    *
diff --git a/src/main/java/org/xbill/DNS/Rcode.java b/src/main/java/org/xbill/DNS/Rcode.java
index f7b2d02b2..9f4bec7d5 100644
--- a/src/main/java/org/xbill/DNS/Rcode.java
+++ b/src/main/java/org/xbill/DNS/Rcode.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -8,10 +9,7 @@
  * @author Brian Wellington
  */
 public final class Rcode {
-
-  private static Mnemonic rcodes = new Mnemonic("DNS Rcode", Mnemonic.CASE_UPPER);
-
-  private static Mnemonic tsigrcodes = new Mnemonic("TSIG rcode", Mnemonic.CASE_UPPER);
+  private static final Mnemonic rcodes = new Mnemonic("DNS Rcode", Mnemonic.CASE_UPPER);
 
   /** No error */
   public static final int NOERROR = 0;
@@ -28,8 +26,12 @@ public final class Rcode {
   /** The operation requested is not implemented */
   public static final int NOTIMP = 4;
 
-  /** Deprecated synonym for NOTIMP. */
-  public static final int NOTIMPL = 4;
+  /**
+   * Synonym for NOTIMP.
+   *
+   * @deprecated Use {@link #NOTIMP}.
+   */
+  @Deprecated public static final int NOTIMPL = 4;
 
   /** The operation was refused by the server */
   public static final int REFUSED = 5;
@@ -66,6 +68,18 @@ public final class Rcode {
   /** The mode is invalid (TKEY extended error) */
   public static final int BADMODE = 19;
 
+  /** Duplicate key name (TKEY extended error) */
+  public static final int BADNAME = 20;
+
+  /** Algorithm not supported (TKEY extended error) */
+  public static final int BADALG = 21;
+
+  /** Bad truncation (RFC 4635) */
+  public static final int BADTRUNC = 22;
+
+  /** Bad or missing server cookie (RFC 7873) */
+  public static final int BADCOOKIE = 23;
+
   static {
     rcodes.setMaximum(0xFFF);
     rcodes.setPrefix("RESERVED");
@@ -84,16 +98,13 @@ public final class Rcode {
     rcodes.add(NOTAUTH, "NOTAUTH");
     rcodes.add(NOTZONE, "NOTZONE");
     rcodes.add(BADVERS, "BADVERS");
-
-    tsigrcodes.setMaximum(0xFFFF);
-    tsigrcodes.setPrefix("RESERVED");
-    tsigrcodes.setNumericAllowed(true);
-    tsigrcodes.addAll(rcodes);
-
-    tsigrcodes.add(BADSIG, "BADSIG");
-    tsigrcodes.add(BADKEY, "BADKEY");
-    tsigrcodes.add(BADTIME, "BADTIME");
-    tsigrcodes.add(BADMODE, "BADMODE");
+    rcodes.add(BADKEY, "BADKEY");
+    rcodes.add(BADTIME, "BADTIME");
+    rcodes.add(BADMODE, "BADMODE");
+    rcodes.add(BADNAME, "BADNAME");
+    rcodes.add(BADALG, "BADALG");
+    rcodes.add(BADTRUNC, "BADTRUNC");
+    rcodes.add(BADCOOKIE, "BADCOOKIE");
   }
 
   private Rcode() {}
@@ -105,11 +116,19 @@ public static String string(int i) {
 
   /** Converts a numeric TSIG extended Rcode into a String */
   public static String TSIGstring(int i) {
-    return tsigrcodes.getText(i);
+    if (i == BADSIG) {
+      return "BADSIG";
+    }
+
+    return string(i);
   }
 
   /** Converts a String representation of an Rcode into its numeric value */
   public static int value(String s) {
+    if ("BADSIG".equalsIgnoreCase(s)) {
+      return BADSIG;
+    }
+
     return rcodes.getValue(s);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/Record.java b/src/main/java/org/xbill/DNS/Record.java
index f85a851ed..a830a25b5 100644
--- a/src/main/java/org/xbill/DNS/Record.java
+++ b/src/main/java/org/xbill/DNS/Record.java
@@ -1,12 +1,18 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
+import java.io.ObjectStreamException;
 import java.io.Serializable;
 import java.text.DecimalFormat;
 import java.util.Arrays;
+import java.util.function.Supplier;
+import lombok.extern.slf4j.Slf4j;
 import org.xbill.DNS.utils.base16;
 
 /**
@@ -15,12 +21,11 @@
  *
  * @author Brian Wellington
  */
+@Slf4j
 public abstract class Record implements Cloneable, Comparable<Record>, Serializable {
-
-  private static final long serialVersionUID = 2694906050116005466L;
-
   protected Name name;
-  protected int type, dclass;
+  protected int type;
+  protected int dclass;
   protected long ttl;
 
   private static final DecimalFormat byteFormat = new DecimalFormat();
@@ -29,9 +34,33 @@ public abstract class Record implements Cloneable, Comparable<Record>, Serializa
     byteFormat.setMinimumIntegerDigits(3);
   }
 
+  private static class RecordSerializationProxy implements Serializable {
+    private static final long serialVersionUID = 1434159920070152561L;
+    private final byte[] wireData;
+    private final boolean isEmpty;
+
+    RecordSerializationProxy(Record r) {
+      this.isEmpty = r instanceof EmptyRecord;
+      wireData = r.toWire(isEmpty ? Section.QUESTION : Section.ANSWER);
+    }
+
+    protected Object readResolve() throws ObjectStreamException {
+      try {
+        return Record.fromWire(wireData, isEmpty ? Section.QUESTION : Section.ANSWER);
+      } catch (IOException e) {
+        throw new InvalidObjectException(e.getMessage());
+      }
+    }
+  }
+
   protected Record() {}
 
-  Record(Name name, int type, int dclass, long ttl) {
+  /**
+   * Initialize the basic fields of a record.
+   *
+   * @since 3.1
+   */
+  protected Record(Name name, int type, int dclass, long ttl) {
     if (!name.isAbsolute()) {
       throw new RelativeNameException(name);
     }
@@ -44,16 +73,21 @@ protected Record() {}
     this.ttl = ttl;
   }
 
-  /** Creates an empty record of the correct type; must be overriden */
-  abstract Record getObject();
+  Object writeReplace() {
+    log.trace("Creating proxy object for serialization");
+    return new RecordSerializationProxy(this);
+  }
 
-  private static Record getEmptyRecord(Name name, int type, int dclass, long ttl, boolean hasData) {
-    Record proto, rec;
+  private void readObject(ObjectInputStream ois) throws InvalidObjectException {
+    throw new InvalidObjectException("Use RecordSerializationProxy");
+  }
 
+  private static Record getEmptyRecord(Name name, int type, int dclass, long ttl, boolean hasData) {
+    Record rec;
     if (hasData) {
-      proto = Type.getProto(type);
-      if (proto != null) {
-        rec = proto.getObject();
+      Supplier<Record> factory = Type.getFactory(type);
+      if (factory != null) {
+        rec = factory.get();
       } else {
         rec = new UNKRecord();
       }
@@ -67,8 +101,12 @@ private static Record getEmptyRecord(Name name, int type, int dclass, long ttl,
     return rec;
   }
 
-  /** Converts the type-specific RR to wire format - must be overriden */
-  abstract void rrFromWire(DNSInput in) throws IOException;
+  /**
+   * Converts the type-specific RR to wire format - must be overridden
+   *
+   * @since 3.1
+   */
+  protected abstract void rrFromWire(DNSInput in) throws IOException;
 
   private static Record newRecord(
       Name name, int type, int dclass, long ttl, int length, DNSInput in) throws IOException {
@@ -170,7 +208,8 @@ public static Record newRecord(Name name, int type, int dclass) {
   }
 
   static Record fromWire(DNSInput in, int section, boolean isUpdate) throws IOException {
-    int type, dclass;
+    int type;
+    int dclass;
     long ttl;
     int length;
     Name name;
@@ -268,8 +307,12 @@ public byte[] rdataToWireCanonical() {
     return out.toByteArray();
   }
 
-  /** Converts the type-specific RR to text format - must be overriden */
-  abstract String rrToString();
+  /**
+   * Converts the type-specific RR to text format - must be overridden.
+   *
+   * @since 3.1
+   */
+  protected abstract String rrToString();
 
   /** Converts the rdata portion of a Record into a String representation */
   public String rdataToString() {
@@ -300,15 +343,19 @@ public String toString() {
     }
     sb.append(Type.string(type));
     String rdata = rrToString();
-    if (!rdata.equals("")) {
+    if (!rdata.isEmpty()) {
       sb.append("\t");
       sb.append(rdata);
     }
     return sb.toString();
   }
 
-  /** Converts the text format of an RR to the internal format - must be overriden */
-  abstract void rdataFromString(Tokenizer st, Name origin) throws IOException;
+  /**
+   * Converts the text format of an RR to the internal format - must be overriden
+   *
+   * @since 3.1
+   */
+  protected abstract void rdataFromString(Tokenizer st, Name origin) throws IOException;
 
   /** Converts a String into a byte array. */
   protected static byte[] byteArrayFromString(String s) throws TextParseException {
@@ -334,12 +381,12 @@ protected static byte[] byteArrayFromString(String s) throws TextParseException
     int digits = 0;
     int intval = 0;
     for (byte value : array) {
-      byte b = value;
       if (escaped) {
-        if (b >= '0' && b <= '9' && digits < 3) {
+        byte b = value;
+        if (b >= '0' && b <= '9') {
           digits++;
           intval *= 10;
-          intval += (b - '0');
+          intval += b - '0';
           if (intval > 255) {
             throw new TextParseException("bad escape");
           }
@@ -347,7 +394,7 @@ protected static byte[] byteArrayFromString(String s) throws TextParseException
             continue;
           }
           b = (byte) intval;
-        } else if (digits > 0 && digits < 3) {
+        } else if (digits > 0) {
           throw new TextParseException("bad escape");
         }
         os.write(b);
@@ -397,12 +444,7 @@ protected static String byteArrayToString(byte[] array, boolean quote) {
 
   /** Converts a byte array into the unknown RR format. */
   protected static String unknownToString(byte[] data) {
-    StringBuilder sb = new StringBuilder();
-    sb.append("\\# ");
-    sb.append(data.length);
-    sb.append(" ");
-    sb.append(base16.toString(data));
-    return sb.toString();
+    return "\\# " + data.length + " " + base16.toString(data);
   }
 
   /**
@@ -429,14 +471,14 @@ public static Record fromString(
     TTL.check(ttl);
 
     Tokenizer.Token t = st.get();
-    if (t.type == Tokenizer.IDENTIFIER && t.value.equals("\\#")) {
+    if (t.type() == Tokenizer.IDENTIFIER && t.value().equals("\\#")) {
       int length = st.getUInt16();
       byte[] data = st.getHex();
       if (data == null) {
         data = new byte[0];
       }
       if (length != data.length) {
-        throw st.exception("invalid unknown RR encoding: " + "length mismatch");
+        throw st.exception("invalid unknown RR encoding: length mismatch");
       }
       DNSInput in = new DNSInput(data);
       return newRecord(name, type, dclass, ttl, length, in);
@@ -445,8 +487,8 @@ public static Record fromString(
     rec = getEmptyRecord(name, type, dclass, ttl, true);
     rec.rdataFromString(st, origin);
     t = st.get();
-    if (t.type != Tokenizer.EOL && t.type != Tokenizer.EOF) {
-      throw st.exception("unexpected tokens at end of record");
+    if (t.type() != Tokenizer.EOL && t.type() != Tokenizer.EOF) {
+      throw st.exception("unexpected tokens at end of record (wanted EOL/EOF, got " + t + ")");
     }
     return rec;
   }
@@ -509,15 +551,31 @@ public long getTTL() {
     return ttl;
   }
 
-  /** Converts the type-specific RR to wire format - must be overriden */
-  abstract void rrToWire(DNSOutput out, Compression c, boolean canonical);
+  /**
+   * Converts the type-specific RR to wire format - must be overridden.
+   *
+   * @since 3.1
+   */
+  protected abstract void rrToWire(DNSOutput out, Compression c, boolean canonical);
 
   /**
    * Determines if two Records could be part of the same RRset. This compares the name, type, and
    * class of the Records; the ttl and rdata are not compared.
    */
   public boolean sameRRset(Record rec) {
-    return (getRRsetType() == rec.getRRsetType() && dclass == rec.dclass && name.equals(rec.name));
+    return getRRsetType() == rec.getRRsetType() && dclass == rec.dclass && name.equals(rec.name);
+  }
+
+  /**
+   * Determines if this Record could be part of the passed RRset. This compares the name, type, and
+   * class of the Record and the set.
+   *
+   * @since 3.6
+   */
+  public boolean sameRRset(RRset set) {
+    return getRRsetType() == set.getType()
+        && dclass == set.getDClass()
+        && name.equals(set.getName());
   }
 
   /**
@@ -547,7 +605,7 @@ public int hashCode() {
     byte[] array = toWireCanonical(true);
     int code = 0;
     for (byte b : array) {
-      code += ((code << 3) + (b & 0xFF));
+      code += (code << 3) + (b & 0xFF);
     }
     return code;
   }
@@ -602,30 +660,34 @@ void setTTL(long ttl) {
   @Override
   public int compareTo(Record arg) {
     if (this == arg) {
-      return (0);
+      return 0;
     }
 
     int n = name.compareTo(arg.name);
     if (n != 0) {
-      return (n);
+      return n;
     }
+
     n = dclass - arg.dclass;
     if (n != 0) {
-      return (n);
+      return n;
     }
+
     n = type - arg.type;
     if (n != 0) {
-      return (n);
+      return n;
     }
+
     byte[] rdata1 = rdataToWireCanonical();
     byte[] rdata2 = arg.rdataToWireCanonical();
-    for (int i = 0; i < rdata1.length && i < rdata2.length; i++) {
-      n = (rdata1[i] & 0xFF) - (rdata2[i] & 0xFF);
-      if (n != 0) {
-        return (n);
+    int minLen = Math.min(rdata1.length, rdata2.length);
+    for (int i = 0; i < minLen; i++) {
+      if (rdata1[i] != rdata2[i]) {
+        return (rdata1[i] & 0xFF) - (rdata2[i] & 0xFF);
       }
     }
-    return (rdata1.length - rdata2.length);
+
+    return rdata1.length - rdata2.length;
   }
 
   /**
@@ -641,27 +703,27 @@ public Name getAdditionalName() {
 
   /* Checks that an int contains an unsigned 8 bit value */
   static int checkU8(String field, int val) {
-    if (val < 0 || val > 0xFF) {
+    if (!Utils.isUInt8(val)) {
       throw new IllegalArgumentException(
-          "\"" + field + "\" " + val + " must be an unsigned 8 " + "bit value");
+          "\"" + field + "\" " + val + " must be an unsigned 8 bit value");
     }
     return val;
   }
 
   /* Checks that an int contains an unsigned 16 bit value */
   static int checkU16(String field, int val) {
-    if (val < 0 || val > 0xFFFF) {
+    if (!Utils.isUInt16(val)) {
       throw new IllegalArgumentException(
-          "\"" + field + "\" " + val + " must be an unsigned 16 " + "bit value");
+          "\"" + field + "\" " + val + " must be an unsigned 16 bit value");
     }
     return val;
   }
 
   /* Checks that a long contains an unsigned 32 bit value */
   static long checkU32(String field, long val) {
-    if (val < 0 || val > 0xFFFFFFFFL) {
+    if (!Utils.isUInt32(val)) {
       throw new IllegalArgumentException(
-          "\"" + field + "\" " + val + " must be an unsigned 32 " + "bit value");
+          "\"" + field + "\" " + val + " must be an unsigned 32 bit value");
     }
     return val;
   }
@@ -678,7 +740,7 @@ static Name checkName(String field, Name name) {
   static byte[] checkByteArrayLength(String field, byte[] array, int maxLength) {
     if (array.length > 0xFFFF) {
       throw new IllegalArgumentException(
-          "\"" + field + "\" array " + "must have no more than " + maxLength + " elements");
+          "\"" + field + "\" array must have no more than " + maxLength + " elements");
     }
     byte[] out = new byte[array.length];
     System.arraycopy(array, 0, out, 0, array.length);
diff --git a/src/main/java/org/xbill/DNS/RelativeNameException.java b/src/main/java/org/xbill/DNS/RelativeNameException.java
index f0a3b1285..62bf23592 100644
--- a/src/main/java/org/xbill/DNS/RelativeNameException.java
+++ b/src/main/java/org/xbill/DNS/RelativeNameException.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2003-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
diff --git a/src/main/java/org/xbill/DNS/ResolveThread.java b/src/main/java/org/xbill/DNS/ResolveThread.java
deleted file mode 100644
index cd2897f08..000000000
--- a/src/main/java/org/xbill/DNS/ResolveThread.java
+++ /dev/null
@@ -1,36 +0,0 @@
-// Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
-
-package org.xbill.DNS;
-
-/**
- * A special-purpose thread used by Resolvers (both SimpleResolver and ExtendedResolver) to perform
- * asynchronous queries.
- *
- * @author Brian Wellington
- */
-class ResolveThread extends Thread {
-
-  private Message query;
-  private Integer id;
-  private ResolverListener listener;
-  private Resolver res;
-
-  /** Creates a new ResolveThread */
-  public ResolveThread(Resolver res, Message query, Integer id, ResolverListener listener) {
-    this.res = res;
-    this.query = query;
-    this.id = id;
-    this.listener = listener;
-  }
-
-  /** Performs the query, and executes the callback. */
-  @Override
-  public void run() {
-    try {
-      Message response = res.send(query);
-      listener.receiveMessage(id, response);
-    } catch (Exception e) {
-      listener.handleException(id, e);
-    }
-  }
-}
diff --git a/src/main/java/org/xbill/DNS/Resolver.java b/src/main/java/org/xbill/DNS/Resolver.java
index af4eaa069..5b6ce5111 100644
--- a/src/main/java/org/xbill/DNS/Resolver.java
+++ b/src/main/java/org/xbill/DNS/Resolver.java
@@ -1,9 +1,21 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.io.IOException;
+import java.time.Duration;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionException;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ForkJoinPool;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
 
 /**
  * Interface describing a resolver.
@@ -20,7 +32,7 @@ public interface Resolver {
   void setPort(int port);
 
   /**
-   * Sets whether TCP connections will be sent by default
+   * Sets whether TCP connections will be used by default
    *
    * @param flag Indicates whether TCP connections are made
    */
@@ -37,15 +49,32 @@ public interface Resolver {
   /**
    * Sets the EDNS version used on outgoing messages.
    *
-   * @param level The EDNS level to use. 0 indicates EDNS0 and -1 indicates no EDNS.
+   * @param version The EDNS level to use. 0 indicates EDNS0 and -1 indicates no EDNS.
    * @throws IllegalArgumentException An invalid level was indicated.
    */
-  void setEDNS(int level);
+  default void setEDNS(int version) {
+    setEDNS(version, 0, 0, Collections.emptyList());
+  }
 
   /**
    * Sets the EDNS information on outgoing messages.
    *
-   * @param level The EDNS level to use. 0 indicates EDNS0 and -1 indicates no EDNS.
+   * @param version The EDNS version to use. 0 indicates EDNS0 and -1 indicates no EDNS.
+   * @param payloadSize The maximum DNS packet size that this host is capable of receiving over UDP.
+   *     If 0 is specified, the default ({@value
+   *     org.xbill.DNS.SimpleResolver#DEFAULT_EDNS_PAYLOADSIZE}) is used.
+   * @param flags EDNS extended flags to be set in the OPT record.
+   * @param options EDNS options to be set in the OPT record, specified as a List of
+   *     OPTRecord.Option elements.
+   * @throws IllegalArgumentException An invalid field was specified.
+   * @see OPTRecord
+   */
+  void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options);
+
+  /**
+   * Sets the EDNS information on outgoing messages.
+   *
+   * @param version The EDNS version to use. 0 indicates EDNS0 and -1 indicates no EDNS.
    * @param payloadSize The maximum DNS packet size that this host is capable of receiving over UDP.
    *     If 0 is specified, the default (1280) is used.
    * @param flags EDNS extended flags to be set in the OPT record.
@@ -54,7 +83,13 @@ public interface Resolver {
    * @throws IllegalArgumentException An invalid field was specified.
    * @see OPTRecord
    */
-  void setEDNS(int level, int payloadSize, int flags, List<EDNSOption> options);
+  default void setEDNS(int version, int payloadSize, int flags, EDNSOption... options) {
+    setEDNS(
+        version,
+        payloadSize,
+        flags,
+        options == null ? Collections.emptyList() : Arrays.asList(options));
+  }
 
   /**
    * Specifies the TSIG key that messages will be signed with
@@ -68,33 +103,160 @@ public interface Resolver {
    *
    * @param secs The number of seconds to wait.
    * @param msecs The number of milliseconds to wait.
+   * @deprecated use {@link #setTimeout(Duration)}
    */
-  void setTimeout(int secs, int msecs);
+  @Deprecated
+  default void setTimeout(int secs, int msecs) {
+    setTimeout(Duration.ofMillis(secs * 1000L + msecs));
+  }
 
   /**
    * Sets the amount of time to wait for a response before giving up.
    *
    * @param secs The number of seconds to wait.
+   * @deprecated use {@link #setTimeout(Duration)}
+   */
+  @Deprecated
+  default void setTimeout(int secs) {
+    setTimeout(Duration.ofSeconds(secs));
+  }
+
+  /**
+   * Sets the amount of time to wait for a response before giving up.
+   *
+   * @param timeout The amount of time to wait.
+   */
+  void setTimeout(Duration timeout);
+
+  /**
+   * Gets the amount of time to wait for a response before giving up.
+   *
+   * @see #setTimeout(Duration)
    */
-  void setTimeout(int secs);
+  default Duration getTimeout() {
+    return Duration.ofSeconds(10);
+  }
 
   /**
    * Sends a message and waits for a response.
    *
+   * <p>The waiting is done on the calling thread. Do not call this method from async code, and
+   * especially not from tasks running on {@link ForkJoinPool#commonPool()}, use {@link
+   * #sendAsync(Message)} or {@link #sendAsync(Message, Executor)} instead.
+   *
    * @param query The query to send.
    * @return The response
    * @throws IOException An error occurred while sending or receiving.
    */
-  Message send(Message query) throws IOException;
+  default Message send(Message query) throws IOException {
+    try {
+      CompletableFuture<Message> result = sendAsync(query).toCompletableFuture();
+      return result.get(getTimeout().toMillis(), TimeUnit.MILLISECONDS);
+    } catch (InterruptedException e) {
+      Thread.currentThread().interrupt();
+      throw new IOException(e);
+    } catch (ExecutionException e) {
+      if (e.getCause() instanceof IOException) {
+        throw (IOException) e.getCause();
+      } else if (e.getCause() != null) {
+        throw new IOException(e.getCause());
+      } else {
+        throw new IOException(e);
+      }
+    } catch (TimeoutException e) {
+      throw new IOException(
+          "Timed out while trying to resolve "
+              + query.getQuestion().getName()
+              + "/"
+              + Type.string(query.getQuestion().type)
+              + ", id="
+              + query.getHeader().getID(),
+          e);
+    }
+  }
+
+  /**
+   * Asynchronously sends a message using the default {@link ForkJoinPool#commonPool()}.
+   *
+   * <p>The default implementation calls the deprecated {@link #sendAsync(Message,
+   * ResolverListener)}. Implementors must override at least one of the {@code sendAsync} methods or
+   * a stack overflow will occur.
+   *
+   * @param query The query to send.
+   * @return A future that completes when the query is finished.
+   */
+  default CompletionStage<Message> sendAsync(Message query) {
+    return sendAsync(query, ForkJoinPool.commonPool());
+  }
+
+  /**
+   * Asynchronously sends a message.
+   *
+   * <p>The default implementation calls the deprecated {@link #sendAsync(Message,
+   * ResolverListener)}. Implementors must override at least one of the {@code sendAsync} methods or
+   * a stack overflow will occur.
+   *
+   * @param query The query to send.
+   * @param executor The service to use for async operations.
+   * @return A future that completes when the query is finished.
+   */
+  @SuppressWarnings("deprecation")
+  default CompletionStage<Message> sendAsync(Message query, Executor executor) {
+    CompletableFuture<Message> f = new CompletableFuture<>();
+    sendAsync(
+        query,
+        new ResolverListener() {
+          @Override
+          public void receiveMessage(Object id, Message m) {
+            f.complete(m);
+          }
+
+          @Override
+          public void handleException(Object id, Exception e) {
+            f.completeExceptionally(e);
+          }
+        });
+    return f;
+  }
 
   /**
    * Asynchronously sends a message registering a listener to receive a callback on success or
-   * exception. Multiple asynchronous lookups can be performed in parallel. Since the callback may
-   * be invoked before the function returns, external synchronization is necessary.
+   * exception. Multiple asynchronous lookups can be performed in parallel. The callback may be
+   * invoked from any thread.
+   *
+   * <p>The default implementation calls {@link #sendAsync(Message)}. Implementors must override at
+   * least one of the {@code sendAsync} methods or a stack overflow will occur.
    *
    * @param query The query to send
    * @param listener The object containing the callbacks.
    * @return An identifier, which is also a parameter in the callback
+   * @deprecated Use {@link #sendAsync(Message)}
    */
-  Object sendAsync(final Message query, final ResolverListener listener);
+  @Deprecated
+  default Object sendAsync(Message query, ResolverListener listener) {
+    final Object id = new Object();
+    CompletionStage<Message> f = sendAsync(query);
+    f.handleAsync(
+        (result, throwable) -> {
+          if (throwable != null) {
+            Exception exception;
+            if (throwable instanceof CompletionException && throwable.getCause() != null) {
+              throwable = throwable.getCause();
+            }
+
+            if (throwable instanceof Exception) {
+              exception = (Exception) throwable;
+            } else {
+              exception = new Exception(throwable);
+            }
+
+            listener.handleException(id, exception);
+            return null;
+          }
+
+          listener.receiveMessage(id, result);
+          return null;
+        });
+    return id;
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/ResolverConfig.java b/src/main/java/org/xbill/DNS/ResolverConfig.java
index 3d21c0fbd..d3cc022e8 100644
--- a/src/main/java/org/xbill/DNS/ResolverConfig.java
+++ b/src/main/java/org/xbill/DNS/ResolverConfig.java
@@ -1,484 +1,170 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
-import java.io.BufferedInputStream;
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.lang.reflect.Method;
-import java.nio.file.Files;
-import java.nio.file.Paths;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
-import java.util.Locale;
-import java.util.ResourceBundle;
-import java.util.StringTokenizer;
 import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.config.AndroidResolverConfigProvider;
+import org.xbill.DNS.config.FallbackPropertyResolverConfigProvider;
+import org.xbill.DNS.config.InitializationException;
+import org.xbill.DNS.config.JndiContextResolverConfigProvider;
+import org.xbill.DNS.config.PropertyResolverConfigProvider;
+import org.xbill.DNS.config.ResolvConfResolverConfigProvider;
+import org.xbill.DNS.config.ResolverConfigProvider;
+import org.xbill.DNS.config.SunJvmResolverConfigProvider;
+import org.xbill.DNS.config.WindowsResolverConfigProvider;
 
 /**
- * A class that tries to locate name servers and the search path to be appended to unqualified
- * names.
+ * Locates name servers and the search path to be appended to unqualified names.
  *
  * <p>The following are attempted, in order, until one succeeds.
  *
- * <UL>
- *   <LI>The properties 'dns.server' and 'dns.search' (comma delimited lists) are checked. The
- *       servers can either be IP addresses or hostnames (which are resolved using Java's built in
- *       DNS support).
- *   <LI>The sun.net.dns.ResolverConfiguration class is queried.
- *   <LI>On Unix, /etc/resolv.conf is parsed.
- *   <LI>On Windows, ipconfig is called and its output parsed. This may fail for non-English
- *       versions on Windows.
- *   <LI>"localhost" is used as the nameserver, and the search path is empty.
- * </UL>
+ * <ul>
+ *   <li>dnsjava properties, see {@link org.xbill.DNS.config.PropertyResolverConfigProvider}
+ *   <li>On Unix, /etc/resolv.conf is parsed, see {@link
+ *       org.xbill.DNS.config.ResolvConfResolverConfigProvider}
+ *   <li>On Windows, GetAdaptersAddresses is called, see {@link
+ *       org.xbill.DNS.config.WindowsResolverConfigProvider}
+ *   <li>On Android, system properties or the ConnectivityManager are read, see {@link
+ *       org.xbill.DNS.config.AndroidResolverConfigProvider}
+ *   <li>The JNDI DNS Service Provider is queried, see {@link
+ *       org.xbill.DNS.config.JndiContextResolverConfigProvider}
+ *   <li>The sun.net.dns.ResolverConfiguration class is queried, see {@link
+ *       org.xbill.DNS.config.SunJvmResolverConfigProvider}
+ *   <li>{@code localhost} is used as the nameserver, and the search path is empty.
+ * </ul>
  *
  * These routines will be called internally when creating Resolvers/Lookups without explicitly
  * specifying server names, and can also be called directly if desired.
- *
- * @author Brian Wellington
- * @author <a href="mailto:yannick@meudal.net">Yannick Meudal</a>
- * @author <a href="mailto:arnt@gulbrandsen.priv.no">Arnt Gulbrandsen</a>
  */
 @Slf4j
-public class ResolverConfig {
-
-  public static final String DNS_SERVER_PROP = "dns.server";
-  public static final String DNS_SEARCH_PROP = "dns.search";
+public final class ResolverConfig {
+  /**
+   * System property name to disable {@link ResolverConfigProvider} initialization.
+   *
+   * @since 3.2
+   */
+  public static final String CONFIGPROVIDER_SKIP_INIT = "dnsjava.configprovider.skipinit";
 
-  private String[] servers = null;
-  private Name[] searchlist = null;
-  private int ndots = -1;
+  private final List<InetSocketAddress> servers = new ArrayList<>(2);
+  private final List<Name> searchlist = new ArrayList<>(0);
+  private int ndots = 1;
 
   private static ResolverConfig currentConfig;
+  private static List<ResolverConfigProvider> configProviders;
 
-  static {
-    refresh();
-  }
-
-  public ResolverConfig() {
-    if (findProperty()) {
-      return;
-    }
-    if (findSunJVM()) {
-      return;
-    }
-    if (servers == null || searchlist == null) {
-      String OS = System.getProperty("os.name");
-      String vendor = System.getProperty("java.vendor");
-      if (OS.contains("Windows")) {
-        findWin();
-      } else if (OS.contains("NetWare")) {
-        findNetware();
-      } else if (vendor.contains("Android")) {
-        findAndroid();
-      } else {
-        findUnix();
-      }
+  private static void checkInitialized() {
+    if (currentConfig == null || configProviders == null) {
+      refresh();
     }
   }
 
-  private void addServer(String server, List<String> list) {
-    if (list.contains(server)) {
-      return;
-    }
-    log.debug("adding server {}", server);
-    list.add(server);
-  }
-
-  private void addSearch(String search, List<Name> list) {
-    Name name;
-    log.debug("adding search {}", search);
-    try {
-      name = Name.fromString(search, Name.root);
-    } catch (TextParseException e) {
-      return;
-    }
-    if (list.contains(name)) {
-      return;
-    }
-    list.add(name);
-  }
-
-  private int parseNdots(String token) {
-    token = token.substring(6);
-    try {
-      int ndots = Integer.parseInt(token);
-      if (ndots >= 0) {
-        log.debug("setting ndots {}", token);
-        return ndots;
-      }
-    } catch (NumberFormatException e) {
-    }
-    return -1;
-  }
-
-  private void configureFromLists(List<String> lserver, List<Name> lsearch) {
-    if (servers == null && lserver.size() > 0) {
-      servers = lserver.toArray(new String[0]);
-    }
-    if (searchlist == null && lsearch.size() > 0) {
-      searchlist = lsearch.toArray(new Name[0]);
-    }
-  }
-
-  private void configureNdots(int lndots) {
-    if (ndots < 0 && lndots > 0) {
-      ndots = lndots;
-    }
+  /** Gets the current configuration */
+  public static synchronized ResolverConfig getCurrentConfig() {
+    checkInitialized();
+    return currentConfig;
   }
 
   /**
-   * Looks in the system properties to find servers and a search path. Servers are defined by
-   * dns.server=server1,server2... The search path is defined by dns.search=domain1,domain2...
+   * Gets the ordered list of resolver config providers.
+   *
+   * @since 3.2
    */
-  boolean findProperty() {
-    String prop;
-    List<String> lserver = new ArrayList<>(0);
-    List<Name> lsearch = new ArrayList<>(0);
-    StringTokenizer st;
-
-    prop = System.getProperty(DNS_SERVER_PROP);
-    if (prop != null) {
-      st = new StringTokenizer(prop, ",");
-      while (st.hasMoreTokens()) {
-        addServer(st.nextToken(), lserver);
-      }
-    }
-
-    prop = System.getProperty(DNS_SEARCH_PROP);
-    if (prop != null) {
-      st = new StringTokenizer(prop, ",");
-      while (st.hasMoreTokens()) {
-        addSearch(st.nextToken(), lsearch);
-      }
-    }
-    configureFromLists(lserver, lsearch);
-    return (servers != null && searchlist != null);
+  public static synchronized List<ResolverConfigProvider> getConfigProviders() {
+    checkInitialized();
+    return Collections.unmodifiableList(configProviders);
   }
 
-  /**
-   * Uses the undocumented Sun DNS implementation to determine the configuration. This doesn't work
-   * or even compile with all JVMs (gcj, for example).
-   */
-  @SuppressWarnings("unchecked")
-  private boolean findSunJVM() {
-    List<String> lserver = new ArrayList<>(0);
-    List<String> lserver_tmp;
-    List<Name> lsearch = new ArrayList<>(0);
-    List<String> lsearch_tmp;
-
-    try {
-      Class[] noClasses = new Class[0];
-      Object[] noObjects = new Object[0];
-      String resConfName = "sun.net.dns.ResolverConfiguration";
-      Class<?> resConfClass = Class.forName(resConfName);
-      Object resConf;
-
-      // ResolverConfiguration resConf = ResolverConfiguration.open();
-      Method open = resConfClass.getDeclaredMethod("open", noClasses);
-      resConf = open.invoke(null, noObjects);
-
-      // lserver_tmp = resConf.nameservers();
-      Method nameservers = resConfClass.getMethod("nameservers", noClasses);
-      lserver_tmp = (List<String>) nameservers.invoke(resConf, noObjects);
-
-      // lsearch_tmp = resConf.searchlist();
-      Method searchlist = resConfClass.getMethod("searchlist", noClasses);
-      lsearch_tmp = (List<String>) searchlist.invoke(resConf, noObjects);
-    } catch (Exception e) {
-      return false;
-    }
-
-    if (lserver_tmp.size() == 0) {
-      return false;
-    } else {
-      for (String s : lserver_tmp) {
-        addServer(s, lserver);
-      }
-    }
+  /** Set a new ordered list of resolver config providers. */
+  public static synchronized void setConfigProviders(List<ResolverConfigProvider> providers) {
+    configProviders = new ArrayList<>(providers);
+  }
 
-    if (lsearch_tmp.size() > 0) {
-      for (String s : lsearch_tmp) {
-        addSearch(s, lsearch);
-      }
+  /** Gets the current configuration */
+  public static void refresh() {
+    ResolverConfig newConfig = new ResolverConfig();
+    synchronized (ResolverConfig.class) {
+      currentConfig = newConfig;
     }
-    configureFromLists(lserver, lsearch);
-    return true;
   }
 
-  /**
-   * Looks in /etc/resolv.conf to find servers and a search path. "nameserver" lines specify
-   * servers. "domain" and "search" lines define the search path.
-   */
-  boolean findResolvConf(InputStream in) {
-    List<String> lserver = new ArrayList<>(0);
-    List<Name> lsearch = new ArrayList<>(0);
-    int lndots = -1;
-    try (InputStreamReader isr = new InputStreamReader(in);
-        BufferedReader br = new BufferedReader(isr)) {
-      String line;
-      while ((line = br.readLine()) != null) {
-        if (line.startsWith("nameserver")) {
-          StringTokenizer st = new StringTokenizer(line);
-          st.nextToken(); /* skip nameserver */
-          addServer(st.nextToken(), lserver);
-        } else if (line.startsWith("domain")) {
-          StringTokenizer st = new StringTokenizer(line);
-          st.nextToken(); /* skip domain */
-          if (!st.hasMoreTokens()) {
-            continue;
-          }
-          if (lsearch.isEmpty()) {
-            addSearch(st.nextToken(), lsearch);
-          }
-        } else if (line.startsWith("search")) {
-          if (!lsearch.isEmpty()) {
-            lsearch.clear();
-          }
-          StringTokenizer st = new StringTokenizer(line);
-          st.nextToken(); /* skip search */
-          while (st.hasMoreTokens()) {
-            addSearch(st.nextToken(), lsearch);
-          }
-        } else if (line.startsWith("options")) {
-          StringTokenizer st = new StringTokenizer(line);
-          st.nextToken(); /* skip options */
-          while (st.hasMoreTokens()) {
-            String token = st.nextToken();
-            if (token.startsWith("ndots:")) {
-              lndots = parseNdots(token);
-            }
-          }
+  public ResolverConfig() {
+    synchronized (ResolverConfig.class) {
+      if (configProviders == null) {
+        configProviders = new ArrayList<>(8);
+        if (!Boolean.getBoolean(CONFIGPROVIDER_SKIP_INIT)) {
+          configProviders.add(new PropertyResolverConfigProvider());
+          configProviders.add(new ResolvConfResolverConfigProvider());
+          configProviders.add(new WindowsResolverConfigProvider());
+          configProviders.add(new AndroidResolverConfigProvider());
+          configProviders.add(new JndiContextResolverConfigProvider());
+          configProviders.add(new SunJvmResolverConfigProvider());
+          configProviders.add(new FallbackPropertyResolverConfigProvider());
         }
       }
-    } catch (IOException e) {
-      return false;
     }
 
-    if (lserver.isEmpty()) {
-      return false;
-    }
-
-    configureFromLists(lserver, lsearch);
-    configureNdots(lndots);
-    return true;
-  }
-
-  boolean findUnix() {
-    try (InputStream in = Files.newInputStream(Paths.get("/etc/resolv.conf"))) {
-      return findResolvConf(in);
-    } catch (Exception e) {
-      return false;
-    }
-  }
-
-  boolean findNetware() {
-    try (InputStream in = Files.newInputStream(Paths.get("sys:/etc/resolv.cfg"))) {
-      return findResolvConf(in);
-    } catch (Exception e) {
-      return false;
-    }
-  }
-
-  /** Parses the output of ipconfig. */
-  boolean findWin(InputStream in, Locale locale) {
-    String packageName = ResolverConfig.class.getPackage().getName();
-    String resPackageName = packageName + ".windows.DNSServer";
-    ResourceBundle res;
-    if (locale != null) {
-      res = ResourceBundle.getBundle(resPackageName, locale);
-    } else {
-      res = ResourceBundle.getBundle(resPackageName);
-    }
-
-    String host_name = res.getString("host_name");
-    String primary_dns_suffix = res.getString("primary_dns_suffix");
-    String dns_suffix = res.getString("dns_suffix");
-    String dns_servers = res.getString("dns_servers");
-
-    BufferedReader br = new BufferedReader(new InputStreamReader(in));
-    try {
-      List<String> lserver = new ArrayList<>();
-      List<Name> lsearch = new ArrayList<>();
-      String line;
-      boolean readingServers = false;
-      boolean readingSearches = false;
-      while ((line = br.readLine()) != null) {
-        StringTokenizer st = new StringTokenizer(line);
-        if (!st.hasMoreTokens()) {
-          readingServers = false;
-          readingSearches = false;
-          continue;
-        }
-        String s = st.nextToken();
-        if (line.contains(":")) {
-          readingServers = false;
-          readingSearches = false;
-        }
-
-        if (line.contains(host_name)) {
-          while (st.hasMoreTokens()) {
-            s = st.nextToken();
-          }
-          Name name;
-          try {
-            name = Name.fromString(s, null);
-          } catch (TextParseException e) {
-            continue;
-          }
-          if (name.labels() == 1) {
-            continue;
+    for (ResolverConfigProvider provider : configProviders) {
+      if (provider.isEnabled()) {
+        try {
+          provider.initialize();
+          if (servers.isEmpty()) {
+            servers.addAll(provider.servers());
           }
-          addSearch(s, lsearch);
-        } else if (line.contains(primary_dns_suffix)) {
-          while (st.hasMoreTokens()) {
-            s = st.nextToken();
-          }
-          if (s.equals(":")) {
-            continue;
-          }
-          addSearch(s, lsearch);
-          readingSearches = true;
-        } else if (readingSearches || line.contains(dns_suffix)) {
-          while (st.hasMoreTokens()) {
-            s = st.nextToken();
-          }
-          if (s.equals(":")) {
-            continue;
-          }
-          addSearch(s, lsearch);
-          readingSearches = true;
-        } else if (readingServers || line.contains(dns_servers)) {
-          while (st.hasMoreTokens()) {
-            s = st.nextToken();
+
+          if (searchlist.isEmpty()) {
+            List<Name> lsearchPaths = provider.searchPaths();
+            if (!lsearchPaths.isEmpty()) {
+              searchlist.addAll(lsearchPaths);
+              ndots = provider.ndots();
+            }
           }
-          if (s.equals(":")) {
-            continue;
+
+          if (!servers.isEmpty() && !searchlist.isEmpty()) {
+            // found both servers and search path, we're done
+            return;
           }
-          addServer(s, lserver);
-          readingServers = true;
+        } catch (InitializationException e) {
+          log.warn("Failed to initialize provider", e);
         }
       }
-      if (lserver.isEmpty()) {
-        return false;
-      }
-      configureFromLists(lserver, lsearch);
-      return true;
-    } catch (IOException e) {
-      return false;
-    }
-  }
-
-  private boolean findWin(InputStream in) {
-    boolean found;
-    String property = "org.xbill.DNS.windows.parse.buffer";
-    final int defaultBufSize = 8 * 1024;
-    int bufSize = Integer.getInteger(property, defaultBufSize);
-    BufferedInputStream b = new BufferedInputStream(in, bufSize);
-    b.mark(bufSize);
-    found = findWin(b, null);
-    if (servers == null) {
-      try {
-        b.reset();
-      } catch (IOException e) {
-        return false;
-      }
-      found = findWin(b, new Locale("", ""));
     }
-    return found;
-  }
 
-  /** Calls ipconfig and parses the result to find servers and a search path. */
-  boolean findWin() {
-    boolean found;
-    try {
-      Process p;
-      p = Runtime.getRuntime().exec("ipconfig /all");
-      found = findWin(p.getInputStream());
-      p.destroy();
-    } catch (Exception e) {
-      return false;
+    if (servers.isEmpty()) {
+      servers.add(
+          new InetSocketAddress(InetAddress.getLoopbackAddress(), SimpleResolver.DEFAULT_PORT));
     }
-    return found;
-  }
-
-  /**
-   * Parses the output of getprop, which is the only way to get DNS info on Android. getprop might
-   * disappear in future releases, so this code comes with a use-by date.
-   */
-  boolean findAndroid() {
-    // This originally looked for all lines containing .dns; but
-    // http://code.google.com/p/android/issues/detail?id=2207#c73
-    // indicates that net.dns* should always be the active nameservers, so
-    // we use those.
-    final String re1 = "^\\d+(\\.\\d+){3}$";
-    final String re2 = "^[0-9a-f]+(:[0-9a-f]*)+:[0-9a-f]+$";
-    ArrayList<String> lserver = new ArrayList<>();
-    ArrayList<Name> lsearch = new ArrayList<>();
-    try {
-      Class<?> SystemProperties = Class.forName("android.os.SystemProperties");
-      Method method = SystemProperties.getMethod("get", String.class);
-      final String[] netdns = new String[] {"net.dns1", "net.dns2", "net.dns3", "net.dns4"};
-      for (String netdn : netdns) {
-        Object[] args = new Object[] {netdn};
-        String v = (String) method.invoke(null, args);
-        if (v != null && (v.matches(re1) || v.matches(re2)) && !lserver.contains(v)) {
-          lserver.add(v);
-        }
-      }
-    } catch (Exception e) {
-      return false;
-    }
-    if (lserver.isEmpty()) {
-      return false;
-    }
-    configureFromLists(lserver, lsearch);
-    return true;
   }
 
   /** Returns all located servers */
-  public String[] servers() {
+  public List<InetSocketAddress> servers() {
     return servers;
   }
 
   /** Returns the first located server */
-  public String server() {
-    if (servers == null) {
-      return null;
-    }
-    return servers[0];
+  public InetSocketAddress server() {
+    return servers.get(0);
   }
 
   /** Returns all entries in the located search path */
-  public Name[] searchPath() {
+  public List<Name> searchPath() {
     return searchlist;
   }
 
   /**
-   * Returns the located ndots value, or the default (1) if not configured. Note that ndots can only
-   * be configured in a resolv.conf file, and will only take effect if ResolverConfig uses
-   * resolv.conf directly (that is, if the JVM does not include the
-   * sun.net.dns.ResolverConfiguration class).
+   * Gets the threshold for the number of dots which must appear in a name before it is considered
+   * absolute. The default is {@code 1}, meaning meaning that if there are any dots in a name, the
+   * name will be tried first as an absolute name.
+   *
+   * <p>Note that ndots can only be configured in a resolv.conf file or the property {@link
+   * PropertyResolverConfigProvider#DNS_NDOTS_PROP}.
    */
   public int ndots() {
-    if (ndots < 0) {
-      return 1;
-    }
     return ndots;
   }
-
-  /** Gets the current configuration */
-  public static synchronized ResolverConfig getCurrentConfig() {
-    return currentConfig;
-  }
-
-  /** Gets the current configuration */
-  public static void refresh() {
-    ResolverConfig newConfig = new ResolverConfig();
-    synchronized (ResolverConfig.class) {
-      currentConfig = newConfig;
-    }
-  }
 }
diff --git a/src/main/java/org/xbill/DNS/ResolverListener.java b/src/main/java/org/xbill/DNS/ResolverListener.java
index dcc037b4b..54866f01e 100644
--- a/src/main/java/org/xbill/DNS/ResolverListener.java
+++ b/src/main/java/org/xbill/DNS/ResolverListener.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,7 +10,9 @@
  *
  * @see Resolver
  * @author Brian Wellington
+ * @deprecated Use {@link Resolver#sendAsync(Message)}
  */
+@Deprecated
 public interface ResolverListener extends EventListener {
 
   /**
diff --git a/src/main/java/org/xbill/DNS/ReverseMap.java b/src/main/java/org/xbill/DNS/ReverseMap.java
index 55bf3b80c..21a307ba0 100644
--- a/src/main/java/org/xbill/DNS/ReverseMap.java
+++ b/src/main/java/org/xbill/DNS/ReverseMap.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2003-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,7 +7,7 @@
 import java.net.UnknownHostException;
 
 /**
- * A set functions designed to deal with DNS names used in reverse mappings. For the IPv4 address
+ * A set of functions designed to deal with DNS names used in reverse mappings. For the IPv4 address
  * a.b.c.d, the reverse map name is d.c.b.a.in-addr.arpa. For an IPv6 address, the reverse map name
  * is ...ip6.arpa.
  *
@@ -14,8 +15,8 @@
  */
 public final class ReverseMap {
 
-  private static Name inaddr4 = Name.fromConstantString("in-addr.arpa.");
-  private static Name inaddr6 = Name.fromConstantString("ip6.arpa.");
+  private static final Name inaddr4 = Name.fromConstantString("in-addr.arpa.");
+  private static final Name inaddr6 = Name.fromConstantString("ip6.arpa.");
 
   /* Otherwise the class could be instantiated */
   private ReverseMap() {}
@@ -29,7 +30,7 @@ private ReverseMap() {}
    */
   public static Name fromAddress(byte[] addr) {
     if (addr.length != 4 && addr.length != 16) {
-      throw new IllegalArgumentException("array must contain " + "4 or 16 elements");
+      throw new IllegalArgumentException("array must contain 4 or 16 elements");
     }
 
     StringBuilder sb = new StringBuilder();
@@ -44,7 +45,7 @@ public static Name fromAddress(byte[] addr) {
       int[] nibbles = new int[2];
       for (int i = addr.length - 1; i >= 0; i--) {
         nibbles[0] = (addr[i] & 0xFF) >> 4;
-        nibbles[1] = (addr[i] & 0xFF) & 0xF;
+        nibbles[1] = addr[i] & 0xF;
         for (int j = nibbles.length - 1; j >= 0; j--) {
           sb.append(Integer.toHexString(nibbles[j]));
           if (i > 0 || j > 0) {
@@ -76,7 +77,7 @@ public static Name fromAddress(int[] addr) {
     byte[] bytes = new byte[addr.length];
     for (int i = 0; i < addr.length; i++) {
       if (addr[i] < 0 || addr[i] > 0xFF) {
-        throw new IllegalArgumentException("array must " + "contain values " + "between 0 and 255");
+        throw new IllegalArgumentException("array must contain values between 0 and 255");
       }
       bytes[i] = (byte) addr[i];
     }
@@ -103,7 +104,7 @@ public static Name fromAddress(InetAddress addr) {
   public static Name fromAddress(String addr, int family) throws UnknownHostException {
     byte[] array = Address.toByteArray(addr, family);
     if (array == null) {
-      throw new UnknownHostException("Invalid IP address");
+      throw new UnknownHostException("Invalid IP address: " + addr);
     }
     return fromAddress(array);
   }
@@ -121,8 +122,73 @@ public static Name fromAddress(String addr) throws UnknownHostException {
       array = Address.toByteArray(addr, Address.IPv6);
     }
     if (array == null) {
-      throw new UnknownHostException("Invalid IP address");
+      throw new UnknownHostException("Invalid IP address: " + addr);
     }
     return fromAddress(array);
   }
+
+  /**
+   * Parses the address from a reverse map string.
+   *
+   * @param name The string from which to build an address.
+   * @return The address corresponding to the reverse map string.
+   * @throws UnknownHostException the passed name is not a valid reverse map.
+   * @since 3.1
+   */
+  public static InetAddress fromName(String name) throws UnknownHostException, TextParseException {
+    return fromName(Name.fromString(name));
+  }
+
+  /**
+   * Parses the address from a reverse map name.
+   *
+   * @param name The name from which to build an address.
+   * @return The address corresponding to the reverse map name.
+   * @throws UnknownHostException the passed name is not a valid reverse map.
+   * @since 3.1
+   */
+  public static InetAddress fromName(Name name) throws UnknownHostException {
+    if (name.labels() <= 3) {
+      throw new UnknownHostException("Not an arpa address: " + name);
+    }
+
+    byte[] ipBytes;
+    if (name.subdomain(inaddr4)) {
+      Name ip = name.relativize(inaddr4);
+      if (ip.labels() > 4) {
+        throw new UnknownHostException("Invalid IPv4 arpa address: " + name);
+      }
+
+      ipBytes = new byte[4];
+      try {
+        for (int i = 0; i < ip.labels(); i++) {
+          ipBytes[ip.labels() - i - 1] = (byte) Integer.parseInt(ip.getLabelString(i));
+        }
+      } catch (NumberFormatException e) {
+        throw new UnknownHostException("Invalid IPv4 arpa address: " + name);
+      }
+      return InetAddress.getByAddress(ipBytes);
+    } else if (name.subdomain(inaddr6)) {
+      Name ip = name.relativize(inaddr6);
+      if (ip.labels() > 32) {
+        throw new UnknownHostException("Invalid IPv6 arpa address: " + name);
+      }
+
+      ipBytes = new byte[16];
+      try {
+        for (int i = 0; i < ip.labels(); i++) {
+          ipBytes[(ip.labels() - i - 1) / 2] |=
+              (byte)
+                  (Byte.parseByte(ip.getLabelString(i), 16)
+                      << ((ip.labels() - i) % 2 == 0 ? 0 : 4));
+        }
+      } catch (NumberFormatException e) {
+        throw new UnknownHostException("Invalid IPv6 arpa address: " + name);
+      }
+    } else {
+      throw new UnknownHostException("Not an arpa address: " + name);
+    }
+
+    return InetAddress.getByAddress(ipBytes);
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/SIG0.java b/src/main/java/org/xbill/DNS/SIG0.java
index 7a8a68212..3ef7b270f 100644
--- a/src/main/java/org/xbill/DNS/SIG0.java
+++ b/src/main/java/org/xbill/DNS/SIG0.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2001-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -5,6 +6,7 @@
 import java.security.PrivateKey;
 import java.time.Duration;
 import java.time.Instant;
+import org.xbill.DNS.DNSSEC.DNSSECException;
 
 /**
  * Creates SIG(0) transaction signatures.
@@ -34,6 +36,22 @@ private SIG0() {}
   public static void signMessage(
       Message message, KEYRecord key, PrivateKey privkey, SIGRecord previous)
       throws DNSSEC.DNSSECException {
+    signMessage(message, key, privkey, previous, Instant.now());
+  }
+
+  /**
+   * Sign a message with SIG(0). The DNS key and private key must refer to the same underlying
+   * cryptographic key.
+   *
+   * @param message The message to be signed
+   * @param key The DNSKEY record to use as part of signing
+   * @param privkey The PrivateKey to use when signing
+   * @param previous If this message is a response, the SIG(0) from the query
+   * @param timeSigned The time instant when the message has been signed.
+   */
+  public static void signMessage(
+      Message message, KEYRecord key, PrivateKey privkey, SIGRecord previous, Instant timeSigned)
+      throws DNSSEC.DNSSECException {
 
     int validityOption = Options.intValue("sig0validity");
     Duration validity;
@@ -43,7 +61,6 @@ public static void signMessage(
       validity = Duration.ofSeconds(validityOption);
     }
 
-    Instant timeSigned = Instant.now();
     Instant timeExpires = timeSigned.plus(validity);
 
     SIGRecord sig = DNSSEC.signMessage(message, previous, key, privkey, timeSigned, timeExpires);
@@ -52,7 +69,7 @@ public static void signMessage(
   }
 
   /**
-   * Verify a message using SIG(0).
+   * Verify a message using SIG(0). Uses the current system clock for the date/time.
    *
    * @param message The message to be signed
    * @param b An array containing the message in unparsed form. This is necessary since SIG(0) signs
@@ -62,19 +79,35 @@ public static void signMessage(
    * @param previous If this message is a response, the SIG(0) from the query
    */
   public static void verifyMessage(Message message, byte[] b, KEYRecord key, SIGRecord previous)
+      throws DNSSECException {
+    verifyMessage(message, b, key, previous, Instant.now());
+  }
+
+  /**
+   * Verify a message using SIG(0).
+   *
+   * @param message The message to be signed
+   * @param b An array containing the message in unparsed form. This is necessary since SIG(0) signs
+   *     the message in wire format, and we can't recreate the exact wire format (with the same name
+   *     compression).
+   * @param key The KEY record to verify the signature with.
+   * @param previous If this message is a response, the SIG(0) from the query
+   * @param now the time instant to verify the message.
+   */
+  public static void verifyMessage(
+      Message message, byte[] b, KEYRecord key, SIGRecord previous, Instant now)
       throws DNSSEC.DNSSECException {
     SIGRecord sig = null;
-    Record[] additional = message.getSectionArray(Section.ADDITIONAL);
-    for (Record record : additional) {
-      if (record.getType() != Type.SIG) {
+    for (Record r : message.getSection(Section.ADDITIONAL)) {
+      if (r.getType() != Type.SIG) {
         continue;
       }
-      if (((SIGRecord) record).getTypeCovered() != 0) {
+      if (((SIGRecord) r).getTypeCovered() != 0) {
         continue;
       }
-      sig = (SIGRecord) record;
+      sig = (SIGRecord) r;
       break;
     }
-    DNSSEC.verifyMessage(message, b, sig, previous, key);
+    DNSSEC.verifyMessage(message, b, sig, previous, key, now);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/SIGBase.java b/src/main/java/org/xbill/DNS/SIGBase.java
index f2863cb53..58d80b100 100644
--- a/src/main/java/org/xbill/DNS/SIGBase.java
+++ b/src/main/java/org/xbill/DNS/SIGBase.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -12,20 +13,19 @@
  * @author Brian Wellington
  */
 abstract class SIGBase extends Record {
-
-  private static final long serialVersionUID = -3738444391533812369L;
-
   protected int covered;
-  protected int alg, labels;
+  protected int alg;
+  protected int labels;
   protected long origttl;
-  protected Instant expire, timeSigned;
+  protected Instant expire;
+  protected Instant timeSigned;
   protected int footprint;
   protected Name signer;
   protected byte[] signature;
 
   protected SIGBase() {}
 
-  public SIGBase(
+  protected SIGBase(
       Name name,
       int type,
       int dclass,
@@ -56,7 +56,7 @@ public SIGBase(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     covered = in.readU16();
     alg = in.readU8();
     labels = in.readU8();
@@ -69,7 +69,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     String typeString = st.getString();
     covered = Type.value(typeString);
     if (covered < 0) {
@@ -91,7 +91,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Converts the RRSIG/SIG Record to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(Type.string(covered));
     sb.append(" ");
@@ -101,7 +101,7 @@ String rrToString() {
     sb.append(" ");
     sb.append(origttl);
     sb.append(" ");
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("(\n\t");
     }
     sb.append(FormattedTime.format(expire));
@@ -111,7 +111,7 @@ String rrToString() {
     sb.append(footprint);
     sb.append(" ");
     sb.append(signer);
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("\n");
       sb.append(base64.formatString(signature, 64, "\t", true));
     } else {
@@ -168,7 +168,7 @@ public Instant getTimeSigned() {
     return timeSigned;
   }
 
-  /** Returns The footprint/key id of the signing key. */
+  /** Returns the footprint/key id of the signing key. */
   public int getFootprint() {
     return footprint;
   }
@@ -188,7 +188,7 @@ void setSignature(byte[] signature) {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(covered);
     out.writeU8(alg);
     out.writeU8(labels);
diff --git a/src/main/java/org/xbill/DNS/SIGRecord.java b/src/main/java/org/xbill/DNS/SIGRecord.java
index 2bcd50aac..9a012bd21 100644
--- a/src/main/java/org/xbill/DNS/SIGRecord.java
+++ b/src/main/java/org/xbill/DNS/SIGRecord.java
@@ -1,8 +1,10 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.time.Instant;
+import java.util.Date;
 
 /**
  * Signature - A SIG provides the digital signature of an RRset, so that the data can be
@@ -11,21 +13,13 @@
  *
  * @see RRset
  * @see DNSSEC
- * @see KEYRecord <a href="https://tools.ietf.org/html/rfc2535">RFC 2535: Domain Name System
- *     Security Extensions</a>
+ * @see KEYRecord <a href="https://datatracker.ietf.org/doc/html/rfc2535">RFC 2535: Domain Name
+ *     System Security Extensions</a>
  * @author Brian Wellington
  */
 public class SIGRecord extends SIGBase {
-
-  private static final long serialVersionUID = 4963556060953589058L;
-
   SIGRecord() {}
 
-  @Override
-  Record getObject() {
-    return new SIGRecord();
-  }
-
   /**
    * Creates an SIG Record from the given data
    *
@@ -64,4 +58,46 @@ public SIGRecord(
         signer,
         signature);
   }
+
+  /**
+   * Creates an SIG Record from the given data
+   *
+   * @param covered The RRset type covered by this signature
+   * @param alg The cryptographic algorithm of the key that generated the signature
+   * @param origttl The original TTL of the RRset
+   * @param expire The time at which the signature expires
+   * @param timeSigned The time at which this signature was generated
+   * @param footprint The footprint/key id of the signing key.
+   * @param signer The owner of the signing key
+   * @param signature Binary data representing the signature
+   * @deprecated use {@link #SIGRecord(Name, int, long, int, int, long, Instant, Instant, int, Name,
+   *     byte[])}
+   */
+  @Deprecated
+  public SIGRecord(
+      Name name,
+      int dclass,
+      long ttl,
+      int covered,
+      int alg,
+      long origttl,
+      Date expire,
+      Date timeSigned,
+      int footprint,
+      Name signer,
+      byte[] signature) {
+    super(
+        name,
+        Type.SIG,
+        dclass,
+        ttl,
+        covered,
+        alg,
+        origttl,
+        expire.toInstant(),
+        timeSigned.toInstant(),
+        footprint,
+        signer,
+        signature);
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/SMIMEARecord.java b/src/main/java/org/xbill/DNS/SMIMEARecord.java
index debd80e82..d98302ea8 100644
--- a/src/main/java/org/xbill/DNS/SMIMEARecord.java
+++ b/src/main/java/org/xbill/DNS/SMIMEARecord.java
@@ -1,67 +1,18 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
-import java.io.IOException;
-import org.xbill.DNS.utils.base16;
-
 /**
  * S/MIME cert association
  *
- * @see <a href="https://tools.ietf.org/html/rfc8162">RFC 8162: Using Secure DNS to Associate
- *     Certificates with Domain Names for S/MIME</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc8162">RFC 8162: Using Secure DNS to
+ *     Associate Certificates with Domain Names for S/MIME</a>
  * @author Brian Wellington
  */
-public class SMIMEARecord extends Record {
-
-  private static final long serialVersionUID = 1640247915216425235L;
-
-  // Note; these are copied from the TLSA type.
-
-  public static class CertificateUsage {
-    private CertificateUsage() {}
-
-    public static final int CA_CONSTRAINT = 0;
-    public static final int SERVICE_CERTIFICATE_CONSTRAINT = 1;
-    public static final int TRUST_ANCHOR_ASSERTION = 2;
-    public static final int DOMAIN_ISSUED_CERTIFICATE = 3;
-  }
-
-  public static class Selector {
-    private Selector() {}
-
-    /** Full certificate; the Certificate binary structure defined in [RFC5280] */
-    public static final int FULL_CERTIFICATE = 0;
-
-    /** SubjectPublicKeyInfo; DER-encoded binary structure defined in [RFC5280] */
-    public static final int SUBJECT_PUBLIC_KEY_INFO = 1;
-  }
-
-  public static class MatchingType {
-    private MatchingType() {}
-
-    /** Exact match on selected content */
-    public static final int EXACT = 0;
-
-    /** SHA-256 hash of selected content [RFC6234] */
-    public static final int SHA256 = 1;
-
-    /** SHA-512 hash of selected content [RFC6234] */
-    public static final int SHA512 = 2;
-  }
-
-  private int certificateUsage;
-  private int selector;
-  private int matchingType;
-  private byte[] certificateAssociationData;
-
+public class SMIMEARecord extends TLSARecord {
   SMIMEARecord() {}
 
-  @Override
-  Record getObject() {
-    return new SMIMEARecord();
-  }
-
   /**
    * Creates an SMIMEA Record from the given data
    *
@@ -80,70 +31,14 @@ public SMIMEARecord(
       int selector,
       int matchingType,
       byte[] certificateAssociationData) {
-    super(name, Type.SMIMEA, dclass, ttl);
-    this.certificateUsage = checkU8("certificateUsage", certificateUsage);
-    this.selector = checkU8("selector", selector);
-    this.matchingType = checkU8("matchingType", matchingType);
-    this.certificateAssociationData =
-        checkByteArrayLength("certificateAssociationData", certificateAssociationData, 0xFFFF);
-  }
-
-  @Override
-  void rrFromWire(DNSInput in) throws IOException {
-    certificateUsage = in.readU8();
-    selector = in.readU8();
-    matchingType = in.readU8();
-    certificateAssociationData = in.readByteArray();
-  }
-
-  @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
-    certificateUsage = st.getUInt8();
-    selector = st.getUInt8();
-    matchingType = st.getUInt8();
-    certificateAssociationData = st.getHex();
-  }
-
-  /** Converts rdata to a String */
-  @Override
-  String rrToString() {
-    StringBuilder sb = new StringBuilder();
-    sb.append(certificateUsage);
-    sb.append(" ");
-    sb.append(selector);
-    sb.append(" ");
-    sb.append(matchingType);
-    sb.append(" ");
-    sb.append(base16.toString(certificateAssociationData));
-
-    return sb.toString();
-  }
-
-  @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
-    out.writeU8(certificateUsage);
-    out.writeU8(selector);
-    out.writeU8(matchingType);
-    out.writeByteArray(certificateAssociationData);
-  }
-
-  /** Returns the certificate usage of the SMIMEA record */
-  public int getCertificateUsage() {
-    return certificateUsage;
-  }
-
-  /** Returns the selector of the SMIMEA record */
-  public int getSelector() {
-    return selector;
-  }
-
-  /** Returns the matching type of the SMIMEA record */
-  public int getMatchingType() {
-    return matchingType;
-  }
-
-  /** Returns the certificate associate data of this SMIMEA record */
-  public final byte[] getCertificateAssociationData() {
-    return certificateAssociationData;
+    super(
+        name,
+        Type.SMIMEA,
+        dclass,
+        ttl,
+        certificateUsage,
+        selector,
+        matchingType,
+        certificateAssociationData);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/SOARecord.java b/src/main/java/org/xbill/DNS/SOARecord.java
index 3313abdfe..9f327959e 100644
--- a/src/main/java/org/xbill/DNS/SOARecord.java
+++ b/src/main/java/org/xbill/DNS/SOARecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -8,23 +9,20 @@
  * Start of Authority - describes properties of a zone.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class SOARecord extends Record {
-
-  private static final long serialVersionUID = 1049740098229303931L;
-
-  private Name host, admin;
-  private long serial, refresh, retry, expire, minimum;
+  private Name host;
+  private Name admin;
+  private long serial;
+  private long refresh;
+  private long retry;
+  private long expire;
+  private long minimum;
 
   SOARecord() {}
 
-  @Override
-  Record getObject() {
-    return new SOARecord();
-  }
-
   /**
    * Creates an SOA Record from the given data
    *
@@ -58,7 +56,7 @@ public SOARecord(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     host = new Name(in);
     admin = new Name(in);
     serial = in.readU32();
@@ -69,7 +67,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     host = st.getName(origin);
     admin = st.getName(origin);
     serial = st.getUInt32();
@@ -81,12 +79,12 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Convert to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(host);
     sb.append(" ");
     sb.append(admin);
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append(" (\n\t\t\t\t\t");
       sb.append(serial);
       sb.append("\t; serial\n\t\t\t\t\t");
@@ -149,7 +147,7 @@ public long getMinimum() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     host.toWire(out, c, canonical);
     admin.toWire(out, c, canonical);
     out.writeU32(serial);
diff --git a/src/main/java/org/xbill/DNS/SPFRecord.java b/src/main/java/org/xbill/DNS/SPFRecord.java
index 6a2f39b18..074b4b0f7 100644
--- a/src/main/java/org/xbill/DNS/SPFRecord.java
+++ b/src/main/java/org/xbill/DNS/SPFRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -8,20 +9,12 @@
  * Sender Policy Framework (discontinued in RFC 7208)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc7208">RFC 7208: Sender Policy Framework (SPF) for
- *     Authorizing Use of Domains in Email, Version 1</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7208">RFC 7208: Sender Policy Framework
+ *     (SPF) for Authorizing Use of Domains in Email, Version 1</a>
  */
 public class SPFRecord extends TXTBase {
-
-  private static final long serialVersionUID = -2100754352801658722L;
-
   SPFRecord() {}
 
-  @Override
-  Record getObject() {
-    return new SPFRecord();
-  }
-
   /**
    * Creates a SPF Record from the given data
    *
diff --git a/src/main/java/org/xbill/DNS/SRVRecord.java b/src/main/java/org/xbill/DNS/SRVRecord.java
index 5d14b5e29..78f05ceba 100644
--- a/src/main/java/org/xbill/DNS/SRVRecord.java
+++ b/src/main/java/org/xbill/DNS/SRVRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -10,23 +11,17 @@
  * (for the secure SIP protocol) and _http._tcp.example.com (if HTTP used SRV records)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2782">RFC 2782: A DNS RR for specifying the location
- *     of services (DNS SRV)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2782">RFC 2782: A DNS RR for specifying
+ *     the location of services (DNS SRV)</a>
  */
 public class SRVRecord extends Record {
-
-  private static final long serialVersionUID = -3886460132387522052L;
-
-  private int priority, weight, port;
+  private int priority;
+  private int weight;
+  private int port;
   private Name target;
 
   SRVRecord() {}
 
-  @Override
-  Record getObject() {
-    return new SRVRecord();
-  }
-
   /**
    * Creates an SRV Record from the given data
    *
@@ -45,7 +40,7 @@ public SRVRecord(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     priority = in.readU16();
     weight = in.readU16();
     port = in.readU16();
@@ -53,7 +48,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     priority = st.getUInt16();
     weight = st.getUInt16();
     port = st.getUInt16();
@@ -62,7 +57,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(priority).append(" ");
     sb.append(weight).append(" ");
@@ -92,7 +87,7 @@ public Name getTarget() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(priority);
     out.writeU16(weight);
     out.writeU16(port);
diff --git a/src/main/java/org/xbill/DNS/SSHFPRecord.java b/src/main/java/org/xbill/DNS/SSHFPRecord.java
index 265188468..4d7e9715e 100644
--- a/src/main/java/org/xbill/DNS/SSHFPRecord.java
+++ b/src/main/java/org/xbill/DNS/SSHFPRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,13 +10,10 @@
  * SSH Fingerprint - stores the fingerprint of an SSH host key.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4255">RFC 4255: Using DNS to Securely Publish Secure
- *     Shell (SSH) Key Fingerprints</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4255">RFC 4255: Using DNS to Securely
+ *     Publish Secure Shell (SSH) Key Fingerprints</a>
  */
 public class SSHFPRecord extends Record {
-
-  private static final long serialVersionUID = -8104701402654687025L;
-
   public static class Algorithm {
     private Algorithm() {}
 
@@ -35,11 +33,6 @@ private Digest() {}
 
   SSHFPRecord() {}
 
-  @Override
-  Record getObject() {
-    return new SSHFPRecord();
-  }
-
   /**
    * Creates an SSHFP Record from the given data.
    *
@@ -55,21 +48,21 @@ public SSHFPRecord(Name name, int dclass, long ttl, int alg, int digestType, byt
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     alg = in.readU8();
     digestType = in.readU8();
     fingerprint = in.readByteArray();
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     alg = st.getUInt8();
     digestType = st.getUInt8();
     fingerprint = st.getHex(true);
   }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(alg);
     sb.append(" ");
@@ -95,7 +88,7 @@ public byte[] getFingerPrint() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU8(alg);
     out.writeU8(digestType);
     out.writeByteArray(fingerprint);
diff --git a/src/main/java/org/xbill/DNS/SVCBBase.java b/src/main/java/org/xbill/DNS/SVCBBase.java
new file mode 100644
index 000000000..cd5a88083
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/SVCBBase.java
@@ -0,0 +1,821 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.function.Supplier;
+import java.util.stream.Collectors;
+import org.xbill.DNS.utils.base64;
+
+/**
+ * Implements common functionality for SVCB and HTTPS records
+ *
+ * @since 3.3
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc9460">RFC 9460</a>
+ */
+public abstract class SVCBBase extends Record {
+  protected int svcPriority;
+  protected Name targetName;
+  protected final Map<Integer, ParameterBase> svcParams;
+
+  public static final int MANDATORY = 0;
+  public static final int ALPN = 1;
+  public static final int NO_DEFAULT_ALPN = 2;
+  public static final int PORT = 3;
+  public static final int IPV4HINT = 4;
+  public static final int ECH = 5;
+  public static final int IPV6HINT = 6;
+
+  /**
+   * Pre-RFC constant for the {@link #ECH} SVC parameter.
+   *
+   * @deprecated use {@link #ECH}
+   */
+  @Deprecated public static final int ECHCONFIG = 5;
+
+  protected SVCBBase() {
+    svcParams = new TreeMap<>();
+  }
+
+  protected SVCBBase(Name name, int type, int dclass, long ttl) {
+    super(name, type, dclass, ttl);
+    svcParams = new TreeMap<>();
+  }
+
+  protected SVCBBase(
+      Name name,
+      int type,
+      int dclass,
+      long ttl,
+      int priority,
+      Name domain,
+      List<ParameterBase> params) {
+    super(name, type, dclass, ttl);
+    svcPriority = priority;
+    targetName = domain;
+    svcParams = new TreeMap<>();
+    for (ParameterBase param : params) {
+      if (svcParams.containsKey(param.getKey())) {
+        throw new IllegalArgumentException("Duplicate SvcParam for key " + param.getKey());
+      }
+      svcParams.put(param.getKey(), param);
+    }
+  }
+
+  public int getSvcPriority() {
+    return svcPriority;
+  }
+
+  public Name getTargetName() {
+    return targetName;
+  }
+
+  public Set<Integer> getSvcParamKeys() {
+    return svcParams.keySet();
+  }
+
+  public ParameterBase getSvcParamValue(int key) {
+    return svcParams.get(key);
+  }
+
+  private static class ParameterMnemonic extends Mnemonic {
+    private final HashMap<Integer, Supplier<ParameterBase>> factories;
+
+    public ParameterMnemonic() {
+      super("SVCB/HTTPS Parameters", Mnemonic.CASE_LOWER);
+      setPrefix("key");
+      setNumericAllowed(true);
+      setMaximum(0xFFFF);
+      factories = new HashMap<>();
+    }
+
+    public void add(int val, String str, Supplier<ParameterBase> factory) {
+      super.add(val, str);
+      factories.put(val, factory);
+    }
+
+    public Supplier<ParameterBase> getFactory(int val) {
+      return factories.get(val);
+    }
+  }
+
+  private static final ParameterMnemonic parameters = new ParameterMnemonic();
+
+  static {
+    parameters.add(MANDATORY, "mandatory", ParameterMandatory::new);
+    parameters.add(ALPN, "alpn", ParameterAlpn::new);
+    parameters.add(NO_DEFAULT_ALPN, "no-default-alpn", ParameterNoDefaultAlpn::new);
+    parameters.add(PORT, "port", ParameterPort::new);
+    parameters.add(IPV4HINT, "ipv4hint", ParameterIpv4Hint::new);
+    parameters.add(ECH, "ech", ParameterEch::new);
+    parameters.add(IPV6HINT, "ipv6hint", ParameterIpv6Hint::new);
+    /* Support obsolete echconfig name as an alias for ech */
+    parameters.addAlias(ECH, "echconfig");
+  }
+
+  public abstract static class ParameterBase implements Serializable {
+    public ParameterBase() {}
+
+    public abstract int getKey();
+
+    public abstract void fromWire(byte[] bytes) throws IOException;
+
+    public abstract void fromString(String string) throws IOException;
+
+    public abstract byte[] toWire();
+
+    @Override
+    public abstract String toString();
+
+    // Split string on commas, but not if comma is escaped with a '\'
+    public static String[] splitStringWithEscapedCommas(String string) {
+      return string.split("(?<!\\\\),");
+    }
+  }
+
+  public static class ParameterMandatory extends ParameterBase {
+    private final List<Integer> values;
+
+    public ParameterMandatory() {
+      super();
+      values = new ArrayList<>();
+    }
+
+    public ParameterMandatory(List<Integer> values) {
+      super();
+      this.values = values;
+    }
+
+    public List<Integer> getValues() {
+      return values;
+    }
+
+    @Override
+    public int getKey() {
+      return MANDATORY;
+    }
+
+    @Override
+    public void fromWire(byte[] bytes) throws IOException {
+      values.clear();
+      DNSInput in = new DNSInput(bytes);
+      while (in.remaining() >= 2) {
+        int key = in.readU16();
+        values.add(key);
+      }
+      if (in.remaining() > 0) {
+        throw new WireParseException("Unexpected number of bytes in mandatory parameter");
+      }
+    }
+
+    @Override
+    public void fromString(String string) throws TextParseException {
+      values.clear();
+      if (string == null || string.isEmpty()) {
+        throw new TextParseException("Non-empty list must be specified for mandatory");
+      }
+      for (String str : splitStringWithEscapedCommas(string)) {
+        int key = parameters.getValue(str);
+        if (key == MANDATORY) {
+          throw new TextParseException("Key mandatory must not appear in its own list");
+        }
+        if (values.contains(key)) {
+          throw new TextParseException("Duplicate key " + str + " not allowed in mandatory list");
+        }
+        values.add(key);
+      }
+    }
+
+    @Override
+    public byte[] toWire() {
+      DNSOutput out = new DNSOutput();
+      for (Integer val : values) {
+        out.writeU16(val);
+      }
+      return out.toByteArray();
+    }
+
+    @Override
+    public String toString() {
+      StringBuilder sb = new StringBuilder();
+      for (Integer val : values) {
+        if (sb.length() > 0) {
+          sb.append(",");
+        }
+        sb.append(parameters.getText(val));
+      }
+      return sb.toString();
+    }
+  }
+
+  public static class ParameterAlpn extends ParameterBase {
+    private final List<byte[]> values;
+
+    public ParameterAlpn() {
+      super();
+      values = new ArrayList<>();
+    }
+
+    public ParameterAlpn(List<String> values) throws TextParseException {
+      super();
+      this.values = new ArrayList<>();
+      for (String str : values) {
+        this.values.add(byteArrayFromString(str));
+      }
+    }
+
+    public List<String> getValues() {
+      List<String> result = new ArrayList<>();
+      for (byte[] b : values) {
+        result.add(byteArrayToString(b, false));
+      }
+      return result;
+    }
+
+    @Override
+    public int getKey() {
+      return ALPN;
+    }
+
+    @Override
+    public void fromWire(byte[] bytes) throws IOException {
+      values.clear();
+      DNSInput in = new DNSInput(bytes);
+      while (in.remaining() > 0) {
+        byte[] b = in.readCountedString();
+        values.add(b);
+      }
+    }
+
+    @Override
+    public void fromString(String string) throws TextParseException {
+      values.clear();
+      if (string == null || string.isEmpty()) {
+        throw new TextParseException("Non-empty list must be specified for alpn");
+      }
+      for (String str : splitStringWithEscapedCommas(string)) {
+        values.add(byteArrayFromString(str));
+      }
+    }
+
+    @Override
+    public byte[] toWire() {
+      DNSOutput out = new DNSOutput();
+      for (byte[] b : values) {
+        out.writeCountedString(b);
+      }
+      return out.toByteArray();
+    }
+
+    @Override
+    public String toString() {
+      StringBuilder sb = new StringBuilder();
+      for (byte[] b : values) {
+        if (sb.length() > 0) {
+          sb.append(",");
+        }
+        String str = byteArrayToString(b, false);
+        str = str.replace(",", "\\,");
+        sb.append(str);
+      }
+      return sb.toString();
+    }
+  }
+
+  public static class ParameterNoDefaultAlpn extends ParameterBase {
+    public ParameterNoDefaultAlpn() {
+      super();
+    }
+
+    @Override
+    public int getKey() {
+      return NO_DEFAULT_ALPN;
+    }
+
+    @Override
+    public void fromWire(byte[] bytes) throws WireParseException {
+      if (bytes.length > 0) {
+        throw new WireParseException("No value can be specified for no-default-alpn");
+      }
+    }
+
+    @Override
+    public void fromString(String string) throws TextParseException {
+      if (string != null && !string.isEmpty()) {
+        throw new TextParseException("No value can be specified for no-default-alpn");
+      }
+    }
+
+    @Override
+    public byte[] toWire() {
+      return new byte[0];
+    }
+
+    @Override
+    public String toString() {
+      return "";
+    }
+  }
+
+  public static class ParameterPort extends ParameterBase {
+    private int port;
+
+    public ParameterPort() {
+      super();
+    }
+
+    public ParameterPort(int port) {
+      super();
+      this.port = port;
+    }
+
+    public int getPort() {
+      return port;
+    }
+
+    @Override
+    public int getKey() {
+      return PORT;
+    }
+
+    @Override
+    public void fromWire(byte[] bytes) throws IOException {
+      DNSInput in = new DNSInput(bytes);
+      port = in.readU16();
+      if (in.remaining() > 0) {
+        throw new WireParseException("Unexpected number of bytes in port parameter");
+      }
+    }
+
+    @Override
+    public void fromString(String string) throws TextParseException {
+      if (string == null || string.isEmpty()) {
+        throw new TextParseException("Integer value must be specified for port");
+      }
+      port = Integer.parseInt(string);
+    }
+
+    @Override
+    public byte[] toWire() {
+      DNSOutput out = new DNSOutput();
+      out.writeU16(port);
+      return out.toByteArray();
+    }
+
+    @Override
+    public String toString() {
+      return Integer.toString(port);
+    }
+  }
+
+  public static class ParameterIpv4Hint extends ParameterBase {
+    private final List<byte[]> addresses;
+
+    public ParameterIpv4Hint() {
+      super();
+      addresses = new ArrayList<>();
+    }
+
+    public ParameterIpv4Hint(List<Inet4Address> addresses) {
+      super();
+      this.addresses =
+          addresses.stream().map(Inet4Address::getAddress).collect(Collectors.toList());
+    }
+
+    public List<Inet4Address> getAddresses() throws UnknownHostException {
+      List<Inet4Address> result = new LinkedList<>();
+      for (byte[] bytes : addresses) {
+        InetAddress address = InetAddress.getByAddress(bytes);
+        if (address instanceof Inet4Address) {
+          result.add((Inet4Address) address);
+        }
+      }
+      return result;
+    }
+
+    @Override
+    public int getKey() {
+      return IPV4HINT;
+    }
+
+    @Override
+    public void fromWire(byte[] bytes) throws IOException {
+      addresses.clear();
+      DNSInput in = new DNSInput(bytes);
+      while (in.remaining() >= 4) {
+        addresses.add(in.readByteArray(4));
+      }
+      if (in.remaining() > 0) {
+        throw new WireParseException("Unexpected number of bytes in ipv4hint parameter");
+      }
+    }
+
+    @Override
+    public void fromString(String string) throws IOException {
+      addresses.clear();
+      if (string == null || string.isEmpty()) {
+        throw new TextParseException("Non-empty IPv4 list must be specified for ipv4hint");
+      }
+      for (String str : string.split(",")) {
+        byte[] address = Address.toByteArray(str, Address.IPv4);
+        if (address == null) {
+          throw new TextParseException("Invalid ipv4hint value '" + str + "'");
+        }
+        addresses.add(address);
+      }
+    }
+
+    @Override
+    public byte[] toWire() {
+      DNSOutput out = new DNSOutput();
+      for (byte[] b : addresses) {
+        out.writeByteArray(b);
+      }
+      return out.toByteArray();
+    }
+
+    @Override
+    public String toString() {
+      StringBuilder sb = new StringBuilder();
+      for (byte[] b : addresses) {
+        if (sb.length() > 0) {
+          sb.append(",");
+        }
+        sb.append(Address.toDottedQuad(b));
+      }
+      return sb.toString();
+    }
+  }
+
+  public static class ParameterEch extends ParameterBase {
+    private byte[] data;
+
+    public ParameterEch() {
+      super();
+    }
+
+    public ParameterEch(byte[] data) {
+      super();
+      this.data = data;
+    }
+
+    public byte[] getData() {
+      return data;
+    }
+
+    @Override
+    public int getKey() {
+      return ECH;
+    }
+
+    @Override
+    public void fromWire(byte[] bytes) {
+      data = bytes;
+    }
+
+    @Override
+    public void fromString(String string) throws TextParseException {
+      if (string == null || string.isEmpty()) {
+        throw new TextParseException("Non-empty base64 value must be specified for ech");
+      }
+      data = base64.fromString(string);
+    }
+
+    @Override
+    public byte[] toWire() {
+      return data;
+    }
+
+    @Override
+    public String toString() {
+      return base64.toString(data);
+    }
+  }
+
+  /**
+   * Pre-RFC class for {@link ParameterEch}.
+   *
+   * @deprecated use {@link ParameterEch}
+   */
+  @Deprecated
+  public static class ParameterEchConfig extends ParameterBase {
+    private byte[] data;
+
+    public ParameterEchConfig() {
+      super();
+    }
+
+    public ParameterEchConfig(byte[] data) {
+      super();
+      this.data = data;
+    }
+
+    public byte[] getData() {
+      return data;
+    }
+
+    @Override
+    public int getKey() {
+      return ECHCONFIG;
+    }
+
+    @Override
+    public void fromWire(byte[] bytes) {
+      data = bytes;
+    }
+
+    @Override
+    public void fromString(String string) throws TextParseException {
+      if (string == null || string.isEmpty()) {
+        throw new TextParseException("Non-empty base64 value must be specified for echconfig");
+      }
+      data = base64.fromString(string);
+    }
+
+    @Override
+    public byte[] toWire() {
+      return data;
+    }
+
+    @Override
+    public String toString() {
+      return base64.toString(data);
+    }
+  }
+
+  public static class ParameterIpv6Hint extends ParameterBase {
+    private final List<byte[]> addresses;
+
+    public ParameterIpv6Hint() {
+      super();
+      addresses = new ArrayList<>();
+    }
+
+    public ParameterIpv6Hint(List<Inet6Address> addresses) {
+      super();
+      this.addresses =
+          addresses.stream().map(Inet6Address::getAddress).collect(Collectors.toList());
+    }
+
+    public List<Inet6Address> getAddresses() throws UnknownHostException {
+      List<Inet6Address> result = new LinkedList<>();
+      for (byte[] bytes : addresses) {
+        InetAddress address = InetAddress.getByAddress(bytes);
+        if (address instanceof Inet6Address) {
+          result.add((Inet6Address) address);
+        }
+      }
+      return result;
+    }
+
+    @Override
+    public int getKey() {
+      return IPV6HINT;
+    }
+
+    @Override
+    public void fromWire(byte[] bytes) throws IOException {
+      addresses.clear();
+      DNSInput in = new DNSInput(bytes);
+      while (in.remaining() >= 16) {
+        addresses.add(in.readByteArray(16));
+      }
+      if (in.remaining() > 0) {
+        throw new WireParseException("Unexpected number of bytes in ipv6hint parameter");
+      }
+    }
+
+    @Override
+    public void fromString(String string) throws IOException {
+      addresses.clear();
+      if (string == null || string.isEmpty()) {
+        throw new TextParseException("Non-empty IPv6 list must be specified for ipv6hint");
+      }
+      for (String str : string.split(",")) {
+        byte[] address = Address.toByteArray(str, Address.IPv6);
+        if (address == null) {
+          throw new TextParseException("Invalid ipv6hint value '" + str + "'");
+        }
+        addresses.add(address);
+      }
+    }
+
+    @Override
+    public byte[] toWire() {
+      DNSOutput out = new DNSOutput();
+      for (byte[] b : addresses) {
+        out.writeByteArray(b);
+      }
+      return out.toByteArray();
+    }
+
+    @Override
+    public String toString() {
+      StringBuilder sb = new StringBuilder();
+      for (byte[] b : addresses) {
+        if (sb.length() > 0) {
+          sb.append(",");
+        }
+        try {
+          InetAddress addr = InetAddress.getByAddress(null, b);
+          sb.append(addr.getHostAddress());
+        } catch (UnknownHostException e) {
+          // should not happen, but returning null and throwing is bad
+          return e.getMessage();
+        }
+      }
+      return sb.toString();
+    }
+  }
+
+  public static class ParameterUnknown extends ParameterBase {
+    private final int key;
+    private byte[] value;
+
+    public ParameterUnknown(int key) {
+      super();
+      this.key = key;
+      this.value = new byte[0];
+    }
+
+    public ParameterUnknown(int key, byte[] value) {
+      super();
+      this.key = key;
+      this.value = value;
+    }
+
+    public byte[] getValue() {
+      return value;
+    }
+
+    @Override
+    public int getKey() {
+      return key;
+    }
+
+    @Override
+    public void fromWire(byte[] bytes) {
+      value = bytes;
+    }
+
+    @Override
+    public void fromString(String string) throws IOException {
+      if (string == null || string.isEmpty()) {
+        value = new byte[0];
+      } else {
+        value = byteArrayFromString(string);
+      }
+    }
+
+    @Override
+    public byte[] toWire() {
+      return value;
+    }
+
+    @Override
+    public String toString() {
+      return byteArrayToString(value, false);
+    }
+  }
+
+  protected boolean checkMandatoryParams() {
+    ParameterMandatory param = (ParameterMandatory) getSvcParamValue(MANDATORY);
+    if (param != null) {
+      for (int key : param.values) {
+        if (getSvcParamValue(key) == null) {
+          return false;
+        }
+      }
+    }
+    return true;
+  }
+
+  @Override
+  protected void rrFromWire(DNSInput in) throws IOException {
+    svcPriority = in.readU16();
+    targetName = new Name(in);
+    svcParams.clear();
+    while (in.remaining() >= 4) {
+      int key = in.readU16();
+      int length = in.readU16();
+      byte[] value = in.readByteArray(length);
+      ParameterBase param;
+      Supplier<ParameterBase> factory = parameters.getFactory(key);
+      if (factory != null) {
+        param = factory.get();
+      } else {
+        param = new ParameterUnknown(key);
+      }
+      param.fromWire(value);
+      svcParams.put(key, param);
+    }
+    if (in.remaining() > 0) {
+      throw new WireParseException("Record had unexpected number of bytes");
+    }
+    if (!checkMandatoryParams()) {
+      throw new WireParseException("Not all mandatory SvcParams are specified");
+    }
+  }
+
+  @Override
+  protected String rrToString() {
+    StringBuilder sb = new StringBuilder();
+    sb.append(svcPriority);
+    sb.append(" ");
+    sb.append(targetName);
+    for (Map.Entry<Integer, ParameterBase> entry : svcParams.entrySet()) {
+      sb.append(" ");
+      sb.append(parameters.getText(entry.getKey()));
+      ParameterBase param = entry.getValue();
+      String value = param.toString();
+      if (value != null && !value.isEmpty()) {
+        sb.append("=");
+        sb.append(value);
+      }
+    }
+    return sb.toString();
+  }
+
+  @Override
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
+    svcPriority = st.getUInt16();
+    targetName = st.getName(origin);
+    svcParams.clear();
+    while (true) {
+      String keyStr = null;
+      String valueStr = null;
+      Tokenizer.Token t = st.get();
+      if (!t.isString()) {
+        break;
+      }
+      int indexOfEquals = t.value().indexOf('=');
+      if (indexOfEquals == -1) {
+        // No "=" is key with no value case, leave value string as null
+        keyStr = t.value();
+      } else if (indexOfEquals == t.value().length() - 1) {
+        // Ends with "=" means the next token is quoted string with the value
+        keyStr = t.value().substring(0, indexOfEquals);
+        Tokenizer.Token valueToken = st.get();
+        if (!valueToken.isString()) {
+          throw new TextParseException("Expected value for parameter key '" + keyStr + "'");
+        }
+        valueStr = valueToken.value();
+      } else if (indexOfEquals > 0) {
+        // If "=" is in the middle then need to split the key and value from this token
+        keyStr = t.value().substring(0, indexOfEquals);
+        valueStr = t.value().substring(indexOfEquals + 1);
+      } else {
+        throw new TextParseException("Expected valid parameter key=value for '" + t.value() + "'");
+      }
+
+      ParameterBase param;
+      int key = parameters.getValue(keyStr);
+      if (key == -1) {
+        throw new TextParseException("Expected a valid parameter key for '" + keyStr + "'");
+      }
+      if (svcParams.containsKey(key)) {
+        throw new TextParseException("Duplicate parameter key for '" + keyStr + "'");
+      }
+      Supplier<ParameterBase> factory = parameters.getFactory(key);
+      if (factory != null) {
+        param = factory.get();
+      } else {
+        param = new ParameterUnknown(key);
+      }
+      param.fromString(valueStr);
+      svcParams.put(key, param);
+    }
+    st.unget();
+
+    if (svcPriority == 0 && !svcParams.isEmpty()) {
+      throw new TextParseException("No parameter values allowed for AliasMode");
+    }
+    if (!checkMandatoryParams()) {
+      throw new TextParseException("Not all mandatory SvcParams are specified");
+    }
+  }
+
+  @Override
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+    out.writeU16(svcPriority);
+    targetName.toWire(out, null, canonical);
+    for (Map.Entry<Integer, ParameterBase> entry : svcParams.entrySet()) {
+      out.writeU16(entry.getKey());
+      ParameterBase param = entry.getValue();
+      byte[] value = param.toWire();
+      out.writeU16(value.length);
+      out.writeByteArray(value);
+    }
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/SVCBRecord.java b/src/main/java/org/xbill/DNS/SVCBRecord.java
new file mode 100644
index 000000000..1785e52e5
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/SVCBRecord.java
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.util.List;
+
+/**
+ * Service Location and Parameter Binding Record
+ *
+ * @since 3.3
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc9460">RFC 9460</a>
+ */
+public class SVCBRecord extends SVCBBase {
+  SVCBRecord() {}
+
+  public SVCBRecord(
+      Name name, int dclass, long ttl, int priority, Name domain, List<ParameterBase> params) {
+    super(name, Type.SVCB, dclass, ttl, priority, domain, params);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/Section.java b/src/main/java/org/xbill/DNS/Section.java
index f4939c1fa..75483a06f 100644
--- a/src/main/java/org/xbill/DNS/Section.java
+++ b/src/main/java/org/xbill/DNS/Section.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -31,9 +32,9 @@ public final class Section {
   /** The update (third) section of a dynamic update message */
   public static final int UPDATE = 2;
 
-  private static Mnemonic sections = new Mnemonic("Message Section", Mnemonic.CASE_LOWER);
-  private static String[] longSections = new String[4];
-  private static String[] updateSections = new String[4];
+  private static final Mnemonic sections = new Mnemonic("Message Section", Mnemonic.CASE_LOWER);
+  private static final String[] longSections = new String[4];
+  private static final String[] updateSections = new String[4];
 
   static {
     sections.setMaximum(3);
@@ -78,4 +79,13 @@ public static String updString(int i) {
   public static int value(String s) {
     return sections.getValue(s);
   }
+
+  /**
+   * Checks that a numeric section value is valid.
+   *
+   * @since 3.6
+   */
+  public static void check(int section) {
+    sections.check(section);
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/Serial.java b/src/main/java/org/xbill/DNS/Serial.java
index 633297d12..e7cc0dafe 100644
--- a/src/main/java/org/xbill/DNS/Serial.java
+++ b/src/main/java/org/xbill/DNS/Serial.java
@@ -1,15 +1,21 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2003-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 /**
  * Helper functions for doing serial arithmetic. These should be used when setting/checking SOA
- * serial numbers. SOA serial number arithmetic is defined in RFC 1982.
+ * serial numbers. SOA serial number arithmetic is defined in RFC 1982 and also referenced in RFC
+ * 2136.
  *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1982">RFC 1982: Serial Number
+ *     Arithmetic</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2136">RFC 2136: DDynamic Updates in the
+ *     Domain Name System (DNS UPDATE)</a>
  * @author Brian Wellington
  */
 public final class Serial {
-
+  private static final String ERROR_MESSAGE_SUFFIX = " out of range";
   private static final long MAX32 = 0xFFFFFFFFL;
 
   private Serial() {}
@@ -26,23 +32,22 @@ private Serial() {}
    */
   public static int compare(long serial1, long serial2) {
     if (serial1 < 0 || serial1 > MAX32) {
-      throw new IllegalArgumentException(serial1 + " out of range");
+      throw new IllegalArgumentException(serial1 + ERROR_MESSAGE_SUFFIX);
     }
     if (serial2 < 0 || serial2 > MAX32) {
-      throw new IllegalArgumentException(serial2 + " out of range");
+      throw new IllegalArgumentException(serial2 + ERROR_MESSAGE_SUFFIX);
     }
     long diff = serial1 - serial2;
     if (diff >= MAX32) {
-      diff -= (MAX32 + 1);
-    } else if (diff < -MAX32) {
-      diff += (MAX32 + 1);
+      diff -= MAX32 + 1;
     }
     return (int) diff;
   }
 
   /**
    * Increments a serial number. The number is assumed to be a 32 bit unsigned integer stored in a
-   * long. This basically adds 1 and resets the value to 0 if it is 2^32.
+   * long. This basically adds 1 and resets the value to 1 if it is 2^32. A zero value is explicitly
+   * forbidden as per * RFC 2136 section 4.2 and 7.11.
    *
    * @param serial The serial number
    * @return The incremented serial number
@@ -50,10 +55,10 @@ public static int compare(long serial1, long serial2) {
    */
   public static long increment(long serial) {
     if (serial < 0 || serial > MAX32) {
-      throw new IllegalArgumentException(serial + " out of range");
+      throw new IllegalArgumentException(serial + ERROR_MESSAGE_SUFFIX);
     }
     if (serial == MAX32) {
-      return 0;
+      return 1;
     }
     return serial + 1;
   }
diff --git a/src/main/java/org/xbill/DNS/SetResponse.java b/src/main/java/org/xbill/DNS/SetResponse.java
index 202043363..589bd2263 100644
--- a/src/main/java/org/xbill/DNS/SetResponse.java
+++ b/src/main/java/org/xbill/DNS/SetResponse.java
@@ -1,9 +1,20 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
+import static org.xbill.DNS.SetResponseType.CNAME;
+import static org.xbill.DNS.SetResponseType.DELEGATION;
+import static org.xbill.DNS.SetResponseType.DNAME;
+import static org.xbill.DNS.SetResponseType.NXDOMAIN;
+import static org.xbill.DNS.SetResponseType.NXRRSET;
+import static org.xbill.DNS.SetResponseType.SUCCESSFUL;
+import static org.xbill.DNS.SetResponseType.UNKNOWN;
+
 import java.util.ArrayList;
 import java.util.List;
+import lombok.AccessLevel;
+import lombok.Getter;
 
 /**
  * The Response from a query to {@link Cache#lookupRecords(Name, int, int)} or {@link
@@ -14,133 +25,114 @@
  * @author Brian Wellington
  */
 public class SetResponse {
+  private static final SetResponse SR_UNKNOWN = new SetResponse(UNKNOWN, null, false);
+  private static final SetResponse SR_UNKNOWN_AUTH = new SetResponse(UNKNOWN, null, true);
+  private static final SetResponse SR_NXDOMAIN = new SetResponse(NXDOMAIN, null, false);
+  private static final SetResponse SR_NXDOMAIN_AUTH = new SetResponse(NXDOMAIN, null, true);
+  private static final SetResponse SR_NXRRSET = new SetResponse(NXRRSET, null, false);
+  private static final SetResponse SR_NXRRSET_AUTH = new SetResponse(NXRRSET, null, true);
 
-  /** The Cache contains no information about the requested name/type */
-  static final int UNKNOWN = 0;
-
-  /**
-   * The Zone does not contain the requested name, or the Cache has determined that the name does
-   * not exist.
-   */
-  static final int NXDOMAIN = 1;
-
-  /**
-   * The Zone contains the name, but no data of the requested type, or the Cache has determined that
-   * the name exists and has no data of the requested type.
-   */
-  static final int NXRRSET = 2;
-
-  /** A delegation enclosing the requested name was found. */
-  static final int DELEGATION = 3;
-
-  /**
-   * The Cache/Zone found a CNAME when looking for the name.
-   *
-   * @see CNAMERecord
-   */
-  static final int CNAME = 4;
-
-  /**
-   * The Cache/Zone found a DNAME when looking for the name.
-   *
-   * @see DNAMERecord
-   */
-  static final int DNAME = 5;
-
-  /** The Cache/Zone has successfully answered the question for the requested name/type/class. */
-  static final int SUCCESSFUL = 6;
-
-  private static final SetResponse unknown = new SetResponse(UNKNOWN);
-  private static final SetResponse nxdomain = new SetResponse(NXDOMAIN);
-  private static final SetResponse nxrrset = new SetResponse(NXRRSET);
-
-  private int type;
-  private List<RRset<?>> data;
-
-  private SetResponse() {}
-
-  SetResponse(int type, RRset<?> rrset) {
-    if (type < 0 || type > 6) {
-      throw new IllegalArgumentException("invalid type");
-    }
+  private final SetResponseType type;
+
+  @Getter(AccessLevel.PACKAGE)
+  private boolean isAuthenticated;
+
+  private List<RRset> data;
+
+  private SetResponse(SetResponseType type, RRset rrset, boolean isAuthenticated) {
     this.type = type;
-    this.data = new ArrayList<>();
-    this.data.add(rrset);
+    this.isAuthenticated = isAuthenticated;
+    if (rrset != null) {
+      addRRset(rrset);
+    }
   }
 
-  SetResponse(int type) {
-    if (type < 0 || type > 6) {
-      throw new IllegalArgumentException("invalid type");
-    }
-    this.type = type;
-    this.data = null;
+  static SetResponse ofType(SetResponseType type) {
+    return ofType(type, null, false);
+  }
+
+  static SetResponse ofType(SetResponseType type, RRset rrset) {
+    return ofType(type, rrset, false);
   }
 
-  static SetResponse ofType(int type) {
+  static SetResponse ofType(SetResponseType type, Cache.CacheRRset rrset) {
+    return ofType(type, rrset, rrset.isAuthenticated());
+  }
+
+  static SetResponse ofType(SetResponseType type, RRset rrset, boolean isAuthenticated) {
     switch (type) {
       case UNKNOWN:
-        return unknown;
+        return isAuthenticated ? SR_UNKNOWN_AUTH : SR_UNKNOWN;
       case NXDOMAIN:
-        return nxdomain;
+        return isAuthenticated ? SR_NXDOMAIN_AUTH : SR_NXDOMAIN;
       case NXRRSET:
-        return nxrrset;
+        return isAuthenticated ? SR_NXRRSET_AUTH : SR_NXRRSET;
       case DELEGATION:
       case CNAME:
       case DNAME:
       case SUCCESSFUL:
-        SetResponse sr = new SetResponse();
-        sr.type = type;
-        sr.data = null;
-        return sr;
+        return new SetResponse(type, rrset, isAuthenticated);
       default:
         throw new IllegalArgumentException("invalid type");
     }
   }
 
-  void addRRset(RRset<?> rrset) {
+  void addRRset(RRset rrset) {
+    if (type.isSealed()) {
+      throw new IllegalStateException("Attempted to add RRset to sealed response of type " + type);
+    }
+
     if (data == null) {
       data = new ArrayList<>();
+      if (rrset instanceof Cache.CacheRRset) {
+        isAuthenticated = ((Cache.CacheRRset) rrset).isAuthenticated();
+      }
+    } else {
+      if (rrset instanceof Cache.CacheRRset && isAuthenticated) {
+        isAuthenticated = ((Cache.CacheRRset) rrset).isAuthenticated();
+      }
     }
+
     data.add(rrset);
   }
 
   /** Is the answer to the query unknown? */
   public boolean isUnknown() {
-    return (type == UNKNOWN);
+    return type == UNKNOWN;
   }
 
   /** Is the answer to the query that the name does not exist? */
   public boolean isNXDOMAIN() {
-    return (type == NXDOMAIN);
+    return type == NXDOMAIN;
   }
 
   /** Is the answer to the query that the name exists, but the type does not? */
   public boolean isNXRRSET() {
-    return (type == NXRRSET);
+    return type == NXRRSET;
   }
 
   /** Is the result of the lookup that the name is below a delegation? */
   public boolean isDelegation() {
-    return (type == DELEGATION);
+    return type == DELEGATION;
   }
 
   /** Is the result of the lookup a CNAME? */
   public boolean isCNAME() {
-    return (type == CNAME);
+    return type == CNAME;
   }
 
   /** Is the result of the lookup a DNAME? */
   public boolean isDNAME() {
-    return (type == DNAME);
+    return type == DNAME;
   }
 
   /** Was the query successful? */
   public boolean isSuccessful() {
-    return (type == SUCCESSFUL);
+    return type == SUCCESSFUL;
   }
 
   /** If the query was successful, return the answers */
-  public List<RRset<?>> answers() {
+  public List<RRset> answers() {
     if (type != SUCCESSFUL) {
       return null;
     }
@@ -149,40 +141,22 @@ public List<RRset<?>> answers() {
 
   /** If the query encountered a CNAME, return it. */
   public CNAMERecord getCNAME() {
-    return (CNAMERecord) (data.get(0)).first();
+    return (CNAMERecord) data.get(0).first();
   }
 
   /** If the query encountered a DNAME, return it. */
   public DNAMERecord getDNAME() {
-    return (DNAMERecord) (data.get(0)).first();
+    return (DNAMERecord) data.get(0).first();
   }
 
   /** If the query hit a delegation point, return the NS set. */
-  @SuppressWarnings("unchecked")
-  public RRset<NSRecord> getNS() {
-    return (data != null) ? (RRset<NSRecord>) data.get(0) : null;
+  public RRset getNS() {
+    return data != null ? data.get(0) : null;
   }
 
   /** Prints the value of the SetResponse */
   @Override
   public String toString() {
-    switch (type) {
-      case UNKNOWN:
-        return "unknown";
-      case NXDOMAIN:
-        return "NXDOMAIN";
-      case NXRRSET:
-        return "NXRRSET";
-      case DELEGATION:
-        return "delegation: " + data.get(0);
-      case CNAME:
-        return "CNAME: " + data.get(0);
-      case DNAME:
-        return "DNAME: " + data.get(0);
-      case SUCCESSFUL:
-        return "successful";
-      default:
-        throw new IllegalStateException();
-    }
+    return type + (type.isPrintRecords() ? ": " + data.get(0) : "");
   }
 }
diff --git a/src/main/java/org/xbill/DNS/SetResponseType.java b/src/main/java/org/xbill/DNS/SetResponseType.java
new file mode 100644
index 000000000..13c84a566
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/SetResponseType.java
@@ -0,0 +1,52 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+@Getter
+@RequiredArgsConstructor
+enum SetResponseType {
+  /** The Cache contains no information about the requested name/type */
+  UNKNOWN(false, true),
+
+  /**
+   * The Zone does not contain the requested name, or the Cache has determined that the name does
+   * not exist.
+   */
+  NXDOMAIN(false, true),
+
+  /**
+   * The Zone contains the name, but no data of the requested type, or the Cache has determined that
+   * the name exists and has no data of the requested type.
+   */
+  NXRRSET(false, true),
+
+  /** A delegation enclosing the requested name was found. */
+  DELEGATION(true, false),
+
+  /**
+   * The {@link Cache} or {@link Zone} found a CNAME when looking for the name.
+   *
+   * @see CNAMERecord
+   */
+  CNAME(true, false),
+
+  /**
+   * The {@link Cache} or {@link Zone} found a DNAME when looking for the name.
+   *
+   * @see DNAMERecord
+   */
+  DNAME(true, false),
+
+  /**
+   * The {@link Cache} or {@link Zone} has successfully answered the question for the requested
+   * name/type/class.
+   */
+  SUCCESSFUL(false, false);
+
+  private final boolean printRecords;
+
+  /** If true, no RRsets can be added. Intended for static NX* instances. */
+  private final boolean isSealed;
+}
diff --git a/src/main/java/org/xbill/DNS/SimpleResolver.java b/src/main/java/org/xbill/DNS/SimpleResolver.java
index 67e90072c..4f5fd72a6 100644
--- a/src/main/java/org/xbill/DNS/SimpleResolver.java
+++ b/src/main/java/org/xbill/DNS/SimpleResolver.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -6,8 +7,18 @@
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
+import java.time.Duration;
 import java.util.List;
+import java.util.Objects;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ForkJoinPool;
+import lombok.Getter;
+import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.io.DefaultIoClientFactory;
+import org.xbill.DNS.io.IoClientFactory;
 
 /**
  * An implementation of Resolver that sends one query to one server. SimpleResolver handles TCP
@@ -29,15 +40,34 @@ public class SimpleResolver implements Resolver {
 
   private InetSocketAddress address;
   private InetSocketAddress localAddress;
-  private boolean useTCP, ignoreTruncation;
-  private OPTRecord queryOPT;
+  private boolean useTCP;
+  private boolean ignoreTruncation;
+  private OPTRecord queryOPT = new OPTRecord(DEFAULT_EDNS_PAYLOADSIZE, 0, 0, 0);
   private TSIG tsig;
-  private long timeoutValue = 10 * 1000;
+  private Duration timeoutValue = Duration.ofSeconds(10);
 
   private static final short DEFAULT_UDPSIZE = 512;
 
-  private static String defaultResolver = "localhost";
-  private static int uniqueID = 0;
+  /**
+   * Gets or sets the factory that creates clients for sending messages to the wire.
+   *
+   * @since 3.6
+   */
+  @Getter @Setter private IoClientFactory ioClientFactory = new DefaultIoClientFactory();
+
+  private static InetSocketAddress defaultResolver =
+      new InetSocketAddress(InetAddress.getLoopbackAddress(), DEFAULT_PORT);
+
+  /**
+   * Creates a SimpleResolver. The host to query is either found by using ResolverConfig, or the
+   * default host is used.
+   *
+   * @see ResolverConfig
+   * @exception UnknownHostException Failure occurred while finding the host
+   */
+  public SimpleResolver() throws UnknownHostException {
+    this((String) null);
+  }
 
   /**
    * Creates a SimpleResolver that will query the specified host
@@ -46,29 +76,33 @@ public class SimpleResolver implements Resolver {
    */
   public SimpleResolver(String hostname) throws UnknownHostException {
     if (hostname == null) {
-      hostname = ResolverConfig.getCurrentConfig().server();
-      if (hostname == null) {
-        hostname = defaultResolver;
+      address = ResolverConfig.getCurrentConfig().server();
+      if (address == null) {
+        address = defaultResolver;
       }
+
+      return;
     }
+
     InetAddress addr;
-    if (hostname.equals("0")) {
-      addr = InetAddress.getLocalHost();
+    if ("0".equals(hostname)) {
+      addr = InetAddress.getLoopbackAddress();
     } else {
       addr = InetAddress.getByName(hostname);
     }
+
     address = new InetSocketAddress(addr, DEFAULT_PORT);
   }
 
-  /**
-   * Creates a SimpleResolver. The host to query is either found by using ResolverConfig, or the
-   * default host is used.
-   *
-   * @see ResolverConfig
-   * @exception UnknownHostException Failure occurred while finding the host
-   */
-  public SimpleResolver() throws UnknownHostException {
-    this(null);
+  /** Creates a SimpleResolver that will query the specified host */
+  public SimpleResolver(InetSocketAddress host) {
+    address = Objects.requireNonNull(host, "host must not be null");
+  }
+
+  /** Creates a SimpleResolver that will query the specified host */
+  public SimpleResolver(InetAddress host) {
+    Objects.requireNonNull(host, "host must not be null");
+    address = new InetSocketAddress(host, DEFAULT_PORT);
   }
 
   /**
@@ -82,10 +116,24 @@ public InetSocketAddress getAddress() {
   }
 
   /** Sets the default host (initially localhost) to query */
-  public static void setDefaultResolver(String hostname) {
+  public static void setDefaultResolver(InetSocketAddress hostname) {
     defaultResolver = hostname;
   }
 
+  /** Sets the default host (initially localhost) to query */
+  public static void setDefaultResolver(String hostname) {
+    defaultResolver = new InetSocketAddress(hostname, DEFAULT_PORT);
+  }
+
+  /**
+   * Gets the port to communicate with on the server
+   *
+   * @since 3.2
+   */
+  public int getPort() {
+    return address.getPort();
+  }
+
   @Override
   public void setPort(int port) {
     address = new InetSocketAddress(address.getAddress(), port);
@@ -127,72 +175,117 @@ public void setLocalAddress(InetAddress addr) {
     localAddress = new InetSocketAddress(addr, 0);
   }
 
+  /**
+   * Gets whether TCP connections will be used by default
+   *
+   * @since 3.2
+   */
+  public boolean getTCP() {
+    return useTCP;
+  }
+
   @Override
   public void setTCP(boolean flag) {
     this.useTCP = flag;
   }
 
+  /**
+   * Gets whether truncated responses will be ignored.
+   *
+   * @since 3.2
+   */
+  public boolean getIgnoreTruncation() {
+    return ignoreTruncation;
+  }
+
   @Override
   public void setIgnoreTruncation(boolean flag) {
     this.ignoreTruncation = flag;
   }
 
-  @Override
-  public void setEDNS(int level, int payloadSize, int flags, List<EDNSOption> options) {
-    if (level != 0 && level != -1) {
-      throw new IllegalArgumentException("invalid EDNS level - " + "must be 0 or -1");
-    }
-    if (payloadSize == 0) {
-      payloadSize = DEFAULT_EDNS_PAYLOADSIZE;
-    }
-    queryOPT = new OPTRecord(payloadSize, 0, level, flags, options);
+  /**
+   * Gets the EDNS information on outgoing messages.
+   *
+   * @return The current {@link OPTRecord} for EDNS or {@code null} if EDNS is disabled.
+   * @since 3.2
+   */
+  public OPTRecord getEDNS() {
+    return queryOPT;
   }
 
-  @Override
-  public void setEDNS(int level) {
-    setEDNS(level, 0, 0, null);
+  /**
+   * Sets the EDNS information on outgoing messages.
+   *
+   * @param optRecord the {@link OPTRecord} for EDNS options or null to disable EDNS.
+   * @see #setEDNS(int, int, int, List)
+   * @since 3.2
+   */
+  public void setEDNS(OPTRecord optRecord) {
+    queryOPT = optRecord;
   }
 
   @Override
-  public void setTSIGKey(TSIG key) {
-    tsig = key;
+  public void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options) {
+    switch (version) {
+      case -1:
+        queryOPT = null;
+        break;
+
+      case 0:
+        if (payloadSize == 0) {
+          payloadSize = DEFAULT_EDNS_PAYLOADSIZE;
+        }
+        queryOPT = new OPTRecord(payloadSize, 0, version, flags, options);
+        break;
+
+      default:
+        throw new IllegalArgumentException("invalid EDNS version - must be 0 or -1 to disable");
+    }
   }
 
-  TSIG getTSIGKey() {
+  /**
+   * Get the TSIG key that messages will be signed with.
+   *
+   * @return the TSIG signature for outgoing messages or {@code null} if not specified.
+   * @since 3.2
+   */
+  public TSIG getTSIGKey() {
     return tsig;
   }
 
   @Override
-  public void setTimeout(int secs, int msecs) {
-    timeoutValue = (long) secs * 1000 + msecs;
+  public void setTSIGKey(TSIG key) {
+    tsig = key;
   }
 
   @Override
-  public void setTimeout(int secs) {
-    setTimeout(secs, 0);
+  public void setTimeout(Duration timeout) {
+    timeoutValue = timeout;
   }
 
-  long getTimeout() {
+  @Override
+  public Duration getTimeout() {
     return timeoutValue;
   }
 
   private Message parseMessage(byte[] b) throws WireParseException {
     try {
-      return (new Message(b));
+      return new Message(b);
     } catch (IOException e) {
       if (!(e instanceof WireParseException)) {
-        e = new WireParseException("Error parsing message");
+        throw new WireParseException("Error parsing message", e);
       }
       throw (WireParseException) e;
     }
   }
 
-  private void verifyTSIG(Message query, Message response, byte[] b, TSIG tsig) {
+  private void verifyTSIG(Message query, Message response, byte[] b) {
     if (tsig == null) {
       return;
     }
-    int error = tsig.verify(response, b, query.getTSIG());
-    log.debug("TSIG verify: {}", Rcode.TSIGstring(error));
+    int error = tsig.verify(response, b, query.getGeneratedTSIG());
+    log.debug(
+        "TSIG verify on message id {}: {}", query.getHeader().getID(), Rcode.TSIGstring(error));
   }
 
   private void applyEDNS(Message query) {
@@ -212,127 +305,220 @@ private int maxUDPSize(Message query) {
   }
 
   /**
-   * Sends a message to a single server and waits for a response. No checking is done to ensure that
-   * the response is associated with the query.
+   * Asynchronously sends a message to a single server.
    *
-   * @param query The query to send.
-   * @return The response.
-   * @throws IOException An error occurred while sending or receiving.
+   * @param query The query to send
+   * @return A future that completes when the response has arrived.
    */
   @Override
-  public Message send(Message query) throws IOException {
-    log.debug("Sending to {}:{}", address.getAddress().getHostAddress(), address.getPort());
+  public CompletionStage<Message> sendAsync(Message query) {
+    return sendAsync(query, ForkJoinPool.commonPool());
+  }
 
+  /**
+   * Asynchronously sends a message to a single server.
+   *
+   * @param query The query to send
+   * @param executor The service to use for async operations.
+   * @return A future that completes when the response has arrived.
+   */
+  @Override
+  public CompletionStage<Message> sendAsync(Message query, Executor executor) {
     if (query.getHeader().getOpcode() == Opcode.QUERY) {
       Record question = query.getQuestion();
       if (question != null && question.getType() == Type.AXFR) {
-        return sendAXFR(query);
+        CompletableFuture<Message> f = new CompletableFuture<>();
+        CompletableFuture.runAsync(
+            () -> {
+              try {
+                f.complete(sendAXFR(query));
+              } catch (IOException e) {
+                f.completeExceptionally(e);
+              }
+            },
+            executor);
+
+        return f;
       }
     }
 
-    query = (Message) query.clone();
-    applyEDNS(query);
+    Message ednsTsigQuery = query.clone();
+    applyEDNS(ednsTsigQuery);
     if (tsig != null) {
-      tsig.apply(query, null);
+      ednsTsigQuery.setTSIG(tsig, Rcode.NOERROR, null);
     }
 
-    byte[] out = query.toWire(Message.MAXLENGTH);
-    int udpSize = maxUDPSize(query);
-    boolean tcp = false;
-    long endTime = System.currentTimeMillis() + timeoutValue;
-    do {
-      byte[] in;
-
-      if (useTCP || out.length > udpSize) {
-        tcp = true;
-      }
-      if (tcp) {
-        in = TCPClient.sendrecv(localAddress, address, out, endTime);
-      } else {
-        in = UDPClient.sendrecv(localAddress, address, out, udpSize, endTime);
-      }
-
-      /*
-       * Check that the response is long enough.
-       */
-      if (in.length < Header.LENGTH) {
-        throw new WireParseException("invalid DNS header - " + "too short");
-      }
-      /*
-       * Check that the response ID matches the query ID.  We want
-       * to check this before actually parsing the message, so that
-       * if there's a malformed response that's not ours, it
-       * doesn't confuse us.
-       */
-      int id = ((in[0] & 0xFF) << 8) + (in[1] & 0xFF);
-      int qid = query.getHeader().getID();
-      if (id != qid) {
-        String error = "invalid message id: expected " + qid + "; got id " + id;
-        if (tcp) {
-          throw new WireParseException(error);
-        } else {
-          log.debug(error);
-          continue;
-        }
-      }
-      Message response = parseMessage(in);
-      verifyTSIG(query, response, in, tsig);
-      if (!tcp && !ignoreTruncation && response.getHeader().getFlag(Flags.TC)) {
-        tcp = true;
-        continue;
-      }
-      return response;
-    } while (true);
+    return sendAsync(ednsTsigQuery, useTCP, executor);
   }
 
-  /**
-   * Asynchronously sends a message to a single server, registering a listener to receive a callback
-   * on success or exception. Multiple asynchronous lookups can be performed in parallel. Since the
-   * callback may be invoked before the function returns, external synchronization is necessary.
-   *
-   * @param query The query to send
-   * @param listener The object containing the callbacks.
-   * @return An identifier, which is also a parameter in the callback
-   */
-  @Override
-  public Integer sendAsync(final Message query, final ResolverListener listener) {
-    final Integer id;
-    synchronized (this) {
-      id = uniqueID++;
+  CompletableFuture<Message> sendAsync(Message query, boolean forceTcp, Executor executor) {
+    int qid = query.getHeader().getID();
+    boolean truncate = query.getHeader().getOpcode() != Opcode.UPDATE;
+    byte[] out;
+    try {
+      out = query.toWire(Message.MAXLENGTH, truncate);
+    } catch (MessageSizeExceededException e) {
+      CompletableFuture<Message> f = new CompletableFuture<>();
+      f.completeExceptionally(e);
+      return f;
+    }
+
+    int udpSize = maxUDPSize(query);
+    boolean tcp = forceTcp || out.length > udpSize;
+    if (log.isTraceEnabled()) {
+      log.trace(
+          "Sending {}/{}, id={} to {}/{}:{}, query:\n{}",
+          query.getQuestion().getName(),
+          Type.string(query.getQuestion().getType()),
+          qid,
+          tcp ? "tcp" : "udp",
+          address.getAddress().getHostAddress(),
+          address.getPort(),
+          query);
+    } else if (log.isDebugEnabled()) {
+      log.debug(
+          "Sending {}/{}, id={} to {}/{}:{}",
+          query.getQuestion().getName(),
+          Type.string(query.getQuestion().getType()),
+          qid,
+          tcp ? "tcp" : "udp",
+          address.getAddress().getHostAddress(),
+          address.getPort());
     }
-    Record question = query.getQuestion();
-    String qname;
-    if (question != null) {
-      qname = question.getName().toString();
+
+    CompletableFuture<byte[]> result;
+    if (tcp) {
+      result =
+          ioClientFactory
+              .createOrGetTcpClient()
+              .sendAndReceiveTcp(localAddress, address, query, out, timeoutValue);
     } else {
-      qname = "(none)";
+      result =
+          ioClientFactory
+              .createOrGetUdpClient()
+              .sendAndReceiveUdp(localAddress, address, query, out, udpSize, timeoutValue);
     }
-    String name = this.getClass() + ": " + qname;
-    Thread thread = new ResolveThread(this, query, id, listener);
-    thread.setName(name);
-    thread.setDaemon(true);
-    thread.start();
-    return id;
+
+    return result.thenComposeAsync(
+        in -> {
+          CompletableFuture<Message> f = new CompletableFuture<>();
+
+          // Check that the response is long enough.
+          if (in.length < Header.LENGTH) {
+            f.completeExceptionally(new WireParseException("invalid DNS header - too short"));
+            return f;
+          }
+
+          // Check that the response ID matches the query ID. We want
+          // to check this before actually parsing the message, so that
+          // if there's a malformed response that's not ours, it
+          // doesn't confuse us.
+          int id = ((in[0] & 0xFF) << 8) + (in[1] & 0xFF);
+          if (id != qid) {
+            f.completeExceptionally(
+                new WireParseException("invalid message id: expected " + qid + "; got id " + id));
+            return f;
+          }
+
+          Message response;
+          try {
+            response = parseMessage(in);
+          } catch (WireParseException e) {
+            f.completeExceptionally(e);
+            return f;
+          }
+
+          // rfc2136#section-3.8:
+          //  A response message is generated by copying the ID and Opcode fields from the request,
+          // [...] and not including any part of the original update
+          if (query.getHeader().getOpcode() == Opcode.UPDATE) {
+            if (response.getHeader().getOpcode() != Opcode.UPDATE) {
+              f.completeExceptionally(
+                  new WireParseException("invalid message: opcode response is not UPDATE"));
+              return f;
+            }
+          } else {
+            if (response.getQuestion() == null) {
+              f.completeExceptionally(
+                  new WireParseException("invalid message: question section missing"));
+              return f;
+            }
+
+            // validate name, class and type (rfc5452#section-9.1)
+            if (!query.getQuestion().getName().equals(response.getQuestion().getName())) {
+              f.completeExceptionally(
+                  new WireParseException(
+                      "invalid name in message: expected "
+                          + query.getQuestion().getName()
+                          + "; got "
+                          + response.getQuestion().getName()));
+              return f;
+            }
+
+            if (query.getQuestion().getDClass() != response.getQuestion().getDClass()) {
+              f.completeExceptionally(
+                  new WireParseException(
+                      "invalid class in message: expected "
+                          + DClass.string(query.getQuestion().getDClass())
+                          + "; got "
+                          + DClass.string(response.getQuestion().getDClass())));
+              return f;
+            }
+
+            if (query.getQuestion().getType() != response.getQuestion().getType()) {
+              f.completeExceptionally(
+                  new WireParseException(
+                      "invalid type in message: expected "
+                          + Type.string(query.getQuestion().getType())
+                          + "; got "
+                          + Type.string(response.getQuestion().getType())));
+              return f;
+            }
+          }
+
+          verifyTSIG(query, response, in);
+          if (!tcp && !ignoreTruncation && response.getHeader().getFlag(Flags.TC)) {
+            if (log.isTraceEnabled()) {
+              log.trace(
+                  "Got truncated response for id {}, retrying via TCP, response:\n{}",
+                  qid,
+                  response);
+            } else {
+              log.debug("Got truncated response for id {}, retrying via TCP", qid);
+            }
+            return sendAsync(query, true, executor);
+          }
+
+          response.setResolver(this);
+          f.complete(response);
+          return f;
+        },
+        executor);
   }
 
   private Message sendAXFR(Message query) throws IOException {
     Name qname = query.getQuestion().getName();
     ZoneTransferIn xfrin = ZoneTransferIn.newAXFR(qname, address, tsig);
-    xfrin.setTimeout((int) (getTimeout() / 1000));
+    xfrin.setTimeout(timeoutValue);
     xfrin.setLocalAddress(localAddress);
     try {
       xfrin.run();
     } catch (ZoneTransferException e) {
       throw new WireParseException(e.getMessage());
     }
-    List records = xfrin.getAXFR();
+    List<Record> records = xfrin.getAXFR();
     Message response = new Message(query.getHeader().getID());
     response.getHeader().setFlag(Flags.AA);
     response.getHeader().setFlag(Flags.QR);
     response.addRecord(query.getQuestion(), Section.QUESTION);
-    for (Object record : records) {
-      response.addRecord((Record) record, Section.ANSWER);
+    for (Record r : records) {
+      response.addRecord(r, Section.ANSWER);
     }
     return response;
   }
+
+  @Override
+  public String toString() {
+    return "SimpleResolver [" + address + "]";
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/SingleCompressedNameBase.java b/src/main/java/org/xbill/DNS/SingleCompressedNameBase.java
index 59a0615bf..92c81fdcf 100644
--- a/src/main/java/org/xbill/DNS/SingleCompressedNameBase.java
+++ b/src/main/java/org/xbill/DNS/SingleCompressedNameBase.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,9 +10,6 @@
  * @author Brian Wellington
  */
 abstract class SingleCompressedNameBase extends SingleNameBase {
-
-  private static final long serialVersionUID = -236435396815460677L;
-
   protected SingleCompressedNameBase() {}
 
   protected SingleCompressedNameBase(
@@ -20,7 +18,7 @@ protected SingleCompressedNameBase(
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     singleName.toWire(out, c, canonical);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/SingleNameBase.java b/src/main/java/org/xbill/DNS/SingleNameBase.java
index 8a8b8ccac..431a69896 100644
--- a/src/main/java/org/xbill/DNS/SingleNameBase.java
+++ b/src/main/java/org/xbill/DNS/SingleNameBase.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -10,9 +11,6 @@
  * @author Brian Wellington
  */
 abstract class SingleNameBase extends Record {
-
-  private static final long serialVersionUID = -18595042501413L;
-
   protected Name singleName;
 
   protected SingleNameBase() {}
@@ -28,17 +26,17 @@ protected SingleNameBase(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     singleName = new Name(in);
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     singleName = st.getName(origin);
   }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     return singleName.toString();
   }
 
@@ -47,7 +45,7 @@ protected Name getSingleName() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     singleName.toWire(out, null, canonical);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/TCPClient.java b/src/main/java/org/xbill/DNS/TCPClient.java
index 94f5145c9..ccc893696 100644
--- a/src/main/java/org/xbill/DNS/TCPClient.java
+++ b/src/main/java/org/xbill/DNS/TCPClient.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2005 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -8,12 +9,36 @@
 import java.net.SocketTimeoutException;
 import java.nio.ByteBuffer;
 import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
 import java.nio.channels.SocketChannel;
+import java.time.Duration;
+import java.time.temporal.ChronoUnit;
 
-final class TCPClient extends Client {
+@SuppressWarnings("resource")
+class TCPClient implements AutoCloseable {
+  private final long startTime;
+  private final Duration timeout;
+  private final SelectionKey key;
 
-  public TCPClient(long endTime) throws IOException {
-    super(SocketChannel.open(), endTime);
+  TCPClient(Duration timeout) throws IOException {
+    this.timeout = timeout;
+    startTime = System.nanoTime();
+    boolean done = false;
+    Selector selector = null;
+    SocketChannel channel = SocketChannel.open();
+    try {
+      selector = Selector.open();
+      channel.configureBlocking(false);
+      key = channel.register(selector, SelectionKey.OP_READ);
+      done = true;
+    } finally {
+      if (!done && selector != null) {
+        selector.close();
+      }
+      if (!done) {
+        channel.close();
+      }
+    }
   }
 
   void bind(SocketAddress addr) throws IOException {
@@ -30,7 +55,7 @@ void connect(SocketAddress addr) throws IOException {
     try {
       while (!channel.finishConnect()) {
         if (!key.isConnectable()) {
-          blockUntil(key, endTime);
+          blockUntil(key);
         }
       }
     } finally {
@@ -42,7 +67,7 @@ void connect(SocketAddress addr) throws IOException {
 
   void send(byte[] data) throws IOException {
     SocketChannel channel = (SocketChannel) key.channel();
-    verboseLog(
+    NioClient.verboseLog(
         "TCP write",
         channel.socket().getLocalSocketAddress(),
         channel.socket().getRemoteSocketAddress(),
@@ -63,11 +88,11 @@ void send(byte[] data) throws IOException {
             throw new EOFException();
           }
           nsent += (int) n;
-          if (nsent < data.length + 2 && System.currentTimeMillis() > endTime) {
+          if (nsent < data.length + 2 && System.nanoTime() - startTime >= timeout.toNanos()) {
             throw new SocketTimeoutException();
           }
         } else {
-          blockUntil(key, endTime);
+          blockUntil(key);
         }
       }
     } finally {
@@ -77,7 +102,7 @@ void send(byte[] data) throws IOException {
     }
   }
 
-  private byte[] _recv(int length) throws IOException {
+  private byte[] recv(int length) throws IOException {
     SocketChannel channel = (SocketChannel) key.channel();
     int nrecvd = 0;
     byte[] data = new byte[length];
@@ -91,11 +116,11 @@ private byte[] _recv(int length) throws IOException {
             throw new EOFException();
           }
           nrecvd += (int) n;
-          if (nrecvd < length && System.currentTimeMillis() > endTime) {
+          if (nrecvd < length && System.nanoTime() - startTime >= timeout.toNanos()) {
             throw new SocketTimeoutException();
           }
         } else {
-          blockUntil(key, endTime);
+          blockUntil(key);
         }
       }
     } finally {
@@ -106,35 +131,36 @@ private byte[] _recv(int length) throws IOException {
     return data;
   }
 
+  private void blockUntil(SelectionKey key) throws IOException {
+    long remainingTimeout =
+        timeout.minus(System.nanoTime() - startTime, ChronoUnit.NANOS).toMillis();
+    int nkeys = 0;
+    if (remainingTimeout > 0) {
+      nkeys = key.selector().select(remainingTimeout);
+    } else if (remainingTimeout == 0) {
+      nkeys = key.selector().selectNow();
+    }
+    if (nkeys == 0) {
+      throw new SocketTimeoutException();
+    }
+  }
+
+  @Override
+  public void close() throws IOException {
+    key.selector().close();
+    key.channel().close();
+  }
+
   byte[] recv() throws IOException {
-    byte[] buf = _recv(2);
+    byte[] buf = recv(2);
     int length = ((buf[0] & 0xFF) << 8) + (buf[1] & 0xFF);
-    byte[] data = _recv(length);
+    byte[] data = recv(length);
     SocketChannel channel = (SocketChannel) key.channel();
-    verboseLog(
+    NioClient.verboseLog(
         "TCP read",
         channel.socket().getLocalSocketAddress(),
         channel.socket().getRemoteSocketAddress(),
         data);
     return data;
   }
-
-  static byte[] sendrecv(SocketAddress local, SocketAddress remote, byte[] data, long endTime)
-      throws IOException {
-    TCPClient client = new TCPClient(endTime);
-    try {
-      if (local != null) {
-        client.bind(local);
-      }
-      client.connect(remote);
-      client.send(data);
-      return client.recv();
-    } finally {
-      client.cleanup();
-    }
-  }
-
-  static byte[] sendrecv(SocketAddress addr, byte[] data, long endTime) throws IOException {
-    return sendrecv(null, addr, data, endTime);
-  }
 }
diff --git a/src/main/java/org/xbill/DNS/TKEYRecord.java b/src/main/java/org/xbill/DNS/TKEYRecord.java
index 36dd530b8..ee307eee0 100644
--- a/src/main/java/org/xbill/DNS/TKEYRecord.java
+++ b/src/main/java/org/xbill/DNS/TKEYRecord.java
@@ -1,9 +1,11 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.io.IOException;
 import java.time.Instant;
+import java.util.Date;
 import org.xbill.DNS.utils.base64;
 
 /**
@@ -11,13 +13,10 @@
  *
  * @see TSIG
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2930">RFC 2930: Secret Key Establishment for DNS
- *     (TKEY RR)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2930">RFC 2930: Secret Key Establishment
+ *     for DNS (TKEY RR)</a>
  */
 public class TKEYRecord extends Record {
-
-  private static final long serialVersionUID = 8828458121926391756L;
-
   private Name alg;
   private Instant timeInception;
   private Instant timeExpire;
@@ -42,11 +41,6 @@ public class TKEYRecord extends Record {
 
   TKEYRecord() {}
 
-  @Override
-  Record getObject() {
-    return new TKEYRecord();
-  }
-
   /**
    * Creates a TKEY Record from the given data.
    *
@@ -80,8 +74,47 @@ public TKEYRecord(
     this.other = other;
   }
 
+  /**
+   * Creates a TKEY Record from the given data.
+   *
+   * @param alg The shared key's algorithm
+   * @param timeInception The beginning of the validity period of the shared secret or keying
+   *     material
+   * @param timeExpire The end of the validity period of the shared secret or keying material
+   * @param mode The mode of key agreement
+   * @param error The extended error field. Should be 0 in queries
+   * @param key The shared secret
+   * @param other The other data field. Currently unused responses.
+   * @deprecated use {@link #TKEYRecord(Name, int, long, Name, Instant, Instant, int, int, byte[],
+   *     byte[])}
+   */
+  @Deprecated
+  public TKEYRecord(
+      Name name,
+      int dclass,
+      long ttl,
+      Name alg,
+      Date timeInception,
+      Date timeExpire,
+      int mode,
+      int error,
+      byte[] key,
+      byte[] other) {
+    this(
+        name,
+        dclass,
+        ttl,
+        alg,
+        timeInception.toInstant(),
+        timeExpire.toInstant(),
+        mode,
+        error,
+        key,
+        other);
+  }
+
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     alg = new Name(in);
     timeInception = Instant.ofEpochSecond(in.readU32());
     timeExpire = Instant.ofEpochSecond(in.readU32());
@@ -104,7 +137,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     throw st.exception("no text format defined for TKEY");
   }
 
@@ -127,11 +160,11 @@ protected String modeString() {
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(alg);
     sb.append(" ");
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("(\n\t");
     }
     sb.append(FormattedTime.format(timeInception));
@@ -141,7 +174,7 @@ String rrToString() {
     sb.append(modeString());
     sb.append(" ");
     sb.append(Rcode.TSIGstring(error));
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("\n");
       if (key != null) {
         sb.append(base64.formatString(key, 64, "\t", false));
@@ -200,7 +233,7 @@ public byte[] getOther() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     alg.toWire(out, null, canonical);
 
     out.writeU32(timeInception.getEpochSecond());
diff --git a/src/main/java/org/xbill/DNS/TLSARecord.java b/src/main/java/org/xbill/DNS/TLSARecord.java
index 5799aa424..46714fcef 100644
--- a/src/main/java/org/xbill/DNS/TLSARecord.java
+++ b/src/main/java/org/xbill/DNS/TLSARecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,13 +10,10 @@
  * Transport Layer Security Authentication
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc6698">RFC 6698: The DNS-Based Authentication of
- *     Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc6698">RFC 6698: The DNS-Based
+ *     Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA</a>
  */
 public class TLSARecord extends Record {
-
-  private static final long serialVersionUID = 356494267028580169L;
-
   public static class CertificateUsage {
     private CertificateUsage() {}
 
@@ -28,10 +26,18 @@ private CertificateUsage() {}
   public static class Selector {
     private Selector() {}
 
-    /** Full certificate; the Certificate binary structure defined in [RFC5280] */
+    /**
+     * Full certificate; the Certificate binary structure.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc5280">RFC 5280</a>
+     */
     public static final int FULL_CERTIFICATE = 0;
 
-    /** SubjectPublicKeyInfo; DER-encoded binary structure defined in [RFC5280] */
+    /**
+     * SubjectPublicKeyInfo; DER-encoded binary structure.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc5280">RFC 5280</a>
+     */
     public static final int SUBJECT_PUBLIC_KEY_INFO = 1;
   }
 
@@ -41,10 +47,18 @@ private MatchingType() {}
     /** Exact match on selected content */
     public static final int EXACT = 0;
 
-    /** SHA-256 hash of selected content [RFC6234] */
+    /**
+     * SHA-256 hash of selected content.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6234">RFC 6234</a>
+     */
     public static final int SHA256 = 1;
 
-    /** SHA-512 hash of selected content [RFC6234] */
+    /**
+     * SHA-512 hash of selected content.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6234">RFC 6234</a>
+     */
     public static final int SHA512 = 2;
   }
 
@@ -55,11 +69,6 @@ private MatchingType() {}
 
   TLSARecord() {}
 
-  @Override
-  Record getObject() {
-    return new TLSARecord();
-  }
-
   /**
    * Creates an TLSA Record from the given data
    *
@@ -70,55 +79,88 @@ Record getObject() {
    * @param matchingType How the certificate association is presented.
    * @param certificateAssociationData The "certificate association data" to be matched.
    */
-  public TLSARecord(
+  protected TLSARecord(
       Name name,
+      int type,
       int dclass,
       long ttl,
       int certificateUsage,
       int selector,
       int matchingType,
       byte[] certificateAssociationData) {
-    super(name, Type.TLSA, dclass, ttl);
+    super(name, type, dclass, ttl);
     this.certificateUsage = checkU8("certificateUsage", certificateUsage);
     this.selector = checkU8("selector", selector);
     this.matchingType = checkU8("matchingType", matchingType);
+    if (certificateAssociationData == null || certificateAssociationData.length == 0) {
+      throw new IllegalArgumentException("certificateAssociationData must not be null or empty");
+    }
     this.certificateAssociationData =
         checkByteArrayLength("certificateAssociationData", certificateAssociationData, 0xFFFF);
   }
 
+  /**
+   * Creates an TLSA Record from the given data
+   *
+   * @param certificateUsage The provided association that will be used to match the certificate
+   *     presented in the TLS handshake.
+   * @param selector The part of the TLS certificate presented by the server that will be matched
+   *     against the association data.
+   * @param matchingType How the certificate association is presented.
+   * @param certificateAssociationData The "certificate association data" to be matched.
+   */
+  public TLSARecord(
+      Name name,
+      int dclass,
+      long ttl,
+      int certificateUsage,
+      int selector,
+      int matchingType,
+      byte[] certificateAssociationData) {
+    this(
+        name,
+        Type.TLSA,
+        dclass,
+        ttl,
+        certificateUsage,
+        selector,
+        matchingType,
+        certificateAssociationData);
+  }
+
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     certificateUsage = in.readU8();
     selector = in.readU8();
     matchingType = in.readU8();
     certificateAssociationData = in.readByteArray();
+    if (certificateAssociationData.length == 0) {
+      throw new WireParseException("end of input");
+    }
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     certificateUsage = st.getUInt8();
     selector = st.getUInt8();
     matchingType = st.getUInt8();
-    certificateAssociationData = st.getHex();
+    certificateAssociationData = st.getHex(true);
   }
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
-    StringBuilder sb = new StringBuilder();
-    sb.append(certificateUsage);
-    sb.append(" ");
-    sb.append(selector);
-    sb.append(" ");
-    sb.append(matchingType);
-    sb.append(" ");
-    sb.append(base16.toString(certificateAssociationData));
-
-    return sb.toString();
+  protected String rrToString() {
+    return certificateUsage
+        + " "
+        + selector
+        + " "
+        + matchingType
+        + " "
+        + base16.toString(certificateAssociationData);
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU8(certificateUsage);
     out.writeU8(selector);
     out.writeU8(matchingType);
diff --git a/src/main/java/org/xbill/DNS/TSIG.java b/src/main/java/org/xbill/DNS/TSIG.java
index dd661d992..baaa3299f 100644
--- a/src/main/java/org/xbill/DNS/TSIG.java
+++ b/src/main/java/org/xbill/DNS/TSIG.java
@@ -1,19 +1,27 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.security.GeneralSecurityException;
+import java.time.Clock;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Objects;
+import java.util.TreeMap;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
+import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 import org.xbill.DNS.utils.base64;
+import org.xbill.DNS.utils.hexdump;
 
 /**
  * Transaction signature handling. This class generates and verifies TSIG records on messages, which
@@ -24,88 +32,208 @@
  */
 @Slf4j
 public class TSIG {
+  // https://www.iana.org/assignments/tsig-algorithm-names/tsig-algorithm-names.xml
 
-  /** The domain name representing the HMAC-MD5 algorithm. */
+  /**
+   * The domain name representing the gss-tsig algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc3645">RFC 3645</a>
+   */
+  public static final Name GSS_TSIG = Name.fromConstantString("gss-tsig.");
+
+  /**
+   * The domain name representing the HMAC-MD5 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_MD5 = Name.fromConstantString("HMAC-MD5.SIG-ALG.REG.INT.");
 
-  /** The domain name representing the HMAC-MD5 algorithm (deprecated). */
-  public static final Name HMAC = HMAC_MD5;
+  /**
+   * The domain name representing the HMAC-MD5 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   * @deprecated use {@link #HMAC_MD5}
+   */
+  @Deprecated public static final Name HMAC = HMAC_MD5;
 
-  /** The domain name representing the HMAC-SHA1 algorithm. */
+  /**
+   * The domain name representing the HMAC-SHA1 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_SHA1 = Name.fromConstantString("hmac-sha1.");
 
-  /** The domain name representing the HMAC-SHA224 algorithm. */
+  /**
+   * The domain name representing the HMAC-SHA224 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_SHA224 = Name.fromConstantString("hmac-sha224.");
 
-  /** The domain name representing the HMAC-SHA256 algorithm. */
+  /**
+   * The domain name representing the HMAC-SHA256 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_SHA256 = Name.fromConstantString("hmac-sha256.");
 
-  /** The domain name representing the HMAC-SHA384 algorithm. */
+  /**
+   * The domain name representing the HMAC-SHA384 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_SHA384 = Name.fromConstantString("hmac-sha384.");
 
-  /** The domain name representing the HMAC-SHA512 algorithm. */
+  /**
+   * The domain name representing the HMAC-SHA512 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_SHA512 = Name.fromConstantString("hmac-sha512.");
 
-  private static Map algMap;
+  /**
+   * The domain name representing the HMAC-SHA256-128 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc4868">RFC 4868</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   * @since 3.6.3
+   */
+  public static final Name HMAC_SHA256_128 = Name.fromConstantString("hmac-sha256-128.");
+
+  /**
+   * The domain name representing the HMAC-SHA384-192 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc4868">RFC 4868</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   * @since 3.6.3
+   */
+  public static final Name HMAC_SHA384_192 = Name.fromConstantString("hmac-sha384-192.");
+
+  /**
+   * The domain name representing the HMAC-SHA512-256 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc4868">RFC 4868</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   * @since 3.6.3
+   */
+  public static final Name HMAC_SHA512_256 = Name.fromConstantString("hmac-sha512-256.");
+
+  private static final Map<Name, String> algMap;
+  private static final Map<Name, Integer> algLengthMap;
+  private static final Pattern javaAlgNamePattern =
+      Pattern.compile(
+          "^Hmac(?<alg>(SHA(1|\\d{3})|MD5))(/(?<length>\\d{3}))?$", Pattern.CASE_INSENSITIVE);
 
   static {
-    Map<Name, String> out = new HashMap<>();
-    out.put(HMAC_MD5, "HmacMD5");
-    out.put(HMAC_SHA1, "HmacSHA1");
-    out.put(HMAC_SHA224, "HmacSHA224");
-    out.put(HMAC_SHA256, "HmacSHA256");
-    out.put(HMAC_SHA384, "HmacSHA384");
-    out.put(HMAC_SHA512, "HmacSHA512");
-    algMap = Collections.unmodifiableMap(out);
+    Map<Name, String> names = new TreeMap<>();
+    names.put(HMAC_MD5, "HmacMD5");
+    names.put(HMAC_SHA1, "HmacSHA1");
+    names.put(HMAC_SHA224, "HmacSHA224");
+    names.put(HMAC_SHA256, "HmacSHA256");
+    names.put(HMAC_SHA384, "HmacSHA384");
+    names.put(HMAC_SHA512, "HmacSHA512");
+    // These must always be after the non-truncated versions
+    names.put(HMAC_SHA256_128, "HmacSHA256");
+    names.put(HMAC_SHA384_192, "HmacSHA384");
+    names.put(HMAC_SHA512_256, "HmacSHA512");
+    algMap = Collections.unmodifiableMap(names);
+
+    Map<Name, Integer> lengths = new HashMap<>();
+    lengths.put(HMAC_MD5, 16);
+    lengths.put(HMAC_SHA1, 20);
+    lengths.put(HMAC_SHA224, 28);
+    lengths.put(HMAC_SHA256, 32);
+    lengths.put(HMAC_SHA384, 48);
+    lengths.put(HMAC_SHA512, 64);
+    lengths.put(HMAC_SHA256_128, 16);
+    lengths.put(HMAC_SHA384_192, 24);
+    lengths.put(HMAC_SHA512_256, 32);
+    algLengthMap = Collections.unmodifiableMap(lengths);
   }
 
+  /**
+   * Convert an algorithm String to its equivalent Name.
+   *
+   * @param alg String containing name of algorithm.
+   * @return Name object for algorithm
+   * @throws IllegalArgumentException The algorithm is null or invalid.
+   */
   public static Name algorithmToName(String alg) {
-    for (Object o : algMap.entrySet()) {
-      Map.Entry entry = (Map.Entry) o;
-      if (alg.equalsIgnoreCase((String) entry.getValue())) {
-        return (Name) entry.getKey();
+    if (alg == null) {
+      throw new IllegalArgumentException("Null algorithm");
+    }
+
+    // Handle Java algorithm names
+    if (!alg.contains("-")) {
+      Matcher m = javaAlgNamePattern.matcher(alg);
+      if (m.matches()) {
+        alg = "hmac-" + m.group("alg");
+        String truncatedLength = m.group("length");
+        if (truncatedLength != null) {
+          alg += "-" + truncatedLength;
+        }
       }
     }
-    throw new IllegalArgumentException("Unknown algorithm");
+
+    if (!alg.endsWith(".")) {
+      alg += ".";
+    }
+
+    Name nameAlg;
+    try {
+      nameAlg = Name.fromString(alg);
+    } catch (TextParseException e) {
+      throw new IllegalArgumentException(e);
+    }
+
+    // Special case, allow "hmac-md5" as an alias for the RFC name.
+    if (nameAlg.equals(Name.fromConstantString("hmac-md5."))) {
+      return HMAC_MD5;
+    }
+
+    // Make sure we understand this name
+    if (algMap.get(nameAlg) == null) {
+      throw new IllegalArgumentException("Unknown algorithm: " + nameAlg);
+    }
+
+    return nameAlg;
   }
 
+  /**
+   * Convert an algorithm Name to a string.
+   *
+   * @param name Name object
+   * @return String equivalent
+   * @deprecated Returns java algorithm name, will be made private in 4.0
+   */
+  @Deprecated
   public static String nameToAlgorithm(Name name) {
-    String alg = (String) algMap.get(name);
+    String alg = algMap.get(name);
     if (alg != null) {
       return alg;
     }
-    throw new IllegalArgumentException("Unknown algorithm");
+    throw new IllegalArgumentException("Unknown algorithm: " + name);
   }
 
-  /** The default fudge value for outgoing packets. Can be overriden by the tsigfudge option. */
+  /** The default fudge value for outgoing packets. Can be overridden by the tsigfudge option. */
   public static final Duration FUDGE = Duration.ofSeconds(300);
 
-  private Name name, alg;
-  private Mac hmac;
+  private final Name alg;
+  private final Clock clock;
+  private final Name name;
+  private final SecretKey macKey;
+  private final String macAlgorithm;
+  private final Mac sharedHmac;
 
   /**
    * Verifies the data (computes the secure hash and compares it to the input)
    *
-   * @param mac The HMAC generator
+   * @param expected The expected (locally calculated) signature
    * @param signature The signature to compare against
    * @return true if the signature matches, false otherwise
    */
-  private static boolean verify(Mac mac, byte[] signature) {
-    return verify(mac, signature, false);
-  }
-
-  /**
-   * Verifies the data (computes the secure hash and compares it to the input)
-   *
-   * @param mac The HMAC generator
-   * @param signature The signature to compare against
-   * @param truncation_ok If true, the signature may be truncated; only the number of bytes in the
-   *     provided signature are compared.
-   * @return true if the signature matches, false otherwise
-   */
-  private static boolean verify(Mac mac, byte[] signature, boolean truncation_ok) {
-    byte[] expected = mac.doFinal();
-    if (truncation_ok && signature.length < expected.length) {
+  private static boolean verify(byte[] expected, byte[] signature) {
+    if (signature.length < expected.length) {
       byte[] truncated = new byte[signature.length];
       System.arraycopy(expected, 0, truncated, 0, truncated.length);
       expected = truncated;
@@ -113,15 +241,39 @@ private static boolean verify(Mac mac, byte[] signature, boolean truncation_ok)
     return Arrays.equals(signature, expected);
   }
 
-  private void init_hmac(String macAlgorithm, SecretKey key) {
+  private Mac initHmac() {
+    if (sharedHmac != null) {
+      try {
+        return (Mac) sharedHmac.clone();
+      } catch (CloneNotSupportedException e) {
+        sharedHmac.reset();
+        return sharedHmac;
+      }
+    }
+
     try {
-      hmac = Mac.getInstance(macAlgorithm);
-      hmac.init(key);
+      Mac mac = Mac.getInstance(macAlgorithm);
+      mac.init(macKey);
+      return mac;
     } catch (GeneralSecurityException ex) {
-      throw new IllegalArgumentException("Caught security " + "exception setting up " + "HMAC.");
+      throw new IllegalArgumentException("Caught security exception setting up HMAC.", ex);
     }
   }
 
+  /**
+   * Creates a new TSIG object, which can be used to sign or verify a message.
+   *
+   * @param name The name of the shared key.
+   * @param key The shared key's data represented as a base64 encoded string.
+   * @throws IllegalArgumentException The key name is an invalid name
+   * @throws IllegalArgumentException The key data is improperly encoded
+   * @throws NullPointerException key is null
+   * @since 3.2
+   */
+  public TSIG(Name algorithm, Name name, String key) {
+    this(algorithm, name, Objects.requireNonNull(base64.fromString(key)));
+  }
+
   /**
    * Creates a new TSIG key, which can be used to sign or verify a message.
    *
@@ -130,11 +282,7 @@ private void init_hmac(String macAlgorithm, SecretKey key) {
    * @param keyBytes The shared key's data.
    */
   public TSIG(Name algorithm, Name name, byte[] keyBytes) {
-    this.name = name;
-    this.alg = algorithm;
-    String macAlgorithm = nameToAlgorithm(algorithm);
-    SecretKey key = new SecretKeySpec(keyBytes, macAlgorithm);
-    init_hmac(macAlgorithm, key);
+    this(algorithm, name, new SecretKeySpec(keyBytes, nameToAlgorithm(algorithm)));
   }
 
   /**
@@ -145,10 +293,24 @@ public TSIG(Name algorithm, Name name, byte[] keyBytes) {
    * @param key The shared key.
    */
   public TSIG(Name algorithm, Name name, SecretKey key) {
+    this(algorithm, name, key, Clock.systemUTC());
+  }
+
+  /**
+   * Creates a new TSIG key, which can be used to sign or verify a message.
+   *
+   * @param algorithm The algorithm of the shared key.
+   * @param name The name of the shared key.
+   * @param key The shared key.
+   * @since 3.2
+   */
+  public TSIG(Name algorithm, Name name, SecretKey key, Clock clock) {
     this.name = name;
     this.alg = algorithm;
-    String macAlgorithm = nameToAlgorithm(algorithm);
-    init_hmac(macAlgorithm, key);
+    this.clock = clock;
+    this.macAlgorithm = nameToAlgorithm(algorithm);
+    this.macKey = key;
+    this.sharedHmac = null;
   }
 
   /**
@@ -157,20 +319,27 @@ public TSIG(Name algorithm, Name name, SecretKey key) {
    *
    * @param mac The JCE HMAC object
    * @param name The name of the key
+   * @deprecated Use one of the constructors that specifies an algorithm and key.
    */
+  @Deprecated
   public TSIG(Mac mac, Name name) {
     this.name = name;
-    this.hmac = mac;
+    this.sharedHmac = mac;
+    this.macAlgorithm = null;
+    this.macKey = null;
+    this.clock = Clock.systemUTC();
     this.alg = algorithmToName(mac.getAlgorithm());
   }
 
   /**
-   * Creates a new TSIG key with the hmac-md5 algorithm, which can be used to sign or verify a
-   * message.
+   * Creates a new TSIG key with the {@link #HMAC_MD5} algorithm, which can be used to sign or
+   * verify a message.
    *
    * @param name The name of the shared key.
    * @param key The shared key's data.
+   * @deprecated Use {@link #TSIG(Name, Name, SecretKey)} to explicitly specify an algorithm.
    */
+  @Deprecated
   public TSIG(Name name, byte[] key) {
     this(HMAC_MD5, name, key);
   }
@@ -194,33 +363,51 @@ public TSIG(Name algorithm, String name, String key) {
       throw new IllegalArgumentException("Invalid TSIG key name");
     }
     this.alg = algorithm;
-    String macAlgorithm = nameToAlgorithm(this.alg);
-    init_hmac(macAlgorithm, new SecretKeySpec(keyBytes, macAlgorithm));
+    this.clock = Clock.systemUTC();
+    this.macAlgorithm = nameToAlgorithm(algorithm);
+    this.sharedHmac = null;
+    this.macKey = new SecretKeySpec(keyBytes, macAlgorithm);
   }
 
   /**
    * Creates a new TSIG object, which can be used to sign or verify a message.
    *
+   * @param algorithm The RFC8945 algorithm name of the shared key. The legal values are:
+   *     <ul>
+   *       <li>hmac-md5.sig-alg.reg.int.
+   *       <li>hmac-md5. (alias for hmac-md5.sig-alg.reg.int.)
+   *       <li>hmac-sha1.
+   *       <li>hmac-sha224.
+   *       <li>hmac-sha256.
+   *       <li>hmac-sha256-128.
+   *       <li>hmac-sha384.
+   *       <li>hmac-sha384-192.
+   *       <li>hmac-sha512.
+   *       <li>hmac-sha512-256.
+   *     </ul>
+   *     The trailing &quot;.&quot; can be omitted.
    * @param name The name of the shared key.
-   * @param algorithm The algorithm of the shared key. The legal values are "hmac-md5", "hmac-sha1",
-   *     "hmac-sha224", "hmac-sha256", "hmac-sha384", and "hmac-sha512".
    * @param key The shared key's data represented as a base64 encoded string.
    * @throws IllegalArgumentException The key name is an invalid name
    * @throws IllegalArgumentException The key data is improperly encoded
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   * @apiNote Do NOT use the MD5 algorithms anymore.
    */
   public TSIG(String algorithm, String name, String key) {
     this(algorithmToName(algorithm), name, key);
   }
 
   /**
-   * Creates a new TSIG object with the hmac-md5 algorithm, which can be used to sign or verify a
-   * message.
+   * Creates a new TSIG object with the {@link #HMAC_MD5} algorithm, which can be used to sign or
+   * verify a message.
    *
    * @param name The name of the shared key
    * @param key The shared key's data, represented as a base64 encoded string.
    * @throws IllegalArgumentException The key name is an invalid name
    * @throws IllegalArgumentException The key data is improperly encoded
+   * @deprecated Use {@link #TSIG(Name, String, String)} to explicitly specify an algorithm.
    */
+  @Deprecated
   public TSIG(String name, String key) {
     this(HMAC_MD5, name, key);
   }
@@ -229,25 +416,23 @@ public TSIG(String name, String key) {
    * Creates a new TSIG object, which can be used to sign or verify a message.
    *
    * @param str The TSIG key, in the form name:secret, name/secret, alg:name:secret, or
-   *     alg/name/secret. If an algorithm is specified, it must be "hmac-md5", "hmac-sha1", or
-   *     "hmac-sha256".
+   *     alg/name/secret. If no algorithm is specified, the default of {@link #HMAC_MD5} is used.
    * @throws IllegalArgumentException The string does not contain both a name and secret.
    * @throws IllegalArgumentException The key name is an invalid name
    * @throws IllegalArgumentException The key data is improperly encoded
+   * @deprecated Use an explicit constructor
    */
+  @Deprecated
   public static TSIG fromString(String str) {
     String[] parts = str.split("[:/]", 3);
-    if (parts.length < 2) {
-      throw new IllegalArgumentException("Invalid TSIG key " + "specification");
-    }
-    if (parts.length == 3) {
-      try {
+    switch (parts.length) {
+      case 2:
+        return new TSIG(HMAC_MD5, parts[0], parts[1]);
+      case 3:
         return new TSIG(parts[0], parts[1], parts[2]);
-      } catch (IllegalArgumentException e) {
-        parts = str.split("[:/]", 2);
-      }
+      default:
+        throw new IllegalArgumentException("Invalid TSIG key specification");
     }
-    return new TSIG(HMAC_MD5, parts[0], parts[1]);
   }
 
   /**
@@ -260,78 +445,104 @@ public static TSIG fromString(String str) {
    * @return The TSIG record to be added to the message
    */
   public TSIGRecord generate(Message m, byte[] b, int error, TSIGRecord old) {
-    Instant timeSigned;
-    if (error != Rcode.BADTIME) {
-      timeSigned = Instant.now();
-    } else {
-      timeSigned = old.getTimeSigned();
-    }
-    Duration fudge;
-    boolean signing = false;
-    if (error == Rcode.NOERROR || error == Rcode.BADTIME) {
-      signing = true;
-      hmac.reset();
-    }
+    return generate(m, b, error, old, true);
+  }
 
-    int fudgeOption = Options.intValue("tsigfudge");
-    if (fudgeOption < 0 || fudgeOption > 0x7FFF) {
-      fudge = FUDGE;
-    } else {
-      fudge = Duration.ofSeconds(fudgeOption);
+  /**
+   * Generates a TSIG record with a specific error for a message that has been rendered.
+   *
+   * @param m The message
+   * @param b The rendered message
+   * @param error The error
+   * @param old If this message is a response, the TSIG from the request
+   * @param fullSignature {@code true} if this {@link TSIGRecord} is the to be added to the first of
+   *     many messages in a TCP connection and all TSIG variables (rfc2845, 3.4.2.) should be
+   *     included in the signature. {@code false} for subsequent messages with reduced TSIG
+   *     variables set (rfc2845, 4.4.).
+   * @return The TSIG record to be added to the message
+   * @since 3.2
+   */
+  public TSIGRecord generate(
+      Message m, byte[] b, int error, TSIGRecord old, boolean fullSignature) {
+    Mac hmac = null;
+    if (error == Rcode.NOERROR || error == Rcode.BADTIME || error == Rcode.BADTRUNC) {
+      hmac = initHmac();
     }
 
-    if (old != null) {
-      DNSOutput out = new DNSOutput();
-      out.writeU16(old.getSignature().length);
-      if (signing) {
-        hmac.update(out.toByteArray());
-        hmac.update(old.getSignature());
-      }
+    return generate(m, b, error, old, fullSignature, hmac);
+  }
+
+  /**
+   * Generates a TSIG record with a specific error for a message that has been rendered.
+   *
+   * @param m The message
+   * @param b The rendered message
+   * @param error The error
+   * @param old If this message is a response, the TSIG from the request
+   * @param fullSignature {@code true} if this {@link TSIGRecord} is the to be added to the first of
+   *     many messages in a TCP connection and all TSIG variables (rfc2845, 3.4.2.) should be
+   *     included in the signature. {@code false} for subsequent messages with reduced TSIG
+   *     variables set (rfc2845, 4.4.).
+   * @param hmac A mac instance to reuse for a stream of messages to sign, e.g. when doing a zone
+   *     transfer.
+   * @return The TSIG record to be added to the message
+   */
+  private TSIGRecord generate(
+      Message m, byte[] b, int error, TSIGRecord old, boolean fullSignature, Mac hmac) {
+    Instant timeSigned = getTimeSigned(error, old);
+    Duration fudge = getTsigFudge();
+
+    boolean signing = hmac != null;
+    if (old != null && signing) {
+      hmacAddSignature(hmac, old);
     }
 
-    /* Digest the message */
+    // Digest the message
     if (signing) {
+      if (log.isTraceEnabled()) {
+        log.trace(hexdump.dump("TSIG-HMAC rendered message", b));
+      }
       hmac.update(b);
     }
 
+    // rfc2845, 3.4.2 TSIG Variables
+    // for section 4.4 TSIG on TCP connection: skip name, class, ttl, alg and other
     DNSOutput out = new DNSOutput();
-    name.toWireCanonical(out);
-    out.writeU16(DClass.ANY); /* class */
-    out.writeU32(0); /* ttl */
-    alg.toWireCanonical(out);
-    long time = timeSigned.getEpochSecond();
-    int timeHigh = (int) (time >> 32);
-    long timeLow = (time & 0xFFFFFFFFL);
-    out.writeU16(timeHigh);
-    out.writeU32(timeLow);
-    out.writeU16((int) fudge.getSeconds());
-
-    out.writeU16(error);
-    out.writeU16(0); /* No other data */
+    if (fullSignature) {
+      name.toWireCanonical(out);
+      out.writeU16(DClass.ANY); /* class */
+      out.writeU32(0); /* ttl */
+      alg.toWireCanonical(out);
+    }
 
-    if (signing) {
-      hmac.update(out.toByteArray());
+    writeTsigTimerVariables(timeSigned, fudge, out);
+    if (fullSignature) {
+      out.writeU16(error);
+      out.writeU16(0); /* No other data */
     }
 
     byte[] signature;
     if (signing) {
-      signature = hmac.doFinal();
+      byte[] tsigVariables = out.toByteArray();
+      if (log.isTraceEnabled()) {
+        log.trace(hexdump.dump("TSIG-HMAC variables", tsigVariables));
+      }
+      signature = hmac.doFinal(tsigVariables);
+      if (signature.length > algLengthMap.get(alg)) {
+        signature = Arrays.copyOfRange(signature, 0, algLengthMap.get(alg));
+      }
     } else {
       signature = new byte[0];
     }
 
     byte[] other = null;
     if (error == Rcode.BADTIME) {
-      out = new DNSOutput();
-      time = Instant.now().getEpochSecond();
-      timeHigh = (int) (time >> 32);
-      timeLow = (time & 0xFFFFFFFFL);
-      out.writeU16(timeHigh);
-      out.writeU32(timeLow);
+      out = new DNSOutput(6);
+      writeTsigTime(clock.instant(), out);
       other = out.toByteArray();
     }
 
-    return (new TSIGRecord(
+    return new TSIGRecord(
         name,
         DClass.ANY,
         0,
@@ -341,7 +552,26 @@ public TSIGRecord generate(Message m, byte[] b, int error, TSIGRecord old) {
         signature,
         m.getHeader().getID(),
         error,
-        other));
+        other);
+  }
+
+  private Instant getTimeSigned(int error, TSIGRecord old) {
+    return error == Rcode.BADTIME ? old.getTimeSigned() : clock.instant();
+  }
+
+  private static Duration getTsigFudge() {
+    int fudgeOption = Options.intValue("tsigfudge");
+    return fudgeOption < 0 || fudgeOption > 0x7FFF ? FUDGE : Duration.ofSeconds(fudgeOption);
+  }
+
+  /**
+   * Generates a TSIG record for a message and adds it to the message
+   *
+   * @param m The message
+   * @param old If this message is a response, the TSIG from the request
+   */
+  public void apply(Message m, TSIGRecord old) {
+    apply(m, Rcode.NOERROR, old, true);
   }
 
   /**
@@ -352,185 +582,271 @@ public TSIGRecord generate(Message m, byte[] b, int error, TSIGRecord old) {
    * @param old If this message is a response, the TSIG from the request
    */
   public void apply(Message m, int error, TSIGRecord old) {
-    Record r = generate(m, m.toWire(), error, old);
-    m.addRecord(r, Section.ADDITIONAL);
-    m.tsigState = Message.TSIG_SIGNED;
+    apply(m, error, old, true);
   }
 
   /**
-   * Generates a TSIG record for a message and adds it to the message
+   * Generates a TSIG record with a specific error for a message and adds it to the message.
    *
    * @param m The message
    * @param old If this message is a response, the TSIG from the request
+   * @param fullSignature {@code true} if this message is the first of many in a TCP connection and
+   *     all TSIG variables (rfc2845, 3.4.2.) should be included in the signature. {@code false} for
+   *     subsequent messages with reduced TSIG variables set (rfc2845, 4.4.).
+   * @since 3.2
    */
-  public void apply(Message m, TSIGRecord old) {
-    apply(m, Rcode.NOERROR, old);
+  public void apply(Message m, TSIGRecord old, boolean fullSignature) {
+    apply(m, Rcode.NOERROR, old, fullSignature);
   }
 
   /**
-   * Generates a TSIG record for a message and adds it to the message
+   * Generates a TSIG record with a specific error for a message and adds it to the message.
    *
    * @param m The message
+   * @param error The error
    * @param old If this message is a response, the TSIG from the request
+   * @param fullSignature {@code true} if this message is the first of many in a TCP connection and
+   *     all TSIG variables (rfc2845, 3.4.2.) should be included in the signature. {@code false} for
+   *     subsequent messages with reduced TSIG variables set (rfc2845, 4.4.).
+   * @since 3.2
    */
-  public void applyStream(Message m, TSIGRecord old, boolean first) {
-    if (first) {
-      apply(m, old);
-      return;
-    }
-    Instant timeSigned = Instant.now();
-    Duration fudge;
-    hmac.reset();
-
-    int fudgeOption = Options.intValue("tsigfudge");
-    if (fudgeOption < 0 || fudgeOption > 0x7FFF) {
-      fudge = FUDGE;
-    } else {
-      fudge = Duration.ofSeconds(fudgeOption);
-    }
-
-    DNSOutput out = new DNSOutput();
-    out.writeU16(old.getSignature().length);
-    hmac.update(out.toByteArray());
-    hmac.update(old.getSignature());
-
-    /* Digest the message */
-    hmac.update(m.toWire());
-
-    out = new DNSOutput();
-    long time = timeSigned.getEpochSecond();
-    int timeHigh = (int) (time >> 32);
-    long timeLow = (time & 0xFFFFFFFFL);
-    out.writeU16(timeHigh);
-    out.writeU32(timeLow);
-    out.writeU16((int) fudge.getSeconds());
-
-    hmac.update(out.toByteArray());
-
-    byte[] signature = hmac.doFinal();
-    byte[] other = null;
-
-    Record r =
-        new TSIGRecord(
-            name,
-            DClass.ANY,
-            0,
-            alg,
-            timeSigned,
-            fudge,
-            signature,
-            m.getHeader().getID(),
-            Rcode.NOERROR,
-            other);
+  public void apply(Message m, int error, TSIGRecord old, boolean fullSignature) {
+    Record r = generate(m, m.toWire(), error, old, fullSignature);
     m.addRecord(r, Section.ADDITIONAL);
     m.tsigState = Message.TSIG_SIGNED;
   }
 
+  /**
+   * Generates a TSIG record for a message and adds it to the message
+   *
+   * @param m The message
+   * @param old If this message is a response, the TSIG from the request
+   * @param fullSignature {@code true} if this message is the first of many in a TCP connection and
+   *     all TSIG variables (rfc2845, 3.4.2.) should be included in the signature. {@code false} for
+   *     subsequent messages with reduced TSIG variables set (rfc2845, 4.4.).
+   * @deprecated use {@link #apply(Message, TSIGRecord, boolean)}
+   */
+  @Deprecated
+  public void applyStream(Message m, TSIGRecord old, boolean fullSignature) {
+    apply(m, Rcode.NOERROR, old, fullSignature);
+  }
+
   /**
    * Verifies a TSIG record on an incoming message. Since this is only called in the context where a
    * TSIG is expected to be present, it is an error if one is not present. After calling this
    * routine, Message.isVerified() may be called on this message.
    *
+   * <p>Use {@link StreamVerifier} to validate multiple messages in a stream.
+   *
    * @param m The message
    * @param b An array containing the message in unparsed form. This is necessary since TSIG signs
    *     the message in wire format, and we can't recreate the exact wire format (with the same name
    *     compression).
-   * @param length The length of the message in the array.
+   * @param length unused
    * @param old If this message is a response, the TSIG from the request
    * @return The result of the verification (as an Rcode)
    * @see Rcode
+   * @deprecated use {@link #verify(Message, byte[], TSIGRecord)}
    */
+  @Deprecated
   public byte verify(Message m, byte[] b, int length, TSIGRecord old) {
+    return (byte) verify(m, b, old);
+  }
+
+  /**
+   * Verifies a TSIG record on an incoming message. Since this is only called in the context where a
+   * TSIG is expected to be present, it is an error if one is not present. After calling this
+   * routine, Message.isVerified() may be called on this message.
+   *
+   * <p>Use {@link StreamVerifier} to validate multiple messages in a stream.
+   *
+   * @param m The message to verify
+   * @param messageBytes An array containing the message in unparsed form. This is necessary since
+   *     TSIG signs the message in wire format, and we can't recreate the exact wire format (with
+   *     the same name compression).
+   * @param requestTSIG If this message is a response, the TSIG from the request
+   * @return The result of the verification (as an Rcode)
+   * @see Rcode
+   */
+  public int verify(Message m, byte[] messageBytes, TSIGRecord requestTSIG) {
+    return verify(m, messageBytes, requestTSIG, true);
+  }
+
+  /**
+   * Verifies a TSIG record on an incoming message. Since this is only called in the context where a
+   * TSIG is expected to be present, it is an error if one is not present. After calling this
+   * routine, Message.isVerified() may be called on this message.
+   *
+   * <p>Use {@link StreamVerifier} to validate multiple messages in a stream.
+   *
+   * @param m The message to verify
+   * @param messageBytes An array containing the message in unparsed form. This is necessary since
+   *     TSIG signs the message in wire format, and we can't recreate the exact wire format (with
+   *     the same name compression).
+   * @param requestTSIG If this message is a response, the TSIG from the request
+   * @param fullSignature {@code true} if this message is the first of many in a TCP connection and
+   *     all TSIG variables (rfc2845, 3.4.2.) should be included in the signature. {@code false} for
+   *     subsequent messages with reduced TSIG variables set (rfc2845, 4.4.).
+   * @return The result of the verification (as an Rcode)
+   * @see Rcode
+   * @since 3.2
+   */
+  public int verify(Message m, byte[] messageBytes, TSIGRecord requestTSIG, boolean fullSignature) {
+    return verify(m, messageBytes, requestTSIG, fullSignature, null);
+  }
+
+  /**
+   * Verifies a TSIG record on an incoming message. Since this is only called in the context where a
+   * TSIG is expected to be present, it is an error if one is not present. After calling this
+   * routine, Message.isVerified() may be called on this message.
+   *
+   * @param m The message to verify
+   * @param messageBytes An array containing the message in unparsed form. This is necessary since
+   *     TSIG signs the message in wire format, and we can't recreate the exact wire format (with
+   *     the same name compression).
+   * @param requestTSIG If this message is a response, the TSIG from the request
+   * @param fullSignature {@code true} if this message is the first of many in a TCP connection and
+   *     all TSIG variables (rfc2845, 3.4.2.) should be included in the signature. {@code false} for
+   *     subsequent messages with reduced TSIG variables set (rfc2845, 4.4.).
+   * @return The result of the verification (as an Rcode)
+   * @see Rcode
+   */
+  private int verify(
+      Message m, byte[] messageBytes, TSIGRecord requestTSIG, boolean fullSignature, Mac hmac) {
     m.tsigState = Message.TSIG_FAILED;
     TSIGRecord tsig = m.getTSIG();
-    hmac.reset();
     if (tsig == null) {
       return Rcode.FORMERR;
     }
 
     if (!tsig.getName().equals(name) || !tsig.getAlgorithm().equals(alg)) {
-      log.debug("BADKEY failure");
+      log.debug(
+          "BADKEY failure on message id {}, expected: {}/{}, actual: {}/{}",
+          m.getHeader().getID(),
+          name,
+          alg,
+          tsig.getName(),
+          tsig.getAlgorithm());
       return Rcode.BADKEY;
     }
-    Duration delta = Duration.between(Instant.now(), tsig.getTimeSigned()).abs();
-    if (delta.compareTo(tsig.getFudge()) > 0) {
-      log.debug("BADTIME failure");
-      return Rcode.BADTIME;
+
+    if (hmac == null) {
+      hmac = initHmac();
     }
 
-    if (old != null && tsig.getError() != Rcode.BADKEY && tsig.getError() != Rcode.BADSIG) {
-      DNSOutput out = new DNSOutput();
-      out.writeU16(old.getSignature().length);
-      hmac.update(out.toByteArray());
-      hmac.update(old.getSignature());
+    if (requestTSIG != null && tsig.getError() != Rcode.BADKEY && tsig.getError() != Rcode.BADSIG) {
+      hmacAddSignature(hmac, requestTSIG);
     }
+
     m.getHeader().decCount(Section.ADDITIONAL);
     byte[] header = m.getHeader().toWire();
     m.getHeader().incCount(Section.ADDITIONAL);
+    if (log.isTraceEnabled()) {
+      log.trace(hexdump.dump("TSIG-HMAC header", header));
+    }
     hmac.update(header);
 
     int len = m.tsigstart - header.length;
-    hmac.update(b, header.length, len);
+    if (log.isTraceEnabled()) {
+      log.trace(hexdump.dump("TSIG-HMAC message after header", messageBytes, header.length, len));
+    }
+    hmac.update(messageBytes, header.length, len);
 
+    byte[] tsigVariables = getTsigVariables(fullSignature, tsig);
+    hmac.update(tsigVariables);
+
+    byte[] signature = tsig.getSignature();
+    int badsig = verifySignature(hmac, signature);
+    if (badsig != Rcode.NOERROR) {
+      return badsig;
+    }
+
+    // validate time after the signature, as per
+    // https://datatracker.ietf.org/doc/html/rfc8945#section-5.4
+    int badtime = verifyTime(tsig);
+    if (badtime != Rcode.NOERROR) {
+      return badtime;
+    }
+
+    m.tsigState = Message.TSIG_VERIFIED;
+    return Rcode.NOERROR;
+  }
+
+  private static byte[] getTsigVariables(boolean fullSignature, TSIGRecord tsig) {
     DNSOutput out = new DNSOutput();
-    tsig.getName().toWireCanonical(out);
-    out.writeU16(tsig.dclass);
-    out.writeU32(tsig.ttl);
-    tsig.getAlgorithm().toWireCanonical(out);
-    long time = tsig.getTimeSigned().getEpochSecond();
-    int timeHigh = (int) (time >> 32);
-    long timeLow = (time & 0xFFFFFFFFL);
-    out.writeU16(timeHigh);
-    out.writeU32(timeLow);
-    out.writeU16((int) tsig.getFudge().getSeconds());
-    out.writeU16(tsig.getError());
-    if (tsig.getOther() != null) {
-      out.writeU16(tsig.getOther().length);
-      out.writeByteArray(tsig.getOther());
-    } else {
-      out.writeU16(0);
+    if (fullSignature) {
+      tsig.getName().toWireCanonical(out);
+      out.writeU16(tsig.dclass);
+      out.writeU32(tsig.ttl);
+      tsig.getAlgorithm().toWireCanonical(out);
+    }
+    writeTsigTimerVariables(tsig.getTimeSigned(), tsig.getFudge(), out);
+    if (fullSignature) {
+      out.writeU16(tsig.getError());
+      if (tsig.getOther() != null) {
+        out.writeU16(tsig.getOther().length);
+        out.writeByteArray(tsig.getOther());
+      } else {
+        out.writeU16(0);
+      }
     }
 
-    hmac.update(out.toByteArray());
+    byte[] tsigVariables = out.toByteArray();
+    if (log.isTraceEnabled()) {
+      log.trace(hexdump.dump("TSIG-HMAC variables", tsigVariables));
+    }
+    return tsigVariables;
+  }
 
-    byte[] signature = tsig.getSignature();
+  private int verifySignature(Mac hmac, byte[] signature) {
     int digestLength = hmac.getMacLength();
-    int minDigestLength;
-    if (hmac.getAlgorithm().toLowerCase().contains("md5")) {
-      minDigestLength = 10;
-    } else {
-      minDigestLength = digestLength / 2;
-    }
 
+    // rfc4635#section-3.1, 4.:
+    // "MAC size" field is less than the larger of 10 (octets) and half
+    // the length of the hash function in use
+    int minDigestLength = Math.max(10, digestLength / 2);
     if (signature.length > digestLength) {
-      log.debug("BADSIG: signature too long");
+      log.debug(
+          "BADSIG: signature too long, expected: {}, actual: {}", digestLength, signature.length);
       return Rcode.BADSIG;
     } else if (signature.length < minDigestLength) {
-      log.debug("BADSIG: signature too short");
+      log.debug(
+          "BADSIG: signature too short, expected: {} of {}, actual: {}",
+          minDigestLength,
+          digestLength,
+          signature.length);
       return Rcode.BADSIG;
-    } else if (!verify(hmac, signature, true)) {
-      log.debug("BADSIG: signature verification");
-      return Rcode.BADSIG;
-    }
+    } else {
+      byte[] expectedSignature = hmac.doFinal();
+      if (expectedSignature.length > algLengthMap.get(alg)) {
+        expectedSignature = Arrays.copyOfRange(expectedSignature, 0, algLengthMap.get(alg));
+      }
 
-    m.tsigState = Message.TSIG_VERIFIED;
+      if (!verify(expectedSignature, signature)) {
+        if (log.isDebugEnabled()) {
+          log.debug(
+              "BADSIG: signature verification failed, expected: {}, actual: {}",
+              base64.toString(expectedSignature),
+              base64.toString(signature));
+        }
+        return Rcode.BADSIG;
+      }
+    }
     return Rcode.NOERROR;
   }
 
-  /**
-   * Verifies a TSIG record on an incoming message. Since this is only called in the context where a
-   * TSIG is expected to be present, it is an error if one is not present. After calling this
-   * routine, Message.isVerified() may be called on this message.
-   *
-   * @param m The message
-   * @param b The message in unparsed form. This is necessary since TSIG signs the message in wire
-   *     format, and we can't recreate the exact wire format (with the same name compression).
-   * @param old If this message is a response, the TSIG from the request
-   * @return The result of the verification (as an Rcode)
-   * @see Rcode
-   */
-  public int verify(Message m, byte[] b, TSIGRecord old) {
-    return verify(m, b, b.length, old);
+  private int verifyTime(TSIGRecord tsig) {
+    Instant now = clock.instant();
+    Duration delta = Duration.between(now, tsig.getTimeSigned()).abs();
+    if (delta.compareTo(tsig.getFudge()) > 0) {
+      log.debug(
+          "BADTIME failure, now {} +/- tsig {} > fudge {}",
+          now,
+          tsig.getTimeSigned(),
+          tsig.getFudge());
+      return Rcode.BADTIME;
+    }
+    return Rcode.NOERROR;
   }
 
   /**
@@ -539,123 +855,232 @@ public int verify(Message m, byte[] b, TSIGRecord old) {
    * @see TSIGRecord
    */
   public int recordLength() {
-    return (name.length()
+    return name.length()
         + 10
         + alg.length()
-        + 8
-        + // time signed, fudge
-        18
-        + // 2 byte MAC length, 16 byte MAC
-        4
-        + // original id, error
-        8); // 2 byte error length, 6 byte max error field.
+        + 8 // time signed, fudge
+        + 2 // 2 byte MAC length
+        + algLengthMap.get(alg)
+        + 4 // original id, error
+        + 8; // 2 byte error length, 6 byte max error field.
+  }
+
+  private static void hmacAddSignature(Mac hmac, TSIGRecord tsig) {
+    byte[] signatureSize = DNSOutput.toU16(tsig.getSignature().length);
+    if (log.isTraceEnabled()) {
+      log.trace(hexdump.dump("TSIG-HMAC signature size", signatureSize));
+      log.trace(hexdump.dump("TSIG-HMAC signature", tsig.getSignature()));
+    }
+
+    hmac.update(signatureSize);
+    hmac.update(tsig.getSignature());
+  }
+
+  private static void writeTsigTimerVariables(Instant instant, Duration fudge, DNSOutput out) {
+    writeTsigTime(instant, out);
+    out.writeU16((int) fudge.getSeconds());
+  }
+
+  private static void writeTsigTime(Instant instant, DNSOutput out) {
+    long time = instant.getEpochSecond();
+    int timeHigh = (int) (time >> 32);
+    long timeLow = time & 0xFFFFFFFFL;
+    out.writeU16(timeHigh);
+    out.writeU32(timeLow);
+  }
+
+  /**
+   * A utility class for generating signed message responses.
+   *
+   * @since 3.5.3
+   */
+  public static class StreamGenerator {
+    private final TSIG key;
+    private final Mac sharedHmac;
+    private final int signEveryNthMessage;
+
+    private int numGenerated;
+    private TSIGRecord lastTsigRecord;
+
+    /**
+     * Creates an instance to sign multiple message for use in a stream.
+     *
+     * <p>This class creates a {@link TSIGRecord} on every message to conform with <a
+     * href="https://datatracker.ietf.org/doc/html/rfc8945#section-5.3.1">RFC 8945, 5.3.1</a>.
+     *
+     * @param key The TSIG key used to create the signature records.
+     * @param queryTsig The initial TSIG records, e.g. from a query to a server.
+     */
+    public StreamGenerator(TSIG key, TSIGRecord queryTsig) {
+      // The TSIG MUST be included on all DNS messages in the response.
+      this(key, queryTsig, 1);
+    }
+
+    /**
+     * This constructor is <b>only</b> for unit-testing {@link StreamVerifier} with responses where
+     * not every message is signed.
+     */
+    StreamGenerator(TSIG key, TSIGRecord queryTsig, int signEveryNthMessage) {
+      if (signEveryNthMessage < 1 || signEveryNthMessage > 100) {
+        throw new IllegalArgumentException("signEveryNthMessage must be between 1 and 100");
+      }
+
+      this.key = key;
+      this.lastTsigRecord = queryTsig;
+      this.signEveryNthMessage = signEveryNthMessage;
+      sharedHmac = this.key.initHmac();
+    }
+
+    /**
+     * Generate TSIG a signature for use of the message in a stream.
+     *
+     * @param message The message to sign.
+     */
+    public void generate(Message message) {
+      generate(message, true);
+    }
+
+    void generate(Message message, boolean isLastMessage) {
+      boolean isNthMessage = numGenerated % signEveryNthMessage == 0;
+      boolean isFirstMessage = numGenerated == 0;
+      if (isFirstMessage || isNthMessage || isLastMessage) {
+        TSIGRecord r =
+            key.generate(
+                message,
+                message.toWire(),
+                Rcode.NOERROR,
+                isFirstMessage ? lastTsigRecord : null,
+                isFirstMessage,
+                sharedHmac);
+        message.addRecord(r, Section.ADDITIONAL);
+        message.tsigState = Message.TSIG_SIGNED;
+        lastTsigRecord = r;
+        hmacAddSignature(sharedHmac, r);
+      } else {
+        byte[] responseBytes = message.toWire(Message.MAXLENGTH);
+        sharedHmac.update(responseBytes);
+      }
+
+      numGenerated++;
+    }
   }
 
+  /** A utility class for verifying multiple message responses. */
   public static class StreamVerifier {
-    /** A helper class for verifying multiple message responses. */
-    private TSIG key;
+    private final TSIG key;
+    private final Mac sharedHmac;
+    private final TSIGRecord queryTsig;
 
-    private Mac verifier;
     private int nresponses;
     private int lastsigned;
-    private TSIGRecord lastTSIG;
+
+    /** {@code null} or the detailed error when validation failed due to a {@link Rcode#FORMERR}. */
+    @Getter private String errorMessage;
 
     /** Creates an object to verify a multiple message response */
-    public StreamVerifier(TSIG tsig, TSIGRecord old) {
+    public StreamVerifier(TSIG tsig, TSIGRecord queryTsig) {
       key = tsig;
-      verifier = tsig.hmac;
+      sharedHmac = key.initHmac();
       nresponses = 0;
-      lastTSIG = old;
+      this.queryTsig = queryTsig;
     }
 
     /**
      * Verifies a TSIG record on an incoming message that is part of a multiple message response.
      * TSIG records must be present on the first and last messages, and at least every 100 records
-     * in between. After calling this routine, Message.isVerified() may be called on this message.
+     * in between. After calling this routine,{@link Message#isVerified()} may be called on this
+     * message.
+     *
+     * <p>This overload assumes that the verified message is not the last one, which is required to
+     * have a {@link TSIGRecord}. Use {@link #verify(Message, byte[], boolean)} to explicitly
+     * specify the last message or check that the message is verified with {@link
+     * Message#isVerified()}.
      *
-     * @param m The message
-     * @param b The message in unparsed form
+     * @param message The message
+     * @param messageBytes The message in unparsed form
      * @return The result of the verification (as an Rcode)
      * @see Rcode
      */
-    public int verify(Message m, byte[] b) {
-      TSIGRecord tsig = m.getTSIG();
+    public int verify(Message message, byte[] messageBytes) {
+      return verify(message, messageBytes, false);
+    }
 
+    /**
+     * Verifies a TSIG record on an incoming message that is part of a multiple message response.
+     * TSIG records must be present on the first and last messages, and at least every 100 records
+     * in between. After calling this routine, {@link Message#isVerified()} may be called on this
+     * message.
+     *
+     * @param message The message
+     * @param messageBytes The message in unparsed form
+     * @param isLastMessage If true, verifies that the {@link Message} has an {@link TSIGRecord}.
+     * @return The result of the verification (as an Rcode)
+     * @see Rcode
+     * @since 3.5.3
+     */
+    public int verify(Message message, byte[] messageBytes, boolean isLastMessage) {
+      final String warningPrefix = "FORMERR: {}";
+      TSIGRecord tsig = message.getTSIG();
+
+      // https://datatracker.ietf.org/doc/html/rfc8945#section-5.3.1
+      // [...] a client that receives DNS messages and verifies TSIG MUST accept up to 99
+      // intermediary messages without a TSIG and MUST verify that both the first and last message
+      // contain a TSIG.
       nresponses++;
-
       if (nresponses == 1) {
-        int result = key.verify(m, b, lastTSIG);
-        if (result == Rcode.NOERROR) {
-          byte[] signature = tsig.getSignature();
-          DNSOutput out = new DNSOutput();
-          out.writeU16(signature.length);
-          verifier.update(out.toByteArray());
-          verifier.update(signature);
+        if (tsig != null) {
+          int result = key.verify(message, messageBytes, queryTsig, true, sharedHmac);
+          hmacAddSignature(sharedHmac, tsig);
+          lastsigned = nresponses;
+          return result;
+        } else {
+          errorMessage = "missing required signature on first message";
+          log.debug(warningPrefix, errorMessage);
+          message.tsigState = Message.TSIG_FAILED;
+          return Rcode.FORMERR;
         }
-        lastTSIG = tsig;
-        return result;
-      }
-
-      if (tsig != null) {
-        m.getHeader().decCount(Section.ADDITIONAL);
-      }
-      byte[] header = m.getHeader().toWire();
-      if (tsig != null) {
-        m.getHeader().incCount(Section.ADDITIONAL);
       }
-      verifier.update(header);
-
-      int len;
-      if (tsig == null) {
-        len = b.length - header.length;
-      } else {
-        len = m.tsigstart - header.length;
-      }
-      verifier.update(b, header.length, len);
 
       if (tsig != null) {
+        int result = key.verify(message, messageBytes, null, false, sharedHmac);
         lastsigned = nresponses;
-        lastTSIG = tsig;
+        hmacAddSignature(sharedHmac, tsig);
+        return result;
       } else {
-        boolean required = (nresponses - lastsigned >= 100);
+        boolean required = nresponses - lastsigned >= 100;
         if (required) {
-          m.tsigState = Message.TSIG_FAILED;
+          errorMessage = "Missing required signature on message #" + nresponses;
+          log.debug(warningPrefix, errorMessage);
+          message.tsigState = Message.TSIG_FAILED;
+          return Rcode.FORMERR;
+        } else if (isLastMessage) {
+          errorMessage = "Missing required signature on last message";
+          log.debug(warningPrefix, errorMessage);
+          message.tsigState = Message.TSIG_FAILED;
           return Rcode.FORMERR;
         } else {
-          m.tsigState = Message.TSIG_INTERMEDIATE;
+          errorMessage = "Intermediate message #" + nresponses + " without signature";
+          log.debug(warningPrefix, errorMessage);
+          addUnsignedMessageToMac(message, messageBytes, sharedHmac);
           return Rcode.NOERROR;
         }
       }
+    }
 
-      if (!tsig.getName().equals(key.name) || !tsig.getAlgorithm().equals(key.alg)) {
-        log.debug("BADKEY failure");
-        m.tsigState = Message.TSIG_FAILED;
-        return Rcode.BADKEY;
+    private void addUnsignedMessageToMac(Message m, byte[] messageBytes, Mac hmac) {
+      byte[] header = m.getHeader().toWire();
+      if (log.isTraceEnabled()) {
+        log.trace(hexdump.dump("TSIG-HMAC header", header));
       }
 
-      DNSOutput out = new DNSOutput();
-      long time = tsig.getTimeSigned().getEpochSecond();
-      int timeHigh = (int) (time >> 32);
-      long timeLow = (time & 0xFFFFFFFFL);
-      out.writeU16(timeHigh);
-      out.writeU32(timeLow);
-      out.writeU16((int) tsig.getFudge().getSeconds());
-      verifier.update(out.toByteArray());
-
-      if (!TSIG.verify(verifier, tsig.getSignature())) {
-        log.debug("BADSIG failure");
-        m.tsigState = Message.TSIG_FAILED;
-        return Rcode.BADSIG;
+      hmac.update(header);
+      int len = messageBytes.length - header.length;
+      if (log.isTraceEnabled()) {
+        log.trace(hexdump.dump("TSIG-HMAC message after header", messageBytes, header.length, len));
       }
 
-      verifier.reset();
-      out = new DNSOutput();
-      out.writeU16(tsig.getSignature().length);
-      verifier.update(out.toByteArray());
-      verifier.update(tsig.getSignature());
-
-      m.tsigState = Message.TSIG_VERIFIED;
-      return Rcode.NOERROR;
+      hmac.update(messageBytes, header.length, len);
+      m.tsigState = Message.TSIG_INTERMEDIATE;
     }
   }
 }
diff --git a/src/main/java/org/xbill/DNS/TSIGRecord.java b/src/main/java/org/xbill/DNS/TSIGRecord.java
index 15da00fe3..533440e95 100644
--- a/src/main/java/org/xbill/DNS/TSIGRecord.java
+++ b/src/main/java/org/xbill/DNS/TSIGRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -5,6 +6,7 @@
 import java.io.IOException;
 import java.time.Duration;
 import java.time.Instant;
+import java.util.Date;
 import org.xbill.DNS.utils.base64;
 
 /**
@@ -13,14 +15,11 @@
  *
  * @see Resolver
  * @see TSIG
- * @see <a href="https://tools.ietf.org/html/rfc2845">RFC 2845: Secret Key Transaction
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2845">RFC 2845: Secret Key Transaction
  *     Authentication for DNS (TSIG)</a>
  * @author Brian Wellington
  */
 public class TSIGRecord extends Record {
-
-  private static final long serialVersionUID = -88820909016649306L;
-
   private Name alg;
   private Instant timeSigned;
   private Duration fudge;
@@ -31,9 +30,44 @@ public class TSIGRecord extends Record {
 
   TSIGRecord() {}
 
-  @Override
-  Record getObject() {
-    return new TSIGRecord();
+  /**
+   * Creates a TSIG Record from the given data. This is normally called by the TSIG class
+   *
+   * @param alg The shared key's algorithm
+   * @param timeSigned The time that this record was generated
+   * @param fudge The fudge factor for time - if the time that the message is received is not in the
+   *     range [now - fudge, now + fudge], the signature fails
+   * @param signature The signature
+   * @param originalID The message ID at the time of its generation
+   * @param error The extended error field. Should be 0 in queries.
+   * @param other The other data field. Currently used only in BADTIME responses.
+   * @see TSIG
+   * @deprecated use {@link #TSIGRecord(Name, int, long, Name, Instant, Duration, byte[], int, int,
+   *     byte[])}
+   */
+  @Deprecated
+  public TSIGRecord(
+      Name name,
+      int dclass,
+      long ttl,
+      Name alg,
+      Date timeSigned,
+      int fudge,
+      byte[] signature,
+      int originalID,
+      int error,
+      byte[] other) {
+    this(
+        name,
+        dclass,
+        ttl,
+        alg,
+        timeSigned.toInstant(),
+        Duration.ofSeconds(fudge),
+        signature,
+        originalID,
+        error,
+        other);
   }
 
   /**
@@ -72,7 +106,7 @@ public TSIGRecord(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     alg = new Name(in);
 
     long timeHigh = in.readU16();
@@ -96,26 +130,26 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     throw st.exception("no text format defined for TSIG");
   }
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(alg);
     sb.append(" ");
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("(\n\t");
     }
 
     sb.append(timeSigned.getEpochSecond());
     sb.append(" ");
-    sb.append(fudge);
+    sb.append((int) fudge.getSeconds());
     sb.append(" ");
     sb.append(signature.length);
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("\n");
       sb.append(base64.formatString(signature, 64, "\t", false));
     } else {
@@ -129,7 +163,7 @@ String rrToString() {
       sb.append(0);
     } else {
       sb.append(other.length);
-      if (Options.check("multiline")) {
+      if (Options.multiline()) {
         sb.append("\n\n\n\t");
       } else {
         sb.append(" ");
@@ -141,10 +175,10 @@ String rrToString() {
           long time =
               ((long) (other[0] & 0xFF) << 40)
                   + ((long) (other[1] & 0xFF) << 32)
-                  + ((other[2] & 0xFF) << 24)
+                  + ((long) (other[2] & 0xFF) << 24)
                   + ((other[3] & 0xFF) << 16)
                   + ((other[4] & 0xFF) << 8)
-                  + ((other[5] & 0xFF));
+                  + (other[5] & 0xFF);
           sb.append("<server time: ");
           sb.append(Instant.ofEpochSecond(time));
           sb.append(">");
@@ -155,7 +189,7 @@ String rrToString() {
         sb.append(">");
       }
     }
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append(" )");
     }
     return sb.toString();
@@ -197,12 +231,12 @@ public byte[] getOther() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     alg.toWire(out, null, canonical);
 
     long time = timeSigned.getEpochSecond();
     int timeHigh = (int) (time >> 32);
-    long timeLow = (time & 0xFFFFFFFFL);
+    long timeLow = time & 0xFFFFFFFFL;
     out.writeU16(timeHigh);
     out.writeU32(timeLow);
     out.writeU16((int) fudge.getSeconds());
diff --git a/src/main/java/org/xbill/DNS/TTL.java b/src/main/java/org/xbill/DNS/TTL.java
index 841ea6923..0a5c6111e 100644
--- a/src/main/java/org/xbill/DNS/TTL.java
+++ b/src/main/java/org/xbill/DNS/TTL.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -30,8 +31,9 @@ static void check(long i) {
    * @return The value as a number of seconds
    * @throws NumberFormatException The string was not in a valid TTL format.
    */
+  @SuppressWarnings("fallthrough")
   public static long parse(String s, boolean clamp) {
-    if (s == null || s.length() == 0 || !Character.isDigit(s.charAt(0))) {
+    if (s == null || s.isEmpty() || !Character.isDigit(s.charAt(0))) {
       throw new NumberFormatException();
     }
     long value = 0;
@@ -93,16 +95,15 @@ public static long parseTTL(String s) {
   public static String format(long ttl) {
     TTL.check(ttl);
     StringBuilder sb = new StringBuilder();
-    long secs, mins, hours, days, weeks;
-    secs = ttl % 60;
+    long secs = ttl % 60;
     ttl /= 60;
-    mins = ttl % 60;
+    long mins = ttl % 60;
     ttl /= 60;
-    hours = ttl % 24;
+    long hours = ttl % 24;
     ttl /= 24;
-    days = ttl % 7;
+    long days = ttl % 7;
     ttl /= 7;
-    weeks = ttl;
+    long weeks = ttl;
     if (weeks > 0) {
       sb.append(weeks).append("W");
     }
diff --git a/src/main/java/org/xbill/DNS/TXTBase.java b/src/main/java/org/xbill/DNS/TXTBase.java
index 6dd1b1440..96694b12a 100644
--- a/src/main/java/org/xbill/DNS/TXTBase.java
+++ b/src/main/java/org/xbill/DNS/TXTBase.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -14,9 +15,6 @@
  * @author Brian Wellington
  */
 abstract class TXTBase extends Record {
-
-  private static final long serialVersionUID = -4319510507246305931L;
-
   protected List<byte[]> strings;
 
   protected TXTBase() {}
@@ -47,7 +45,7 @@ protected TXTBase(Name name, int type, int dclass, long ttl, String string) {
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     strings = new ArrayList<>(2);
     while (in.remaining() > 0) {
       byte[] b = in.readCountedString();
@@ -56,7 +54,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     strings = new ArrayList<>(2);
     while (true) {
       Tokenizer.Token t = st.get();
@@ -64,7 +62,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
         break;
       }
       try {
-        strings.add(byteArrayFromString(t.value));
+        strings.add(byteArrayFromString(t.value()));
       } catch (TextParseException e) {
         throw st.exception(e.getMessage());
       }
@@ -74,7 +72,11 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** converts to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
+    if (strings.isEmpty()) {
+      // always return at least an empty quoted String
+      return "\"\"";
+    }
     StringBuilder sb = new StringBuilder();
     Iterator<byte[]> it = strings.iterator();
     while (it.hasNext()) {
@@ -110,7 +112,7 @@ public List<byte[]> getStringsAsByteArrays() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     for (byte[] b : strings) {
       out.writeCountedString(b);
     }
diff --git a/src/main/java/org/xbill/DNS/TXTRecord.java b/src/main/java/org/xbill/DNS/TXTRecord.java
index d00df7690..221555f22 100644
--- a/src/main/java/org/xbill/DNS/TXTRecord.java
+++ b/src/main/java/org/xbill/DNS/TXTRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -8,20 +9,12 @@
  * Text - stores text strings
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class TXTRecord extends TXTBase {
-
-  private static final long serialVersionUID = -5780785764284221342L;
-
   TXTRecord() {}
 
-  @Override
-  Record getObject() {
-    return new TXTRecord();
-  }
-
   /**
    * Creates a TXT Record from the given data
    *
diff --git a/src/main/java/org/xbill/DNS/TcpKeepaliveOption.java b/src/main/java/org/xbill/DNS/TcpKeepaliveOption.java
new file mode 100644
index 000000000..f9e279f03
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/TcpKeepaliveOption.java
@@ -0,0 +1,119 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.IOException;
+import java.time.Duration;
+import java.util.Optional;
+import java.util.OptionalInt;
+
+/**
+ * TCP Keepalive EDNS0 Option, as defined in https://datatracker.ietf.org/doc/html/rfc7828
+ *
+ * @see OPTRecord
+ * @author Klaus Malorny
+ */
+public class TcpKeepaliveOption extends EDNSOption {
+
+  /** the timeout */
+  private Integer timeout;
+
+  /** upper limit of the duration (exclusive) */
+  private static final Duration UPPER_LIMIT = Duration.ofMillis(6553600);
+
+  /** Constructor for an option with no timeout */
+  public TcpKeepaliveOption() {
+    super(EDNSOption.Code.TCP_KEEPALIVE);
+    timeout = null;
+  }
+
+  /**
+   * Constructor for an option with a given timeout.
+   *
+   * @param t the timeout time in 100ms units, may not be negative or larger than 65535
+   */
+  public TcpKeepaliveOption(int t) {
+    super(EDNSOption.Code.TCP_KEEPALIVE);
+    if (t < 0 || t > 65535) {
+      throw new IllegalArgumentException("timeout must be betwee 0 and 65535");
+    }
+    timeout = t;
+  }
+
+  /**
+   * Constructor for an option with a given timeout. As the timeout has a coarser granularity than
+   * the {@link Duration} class, values are rounded down.
+   *
+   * @param t the timeout time, must not be negative and must be lower than 6553.5 seconds
+   */
+  public TcpKeepaliveOption(Duration t) {
+    super(EDNSOption.Code.TCP_KEEPALIVE);
+    if (t.isNegative() || t.compareTo(UPPER_LIMIT) >= 0) {
+      throw new IllegalArgumentException(
+          "timeout must be between 0 and 6553.6 seconds (exclusively)");
+    }
+    timeout = (int) t.toMillis() / 100;
+  }
+
+  /**
+   * Returns the timeout.
+   *
+   * @return the timeout in 100ms units
+   */
+  public OptionalInt getTimeout() {
+    return timeout == null ? OptionalInt.empty() : OptionalInt.of(timeout);
+  }
+
+  /**
+   * Returns the timeout as a {@link Duration}.
+   *
+   * @return the timeout
+   */
+  public Optional<Duration> getTimeoutDuration() {
+    return timeout != null ? Optional.of(Duration.ofMillis(timeout * 100L)) : Optional.empty();
+  }
+
+  /**
+   * Converts the wire format of an EDNS Option (the option data only) into the type-specific
+   * format.
+   *
+   * @param in The input stream.
+   */
+  @Override
+  void optionFromWire(DNSInput in) throws IOException {
+    int length = in.remaining();
+
+    switch (length) {
+      case 0:
+        timeout = null;
+        break;
+      case 2:
+        timeout = in.readU16();
+        break;
+      default:
+        throw new WireParseException(
+            "invalid length (" + length + ") of the data in the edns_tcp_keepalive option");
+    }
+  }
+
+  /**
+   * Converts an EDNS Option (the type-specific option data only) into wire format.
+   *
+   * @param out The output stream.
+   */
+  @Override
+  void optionToWire(DNSOutput out) {
+    if (timeout != null) {
+      out.writeU16(timeout);
+    }
+  }
+
+  /**
+   * Returns a string representation of the option parameters.
+   *
+   * @return the string representation
+   */
+  @Override
+  String optionToString() {
+    return timeout != null ? String.valueOf(timeout) : "-";
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/TextParseException.java b/src/main/java/org/xbill/DNS/TextParseException.java
index 17d9e540e..642431146 100644
--- a/src/main/java/org/xbill/DNS/TextParseException.java
+++ b/src/main/java/org/xbill/DNS/TextParseException.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2002-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -18,4 +19,22 @@ public TextParseException() {
   public TextParseException(String s) {
     super(s);
   }
+
+  /**
+   * Create an instance with preformatted message.
+   *
+   * @since 3.5
+   */
+  public TextParseException(String name, String message) {
+    super("'" + name + "': " + message);
+  }
+
+  /**
+   * Create an instance with preformatted message and inner exception.
+   *
+   * @since 3.5
+   */
+  public TextParseException(String name, String message, Exception inner) {
+    super("'" + name + "': " + message, inner);
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/TimeoutCompletableFuture.java b/src/main/java/org/xbill/DNS/TimeoutCompletableFuture.java
new file mode 100644
index 000000000..e2ae60f64
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/TimeoutCompletableFuture.java
@@ -0,0 +1,62 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.ScheduledThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import lombok.extern.slf4j.Slf4j;
+
+/** Utility class to backport {@code orTimeout} to Java 8 with a custom implementation. */
+@Slf4j
+class TimeoutCompletableFuture<T> extends CompletableFuture<T> {
+  public CompletableFuture<T> compatTimeout(long timeout, TimeUnit unit) {
+    return compatTimeout(this, timeout, unit);
+  }
+
+  public static <T> CompletableFuture<T> compatTimeout(
+      CompletableFuture<T> f, long timeout, TimeUnit unit) {
+    if (timeout <= 0) {
+      f.completeExceptionally(new TimeoutException("timeout is " + timeout + ", but must be > 0"));
+    }
+
+    ScheduledFuture<?> sf =
+        TimeoutScheduler.executor.schedule(
+            () -> {
+              if (!f.isDone()) {
+                f.completeExceptionally(
+                    new TimeoutException(
+                        "Timeout of "
+                            + unit.toMillis(timeout)
+                            + "ms has elapsed before the task completed"));
+              }
+            },
+            timeout,
+            unit);
+    f.whenComplete(
+        (result, ex) -> {
+          if (ex == null && !sf.isDone()) {
+            sf.cancel(false);
+          }
+        });
+    return f;
+  }
+
+  private static final class TimeoutScheduler {
+    private static final ScheduledThreadPoolExecutor executor;
+
+    static {
+      executor =
+          new ScheduledThreadPoolExecutor(
+              1,
+              r -> {
+                Thread t = new Thread(r);
+                t.setDaemon(true);
+                t.setName("dnsjava AsyncSemaphoreTimeoutScheduler");
+                return t;
+              });
+      executor.setRemoveOnCancelPolicy(true);
+    }
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/Tokenizer.java b/src/main/java/org/xbill/DNS/Tokenizer.java
index 7c7342588..f2d3ae49b 100644
--- a/src/main/java/org/xbill/DNS/Tokenizer.java
+++ b/src/main/java/org/xbill/DNS/Tokenizer.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2003-2004 Brian Wellington (bwelling@xbill.org)
 //
 // Copyright (C) 2003-2004 Nominum, Inc.
@@ -37,10 +38,14 @@
  * @author Brian Wellington
  * @author Bob Halley
  */
+@SuppressWarnings({
+  "deprecated",
+  "java:S1874", // deprecated usage of type/value
+})
 public class Tokenizer implements AutoCloseable {
 
-  private static String delim = " \t\n;()\"";
-  private static String quotes = "\"";
+  private static final String DEFAULT_DELIMITERS = " \t\n;()\"";
+  private static final String QUOTES = "\"";
 
   /** End of file */
   public static final int EOF = 0;
@@ -60,37 +65,57 @@ public class Tokenizer implements AutoCloseable {
   /** A comment; only returned when wantComment is set */
   public static final int COMMENT = 5;
 
-  private PushbackInputStream is;
+  private final PushbackInputStream is;
   private boolean ungottenToken;
   private int multiline;
   private boolean quoting;
   private String delimiters;
   private Token current;
-  private StringBuffer sb;
+  private final StringBuilder sb;
   private boolean wantClose;
 
   private String filename;
   private int line;
 
   public static class Token {
-    /** The type of token. */
-    public int type;
-
-    /** The value of the token, or null for tokens without values. */
-    public String value;
-
-    private Token() {
-      type = -1;
-      value = null;
-    }
-
-    private Token set(int type, StringBuffer value) {
+    /**
+     * The type of token.
+     *
+     * @deprecated use {@link #type()}, will be made private and final in 4.0
+     */
+    @Deprecated public int type;
+
+    /**
+     * The value of the token, or null for tokens without values.
+     *
+     * @deprecated use {@link #value()}, will be made private and final in 4.0
+     */
+    @Deprecated public String value;
+
+    /**
+     * The type of token.
+     *
+     * @since 3.5.1
+     */
+    public int type() {
+      return type;
+    }
+
+    /**
+     * The value of the token, or null for tokens without values.
+     *
+     * @since 3.5.1
+     */
+    public String value() {
+      return value;
+    }
+
+    private Token(int type, StringBuilder value) {
       if (type < 0) {
         throw new IllegalArgumentException();
       }
       this.type = type;
       this.value = value == null ? null : value.toString();
-      return this;
     }
 
     /** Converts the token to a string containing a representation useful for debugging. */
@@ -116,12 +141,12 @@ public String toString() {
 
     /** Indicates whether this token contains a string. */
     public boolean isString() {
-      return (type == IDENTIFIER || type == QUOTED_STRING);
+      return type == IDENTIFIER || type == QUOTED_STRING;
     }
 
     /** Indicates whether this token contains an EOL or EOF. */
     public boolean isEOL() {
-      return (type == EOL || type == EOF);
+      return type == EOL || type == EOF;
     }
   }
 
@@ -138,9 +163,8 @@ public Tokenizer(InputStream is) {
     ungottenToken = false;
     multiline = 0;
     quoting = false;
-    delimiters = delim;
-    current = new Token();
-    sb = new StringBuffer();
+    delimiters = DEFAULT_DELIMITERS;
+    sb = new StringBuilder();
     filename = "<none>";
     line = 1;
   }
@@ -194,11 +218,9 @@ private int skipWhitespace() throws IOException {
     int skipped = 0;
     while (true) {
       int c = getChar();
-      if (c != ' ' && c != '\t') {
-        if (!(c == '\n' && multiline > 0)) {
-          ungetChar(c);
-          return skipped;
-        }
+      if (c != ' ' && c != '\t' && !(c == '\n' && multiline > 0)) {
+        ungetChar(c);
+        return skipped;
       }
       skipped++;
     }
@@ -242,7 +264,7 @@ public Token get(boolean wantWhitespace, boolean wantComment) throws IOException
     }
     int skipped = skipWhitespace();
     if (skipped > 0 && wantWhitespace) {
-      return current.set(WHITESPACE, null);
+      return setCurrentToken(WHITESPACE, null);
     }
     type = IDENTIFIER;
     sb.setLength(0);
@@ -251,11 +273,11 @@ public Token get(boolean wantWhitespace, boolean wantComment) throws IOException
       if (c == -1 || delimiters.indexOf(c) != -1) {
         if (c == -1) {
           if (quoting) {
-            throw exception("EOF in " + "quoted string");
+            throw exception("EOF in quoted string");
           } else if (sb.length() == 0) {
-            return current.set(EOF, null);
+            return setCurrentToken(EOF, null);
           } else {
-            return current.set(type, sb);
+            return setCurrentToken(type, sb);
           }
         }
         if (sb.length() == 0 && type != QUOTED_STRING) {
@@ -265,7 +287,7 @@ public Token get(boolean wantWhitespace, boolean wantComment) throws IOException
             continue;
           } else if (c == ')') {
             if (multiline <= 0) {
-              throw exception("invalid " + "close " + "parenthesis");
+              throw exception("invalid close parenthesis");
             }
             multiline--;
             skipWhitespace();
@@ -273,16 +295,16 @@ public Token get(boolean wantWhitespace, boolean wantComment) throws IOException
           } else if (c == '"') {
             if (!quoting) {
               quoting = true;
-              delimiters = quotes;
+              delimiters = QUOTES;
               type = QUOTED_STRING;
             } else {
               quoting = false;
-              delimiters = delim;
+              delimiters = DEFAULT_DELIMITERS;
               skipWhitespace();
             }
             continue;
           } else if (c == '\n') {
-            return current.set(EOL, null);
+            return setCurrentToken(EOL, null);
           } else if (c == ';') {
             while (true) {
               c = getChar();
@@ -293,16 +315,16 @@ public Token get(boolean wantWhitespace, boolean wantComment) throws IOException
             }
             if (wantComment) {
               ungetChar(c);
-              return current.set(COMMENT, sb);
+              return setCurrentToken(COMMENT, sb);
             } else if (c == -1 && type != QUOTED_STRING) {
               checkUnbalancedParens();
-              return current.set(EOF, null);
+              return setCurrentToken(EOF, null);
             } else if (multiline > 0) {
               skipWhitespace();
               sb.setLength(0);
               continue;
             } else {
-              return current.set(EOL, null);
+              return setCurrentToken(EOL, null);
             }
           } else {
             throw new IllegalStateException();
@@ -324,9 +346,14 @@ public Token get(boolean wantWhitespace, boolean wantComment) throws IOException
     }
     if (sb.length() == 0 && type != QUOTED_STRING) {
       checkUnbalancedParens();
-      return current.set(EOF, null);
+      return setCurrentToken(EOF, null);
     }
-    return current.set(type, sb);
+    return setCurrentToken(type, sb);
+  }
+
+  private Token setCurrentToken(int type, StringBuilder value) {
+    current = new Token(type, value);
+    return current;
   }
 
   /**
@@ -370,7 +397,7 @@ public String getString() throws IOException {
     return next.value;
   }
 
-  private String _getIdentifier(String expected) throws IOException {
+  private String getIdentifier(String expected) throws IOException {
     Token next = get();
     if (next.type != IDENTIFIER) {
       throw exception("expected " + expected);
@@ -387,7 +414,7 @@ private String _getIdentifier(String expected) throws IOException {
    * @throws IOException An I/O error occurred.
    */
   public String getIdentifier() throws IOException {
-    return _getIdentifier("an identifier");
+    return getIdentifier("an identifier");
   }
 
   /**
@@ -398,7 +425,7 @@ public String getIdentifier() throws IOException {
    * @throws IOException An I/O error occurred.
    */
   public long getLong() throws IOException {
-    String next = _getIdentifier("an integer");
+    String next = getIdentifier("an integer");
     if (!Character.isDigit(next.charAt(0))) {
       throw exception("expected an integer");
     }
@@ -418,7 +445,7 @@ public long getLong() throws IOException {
    */
   public long getUInt32() throws IOException {
     long l = getLong();
-    if (l < 0 || l > 0xFFFFFFFFL) {
+    if (!Utils.isUInt32(l)) {
       throw exception("expected an 32 bit unsigned integer");
     }
     return l;
@@ -433,7 +460,7 @@ public long getUInt32() throws IOException {
    */
   public int getUInt16() throws IOException {
     long l = getLong();
-    if (l < 0 || l > 0xFFFFL) {
+    if (!Utils.isUInt16(l)) {
       throw exception("expected an 16 bit unsigned integer");
     }
     return (int) l;
@@ -448,7 +475,7 @@ public int getUInt16() throws IOException {
    */
   public int getUInt8() throws IOException {
     long l = getLong();
-    if (l < 0 || l > 0xFFL) {
+    if (!Utils.isUInt8(l)) {
       throw exception("expected an 8 bit unsigned integer");
     }
     return (int) l;
@@ -463,7 +490,7 @@ public int getUInt8() throws IOException {
    * @see TTL
    */
   public long getTTL() throws IOException {
-    String next = _getIdentifier("a TTL value");
+    String next = getIdentifier("a TTL value");
     try {
       return TTL.parseTTL(next);
     } catch (NumberFormatException e) {
@@ -480,7 +507,7 @@ public long getTTL() throws IOException {
    * @see TTL
    */
   public long getTTLLike() throws IOException {
-    String next = _getIdentifier("a TTL-like value");
+    String next = getIdentifier("a TTL-like value");
     try {
       return TTL.parse(next, false);
     } catch (NumberFormatException e) {
@@ -499,7 +526,7 @@ public long getTTLLike() throws IOException {
    * @see Name
    */
   public Name getName(Name origin) throws IOException {
-    String next = _getIdentifier("a name");
+    String next = getIdentifier("a name");
     try {
       Name name = Name.fromString(next, origin);
       if (!name.isAbsolute()) {
@@ -521,12 +548,19 @@ public Name getName(Name origin) throws IOException {
    * @see Address
    */
   public byte[] getAddressBytes(int family) throws IOException {
-    String next = _getIdentifier("an address");
-    byte[] bytes = Address.toByteArray(next, family);
-    if (bytes == null) {
-      throw exception("Invalid address: " + next);
+    String next = getIdentifier("an address");
+    byte[] bytes = null;
+    if (family == IPAddressUtils.IPv4) {
+      bytes = IPAddressUtils.parseV4(next);
+    } else if (family == IPAddressUtils.IPv6) {
+      bytes = IPAddressUtils.parseV6(next);
     }
-    return bytes;
+
+    if (bytes != null) {
+      return bytes;
+    }
+
+    throw exception("Invalid address: " + next);
   }
 
   /**
@@ -539,7 +573,7 @@ public byte[] getAddressBytes(int family) throws IOException {
    * @see Address
    */
   public InetAddress getAddress(int family) throws IOException {
-    String next = _getIdentifier("an address");
+    String next = getIdentifier("an address");
     try {
       return Address.getByAddress(next, family);
     } catch (UnknownHostException e) {
@@ -562,14 +596,14 @@ public void getEOL() throws IOException {
 
   /** Returns a concatenation of the remaining strings from a Tokenizer. */
   private String remainingStrings() throws IOException {
-    StringBuffer buffer = null;
+    StringBuilder buffer = null;
     while (true) {
       Tokenizer.Token t = get();
       if (!t.isString()) {
         break;
       }
       if (buffer == null) {
-        buffer = new StringBuffer();
+        buffer = new StringBuilder();
       }
       buffer.append(t.value);
     }
@@ -668,7 +702,7 @@ public byte[] getHex() throws IOException {
    * @throws IOException An I/O error occurred.
    */
   public byte[] getHexString() throws IOException {
-    String next = _getIdentifier("a hex string");
+    String next = getIdentifier("a hex string");
     byte[] array = base16.fromString(next);
     if (array == null) {
       throw exception("invalid hex encoding");
@@ -685,7 +719,7 @@ public byte[] getHexString() throws IOException {
    * @throws IOException An I/O error occurred.
    */
   public byte[] getBase32String(base32 b32) throws IOException {
-    String next = _getIdentifier("a base32 string");
+    String next = getIdentifier("a base32 string");
     byte[] array = b32.fromString(next);
     if (array == null) {
       throw exception("invalid base32 encoding");
@@ -710,6 +744,7 @@ public void close() {
       try {
         is.close();
       } catch (IOException e) {
+        // ignore
       }
     }
   }
diff --git a/src/main/java/org/xbill/DNS/Type.java b/src/main/java/org/xbill/DNS/Type.java
index 25381c97c..34b732229 100644
--- a/src/main/java/org/xbill/DNS/Type.java
+++ b/src/main/java/org/xbill/DNS/Type.java
@@ -1,8 +1,10 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.util.HashMap;
+import java.util.function.Supplier;
 
 /**
  * Constants and functions relating to DNS Types
@@ -102,18 +104,18 @@ public final class Type {
   public static final int NXT = 30;
 
   /**
-   * Endpoint identifier
+   * DNS Resource Records for Nimrod Routing Architecture, Endpoint identifier.
    *
-   * @see <a href="https://tools.ietf.org/html/draft-ietf-nimrod-dns-00">DNS Resource Records for
-   *     Nimrod Routing Architecture</a>
+   * @see <a
+   *     href="https://datatracker.ietf.org/doc/draft-ietf-nimrod-dns/">draft-ietf-nimrod-dns</a>
    */
   public static final int EID = 31;
 
   /**
-   * Nimrod locator
+   * DNS Resource Records for Nimrod Routing Architecture, Nimrod locator.
    *
-   * @see <a href="https://tools.ietf.org/html/draft-ietf-nimrod-dns-00">DNS Resource Records for
-   *     Nimrod Routing Architecture</a>
+   * @see <a
+   *     href="https://datatracker.ietf.org/doc/draft-ietf-nimrod-dns/">draft-ietf-nimrod-dns</a>
    */
   public static final int NIMLOC = 32;
 
@@ -138,6 +140,9 @@ public final class Type {
   /** {@link DNAMERecord Non-terminal name redirection} */
   public static final int DNAME = 39;
 
+  /** Kitchen Sink (April Fools' Day RR) */
+  public static final int SINK = 40;
+
   /** {@link OPTRecord Options - contains EDNS metadata} */
   public static final int OPT = 41;
 
@@ -177,6 +182,33 @@ public final class Type {
   /** {@link SMIMEARecord S/MIME cert association} */
   public static final int SMIMEA = 53;
 
+  /** {@link HIPRecord Host Identity Protocol (HIP)} */
+  public static final int HIP = 55;
+
+  /**
+   * Zone Status (ZS).
+   *
+   * @see <a
+   *     href="https://datatracker.ietf.org/doc/html/draft-reid-dnsext-zs-01">draft-reid-dnsext-zs-01</a>
+   */
+  public static final int NINFO = 56;
+
+  /**
+   * RKEY DNS Resource Record, used for encryption of NAPTR records.
+   *
+   * @see <a
+   *     href="https://datatracker.ietf.org/doc/html/draft-reid-dnsext-zs-01">draft-reid-dnsext-rkey-01</a>
+   */
+  public static final int RKEY = 57;
+
+  /**
+   * DNSSEC Trust Anchor History Service.
+   *
+   * @see <a
+   *     href="https://datatracker.ietf.org/doc/html/draft-wijngaards-dnsop-trust-history-02">draft-wijngaards-dnsop-trust-history-02</a>
+   */
+  public static final int TALINK = 58;
+
   /** {@link CDSRecord Child Delegation Signer} */
   public static final int CDS = 59;
 
@@ -186,9 +218,59 @@ public final class Type {
   /** {@link OPENPGPKEYRecord OpenPGP Key} */
   public static final int OPENPGPKEY = 61;
 
+  /** Child-to-Parent Synchronization. */
+  public static final int CSYNC = 62;
+
+  /** Message Digest for DNS Zones. */
+  public static final int ZONEMD = 63;
+
+  /**
+   * Service Location and Parameter Binding
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc9460">RFC 9460</a>
+   */
+  public static final int SVCB = 64;
+
+  /**
+   * HTTPS Service Location and Parameter Binding
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc9460">RFC 9460</a>
+   */
+  public static final int HTTPS = 65;
+
   /** {@link SPFRecord Sender Policy Framework} */
   public static final int SPF = 99;
 
+  /** IANA-Reserved */
+  public static final int UINFO = 100;
+
+  /** IANA-Reserved */
+  public static final int UID = 101;
+
+  /** IANA-Reserved */
+  public static final int GID = 102;
+
+  /** IANA-Reserved */
+  public static final int UNSPEC = 103;
+
+  /** Node Identifier (NID). */
+  public static final int NID = 104;
+
+  /** 32-bit Locator value for ILNPv4-capable node. */
+  public static final int L32 = 105;
+
+  /** Unsigned 64-bit Locator value for ILNPv6-capable node. */
+  public static final int L64 = 106;
+
+  /** Name of a subnetwork for ILNP. */
+  public static final int LP = 107;
+
+  /** EUI-48 Address. */
+  public static final int EUI48 = 108;
+
+  /** EUI-64 Address. */
+  public static final int EUI64 = 109;
+
   /** {@link TKEYRecord Transaction key} */
   public static final int TKEY = 249;
 
@@ -204,7 +286,11 @@ public final class Type {
   /** Transfer mailbox records */
   public static final int MAILB = 253;
 
-  /** Transfer mail agent records */
+  /**
+   * mail agent RRs (obsolete)
+   *
+   * @see #MX
+   */
   public static final int MAILA = 254;
 
   /** Matches any type */
@@ -216,21 +302,49 @@ public final class Type {
   /** {@link CAARecord Certification Authority Authorization} */
   public static final int CAA = 257;
 
+  /** Application Visibility and Control */
+  public static final int AVC = 258;
+
+  /** Digital Object Architecture */
+  public static final int DOA = 259;
+
+  /** Automatic Multicast Tunneling Relay */
+  public static final int AMTRELAY = 260;
+
+  /** DNSSEC Trust Authorities */
+  public static final int TA = 32768;
+
   /** {@link DLVRecord DNSSEC Lookaside Validation} */
   public static final int DLV = 32769;
 
   private static class TypeMnemonic extends Mnemonic {
-    private HashMap<Integer, Record> objects;
+    private final HashMap<Integer, Supplier<Record>> factories;
 
     public TypeMnemonic() {
       super("Type", CASE_UPPER);
       setPrefix("TYPE");
-      objects = new HashMap<>();
+      setMaximum(0xFFFF);
+      factories = new HashMap<>();
     }
 
-    public void add(int val, String str, Record proto) {
+    public void add(int val, String str, Supplier<Record> factory) {
       super.add(val, str);
-      objects.put(val, proto);
+      factories.put(val, factory);
+    }
+
+    public void replace(int val, String str, Supplier<Record> factory) {
+      int oldVal = getValue(str);
+      if (oldVal != -1) {
+        if (oldVal != val) {
+          throw new IllegalArgumentException(
+              "mnemnonic \"" + str + "\" already used by type " + oldVal);
+        } else {
+          remove(val);
+          factories.remove(val);
+        }
+      }
+
+      add(val, str, factory);
     }
 
     @Override
@@ -238,81 +352,108 @@ public void check(int val) {
       Type.check(val);
     }
 
-    public Record getProto(int val) {
+    public Supplier<Record> getFactory(int val) {
       check(val);
-      return objects.get(val);
+      return factories.get(val);
     }
   }
 
-  private static TypeMnemonic types = new TypeMnemonic();
+  private static final TypeMnemonic types = new TypeMnemonic();
 
   static {
-    types.add(A, "A", new ARecord());
-    types.add(NS, "NS", new NSRecord());
-    types.add(MD, "MD", new MDRecord());
-    types.add(MF, "MF", new MFRecord());
-    types.add(CNAME, "CNAME", new CNAMERecord());
-    types.add(SOA, "SOA", new SOARecord());
-    types.add(MB, "MB", new MBRecord());
-    types.add(MG, "MG", new MGRecord());
-    types.add(MR, "MR", new MRRecord());
-    types.add(NULL, "NULL", new NULLRecord());
-    types.add(WKS, "WKS", new WKSRecord());
-    types.add(PTR, "PTR", new PTRRecord());
-    types.add(HINFO, "HINFO", new HINFORecord());
-    types.add(MINFO, "MINFO", new MINFORecord());
-    types.add(MX, "MX", new MXRecord());
-    types.add(TXT, "TXT", new TXTRecord());
-    types.add(RP, "RP", new RPRecord());
-    types.add(AFSDB, "AFSDB", new AFSDBRecord());
-    types.add(X25, "X25", new X25Record());
-    types.add(ISDN, "ISDN", new ISDNRecord());
-    types.add(RT, "RT", new RTRecord());
-    types.add(NSAP, "NSAP", new NSAPRecord());
-    types.add(NSAP_PTR, "NSAP-PTR", new NSAP_PTRRecord());
-    types.add(SIG, "SIG", new SIGRecord());
-    types.add(KEY, "KEY", new KEYRecord());
-    types.add(PX, "PX", new PXRecord());
-    types.add(GPOS, "GPOS", new GPOSRecord());
-    types.add(AAAA, "AAAA", new AAAARecord());
-    types.add(LOC, "LOC", new LOCRecord());
-    types.add(NXT, "NXT", new NXTRecord());
+    types.add(A, "A", ARecord::new);
+    types.add(NS, "NS", NSRecord::new);
+    types.add(MD, "MD", MDRecord::new);
+    types.add(MF, "MF", MFRecord::new);
+    types.add(CNAME, "CNAME", CNAMERecord::new);
+    types.add(SOA, "SOA", SOARecord::new);
+    types.add(MB, "MB", MBRecord::new);
+    types.add(MG, "MG", MGRecord::new);
+    types.add(MR, "MR", MRRecord::new);
+    types.add(NULL, "NULL", NULLRecord::new);
+    types.add(WKS, "WKS", WKSRecord::new);
+    types.add(PTR, "PTR", PTRRecord::new);
+    types.add(HINFO, "HINFO", HINFORecord::new);
+    types.add(MINFO, "MINFO", MINFORecord::new);
+    types.add(MX, "MX", MXRecord::new);
+    types.add(TXT, "TXT", TXTRecord::new);
+    types.add(RP, "RP", RPRecord::new);
+    types.add(AFSDB, "AFSDB", AFSDBRecord::new);
+    types.add(X25, "X25", X25Record::new);
+    types.add(ISDN, "ISDN", ISDNRecord::new);
+    types.add(RT, "RT", RTRecord::new);
+    types.add(NSAP, "NSAP", NSAPRecord::new);
+    types.add(NSAP_PTR, "NSAP-PTR", NSAP_PTRRecord::new);
+    types.add(SIG, "SIG", SIGRecord::new);
+    types.add(KEY, "KEY", KEYRecord::new);
+    types.add(PX, "PX", PXRecord::new);
+    types.add(GPOS, "GPOS", GPOSRecord::new);
+    types.add(AAAA, "AAAA", AAAARecord::new);
+    types.add(LOC, "LOC", LOCRecord::new);
+    types.add(NXT, "NXT", NXTRecord::new);
     types.add(EID, "EID");
     types.add(NIMLOC, "NIMLOC");
-    types.add(SRV, "SRV", new SRVRecord());
+    types.add(SRV, "SRV", SRVRecord::new);
     types.add(ATMA, "ATMA");
-    types.add(NAPTR, "NAPTR", new NAPTRRecord());
-    types.add(KX, "KX", new KXRecord());
-    types.add(CERT, "CERT", new CERTRecord());
-    types.add(A6, "A6", new A6Record());
-    types.add(DNAME, "DNAME", new DNAMERecord());
-    types.add(OPT, "OPT", new OPTRecord());
-    types.add(APL, "APL", new APLRecord());
-    types.add(DS, "DS", new DSRecord());
-    types.add(SSHFP, "SSHFP", new SSHFPRecord());
-    types.add(IPSECKEY, "IPSECKEY", new IPSECKEYRecord());
-    types.add(RRSIG, "RRSIG", new RRSIGRecord());
-    types.add(NSEC, "NSEC", new NSECRecord());
-    types.add(DNSKEY, "DNSKEY", new DNSKEYRecord());
-    types.add(DHCID, "DHCID", new DHCIDRecord());
-    types.add(NSEC3, "NSEC3", new NSEC3Record());
-    types.add(NSEC3PARAM, "NSEC3PARAM", new NSEC3PARAMRecord());
-    types.add(TLSA, "TLSA", new TLSARecord());
-    types.add(SMIMEA, "SMIMEA", new SMIMEARecord());
-    types.add(CDNSKEY, "CDNSKEY", new CDNSKEYRecord());
-    types.add(CDS, "CDS", new CDSRecord());
-    types.add(OPENPGPKEY, "OPENPGPKEY", new OPENPGPKEYRecord());
-    types.add(SPF, "SPF", new SPFRecord());
-    types.add(TKEY, "TKEY", new TKEYRecord());
-    types.add(TSIG, "TSIG", new TSIGRecord());
+    types.add(NAPTR, "NAPTR", NAPTRRecord::new);
+    types.add(KX, "KX", KXRecord::new);
+    types.add(CERT, "CERT", CERTRecord::new);
+    types.add(A6, "A6", A6Record::new);
+    types.add(DNAME, "DNAME", DNAMERecord::new);
+    types.add(SINK, "SINK");
+    types.add(OPT, "OPT", OPTRecord::new);
+    types.add(APL, "APL", APLRecord::new);
+    types.add(DS, "DS", DSRecord::new);
+    types.add(SSHFP, "SSHFP", SSHFPRecord::new);
+    types.add(IPSECKEY, "IPSECKEY", IPSECKEYRecord::new);
+    types.add(RRSIG, "RRSIG", RRSIGRecord::new);
+    types.add(NSEC, "NSEC", NSECRecord::new);
+    types.add(DNSKEY, "DNSKEY", DNSKEYRecord::new);
+    types.add(DHCID, "DHCID", DHCIDRecord::new);
+    types.add(NSEC3, "NSEC3", NSEC3Record::new);
+    types.add(NSEC3PARAM, "NSEC3PARAM", NSEC3PARAMRecord::new);
+    types.add(TLSA, "TLSA", TLSARecord::new);
+    types.add(SMIMEA, "SMIMEA", SMIMEARecord::new);
+
+    types.add(HIP, "HIP", HIPRecord::new);
+    types.add(NINFO, "NINFO");
+    types.add(RKEY, "RKEY");
+    types.add(TALINK, "TALINK");
+    types.add(CDS, "CDS", CDSRecord::new);
+    types.add(CDNSKEY, "CDNSKEY", CDNSKEYRecord::new);
+    types.add(OPENPGPKEY, "OPENPGPKEY", OPENPGPKEYRecord::new);
+    types.add(CSYNC, "CSYNC");
+    types.add(ZONEMD, "ZONEMD", ZoneMDRecord::new);
+    types.add(SVCB, "SVCB", SVCBRecord::new);
+    types.add(HTTPS, "HTTPS", HTTPSRecord::new);
+
+    types.add(SPF, "SPF", SPFRecord::new);
+    types.add(UINFO, "UINFO");
+    types.add(UID, "UID");
+    types.add(GID, "GID");
+    types.add(UNSPEC, "UNSPEC");
+    types.add(NID, "NID");
+    types.add(L32, "L32");
+    types.add(L64, "L64");
+    types.add(LP, "LP");
+    types.add(EUI48, "EUI48");
+    types.add(EUI64, "EUI64");
+
+    types.add(TKEY, "TKEY", TKEYRecord::new);
+    types.add(TSIG, "TSIG", TSIGRecord::new);
     types.add(IXFR, "IXFR");
     types.add(AXFR, "AXFR");
     types.add(MAILB, "MAILB");
     types.add(MAILA, "MAILA");
     types.add(ANY, "ANY");
-    types.add(URI, "URI", new URIRecord());
-    types.add(CAA, "CAA", new CAARecord());
-    types.add(DLV, "DLV", new DLVRecord());
+    types.add(URI, "URI", URIRecord::new);
+    types.add(CAA, "CAA", CAARecord::new);
+    types.add(AVC, "AVC");
+    types.add(DOA, "DOA");
+    types.add(AMTRELAY, "AMTRELAY");
+
+    types.add(TA, "TA");
+    types.add(DLV, "DLV", DLVRecord::new);
   }
 
   private Type() {}
@@ -323,11 +464,28 @@ private Type() {}
    * @throws InvalidTypeException The type is out of range.
    */
   public static void check(int val) {
-    if (val < 0 || val > 0xFFFF) {
+    if (!Utils.isUInt16(val)) {
       throw new InvalidTypeException(val);
     }
   }
 
+  /**
+   * Registers a new record type along with the respective factory. This allows the reimplementation
+   * of existing types, the implementation of new types not (yet) supported by the library or the
+   * implementation of "private use" record types. Note that the method is not synchronized and its
+   * use may interfere with the creation of records in a multi-threaded environment. The method must
+   * be used with care in order to avoid unexpected behaviour.
+   *
+   * @param val the numeric representation of the record type
+   * @param str the textual representation of the record type
+   * @param factory the factory; {@code null} may be used if there is no implementation available.
+   *     In this case, records of the type will be represented by the {@link UNKRecord} class
+   * @since 3.1
+   */
+  public static void register(int val, String str, Supplier<Record> factory) {
+    types.replace(val, str, factory);
+  }
+
   /**
    * Converts a numeric Type into a String
    *
@@ -363,8 +521,8 @@ public static int value(String s) {
     return value(s, false);
   }
 
-  static Record getProto(int val) {
-    return types.getProto(val);
+  static Supplier<Record> getFactory(int val) {
+    return types.getFactory(val);
   }
 
   /** Is this type valid for a record (a non-meta type)? */
diff --git a/src/main/java/org/xbill/DNS/TypeBitmap.java b/src/main/java/org/xbill/DNS/TypeBitmap.java
index c1fdd8a79..d827cf40b 100644
--- a/src/main/java/org/xbill/DNS/TypeBitmap.java
+++ b/src/main/java/org/xbill/DNS/TypeBitmap.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004-2009 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -16,7 +17,7 @@ final class TypeBitmap implements Serializable {
 
   private static final long serialVersionUID = -125354057735389003L;
 
-  private TreeSet<Integer> types;
+  private final TreeSet<Integer> types;
 
   private TypeBitmap() {
     types = new TreeSet<>();
@@ -32,35 +33,47 @@ public TypeBitmap(int[] array) {
 
   public TypeBitmap(DNSInput in) throws WireParseException {
     this();
-    int lastbase = -1;
+
+    // Encoding: ( Window Block # | Bitmap Length | Bitmap )+
+    int lastWindowBlockNumber = -1;
     while (in.remaining() > 0) {
+      // Validate block size, which is at least 2 bytes: block number + map length
       if (in.remaining() < 2) {
         throw new WireParseException("invalid bitmap descriptor");
       }
-      int mapbase = in.readU8();
-      if (mapbase < lastbase) {
-        throw new WireParseException("invalid ordering");
-      }
-      int maplength = in.readU8();
-      if (maplength > in.remaining()) {
-        throw new WireParseException("invalid bitmap");
-      }
-      for (int i = 0; i < maplength; i++) {
-        int current = in.readU8();
-        if (current == 0) {
-          continue;
-        }
-        for (int j = 0; j < 8; j++) {
-          if ((current & (1 << (7 - j))) == 0) {
-            continue;
+
+      int windowBlockNumber = getWindowBlockNumber(in, lastWindowBlockNumber);
+      int mapLength = getMapLength(in);
+      for (int i = 0; i < mapLength; i++) {
+        // Test each bit (of the non-zero bytes) in the bitmap for 1. If set, this is an enabled
+        // type.
+        int bitmapByte = in.readU8();
+        for (int j = 0; j < 8 && bitmapByte > 0; j++) {
+          if ((bitmapByte & (1 << (7 - j))) != 0) {
+            types.add(windowBlockNumber * 256 + i * 8 + j);
           }
-          int typecode = mapbase * 256 + +i * 8 + j;
-          types.add(typecode);
         }
       }
     }
   }
 
+  private static int getWindowBlockNumber(DNSInput in, int lastWindowBlockNumber)
+      throws WireParseException {
+    int windowBlockNumber = in.readU8();
+    if (windowBlockNumber < lastWindowBlockNumber) {
+      throw new WireParseException("invalid ordering");
+    }
+    return windowBlockNumber;
+  }
+
+  private static int getMapLength(DNSInput in) throws WireParseException {
+    int mapLength = in.readU8();
+    if (mapLength > in.remaining()) {
+      throw new WireParseException("invalid bitmap");
+    }
+    return mapLength;
+  }
+
   public TypeBitmap(Tokenizer st) throws IOException {
     this();
     while (true) {
@@ -68,9 +81,9 @@ public TypeBitmap(Tokenizer st) throws IOException {
       if (!t.isString()) {
         break;
       }
-      int typecode = Type.value(t.value);
+      int typecode = Type.value(t.value());
       if (typecode < 0) {
-        throw st.exception("Invalid type: " + t.value);
+        throw st.exception("Invalid type: " + t.value());
       }
       types.add(typecode);
     }
@@ -100,14 +113,13 @@ public String toString() {
   }
 
   private static void mapToWire(DNSOutput out, TreeSet<Integer> map, int mapbase) {
-    int arraymax = (map.last()) & 0xFF;
+    int arraymax = map.last() & 0xFF;
     int arraylength = (arraymax / 8) + 1;
     int[] array = new int[arraylength];
     out.writeU8(mapbase);
     out.writeU8(arraylength);
-    for (Integer integer : map) {
-      int typecode = integer;
-      array[(typecode & 0xFF) / 8] |= (1 << (7 - typecode % 8));
+    for (int typecode : map) {
+      array[(typecode & 0xFF) / 8] |= 1 << (7 - typecode % 8);
     }
     for (int j = 0; j < arraylength; j++) {
       out.writeU8(array[j]);
@@ -115,7 +127,7 @@ private static void mapToWire(DNSOutput out, TreeSet<Integer> map, int mapbase)
   }
 
   public void toWire(DNSOutput out) {
-    if (types.size() == 0) {
+    if (types.isEmpty()) {
       return;
     }
 
@@ -126,7 +138,7 @@ public void toWire(DNSOutput out) {
       int t = type;
       int base = t >> 8;
       if (base != mapbase) {
-        if (map.size() > 0) {
+        if (!map.isEmpty()) {
           mapToWire(out, map, mapbase);
           map.clear();
         }
diff --git a/src/main/java/org/xbill/DNS/U16NameBase.java b/src/main/java/org/xbill/DNS/U16NameBase.java
index e92df3dd5..373cf5e04 100644
--- a/src/main/java/org/xbill/DNS/U16NameBase.java
+++ b/src/main/java/org/xbill/DNS/U16NameBase.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -11,9 +12,6 @@
  * @author Brian Wellington
  */
 abstract class U16NameBase extends Record {
-
-  private static final long serialVersionUID = -8315884183112502995L;
-
   protected int u16Field;
   protected Name nameField;
 
@@ -38,19 +36,19 @@ protected U16NameBase(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     u16Field = in.readU16();
     nameField = new Name(in);
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     u16Field = st.getUInt16();
     nameField = st.getName(origin);
   }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(u16Field);
     sb.append(" ");
@@ -67,7 +65,7 @@ protected Name getNameField() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(u16Field);
     nameField.toWire(out, null, canonical);
   }
diff --git a/src/main/java/org/xbill/DNS/UDPClient.java b/src/main/java/org/xbill/DNS/UDPClient.java
deleted file mode 100644
index cedbd324b..000000000
--- a/src/main/java/org/xbill/DNS/UDPClient.java
+++ /dev/null
@@ -1,167 +0,0 @@
-// Copyright (c) 2005 Brian Wellington (bwelling@xbill.org)
-
-package org.xbill.DNS;
-
-import java.io.EOFException;
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.net.SocketAddress;
-import java.net.SocketException;
-import java.nio.ByteBuffer;
-import java.nio.channels.DatagramChannel;
-import java.nio.channels.SelectionKey;
-import java.security.SecureRandom;
-
-final class UDPClient extends Client {
-
-  private static final int EPHEMERAL_START = 1024;
-  private static final int EPHEMERAL_STOP = 65535;
-  private static final int EPHEMERAL_RANGE = EPHEMERAL_STOP - EPHEMERAL_START;
-
-  private static SecureRandom prng = new SecureRandom();
-  private static volatile boolean prng_initializing = true;
-
-  /*
-   * On some platforms (Windows), the SecureRandom module initialization involves
-   * a call to InetAddress.getLocalHost(), which can end up here if using a
-   * dnsjava name service provider.
-   *
-   * This can cause problems in multiple ways.
-   *   - If the SecureRandom seed generation process calls into here, and this
-   *     module attempts to seed the local SecureRandom object, the thread hangs.
-   *   - If something else calls InetAddress.getLocalHost(), and that causes this
-   *     module to seed the local SecureRandom object, the thread hangs.
-   *
-   * To avoid both of these, check at initialization time to see if InetAddress
-   * is in the call chain.  If so, initialize the SecureRandom object in a new
-   * thread, and disable port randomization until it completes.
-   */
-  static {
-    new Thread(
-            new Runnable() {
-              @Override
-              public void run() {
-                int n = prng.nextInt();
-                prng_initializing = false;
-              }
-            })
-        .start();
-  }
-
-  private boolean bound = false;
-
-  public UDPClient(long endTime) throws IOException {
-    super(DatagramChannel.open(), endTime);
-  }
-
-  private void bind_random(InetSocketAddress addr) {
-    if (prng_initializing) {
-      try {
-        Thread.sleep(2);
-      } catch (InterruptedException e) {
-      }
-      if (prng_initializing) {
-        return;
-      }
-    }
-
-    DatagramChannel channel = (DatagramChannel) key.channel();
-    InetSocketAddress temp;
-
-    for (int i = 0; i < 1024; i++) {
-      try {
-        int port = prng.nextInt(EPHEMERAL_RANGE) + EPHEMERAL_START;
-        if (addr != null) {
-          temp = new InetSocketAddress(addr.getAddress(), port);
-        } else {
-          temp = new InetSocketAddress(port);
-        }
-        channel.socket().bind(temp);
-        bound = true;
-        return;
-      } catch (SocketException e) {
-      }
-    }
-  }
-
-  void bind(SocketAddress addr) throws IOException {
-    if (addr == null
-        || (addr instanceof InetSocketAddress && ((InetSocketAddress) addr).getPort() == 0)) {
-      bind_random((InetSocketAddress) addr);
-      if (bound) {
-        return;
-      }
-    }
-
-    if (addr != null) {
-      DatagramChannel channel = (DatagramChannel) key.channel();
-      channel.socket().bind(addr);
-      bound = true;
-    }
-  }
-
-  void connect(SocketAddress addr) throws IOException {
-    if (!bound) {
-      bind(null);
-    }
-    DatagramChannel channel = (DatagramChannel) key.channel();
-    channel.connect(addr);
-  }
-
-  void send(byte[] data) throws IOException {
-    DatagramChannel channel = (DatagramChannel) key.channel();
-    verboseLog(
-        "UDP write",
-        channel.socket().getLocalSocketAddress(),
-        channel.socket().getRemoteSocketAddress(),
-        data);
-    channel.write(ByteBuffer.wrap(data));
-  }
-
-  byte[] recv(int max) throws IOException {
-    DatagramChannel channel = (DatagramChannel) key.channel();
-    byte[] temp = new byte[max];
-    key.interestOps(SelectionKey.OP_READ);
-    try {
-      while (!key.isReadable()) {
-        blockUntil(key, endTime);
-      }
-    } finally {
-      if (key.isValid()) {
-        key.interestOps(0);
-      }
-    }
-    long ret = channel.read(ByteBuffer.wrap(temp));
-    if (ret <= 0) {
-      throw new EOFException();
-    }
-    int len = (int) ret;
-    byte[] data = new byte[len];
-    System.arraycopy(temp, 0, data, 0, len);
-    verboseLog(
-        "UDP read",
-        channel.socket().getLocalSocketAddress(),
-        channel.socket().getRemoteSocketAddress(),
-        data);
-    return data;
-  }
-
-  static byte[] sendrecv(
-      SocketAddress local, SocketAddress remote, byte[] data, int max, long endTime)
-      throws IOException {
-    UDPClient client = new UDPClient(endTime);
-    try {
-      client.bind(local);
-      client.connect(remote);
-      client.send(data);
-      return client.recv(max);
-    } finally {
-      client.cleanup();
-    }
-  }
-
-  static byte[] sendrecv(SocketAddress addr, byte[] data, int max, long endTime)
-      throws IOException {
-    return sendrecv(null, addr, data, max, endTime);
-  }
-}
diff --git a/src/main/java/org/xbill/DNS/UNKRecord.java b/src/main/java/org/xbill/DNS/UNKRecord.java
index b409cf96d..db0e164c6 100644
--- a/src/main/java/org/xbill/DNS/UNKRecord.java
+++ b/src/main/java/org/xbill/DNS/UNKRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -11,31 +12,23 @@
  * @author Brian Wellington
  */
 public class UNKRecord extends Record {
-
-  private static final long serialVersionUID = -4193583311594626915L;
-
   private byte[] data;
 
   UNKRecord() {}
 
   @Override
-  Record getObject() {
-    return new UNKRecord();
-  }
-
-  @Override
-  void rrFromWire(DNSInput in) {
+  protected void rrFromWire(DNSInput in) {
     data = in.readByteArray();
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     throw st.exception("invalid unknown RR encoding");
   }
 
   /** Converts this Record to the String "unknown format" */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     return unknownToString(data);
   }
 
@@ -45,7 +38,7 @@ public byte[] getData() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeByteArray(data);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/URIRecord.java b/src/main/java/org/xbill/DNS/URIRecord.java
index 4256a7a28..3141f8e32 100644
--- a/src/main/java/org/xbill/DNS/URIRecord.java
+++ b/src/main/java/org/xbill/DNS/URIRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Implemented by Anthony Kirby (anthony@anthony.org)
 // based on SRVRecord.java Copyright (c) 1999-2004 Brian Wellington
 
@@ -9,25 +10,18 @@
  * Uniform Resource Identifier (URI) DNS Resource Record
  *
  * @author Anthony Kirby
- * @see <a href="https://tools.ietf.org/html/rfc7553">RFC 7553: The Uniform Resource Identifier
- *     (URI) DNS Resource Record</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7553">RFC 7553: The Uniform Resource
+ *     Identifier (URI) DNS Resource Record</a>
  */
 public class URIRecord extends Record {
-
-  private static final long serialVersionUID = 7955422413971804232L;
-
-  private int priority, weight;
+  private int priority;
+  private int weight;
   private byte[] target;
 
   URIRecord() {
     target = new byte[] {};
   }
 
-  @Override
-  Record getObject() {
-    return new URIRecord();
-  }
-
   /**
    * Creates a URI Record from the given data
    *
@@ -47,14 +41,14 @@ public URIRecord(Name name, int dclass, long ttl, int priority, int weight, Stri
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     priority = in.readU16();
     weight = in.readU16();
     target = in.readByteArray();
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     priority = st.getUInt16();
     weight = st.getUInt16();
     try {
@@ -66,7 +60,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(priority).append(" ");
     sb.append(weight).append(" ");
@@ -90,7 +84,7 @@ public String getTarget() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(priority);
     out.writeU16(weight);
     out.writeByteArray(target);
diff --git a/src/main/java/org/xbill/DNS/Update.java b/src/main/java/org/xbill/DNS/Update.java
index 3650becad..948f154bf 100644
--- a/src/main/java/org/xbill/DNS/Update.java
+++ b/src/main/java/org/xbill/DNS/Update.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2003-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -11,8 +12,8 @@
  */
 public class Update extends Message {
 
-  private Name origin;
-  private int dclass;
+  private final Name origin;
+  private final int dclass;
 
   /**
    * Creates an update message.
@@ -74,8 +75,8 @@ public void present(Name name, int type) {
    *
    * @throws IOException The record could not be parsed.
    */
-  public void present(Name name, int type, String record) throws IOException {
-    newPrereq(Record.fromString(name, type, dclass, 0, record, origin));
+  public void present(Name name, int type, String recordToCheck) throws IOException {
+    newPrereq(Record.fromString(name, type, dclass, 0, recordToCheck, origin));
   }
 
   /**
@@ -96,8 +97,8 @@ public void present(Name name, int type, Tokenizer tokenizer) throws IOException
    * and type in the update message must be identical to the set of all records with that name and
    * type on the server.
    */
-  public void present(Record record) {
-    newPrereq(record);
+  public void present(Record recordToCheck) {
+    newPrereq(recordToCheck);
   }
 
   /**
@@ -122,8 +123,8 @@ public void absent(Name name, int type) {
    *
    * @throws IOException The record could not be parsed.
    */
-  public void add(Name name, int type, long ttl, String record) throws IOException {
-    newUpdate(Record.fromString(name, type, dclass, ttl, record, origin));
+  public void add(Name name, int type, long ttl, String recordToAdd) throws IOException {
+    newUpdate(Record.fromString(name, type, dclass, ttl, recordToAdd, origin));
   }
 
   /**
@@ -137,19 +138,19 @@ public void add(Name name, int type, long ttl, Tokenizer tokenizer) throws IOExc
   }
 
   /** Indicates that the record should be inserted into the zone. */
-  public void add(Record record) {
-    newUpdate(record);
+  public void add(Record recordToAdd) {
+    newUpdate(recordToAdd);
   }
 
   /** Indicates that the records should be inserted into the zone. */
   public void add(Record[] records) {
-    for (Record record : records) {
-      add(record);
+    for (Record r : records) {
+      add(r);
     }
   }
 
-  /** Indicates that all of the records in the rrset should be inserted into the zone. */
-  public <T extends Record> void add(RRset<T> rrset) {
+  /** Indicates that all the records in the rrset should be inserted into the zone. */
+  public <T extends Record> void add(RRset rrset) {
     rrset.rrs().forEach(this::add);
   }
 
@@ -168,8 +169,8 @@ public void delete(Name name, int type) {
    *
    * @throws IOException The record could not be parsed.
    */
-  public void delete(Name name, int type, String record) throws IOException {
-    newUpdate(Record.fromString(name, type, DClass.NONE, 0, record, origin));
+  public void delete(Name name, int type, String recordToDelete) throws IOException {
+    newUpdate(Record.fromString(name, type, DClass.NONE, 0, recordToDelete, origin));
   }
 
   /**
@@ -183,19 +184,19 @@ public void delete(Name name, int type, Tokenizer tokenizer) throws IOException
   }
 
   /** Indicates that the specified record should be deleted from the zone. */
-  public void delete(Record record) {
-    newUpdate(record.withDClass(DClass.NONE, 0));
+  public void delete(Record recordToDelete) {
+    newUpdate(recordToDelete.withDClass(DClass.NONE, 0));
   }
 
   /** Indicates that the records should be deleted from the zone. */
   public void delete(Record[] records) {
-    for (Record record : records) {
-      delete(record);
+    for (Record r : records) {
+      delete(r);
     }
   }
 
   /** Indicates that all of the records in the rrset should be deleted from the zone. */
-  public <T extends Record> void delete(RRset<T> rrset) {
+  public <T extends Record> void delete(RRset rrset) {
     rrset.rrs().forEach(this::delete);
   }
 
@@ -205,9 +206,9 @@ public <T extends Record> void delete(RRset<T> rrset) {
    *
    * @throws IOException The record could not be parsed.
    */
-  public void replace(Name name, int type, long ttl, String record) throws IOException {
+  public void replace(Name name, int type, long ttl, String recordToReplace) throws IOException {
     delete(name, type);
-    add(name, type, ttl, record);
+    add(name, type, ttl, recordToReplace);
   }
 
   /**
@@ -225,9 +226,9 @@ public void replace(Name name, int type, long ttl, Tokenizer tokenizer) throws I
    * Indicates that the record should be inserted into the zone replacing any other records with the
    * same name and type.
    */
-  public void replace(Record record) {
-    delete(record.getName(), record.getType());
-    add(record);
+  public void replace(Record recordToReplace) {
+    delete(recordToReplace.getName(), recordToReplace.getType());
+    add(recordToReplace);
   }
 
   /**
@@ -235,16 +236,16 @@ public void replace(Record record) {
    * the same name and type as each one.
    */
   public void replace(Record[] records) {
-    for (Record record : records) {
-      replace(record);
+    for (Record r : records) {
+      replace(r);
     }
   }
 
   /**
-   * Indicates that all of the records in the rrset should be inserted into the zone replacing any
+   * Indicates that all the records in the rrset should be inserted into the zone replacing any
    * other records with the same name and type.
    */
-  public <T extends Record> void replace(RRset<T> rrset) {
+  public <T extends Record> void replace(RRset rrset) {
     delete(rrset.getName(), rrset.getType());
     rrset.rrs().forEach(this::add);
   }
diff --git a/src/main/java/org/xbill/DNS/Utils.java b/src/main/java/org/xbill/DNS/Utils.java
new file mode 100644
index 000000000..a968cd2ee
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/Utils.java
@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import lombok.experimental.UtilityClass;
+
+@UtilityClass
+class Utils {
+  static boolean isUInt8(int value) {
+    return value >= 0 && value <= 255;
+  }
+
+  static boolean isUInt8(long value) {
+    return value >= 0 && value <= 255;
+  }
+
+  static boolean isUInt16(int value) {
+    return value >= 0 && value <= 0xffff;
+  }
+
+  static boolean isUInt16(long value) {
+    return value >= 0 && value <= 0xffff;
+  }
+
+  static boolean isUInt32(long value) {
+    return value >= 0 && value <= 0xffffffffL;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/WKSRecord.java b/src/main/java/org/xbill/DNS/WKSRecord.java
index 2d179a4a6..104b03ece 100644
--- a/src/main/java/org/xbill/DNS/WKSRecord.java
+++ b/src/main/java/org/xbill/DNS/WKSRecord.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -13,17 +14,14 @@
  * Well Known Services - Lists services offered by this host.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class WKSRecord extends Record {
-
-  private static final long serialVersionUID = -9104259763909119805L;
-
   /**
    * IP protocol identifiers. This is basically copied out of RFC 1010.
    *
-   * @see <a href="https://tools.ietf.org/html/rfc1010">RFC 1010: Assigned Numbers</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc1010">RFC 1010: Assigned Numbers</a>
    */
   public static class Protocol {
 
@@ -155,7 +153,7 @@ private Protocol() {}
     /** WIDEBAND EXPAK */
     public static final int WB_EXPAK = 79;
 
-    private static Mnemonic protocols = new Mnemonic("IP protocol", Mnemonic.CASE_LOWER);
+    private static final Mnemonic protocols = new Mnemonic("IP protocol", Mnemonic.CASE_LOWER);
 
     static {
       protocols.setMaximum(0xFF);
@@ -466,7 +464,7 @@ private Service() {}
     /** LINK */
     public static final int LINK = 245;
 
-    private static Mnemonic services = new Mnemonic("TCP/UDP service", Mnemonic.CASE_LOWER);
+    private static final Mnemonic services = new Mnemonic("TCP/UDP service", Mnemonic.CASE_LOWER);
 
     static {
       services.setMaximum(0xFFFF);
@@ -576,11 +574,6 @@ public static int value(String s) {
 
   WKSRecord() {}
 
-  @Override
-  Record getObject() {
-    return new WKSRecord();
-  }
-
   /**
    * Creates a WKS Record from the given data
    *
@@ -605,7 +598,7 @@ public WKSRecord(
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     address = in.readByteArray(4);
     protocol = in.readU8();
     byte[] array = in.readByteArray();
@@ -625,7 +618,7 @@ void rrFromWire(DNSInput in) throws IOException {
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     String s = st.getString();
     address = Address.toByteArray(s, Address.IPv4);
     if (address == null) {
@@ -644,9 +637,9 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
       if (!t.isString()) {
         break;
       }
-      int service = Service.value(t.value);
+      int service = Service.value(t.value());
       if (service < 0) {
-        throw st.exception("Invalid TCP/UDP service: " + t.value);
+        throw st.exception("Invalid TCP/UDP service: " + t.value());
       }
       list.add(service);
     }
@@ -659,7 +652,7 @@ void rdataFromString(Tokenizer st, Name origin) throws IOException {
 
   /** Converts rdata to a String */
   @Override
-  String rrToString() {
+  protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(Address.toDottedQuad(address));
     sb.append(" ");
@@ -690,13 +683,13 @@ public int[] getServices() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeByteArray(address);
     out.writeU8(protocol);
     int highestPort = services[services.length - 1];
     byte[] array = new byte[highestPort / 8 + 1];
     for (int port : services) {
-      array[port / 8] |= (1 << (7 - port % 8));
+      array[port / 8] |= (byte) (1 << (7 - port % 8));
     }
     out.writeByteArray(array);
   }
diff --git a/src/main/java/org/xbill/DNS/WireParseException.java b/src/main/java/org/xbill/DNS/WireParseException.java
index 918864c7d..2c75e8649 100644
--- a/src/main/java/org/xbill/DNS/WireParseException.java
+++ b/src/main/java/org/xbill/DNS/WireParseException.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -20,7 +21,6 @@ public WireParseException(String s) {
   }
 
   public WireParseException(String s, Throwable cause) {
-    super(s);
-    initCause(cause);
+    super(s, cause);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/X25Record.java b/src/main/java/org/xbill/DNS/X25Record.java
index 438be9911..9b2ca5d80 100644
--- a/src/main/java/org/xbill/DNS/X25Record.java
+++ b/src/main/java/org/xbill/DNS/X25Record.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
@@ -9,21 +10,13 @@
  * associated with a name.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
  */
 public class X25Record extends Record {
-
-  private static final long serialVersionUID = 4267576252335579764L;
-
   private byte[] address;
 
   X25Record() {}
 
-  @Override
-  Record getObject() {
-    return new X25Record();
-  }
-
   private static byte[] checkAndConvertAddress(String address) {
     int length = address.length();
     byte[] out = new byte[length];
@@ -52,12 +45,12 @@ public X25Record(Name name, int dclass, long ttl, String address) {
   }
 
   @Override
-  void rrFromWire(DNSInput in) throws IOException {
+  protected void rrFromWire(DNSInput in) throws IOException {
     address = in.readCountedString();
   }
 
   @Override
-  void rdataFromString(Tokenizer st, Name origin) throws IOException {
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     String addr = st.getString();
     this.address = checkAndConvertAddress(addr);
     if (this.address == null) {
@@ -71,12 +64,12 @@ public String getAddress() {
   }
 
   @Override
-  void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeCountedString(address);
   }
 
   @Override
-  String rrToString() {
+  protected String rrToString() {
     return byteArrayToString(address, true);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/Zone.java b/src/main/java/org/xbill/DNS/Zone.java
index 0efaddca2..d323fb4d6 100644
--- a/src/main/java/org/xbill/DNS/Zone.java
+++ b/src/main/java/org/xbill/DNS/Zone.java
@@ -1,304 +1,564 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.NoSuchElementException;
-import java.util.TreeMap;
+import java.util.concurrent.ConcurrentSkipListMap;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+import java.util.function.Supplier;
+import lombok.Getter;
 
 /**
- * A DNS Zone. This encapsulates all data related to a Zone, and provides convenient lookup methods.
+ * A DNS zone. This encapsulates all data related to a zone, and provides convenient lookup methods.
+ * A zone always contains a {@link SOARecord} and at least one {@link NSRecord}.
  *
+ * @implNote This class uses a {@link java.util.concurrent.locks.ReadWriteLock} to ensure access and
+ *     manipulation is safe from multiple threads. Iterators are "weakly consistent" (see the
+ *     package info from {@code java.util.concurrent}).
  * @author Brian Wellington
  */
-public class Zone implements Serializable {
-
-  private static final long serialVersionUID = -9220510891189510942L;
-
-  /** A primary zone */
+public class Zone implements Serializable, Iterable<RRset> {
+  /** A primary zone. */
   public static final int PRIMARY = 1;
 
-  /** A secondary zone */
+  /** A secondary zone. */
   public static final int SECONDARY = 2;
 
-  private Map<Name, Object> data;
-  private Name origin;
+  private final ReentrantReadWriteLock readWriteLock = new ReentrantReadWriteLock();
+  private final ReentrantReadWriteLock.ReadLock readLock = readWriteLock.readLock();
+  private final ReentrantReadWriteLock.WriteLock writeLock = readWriteLock.writeLock();
+
+  private final Map<Name, Object> data = new ConcurrentSkipListMap<>();
+
   private Object originNode;
-  private int dclass = DClass.IN;
-  private RRset<NSRecord> NS;
-  private SOARecord SOA;
   private boolean hasWild;
 
-  class ZoneIterator implements Iterator<RRset<?>> {
-    private Iterator zentries;
-    private RRset[] current;
-    private int count;
-    private boolean wantLastSOA;
-
-    ZoneIterator(boolean axfr) {
-      synchronized (Zone.this) {
-        zentries = data.entrySet().iterator();
-      }
-      wantLastSOA = axfr;
-      RRset[] sets = allRRsets(originNode);
-      current = new RRset[sets.length];
-      for (int i = 0, j = 2; i < sets.length; i++) {
-        int type = sets[i].getType();
-        if (type == Type.SOA) {
-          current[0] = sets[i];
-        } else if (type == Type.NS) {
-          current[1] = sets[i];
-        } else {
-          current[j++] = sets[i];
-        }
-      }
-    }
+  /** Returns the zone's origin. */
+  @Getter private Name origin;
 
-    @Override
-    public boolean hasNext() {
-      return (current != null || wantLastSOA);
-    }
+  /** Returns the zone origin's {@link NSRecord NS records}. */
+  private RRset nsRRset;
 
-    @Override
-    public RRset next() {
-      if (!hasNext()) {
-        throw new NoSuchElementException();
-      }
-      if (current == null) {
-        wantLastSOA = false;
-        return oneRRset(originNode, Type.SOA);
-      }
-      RRset set = current[count++];
-      if (count == current.length) {
-        current = null;
-        while (zentries.hasNext()) {
-          Map.Entry entry = (Map.Entry) zentries.next();
-          if (entry.getKey().equals(origin)) {
-            continue;
-          }
-          RRset[] sets = allRRsets(entry.getValue());
-          if (sets.length == 0) {
-            continue;
-          }
-          current = sets;
-          count = 0;
-          break;
-        }
-      }
-      return set;
-    }
+  private SOARecord soaRecord;
 
-    @Override
-    public void remove() {
-      throw new UnsupportedOperationException();
-    }
+  /** Returns the zone's {@link DClass class}. */
+  public int getDClass() {
+    return DClass.IN;
   }
 
-  private void validate() throws IOException {
-    originNode = exactName(origin);
-    if (originNode == null) {
-      throw new IOException(origin + ": no data specified");
-    }
-
-    RRset rrset = oneRRset(originNode, Type.SOA);
-    if (rrset == null || rrset.size() != 1) {
-      throw new IOException(origin + ": exactly 1 SOA must be specified");
-    }
-    SOA = (SOARecord) rrset.rrs().get(0);
+  /** Returns the zone origin's {@link NSRecord NS records}. */
+  public RRset getNS() {
+    return withReadLock(() -> new RRset(nsRRset));
+  }
 
-    NS = oneRRset(originNode, Type.NS);
-    if (NS == null) {
-      throw new IOException(origin + ": no NS set specified");
-    }
+  /** Returns the zone's {@link SOARecord SOA record}. */
+  public SOARecord getSOA() {
+    return soaRecord;
   }
 
-  private void maybeAddRecord(Record record) throws IOException {
-    int rtype = record.getType();
-    Name name = record.getName();
+  // ------------- Constructors
 
-    if (rtype == Type.SOA && !name.equals(origin)) {
-      throw new IOException("SOA owner " + name + " does not match zone origin " + origin);
+  /**
+   * Creates a zone from the records in the specified master file.
+   *
+   * @param zone The name of the zone.
+   * @param input The master file to read from.
+   * @throws IllegalArgumentException if {@code zone} or {@code file} is {@code null}.
+   * @throws IOException if the zone file does not contain a {@link SOARecord} or no {@link
+   *     NSRecord}s.
+   * @see Master
+   * @since 3.6.2
+   */
+  public Zone(Name zone, InputStream input) throws IOException {
+    if (zone == null) {
+      throw new IllegalArgumentException("no zone name specified");
     }
-    if (name.subdomain(origin)) {
-      addRecord(record);
+
+    if (input == null) {
+      throw new IllegalArgumentException("no input stream specified");
     }
+
+    this.origin = zone;
+    fromMasterFile(new Master(input, origin));
   }
 
   /**
-   * Creates a Zone from the records in the specified master file.
+   * Creates a zone from the records in the specified master file.
    *
    * @param zone The name of the zone.
    * @param file The master file to read from.
+   * @throws IllegalArgumentException if {@code zone} or {@code file} is {@code null}.
+   * @throws IOException if the zone file does not contain a {@link SOARecord} or no {@link
+   *     NSRecord}s.
    * @see Master
    */
   public Zone(Name zone, String file) throws IOException {
-    data = new TreeMap<>();
-
     if (zone == null) {
       throw new IllegalArgumentException("no zone name specified");
     }
-    Master m = new Master(file, zone);
-    Record record;
 
-    origin = zone;
-    while ((record = m.nextRecord()) != null) {
-      maybeAddRecord(record);
+    if (file == null) {
+      throw new IllegalArgumentException("no file name specified");
     }
-    validate();
+
+    this.origin = zone;
+    fromMasterFile(new Master(file, origin));
   }
 
   /**
-   * Creates a Zone from an array of records.
+   * Creates a zone from an array of records.
    *
    * @param zone The name of the zone.
    * @param records The records to add to the zone.
+   * @throws IllegalArgumentException if {@code zone} or {@code records} is {@code null}.
+   * @throws IOException if the records do not contain a {@link SOARecord} or no {@link NSRecord}s.
    * @see Master
    */
-  public Zone(Name zone, Record[] records) throws IOException {
-    data = new TreeMap<>();
-
+  public Zone(Name zone, Record... records) throws IOException {
     if (zone == null) {
       throw new IllegalArgumentException("no zone name specified");
     }
-    origin = zone;
-    for (Record record : records) {
-      maybeAddRecord(record);
-    }
-    validate();
-  }
 
-  private void fromXFR(ZoneTransferIn xfrin) throws IOException, ZoneTransferException {
-    data = new TreeMap<>();
-
-    origin = xfrin.getName();
-    List records = xfrin.run();
-    for (Object o : records) {
-      Record record = (Record) o;
-      maybeAddRecord(record);
+    if (records == null) {
+      throw new IllegalArgumentException("no records are specified");
     }
-    if (!xfrin.isAXFR()) {
-      throw new IllegalArgumentException("zones can only be " + "created from AXFRs");
+
+    origin = zone;
+    for (Record r : records) {
+      maybeAddRecord(r);
     }
+
     validate();
   }
 
   /**
-   * Creates a Zone by doing the specified zone transfer.
+   * Creates a zone by doing the specified zone transfer.
    *
    * @param xfrin The incoming zone transfer to execute.
+   * @throws IllegalArgumentException if {@code xfrin} is {@code null}.
+   * @throws IOException if the zone does not contain a {@link SOARecord} or no {@link NSRecord}s.
    * @see ZoneTransferIn
    */
   public Zone(ZoneTransferIn xfrin) throws IOException, ZoneTransferException {
+    if (xfrin == null) {
+      throw new IllegalArgumentException("no xfrin specified");
+    }
+
     fromXFR(xfrin);
   }
 
   /**
-   * Creates a Zone by performing a zone transfer to the specified host.
+   * Creates a zone by performing a zone transfer from the specified host. This uses the default
+   * port and no {@link TSIG}. Use {@link Zone#Zone(ZoneTransferIn)} for more control.
    *
+   * @param zone The zone to transfer.
+   * @param dclass The {@link DClass} of the zone to transfer.
+   * @param remote The remote host to transfer from.
+   * @throws IllegalArgumentException if {@code zone} or {@code remote} is {@code null}.
+   * @throws IOException if the zone does not contain a {@link SOARecord} or no {@link NSRecord}s.
+   * @throws InvalidDClassException if {@code dclass} is not a valid {@link DClass}.
    * @see ZoneTransferIn
    */
   public Zone(Name zone, int dclass, String remote) throws IOException, ZoneTransferException {
+    if (zone == null) {
+      throw new IllegalArgumentException("no zone name specified");
+    }
+    DClass.check(dclass);
+
     ZoneTransferIn xfrin = ZoneTransferIn.newAXFR(zone, remote, null);
     xfrin.setDClass(dclass);
     fromXFR(xfrin);
   }
 
-  /** Returns the Zone's origin */
-  public Name getOrigin() {
-    return origin;
+  private void fromMasterFile(Master m) throws IOException {
+    try {
+      Record r;
+      while ((r = m.nextRecord()) != null) {
+        maybeAddRecord(r);
+      }
+    } finally {
+      m.close();
+    }
+    validate();
+  }
+
+  private void fromXFR(ZoneTransferIn xfrin) throws IOException, ZoneTransferException {
+    origin = xfrin.getName();
+    xfrin.run();
+    if (!xfrin.isAXFR()) {
+      throw new IllegalArgumentException("zones can only be created from AXFRs");
+    }
+
+    for (Record r : xfrin.getAXFR()) {
+      maybeAddRecord(r);
+    }
+    validate();
   }
 
-  /** Returns the Zone origin's NS records */
-  public RRset<NSRecord> getNS() {
-    return NS;
+  private void maybeAddRecord(Record r) throws IOException {
+    int rtype = r.getType();
+    Name name = r.getName();
+
+    if (rtype == Type.SOA && !name.equals(origin)) {
+      throw new IOException("SOA owner " + name + " does not match zone origin " + origin);
+    }
+
+    if (name.subdomain(origin)) {
+      addRecord(r);
+    }
   }
 
-  /** Returns the Zone's SOA record */
-  public SOARecord getSOA() {
-    return SOA;
+  private void validate() throws IOException {
+    originNode = exactName(origin);
+    if (originNode == null) {
+      throw new IOException(origin + ": no data specified");
+    }
+
+    RRset rrset = oneRRsetWithoutLock(originNode, Type.SOA);
+    if (rrset == null || rrset.size() != 1) {
+      throw new IOException(origin + ": exactly 1 SOA must be specified");
+    }
+    soaRecord = (SOARecord) rrset.first();
+
+    nsRRset = oneRRsetWithoutLock(originNode, Type.NS);
+    if (nsRRset == null) {
+      throw new IOException(origin + ": no NS set specified");
+    }
   }
 
-  /** Returns the Zone's class */
-  public int getDClass() {
-    return dclass;
+  // ------------- Iterators
+
+  /** Returns an iterator over the {@link RRset RRsets} in the zone. */
+  @Override
+  public Iterator<RRset> iterator() {
+    return new ZoneIterator(false);
+  }
+
+  /**
+   * Returns an Iterator over the {@link RRset RRsets} in the zone that can be used to construct an
+   * AXFR response. This is identical to {@link #iterator} except that the SOA is returned at the
+   * end as well as the beginning.
+   */
+  public Iterator<RRset> AXFR() {
+    return new ZoneIterator(true);
+  }
+
+  // ------------- Manipulation
+
+  /**
+   * Adds a record to the zone. If there is an existing {@link RRset} of the same {@link Name} and
+   * {@link Type}, the record is <b>added</b> to this set.
+   *
+   * @param r The record to add.
+   * @throws IllegalArgumentException if {@code name} is {@code null} or if the rrset name does not
+   *     match the zone origin.
+   */
+  public <T extends Record> void addRecord(T r) {
+    if (r == null) {
+      throw new IllegalArgumentException("r must not be null");
+    }
+
+    Name name = r.getName();
+    int rtype = r.getRRsetType();
+    int actualType = r.getType();
+
+    if (rtype == Type.SOA && !name.equals(origin)) {
+      throw new IllegalArgumentException(
+          "SOA owner " + name + " does not match zone origin " + origin);
+    }
+
+    if (!name.subdomain(origin)) {
+      throw new IllegalArgumentException(
+          "name " + name + " is absolute and not a subdomain of " + origin);
+    }
+
+    withWriteLock(
+        () -> {
+          RRset rrset = findRRsetWithoutLock(name, rtype);
+          if (rrset == null) {
+            rrset = new RRset(r);
+            addRRsetWithoutLock(name, rrset);
+          } else {
+            // Adding a SOA must replace any existing record. We validated before that the zone name
+            // didn't change
+            if (actualType == Type.SOA) {
+              rrset.deleteRR(soaRecord);
+              soaRecord = (SOARecord) r;
+            }
+
+            rrset.addRR(r);
+          }
+        });
+  }
+
+  /**
+   * Removes a record from the zone.
+   *
+   * @param r The record to remove.
+   * @throws IllegalArgumentException if {@code r} is {@code null}, if the record to remove is the
+   *     {@link SOARecord} or the last {@link NSRecord}.
+   */
+  public void removeRecord(Record r) {
+    if (r == null) {
+      throw new IllegalArgumentException("r must not be null");
+    }
+
+    Name name = r.getName();
+    int rtype = r.getRRsetType();
+
+    if (r.getType() == Type.SOA) {
+      throw new IllegalArgumentException("Cannot remove SOA record");
+    }
+
+    withWriteLock(
+        () -> {
+          RRset rrset = findRRsetWithoutLock(name, rtype);
+          if (rrset == null) {
+            // No set found, thus no record to remove
+            return;
+          }
+
+          if (rtype == Type.NS && rrset.size() == 1) {
+            throw new IllegalArgumentException("Cannot remove all NS");
+          }
+
+          if (rrset.size() + rrset.sigSize() > 1) {
+            rrset.deleteRR(r);
+          } else {
+            // Remove the set (and maybe the entire name) if the set is now empty
+            removeRRsetWithoutLock(name, rtype);
+          }
+        });
+  }
+
+  /**
+   * Adds an RRset to the zone.
+   *
+   * @implNote An existing {@link RRset} of the same {@link Name} and {@link Type} is
+   *     <b>replaced</b>.
+   * @param rrset The RRset to add.
+   * @see RRset
+   * @throws IllegalArgumentException if {@code rrset} is {@code null} or if the rrset name is not a
+   *     {@link Name#subdomain(Name) subdomain} of the zone origin (or, in case of a SOA, is not
+   *     equal to the zone origin).
+   */
+  public void addRRset(RRset rrset) {
+    if (rrset == null) {
+      throw new IllegalArgumentException("rrset must not be null");
+    }
+
+    Name name = rrset.getName();
+    int type = rrset.getType();
+    if (type == Type.SOA) {
+      if (!name.equals(origin)) {
+        throw new IllegalArgumentException(
+            "SOA owner " + name + " does not match zone origin " + origin);
+      }
+
+      if (rrset.size() != 1) {
+        throw new IllegalArgumentException(origin + ": exactly 1 SOA must be specified");
+      }
+    }
+
+    if (!name.subdomain(origin)) {
+      throw new IllegalArgumentException(
+          "name " + name + " is absolute and not a subdomain of " + origin);
+    }
+
+    withWriteLock(
+        () -> {
+          addRRsetWithoutLock(name, rrset);
+          if (type == Type.SOA) {
+            soaRecord = (SOARecord) rrset.first();
+          }
+        });
+  }
+
+  /**
+   * Removes an RRset from the zone.
+   *
+   * @param name The name to remove.
+   * @param type The type to remove.
+   * @throws IllegalArgumentException if {@code name} is {@code null}.
+   * @throws InvalidTypeException if the specified {@code type} is invalid or {@link Type#SOA} or
+   *     {@link Type#NS}.
+   * @see RRset
+   * @since 3.6
+   */
+  public void removeRRset(Name name, int type) {
+    if (name == null) {
+      throw new IllegalArgumentException("name must not be null");
+    }
+    Type.check(type);
+
+    withWriteLock(() -> removeRRsetWithoutLock(name, type));
+  }
+
+  // ------------- Search
+
+  /**
+   * Looks up Records in the zone, finding exact matches only.
+   *
+   * @param name The name to look up
+   * @param type The type to look up
+   * @return The matching RRset or {@code null} if no exact match is found.
+   * @throws IllegalArgumentException if {@code name} is {@code null}.
+   * @throws InvalidTypeException if the specified {@code type} is invalid.
+   * @see RRset
+   */
+  public RRset findExactMatch(Name name, int type) {
+    if (name == null) {
+      throw new IllegalArgumentException("name must not be null");
+    }
+    Type.check(type);
+    return withReadLock(
+        () -> {
+          RRset set = findRRsetWithoutLock(name, type);
+          if (set == null) {
+            return null;
+          }
+
+          // Create a copy to keep the thread safety guarantees and consistency
+          return new RRset(set);
+        });
+  }
+
+  /**
+   * Looks up Records in the zone. The answer can be a {@code CNAME} instead of the actual requested
+   * type and wildcards are expanded.
+   *
+   * @param name The name to look up
+   * @param type The type to look up
+   * @return A SetResponse object
+   * @throws IllegalArgumentException if {@code name} is {@code null}.
+   * @throws InvalidTypeException if the specified {@code type} is invalid.
+   * @see SetResponse
+   */
+  public SetResponse findRecords(Name name, int type) {
+    if (name == null) {
+      throw new IllegalArgumentException("name must not be null");
+    }
+    Type.check(type);
+
+    if (!name.subdomain(origin)) {
+      return SetResponse.ofType(SetResponseType.NXDOMAIN);
+    }
+
+    return withReadLock(() -> findRecordsWithoutLock(name, type));
+  }
+
+  // ----------- Internal
+  private <T> T withReadLock(Supplier<T> callable) {
+    readLock.lock();
+    try {
+      return callable.get();
+    } finally {
+      readLock.unlock();
+    }
+  }
+
+  private void withWriteLock(Runnable callable) {
+    writeLock.lock();
+    try {
+      callable.run();
+    } finally {
+      writeLock.unlock();
+    }
   }
 
-  private synchronized Object exactName(Name name) {
+  private Object exactName(Name name) {
     return data.get(name);
   }
 
-  private synchronized RRset<?>[] allRRsets(Object types) {
+  @SuppressWarnings("unchecked")
+  private List<RRset> allRRsetsWithoutLock(Object types) {
     if (types instanceof List) {
-      @SuppressWarnings("unchecked")
-      List<RRset<?>> typelist = (List<RRset<?>>) types;
-      return typelist.toArray(new RRset[0]);
+      return (List<RRset>) types;
     } else {
-      RRset set = (RRset) types;
-      return new RRset[] {set};
+      return Collections.singletonList((RRset) types);
     }
   }
 
-  private synchronized <T extends Record> RRset<T> oneRRset(Object types, int type) {
+  private RRset oneRRsetWithoutLock(Object types, int type) {
     if (type == Type.ANY) {
-      throw new IllegalArgumentException("oneRRset(ANY)");
+      throw new IllegalArgumentException("Cannot lookup an exact match for type ANY");
     }
+
     if (types instanceof List) {
       @SuppressWarnings("unchecked")
-      List<RRset<T>> list = (List<RRset<T>>) types;
-      for (RRset<T> set : list) {
+      List<RRset> list = (List<RRset>) types;
+      for (RRset set : list) {
         if (set.getType() == type) {
           return set;
         }
       }
     } else {
-      @SuppressWarnings("unchecked")
-      RRset<T> set = (RRset<T>) types;
+      RRset set = (RRset) types;
       if (set.getType() == type) {
         return set;
       }
     }
+
     return null;
   }
 
-  private synchronized <T extends Record> RRset<T> findRRset(Name name, int type) {
+  private RRset findRRsetWithoutLock(Name name, int type) {
     Object types = exactName(name);
     if (types == null) {
       return null;
     }
-    return oneRRset(types, type);
+    return oneRRsetWithoutLock(types, type);
   }
 
-  private synchronized void addRRset(Name name, RRset rrset) {
+  private void addRRsetWithoutLock(Name name, RRset rrset) {
     if (!hasWild && name.isWild()) {
       hasWild = true;
     }
+
     Object types = data.get(name);
+
+    // Nothing in the zone for this name, add the set directly
     if (types == null) {
       data.put(name, rrset);
       return;
     }
+
     int rtype = rrset.getType();
+
+    // Multiple types for this name
     if (types instanceof List) {
       @SuppressWarnings("unchecked")
       List<RRset> list = (List<RRset>) types;
       for (int i = 0; i < list.size(); i++) {
         RRset set = list.get(i);
+        // There's already a set of the specified type, replace it
         if (set.getType() == rtype) {
           list.set(i, rrset);
           return;
         }
       }
+
+      // The new type doesn't exist yet, add it
       list.add(rrset);
     } else {
+      // One type for this name
       RRset set = (RRset) types;
       if (set.getType() == rtype) {
+        // There's already a set of the specified type, replace it
         data.put(name, rrset);
       } else {
+        // Different type, replace the RRset in the map with a list
         LinkedList<RRset> list = new LinkedList<>();
         list.add(set);
         list.add(rrset);
@@ -307,52 +567,60 @@ private synchronized void addRRset(Name name, RRset rrset) {
     }
   }
 
-  private synchronized void removeRRset(Name name, int type) {
+  private void removeRRsetWithoutLock(Name name, int type) {
+    if (type == Type.SOA) {
+      throw new IllegalArgumentException("Cannot remove SOA");
+    }
+
+    if (type == Type.NS) {
+      throw new IllegalArgumentException("Cannot remove all NS");
+    }
+
     Object types = data.get(name);
+    // Nothing in the zone for this name/type
     if (types == null) {
       return;
     }
+
+    // Multiple types for this name
     if (types instanceof List) {
-      List list = (List) types;
+      @SuppressWarnings("unchecked")
+      List<RRset> list = (List<RRset>) types;
       for (int i = 0; i < list.size(); i++) {
-        RRset set = (RRset) list.get(i);
+        RRset set = list.get(i);
         if (set.getType() == type) {
+          // The type of this RRset matched, remove the set
           list.remove(i);
-          if (list.size() == 0) {
-            data.remove(name);
-          }
-          return;
+          break;
         }
       }
+
+      // No types left, remove the entire name
+      if (list.isEmpty()) {
+        data.remove(name);
+      }
     } else {
+      // One type for this name
       RRset set = (RRset) types;
       if (set.getType() != type) {
+        // Type doesn't match, nothing to remove
         return;
       }
+
+      // The only type matched, remove the entire name
       data.remove(name);
     }
   }
 
-  private synchronized SetResponse lookup(Name name, int type) {
-    int labels;
-    int olabels;
-    int tlabels;
-    RRset rrset;
-    Name tname;
-    Object types;
-    SetResponse sr;
+  private SetResponse findRecordsWithoutLock(Name name, int type) {
+    int labels = name.labels();
+    int olabels = origin.labels();
 
-    if (!name.subdomain(origin)) {
-      return SetResponse.ofType(SetResponse.NXDOMAIN);
-    }
-
-    labels = name.labels();
-    olabels = origin.labels();
-
-    for (tlabels = olabels; tlabels <= labels; tlabels++) {
-      boolean isOrigin = (tlabels == olabels);
-      boolean isExact = (tlabels == labels);
+    for (int tlabels = olabels; tlabels <= labels; tlabels++) {
+      boolean isOrigin = tlabels == olabels;
+      boolean isExact = tlabels == labels;
 
+      Name tname;
       if (isOrigin) {
         tname = origin;
       } else if (isExact) {
@@ -361,198 +629,221 @@ private synchronized SetResponse lookup(Name name, int type) {
         tname = new Name(name, labels - tlabels);
       }
 
-      types = exactName(tname);
+      Object types = exactName(tname);
       if (types == null) {
         continue;
       }
 
-      /* If this is a delegation, return that. */
+      // If this is a delegation, return that.
       if (!isOrigin) {
-        RRset<NSRecord> ns = oneRRset(types, Type.NS);
+        RRset ns = oneRRsetWithoutLock(types, Type.NS);
         if (ns != null) {
-          return new SetResponse(SetResponse.DELEGATION, ns);
+          return SetResponse.ofType(SetResponseType.DELEGATION, ns);
         }
       }
 
-      /* If this is an ANY lookup, return everything. */
+      // If this is an ANY lookup, return everything.
       if (isExact && type == Type.ANY) {
-        sr = new SetResponse(SetResponse.SUCCESSFUL);
-        RRset<?>[] sets = allRRsets(types);
-        for (RRset<?> set : sets) {
+        SetResponse sr = SetResponse.ofType(SetResponseType.SUCCESSFUL);
+        for (RRset set : allRRsetsWithoutLock(types)) {
           sr.addRRset(set);
         }
         return sr;
       }
 
-      /*
-       * If this is the name, look for the actual type or a CNAME.
-       * Otherwise, look for a DNAME.
-       */
+      // If this is the name, look for the actual type or a CNAME.
+      // Otherwise, look for a DNAME.
       if (isExact) {
-        rrset = oneRRset(types, type);
+        RRset rrset = oneRRsetWithoutLock(types, type);
         if (rrset != null) {
-          sr = new SetResponse(SetResponse.SUCCESSFUL);
-          sr.addRRset(rrset);
-          return sr;
+          return SetResponse.ofType(SetResponseType.SUCCESSFUL, rrset);
         }
-        rrset = oneRRset(types, Type.CNAME);
+        rrset = oneRRsetWithoutLock(types, Type.CNAME);
         if (rrset != null) {
-          return new SetResponse(SetResponse.CNAME, rrset);
+          return SetResponse.ofType(SetResponseType.CNAME, rrset);
         }
       } else {
-        rrset = oneRRset(types, Type.DNAME);
+        RRset rrset = oneRRsetWithoutLock(types, Type.DNAME);
         if (rrset != null) {
-          return new SetResponse(SetResponse.DNAME, rrset);
+          return SetResponse.ofType(SetResponseType.DNAME, rrset);
         }
       }
 
-      /* We found the name, but not the type. */
+      // We found the name, but not the type.
       if (isExact) {
-        return SetResponse.ofType(SetResponse.NXRRSET);
+        return SetResponse.ofType(SetResponseType.NXRRSET);
       }
     }
 
     if (hasWild) {
       for (int i = 0; i < labels - olabels; i++) {
-        tname = name.wild(i + 1);
-
-        types = exactName(tname);
+        Name tname = name.wild(i + 1);
+        Object types = exactName(tname);
         if (types == null) {
           continue;
         }
 
-        rrset = oneRRset(types, type);
-        if (rrset != null) {
-          sr = new SetResponse(SetResponse.SUCCESSFUL);
-          sr.addRRset(rrset);
+        if (type == Type.ANY) {
+          SetResponse sr = SetResponse.ofType(SetResponseType.SUCCESSFUL);
+          for (RRset set : allRRsetsWithoutLock(types)) {
+            sr.addRRset(expandSet(set, name));
+          }
           return sr;
+        } else {
+          RRset rrset = oneRRsetWithoutLock(types, type);
+          if (rrset != null) {
+            return SetResponse.ofType(SetResponseType.SUCCESSFUL, expandSet(rrset, name));
+          }
         }
       }
     }
 
-    return SetResponse.ofType(SetResponse.NXDOMAIN);
+    return SetResponse.ofType(SetResponseType.NXDOMAIN);
   }
 
-  /**
-   * Looks up Records in the Zone. This follows CNAMEs and wildcards.
-   *
-   * @param name The name to look up
-   * @param type The type to look up
-   * @return A SetResponse object
-   * @see SetResponse
-   */
-  public SetResponse findRecords(Name name, int type) {
-    return lookup(name, type);
+  private RRset expandSet(RRset set, Name tname) {
+    RRset expandedSet = new RRset();
+    for (Record r : set.rrs(false)) {
+      expandedSet.addRR(r.withName(tname));
+    }
+    for (RRSIGRecord r : set.sigs()) {
+      expandedSet.addRR(r.withName(tname));
+    }
+    return expandedSet;
   }
 
-  /**
-   * Looks up Records in the zone, finding exact matches only.
-   *
-   * @param name The name to look up
-   * @param type The type to look up
-   * @return The matching RRset
-   * @see RRset
-   */
-  public <T extends Record> RRset<T> findExactMatch(Name name, int type) {
-    Object types = exactName(name);
-    if (types == null) {
-      return null;
+  private void nodeToString(StringBuilder sb, Object node) {
+    List<RRset> sets = allRRsetsWithoutLock(node);
+    for (RRset rrset : sets) {
+      rrset.rrs(false).forEach(r -> sb.append(r).append('\n'));
+      rrset.sigs().forEach(r -> sb.append(r).append('\n'));
     }
-    return oneRRset(types, type);
   }
 
   /**
-   * Adds an RRset to the Zone
+   * Returns the contents of the zone in master file format.
    *
-   * @param rrset The RRset to be added
-   * @see RRset
+   * @see Master
    */
-  public void addRRset(RRset<?> rrset) {
-    Name name = rrset.getName();
-    addRRset(name, rrset);
+  public String toMasterFile() {
+    StringBuilder sb = new StringBuilder();
+    withReadLock(
+        () -> {
+          nodeToString(sb, originNode);
+          for (Map.Entry<Name, Object> entry : data.entrySet()) {
+            if (!origin.equals(entry.getKey())) {
+              nodeToString(sb, entry.getValue());
+            }
+          }
+          return null;
+        });
+    return sb.toString();
   }
 
   /**
-   * Adds a Record to the Zone
+   * Returns the contents of the zone as a string.
    *
-   * @param r The record to be added
-   * @see Record
+   * @see #toMasterFile
    */
-  public <T extends Record> void addRecord(T r) {
-    Name name = r.getName();
-    int rtype = r.getRRsetType();
-    synchronized (this) {
-      RRset<T> rrset = findRRset(name, rtype);
-      if (rrset == null) {
-        rrset = new RRset<>(r);
-        addRRset(name, rrset);
-      } else {
-        rrset.addRR(r);
+  @Override
+  public String toString() {
+    return toMasterFile();
+  }
+
+  class ZoneIterator implements Iterator<RRset> {
+    private final Iterator<Map.Entry<Name, Object>> zoneEntries;
+    private List<RRset> current;
+    private int index;
+    private boolean wantLastSOA;
+    private RRset returnedSet;
+    private RRset soaSet;
+
+    ZoneIterator(boolean axfr) {
+      zoneEntries = data.entrySet().iterator();
+      wantLastSOA = axfr;
+
+      // Start the iterator at origin, with SOA and NS as the first and second entries
+      // Create a copy of the RRset list to ensure that concurrent manipulation is safe
+      List<RRset> originSets =
+          withReadLock(() -> new ArrayList<>(allRRsetsWithoutLock(originNode)));
+      RRset[] sortedOriginSets = new RRset[originSets.size()];
+      current = Arrays.asList(sortedOriginSets);
+      for (int i = 0, j = 2; i < originSets.size(); i++) {
+        RRset originSet = originSets.get(i);
+        int type = originSet.getType();
+        if (type == Type.SOA) {
+          sortedOriginSets[0] = soaSet = new RRset(originSet);
+        } else if (type == Type.NS) {
+          sortedOriginSets[1] = new RRset(originSet);
+        } else {
+          sortedOriginSets[j++] = new RRset(originSet);
+        }
       }
     }
-  }
 
-  /**
-   * Removes a record from the Zone
-   *
-   * @param r The record to be removed
-   * @see Record
-   */
-  public <T extends Record> void removeRecord(T r) {
-    Name name = r.getName();
-    int rtype = r.getRRsetType();
-    synchronized (this) {
-      RRset<T> rrset = findRRset(name, rtype);
-      if (rrset == null) {
-        return;
+    @Override
+    public boolean hasNext() {
+      return current != null || wantLastSOA;
+    }
+
+    @Override
+    public RRset next() {
+      if (!hasNext()) {
+        throw new NoSuchElementException("No more elements");
       }
-      if (rrset.size() == 1 && rrset.first().equals(r)) {
-        removeRRset(name, rtype);
-      } else {
-        rrset.deleteRR(r);
+
+      // If AXFR was requested, return the SOA as the last set again
+      if (current == null) {
+        wantLastSOA = false;
+        returnedSet = soaSet;
+        return returnedSet;
       }
-    }
-  }
 
-  /** Returns an Iterator over the RRsets in the zone. */
-  public Iterator<RRset<?>> iterator() {
-    return new ZoneIterator(false);
-  }
+      // Create a copy of the RRset to prevent manipulation of the zone via the returned set
+      returnedSet = new RRset(current.get(index++));
 
-  /**
-   * Returns an Iterator over the RRsets in the zone that can be used to construct an AXFR response.
-   * This is identical to {@link #iterator} except that the SOA is returned at the end as well as
-   * the beginning.
-   */
-  public Iterator<RRset<?>> AXFR() {
-    return new ZoneIterator(true);
-  }
+      // Move to the next iterator step if there are no more sets at the current name
+      if (index == current.size()) {
+        current = null;
+        while (zoneEntries.hasNext()) {
+          Map.Entry<Name, Object> entry = zoneEntries.next();
 
-  private void nodeToString(StringBuffer sb, Object node) {
-    RRset[] sets = allRRsets(node);
-    for (RRset<?> rrset : sets) {
-      rrset.rrs().forEach(r -> sb.append(r).append('\n'));
-      rrset.sigs().forEach(r -> sb.append(r).append('\n'));
-    }
-  }
+          // Skip origin, the iterator started with it
+          if (entry.getKey().equals(origin)) {
+            continue;
+          }
 
-  /** Returns the contents of the Zone in master file format. */
-  public synchronized String toMasterFile() {
-    Iterator zentries = data.entrySet().iterator();
-    StringBuffer sb = new StringBuffer();
-    nodeToString(sb, originNode);
-    while (zentries.hasNext()) {
-      Map.Entry entry = (Map.Entry) zentries.next();
-      if (!origin.equals(entry.getKey())) {
-        nodeToString(sb, entry.getValue());
+          // Create a copy of the RRset list to ensure that concurrent manipulation is safe
+          List<RRset> sets =
+              withReadLock(() -> new ArrayList<>(allRRsetsWithoutLock(entry.getValue())));
+          if (sets.isEmpty()) {
+            // Ignore empty sets (they shouldn't exist anyway)
+            continue;
+          }
+
+          current = sets;
+          index = 0;
+          break;
+        }
       }
+
+      return returnedSet;
     }
-    return sb.toString();
-  }
 
-  /** Returns the contents of the Zone as a string (in master file format). */
-  @Override
-  public String toString() {
-    return toMasterFile();
+    /**
+     * Removes the current {@link RRset} from the zone.
+     *
+     * @throws IllegalArgumentException when there are no more elements; on attempting to remove the
+     *     SOA; when attempting to remove the NS set.
+     * @since 3.6
+     */
+    @Override
+    public void remove() {
+      if (returnedSet == null) {
+        throw new IllegalStateException("Not at an element");
+      }
+
+      withWriteLock(() -> removeRRsetWithoutLock(returnedSet.getName(), returnedSet.getType()));
+    }
   }
 }
diff --git a/src/main/java/org/xbill/DNS/ZoneMDRecord.java b/src/main/java/org/xbill/DNS/ZoneMDRecord.java
new file mode 100644
index 000000000..14e39ddbe
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/ZoneMDRecord.java
@@ -0,0 +1,223 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import lombok.Getter;
+import lombok.experimental.UtilityClass;
+import org.xbill.DNS.utils.base16;
+
+/**
+ * ZONEMD Resource record.
+ *
+ * @since 3.6
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc8976">RFC 8976</a>
+ */
+public class ZoneMDRecord extends Record {
+  /**
+   * ZONEMD Schemes.
+   *
+   * @see <a
+   *     href="https://www.iana.org/assignments/dns-parameters/dns-parameters.xml#zonemd-schemes">IANA
+   *     registry</a>
+   */
+  @UtilityClass
+  public static class Scheme {
+    /** Reserved. */
+    public static final int RESERVED = 0;
+
+    /** Simple ZONEMD collation */
+    public static final int SIMPLE = 1;
+
+    private static final Mnemonic schemes = new Mnemonic("ZONEMD Schemes", Mnemonic.CASE_UPPER);
+
+    static {
+      schemes.setMaximum(0xFF);
+      schemes.setNumericAllowed(true);
+      schemes.add(RESERVED, "RESERVED");
+      schemes.add(SIMPLE, "SIMPLE");
+    }
+
+    /** Converts an algorithm into its textual representation */
+    public static String string(int alg) {
+      return schemes.getText(alg);
+    }
+
+    /**
+     * Converts a textual representation of a scheme into its numeric code. Integers in the range
+     * 0..255 are also accepted.
+     *
+     * @param s The textual representation of the scheme.
+     * @return The algorithm code, or -1 for an unknown scheme.
+     */
+    public static int value(String s) {
+      return schemes.getValue(s);
+    }
+  }
+
+  /**
+   * ZONEMD Hash Algorithms.
+   *
+   * @see <a
+   *     href="https://www.iana.org/assignments/dns-parameters/dns-parameters.xml#zonemd-hash-algorithms">IANA
+   *     registry</a>
+   */
+  @UtilityClass
+  public static class Hash {
+    /** Reserved. */
+    public static final int RESERVED = 0;
+
+    /** SHA-384 */
+    public static final int SHA384 = 1;
+
+    /** SHA-512 */
+    public static final int SHA512 = 2;
+
+    private static final Mnemonic schemes =
+        new Mnemonic("ZONEMD Hash Algorithms", Mnemonic.CASE_UPPER);
+    private static final Map<Integer, Integer> hashLengths = new HashMap<>(2);
+
+    static {
+      schemes.setMaximum(0xFF);
+      schemes.setNumericAllowed(true);
+      schemes.add(RESERVED, "RESERVED");
+      schemes.add(SHA384, "SHA384");
+      hashLengths.put(SHA384, 48);
+      schemes.add(SHA512, "SHA512");
+      hashLengths.put(SHA512, 64);
+    }
+
+    /** Converts an algorithm into its textual representation */
+    public static String string(int alg) {
+      return schemes.getText(alg);
+    }
+
+    /**
+     * Converts a textual representation of a hash algorithm into its numeric code. Integers in the
+     * range 0..255 are also accepted.
+     *
+     * @param s The textual representation of the hash algorithm.
+     * @return The algorithm code, or -1 for an unknown hash algorithm.
+     */
+    public static int value(String s) {
+      return schemes.getValue(s);
+    }
+
+    /**
+     * Gets the length, in bytes, of the specified hash algorithm.
+     *
+     * @return The length, in bytes, or -1 for an unknown hash algorithm.
+     */
+    public static int hashLength(int hashAlgorithm) {
+      Integer len = hashLengths.get(hashAlgorithm);
+      return len == null ? -1 : len;
+    }
+  }
+
+  /**
+   * A 32-bit unsigned integer in network byte order. It is the serial number from the zone's SOA
+   * record (<a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035, Section 3.3.13]</a>)
+   * for which the zone digest was generated.
+   */
+  @Getter private long serial;
+
+  /**
+   * An 8-bit unsigned integer that identifies the methods by which data is collated and presented
+   * as input to the hashing function.
+   *
+   * @see Scheme
+   */
+  @Getter private int scheme;
+
+  /**
+   * An 8-bit unsigned integer that identifies the cryptographic hash algorithm used to construct
+   * the digest.
+   *
+   * @see Hash
+   */
+  @Getter private int hashAlgorithm;
+
+  /**
+   * A byte array containing the output of the hash algorithm. The length is determined by {@link
+   * #getHashAlgorithm()}.
+   *
+   * @see Hash
+   */
+  @Getter private byte[] digest;
+
+  ZoneMDRecord() {}
+
+  public ZoneMDRecord(
+      Name name, int dclass, long ttl, long serial, int scheme, int hashAlgorithm, byte[] digest) {
+    super(name, Type.ZONEMD, dclass, ttl);
+    this.serial = checkU32("serial", serial);
+    this.scheme = checkU8("scheme", scheme);
+    this.hashAlgorithm = checkU8("hashAlgorithm", hashAlgorithm);
+    String validateDigestSizeMessage = getDigestSizeExceptionMessage(hashAlgorithm, digest);
+    if (validateDigestSizeMessage != null) {
+      throw new IllegalArgumentException(validateDigestSizeMessage);
+    }
+    this.digest = digest;
+  }
+
+  @Override
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+    out.writeU32(serial);
+    out.writeU8(scheme);
+    out.writeU8(hashAlgorithm);
+    out.writeByteArray(digest);
+  }
+
+  @Override
+  protected void rrFromWire(DNSInput in) throws IOException {
+    serial = in.readU32();
+    scheme = in.readU8();
+    hashAlgorithm = in.readU8();
+    digest = in.readByteArray();
+    String validateDigestSizeMessage = getDigestSizeExceptionMessage(hashAlgorithm, digest);
+    if (validateDigestSizeMessage != null) {
+      throw new WireParseException(validateDigestSizeMessage);
+    }
+  }
+
+  @Override
+  protected String rrToString() {
+    String rr = serial + " " + scheme + " " + hashAlgorithm + " ";
+
+    if (Options.multiline()) {
+      rr += "(" + base16.toString(digest, 48, "\t", true);
+    } else {
+      rr += base16.toString(digest);
+    }
+    return rr;
+  }
+
+  @Override
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
+    serial = st.getUInt32();
+    scheme = st.getUInt8();
+    hashAlgorithm = st.getUInt8();
+    digest = st.getHex(true);
+    String validateDigestSizeMessage = getDigestSizeExceptionMessage(hashAlgorithm, digest);
+    if (validateDigestSizeMessage != null) {
+      throw st.exception(validateDigestSizeMessage);
+    }
+  }
+
+  private String getDigestSizeExceptionMessage(int hashAlgorithm, byte[] digest) {
+    int len = Hash.hashLength(hashAlgorithm);
+    if (len != -1 && len != digest.length) {
+      return "Digest size for "
+          + Hash.string(hashAlgorithm)
+          + " be exactly "
+          + Hash.hashLength(hashAlgorithm)
+          + " bytes, got "
+          + digest.length;
+    } else if (digest.length < 12) {
+      return "Digest size must be at least 12 bytes, got " + digest.length;
+    }
+
+    return null;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/ZoneTransferException.java b/src/main/java/org/xbill/DNS/ZoneTransferException.java
index 087aedc27..7620c0f8b 100644
--- a/src/main/java/org/xbill/DNS/ZoneTransferException.java
+++ b/src/main/java/org/xbill/DNS/ZoneTransferException.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2003-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS;
diff --git a/src/main/java/org/xbill/DNS/ZoneTransferIn.java b/src/main/java/org/xbill/DNS/ZoneTransferIn.java
index 1ae574710..eb90c5a28 100644
--- a/src/main/java/org/xbill/DNS/ZoneTransferIn.java
+++ b/src/main/java/org/xbill/DNS/ZoneTransferIn.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2003-2004 Brian Wellington (bwelling@xbill.org)
 // Parts of this are derived from lib/dns/xfrin.c from BIND 9; its copyright
 // notice follows.
@@ -24,7 +25,7 @@
 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
-import java.net.UnknownHostException;
+import java.time.Duration;
 import java.util.ArrayList;
 import java.util.List;
 import lombok.extern.slf4j.Slf4j;
@@ -48,24 +49,24 @@ public class ZoneTransferIn {
   private static final int AXFR = 6;
   private static final int END = 7;
 
-  private Name zname;
+  private final Name zname;
   private int qtype;
   private int dclass;
-  private long ixfr_serial;
-  private boolean want_fallback;
+  private final long ixfrSerial;
+  private final boolean wantFallback;
   private ZoneTransferHandler handler;
 
   private SocketAddress localAddress;
-  private SocketAddress address;
+  private final SocketAddress address;
   private TCPClient client;
-  private TSIG tsig;
+  private final TSIG tsig;
   private TSIG.StreamVerifier verifier;
-  private long timeout = 900 * 1000;
+  private Duration timeout = Duration.ofMinutes(15);
 
   private int state;
-  private long end_serial;
-  private long current_serial;
-  private Record initialsoa;
+  private long endSerial;
+  private long currentSerial;
+  private Record initialSoaRecord;
 
   private int rtype;
 
@@ -154,7 +155,7 @@ public void startIXFRAdds(Record soa) {
     public void handleRecord(Record r) {
       if (ixfr != null) {
         Delta delta = ixfr.get(ixfr.size() - 1);
-        if (delta.adds.size() > 0) {
+        if (!delta.adds.isEmpty()) {
           delta.adds.add(r);
         } else {
           delta.deletes.add(r);
@@ -165,9 +166,7 @@ public void handleRecord(Record r) {
     }
   }
 
-  private ZoneTransferIn() {}
-
-  private ZoneTransferIn(
+  ZoneTransferIn(
       Name zone, int xfrtype, long serial, boolean fallback, SocketAddress address, TSIG key) {
     this.address = address;
     this.tsig = key;
@@ -177,13 +176,13 @@ private ZoneTransferIn(
       try {
         zname = Name.concatenate(zone, Name.root);
       } catch (NameTooLongException e) {
-        throw new IllegalArgumentException("ZoneTransferIn: " + "name too long");
+        throw new IllegalArgumentException("ZoneTransferIn: name too long");
       }
     }
     qtype = xfrtype;
     dclass = DClass.IN;
-    ixfr_serial = serial;
-    want_fallback = fallback;
+    ixfrSerial = serial;
+    wantFallback = fallback;
     state = INITIALSOA;
   }
 
@@ -270,10 +269,9 @@ public static ZoneTransferIn newIXFR(
    * @param host The host from which to transfer the zone.
    * @param key The TSIG key used to authenticate the transfer, or null.
    * @return The ZoneTransferIn object.
-   * @throws UnknownHostException The host does not exist.
    */
   public static ZoneTransferIn newIXFR(
-      Name zone, long serial, boolean fallback, String host, TSIG key) throws UnknownHostException {
+      Name zone, long serial, boolean fallback, String host, TSIG key) {
     return newIXFR(zone, serial, fallback, host, 0, key);
   }
 
@@ -291,12 +289,23 @@ public int getType() {
    * Sets a timeout on this zone transfer. The default is 900 seconds (15 minutes).
    *
    * @param secs The maximum amount of time that this zone transfer can take.
+   * @deprecated use {@link #setTimeout(Duration)}
    */
+  @Deprecated
   public void setTimeout(int secs) {
     if (secs < 0) {
-      throw new IllegalArgumentException("timeout cannot be " + "negative");
+      throw new IllegalArgumentException("timeout cannot be negative");
     }
-    timeout = 1000L * secs;
+    timeout = Duration.ofSeconds(secs);
+  }
+
+  /**
+   * Sets a timeout on this zone transfer. The default is 900 seconds (15 minutes).
+   *
+   * @param t The maximum amount of time that this zone transfer can take.
+   */
+  public void setTimeout(Duration t) {
+    timeout = t;
   }
 
   /**
@@ -319,14 +328,17 @@ public void setLocalAddress(SocketAddress addr) {
   }
 
   private void openConnection() throws IOException {
-    long endTime = System.currentTimeMillis() + timeout;
-    client = new TCPClient(endTime);
+    client = createTcpClient(timeout);
     if (localAddress != null) {
       client.bind(localAddress);
     }
     client.connect(address);
   }
 
+  TCPClient createTcpClient(Duration timeout) throws IOException {
+    return new TCPClient(timeout);
+  }
+
   private void sendQuery() throws IOException {
     Record question = Record.newRecord(zname, qtype, dclass);
 
@@ -334,7 +346,7 @@ private void sendQuery() throws IOException {
     query.getHeader().setOpcode(Opcode.QUERY);
     query.addRecord(question, Section.QUESTION);
     if (qtype == Type.IXFR) {
-      Record soa = new SOARecord(zname, dclass, 0, Name.root, Name.root, ixfr_serial, 0, 0, 0, 0);
+      Record soa = new SOARecord(zname, dclass, 0, Name.root, Name.root, ixfrSerial, 0, 0, 0, 0);
       query.addRecord(soa, Section.AUTHORITY);
     }
     if (tsig != null) {
@@ -359,7 +371,7 @@ private void fail(String s) throws ZoneTransferException {
   }
 
   private void fallback() throws ZoneTransferException {
-    if (!want_fallback) {
+    if (!wantFallback) {
       fail("server doesn't support IXFR");
     }
 
@@ -370,18 +382,17 @@ private void fallback() throws ZoneTransferException {
 
   private void parseRR(Record rec) throws ZoneTransferException {
     int type = rec.getType();
-    Delta delta;
 
     switch (state) {
       case INITIALSOA:
         if (type != Type.SOA) {
           fail("missing initial SOA");
         }
-        initialsoa = rec;
+        initialSoaRecord = rec;
         // Remember the serial number in the initial SOA; we need it
         // to recognize the end of an IXFR.
-        end_serial = getSOASerial(rec);
-        if (qtype == Type.IXFR && Serial.compare(end_serial, ixfr_serial) <= 0) {
+        endSerial = getSOASerial(rec);
+        if (qtype == Type.IXFR && Serial.compare(endSerial, ixfrSerial) <= 0) {
           logxfr("up to date");
           state = END;
           break;
@@ -392,7 +403,7 @@ private void parseRR(Record rec) throws ZoneTransferException {
       case FIRSTDATA:
         // If the transfer begins with 1 SOA, it's an AXFR.
         // If it begins with 2 SOAs, it's an IXFR.
-        if (qtype == Type.IXFR && type == Type.SOA && getSOASerial(rec) == ixfr_serial) {
+        if (qtype == Type.IXFR && type == Type.SOA && getSOASerial(rec) == ixfrSerial) {
           rtype = Type.IXFR;
           handler.startIXFR();
           logxfr("got incremental response");
@@ -400,7 +411,7 @@ private void parseRR(Record rec) throws ZoneTransferException {
         } else {
           rtype = Type.AXFR;
           handler.startAXFR();
-          handler.handleRecord(initialsoa);
+          handler.handleRecord(initialSoaRecord);
           logxfr("got nonincremental response");
           state = AXFR;
         }
@@ -414,7 +425,7 @@ private void parseRR(Record rec) throws ZoneTransferException {
 
       case IXFR_DEL:
         if (type == Type.SOA) {
-          current_serial = getSOASerial(rec);
+          currentSerial = getSOASerial(rec);
           state = IXFR_ADDSOA;
           parseRR(rec); // Restart...
           return;
@@ -430,11 +441,11 @@ private void parseRR(Record rec) throws ZoneTransferException {
       case IXFR_ADD:
         if (type == Type.SOA) {
           long soa_serial = getSOASerial(rec);
-          if (soa_serial == end_serial) {
+          if (soa_serial == endSerial) {
             state = END;
             break;
-          } else if (soa_serial != current_serial) {
-            fail("IXFR out of sync: expected serial " + current_serial + " , got " + soa_serial);
+          } else if (soa_serial != currentSerial) {
+            fail("IXFR out of sync: expected serial " + currentSerial + " , got " + soa_serial);
           } else {
             state = IXFR_DELSOA;
             parseRR(rec); // Restart...
@@ -468,9 +479,10 @@ private void parseRR(Record rec) throws ZoneTransferException {
   private void closeConnection() {
     try {
       if (client != null) {
-        client.cleanup();
+        client.close();
       }
     } catch (IOException e) {
+      // Ignore
     }
   }
 
@@ -481,7 +493,7 @@ private Message parseMessage(byte[] b) throws WireParseException {
       if (e instanceof WireParseException) {
         throw (WireParseException) e;
       }
-      throw new WireParseException("Error parsing message");
+      throw new WireParseException("Error parsing message", e);
     }
   }
 
@@ -490,17 +502,24 @@ private void doxfr() throws IOException, ZoneTransferException {
     while (state != END) {
       byte[] in = client.recv();
       Message response = parseMessage(in);
+      List<Record> answers = response.getSection(Section.ANSWER);
       if (response.getHeader().getRcode() == Rcode.NOERROR && verifier != null) {
-        TSIGRecord tsigrec = response.getTSIG();
-
-        int error = verifier.verify(response, in);
+        int error =
+            verifier.verify(response, in, answers.get(answers.size() - 1).getType() == Type.SOA);
         if (error != Rcode.NOERROR) {
-          fail("TSIG failure");
+          if (verifier.getErrorMessage() != null) {
+            fail(
+                "TSIG failure: "
+                    + Rcode.TSIGstring(error)
+                    + " ("
+                    + verifier.getErrorMessage()
+                    + ")");
+          } else {
+            fail("TSIG failure: " + Rcode.TSIGstring(error));
+          }
         }
       }
 
-      Record[] answers = response.getSectionArray(Section.ANSWER);
-
       if (state == INITIALSOA) {
         int rcode = response.getRcode();
         if (rcode != Rcode.NOERROR) {
@@ -517,7 +536,7 @@ private void doxfr() throws IOException, ZoneTransferException {
           fail("invalid question section");
         }
 
-        if (answers.length == 0 && qtype == Type.IXFR) {
+        if (answers.isEmpty() && qtype == Type.IXFR) {
           fallback();
           doxfr();
           return;
@@ -527,10 +546,6 @@ private void doxfr() throws IOException, ZoneTransferException {
       for (Record answer : answers) {
         parseRR(answer);
       }
-
-      if (state == END && verifier != null && !response.isVerified()) {
-        fail("last message must be signed");
-      }
     }
   }
 
@@ -553,29 +568,23 @@ public void run(ZoneTransferHandler handler) throws IOException, ZoneTransferExc
   }
 
   /**
-   * Does the zone transfer.
+   * Does the zone transfer using an internal handler. Results can be obtained by calling {@link
+   * #getAXFR()} or getIXFR
    *
-   * @return A list, which is either an AXFR-style response (List of Records), and IXFR-style
-   *     response (List of Deltas), or null, which indicates that an IXFR was performed and the zone
-   *     is up to date.
    * @throws IOException The zone transfer failed to due an IO problem.
    * @throws ZoneTransferException The zone transfer failed to due a problem with the zone transfer
    *     itself.
    */
-  public List run() throws IOException, ZoneTransferException {
-    BasicHandler handler = new BasicHandler();
-    run(handler);
-    if (handler.axfr != null) {
-      return handler.axfr;
-    }
-    return handler.ixfr;
+  public void run() throws IOException, ZoneTransferException {
+    BasicHandler basicHandler = new BasicHandler();
+    run(basicHandler);
   }
 
   private BasicHandler getBasicHandler() throws IllegalArgumentException {
     if (handler instanceof BasicHandler) {
       return (BasicHandler) handler;
     }
-    throw new IllegalArgumentException("ZoneTransferIn used callback " + "interface");
+    throw new IllegalArgumentException("ZoneTransferIn used callback interface");
   }
 
   /**
@@ -584,7 +593,7 @@ private BasicHandler getBasicHandler() throws IllegalArgumentException {
    * transfer, or an IXFR failed and fallback to AXFR occurred.
    */
   public boolean isAXFR() {
-    return (rtype == Type.AXFR);
+    return rtype == Type.AXFR;
   }
 
   /**
@@ -593,9 +602,9 @@ public boolean isAXFR() {
    * @throws IllegalArgumentException The transfer used the callback interface, so the response was
    *     not stored.
    */
-  public List getAXFR() {
-    BasicHandler handler = getBasicHandler();
-    return handler.axfr;
+  public List<Record> getAXFR() {
+    BasicHandler basicHandler = getBasicHandler();
+    return basicHandler.axfr;
   }
 
   /**
@@ -603,7 +612,7 @@ public List getAXFR() {
    * if an IXFR was performed and the server provided an incremental zone transfer.
    */
   public boolean isIXFR() {
-    return (rtype == Type.IXFR);
+    return rtype == Type.IXFR;
   }
 
   /**
@@ -612,9 +621,9 @@ public boolean isIXFR() {
    * @throws IllegalArgumentException The transfer used the callback interface, so the response was
    *     not stored.
    */
-  public List getIXFR() {
-    BasicHandler handler = getBasicHandler();
-    return handler.ixfr;
+  public List<Delta> getIXFR() {
+    BasicHandler basicHandler = getBasicHandler();
+    return basicHandler.ixfr;
   }
 
   /**
@@ -625,7 +634,7 @@ public List getIXFR() {
    *     not stored.
    */
   public boolean isCurrent() {
-    BasicHandler handler = getBasicHandler();
-    return (handler.axfr == null && handler.ixfr == null);
+    BasicHandler basicHandler = getBasicHandler();
+    return basicHandler.axfr == null && basicHandler.ixfr == null;
   }
 }
diff --git a/src/main/java/org/xbill/DNS/config/AndroidResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/AndroidResolverConfigProvider.java
new file mode 100644
index 000000000..c78f10a9a
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/config/AndroidResolverConfigProvider.java
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.config;
+
+import android.content.Context;
+import android.net.ConnectivityManager;
+import android.net.LinkProperties;
+import android.net.Network;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.ResolverConfig;
+import org.xbill.DNS.SimpleResolver;
+
+/**
+ * Resolver config provider for Android. Contrary to all other providers, this provider needs a
+ * context to operate on which must be set by calling {@link #setContext(Context)}.
+ *
+ * <p>If you are developing for Android, consider implementing your own {@link
+ * ResolverConfigProvider} that listens to network callbacks and properly refreshes on link changes.
+ * Something you need to do anyway to call {@link ResolverConfig#refresh()} otherwise it is pretty
+ * much guaranteed to have outdated servers sooner or later.
+ */
+@Slf4j
+public class AndroidResolverConfigProvider extends BaseResolverConfigProvider {
+  private static Context context = null;
+
+  /** Gets the current configuration */
+  public static void setContext(Context ctx) {
+    context = ctx;
+  }
+
+  @Override
+  public void initialize() throws InitializationException {
+    reset();
+    if (context == null) {
+      throw new InitializationException("Context must be initialized by calling setContext");
+    }
+
+    ConnectivityManager cm = context.getSystemService(ConnectivityManager.class);
+    Network network = cm.getActiveNetwork();
+    if (network == null) {
+      // if the device is offline, there's no active network
+      return;
+    }
+
+    LinkProperties lp = cm.getLinkProperties(network);
+    if (lp == null) {
+      // can be null for an unknown network, which may happen if networks change
+      return;
+    }
+
+    for (InetAddress address : lp.getDnsServers()) {
+      addNameserver(new InetSocketAddress(address, SimpleResolver.DEFAULT_PORT));
+    }
+
+    parseSearchPathList(lp.getDomains(), ",");
+  }
+
+  @Override
+  public boolean isEnabled() {
+    return System.getProperty("java.vendor").contains("Android");
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/config/BaseResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/BaseResolverConfigProvider.java
new file mode 100644
index 000000000..0d5d0e5c9
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/config/BaseResolverConfigProvider.java
@@ -0,0 +1,117 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.config;
+
+import java.net.Inet4Address;
+import java.net.InetSocketAddress;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.StringTokenizer;
+import java.util.stream.Collectors;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.TextParseException;
+
+/**
+ * Base class for resolver config providers that provides a default implementation for the lists and
+ * utility methods to prevent duplicates.
+ *
+ * @since 3.2
+ */
+public abstract class BaseResolverConfigProvider implements ResolverConfigProvider {
+  private static final boolean IPV4_ONLY = Boolean.getBoolean("java.net.preferIPv4Stack");
+  private static final boolean IPV6_FIRST = Boolean.getBoolean("java.net.preferIPv6Addresses");
+
+  protected static final int DEFAULT_PORT = 53;
+
+  private final List<InetSocketAddress> nameservers = new ArrayList<>(3);
+
+  protected final Logger log = LoggerFactory.getLogger(getClass());
+  protected final List<Name> searchlist = new ArrayList<>(1);
+
+  protected final void reset() {
+    // TODO v4: make a final void initialize() that clears and then calls abstract doInit()
+    nameservers.clear();
+    searchlist.clear();
+  }
+
+  protected void parseSearchPathList(String search, String delimiter) {
+    if (search != null) {
+      StringTokenizer st = new StringTokenizer(search, delimiter);
+      while (st.hasMoreTokens()) {
+        addSearchPath(st.nextToken());
+      }
+    }
+  }
+
+  protected void addSearchPath(String searchPath) {
+    if (searchPath == null || searchPath.isEmpty()) {
+      return;
+    }
+
+    try {
+      Name n = Name.fromString(searchPath, Name.root);
+      if (!searchlist.contains(n)) {
+        searchlist.add(n);
+        log.debug("Added {} to search paths", n);
+      }
+    } catch (TextParseException e) {
+      log.warn("Could not parse search path {} as a dns name, ignoring", searchPath);
+    }
+  }
+
+  protected void addNameserver(InetSocketAddress server) {
+    if (!nameservers.contains(server)) {
+      nameservers.add(server);
+      log.debug("Added {} to nameservers", server);
+    }
+  }
+
+  protected int parseNdots(String token) {
+    if (token != null && !token.isEmpty()) {
+      try {
+        int ndots = Integer.parseInt(token);
+        if (ndots >= 0) {
+          if (ndots > 15) {
+            // man resolv.conf:
+            // The value for this option is silently capped to 15
+            ndots = 15;
+          }
+
+          return ndots;
+        }
+      } catch (NumberFormatException e) {
+        // ignore
+      }
+    }
+
+    return 1;
+  }
+
+  @Override
+  public final List<InetSocketAddress> servers() {
+    if (IPV6_FIRST) {
+      // prefer IPv6: return IPv6 first, then IPv4 (each in the order added)
+      return nameservers.stream()
+          .sorted(
+              (a, b) ->
+                  Integer.compare(
+                      b.getAddress().getAddress().length, a.getAddress().getAddress().length))
+          .collect(Collectors.toList());
+    } else if (IPV4_ONLY) {
+      // skip IPv6 addresses
+      return nameservers.stream()
+          .filter(isa -> isa.getAddress() instanceof Inet4Address)
+          .collect(Collectors.toList());
+    }
+
+    // neither is specified, return in the order added
+    return Collections.unmodifiableList(nameservers);
+  }
+
+  @Override
+  public final List<Name> searchPaths() {
+    return Collections.unmodifiableList(searchlist);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/config/FallbackPropertyResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/FallbackPropertyResolverConfigProvider.java
new file mode 100644
index 000000000..98fef5b28
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/config/FallbackPropertyResolverConfigProvider.java
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.config;
+
+/**
+ * The properties {@link #DNS_FALLBACK_SERVER_PROP}, {@link #DNS_FALLBACK_SEARCH_PROP} (comma
+ * delimited lists) are checked. The servers can either be IP addresses or hostnames (which are
+ * resolved using Java's built in DNS support).
+ *
+ * @since 3.2
+ */
+public class FallbackPropertyResolverConfigProvider extends PropertyResolverConfigProvider {
+  public static final String DNS_FALLBACK_SERVER_PROP = "dns.fallback.server";
+  public static final String DNS_FALLBACK_SEARCH_PROP = "dns.fallback.search";
+  public static final String DNS_FALLBACK_NDOTS_PROP = "dns.fallback.ndots";
+
+  @Override
+  public void initialize() {
+    initialize(DNS_FALLBACK_SERVER_PROP, DNS_FALLBACK_SEARCH_PROP, DNS_FALLBACK_NDOTS_PROP);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/config/IPHlpAPI.java b/src/main/java/org/xbill/DNS/config/IPHlpAPI.java
new file mode 100644
index 000000000..eab5c6c68
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/config/IPHlpAPI.java
@@ -0,0 +1,265 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.config;
+
+import com.sun.jna.Library;
+import com.sun.jna.Native;
+import com.sun.jna.Pointer;
+import com.sun.jna.Structure;
+import com.sun.jna.WString;
+import com.sun.jna.platform.win32.Guid;
+import com.sun.jna.ptr.IntByReference;
+import com.sun.jna.win32.W32APIOptions;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+@SuppressWarnings({
+  "java:S101",
+  "java:S131",
+  "java:S116",
+  "java:S1104",
+  "java:S2160",
+  "java:S100",
+  "unused",
+})
+interface IPHlpAPI extends Library {
+  IPHlpAPI INSTANCE = Native.load("IPHlpAPI", IPHlpAPI.class, W32APIOptions.ASCII_OPTIONS);
+
+  int AF_UNSPEC = 0;
+  int AF_INET = 2;
+  int AF_INET6 = 23;
+
+  int GAA_FLAG_SKIP_UNICAST = 0x0001;
+  int GAA_FLAG_SKIP_ANYCAST = 0x0002;
+  int GAA_FLAG_SKIP_MULTICAST = 0x0004;
+  int GAA_FLAG_SKIP_DNS_SERVER = 0x0008;
+  int GAA_FLAG_INCLUDE_PREFIX = 0x0010;
+  int GAA_FLAG_SKIP_FRIENDLY_NAME = 0x0020;
+  int GAA_FLAG_INCLUDE_WINS_INFO = 0x0040;
+  int GAA_FLAG_INCLUDE_GATEWAYS = 0x0080;
+  int GAA_FLAG_INCLUDE_ALL_INTERFACES = 0x0100;
+  int GAA_FLAG_INCLUDE_ALL_COMPARTMENTS = 0x0200;
+  int GAA_FLAG_INCLUDE_TUNNEL_BINDINGORDER = 0x0400;
+
+  @Structure.FieldOrder({"sin_family", "sin_port", "sin_addr", "sin_zero"})
+  class sockaddr_in extends Structure {
+    public sockaddr_in(Pointer p) {
+      super(p);
+      read();
+    }
+
+    public short sin_family;
+    public short sin_port;
+    public byte[] sin_addr = new byte[4];
+    public byte[] sin_zero = new byte[8];
+  }
+
+  @Structure.FieldOrder({"sin6_family", "sin6_port", "sin6_flowinfo", "sin6_addr", "sin6_scope_id"})
+  class sockaddr_in6 extends Structure {
+    public sockaddr_in6(Pointer p) {
+      super(p);
+      read();
+    }
+
+    public short sin6_family;
+    public short sin6_port;
+    public int sin6_flowinfo;
+    public byte[] sin6_addr = new byte[16];
+    public int sin6_scope_id;
+  }
+
+  @Structure.FieldOrder({"lpSockaddr", "iSockaddrLength"})
+  class SOCKET_ADDRESS extends Structure {
+    public Pointer lpSockaddr;
+    public int iSockaddrLength;
+
+    InetAddress toAddress() throws UnknownHostException {
+      switch (lpSockaddr.getShort(0)) {
+        case AF_INET:
+          sockaddr_in in4 = new sockaddr_in(lpSockaddr);
+          return InetAddress.getByAddress(in4.sin_addr);
+        case AF_INET6:
+          sockaddr_in6 in6 = new sockaddr_in6(lpSockaddr);
+          return Inet6Address.getByAddress("", in6.sin6_addr, in6.sin6_scope_id);
+      }
+
+      return null;
+    }
+  }
+
+  @Structure.FieldOrder({
+    "Length",
+    "IfIndex",
+    "Next",
+    "Address",
+    "PrefixOrigin",
+    "SuffixOrigin",
+    "DadState",
+    "ValidLifetime",
+    "PreferredLifetime",
+    "LeaseLifetime",
+    "OnLinkPrefixLength"
+  })
+  class IP_ADAPTER_UNICAST_ADDRESS_LH extends Structure {
+    public static class ByReference extends IP_ADAPTER_UNICAST_ADDRESS_LH
+        implements Structure.ByReference {}
+
+    public int Length;
+    public int IfIndex;
+
+    public IP_ADAPTER_UNICAST_ADDRESS_LH.ByReference Next;
+    public SOCKET_ADDRESS Address;
+    public int PrefixOrigin;
+    public int SuffixOrigin;
+    public int DadState;
+    public int ValidLifetime;
+    public int PreferredLifetime;
+    public int LeaseLifetime;
+    public byte OnLinkPrefixLength;
+  }
+
+  @Structure.FieldOrder({"Length", "Reserved", "Next", "Address"})
+  class IP_ADAPTER_DNS_SERVER_ADDRESS_XP extends Structure {
+    public static class ByReference extends IP_ADAPTER_DNS_SERVER_ADDRESS_XP
+        implements Structure.ByReference {}
+
+    public int Length;
+    public int Reserved;
+    public IP_ADAPTER_DNS_SERVER_ADDRESS_XP.ByReference Next;
+    public SOCKET_ADDRESS Address;
+  }
+
+  @Structure.FieldOrder({"Length", "Reserved", "Next", "Address"})
+  class IP_ADAPTER_ANYCAST_ADDRESS_XP extends Structure {
+    public static class ByReference extends IP_ADAPTER_ANYCAST_ADDRESS_XP
+        implements Structure.ByReference {}
+
+    public int Length;
+    public int Reserved;
+    public IP_ADAPTER_DNS_SERVER_ADDRESS_XP.ByReference Next;
+    public SOCKET_ADDRESS Address;
+  }
+
+  @Structure.FieldOrder({"Length", "Reserved", "Next", "Address"})
+  class IP_ADAPTER_MULTICAST_ADDRESS_XP extends Structure {
+    public static class ByReference extends IP_ADAPTER_MULTICAST_ADDRESS_XP
+        implements Structure.ByReference {}
+
+    public int Length;
+    public int Reserved;
+    public IP_ADAPTER_DNS_SERVER_ADDRESS_XP.ByReference Next;
+    public SOCKET_ADDRESS Address;
+  }
+
+  @Structure.FieldOrder({"Next", "_String"})
+  class IP_ADAPTER_DNS_SUFFIX extends Structure {
+    public static class ByReference extends IP_ADAPTER_DNS_SUFFIX
+        implements Structure.ByReference {}
+
+    public IP_ADAPTER_DNS_SUFFIX.ByReference Next;
+    public char[] _String = new char[256];
+  }
+
+  @Structure.FieldOrder({"LowPart", "HighPart"})
+  class LUID extends Structure {
+    public int LowPart;
+    public int HighPart;
+  }
+
+  @Structure.FieldOrder({
+    "Length",
+    "IfIndex",
+    "Next",
+    "AdapterName",
+    "FirstUnicastAddress",
+    "FirstAnycastAddress",
+    "FirstMulticastAddress",
+    "FirstDnsServerAddress",
+    "DnsSuffix",
+    "Description",
+    "FriendlyName",
+    "PhysicalAddress",
+    "PhysicalAddressLength",
+    "Flags",
+    "Mtu",
+    "IfType",
+    "OperStatus",
+    "Ipv6IfIndex",
+    "ZoneIndices",
+    "FirstPrefix",
+    "TransmitLinkSpeed",
+    "ReceiveLinkSpeed",
+    "FirstWinsServerAddress",
+    "FirstGatewayAddress",
+    "Ipv4Metric",
+    "Ipv6Metric",
+    "Luid",
+    "Dhcpv4Server",
+    "CompartmentId",
+    "NetworkGuid",
+    "ConnectionType",
+    "TunnelType",
+    "Dhcpv6Server",
+    "Dhcpv6ClientDuid",
+    "Dhcpv6ClientDuidLength",
+    "Dhcpv6Iaid",
+    "FirstDnsSuffix",
+  })
+  class IP_ADAPTER_ADDRESSES_LH extends Structure {
+    public static class ByReference extends IP_ADAPTER_ADDRESSES_LH
+        implements Structure.ByReference {}
+
+    public IP_ADAPTER_ADDRESSES_LH(Pointer p) {
+      super(p);
+      read();
+    }
+
+    public IP_ADAPTER_ADDRESSES_LH() {}
+
+    public int Length;
+    public int IfIndex;
+
+    public IP_ADAPTER_ADDRESSES_LH.ByReference Next;
+    public String AdapterName;
+    public IP_ADAPTER_UNICAST_ADDRESS_LH.ByReference FirstUnicastAddress;
+    public IP_ADAPTER_ANYCAST_ADDRESS_XP.ByReference FirstAnycastAddress;
+    public IP_ADAPTER_MULTICAST_ADDRESS_XP.ByReference FirstMulticastAddress;
+    public IP_ADAPTER_DNS_SERVER_ADDRESS_XP.ByReference FirstDnsServerAddress;
+    public WString DnsSuffix;
+    public WString Description;
+    public WString FriendlyName;
+    public byte[] PhysicalAddress = new byte[8];
+    public int PhysicalAddressLength;
+    public int Flags;
+    public int Mtu;
+    public int IfType;
+    public int OperStatus;
+    public int Ipv6IfIndex;
+    public int[] ZoneIndices = new int[16];
+    public Pointer FirstPrefix;
+    public long TransmitLinkSpeed;
+    public long ReceiveLinkSpeed;
+    public Pointer FirstWinsServerAddress;
+    public Pointer FirstGatewayAddress;
+    public int Ipv4Metric;
+    public int Ipv6Metric;
+    public LUID Luid;
+    public SOCKET_ADDRESS Dhcpv4Server;
+    public int CompartmentId;
+    public Guid.GUID NetworkGuid;
+    public int ConnectionType;
+    public int TunnelType;
+    public SOCKET_ADDRESS Dhcpv6Server;
+    public byte[] Dhcpv6ClientDuid = new byte[130];
+    public int Dhcpv6ClientDuidLength;
+    public int Dhcpv6Iaid;
+    public IP_ADAPTER_DNS_SUFFIX.ByReference FirstDnsSuffix;
+  }
+
+  int GetAdaptersAddresses(
+      int family,
+      int flags,
+      Pointer reserved,
+      Pointer adapterAddresses,
+      IntByReference sizePointer);
+}
diff --git a/src/main/java/org/xbill/DNS/config/InitializationException.java b/src/main/java/org/xbill/DNS/config/InitializationException.java
new file mode 100644
index 000000000..373168a01
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/config/InitializationException.java
@@ -0,0 +1,12 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.config;
+
+public class InitializationException extends Exception {
+  InitializationException(String message) {
+    super(message);
+  }
+
+  InitializationException(Exception e) {
+    super(e);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/config/JndiContextResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/JndiContextResolverConfigProvider.java
new file mode 100644
index 000000000..536cf6dd0
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/config/JndiContextResolverConfigProvider.java
@@ -0,0 +1,106 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.config;
+
+import java.net.InetSocketAddress;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.StringTokenizer;
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.SimpleResolver;
+
+/**
+ * Resolver config provider that tries to extract the system's DNS servers from the <a
+ * href="https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-dns.html">JNDI DNS Service
+ * Provider</a>.
+ */
+@Slf4j
+public class JndiContextResolverConfigProvider implements ResolverConfigProvider {
+  private InnerJndiContextResolverConfigProvider inner;
+
+  public JndiContextResolverConfigProvider() {
+    if (!System.getProperty("java.vendor").contains("Android")) {
+      try {
+        inner = new InnerJndiContextResolverConfigProvider();
+      } catch (NoClassDefFoundError e) {
+        log.debug("JNDI DNS not available");
+      }
+    }
+  }
+
+  @Slf4j
+  private static final class InnerJndiContextResolverConfigProvider
+      extends BaseResolverConfigProvider {
+    static {
+      log.debug("JNDI class: {}", DirContext.class.getName());
+    }
+
+    @Override
+    public void initialize() {
+      reset();
+      Hashtable<String, String> env = new Hashtable<>();
+      env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
+      // http://mail.openjdk.java.net/pipermail/net-dev/2017-March/010695.html
+      env.put("java.naming.provider.url", "dns://");
+
+      String servers = null;
+      try {
+        DirContext ctx = new InitialDirContext(env);
+        servers = (String) ctx.getEnvironment().get("java.naming.provider.url");
+        ctx.close();
+      } catch (NamingException e) {
+        // ignore
+      }
+
+      if (servers != null) {
+        StringTokenizer st = new StringTokenizer(servers, " ");
+        while (st.hasMoreTokens()) {
+          String server = st.nextToken();
+          try {
+            URI serverUri = new URI(server);
+            String host = serverUri.getHost();
+            if (host == null || host.isEmpty()) {
+              // skip the fallback server to localhost
+              continue;
+            }
+
+            int port = serverUri.getPort();
+            if (port == -1) {
+              port = SimpleResolver.DEFAULT_PORT;
+            }
+
+            addNameserver(new InetSocketAddress(host, port));
+          } catch (URISyntaxException e) {
+            log.debug("Could not parse {} as a dns server, ignoring", server, e);
+          }
+        }
+      }
+    }
+  }
+
+  @Override
+  public void initialize() {
+    inner.initialize();
+  }
+
+  @Override
+  public List<InetSocketAddress> servers() {
+    return inner.servers();
+  }
+
+  @Override
+  public List<Name> searchPaths() {
+    return inner.searchPaths();
+  }
+
+  @Override
+  public boolean isEnabled() {
+    return inner != null;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/config/PropertyResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/PropertyResolverConfigProvider.java
new file mode 100644
index 000000000..e570d6ccb
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/config/PropertyResolverConfigProvider.java
@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.config;
+
+import java.net.InetSocketAddress;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.StringTokenizer;
+
+/**
+ * The properties {@link #DNS_SERVER_PROP}, {@link #DNS_SEARCH_PROP} (comma delimited lists) are
+ * checked. The servers can either be IP addresses or hostnames (which are resolved using Java's
+ * built in DNS support).
+ */
+public class PropertyResolverConfigProvider extends BaseResolverConfigProvider {
+  public static final String DNS_SERVER_PROP = "dns.server";
+  public static final String DNS_SEARCH_PROP = "dns.search";
+  public static final String DNS_NDOTS_PROP = "dns.ndots";
+
+  private int ndots;
+
+  @Override
+  public void initialize() {
+    initialize(DNS_SERVER_PROP, DNS_SEARCH_PROP, DNS_NDOTS_PROP);
+  }
+
+  /**
+   * Initializes the servers, search path and ndots setting with from the property names passed as
+   * the arguments.
+   *
+   * @param serverName the property name for the DNS servers
+   * @param searchName the property name for the search path
+   * @param ndotsName the property name for the ndots setting
+   * @since 3.2
+   */
+  protected void initialize(String serverName, String searchName, String ndotsName) {
+    reset();
+    String servers = System.getProperty(serverName);
+    if (servers != null) {
+      StringTokenizer st = new StringTokenizer(servers, ",");
+      while (st.hasMoreTokens()) {
+        String server = st.nextToken();
+        try {
+          URI uri = new URI("dns://" + server);
+          // assume this is an IPv6 address without brackets
+          if (uri.getHost() == null) {
+            addNameserver(new InetSocketAddress(server, DEFAULT_PORT));
+          } else {
+            int port = uri.getPort();
+            if (port == -1) {
+              port = DEFAULT_PORT;
+            }
+
+            addNameserver(new InetSocketAddress(uri.getHost(), port));
+          }
+        } catch (URISyntaxException e) {
+          log.warn("Ignored invalid server {}", server);
+        }
+      }
+    }
+
+    String searchPathProperty = System.getProperty(searchName);
+    parseSearchPathList(searchPathProperty, ",");
+
+    String ndotsProperty = System.getProperty(ndotsName);
+    ndots = parseNdots(ndotsProperty);
+  }
+
+  @Override
+  public int ndots() {
+    return ndots;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/config/ResolvConfResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/ResolvConfResolverConfigProvider.java
new file mode 100644
index 000000000..73ee8b5b6
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/config/ResolvConfResolverConfigProvider.java
@@ -0,0 +1,126 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.config;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.InetSocketAddress;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.StringTokenizer;
+import org.xbill.DNS.SimpleResolver;
+
+public class ResolvConfResolverConfigProvider extends BaseResolverConfigProvider {
+  private int ndots = 1;
+
+  @Override
+  public void initialize() {
+    reset();
+    // first try the default unix config path
+    if (!tryParseResolveConf("/etc/resolv.conf")) {
+      // then fallback to netware
+      tryParseResolveConf("sys:/etc/resolv.cfg");
+    }
+  }
+
+  private boolean tryParseResolveConf(String path) {
+    Path p = Paths.get(path);
+    if (Files.exists(p)) {
+      try (InputStream in = Files.newInputStream(p)) {
+        parseResolvConf(in);
+        return true;
+      } catch (IOException e) {
+        // ignore
+      }
+    }
+
+    return false;
+  }
+
+  protected void parseResolvConf(InputStream in) throws IOException {
+    try (InputStreamReader isr = new InputStreamReader(in);
+        BufferedReader br = new BufferedReader(isr)) {
+      String line;
+      while ((line = br.readLine()) != null) {
+        StringTokenizer st = new StringTokenizer(line);
+        if (!st.hasMoreTokens()) {
+          continue;
+        }
+
+        switch (st.nextToken()) {
+          case "nameserver":
+            addNameserver(new InetSocketAddress(st.nextToken(), SimpleResolver.DEFAULT_PORT));
+            break;
+
+          case "domain":
+            // man resolv.conf:
+            // The domain and search keywords are mutually exclusive. If more than one instance of
+            // these keywords is present, the last instance wins.
+            searchlist.clear();
+            if (!st.hasMoreTokens()) {
+              continue;
+            }
+
+            addSearchPath(st.nextToken());
+            break;
+
+          case "search":
+            // man resolv.conf:
+            // The domain and search keywords are mutually exclusive. If more than one instance of
+            // these keywords is present, the last instance wins.
+            searchlist.clear();
+            while (st.hasMoreTokens()) {
+              addSearchPath(st.nextToken());
+            }
+            break;
+
+          case "options":
+            while (st.hasMoreTokens()) {
+              String token = st.nextToken();
+              if (token.startsWith("ndots:")) {
+                ndots = parseNdots(token.substring(6));
+              }
+            }
+            break;
+        }
+      }
+    }
+
+    // man resolv.conf:
+    // The search keyword of a system's resolv.conf file can be overridden on a per-process basis by
+    // setting the environment variable LOCALDOMAIN to a space-separated list of search domains.
+    String localdomain = System.getenv("LOCALDOMAIN");
+    if (localdomain != null && !localdomain.isEmpty()) {
+      searchlist.clear();
+      parseSearchPathList(localdomain, " ");
+    }
+
+    // man resolv.conf:
+    // The options keyword of a system's resolv.conf file can be amended on a per-process basis by
+    // setting the environment variable RES_OPTIONS to a space-separated list of resolver options as
+    // explained above under options.
+    String resOptions = System.getenv("RES_OPTIONS");
+    if (resOptions != null && !resOptions.isEmpty()) {
+      StringTokenizer st = new StringTokenizer(resOptions, " ");
+      while (st.hasMoreTokens()) {
+        String token = st.nextToken();
+        if (token.startsWith("ndots:")) {
+          ndots = parseNdots(token.substring(6));
+        }
+      }
+    }
+  }
+
+  @Override
+  public int ndots() {
+    return ndots;
+  }
+
+  @Override
+  public boolean isEnabled() {
+    return !System.getProperty("os.name").contains("Windows")
+        && !System.getProperty("java.specification.vendor").toLowerCase().contains("android");
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/config/ResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/ResolverConfigProvider.java
new file mode 100644
index 000000000..cec2845d9
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/config/ResolverConfigProvider.java
@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.config;
+
+import java.net.InetSocketAddress;
+import java.util.List;
+import org.xbill.DNS.Name;
+
+public interface ResolverConfigProvider {
+  /** Initializes the servers, search paths, etc. */
+  void initialize() throws InitializationException;
+
+  /** Returns all located servers, which may be empty. */
+  List<InetSocketAddress> servers();
+
+  /** Returns all entries in the located search path, which may be empty. */
+  List<Name> searchPaths();
+
+  /**
+   * Gets the threshold for the number of dots which must appear in a name before it is considered
+   * absolute. If the interface implementation does not override this, the default implementation
+   * returns 1.
+   */
+  default int ndots() {
+    return 1;
+  }
+
+  /** Determines if this provider is enabled. */
+  default boolean isEnabled() {
+    return true;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/config/SunJvmResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/SunJvmResolverConfigProvider.java
new file mode 100644
index 000000000..66baeac01
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/config/SunJvmResolverConfigProvider.java
@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.config;
+
+import java.lang.reflect.Method;
+import java.net.InetSocketAddress;
+import java.util.List;
+
+/**
+ * Resolver config provider that queries the traditional class {@code
+ * sun.net.dns.ResolverConfiguration} via reflection.
+ *
+ * <ul>
+ *   <li>Java 9: generates an illegal reflective access exception.
+ *   <li>Java 16 (classpath): requires adding the JVM flag {@code --add-opens
+ *       java.base/sun.net.dns=ALL-UNNAMED}.
+ *   <li>Java 16 (module path): requires adding the JVM flag {@code --add-opens
+ *       java.base/sun.net.dns=org.dnsjava}.
+ *   <li>On Windows, may return invalid nameservers of disconnected NICs before Java 15, <a
+ *       href="https://bugs.openjdk.java.net/browse/JDK-7006496">JDK-7006496</a>.
+ * </ul>
+ */
+public class SunJvmResolverConfigProvider extends BaseResolverConfigProvider {
+  @Override
+  public void initialize() throws InitializationException {
+    reset();
+    try {
+      Class<?> resConfClass = Class.forName("sun.net.dns.ResolverConfiguration");
+      Method open = resConfClass.getDeclaredMethod("open");
+      Object resConf = open.invoke(null);
+
+      Method nameserversMethod = resConfClass.getMethod("nameservers");
+      @SuppressWarnings("unchecked")
+      List<String> jvmNameservers = (List<String>) nameserversMethod.invoke(resConf);
+      for (String ns : jvmNameservers) {
+        addNameserver(new InetSocketAddress(ns, 53));
+      }
+
+      Method searchlistMethod = resConfClass.getMethod("searchlist");
+      @SuppressWarnings("unchecked")
+      List<String> jvmSearchlist = (List<String>) searchlistMethod.invoke(resConf);
+      for (String n : jvmSearchlist) {
+        addSearchPath(n);
+      }
+    } catch (Exception e) {
+      throw new InitializationException(e);
+    }
+  }
+
+  @Override
+  public boolean isEnabled() {
+    return Boolean.getBoolean("dnsjava.configprovider.sunjvm.enabled");
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/config/WindowsResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/WindowsResolverConfigProvider.java
new file mode 100644
index 000000000..7e2168caa
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/config/WindowsResolverConfigProvider.java
@@ -0,0 +1,135 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.config;
+
+import static org.xbill.DNS.config.IPHlpAPI.AF_UNSPEC;
+import static org.xbill.DNS.config.IPHlpAPI.GAA_FLAG_SKIP_ANYCAST;
+import static org.xbill.DNS.config.IPHlpAPI.GAA_FLAG_SKIP_FRIENDLY_NAME;
+import static org.xbill.DNS.config.IPHlpAPI.GAA_FLAG_SKIP_MULTICAST;
+import static org.xbill.DNS.config.IPHlpAPI.GAA_FLAG_SKIP_UNICAST;
+import static org.xbill.DNS.config.IPHlpAPI.INSTANCE;
+import static org.xbill.DNS.config.IPHlpAPI.IP_ADAPTER_ADDRESSES_LH;
+import static org.xbill.DNS.config.IPHlpAPI.IP_ADAPTER_DNS_SERVER_ADDRESS_XP;
+import static org.xbill.DNS.config.IPHlpAPI.IP_ADAPTER_DNS_SUFFIX;
+
+import com.sun.jna.Memory;
+import com.sun.jna.Pointer;
+import com.sun.jna.platform.win32.Win32Exception;
+import com.sun.jna.platform.win32.WinError;
+import com.sun.jna.ptr.IntByReference;
+import java.net.Inet4Address;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.UnknownHostException;
+import java.util.List;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.SimpleResolver;
+
+/**
+ * Resolver config provider for Windows. It reads the nameservers and search path by calling the API
+ * <a
+ * href="https://docs.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-getadaptersaddresses">GetAdaptersAddresses</a>.
+ * This class requires the <a href="https://github.com/java-native-access/jna">JNA library</a> on
+ * the classpath.
+ */
+@Slf4j
+public class WindowsResolverConfigProvider implements ResolverConfigProvider {
+  private InnerWindowsResolverConfigProvider inner;
+
+  public WindowsResolverConfigProvider() {
+    if (System.getProperty("os.name").contains("Windows")) {
+      try {
+        inner = new InnerWindowsResolverConfigProvider();
+      } catch (NoClassDefFoundError e) {
+        log.debug("JNA not available");
+      }
+    }
+  }
+
+  @Slf4j
+  private static final class InnerWindowsResolverConfigProvider extends BaseResolverConfigProvider {
+    static {
+      log.debug(
+          "Checking for JNA classes: {} and {}",
+          Memory.class.getName(),
+          Win32Exception.class.getName());
+    }
+
+    @Override
+    public void initialize() throws InitializationException {
+      reset();
+      // The recommended method of calling the GetAdaptersAddresses function is to pre-allocate a
+      // 15KB working buffer
+      Memory buffer = new Memory(15 * 1024L);
+      IntByReference size = new IntByReference(0);
+      int flags =
+          GAA_FLAG_SKIP_UNICAST
+              | GAA_FLAG_SKIP_ANYCAST
+              | GAA_FLAG_SKIP_MULTICAST
+              | GAA_FLAG_SKIP_FRIENDLY_NAME;
+      int error = INSTANCE.GetAdaptersAddresses(AF_UNSPEC, flags, Pointer.NULL, buffer, size);
+      if (error == WinError.ERROR_BUFFER_OVERFLOW) {
+        buffer = new Memory(size.getValue());
+        error = INSTANCE.GetAdaptersAddresses(AF_UNSPEC, flags, Pointer.NULL, buffer, size);
+        if (error != WinError.ERROR_SUCCESS) {
+          throw new InitializationException(new Win32Exception(error));
+        }
+      }
+
+      IP_ADAPTER_ADDRESSES_LH result = new IP_ADAPTER_ADDRESSES_LH(buffer);
+      do {
+        // only interfaces with IfOperStatusUp
+        if (result.OperStatus == 1) {
+          IP_ADAPTER_DNS_SERVER_ADDRESS_XP dns = result.FirstDnsServerAddress;
+          while (dns != null) {
+            InetAddress address;
+            try {
+              address = dns.Address.toAddress();
+              if (address instanceof Inet4Address || !address.isSiteLocalAddress()) {
+                addNameserver(new InetSocketAddress(address, SimpleResolver.DEFAULT_PORT));
+              } else {
+                log.debug(
+                    "Skipped site-local IPv6 server address {} on adapter index {}",
+                    address,
+                    result.IfIndex);
+              }
+            } catch (UnknownHostException e) {
+              log.warn("Invalid nameserver address on adapter index {}", result.IfIndex, e);
+            }
+
+            dns = dns.Next;
+          }
+
+          addSearchPath(result.DnsSuffix.toString());
+          IP_ADAPTER_DNS_SUFFIX suffix = result.FirstDnsSuffix;
+          while (suffix != null) {
+            addSearchPath(String.valueOf(suffix._String));
+            suffix = suffix.Next;
+          }
+        }
+
+        result = result.Next;
+      } while (result != null);
+    }
+  }
+
+  @Override
+  public void initialize() throws InitializationException {
+    inner.initialize();
+  }
+
+  @Override
+  public List<InetSocketAddress> servers() {
+    return inner.servers();
+  }
+
+  @Override
+  public List<Name> searchPaths() {
+    return inner.searchPaths();
+  }
+
+  @Override
+  public boolean isEnabled() {
+    return inner != null;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/AlgorithmRequirements.java b/src/main/java/org/xbill/DNS/dnssec/AlgorithmRequirements.java
new file mode 100644
index 000000000..2b4a3169c
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/AlgorithmRequirements.java
@@ -0,0 +1,136 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2024 Ingo Bauersachs
+// Copyright (c) 2007-2024 NLnet Labs
+package org.xbill.DNS.dnssec;
+
+import java.util.ArrayList;
+import java.util.List;
+import lombok.Getter;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Record;
+
+/** Storage for DNSKEY algorithm requirements. */
+class AlgorithmRequirements {
+  private static final int MAX_ALGORITHMS = 0xFF;
+  private final ValUtils valUtils;
+
+  public AlgorithmRequirements(ValUtils valUtils) {
+    this.valUtils = valUtils;
+  }
+
+  /**
+   * the algorithms (8-bit) with each a number.
+   *
+   * <p>0: not marked.<br>
+   * 1: marked 'necessary but not yet fulfilled'<br>
+   * 2: marked bogus.
+   *
+   * <p>Indexed by algorithm number.
+   */
+  private final short[] needs = new short[MAX_ALGORITHMS];
+
+  /** The number of entries in {@link #needs} that are unfulfilled */
+  @Getter private int num;
+
+  /**
+   * Initialize this instance from a signalled algo list.
+   *
+   * @param sigalg signalled algorithm list.
+   */
+  void initList(List<Integer> sigalg) {
+    num = 0;
+    for (Integer algo : sigalg) {
+      needs[algo] = 1;
+      num++;
+    }
+  }
+
+  /**
+   * Initialize algo needs structure, set algos from rrset as needed.
+   *
+   * @param dsRRset algorithms from this RRset are necessary.
+   * @param favoriteDsAlgorithm filter to use only this DS algo.
+   * @return List of signalled algorithms.
+   */
+  List<Integer> initDs(RRset dsRRset, int favoriteDsAlgorithm) {
+    List<Integer> sigalg = new ArrayList<>();
+    num = 0;
+    for (Record r : dsRRset.rrs(false)) {
+      DSRecord ds = (DSRecord) r;
+      if (ds.getDigestID() != favoriteDsAlgorithm) {
+        continue;
+      }
+
+      int algo = ds.getAlgorithm();
+      if (!valUtils.isAlgorithmSupported(algo)) {
+        continue;
+      }
+
+      if (needs[algo] == 0) {
+        needs[algo] = 1;
+        sigalg.add(algo);
+        num++;
+      }
+    }
+
+    return sigalg;
+  }
+
+  /**
+   * Mark this algorithm as a success ({@link SecurityStatus#SECURE}), and see if we are done.
+   *
+   * @param algo: the algorithm processed to be secure.
+   * @return if true, processing has finished successfully, we are satisfied.
+   */
+  boolean setSecure(int algo) {
+    if (needs[algo] != 0) {
+      needs[algo] = 0;
+      num--;
+      // done!
+      return num == 0;
+    }
+
+    return false;
+  }
+
+  /**
+   * Mark this algorithm a failure ({@link SecurityStatus#BOGUS}). It can later be overridden by a
+   * success for this algorithm (with a different signature).
+   *
+   * @param algo the algorithm processed to be bogus.
+   */
+  void setBogus(int algo) {
+    if (needs[algo] != 0) {
+      // need it, but bogus
+      needs[algo] = 2;
+    }
+  }
+
+  /**
+   * See how many algorithms are missing (not bogus or secure, but not processed)
+   *
+   * @return number of algorithms missing after processing.
+   */
+  int missing() {
+    int miss = -1;
+    // check if a needed algo was bogus - report that,
+    // check the first missing algo - report that,
+    // or return 0
+    for (int i = 0; i < needs.length; i++) {
+      if (needs[i] == 2) {
+        return 0;
+      }
+
+      if (needs[i] == 1 && miss == -1) {
+        miss = i;
+      }
+    }
+
+    if (miss != -1) {
+      return miss;
+    }
+
+    return 0;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java b/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java
new file mode 100644
index 000000000..3ef64667f
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java
@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import lombok.experimental.UtilityClass;
+
+/**
+ * This class implements a basic comparator for byte arrays. It is primarily useful for comparing
+ * RDATA portions of DNS records in doing DNSSEC canonical ordering.
+ *
+ * @since 3.5
+ */
+@UtilityClass
+final class ByteArrayComparator {
+  private static final int MAX_BYTE = 0xFF;
+
+  /**
+   * Compares its two arguments for order.
+   *
+   * @param b1 the first object to be compared.
+   * @param b2 the second object to be compared.
+   * @return a negative integer, zero, or a positive integer as the first argument is less than,
+   *     equal to, or greater than the second.
+   */
+  public int compare(byte[] b1, byte[] b2) {
+    if (b1.length != b2.length) {
+      return b1.length - b2.length;
+    }
+
+    for (int i = 0; i < b1.length; i++) {
+      if (b1[i] != b2[i]) {
+        return (b1[i] & MAX_BYTE) - (b2[i] & MAX_BYTE);
+      }
+    }
+
+    return 0;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/DefaultTrustAnchorStore.java b/src/main/java/org/xbill/DNS/dnssec/DefaultTrustAnchorStore.java
new file mode 100644
index 000000000..943910582
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/DefaultTrustAnchorStore.java
@@ -0,0 +1,99 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Type;
+
+/** Storage for DS or DNSKEY records that are known to be trusted. */
+final class DefaultTrustAnchorStore implements TrustAnchorStore {
+  private final Map<String, RRset> map;
+
+  /** Creates a new instance of this class. */
+  public DefaultTrustAnchorStore() {
+    this.map = new HashMap<>();
+  }
+
+  /**
+   * Stores the given RRset as known trusted keys. Existing keys for the same name and class are
+   * overwritten.
+   *
+   * @param rrset The key set to store as trusted.
+   */
+  @Override
+  public void store(RRset rrset) {
+    if (rrset.getType() != Type.DS && rrset.getType() != Type.DNSKEY) {
+      throw new IllegalArgumentException("Trust anchors can only be DS or DNSKEY records");
+    }
+
+    if (rrset.getType() == Type.DNSKEY) {
+      SRRset temp = new SRRset();
+      for (Record r : rrset.rrs()) {
+        DNSKEYRecord key = (DNSKEYRecord) r;
+        DSRecord ds =
+            new DSRecord(key.getName(), key.getDClass(), key.getTTL(), DNSSEC.Digest.SHA384, key);
+        temp.addRR(ds);
+      }
+
+      rrset = temp;
+    }
+
+    String k = this.key(rrset.getName(), rrset.getDClass());
+    RRset previous = this.map.put(k, rrset);
+    if (previous != null) {
+      previous.rrs().forEach(rrset::addRR);
+    }
+  }
+
+  /**
+   * Gets the closest trusted key for the given name or <code>null</code> if no match is found.
+   *
+   * @param name The name to search for.
+   * @param dclass The class of the keys.
+   * @return The closest found key for <code>name</code> or <code>null</code>.
+   */
+  @Override
+  public RRset find(Name name, int dclass) {
+    while (name.labels() > 0) {
+      String k = this.key(name, dclass);
+      RRset r = this.lookup(k);
+      if (r != null) {
+        return r;
+      }
+
+      name = new Name(name, 1);
+    }
+
+    return null;
+  }
+
+  /** Removes all stored trust anchors. */
+  @Override
+  public void clear() {
+    this.map.clear();
+  }
+
+  /** Gets all trust anchors currently in use. */
+  @Override
+  public Collection<RRset> items() {
+    return Collections.unmodifiableCollection(this.map.values());
+  }
+
+  private RRset lookup(String key) {
+    return this.map.get(key);
+  }
+
+  private String key(Name n, int dclass) {
+    return "T" + dclass + "/" + n.canonicalize();
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java
new file mode 100644
index 000000000..e169f0cad
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java
@@ -0,0 +1,302 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2007-2024 NLnet Labs
+// Copyright (c) 2013-2024 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Properties;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.DNSSEC.DNSSECException;
+import org.xbill.DNS.DNSSEC.InvalidDnskeyException;
+import org.xbill.DNS.DNSSEC.KeyMismatchException;
+import org.xbill.DNS.DNSSEC.SignatureExpiredException;
+import org.xbill.DNS.DNSSEC.SignatureNotYetValidException;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Type;
+
+/**
+ * A class for performing basic DNSSEC verification. The DNSJAVA package contains a similar class.
+ * This is a reimplementation that allows us to have finer control over the validation process.
+ *
+ * @since 3.5
+ */
+@Slf4j
+final class DnsSecVerifier {
+  public static final String MAX_VALIDATE_RRSIGS_PROPERTY = "dnsjava.dnssec.max_validate_rrsigs";
+  private final ValUtils valUtils;
+  private int maxValidateRRsigs;
+
+  public DnsSecVerifier(ValUtils valUtils) {
+    this.valUtils = valUtils;
+  }
+
+  /**
+   * Initialize the module. The recognized configuration values are:
+   *
+   * <ul>
+   *   <li>{@value #MAX_VALIDATE_RRSIGS_PROPERTY}
+   * </ul>
+   *
+   * @param config The configuration data for this module.
+   */
+  public void init(Properties config) {
+    maxValidateRRsigs = Integer.parseInt(config.getProperty(MAX_VALIDATE_RRSIGS_PROPERTY, "8"));
+  }
+
+  /**
+   * Find the matching DNSKEY(s) to an RRSIG within a DNSKEY rrset. Normally this will only return
+   * one DNSKEY. It can return more than one, since KeyID/Footprints are not guaranteed to be
+   * unique.
+   *
+   * @param dnskeyRrset The DNSKEY rrset to search.
+   * @param signature The RRSIG to match against.
+   * @return A List that contains one or more DNSKEYRecord objects; empty if a matching DNSKEY could
+   *     not be found.
+   */
+  private List<DNSKEYRecord> findKey(RRset dnskeyRrset, RRSIGRecord signature) {
+    if (!signature.getSigner().equals(dnskeyRrset.getName())) {
+      log.trace(
+          "Could not find appropriate key because incorrect keyset was supplied. Wanted: {}, got: {}",
+          signature.getSigner(),
+          dnskeyRrset.getName());
+      return Collections.emptyList();
+    }
+
+    int keyid = signature.getFootprint();
+    int alg = signature.getAlgorithm();
+    List<DNSKEYRecord> res = new ArrayList<>(dnskeyRrset.size());
+    for (Record r : dnskeyRrset.rrs(false)) {
+      DNSKEYRecord dnskey = (DNSKEYRecord) r;
+      if (dnskey.getAlgorithm() == alg && dnskey.getFootprint() == keyid) {
+        res.add(dnskey);
+      }
+    }
+
+    return res;
+  }
+
+  /**
+   * Verify an RRset against a particular signature.
+   *
+   * @param rrset The RRset to verify.
+   * @param sigrec The signature record that signs the RRset.
+   * @param keyRrset The keys used to create the signature record.
+   * @param date The date against which to verify the signature.
+   * @return {@link SecurityStatus#SECURE} if the signature verified, {@link SecurityStatus#BOGUS}
+   *     if it did not verify (for any reason), and {@link SecurityStatus#UNCHECKED} if verification
+   *     could not be completed (usually because the public key was not available).
+   */
+  private JustifiedSecStatus verifySignature(
+      SRRset rrset, RRSIGRecord sigrec, KeyEntry keyRrset, Instant date) {
+    if (!rrset.getName().subdomain(sigrec.getSigner())) {
+      log.debug("Signer name {} is off-tree for {}", sigrec.getSigner(), rrset.getName());
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS,
+          ExtendedErrorCodeOption.DNSSEC_BOGUS,
+          R.get("dnskey.key_offtree", sigrec.getSigner(), rrset.getName()));
+    }
+
+    List<DNSKEYRecord> keys = this.findKey(keyRrset, sigrec);
+
+    for (DNSKEYRecord dnskey : keys) {
+      try {
+        DNSSEC.verify(rrset, sigrec, dnskey, date);
+        ValUtils.setCanonicalNsecOwner(rrset, sigrec);
+        return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null);
+      } catch (KeyMismatchException kme) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.no_match"));
+      } catch (SignatureExpiredException e) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.SIGNATURE_EXPIRED,
+            R.get("dnskey.expired"));
+      } catch (SignatureNotYetValidException e) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.SIGNATURE_NOT_YET_VALID,
+            R.get("dnskey.not_yet_valid"));
+      } catch (InvalidDnskeyException e) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, e.getEdeCode(), R.get("dnskey.invalid"));
+      } catch (DNSSECException e) {
+        log.error(
+            "Failed to validate RRset <{}/{}/{}>",
+            rrset.getName(),
+            DClass.string(rrset.getDClass()),
+            Type.string(rrset.getType()),
+            e);
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.invalid"));
+      }
+    }
+
+    log.trace("Could not find appropriate key for {}", sigrec);
+    return new JustifiedSecStatus(
+        SecurityStatus.UNCHECKED,
+        ExtendedErrorCodeOption.DNSKEY_MISSING,
+        R.get("dnskey.no_key", sigrec.getSigner()));
+  }
+
+  /**
+   * Verifies an RRset. This routine does not modify the RRset. The RRset is presumed to be
+   * verifiable, and the correct DNSKEY rrset is presumed to have been found.
+   *
+   * @param rrset The RRset to verify.
+   * @param keyRrset The keys to verify the signatures in the RRset to check.
+   * @param date The date against which to verify the rrset.
+   * @return {@link SecurityStatus#SECURE} if the {@link RRset} verified positively, {@link
+   *     SecurityStatus#BOGUS} otherwise.
+   */
+  public JustifiedSecStatus verify(SRRset rrset, KeyEntry keyRrset, Instant date) {
+    List<RRSIGRecord> sigs = rrset.sigs();
+    if (sigs.isEmpty()) {
+      log.info(
+          "RRset <{}/{}/{}> failed to verify due to a lack of signatures",
+          rrset.getName(),
+          DClass.string(rrset.getDClass()),
+          Type.string(rrset.getType()));
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS,
+          ExtendedErrorCodeOption.RRSIGS_MISSING,
+          R.get("validate.bogus.missingsig_named", rrset.getName(), Type.string(rrset.getType())));
+    }
+
+    AlgorithmRequirements needs = null;
+    if (keyRrset.getAlgo() != null) {
+      needs = new AlgorithmRequirements(valUtils);
+      needs.initList(keyRrset.getAlgo());
+      if (needs.getNum() == 0) {
+        log.debug("{} has no known algorithms", rrset.getName());
+        return new JustifiedSecStatus(
+            SecurityStatus.INSECURE,
+            ExtendedErrorCodeOption.UNSUPPORTED_DNSKEY_ALGORITHM,
+            R.get("validate.insecure.noalg", rrset.getName()));
+      }
+    }
+
+    JustifiedSecStatus res = null;
+    int numVerified = 0;
+    for (RRSIGRecord sigrec : sigs) {
+      res = this.verifySignature(rrset, sigrec, keyRrset, date);
+      if (res.status == SecurityStatus.SECURE) {
+        if (needs == null || needs.setSecure(sigrec.getAlgorithm())) {
+          return res;
+        }
+      } else if (needs != null && res.status == SecurityStatus.BOGUS) {
+        needs.setBogus(sigrec.getAlgorithm());
+      }
+
+      numVerified++;
+      if (numVerified > maxValidateRRsigs) {
+        log.warn(
+            "RRset <{}/{}/{}> failed to verify: too many signatures",
+            rrset.getName(),
+            DClass.string(rrset.getDClass()),
+            Type.string(rrset.getType()));
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.DNSSEC_BOGUS,
+            R.get("validate.bogus.rrsigtoomany", rrset.getName(), Type.string(rrset.getType())));
+      }
+    }
+
+    log.warn(
+        "RRset <{}/{}/{}> failed to verify: all signatures are BOGUS",
+        rrset.getName(),
+        DClass.string(rrset.getDClass()),
+        Type.string(rrset.getType()));
+    return res;
+  }
+
+  /**
+   * Verify an RRset against a single DNSKEY. Use this when you must be certain that an RRset signed
+   * and verifies with a particular DNSKEY (as opposed to a particular DNSKEY rrset).
+   *
+   * @param rrset The rrset to verify.
+   * @param dnskey The DNSKEY to verify with.
+   * @param date The date against which to verify the rrset.
+   * @return {@link SecurityStatus#SECURE} if the {@link RRset} verified, {@link
+   *     SecurityStatus#BOGUS} otherwise.
+   */
+  public JustifiedSecStatus verify(RRset rrset, DNSKEYRecord dnskey, Instant date) {
+    List<RRSIGRecord> sigs = rrset.sigs();
+    if (sigs.isEmpty()) {
+      log.warn(
+          "RRset <{}/{}/{}> failed to verify due to lack of signatures",
+          rrset.getName(),
+          DClass.string(rrset.getDClass()),
+          Type.string(rrset.getType()));
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS,
+          ExtendedErrorCodeOption.RRSIGS_MISSING,
+          R.get("validate.bogus.missingsig_named", rrset.getName(), Type.string(rrset.getType())));
+    }
+
+    DNSSECException lastException = null;
+    int numVerified = 0;
+    for (RRSIGRecord sigrec : sigs) {
+      // Skip RRSIGs that do not match our given key's footprint.
+      if (sigrec.getFootprint() != dnskey.getFootprint()) {
+        continue;
+      }
+
+      numVerified++;
+      try {
+        DNSSEC.verify(rrset, sigrec, dnskey, date);
+        return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null);
+      } catch (DNSSECException e) {
+        log.warn(
+            "Failed to validate RRset <{}/{}/{}> with signature {}",
+            rrset.getName(),
+            DClass.string(rrset.getDClass()),
+            Type.string(rrset.getType()),
+            sigrec.getFootprint(),
+            e);
+        lastException = e;
+      }
+
+      if (numVerified > maxValidateRRsigs) {
+        log.warn(
+            "RRset <{}/{}/{}> failed to verify: too many signatures",
+            rrset.getName(),
+            DClass.string(rrset.getDClass()),
+            Type.string(rrset.getType()));
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.DNSSEC_BOGUS,
+            R.get("validate.bogus.rrsigtoomany", rrset.getName(), Type.string(rrset.getType())));
+      }
+    }
+
+    log.warn(
+        "RRset <{}/{}/{}> failed to verify: all signatures were BOGUS",
+        rrset.getName(),
+        DClass.string(rrset.getDClass()),
+        Type.string(rrset.getType()));
+    int edeReason = ExtendedErrorCodeOption.DNSSEC_BOGUS;
+    String reason = "dnskey.invalid";
+    if (numVerified == 0) {
+      edeReason = ExtendedErrorCodeOption.DNSKEY_MISSING;
+      reason = "dnskey.no_ds_match";
+    } else if (lastException instanceof SignatureExpiredException) {
+      edeReason = ExtendedErrorCodeOption.SIGNATURE_EXPIRED;
+      reason = "dnskey.expired";
+    } else if (lastException instanceof SignatureNotYetValidException) {
+      edeReason = ExtendedErrorCodeOption.SIGNATURE_NOT_YET_VALID;
+      reason = "dnskey.not_yet_valid";
+    }
+
+    return new JustifiedSecStatus(SecurityStatus.BOGUS, edeReason, R.get(reason));
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/FindKeyState.java b/src/main/java/org/xbill/DNS/dnssec/FindKeyState.java
new file mode 100644
index 000000000..a566ad2fa
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/FindKeyState.java
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+
+package org.xbill.DNS.dnssec;
+
+import org.xbill.DNS.Name;
+
+/**
+ * State-object for the key-finding phase.
+ *
+ * @since 3.5
+ */
+final class FindKeyState {
+  /** The (initial) DS RRset for the following DNSKEY search and validate phase. */
+  SRRset dsRRset;
+
+  /** Iteratively holds the key during the search phase. */
+  KeyEntry keyEntry;
+
+  /**
+   * The name of the key to search. This is taken from the RRSIG's signer name or the query name if
+   * no signer name is available.
+   */
+  Name signerName;
+
+  /** The query class of the key to find. */
+  int qclass;
+
+  /** Sets the key name being searched for when a DS response is provably not a delegation point. */
+  Name emptyDSName;
+
+  /** The initial key name when the key search is started from a trust anchor. */
+  Name currentDSKeyName;
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java b/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java
new file mode 100644
index 000000000..944c3e9fe
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java
@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+/**
+ * Codes for DNSSEC security statuses along with a reason why the status was determined.
+ *
+ * @since 3.5
+ */
+final class JustifiedSecStatus {
+  SecurityStatus status;
+  int edeReason;
+  String reason;
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param status The security status.
+   * @param reason The reason why the status was determined.
+   */
+  JustifiedSecStatus(SecurityStatus status, int edeReason, String reason) {
+    this.status = status;
+    this.edeReason = edeReason;
+    this.reason = reason;
+  }
+
+  /**
+   * Applies this security status to a response message.
+   *
+   * @param response The response to which to apply this status.
+   */
+  void applyToResponse(SMessage response) {
+    response.setStatus(this.status, edeReason, this.reason);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/KeyCache.java b/src/main/java/org/xbill/DNS/dnssec/KeyCache.java
new file mode 100644
index 000000000..0d8d159bc
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/KeyCache.java
@@ -0,0 +1,167 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.time.Clock;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Properties;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Type;
+
+/**
+ * Cache for DNSKEY RRsets or corresponding null/bad key entries with a limited size and respect for
+ * TTL values.
+ *
+ * @since 3.5
+ */
+final class KeyCache {
+  /** Name of the property that configures the maximum cache TTL. */
+  public static final String MAX_TTL_CONFIG = "dnsjava.dnssec.keycache.max_ttl";
+
+  /** Name of the property that configures the maximum cache size. */
+  public static final String MAX_CACHE_SIZE_CONFIG = "dnsjava.dnssec.keycache.max_size";
+
+  private static final int DEFAULT_MAX_TTL = 900;
+  private static final int DEFAULT_MAX_CACHE_SIZE = 1000;
+
+  /** This is the main caching data structure. */
+  private final Map<String, CacheEntry> cache;
+
+  private final Clock clock;
+
+  /** This is the maximum TTL [s] that all key cache entries will have. */
+  private long maxTtl = DEFAULT_MAX_TTL;
+
+  /** This is the maximum number of entries that the key cache will hold. */
+  private int maxCacheSize = DEFAULT_MAX_CACHE_SIZE;
+
+  /** Creates a new instance of this class. Uses the default system clock for cache eviction. */
+  public KeyCache() {
+    this(Clock.systemUTC());
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param clock The clock to use for cache eviction.
+   */
+  public KeyCache(Clock clock) {
+    this.clock = clock;
+    this.cache =
+        Collections.synchronizedMap(
+            new LinkedHashMap<String, CacheEntry>() {
+              @Override
+              protected boolean removeEldestEntry(Map.Entry<String, CacheEntry> eldest) {
+                return size() >= KeyCache.this.maxCacheSize;
+              }
+            });
+  }
+
+  /**
+   * Initialize the cache. This implementation recognizes the following configuration parameters:
+   *
+   * <dl>
+   *   <dt>{@value #MAX_TTL_CONFIG}
+   *   <dd>The maximum TTL to apply to any cache entry.
+   *   <dt>{@value #MAX_CACHE_SIZE_CONFIG}
+   *   <dd>The maximum number of entries that the cache will hold.
+   * </dl>
+   *
+   * @param config The configuration information.
+   */
+  public void init(Properties config) {
+    if (config == null) {
+      return;
+    }
+
+    String s = config.getProperty(MAX_TTL_CONFIG);
+    if (s != null) {
+      this.maxTtl = Long.parseLong(s);
+    }
+
+    s = config.getProperty(MAX_CACHE_SIZE_CONFIG);
+    if (s != null) {
+      this.maxCacheSize = Integer.parseInt(s);
+    }
+  }
+
+  /**
+   * Find the 'closest' trusted DNSKEY rrset to the given name.
+   *
+   * @param n The name to start the search.
+   * @param dclass The class this DNSKEY rrset should be in.
+   * @return The 'closest' entry to 'n' in the same class as 'dclass'.
+   */
+  public KeyEntry find(Name n, int dclass) {
+    while (n.labels() > 0) {
+      String k = this.key(n, dclass);
+      KeyEntry entry = this.lookupEntry(k);
+      if (entry != null) {
+        return entry;
+      }
+
+      n = new Name(n, 1);
+    }
+
+    return null;
+  }
+
+  /**
+   * Store a {@link KeyEntry} in the cache. The entry will be ignored if it isn't a DNSKEY rrset, if
+   * it doesn't have the SECURE security status, or if it isn't a null-Key.
+   *
+   * @param ke The key entry to cache.
+   */
+  public void store(KeyEntry ke) {
+    if (!ke.isGood() && !ke.isNull()) {
+      return;
+    }
+
+    if (ke.getType() != Type.DNSKEY) {
+      return;
+    }
+
+    String k = this.key(ke.getName(), ke.getDClass());
+    CacheEntry ce = new CacheEntry(ke, this.maxTtl);
+    this.cache.put(k, ce);
+  }
+
+  private String key(Name n, int dclass) {
+    return "K" + dclass + "/" + n;
+  }
+
+  private KeyEntry lookupEntry(String key) {
+    CacheEntry centry = this.cache.get(key);
+    if (centry == null) {
+      return null;
+    }
+
+    if (centry.expiration.isBefore(clock.instant())) {
+      this.cache.remove(key);
+      return null;
+    }
+
+    return centry.keyEntry;
+  }
+
+  /** Utility class to cache key entries with an expiration date. */
+  private class CacheEntry {
+    private final Instant expiration;
+    private final KeyEntry keyEntry;
+
+    CacheEntry(KeyEntry keyEntry, long maxTtl) {
+      long ttl = keyEntry.getTTL();
+      if (ttl > maxTtl) {
+        ttl = maxTtl;
+      }
+
+      this.expiration = clock.instant().plus(ttl, ChronoUnit.SECONDS);
+      this.keyEntry = keyEntry;
+    }
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java
new file mode 100644
index 000000000..75745411d
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java
@@ -0,0 +1,207 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+
+package org.xbill.DNS.dnssec;
+
+import java.util.List;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Type;
+
+/**
+ * DNSKEY cache entry for a given {@link Name}, with or without actual keys.
+ *
+ * @since 3.5
+ */
+@Slf4j
+@EqualsAndHashCode(
+    callSuper = true,
+    of = {"edeReason", "badReason", "isEmpty"})
+final class KeyEntry extends SRRset {
+  /** List of algorithms signalled, may be {@code null}. */
+  @Getter private final List<Integer> algo;
+
+  private int edeReason = -1;
+  private String badReason;
+  private boolean isEmpty;
+
+  /**
+   * Create a new, positive key entry.
+   *
+   * @param rrset The set of records to cache.
+   */
+  private KeyEntry(SRRset rrset) {
+    this(rrset, null);
+  }
+
+  /**
+   * Create a new, positive key entry.
+   *
+   * @param rrset The set of records to cache.
+   * @param sigalg signalled algorithm list, may be {@code null}.
+   */
+  private KeyEntry(SRRset rrset, List<Integer> sigalg) {
+    super(rrset);
+    this.algo = sigalg;
+  }
+
+  private KeyEntry(Name name, int dclass, long ttl, boolean isBad) {
+    super(new SRRset(Record.newRecord(name, Type.DNSKEY, dclass, ttl)));
+    this.isEmpty = true;
+    this.algo = null;
+    if (isBad) {
+      setSecurityStatus(SecurityStatus.BOGUS);
+    }
+  }
+
+  /**
+   * Creates a new key entry from actual DNSKEYs.
+   *
+   * @param rrset The DNSKEYs to cache.
+   * @return The created key entry.
+   */
+  public static KeyEntry newKeyEntry(SRRset rrset) {
+    return new KeyEntry(rrset);
+  }
+
+  /**
+   * Creates a new key entry from actual DNSKEYs.
+   *
+   * @param rrset The DNSKEYs to cache.
+   * @param sigalg signalled algorithm list, may be {@code null}.
+   * @return The created key entry.
+   */
+  public static KeyEntry newKeyEntry(SRRset rrset, List<Integer> sigalg) {
+    return new KeyEntry(rrset, sigalg);
+  }
+
+  /**
+   * Creates a new trusted key entry without actual DNSKEYs, i.e. it is proven that there are no
+   * keys.
+   *
+   * @param n The name for which the empty cache entry is created.
+   * @param dclass The DNS class.
+   * @param ttl The TTL [s].
+   * @return The created key entry.
+   */
+  public static KeyEntry newNullKeyEntry(Name n, int dclass, long ttl) {
+    return new KeyEntry(n, dclass, ttl, false);
+  }
+
+  /**
+   * Creates a new bad key entry without actual DNSKEYs, i.e. from a response that did not validate.
+   *
+   * @param n The name for which the bad cache entry is created.
+   * @param dclass The DNS class.
+   * @param ttl The TTL [s].
+   * @return The created key entry.s
+   */
+  public static KeyEntry newBadKeyEntry(Name n, int dclass, long ttl) {
+    return new KeyEntry(n, dclass, ttl, true);
+  }
+
+  /**
+   * Gets an indication if this is a null key, i.e. a proven secure response without keys.
+   *
+   * @return <code>True</code> is it is null, <code>false</code> otherwise.
+   */
+  public boolean isNull() {
+    return this.isEmpty && this.getSecurityStatus() == SecurityStatus.UNCHECKED;
+  }
+
+  /**
+   * Gets an indication if this is a bad key, i.e. an invalid response.
+   *
+   * @return <code>True</code> is it is bad, <code>false</code> otherwise.
+   */
+  public boolean isBad() {
+    return this.isEmpty && this.getSecurityStatus() == SecurityStatus.BOGUS;
+  }
+
+  /**
+   * Gets an indication if this is a good key, i.e. a proven secure response with keys.
+   *
+   * @return <code>True</code> is it is good, <code>false</code> otherwise.
+   */
+  public boolean isGood() {
+    return !this.isEmpty && this.getSecurityStatus() == SecurityStatus.SECURE;
+  }
+
+  /**
+   * Sets the reason why this key entry is bad.
+   *
+   * @param reason The reason why this key entry is bad.
+   */
+  public void setBadReason(int edeReason, String reason) {
+    this.edeReason = edeReason;
+    this.badReason = reason;
+  }
+
+  /**
+   * Validate if this key instance is valid for the specified name.
+   *
+   * @param set the set against which this key is validated.
+   * @return A security status indicating if this key is valid, or if not, why.
+   */
+  JustifiedSecStatus validateKeyFor(SRRset set) {
+    // signerName being null is the indicator that this response was
+    // unsigned
+    Name signerName = set.getSignerName();
+    if (signerName == null) {
+      // A synthesized CNAME has no key, but since it was created from a signed DNAME, it's valid
+      if (set.getType() == Type.CNAME && set.getSecurityStatus() == SecurityStatus.SECURE) {
+        return new JustifiedSecStatus(set.getSecurityStatus(), -1, null);
+      }
+
+      log.debug(
+          "No signerName for <{}/{}/{}>",
+          set.getName(),
+          DClass.string(set.getDClass()),
+          Type.string(set.getType()));
+
+      // Unsigned responses must be underneath a "null" key entry.
+      if (this.isNull()) {
+        String reason = this.badReason;
+        if (reason == null) {
+          reason = R.get("validate.insecure_unsigned");
+        }
+
+        return new JustifiedSecStatus(SecurityStatus.INSECURE, edeReason, reason);
+      }
+
+      if (this.isGood()) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.RRSIGS_MISSING,
+            R.get("validate.bogus.missingsig"));
+      }
+
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, edeReason, R.get("validate.bogus", this.badReason));
+    }
+
+    if (this.isBad()) {
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS,
+          edeReason,
+          R.get("validate.bogus.badkey", this.getName(), this.badReason));
+    }
+
+    if (this.isNull()) {
+      String reason = this.badReason;
+      if (reason == null) {
+        reason = R.get("validate.insecure");
+      }
+
+      return new JustifiedSecStatus(SecurityStatus.INSECURE, edeReason, reason);
+    }
+
+    return null;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java
new file mode 100644
index 000000000..50aafb62b
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java
@@ -0,0 +1,810 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2007-2024 NLnet Labs
+// Copyright (c) 2013-2024 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import static org.xbill.DNS.ExtendedErrorCodeOption.DNSSEC_BOGUS;
+import static org.xbill.DNS.ExtendedErrorCodeOption.NSEC_MISSING;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.HashMap;
+import java.util.List;
+import java.util.ListIterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.TreeMap;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.DNSSEC.DNSSECException;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.NSEC3Record;
+import org.xbill.DNS.NSEC3Record.Flags;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.NameTooLongException;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.TextParseException;
+import org.xbill.DNS.Type;
+import org.xbill.DNS.utils.base32;
+
+/**
+ * NSEC3 non-existence proof utilities.
+ *
+ * @since 3.5
+ */
+@Slf4j
+final class NSEC3ValUtils {
+  public static final String NSEC3_MAX_ITERATIONS_PROPERTY_PREFIX =
+      "dnsjava.dnssec.nsec3.iterations";
+  private static final Name ASTERISK_LABEL = Name.fromConstantString("*");
+
+  private static final int MAX_ITERATION_COUNT = 65536;
+
+  /**
+   * Max number of NSEC3 calculations at once. 8 is low enough and allows for cases where multiple
+   * proofs are needed.
+   */
+  private static final int MAX_NSEC3_CALCULATIONS = 8;
+
+  /**
+   * When all allowed NSEC3 calculations at once resulted in error treat as bogus. NSEC3 hash errors
+   * are not cached and this helps breaks loops with erroneous data.
+   */
+  private static final int MAX_NSEC3_ERRORS = -1;
+
+  private final TreeMap<Integer, Integer> maxIterations;
+
+  /** Creates a new instance of this class. */
+  NSEC3ValUtils() {
+    // see RFC5155#10.3 for the max iteration count
+    this.maxIterations = new TreeMap<>();
+    this.maxIterations.put(1024, 150);
+    this.maxIterations.put(2048, 500);
+    this.maxIterations.put(4096, 2500);
+  }
+
+  /**
+   * Loads the configuration data. Supported properties are:
+   *
+   * <ul>
+   *   <li>{@value #NSEC3_MAX_ITERATIONS_PROPERTY_PREFIX}.M=N
+   * </ul>
+   *
+   * @param config The configuration data.
+   */
+  void init(Properties config) {
+    boolean first = true;
+    for (Map.Entry<?, ?> s : config.entrySet()) {
+      String key = s.getKey().toString();
+      if (key.startsWith(NSEC3_MAX_ITERATIONS_PROPERTY_PREFIX)) {
+        int keySize = Integer.parseInt(key.substring(key.lastIndexOf(".") + 1));
+        int iterations = Integer.parseInt(s.getValue().toString());
+        if (iterations > MAX_ITERATION_COUNT) {
+          throw new IllegalArgumentException(
+              iterations + " iterations is too high, maximum is " + MAX_ITERATION_COUNT);
+        }
+
+        if (first) {
+          first = false;
+          this.maxIterations.clear();
+        }
+
+        this.maxIterations.put(keySize, iterations);
+      }
+    }
+  }
+
+  /** This is just a simple class to encapsulate the response to a closest encloser proof. */
+  private static final class CEResponse {
+    private final Name closestEncloser;
+    private final NSEC3Record ceNsec3;
+    private NSEC3Record ncNsec3;
+
+    /**
+     *
+     *
+     * <ul>
+     *   <li>bogus if no closest encloser could be proven.
+     *   <li>secure if a closest encloser could be proven, ce is set.
+     *   <li>insecure if the closest-encloser candidate turns out to prove that an insecure
+     *       delegation exists above the qname.
+     * </ul>
+     */
+    private SecurityStatus status = SecurityStatus.UNCHECKED;
+
+    private CEResponse(Name ce, NSEC3Record nsec3) {
+      this.closestEncloser = ce;
+      this.ceNsec3 = nsec3;
+    }
+  }
+
+  private boolean supportsHashAlgorithm(int alg) {
+    return alg == NSEC3Record.SHA1_DIGEST_ID;
+  }
+
+  /**
+   * Remove all records whose algorithm is unknown.
+   *
+   * @param nsec3s List of NSEC3 records to check. The list is modified by this method.
+   */
+  public void stripUnknownAlgNSEC3s(List<SRRset> nsec3s) {
+    for (ListIterator<SRRset> i = nsec3s.listIterator(); i.hasNext(); ) {
+      NSEC3Record nsec3 = (NSEC3Record) i.next().first();
+      if (!this.supportsHashAlgorithm(nsec3.getHashAlgorithm())) {
+        i.remove();
+      }
+    }
+  }
+
+  /**
+   * Given the name of a closest encloser, return the name *.closest_encloser.
+   *
+   * @param closestEncloser The name to start with.
+   * @return The wildcard name.
+   */
+  private Name ceWildcard(Name closestEncloser) {
+    try {
+      return Name.concatenate(ASTERISK_LABEL, closestEncloser);
+    } catch (NameTooLongException e) {
+      return null;
+    }
+  }
+
+  /**
+   * Given a qname and its proven closest encloser, calculate the "next closest" name. Basically,
+   * this is the name that is one label longer than the closest encloser that is still a subdomain
+   * of qname.
+   *
+   * @param qname The qname.
+   * @param closestEncloser The closest encloser name.
+   * @return The next closer name.
+   */
+  private Name nextClosest(Name qname, Name closestEncloser) {
+    int strip = qname.labels() - closestEncloser.labels() - 1;
+    return (strip > 0) ? new Name(qname, strip) : qname;
+  }
+
+  /**
+   * Find the NSEC3Record that matches a hash of a name.
+   *
+   * @param name The name to find.
+   * @param zonename The name of the zone that the NSEC3s are from.
+   * @param nsec3s A list of NSEC3Records from a given message.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return The matching NSEC3Record if one is present, null otherwise.
+   */
+  private NSEC3Record findMatchingNSEC3(
+      Name name, Name zonename, List<SRRset> nsec3s, Nsec3ValidationState state) {
+    for (SRRset set : nsec3s) {
+      if (state.numCalc >= MAX_NSEC3_CALCULATIONS) {
+        if (state.numCalc == state.numCalcErrors) {
+          log.debug("NSEC3 reached max. hash calculation errors");
+          state.numCalc = MAX_NSEC3_ERRORS;
+        } else {
+          log.debug("NSEC3 reached max. hash calculations");
+        }
+        break;
+      }
+
+      try {
+        NSEC3Record nsec3 = (NSEC3Record) set.first();
+        Nsec3ValidationState.Nsec3CacheEntry hash = state.computeIfAbsent(nsec3, name);
+        Name complete = new Name(hash.getHashAsBase32(), zonename);
+        if (complete.equals(nsec3.getName())) {
+          return nsec3;
+        }
+      } catch (NoSuchAlgorithmException | TextParseException e) {
+        state.numCalcErrors++;
+        log.debug("Unrecognized NSEC3 in set: {}", set, e);
+      }
+    }
+
+    return null;
+  }
+
+  /**
+   * Given a hash and a candidate NSEC3Record, determine if that NSEC3Record covers the hash. Covers
+   * specifically means that the hash is in between the owner and next hashes and does not equal
+   * either.
+   *
+   * @param nsec3 The candidate NSEC3Record.
+   * @param zonename The zone name.
+   * @param hash The precalculated hash.
+   * @return True if the NSEC3Record covers the hash.
+   */
+  private boolean nsec3Covers(NSEC3Record nsec3, Name zonename, byte[] hash) {
+    if (!new Name(nsec3.getName(), 1).equals(zonename)) {
+      return false;
+    }
+
+    byte[] owner =
+        new base32(base32.Alphabet.BASE32HEX, false, false)
+            .fromString(nsec3.getName().getLabelString(0));
+    byte[] next = nsec3.getNext();
+
+    // This is the "normal case: owner < next and owner < hash < next
+    if (ByteArrayComparator.compare(owner, hash) < 0
+        && ByteArrayComparator.compare(hash, next) < 0) {
+      return true;
+    }
+
+    // this is the end of zone case: next <= owner AND (hash > owner OR hash < next)
+    // Otherwise, the NSEC3 does not cover the hash.
+    return ByteArrayComparator.compare(next, owner) <= 0
+        && (ByteArrayComparator.compare(hash, owner) > 0
+            || ByteArrayComparator.compare(hash, next) < 0);
+  }
+
+  /**
+   * Given a pre-hashed name, find a covering NSEC3 from among a list of NSEC3s.
+   *
+   * @param name The name to consider.
+   * @param zonename The name of the zone.
+   * @param nsec3s The list of NSEC3s present in a message.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return A covering NSEC3 if one is present, null otherwise.
+   */
+  private NSEC3Record findCoveringNSEC3(
+      Name name, Name zonename, List<SRRset> nsec3s, Nsec3ValidationState state) {
+    for (SRRset set : nsec3s) {
+      // Check if we are allowed more calculations
+      if (state.numCalc >= MAX_NSEC3_CALCULATIONS) {
+        if (state.numCalcErrors == state.numCalc) {
+          state.numCalc = MAX_NSEC3_ERRORS;
+        }
+
+        return null;
+      }
+
+      try {
+        NSEC3Record nsec3 = (NSEC3Record) set.first();
+        Nsec3ValidationState.Nsec3CacheEntry hash = state.computeIfAbsent(nsec3, name);
+        if (this.nsec3Covers(nsec3, zonename, hash.getHash())) {
+          return nsec3;
+        }
+      } catch (NoSuchAlgorithmException e) {
+        // Malformed NSEC3
+        state.numCalcErrors++;
+        log.debug("Unrecognized NSEC3 in set: {}", set, e);
+      }
+    }
+
+    return null;
+  }
+
+  /**
+   * Given a name and a list of NSEC3s, find the candidate closest encloser. This will be the first
+   * ancestor of 'name' (including itself) to have a matching NSEC3 RR.
+   *
+   * @param name The name the start with.
+   * @param zonename The name of the zone that the NSEC3s came from.
+   * @param nsec3s The list of NSEC3s.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return A CEResponse containing the closest encloser name and the NSEC3 RR that matched it, or
+   *     null if there wasn't one.
+   */
+  private CEResponse findClosestEncloser(
+      Name name, Name zonename, List<SRRset> nsec3s, Nsec3ValidationState state) {
+    // This scans from longest name to shortest, so the first match we find
+    // is the only viable candidate.
+    // FIXME: modify so that the NSEC3 matching the zone apex need not be present
+    while (name.labels() >= zonename.labels()) {
+      if (state.numCalc >= MAX_NSEC3_CALCULATIONS || state.numCalc == MAX_NSEC3_ERRORS) {
+        log.debug("NSEC3 reached max. hash calculations");
+        break;
+      }
+
+      NSEC3Record nsec3 = this.findMatchingNSEC3(name, zonename, nsec3s, state);
+      if (nsec3 != null) {
+        return new CEResponse(name, nsec3);
+      }
+
+      name = new Name(name, 1);
+    }
+
+    return null;
+  }
+
+  /**
+   * Given a List of nsec3 RRs, find and prove the closest encloser to qname.
+   *
+   * @param qname The qname in question.
+   * @param zonename The name of the zone that the NSEC3 RRs come from.
+   * @param nsec3s The list of NSEC3s found the this response (already verified).
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return A CEResponse object which contains the closest encloser name and the NSEC3 that matches
+   *     it.
+   */
+  private CEResponse proveClosestEncloser(
+      Name qname, Name zonename, List<SRRset> nsec3s, Nsec3ValidationState state) {
+    CEResponse candidate = this.findClosestEncloser(qname, zonename, nsec3s, state);
+    if (candidate == null) {
+      log.debug("Could not find a candidate for the closest encloser");
+      candidate = new CEResponse(Name.empty, null);
+      candidate.status = SecurityStatus.BOGUS;
+      return candidate;
+    }
+
+    if (candidate.closestEncloser.equals(qname)) {
+      log.debug("Proved that qname existed!");
+      candidate.status = SecurityStatus.BOGUS;
+      return candidate;
+    }
+
+    // If the closest encloser is actually a delegation, then the response
+    // should have been a referral. If it is a DNAME, then it should have
+    // been a DNAME response.
+    if (candidate.ceNsec3.hasType(Type.NS) && !candidate.ceNsec3.hasType(Type.SOA)) {
+      if (!candidate.ceNsec3.hasType(Type.DS)) {
+        candidate.status = SecurityStatus.INSECURE;
+        return candidate;
+      }
+
+      log.debug("Closest encloser was a delegation!");
+      candidate.status = SecurityStatus.BOGUS;
+      return candidate;
+    }
+
+    if (candidate.ceNsec3.hasType(Type.DNAME)) {
+      log.debug("Closest encloser was a DNAME!");
+      candidate.status = SecurityStatus.BOGUS;
+      return candidate;
+    }
+
+    // Otherwise, we need to show that the next closer name is covered.
+    Name nextClosest = this.nextClosest(qname, candidate.closestEncloser);
+    candidate.ncNsec3 = this.findCoveringNSEC3(nextClosest, zonename, nsec3s, state);
+    if (candidate.ncNsec3 == null) {
+      log.debug("Could not find proof that the closest encloser was the closest encloser");
+      candidate.status = SecurityStatus.BOGUS;
+      return candidate;
+    }
+
+    candidate.status = SecurityStatus.SECURE;
+    return candidate;
+  }
+
+  private boolean validIterations(SRRset nsec, KeyCache keyCache) {
+    SRRset dnskeyRrset = keyCache.find(nsec.getSignerName(), nsec.getDClass());
+    if (dnskeyRrset == null) {
+      return false;
+    }
+
+    // for now, we return the maximum iterations based simply on the key
+    // algorithms that may have been used to sign the NSEC3 RRsets.
+    try {
+      // Compute size of smallest ZSK key in the rrset
+      int smallestKeySize = Integer.MAX_VALUE;
+      for (Record r : dnskeyRrset.rrs(false)) {
+        DNSKEYRecord dnskey = (DNSKEYRecord) r;
+        if ((dnskey.getFlags() & DNSKEYRecord.Flags.ZONE_KEY) != DNSKEYRecord.Flags.ZONE_KEY) {
+          continue;
+        }
+
+        int keysize;
+        switch (dnskey.getAlgorithm()) {
+          case Algorithm.RSAMD5:
+            return false; // obsoleted by rfc6725
+          case Algorithm.RSASHA1:
+          case Algorithm.RSASHA256:
+          case Algorithm.RSASHA512:
+          case Algorithm.RSA_NSEC3_SHA1:
+            keysize = ((RSAPublicKey) dnskey.getPublicKey()).getModulus().bitLength();
+            break;
+          case Algorithm.DSA:
+          case Algorithm.DSA_NSEC3_SHA1:
+            keysize = ((DSAPublicKey) dnskey.getPublicKey()).getParams().getP().bitLength();
+            break;
+          case Algorithm.ECDSAP256SHA256:
+          case Algorithm.ECDSAP384SHA384:
+            keysize =
+                ((ECPublicKey) dnskey.getPublicKey())
+                    .getParams()
+                    .getCurve()
+                    .getField()
+                    .getFieldSize();
+            break;
+          case Algorithm.ECC_GOST:
+            keysize = 512;
+            break;
+          case Algorithm.ED25519:
+            keysize = 256;
+            break;
+          case Algorithm.ED448:
+            keysize = 456;
+            break;
+          default:
+            return false;
+        }
+
+        if (keysize < smallestKeySize) {
+          smallestKeySize = keysize;
+        }
+      }
+
+      // Round up to nearest config key size
+      Integer maxIterationsForKeySet = this.maxIterations.floorKey(smallestKeySize);
+      if (maxIterationsForKeySet == null) {
+        maxIterationsForKeySet = this.maxIterations.firstKey();
+      }
+
+      maxIterationsForKeySet = this.maxIterations.get(maxIterationsForKeySet);
+      return ((NSEC3Record) nsec.first()).getIterations() <= maxIterationsForKeySet;
+    } catch (DNSSECException e) {
+      log.error("Could not get public key from NSEC3 record", e);
+      return false;
+    }
+  }
+
+  /**
+   * Determine if all of the NSEC3s in a response are legally ignoreable (i.e., their presence
+   * should lead to an INSECURE result). Currently, this is solely based on iterations.
+   *
+   * @param nsec3s The list of NSEC3s. If there is more than one set of NSEC3 parameters present,
+   *     this test will not be performed.
+   * @param dnskeyRrset The set of validating DNSKEYs.
+   * @return true if all NSEC3s can be legally ignored, false if not.
+   */
+  public boolean allNSEC3sIgnorable(List<SRRset> nsec3s, KeyCache dnskeyRrset) {
+    Map<Name, NSEC3Record> foundNsecs = new HashMap<>();
+    for (SRRset set : nsec3s) {
+      for (Record r : set.rrs()) {
+        NSEC3Record current = (NSEC3Record) r;
+        Name key = new Name(current.getName(), 1);
+        NSEC3Record previous = foundNsecs.get(key);
+        if (previous != null) {
+          if (current.getHashAlgorithm() != previous.getHashAlgorithm()) {
+            return true;
+          }
+
+          if (current.getIterations() != previous.getIterations()) {
+            return true;
+          }
+
+          if (current.getSalt() == null ^ previous.getSalt() == null) {
+            return true;
+          }
+
+          if (current.getSalt() != null
+              && ByteArrayComparator.compare(current.getSalt(), previous.getSalt()) != 0) {
+            return true;
+          }
+        } else {
+          foundNsecs.put(key, current);
+        }
+      }
+    }
+
+    for (SRRset set : nsec3s) {
+      if (this.validIterations(set, dnskeyRrset)) {
+        return false;
+      }
+    }
+
+    return true;
+  }
+
+  /**
+   * Determine if the set of NSEC3 records provided with a response prove NAME ERROR. This means
+   * that the NSEC3s prove a) the closest encloser exists, b) the direct child of the closest
+   * encloser towards qname doesn't exist, and c) *.closest encloser does not exist.
+   *
+   * @param nsec3s The list of NSEC3s.
+   * @param qname The query name to check against.
+   * @param zonename This is the name of the zone that the NSEC3s belong to. This may be discovered
+   *     in any number of ways. A good one is to use the signerName from the NSEC3 record's RRSIG.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return {@link SecurityStatus#SECURE} of the Name Error is proven by the NSEC3 RRs, {@link
+   *     SecurityStatus#BOGUS} if not, {@link SecurityStatus#INSECURE} if all of the NSEC3s could be
+   *     validly ignored.
+   */
+  public SecurityStatus proveNameError(
+      List<SRRset> nsec3s, Name qname, Name zonename, Nsec3ValidationState state) {
+    if (nsec3s == null || nsec3s.isEmpty()) {
+      return SecurityStatus.BOGUS;
+    }
+
+    // First locate and prove the closest encloser to qname. We will use the
+    // variant that fails if the closest encloser turns out to be qname.
+    CEResponse ce = this.proveClosestEncloser(qname, zonename, nsec3s, state);
+
+    if (ce.status != SecurityStatus.SECURE) {
+      log.debug("Failed to prove a closest encloser");
+      return ce.status;
+    }
+
+    // At this point, we know that qname does not exist. Now we need to
+    // prove that the wildcard does not exist.
+    Name wc = this.ceWildcard(ce.closestEncloser);
+    if (wc == null) {
+      return SecurityStatus.BOGUS;
+    }
+
+    NSEC3Record nsec3 = this.findCoveringNSEC3(wc, zonename, nsec3s, state);
+    if (nsec3 == null) {
+      log.debug("Could not prove that the applicable wildcard did not exist");
+      if (state.numCalc == MAX_NSEC3_ERRORS) {
+        log.debug("NSEC3 reached max. hash calculation errors");
+        return SecurityStatus.BOGUS;
+      } else if (state.numCalc == MAX_NSEC3_CALCULATIONS) {
+        log.debug("NSEC3 reached max. hash calculations");
+        return SecurityStatus.UNCHECKED;
+      }
+
+      return SecurityStatus.BOGUS;
+    }
+
+    if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) {
+      log.debug("NSEC3 nameerror proof: nc has optout");
+      return SecurityStatus.INSECURE;
+    }
+
+    return SecurityStatus.SECURE;
+  }
+
+  /**
+   * Determine if the NSEC3s provided in a response prove the NOERROR/NODATA status. There are a
+   * number of different variants to this:
+   *
+   * <p>1) Normal NODATA -- qname is matched to an NSEC3 record, type is not present.
+   *
+   * <p>2) ENT NODATA -- because there must be NSEC3 record for empty-non-terminals, this is the
+   * same as #1.
+   *
+   * <p>3) NSEC3 ownername NODATA -- qname matched an existing, lone NSEC3 ownername, but qtype was
+   * not NSEC3. NOTE: as of nsec-05, this case no longer exists.
+   *
+   * <p>4) Wildcard NODATA -- A wildcard matched the name, but not the type.
+   *
+   * <p>5) Opt-In DS NODATA -- the qname is covered by an opt-in span and qtype == DS. (or maybe
+   * some future record with the same parent-side-only property)
+   *
+   * @param nsec3s The NSEC3Records to consider.
+   * @param qname The qname in question.
+   * @param qtype The qtype in question.
+   * @param zonename The name of the zone that the NSEC3s came from.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return {@link SecurityStatus#SECURE} if the NSEC3s prove the proposition, {@link
+   *     SecurityStatus#INSECURE} if qname is under opt-out, {@link SecurityStatus#BOGUS} otherwise.
+   */
+  public JustifiedSecStatus proveNodata(
+      List<SRRset> nsec3s, Name qname, int qtype, Name zonename, Nsec3ValidationState state) {
+    if (nsec3s == null || nsec3s.isEmpty()) {
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, ExtendedErrorCodeOption.NSEC_MISSING, R.get("failed.nsec3.none"));
+    }
+
+    NSEC3Record nsec3 = this.findMatchingNSEC3(qname, zonename, nsec3s, state);
+    // Cases 1 & 2.
+    if (nsec3 != null) {
+      if (nsec3.hasType(qtype)) {
+        log.debug("Matching NSEC3 proved that type existed!");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.type_exists"));
+      }
+
+      if (nsec3.hasType(Type.CNAME)) {
+        log.debug("Matching NSEC3 proved that a CNAME existed!");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.cname_exists"));
+      }
+
+      if (qtype == Type.DS && nsec3.hasType(Type.SOA) && !Name.root.equals(qname)) {
+        log.debug("Apex NSEC3 abused for no DS proof, bogus");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.apex_abuse"));
+      } else if (qtype != Type.DS && nsec3.hasType(Type.NS) && !nsec3.hasType(Type.SOA)) {
+        if (!nsec3.hasType(Type.DS)) {
+          log.debug("Matching NSEC3 is insecure delegation");
+          return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null);
+        }
+
+        log.debug("Matching NSEC3 is a delegation, bogus");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.delegation"));
+      }
+
+      return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null);
+    }
+
+    if (state.numCalc == MAX_NSEC3_ERRORS) {
+      log.debug("NSEC3 reached max. hash calculation errors");
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.hash_errors"));
+    } else if (state.numCalc == MAX_NSEC3_CALCULATIONS) {
+      log.debug("NSEC3 reached max. hash calculations");
+      return new JustifiedSecStatus(SecurityStatus.UNCHECKED, -1, null);
+    }
+
+    // For cases 3 - 5, we need the proven closest encloser, and it can't
+    // match qname. Although, at this point, we know that it won't since we
+    // just checked that.
+    CEResponse ce = this.proveClosestEncloser(qname, zonename, nsec3s, state);
+
+    // At this point, not finding a match or a proven closest encloser is a
+    // problem.
+    if (ce.status == SecurityStatus.BOGUS) {
+      log.debug("Did not match qname, nor found a proven closest encloser");
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.qname_ce"));
+    } else if (ce.status == SecurityStatus.INSECURE && qtype != Type.DS) {
+      log.debug("Closest NSEC3 is insecure delegation");
+      return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null);
+    } else if (ce.status == SecurityStatus.UNCHECKED) {
+      return new JustifiedSecStatus(SecurityStatus.UNCHECKED, -1, null);
+    }
+
+    // Case 3: REMOVED
+
+    // Case 4:
+    Name wc = this.ceWildcard(ce.closestEncloser);
+    nsec3 = this.findMatchingNSEC3(wc, zonename, nsec3s, state);
+    if (nsec3 != null) {
+      if (nsec3.hasType(qtype)) {
+        log.debug("Matching wildcard has qtype {}", Type.string(qtype));
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.type_exists_wc"));
+      } else if (nsec3.hasType(Type.CNAME)) {
+        log.debug("Matching wildcard has a CNAME, bogus");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.cname_exists_wc"));
+      }
+
+      if (qtype == Type.DS && qname.labels() != 1 && nsec3.hasType(Type.SOA)) {
+        log.debug("Matching wildcard for no DS proof has a SOA, bogus");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.wc_soa"));
+      } else if (qtype != Type.DS && nsec3.hasType(Type.NS) && !nsec3.hasType(Type.SOA)) {
+        log.debug("Matching wildcard is a delegation, bogus");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.delegation_wc"));
+      }
+
+      if (ce.ncNsec3 != null && (ce.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) {
+        log.debug("Matching wildcard is in opt-out range, insecure");
+        return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null);
+      }
+
+      return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null);
+    }
+
+    if (state.numCalc == MAX_NSEC3_ERRORS) {
+      log.debug("NSEC3 reached max. hash calculation errors");
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.wc.hash_errors"));
+    } else if (state.numCalc == MAX_NSEC3_CALCULATIONS) {
+      log.debug("NSEC3 reached max. hash calculations");
+      return new JustifiedSecStatus(SecurityStatus.UNCHECKED, -1, null);
+    }
+
+    // Case 5.
+    // Due to forwarders, cnames, and other collating effects, we
+    // can see the ordinary unsigned data from a zone beneath an
+    // insecure delegation under an optout here */
+    if (ce.ncNsec3 == null) {
+      log.debug("No next closer NSEC3");
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, NSEC_MISSING, R.get("failed.nsec3.no_next"));
+    }
+
+    // We need to make sure that the covering NSEC3 is opt-out.
+    if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) == 0) {
+      if (qtype != Type.DS) {
+        log.debug("Covering NSEC3 was not opt-out in an opt-out DS NOERROR/NODATA case");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.not_optout"));
+      } else {
+        log.debug(
+            "Could not find matching NSEC3, nor matching wildcard, and qtype is not DS -- no more options");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, NSEC_MISSING, R.get("failed.nsec3.not_found"));
+      }
+    }
+
+    // RFC5155 section 9.2: if nc has optout then no AD flag set
+    return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null);
+  }
+
+  /**
+   * Prove that a positive wildcard match was appropriate (no direct match RRset).
+   *
+   * @param nsec3s The NSEC3 records to work with.
+   * @param qname The qname that was matched to the wildard
+   * @param zonename The name of the zone that the NSEC3s come from.
+   * @param wildcard The purported wildcard that matched.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return {@link SecurityStatus#SECURE} if the NSEC3 records prove this case.
+   */
+  public SecurityStatus proveWildcard(
+      List<SRRset> nsec3s, Name qname, Name zonename, Name wildcard, Nsec3ValidationState state) {
+    if (nsec3s == null || nsec3s.isEmpty() || qname == null || wildcard == null) {
+      return SecurityStatus.BOGUS;
+    }
+
+    // We know what the (purported) closest encloser is by just looking at
+    // the supposed generating wildcard.
+    CEResponse candidate = new CEResponse(new Name(wildcard, 1), null);
+
+    // Now we still need to prove that the original data did not exist.
+    // Otherwise, we need to show that the next closer name is covered.
+    Name nextClosest = this.nextClosest(qname, candidate.closestEncloser);
+    candidate.ncNsec3 = this.findCoveringNSEC3(nextClosest, zonename, nsec3s, state);
+
+    if (candidate.ncNsec3 == null) {
+      log.debug(
+          "did not find a covering NSEC3 that covered the next closer name to {} from {} (derived from wildcard {})",
+          qname,
+          candidate.closestEncloser,
+          wildcard);
+      return SecurityStatus.BOGUS;
+    }
+
+    if ((candidate.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) {
+      return SecurityStatus.INSECURE;
+    }
+
+    return SecurityStatus.SECURE;
+  }
+
+  /**
+   * Prove that a DS response either had no DS, or wasn't a delegation point.
+   *
+   * <p>Fundamentally there are two cases here: normal NODATA and Opt-In NODATA.
+   *
+   * @param nsec3s The NSEC3 RRs to examine.
+   * @param qname The name of the DS in question.
+   * @param zonename The name of the zone that the NSEC3 RRs come from.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return SecurityStatus.SECURE if it was proven that there is no DS in a secure (i.e., not
+   *     opt-in) way, {@link SecurityStatus#INSECURE} if there was no DS in an insecure (i.e.,
+   *     opt-in) way, {@link SecurityStatus#INDETERMINATE} if it was clear that this wasn't a
+   *     delegation point, and {@link SecurityStatus#BOGUS} if the proofs don't work out.
+   */
+  public SecurityStatus proveNoDS(
+      List<SRRset> nsec3s, Name qname, Name zonename, Nsec3ValidationState state) {
+    if (nsec3s == null || nsec3s.isEmpty()) {
+      return SecurityStatus.BOGUS;
+    }
+
+    // Look for a matching NSEC3 to qname -- this is the normal NODATA case.
+    NSEC3Record nsec3 = this.findMatchingNSEC3(qname, zonename, nsec3s, state);
+
+    if (nsec3 != null) {
+      // If the matching NSEC3 has the SOA bit set, it is from the wrong
+      // zone (the child instead of the parent). If it has the DS bit set,
+      // then we were lied to.
+      if (nsec3.hasType(Type.SOA) || nsec3.hasType(Type.DS)) {
+        return SecurityStatus.BOGUS;
+      }
+
+      // If the NSEC3 RR doesn't have the NS bit set, then this wasn't a
+      // delegation point.
+      if (!nsec3.hasType(Type.NS)) {
+        return SecurityStatus.INDETERMINATE;
+      }
+
+      // Otherwise, this proves no DS.
+      return SecurityStatus.SECURE;
+    }
+
+    // Otherwise, we are probably in the opt-out case.
+    CEResponse ce = this.proveClosestEncloser(qname, zonename, nsec3s, state);
+    if (ce.status != SecurityStatus.SECURE) {
+      return SecurityStatus.BOGUS;
+    }
+
+    // If we had the closest encloser proof, then we need to check that the
+    // covering NSEC3 was opt-in -- the proveClosestEncloser step already
+    // checked to see if the closest encloser was a delegation or DNAME.
+    if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) != Flags.OPT_OUT) {
+      return SecurityStatus.BOGUS;
+    }
+
+    // RFC5155 section 9.2: if nc has optout then no AD flag set
+    return SecurityStatus.INSECURE;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/Nsec3ValidationState.java b/src/main/java/org/xbill/DNS/dnssec/Nsec3ValidationState.java
new file mode 100644
index 000000000..1771f0df3
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/Nsec3ValidationState.java
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.math.BigInteger;
+import java.security.NoSuchAlgorithmException;
+import java.util.HashMap;
+import java.util.Map;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import org.xbill.DNS.NSEC3Record;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.utils.base32;
+
+/**
+ * Cache for NSEC3 hashes and to keep track of the number of hash calculations as well as
+ * calculation errors.
+ */
+class Nsec3ValidationState {
+  private static final base32 b32 = new base32(base32.Alphabet.BASE32HEX, false, false);
+
+  private final Map<String, Nsec3CacheEntry> cache = new HashMap<>();
+
+  int numCalc;
+  int numCalcErrors;
+
+  public Nsec3CacheEntry computeIfAbsent(NSEC3Record nsec3, Name name)
+      throws NoSuchAlgorithmException {
+    String key = key(nsec3, name);
+    Nsec3CacheEntry entry = cache.get(key);
+    if (entry == null) {
+      byte[] hash = nsec3.hashName(name);
+      entry = new Nsec3CacheEntry(hash);
+      cache.put(key, entry);
+      numCalc++;
+    }
+
+    return entry;
+  }
+
+  @RequiredArgsConstructor
+  static class Nsec3CacheEntry {
+    @Getter private final byte[] hash;
+    private String asBase32;
+
+    String getHashAsBase32() {
+      if (asBase32 == null) {
+        asBase32 = b32.toString(hash);
+      }
+
+      return asBase32;
+    }
+  }
+
+  private String key(NSEC3Record nsec3, Name name) {
+    return name
+        + "/"
+        + nsec3.getHashAlgorithm()
+        + "/"
+        + nsec3.getIterations()
+        + "/"
+        + (nsec3.getSalt() == null ? "-" : new BigInteger(nsec3.getSalt()).toString());
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/R.java b/src/main/java/org/xbill/DNS/dnssec/R.java
new file mode 100644
index 000000000..d9054f284
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/R.java
@@ -0,0 +1,70 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.text.MessageFormat;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+/**
+ * Utility class to retrieve messages from {@link ResourceBundle}s.
+ *
+ * @since 3.5
+ */
+public final class R {
+  private static ResourceBundle rb;
+  private static boolean useNeutral;
+
+  private R() {}
+
+  /**
+   * Programmatically set the ResourceBundle to be used.
+   *
+   * @param resourceBundle the bundle to be used.
+   */
+  public static void setBundle(ResourceBundle resourceBundle) {
+    R.rb = resourceBundle;
+  }
+
+  /**
+   * If set to {@code true}, messages will not be obtained from resource bundles but formatted as
+   * {@code key:param1:...:paramN}.
+   *
+   * @param useNeutral {@code true} to use neutral messages, {@code false} otherwise
+   */
+  public static void setUseNeutralMessages(boolean useNeutral) {
+    R.useNeutral = useNeutral;
+  }
+
+  /**
+   * Gets a translated message.
+   *
+   * @param key The message key to retrieve.
+   * @param values The values that fill placeholders in the message.
+   * @return The formatted message.
+   */
+  public static String get(String key, Object... values) {
+    if (useNeutral) {
+      return getNeutral(key, values);
+    }
+
+    try {
+      if (R.rb == null) {
+        rb = ResourceBundle.getBundle("messages");
+      }
+
+      return MessageFormat.format(rb.getString(key), values);
+    } catch (MissingResourceException e) {
+      return getNeutral(key, values);
+    }
+  }
+
+  private static String getNeutral(String key, Object[] values) {
+    StringBuilder sb = new StringBuilder(key);
+    for (Object val : values) {
+      sb.append(":");
+      sb.append(val);
+    }
+
+    return sb.toString();
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/ResponseClassification.java b/src/main/java/org/xbill/DNS/dnssec/ResponseClassification.java
new file mode 100644
index 000000000..195ba132c
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/ResponseClassification.java
@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+/**
+ * These are response subtypes. They are necessary for determining the validation strategy. They
+ * have no bearing on the iterative resolution algorithm, so they are confined here.
+ *
+ * @since 3.5
+ */
+enum ResponseClassification {
+  /** Not a recognized subtype. */
+  UNKNOWN,
+
+  /** A postive, direct, response. */
+  POSITIVE,
+
+  /** A postive response, with a CNAME/DNAME chain. */
+  CNAME,
+
+  /** A NOERROR/NODATA response. */
+  NODATA,
+
+  /** A NXDOMAIN response. */
+  NAMEERROR,
+
+  /** A response to a qtype=ANY query. */
+  ANY,
+
+  /** A response with CNAMES that points to a non-existing type. */
+  CNAME_NODATA,
+
+  /** A response with CNAMES that points into the void. */
+  CNAME_NAMEERROR,
+
+  /** A referral, from cache with a nonRD query. */
+  REFERRAL,
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/SMessage.java b/src/main/java/org/xbill/DNS/dnssec/SMessage.java
new file mode 100644
index 000000000..eab60573a
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/SMessage.java
@@ -0,0 +1,347 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Header;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.OPTRecord;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+/**
+ * This class represents a DNS message with validator state and some utility methods.
+ *
+ * @since 3.5
+ */
+@Slf4j
+final class SMessage {
+  private static final int NUM_SECTIONS = 3;
+  private static final int MAX_FLAGS = 16;
+  private static final int EXTENDED_FLAGS_BIT_OFFSET = 4;
+
+  private final Header header;
+  private Record question;
+  private OPTRecord oPTRecord;
+  private final List<SRRset>[] sections;
+  private SecurityStatus securityStatus;
+  private String bogusReason;
+  private int edeReason = -1;
+
+  /**
+   * Creates a instance of this class.
+   *
+   * @param h The header of the original message.
+   */
+  @SuppressWarnings("unchecked")
+  public SMessage(Header h) {
+    this.sections = (List<SRRset>[]) new List<?>[NUM_SECTIONS];
+    this.header = h;
+    this.securityStatus = SecurityStatus.UNCHECKED;
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param id The ID of the DNS query or response message.
+   * @param question The question section of the query or response.
+   */
+  public SMessage(int id, Record question) {
+    this(new Header(id));
+    this.question = question;
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param m The DNS message to wrap.
+   */
+  public SMessage(Message m) {
+    this(m.getHeader());
+    this.question = m.getQuestion();
+    this.oPTRecord = m.getOPT();
+
+    for (int i = Section.ANSWER; i <= Section.ADDITIONAL; i++) {
+      for (RRset rrset : m.getSectionRRsets(i)) {
+        this.addRRset(new SRRset(rrset), i);
+      }
+    }
+  }
+
+  /**
+   * Gets the header of this message.
+   *
+   * @return The header of this message.
+   */
+  public Header getHeader() {
+    return this.header;
+  }
+
+  /**
+   * Gets the question section of this message.
+   *
+   * @return The question section of this message.
+   */
+  public Record getQuestion() {
+    return this.question;
+  }
+
+  /**
+   * Gets signed RRsets for the queried section.
+   *
+   * @param section The section whose RRsets are demanded.
+   * @return Signed RRsets for the queried section.
+   */
+  public List<SRRset> getSectionRRsets(int section) {
+    this.checkSectionValidity(section);
+
+    if (this.sections[section - 1] == null) {
+      this.sections[section - 1] = new LinkedList<>();
+    }
+
+    return this.sections[section - 1];
+  }
+
+  private void addRRset(SRRset srrset, int section) {
+    this.checkSectionValidity(section);
+
+    if (srrset.getType() == Type.OPT) {
+      this.oPTRecord = (OPTRecord) srrset.first();
+      return;
+    }
+
+    List<SRRset> sectionList = this.getSectionRRsets(section);
+    sectionList.add(srrset);
+  }
+
+  private void checkSectionValidity(int section) {
+    if (section <= Section.QUESTION || section > Section.ADDITIONAL) {
+      throw new IllegalArgumentException("Invalid section");
+    }
+  }
+
+  /**
+   * Gets signed RRsets for the queried section.
+   *
+   * @param section The section whose RRsets are demanded.
+   * @param qtype Filter the results for these record types.
+   * @return Signed RRsets for the queried section.
+   */
+  public List<SRRset> getSectionRRsets(int section, int qtype) {
+    List<SRRset> slist = this.getSectionRRsets(section);
+
+    if (slist.isEmpty()) {
+      return Collections.emptyList();
+    }
+
+    List<SRRset> result = new ArrayList<>(slist.size());
+    for (SRRset rrset : slist) {
+      if (rrset.getType() == qtype) {
+        result.add(rrset);
+      }
+    }
+
+    return result;
+  }
+
+  /**
+   * Gets the result code of the response message.
+   *
+   * @return The result code of the response message.
+   */
+  public int getRcode() {
+    int rcode = this.header.getRcode();
+    if (this.oPTRecord != null) {
+      rcode += this.oPTRecord.getExtendedRcode() << EXTENDED_FLAGS_BIT_OFFSET;
+    }
+
+    return rcode;
+  }
+
+  /**
+   * Gets the security status of this message.
+   *
+   * @return The security status of this message.
+   */
+  public SecurityStatus getStatus() {
+    return this.securityStatus;
+  }
+
+  /**
+   * Sets the security status for this message.
+   *
+   * @param status the new security status for this message.
+   */
+  public void setStatus(SecurityStatus status, int edeReason) {
+    setStatus(status, edeReason, null);
+  }
+
+  /**
+   * Sets the security status for this message.
+   *
+   * @param status the new security status for this message.
+   * @param reason Why this message's status is set as indicated.
+   */
+  public void setStatus(SecurityStatus status, int edeReason, String reason) {
+    this.securityStatus = status;
+    this.edeReason = edeReason;
+    this.bogusReason = reason;
+    if (reason != null) {
+      log.debug("Setting bad reason for message to {}", reason);
+    }
+  }
+
+  /**
+   * Sets the security status of this message to bogus and sets the reason.
+   *
+   * @param reason Why this message's status is bogus.
+   */
+  public void setBogus(String reason) {
+    setStatus(SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, reason);
+  }
+
+  /**
+   * Sets the security status of this message to bogus and sets the reason.
+   *
+   * @param reason Why this message's status is bogus.
+   */
+  public void setBogus(String reason, int edeReason) {
+    setStatus(SecurityStatus.BOGUS, edeReason, reason);
+  }
+
+  /**
+   * Gets the reason why this messages' status is bogus.
+   *
+   * @return The reason why this messages' status is bogus.
+   */
+  public String getBogusReason() {
+    return this.bogusReason;
+  }
+
+  /**
+   * Gets the {@link org.xbill.DNS.ExtendedErrorCodeOption} reason why this messages' status is
+   * bogus.
+   */
+  public int getEdeReason() {
+    return this.edeReason;
+  }
+
+  /**
+   * Gets this message as a standard DNSJAVA message.
+   *
+   * @return This message as a standard DNSJAVA message.
+   */
+  public Message getMessage() {
+    // Generate our new message.
+    Message m = new Message(this.header.getID());
+
+    // Convert the header
+    // We do this for two reasons:
+    // 1) setCount() is package scope, so we can't do that, and
+    // 2) setting the header on a message after creating the
+    // message frequently gets stuff out of sync, leading to malformed wire
+    // format messages.
+    Header h = m.getHeader();
+    h.setOpcode(this.header.getOpcode());
+    h.setRcode(this.header.getRcode());
+    for (int i = 0; i < MAX_FLAGS; i++) {
+      if (Flags.isFlag(i) && this.header.getFlag(i)) {
+        h.setFlag(i);
+      }
+    }
+
+    // Add all the records. -- this will set the counts correctly in the
+    // message header.
+    if (this.question != null) {
+      m.addRecord(this.question, Section.QUESTION);
+    }
+
+    for (int sec = Section.ANSWER; sec <= Section.ADDITIONAL; sec++) {
+      List<SRRset> slist = this.getSectionRRsets(sec);
+      for (SRRset rrset : slist) {
+        for (Record j : rrset.rrs()) {
+          m.addRecord(j, sec);
+        }
+
+        for (RRSIGRecord j : rrset.sigs()) {
+          m.addRecord(j, sec);
+        }
+      }
+    }
+
+    if (this.oPTRecord != null) {
+      m.addRecord(this.oPTRecord, Section.ADDITIONAL);
+    }
+
+    return m;
+  }
+
+  /**
+   * Gets the number of records.
+   *
+   * @param section The section for which the records are counted.
+   * @return The number of records for the queried section.
+   */
+  public int getCount(int section) {
+    if (section == Section.QUESTION) {
+      return 1;
+    }
+
+    List<SRRset> sectionList = this.getSectionRRsets(section);
+    if (sectionList.isEmpty()) {
+      return 0;
+    }
+
+    int count = 0;
+    for (SRRset sr : sectionList) {
+      count += sr.size();
+    }
+
+    return count;
+  }
+
+  /**
+   * Find a specific (S)RRset in a given section.
+   *
+   * @param name the name of the RRset.
+   * @param type the type of the RRset.
+   * @param dclass the class of the RRset.
+   * @param section the section to look in (ANSWER to ADDITIONAL)
+   * @return The SRRset if found, null otherwise.
+   */
+  public SRRset findRRset(Name name, int type, int dclass, int section) {
+    this.checkSectionValidity(section);
+
+    for (SRRset set : this.getSectionRRsets(section)) {
+      if (set.getName().equals(name) && set.getType() == type && set.getDClass() == dclass) {
+        return set;
+      }
+    }
+
+    return null;
+  }
+
+  /**
+   * Find an "answer" RRset. This will look for RRsets in the ANSWER section that match the
+   * &lt;qname,qtype,qclass&gt;, without considering CNAMEs.
+   *
+   * @param qname The starting search name.
+   * @param qtype The search type.
+   * @param qclass The search class.
+   * @return a SRRset matching the query.
+   */
+  public SRRset findAnswerRRset(Name qname, int qtype, int qclass) {
+    return this.findRRset(qname, qtype, qclass, Section.ANSWER);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/SRRset.java b/src/main/java/org/xbill/DNS/dnssec/SRRset.java
new file mode 100644
index 000000000..fc5b19d02
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/SRRset.java
@@ -0,0 +1,107 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.util.List;
+import lombok.EqualsAndHashCode;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Record;
+
+/**
+ * An extended version of {@link RRset} that adds the indication of DNSSEC security status.
+ *
+ * @since 3.5
+ */
+@EqualsAndHashCode(
+    callSuper = true,
+    of = {"securityStatus", "ownerName"})
+class SRRset extends RRset {
+  private SecurityStatus securityStatus;
+  private Name ownerName;
+
+  /** Create a new, blank SRRset. */
+  public SRRset() {
+    super();
+    this.securityStatus = SecurityStatus.UNCHECKED;
+  }
+
+  /**
+   * Create a new SRRset with one record.
+   *
+   * @param r The record to add to the RRset.
+   */
+  public SRRset(Record r) {
+    super(r);
+    this.securityStatus = SecurityStatus.UNCHECKED;
+  }
+
+  /**
+   * Create a new SRRset from an existing RRset. This SRRset will contain the same internal {@link
+   * Record} objects as the original RRset.
+   *
+   * @param r The RRset to copy.
+   */
+  public SRRset(RRset r) {
+    super(r);
+    this.securityStatus = SecurityStatus.UNCHECKED;
+  }
+
+  /**
+   * Create a new SRRset from an existing SRRset. This SRRset will contain the same internal {@link
+   * Record} objects as the original SRRset.
+   *
+   * @param r The RRset to copy.
+   */
+  public SRRset(SRRset r) {
+    super(r);
+    this.securityStatus = r.securityStatus;
+    this.ownerName = r.ownerName;
+  }
+
+  /**
+   * Return the current security status (generally: {@link SecurityStatus#UNCHECKED}, {@link
+   * SecurityStatus#BOGUS}, or {@link SecurityStatus#SECURE}).
+   *
+   * @return The security status for this set, {@link SecurityStatus#UNCHECKED} if it has never been
+   *     set manually.
+   */
+  public SecurityStatus getSecurityStatus() {
+    return this.securityStatus;
+  }
+
+  /**
+   * Set the current security status for this SRRset.
+   *
+   * @param status The new security status for this set.
+   */
+  public void setSecurityStatus(SecurityStatus status) {
+    this.securityStatus = status;
+  }
+
+  /** The "signer" name for this {@link SRRset}, if signed, or {@code null} if not. */
+  public Name getSignerName() {
+    List<RRSIGRecord> sigs = sigs();
+    if (!sigs.isEmpty()) {
+      return sigs.get(0).getSigner();
+    }
+
+    return null;
+  }
+
+  @Override
+  public Name getName() {
+    return this.ownerName == null ? super.getName() : this.ownerName;
+  }
+
+  /**
+   * Set the name of the records.
+   *
+   * @param ownerName the {@link Name} to override the original name with.
+   */
+  public void setName(Name ownerName) {
+    this.ownerName = ownerName;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/SecurityStatus.java b/src/main/java/org/xbill/DNS/dnssec/SecurityStatus.java
new file mode 100644
index 000000000..399e8c7e7
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/SecurityStatus.java
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+/**
+ * Codes for DNSSEC security statuses.
+ *
+ * @since 3.5
+ */
+public enum SecurityStatus {
+  /** UNCHECKED means that object has yet to be validated. */
+  UNCHECKED,
+
+  /**
+   * BOGUS means that the object (RRset or message) failed to validate (according to local policy),
+   * but should have validated.
+   */
+  BOGUS,
+
+  /**
+   * INDTERMINATE means that the object is insecure, but not authoritatively so. Generally this
+   * means that the RRset is not below a configured trust anchor.
+   */
+  INDETERMINATE,
+
+  /**
+   * INSECURE means that the object is authoritatively known to be insecure. Generally this means
+   * that this RRset is below a trust anchor, but also below a verified, insecure delegation.
+   */
+  INSECURE,
+
+  /** SECURE means that the object (RRset or message) validated according to local policy. */
+  SECURE,
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/TrustAnchorStore.java b/src/main/java/org/xbill/DNS/dnssec/TrustAnchorStore.java
new file mode 100644
index 000000000..3225e8dad
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/TrustAnchorStore.java
@@ -0,0 +1,36 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.util.Collection;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+
+/**
+ * Storage for DS or DNSKEY records that are known to be trusted.
+ *
+ * @since 3.6
+ */
+public interface TrustAnchorStore {
+  /**
+   * Stores the given {@link RRset} as known trusted keys.
+   *
+   * @param rrset The key set to store as trusted.
+   */
+  void store(RRset rrset);
+
+  /**
+   * Gets the closest trusted key for the given name or {@code null} if no match is found.
+   *
+   * @param name The name to search for.
+   * @param dclass The {@link DClass} of the keys.
+   * @return The closest found key for {@code name} or {@code null}.
+   */
+  RRset find(Name name, int dclass);
+
+  /** Removes all stored trust anchors. */
+  void clear();
+
+  /** Gets all trust anchors currently in use. */
+  Collection<RRset> items();
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java
new file mode 100644
index 000000000..46553b0e1
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java
@@ -0,0 +1,1139 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2007-2024 NLnet Labs
+// Copyright (c) 2013-2024 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.interfaces.RSAPublicKey;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.atomic.AtomicInteger;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.NSECRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.NameTooLongException;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+/**
+ * This is a collection of routines encompassing the logic of validating different message types.
+ *
+ * @since 3.5
+ */
+@Slf4j
+final class ValUtils {
+  public static final String DIGEST_PREFERENCE = "dnsjava.dnssec.digest_preference";
+  public static final String DIGEST_ENABLED = "dnsjava.dnssec.digest";
+  public static final String DIGEST_HARDEN_DOWNGRADE = "dnsjava.dnssec.harden_algo_downgrade";
+  public static final String ALGORITHM_ENABLED = "dnsjava.dnssec.algorithm";
+  public static final String ALGORITHM_RSA_MIN_KEY_SIZE =
+      "dnsjava.dnssec.algorithm_rsa_min_key_size";
+  public static final String MAX_DS_MATCH_FAILURES_PROPERTY =
+      "dnsjava.dnssec.max_ds_match_failures";
+
+  private static final Name WILDCARD = Name.fromConstantString("*");
+
+  /** A local copy of the verifier object. */
+  private final DnsSecVerifier verifier;
+
+  private int[] digestPreference = null;
+  private Properties config = null;
+  private boolean digestHardenDowngrade = true;
+  private int minRsaKeySize = 1024;
+  private boolean hasGost;
+  private boolean hasEd25519;
+  private boolean hasEd448;
+  private int maxDsMatchFailures = 4;
+
+  /** Creates a new instance of this class. */
+  public ValUtils() {
+    hasGost = Security.getProviders("MessageDigest.GOST3411") != null;
+    hasEd25519 = Security.getProviders("KeyFactory.Ed25519") != null;
+    hasEd448 = Security.getProviders("KeyFactory.Ed448") != null;
+    this.verifier = new DnsSecVerifier(this);
+  }
+
+  /**
+   * Set the owner name of NSEC RRsets to the canonical name, i.e. the name that is <b>not</b>
+   * expanded from a wildcard label.
+   *
+   * @param set The RRset to canonicalize.
+   * @param sig The signature that validated this RRset.
+   */
+  public static void setCanonicalNsecOwner(SRRset set, RRSIGRecord sig) {
+    if (set.getType() != Type.NSEC) {
+      return;
+    }
+
+    Record nsec = set.first();
+    int fqdnLabelCount = nsec.getName().labels() - 1; // don't count the root label
+    if (nsec.getName().isWild()) {
+      --fqdnLabelCount; // don't count the wildcard label
+    }
+
+    if (sig.getLabels() == fqdnLabelCount) {
+      set.setName(nsec.getName());
+    } else if (sig.getLabels() < fqdnLabelCount) {
+      set.setName(nsec.getName().wild(sig.getSigner().labels() - sig.getLabels()));
+    } else {
+      throw new IllegalArgumentException("invalid nsec record");
+    }
+  }
+
+  /**
+   * Initialize the module. The recognized configuration values are:
+   *
+   * <ul>
+   *   <li>{@value #DIGEST_PREFERENCE}
+   *   <li>{@value #DIGEST_HARDEN_DOWNGRADE}
+   *   <li>{@value #DIGEST_ENABLED}
+   *   <li>{@value #ALGORITHM_ENABLED}
+   *   <li>{@value #ALGORITHM_RSA_MIN_KEY_SIZE}
+   * </ul>
+   *
+   * @param config The configuration data for this module.
+   */
+  public void init(Properties config) {
+    hasGost = Security.getProviders("MessageDigest.GOST3411") != null;
+    hasEd25519 = Security.getProviders("KeyFactory.Ed25519") != null;
+    hasEd448 = Security.getProviders("KeyFactory.Ed448") != null;
+    this.config = config;
+    String dp = config.getProperty(DIGEST_PREFERENCE);
+    if (dp != null) {
+      String[] dpdata = dp.split(",");
+      this.digestPreference = new int[dpdata.length];
+      for (int i = 0; i < dpdata.length; i++) {
+        this.digestPreference[i] = Integer.parseInt(dpdata[i]);
+        if (!isDigestSupported(this.digestPreference[i])) {
+          throw new IllegalArgumentException(
+              "Unsupported or disabled digest ID in digest preferences");
+        }
+      }
+    }
+
+    this.digestHardenDowngrade =
+        Boolean.parseBoolean(config.getProperty(DIGEST_HARDEN_DOWNGRADE, Boolean.TRUE.toString()));
+    this.minRsaKeySize =
+        Integer.parseInt(
+            config.getProperty(ALGORITHM_RSA_MIN_KEY_SIZE, Integer.toString(minRsaKeySize)));
+    this.maxDsMatchFailures =
+        Integer.parseInt(
+            config.getProperty(
+                MAX_DS_MATCH_FAILURES_PROPERTY, Integer.toString(maxDsMatchFailures)));
+    this.verifier.init(config);
+  }
+
+  /**
+   * Given a response, classify ANSWER responses into a subtype.
+   *
+   * @param request The original query message.
+   * @param m The response to classify.
+   * @return A subtype ranging from UNKNOWN to NAMEERROR.
+   */
+  public static ResponseClassification classifyResponse(Message request, SMessage m) {
+    // Normal Name Error's are easy to detect -- but don't mistake a CNAME
+    // chain ending in NXDOMAIN.
+    if (m.getRcode() == Rcode.NXDOMAIN && m.getCount(Section.ANSWER) == 0) {
+      return ResponseClassification.NAMEERROR;
+    }
+
+    // check for referral: nonRD query and it looks like a nodata
+    if (!request.getHeader().getFlag(Flags.RD)
+        && m.getCount(Section.ANSWER) == 0
+        && m.getRcode() != Rcode.NOERROR) {
+      // SOA record in auth indicates it is NODATA instead.
+      // All validation requiring NODATA messages have SOA in
+      // authority section.
+      // uses fact that answer section is empty
+      boolean sawNs = false;
+      for (RRset set : m.getSectionRRsets(Section.AUTHORITY)) {
+        if (set.getType() == Type.SOA) {
+          return ResponseClassification.NODATA;
+        }
+
+        if (set.getType() == Type.DS) {
+          return ResponseClassification.REFERRAL;
+        }
+
+        if (set.getType() == Type.NS) {
+          sawNs = true;
+        }
+      }
+
+      return sawNs ? ResponseClassification.REFERRAL : ResponseClassification.NODATA;
+    }
+
+    // root referral where NS set is in the answer section
+    if (m.getSectionRRsets(Section.AUTHORITY).isEmpty()
+        && m.getSectionRRsets(Section.ANSWER).size() == 1
+        && m.getRcode() == Rcode.NOERROR
+        && m.getSectionRRsets(Section.ANSWER).get(0).getType() == Type.NS
+        && !m.getSectionRRsets(Section.ANSWER)
+            .get(0)
+            .getName()
+            .equals(request.getQuestion().getName())) {
+      return ResponseClassification.REFERRAL;
+    }
+
+    // dump bad messages
+    if (m.getRcode() != Rcode.NOERROR && m.getRcode() != Rcode.NXDOMAIN) {
+      return ResponseClassification.UNKNOWN;
+    }
+
+    // Next is NODATA
+    if (m.getRcode() == Rcode.NOERROR && m.getCount(Section.ANSWER) == 0) {
+      return ResponseClassification.NODATA;
+    }
+
+    // We distinguish between CNAME response and other positive/negative
+    // responses because CNAME answers require extra processing.
+    int qtype = m.getQuestion().getType();
+
+    // We distinguish between ANY and CNAME or POSITIVE because ANY
+    // responses are validated differently.
+    if (qtype == Type.ANY) {
+      return ResponseClassification.ANY;
+    }
+
+    boolean hadCname = false;
+    for (RRset set : m.getSectionRRsets(Section.ANSWER)) {
+      if (set.getType() == qtype) {
+        return ResponseClassification.POSITIVE;
+      }
+
+      if (set.getType() == Type.CNAME || set.getType() == Type.DNAME) {
+        hadCname = true;
+        if (qtype == Type.DS) {
+          return ResponseClassification.CNAME;
+        }
+      }
+    }
+
+    if (hadCname) {
+      if (m.getRcode() == Rcode.NXDOMAIN) {
+        return ResponseClassification.CNAME_NAMEERROR;
+      } else {
+        return ResponseClassification.CNAME_NODATA;
+      }
+    }
+
+    log.warn("Failed to classify response message:\n{}", m);
+    return ResponseClassification.UNKNOWN;
+  }
+
+  /**
+   * Given a DS rrset and a DNSKEY rrset, match the DS to a DNSKEY and verify the DNSKEY rrset with
+   * that key.
+   *
+   * @param dnskeyRrset The DNSKEY rrset to match against. The security status of this rrset will be
+   *     updated on a successful verification.
+   * @param dsRrset The DS rrset to match with. This rrset must already be trusted.
+   * @param badKeyTTL The TTL [s] for keys determined to be bad.
+   * @param date The date against which to verify the rrset.
+   * @return a KeyEntry. This will either contain the now trusted dnskey RRset, a "null" key entry
+   *     indicating that this DS rrset/DNSKEY pair indicate an secure end to the island of trust
+   *     (i.e., unknown algorithms), or a "bad" KeyEntry if the dnskey RRset fails to verify. Note
+   *     that the "null" response should generally only occur in a private algorithm scenario:
+   *     normally this sort of thing is checked before fetching the matching DNSKEY rrset.
+   */
+  public KeyEntry verifyNewDNSKEYs(
+      SRRset dnskeyRrset, SRRset dsRrset, long badKeyTTL, Instant date) {
+    if (!dnskeyRrset.getName().equals(dsRrset.getName())) {
+      KeyEntry ke = KeyEntry.newBadKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL);
+      ke.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.no_name_match"));
+      return ke;
+    }
+
+    int favoriteDigestID;
+    AlgorithmRequirements needs = null;
+    List<Integer> sigalg = null;
+    if (digestHardenDowngrade) {
+      favoriteDigestID = this.favoriteDSDigestID(dsRrset);
+      needs = new AlgorithmRequirements(this);
+      sigalg = needs.initDs(dsRrset, favoriteDigestID);
+      log.trace(
+          "Favorite DigestID for rrset {}/DNSKEY is {} ({})",
+          dnskeyRrset.getName(),
+          favoriteDigestID,
+          DNSSEC.Digest.string(favoriteDigestID));
+    } else {
+      favoriteDigestID = -1;
+    }
+
+    boolean hasAlgoRefusal = false;
+    boolean hasCheckedDs = false;
+    boolean hasUsefulDs = false;
+    JustifiedSecStatus lastVerificationResult = null;
+    AtomicInteger numDsChecked = new AtomicInteger(0);
+    for (Record dsr : dsRrset.rrs(false)) {
+      DSRecord ds = (DSRecord) dsr;
+      if (!isDigestSupported(ds.getDigestID())) {
+        log.debug(
+            "Digest ID {} ({}) is not supported",
+            ds.getDigestID(),
+            DNSSEC.Digest.string(ds.getDigestID()));
+        continue;
+      }
+
+      if (!isAlgorithmSupported(ds.getAlgorithm())) {
+        log.debug(
+            "Algorithm {} ({}) is not supported",
+            ds.getAlgorithm(),
+            DNSSEC.Algorithm.string(ds.getAlgorithm()));
+        continue;
+      }
+
+      if ((needs != null && ds.getDigestID() != favoriteDigestID)) {
+        log.debug(
+            "Downgrade protection prevents using digest ID {} ({})",
+            ds.getDigestID(),
+            DNSSEC.Digest.string(ds.getDigestID()));
+        continue;
+      }
+
+      lastVerificationResult = verifyDnskeysWithDs(dnskeyRrset, ds, date, numDsChecked);
+      if (lastVerificationResult.status == SecurityStatus.INSECURE) {
+        log.debug(
+            "Algorithm {} ({}) refused",
+            ds.getAlgorithm(),
+            DNSSEC.Algorithm.string(ds.getAlgorithm()));
+        hasAlgoRefusal = true;
+        continue;
+      }
+
+      if (numDsChecked.get() > 0) {
+        log.debug("Checked #{} DS", numDsChecked.get());
+        hasCheckedDs = true;
+      }
+
+      // Once we see a single DS with a known digestID and algorithm, we cannot return INSECURE
+      // (with a "null" KeyEntry).
+      hasUsefulDs = true;
+
+      if (lastVerificationResult.status == SecurityStatus.SECURE) {
+        if (needs == null || needs.setSecure(ds.getAlgorithm())) {
+          if (!isKeySizeSupported(dnskeyRrset)) {
+            log.debug(
+                "DS {} (footprint={}, id={}, alg={}) works, but DNSKEY set contains keys that are unsupported, treat as insecure",
+                ds.getName(),
+                ds.getFootprint(),
+                ds.getDigestID(),
+                ds.getAlgorithm());
+            return KeyEntry.newNullKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL);
+          }
+
+          dnskeyRrset.setSecurityStatus(SecurityStatus.SECURE);
+          return KeyEntry.newKeyEntry(dnskeyRrset, sigalg);
+        }
+      } else if (needs != null && lastVerificationResult.status == SecurityStatus.BOGUS) {
+        needs.setBogus(ds.getAlgorithm());
+      }
+    }
+
+    // None of the DS's worked out.
+
+    // If none of the DSes have been checked, eg. that means no matches
+    // for keytags, and the other dses are all algo_refusal, it is an
+    // insecure delegation point, since the only matched DS records
+    // have an algo refusal, or are unsupported.
+    if (hasAlgoRefusal && !hasCheckedDs) {
+      log.debug("No supported DS records were found -- treating as insecure");
+      KeyEntry ke = KeyEntry.newNullKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL);
+      ke.setBadReason(
+          ExtendedErrorCodeOption.UNSUPPORTED_DS_DIGEST_TYPE,
+          R.get("failed.ds.nodigest", dsRrset.getName()));
+      return ke;
+    }
+
+    // If no DSs were understandable, then this is OK.
+    if (!hasUsefulDs) {
+      log.debug("No usable DS records were found -- treating as insecure");
+      KeyEntry ke = KeyEntry.newNullKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL);
+      ke.setBadReason(
+          ExtendedErrorCodeOption.UNSUPPORTED_DS_DIGEST_TYPE,
+          R.get("failed.ds.no_usable_digest", dsRrset.getName()));
+      return ke;
+    }
+
+    // If any were understandable, then it is bad.
+    log.debug("Failed to match any usable DS to a DNSKEY");
+    if (needs != null) {
+      int alg = needs.missing();
+      if (alg != 0) {
+        log.debug(
+            "Missing verification of DNSKEY signature with algorithm {} ({})",
+            alg,
+            DNSSEC.Algorithm.string(alg));
+      }
+    }
+
+    KeyEntry ke = KeyEntry.newBadKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL);
+    ke.setBadReason(lastVerificationResult.edeReason, lastVerificationResult.reason);
+    return ke;
+  }
+
+  private JustifiedSecStatus verifyDnskeysWithDs(
+      SRRset dnskeyRrset, DSRecord ds, Instant date, AtomicInteger numDsChecked) {
+    int numDsOk = 0;
+    int numDsSizeUnsupported = 0;
+    for (Record dsnkeyr : dnskeyRrset.rrs(false)) {
+      DNSKEYRecord dnskey = (DNSKEYRecord) dsnkeyr;
+
+      log.trace(
+          "Validating DNSKEY {} (footprint={}, alg={}) against DS {} (footprint={}, digest={}, alg={})",
+          dnskey.getName(),
+          dnskey.getFootprint(),
+          dnskey.getAlgorithm(),
+          ds.getName(),
+          ds.getFootprint(),
+          ds.getDigestID(),
+          ds.getAlgorithm());
+
+      // Skip DNSKEYs that don't match the basic criteria.
+      if (ds.getFootprint() != dnskey.getFootprint()
+          || ds.getAlgorithm() != dnskey.getAlgorithm()) {
+        log.trace("Footprint or algorithm mismatch, ignoring");
+        continue;
+      }
+
+      numDsChecked.getAndIncrement();
+      if (!dsDigestMatchesDnskey(ds, dnskey)) {
+        log.debug("DS did not match DNSKEY, ignoring");
+        if (numDsChecked.get() > numDsOk + maxDsMatchFailures) {
+          return new JustifiedSecStatus(
+              SecurityStatus.BOGUS,
+              ExtendedErrorCodeOption.DNSSEC_BOGUS,
+              R.get("dnskey.ds_max_match"));
+        }
+
+        continue;
+      }
+
+      numDsOk++;
+      if (!isKeySizeSupported(dnskey)) {
+        log.debug("DS okay but that DNSKEY size is not supported");
+        numDsSizeUnsupported++;
+        continue;
+      }
+
+      // Otherwise, we have a match! Make sure that the DNSKEY
+      // verifies *with this key*.
+      JustifiedSecStatus sec = this.verifier.verify(dnskeyRrset, dnskey, date);
+      if (sec.status == SecurityStatus.SECURE) {
+        return sec;
+      }
+
+      // If it didn't validate with the DNSKEY, try the next one!
+    }
+
+    if (numDsSizeUnsupported > 0) {
+      return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null);
+    }
+
+    if (numDsChecked.get() == 0) {
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS,
+          ExtendedErrorCodeOption.DNSKEY_MISSING,
+          R.get(
+              "dnskey.no_ds_alg_match",
+              dnskeyRrset.getName(),
+              DNSSEC.Algorithm.string(ds.getAlgorithm())));
+    } else if (numDsOk == 0) {
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.no_ds_match"));
+    }
+
+    return new JustifiedSecStatus(
+        SecurityStatus.BOGUS,
+        ExtendedErrorCodeOption.DNSSEC_BOGUS,
+        R.get("dnskey.ds_match_mismatch"));
+  }
+
+  private boolean dsDigestMatchesDnskey(DSRecord ds, DNSKEYRecord dnskey) {
+    byte[] dsHash = ds.getDigest();
+
+    // Convert the candidate DNSKEY into a hash using the same DS hash algorithm
+    byte[] keyHash;
+    try {
+      DSRecord keyDigest = new DSRecord(Name.root, ds.getDClass(), 0, ds.getDigestID(), dnskey);
+      keyHash = keyDigest.getDigest();
+    } catch (IllegalArgumentException iae) {
+      log.debug("Digest generation failed", iae);
+      return false;
+    }
+
+    if (!Arrays.equals(keyHash, dsHash)) {
+      log.debug("Hash mismatch: key {} != ds {}", keyHash, dsHash);
+      return false;
+    }
+
+    return true;
+  }
+
+  /**
+   * Gets the digest ID for the favorite (best) algorithm that is supported in a given DS set.
+   *
+   * <p>The order of preference can be configured with the property {@value #DIGEST_PREFERENCE}. If
+   * the property is not set, the highest supported number is returned.
+   *
+   * @param dsset The DS set to check for the favorite algorithm.
+   * @return The favorite digest ID or 0 if none is supported. 0 is not a known digest ID.
+   */
+  int favoriteDSDigestID(SRRset dsset) {
+    if (this.digestPreference == null) {
+      int max = 0;
+      for (Record r : dsset.rrs(false)) {
+        DSRecord ds = (DSRecord) r;
+        if (ds.getDigestID() > max
+            && isDigestSupported(ds.getDigestID())
+            && isAlgorithmSupported(ds.getAlgorithm())) {
+          max = ds.getDigestID();
+        }
+      }
+
+      return max;
+    } else {
+      for (int preference : this.digestPreference) {
+        for (Record r : dsset.rrs(false)) {
+          DSRecord ds = (DSRecord) r;
+          if (ds.getDigestID() == preference) {
+            return ds.getDigestID();
+          }
+        }
+      }
+    }
+
+    return 0;
+  }
+
+  /**
+   * Given an SRRset that is signed by a DNSKEY found in the key_rrset, verify it. This will return
+   * the status (either BOGUS or SECURE) and set that status in rrset.
+   *
+   * @param rrset The SRRset to verify.
+   * @param keyRrset The set of keys to verify against.
+   * @param date The date against which to verify the rrset.
+   * @return The status (BOGUS or SECURE).
+   */
+  public JustifiedSecStatus verifySRRset(SRRset rrset, KeyEntry keyRrset, Instant date) {
+    if (rrset.getSecurityStatus() == SecurityStatus.SECURE) {
+      log.trace(
+          "RRset <{}/{}/{}> previously found to be SECURE",
+          rrset.getName(),
+          Type.string(rrset.getType()),
+          DClass.string(rrset.getDClass()));
+      return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null);
+    }
+
+    JustifiedSecStatus res = this.verifier.verify(rrset, keyRrset, date);
+    rrset.setSecurityStatus(res.status);
+    return res;
+  }
+
+  /**
+   * Determine by looking at a signed RRset whether the RRset name was the result of a wildcard
+   * expansion. If so, return the name of the generating wildcard.
+   *
+   * @param rrset The rrset to chedck.
+   * @return the wildcard name, if the rrset was synthesized from a wildcard. null if not.
+   */
+  public static Name rrsetWildcard(RRset rrset) {
+    List<RRSIGRecord> sigs = rrset.sigs();
+    RRSIGRecord firstSig = sigs.get(0);
+
+    // check rest of signatures have identical label count
+    for (int i = 1; i < sigs.size(); i++) {
+      if (sigs.get(i).getLabels() != firstSig.getLabels()) {
+        throw new IllegalArgumentException("failed.wildcard.label_count_mismatch");
+      }
+    }
+
+    // if the RRSIG label count is shorter than the number of actual labels,
+    // then this rrset was synthesized from a wildcard.
+    // Note that the RRSIG label count doesn't count the root label.
+    Name wn = rrset.getName();
+
+    // skip a leading wildcard label in the dname (RFC4035 2.2)
+    if (rrset.getName().isWild()) {
+      wn = new Name(wn, 1);
+    }
+
+    int labelDiff = (wn.labels() - 1) - firstSig.getLabels();
+    if (labelDiff > 0) {
+      return wn.wild(labelDiff);
+    }
+
+    return null;
+  }
+
+  /**
+   * Finds the longest domain name in common with the given name.
+   *
+   * @param domain1 The first domain to process.
+   * @param domain2 The second domain to process.
+   * @return The longest label in common of domain1 and domain2. The least common name is the root.
+   */
+  public static Name longestCommonName(Name domain1, Name domain2) {
+    int l = Math.min(domain1.labels(), domain2.labels());
+    domain1 = new Name(domain1, domain1.labels() - l);
+    domain2 = new Name(domain2, domain2.labels() - l);
+    for (int i = 0; i < l - 1; i++) {
+      Name ns1 = new Name(domain1, i);
+      if (ns1.equals(new Name(domain2, i))) {
+        return ns1;
+      }
+    }
+
+    return Name.root;
+  }
+
+  /**
+   * Is the first Name strictly a subdomain of the second name (i.e., below but not equal to).
+   *
+   * @param domain1 The first domain to process.
+   * @param domain2 The second domain to process.
+   * @return True when domain1 is a strict subdomain of domain2.
+   */
+  public static boolean strictSubdomain(Name domain1, Name domain2) {
+    if (domain1.labels() <= domain2.labels()) {
+      return false;
+    }
+
+    return new Name(domain1, domain1.labels() - domain2.labels()).equals(domain2);
+  }
+
+  /**
+   * Determines the 'closest encloser' - the name that has the most common labels between <code>
+   * domain</code> and ({@link NSECRecord#getName()} or {@link NSECRecord#getNext()}).
+   *
+   * @param domain The name for which the closest encloser is queried.
+   * @param owner The beginning of the covering {@link Name} to check.
+   * @param next The end of the covering {@link Name} to check.
+   * @return The closest encloser name of <code>domain</code> as defined by {@code owner} and {@code
+   *     next}.
+   */
+  public static Name closestEncloser(Name domain, Name owner, Name next) {
+    Name n1 = longestCommonName(domain, owner);
+    Name n2 = longestCommonName(domain, next);
+
+    return (n1.labels() > n2.labels()) ? n1 : n2;
+  }
+
+  /**
+   * Gets the closest encloser of <code>domain</code> prepended with a wildcard label.
+   *
+   * @param domain The name for which the wildcard closest encloser is demanded.
+   * @param set The RRset containing {@code nsec} to check.
+   * @param nsec The covering NSEC that defines the encloser.
+   * @return The wildcard closest encloser name of <code>domain</code> as defined by <code>nsec
+   *     </code>.
+   * @throws NameTooLongException If adding the wildcard label to the closest encloser results in an
+   *     invalid name.
+   */
+  public static Name nsecWildcard(Name domain, SRRset set, NSECRecord nsec)
+      throws NameTooLongException {
+    Name origin = closestEncloser(domain, set.getName(), nsec.getNext());
+    return Name.concatenate(WILDCARD, origin);
+  }
+
+  /**
+   * Determine if the given NSEC proves a NameError (NXDOMAIN) for a given qname.
+   *
+   * @param set The RRset that contains the NSEC.
+   * @param nsec The NSEC to check.
+   * @param qname The qname to check against.
+   * @return true if the NSEC proves the condition.
+   */
+  public static boolean nsecProvesNameError(SRRset set, NSECRecord nsec, Name qname) {
+    Name owner = set.getName();
+    Name next = nsec.getNext();
+
+    // If NSEC owner == qname, then this NSEC proves that qname exists.
+    if (qname.equals(owner)) {
+      return false;
+    }
+
+    // deny overreaching NSECs
+    if (!next.subdomain(set.getSignerName())) {
+      return false;
+    }
+
+    // If NSEC is a parent of qname, we need to check the type map
+    // If the parent name has a DNAME or is a delegation point, then this
+    // NSEC is being misused.
+    if (qname.subdomain(owner)) {
+      if (nsec.hasType(Type.DNAME)) {
+        return false;
+      }
+
+      if (nsec.hasType(Type.NS) && !nsec.hasType(Type.SOA)) {
+        return false;
+      }
+    }
+
+    if (owner.equals(next)) {
+      // this nsec is the only nsec: zone.name NSEC zone.name
+      // it disproves everything else but only for subdomains of that zone
+      return strictSubdomain(qname, next);
+    } else if (owner.compareTo(next) > 0) {
+      // this is the last nsec, ....(bigger) NSEC zonename(smaller)
+      // the names after the last (owner) name do not exist
+      // there are no names before the zone name in the zone
+      // but the qname must be a subdomain of the zone name(next).
+      return owner.compareTo(qname) < 0 && strictSubdomain(qname, next);
+    } else {
+      // regular NSEC, (smaller) NSEC (larger)
+      return owner.compareTo(qname) < 0 && qname.compareTo(next) < 0;
+    }
+  }
+
+  /**
+   * Determine if a NSEC record proves the non-existence of a wildcard that could have produced
+   * qname.
+   *
+   * @param set The RRset of the NSEC record.
+   * @param nsec The nsec record to check.
+   * @param qname The qname to check against.
+   * @return true if the NSEC proves the condition.
+   */
+  public static boolean nsecProvesNoWC(SRRset set, NSECRecord nsec, Name qname) {
+    Name ce = closestEncloser(qname, set.getName(), nsec.getNext());
+    int labelsToStrip = qname.labels() - ce.labels();
+    if (labelsToStrip > 0) {
+      Name wcName = qname.wild(labelsToStrip);
+      return nsecProvesNameError(set, nsec, wcName);
+    }
+
+    return false;
+  }
+
+  /**
+   * Container for responses of {@link ValUtils#nsecProvesNodata(SRRset, NSECRecord, Name, int)}.
+   */
+  public static class NsecProvesNodataResponse {
+    boolean result;
+    Name wc;
+  }
+
+  /**
+   * Determine if a NSEC proves the NOERROR/NODATA conditions. This will also handle the empty
+   * non-terminal (ENT) case and partially handle the wildcard case. If the ownername of 'nsec' is a
+   * wildcard, the validator must still be provided proof that qname did not directly exist and that
+   * the wildcard is, in fact, *.closest_encloser.
+   *
+   * @param set The RRset of the NSEC record.
+   * @param nsec The NSEC to check
+   * @param qname The query name to check against.
+   * @param qtype The query type to check against.
+   * @return true if the NSEC proves the condition.
+   */
+  public static NsecProvesNodataResponse nsecProvesNodata(
+      SRRset set, NSECRecord nsec, Name qname, int qtype) {
+    NsecProvesNodataResponse result = new NsecProvesNodataResponse();
+    if (!set.getName().equals(qname)) {
+      // empty-non-terminal checking.
+      // Done before wildcard, because this is an exact match,
+      // and would prevent a wildcard from matching.
+
+      // If the nsec is proving that qname is an ENT, the nsec owner will
+      // be less than qname, and the next name will be a child domain of
+      // the qname.
+      if (strictSubdomain(nsec.getNext(), qname) && set.getName().compareTo(qname) < 0) {
+        result.result = true;
+        return result;
+      }
+
+      // Wildcard checking:
+      // If this is a wildcard NSEC, make sure that a) it was possible to
+      // have generated qname from the wildcard and b) the type map does
+      // not contain qtype. Note that this does NOT prove that this
+      // wildcard was the applicable wildcard.
+      if (set.getName().isWild()) {
+        // the is the purported closest encloser.
+        Name ce = new Name(set.getName(), 1);
+
+        // The qname must be a strict subdomain of the closest encloser,
+        // and the qtype must be absent from the type map.
+        if (strictSubdomain(qname, ce)) {
+          if (nsec.hasType(Type.CNAME)) {
+            // should have gotten the wildcard CNAME
+            log.debug("NSEC proofed wildcard CNAME");
+            result.result = false;
+            return result;
+          }
+
+          if (nsec.hasType(Type.NS) && !nsec.hasType(Type.SOA)) {
+            // wrong parentside (wildcard) NSEC used, and it really
+            // should not exist anyway:
+            // http://tools.ietf.org/html/rfc4592#section-4.2
+            log.debug("Wrong parent (wildcard) NSEC used");
+            result.result = false;
+            return result;
+          }
+
+          if (nsec.hasType(qtype)) {
+            log.debug("NSEC proofed that {} exists", Type.string(qtype));
+            result.result = false;
+            return result;
+          }
+        }
+
+        result.wc = ce;
+        result.result = true;
+        return result;
+      }
+
+      // Otherwise, this NSEC does not prove ENT, so it does not prove
+      // NODATA.
+      result.result = false;
+      return result;
+    }
+
+    // If the qtype exists, then we should have gotten it.
+    if (nsec.hasType(qtype)) {
+      log.debug("NSEC proofed that {} exists", Type.string(qtype));
+      result.result = false;
+      return result;
+    }
+
+    // if the name is a CNAME node, then we should have gotten the CNAME
+    if (nsec.hasType(Type.CNAME)) {
+      log.debug("NSEC proofed CNAME");
+      result.result = false;
+      return result;
+    }
+
+    // If an NS set exists at this name, and NOT a SOA (so this is a zone
+    // cut, not a zone apex), then we should have gotten a referral (or we
+    // just got the wrong NSEC).
+    // The reverse of this check is used when qtype is DS, since that
+    // must use the NSEC from above the zone cut.
+    if (qtype != Type.DS && nsec.hasType(Type.NS) && !nsec.hasType(Type.SOA)) {
+      log.debug("NSEC proofed missing referral");
+      result.result = false;
+      return result;
+    }
+    if (qtype == Type.DS && nsec.hasType(Type.SOA) && !Name.root.equals(qname)) {
+      log.debug("NSEC from wrong zone");
+      result.result = false;
+      return result;
+    }
+
+    result.result = true;
+    return result;
+  }
+
+  /**
+   * Check DS absence. There is a NODATA reply to a DS that needs checking. NSECs can prove this is
+   * not a delegation point, or successfully prove that there is no DS. Or this fails.
+   *
+   * @param request The request that generated this response.
+   * @param response The response to validate.
+   * @param keyRrset The key that validate the NSECs.
+   * @param date The date against which to verify the response.
+   * @return The NODATA proof along with the reason of the result.
+   */
+  public JustifiedSecStatus nsecProvesNodataDsReply(
+      Message request, SMessage response, KeyEntry keyRrset, Instant date) {
+    Name qname = request.getQuestion().getName();
+    int qclass = request.getQuestion().getDClass();
+
+    // If we have a NSEC at the same name, it must prove one of two things:
+    // 1) this is a delegation point and there is no DS
+    // 2) this is not a delegation point
+    SRRset nsecRrset = response.findRRset(qname, Type.NSEC, qclass, Section.AUTHORITY);
+    if (nsecRrset != null) {
+      // The NSEC must verify, first of all.
+      JustifiedSecStatus res = this.verifySRRset(nsecRrset, keyRrset, date);
+      if (res.status != SecurityStatus.SECURE) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.DNSSEC_BOGUS,
+            R.get("failed.ds.nsec", res.reason));
+      }
+
+      NSECRecord nsec = (NSECRecord) nsecRrset.first();
+      SecurityStatus status = ValUtils.nsecProvesNoDS(nsec, qname);
+      switch (status) {
+        case INSECURE: // this wasn't a delegation point.
+          return new JustifiedSecStatus(status, -1, R.get("failed.ds.nodelegation"));
+        case SECURE: // this proved no DS.
+          return new JustifiedSecStatus(status, -1, R.get("insecure.ds.nsec"));
+        default: // something was wrong.
+          return new JustifiedSecStatus(
+              status, ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.nsec.hasdata"));
+      }
+    }
+
+    // Otherwise, there is no NSEC at qname. This could be an ENT.
+    // If not, this is broken.
+    NsecProvesNodataResponse ndp = new NsecProvesNodataResponse();
+    Name ce = null;
+    boolean hasValidNSEC = false;
+    NSECRecord wcNsec = null;
+    for (SRRset set : response.getSectionRRsets(Section.AUTHORITY, Type.NSEC)) {
+      JustifiedSecStatus res = this.verifySRRset(set, keyRrset, date);
+      if (res.status != SecurityStatus.SECURE) {
+        return new JustifiedSecStatus(res.status, res.edeReason, R.get("failed.ds.nsec.ent"));
+      }
+
+      NSECRecord nsec = (NSECRecord) set.rrs(false).get(0);
+      ndp = ValUtils.nsecProvesNodata(set, nsec, qname, Type.DS);
+      if (ndp.result) {
+        hasValidNSEC = true;
+        if (ndp.wc != null && nsec.getName().isWild()) {
+          wcNsec = nsec;
+        }
+      }
+
+      if (ValUtils.nsecProvesNameError(set, nsec, qname)) {
+        ce = closestEncloser(qname, set.getName(), nsec.getNext());
+      }
+    }
+
+    // The wildcard NODATA is 1 NSEC proving that qname does not exists (and
+    // also proving what the closest encloser is), and 1 NSEC showing the
+    // matching wildcard, which must be *.closest_encloser.
+    if (ndp.wc != null && (ce == null || !ce.equals(ndp.wc))) {
+      hasValidNSEC = false;
+    }
+
+    if (hasValidNSEC) {
+      if (ndp.wc != null) {
+        SecurityStatus status = nsecProvesNoDS(wcNsec, qname);
+        return new JustifiedSecStatus(
+            status, ExtendedErrorCodeOption.NSEC_MISSING, R.get("failed.ds.nowildcardproof"));
+      }
+
+      return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, R.get("insecure.ds.nsec.ent"));
+    }
+
+    return new JustifiedSecStatus(
+        SecurityStatus.UNCHECKED,
+        ExtendedErrorCodeOption.DNSSEC_INDETERMINATE,
+        R.get("failed.ds.nonconclusive"));
+  }
+
+  /**
+   * Checks if the authority section of a message contains at least one signed NSEC or NSEC3 record.
+   *
+   * @param message The message to inspect.
+   * @return True if at least one record is found, false otherwise.
+   */
+  public boolean hasSignedNsecs(SMessage message) {
+    for (SRRset set : message.getSectionRRsets(Section.AUTHORITY)) {
+      if ((set.getType() == Type.NSEC || set.getType() == Type.NSEC3) && !set.sigs().isEmpty()) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Determines whether the given {@link NSECRecord} proves that there is no {@link DSRecord} for
+   * <code>qname</code>.
+   *
+   * @param nsec The NSEC that should prove the non-existence.
+   * @param qname The name for which the prove is made.
+   * @return {@link SecurityStatus#BOGUS} when the NSEC is from the child domain or indicates that
+   *     there indeed is a DS record, {@link SecurityStatus#INSECURE} when there is not even a prove
+   *     for a NS record, {@link SecurityStatus#SECURE} when there is no DS record.
+   */
+  public static SecurityStatus nsecProvesNoDS(NSECRecord nsec, Name qname) {
+    // Could check to make sure the qname is a subdomain of nsec
+    if ((nsec.hasType(Type.SOA) && !Name.root.equals(qname)) || nsec.hasType(Type.DS)) {
+      // SOA present means that this is the NSEC from the child, not the
+      // parent (so it is the wrong one) -> cannot happen because the
+      // keyset is always from the parent zone and doesn't validate the
+      // NSEC
+      // DS present means that there should have been a positive response
+      // to the DS query, so there is something wrong.
+      return SecurityStatus.BOGUS;
+    }
+
+    if (!nsec.hasType(Type.NS)) {
+      // If there is no NS at this point at all, then this doesn't prove
+      // anything one way or the other.
+      return SecurityStatus.INSECURE;
+    }
+
+    // Otherwise, this proves no DS.
+    return SecurityStatus.SECURE;
+  }
+
+  /**
+   * Determines if at least one of the DS records in the RRset has a supported algorithm.
+   *
+   * @param dsRRset The RR set to search in.
+   * @return True when at least one DS record uses a supported algorithm, false otherwise.
+   */
+  boolean atLeastOneSupportedAlgorithm(RRset dsRRset) {
+    for (Record r : dsRRset.rrs(false)) {
+      if (isAlgorithmSupported(((DSRecord) r).getAlgorithm())) {
+        return true;
+      }
+
+      // do nothing, there could be another DS we understand
+    }
+
+    return false;
+  }
+
+  /**
+   * Determines if the algorithm is supported.
+   *
+   * @param alg The algorithm to check.
+   * @return True when the algorithm is supported, false otherwise.
+   */
+  boolean isAlgorithmSupported(int alg) {
+    String configKey = ALGORITHM_ENABLED + "." + alg;
+    switch (alg) {
+      case Algorithm.RSAMD5:
+        return false; // obsoleted by rfc6725
+      case Algorithm.DSA:
+      case Algorithm.DSA_NSEC3_SHA1:
+        if (config == null) {
+          return false;
+        }
+
+        return Boolean.parseBoolean(config.getProperty(configKey, Boolean.FALSE.toString()));
+      case Algorithm.RSASHA1:
+      case Algorithm.RSA_NSEC3_SHA1:
+      case Algorithm.RSASHA256:
+      case Algorithm.RSASHA512:
+      case Algorithm.ECDSAP256SHA256:
+      case Algorithm.ECDSAP384SHA384:
+        return propertyOrTrueWithPrecondition(configKey, true);
+      case Algorithm.ECC_GOST:
+        return propertyOrTrueWithPrecondition(configKey, hasGost);
+      case Algorithm.ED25519:
+        return propertyOrTrueWithPrecondition(configKey, hasEd25519);
+      case Algorithm.ED448:
+        return propertyOrTrueWithPrecondition(configKey, hasEd448);
+      default:
+        return false;
+    }
+  }
+
+  /**
+   * Check if the key size for an algorithm is supported.
+   *
+   * @param dnskeyRrset the RRset of keys to validate.
+   * @return {@code true} if supported.
+   */
+  private boolean isKeySizeSupported(RRset dnskeyRrset) {
+    for (Record r : dnskeyRrset.rrs(false)) {
+      if (!isKeySizeSupported((DNSKEYRecord) r)) {
+        return false;
+      }
+    }
+    return true;
+  }
+
+  /**
+   * Check if the key size for an algorithm is supported.
+   *
+   * @param dnskey the key to validate.
+   * @return {@code true} if supported.
+   */
+  private boolean isKeySizeSupported(DNSKEYRecord dnskey) {
+    try {
+      PublicKey publicKey = dnskey.getPublicKey();
+      switch (dnskey.getAlgorithm()) {
+        case Algorithm.RSAMD5:
+        case Algorithm.RSASHA1:
+        case Algorithm.RSA_NSEC3_SHA1:
+        case Algorithm.RSASHA256:
+        case Algorithm.RSASHA512:
+          int bitLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
+          boolean valid = bitLength >= minRsaKeySize;
+          if (!valid) {
+            log.debug(
+                "Key size {} for DNSKEY <{}/{}>, alg={}, id={} is less than minimum of {}",
+                bitLength,
+                dnskey.getName(),
+                DClass.string(dnskey.getDClass()),
+                DNSSEC.Algorithm.string(dnskey.getAlgorithm()),
+                dnskey.getFootprint(),
+                minRsaKeySize);
+          }
+          return valid;
+        default:
+          return true;
+      }
+    } catch (DNSSEC.DNSSECException e) {
+      return false;
+    }
+  }
+
+  /**
+   * Determines if at least one of the DS records in the RRset has a supported digest algorithm.
+   *
+   * @param dsRRset The RR set to search in.
+   * @return True when at least one DS record uses a supported digest algorithm, false otherwise.
+   */
+  boolean atLeastOneSupportedDigest(RRset dsRRset) {
+    for (Record r : dsRRset.rrs(false)) {
+      if (isDigestSupported(((DSRecord) r).getDigestID())) {
+        return true;
+      }
+
+      // do nothing, there could be another DS we understand
+    }
+
+    return false;
+  }
+
+  /**
+   * Determines if the digest algorithm is supported.
+   *
+   * @param digestID the algorithm to check.
+   * @return True when the digest algorithm is supported, false otherwise.
+   */
+  boolean isDigestSupported(int digestID) {
+    String configKey = DIGEST_ENABLED + "." + digestID;
+    switch (digestID) {
+      case DNSSEC.Digest.SHA1:
+      case DNSSEC.Digest.SHA256:
+      case DNSSEC.Digest.SHA384:
+        if (config == null) {
+          return true;
+        }
+
+        return Boolean.parseBoolean(config.getProperty(configKey, Boolean.TRUE.toString()));
+      case DNSSEC.Digest.GOST3411:
+        return propertyOrTrueWithPrecondition(configKey, hasGost);
+      default:
+        return false;
+    }
+  }
+
+  private boolean propertyOrTrueWithPrecondition(String configKey, boolean precondition) {
+    if (!precondition) {
+      return false;
+    }
+
+    if (config == null) {
+      return true;
+    }
+
+    return Boolean.parseBoolean(config.getProperty(configKey, Boolean.TRUE.toString()));
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java
new file mode 100644
index 000000000..0d7e57dfd
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java
@@ -0,0 +1,1503 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2007-2024 NLnet Labs
+// Copyright (c) 2013-2024 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import static java.util.concurrent.CompletableFuture.completedFuture;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.time.Clock;
+import java.time.Duration;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.Executor;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.stream.Collectors;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.CNAMERecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNAMERecord;
+import org.xbill.DNS.EDNSOption;
+import org.xbill.DNS.EDNSOption.Code;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.ExtendedFlags;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Header;
+import org.xbill.DNS.Master;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.NSECRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.NameTooLongException;
+import org.xbill.DNS.OPTRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Resolver;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.SimpleResolver;
+import org.xbill.DNS.TSIG;
+import org.xbill.DNS.TXTRecord;
+import org.xbill.DNS.Type;
+import org.xbill.DNS.dnssec.ValUtils.NsecProvesNodataResponse;
+
+/**
+ * This resolver validates responses with DNSSEC.
+ *
+ * @since 3.5
+ */
+@Slf4j
+public final class ValidatingResolver implements Resolver {
+  /**
+   * Property name from where the trust anchors are loaded.
+   *
+   * @since 3.6
+   */
+  public static final String TRUST_ANCHOR_FILE_PROPERTY = "dnsjava.dnssec.trust_anchor_file";
+
+  /**
+   * The QCLASS being used for the injection of the reason why the validator came to the returned
+   * result.
+   */
+  public static final int VALIDATION_REASON_QCLASS = 65280;
+
+  /** This is the TTL to use when a trust anchor priming query failed to validate. */
+  private static final long DEFAULT_TA_BAD_KEY_TTL = 60;
+
+  /** This is a cache of validated, but expirable DNSKEY rrsets. */
+  private final KeyCache keyCache;
+
+  /**
+   * A data structure holding all trust anchors. Trust anchors must be "primed" into the cache
+   * before being used to validate.
+   */
+  private final TrustAnchorStore trustAnchors;
+
+  /** The local validation utilities. */
+  private final ValUtils valUtils;
+
+  /** The local NSEC3 validation utilities. */
+  private final NSEC3ValUtils n3valUtils;
+
+  /** The resolver that performs the actual DNS lookups. */
+  private final Resolver headResolver;
+
+  /** The clock used to validate messages. */
+  private final Clock clock;
+
+  /**
+   * If {@code true}, an additional record with the validation reason is added to the {@link
+   * Section#ADDITIONAL} section. The record is available at {@code ./TXT/}{@value
+   * #VALIDATION_REASON_QCLASS}.
+   */
+  @Getter @Setter private boolean isAddReasonToAdditional = true;
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param headResolver The resolver to which queries for DS, DNSKEY and referring CNAME records
+   *     are sent.
+   */
+  public ValidatingResolver(Resolver headResolver) {
+    this(headResolver, Clock.systemUTC());
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param headResolver The resolver to which queries for DS, DNSKEY and referring CNAME records
+   *     are sent.
+   * @param clock the Clock to validate messages.
+   */
+  public ValidatingResolver(Resolver headResolver, Clock clock) {
+    this.headResolver = headResolver;
+    this.clock = clock;
+    headResolver.setEDNS(0, 0, ExtendedFlags.DO);
+    headResolver.setIgnoreTruncation(false);
+
+    this.keyCache = new KeyCache();
+    this.valUtils = new ValUtils();
+    this.n3valUtils = new NSEC3ValUtils();
+    this.trustAnchors = new DefaultTrustAnchorStore();
+    try {
+      init(System.getProperties());
+    } catch (IOException e) {
+      log.error("Could not initialize from system properties", e);
+    }
+  }
+
+  // ---------------- Module Initialization -------------------
+
+  /**
+   * Initialize the module. Recognized configuration values:
+   *
+   * <dl>
+   *   <dt>{@value #TRUST_ANCHOR_FILE_PROPERTY}
+   *   <dd>A filename from where to load the trust anchors
+   * </dl>
+   *
+   * See links for other initialized classes and their configuration values (or the readme).
+   *
+   * @see KeyCache#init(Properties)
+   * @see ValUtils#init(Properties)
+   * @see NSEC3ValUtils#init(Properties)
+   * @see DnsSecVerifier#init(Properties)
+   * @param config The configuration data for this module.
+   * @throws IOException When the file specified in the config does not exist or cannot be read.
+   */
+  public void init(Properties config) throws IOException {
+    this.keyCache.init(config);
+    this.n3valUtils.init(config);
+    this.valUtils.init(config);
+
+    // Load trust anchors
+    String s = config.getProperty(TRUST_ANCHOR_FILE_PROPERTY);
+    if (s != null) {
+      log.debug("Reading trust anchor file: {}", s);
+      this.loadTrustAnchors(new FileInputStream(s));
+    }
+  }
+
+  /**
+   * Load the trust anchor file into the trust anchor store. The trust anchors are currently stored
+   * in a zone file format list of DNSKEY or DS records.
+   *
+   * @param data The trust anchor data.
+   * @throws IOException when the trust anchor data could not be read.
+   */
+  public void loadTrustAnchors(InputStream data) throws IOException {
+    // First read in the whole trust anchor file.
+    List<Record> records = new ArrayList<>();
+    try (Master master = new Master(data, Name.root, 0)) {
+      Record mr;
+      while ((mr = master.nextRecord()) != null) {
+        records.add(mr);
+      }
+    }
+
+    // Record.compareTo() should sort them into DNSSEC canonical order.
+    // Don't care about canonical order per se, but do want them to be
+    // formable into RRsets.
+    Collections.sort(records);
+
+    SRRset currentRrset = new SRRset();
+    for (Record r : records) {
+      // Skip RR types that cannot be used as trust anchors.
+      if (r.getType() != Type.DNSKEY && r.getType() != Type.DS) {
+        continue;
+      }
+
+      // If our current set is empty, we can just add it.
+      if (currentRrset.size() == 0) {
+        currentRrset.addRR(r);
+        continue;
+      }
+
+      // If this record matches our current RRset, we can just add it.
+      if (currentRrset.getName().equals(r.getName())
+          && currentRrset.getType() == r.getType()
+          && currentRrset.getDClass() == r.getDClass()) {
+        currentRrset.addRR(r);
+        continue;
+      }
+
+      // Otherwise, we add the rrset to our set of trust anchors and begin
+      // a new set
+      this.trustAnchors.store(currentRrset);
+      currentRrset = new SRRset();
+      currentRrset.addRR(r);
+    }
+
+    // add the last rrset (if it was not empty)
+    if (currentRrset.size() > 0) {
+      this.trustAnchors.store(currentRrset);
+    }
+  }
+
+  /**
+   * Gets the store with the loaded trust anchors.
+   *
+   * @return The store with the loaded trust anchors.
+   * @since 3.6
+   */
+  public TrustAnchorStore getTrustAnchors() {
+    return this.trustAnchors;
+  }
+
+  /**
+   * For messages that are not referrals, if the chase reply contains an unsigned NS record in the
+   * authority section it could have been inserted by a (BIND) forwarder that thinks the zone is
+   * insecure, and that has an NS record without signatures in cache. Remove the NS record since the
+   * reply does not hinge on that record (in the authority section), but do not remove it if it
+   * removes the last record from the answer+authority sections.
+   *
+   * @param response: the chased reply, we have a key for this contents, so we should have
+   *     signatures for these rrsets and not having signatures means it will be bogus.
+   */
+  private void removeSpuriousAuthority(SMessage response) {
+    // if no answer and only 1 auth RRset, do not remove that one
+    if (response.getSectionRRsets(Section.ANSWER).isEmpty()
+        && response.getSectionRRsets(Section.AUTHORITY).size() == 1) {
+      return;
+    }
+
+    // search authority section for unsigned NS records
+    Iterator<SRRset> authRrsetIterator = response.getSectionRRsets(Section.AUTHORITY).iterator();
+    while (authRrsetIterator.hasNext()) {
+      SRRset rrset = authRrsetIterator.next();
+      if (rrset.getType() == Type.NS && rrset.sigs().isEmpty()) {
+        log.trace(
+            "Removing spurious unsigned NS record (likely inserted by forwarder) {}/{}/{}",
+            rrset.getName(),
+            Type.string(rrset.getType()),
+            DClass.string(rrset.getDClass()));
+        authRrsetIterator.remove();
+      }
+    }
+  }
+
+  /**
+   * Given a "postive" response -- a response that contains an answer to the question, and no CNAME
+   * chain, validate this response. This generally consists of verifying the answer RRset and the
+   * authority RRsets.
+   *
+   * <p>Given an "ANY" response -- a response that contains an answer to a qtype==ANY question, with
+   * answers. This consists of simply verifying all present answer/auth RRsets, with no checking
+   * that all types are present.
+   *
+   * <p>NOTE: it may be possible to get parent-side delegation point records here, which won't all
+   * be signed. Right now, this routine relies on the upstream iterative resolver to not return
+   * these responses -- instead treating them as referrals.
+   *
+   * <p>NOTE: RFC 4035 is silent on this issue, so this may change upon clarification.
+   *
+   * @param request The request that generated this response.
+   * @param response The response to validate.
+   * @param nsec3State State to keep track of NSEC3 hashes and calculation count.
+   * @param executor The service to use for async operations.
+   */
+  private CompletionStage<Void> validatePositiveResponse(
+      Message request, SMessage response, Nsec3ValidationState nsec3State, Executor executor) {
+    Map<Name, Name> wcs = new HashMap<>(1);
+    List<SRRset> nsec3s = new ArrayList<>(0);
+    List<SRRset> nsecs = new ArrayList<>(0);
+
+    return this.validateAnswerAndGetWildcards(
+            response, request.getQuestion().getType(), wcs, executor)
+        .thenCompose(
+            success -> {
+              if (Boolean.TRUE.equals(success)) {
+                // validate the AUTHORITY section as well - this will generally be the
+                // NS rrset (which could be missing, no problem)
+                int[] sections;
+                if (request.getQuestion().getType() == Type.ANY) {
+                  sections = new int[] {Section.ANSWER, Section.AUTHORITY};
+                } else {
+                  sections = new int[] {Section.AUTHORITY};
+                }
+
+                return this.validatePositiveResponseRecursive(
+                    response,
+                    wcs,
+                    nsec3s,
+                    nsecs,
+                    sections,
+                    new AtomicInteger(0),
+                    new AtomicInteger(0),
+                    executor);
+              }
+
+              return completedFuture(false);
+            })
+        .thenAccept(
+            success -> {
+              if (!Boolean.TRUE.equals(success)) {
+                return;
+              }
+
+              // If this is a positive wildcard response, and we have NSEC records,
+              // try to use them to
+              // 1) prove that qname doesn't exist and
+              // 2) that the correct wildcard was used.
+              if (!wcs.isEmpty()) {
+                for (Map.Entry<Name, Name> wc : wcs.entrySet()) {
+                  boolean wcNsecOk = false;
+                  for (SRRset set : nsecs) {
+                    NSECRecord nsec = (NSECRecord) set.first();
+                    if (ValUtils.nsecProvesNameError(set, nsec, wc.getKey())) {
+                      try {
+                        Name nsecWc = ValUtils.nsecWildcard(wc.getKey(), set, nsec);
+                        if (wc.getValue().equals(nsecWc)) {
+                          wcNsecOk = true;
+                          break;
+                        }
+                      } catch (NameTooLongException e) {
+                        // COVERAGE:OFF -> a NTLE can only be thrown when
+                        // the qname is equal to the NSEC owner or NSEC next
+                        // name, so that the wildcard is appended to
+                        // CE=qname=owner=next. This would however indicate
+                        // that the qname exists, which is proofed not the
+                        // be the case beforehand.
+                        throw new IllegalStateException(
+                            R.get("failed.positive.wildcardgeneration"));
+                      }
+                    }
+                  }
+
+                  // If this was a positive wildcard response that we haven't
+                  // already proven, and we have NSEC3 records, try to prove it
+                  // using the NSEC3 records.
+                  if (!wcNsecOk && !nsec3s.isEmpty()) {
+                    if (this.n3valUtils.allNSEC3sIgnorable(nsec3s, this.keyCache)) {
+                      response.setStatus(
+                          SecurityStatus.INSECURE, -1, R.get("failed.nsec3_ignored"));
+                      return;
+                    }
+
+                    SecurityStatus status =
+                        this.n3valUtils.proveWildcard(
+                            nsec3s,
+                            wc.getKey(),
+                            nsec3s.get(0).getSignerName(),
+                            wc.getValue(),
+                            nsec3State);
+                    if (status == SecurityStatus.INSECURE) {
+                      response.setStatus(status, -1);
+                      return;
+                    } else if (status == SecurityStatus.SECURE) {
+                      wcNsecOk = true;
+                    }
+                  }
+
+                  // If after all this, we still haven't proven the positive
+                  // wildcard response, fail.
+                  if (!wcNsecOk) {
+                    response.setBogus(R.get("failed.positive.wildcard_too_broad"));
+                    return;
+                  }
+                }
+              }
+
+              response.setStatus(SecurityStatus.SECURE, -1);
+            });
+  }
+
+  private CompletionStage<Boolean> validatePositiveResponseRecursive(
+      SMessage response,
+      Map<Name, Name> wcs,
+      List<SRRset> nsec3s,
+      List<SRRset> nsecs,
+      int[] sections,
+      AtomicInteger sectionIndex,
+      AtomicInteger setIndex,
+      Executor executor) {
+    // reached the end of the sections to validate, end recursion, success
+    if (sectionIndex.get() >= sections.length) {
+      return completedFuture(true);
+    }
+
+    List<SRRset> sectionRRsets = response.getSectionRRsets(sections[sectionIndex.get()]);
+
+    // reached the end of the rrset in the current section, advance to next section
+    if (setIndex.get() >= sectionRRsets.size()) {
+      sectionIndex.getAndIncrement();
+      setIndex.set(0);
+      return this.validatePositiveResponseRecursive(
+          response, wcs, nsec3s, nsecs, sections, sectionIndex, setIndex, executor);
+    }
+
+    SRRset set = sectionRRsets.get(setIndex.getAndIncrement());
+    return this.prepareFindKey(set, executor)
+        .thenCompose(
+            ke -> {
+              JustifiedSecStatus kve = ke.validateKeyFor(set);
+              if (kve != null) {
+                kve.applyToResponse(response);
+                return completedFuture(false);
+              }
+
+              JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant());
+              // If anything in the authority section fails to be secure, we
+              // have a bad message.
+              if (res.status != SecurityStatus.SECURE) {
+                response.setBogus(R.get("failed.authority.positive", set));
+                return completedFuture(false);
+              }
+
+              if (!wcs.isEmpty()) {
+                if (set.getType() == Type.NSEC) {
+                  nsecs.add(set);
+                } else if (set.getType() == Type.NSEC3) {
+                  nsec3s.add(set);
+                }
+              }
+
+              return this.validatePositiveResponseRecursive(
+                  response, wcs, nsec3s, nsecs, sections, sectionIndex, setIndex, executor);
+            });
+  }
+
+  private CompletionStage<Boolean> validateAnswerAndGetWildcards(
+      SMessage response, int qtype, Map<Name, Name> wcs, Executor executor) {
+    return this.validateAnswerAndGetWildcardsRecursive(
+        response, qtype, wcs, new AtomicInteger(0), executor);
+  }
+
+  private CompletionStage<Boolean> validateAnswerAndGetWildcardsRecursive(
+      SMessage response,
+      int qtype,
+      Map<Name, Name> wcs,
+      AtomicInteger setIndex,
+      Executor executor) {
+    // validate the ANSWER section - this will be the answer itself
+    List<SRRset> sectionRRsets = response.getSectionRRsets(Section.ANSWER);
+
+    // reached the end of the answer section, success
+    if (setIndex.get() >= sectionRRsets.size()) {
+      return completedFuture(true);
+    }
+
+    SRRset set = sectionRRsets.get(setIndex.get());
+    // Verify the answer rrset.
+    return this.prepareFindKey(set, executor)
+        .thenCompose(
+            ke -> {
+              JustifiedSecStatus kve = ke.validateKeyFor(set);
+              if (kve != null) {
+                kve.applyToResponse(response);
+                return completedFuture(false);
+              }
+
+              JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant());
+              // If the answer rrset failed to validate, then this message is BAD
+              if (res.status != SecurityStatus.SECURE) {
+                response.setBogus(R.get("failed.answer.positive", set));
+                return completedFuture(false);
+              }
+
+              // Check to see if the rrset is the result of a wildcard expansion.
+              // If so, an additional check will need to be made in the authority
+              // section.
+              Name wc;
+              try {
+                wc = ValUtils.rrsetWildcard(set);
+              } catch (RuntimeException ex) {
+                response.setBogus(R.get(ex.getMessage(), set.getName()));
+                return completedFuture(false);
+              }
+
+              if (wc != null) {
+                // RFC 4592, Section 4.4 does not allow wildcarded DNAMEs
+                if (set.getType() == Type.DNAME) {
+                  response.setBogus(R.get("failed.dname.wildcard", set.getName()));
+                  return completedFuture(false);
+                }
+
+                wcs.put(set.getName(), wc);
+              }
+
+              // Notice a DNAME that should be followed by an unsigned CNAME.
+              if (qtype != Type.DNAME && set.getType() == Type.DNAME) {
+                DNAMERecord dname = (DNAMERecord) set.first();
+                if (setIndex.getAndIncrement() < sectionRRsets.size()) {
+                  SRRset cnameSet = sectionRRsets.get(setIndex.get());
+                  // Validate the CNAME following a (validated) DNAME is correctly
+                  // synthesized.
+                  if (cnameSet.getType() == Type.CNAME && dname != null) {
+                    if (cnameSet.size() > 1) {
+                      response.setBogus(R.get("failed.synthesize.multiple"));
+                      return completedFuture(false);
+                    }
+
+                    CNAMERecord cname = (CNAMERecord) cnameSet.first();
+                    try {
+                      Name expected =
+                          Name.concatenate(
+                              cname.getName().relativize(dname.getName()), dname.getTarget());
+                      if (!expected.equals(cname.getTarget())) {
+                        response.setBogus(
+                            R.get("failed.synthesize.nomatch", cname.getTarget(), expected));
+                        return completedFuture(false);
+                      }
+                    } catch (NameTooLongException e) {
+                      response.setBogus(R.get("failed.synthesize.toolong"));
+                      return completedFuture(false);
+                    }
+
+                    cnameSet.setSecurityStatus(SecurityStatus.SECURE);
+                  }
+                }
+              }
+
+              setIndex.getAndIncrement();
+              return this.validateAnswerAndGetWildcardsRecursive(
+                  response, qtype, wcs, setIndex, executor);
+            });
+  }
+
+  /**
+   * Validate a NOERROR/NODATA signed response -- a response that has a NOERROR Rcode but no ANSWER
+   * section RRsets. This consists of verifying the authority section rrsets and making certain that
+   * the authority section NSEC/NSEC3s proves that the qname does exist and the qtype doesn't.
+   *
+   * <p>Note that by the time this method is called, the process of finding the trusted DNSKEY rrset
+   * that signs this response must already have been completed.
+   *
+   * @param request The request that generated this response.
+   * @param response The response to validate.
+   * @param nsec3State State to keep track of NSEC3 hashes and calculation count.
+   * @param executor The service to use for async operations.
+   */
+  private CompletionStage<Void> validateNodataResponse(
+      Message request, SMessage response, Nsec3ValidationState nsec3State, Executor executor) {
+    Name intermediateQname = request.getQuestion().getName();
+    int qtype = request.getQuestion().getType();
+
+    // Since we are here, the ANSWER section is either empty (and hence
+    // there's only the NODATA to validate) OR it contains an incomplete
+    // chain. In this case, the records were already validated before and we
+    // can concentrate on following the qname that lead to the NODATA
+    // classification
+    for (SRRset set : response.getSectionRRsets(Section.ANSWER)) {
+      if (set.getSecurityStatus() != SecurityStatus.SECURE) {
+        response.setBogus(R.get("failed.answer.cname_nodata", set.getName()));
+        return completedFuture(null);
+      }
+
+      if (set.getType() == Type.CNAME) {
+        intermediateQname = ((CNAMERecord) set.first()).getTarget();
+      }
+    }
+
+    // validate the AUTHORITY section
+    Name qname = intermediateQname;
+    return this.validateNodataResponseRecursive(
+            response, new AtomicInteger(0), nsec3State, executor)
+        .handleAsync(
+            (result, ex) -> {
+              if (ex != null) {
+                return null;
+              }
+
+              // If true, then the NODATA has been proven.
+              boolean hasValidNSEC = false;
+
+              // for wildcard nodata responses. This is the proven closest encloser.
+              Name ce = null;
+
+              // for wildcard nodata responses. This is the wildcard NSEC.
+              NsecProvesNodataResponse ndp = new NsecProvesNodataResponse();
+
+              // A collection of NSEC3 RRs found in the authority section.
+              List<SRRset> nsec3s = new ArrayList<>(0);
+
+              // The RRSIG signer field for the NSEC3 RRs.
+              Name nsec3Signer = null;
+
+              int edeReason = ExtendedErrorCodeOption.NSEC_MISSING;
+              for (SRRset set : response.getSectionRRsets(Section.AUTHORITY)) {
+                // If we encounter an NSEC record, try to use it to prove NODATA.
+                // This needs to handle the empty non-terminal (ENT) NODATA case.
+                if (set.getType() == Type.NSEC) {
+                  NSECRecord nsec = (NSECRecord) set.first();
+                  ndp = ValUtils.nsecProvesNodata(set, nsec, qname, qtype);
+                  if (ndp.result) {
+                    hasValidNSEC = true;
+                  } else {
+                    edeReason = ExtendedErrorCodeOption.DNSSEC_BOGUS;
+                  }
+
+                  if (ValUtils.nsecProvesNameError(set, nsec, qname)) {
+                    ce = ValUtils.closestEncloser(qname, set.getName(), nsec.getNext());
+                  }
+                }
+
+                // Collect any NSEC3 records present.
+                if (set.getType() == Type.NSEC3) {
+                  nsec3s.add(set);
+                  nsec3Signer = set.getSignerName();
+                }
+              }
+
+              // check to see if we have a wildcard NODATA proof.
+
+              // The wildcard NODATA is 1 NSEC proving that qname does not exist (and
+              // also proving what the closest encloser is), and 1 NSEC showing the
+              // matching wildcard, which must be *.closest_encloser.
+              if (ndp.wc != null && (ce == null || (!ce.equals(ndp.wc) && !qname.equals(ce)))) {
+                edeReason = ExtendedErrorCodeOption.DNSSEC_BOGUS;
+                hasValidNSEC = false;
+              }
+
+              this.n3valUtils.stripUnknownAlgNSEC3s(nsec3s);
+              if (!hasValidNSEC && !nsec3s.isEmpty()) {
+                log.debug("Using NSEC3 records");
+
+                // try to prove NODATA with our NSEC3 record(s)
+                if (this.n3valUtils.allNSEC3sIgnorable(nsec3s, this.keyCache)) {
+                  response.setBogus(R.get("failed.nsec3_ignored"));
+                  return null;
+                }
+
+                JustifiedSecStatus res =
+                    this.n3valUtils.proveNodata(nsec3s, qname, qtype, nsec3Signer, nsec3State);
+                edeReason = res.edeReason;
+                if (res.status == SecurityStatus.INSECURE) {
+                  response.setStatus(SecurityStatus.INSECURE, -1);
+                  return null;
+                }
+
+                hasValidNSEC = res.status == SecurityStatus.SECURE;
+              }
+
+              if (!hasValidNSEC) {
+                response.setBogus(R.get("failed.nodata"), edeReason);
+                log.trace("Failed NODATA for {}", qname);
+                return null;
+              }
+
+              log.trace("Successfully validated NODATA response");
+              response.setStatus(SecurityStatus.SECURE, -1);
+              return null;
+            });
+  }
+
+  private CompletionStage<Void> validateNodataResponseRecursive(
+      SMessage response,
+      AtomicInteger setIndex,
+      Nsec3ValidationState nsec3State,
+      Executor executor) {
+    if (setIndex.get() >= response.getSectionRRsets(Section.AUTHORITY).size()) {
+      return completedFuture(null);
+    }
+
+    SRRset set = response.getSectionRRsets(Section.AUTHORITY).get(setIndex.getAndIncrement());
+    return this.prepareFindKey(set, executor)
+        .thenComposeAsync(
+            ke -> {
+              JustifiedSecStatus kve = ke.validateKeyFor(set);
+              if (kve != null) {
+                kve.applyToResponse(response);
+                return this.failedFuture(new Exception(kve.reason));
+              }
+
+              JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant());
+              if (res.status != SecurityStatus.SECURE) {
+                response.setBogus(R.get("failed.authority.nodata", set));
+                return this.failedFuture(new Exception("failed.authority.nodata"));
+              }
+
+              return this.validateNodataResponseRecursive(response, setIndex, nsec3State, executor);
+            });
+  }
+
+  private <T> CompletionStage<T> failedFuture(Throwable e) {
+    CompletableFuture<T> f = new CompletableFuture<>();
+    f.completeExceptionally(e);
+    return f;
+  }
+
+  /**
+   * Validate a NAMEERROR signed response -- a response that has a NXDOMAIN Rcode. This consists of
+   * verifying the authority section rrsets and making certain that the authority section NSEC
+   * proves that the qname doesn't exist and the covering wildcard also doesn't exist..
+   *
+   * <p>Note that by the time this method is called, the process of finding the trusted DNSKEY rrset
+   * that signs this response must already have been completed.
+   *
+   * @param request The request to be proved to not exist.
+   * @param response The response to validate.
+   * @param nsec3State State to keep track of NSEC3 hashes and calculation count.
+   * @param executor The service to use for async operations.
+   */
+  private CompletionStage<Void> validateNameErrorResponse(
+      Message request, SMessage response, Nsec3ValidationState nsec3State, Executor executor) {
+    Name intermediateQname = request.getQuestion().getName();
+
+    // The ANSWER section is either empty OR it contains an xNAME chain that
+    // ultimately lead to the NAMEERROR response. In this case the ANSWER
+    // section has already been validated before and we can concentrate on
+    // following the xNAMEs to find the qname that caused the NXDOMAIN.
+    for (SRRset set : response.getSectionRRsets(Section.ANSWER)) {
+      if (set.getSecurityStatus() != SecurityStatus.SECURE) {
+        response.setBogus(R.get("failed.nxdomain.cname_nxdomain", set));
+        return completedFuture(null);
+      }
+
+      if (set.getType() == Type.CNAME) {
+        intermediateQname = ((CNAMERecord) set.first()).getTarget();
+      }
+    }
+
+    // validate the AUTHORITY section
+    Name qname = intermediateQname;
+    return this.validateNameErrorResponseRecursive(response, new AtomicInteger(0), executor)
+        .thenComposeAsync(
+            v -> {
+              // Validate the authority section -- all RRsets in the authority section
+              // must be signed and valid.
+              // In addition, the NSEC record(s) must prove the NXDOMAIN condition.
+              boolean hasValidNSEC = false;
+              boolean hasValidWCNSEC = false;
+              List<SRRset> nsec3s = new ArrayList<>(0);
+              Name nsec3Signer = null;
+              int previousClosestEncloseLabels = 0;
+
+              for (SRRset set : response.getSectionRRsets(Section.AUTHORITY)) {
+                // If we encounter an NSEC record, try to use it to prove NODATA.
+                // This needs to handle the empty non-terminal (ENT) NODATA case.
+                if (set.getType() == Type.NSEC) {
+                  NSECRecord nsec = (NSECRecord) set.first();
+                  if (ValUtils.nsecProvesNameError(set, nsec, qname)) {
+                    hasValidNSEC = true;
+                  }
+
+                  Name next = nsec.getNext();
+                  int closestEncloserLabels =
+                      ValUtils.closestEncloser(qname, set.getName(), next).labels();
+                  if (closestEncloserLabels > previousClosestEncloseLabels
+                      || (closestEncloserLabels == previousClosestEncloseLabels
+                          && !hasValidWCNSEC)) {
+                    hasValidWCNSEC = ValUtils.nsecProvesNoWC(set, nsec, qname);
+                  }
+
+                  previousClosestEncloseLabels = closestEncloserLabels;
+                }
+
+                if (set.getType() == Type.NSEC3) {
+                  nsec3s.add(set);
+                  nsec3Signer = set.getSignerName();
+                }
+              }
+
+              this.n3valUtils.stripUnknownAlgNSEC3s(nsec3s);
+              if ((!hasValidNSEC || !hasValidWCNSEC) && !nsec3s.isEmpty()) {
+                log.debug("Validating nxdomain: using NSEC3 records");
+
+                // Attempt to prove name error with nsec3 records.
+                if (this.n3valUtils.allNSEC3sIgnorable(nsec3s, this.keyCache)) {
+                  response.setStatus(SecurityStatus.INSECURE, -1, R.get("failed.nsec3_ignored"));
+                  return completedFuture(null);
+                }
+
+                SecurityStatus status =
+                    this.n3valUtils.proveNameError(nsec3s, qname, nsec3Signer, nsec3State);
+                if (status != SecurityStatus.SECURE) {
+                  if (status == SecurityStatus.INSECURE) {
+                    response.setStatus(status, -1, R.get("failed.nxdomain.nsec3_insecure"));
+                  } else {
+                    response.setStatus(
+                        status,
+                        ExtendedErrorCodeOption.DNSSEC_BOGUS,
+                        R.get("failed.nxdomain.nsec3_bogus"));
+                  }
+
+                  return completedFuture(null);
+                }
+
+                // Note that we assume that the NSEC3ValUtils proofs encompass the
+                // wildcard part of the proof.
+                hasValidNSEC = true;
+                hasValidWCNSEC = true;
+              }
+
+              if (!hasValidNSEC || !hasValidWCNSEC) {
+                boolean hasValidNSEC2 = hasValidNSEC;
+
+                // Be lenient with RCODE in NSEC NameError responses
+                return this.validateNodataResponse(request, response, nsec3State, executor)
+                    .thenRun(
+                        () -> {
+                          if (response.getStatus() == SecurityStatus.SECURE) {
+                            response.getHeader().setRcode(Rcode.NOERROR);
+                          } else {
+                            // If the message fails to prove either condition, it is bogus.
+                            if (!hasValidNSEC2) {
+                              response.setBogus(
+                                  R.get(
+                                      "failed.nxdomain.exists", response.getQuestion().getName()));
+                              return;
+                            }
+
+                            response.setBogus(R.get("failed.nxdomain.haswildcard"));
+                          }
+                        });
+              }
+
+              // Otherwise, we consider the message secure.
+              log.trace("Successfully validated NAME ERROR response");
+              response.setStatus(SecurityStatus.SECURE, -1);
+              return completedFuture(null);
+            })
+        .exceptionally(ex -> null);
+  }
+
+  private CompletionStage<Void> validateNameErrorResponseRecursive(
+      SMessage response, AtomicInteger setIndex, Executor executor) {
+    if (setIndex.get() >= response.getSectionRRsets(Section.AUTHORITY).size()) {
+      return completedFuture(null);
+    }
+
+    SRRset set = response.getSectionRRsets(Section.AUTHORITY).get(setIndex.getAndIncrement());
+    return this.prepareFindKey(set, executor)
+        .thenCompose(
+            ke -> {
+              JustifiedSecStatus kve = ke.validateKeyFor(set);
+              if (kve != null) {
+                kve.applyToResponse(response);
+                return this.failedFuture(new Exception(kve.reason));
+              }
+
+              JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant());
+              if (res.status != SecurityStatus.SECURE) {
+                response.setBogus(R.get("failed.nxdomain.authority", set));
+                return this.failedFuture(new Exception("failed.nxdomain.authority"));
+              }
+
+              return this.validateNameErrorResponseRecursive(response, setIndex, executor);
+            });
+  }
+
+  private CompletionStage<SMessage> sendRequest(Message request, Executor executor) {
+    Record q = request.getQuestion();
+    log.trace(
+        "Sending request: <{}/{}/{}>",
+        q.getName(),
+        Type.string(q.getType()),
+        DClass.string(q.getDClass()));
+
+    // Send the request along by using a local copy of the request
+    Message localRequest = request.clone();
+    localRequest.getHeader().setFlag(Flags.CD);
+    return this.headResolver
+        .sendAsync(localRequest, executor)
+        .thenApply(message -> new SMessage(message.normalize(localRequest)));
+  }
+
+  private CompletionStage<KeyEntry> prepareFindKey(SRRset rrset, Executor executor) {
+    FindKeyState state = new FindKeyState();
+    state.signerName = rrset.getSignerName();
+    state.qclass = rrset.getDClass();
+
+    if (state.signerName == null) {
+      state.signerName = rrset.getName();
+    }
+
+    RRset trustAnchorRRset = this.trustAnchors.find(state.signerName, rrset.getDClass());
+    if (trustAnchorRRset == null) {
+      // response isn't under a trust anchor, so we cannot validate.
+      KeyEntry ke =
+          KeyEntry.newNullKeyEntry(state.signerName, rrset.getDClass(), DEFAULT_TA_BAD_KEY_TTL);
+      return completedFuture(ke);
+    }
+
+    SRRset trustAnchorSRRset = new SRRset(trustAnchorRRset);
+    trustAnchorSRRset.setSecurityStatus(SecurityStatus.SECURE);
+    state.keyEntry = this.keyCache.find(state.signerName, rrset.getDClass());
+    if (state.keyEntry == null
+        || (!state.keyEntry.getName().equals(state.signerName) && state.keyEntry.isGood())) {
+      // start the FINDKEY phase with the trust anchor
+      if (trustAnchorSRRset.getType() == Type.DS) {
+        state.dsRRset = trustAnchorSRRset;
+        state.keyEntry = null;
+        state.currentDSKeyName = new Name(trustAnchorRRset.getName(), 1);
+        // and otherwise, don't continue processing this event.
+        // (it will be reactivated when the priming query returns).
+        return this.processFindKey(state, executor).thenApply(v -> state.keyEntry);
+      } else {
+        state.keyEntry = KeyEntry.newKeyEntry(trustAnchorSRRset);
+        state.keyEntry.setSecurityStatus(SecurityStatus.SECURE);
+        this.keyCache.store(state.keyEntry);
+      }
+    }
+
+    return completedFuture(state.keyEntry);
+  }
+
+  /**
+   * Process the FINDKEY state. Generally this just calculates the next name to query and either
+   * issues a DS or a DNSKEY query. It will check to see if the correct key has already been
+   * reached, in which case it will advance the event to the next state.
+   *
+   * @param state The state associated with the current key finding phase.
+   */
+  private CompletionStage<Void> processFindKey(FindKeyState state, Executor executor) {
+    // We know that state.keyEntry is not a null or bad key -- if it were,
+    // then previous processing should have directed this event to a
+    // different state.
+    int qclass = state.qclass;
+    Name targetKeyName = state.signerName;
+    Name currentKeyName = Name.empty;
+    if (state.keyEntry != null) {
+      currentKeyName = state.keyEntry.getName();
+    }
+
+    if (state.currentDSKeyName != null) {
+      currentKeyName = state.currentDSKeyName;
+      state.currentDSKeyName = null;
+    }
+
+    // If our current key entry matches our target, then we are done.
+    if (currentKeyName.equals(targetKeyName)) {
+      return completedFuture(null);
+    }
+
+    if (state.emptyDSName != null) {
+      currentKeyName = state.emptyDSName;
+    }
+
+    // Calculate the next lookup name.
+    int targetLabels = targetKeyName.labels();
+    int currentLabels = currentKeyName.labels();
+    int l = targetLabels - currentLabels - 1;
+
+    // the next key name would be trying to invent a name, so we stop here
+    if (l < 0) {
+      return completedFuture(null);
+    }
+
+    Name nextKeyName = new Name(targetKeyName, l);
+    log.trace(
+        "Key search: targetKeyName = {}, currentKeyName = {}, nextKeyName = {}",
+        targetKeyName,
+        currentKeyName,
+        nextKeyName);
+
+    // The next step is either to query for the next DS, or to query for the
+    // next DNSKEY.
+    if (state.dsRRset == null || !state.dsRRset.getName().equals(nextKeyName)) {
+      Message dsRequest = Message.newQuery(Record.newRecord(nextKeyName, Type.DS, qclass));
+      return this.sendRequest(dsRequest, executor)
+          .thenComposeAsync(
+              dsResponse -> this.processDSResponse(dsRequest, dsResponse, state, executor));
+    }
+
+    // Otherwise, it is time to query for the DNSKEY
+    Message dnskeyRequest =
+        Message.newQuery(Record.newRecord(state.dsRRset.getName(), Type.DNSKEY, qclass));
+    return this.sendRequest(dnskeyRequest, executor)
+        .thenComposeAsync(
+            dnskeyResponse ->
+                this.processDNSKEYResponse(dnskeyRequest, dnskeyResponse, state, executor));
+  }
+
+  /**
+   * Given a DS response, the DS request, and the current key rrset, validate the DS response,
+   * returning a KeyEntry.
+   *
+   * @param response The DS response.
+   * @param request The DS request.
+   * @param keyRrset The current DNSKEY rrset from the forEvent state.
+   * @return A KeyEntry, bad if the DS response fails to validate, null if the DS response indicated
+   *     an end to secure space, good if the DS validated. It returns null if the DS response
+   *     indicated that the request wasn't a delegation point.
+   */
+  private KeyEntry dsResponseToKE(SMessage response, Message request, KeyEntry keyRrset) {
+    Name qname = request.getQuestion().getName();
+    int qclass = request.getQuestion().getDClass();
+
+    JustifiedSecStatus res;
+    ResponseClassification subtype = ValUtils.classifyResponse(request, response);
+
+    KeyEntry bogusKE = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL);
+    switch (subtype) {
+      case POSITIVE:
+        // Verify only returns BOGUS or SECURE. If the rrset is bogus,
+        // then we are done.
+        SRRset dsRrset = response.findAnswerRRset(qname, Type.DS, qclass);
+        res = this.valUtils.verifySRRset(dsRrset, keyRrset, this.clock.instant());
+        if (res.status != SecurityStatus.SECURE) {
+          bogusKE.setBadReason(res.edeReason, res.reason);
+          return bogusKE;
+        }
+
+        if (!valUtils.atLeastOneSupportedAlgorithm(dsRrset)) {
+          KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, dsRrset.getTTL());
+          nullKey.setBadReason(
+              ExtendedErrorCodeOption.UNSUPPORTED_DNSKEY_ALGORITHM,
+              R.get("insecure.ds.noalgorithms", qname));
+          return nullKey;
+        }
+
+        // Otherwise, we return the positive response.
+        log.trace("DS RRset was good");
+        return KeyEntry.newKeyEntry(dsRrset);
+
+      case CNAME:
+        // Verify only returns BOGUS or SECURE. If the rrset is bogus,
+        // then we are done.
+        SRRset cnameRrset = response.findAnswerRRset(qname, Type.CNAME, qclass);
+        res = this.valUtils.verifySRRset(cnameRrset, keyRrset, this.clock.instant());
+        if (res.status == SecurityStatus.SECURE) {
+          return null;
+        }
+
+        bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.cname"));
+        return bogusKE;
+
+      case NODATA:
+      case NAMEERROR:
+        return this.dsResponseToKeForNodata(response, request, keyRrset);
+
+      default:
+        // We've encountered an unhandled classification for this
+        // response.
+        bogusKE.setBadReason(
+            ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.notype", subtype));
+        return bogusKE;
+    }
+  }
+
+  /**
+   * Given a DS response, the DS request, and the current key rrset, validate the DS response for
+   * the NODATA case, returning a KeyEntry.
+   *
+   * @param response The DS response.
+   * @param request The DS request.
+   * @param keyRrset The current DNSKEY rrset from the forEvent state.
+   * @return A KeyEntry, bad if the DS response fails to validate, null if the DS response indicated
+   *     an end to secure space, good if the DS validated. It returns null if the DS response
+   *     indicated that the request wasn't a delegation point.
+   */
+  private KeyEntry dsResponseToKeForNodata(SMessage response, Message request, KeyEntry keyRrset) {
+    Name qname = request.getQuestion().getName();
+    int qclass = request.getQuestion().getDClass();
+    KeyEntry bogusKE = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL);
+
+    if (!this.valUtils.hasSignedNsecs(response)) {
+      bogusKE.setBadReason(
+          ExtendedErrorCodeOption.RRSIGS_MISSING, R.get("failed.ds.nonsec", qname));
+      return bogusKE;
+    }
+
+    // Try to prove absence of the DS with NSEC
+    JustifiedSecStatus status =
+        this.valUtils.nsecProvesNodataDsReply(request, response, keyRrset, this.clock.instant());
+    switch (status.status) {
+      case SECURE:
+        KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL);
+        nullKey.setBadReason(-1, R.get("insecure.ds.nsec"));
+        return nullKey;
+      case INSECURE:
+        return null;
+      case BOGUS:
+        bogusKE.setBadReason(status.edeReason, status.reason);
+        return bogusKE;
+      default:
+        // NSEC proof did not work, try NSEC3
+        break;
+    }
+
+    // Or it could be using NSEC3.
+    List<SRRset> nsec3Rrsets = response.getSectionRRsets(Section.AUTHORITY, Type.NSEC3);
+    List<SRRset> nsec3s = new ArrayList<>(0);
+    Name nsec3Signer = null;
+    long nsec3TTL = -1;
+    if (!nsec3Rrsets.isEmpty()) {
+      // Attempt to prove no DS with NSEC3s.
+      for (SRRset nsec3set : nsec3Rrsets) {
+        JustifiedSecStatus res =
+            this.valUtils.verifySRRset(nsec3set, keyRrset, this.clock.instant());
+        if (res.status != SecurityStatus.SECURE) {
+          // We could just fail here as there is an invalid rrset, but
+          // skipping doesn't matter because we might not need it or
+          // the proof will fail anyway.
+          log.debug("Skipping bad NSEC3");
+          continue;
+        }
+
+        nsec3Signer = nsec3set.getSignerName();
+        if (nsec3TTL < 0 || nsec3set.getTTL() < nsec3TTL) {
+          nsec3TTL = nsec3set.getTTL();
+        }
+
+        nsec3s.add(nsec3set);
+      }
+
+      Nsec3ValidationState nsec3State = new Nsec3ValidationState();
+      switch (this.n3valUtils.proveNoDS(nsec3s, qname, nsec3Signer, nsec3State)) {
+        case INSECURE:
+        case SECURE:
+          // case insecure also continues to unsigned space.
+          // If nsec3-iter-count too high or optout, then treat below as unsigned
+          KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, nsec3TTL);
+          nullKey.setBadReason(-1, R.get("insecure.ds.nsec3"));
+          return nullKey;
+        case INDETERMINATE:
+          log.debug("NSEC3s for the referral proved no delegation");
+          return null;
+        case BOGUS:
+          bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.nsec3"));
+          return bogusKE;
+        default:
+          bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("unknown.ds.nsec3"));
+          return bogusKE;
+      }
+    }
+
+    // Apparently no available NSEC/NSEC3 proved NODATA, so this is
+    // BOGUS.
+    bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.unknown"));
+    return bogusKE;
+  }
+
+  /**
+   * This handles the responses to locally generated DS queries.
+   *
+   * @param request The request for which the response is processed.
+   * @param response The response to process.
+   * @param state The state associated with the current key finding phase.
+   */
+  private CompletionStage<Void> processDSResponse(
+      Message request, SMessage response, FindKeyState state, Executor executor) {
+    Name qname = request.getQuestion().getName();
+
+    state.emptyDSName = null;
+    state.dsRRset = null;
+
+    KeyEntry dsKE = this.dsResponseToKE(response, request, state.keyEntry);
+    if (dsKE == null) {
+      // DS response indicated that we aren't on a delegation point.
+      state.emptyDSName = qname;
+    } else if (dsKE.isGood()) {
+      state.dsRRset = dsKE;
+      state.currentDSKeyName = new Name(dsKE.getName(), 1);
+    } else {
+      // The reason for the DS to be not good (that is, either bad
+      // or null) should have been logged by dsResponseToKE.
+      state.keyEntry = dsKE;
+      if (dsKE.isNull()) {
+        this.keyCache.store(dsKE);
+      }
+
+      // The FINDKEY phase has ended, so move on.
+      return completedFuture(null);
+    }
+
+    return this.processFindKey(state, executor);
+  }
+
+  private CompletionStage<Void> processDNSKEYResponse(
+      Message request, SMessage response, FindKeyState state, Executor executor) {
+    Name qname = request.getQuestion().getName();
+    int qclass = request.getQuestion().getDClass();
+
+    SRRset dnskeyRrset = response.findAnswerRRset(qname, Type.DNSKEY, qclass);
+    if (dnskeyRrset == null) {
+      // If the DNSKEY rrset was missing, this is the end of the line.
+      state.keyEntry = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL);
+      state.keyEntry.setBadReason(
+          ExtendedErrorCodeOption.DNSKEY_MISSING, R.get("dnskey.no_rrset", qname));
+      return completedFuture(null);
+    }
+
+    state.keyEntry =
+        this.valUtils.verifyNewDNSKEYs(
+            dnskeyRrset, state.dsRRset, DEFAULT_TA_BAD_KEY_TTL, this.clock.instant());
+
+    // If the key entry isBad or isNull, then we can move on to the next
+    // state.
+    if (!state.keyEntry.isGood()) {
+      return completedFuture(null);
+    }
+
+    // The DNSKEY validated, so cache it as a trusted key rrset.
+    this.keyCache.store(state.keyEntry);
+
+    // If good, we stay in the FINDKEY state.
+    return this.processFindKey(state, executor);
+  }
+
+  private CompletionStage<SMessage> processValidate(
+      Message request, SMessage response, Executor executor) {
+    ResponseClassification subtype = ValUtils.classifyResponse(request, response);
+    if (subtype != ResponseClassification.REFERRAL) {
+      this.removeSpuriousAuthority(response);
+    }
+
+    Nsec3ValidationState nsec3State = new Nsec3ValidationState();
+    CompletionStage<Void> completionStage;
+    switch (subtype) {
+      case POSITIVE:
+      case CNAME:
+      case ANY:
+        log.trace("Validating a positive response");
+        completionStage = this.validatePositiveResponse(request, response, nsec3State, executor);
+        break;
+
+      case NODATA:
+        log.trace("Validating a nodata response");
+        completionStage = this.validateNodataResponse(request, response, nsec3State, executor);
+        break;
+
+      case CNAME_NODATA:
+        log.trace("Validating a CNAME_NODATA response");
+        completionStage =
+            this.validatePositiveResponse(request, response, nsec3State, executor)
+                .thenCompose(
+                    v -> {
+                      if (response.getStatus() != SecurityStatus.INSECURE) {
+                        response.setStatus(SecurityStatus.UNCHECKED, -1);
+                        return this.validateNodataResponse(request, response, nsec3State, executor);
+                      }
+
+                      return completedFuture(null);
+                    });
+        break;
+
+      case NAMEERROR:
+        log.trace("Validating a nxdomain response");
+        completionStage = this.validateNameErrorResponse(request, response, nsec3State, executor);
+        break;
+
+      case CNAME_NAMEERROR:
+        log.trace("Validating a cname_nxdomain response");
+        completionStage =
+            this.validatePositiveResponse(request, response, nsec3State, executor)
+                .thenCompose(
+                    v -> {
+                      if (response.getStatus() != SecurityStatus.INSECURE) {
+                        response.setStatus(SecurityStatus.UNCHECKED, -1);
+                        return this.validateNameErrorResponse(
+                            request, response, nsec3State, executor);
+                      }
+
+                      return completedFuture(null);
+                    });
+        break;
+
+      default:
+        response.setBogus(R.get("validate.response.unknown", subtype));
+        completionStage = completedFuture(null);
+        break;
+    }
+
+    return completionStage.thenApply(v -> this.processFinishedState(request, response));
+  }
+
+  /**
+   * Apply any final massaging to a response before returning up the pipeline. Primarily this means
+   * setting the AD bit or not and possibly stripping DNSSEC data.
+   */
+  private SMessage processFinishedState(Message request, SMessage response) {
+    // If the response message validated, set the AD bit.
+    SecurityStatus status = response.getStatus();
+    String reason = response.getBogusReason();
+    int edeReason = response.getEdeReason();
+    switch (status) {
+      case BOGUS:
+        // For now, in the absence of any other API information, we
+        // return SERVFAIL.
+        int code = response.getHeader().getRcode();
+        if (code == Rcode.NOERROR || code == Rcode.NXDOMAIN) {
+          code = Rcode.SERVFAIL;
+        }
+
+        response = ValidatingResolver.errorMessage(request, code);
+        break;
+      case SECURE:
+        response.getHeader().setFlag(Flags.AD);
+        break;
+      case UNCHECKED:
+      case INSECURE:
+        break;
+      default:
+        throw new IllegalArgumentException("unexpected security status");
+    }
+
+    response.setStatus(status, edeReason, reason);
+    return response;
+  }
+
+  // Resolver-interface implementation --------------------------------------
+
+  /**
+   * Forwards the data to the head resolver passed at construction time.
+   *
+   * @param port The IP destination port for the queries sent.
+   * @see Resolver#setPort(int)
+   */
+  @Override
+  public void setPort(int port) {
+    this.headResolver.setPort(port);
+  }
+
+  /**
+   * Forwards the data to the head resolver passed at construction time.
+   *
+   * @param flag <code>true</code> to enable TCP, <code>false</code> to disable it.
+   * @see Resolver#setTCP(boolean)
+   */
+  @Override
+  public void setTCP(boolean flag) {
+    this.headResolver.setTCP(flag);
+  }
+
+  /**
+   * This is a no-op, truncation is never ignored.
+   *
+   * @param flag unused
+   */
+  @Override
+  public void setIgnoreTruncation(boolean flag) {
+    // never ignore
+  }
+
+  /**
+   * The method is forwarded to the resolver, but always ensure that the level is 0 and the flags
+   * contains DO.
+   *
+   * @param version The EDNS level to use. 0 indicates EDNS0.
+   * @param payloadSize The maximum DNS packet size that this host is capable of receiving over UDP.
+   *     If 0 is specified, the default (1280) is used.
+   * @param flags EDNS extended flags to be set in the OPT record, {@link ExtendedFlags#DO} is
+   *     always appended.
+   * @param options EDNS options to be set in the OPT record, specified as a List of
+   *     OPTRecord.Option elements.
+   * @see Resolver#setEDNS(int, int, int, List)
+   */
+  @Override
+  public void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options) {
+    if (version == -1) {
+      throw new IllegalArgumentException("EDNS cannot be disabled");
+    }
+
+    this.headResolver.setEDNS(version, payloadSize, flags | ExtendedFlags.DO, options);
+  }
+
+  /**
+   * Forwards the data to the head resolver passed at construction time.
+   *
+   * @param key The key.
+   * @see Resolver#setTSIGKey(TSIG)
+   */
+  @Override
+  public void setTSIGKey(TSIG key) {
+    this.headResolver.setTSIGKey(key);
+  }
+
+  @Override
+  public Duration getTimeout() {
+    return this.headResolver.getTimeout();
+  }
+
+  @Override
+  public void setTimeout(Duration duration) {
+    this.headResolver.setTimeout(duration);
+  }
+
+  /**
+   * Asynchronously sends a message and validates the response with DNSSEC before returning it.
+   *
+   * @param query The query to send.
+   * @param executor The service to use for async operations.
+   * @return A future that completes when the query is finished.
+   */
+  @Override
+  public CompletionStage<Message> sendAsync(Message query, Executor executor) {
+    return this.sendRequest(query, executor)
+        .thenCompose(
+            response -> {
+              response.getHeader().unsetFlag(Flags.AD);
+
+              // If the CD bit is set, do not process the (cached) validation status.
+              if (query.getHeader().getFlag(Flags.CD)) {
+                return completedFuture(response.getMessage());
+              }
+
+              // Positive RRSIG responses cannot be validated as there are no
+              // signatures on signatures. Negative answers CAN be validated.
+              Message rrsigResponse = response.getMessage();
+              if (query.getQuestion().getType() == Type.RRSIG
+                  && rrsigResponse.getHeader().getRcode() == Rcode.NOERROR
+                  && !rrsigResponse.getSectionRRsets(Section.ANSWER).isEmpty()) {
+                rrsigResponse.getHeader().unsetFlag(Flags.AD);
+                return completedFuture(rrsigResponse);
+              }
+
+              return this.processValidate(query, response, executor)
+                  .thenApply(
+                      validated -> {
+                        Message m = validated.getMessage();
+                        String reason = validated.getBogusReason();
+                        if (reason != null) {
+                          applyEdeToOpt(validated, m);
+                          if (isAddReasonToAdditional) {
+                            addValidationReasonTxtRecord(m, reason);
+                          }
+                        }
+
+                        return m;
+                      });
+            });
+  }
+
+  private void applyEdeToOpt(SMessage validated, Message m) {
+    if (validated.getEdeReason() <= -1) {
+      return;
+    }
+
+    OPTRecord old = m.getOPT();
+    OPTRecord newOpt;
+    List<EDNSOption> options = new ArrayList<>();
+    options.add(new ExtendedErrorCodeOption(validated.getEdeReason(), validated.getBogusReason()));
+    if (old != null) {
+      options.addAll(
+          old.getOptions().stream()
+              .filter(o -> o.getCode() != Code.EDNS_EXTENDED_ERROR)
+              .collect(Collectors.toList()));
+      newOpt =
+          new OPTRecord(
+              old.getPayloadSize(),
+              old.getExtendedRcode(),
+              old.getVersion(),
+              old.getFlags(),
+              options);
+      m.removeRecord(m.getOPT(), Section.ADDITIONAL);
+    } else {
+      newOpt = new OPTRecord(SimpleResolver.DEFAULT_EDNS_PAYLOADSIZE, 0, 0, 0, options);
+    }
+    m.addRecord(newOpt, Section.ADDITIONAL);
+  }
+
+  private void addValidationReasonTxtRecord(Message m, String reason) {
+    final int maxTxtRecordStringLength = 255;
+    String[] parts = new String[reason.length() / maxTxtRecordStringLength + 1];
+    for (int i = 0; i < parts.length; i++) {
+      int length = Math.min((i + 1) * maxTxtRecordStringLength, reason.length());
+      parts[i] = reason.substring(i * maxTxtRecordStringLength, length);
+    }
+
+    m.addRecord(
+        new TXTRecord(Name.root, VALIDATION_REASON_QCLASS, 0, Arrays.asList(parts)),
+        Section.ADDITIONAL);
+  }
+
+  /**
+   * Creates a response message with the given return code.
+   *
+   * @param request The request for which the response belongs.
+   * @param rcode The response code, @see Rcode
+   * @return The response message for <code>request</code>.
+   */
+  private static SMessage errorMessage(Message request, int rcode) {
+    SMessage m = new SMessage(request.getHeader().getID(), request.getQuestion());
+    Header h = m.getHeader();
+    h.setRcode(rcode);
+    h.setFlag(Flags.QR);
+
+    return m;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/hosts/HostsFileParser.java b/src/main/java/org/xbill/DNS/hosts/HostsFileParser.java
new file mode 100644
index 000000000..2dda049c9
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/hosts/HostsFileParser.java
@@ -0,0 +1,319 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.hosts;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicInteger;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.Address;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.TextParseException;
+import org.xbill.DNS.Type;
+
+/**
+ * Parses and caches the system's local hosts database, otherwise known as {@code /etc/hosts}. The
+ * cache is cleared when the file is modified.
+ *
+ * @since 3.4
+ */
+@Slf4j
+public final class HostsFileParser {
+  private final int maxFullCacheFileSizeBytes =
+      Integer.parseInt(System.getProperty("dnsjava.hostsfile.max_size_bytes", "16384"));
+  private final Duration fileChangeCheckInterval =
+      Duration.ofMillis(
+          Integer.parseInt(
+              System.getProperty("dnsjava.hostsfile.change_check_interval_ms", "300000")));
+
+  private final Path path;
+  private final boolean clearCacheOnChange;
+  private Clock clock = Clock.systemUTC();
+
+  @SuppressWarnings("java:S3077")
+  private volatile Map<String, InetAddress> hostsCache;
+
+  private Instant lastFileModificationCheckTime = null;
+  private Instant lastFileReadTime = null;
+  private boolean isEntireFileParsed;
+  private boolean hostsFileWarningLogged = false;
+  private long hostsFileSizeBytes;
+
+  /**
+   * Creates a new instance based on the current OS's default. Unix and alike (or rather everything
+   * else than Windows) use {@code /etc/hosts}, while on Windows {@code
+   * %SystemRoot%\System32\drivers\etc\hosts} is used. The cache is cleared when the file has
+   * changed.
+   */
+  public HostsFileParser() {
+    this(
+        System.getProperty("os.name").contains("Windows")
+            ? Paths.get(System.getenv("SystemRoot"), "\\System32\\drivers\\etc\\hosts")
+            : Paths.get("/etc/hosts"),
+        true);
+  }
+
+  /**
+   * Creates an instance with a custom hosts database path. The cache is cleared when the file has
+   * changed.
+   *
+   * @param path The path to the hosts database.
+   */
+  public HostsFileParser(Path path) {
+    this(path, true);
+  }
+
+  /**
+   * Creates an instance with a custom hosts database path.
+   *
+   * @param path The path to the hosts database.
+   * @param clearCacheOnChange set to true to clear the cache when the hosts file changes.
+   */
+  public HostsFileParser(Path path, boolean clearCacheOnChange) {
+    this.path = Objects.requireNonNull(path, "path is required");
+    this.clearCacheOnChange = clearCacheOnChange;
+    if (Files.isDirectory(path)) {
+      throw new IllegalArgumentException("path must be a file");
+    }
+  }
+
+  /**
+   * Performs on-demand parsing and caching of the local hosts database.
+   *
+   * @param name the hostname to search for.
+   * @param type Record type to search for, see {@link org.xbill.DNS.Type}.
+   * @return The first address found for the requested hostname.
+   * @throws IOException When the parsing fails.
+   * @throws IllegalArgumentException when {@code type} is not {@link org.xbill.DNS.Type#A} or{@link
+   *     org.xbill.DNS.Type#AAAA}.
+   */
+  public Optional<InetAddress> getAddressForHost(Name name, int type) throws IOException {
+    Objects.requireNonNull(name, "name is required");
+    if (type != Type.A && type != Type.AAAA) {
+      throw new IllegalArgumentException("type can only be A or AAAA");
+    }
+
+    validateCache();
+
+    InetAddress cachedAddress = hostsCache.get(key(name, type));
+    if (cachedAddress != null) {
+      return Optional.of(cachedAddress);
+    }
+
+    if (isEntireFileParsed) {
+      return Optional.empty();
+    }
+
+    if (hostsFileSizeBytes > maxFullCacheFileSizeBytes) {
+      searchHostsFileForEntry(name, type);
+    }
+
+    return Optional.ofNullable(hostsCache.get(key(name, type)));
+  }
+
+  private void parseEntireHostsFile() throws IOException {
+    String line;
+    int lineNumber = 0;
+    AtomicInteger addressFailures = new AtomicInteger(0);
+    AtomicInteger nameFailures = new AtomicInteger(0);
+    try (BufferedReader hostsReader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) {
+      while ((line = hostsReader.readLine()) != null) {
+        LineData lineData = parseLine(++lineNumber, line, addressFailures, nameFailures);
+        if (lineData != null) {
+          for (Name lineName : lineData.names) {
+            InetAddress lineAddress =
+                InetAddress.getByAddress(lineName.toString(true), lineData.address);
+            hostsCache.putIfAbsent(key(lineName, lineData.type), lineAddress);
+          }
+        }
+      }
+    }
+
+    if (!hostsFileWarningLogged && (addressFailures.get() > 0 || nameFailures.get() > 0)) {
+      log.warn(
+          "Failed to parse entire hosts file {}, address failures={}, name failures={}",
+          path,
+          addressFailures.get(),
+          nameFailures);
+      hostsFileWarningLogged = true;
+    }
+  }
+
+  private void searchHostsFileForEntry(Name name, int type) throws IOException {
+    String line;
+    int lineNumber = 0;
+    AtomicInteger addressFailures = new AtomicInteger(0);
+    AtomicInteger nameFailures = new AtomicInteger(0);
+    try (BufferedReader hostsReader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) {
+      while ((line = hostsReader.readLine()) != null) {
+        LineData lineData = parseLine(++lineNumber, line, addressFailures, nameFailures);
+        if (lineData != null) {
+          for (Name lineName : lineData.names) {
+            boolean isSearchedEntry = lineName.equals(name);
+            if (isSearchedEntry && type == lineData.type) {
+              InetAddress lineAddress =
+                  InetAddress.getByAddress(lineName.toString(true), lineData.address);
+              hostsCache.putIfAbsent(key(lineName, lineData.type), lineAddress);
+              return;
+            }
+          }
+        }
+      }
+    }
+
+    if (!hostsFileWarningLogged && (addressFailures.get() > 0 || nameFailures.get() > 0)) {
+      log.warn(
+          "Failed to find {} in hosts file {}, address failures={}, name failures={}",
+          name,
+          path,
+          addressFailures.get(),
+          nameFailures);
+      hostsFileWarningLogged = true;
+    }
+  }
+
+  @RequiredArgsConstructor
+  private static final class LineData {
+    final int type;
+    final byte[] address;
+    final Iterable<? extends Name> names;
+  }
+
+  private LineData parseLine(
+      int lineNumber, String line, AtomicInteger addressFailures, AtomicInteger nameFailures) {
+    String[] lineTokens = getLineTokens(line);
+    if (lineTokens.length < 2) {
+      return null;
+    }
+
+    int lineAddressType = Type.A;
+    byte[] lineAddressBytes = Address.toByteArray(lineTokens[0], Address.IPv4);
+    if (lineAddressBytes == null) {
+      lineAddressBytes = Address.toByteArray(lineTokens[0], Address.IPv6);
+      lineAddressType = Type.AAAA;
+    }
+
+    if (lineAddressBytes == null) {
+      log.debug("Could not decode address {}, {}#L{}", lineTokens[0], path, lineNumber);
+      addressFailures.incrementAndGet();
+      return null;
+    }
+
+    Iterable<? extends Name> lineNames =
+        Arrays.stream(lineTokens)
+                .skip(1)
+                .map(lineTokenName -> safeName(lineTokenName, lineNumber, nameFailures))
+                .filter(Objects::nonNull)
+            ::iterator;
+    return new LineData(lineAddressType, lineAddressBytes, lineNames);
+  }
+
+  private Name safeName(String name, int lineNumber, AtomicInteger nameFailures) {
+    try {
+      return Name.fromString(name, Name.root);
+    } catch (TextParseException e) {
+      log.debug("Could not decode name {}, {}#L{}, skipping", name, path, lineNumber);
+      nameFailures.incrementAndGet();
+      return null;
+    }
+  }
+
+  private String[] getLineTokens(String line) {
+    // everything after a # until the end of the line is a comment
+    int commentStart = line.indexOf('#');
+    if (commentStart == -1) {
+      commentStart = line.length();
+    }
+
+    return line.substring(0, commentStart).trim().split("\\s+");
+  }
+
+  private void validateCache() throws IOException {
+    if (!clearCacheOnChange) {
+      if (hostsCache == null) {
+        synchronized (this) {
+          if (hostsCache == null) {
+            readHostsFile();
+          }
+        }
+      }
+
+      return;
+    }
+
+    if (hostsCache == null
+        || lastFileModificationCheckTime == null
+        || lastFileModificationCheckTime.plus(fileChangeCheckInterval).isBefore(clock.instant())) {
+      log.debug("Checked for changes more than 5minutes ago, checking");
+      // A filewatcher / inotify etc. would be nicer, but doesn't work. c.f. the write up at
+      // https://blog.arkey.fr/2019/09/13/watchservice-and-bind-mount/
+
+      synchronized (this) {
+        if (hostsCache != null
+            && lastFileModificationCheckTime != null
+            && !lastFileModificationCheckTime
+                .plus(fileChangeCheckInterval)
+                .isBefore(clock.instant())) {
+          log.debug("Never mind, check fulfilled in another thread");
+          return;
+        }
+
+        lastFileModificationCheckTime = clock.instant();
+        readHostsFile();
+      }
+    }
+  }
+
+  private void readHostsFile() throws IOException {
+    if (Files.exists(path)) {
+      Instant fileTime = Files.getLastModifiedTime(path).toInstant();
+      if (lastFileReadTime == null || !lastFileReadTime.equals(fileTime)) {
+        createOrClearCache();
+
+        hostsFileSizeBytes = Files.size(path);
+        if (hostsFileSizeBytes <= maxFullCacheFileSizeBytes) {
+          parseEntireHostsFile();
+          isEntireFileParsed = true;
+        }
+
+        lastFileReadTime = fileTime;
+      }
+    } else {
+      createOrClearCache();
+    }
+  }
+
+  private void createOrClearCache() {
+    if (hostsCache == null) {
+      hostsCache = new ConcurrentHashMap<>();
+    } else {
+      hostsCache.clear();
+    }
+  }
+
+  private String key(Name name, int type) {
+    return name.toString() + '\t' + type;
+  }
+
+  // for unit testing only
+  int cacheSize() {
+    return hostsCache == null ? 0 : hostsCache.size();
+  }
+
+  void setClock(Clock clock) {
+    this.clock = clock;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/io/DefaultIoClientFactory.java b/src/main/java/org/xbill/DNS/io/DefaultIoClientFactory.java
new file mode 100644
index 000000000..04d173f2c
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/io/DefaultIoClientFactory.java
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.io;
+
+import org.xbill.DNS.DefaultIoClient;
+import org.xbill.DNS.SimpleResolver;
+
+/**
+ * Serves as a default implementation that is used by the {@link SimpleResolver}, unless otherwise
+ * configured. This preserves the default behavior (to use the built-in NIO clients) while allowing
+ * flexibility at the point of use.
+ *
+ * @since 3.6
+ */
+public class DefaultIoClientFactory implements IoClientFactory {
+  /**
+   * Shared instance because it only serves as a bridge to the static NIO classes and does not need
+   * to be different per class.
+   */
+  private static final DefaultIoClient RESOLVER_CLIENT = new DefaultIoClient();
+
+  @Override
+  public TcpIoClient createOrGetTcpClient() {
+    return RESOLVER_CLIENT;
+  }
+
+  @Override
+  public UdpIoClient createOrGetUdpClient() {
+    return RESOLVER_CLIENT;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/io/IoClientFactory.java b/src/main/java/org/xbill/DNS/io/IoClientFactory.java
new file mode 100644
index 000000000..70154ff2e
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/io/IoClientFactory.java
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.io;
+
+import org.xbill.DNS.SimpleResolver;
+
+/**
+ * Interface for creating the TCP/UDP factories necessary for the {@link SimpleResolver}.
+ *
+ * @since 3.6
+ */
+public interface IoClientFactory {
+  /**
+   * Create or return a cached/reused instance of the TCP resolver that should be used to send DNS
+   * data over the wire to the remote target. <br>
+   * It is the responsibility of this method to manage pooling or connection reuse. This method is
+   * called right before the connection is made every time the {@link SimpleResolver} is called. The
+   * implementer of this method should be aware and choose how to pool or reuse connections.
+   *
+   * @return an instance of the tcp resolver client
+   */
+  TcpIoClient createOrGetTcpClient();
+
+  /**
+   * Create or return a cached/reused instance of the UDP resolver that should be used to send DNS
+   * data over the wire to the remote target.
+   *
+   * @return an instance of the udp resolver client
+   */
+  UdpIoClient createOrGetUdpClient();
+}
diff --git a/src/main/java/org/xbill/DNS/io/TcpIoClient.java b/src/main/java/org/xbill/DNS/io/TcpIoClient.java
new file mode 100644
index 000000000..e8febbef8
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/io/TcpIoClient.java
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.io;
+
+import java.net.InetSocketAddress;
+import java.time.Duration;
+import java.util.concurrent.CompletableFuture;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Resolver;
+
+/**
+ * Serves as an interface from a {@link Resolver} to the underlying mechanism for sending bytes over
+ * the wire as a TCP message.
+ *
+ * @since 3.6
+ */
+public interface TcpIoClient {
+  /**
+   * Sends a query to a remote server and returns the answer.
+   *
+   * @param local Address from which the connection is coming. may be {@code null} and the
+   *     implementation must decide on the local address.
+   * @param remote Address that the connection should send the data to.
+   * @param query DNS message representation of the outbound query.
+   * @param data Raw byte representation of the outbound query.
+   * @param timeout Duration before the connection will time out and be closed.
+   * @return A {@link CompletableFuture} that will be completed with the byte value of the response.
+   * @since 3.6
+   */
+  CompletableFuture<byte[]> sendAndReceiveTcp(
+      InetSocketAddress local,
+      InetSocketAddress remote,
+      Message query,
+      byte[] data,
+      Duration timeout);
+}
diff --git a/src/main/java/org/xbill/DNS/io/UdpIoClient.java b/src/main/java/org/xbill/DNS/io/UdpIoClient.java
new file mode 100644
index 000000000..394ccc4b3
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/io/UdpIoClient.java
@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.io;
+
+import java.net.InetSocketAddress;
+import java.time.Duration;
+import java.util.concurrent.CompletableFuture;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Resolver;
+
+/**
+ * Serves as an interface from a {@link Resolver} to the underlying mechanism for sending bytes over
+ * the wire as a UDP message.
+ *
+ * @since 3.6
+ */
+public interface UdpIoClient {
+  /**
+   * Sends a query to a remote server and returns the answer.
+   *
+   * @param local Address from which the connection is coming. may be {@code null} and the
+   *     implementation must decide on the local address.
+   * @param remote Address that the connection should send the data to.
+   * @param query DNS message representation of the outbound query.
+   * @param data Raw byte representation of the outbound query.
+   * @param max Size of the response buffer.
+   * @param timeout Duration before the connection will time out and be closed.
+   * @return A {@link CompletableFuture} that will be completed with the byte value of the response.
+   * @since 3.6
+   */
+  CompletableFuture<byte[]> sendAndReceiveUdp(
+      InetSocketAddress local,
+      InetSocketAddress remote,
+      Message query,
+      byte[] data,
+      int max,
+      Duration timeout);
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/InvalidZoneDataException.java b/src/main/java/org/xbill/DNS/lookup/InvalidZoneDataException.java
new file mode 100644
index 000000000..65583be59
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/InvalidZoneDataException.java
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+/**
+ * Sometimes DNS zone data involved in the lookup might be violating specifications. For example, a
+ * DNAME expansion might result in names that are too long or a query response might hold multiple
+ * CNAME records.
+ *
+ * @since 3.4
+ */
+public class InvalidZoneDataException extends LookupFailedException {
+  InvalidZoneDataException(String message, Throwable inner) {
+    super(message, inner);
+  }
+
+  public InvalidZoneDataException(String message) {
+    super(message);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/IrrelevantRecordMode.java b/src/main/java/org/xbill/DNS/lookup/IrrelevantRecordMode.java
new file mode 100644
index 000000000..2ff812908
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/IrrelevantRecordMode.java
@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+/** Defines the handling of irrelevant records during messages normalization. */
+enum IrrelevantRecordMode {
+  /** Irrelevant records are removed from the message, but otherwise ignored. */
+  REMOVE,
+  /** Throws an error when an irrelevant record is found. */
+  THROW,
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/LookupFailedException.java b/src/main/java/org/xbill/DNS/lookup/LookupFailedException.java
new file mode 100644
index 000000000..f45fb6185
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/LookupFailedException.java
@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+import lombok.AccessLevel;
+import lombok.Getter;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Type;
+
+/**
+ * A base class for all types of things that might fail when making a DNS lookup.
+ *
+ * @since 3.4
+ */
+public class LookupFailedException extends RuntimeException {
+  private final Name name;
+  private final int type;
+
+  @Getter(AccessLevel.PACKAGE)
+  private final boolean isAuthenticated;
+
+  public LookupFailedException() {
+    this(null, null, null, 0, false);
+  }
+
+  public LookupFailedException(String message) {
+    this(message, null, null, 0, false);
+  }
+
+  LookupFailedException(String message, Throwable inner) {
+    this(message, inner, null, 0, false);
+  }
+
+  /**
+   * Construct a LookupFailedException that also specifies the name and type of the lookup that
+   * failed.
+   *
+   * @param name the name that caused the failure.
+   * @param type the type that caused the failure.
+   */
+  public LookupFailedException(Name name, int type) {
+    this("Lookup for " + name + "/" + Type.string(type) + " failed", name, type);
+  }
+
+  /**
+   * Construct a LookupFailedException with a custom message that also specifies the name and type
+   * of the lookup that failed.
+   *
+   * @param name the name that caused the failure.
+   * @param type the type that caused the failure.
+   * @since 3.6
+   */
+  public LookupFailedException(String message, Name name, int type) {
+    this(message, null, name, type, false);
+  }
+
+  LookupFailedException(
+      String message, Throwable inner, Name name, int type, boolean isAuthenticated) {
+    super(message, inner);
+    this.name = name;
+    this.type = type;
+    this.isAuthenticated = isAuthenticated;
+  }
+
+  /** Gets the Name being looked up when this failure occurred. */
+  public Name getName() {
+    return name;
+  }
+
+  /** Gets the {@link org.xbill.DNS.Type} being looked up when this failure occurred. */
+  public int getType() {
+    return type;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/LookupResult.java b/src/main/java/org/xbill/DNS/lookup/LookupResult.java
new file mode 100644
index 000000000..57e6e40f8
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/LookupResult.java
@@ -0,0 +1,109 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import lombok.AccessLevel;
+import lombok.Data;
+import lombok.Getter;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+
+/**
+ * LookupResult instances holds the result of a successful lookup operation.
+ *
+ * @since 3.4
+ */
+@Data
+public final class LookupResult {
+  /** An unmodifiable list of records that this instance wraps, may not be null but can be empty */
+  private final List<Record> records;
+
+  /**
+   * In the case of CNAME or DNAME indirection, this property contains the original name as well as
+   * any intermediate redirect targets except the last one. For example, if X is a CNAME pointing to
+   * Y which is a CNAME pointing to Z which has an A record, aliases will hold X and Y after
+   * successful lookup.
+   */
+  private final List<Name> aliases;
+
+  /** The queries and responses that made up the result. */
+  @Getter(AccessLevel.PACKAGE)
+  private final Map<Record, Message> queryResponsePairs;
+
+  /**
+   * Gets an indication if the message(s) that provided this result were authenticated, e.g. by
+   * using {@link org.xbill.DNS.dnssec.ValidatingResolver} or when the upstream resolver has set the
+   * {@link org.xbill.DNS.Flags#AD} flag.
+   *
+   * <p><b>IMPORTANT</b>: Note that in the latter case, the flag cannot be trusted unless the {@link
+   * org.xbill.DNS.Resolver} used by the {@link LookupSession} that created this result:
+   *
+   * <ul>
+   *   <li>has TSIG enabled
+   *   <li>uses an externally secured transport, e.g. with IPSec or DNS over TLS.
+   * </ul>
+   */
+  @Getter(AccessLevel.PACKAGE)
+  private final boolean isAuthenticated;
+
+  /**
+   * Construct an instance with the provided records and, in the case of a CNAME or DNAME
+   * indirection a List of aliases.
+   *
+   * @param records a list of records to return.
+   * @param aliases a list of aliases discovered during lookup, or null if there was no indirection.
+   * @deprecated This class is not intended for public instantiation.
+   */
+  @Deprecated
+  public LookupResult(List<Record> records, List<Name> aliases) {
+    this.records = Collections.unmodifiableList(new ArrayList<>(records));
+    this.aliases =
+        aliases == null
+            ? Collections.emptyList()
+            : Collections.unmodifiableList(new ArrayList<>(aliases));
+    queryResponsePairs = Collections.emptyMap();
+    isAuthenticated = false;
+  }
+
+  LookupResult(boolean isAuthenticated) {
+    queryResponsePairs = Collections.emptyMap();
+    this.isAuthenticated = isAuthenticated;
+    records = Collections.emptyList();
+    aliases = Collections.emptyList();
+  }
+
+  LookupResult(Record query, boolean isAuthenticated, Record result) {
+    this.queryResponsePairs = Collections.singletonMap(query, null);
+    this.isAuthenticated = isAuthenticated;
+    this.records = Collections.singletonList(result);
+    this.aliases = Collections.emptyList();
+  }
+
+  LookupResult(
+      LookupResult previous,
+      Record query,
+      Message answer,
+      boolean isAuthenticated,
+      List<Record> records,
+      List<Name> aliases) {
+    Map<Record, Message> map = new HashMap<>(previous.queryResponsePairs.size() + 1);
+    map.putAll(previous.queryResponsePairs);
+    map.put(query, answer);
+    this.queryResponsePairs = Collections.unmodifiableMap(map);
+    this.isAuthenticated =
+        previous.isAuthenticated
+            && isAuthenticated
+            && this.queryResponsePairs.values().stream()
+                .filter(Objects::nonNull)
+                .allMatch(a -> a.getHeader().getFlag(Flags.AD));
+    this.records = Collections.unmodifiableList(new ArrayList<>(records));
+    this.aliases = Collections.unmodifiableList(new ArrayList<>(aliases));
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/LookupSession.java b/src/main/java/org/xbill/DNS/lookup/LookupSession.java
new file mode 100644
index 000000000..892594789
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/LookupSession.java
@@ -0,0 +1,721 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ForkJoinPool;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import lombok.NonNull;
+import lombok.ToString;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.AAAARecord;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.CNAMERecord;
+import org.xbill.DNS.Cache;
+import org.xbill.DNS.Credibility;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNAMERecord;
+import org.xbill.DNS.EDNSOption;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.ExtendedResolver;
+import org.xbill.DNS.Lookup;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.NameTooLongException;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Resolver;
+import org.xbill.DNS.ResolverConfig;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.SetResponse;
+import org.xbill.DNS.SimpleResolver;
+import org.xbill.DNS.Type;
+import org.xbill.DNS.WireParseException;
+import org.xbill.DNS.hosts.HostsFileParser;
+
+/**
+ * LookupSession provides facilities to make DNS Queries. A LookupSession is intended to be long
+ * lived, and it's behaviour can be configured using the properties of the {@link
+ * LookupSessionBuilder} instance returned by {@link #builder()}.
+ *
+ * @since 3.4
+ */
+@Slf4j
+public class LookupSession {
+
+  public static final int DEFAULT_MAX_ITERATIONS = 16;
+  public static final int DEFAULT_NDOTS = 1;
+
+  private final Resolver resolver;
+  private final int maxRedirects;
+  private final int ndots;
+  private final List<Name> searchPath;
+  private final boolean cycleResults;
+  private final Map<Integer, Cache> caches;
+  private final HostsFileParser hostsFileParser;
+  private final Executor executor;
+  private final IrrelevantRecordMode irrelevantRecordMode;
+
+  private LookupSession(
+      @NonNull Resolver resolver,
+      int maxRedirects,
+      int ndots,
+      List<Name> searchPath,
+      boolean cycleResults,
+      List<Cache> caches,
+      HostsFileParser hostsFileParser,
+      Executor executor,
+      IrrelevantRecordMode irrelevantRecordMode) {
+    this.resolver = resolver;
+    this.maxRedirects = maxRedirects;
+    this.ndots = ndots;
+    this.searchPath = searchPath;
+    this.cycleResults = cycleResults;
+    this.caches =
+        caches == null
+            ? Collections.emptyMap()
+            : caches.stream().collect(Collectors.toMap(Cache::getDClass, e -> e));
+    this.hostsFileParser = hostsFileParser;
+    this.executor = executor == null ? ForkJoinPool.commonPool() : executor;
+    this.irrelevantRecordMode = irrelevantRecordMode;
+  }
+
+  /**
+   * A builder for {@link LookupSession} instances. An instance of this class is obtained by calling
+   * {@link LookupSession#builder()} and configured using the methods with names corresponding to
+   * the different properties. Once fully configured, a {@link LookupSession} instance is obtained
+   * by calling {@link LookupSessionBuilder#build()} on the builder instance.
+   */
+  @ToString
+  public static class LookupSessionBuilder {
+
+    private Resolver resolver;
+    private int maxRedirects;
+    private int ndots;
+    private List<Name> searchPath;
+    private boolean cycleResults;
+    private List<Cache> caches;
+    private HostsFileParser hostsFileParser;
+    private Executor executor;
+    private IrrelevantRecordMode irrelevantRecordMode = IrrelevantRecordMode.REMOVE;
+
+    private LookupSessionBuilder() {}
+
+    /**
+     * The {@link Resolver} to use to look up records.
+     *
+     * @return {@code this}.
+     */
+    public LookupSessionBuilder resolver(@NonNull Resolver resolver) {
+      this.resolver = resolver;
+      return this;
+    }
+
+    /**
+     * The maximum number of CNAME or DNAME redirects allowed before lookups will fail with {@link
+     * RedirectOverflowException}. Defaults to {@value
+     * org.xbill.DNS.lookup.LookupSession#DEFAULT_MAX_ITERATIONS}.
+     *
+     * @return {@code this}.
+     */
+    public LookupSessionBuilder maxRedirects(int maxRedirects) {
+      this.maxRedirects = maxRedirects;
+      return this;
+    }
+
+    /**
+     * The threshold for the number of dots which must appear in a name before it is considered
+     * absolute. The default is {@value org.xbill.DNS.lookup.LookupSession#DEFAULT_NDOTS}, meaning
+     * that if there are any dots in a name, the name will be tried first as an absolute name.
+     *
+     * @return {@code this}.
+     */
+    public LookupSessionBuilder ndots(int ndots) {
+      this.ndots = ndots;
+      return this;
+    }
+
+    /**
+     * Configures the search path used to look up relative names with less than ndots dots.
+     *
+     * @return {@code this}.
+     */
+    public LookupSessionBuilder searchPath(Name searchPath) {
+      if (this.searchPath == null) {
+        this.searchPath = new ArrayList<>();
+      }
+      this.searchPath.add(searchPath);
+      return this;
+    }
+
+    /**
+     * Configures the search path used to look up relative names with less than ndots dots.
+     *
+     * @return {@code this}.
+     */
+    public LookupSessionBuilder searchPath(Collection<? extends Name> searchPath) {
+      if (this.searchPath == null) {
+        this.searchPath = new ArrayList<>();
+      }
+      this.searchPath.addAll(searchPath);
+      return this;
+    }
+
+    /**
+     * Removes all search paths.
+     *
+     * @return {@code this}.
+     */
+    public LookupSessionBuilder clearSearchPath() {
+      if (this.searchPath != null) {
+        this.searchPath.clear();
+      }
+      return this;
+    }
+
+    /**
+     * If set to {@code true}, cached results with multiple records will be returned with the
+     * starting point shifted one step per request.
+     *
+     * @return {@code this}.
+     */
+    public LookupSessionBuilder cycleResults(boolean cycleResults) {
+      this.cycleResults = cycleResults;
+      return this;
+    }
+
+    /**
+     * Configures the local hosts database file parser to use within this session.
+     *
+     * @return {@code this}.
+     */
+    public LookupSessionBuilder hostsFileParser(HostsFileParser hostsFileParser) {
+      this.hostsFileParser = hostsFileParser;
+      return this;
+    }
+
+    /**
+     * The executor to use when running lookups.
+     *
+     * @return {@code this}.
+     */
+    public LookupSessionBuilder executor(Executor executor) {
+      this.executor = executor;
+      return this;
+    }
+
+    /**
+     * Sets how irrelevant records in a {@link Message} returned from the {@link
+     * #resolver(Resolver)} is handled. The default is {@link IrrelevantRecordMode#REMOVE}.
+     *
+     * @return {@code this}.
+     */
+    LookupSessionBuilder irrelevantRecordMode(IrrelevantRecordMode irrelevantRecordMode) {
+      this.irrelevantRecordMode = irrelevantRecordMode;
+      return this;
+    }
+
+    /**
+     * Enable querying the local hosts database using the system defaults.
+     *
+     * @return {@code this}.
+     * @see HostsFileParser
+     */
+    public LookupSessionBuilder defaultHostsFileParser() {
+      hostsFileParser = new HostsFileParser();
+      return this;
+    }
+
+    /**
+     * Enable caching using the supplied cache. An existing {@link Cache} for the same class will be
+     * replaced.
+     *
+     * @return {@code this}.
+     * @see Cache
+     */
+    public LookupSessionBuilder cache(@NonNull Cache cache) {
+      if (caches == null) {
+        caches = new ArrayList<>(1);
+      }
+      for (Cache c : caches) {
+        if (c.getDClass() == cache.getDClass()) {
+          caches.remove(c);
+          break;
+        }
+      }
+      caches.add(cache);
+      return this;
+    }
+
+    /**
+     * Enable caching using the supplied caches. Existing {@link Cache}s for the same class will be
+     * replaced.
+     *
+     * @return {@code this}.
+     * @see Cache
+     */
+    public LookupSessionBuilder caches(@NonNull Collection<Cache> caches) {
+      caches.forEach(this::cache);
+      return this;
+    }
+
+    /**
+     * Disables using a cache for lookups.
+     *
+     * @return {@code this}.
+     */
+    public LookupSessionBuilder clearCaches() {
+      if (caches != null) {
+        caches.clear();
+      }
+      return this;
+    }
+
+    /**
+     * Enable caching using the supplied cache for the given class.
+     *
+     * @param dclass unused
+     * @return {@code this}.
+     * @see Cache
+     * @deprecated use {@link #cache(Cache)}, the {@link Cache} already provides the class.
+     */
+    @Deprecated
+    public LookupSessionBuilder cache(@NonNull Integer dclass, @NonNull Cache cache) {
+      cache(cache);
+      return this;
+    }
+
+    /**
+     * Enable caching using the supplied caches.
+     *
+     * @param caches unused
+     * @return {@code this}.
+     * @see Cache
+     * @deprecated use {@link #cache(Cache)} or {@link #caches(Collection)}, the {@link Cache}
+     *     already provides the class.
+     */
+    @Deprecated
+    public LookupSessionBuilder caches(@NonNull Map<Integer, Cache> caches) {
+      return caches(caches.values());
+    }
+
+    /** Create an instance of {@link LookupSession} configured by this builder. */
+    public LookupSession build() {
+      // note that this transform is idempotent, as concatenating an already absolute Name with root
+      // is a noop.
+      if (searchPath != null) {
+        searchPath =
+            searchPath.stream()
+                .map(
+                    name -> {
+                      try {
+                        return Name.concatenate(name, Name.root);
+                      } catch (NameTooLongException e) {
+                        throw new IllegalArgumentException("Search path name too long");
+                      }
+                    })
+                .collect(Collectors.toCollection(ArrayList::new));
+      } else {
+        searchPath = Collections.emptyList();
+      }
+
+      return new LookupSession(
+          resolver,
+          maxRedirects,
+          ndots,
+          searchPath,
+          cycleResults,
+          caches,
+          hostsFileParser,
+          executor,
+          irrelevantRecordMode);
+    }
+  }
+
+  /**
+   * Returns an empty {@link LookupSessionBuilder} instance. See {@link #defaultBuilder()} for a
+   * builder initialized with defaults.
+   */
+  public static LookupSessionBuilder builder() {
+    LookupSessionBuilder builder = new LookupSessionBuilder();
+    builder.maxRedirects = DEFAULT_MAX_ITERATIONS;
+    builder.ndots = DEFAULT_NDOTS;
+    return builder;
+  }
+
+  /**
+   * Returns a {@link LookupSessionBuilder} instance initialized with defaults.
+   *
+   * <ul>
+   *   <li>Resolver: an {@link org.xbill.DNS.ExtendedResolver} initialized with the system's default
+   *       DNS servers as determined by {@link org.xbill.DNS.ResolverConfig}.
+   *   <li>ndots: as determined by {@link org.xbill.DNS.ResolverConfig}.
+   *   <li>Cache: A cache for the {@code IN} class is installed.
+   *   <li>Hosts: The local host database file is used.
+   * </ul>
+   */
+  public static LookupSessionBuilder defaultBuilder() {
+    return builder()
+        .resolver(
+            new ExtendedResolver(
+                ResolverConfig.getCurrentConfig().servers().stream()
+                    .map(SimpleResolver::new)
+                    .collect(Collectors.toList())))
+        .ndots(ResolverConfig.getCurrentConfig().ndots())
+        .cache(new Cache(DClass.IN))
+        .defaultHostsFileParser();
+  }
+
+  // Visible for testing only
+  Cache getCache(int dclass) {
+    return caches.get(dclass);
+  }
+
+  /**
+   * Make an asynchronous lookup with the provided {@link Record}.
+   *
+   * @param question the name, type and DClass to look up.
+   * @return A {@link CompletionStage} what will yield the eventual lookup result.
+   * @since 3.6
+   */
+  public CompletionStage<LookupResult> lookupAsync(Record question) {
+    return lookupAsync(question.getName(), question.getType(), question.getDClass());
+  }
+
+  /**
+   * Make an asynchronous lookup of the provided name using the default {@link DClass#IN}.
+   *
+   * @param name the name to look up.
+   * @param type the type to look up, values should correspond to constants in {@link Type}.
+   * @return A {@link CompletionStage} what will yield the eventual lookup result.
+   */
+  public CompletionStage<LookupResult> lookupAsync(Name name, int type) {
+    return lookupAsync(name, type, DClass.IN);
+  }
+
+  /**
+   * Make an asynchronous lookup of the provided name.
+   *
+   * @param name the name to look up.
+   * @param type the type to look up, values should correspond to constants in {@link Type}.
+   * @param dclass the class to look up, values should correspond to constants in {@link DClass}.
+   * @return A {@link CompletionStage} what will yield the eventual lookup result.
+   */
+  public CompletionStage<LookupResult> lookupAsync(Name name, int type, int dclass) {
+    List<Name> searchNames = expandName(name);
+    LookupResult localHostsLookupResult = lookupWithHosts(searchNames, type);
+    if (localHostsLookupResult != null) {
+      return CompletableFuture.completedFuture(localHostsLookupResult);
+    }
+
+    return lookupUntilSuccess(searchNames.iterator(), type, dclass);
+  }
+
+  /**
+   * Generate a stream of names according to the search path application semantics. The semantics of
+   * this is a bit odd, but they are inherited from {@link Lookup}. Note that the stream returned is
+   * never empty, as it will at the very least always contain {@code name}.
+   */
+  List<Name> expandName(Name name) {
+    if (name.isAbsolute()) {
+      return Collections.singletonList(name);
+    }
+
+    List<Name> fromSearchPath =
+        searchPath.stream()
+            .map(searchSuffix -> safeConcat(name, searchSuffix))
+            .filter(Objects::nonNull)
+            .collect(Collectors.toCollection(ArrayList::new));
+
+    if (name.labels() > ndots) {
+      fromSearchPath.add(0, safeConcat(name, Name.root));
+    } else {
+      fromSearchPath.add(safeConcat(name, Name.root));
+    }
+
+    return fromSearchPath;
+  }
+
+  private static Name safeConcat(Name name, Name suffix) {
+    try {
+      return Name.concatenate(name, suffix);
+    } catch (NameTooLongException e) {
+      return null;
+    }
+  }
+
+  private LookupResult lookupWithHosts(List<Name> names, int type) {
+    if (hostsFileParser != null && (type == Type.A || type == Type.AAAA)) {
+      try {
+        for (Name name : names) {
+          Optional<InetAddress> result = hostsFileParser.getAddressForHost(name, type);
+          if (result.isPresent()) {
+            Record r;
+            if (type == Type.A) {
+              r = new ARecord(name, DClass.IN, 0, result.get());
+            } else {
+              r = new AAAARecord(name, DClass.IN, 0, result.get());
+            }
+
+            return new LookupResult(Record.newRecord(name, type, DClass.IN), true, r);
+          }
+        }
+      } catch (IOException e) {
+        log.debug("Local hosts database parsing failed, ignoring and using resolver", e);
+      }
+    }
+
+    return null;
+  }
+
+  private CompletionStage<LookupResult> lookupUntilSuccess(
+      Iterator<Name> names, int type, int dclass) {
+
+    Record query = Record.newRecord(names.next(), type, dclass);
+    return lookupWithCache(query, null)
+        .thenCompose(answer -> resolveRedirects(answer, query))
+        .handle(
+            (result, ex) -> {
+              Throwable cause = ex == null ? null : ex.getCause();
+              if (cause instanceof NoSuchDomainException || cause instanceof NoSuchRRSetException) {
+                if (names.hasNext()) {
+                  return lookupUntilSuccess(names, type, dclass);
+                } else {
+                  return this.<Throwable, LookupResult>completeExceptionally(cause);
+                }
+              } else if (cause != null) {
+                return this.<Throwable, LookupResult>completeExceptionally(cause);
+              } else {
+                return CompletableFuture.completedFuture(result);
+              }
+            })
+        .thenCompose(Function.identity());
+  }
+
+  private CompletionStage<LookupResult> lookupWithCache(Record queryRecord, List<Name> aliases) {
+    return Optional.ofNullable(caches.get(queryRecord.getDClass()))
+        .map(
+            c -> {
+              log.debug(
+                  "Looking for <{}/{}/{}> in cache",
+                  queryRecord.getName(),
+                  Type.string(queryRecord.getType()),
+                  DClass.string(queryRecord.getDClass()));
+              return c.lookupRecords(
+                  queryRecord.getName(), queryRecord.getType(), Credibility.NORMAL);
+            })
+        .map(setResponse -> setResponseToMessageFuture(setResponse, queryRecord, aliases))
+        .orElseGet(() -> lookupWithResolver(queryRecord, aliases));
+  }
+
+  private CompletionStage<LookupResult> lookupWithResolver(Record queryRecord, List<Name> aliases) {
+    Message query = Message.newQuery(queryRecord);
+    log.debug(
+        "Asking {} for <{}/{}/{}>",
+        resolver,
+        queryRecord.getName(),
+        Type.string(queryRecord.getType()),
+        DClass.string(queryRecord.getDClass()));
+    return resolver
+        .sendAsync(query, executor)
+        .thenCompose(
+            m -> {
+              try {
+                Message normalized =
+                    m.normalize(query, irrelevantRecordMode == IrrelevantRecordMode.THROW);
+
+                log.trace(
+                    "Normalized response for <{}/{}/{}> from \n{}\ninto\n{}",
+                    queryRecord.getName(),
+                    Type.string(queryRecord.getType()),
+                    DClass.string(queryRecord.getDClass()),
+                    m,
+                    normalized);
+                if (normalized == null) {
+                  return completeExceptionally(
+                      new InvalidZoneDataException("Failed to normalize message"));
+                }
+                return CompletableFuture.completedFuture(normalized);
+              } catch (WireParseException e) {
+                return completeExceptionally(
+                    new LookupFailedException(
+                        "Message normalization failed, refusing to return it", e));
+              }
+            })
+        .thenApply(this::maybeAddToCache)
+        .thenApply(answer -> buildResult(answer, aliases, queryRecord));
+  }
+
+  private Message maybeAddToCache(Message message) {
+    for (RRset set : message.getSectionRRsets(Section.ANSWER)) {
+      if ((set.getType() == Type.CNAME || set.getType() == Type.DNAME) && set.size() != 1) {
+        throw new InvalidZoneDataException("Multiple CNAME RRs not allowed, see RFC 1034 3.6.2");
+      }
+    }
+    Optional.ofNullable(caches.get(message.getQuestion().getDClass()))
+        .ifPresent(cache -> cache.addMessage(message));
+    return message;
+  }
+
+  @SuppressWarnings("deprecation")
+  private CompletionStage<LookupResult> setResponseToMessageFuture(
+      SetResponse setResponse, Record queryRecord, List<Name> aliases) {
+    if (setResponse.isNXDOMAIN()) {
+      return completeExceptionally(
+          new NoSuchDomainException(queryRecord.getName(), queryRecord.getType()));
+    }
+
+    if (setResponse.isNXRRSET()) {
+      return completeExceptionally(
+          new NoSuchRRSetException(queryRecord.getName(), queryRecord.getType()));
+    }
+
+    if (setResponse.isCNAME()) {
+      return CompletableFuture.completedFuture(
+          new LookupResult(Collections.singletonList(setResponse.getCNAME()), aliases));
+    } else if (setResponse.isDNAME()) {
+      return CompletableFuture.completedFuture(
+          new LookupResult(Collections.singletonList(setResponse.getDNAME()), aliases));
+    } else if (setResponse.isSuccessful()) {
+      List<Record> records =
+          setResponse.answers().stream()
+              .flatMap(rrset -> rrset.rrs(cycleResults).stream())
+              .collect(Collectors.toList());
+      return CompletableFuture.completedFuture(new LookupResult(records, aliases));
+    }
+
+    return null;
+  }
+
+  private <T extends Throwable, R> CompletionStage<R> completeExceptionally(T failure) {
+    CompletableFuture<R> future = new CompletableFuture<>();
+    future.completeExceptionally(failure);
+    return future;
+  }
+
+  private CompletionStage<LookupResult> resolveRedirects(LookupResult response, Record query) {
+    return maybeFollowRedirect(response, query, 0);
+  }
+
+  private CompletionStage<LookupResult> maybeFollowRedirect(
+      LookupResult response, Record query, int redirectCount) {
+    if (redirectCount > maxRedirects) {
+      throw new RedirectOverflowException(maxRedirects);
+    }
+
+    List<Record> records = response.getRecords();
+    if (!records.isEmpty()
+        && query.getType() != records.get(0).getType()
+        && (records.get(0).getType() == Type.CNAME || records.get(0).getType() == Type.DNAME)) {
+      return maybeFollowRedirectsInAnswer(response, query, redirectCount);
+    } else {
+      return CompletableFuture.completedFuture(response);
+    }
+  }
+
+  @SuppressWarnings("deprecation")
+  private CompletionStage<LookupResult> maybeFollowRedirectsInAnswer(
+      LookupResult response, Record query, int redirectCount) {
+    List<Name> aliases = new ArrayList<>(response.getAliases());
+    List<Record> results = new ArrayList<>();
+    Name current = query.getName();
+    for (Record r : response.getRecords()) {
+      // Abort with a dedicated exception for loops instead of simply trying until reaching the max
+      // redirects
+      if (aliases.contains(current)) {
+        return completeExceptionally(new RedirectLoopException(maxRedirects));
+      }
+
+      if (redirectCount >= maxRedirects) {
+        throw new RedirectOverflowException(maxRedirects);
+      }
+
+      if (r.getDClass() != query.getDClass()) {
+        continue;
+      }
+
+      if (r.getType() == Type.CNAME && current.equals(r.getName())) {
+        aliases.add(current);
+        redirectCount++;
+        current = ((CNAMERecord) r).getTarget();
+      } else if (r.getType() == Type.DNAME && current.subdomain(r.getName())) {
+        aliases.add(current);
+        redirectCount++;
+        try {
+          current = current.fromDNAME((DNAMERecord) r);
+        } catch (NameTooLongException e) {
+          throw new InvalidZoneDataException(
+              "Cannot derive DNAME from " + r + " for " + current, e);
+        }
+      } else if (r.getType() == query.getType() && current.equals(r.getName())) {
+        results.add(r);
+      }
+    }
+
+    if (!results.isEmpty()) {
+      return CompletableFuture.completedFuture(new LookupResult(results, aliases));
+    }
+
+    // Abort with a dedicated exception for loops instead of simply trying until reaching the max
+    // redirects
+    if (aliases.contains(current)) {
+      return completeExceptionally(new RedirectLoopException(maxRedirects));
+    }
+
+    if (redirectCount >= maxRedirects) {
+      throw new RedirectOverflowException(maxRedirects);
+    }
+
+    int finalRedirectCount = redirectCount;
+    Record redirectQuery = Record.newRecord(current, query.getType(), query.getDClass());
+    return lookupWithCache(redirectQuery, aliases)
+        .thenCompose(
+            responseFromCache ->
+                maybeFollowRedirect(responseFromCache, redirectQuery, finalRedirectCount));
+  }
+
+  /**
+   * Returns a LookupResult if this response was a non-exceptional empty result, throws otherwise.
+   */
+  @SuppressWarnings("deprecation")
+  private static LookupResult buildResult(Message answer, List<Name> aliases, Record query) {
+    int rcode = answer.getRcode();
+    List<Record> answerRecords = answer.getSection(Section.ANSWER);
+    if (answerRecords.isEmpty() && rcode != Rcode.NOERROR) {
+      switch (rcode) {
+        case Rcode.NXDOMAIN:
+          throw new NoSuchDomainException(query.getName(), query.getType());
+        case Rcode.NXRRSET:
+          throw new NoSuchRRSetException(query.getName(), query.getType());
+        case Rcode.SERVFAIL:
+          if (answer.getOPT() != null) {
+            List<EDNSOption> options =
+                answer.getOPT().getOptions(EDNSOption.Code.EDNS_EXTENDED_ERROR);
+            if (!options.isEmpty()) {
+              throw new ServerFailedException(
+                  query.getName(), query.getType(), (ExtendedErrorCodeOption) options.get(0));
+            }
+          }
+
+          throw new ServerFailedException(query.getName(), query.getType());
+        default:
+          throw new LookupFailedException(
+              String.format("Unknown non-success error code %s", Rcode.string(rcode)));
+      }
+    }
+    return new LookupResult(answerRecords, aliases);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/NoSuchDomainException.java b/src/main/java/org/xbill/DNS/lookup/NoSuchDomainException.java
new file mode 100644
index 000000000..48f2f4199
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/NoSuchDomainException.java
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+import org.xbill.DNS.Name;
+
+/**
+ * Thrown to indicate that no data is associated with the given name, as indicated by the {@link
+ * org.xbill.DNS.Rcode#NXDOMAIN} response code as specified in RF2136 Section 2.2.
+ *
+ * @since 3.4
+ */
+public class NoSuchDomainException extends LookupFailedException {
+  public NoSuchDomainException(Name name, int type) {
+    this(name, type, false);
+  }
+
+  NoSuchDomainException(Name name, int type, boolean isAuthenticated) {
+    super(null, null, name, type, isAuthenticated);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/NoSuchRRSetException.java b/src/main/java/org/xbill/DNS/lookup/NoSuchRRSetException.java
new file mode 100644
index 000000000..bc6d0f4df
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/NoSuchRRSetException.java
@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+import org.xbill.DNS.Name;
+
+/**
+ * Thrown to indicate that records of the name and type queried does not exist, corresponding to the
+ * {@link org.xbill.DNS.Rcode#NXRRSET} return code as specified in RFC 2136, Section 2.2.
+ *
+ * @since 3.4
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2136#section-2">RFC 2136</a>
+ */
+public class NoSuchRRSetException extends LookupFailedException {
+  public NoSuchRRSetException(Name name, int type) {
+    this(name, type, false);
+  }
+
+  NoSuchRRSetException(Name name, int type, boolean isAuthenticated) {
+    super(null, null, name, type, isAuthenticated);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/RedirectLoopException.java b/src/main/java/org/xbill/DNS/lookup/RedirectLoopException.java
new file mode 100644
index 000000000..c32bba6ba
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/RedirectLoopException.java
@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+/**
+ * Thrown if the lookup results in a loop of CNAME and/or DNAME indirections.
+ *
+ * @since 3.6
+ */
+public class RedirectLoopException extends RedirectOverflowException {
+  public RedirectLoopException(int maxRedirects) {
+    super("Detected a redirect loop", maxRedirects);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/RedirectOverflowException.java b/src/main/java/org/xbill/DNS/lookup/RedirectOverflowException.java
new file mode 100644
index 000000000..2276aa96d
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/RedirectOverflowException.java
@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+import lombok.Getter;
+
+/**
+ * Thrown if the lookup results in too many CNAME and/or DNAME indirections. This would be the case
+ * for example if two CNAME records point to each other.
+ *
+ * @since 3.4
+ */
+public class RedirectOverflowException extends LookupFailedException {
+  @Getter private final int maxRedirects;
+
+  /**
+   * Do not use.
+   *
+   * @deprecated Use {@link RedirectOverflowException#RedirectOverflowException(int)}.
+   */
+  @Deprecated
+  public RedirectOverflowException(String message) {
+    super(message);
+    maxRedirects = 0;
+  }
+
+  /**
+   * @param maxRedirects Informational, indicates the after how many redirects following was
+   *     aborted.
+   * @since 3.4.2
+   */
+  public RedirectOverflowException(int maxRedirects) {
+    super("Refusing to follow more than " + maxRedirects + " redirects");
+    this.maxRedirects = maxRedirects;
+  }
+
+  RedirectOverflowException(String message, int maxRedirects) {
+    super(message);
+    this.maxRedirects = maxRedirects;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/ServerFailedException.java b/src/main/java/org/xbill/DNS/lookup/ServerFailedException.java
new file mode 100644
index 000000000..1ba098f71
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/ServerFailedException.java
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+import lombok.Getter;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Type;
+
+/**
+ * Represents a server failure. The upstream server responding to the request returned a {@link
+ * org.xbill.DNS.Rcode#SERVFAIL} status.
+ *
+ * @since 3.4
+ */
+public class ServerFailedException extends LookupFailedException {
+  /**
+   * An extended error code explaining why the server failed to return a result. May be {@code
+   * null}.
+   *
+   * @since 3.6
+   */
+  @Getter private final ExtendedErrorCodeOption extendedRcode;
+
+  public ServerFailedException() {
+    extendedRcode = null;
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param name The name in the query that caused the failure.
+   * @param type The type in the query that caused the failure.
+   * @since 3.6
+   */
+  public ServerFailedException(Name name, int type) {
+    super(name, type);
+    extendedRcode = null;
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param name The name in the query that caused the failure.
+   * @param type The type in the query that caused the failure.
+   * @param extendedRcode An extended error code explaining why the server failed to return a
+   *     result.
+   * @since 3.6
+   */
+  public ServerFailedException(Name name, int type, ExtendedErrorCodeOption extendedRcode) {
+    super(
+        "Lookup for " + name + "/" + Type.string(type) + " failed with " + extendedRcode.getText(),
+        name,
+        type);
+    this.extendedRcode = extendedRcode;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/spi/DNSJavaNameService.java b/src/main/java/org/xbill/DNS/spi/DNSJavaNameService.java
index aec70e5ae..dcc119850 100644
--- a/src/main/java/org/xbill/DNS/spi/DNSJavaNameService.java
+++ b/src/main/java/org/xbill/DNS/spi/DNSJavaNameService.java
@@ -1,8 +1,8 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2005 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS.spi;
 
-import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.Method;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
@@ -19,6 +19,7 @@
 import org.xbill.DNS.ReverseMap;
 import org.xbill.DNS.TextParseException;
 import org.xbill.DNS.Type;
+import sun.net.spi.nameservice.NameService;
 
 /**
  * This class implements a Name Service Provider, which Java can use (starting with version 1.4), to
@@ -26,20 +27,24 @@
  *
  * <p>This Name Service Provider uses dnsjava.
  *
- * <p>To use this provider, you must set the following system property:
- * <b>sun.net.spi.nameservice.provider.1=dns,dnsjava</b>
+ * <p>To use this provider, you must set the following system property: {@code
+ * sun.net.spi.nameservice.provider.1=dns,dnsjava}
  *
  * @author Brian Wellington
  * @author Paul Cowan (pwc21@yahoo.com)
  */
 @Slf4j
-public class DNSJavaNameService implements InvocationHandler {
+public class DNSJavaNameService implements NameService {
+  private static final String NAMESERVERS_PROPERTY = "sun.net.spi.nameservice.nameservers";
+  private static final String DOMAIN_PROPERTY = "sun.net.spi.nameservice.domain";
+  private static final String PREFER_V6_PROPERTY = "java.net.preferIPv6Addresses";
 
-  private static final String nsProperty = "sun.net.spi.nameservice.nameservers";
-  private static final String domainProperty = "sun.net.spi.nameservice.domain";
-  private static final String v6Property = "java.net.preferIPv6Addresses";
+  private final boolean preferV6;
 
-  private boolean preferV6 = false;
+  private Name localhostName = null;
+  private InetAddress[] localhostNamedAddresses = null;
+  private InetAddress[] localhostAddresses = null;
+  private boolean addressesLoaded = false;
 
   /**
    * Creates a DNSJavaNameService instance.
@@ -47,10 +52,11 @@ public class DNSJavaNameService implements InvocationHandler {
    * <p>Uses the <b>sun.net.spi.nameservice.nameservers</b>, <b>sun.net.spi.nameservice.domain</b>,
    * and <b>java.net.preferIPv6Addresses</b> properties for configuration.
    */
+  @SuppressWarnings("java:S3011")
   protected DNSJavaNameService() {
-    String nameServers = System.getProperty(nsProperty);
-    String domain = System.getProperty(domainProperty);
-    String v6 = System.getProperty(v6Property);
+    preferV6 = Boolean.getBoolean(PREFER_V6_PROPERTY);
+    String nameServers = System.getProperty(NAMESERVERS_PROPERTY);
+    String domain = System.getProperty(DOMAIN_PROPERTY);
 
     if (nameServers != null) {
       StringTokenizer st = new StringTokenizer(nameServers, ",");
@@ -63,47 +69,42 @@ protected DNSJavaNameService() {
         Resolver res = new ExtendedResolver(servers);
         Lookup.setDefaultResolver(res);
       } catch (UnknownHostException e) {
-        log.error("DNSJavaNameService: invalid {}", nsProperty);
+        log.error("DNSJavaNameService: invalid {}", NAMESERVERS_PROPERTY);
       }
     }
 
     if (domain != null) {
       try {
-        Lookup.setDefaultSearchPath(new String[] {domain});
+        Lookup.setDefaultSearchPath(domain);
       } catch (TextParseException e) {
-        log.error("DNSJavaNameService: invalid {}", domainProperty);
+        log.error("DNSJavaNameService: invalid {}", DOMAIN_PROPERTY);
       }
     }
 
-    if (v6 != null && v6.equalsIgnoreCase("true")) {
-      preferV6 = true;
-    }
-  }
+    try {
+      // retrieve the name from the system that is used as localhost
+      Class<?> inetAddressImplFactoryClass = Class.forName("java.net.InetAddressImplFactory");
+      Method createMethod = inetAddressImplFactoryClass.getDeclaredMethod("create");
+      createMethod.setAccessible(true);
 
-  @Override
-  public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
-    if (method.getName().equals("getHostByAddr")) {
-      return this.getHostByAddr((byte[]) args[0]);
-    } else if (method.getName().equals("lookupAllHostAddr")) {
-      InetAddress[] addresses;
-      addresses = this.lookupAllHostAddr((String) args[0]);
-      Class<?> returnType = method.getReturnType();
-      if (returnType.equals(InetAddress[].class)) {
-        // method for Java >= 1.6
-        return addresses;
-      } else if (returnType.equals(byte[][].class)) {
-        // method for Java <= 1.5
-        int naddrs = addresses.length;
-        byte[][] byteAddresses = new byte[naddrs][];
-        byte[] addr;
-        for (int i = 0; i < naddrs; i++) {
-          addr = addresses[i].getAddress();
-          byteAddresses[i] = addr;
-        }
-        return byteAddresses;
-      }
+      Object inetAddressImpl = createMethod.invoke(null);
+      Class<?> inetAddressImplClass = Class.forName("java.net.InetAddressImpl");
+      Method hostnameMethod = inetAddressImplClass.getMethod("getLocalHostName");
+      hostnameMethod.setAccessible(true);
+
+      localhostName = Name.fromString((String) hostnameMethod.invoke(inetAddressImpl));
+      Method lookupAllHostAddrMethod =
+          inetAddressImplClass.getMethod("lookupAllHostAddr", String.class);
+      lookupAllHostAddrMethod.setAccessible(true);
+
+      localhostNamedAddresses =
+          (InetAddress[]) lookupAllHostAddrMethod.invoke(inetAddressImpl, localhostName.toString());
+      localhostAddresses =
+          (InetAddress[]) lookupAllHostAddrMethod.invoke(inetAddressImpl, "localhost");
+      addressesLoaded = true;
+    } catch (Exception e) {
+      log.error("Could not obtain localhost", e);
     }
-    throw new IllegalArgumentException("Unknown function name or arguments.");
   }
 
   /**
@@ -112,15 +113,25 @@ public Object invoke(Object proxy, Method method, Object[] args) throws Throwabl
    * @param host The host name to resolve.
    * @return All the ip addresses found for the host name.
    */
+  @Override
   public InetAddress[] lookupAllHostAddr(String host) throws UnknownHostException {
     Name name;
-
     try {
       name = new Name(host);
     } catch (TextParseException e) {
       throw new UnknownHostException(host);
     }
 
+    // avoid asking a dns server (causing a probable timeout) when host is the name of the local
+    // host
+    if (addressesLoaded) {
+      if (name.equals(localhostName)) {
+        return localhostNamedAddresses;
+      } else if ("localhost".equalsIgnoreCase(host)) {
+        return localhostAddresses;
+      }
+    }
+
     Record[] records = null;
     if (preferV6) {
       records = new Lookup(name, Type.AAAA).run();
@@ -137,7 +148,6 @@ public InetAddress[] lookupAllHostAddr(String host) throws UnknownHostException
 
     InetAddress[] array = new InetAddress[records.length];
     for (int i = 0; i < records.length; i++) {
-      Record record = records[i];
       if (records[i] instanceof ARecord) {
         ARecord a = (ARecord) records[i];
         array[i] = a.getAddress();
@@ -155,11 +165,12 @@ public InetAddress[] lookupAllHostAddr(String host) throws UnknownHostException
    * @param addr The ip address to lookup.
    * @return The host name found for the ip address.
    */
+  @Override
   public String getHostByAddr(byte[] addr) throws UnknownHostException {
     Name name = ReverseMap.fromAddress(InetAddress.getByAddress(addr));
     Record[] records = new Lookup(name, Type.PTR).run();
     if (records == null) {
-      throw new UnknownHostException();
+      throw new UnknownHostException("Unknown address: " + name);
     }
     return ((PTRRecord) records[0]).getTarget().toString();
   }
diff --git a/src/main/java/org/xbill/DNS/spi/DNSJavaNameServiceDescriptor.java b/src/main/java/org/xbill/DNS/spi/DNSJavaNameServiceDescriptor.java
index c0fb07381..daf6f841c 100644
--- a/src/main/java/org/xbill/DNS/spi/DNSJavaNameServiceDescriptor.java
+++ b/src/main/java/org/xbill/DNS/spi/DNSJavaNameServiceDescriptor.java
@@ -1,8 +1,8 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 2005 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS.spi;
 
-import java.lang.reflect.Proxy;
 import sun.net.spi.nameservice.NameService;
 import sun.net.spi.nameservice.NameServiceDescriptor;
 
@@ -13,24 +13,10 @@
  * @author Paul Cowan (pwc21@yahoo.com)
  */
 public class DNSJavaNameServiceDescriptor implements NameServiceDescriptor {
-
-  private static NameService nameService;
-
-  static {
-    ClassLoader loader = NameService.class.getClassLoader();
-    if (loader == null) {
-      loader = Thread.currentThread().getContextClassLoader();
-    }
-    nameService =
-        (NameService)
-            Proxy.newProxyInstance(
-                loader, new Class[] {NameService.class}, new DNSJavaNameService());
-  }
-
   /** Returns a reference to a dnsjava name server provider. */
   @Override
   public NameService createNameService() {
-    return nameService;
+    return new DNSJavaNameService();
   }
 
   @Override
diff --git a/src/main/java/org/xbill/DNS/tools/Tools.java b/src/main/java/org/xbill/DNS/tools/Tools.java
index 98348ab6b..6765e07ec 100644
--- a/src/main/java/org/xbill/DNS/tools/Tools.java
+++ b/src/main/java/org/xbill/DNS/tools/Tools.java
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: BSD-2-Clause
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS.tools;
 
 public class Tools {
@@ -38,6 +38,9 @@ public static void main(String[] args) throws Exception {
       case "xfrin":
         xfrin.main(programArgs);
         break;
+      default:
+        System.out.println("invalid command");
+        break;
     }
   }
 }
diff --git a/src/main/java/org/xbill/DNS/tools/dig.java b/src/main/java/org/xbill/DNS/tools/dig.java
index 45af9ef45..e080f2faa 100644
--- a/src/main/java/org/xbill/DNS/tools/dig.java
+++ b/src/main/java/org/xbill/DNS/tools/dig.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 package org.xbill.DNS.tools;
 
@@ -7,74 +8,50 @@
 import org.xbill.DNS.ExtendedFlags;
 import org.xbill.DNS.Message;
 import org.xbill.DNS.Name;
-import org.xbill.DNS.Rcode;
 import org.xbill.DNS.Record;
 import org.xbill.DNS.ReverseMap;
-import org.xbill.DNS.Section;
 import org.xbill.DNS.SimpleResolver;
 import org.xbill.DNS.TSIG;
 import org.xbill.DNS.Type;
-
-/** @author Brian Wellington &lt;bwelling@xbill.org&gt; */
+import org.xbill.DNS.WireParseException;
+import org.xbill.DNS.ZoneTransferException;
+import org.xbill.DNS.ZoneTransferIn;
+
+/**
+ * A dnsjava-based copy of the {@code dig} CLI tool.
+ *
+ * @author Brian Wellington &lt;bwelling@xbill.org&gt;
+ */
 public class dig {
 
   static Name name = null;
-  static int type = Type.A, dclass = DClass.IN;
+  static int type = Type.A;
+  static int dclass = DClass.IN;
 
   static void usage() {
-    System.out.println("Usage: dig [@server] name [<type>] [<class>] " + "[options]");
+    System.out.println("; dnsjava dig");
+    System.out.println("Usage: dig [@server] name [<type>] [<class>] [options]");
     System.exit(0);
   }
 
   static void doQuery(Message response, long ms) {
-    System.out.println("; java dig 0.0");
+    System.out.println("; dnsjava dig");
     System.out.println(response);
     System.out.println(";; Query time: " + ms + " ms");
   }
 
-  static void doAXFR(Message response) {
-    System.out.println("; java dig 0.0 <> " + name + " axfr");
-    if (response.isSigned()) {
-      System.out.print(";; TSIG ");
-      if (response.isVerified()) {
-        System.out.println("ok");
-      } else {
-        System.out.println("failed");
-      }
-    }
-
-    if (response.getRcode() != Rcode.NOERROR) {
-      System.out.println(response);
-      return;
-    }
-
-    Record[] records = response.getSectionArray(Section.ANSWER);
-    for (Record record : records) {
-      System.out.println(record);
-    }
-
-    System.out.print(";; done (");
-    System.out.print(response.getHeader().getCount(Section.ANSWER));
-    System.out.print(" records, ");
-    System.out.print(response.getHeader().getCount(Section.ADDITIONAL));
-    System.out.println(" additional)");
-  }
-
   public static void main(String[] argv) throws IOException {
-    String server = null;
     int arg;
-    Message query, response;
-    Record rec;
-    SimpleResolver res = null;
-    boolean printQuery = false;
-    long startTime, endTime;
 
     if (argv.length < 1) {
       usage();
     }
 
+    SimpleResolver res = null;
+    boolean printQuery = false;
     try {
       arg = 0;
+      String server = null;
       if (argv[arg].startsWith("@")) {
         server = argv[arg++].substring(1);
       }
@@ -149,7 +126,18 @@ public static void main(String[] argv) throws IOException {
             } else {
               key = argv[++arg];
             }
-            res.setTSIGKey(TSIG.fromString(key));
+
+            String[] parts = key.split("[:/]", 3);
+            switch (parts.length) {
+              case 2:
+                res.setTSIGKey(new TSIG(TSIG.HMAC_MD5, parts[0], parts[1]));
+                break;
+              case 3:
+                res.setTSIGKey(new TSIG(parts[0], parts[1], parts[2]));
+                break;
+              default:
+                throw new IllegalArgumentException("Invalid TSIG key specification");
+            }
             break;
 
           case 't':
@@ -170,14 +158,14 @@ public static void main(String[] argv) throws IOException {
             }
             edns = Integer.parseInt(ednsStr);
             if (edns < 0 || edns > 1) {
-              System.out.println("Unsupported " + "EDNS level: " + edns);
+              System.out.println("Unsupported EDNS level: " + edns);
               return;
             }
             res.setEDNS(edns);
             break;
 
           case 'd':
-            res.setEDNS(0, 0, ExtendedFlags.DO, null);
+            res.setEDNS(0, 0, ExtendedFlags.DO);
             break;
 
           case 'q':
@@ -200,18 +188,43 @@ public static void main(String[] argv) throws IOException {
       res = new SimpleResolver();
     }
 
-    rec = Record.newRecord(name, type, dclass);
-    query = Message.newQuery(rec);
+    Record rec = Record.newRecord(name, type, dclass);
+    Message query = Message.newQuery(rec);
     if (printQuery) {
       System.out.println(query);
     }
-    startTime = System.currentTimeMillis();
-    response = res.send(query);
-    endTime = System.currentTimeMillis();
 
     if (type == Type.AXFR) {
-      doAXFR(response);
+      System.out.println("; dnsjava dig <> " + name + " axfr");
+      ZoneTransferIn xfrin = ZoneTransferIn.newAXFR(name, res.getAddress(), res.getTSIGKey());
+      xfrin.setTimeout(res.getTimeout());
+      try {
+        xfrin.run(
+            new ZoneTransferIn.ZoneTransferHandler() {
+              @Override
+              public void startAXFR() {}
+
+              @Override
+              public void startIXFR() {}
+
+              @Override
+              public void startIXFRDeletes(Record soa) {}
+
+              @Override
+              public void startIXFRAdds(Record soa) {}
+
+              @Override
+              public void handleRecord(Record r) {
+                System.out.println(r);
+              }
+            });
+      } catch (ZoneTransferException e) {
+        throw new WireParseException(e.getMessage());
+      }
     } else {
+      long startTime = System.currentTimeMillis();
+      Message response = res.send(query);
+      long endTime = System.currentTimeMillis();
       doQuery(response, endTime - startTime);
     }
   }
diff --git a/src/main/java/org/xbill/DNS/tools/jnamed.java b/src/main/java/org/xbill/DNS/tools/jnamed.java
index b070c6b66..b111ce355 100644
--- a/src/main/java/org/xbill/DNS/tools/jnamed.java
+++ b/src/main/java/org/xbill/DNS/tools/jnamed.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 package org.xbill.DNS.tools;
 
@@ -20,7 +21,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.StringTokenizer;
-import org.xbill.DNS.ARecord;
 import org.xbill.DNS.Address;
 import org.xbill.DNS.CNAMERecord;
 import org.xbill.DNS.Cache;
@@ -31,7 +31,6 @@
 import org.xbill.DNS.Flags;
 import org.xbill.DNS.Header;
 import org.xbill.DNS.Message;
-import org.xbill.DNS.NSRecord;
 import org.xbill.DNS.Name;
 import org.xbill.DNS.NameTooLongException;
 import org.xbill.DNS.OPTRecord;
@@ -47,7 +46,11 @@
 import org.xbill.DNS.Zone;
 import org.xbill.DNS.ZoneTransferException;
 
-/** @author Brian Wellington &lt;bwelling@xbill.org&gt; */
+/**
+ * A very basic implementation of a DNS server.
+ *
+ * @author Brian Wellington &lt;bwelling@xbill.org&gt;
+ */
 public class jnamed {
 
   static final int FLAG_DNSSECOK = 1;
@@ -55,7 +58,7 @@ public class jnamed {
 
   Map<Integer, Cache> caches;
   Map<Name, Zone> znames;
-  Map<Name, TSIG> TSIGs;
+  Map<Name, TSIG> tsigs;
 
   private static String addrport(InetAddress addr, int port) {
     return addr.getHostAddress() + "#" + port;
@@ -65,8 +68,8 @@ public jnamed(String conffile) throws IOException, ZoneTransferException {
     FileInputStream fs;
     InputStreamReader isr;
     BufferedReader br;
-    List<Integer> ports = new ArrayList<Integer>();
-    List<InetAddress> addresses = new ArrayList<InetAddress>();
+    List<Integer> ports = new ArrayList<>();
+    List<InetAddress> addresses = new ArrayList<>();
     try {
       fs = new FileInputStream(conffile);
       isr = new InputStreamReader(fs);
@@ -77,9 +80,9 @@ public jnamed(String conffile) throws IOException, ZoneTransferException {
     }
 
     try {
-      caches = new HashMap<Integer, Cache>();
+      caches = new HashMap<>();
       znames = new HashMap<>();
-      TSIGs = new HashMap<Name, TSIG>();
+      tsigs = new HashMap<>();
 
       String line;
       while ((line = br.readLine()) != null) {
@@ -128,26 +131,25 @@ public jnamed(String conffile) throws IOException, ZoneTransferException {
         }
       }
 
-      if (ports.size() == 0) {
+      if (ports.isEmpty()) {
         ports.add(53);
       }
 
-      if (addresses.size() == 0) {
+      if (addresses.isEmpty()) {
         addresses.add(Address.getByAddress("0.0.0.0"));
       }
 
-      for (Object address : addresses) {
-        InetAddress addr = (InetAddress) address;
-        for (Object o : ports) {
-          int port = (Integer) o;
-          addUDP(addr, port);
-          addTCP(addr, port);
-          System.out.println("jnamed: listening on " + addrport(addr, port));
+      for (InetAddress address : addresses) {
+        for (Integer o : ports) {
+          int port = o;
+          addUDP(address, port);
+          addTCP(address, port);
+          System.out.println("jnamed: listening on " + addrport(address, port));
         }
       }
       System.out.println("jnamed: running");
     } finally {
-      fs.close();
+      br.close();
     }
   }
 
@@ -169,16 +171,11 @@ public void addSecondaryZone(String zone, String remote)
 
   public void addTSIG(String algstr, String namestr, String key) throws IOException {
     Name name = Name.fromString(namestr, Name.root);
-    TSIGs.put(name, new TSIG(algstr, namestr, key));
+    tsigs.put(name, new TSIG(algstr, namestr, key));
   }
 
   public Cache getCache(int dclass) {
-    Cache c = caches.get(dclass);
-    if (c == null) {
-      c = new Cache(dclass);
-      caches.put(dclass, c);
-    }
-    return c;
+    return caches.computeIfAbsent(dclass, Cache::new);
   }
 
   public Zone findBestZone(Name name) {
@@ -198,12 +195,12 @@ public Zone findBestZone(Name name) {
     return null;
   }
 
-  public <T extends Record> RRset<T> findExactMatch(Name name, int type, int dclass, boolean glue) {
+  public RRset findExactMatch(Name name, int type, int dclass, boolean glue) {
     Zone zone = findBestZone(name);
     if (zone != null) {
       return zone.findExactMatch(name, type);
     } else {
-      List<RRset<T>> rrsets;
+      List<RRset> rrsets;
       Cache cache = getCache(dclass);
       if (glue) {
         rrsets = cache.findAnyRecords(name, type);
@@ -218,8 +215,7 @@ public <T extends Record> RRset<T> findExactMatch(Name name, int type, int dclas
     }
   }
 
-  <T extends Record> void addRRset(
-      Name name, Message response, RRset<T> rrset, int section, int flags) {
+  void addRRset(Name name, Message response, RRset rrset, int section, int flags) {
     for (int s = 1; s <= section; s++) {
       if (response.findRRset(name, rrset.getType(), s)) {
         return;
@@ -248,7 +244,7 @@ private void addSOA(Message response, Zone zone) {
   }
 
   private void addNS(Message response, Zone zone, int flags) {
-    RRset<NSRecord> nsRecords = zone.getNS();
+    RRset nsRecords = zone.getNS();
     addRRset(nsRecords.getName(), response, nsRecords, Section.AUTHORITY, flags);
   }
 
@@ -257,14 +253,14 @@ private void addCacheNS(Message response, Cache cache, Name name) {
     if (!sr.isDelegation()) {
       return;
     }
-    RRset<?> nsRecords = sr.getNS();
+    RRset nsRecords = sr.getNS();
     for (Record r : nsRecords.rrs()) {
       response.addRecord(r, Section.AUTHORITY);
     }
   }
 
   private void addGlue(Message response, Name name, int flags) {
-    RRset<ARecord> a = findExactMatch(name, Type.A, DClass.IN, true);
+    RRset a = findExactMatch(name, Type.A, DClass.IN, true);
     if (a == null) {
       return;
     }
@@ -272,8 +268,7 @@ private void addGlue(Message response, Name name, int flags) {
   }
 
   private void addAdditional2(Message response, int section, int flags) {
-    Record[] records = response.getSectionArray(section);
-    for (Record r : records) {
+    for (Record r : response.getSection(section)) {
       Name glueName = r.getAdditionalName();
       if (glueName != null) {
         addGlue(response, glueName, flags);
@@ -327,11 +322,11 @@ byte addAnswer(Message response, Name name, int type, int dclass, int iterations
         }
       }
     } else if (sr.isDelegation()) {
-      RRset<NSRecord> nsRecords = sr.getNS();
+      RRset nsRecords = sr.getNS();
       addRRset(nsRecords.getName(), response, nsRecords, Section.AUTHORITY, flags);
     } else if (sr.isCNAME()) {
       CNAMERecord cname = sr.getCNAME();
-      RRset<CNAMERecord> rrset = new RRset<>(cname);
+      RRset rrset = new RRset(cname);
       addRRset(name, response, rrset, Section.ANSWER, flags);
       if (zone != null && iterations == 0) {
         response.getHeader().setFlag(Flags.AA);
@@ -339,7 +334,7 @@ byte addAnswer(Message response, Name name, int type, int dclass, int iterations
       rcode = addAnswer(response, cname.getTarget(), type, dclass, iterations + 1, flags);
     } else if (sr.isDNAME()) {
       DNAMERecord dname = sr.getDNAME();
-      RRset<DNAMERecord> rrset = new RRset<>(dname);
+      RRset rrset = new RRset(dname);
       addRRset(name, response, rrset, Section.ANSWER, flags);
       Name newname;
       try {
@@ -349,15 +344,15 @@ byte addAnswer(Message response, Name name, int type, int dclass, int iterations
       }
 
       CNAMERecord cname = new CNAMERecord(name, dclass, 0, newname);
-      RRset<CNAMERecord> cnamerrset = new RRset<>(cname);
+      RRset cnamerrset = new RRset(cname);
       addRRset(name, response, cnamerrset, Section.ANSWER, flags);
       if (zone != null && iterations == 0) {
         response.getHeader().setFlag(Flags.AA);
       }
       rcode = addAnswer(response, newname, type, dclass, iterations + 1, flags);
     } else if (sr.isSuccessful()) {
-      List<RRset<?>> rrsets = sr.answers();
-      for (RRset<?> rrset : rrsets) {
+      List<RRset> rrsets = sr.answers();
+      for (RRset rrset : rrsets) {
         addRRset(name, response, rrset, Section.ANSWER, flags);
       }
       if (zone != null) {
@@ -382,16 +377,16 @@ byte[] doAXFR(Name name, Message query, TSIG tsig, TSIGRecord qtsig, Socket s) {
       DataOutputStream dataOut;
       dataOut = new DataOutputStream(s.getOutputStream());
       int id = query.getHeader().getID();
-      Iterator<RRset<?>> it = zone.AXFR();
+      Iterator<RRset> it = zone.AXFR();
       while (it.hasNext()) {
-        RRset<?> rrset = it.next();
+        RRset rrset = it.next();
         Message response = new Message(id);
         Header header = response.getHeader();
         header.setFlag(Flags.QR);
         header.setFlag(Flags.AA);
         addRRset(rrset.getName(), response, rrset, Section.ANSWER, FLAG_DNSSECOK);
         if (tsig != null) {
-          tsig.applyStream(response, qtsig, first);
+          tsig.apply(response, qtsig, first);
           qtsig = response.getTSIG();
         }
         first = false;
@@ -405,6 +400,7 @@ byte[] doAXFR(Name name, Message query, TSIG tsig, TSIGRecord qtsig, Socket s) {
     try {
       s.close();
     } catch (IOException ex) {
+      // ignore
     }
     return null;
   }
@@ -414,9 +410,8 @@ byte[] doAXFR(Name name, Message query, TSIG tsig, TSIGRecord qtsig, Socket s) {
    * anything.  Currently this only happens if this is an AXFR request over
    * TCP.
    */
-  byte[] generateReply(Message query, byte[] in, int length, Socket s) {
+  byte[] generateReply(Message query, byte[] in, Socket s) {
     Header header;
-    boolean badversion;
     int maxLength;
     int flags = 0;
 
@@ -436,15 +431,13 @@ byte[] generateReply(Message query, byte[] in, int length, Socket s) {
     TSIGRecord queryTSIG = query.getTSIG();
     TSIG tsig = null;
     if (queryTSIG != null) {
-      tsig = TSIGs.get(queryTSIG.getName());
-      if (tsig == null || tsig.verify(query, in, length, null) != Rcode.NOERROR) {
+      tsig = tsigs.get(queryTSIG.getName());
+      if (tsig == null || tsig.verify(query, in, null) != Rcode.NOERROR) {
         return formerrMessage(in);
       }
     }
 
     OPTRecord queryOPT = query.getOPT();
-    if (queryOPT != null && queryOPT.getVersion() > 0) {}
-
     if (s != null) {
       maxLength = 65535;
     } else if (queryOPT != null) {
@@ -519,13 +512,12 @@ public byte[] errorMessage(Message query, int rcode) {
   }
 
   public void TCPclient(Socket s) {
-    try {
+    try (InputStream is = s.getInputStream()) {
       int inLength;
       DataInputStream dataIn;
       DataOutputStream dataOut;
       byte[] in;
 
-      InputStream is = s.getInputStream();
       dataIn = new DataInputStream(is);
       inLength = dataIn.readUnsignedShort();
       in = new byte[inLength];
@@ -535,7 +527,7 @@ public void TCPclient(Socket s) {
       byte[] response;
       try {
         query = new Message(in);
-        response = generateReply(query, in, in.length, s);
+        response = generateReply(query, in, s);
         if (response == null) {
           return;
         }
@@ -548,28 +540,15 @@ public void TCPclient(Socket s) {
     } catch (IOException e) {
       System.out.println(
           "TCPclient(" + addrport(s.getLocalAddress(), s.getLocalPort()) + "): " + e);
-    } finally {
-      try {
-        s.close();
-      } catch (IOException e) {
-      }
     }
   }
 
   public void serveTCP(InetAddress addr, int port) {
-    try {
-      ServerSocket sock = new ServerSocket(port, 128, addr);
+    try (ServerSocket sock = new ServerSocket(port, 128, addr)) {
       while (true) {
         final Socket s = sock.accept();
         Thread t;
-        t =
-            new Thread(
-                new Runnable() {
-                  @Override
-                  public void run() {
-                    TCPclient(s);
-                  }
-                });
+        t = new Thread(() -> TCPclient(s));
         t.start();
       }
     } catch (IOException e) {
@@ -578,8 +557,7 @@ public void run() {
   }
 
   public void serveUDP(InetAddress addr, int port) {
-    try {
-      DatagramSocket sock = new DatagramSocket(port, addr);
+    try (DatagramSocket sock = new DatagramSocket(port, addr)) {
       final short udpLength = 512;
       byte[] in = new byte[udpLength];
       DatagramPacket indp = new DatagramPacket(in, in.length);
@@ -595,7 +573,7 @@ public void serveUDP(InetAddress addr, int port) {
         byte[] response;
         try {
           query = new Message(in);
-          response = generateReply(query, in, indp.getLength(), null);
+          response = generateReply(query, in, null);
           if (response == null) {
             continue;
           }
@@ -618,28 +596,12 @@ public void serveUDP(InetAddress addr, int port) {
   }
 
   public void addTCP(final InetAddress addr, final int port) {
-    Thread t;
-    t =
-        new Thread(
-            new Runnable() {
-              @Override
-              public void run() {
-                serveTCP(addr, port);
-              }
-            });
+    Thread t = new Thread(() -> serveTCP(addr, port));
     t.start();
   }
 
   public void addUDP(final InetAddress addr, final int port) {
-    Thread t;
-    t =
-        new Thread(
-            new Runnable() {
-              @Override
-              public void run() {
-                serveUDP(addr, port);
-              }
-            });
+    Thread t = new Thread(() -> serveUDP(addr, port));
     t.start();
   }
 
diff --git a/src/main/java/org/xbill/DNS/tools/lookup.java b/src/main/java/org/xbill/DNS/tools/lookup.java
index 534b2b5a8..f5f8e5161 100644
--- a/src/main/java/org/xbill/DNS/tools/lookup.java
+++ b/src/main/java/org/xbill/DNS/tools/lookup.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 package org.xbill.DNS.tools;
 
@@ -6,7 +7,12 @@
 import org.xbill.DNS.Record;
 import org.xbill.DNS.Type;
 
-/** @author Brian Wellington &lt;bwelling@xbill.org&gt; */
+/**
+ * A very basic implementation to perform an {@link Type#A} record lookup.
+ *
+ * @author Brian Wellington &lt;bwelling@xbill.org&gt;
+ * @see dig
+ */
 public class lookup {
 
   public static void printAnswer(String name, Lookup lookup) {
diff --git a/src/main/java/org/xbill/DNS/tools/primary.java b/src/main/java/org/xbill/DNS/tools/primary.java
index ab303e619..f36fb7821 100644
--- a/src/main/java/org/xbill/DNS/tools/primary.java
+++ b/src/main/java/org/xbill/DNS/tools/primary.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS.tools;
@@ -46,12 +47,12 @@ public static void main(String[] args) throws Exception {
     Zone zone = new Zone(origin, file);
     long end = System.currentTimeMillis();
     if (axfr) {
-      Iterator<RRset<?>> it = zone.AXFR();
+      Iterator<RRset> it = zone.AXFR();
       while (it.hasNext()) {
         System.out.println(it.next());
       }
     } else if (iterator) {
-      Iterator<RRset<?>> it = zone.iterator();
+      Iterator<RRset> it = zone.iterator();
       while (it.hasNext()) {
         System.out.println(it.next());
       }
diff --git a/src/main/java/org/xbill/DNS/tools/update.java b/src/main/java/org/xbill/DNS/tools/update.java
index 2e229476c..694612427 100644
--- a/src/main/java/org/xbill/DNS/tools/update.java
+++ b/src/main/java/org/xbill/DNS/tools/update.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 package org.xbill.DNS.tools;
 
@@ -30,10 +31,15 @@
 import org.xbill.DNS.Tokenizer;
 import org.xbill.DNS.Type;
 
-/** @author Brian Wellington &lt;bwelling@xbill.org&gt; */
+/**
+ * A basic implementation to manipulate DNS zones.
+ *
+ * @author Brian Wellington &lt;bwelling@xbill.org&gt;
+ */
 public class update {
 
-  Message query, response;
+  Message query;
+  Message response;
   Resolver res;
   String server = null;
   Name zone = Name.root;
@@ -93,7 +99,7 @@ public update(InputStream in) {
           log.println("> " + line);
         }
 
-        if (line.length() == 0 || line.charAt(0) == '#') {
+        if (line.isEmpty() || line.charAt(0) == '#') {
           continue;
         }
 
@@ -102,148 +108,149 @@ public update(InputStream in) {
           line = line.substring(1);
         }
 
-        Tokenizer st = new Tokenizer(line);
-        Tokenizer.Token token = st.get();
+        try (Tokenizer st = new Tokenizer(line)) {
+          Tokenizer.Token token = st.get();
 
-        if (token.isEOL()) {
-          continue;
-        }
-        String operation = token.value;
-
-        switch (operation) {
-          case "server":
-            server = st.getString();
-            res = new SimpleResolver(server);
-            token = st.get();
-            if (token.isString()) {
-              String portstr = token.value;
-              res.setPort(Short.parseShort(portstr));
-            }
-            break;
-          case "key":
-            String keyname = st.getString();
-            String keydata = st.getString();
-            if (res == null) {
-              res = new SimpleResolver(server);
-            }
-            res.setTSIGKey(new TSIG(keyname, keydata));
-            break;
-          case "edns":
-            if (res == null) {
-              res = new SimpleResolver(server);
-            }
-            res.setEDNS(st.getUInt16());
-            break;
-          case "port":
-            if (res == null) {
-              res = new SimpleResolver(server);
-            }
-            res.setPort(st.getUInt16());
-            break;
-          case "tcp":
-            if (res == null) {
+          if (token.isEOL()) {
+            continue;
+          }
+          String operation = token.value();
+
+          switch (operation) {
+            case "server":
+              server = st.getString();
               res = new SimpleResolver(server);
-            }
-            res.setTCP(true);
-            break;
-          case "class":
-            String classStr = st.getString();
-            int newClass = DClass.value(classStr);
-            if (newClass > 0) {
-              defaultClass = newClass;
-            } else {
-              print("Invalid class " + classStr);
-            }
-            break;
-          case "ttl":
-            defaultTTL = st.getTTL();
-            break;
-          case "origin":
-          case "zone":
-            zone = st.getName(Name.root);
-            break;
-          case "require":
-            doRequire(st);
-            break;
-          case "prohibit":
-            doProhibit(st);
-            break;
-          case "add":
-            doAdd(st);
-            break;
-          case "delete":
-            doDelete(st);
-            break;
-          case "glue":
-            doGlue(st);
-            break;
-          case "help":
-          case "?":
-            token = st.get();
-            if (token.isString()) {
-              help(token.value);
-            } else {
-              help(null);
-            }
-            break;
-          case "echo":
-            print(line.substring(4).trim());
-            break;
-          case "send":
-            sendUpdate();
-            query = newMessage();
-            break;
-          case "show":
-            print(query);
-            break;
-          case "clear":
-            query = newMessage();
-            break;
-          case "query":
-            doQuery(st);
-            break;
-          case "quit":
-          case "q":
-            if (log != null) {
-              log.close();
-            }
-            for (Object input : inputs) {
-              BufferedReader tbr;
-              tbr = (BufferedReader) input;
-              tbr.close();
-            }
-            System.exit(0);
-          case "file":
-            doFile(st, inputs, istreams);
-            break;
-          case "log":
-            doLog(st);
-            break;
-          case "assert":
-            if (doAssert(st) == false) {
-              return;
-            }
-            break;
-          case "sleep":
-            long interval = st.getUInt32();
-            try {
-              Thread.sleep(interval);
-            } catch (InterruptedException e) {
-              throw new IOException(e);
-            }
-            break;
-          case "date":
-            Instant now = Instant.now();
-            token = st.get();
-            if (token.isString() && token.value.equals("-ms")) {
-              print(Long.toString(now.toEpochMilli()));
-            } else {
-              print(now);
-            }
-            break;
-          default:
-            print("invalid keyword: " + operation);
-            break;
+              token = st.get();
+              if (token.isString()) {
+                String portstr = token.value();
+                res.setPort(Short.parseShort(portstr));
+              }
+              break;
+            case "key":
+              String keyname = st.getString();
+              String keydata = st.getString();
+              if (res == null) {
+                res = new SimpleResolver(server);
+              }
+              res.setTSIGKey(new TSIG(TSIG.HMAC_MD5, keyname, keydata));
+              break;
+            case "edns":
+              if (res == null) {
+                res = new SimpleResolver(server);
+              }
+              res.setEDNS(st.getUInt16());
+              break;
+            case "port":
+              if (res == null) {
+                res = new SimpleResolver(server);
+              }
+              res.setPort(st.getUInt16());
+              break;
+            case "tcp":
+              if (res == null) {
+                res = new SimpleResolver(server);
+              }
+              res.setTCP(true);
+              break;
+            case "class":
+              String classStr = st.getString();
+              int newClass = DClass.value(classStr);
+              if (newClass > 0) {
+                defaultClass = newClass;
+              } else {
+                print("Invalid class " + classStr);
+              }
+              break;
+            case "ttl":
+              defaultTTL = st.getTTL();
+              break;
+            case "origin":
+            case "zone":
+              zone = st.getName(Name.root);
+              break;
+            case "require":
+              doRequire(st);
+              break;
+            case "prohibit":
+              doProhibit(st);
+              break;
+            case "add":
+              doAdd(st);
+              break;
+            case "delete":
+              doDelete(st);
+              break;
+            case "glue":
+              doGlue(st);
+              break;
+            case "help":
+            case "?":
+              token = st.get();
+              if (token.isString()) {
+                help(token.value());
+              } else {
+                help(null);
+              }
+              break;
+            case "echo":
+              print(line.substring(4).trim());
+              break;
+            case "send":
+              sendUpdate();
+              query = newMessage();
+              break;
+            case "show":
+              print(query);
+              break;
+            case "clear":
+              query = newMessage();
+              break;
+            case "query":
+              doQuery(st);
+              break;
+            case "quit":
+            case "q":
+              if (log != null) {
+                log.close();
+              }
+              for (BufferedReader input : inputs) {
+                input.close();
+              }
+              System.exit(0);
+              break;
+            case "file":
+              doFile(st, inputs, istreams);
+              break;
+            case "log":
+              doLog(st);
+              break;
+            case "assert":
+              if (!doAssert(st)) {
+                return;
+              }
+              break;
+            case "sleep":
+              long interval = st.getUInt32();
+              try {
+                Thread.sleep(interval);
+              } catch (InterruptedException e) {
+                Thread.currentThread().interrupt();
+                throw new IOException(e);
+              }
+              break;
+            case "date":
+              Instant now = Instant.now();
+              token = st.get();
+              if (token.isString() && token.value().equals("-ms")) {
+                print(Long.toString(now.toEpochMilli()));
+              } else {
+                print(now);
+              }
+              break;
+            default:
+              print("invalid keyword: " + operation);
+              break;
+          }
         }
       } catch (TextParseException tpe) {
         System.out.println(tpe.getMessage());
@@ -267,8 +274,7 @@ void sendUpdate() throws IOException {
       updzone = zone;
       int dclass = defaultClass;
       if (updzone == null) {
-        Record[] recs = query.getSectionArray(Section.UPDATE);
-        for (Record rec : recs) {
+        for (Record rec : query.getSection(Section.UPDATE)) {
           if (updzone == null) {
             updzone = new Name(rec.getName(), 1);
           }
@@ -297,7 +303,6 @@ Record parseRR(Tokenizer st, int classValue, long TTLValue) throws IOException {
     Name name = st.getName(zone);
     long ttl;
     int type;
-    Record record;
 
     String s = st.getString();
 
@@ -317,79 +322,74 @@ Record parseRR(Tokenizer st, int classValue, long TTLValue) throws IOException {
       throw new IOException("Invalid type: " + s);
     }
 
-    record = Record.fromString(name, type, classValue, ttl, st, zone);
-    if (record != null) {
-      return (record);
-    } else {
-      throw new IOException("Parse error");
-    }
+    return Record.fromString(name, type, classValue, ttl, st, zone);
   }
 
   void doRequire(Tokenizer st) throws IOException {
     Tokenizer.Token token;
     Name name;
-    Record record;
+    Record r;
     int type;
 
     name = st.getName(zone);
     token = st.get();
     if (token.isString()) {
-      if ((type = Type.value(token.value)) < 0) {
-        throw new IOException("Invalid type: " + token.value);
+      if ((type = Type.value(token.value())) < 0) {
+        throw new IOException("Invalid type: " + token.value());
       }
       token = st.get();
       boolean iseol = token.isEOL();
       st.unget();
       if (!iseol) {
-        record = Record.fromString(name, type, defaultClass, 0, st, zone);
+        r = Record.fromString(name, type, defaultClass, 0, st, zone);
       } else {
-        record = Record.newRecord(name, type, DClass.ANY, 0);
+        r = Record.newRecord(name, type, DClass.ANY, 0);
       }
     } else {
-      record = Record.newRecord(name, Type.ANY, DClass.ANY, 0);
+      r = Record.newRecord(name, Type.ANY, DClass.ANY, 0);
     }
 
-    query.addRecord(record, Section.PREREQ);
-    print(record);
+    query.addRecord(r, Section.PREREQ);
+    print(r);
   }
 
   void doProhibit(Tokenizer st) throws IOException {
     Tokenizer.Token token;
     Name name;
-    Record record;
+    Record r;
     int type;
 
     name = st.getName(zone);
     token = st.get();
     if (token.isString()) {
-      if ((type = Type.value(token.value)) < 0) {
-        throw new IOException("Invalid type: " + token.value);
+      if ((type = Type.value(token.value())) < 0) {
+        throw new IOException("Invalid type: " + token.value());
       }
     } else {
       type = Type.ANY;
     }
-    record = Record.newRecord(name, type, DClass.NONE, 0);
-    query.addRecord(record, Section.PREREQ);
-    print(record);
+    r = Record.newRecord(name, type, DClass.NONE, 0);
+    query.addRecord(r, Section.PREREQ);
+    print(r);
   }
 
   void doAdd(Tokenizer st) throws IOException {
-    Record record = parseRR(st, defaultClass, defaultTTL);
-    query.addRecord(record, Section.UPDATE);
-    print(record);
+    Record r = parseRR(st, defaultClass, defaultTTL);
+    query.addRecord(r, Section.UPDATE);
+    print(r);
   }
 
   void doDelete(Tokenizer st) throws IOException {
     Tokenizer.Token token;
     String s;
     Name name;
-    Record record;
+    Record r;
     int type;
 
     name = st.getName(zone);
     token = st.get();
     if (token.isString()) {
-      s = token.value;
+      s = token.value();
       if (DClass.value(s) >= 0) {
         s = st.getString();
       }
@@ -400,22 +400,22 @@ void doDelete(Tokenizer st) throws IOException {
       boolean iseol = token.isEOL();
       st.unget();
       if (!iseol) {
-        record = Record.fromString(name, type, DClass.NONE, 0, st, zone);
+        r = Record.fromString(name, type, DClass.NONE, 0, st, zone);
       } else {
-        record = Record.newRecord(name, type, DClass.ANY, 0);
+        r = Record.newRecord(name, type, DClass.ANY, 0);
       }
     } else {
-      record = Record.newRecord(name, Type.ANY, DClass.ANY, 0);
+      r = Record.newRecord(name, Type.ANY, DClass.ANY, 0);
     }
 
-    query.addRecord(record, Section.UPDATE);
-    print(record);
+    query.addRecord(r, Section.UPDATE);
+    print(r);
   }
 
   void doGlue(Tokenizer st) throws IOException {
-    Record record = parseRR(st, defaultClass, defaultTTL);
-    query.addRecord(record, Section.ADDITIONAL);
-    print(record);
+    Record r = parseRR(st, defaultClass, defaultTTL);
+    query.addRecord(r, Section.ADDITIONAL);
+    print(r);
   }
 
   void doQuery(Tokenizer st) throws IOException {
@@ -429,13 +429,13 @@ void doQuery(Tokenizer st) throws IOException {
     name = st.getName(zone);
     token = st.get();
     if (token.isString()) {
-      type = Type.value(token.value);
+      type = Type.value(token.value());
       if (type < 0) {
         throw new IOException("Invalid type");
       }
       token = st.get();
       if (token.isString()) {
-        dclass = DClass.value(token.value);
+        dclass = DClass.value(token.value());
         if (dclass < 0) {
           throw new IOException("Invalid class");
         }
@@ -470,8 +470,7 @@ void doFile(Tokenizer st, List<BufferedReader> inputs, List<InputStream> istream
 
   void doLog(Tokenizer st) throws IOException {
     String s = st.getString();
-    try {
-      FileOutputStream fos = new FileOutputStream(s);
+    try (FileOutputStream fos = new FileOutputStream(s)) {
       log = new PrintStream(fos);
     } catch (Exception e) {
       print("Error opening " + s);
@@ -496,11 +495,11 @@ boolean doAssert(Tokenizer st) throws IOException {
         flag = false;
       }
     } else if (field.equalsIgnoreCase("serial")) {
-      Record[] answers = response.getSectionArray(Section.ANSWER);
-      if (answers.length < 1 || !(answers[0] instanceof SOARecord)) {
+      List<Record> answers = response.getSection(Section.ANSWER);
+      if (answers.isEmpty() || !(answers.get(0) instanceof SOARecord)) {
         print("Invalid response (no SOA)");
       } else {
-        SOARecord soa = (SOARecord) answers[0];
+        SOARecord soa = (SOARecord) answers.get(0);
         long serial = soa.getSerial();
         if (serial != Long.parseLong(expected)) {
           value = Long.toString(serial);
@@ -537,7 +536,7 @@ boolean doAssert(Tokenizer st) throws IOException {
         if (!token.isString()) {
           break;
         }
-        print(token.value);
+        print(token.value());
       }
       st.unget();
     }
@@ -561,7 +560,7 @@ static void help(String topic) {
     switch (topic) {
       case "add":
         System.out.println(
-            "add <name> [ttl] [class] <type> <data>\n\n" + "specify a record to be added\n");
+            "add <name> [ttl] [class] <type> <data>\n\nspecify a record to be added\n");
         break;
       case "assert":
         System.out.println(
@@ -573,10 +572,10 @@ static void help(String topic) {
                 + "<serial>, <tsig>, <qu>, <an>, <au>, or <ad>.\n");
         break;
       case "class":
-        System.out.println("class <class>\n\n" + "class of the zone to be updated (default: IN)\n");
+        System.out.println("class <class>\n\nclass of the zone to be updated (default: IN)\n");
         break;
       case "clear":
-        System.out.println("clear\n\n" + "clears the current update packet\n");
+        System.out.println("clear\n\nclears the current update packet\n");
         break;
       case "date":
         System.out.println(
@@ -594,10 +593,10 @@ static void help(String topic) {
                 + "all records at a name should be deleted\n");
         break;
       case "echo":
-        System.out.println("echo <text>\n\n" + "prints the text\n");
+        System.out.println("echo <text>\n\nprints the text\n");
         break;
       case "edns":
-        System.out.println("edns <level>\n\n" + "EDNS level specified when sending messages\n");
+        System.out.println("edns <level>\n\nEDNS level specified when sending messages\n");
         break;
       case "file":
         System.out.println(
@@ -607,7 +606,7 @@ static void help(String topic) {
         break;
       case "glue":
         System.out.println(
-            "glue <name> [ttl] [class] <type> <data>\n\n" + "specify an additional record\n");
+            "glue <name> [ttl] [class] <type> <data>\n\nspecify an additional record\n");
         break;
       case "help":
         System.out.println(
@@ -617,14 +616,13 @@ static void help(String topic) {
                 + "command\n");
         break;
       case "key":
-        System.out.println("key <name> <data>\n\n" + "TSIG key used to sign messages\n");
+        System.out.println("key <name> <data>\n\nTSIG key used to sign messages\n");
         break;
       case "log":
-        System.out.println(
-            "log <file>\n\n" + "opens the specified file and uses it to log output\n");
+        System.out.println("log <file>\n\nopens the specified file and uses it to log output\n");
         break;
       case "port":
-        System.out.println("port <port>\n\n" + "UDP/TCP port messages are sent to (default: 53)\n");
+        System.out.println("port <port>\n\nUDP/TCP port messages are sent to (default: 53)\n");
         break;
       case "prohibit":
         System.out.println(
@@ -633,11 +631,11 @@ static void help(String topic) {
                 + "require that a set or name is not present\n");
         break;
       case "query":
-        System.out.println("query <name> [type [class]] \n\n" + "issues a query\n");
+        System.out.println("query <name> [type [class]] \n\nissues a query\n");
         break;
       case "q":
       case "quit":
-        System.out.println("quit\n\n" + "quits the program\n");
+        System.out.println("quit\n\nquits the program\n");
         break;
       case "require":
         System.out.println(
@@ -647,30 +645,29 @@ static void help(String topic) {
                 + "require that a record, set, or name is present\n");
         break;
       case "send":
-        System.out.println("send\n\n" + "sends and resets the current update packet\n");
+        System.out.println("send\n\nsends and resets the current update packet\n");
         break;
       case "server":
-        System.out.println(
-            "server <name> [port]\n\n" + "server that receives send updates/queries\n");
+        System.out.println("server <name> [port]\n\nserver that receives send updates/queries\n");
         break;
       case "show":
-        System.out.println("show\n\n" + "shows the current update packet\n");
+        System.out.println("show\n\nshows the current update packet\n");
         break;
       case "sleep":
-        System.out.println("sleep <milliseconds>\n\n" + "pause for interval before next command\n");
+        System.out.println("sleep <milliseconds>\n\npause for interval before next command\n");
         break;
       case "tcp":
-        System.out.println("tcp\n\n" + "TCP should be used to send all messages\n");
+        System.out.println("tcp\n\nTCP should be used to send all messages\n");
         break;
       case "ttl":
-        System.out.println("ttl <ttl>\n\n" + "default ttl of added records (default: 0)\n");
+        System.out.println("ttl <ttl>\n\ndefault ttl of added records (default: 0)\n");
         break;
       case "zone":
       case "origin":
-        System.out.println("zone <zone>\n\n" + "zone to update (default: .\n");
+        System.out.println("zone <zone>\n\nzone to update (default: .\n");
         break;
       case "#":
-        System.out.println("# <text>\n\n" + "a comment\n");
+        System.out.println("# <text>\n\na comment\n");
         break;
       default:
         System.out.println("Topic '" + topic + "' unrecognized\n");
@@ -678,7 +675,7 @@ static void help(String topic) {
     }
   }
 
-  public static void main(String[] args) throws IOException {
+  public static void main(String[] args) {
 
     InputStream in = null;
     if (args.length >= 1) {
@@ -691,6 +688,6 @@ public static void main(String[] args) throws IOException {
     } else {
       in = System.in;
     }
-    update u = new update(in);
+    new update(in);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/tools/xfrin.java b/src/main/java/org/xbill/DNS/tools/xfrin.java
index 042ecb107..dd3bdf2f4 100644
--- a/src/main/java/org/xbill/DNS/tools/xfrin.java
+++ b/src/main/java/org/xbill/DNS/tools/xfrin.java
@@ -1,9 +1,9 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS.tools;
 
 import java.util.Iterator;
-import java.util.List;
 import org.xbill.DNS.Lookup;
 import org.xbill.DNS.Name;
 import org.xbill.DNS.Record;
@@ -11,20 +11,21 @@
 import org.xbill.DNS.TSIG;
 import org.xbill.DNS.Type;
 import org.xbill.DNS.ZoneTransferIn;
+import org.xbill.DNS.ZoneTransferIn.Delta;
 
 public class xfrin {
 
   private static void usage(String s) {
     System.out.println("Error: " + s);
     System.out.println(
-        "usage: xfrin [-i serial] [-k keyname/secret] " + "[-s server] [-p port] [-f] zone");
+        "usage: xfrin [-i serial] [-k keyname/secret] [-s server] [-p port] [-f] zone");
     System.exit(1);
   }
 
   public static void main(String[] args) throws Exception {
     ZoneTransferIn xfrin;
     TSIG key = null;
-    int ixfr_serial = -1;
+    int ixfrSerial = -1;
     String server = null;
     int port = SimpleResolver.DEFAULT_PORT;
     boolean fallback = false;
@@ -33,8 +34,8 @@ public static void main(String[] args) throws Exception {
     int arg = 0;
     while (arg < args.length) {
       if (args[arg].equals("-i")) {
-        ixfr_serial = Integer.parseInt(args[++arg]);
-        if (ixfr_serial < 0) {
+        ixfrSerial = Integer.parseInt(args[++arg]);
+        if (ixfrSerial < 0) {
           usage("invalid serial number");
         }
       } else if (args[arg].equals("-k")) {
@@ -43,7 +44,7 @@ public static void main(String[] args) throws Exception {
         if (index < 0) {
           usage("invalid key");
         }
-        key = new TSIG(s.substring(0, index), s.substring(index + 1));
+        key = new TSIG(TSIG.HMAC_MD5, s.substring(0, index), s.substring(index + 1));
       } else if (args[arg].equals("-s")) {
         server = args[++arg];
       } else if (args[arg].equals("-p")) {
@@ -76,27 +77,25 @@ public static void main(String[] args) throws Exception {
       System.out.println("sending to server '" + server + "'");
     }
 
-    if (ixfr_serial >= 0) {
-      xfrin = ZoneTransferIn.newIXFR(zname, ixfr_serial, fallback, server, port, key);
+    if (ixfrSerial >= 0) {
+      xfrin = ZoneTransferIn.newIXFR(zname, ixfrSerial, fallback, server, port, key);
     } else {
       xfrin = ZoneTransferIn.newAXFR(zname, server, port, key);
     }
 
-    List response = xfrin.run();
+    xfrin.run();
     if (xfrin.isAXFR()) {
-      if (ixfr_serial >= 0) {
+      if (ixfrSerial >= 0) {
         System.out.println("AXFR-like IXFR response");
       } else {
         System.out.println("AXFR response");
       }
-      for (Object o : response) {
-        System.out.println(o);
+      for (Record r : xfrin.getAXFR()) {
+        System.out.println(r);
       }
     } else if (xfrin.isIXFR()) {
       System.out.println("IXFR response");
-      for (Object o : response) {
-        ZoneTransferIn.Delta delta;
-        delta = (ZoneTransferIn.Delta) o;
+      for (Delta delta : xfrin.getIXFR()) {
         System.out.println("delta from " + delta.start + " to " + delta.end);
         System.out.println("deletes");
         Iterator<Record> it2 = delta.deletes.iterator();
diff --git a/src/main/java/org/xbill/DNS/utils/BaseUtils.java b/src/main/java/org/xbill/DNS/utils/BaseUtils.java
new file mode 100644
index 000000000..f244e193a
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/utils/BaseUtils.java
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.utils;
+
+import lombok.experimental.UtilityClass;
+
+@UtilityClass
+class BaseUtils {
+  /**
+   * Wrap a long string at {@code lineLength} characters.
+   *
+   * @param s The string to wrap.
+   * @param lineLength The number of characters per line.
+   * @param prefix A string prefixing the characters on each line.
+   * @param addClose Whether to add a close parenthesis or not.
+   * @return The wrapped string.
+   */
+  String wrapLines(String s, int lineLength, String prefix, boolean addClose) {
+    StringBuilder sb = new StringBuilder();
+    for (int i = 0; i < s.length(); i += lineLength) {
+      sb.append(prefix);
+      if (i + lineLength >= s.length()) {
+        sb.append(s.substring(i));
+        if (addClose) {
+          sb.append(" )");
+        }
+      } else {
+        sb.append(s, i, i + lineLength);
+        sb.append("\n");
+      }
+    }
+    return sb.toString();
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/utils/base16.java b/src/main/java/org/xbill/DNS/utils/base16.java
index de7aa0ff7..74c4e3bcd 100644
--- a/src/main/java/org/xbill/DNS/utils/base16.java
+++ b/src/main/java/org/xbill/DNS/utils/base16.java
@@ -1,10 +1,9 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS.utils;
 
 import java.io.ByteArrayOutputStream;
-import java.io.DataOutputStream;
-import java.io.IOException;
 
 /**
  * Routines for converting between Strings of hex-encoded data and arrays of binary data. This is
@@ -14,7 +13,7 @@
  */
 public class base16 {
 
-  private static final String Base16 = "0123456789ABCDEF";
+  private static final String BASE_16_CHARS = "0123456789ABCDEF";
 
   private base16() {}
 
@@ -25,47 +24,78 @@ private base16() {}
    * @return A String containing the encoded data
    */
   public static String toString(byte[] b) {
-    ByteArrayOutputStream os = new ByteArrayOutputStream();
-
+    StringBuilder sb = new StringBuilder(b.length * 2);
     for (byte item : b) {
       short value = (short) (item & 0xFF);
       byte high = (byte) (value >> 4);
       byte low = (byte) (value & 0xF);
-      os.write(Base16.charAt(high));
-      os.write(Base16.charAt(low));
+      sb.append(BASE_16_CHARS.charAt(high));
+      sb.append(BASE_16_CHARS.charAt(low));
     }
-    return new String(os.toByteArray());
+    return sb.toString();
   }
 
   /**
-   * Convert a hex-encoded String to binary data
+   * Convert binary data to a hex-encoded string, line-wrapped at {@code lineLength} characters.
    *
-   * @param str A String containing the encoded data
-   * @return An array containing the binary data, or null if the string is invalid
+   * @param b An array containing binary data
+   * @param lineLength The number of characters per line
+   * @param prefix A string prefixing the characters on each line
+   * @param addClose Whether to add a close parenthesis or not
+   * @return A String containing the encoded data
+   * @since 3.6
+   */
+  public static String toString(byte[] b, int lineLength, String prefix, boolean addClose) {
+    return BaseUtils.wrapLines(toString(b), lineLength, prefix, addClose);
+  }
+
+  /**
+   * Convert a hex-encoded String to binary data, ignoring {@link Character#isWhitespace(char)
+   * whitespace} characters.
+   *
+   * <p>Returns {@code null}
+   *
+   * <ul>
+   *   <li>when {@code str} is {@code null},
+   *   <li>when non-hex digits or non-whitespace characters are encountered.
+   *
+   * @param str A String containing the encoded data.
+   * @return An array containing the binary data, or null if the string is invalid.
    */
   public static byte[] fromString(String str) {
+    if (str == null) {
+      return null;
+    }
+
+    if (str.isEmpty()) {
+      return new byte[0];
+    }
+
     ByteArrayOutputStream bs = new ByteArrayOutputStream();
-    byte[] raw = str.getBytes();
-    for (byte b : raw) {
-      if (!Character.isWhitespace((char) b)) {
-        bs.write(b);
+    for (int i = 0; i < str.length(); i++) {
+      char c = str.charAt(i);
+      if (c >= 48 && c <= 57 || c >= 65 && c <= 70) {
+        // 0-9, A-Z
+        bs.write(c);
+      } else if (c >= 97 && c <= 102) {
+        // convert a-z to A-Z
+        bs.write(c - 32);
+      } else if (!Character.isWhitespace(c)) {
+        return null;
       }
     }
+
     byte[] in = bs.toByteArray();
-    if (in.length % 2 != 0) {
+    if ((in.length & 1) != 0) {
       return null;
     }
 
     bs.reset();
-    DataOutputStream ds = new DataOutputStream(bs);
 
     for (int i = 0; i < in.length; i += 2) {
-      byte high = (byte) Base16.indexOf(Character.toUpperCase((char) in[i]));
-      byte low = (byte) Base16.indexOf(Character.toUpperCase((char) in[i + 1]));
-      try {
-        ds.writeByte((high << 4) + low);
-      } catch (IOException e) {
-      }
+      byte high = (byte) BASE_16_CHARS.indexOf(in[i]);
+      byte low = (byte) BASE_16_CHARS.indexOf(in[i + 1]);
+      bs.write((high << 4) + (low & 0x0F));
     }
     return bs.toByteArray();
   }
diff --git a/src/main/java/org/xbill/DNS/utils/base32.java b/src/main/java/org/xbill/DNS/utils/base32.java
index 11a1c9505..563e232a3 100644
--- a/src/main/java/org/xbill/DNS/utils/base32.java
+++ b/src/main/java/org/xbill/DNS/utils/base32.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS.utils;
@@ -21,8 +22,9 @@ private Alphabet() {}
     public static final String BASE32HEX = "0123456789ABCDEFGHIJKLMNOPQRSTUV=";
   }
 
-  private String alphabet;
-  private boolean padding, lowercase;
+  private final String alphabet;
+  private final boolean padding;
+  private final boolean lowercase;
 
   /**
    * Creates an object that can be used to do base32 conversions.
@@ -110,9 +112,9 @@ public String toString(byte[] b) {
       t[4] = (byte) (((s[2] & 0x0F) << 1) | ((s[3] >> 7) & 0x01));
       // bits 6-2 from 4th
       t[5] = (byte) ((s[3] >> 2) & 0x1F);
-      // lower 2 from 4th, upper 3 from 5th;
+      // lower 2 from 4th, upper 3 from 5th
       t[6] = (byte) (((s[3] & 0x03) << 3) | ((s[4] >> 5) & 0x07));
-      // lower 5 from 5th;
+      // lower 5 from 5th
       t[7] = (byte) (s[4] & 0x1F);
 
       // write out the actual characters.
@@ -132,7 +134,7 @@ public String toString(byte[] b) {
       }
     }
 
-    return new String(os.toByteArray());
+    return os.toString();
   }
 
   /**
diff --git a/src/main/java/org/xbill/DNS/utils/base64.java b/src/main/java/org/xbill/DNS/utils/base64.java
index 1f1cea74c..a69b57e8f 100644
--- a/src/main/java/org/xbill/DNS/utils/base64.java
+++ b/src/main/java/org/xbill/DNS/utils/base64.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS.utils;
@@ -13,8 +14,10 @@
  */
 public class base64 {
 
-  private static final String Base64 =
+  private static final String BASE_64 =
       "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+  private static final String BASE_64_URL =
+      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
 
   private base64() {}
 
@@ -25,8 +28,19 @@ private base64() {}
    * @return A String containing the encoded data
    */
   public static String toString(byte[] b) {
-    ByteArrayOutputStream os = new ByteArrayOutputStream();
+    return toString(b, false);
+  }
 
+  /**
+   * Convert binary data to a base64-encoded String
+   *
+   * @param b An array containing binary data
+   * @param useUrl True to use Base64URL encoding (i.e. no trailing =, -_ instead of +/)
+   * @return A String containing the encoded data
+   */
+  public static String toString(byte[] b, boolean useUrl) {
+    String base = useUrl ? BASE_64_URL : BASE_64;
+    ByteArrayOutputStream os = new ByteArrayOutputStream();
     for (int i = 0; i < (b.length + 2) / 3; i++) {
       short[] s = new short[3];
       short[] t = new short[4];
@@ -40,24 +54,27 @@ public static String toString(byte[] b) {
 
       t[0] = (short) (s[0] >> 2);
       if (s[1] == -1) {
-        t[1] = (short) (((s[0] & 0x3) << 4));
+        t[1] = (short) ((s[0] & 0x3) << 4);
       } else {
         t[1] = (short) (((s[0] & 0x3) << 4) + (s[1] >> 4));
       }
       if (s[1] == -1) {
         t[2] = t[3] = 64;
       } else if (s[2] == -1) {
-        t[2] = (short) (((s[1] & 0xF) << 2));
+        t[2] = (short) ((s[1] & 0xF) << 2);
         t[3] = 64;
       } else {
         t[2] = (short) (((s[1] & 0xF) << 2) + (s[2] >> 6));
         t[3] = (short) (s[2] & 0x3F);
       }
       for (int j = 0; j < 4; j++) {
-        os.write(Base64.charAt(t[j]));
+        if (t[j] == 64 && useUrl) {
+          continue;
+        }
+        os.write(base.charAt(t[j]));
       }
     }
-    return new String(os.toByteArray());
+    return os.toString();
   }
 
   /**
@@ -70,21 +87,7 @@ public static String toString(byte[] b) {
    * @return A String representing the formatted output
    */
   public static String formatString(byte[] b, int lineLength, String prefix, boolean addClose) {
-    String s = toString(b);
-    StringBuilder sb = new StringBuilder();
-    for (int i = 0; i < s.length(); i += lineLength) {
-      sb.append(prefix);
-      if (i + lineLength >= s.length()) {
-        sb.append(s.substring(i));
-        if (addClose) {
-          sb.append(" )");
-        }
-      } else {
-        sb.append(s, i, i + lineLength);
-        sb.append("\n");
-      }
-    }
-    return sb.toString();
+    return BaseUtils.wrapLines(toString(b), lineLength, prefix, addClose);
   }
 
   /**
@@ -114,18 +117,18 @@ public static byte[] fromString(String str) {
       short[] t = new short[3];
 
       for (int j = 0; j < 4; j++) {
-        s[j] = (short) Base64.indexOf(in[i * 4 + j]);
+        s[j] = (short) BASE_64.indexOf(in[i * 4 + j]);
       }
 
       t[0] = (short) ((s[0] << 2) + (s[1] >> 4));
       if (s[2] == 64) {
-        t[1] = t[2] = (short) (-1);
+        t[1] = t[2] = (short) -1;
         if ((s[1] & 0xF) != 0) {
           return null;
         }
       } else if (s[3] == 64) {
         t[1] = (short) (((s[1] << 4) + (s[2] >> 2)) & 0xFF);
-        t[2] = (short) (-1);
+        t[2] = (short) -1;
         if ((s[2] & 0x3) != 0) {
           return null;
         }
@@ -141,6 +144,7 @@ public static byte[] fromString(String str) {
           }
         }
       } catch (IOException e) {
+        // Ignore
       }
     }
     return bs.toByteArray();
diff --git a/src/main/java/org/xbill/DNS/utils/hexdump.java b/src/main/java/org/xbill/DNS/utils/hexdump.java
index 92e8a59f7..2ddde8a20 100644
--- a/src/main/java/org/xbill/DNS/utils/hexdump.java
+++ b/src/main/java/org/xbill/DNS/utils/hexdump.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
 
 package org.xbill.DNS.utils;
@@ -40,9 +41,9 @@ public static String dump(String description, byte[] b, int offset, int length)
           sb.append('\t');
         }
       }
-      int value = (int) (b[i + offset]) & 0xFF;
-      sb.append(hex[(value >> 4)]);
-      sb.append(hex[(value & 0xF)]);
+      int value = b[i + offset] & 0xFF;
+      sb.append(hex[value >> 4]);
+      sb.append(hex[value & 0xF]);
       sb.append(' ');
     }
     sb.append('\n');
diff --git a/src/main/java/sun/net/spi/nameservice/NameService.java b/src/main/java/sun/net/spi/nameservice/NameService.java
new file mode 100644
index 000000000..4ddbf079d
--- /dev/null
+++ b/src/main/java/sun/net/spi/nameservice/NameService.java
@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package sun.net.spi.nameservice;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+public interface NameService {
+  InetAddress[] lookupAllHostAddr(String var1) throws UnknownHostException;
+
+  String getHostByAddr(byte[] var1) throws UnknownHostException;
+}
diff --git a/src/main/java/sun/net/spi/nameservice/NameServiceDescriptor.java b/src/main/java/sun/net/spi/nameservice/NameServiceDescriptor.java
new file mode 100644
index 000000000..090f77f1e
--- /dev/null
+++ b/src/main/java/sun/net/spi/nameservice/NameServiceDescriptor.java
@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package sun.net.spi.nameservice;
+
+public interface NameServiceDescriptor {
+  NameService createNameService() throws Exception;
+
+  String getProviderName();
+
+  String getType();
+}
diff --git a/src/main/java/sun/net/spi/nameservice/package-info.java b/src/main/java/sun/net/spi/nameservice/package-info.java
new file mode 100644
index 000000000..d2411afbb
--- /dev/null
+++ b/src/main/java/sun/net/spi/nameservice/package-info.java
@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+/**
+ * JDK9 removed the Nameservice SPI as per bug 8134577. The interfaces in this package were
+ * automatically extracted and are used to compile on newer JDKs.
+ */
+package sun.net.spi.nameservice;
diff --git a/src/main/java11/module-info.java b/src/main/java11/module-info.java
new file mode 100644
index 000000000..8ed168871
--- /dev/null
+++ b/src/main/java11/module-info.java
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+module org.dnsjava {
+  requires static lombok;
+  requires static java.naming;
+  requires static com.sun.jna;
+  requires static com.sun.jna.platform;
+  requires static java.net.http;
+  requires org.slf4j;
+
+  exports org.xbill.DNS;
+  exports org.xbill.DNS.config;
+  exports org.xbill.DNS.dnssec;
+  exports org.xbill.DNS.hosts;
+  exports org.xbill.DNS.lookup;
+  exports org.xbill.DNS.tools;
+  exports org.xbill.DNS.utils;
+}
diff --git a/src/main/java11/org/xbill/DNS/AsyncSemaphore.java b/src/main/java11/org/xbill/DNS/AsyncSemaphore.java
new file mode 100644
index 000000000..d2dcf6dd0
--- /dev/null
+++ b/src/main/java11/org/xbill/DNS/AsyncSemaphore.java
@@ -0,0 +1,66 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.time.Duration;
+import java.util.ArrayDeque;
+import java.util.Queue;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.Executor;
+import java.util.concurrent.TimeUnit;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+final class AsyncSemaphore {
+  private final Queue<CompletableFuture<Permit>> queue = new ArrayDeque<>();
+  private final Permit singletonPermit = new Permit();
+  private final String name;
+  private volatile int permits;
+
+  final class Permit {
+    public void release(int id, Executor executor) {
+      synchronized (queue) {
+        CompletableFuture<Permit> next = queue.poll();
+        if (next == null) {
+          permits++;
+          log.trace("{} permit released id={}, available={}", name, id, permits);
+        } else {
+          log.trace("{} permit released id={}, available={}, immediate next", name, id, permits);
+          next.completeAsync(() -> this, executor);
+        }
+      }
+    }
+  }
+
+  AsyncSemaphore(int permits, String name) {
+    this.permits = permits;
+    this.name = name;
+    log.debug("Using Java 11+ implementation for {}", name);
+  }
+
+  CompletionStage<Permit> acquire(Duration timeout, int id, Executor executor) {
+    synchronized (queue) {
+      if (permits > 0) {
+        permits--;
+        log.trace("{} permit acquired id={}, available={}", name, id, permits);
+        return CompletableFuture.completedFuture(singletonPermit);
+      } else {
+        CompletableFuture<Permit> f = new CompletableFuture<>();
+        f.orTimeout(timeout.toNanos(), TimeUnit.NANOSECONDS)
+            .whenCompleteAsync(
+                (result, ex) -> {
+                  synchronized (queue) {
+                    if (ex != null) {
+                      log.trace("{} permit timed out id={}, available={}", name, id, permits);
+                    }
+                    queue.remove(f);
+                  }
+                },
+                executor);
+        log.trace("{} permit queued id={}, available={}", name, id, permits);
+        queue.add(f);
+        return f;
+      }
+    }
+  }
+}
diff --git a/src/main/java11/org/xbill/DNS/DohResolver.java b/src/main/java11/org/xbill/DNS/DohResolver.java
new file mode 100644
index 000000000..8e73eca5c
--- /dev/null
+++ b/src/main/java11/org/xbill/DNS/DohResolver.java
@@ -0,0 +1,311 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.net.http.HttpTimeoutException;
+import java.time.Duration;
+import java.time.temporal.ChronoUnit;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.WeakHashMap;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionException;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.Executor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.function.Function;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.AsyncSemaphore.Permit;
+
+/**
+ * Proof-of-concept <a href="https://datatracker.ietf.org/doc/html/rfc8484">DNS over HTTP (DoH)</a>
+ * resolver. This class is not suitable for high load scenarios because of the shortcomings of
+ * Java's built-in HTTP clients. For more control, implement your own {@link Resolver} using e.g. <a
+ * href="https://github.com/square/okhttp/">OkHttp</a>.
+ *
+ * <p>On Java 8, it uses HTTP/1.1, which is against the recommendation of RFC 8484 to use HTTP/2 and
+ * thus slower. On Java 11 or newer, HTTP/2 is always used, but the built-in HttpClient has its own
+ * <a href="https://bugs.openjdk.java.net/browse/JDK-8225647">issues</a> with connection handling.
+ *
+ * <p>As of 2020-09-13, the following limits of public resolvers for HTTP/2 were observed:
+ * <li>https://cloudflare-dns.com/dns-query: max streams=250, idle timeout=400s
+ * <li>https://dns.google/dns-query: max streams=100, idle timeout=240s
+ *
+ * @since 3.0
+ */
+@Slf4j
+public final class DohResolver extends DohResolverCommon {
+  private static final String APPLICATION_DNS_MESSAGE = "application/dns-message";
+  private static final Map<Executor, HttpClient> httpClients =
+      Collections.synchronizedMap(new WeakHashMap<>());
+  private static final HttpRequest.Builder defaultHttpRequestBuilder;
+
+  private final AsyncSemaphore initialRequestLock = new AsyncSemaphore(1, "initial request");
+
+  private final Duration idleConnectionTimeout;
+
+  static {
+    defaultHttpRequestBuilder = HttpRequest.newBuilder();
+    defaultHttpRequestBuilder.version(HttpClient.Version.HTTP_2);
+    defaultHttpRequestBuilder.header("Content-Type", APPLICATION_DNS_MESSAGE);
+    defaultHttpRequestBuilder.header("Accept", APPLICATION_DNS_MESSAGE);
+  }
+
+  /**
+   * Creates a new DoH resolver that performs lookups with HTTP GET and the default timeout (5s).
+   *
+   * @param uriTemplate the URI to use for resolving, e.g. {@code https://dns.google/dns-query}
+   */
+  public DohResolver(String uriTemplate) {
+    this(uriTemplate, 100, Duration.ofMinutes(2));
+  }
+
+  /**
+   * Creates a new DoH resolver that performs lookups with HTTP GET and the default timeout (5s).
+   *
+   * @param uriTemplate the URI to use for resolving, e.g. {@code https://dns.google/dns-query}
+   * @param maxConcurrentRequests Maximum concurrent HTTP/2 streams for Java 11+ or HTTP/1.1
+   *     connections for Java 8. On Java 8 this cannot exceed the system property {@code
+   *     http.maxConnections}.
+   * @param idleConnectionTimeout Max. idle time for HTTP/2 connections until a request is
+   *     serialized. Applies to Java 11+ only.
+   * @since 3.3
+   */
+  public DohResolver(
+      String uriTemplate, int maxConcurrentRequests, Duration idleConnectionTimeout) {
+    super(uriTemplate, maxConcurrentRequests);
+    log.debug("Using Java 11+ implementation");
+    this.idleConnectionTimeout = idleConnectionTimeout;
+  }
+
+  @SneakyThrows
+  private HttpClient getHttpClient(Executor executor) {
+    return httpClients.computeIfAbsent(
+        executor,
+        key -> {
+          try {
+            return HttpClient.newBuilder().connectTimeout(timeout).executor(executor).build();
+          } catch (IllegalArgumentException e) {
+            log.warn("Could not create a HttpClient for Executor {}", key, e);
+            return null;
+          }
+        });
+  }
+
+  @Override
+  public void setTimeout(Duration timeout) {
+    this.timeout = timeout;
+    httpClients.clear();
+  }
+
+  /**
+   * Sets the EDNS information on outgoing messages.
+   *
+   * @param version The EDNS version to use. 0 indicates EDNS0 and -1 indicates no EDNS.
+   * @param payloadSize ignored
+   * @param flags EDNS extended flags to be set in the OPT record.
+   * @param options EDNS options to be set in the OPT record
+   */
+  @Override
+  @SuppressWarnings("java:S1185") // required for source- and binary compatibility
+  public void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options) {
+    // required for source- and binary compatibility
+    super.setEDNS(version, payloadSize, flags, options);
+  }
+
+  @Override
+  @SuppressWarnings("java:S1185") // required for source- and binary compatibility
+  public CompletionStage<Message> sendAsync(Message query) {
+    return this.sendAsync(query, defaultExecutor);
+  }
+
+  @Override
+  public CompletionStage<Message> sendAsync(Message query, Executor executor) {
+    long startTime = getNanoTime();
+    byte[] queryBytes = prepareQuery(query).toWire();
+    String url = getUrl(queryBytes);
+
+    var requestBuilder = defaultHttpRequestBuilder.copy();
+    requestBuilder.uri(URI.create(url));
+    if (usePost) {
+      requestBuilder.POST(HttpRequest.BodyPublishers.ofByteArray(queryBytes));
+    }
+
+    // check if this request needs to be done synchronously because of HttpClient's stupidity to
+    // not use the connection pool for HTTP/2 until one connection is successfully established,
+    // which could lead to hundreds of connections (and threads with the default executor)
+    Duration remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    if (remainingTimeout.toMillis() <= 0) {
+      return timeoutFailedFuture(query, "no time left to acquire lock for first request", null);
+    }
+
+    return initialRequestLock
+        .acquire(remainingTimeout, query.getHeader().getID(), executor)
+        .handle(
+            (initialRequestPermit, initialRequestEx) -> {
+              if (initialRequestEx != null) {
+                return this.<Message>timeoutFailedFuture(query, initialRequestEx);
+              } else {
+                return sendAsyncWithInitialRequestPermit(
+                    query, executor, startTime, requestBuilder, initialRequestPermit);
+              }
+            })
+        .thenCompose(Function.identity());
+  }
+
+  private CompletionStage<Message> sendAsyncWithInitialRequestPermit(
+      Message query,
+      Executor executor,
+      long startTime,
+      HttpRequest.Builder requestBuilder,
+      Permit initialRequestPermit) {
+    int queryId = query.getHeader().getID();
+    long lastRequestTime = lastRequest.get();
+    long requestDeltaNanos = getNanoTime() - lastRequestTime;
+    boolean isInitialRequest =
+        lastRequestTime == 0 || idleConnectionTimeout.toNanos() < requestDeltaNanos;
+    if (!isInitialRequest) {
+      initialRequestPermit.release(queryId, executor);
+    }
+
+    // check if we already exceeded the query timeout while checking the initial connection
+    Duration remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    if (remainingTimeout.toMillis() <= 0) {
+      if (isInitialRequest) {
+        initialRequestPermit.release(queryId, executor);
+      }
+
+      return timeoutFailedFuture(
+          query, "no time left to acquire lock for concurrent request", null);
+    }
+
+    // Lock a HTTP/2 stream. Another stupidity of HttpClient to not simply queue the
+    // request, but fail with an IOException which also CLOSES the connection... *facepalm*
+    return maxConcurrentRequests
+        .acquire(remainingTimeout, queryId, executor)
+        .handle(
+            (maxConcurrentRequestPermit, maxConcurrentRequestEx) -> {
+              if (maxConcurrentRequestEx != null) {
+                if (isInitialRequest) {
+                  initialRequestPermit.release(queryId, executor);
+                }
+                return this.<Message>timeoutFailedFuture(
+                    query,
+                    "timed out waiting for a concurrent request lease",
+                    maxConcurrentRequestEx);
+              } else {
+                return sendAsyncWithConcurrentRequestPermit(
+                    query,
+                    executor,
+                    startTime,
+                    requestBuilder,
+                    initialRequestPermit,
+                    isInitialRequest,
+                    maxConcurrentRequestPermit);
+              }
+            })
+        .thenCompose(Function.identity());
+  }
+
+  private CompletionStage<Message> sendAsyncWithConcurrentRequestPermit(
+      Message query,
+      Executor executor,
+      long startTime,
+      HttpRequest.Builder requestBuilder,
+      Permit initialRequestPermit,
+      boolean isInitialRequest,
+      Permit maxConcurrentRequestPermit) {
+    int queryId = query.getHeader().getID();
+
+    // check if the stream lock acquisition took too long
+    Duration remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    if (remainingTimeout.toMillis() <= 0) {
+      if (isInitialRequest) {
+        initialRequestPermit.release(queryId, executor);
+      }
+
+      maxConcurrentRequestPermit.release(queryId, executor);
+      return timeoutFailedFuture(
+          query, "no time left to acquire lock for concurrent request", null);
+    }
+
+    var httpRequest = requestBuilder.timeout(remainingTimeout).build();
+    var bodyHandler = HttpResponse.BodyHandlers.ofByteArray();
+    return getHttpClient(executor)
+        .sendAsync(httpRequest, bodyHandler)
+        .whenComplete(
+            (result, ex) -> {
+              if (ex == null) {
+                lastRequest.set(startTime);
+              }
+              maxConcurrentRequestPermit.release(queryId, executor);
+              if (isInitialRequest) {
+                initialRequestPermit.release(queryId, executor);
+              }
+            })
+        .handleAsync(
+            (response, ex) -> {
+              if (ex != null) {
+                if (ex instanceof HttpTimeoutException) {
+                  return this.<Message>timeoutFailedFuture(
+                      query, "http request did not complete", ex.getCause());
+                } else {
+                  return CompletableFuture.<Message>failedFuture(ex);
+                }
+              } else {
+                try {
+                  Message responseMessage;
+                  int rc = response.statusCode();
+                  if (rc >= 200 && rc < 300) {
+                    byte[] responseBytes = response.body();
+                    responseMessage = new Message(responseBytes);
+                    verifyTSIG(query, responseMessage, responseBytes, tsig);
+                  } else {
+                    responseMessage = new Message();
+                    responseMessage.getHeader().setRcode(Rcode.SERVFAIL);
+                  }
+
+                  responseMessage.setResolver(this);
+                  return CompletableFuture.completedFuture(responseMessage);
+                } catch (IOException e) {
+                  return CompletableFuture.<Message>failedFuture(e);
+                }
+              }
+            },
+            executor)
+        .thenCompose(Function.identity())
+        .orTimeout(remainingTimeout.toMillis(), TimeUnit.MILLISECONDS)
+        .exceptionally(
+            ex -> {
+              if (ex instanceof TimeoutException) {
+                throw new CompletionException(
+                    new TimeoutException(
+                        "Query "
+                            + query.getHeader().getID()
+                            + " for "
+                            + query.getQuestion().getName()
+                            + "/"
+                            + Type.string(query.getQuestion().getType())
+                            + " timed out in remaining "
+                            + remainingTimeout.toMillis()
+                            + "ms"));
+              } else if (ex instanceof CompletionException) {
+                throw (CompletionException) ex;
+              }
+
+              throw new CompletionException(ex);
+            });
+  }
+
+  @Override
+  protected <T> CompletableFuture<T> failedFuture(Throwable e) {
+    return CompletableFuture.failedFuture(e);
+  }
+}
diff --git a/src/main/java18/module-info.java b/src/main/java18/module-info.java
new file mode 100644
index 000000000..73a90f811
--- /dev/null
+++ b/src/main/java18/module-info.java
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+import java.net.spi.InetAddressResolverProvider;
+import org.xbill.DNS.spi.DnsjavaInetAddressResolverProvider;
+
+module org.dnsjava {
+  requires static lombok;
+  requires static java.naming;
+  requires static com.sun.jna;
+  requires static com.sun.jna.platform;
+  requires static java.net.http;
+  requires org.slf4j;
+
+  exports org.xbill.DNS;
+  exports org.xbill.DNS.config;
+  exports org.xbill.DNS.dnssec;
+  exports org.xbill.DNS.hosts;
+  exports org.xbill.DNS.lookup;
+  exports org.xbill.DNS.tools;
+  exports org.xbill.DNS.utils;
+
+  provides InetAddressResolverProvider with
+      DnsjavaInetAddressResolverProvider;
+}
diff --git a/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolver.java b/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolver.java
new file mode 100644
index 000000000..d92be358e
--- /dev/null
+++ b/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolver.java
@@ -0,0 +1,117 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.spi;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.net.spi.InetAddressResolver;
+import java.net.spi.InetAddressResolverProvider.Configuration;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.stream.Stream;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.AAAARecord;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.Lookup;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.PTRRecord;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.ReverseMap;
+import org.xbill.DNS.TextParseException;
+import org.xbill.DNS.Type;
+
+@Slf4j
+class DnsjavaInetAddressResolver implements InetAddressResolver {
+  private static final String PREFER_V6_PROPERTY = "java.net.preferIPv6Addresses";
+
+  private final boolean preferV6;
+  private final Configuration configuration;
+
+  DnsjavaInetAddressResolver(Configuration configuration) {
+    log.info("Enabling dnsjava SPI");
+    this.configuration = configuration;
+    preferV6 = Boolean.getBoolean(PREFER_V6_PROPERTY);
+  }
+
+  @Override
+  public Stream<InetAddress> lookupByName(String host, LookupPolicy lookupPolicy)
+      throws UnknownHostException {
+    // delegate local hostnames to the default resolver - we don't know them any better
+    // and this shouldn't leak anything either
+    if (host.equalsIgnoreCase(configuration.lookupLocalHostName())
+        || "localhost".equalsIgnoreCase(host)) {
+      return configuration.builtinResolver().lookupByName(host, lookupPolicy);
+    }
+
+    Name name;
+    try {
+      name = new Name(host);
+    } catch (TextParseException e) {
+      throw new UnknownHostException(host);
+    }
+
+    List<InetAddress> results = new ArrayList<>(8);
+    boolean ranIpV4 = false;
+    boolean ranIpV6 = false;
+
+    int characteristics = lookupPolicy.characteristics();
+    // fallback to default policy if no specific preference has been set
+    if ((characteristics & (LookupPolicy.IPV6_FIRST | LookupPolicy.IPV4_FIRST)) == 0) {
+      if (preferV6) {
+        characteristics |= LookupPolicy.IPV6_FIRST;
+      } else {
+        characteristics |= LookupPolicy.IPV4_FIRST;
+      }
+    }
+    if ((characteristics & LookupPolicy.IPV6) == LookupPolicy.IPV6
+        && (characteristics & LookupPolicy.IPV6_FIRST) == LookupPolicy.IPV6_FIRST) {
+      Record[] records = new Lookup(name, Type.AAAA).run();
+      if (records != null) {
+        for (Record r : records) {
+          results.add(((AAAARecord) r).getAddress());
+        }
+      }
+      ranIpV6 = true;
+    }
+    if ((characteristics & LookupPolicy.IPV4) == LookupPolicy.IPV4
+        && (characteristics & LookupPolicy.IPV4_FIRST) == LookupPolicy.IPV4_FIRST) {
+      Record[] records = new Lookup(name, Type.A).run();
+      if (records != null) {
+        for (Record r : records) {
+          results.add(((ARecord) r).getAddress());
+        }
+      }
+      ranIpV4 = true;
+    }
+    if ((characteristics & LookupPolicy.IPV4) == LookupPolicy.IPV4 && !ranIpV4) {
+      Record[] records = new Lookup(name, Type.A).run();
+      if (records != null) {
+        for (Record r : records) {
+          results.add(((ARecord) r).getAddress());
+        }
+      }
+    }
+    if ((characteristics & LookupPolicy.IPV6) == LookupPolicy.IPV6 && !ranIpV6) {
+      Record[] records = new Lookup(name, Type.AAAA).run();
+      if (records != null) {
+        for (Record r : records) {
+          results.add(((AAAARecord) r).getAddress());
+        }
+      }
+    }
+    if (results.isEmpty()) {
+      throw new UnknownHostException(host);
+    }
+
+    return results.stream();
+  }
+
+  @Override
+  public String lookupByAddress(byte[] addr) throws UnknownHostException {
+    Name name = ReverseMap.fromAddress(InetAddress.getByAddress(addr));
+    Record[] records = new Lookup(name, Type.PTR).run();
+    if (records == null) {
+      throw new UnknownHostException("Unknown address: " + name);
+    }
+    return ((PTRRecord) records[0]).getTarget().toString();
+  }
+}
diff --git a/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolverProvider.java b/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolverProvider.java
new file mode 100644
index 000000000..f146c399a
--- /dev/null
+++ b/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolverProvider.java
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.spi;
+
+import java.net.spi.InetAddressResolver;
+import java.net.spi.InetAddressResolverProvider;
+
+public class DnsjavaInetAddressResolverProvider extends InetAddressResolverProvider {
+  public static final String ENABLE_SPI = "org.dnsjava.spi.enable";
+
+  @Override
+  public InetAddressResolver get(Configuration configuration) {
+    // The provider is opt-in only. Simply placing dnsjava on the classpath should not
+    // modify default resolution behavior.
+    if (Boolean.getBoolean(ENABLE_SPI)) {
+      return new DnsjavaInetAddressResolver(configuration);
+    }
+    return configuration.builtinResolver();
+  }
+
+  @Override
+  public String name() {
+    return "dnsjava";
+  }
+}
diff --git a/src/main/resources/META-INF/services/java.net.spi.InetAddressResolverProvider b/src/main/resources/META-INF/services/java.net.spi.InetAddressResolverProvider
new file mode 100644
index 000000000..e477fd238
--- /dev/null
+++ b/src/main/resources/META-INF/services/java.net.spi.InetAddressResolverProvider
@@ -0,0 +1 @@
+org.xbill.DNS.spi.DnsjavaInetAddressResolverProvider
diff --git a/src/main/resources/messages.properties b/src/main/resources/messages.properties
new file mode 100644
index 000000000..38f34467f
--- /dev/null
+++ b/src/main/resources/messages.properties
@@ -0,0 +1,76 @@
+# SPDX-License-Identifier: BSD-3-Clause
+failed.authority.nodata=NODATA response has failed AUTHORITY rrset: {0}
+failed.answer.cname_nodata=CNAME_NODATA response has failed ANSWER rrset: {0}
+failed.nodata=NODATA response failed to prove NODATA status with NSEC/NSEC3
+failed.synthesize.multiple=Synthesized CNAME RRset has multiple records - that doesn't make sense.
+failed.synthesize.nomatch=Synthesized CNAME target ({0}) included in answer doesn't match DNAME synthesis rules (expected {1}).
+failed.synthesize.toolong=Synthesized name would be too long, thus bogus.
+failed.answer.positive=Positive response has failed ANSWER rrset: {0}
+failed.authority.positive=Positive response has failed AUTHORITY rrset: {0}
+failed.positive.wildcardgeneration=Could not generate NSEC wildcard, resulting name would be too long.
+failed.positive.wildcard_too_broad=Positive response was wildcard expansion and did not prove original data did not exist or wasn't generated by the correct wildcard.
+failed.nxdomain.cname_nxdomain=CNAME_NAMEERROR response has failed ANSWER rrset: {0}
+failed.nxdomain.authority=NameError response has failed AUTHORITY rrset: {0}
+failed.nsec3.none=No NSEC3 records
+failed.nsec3.not_found=No matching NSEC3 records found
+failed.nsec3.type_exists=NSEC3 proofed type exists
+failed.nsec3.type_exists_wc=NSEC3 wildcard proofed type exists
+failed.nsec3.cname_exists=NSEC3 proofed a CNAME exists
+failed.nsec3.cname_exists_wc=NSEC3 wildcard proofed a CNAME exists
+failed.nsec3.wc_soa=NSEC3 wildcard proofed a CNAME exists
+failed.nsec3.apex_abuse=NSEC3 from apex abused
+failed.nsec3.delegation=NSEC3 is a delegation
+failed.nsec3.delegation_wc=NSEC3 wildcard is a delegation
+failed.nsec3.no_next=No next closer NSEC3
+failed.nsec3.not_optout=NSEC3 was not opt-out
+failed.nsec3.qname_ce=NSEC3 did not match query name and closest encloser not found
+failed.nsec3_ignored=All NSEC3s were validated but ignored due to unknown algorithms or invalid iteration counts.
+failed.nsec3.hash_errors=All attempted hash calculations while finding a matching NSEC3 were erroneous.
+failed.nsec3.wc.hash_errors=All attempted hash calculations while matching wildcard were erroneous.
+failed.nxdomain.nsec3_bogus=NSEC3 failed to proof the name error.
+failed.nxdomain.nsec3_insecure=NSEC3 proofed that the target domain is under opt-out, response is insecure.
+failed.nxdomain.exists=NameError response has failed to prove that {0} does not exist.
+failed.nxdomain.haswildcard=NameError response has failed to prove that the covering wildcard does not exist.
+dnskey.no_rrset=Missing DNSKEY RRset in response to DNSKEY query for {0}.
+dnskey.no_ds_match=Did not match a DS to a DNSKEY.
+dnskey.no_ds_alg_match=No keys for {0} have a DS for alg {1}
+dnskey.no_name_match=DS and DNSKEY names do not match.
+dnskey.no_key=No key for signature {0}
+dnskey.ds_max_match=DS match max. attempt reached
+dnskey.ds_match_mismatch=Keyset not secured by DNSKEY that matches DS
+dnskey.key_offtree=Signer name {0} is off-tree for {1}
+dnskey.no_match=Key does not match signature
+dnskey.expired=Key expired
+dnskey.not_yet_valid=Key is not yet valid
+dnskey.invalid=Key does not verify signature
+failed.ds=DS rrset in DS response did not verify.
+failed.ds.cname=CNAME in DS response was not secure.
+ds.secure=CNAME validated, proof that DS does not exist.
+failed.ds.nsec=NSEC RRset for the referral did not verify, {0}.
+failed.ds.nsec.hasdata=NSEC RRset for the referral did not prove no DS.
+failed.ds.nonsec=No signed NSEC/NSEC3 records for query to {0}/DS.
+failed.ds.nodelegation=NSEC RRset for the referral proved not a delegation point
+insecure.ds.nsec=NSEC RRset for the referral proved no DS.
+failed.ds.nowildcardproof=NSEC for wildcard does not prove absence of DS.
+failed.ds.nsec.ent=NSEC for empty non-terminal did not verify.
+insecure.ds.nsec.ent=NSEC for empty non-terminal proved no DS.
+failed.ds.nonconclusive=NSEC proof did not conclusively point to DS or no DS.
+failed.ds.nsec3=NSEC3s for the referral did not prove no DS.
+unknown.ds.nsec3=no DS but also no proof of that
+insecure.ds.nsec3=NSEC3s for the referral proved no DS.
+failed.ds.unknown=Ran out of validation options, thus bogus.
+failed.ds.notype=Encountered an unhandled type ({0}) of DS response, thus bogus.
+failed.ds.nodigest=No supported digest ID for DS for {0}.
+failed.ds.no_usable_digest=No usable digest ID for DS for {0}.
+validate.insecure_unsigned=Unsigned response was proved to be validly INSECURE
+validate.bogus=Could not establish validation of INSECURE status of unsigned response. Reason: {0}
+validate.bogus.badkey=Could not establish a chain of trust to keys for [{0}]. Reason: {1}
+validate.bogus.missingsig=Could not validate RRset due to missing signature.
+validate.bogus.missingsig_named=Could not validate RRset {0}/{1} due to missing signature.
+validate.bogus.rrsigtoomany=Could not validate RRset {0}/{1}, too many signatures.
+validate.insecure=Verified that response is INSECURE
+validate.insecure.noalg={0} has no known algorithms
+validate.response.unknown=Response subtype is {0} and thus cannot be validated.
+insecure.ds.noalgorithms=No supported algorithms in DS RRset for {0}, treating as insecure.
+failed.dname.wildcard=Illegal DNAME ({0} is from a wildcard expansion).
+failed.wildcard.label_count_mismatch=Label count mismatch on RRSIGs for {0}
diff --git a/src/main/resources/org/xbill/DNS/windows/DNSServer.properties b/src/main/resources/org/xbill/DNS/windows/DNSServer.properties
deleted file mode 100644
index 25342f97b..000000000
--- a/src/main/resources/org/xbill/DNS/windows/DNSServer.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-host_name=Host Name
-primary_dns_suffix=Primary Dns Suffix
-dns_suffix=DNS Suffix
-dns_servers=DNS Servers
diff --git a/src/main/resources/org/xbill/DNS/windows/DNSServer_de.properties b/src/main/resources/org/xbill/DNS/windows/DNSServer_de.properties
deleted file mode 100644
index aa3f4a690..000000000
--- a/src/main/resources/org/xbill/DNS/windows/DNSServer_de.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-host_name=Hostname
-primary_dns_suffix=Prim\u00E4res DNS-Suffix
-dns_suffix=DNS-Suffixsuchliste
-dns_servers=DNS-Server
diff --git a/src/main/resources/org/xbill/DNS/windows/DNSServer_fr.properties b/src/main/resources/org/xbill/DNS/windows/DNSServer_fr.properties
deleted file mode 100644
index 7c87a25b3..000000000
--- a/src/main/resources/org/xbill/DNS/windows/DNSServer_fr.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-host_name=Nom de l'h\u00F4te
-primary_dns_suffix=Suffixe DNS principal
-dns_suffix=Suffixe DNS propre \u00E0 la connexion
-dns_servers=Serveurs DNS
diff --git a/src/main/resources/org/xbill/DNS/windows/DNSServer_ja.properties b/src/main/resources/org/xbill/DNS/windows/DNSServer_ja.properties
deleted file mode 100644
index f87316448..000000000
--- a/src/main/resources/org/xbill/DNS/windows/DNSServer_ja.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-host_name=\u30db\u30b9\u30c8\u540d
-primary_dns_suffix=\u30d7\u30e9\u30a4\u30de\u30ea DNS \u30b5\u30d5\u30a3\u30c3\u30af\u30b9
-dns_suffix=DNS \u30b5\u30d5\u30a3\u30c3\u30af\u30b9
-dns_servers=DNS \u30b5\u30fc\u30d0\u30fc
diff --git a/src/main/resources/org/xbill/DNS/windows/DNSServer_pl.properties b/src/main/resources/org/xbill/DNS/windows/DNSServer_pl.properties
deleted file mode 100644
index eab57743b..000000000
--- a/src/main/resources/org/xbill/DNS/windows/DNSServer_pl.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-host_name=Nazwa hosta
-primary_dns_suffix=Sufiks podstawowej domeny DNS
-dns_suffix=Sufiks DNS konkretnego po\u0142\u0105czenia
-dns_servers=Serwery DNS
diff --git a/src/test/java/org/xbill/DNS/A6RecordTest.java b/src/test/java/org/xbill/DNS/A6RecordTest.java
index 22b60ef89..3065b9bd1 100644
--- a/src/test/java/org/xbill/DNS/A6RecordTest.java
+++ b/src/test/java/org/xbill/DNS/A6RecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -38,8 +39,6 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.junit.jupiter.api.Assertions.fail;
 
 import java.io.IOException;
 import java.net.InetAddress;
@@ -72,7 +71,7 @@ void setUp() throws TextParseException, UnknownHostException {
   }
 
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     A6Record ar = new A6Record();
     assertNull(ar.getName());
     assertEquals(0, ar.getType());
@@ -81,14 +80,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_getObject() {
-    A6Record ar = new A6Record();
-    Record r = ar.getObject();
-    assertTrue(r instanceof A6Record);
-  }
-
-  @Test
-  void test_ctor_6arg() {
+  void ctor_6arg() throws UnknownHostException {
     A6Record ar = new A6Record(m_an, DClass.IN, m_ttl, m_prefix_bits, m_addr, null);
     assertEquals(m_an, ar.getName());
     assertEquals(Type.A6, ar.getType());
@@ -124,18 +116,14 @@ void test_ctor_6arg() {
         () -> new A6Record(m_rn, DClass.IN, m_ttl, 0x100, m_addr, null));
 
     // an IPv4 address
-    try {
-      new A6Record(
-          m_an, DClass.IN, m_ttl, m_prefix_bits, InetAddress.getByName("192.168.0.1"), null);
-      fail("IllegalArgumentException not thrown");
-    } catch (IllegalArgumentException e) {
-    } catch (UnknownHostException e) {
-      fail(e.getMessage());
-    }
+    InetAddress address = InetAddress.getByName("192.168.0.1");
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> new A6Record(m_an, DClass.IN, m_ttl, m_prefix_bits, address, null));
   }
 
   @Test
-  void test_rrFromWire() throws IOException {
+  void rrFromWire() throws IOException {
     // record with no prefix
     DNSOutput dout = new DNSOutput();
     dout.writeU8(0);
@@ -167,7 +155,7 @@ void test_rrFromWire() throws IOException {
   }
 
   @Test
-  void test_rdataFromString() throws IOException {
+  void rdataFromString() throws IOException {
     // record with no prefix
     Tokenizer t = new Tokenizer("0 " + m_addr_string);
     A6Record ar = new A6Record();
@@ -198,7 +186,7 @@ void test_rdataFromString() throws IOException {
   }
 
   @Test
-  void test_rrToString() {
+  void rrToString() {
     A6Record ar = new A6Record(m_an, DClass.IN, m_ttl, m_prefix_bits, m_addr, m_an2);
     String exp = "" + m_prefix_bits + " " + m_addr_string_canonical + " " + m_an2;
     String out = ar.rrToString();
@@ -206,7 +194,7 @@ void test_rrToString() {
   }
 
   @Test
-  void test_rrToWire() {
+  void rrToWire() {
     // canonical form
     A6Record ar = new A6Record(m_an, DClass.IN, m_ttl, m_prefix_bits, m_addr, m_an2);
     DNSOutput dout = new DNSOutput();
diff --git a/src/test/java/org/xbill/DNS/AAAARecordTest.java b/src/test/java/org/xbill/DNS/AAAARecordTest.java
index db0f1b684..5b87cd60b 100644
--- a/src/test/java/org/xbill/DNS/AAAARecordTest.java
+++ b/src/test/java/org/xbill/DNS/AAAARecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -38,14 +39,14 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.junit.jupiter.api.Assertions.fail;
 
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class AAAARecordTest {
   private Name m_an;
@@ -66,7 +67,7 @@ void setUp() throws TextParseException, UnknownHostException {
   }
 
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     AAAARecord ar = new AAAARecord();
     assertNull(ar.getName());
     assertEquals(0, ar.getType());
@@ -76,14 +77,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_getObject() {
-    AAAARecord ar = new AAAARecord();
-    Record r = ar.getObject();
-    assertTrue(r instanceof AAAARecord);
-  }
-
-  @Test
-  void test_ctor_4arg() {
+  void ctor_4arg() {
     AAAARecord ar = new AAAARecord(m_an, DClass.IN, m_ttl, m_addr);
     assertEquals(m_an, ar.getName());
     assertEquals(Type.AAAA, ar.getType());
@@ -93,19 +87,24 @@ void test_ctor_4arg() {
 
     // a relative name
     assertThrows(RelativeNameException.class, () -> new AAAARecord(m_rn, DClass.IN, m_ttl, m_addr));
+  }
 
-    // an IPv4 address
-    try {
-      new AAAARecord(m_an, DClass.IN, m_ttl, InetAddress.getByName("192.168.0.1"));
-      fail("IllegalArgumentException not thrown");
-    } catch (IllegalArgumentException e) {
-    } catch (UnknownHostException e) {
-      fail(e.getMessage());
-    }
+  @ParameterizedTest
+  @ValueSource(ints = {0, 1, 2, 3, 4, 5, 17})
+  void ctor_4arg_bytes_invalidLength(int len) {
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> new AAAARecord(m_an, DClass.IN, m_ttl, new byte[len]));
+  }
+
+  @Test
+  void ctor_v4() throws UnknownHostException {
+    AAAARecord ar = new AAAARecord(m_an, DClass.IN, m_ttl, InetAddress.getByName("192.168.1.1"));
+    assertEquals("::ffff:192.168.1.1", ar.rrToString());
   }
 
   @Test
-  void test_rrFromWire() throws IOException {
+  void rrFromWire() throws IOException {
     DNSInput di = new DNSInput(m_addr_bytes);
     AAAARecord ar = new AAAARecord();
 
@@ -115,7 +114,7 @@ void test_rrFromWire() throws IOException {
   }
 
   @Test
-  void test_rdataFromString() throws IOException {
+  void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer(m_addr_string);
     AAAARecord ar = new AAAARecord();
 
@@ -130,13 +129,13 @@ void test_rdataFromString() throws IOException {
   }
 
   @Test
-  void test_rrToString() {
+  void rrToString() {
     AAAARecord ar = new AAAARecord(m_an, DClass.IN, m_ttl, m_addr);
     assertEquals(m_addr_string, ar.rrToString());
   }
 
   @Test
-  void test_rrToWire() {
+  void rrToWire() {
     AAAARecord ar = new AAAARecord(m_an, DClass.IN, m_ttl, m_addr);
 
     // canonical
diff --git a/src/test/java/org/xbill/DNS/AFSDBRecordTest.java b/src/test/java/org/xbill/DNS/AFSDBRecordTest.java
index 48d89e117..05ec1e6a4 100644
--- a/src/test/java/org/xbill/DNS/AFSDBRecordTest.java
+++ b/src/test/java/org/xbill/DNS/AFSDBRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -35,20 +36,12 @@
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
 
 class AFSDBRecordTest {
   @Test
-  void test_getObject() {
-    AFSDBRecord d = new AFSDBRecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof AFSDBRecord);
-  }
-
-  @Test
-  void test_ctor_5arg() throws TextParseException {
+  void ctor_5arg() throws TextParseException {
     Name n = Name.fromString("My.Name.");
     Name m = Name.fromString("My.OtherName.");
 
diff --git a/src/test/java/org/xbill/DNS/APLRecordTest.java b/src/test/java/org/xbill/DNS/APLRecordTest.java
index 99ea5556c..222c2af80 100644
--- a/src/test/java/org/xbill/DNS/APLRecordTest.java
+++ b/src/test/java/org/xbill/DNS/APLRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -62,7 +63,7 @@ void setUp() throws UnknownHostException {
     }
 
     @Test
-    void test_valid_IPv4() {
+    void valid_IPv4() {
       Element el = new Element(true, m_addr4, 16);
       assertEquals(Address.IPv4, el.family);
       assertTrue(el.negative);
@@ -71,12 +72,12 @@ void test_valid_IPv4() {
     }
 
     @Test
-    void test_invalid_IPv4() {
+    void invalid_IPv4() {
       assertThrows(IllegalArgumentException.class, () -> new Element(true, m_addr4, 33));
     }
 
     @Test
-    void test_valid_IPv6() {
+    void valid_IPv6() {
       Element el = new Element(false, m_addr6, 74);
       assertEquals(Address.IPv6, el.family);
       assertFalse(el.negative);
@@ -85,7 +86,7 @@ void test_valid_IPv6() {
     }
 
     @Test
-    void test_invalid_IPv6() {
+    void invalid_IPv6() {
       assertThrows(IllegalArgumentException.class, () -> new Element(true, m_addr6, 129));
     }
   }
@@ -123,7 +124,7 @@ void setUp() throws TextParseException, UnknownHostException {
     }
 
     @Test
-    void test_0arg() {
+    void ctor_0arg() {
       APLRecord ar = new APLRecord();
       assertNull(ar.getName());
       assertEquals(0, ar.getType());
@@ -133,14 +134,7 @@ void test_0arg() {
     }
 
     @Test
-    void test_getObject() {
-      APLRecord ar = new APLRecord();
-      Record r = ar.getObject();
-      assertTrue(r instanceof APLRecord);
-    }
-
-    @Test
-    void test_4arg_basic() {
+    void ctor_4arg_basic() {
       APLRecord ar = new APLRecord(m_an, DClass.IN, m_ttl, m_elements);
       assertEquals(m_an, ar.getName());
       assertEquals(Type.APL, ar.getType());
@@ -150,13 +144,13 @@ void test_4arg_basic() {
     }
 
     @Test
-    void test_4arg_empty_elements() {
+    void ctor_4arg_empty_elements() {
       APLRecord ar = new APLRecord(m_an, DClass.IN, m_ttl, new ArrayList<>());
-      assertEquals(new ArrayList(), ar.getElements());
+      assertEquals(new ArrayList<>(), ar.getElements());
     }
 
     @Test
-    void test_4arg_relative_name() {
+    void ctor_4arg_relative_name() {
       assertThrows(
           RelativeNameException.class, () -> new APLRecord(m_rn, DClass.IN, m_ttl, m_elements));
     }
@@ -178,7 +172,7 @@ void setUp() throws UnknownHostException {
     }
 
     @Test
-    void test_validIPv4() throws IOException {
+    void validIPv4() throws IOException {
       byte[] raw =
           new byte[] {
             0,
@@ -201,7 +195,7 @@ void test_validIPv4() throws IOException {
     }
 
     @Test
-    void test_validIPv4_short_address() throws IOException {
+    void validIPv4_short_address() throws IOException {
       byte[] raw =
           new byte[] {0, 1, 20, (byte) 0x83, m_addr4_bytes[0], m_addr4_bytes[1], m_addr4_bytes[2]};
 
@@ -217,7 +211,7 @@ void test_validIPv4_short_address() throws IOException {
     }
 
     @Test
-    void test_invalid_IPv4_prefix() throws IOException {
+    void invalid_IPv4_prefix() {
       byte[] raw =
           new byte[] {
             0,
@@ -236,7 +230,7 @@ void test_invalid_IPv4_prefix() throws IOException {
     }
 
     @Test
-    void test_invalid_IPv4_length() throws IOException {
+    void invalid_IPv4_length() {
       byte[] raw =
           new byte[] {
             0,
@@ -256,7 +250,7 @@ void test_invalid_IPv4_length() throws IOException {
     }
 
     @Test
-    void test_multiple_validIPv4() throws IOException {
+    void multiple_validIPv4() throws IOException {
       byte[] raw =
           new byte[] {
             0,
@@ -288,7 +282,7 @@ void test_multiple_validIPv4() throws IOException {
     }
 
     @Test
-    void test_validIPv6() throws IOException {
+    void validIPv6() throws IOException {
       byte[] raw =
           new byte[] {
             0,
@@ -323,7 +317,7 @@ void test_validIPv6() throws IOException {
     }
 
     @Test
-    void test_valid_nonIP() throws IOException {
+    void valid_nonIP() throws IOException {
       byte[] raw = new byte[] {0, 3, (byte) 130, (byte) 0x85, 1, 2, 3, 4, 5};
 
       DNSInput di = new DNSInput(raw);
@@ -361,7 +355,7 @@ void setUp() throws UnknownHostException {
     }
 
     @Test
-    void test_validIPv4() throws IOException {
+    void validIPv4() throws IOException {
       Tokenizer t = new Tokenizer("1:" + m_addr4_string + "/11\n");
       APLRecord ar = new APLRecord();
       ar.rdataFromString(t, null);
@@ -372,11 +366,11 @@ void test_validIPv4() throws IOException {
       assertEquals(exp, ar.getElements());
 
       // make sure extra token is put back
-      assertEquals(Tokenizer.EOL, t.get().type);
+      assertEquals(Tokenizer.EOL, t.get().type());
     }
 
     @Test
-    void test_valid_multi() throws IOException {
+    void valid_multi() throws IOException {
       Tokenizer t = new Tokenizer("1:" + m_addr4_string + "/11 !2:" + m_addr6_string + "/100");
       APLRecord ar = new APLRecord();
       ar.rdataFromString(t, null);
@@ -389,7 +383,7 @@ void test_valid_multi() throws IOException {
     }
 
     @Test
-    void test_validIPv6() throws IOException {
+    void validIPv6() throws IOException {
       Tokenizer t = new Tokenizer("!2:" + m_addr6_string + "/36\n");
       APLRecord ar = new APLRecord();
       ar.rdataFromString(t, null);
@@ -400,81 +394,81 @@ void test_validIPv6() throws IOException {
       assertEquals(exp, ar.getElements());
 
       // make sure extra token is put back
-      assertEquals(Tokenizer.EOL, t.get().type);
+      assertEquals(Tokenizer.EOL, t.get().type());
     }
 
     @Test
-    void test_no_colon() throws IOException {
+    void no_colon() {
       Tokenizer t = new Tokenizer("!1192.68.0.1/20");
       APLRecord ar = new APLRecord();
       assertThrows(TextParseException.class, () -> ar.rdataFromString(t, null));
     }
 
     @Test
-    void test_colon_and_slash_swapped() throws IOException {
+    void colon_and_slash_swapped() {
       Tokenizer t = new Tokenizer("!1/192.68.0.1:20");
       APLRecord ar = new APLRecord();
       assertThrows(TextParseException.class, () -> ar.rdataFromString(t, null));
     }
 
     @Test
-    void test_no_slash() throws IOException {
+    void no_slash() {
       Tokenizer t = new Tokenizer("!1:192.68.0.1|20");
       APLRecord ar = new APLRecord();
       assertThrows(TextParseException.class, () -> ar.rdataFromString(t, null));
     }
 
     @Test
-    void test_empty_family() throws IOException {
+    void empty_family() {
       Tokenizer t = new Tokenizer("!:192.68.0.1/20");
       APLRecord ar = new APLRecord();
       assertThrows(TextParseException.class, () -> ar.rdataFromString(t, null));
     }
 
     @Test
-    void test_malformed_family() throws IOException {
+    void malformed_family() {
       Tokenizer t = new Tokenizer("family:192.68.0.1/20");
       APLRecord ar = new APLRecord();
       assertThrows(TextParseException.class, () -> ar.rdataFromString(t, null));
     }
 
     @Test
-    void test_invalid_family() throws IOException {
+    void invalid_family() {
       Tokenizer t = new Tokenizer("3:192.68.0.1/20");
       APLRecord ar = new APLRecord();
       assertThrows(TextParseException.class, () -> ar.rdataFromString(t, null));
     }
 
     @Test
-    void test_empty_prefix() throws IOException {
+    void empty_prefix() {
       Tokenizer t = new Tokenizer("1:192.68.0.1/");
       APLRecord ar = new APLRecord();
       assertThrows(TextParseException.class, () -> ar.rdataFromString(t, null));
     }
 
     @Test
-    void test_malformed_prefix() throws IOException {
+    void malformed_prefix() {
       Tokenizer t = new Tokenizer("1:192.68.0.1/prefix");
       APLRecord ar = new APLRecord();
       assertThrows(TextParseException.class, () -> ar.rdataFromString(t, null));
     }
 
     @Test
-    void test_invalid_prefix() throws IOException {
+    void invalid_prefix() {
       Tokenizer t = new Tokenizer("1:192.68.0.1/33");
       APLRecord ar = new APLRecord();
       assertThrows(TextParseException.class, () -> ar.rdataFromString(t, null));
     }
 
     @Test
-    void test_empty_address() throws IOException {
+    void empty_address() {
       Tokenizer t = new Tokenizer("1:/33");
       APLRecord ar = new APLRecord();
       assertThrows(TextParseException.class, () -> ar.rdataFromString(t, null));
     }
 
     @Test
-    void test_malformed_address() throws IOException {
+    void malformed_address() {
       Tokenizer t = new Tokenizer("1:A.B.C.D/33");
       APLRecord ar = new APLRecord();
       assertThrows(TextParseException.class, () -> ar.rdataFromString(t, null));
@@ -553,7 +547,7 @@ void setUp() throws TextParseException, UnknownHostException {
     }
 
     @Test
-    void test_empty() {
+    void empty() {
       APLRecord ar = new APLRecord(m_an, DClass.IN, m_ttl, new ArrayList<>());
       DNSOutput dout = new DNSOutput();
 
@@ -562,7 +556,7 @@ void test_empty() {
     }
 
     @Test
-    void test_basic() {
+    void basic() {
       APLRecord ar = new APLRecord(m_an, DClass.IN, m_ttl, m_elements);
 
       byte[] exp =
@@ -604,7 +598,7 @@ void test_basic() {
     }
 
     @Test
-    void test_non_IP() throws IOException {
+    void non_IP() throws IOException {
       byte[] exp = new byte[] {0, 3, (byte) 130, (byte) 0x85, 1, 2, 3, 4, 5};
 
       DNSInput di = new DNSInput(exp);
@@ -618,7 +612,7 @@ void test_non_IP() throws IOException {
     }
 
     @Test
-    void test_address_with_embedded_zero() throws UnknownHostException {
+    void address_with_embedded_zero() throws UnknownHostException {
       InetAddress a = InetAddress.getByName("232.0.11.1");
       ArrayList<Element> elements = new ArrayList<>();
       elements.add(new Element(true, a, 31));
@@ -634,7 +628,7 @@ void test_address_with_embedded_zero() throws UnknownHostException {
     }
 
     @Test
-    void test_short_address() throws UnknownHostException {
+    void short_address() throws UnknownHostException {
       InetAddress a = InetAddress.getByName("232.0.11.0");
       ArrayList<Element> elements = new ArrayList<>();
       elements.add(new Element(true, a, 31));
@@ -650,7 +644,7 @@ void test_short_address() throws UnknownHostException {
     }
 
     @Test
-    void test_wildcard_address() throws UnknownHostException {
+    void wildcard_address() throws UnknownHostException {
       InetAddress a = InetAddress.getByName("0.0.0.0");
       ArrayList<Element> elements = new ArrayList<>();
       elements.add(new Element(true, a, 31));
diff --git a/src/test/java/org/xbill/DNS/ARecordTest.java b/src/test/java/org/xbill/DNS/ARecordTest.java
index c254c2714..452be1c94 100644
--- a/src/test/java/org/xbill/DNS/ARecordTest.java
+++ b/src/test/java/org/xbill/DNS/ARecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -38,14 +39,18 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.junit.jupiter.api.Assertions.fail;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class ARecordTest {
   private Name m_an;
@@ -66,7 +71,7 @@ void setUp() throws TextParseException, UnknownHostException {
   }
 
   @Test
-  void test_ctor_0arg() throws UnknownHostException {
+  void ctor_0arg() throws UnknownHostException {
     ARecord ar = new ARecord();
     assertNull(ar.getName());
     assertEquals(0, ar.getType());
@@ -76,14 +81,7 @@ void test_ctor_0arg() throws UnknownHostException {
   }
 
   @Test
-  void test_getObject() {
-    ARecord ar = new ARecord();
-    Record r = ar.getObject();
-    assertTrue(r instanceof ARecord);
-  }
-
-  @Test
-  void test_ctor_4arg() {
+  void ctor_4arg() throws UnknownHostException {
     ARecord ar = new ARecord(m_an, DClass.IN, m_ttl, m_addr);
     assertEquals(m_an, ar.getName());
     assertEquals(Type.A, ar.getType());
@@ -95,18 +93,33 @@ void test_ctor_4arg() {
     assertThrows(RelativeNameException.class, () -> new ARecord(m_rn, DClass.IN, m_ttl, m_addr));
 
     // an IPv6 address
-    try {
-      new ARecord(
-          m_an, DClass.IN, m_ttl, InetAddress.getByName("2001:0db8:85a3:08d3:1319:8a2e:0370:7334"));
-      fail("IllegalArgumentException not thrown");
-    } catch (IllegalArgumentException e) {
-    } catch (UnknownHostException e) {
-      fail(e.getMessage());
-    }
+    InetAddress address = InetAddress.getByName("2001:0db8:85a3:08d3:1319:8a2e:0370:7334");
+    assertThrows(
+        IllegalArgumentException.class, () -> new ARecord(m_an, DClass.IN, m_ttl, address));
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {0, 1, 2, 3, 5, 16})
+  void ctor_4arg_bytes_invalidLength(int len) {
+    assertThrows(
+        IllegalArgumentException.class, () -> new ARecord(m_an, DClass.IN, m_ttl, new byte[len]));
+  }
+
+  @Test
+  void ctor_4arg_bytes() {
+    ARecord ar = new ARecord(m_an, DClass.IN, m_ttl, m_addr_bytes);
+    assertEquals(m_an, ar.getName());
+    assertEquals(Type.A, ar.getType());
+    assertEquals(DClass.IN, ar.getDClass());
+    assertEquals(m_ttl, ar.getTTL());
+    assertEquals(m_addr, ar.getAddress());
+
+    // a relative name
+    assertThrows(RelativeNameException.class, () -> new ARecord(m_rn, DClass.IN, m_ttl, m_addr));
   }
 
   @Test
-  void test_rrFromWire() throws IOException {
+  void rrFromWire() throws IOException {
     DNSInput di = new DNSInput(m_addr_bytes);
     ARecord ar = new ARecord();
 
@@ -116,7 +129,7 @@ void test_rrFromWire() throws IOException {
   }
 
   @Test
-  void test_rdataFromString() throws IOException {
+  void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer(m_addr_string);
     ARecord ar = new ARecord();
 
@@ -131,13 +144,13 @@ void test_rdataFromString() throws IOException {
   }
 
   @Test
-  void test_rrToString() {
+  void rrToString() {
     ARecord ar = new ARecord(m_an, DClass.IN, m_ttl, m_addr);
     assertEquals(m_addr_string, ar.rrToString());
   }
 
   @Test
-  void test_rrToWire() {
+  void rrToWire() {
     ARecord ar = new ARecord(m_an, DClass.IN, m_ttl, m_addr);
     DNSOutput dout = new DNSOutput();
 
@@ -148,4 +161,19 @@ void test_rrToWire() {
     ar.rrToWire(dout, null, false);
     assertArrayEquals(m_addr_bytes, dout.toByteArray());
   }
+
+  @Test
+  void testSerializable() throws IOException, ClassNotFoundException {
+    try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
+      try (ObjectOutputStream oos = new ObjectOutputStream(bos)) {
+        ARecord expected = new ARecord(Name.root, DClass.IN, 60, m_addr);
+        oos.writeObject(expected);
+        try (ObjectInputStream ois =
+            new ObjectInputStream(new ByteArrayInputStream(bos.toByteArray()))) {
+          Record actual = (Record) ois.readObject();
+          assertEquals(expected, actual);
+        }
+      }
+    }
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/AddressTest.java b/src/test/java/org/xbill/DNS/AddressTest.java
index e9d7a92ae..1e5269289 100644
--- a/src/test/java/org/xbill/DNS/AddressTest.java
+++ b/src/test/java/org/xbill/DNS/AddressTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -40,19 +41,27 @@
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.argThat;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.when;
 
+import java.io.IOException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.mockito.stubbing.Answer;
 
 class AddressTest {
   @Test
-  void test_toByteArray_invalid() {
+  void toByteArray_invalid() {
     assertThrows(IllegalArgumentException.class, () -> Address.toByteArray("doesn't matter", 3));
   }
 
   @Test
-  void test_toByteArray_IPv4() {
+  void toByteArray_IPv4() {
     byte[] exp = new byte[] {(byte) 198, (byte) 121, (byte) 10, (byte) 234};
     byte[] ret = Address.toByteArray("198.121.10.234", Address.IPv4);
     assertArrayEquals(exp, ret);
@@ -67,7 +76,7 @@ void test_toByteArray_IPv4() {
   }
 
   @Test
-  void test_toByteArray_IPv4_invalid() {
+  void toByteArray_IPv4_invalid() {
     assertNull(Address.toByteArray("A.B.C.D", Address.IPv4));
 
     assertNull(Address.toByteArray("128...", Address.IPv4));
@@ -106,7 +115,7 @@ void test_toByteArray_IPv4_invalid() {
   }
 
   @Test
-  void test_toByteArray_IPv6() {
+  void toByteArray_IPv6() {
     byte[] exp =
         new byte[] {
           (byte) 32, (byte) 1, (byte) 13, (byte) 184, (byte) 133, (byte) 163, (byte) 8, (byte) 211,
@@ -237,7 +246,7 @@ void test_toByteArray_IPv6() {
   }
 
   @Test
-  void test_toByteArray_IPv6_invalid() {
+  void toByteArray_IPv6_invalid() {
     // not enough groups
     assertNull(Address.toByteArray("2001:0db8:85a3:08d3:1319:8a2e:0370", Address.IPv6));
     // too many groups
@@ -257,7 +266,7 @@ void test_toByteArray_IPv6_invalid() {
   }
 
   @Test
-  void test_toArray() {
+  void toArray() {
     int[] exp = new int[] {1, 2, 3, 4};
     int[] ret = Address.toArray("1.2.3.4", Address.IPv4);
     assertArrayEquals(exp, ret);
@@ -272,20 +281,20 @@ void test_toArray() {
   }
 
   @Test
-  void test_toArray_invalid() {
+  void toArray_invalid() {
     assertNull(Address.toArray("128.121.1", Address.IPv4));
 
     assertNull(Address.toArray(""));
   }
 
   @Test
-  void test_isDottedQuad() {
+  void isDottedQuad() {
     assertTrue(Address.isDottedQuad("1.2.3.4"));
     assertFalse(Address.isDottedQuad("256.2.3.4"));
   }
 
   @Test
-  void test_toDottedQuad() {
+  void toDottedQuad() {
     assertEquals(
         "128.176.201.1",
         Address.toDottedQuad(new byte[] {(byte) 128, (byte) 176, (byte) 201, (byte) 1}));
@@ -294,7 +303,7 @@ void test_toDottedQuad() {
   }
 
   @Test
-  void test_addressLength() {
+  void addressLength() {
     assertEquals(4, Address.addressLength(Address.IPv4));
     assertEquals(16, Address.addressLength(Address.IPv6));
 
@@ -302,58 +311,182 @@ void test_addressLength() {
   }
 
   @Test
-  void test_getByName() throws UnknownHostException {
+  void getByName() throws IOException {
     InetAddress out = Address.getByName("128.145.198.231");
     assertEquals("128.145.198.231", out.getHostAddress());
 
+    Name aRootServer = Name.fromString("a.root-servers.net.");
+    Message aMessage = new Message();
+    aMessage.getHeader().setRcode(Rcode.NOERROR);
+    aMessage.addRecord(Record.newRecord(aRootServer, Type.A, DClass.IN), Section.QUESTION);
+    aMessage.addRecord(
+        new ARecord(
+            aRootServer,
+            DClass.IN,
+            60,
+            InetAddress.getByAddress(new byte[] {(byte) 198, 41, 0, 4})),
+        Section.ANSWER);
+
+    Resolver mockResolver = Mockito.mock(Resolver.class);
+    when(mockResolver.send(ArgumentMatchers.any(Message.class)))
+        .thenAnswer(
+            (Answer<Message>)
+                invocation -> {
+                  Message query = invocation.getArgument(0);
+                  Message answer = aMessage.clone();
+                  answer.addRecord(query.getQuestion(), Section.QUESTION);
+                  return answer;
+                });
+    Lookup.setDefaultResolver(mockResolver);
+
     out = Address.getByName("a.root-servers.net");
     assertEquals("198.41.0.4", out.getHostAddress());
+
+    // reset resolver
+    Lookup.refreshDefault();
   }
 
   @Test
-  void test_getByName_invalid() {
+  void getByName_invalid() throws IOException {
+    Message m = new Message();
+    m.getHeader().setRcode(Rcode.NXDOMAIN);
+    Resolver mockResolver = Mockito.mock(Resolver.class);
+    when(mockResolver.send(ArgumentMatchers.any(Message.class)))
+        .thenAnswer(
+            (Answer<Message>)
+                invocation -> {
+                  Message query = invocation.getArgument(0);
+                  Message answer = m.clone();
+                  answer.addRecord(query.getQuestion(), Section.QUESTION);
+                  return answer;
+                });
+    Lookup.setDefaultResolver(mockResolver);
     assertThrows(UnknownHostException.class, () -> Address.getByName("example.invalid"));
+    // reset resolver
+    Lookup.refreshDefault();
+
     assertThrows(UnknownHostException.class, () -> Address.getByName(""));
   }
 
   @Test
-  void test_getAllByName() throws UnknownHostException {
+  void getAllByName() throws IOException {
     InetAddress[] out = Address.getAllByName("128.145.198.231");
     assertEquals(1, out.length);
     assertEquals("128.145.198.231", out[0].getHostAddress());
 
+    Name aRootServer = Name.fromString("a.root-servers.net.");
+    Message aMessage = new Message();
+    aMessage.getHeader().setRcode(Rcode.NOERROR);
+    aMessage.addRecord(Record.newRecord(aRootServer, Type.A, DClass.IN), Section.QUESTION);
+    aMessage.addRecord(
+        new ARecord(
+            aRootServer,
+            DClass.IN,
+            60,
+            InetAddress.getByAddress(new byte[] {(byte) 198, 41, 0, 4})),
+        Section.ANSWER);
+    Message aaaaMessage = new Message();
+    aaaaMessage.getHeader().setRcode(Rcode.NOERROR);
+    aaaaMessage.addRecord(Record.newRecord(aRootServer, Type.AAAA, DClass.IN), Section.QUESTION);
+    aaaaMessage.addRecord(
+        new AAAARecord(
+            aRootServer,
+            DClass.IN,
+            60,
+            InetAddress.getByAddress(
+                new byte[] {0x20, 1, 5, 3, (byte) 0xba, 0x3e, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0x30})),
+        Section.ANSWER);
+    Resolver mockResolver = Mockito.mock(Resolver.class);
+    doReturn(aMessage)
+        .when(mockResolver)
+        .send(argThat(message -> message.getQuestion().getType() == Type.A));
+    doReturn(aaaaMessage)
+        .when(mockResolver)
+        .send(argThat(message -> message.getQuestion().getType() == Type.AAAA));
+    Lookup.setDefaultResolver(mockResolver);
+
     out = Address.getAllByName("a.root-servers.net");
     assertEquals(2, out.length);
     assertEquals("198.41.0.4", out[0].getHostAddress());
     assertEquals("2001:503:ba3e:0:0:0:2:30", out[1].getHostAddress());
 
-    out = Address.getAllByName("cnn.com");
-    assertTrue(out.length > 1);
-    for (InetAddress inetAddress : out) {
-      assertTrue(inetAddress.getHostName().endsWith("cnn.com"));
-    }
+    // reset resolver
+    Lookup.refreshDefault();
   }
 
   @Test
-  void test_getAllByName_invalid() {
+  void getAllByName_invalid() throws IOException {
+    Message m = new Message();
+    m.getHeader().setRcode(Rcode.NXDOMAIN);
+    Resolver mockResolver = Mockito.mock(Resolver.class);
+    when(mockResolver.send(ArgumentMatchers.any(Message.class)))
+        .thenAnswer(
+            (Answer<Message>)
+                invocation -> {
+                  Message query = invocation.getArgument(0);
+                  Message answer = m.clone();
+                  answer.addRecord(query.getQuestion(), Section.QUESTION);
+                  return answer;
+                });
+    Lookup.setDefaultResolver(mockResolver);
     assertThrows(UnknownHostException.class, () -> Address.getAllByName("example.invalid"));
+
+    // reset resolver
+    Lookup.refreshDefault();
+
     assertThrows(UnknownHostException.class, () -> Address.getAllByName(""));
   }
 
   @Test
-  void test_familyOf() throws UnknownHostException {
+  void familyOf() throws UnknownHostException {
     assertEquals(Address.IPv4, Address.familyOf(InetAddress.getByName("192.168.0.1")));
     assertEquals(Address.IPv6, Address.familyOf(InetAddress.getByName("1:2:3:4:5:6:7:8")));
     assertThrows(IllegalArgumentException.class, () -> Address.familyOf(null));
   }
 
   @Test
-  void test_getHostName() throws UnknownHostException {
+  void getHostName() throws IOException {
+    Name aRootServer = Name.fromString("a.root-servers.net.");
+    Name aRootServerPtr = Name.fromString("4.0.41.198.in-addr.arpa.");
+    Message ptrMessage = new Message();
+    ptrMessage.getHeader().setRcode(Rcode.NOERROR);
+    ptrMessage.addRecord(Record.newRecord(aRootServerPtr, Type.PTR, DClass.IN), Section.QUESTION);
+    ptrMessage.addRecord(new PTRRecord(aRootServerPtr, DClass.IN, 60, aRootServer), Section.ANSWER);
+    Resolver mockResolver = Mockito.mock(Resolver.class);
+    when(mockResolver.send(any(Message.class)))
+        .thenAnswer(
+            (Answer<Message>)
+                invocation -> {
+                  Message query = invocation.getArgument(0);
+                  Message answer = ptrMessage.clone();
+                  answer.addRecord(query.getQuestion(), Section.QUESTION);
+                  return answer;
+                });
+    Lookup.setDefaultResolver(mockResolver);
+
     String out = Address.getHostName(InetAddress.getByName("198.41.0.4"));
     assertEquals("a.root-servers.net.", out);
 
-    assertThrows(
-        UnknownHostException.class,
-        () -> Address.getHostName(InetAddress.getByName("192.168.1.1")));
+    Message ptrMessage2 = new Message();
+    ptrMessage.getHeader().setRcode(Rcode.NXDOMAIN);
+    ptrMessage.addRecord(
+        Record.newRecord(Name.fromString("1.1.168.192.in-addr.arpa."), Type.PTR, DClass.IN),
+        Section.QUESTION);
+    mockResolver = Mockito.mock(Resolver.class);
+    when(mockResolver.send(any()))
+        .thenAnswer(
+            (Answer<Message>)
+                invocation -> {
+                  Message query = invocation.getArgument(0);
+                  Message answer = ptrMessage2.clone();
+                  answer.addRecord(query.getQuestion(), Section.QUESTION);
+                  return answer;
+                });
+    Lookup.setDefaultResolver(mockResolver);
+    InetAddress address = InetAddress.getByName("192.168.1.1");
+    assertThrows(UnknownHostException.class, () -> Address.getHostName(address));
+
+    // reset resolver
+    Lookup.refreshDefault();
   }
 }
diff --git a/src/test/java/org/xbill/DNS/CAARecordTest.java b/src/test/java/org/xbill/DNS/CAARecordTest.java
index 50b6b7efa..0af2718d6 100644
--- a/src/test/java/org/xbill/DNS/CAARecordTest.java
+++ b/src/test/java/org/xbill/DNS/CAARecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -12,31 +13,25 @@ class CAARecordTest {
 
   @Test
   void ctor_6arg() {
-    CAARecord record = new CAARecord(n, DClass.IN, 0, CAARecord.Flags.IssuerCritical, "", "");
-    assertEquals(CAARecord.Flags.IssuerCritical, record.getFlags());
-    assertEquals("", record.getTag());
-    assertEquals("", record.getValue());
+    CAARecord caa = new CAARecord(n, DClass.IN, 0, CAARecord.Flags.IssuerCritical, "", "");
+    assertEquals(CAARecord.Flags.IssuerCritical, caa.getFlags());
+    assertEquals("", caa.getTag());
+    assertEquals("", caa.getValue());
 
+    String data = new String(new char[256]);
     IllegalArgumentException thrown =
         assertThrows(
             IllegalArgumentException.class,
-            () ->
-                new CAARecord(
-                    n,
-                    DClass.IN,
-                    0xABCDEL,
-                    CAARecord.Flags.IssuerCritical,
-                    new String(new char[256]),
-                    ""));
+            () -> new CAARecord(n, DClass.IN, 0xABCDEL, CAARecord.Flags.IssuerCritical, data, ""));
     assertEquals("text string too long", thrown.getMessage());
   }
 
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer(CAARecord.Flags.IssuerCritical + " issue entrust.net");
-    CAARecord record = new CAARecord();
-    record.rdataFromString(t, null);
-    assertEquals("issue", record.getTag());
-    assertEquals("entrust.net", record.getValue());
+    CAARecord caa = new CAARecord();
+    caa.rdataFromString(t, null);
+    assertEquals("issue", caa.getTag());
+    assertEquals("entrust.net", caa.getValue());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/CERTRecordTest.java b/src/test/java/org/xbill/DNS/CERTRecordTest.java
index 39dfa893a..289dd200d 100644
--- a/src/test/java/org/xbill/DNS/CERTRecordTest.java
+++ b/src/test/java/org/xbill/DNS/CERTRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
@@ -12,10 +13,10 @@ class CERTRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("PGP 0 0 CAFEBABE");
-    CERTRecord record = new CERTRecord();
-    record.rdataFromString(t, null);
-    assertEquals(0, record.getAlgorithm());
-    assertEquals(0, record.getKeyTag());
-    assertArrayEquals(base64.fromString("CAFEBABE"), record.getCert());
+    CERTRecord cert = new CERTRecord();
+    cert.rdataFromString(t, null);
+    assertEquals(0, cert.getAlgorithm());
+    assertEquals(0, cert.getKeyTag());
+    assertArrayEquals(base64.fromString("CAFEBABE"), cert.getCert());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/CNAMERecordTest.java b/src/test/java/org/xbill/DNS/CNAMERecordTest.java
index 59ccf22db..b7bca4294 100644
--- a/src/test/java/org/xbill/DNS/CNAMERecordTest.java
+++ b/src/test/java/org/xbill/DNS/CNAMERecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,13 +37,13 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
 
+@SuppressWarnings("deprecation")
 class CNAMERecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     CNAMERecord d = new CNAMERecord();
     assertNull(d.getName());
     assertNull(d.getTarget());
@@ -50,7 +51,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_ctor_4arg() throws TextParseException {
+  void ctor_4arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name a = Name.fromString("my.alias.");
 
@@ -60,13 +61,6 @@ void test_ctor_4arg() throws TextParseException {
     assertEquals(DClass.IN, d.getDClass());
     assertEquals(0xABCDEL, d.getTTL());
     assertEquals(a, d.getTarget());
-    assertEquals(a, d.getAlias());
-  }
-
-  @Test
-  void test_getObject() {
-    CNAMERecord d = new CNAMERecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof CNAMERecord);
+    assertEquals(n, d.getAlias());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/CompressionTest.java b/src/test/java/org/xbill/DNS/CompressionTest.java
index ad357d99f..91c08c182 100644
--- a/src/test/java/org/xbill/DNS/CompressionTest.java
+++ b/src/test/java/org/xbill/DNS/CompressionTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
diff --git a/src/test/java/org/xbill/DNS/CookieOptionTest.java b/src/test/java/org/xbill/DNS/CookieOptionTest.java
new file mode 100644
index 000000000..79c221b56
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/CookieOptionTest.java
@@ -0,0 +1,103 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.util.Optional;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.utils.base16;
+
+class CookieOptionTest {
+
+  @Test
+  void constructorTests() {
+    byte[] sevenBytes = base16.fromString("20212223242526");
+    byte[] eightBytes = base16.fromString("3031323334353637");
+    byte[] eightBytes2 = base16.fromString("A0A1A2A3A4A5A6A7");
+    byte[] nineBytes = base16.fromString("404142434445565748");
+    byte[] thirtyTwoBytes =
+        base16.fromString("505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F");
+    byte[] thirtyThreeBytes =
+        base16.fromString("707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F90");
+
+    CookieOption option = new CookieOption(eightBytes);
+    assertArrayEquals(eightBytes, option.getClientCookie());
+    assertFalse(option.getServerCookie().isPresent());
+    new CookieOption(eightBytes, null);
+
+    option = new CookieOption(eightBytes, null);
+    assertArrayEquals(eightBytes, option.getClientCookie());
+    assertFalse(option.getServerCookie().isPresent());
+
+    option = new CookieOption(eightBytes, eightBytes2);
+    Optional<byte[]> serverCookie = option.getServerCookie();
+    assertTrue(serverCookie.isPresent());
+    assertArrayEquals(eightBytes2, serverCookie.get());
+
+    option = new CookieOption(eightBytes, thirtyTwoBytes);
+    serverCookie = option.getServerCookie();
+    assertTrue(serverCookie.isPresent());
+    assertArrayEquals(thirtyTwoBytes, serverCookie.get());
+
+    assertThrows(IllegalArgumentException.class, () -> new CookieOption(sevenBytes));
+    assertThrows(IllegalArgumentException.class, () -> new CookieOption(nineBytes));
+    assertThrows(IllegalArgumentException.class, () -> new CookieOption(eightBytes, sevenBytes));
+    assertThrows(
+        IllegalArgumentException.class, () -> new CookieOption(eightBytes, thirtyThreeBytes));
+  }
+
+  @Test
+  void wireTests() throws IOException {
+    byte[] clientOnlyCookieOption = base16.fromString("000A00081011121314151617");
+    byte[] clientCookie1 = base16.fromString("1011121314151617");
+    byte[] clientServerCookieOption =
+        base16.fromString("000A0012202122232425262730313233343536373839");
+    byte[] clientCookie2 = base16.fromString("2021222324252627");
+    byte[] serverCookie2 = base16.fromString("30313233343536373839");
+    byte[] validLength1 = base16.fromString("000A0010000102030405060708090A0B0C0D0E0F");
+    byte[] validLength2 =
+        base16.fromString(
+            "000A0028000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627");
+    byte[] brokenLength1 = base16.fromString("000A000700010203040506");
+    byte[] brokenLength2 = base16.fromString("000A000C000102030405060708090A0B");
+    byte[] brokenLength3 = base16.fromString("000A000F000102030405060708090A0B0C0D0E");
+    byte[] brokenLength4 =
+        base16.fromString(
+            "000A0029000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728");
+
+    EDNSOption option = EDNSOption.fromWire(clientOnlyCookieOption);
+    assertNotNull(option);
+    assertEquals(CookieOption.class, option.getClass());
+    CookieOption cookieOption = (CookieOption) option;
+    assertArrayEquals(clientCookie1, cookieOption.getClientCookie());
+    assertFalse(cookieOption.getServerCookie().isPresent());
+
+    option = EDNSOption.fromWire(clientServerCookieOption);
+    assertNotNull(option);
+    assertEquals(CookieOption.class, option.getClass());
+    cookieOption = (CookieOption) option;
+    assertArrayEquals(clientCookie2, cookieOption.getClientCookie());
+    assertTrue(cookieOption.getServerCookie().isPresent());
+    assertArrayEquals(serverCookie2, cookieOption.getServerCookie().get());
+
+    EDNSOption.fromWire(validLength1);
+    EDNSOption.fromWire(validLength2);
+
+    assertThrows(WireParseException.class, () -> EDNSOption.fromWire(brokenLength1));
+    assertThrows(WireParseException.class, () -> EDNSOption.fromWire(brokenLength2));
+    assertThrows(WireParseException.class, () -> EDNSOption.fromWire(brokenLength3));
+    assertThrows(WireParseException.class, () -> EDNSOption.fromWire(brokenLength4));
+
+    cookieOption = new CookieOption(clientCookie1);
+    assertArrayEquals(clientOnlyCookieOption, cookieOption.toWire());
+
+    cookieOption = new CookieOption(clientCookie2, serverCookie2);
+    assertArrayEquals(clientServerCookieOption, cookieOption.toWire());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/DClassTest.java b/src/test/java/org/xbill/DNS/DClassTest.java
index 59f6465b8..550bdde1f 100644
--- a/src/test/java/org/xbill/DNS/DClassTest.java
+++ b/src/test/java/org/xbill/DNS/DClassTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -42,7 +43,7 @@
 
 class DClassTest {
   @Test
-  void test_string() {
+  void string() {
     // a regular one
     assertEquals("IN", DClass.string(DClass.IN));
 
@@ -59,7 +60,7 @@ void test_string() {
   }
 
   @Test
-  void test_value() {
+  void value() {
     // regular one
     assertEquals(DClass.NONE, DClass.value("NONE"));
 
diff --git a/src/test/java/org/xbill/DNS/DLVRecordTest.java b/src/test/java/org/xbill/DNS/DLVRecordTest.java
index c79f3d9a6..6fa6b0e44 100644
--- a/src/test/java/org/xbill/DNS/DLVRecordTest.java
+++ b/src/test/java/org/xbill/DNS/DLVRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -12,30 +13,30 @@ class DLVRecordTest {
 
   @Test
   void ctor_0arg() {
-    DLVRecord record = new DLVRecord();
-    assertEquals(0, record.getFootprint());
-    assertEquals(0, record.getAlgorithm());
-    assertEquals(0, record.getDigestID());
-    assertNull(record.getDigest());
+    DLVRecord dlv = new DLVRecord();
+    assertEquals(0, dlv.getFootprint());
+    assertEquals(0, dlv.getAlgorithm());
+    assertEquals(0, dlv.getDigestID());
+    assertNull(dlv.getDigest());
   }
 
   @Test
   void ctor_7arg() {
-    DLVRecord record = new DLVRecord(n, DClass.IN, 0, 1, 2, 3, "".getBytes());
-    assertEquals(1, record.getFootprint());
-    assertEquals(2, record.getAlgorithm());
-    assertEquals(3, record.getDigestID());
-    assertEquals(0, record.getDigest().length);
+    DLVRecord dlv = new DLVRecord(n, DClass.IN, 0, 1, 2, 3, "".getBytes());
+    assertEquals(1, dlv.getFootprint());
+    assertEquals(2, dlv.getAlgorithm());
+    assertEquals(3, dlv.getDigestID());
+    assertEquals(0, dlv.getDigest().length);
   }
 
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("60485 5 1 CAFEBABE");
-    DLVRecord record = new DLVRecord();
-    record.rdataFromString(t, null);
-    assertEquals(60485, record.getFootprint());
-    assertEquals(5, record.getAlgorithm());
-    assertEquals(1, record.getDigestID());
-    assertEquals(4, record.getDigest().length);
+    DLVRecord dlv = new DLVRecord();
+    dlv.rdataFromString(t, null);
+    assertEquals(60485, dlv.getFootprint());
+    assertEquals(5, dlv.getAlgorithm());
+    assertEquals(1, dlv.getDigestID());
+    assertEquals(4, dlv.getDigest().length);
   }
 }
diff --git a/src/test/java/org/xbill/DNS/DNAMERecordTest.java b/src/test/java/org/xbill/DNS/DNAMERecordTest.java
index d1f2177ea..f8da2596e 100644
--- a/src/test/java/org/xbill/DNS/DNAMERecordTest.java
+++ b/src/test/java/org/xbill/DNS/DNAMERecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,13 +37,13 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
 
+@SuppressWarnings("deprecation")
 class DNAMERecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     DNAMERecord d = new DNAMERecord();
     assertNull(d.getName());
     assertNull(d.getTarget());
@@ -50,7 +51,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_ctor_4arg() throws TextParseException {
+  void ctor_4arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name a = Name.fromString("my.alias.");
 
@@ -60,13 +61,6 @@ void test_ctor_4arg() throws TextParseException {
     assertEquals(DClass.IN, d.getDClass());
     assertEquals(0xABCDEL, d.getTTL());
     assertEquals(a, d.getTarget());
-    assertEquals(a, d.getAlias());
-  }
-
-  @Test
-  void test_getObject() {
-    DNAMERecord d = new DNAMERecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof DNAMERecord);
+    assertEquals(n, d.getAlias());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/DNSInputTest.java b/src/test/java/org/xbill/DNS/DNSInputTest.java
index 6a30dcb6e..2d623620c 100644
--- a/src/test/java/org/xbill/DNS/DNSInputTest.java
+++ b/src/test/java/org/xbill/DNS/DNSInputTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -38,72 +39,106 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.nio.ByteBuffer;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+abstract class DNSInputTest {
+  protected byte[] m_raw;
+  protected DNSInput m_di;
+
+  static class DNSInputArrayTest extends DNSInputTest {
+    @BeforeEach
+    void setUp() {
+      m_raw = new byte[] {0, 1, 2, 3, 4, 5, (byte) 255, (byte) 255, (byte) 255, (byte) 255};
+      m_di = new DNSInput(m_raw);
+    }
+  }
 
-class DNSInputTest {
-  private byte[] m_raw;
-  private DNSInput m_di;
+  static class DNSInputByteBufferTest extends DNSInputTest {
+    @BeforeEach
+    void setUp() {
+      m_raw = new byte[] {0, 1, 2, 3, 4, 5, (byte) 255, (byte) 255, (byte) 255, (byte) 255};
+      ByteBuffer buffer = ByteBuffer.allocate(m_raw.length + 2);
+      buffer.putShort((short) 0xFF);
+      buffer.put(m_raw);
+      buffer.flip();
+      buffer.getShort();
+      m_di = new DNSInput(buffer);
+    }
+  }
 
-  @BeforeEach
-  void setUp() {
-    m_raw = new byte[] {0, 1, 2, 3, 4, 5, (byte) 255, (byte) 255, (byte) 255, (byte) 255};
-    m_di = new DNSInput(m_raw);
+  static class DNSInputByteBufferLimitTest extends DNSInputTest {
+    @BeforeEach
+    void setUp() {
+      m_raw = new byte[] {0, 1, 2, 3, 4, 5, (byte) 255, (byte) 255, (byte) 255, (byte) 255};
+      ByteBuffer buffer = ByteBuffer.allocate(m_raw.length + 10);
+      buffer.putShort((short) 0xFF);
+      buffer.put(m_raw);
+      buffer.flip();
+      buffer.getShort();
+      buffer.limit(m_raw.length + 2);
+      m_di = new DNSInput(buffer);
+    }
+  }
+
+  static class DNSInputByteBufferLimitOffsetTest extends DNSInputTest {
+    @BeforeEach
+    void setUp() throws IOException {
+      m_raw = new byte[] {0, 1, 2, 3, 4, 5, (byte) 255, (byte) 255, (byte) 255, (byte) 255};
+      // create a new byte array with a prefix and a suffix to be ignored
+      ByteArrayOutputStream out = new ByteArrayOutputStream();
+      out.write(42);
+      out.write(m_raw);
+      out.write(47);
+      m_di = new DNSInput(ByteBuffer.wrap(out.toByteArray(), 1, 10));
+    }
   }
 
   @Test
-  void test_initial_state() {
+  void initial_state() {
     assertEquals(0, m_di.current());
     assertEquals(10, m_di.remaining());
   }
 
   @Test
-  void test_jump1() {
+  void jump1() {
     m_di.jump(1);
     assertEquals(1, m_di.current());
     assertEquals(9, m_di.remaining());
   }
 
   @Test
-  void test_jump2() {
+  void jump2() {
     m_di.jump(9);
     assertEquals(9, m_di.current());
     assertEquals(1, m_di.remaining());
   }
 
   @Test
-  void test_jump_invalid() {
+  void jump_invalid() {
     assertThrows(IllegalArgumentException.class, () -> m_di.jump(10));
   }
 
-  @Test
-  void test_setActive() {
-    m_di.setActive(5);
+  @ParameterizedTest
+  @ValueSource(ints = {5, 10, 0})
+  void setActive(int active) {
+    m_di.setActive(active);
     assertEquals(0, m_di.current());
-    assertEquals(5, m_di.remaining());
+    assertEquals(active, m_di.remaining());
   }
 
   @Test
-  void test_setActive_boundary1() {
-    m_di.setActive(10);
-    assertEquals(0, m_di.current());
-    assertEquals(10, m_di.remaining());
-  }
-
-  @Test
-  void test_setActive_boundary2() {
-    m_di.setActive(0);
-    assertEquals(0, m_di.current());
-    assertEquals(0, m_di.remaining());
-  }
-
-  @Test
-  void test_setActive_invalid() {
+  void setActive_invalid() {
     assertThrows(IllegalArgumentException.class, () -> m_di.setActive(11));
   }
 
   @Test
-  void test_clearActive() {
+  void clearActive() {
     // first without setting active:
     m_di.clearActive();
     assertEquals(0, m_di.current());
@@ -116,12 +151,12 @@ void test_clearActive() {
   }
 
   @Test
-  void test_restore_invalid() {
+  void restore_invalid() {
     assertThrows(IllegalStateException.class, () -> m_di.restore());
   }
 
   @Test
-  void test_save_restore() {
+  void save_restore() {
     m_di.jump(4);
     assertEquals(4, m_di.current());
     assertEquals(6, m_di.remaining());
@@ -137,7 +172,35 @@ void test_save_restore() {
   }
 
   @Test
-  void test_readU8_basic() throws WireParseException {
+  void save_set_restore() {
+    m_di.jump(4);
+    assertEquals(4, m_di.current());
+    assertEquals(6, m_di.remaining());
+
+    int save = m_di.saveActive();
+    assertEquals(10, save);
+    assertEquals(6, m_di.remaining());
+
+    m_di.setActive(4);
+    assertEquals(4, m_di.remaining());
+
+    m_di.restoreActive(save);
+    assertEquals(6, m_di.remaining());
+  }
+
+  @Test
+  void save_set_restore_boundary() {
+    m_di.setActive(4);
+    assertEquals(4, m_di.remaining());
+
+    m_di.restoreActive(10);
+    assertEquals(10, m_di.remaining());
+
+    assertThrows(IllegalArgumentException.class, () -> m_di.restoreActive(12));
+  }
+
+  @Test
+  void readU8_basic() throws WireParseException {
     int v1 = m_di.readU8();
     assertEquals(1, m_di.current());
     assertEquals(9, m_di.remaining());
@@ -145,7 +208,7 @@ void test_readU8_basic() throws WireParseException {
   }
 
   @Test
-  void test_readU8_maxval() throws WireParseException {
+  void readU8_maxval() throws WireParseException {
     m_di.jump(9);
     final int[] v1 = {m_di.readU8()};
     assertEquals(10, m_di.current());
@@ -156,7 +219,7 @@ void test_readU8_maxval() throws WireParseException {
   }
 
   @Test
-  void test_readU16_basic() throws WireParseException {
+  void readU16_basic() throws WireParseException {
     int v1 = m_di.readU16();
     assertEquals(2, m_di.current());
     assertEquals(8, m_di.remaining());
@@ -168,7 +231,7 @@ void test_readU16_basic() throws WireParseException {
   }
 
   @Test
-  void test_readU16_maxval() throws WireParseException {
+  void readU16_maxval() throws WireParseException {
     m_di.jump(8);
     int v = m_di.readU16();
     assertEquals(10, m_di.current());
@@ -184,7 +247,7 @@ void test_readU16_maxval() throws WireParseException {
   }
 
   @Test
-  void test_readU32_basic() throws WireParseException {
+  void readU32_basic() throws WireParseException {
     long v1 = m_di.readU32();
     assertEquals(4, m_di.current());
     assertEquals(6, m_di.remaining());
@@ -192,7 +255,7 @@ void test_readU32_basic() throws WireParseException {
   }
 
   @Test
-  void test_readU32_maxval() throws WireParseException {
+  void readU32_maxval() throws WireParseException {
     m_di.jump(6);
     long v = m_di.readU32();
     assertEquals(10, m_di.current());
@@ -208,7 +271,7 @@ void test_readU32_maxval() throws WireParseException {
   }
 
   @Test
-  void test_readByteArray_0arg() {
+  void readByteArray_0arg() {
     m_di.jump(1);
     byte[] out = m_di.readByteArray();
     assertEquals(10, m_di.current());
@@ -220,7 +283,7 @@ void test_readByteArray_0arg() {
   }
 
   @Test
-  void test_readByteArray_0arg_boundary() throws WireParseException {
+  void readByteArray_0arg_boundary() throws WireParseException {
     m_di.jump(9);
     m_di.readU8();
     byte[] out = m_di.readByteArray();
@@ -228,7 +291,7 @@ void test_readByteArray_0arg_boundary() throws WireParseException {
   }
 
   @Test
-  void test_readByteArray_1arg() throws WireParseException {
+  void readByteArray_1arg() throws WireParseException {
     byte[] out = m_di.readByteArray(2);
     assertEquals(2, m_di.current());
     assertEquals(8, m_di.remaining());
@@ -238,7 +301,7 @@ void test_readByteArray_1arg() throws WireParseException {
   }
 
   @Test
-  void test_readByteArray_1arg_boundary() throws WireParseException {
+  void readByteArray_1arg_boundary() throws WireParseException {
     byte[] out = m_di.readByteArray(10);
     assertEquals(10, m_di.current());
     assertEquals(0, m_di.remaining());
@@ -246,12 +309,12 @@ void test_readByteArray_1arg_boundary() throws WireParseException {
   }
 
   @Test
-  void test_readByteArray_1arg_invalid() {
+  void readByteArray_1arg_invalid() {
     assertThrows(WireParseException.class, () -> m_di.readByteArray(11));
   }
 
   @Test
-  void test_readByteArray_3arg() throws WireParseException {
+  void readByteArray_3arg() throws WireParseException {
     byte[] data = new byte[5];
     m_di.jump(4);
 
@@ -264,11 +327,35 @@ void test_readByteArray_3arg() throws WireParseException {
   }
 
   @Test
-  void test_readCountedSting() throws WireParseException {
+  void readCountedSting() throws WireParseException {
     m_di.jump(1);
     byte[] out = m_di.readCountedString();
     assertEquals(1, out.length);
     assertEquals(3, m_di.current());
-    assertEquals(out[0], 2);
+    assertEquals(2, out[0]);
+  }
+
+  @Test
+  void setActive_recursive() throws WireParseException {
+    int outer = m_di.saveActive();
+    m_di.setActive(3);
+
+    assertEquals(0x00, m_di.readU8());
+    assertEquals(2, m_di.remaining());
+
+    int inner = m_di.saveActive();
+
+    m_di.setActive(1);
+    assertArrayEquals(new byte[] {0x01}, m_di.readByteArray());
+
+    m_di.restoreActive(inner);
+
+    assertArrayEquals(new byte[] {0x02}, m_di.readByteArray());
+    assertEquals(0, m_di.remaining());
+
+    m_di.restoreActive(outer);
+
+    assertEquals(0x03, m_di.readU8());
+    assertEquals(6, m_di.remaining());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/DNSKEYRecordTest.java b/src/test/java/org/xbill/DNS/DNSKEYRecordTest.java
index 0b8ae5d04..40d26b371 100644
--- a/src/test/java/org/xbill/DNS/DNSKEYRecordTest.java
+++ b/src/test/java/org/xbill/DNS/DNSKEYRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -38,14 +39,13 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
 import org.junit.jupiter.api.Test;
 
 class DNSKEYRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     DNSKEYRecord ar = new DNSKEYRecord();
     assertNull(ar.getName());
     assertEquals(0, ar.getType());
@@ -59,16 +59,8 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_getObject() {
-    DNSKEYRecord ar = new DNSKEYRecord();
-    Record r = ar.getObject();
-    assertTrue(r instanceof DNSKEYRecord);
-  }
-
-  @Test
-  void test_ctor_7arg() throws TextParseException {
+  void ctor_7arg() throws TextParseException {
     Name n = Name.fromString("My.Absolute.Name.");
-    Name r = Name.fromString("My.Relative.Name");
     byte[] key = new byte[] {0, 1, 3, 5, 7, 9};
 
     DNSKEYRecord kr = new DNSKEYRecord(n, DClass.IN, 0x24AC, 0x9832, 0x12, 0x67, key);
@@ -80,15 +72,20 @@ void test_ctor_7arg() throws TextParseException {
     assertEquals(0x12, kr.getProtocol());
     assertEquals(0x67, kr.getAlgorithm());
     assertArrayEquals(key, kr.getKey());
+  }
+
+  @Test
+  void ctor_7arg_relativeName() throws TextParseException {
+    Name r = Name.fromString("My.Relative.Name");
+    byte[] key = new byte[] {0, 1, 3, 5, 7, 9};
 
-    // a relative name
     assertThrows(
         RelativeNameException.class,
         () -> new DNSKEYRecord(r, DClass.IN, 0x24AC, 0x9832, 0x12, 0x67, key));
   }
 
   @Test
-  void test_rdataFromString() throws IOException {
+  void rdataFromString() throws IOException {
     // basic
     DNSKEYRecord kr = new DNSKEYRecord();
     Tokenizer st = new Tokenizer(0xABCD + " " + 0x81 + " RSASHA1 AQIDBAUGBwgJ");
@@ -98,12 +95,36 @@ void test_rdataFromString() throws IOException {
     assertEquals(DNSSEC.Algorithm.RSASHA1, kr.getAlgorithm());
     assertArrayEquals(new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9}, kr.getKey());
     assertEquals(17895, kr.getFootprint());
+  }
 
-    // invalid algorithm
+  @Test
+  void rdataFromStringUnknownAlgorithm() {
+    // Algorithm name 'ZONE' is invalid
     assertThrows(
         TextParseException.class,
         () ->
             new DNSKEYRecord()
                 .rdataFromString(new Tokenizer(0x1212 + " " + 0xAA + " ZONE AQIDBAUGBwgJ"), null));
   }
+
+  @Test
+  void rdataFromStringIntAlg() throws IOException {
+    DNSKEYRecord kr = new DNSKEYRecord();
+    Tokenizer st = new Tokenizer(0xABCD + " " + 0x81 + " 5 AQIDBAUGBwgJ");
+    kr.rdataFromString(st, null);
+    assertEquals(0xABCD, kr.getFlags());
+    assertEquals(0x81, kr.getProtocol());
+    assertEquals(DNSSEC.Algorithm.RSASHA1, kr.getAlgorithm());
+    assertArrayEquals(new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9}, kr.getKey());
+    assertEquals(17895, kr.getFootprint());
+  }
+
+  @Test
+  void rdataFromStringBadIntAlg() {
+    // Algorithm number 257 is outside the allowed range
+    DNSKEYRecord kr = new DNSKEYRecord();
+    assertThrows(
+        TextParseException.class,
+        () -> kr.rdataFromString(new Tokenizer(0xABCD + " " + 0x81 + " 257 AQIDBAUGBwgJ"), null));
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/DNSOutputTest.java b/src/test/java/org/xbill/DNS/DNSOutputTest.java
index 129f3d7d5..37a4c98be 100644
--- a/src/test/java/org/xbill/DNS/DNSOutputTest.java
+++ b/src/test/java/org/xbill/DNS/DNSOutputTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -50,20 +51,20 @@ void setUp() {
   }
 
   @Test
-  void test_default_ctor() {
+  void default_ctor() {
     m_do = new DNSOutput();
     assertEquals(0, m_do.current());
   }
 
   @Test
-  void test_initial_state() {
+  void initial_state() {
     assertEquals(0, m_do.current());
     assertThrows(IllegalStateException.class, () -> m_do.restore());
     assertThrows(IllegalArgumentException.class, () -> m_do.jump(1));
   }
 
   @Test
-  void test_writeU8_basic() {
+  void writeU8_basic() {
     m_do.writeU8(1);
     assertEquals(1, m_do.current());
 
@@ -73,7 +74,7 @@ void test_writeU8_basic() {
   }
 
   @Test
-  void test_writeU8_expand() {
+  void writeU8_expand() {
     // starts off at 1;
     m_do.writeU8(1);
     m_do.writeU8(2);
@@ -87,19 +88,19 @@ void test_writeU8_expand() {
   }
 
   @Test
-  void test_writeU8_max() {
+  void writeU8_max() {
     m_do.writeU8(0xFF);
     byte[] curr = m_do.toByteArray();
     assertEquals((byte) 0xFF, curr[0]);
   }
 
   @Test
-  void test_writeU8_toobig() {
+  void writeU8_toobig() {
     assertThrows(IllegalArgumentException.class, () -> m_do.writeU8(0x1FF));
   }
 
   @Test
-  void test_writeU16_basic() {
+  void writeU16_basic() {
     m_do.writeU16(0x100);
     assertEquals(2, m_do.current());
 
@@ -110,7 +111,7 @@ void test_writeU16_basic() {
   }
 
   @Test
-  void test_writeU16_max() {
+  void writeU16_max() {
     m_do.writeU16(0xFFFF);
     byte[] curr = m_do.toByteArray();
     assertEquals((byte) 0xFF, curr[0]);
@@ -118,12 +119,12 @@ void test_writeU16_max() {
   }
 
   @Test
-  void test_writeU16_toobig() {
+  void writeU16_toobig() {
     assertThrows(IllegalArgumentException.class, () -> m_do.writeU16(0x1FFFF));
   }
 
   @Test
-  void test_writeU32_basic() {
+  void writeU32_basic() {
     m_do.writeU32(0x11001011);
     assertEquals(4, m_do.current());
 
@@ -136,7 +137,7 @@ void test_writeU32_basic() {
   }
 
   @Test
-  void test_writeU32_max() {
+  void writeU32_max() {
     m_do.writeU32(0xFFFFFFFFL);
     byte[] curr = m_do.toByteArray();
     assertEquals((byte) 0xFF, curr[0]);
@@ -146,12 +147,12 @@ void test_writeU32_max() {
   }
 
   @Test
-  void test_writeU32_toobig() {
+  void writeU32_toobig() {
     assertThrows(IllegalArgumentException.class, () -> m_do.writeU32(0x1FFFFFFFFL));
   }
 
   @Test
-  void test_jump_basic() {
+  void jump_basic() {
     m_do.writeU32(0x11223344L);
     assertEquals(4, m_do.current());
     m_do.jump(2);
@@ -165,7 +166,7 @@ void test_jump_basic() {
   }
 
   @Test
-  void test_writeByteArray_1arg() {
+  void writeByteArray_1arg() {
     byte[] in = new byte[] {(byte) 0xAB, (byte) 0xCD, (byte) 0xEF, (byte) 0x12, (byte) 0x34};
     m_do.writeByteArray(in);
     assertEquals(5, m_do.current());
@@ -174,7 +175,7 @@ void test_writeByteArray_1arg() {
   }
 
   @Test
-  void test_writeByteArray_3arg() {
+  void writeByteArray_3arg() {
     byte[] in = new byte[] {(byte) 0xAB, (byte) 0xCD, (byte) 0xEF, (byte) 0x12, (byte) 0x34};
     m_do.writeByteArray(in, 2, 3);
     assertEquals(3, m_do.current());
@@ -184,33 +185,33 @@ void test_writeByteArray_3arg() {
   }
 
   @Test
-  void test_writeCountedString_basic() {
+  void writeCountedString_basic() {
     byte[] in = new byte[] {'h', 'e', 'l', 'L', '0'};
     m_do.writeCountedString(in);
     assertEquals(in.length + 1, m_do.current());
     byte[] curr = m_do.toByteArray();
-    byte[] exp = new byte[] {(byte) (in.length), in[0], in[1], in[2], in[3], in[4]};
+    byte[] exp = new byte[] {(byte) in.length, in[0], in[1], in[2], in[3], in[4]};
     assertArrayEquals(exp, curr);
   }
 
   @Test
-  void test_writeCountedString_empty() {
+  void writeCountedString_empty() {
     byte[] in = new byte[] {};
     m_do.writeCountedString(in);
     assertEquals(in.length + 1, m_do.current());
     byte[] curr = m_do.toByteArray();
-    byte[] exp = new byte[] {(byte) (in.length)};
+    byte[] exp = new byte[] {(byte) in.length};
     assertArrayEquals(exp, curr);
   }
 
   @Test
-  void test_writeCountedString_toobig() {
+  void writeCountedString_toobig() {
     byte[] in = new byte[256];
     assertThrows(IllegalArgumentException.class, () -> m_do.writeCountedString(in));
   }
 
   @Test
-  void test_save_restore() {
+  void save_restore() {
     m_do.writeU32(0x12345678L);
     assertEquals(4, m_do.current());
     m_do.save();
diff --git a/src/test/java/org/xbill/DNS/DNSSECSIG0Test.java b/src/test/java/org/xbill/DNS/DNSSECSIG0Test.java
index 156a3be34..a68fb91e9 100644
--- a/src/test/java/org/xbill/DNS/DNSSECSIG0Test.java
+++ b/src/test/java/org/xbill/DNS/DNSSECSIG0Test.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import java.security.KeyPair;
diff --git a/src/test/java/org/xbill/DNS/DNSSECTest.java b/src/test/java/org/xbill/DNS/DNSSECTest.java
index d400a99d1..943b58d31 100644
--- a/src/test/java/org/xbill/DNS/DNSSECTest.java
+++ b/src/test/java/org/xbill/DNS/DNSSECTest.java
@@ -1,13 +1,15 @@
-// SPDX-License-Identifier: BSD-2-Clause
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+
 import java.io.IOException;
 import java.time.Instant;
 import org.junit.jupiter.api.Test;
 import org.xbill.DNS.DNSSEC.DNSSECException;
 
 class DNSSECTest {
-  private TXTRecord txt = new TXTRecord(Name.root, DClass.IN, 3600, "test");
+  private final TXTRecord txt = new TXTRecord(Name.root, DClass.IN, 3600, "test");
 
   @Test
   void testECDSALeadingZeroUndersize() throws IOException, DNSSECException {
@@ -30,7 +32,7 @@ void testECDSALeadingZeroUndersize() throws IOException, DNSSECException {
                 "TXT 13 0 3600 19700101000003 19700101000000 46271 . dRwMEthIeGiucMcEcDmwixM8/LZcZ+W6lMM0KDSY5rwAGrm1j7tS/VU6xs+rpD5dSRmBYosinkWD6Jk3zRmyBQ==",
                 Name.root);
 
-    RRset<TXTRecord> rrset = new RRset<>();
+    RRset rrset = new RRset();
     rrset.addRR(txt);
     rrset.addRR(rrsig);
     DNSSEC.verify(rrset, rrsig, dnskey, Instant.ofEpochMilli(60));
@@ -57,7 +59,7 @@ void testECDSALeadingZeroOversize() throws IOException, DNSSECException {
                 "TXT 13 0 3600 19700101000003 19700101000000 25719 . m6sD/b0ZbfBXsQruhq5dYTnHGaA+PRTL5Y1W36rMdnGBb7eOJRRzDS5Wk5hZlrS4RUKQ/tKMCn7lsl9fn4U2lw==",
                 Name.root);
 
-    RRset<TXTRecord> rrset = new RRset<>();
+    RRset rrset = new RRset();
     rrset.addRR(txt);
     rrset.addRR(rrsig);
     DNSSEC.verify(rrset, rrsig, dnskey, Instant.ofEpochMilli(60));
@@ -84,7 +86,7 @@ void testDSALeadingZeroUndersize() throws DNSSECException, IOException {
                 "TXT 3 0 3600 19700101000003 19700101000000 36714 . AAAycZeIdBGB7vjlFzd5+ZgV8IxGRLpLierdV1KO4SGIy707hKUXJRc=",
                 Name.root);
 
-    RRset<TXTRecord> set = new RRset<>();
+    RRset set = new RRset();
     set.addRR(txt);
     set.addRR(rrsig);
     DNSSEC.verify(set, rrsig, dnskey, Instant.ofEpochMilli(60));
@@ -111,9 +113,49 @@ void testDSALeadingZeroOversize() throws DNSSECException, IOException {
                 "TXT 3 0 3600 19700101000003 19700101000000 57407 . AIh8Bp0EFNszs3cB0gNatjWy8tBrgUAUe1gTHkVsm1pva1GYWOW/FbA=",
                 Name.root);
 
-    RRset<TXTRecord> set = new RRset<>();
+    RRset set = new RRset();
     set.addRR(txt);
     set.addRR(rrsig);
     DNSSEC.verify(set, rrsig, dnskey, Instant.ofEpochMilli(60));
   }
+
+  @Test
+  void testDigestRrsetOrdering() {
+    Name name = Name.fromConstantString("a.");
+    Record a1 = new CNAMERecord(name, DClass.IN, 60, Name.fromConstantString("a.b.c."));
+    Record a2 = new CNAMERecord(name, DClass.IN, 60, Name.fromConstantString("aa.bb.cc."));
+
+    RRSIGRecord s1 =
+        new RRSIGRecord(
+            name,
+            DClass.IN,
+            60,
+            Type.CNAME,
+            0xF,
+            0x60,
+            Instant.now(),
+            Instant.now(),
+            0xA,
+            name,
+            new byte[] {0xa, 0x0});
+    RRSIGRecord s2 =
+        new RRSIGRecord(
+            name,
+            DClass.IN,
+            60,
+            Type.CNAME,
+            0xF,
+            0x60,
+            Instant.now(),
+            Instant.now(),
+            0xB,
+            name,
+            new byte[] {0x0, 0xa});
+    RRset rrset = new RRset();
+    rrset.addRR(a2);
+    rrset.addRR(a1);
+    rrset.addRR(s1);
+    rrset.addRR(s2);
+    assertArrayEquals(DNSSEC.digestRRset(s1, rrset), DNSSEC.digestRRset(s1, rrset));
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/DNSSECWithBCProviderTest.java b/src/test/java/org/xbill/DNS/DNSSECWithBCProviderTest.java
index 8b41c2769..761ddbdcf 100644
--- a/src/test/java/org/xbill/DNS/DNSSECWithBCProviderTest.java
+++ b/src/test/java/org/xbill/DNS/DNSSECWithBCProviderTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -8,35 +9,46 @@
 import java.security.Security;
 import java.security.Signature;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.xbill.DNS.DNSSEC.Algorithm;
 
-public class DNSSECWithBCProviderTest {
+class DNSSECWithBCProviderTest {
 
   private static final String KEY_ALGORITHM = "RSA";
-  int algorithm = Algorithm.RSASHA1;
-  String bcJCAProvider = "BC";
-  byte[] toSign = "The quick brown fox jumped over the lazy dog.".getBytes();
+  private final byte[] toSign = "The quick brown fox jumped over the lazy dog.".getBytes();
 
   @BeforeAll
-  static void setUp() {
+  static void beforeAll() {
     Security.addProvider(new BouncyCastleProvider());
   }
 
+  @AfterAll
+  static void afterAll() {
+    Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+  }
+
   @Test
   void testSignWithDNSSECAndBCProvider() throws Exception {
-
     // generate a signature
-    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM, bcJCAProvider);
+    KeyPairGenerator keyPairGenerator =
+        KeyPairGenerator.getInstance(KEY_ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
     keyPairGenerator.initialize(512);
     KeyPair keyPair = keyPairGenerator.generateKeyPair();
+    int algorithm = Algorithm.RSASHA1;
     byte[] signature =
-        DNSSEC.sign(keyPair.getPrivate(), keyPair.getPublic(), algorithm, toSign, bcJCAProvider);
+        DNSSEC.sign(
+            keyPair.getPrivate(),
+            keyPair.getPublic(),
+            algorithm,
+            toSign,
+            BouncyCastleProvider.PROVIDER_NAME);
     assertNotNull(signature);
 
     // verify the signature
-    Signature verifier = Signature.getInstance(DNSSEC.algString(algorithm), bcJCAProvider);
+    Signature verifier =
+        Signature.getInstance(DNSSEC.algString(algorithm), BouncyCastleProvider.PROVIDER_NAME);
     verifier.initVerify(keyPair.getPublic());
     verifier.update(toSign);
     boolean verify = verifier.verify(signature);
diff --git a/src/test/java/org/xbill/DNS/DNSSECWithProviderTest.java b/src/test/java/org/xbill/DNS/DNSSECWithProviderTest.java
deleted file mode 100644
index 1e497b546..000000000
--- a/src/test/java/org/xbill/DNS/DNSSECWithProviderTest.java
+++ /dev/null
@@ -1,47 +0,0 @@
-package org.xbill.DNS;
-
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.Signature;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.xbill.DNS.DNSSEC.Algorithm;
-
-class DNSSECWithProviderTest {
-
-  private static final String SIGNATURE_ALGORITHM = "SHA1withRSA";
-  private static final String KEY_ALGORITHM = "RSA";
-  int algorithm = Algorithm.RSASHA1;
-  private byte[] toSign = "The quick brown fox jumped over the lazy dog.".getBytes();
-
-  @BeforeEach
-  void setUp() {}
-
-  @AfterEach
-  void tearDown() {}
-
-  @Test
-  void testSignSoftware() throws Exception {
-
-    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM);
-    keyPairGenerator.initialize(512);
-    KeyPair keyPair = keyPairGenerator.generateKeyPair();
-
-    Signature signer = Signature.getInstance(SIGNATURE_ALGORITHM);
-    signer.initSign(keyPair.getPrivate());
-    signer.update(toSign);
-    byte[] signature = signer.sign();
-    assertNotNull(signature);
-
-    // verify the signature
-    Signature verifier = Signature.getInstance(SIGNATURE_ALGORITHM);
-    verifier.initVerify(keyPair.getPublic());
-    verifier.update(toSign);
-    boolean verify = verifier.verify(signature);
-    assertTrue(verify);
-  }
-}
diff --git a/src/test/java/org/xbill/DNS/DSRecordTest.java b/src/test/java/org/xbill/DNS/DSRecordTest.java
index 4f530298e..e9407ee25 100644
--- a/src/test/java/org/xbill/DNS/DSRecordTest.java
+++ b/src/test/java/org/xbill/DNS/DSRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -38,15 +39,18 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.utils.base16;
 
 class DSRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     DSRecord dr = new DSRecord();
     assertNull(dr.getName());
     assertEquals(0, dr.getType());
@@ -58,13 +62,6 @@ void test_ctor_0arg() {
     assertEquals(0, dr.getFootprint());
   }
 
-  @Test
-  void test_getObject() {
-    DSRecord dr = new DSRecord();
-    Record r = dr.getObject();
-    assertTrue(r instanceof DSRecord);
-  }
-
   static class Test_Ctor_7arg {
     private Name m_n;
     private long m_ttl;
@@ -84,7 +81,7 @@ void setUp() throws TextParseException {
     }
 
     @Test
-    void test_basic() {
+    void basic() {
       DSRecord dr =
           new DSRecord(m_n, DClass.IN, m_ttl, m_footprint, m_algorithm, m_digestid, m_digest);
       assertEquals(m_n, dr.getName());
@@ -98,49 +95,49 @@ void test_basic() {
     }
 
     @Test
-    void test_toosmall_footprint() {
+    void toosmall_footprint() {
       assertThrows(
           IllegalArgumentException.class,
           () -> new DSRecord(m_n, DClass.IN, m_ttl, -1, m_algorithm, m_digestid, m_digest));
     }
 
     @Test
-    void test_toobig_footprint() {
+    void toobig_footprint() {
       assertThrows(
           IllegalArgumentException.class,
           () -> new DSRecord(m_n, DClass.IN, m_ttl, 0x10000, m_algorithm, m_digestid, m_digest));
     }
 
     @Test
-    void test_toosmall_algorithm() {
+    void toosmall_algorithm() {
       assertThrows(
           IllegalArgumentException.class,
           () -> new DSRecord(m_n, DClass.IN, m_ttl, m_footprint, -1, m_digestid, m_digest));
     }
 
     @Test
-    void test_toobig_algorithm() {
+    void toobig_algorithm() {
       assertThrows(
           IllegalArgumentException.class,
           () -> new DSRecord(m_n, DClass.IN, m_ttl, m_footprint, 0x10000, m_digestid, m_digest));
     }
 
     @Test
-    void test_toosmall_digestid() {
+    void toosmall_digestid() {
       assertThrows(
           IllegalArgumentException.class,
           () -> new DSRecord(m_n, DClass.IN, m_ttl, m_footprint, m_algorithm, -1, m_digest));
     }
 
     @Test
-    void test_toobig_digestid() {
+    void toobig_digestid() {
       assertThrows(
           IllegalArgumentException.class,
           () -> new DSRecord(m_n, DClass.IN, m_ttl, m_footprint, m_algorithm, 0x10000, m_digest));
     }
 
     @Test
-    void test_null_digest() {
+    void null_digest() {
       DSRecord dr = new DSRecord(m_n, DClass.IN, m_ttl, m_footprint, m_algorithm, m_digestid, null);
       assertEquals(m_n, dr.getName());
       assertEquals(DClass.IN, dr.getDClass());
@@ -154,7 +151,7 @@ void test_null_digest() {
   }
 
   @Test
-  void test_rrFromWire() throws IOException {
+  void rrFromWire() throws IOException {
     byte[] raw =
         new byte[] {
           (byte) 0xAB,
@@ -178,33 +175,72 @@ void test_rrFromWire() throws IOException {
   }
 
   @Test
-  void test_rdataFromString() throws IOException {
-    byte[] raw =
-        new byte[] {
-          (byte) 0xAB,
-          (byte) 0xCD,
-          (byte) 0xEF,
-          (byte) 0x01,
-          (byte) 0x23,
-          (byte) 0x45,
-          (byte) 0x67,
-          (byte) 0x89
-        };
-    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + 0x01 + " 23456789AB");
+  void rdataFromString() throws IOException {
+    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + 0xFF + " 23456789AB");
 
     DSRecord dr = new DSRecord();
     dr.rdataFromString(t, null);
     assertEquals(0xABCD, dr.getFootprint());
     assertEquals(0xEF, dr.getAlgorithm());
-    assertEquals(0x01, dr.getDigestID());
+    assertEquals(0xFF, dr.getDigestID());
     assertArrayEquals(
         new byte[] {(byte) 0x23, (byte) 0x45, (byte) 0x67, (byte) 0x89, (byte) 0xAB},
         dr.getDigest());
   }
 
   @Test
-  void test_rrToString() throws TextParseException {
-    String exp = 0xABCD + " " + 0xEF + " " + 0x01 + " 23456789AB";
+  void rdataFromStringMissingDigest() {
+    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + 0x01);
+    assertThrows(TextParseException.class, () -> new DSRecord().rdataFromString(t, null));
+  }
+
+  @Test
+  void rdataFromStringInvalidDigestData() {
+    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + 0x01 + " $^");
+    assertThrows(TextParseException.class, () -> new DSRecord().rdataFromString(t, null));
+  }
+
+  @ParameterizedTest(name = "digest {0}")
+  @CsvSource({
+    "1,01020304050607080900 01020304050607080900",
+    "2,0102030405060708 0102030405060708 0102030405060708 0102030405060708",
+    "3,0102030405060708 0102030405060708 0102030405060708 0102030405060708",
+    "4,0102030405060708 0102030405060708 0102030405060708 0102030405060708 0102030405060708 0102030405060708",
+    "255,0102"
+  })
+  void rdataFromString_validDigestLengths(int digestId, String data) throws IOException {
+    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + digestId + " " + data);
+    DSRecord r = new DSRecord();
+    r.rdataFromString(t, null);
+    assertEquals(base16.fromString(data).length, r.getDigest().length);
+  }
+
+  @ParameterizedTest(name = "digest {0}")
+  @CsvSource({
+    "1,01", "2,01", "3,01", "4,01",
+  })
+  void rdataFromString_invalidDigestLengths(int digestId, String data) {
+    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + digestId + " " + data);
+    assertThrows(TextParseException.class, () -> new DSRecord().rdataFromString(t, null));
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            new DSRecord(
+                Name.root,
+                DClass.IN,
+                3600,
+                1,
+                Algorithm.RSASHA1,
+                digestId,
+                base16.fromString(data)));
+    assertThrows(
+        TextParseException.class,
+        () -> Record.fromString(Name.root, Type.DS, DClass.IN, 3600, t, null));
+  }
+
+  @Test
+  void rrToString() throws TextParseException {
+    String exp = 0xABCD + " " + 0xEF + " " + 0xFF + " 23456789AB";
 
     DSRecord dr =
         new DSRecord(
@@ -213,13 +249,13 @@ void test_rrToString() throws TextParseException {
             0x123,
             0xABCD,
             0xEF,
-            0x01,
+            0xFF,
             new byte[] {(byte) 0x23, (byte) 0x45, (byte) 0x67, (byte) 0x89, (byte) 0xAB});
     assertEquals(exp, dr.rrToString());
   }
 
   @Test
-  void test_rrToWire() throws TextParseException {
+  void rrToWire() throws TextParseException {
     DSRecord dr =
         new DSRecord(
             Name.fromString("The.Name."),
@@ -227,7 +263,7 @@ void test_rrToWire() throws TextParseException {
             0x123,
             0xABCD,
             0xEF,
-            0x01,
+            0xFF,
             new byte[] {(byte) 0x23, (byte) 0x45, (byte) 0x67, (byte) 0x89, (byte) 0xAB});
 
     byte[] exp =
@@ -235,7 +271,7 @@ void test_rrToWire() throws TextParseException {
           (byte) 0xAB,
           (byte) 0xCD,
           (byte) 0xEF,
-          (byte) 0x01,
+          (byte) 0xFF,
           (byte) 0x23,
           (byte) 0x45,
           (byte) 0x67,
diff --git a/src/test/java/org/xbill/DNS/DnssecAlgorithmOptionTest.java b/src/test/java/org/xbill/DNS/DnssecAlgorithmOptionTest.java
new file mode 100644
index 000000000..d83bc05f0
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/DnssecAlgorithmOptionTest.java
@@ -0,0 +1,74 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.util.Collections;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.EDNSOption.Code;
+
+class DnssecAlgorithmOptionTest {
+  @Test
+  void ctor() {
+    new DnssecAlgorithmOption(Code.DAU);
+    new DnssecAlgorithmOption(Code.DHU);
+    new DnssecAlgorithmOption(Code.N3U);
+
+    assertThrows(IllegalArgumentException.class, () -> new DnssecAlgorithmOption(4));
+    assertThrows(IllegalArgumentException.class, () -> new DnssecAlgorithmOption(8));
+  }
+
+  @Test
+  void ctorOptionsEmpty() {
+    DnssecAlgorithmOption o = new DnssecAlgorithmOption(Code.DAU);
+    assertTrue(o.getAlgorithms().isEmpty());
+  }
+
+  @Test
+  void ctorOptionsList() {
+    DnssecAlgorithmOption o =
+        new DnssecAlgorithmOption(Code.DAU, Collections.singletonList(Algorithm.RSASHA1));
+    assertEquals(1, o.getAlgorithms().size());
+  }
+
+  @Test
+  void ctorOptionsVarargs() {
+    DnssecAlgorithmOption o = new DnssecAlgorithmOption(Code.DAU, Algorithm.RSASHA1);
+    assertEquals(1, o.getAlgorithms().size());
+  }
+
+  @Test
+  void ctorOptionsVarargsNull() {
+    DnssecAlgorithmOption o = new DnssecAlgorithmOption(Code.DAU, (int[]) null);
+    assertTrue(o.getAlgorithms().isEmpty());
+  }
+
+  @Test
+  void parse() throws IOException {
+    DNSInput in = new DNSInput(new byte[] {0, 5, 0, 2, 5, 6});
+    DnssecAlgorithmOption o = (DnssecAlgorithmOption) EDNSOption.fromWire(in);
+    assertEquals(Algorithm.RSASHA1, o.getAlgorithms().get(0));
+    assertEquals(Algorithm.DSA_NSEC3_SHA1, o.getAlgorithms().get(1));
+  }
+
+  @Test
+  void write() {
+    DnssecAlgorithmOption o =
+        new DnssecAlgorithmOption(Code.DAU, Algorithm.RSASHA1, Algorithm.DSA_NSEC3_SHA1);
+    DNSOutput out = new DNSOutput();
+    o.toWire(out);
+    assertArrayEquals(new byte[] {0, 5, 0, 2, 5, 6}, out.toByteArray());
+  }
+
+  @Test
+  void testToString() {
+    DnssecAlgorithmOption o =
+        new DnssecAlgorithmOption(Code.DAU, Algorithm.RSASHA1, Algorithm.DSA_NSEC3_SHA1);
+    assertEquals("[RSASHA1, DSA-NSEC3-SHA1]", o.optionToString());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/DnssecDsaTest.java b/src/test/java/org/xbill/DNS/DnssecDsaTest.java
new file mode 100644
index 000000000..88056199b
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/DnssecDsaTest.java
@@ -0,0 +1,52 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+import java.net.InetAddress;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.time.Instant;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.Test;
+
+@Slf4j
+class DnssecDsaTest {
+  private final Name exampleNet = Name.fromConstantString("example.net.");
+
+  @Test
+  void testDSA_sign() throws Exception {
+    KeyPairGenerator keygen = KeyPairGenerator.getInstance("DSA");
+    keygen.initialize(1024);
+    KeyPair pair = keygen.generateKeyPair();
+    PrivateKey privateKey = pair.getPrivate();
+
+    DNSKEYRecord dnskey =
+        new DNSKEYRecord(
+            exampleNet, DClass.IN, 3600, 257, 3, DNSSEC.Algorithm.DSA, pair.getPublic());
+    DNSKEYRecord dnskey2 =
+        (DNSKEYRecord) Record.fromWire(dnskey.toWire(Section.ANSWER), Section.ANSWER);
+    assertEquals(dnskey, dnskey2);
+    ARecord a =
+        new ARecord(
+            Name.fromConstantString("www.example.net."),
+            DClass.IN,
+            3600,
+            InetAddress.getByName("192.0.2.1"));
+    RRset set = new RRset(a);
+    RRSIGRecord rrsig =
+        DNSSEC.sign(
+            set,
+            dnskey,
+            privateKey,
+            Instant.ofEpochSecond(1281607479),
+            Instant.ofEpochSecond(1284026679));
+    assertNotNull(rrsig);
+
+    // verify, but we cannot validate the actual signature as it contains a random value
+    DNSSEC.verify(set, rrsig, dnskey, Instant.ofEpochSecond(1281607480));
+    assertEquals(41, rrsig.signature.length);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/DnssecEcDsaTest.java b/src/test/java/org/xbill/DNS/DnssecEcDsaTest.java
new file mode 100644
index 000000000..be3f59f4f
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/DnssecEcDsaTest.java
@@ -0,0 +1,123 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+import java.math.BigInteger;
+import java.net.InetAddress;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.Security;
+import java.security.spec.ECPrivateKeySpec;
+import java.time.Instant;
+import java.util.Base64;
+import lombok.extern.slf4j.Slf4j;
+import org.bouncycastle.jce.ECNamedCurveTable;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+@Slf4j
+class DnssecEcDsaTest {
+  private final Name exampleNet = Name.fromConstantString("example.net.");
+
+  @BeforeAll
+  static void beforeAll() {
+    Security.addProvider(new BouncyCastleProvider());
+  }
+
+  @AfterAll
+  static void afterAll() {
+    Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+  }
+
+  @Test
+  void testEcDSA_P256_sign() throws Exception {
+    KeyFactory keyFactory = KeyFactory.getInstance("ECDSA");
+    byte[] privateRaw = Base64.getDecoder().decode("GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=");
+    BigInteger s = new BigInteger(privateRaw);
+
+    ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("secp256r1");
+    ECNamedCurveSpec params =
+        new ECNamedCurveSpec(spec.getName(), spec.getCurve(), spec.getG(), spec.getN());
+    ECPrivateKeySpec keySpec = new ECPrivateKeySpec(s, params);
+    PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
+
+    DNSKEYRecord dnskey =
+        (DNSKEYRecord)
+            Record.fromString(
+                exampleNet,
+                Type.DNSKEY,
+                DClass.IN,
+                3600,
+                "257 3 13 GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edbkrSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA==",
+                Name.root);
+    ARecord a =
+        new ARecord(
+            Name.fromConstantString("www.example.net."),
+            DClass.IN,
+            3600,
+            InetAddress.getByName("192.0.2.1"));
+    RRset set = new RRset(a);
+    RRSIGRecord rrsig =
+        DNSSEC.sign(
+            set,
+            dnskey,
+            privateKey,
+            Instant.ofEpochSecond(1281607479),
+            Instant.ofEpochSecond(1284026679));
+    assertNotNull(rrsig);
+
+    // verify, but we cannot validate the actual signature as it contains a random value
+    DNSSEC.verify(set, rrsig, dnskey, Instant.ofEpochSecond(1281607480));
+    assertEquals(64, rrsig.signature.length);
+  }
+
+  @Test
+  void testEcDSA_P384_sign() throws Exception {
+    KeyFactory keyFactory = KeyFactory.getInstance("ECDSA");
+    byte[] privateRaw =
+        Base64.getDecoder()
+            .decode("WURgWHCcYIYUPWgeLmiPY2DJJk02vgrmTfitxgqcL4vwW7BOrbawVmVe0d9V94SR");
+    BigInteger s = new BigInteger(privateRaw);
+
+    ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("secp384r1");
+    ECNamedCurveSpec params =
+        new ECNamedCurveSpec(spec.getName(), spec.getCurve(), spec.getG(), spec.getN());
+    ECPrivateKeySpec keySpec = new ECPrivateKeySpec(s, params);
+    PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
+
+    DNSKEYRecord dnskey =
+        (DNSKEYRecord)
+            Record.fromString(
+                exampleNet,
+                Type.DNSKEY,
+                DClass.IN,
+                3600,
+                "257 3 14 xKYaNhWdGOfJ+nPrL8/arkwf2EY3MDJ+SErKivBVSum1w/egsXvSADtNJhyem5RCOpgQ6K8X1DRSEkrbYQ+OB+v8/uX45NBwY8rp65F6Glur8I/mlVNgF6W/qTI37m40",
+                Name.root);
+    ARecord a =
+        new ARecord(
+            Name.fromConstantString("www.example.net."),
+            DClass.IN,
+            3600,
+            InetAddress.getByName("192.0.2.1"));
+    RRset set = new RRset(a);
+    RRSIGRecord rrsig =
+        DNSSEC.sign(
+            set,
+            dnskey,
+            privateKey,
+            Instant.ofEpochSecond(1281608425),
+            Instant.ofEpochSecond(1284027625));
+    assertNotNull(rrsig);
+
+    // verify, but we cannot validate the actual signature as it contains a random value
+    DNSSEC.verify(set, rrsig, dnskey, Instant.ofEpochSecond(1281608426));
+    assertEquals(96, rrsig.signature.length);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/DnssecEdDsaTest.java b/src/test/java/org/xbill/DNS/DnssecEdDsaTest.java
new file mode 100644
index 000000000..01deb9add
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/DnssecEdDsaTest.java
@@ -0,0 +1,226 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.Security;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.time.Instant;
+import java.util.Base64;
+import lombok.extern.slf4j.Slf4j;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+@Slf4j
+class DnssecEdDsaTest {
+  private final Name exampleCom = Name.fromConstantString("example.com.");
+
+  @BeforeAll
+  static void beforeAll() {
+    if (Integer.getInteger("java.specification.version", 8) < 15) {
+      Security.addProvider(new BouncyCastleProvider());
+    }
+  }
+
+  @AfterAll
+  static void afterAll() {
+    Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+  }
+
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        "l02Woi0iS8Aa25FQkUd9RMzZHJpBoRQwAQEX1SxZJA4=", // first byte > 128
+        "G5u2cJRUarlrz2vskaTty+WpC8gZvSGXj9nBfecHDXk=" // first byte < 128
+      })
+  void testEdDSA25519_DNSKEY(String key) throws IOException, DNSSEC.DNSSECException {
+    String rrString = "257 3 15 " + key;
+    DNSKEYRecord dnskey =
+        (DNSKEYRecord)
+            Record.fromString(exampleCom, Type.DNSKEY, DClass.IN, 3600, rrString, Name.root);
+    assertEquals(DNSSEC.Algorithm.ED25519, dnskey.getAlgorithm());
+    // As of Java 15, EdDSA is natively supported
+    String expected =
+        dnskey.getPublicKey().getClass().getName().toLowerCase().contains("bouncycastle")
+            ? "Ed25519"
+            : "EdDSA";
+    assertEquals(expected, dnskey.getPublicKey().getAlgorithm());
+    DNSKEYRecord dnskey2 =
+        new DNSKEYRecord(exampleCom, DClass.IN, 3600, 257, 3, 15, dnskey.getPublicKey());
+    assertEquals(rrString, dnskey2.rrToString());
+  }
+
+  @Test
+  void testEdDSA25519_DS() throws IOException {
+    DSRecord ds =
+        (DSRecord)
+            Record.fromString(
+                exampleCom,
+                Type.DS,
+                DClass.IN,
+                3600,
+                "3613 15 2 3aa5ab37efce57f737fc1627013fee07bdf241bd10f3b1964ab55c78e79a304b",
+                Name.root);
+    assertEquals(DNSSEC.Algorithm.ED25519, ds.getAlgorithm());
+  }
+
+  @Test
+  void testEdDSA448_DNSKEY() throws IOException, DNSSEC.DNSSECException {
+    String rrString =
+        "257 3 16 3kgROaDjrh0H2iuixWBrc8g2EpBBLCdGzHmn+G2MpTPhpj/OiBVHHSfPodx1FYYUcJKm1MDpJtIA";
+    DNSKEYRecord dnskey =
+        (DNSKEYRecord)
+            Record.fromString(exampleCom, Type.DNSKEY, DClass.IN, 3600, rrString, Name.root);
+    assertEquals(DNSSEC.Algorithm.ED448, dnskey.getAlgorithm());
+    // As of Java 15, EdDSA is natively supported
+    String expected =
+        dnskey.getPublicKey().getClass().getName().toLowerCase().contains("bouncycastle")
+            ? "Ed448"
+            : "EdDSA";
+    assertEquals(expected, dnskey.getPublicKey().getAlgorithm());
+    DNSKEYRecord dnskey2 =
+        new DNSKEYRecord(exampleCom, DClass.IN, 3600, 257, 3, 16, dnskey.getPublicKey());
+    assertEquals(rrString, dnskey2.rrToString());
+  }
+
+  @Test
+  void testEdDSA448_DS() throws IOException {
+    DSRecord ds =
+        (DSRecord)
+            Record.fromString(
+                exampleCom,
+                Type.DS,
+                DClass.IN,
+                3600,
+                "9713 16 2 6ccf18d5bc5d7fc2fceb1d59d17321402f2aa8d368048db93dd811f5cb2b19c7",
+                Name.root);
+    assertEquals(DNSSEC.Algorithm.ED448, ds.getAlgorithm());
+  }
+
+  @Test
+  void testEdDSA25519_verify() throws IOException, DNSSEC.DNSSECException {
+    DNSKEYRecord dnskey =
+        (DNSKEYRecord)
+            Record.fromString(
+                exampleCom,
+                Type.DNSKEY,
+                DClass.IN,
+                3600,
+                "257 3 15 l02Woi0iS8Aa25FQkUd9RMzZHJpBoRQwAQEX1SxZJA4=",
+                Name.root);
+
+    try (Master m =
+        new Master(
+            new ByteArrayInputStream(
+                ("example.com. 3600 IN MX 10 mail.example.com.\n"
+                        + "example.com. 3600 IN RRSIG MX 15 2 3600 (\n"
+                        + "             1440021600 1438207200 3613 example.com. (\n"
+                        + "             oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jPGrHpjQeRAvTdszaPD+QLs3f\n"
+                        + "             x8A4M3e23mRZ9VrbpMngwcrqNAg== )")
+                    .getBytes(StandardCharsets.US_ASCII)))) {
+      RRset set = new RRset();
+      Record r;
+      while ((r = m.nextRecord()) != null) {
+        set.addRR(r);
+      }
+      DNSSEC.verify(set, set.sigs().get(0), dnskey, Instant.parse("2015-08-19T22:00:00Z"));
+    }
+  }
+
+  @Test
+  void testEdDSA25519_sign() throws Exception {
+    KeyFactory keyFactory = KeyFactory.getInstance("EdDSA");
+    byte[] privateRaw = Base64.getDecoder().decode("ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI=");
+    PrivateKeyInfo privateKeyInfo =
+        new PrivateKeyInfo(
+            new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519),
+            new DEROctetString(privateRaw));
+    PrivateKey privateKey =
+        keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded()));
+    DNSKEYRecord dnskey =
+        (DNSKEYRecord)
+            Record.fromString(
+                exampleCom,
+                Type.DNSKEY,
+                DClass.IN,
+                3600,
+                "257 3 15 l02Woi0iS8Aa25FQkUd9RMzZHJpBoRQwAQEX1SxZJA4=",
+                Name.root);
+    MXRecord mx =
+        new MXRecord(exampleCom, DClass.IN, 3600, 10, Name.fromConstantString("mail.example.com."));
+    RRset set = new RRset(mx);
+    RRSIGRecord signature =
+        DNSSEC.sign(
+            set,
+            dnskey,
+            privateKey,
+            Instant.ofEpochSecond(1438207200),
+            Instant.ofEpochSecond(1440021600));
+    assertNotNull(signature);
+
+    // verify the signature
+    DNSSEC.verify(set, signature, dnskey, Instant.ofEpochSecond(1438207201));
+    assertArrayEquals(
+        Base64.getDecoder()
+            .decode(
+                "oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jPGrHpjQeRAvTdszaPD+QLs3fx8A4M3e23mRZ9VrbpMngwcrqNAg=="),
+        signature.signature);
+  }
+
+  @Test
+  void testEdDSA448_sign() throws Exception {
+    KeyFactory keyFactory = KeyFactory.getInstance("EdDSA");
+    byte[] privateRaw =
+        Base64.getDecoder()
+            .decode("xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x8wWbDDct/U3FhYWA");
+    PrivateKeyInfo privateKeyInfo =
+        new PrivateKeyInfo(
+            new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed448),
+            new DEROctetString(privateRaw));
+    PrivateKey privateKey =
+        keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded()));
+    DNSKEYRecord dnskey =
+        (DNSKEYRecord)
+            Record.fromString(
+                exampleCom,
+                Type.DNSKEY,
+                DClass.IN,
+                3600,
+                "257 3 16 3kgROaDjrh0H2iuixWBrc8g2EpBBLCdGzHmn+G2MpTPhpj/OiBVHHSfPodx1FYYUcJKm1MDpJtIA",
+                Name.root);
+    MXRecord mx =
+        new MXRecord(exampleCom, DClass.IN, 3600, 10, Name.fromConstantString("mail.example.com."));
+    RRset set = new RRset(mx);
+    RRSIGRecord signature =
+        DNSSEC.sign(
+            set,
+            dnskey,
+            privateKey,
+            Instant.ofEpochSecond(1438207200),
+            Instant.ofEpochSecond(1440021600));
+    assertNotNull(signature);
+
+    // verify the signature
+    DNSSEC.verify(set, signature, dnskey, Instant.ofEpochSecond(1438207201));
+    assertArrayEquals(
+        Base64.getDecoder()
+            .decode(
+                "3cPAHkmlnxcDHMyg7vFC34l0blBhuG1qpwLmjInI8w1CMB29FkEAIJUA0amxWndkmnBZ6SKiwZSAxGILn/NBtOXft0+Gj7FSvOKxE/07+4RQvE581N3Aj/JtIyaiYVdnYtyMWbSNyGEY2213WKsJlwEA"),
+        signature.signature);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/DohResolverTest.java b/src/test/java/org/xbill/DNS/DohResolverTest.java
new file mode 100644
index 000000000..6d1500d66
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/DohResolverTest.java
@@ -0,0 +1,376 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.spy;
+
+import io.netty.handler.codec.http.HttpHeaderNames;
+import io.vertx.core.Future;
+import io.vertx.core.Vertx;
+import io.vertx.core.buffer.Buffer;
+import io.vertx.core.http.HttpMethod;
+import io.vertx.core.http.HttpServer;
+import io.vertx.core.http.HttpServerOptions;
+import io.vertx.core.http.HttpVersion;
+import io.vertx.junit5.Checkpoint;
+import io.vertx.junit5.VertxExtension;
+import io.vertx.junit5.VertxTestContext;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.time.Duration;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicLong;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.condition.EnabledForJreRange;
+import org.junit.jupiter.api.condition.JRE;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.mockito.stubbing.Answer;
+
+@ExtendWith(VertxExtension.class)
+@Slf4j
+class DohResolverTest {
+  private final Name queryName = Name.fromConstantString("example.com.");
+  private final Record qr = Record.newRecord(queryName, Type.A, DClass.IN);
+  private final Message qm = Message.newQuery(qr);
+  private final Message a = new Message();
+  private boolean allRequestsUseTimeout = true;
+
+  @BeforeEach
+  void beforeEach() throws UnknownHostException {
+    Record ar =
+        new ARecord(
+            Name.fromConstantString("example.com."),
+            DClass.IN,
+            3600,
+            InetAddress.getByName("127.0.0.1"));
+    a.addRecord(qr, Section.QUESTION);
+    a.addRecord(ar, Section.ANSWER);
+  }
+
+  private DohResolver getResolver() {
+    return new DohResolver("http://localhost");
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void simpleResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = getResolver();
+    resolver.setUsePost(usePost);
+    setupResolverWithServer(resolver, Duration.ZERO, 200, 1, vertx, context)
+        .onSuccess(
+            server ->
+                Future.fromCompletionStage(resolver.sendAsync(qm))
+                    .onComplete(
+                        context.succeeding(
+                            result ->
+                                context.verify(
+                                    () -> {
+                                      assertEquals(Rcode.NOERROR, result.getHeader().getRcode());
+                                      assertEquals(0, result.getHeader().getID());
+                                      assertEquals(queryName, result.getQuestion().getName());
+                                      context.completeNow();
+                                    }))));
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void timeoutResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = getResolver();
+    resolver.setTimeout(Duration.ofSeconds(1));
+    resolver.setUsePost(usePost);
+    setupResolverWithServer(resolver, Duration.ofSeconds(5), 200, 1, vertx, context)
+        .onSuccess(
+            server ->
+                Future.fromCompletionStage(resolver.sendAsync(qm))
+                    .onComplete(
+                        context.failing(
+                            ex ->
+                                context.verify(
+                                    () -> {
+                                      assertTrue(
+                                          ex.getCause() instanceof TimeoutException
+                                              || ex.getMessage().contains("timed out"));
+                                      context.completeNow();
+                                    }))));
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void servfailResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = getResolver();
+    resolver.setUsePost(usePost);
+    setupResolverWithServer(resolver, Duration.ZERO, 301, 1, vertx, context)
+        .onSuccess(
+            server ->
+                Future.fromCompletionStage(resolver.sendAsync(qm))
+                    .onComplete(
+                        context.succeeding(
+                            result ->
+                                context.verify(
+                                    () -> {
+                                      assertEquals(Rcode.SERVFAIL, result.getHeader().getRcode());
+                                      context.completeNow();
+                                    }))));
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void limitRequestsResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = new DohResolver("http://localhost", 5, Duration.ofMinutes(2));
+    resolver.setUsePost(usePost);
+    int requests = 100;
+    Checkpoint cpPass = context.checkpoint(requests);
+    setupResolverWithServer(resolver, Duration.ofMillis(100), 200, 5, vertx, context)
+        .onSuccess(
+            server -> {
+              for (int i = 0; i < requests; i++) {
+                resolver
+                    .sendAsync(qm)
+                    .whenComplete(
+                        (result, ex) -> {
+                          if (ex == null) {
+                            cpPass.flag();
+                          } else {
+                            context.failNow(ex);
+                          }
+                        });
+              }
+            });
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void initialRequestSlowResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = new DohResolver("http://localhost", 2, Duration.ofMinutes(2));
+    resolver.setUsePost(usePost);
+    int requests = 20;
+    allRequestsUseTimeout = false;
+    Checkpoint cpPass = context.checkpoint(requests);
+    setupResolverWithServer(resolver, Duration.ofSeconds(1), 200, 2, vertx, context)
+        .onSuccess(
+            server -> {
+              for (int i = 0; i < requests; i++) {
+                resolver
+                    .sendAsync(qm)
+                    .whenComplete(
+                        (result, ex) -> {
+                          if (ex == null) {
+                            cpPass.flag();
+                          } else {
+                            context.failNow(ex);
+                          }
+                        });
+              }
+            });
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void initialRequestTimeoutResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = new DohResolver("http://localhost", 2, Duration.ofMinutes(2));
+    resolver.setUsePost(usePost);
+    resolver.setTimeout(Duration.ofSeconds(1));
+    int requests = 20;
+    allRequestsUseTimeout = false;
+    Checkpoint cpPass = context.checkpoint(requests - 1);
+    Checkpoint cpFail = context.checkpoint();
+    setupResolverWithServer(resolver, Duration.ofSeconds(2), 200, 2, vertx, context)
+        .onSuccess(
+            server -> {
+              Message q = qm.clone();
+              q.getHeader().setID(0);
+              resolver
+                  .sendAsync(q)
+                  .whenComplete(
+                      (result, ex) -> {
+                        if (ex == null) {
+                          context.failNow("First request succeeded");
+                        } else {
+                          cpFail.flag();
+                        }
+                      });
+              vertx.setTimer(
+                  1000,
+                  timer -> {
+                    for (int i = 1; i < requests; i++) {
+                      Message qq = qm.clone();
+                      qq.getHeader().setID(i);
+                      resolver
+                          .sendAsync(qq)
+                          .whenComplete(
+                              (result, ex) -> {
+                                if (ex == null) {
+                                  cpPass.flag();
+                                } else {
+                                  context.failNow("Request failed");
+                                }
+                              });
+                    }
+                  });
+            });
+  }
+
+  private Future<HttpServer> setupResolverWithServer(
+      DohResolver resolver,
+      Duration responseDelay,
+      int statusCode,
+      int maxConcurrentRequests,
+      Vertx vertx,
+      VertxTestContext context) {
+    return setupServer(qm, a, responseDelay, statusCode, maxConcurrentRequests, context, vertx)
+        .onSuccess(server -> resolver.setUriTemplate("http://localhost:" + server.actualPort()));
+  }
+
+  @EnabledForJreRange(
+      min = JRE.JAVA_9,
+      disabledReason = "Java 8 implementation doesn't have the initial request guard")
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void initialRequestGuardIfIdleConnectionTimeIsLargerThanSystemNanoTime(
+      boolean usePost, Vertx vertx, VertxTestContext context) {
+    AtomicLong startNanos = new AtomicLong(System.nanoTime());
+    DohResolver resolver = spy(new DohResolver("http://localhost", 2, Duration.ofMinutes(2)));
+    resolver.setTimeout(Duration.ofSeconds(1));
+    resolver.setUsePost(usePost);
+    // Simulate a nanoTime value that is lower than the idle timeout
+    doAnswer((Answer<Long>) invocationOnMock -> System.nanoTime() - startNanos.get())
+        .when(resolver)
+        .getNanoTime();
+
+    // Just add a 100ms delay before responding to the 1st call
+    // to simulate a 'concurrent doh request' for the 2nd call,
+    // then let the fake dns server respond to the 2nd call ASAP.
+    allRequestsUseTimeout = false;
+
+    // idleConnectionTimeout = 2s, lastRequest = 0L
+    // Ensure idleConnectionTimeout < System.nanoTime() - lastRequest (3s)
+
+    // Timeline:
+    //         |<-------- 100ms -------->|
+    //         ↑                         ↑
+    //  1st call sent              response of 1st call
+    //         |20ms|<------ 80ms ------>|<------ few millis ------->|
+    //              ↑ wait until 1st call ↑                           ↑
+    //       2nd call begin         2nd call sent            response of 2nd call
+
+    AtomicBoolean firstCallCompleted = new AtomicBoolean(false);
+
+    setupResolverWithServer(resolver, Duration.ofMillis(100L), 200, 2, vertx, context)
+        .onSuccess(
+            server -> {
+              // First call
+              CompletionStage<Message> firstCall =
+                  resolver.sendAsync(qm).whenComplete((msg, ex) -> firstCallCompleted.set(true));
+
+              // Ensure second call was made after first call and uses a different query
+              startNanos.addAndGet(TimeUnit.MILLISECONDS.toNanos(20));
+              CompletionStage<Message> secondCall = resolver.sendAsync(Message.newQuery(qr));
+
+              Future.fromCompletionStage(firstCall)
+                  .onComplete(
+                      context.succeeding(
+                          result ->
+                              context.verify(
+                                  () -> {
+                                    assertEquals(Rcode.NOERROR, result.getHeader().getRcode());
+                                    assertEquals(0, result.getHeader().getID());
+                                    assertEquals(queryName, result.getQuestion().getName());
+                                  })));
+
+              Future.fromCompletionStage(secondCall)
+                  .onComplete(
+                      context.succeeding(
+                          result ->
+                              context.verify(
+                                  () -> {
+                                    assertTrue(firstCallCompleted.get());
+                                    assertEquals(Rcode.NOERROR, result.getHeader().getRcode());
+                                    assertEquals(0, result.getHeader().getID());
+                                    assertEquals(queryName, result.getQuestion().getName());
+                                    // Complete context after the 2nd call was completed.
+                                    context.completeNow();
+                                  })));
+            });
+  }
+
+  private Future<HttpServer> setupServer(
+      Message expectedDnsRequest,
+      Message dnsResponse,
+      Duration serverProcessingTime,
+      int statusCode,
+      int maxConcurrentRequests,
+      VertxTestContext context,
+      Vertx vertx) {
+    HttpVersion version =
+        System.getProperty("java.version").startsWith("1.")
+            ? HttpVersion.HTTP_1_1
+            : HttpVersion.HTTP_2;
+    AtomicInteger requestCount = new AtomicInteger(0);
+    AtomicInteger concurrentRequests = new AtomicInteger(0);
+    return vertx
+        .createHttpServer(
+            new HttpServerOptions().setAlpnVersions(Collections.singletonList(version)))
+        .requestHandler(
+            httpRequest -> {
+              int thisRequestNum = requestCount.incrementAndGet();
+              int count = concurrentRequests.incrementAndGet();
+              if (count > maxConcurrentRequests) {
+                context.failNow(
+                    "Concurrent requests exceeded: " + count + " > " + maxConcurrentRequests);
+                return;
+              }
+
+              httpRequest.endHandler(v -> concurrentRequests.decrementAndGet());
+              httpRequest.bodyHandler(
+                  body -> {
+                    context.verify(
+                        () -> {
+                          assertEquals(
+                              "application/dns-message",
+                              httpRequest.getHeader(HttpHeaderNames.CONTENT_TYPE));
+                          byte[] actualDnsRequestBytes;
+                          if (httpRequest.method() == HttpMethod.POST) {
+                            actualDnsRequestBytes = body.getBytes();
+                          } else {
+                            actualDnsRequestBytes =
+                                Base64.getDecoder().decode(httpRequest.getParam("dns"));
+                          }
+
+                          Message actualDnsRequest = new Message(actualDnsRequestBytes);
+                          assertEquals(0, actualDnsRequest.getHeader().getID());
+                          assertEquals(
+                              expectedDnsRequest.getQuestion(), actualDnsRequest.getQuestion());
+                        });
+                    Message dnsResponseCopy = dnsResponse.clone();
+                    dnsResponseCopy.getHeader().setID(0);
+                    if (!serverProcessingTime.isZero()
+                        && (thisRequestNum == 1 || allRequestsUseTimeout)) {
+                      vertx.setTimer(
+                          serverProcessingTime.toMillis(),
+                          timer ->
+                              httpRequest
+                                  .response()
+                                  .setStatusCode(statusCode)
+                                  .end(Buffer.buffer(dnsResponseCopy.toWire())));
+                    } else {
+                      httpRequest
+                          .response()
+                          .setStatusCode(statusCode)
+                          .end(Buffer.buffer(dnsResponseCopy.toWire()));
+                    }
+                  });
+            })
+        .listen(0);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/EDNS0MessageTests.java b/src/test/java/org/xbill/DNS/EDNS0MessageTests.java
new file mode 100644
index 000000000..beb22a3ed
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/EDNS0MessageTests.java
@@ -0,0 +1,178 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+
+class EDNS0MessageTests {
+
+  /* dig +nocookie foo.dns.addere.ch */
+  private static final byte[] EDNS0_EMPTY = {
+    0x7d, 0x59, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x66, 0x6f, 0x6f,
+    0x03, 0x64, 0x6e, 0x73, 0x06, 0x61, 0x64, 0x64, 0x65, 0x72, 0x65, 0x02, 0x63, 0x68, 0x00, 0x00,
+    0x01, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  };
+
+  /* dig foo.dns.addere.ch */
+  private static final byte[] EDNS0_COOKIE = {
+    (byte) 0x95,
+    (byte) 0xa6,
+    0x01,
+    0x20,
+    0x00,
+    0x01,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x01,
+    0x03,
+    0x66,
+    0x6f,
+    0x6f,
+    0x03,
+    0x64,
+    0x6e,
+    0x73,
+    0x06,
+    0x61,
+    0x64,
+    0x64,
+    0x65,
+    0x72,
+    0x65,
+    0x02,
+    0x63,
+    0x68,
+    0x00,
+    0x00,
+    0x01,
+    0x00,
+    0x01,
+    0x00,
+    0x00,
+    0x29,
+    0x10,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x0c,
+    0x00,
+    0x0a,
+    0x00,
+    0x08,
+    0x28,
+    0x75,
+    (byte) 0x83,
+    0x7f,
+    0x00,
+    0x32,
+    (byte) 0xe5,
+    0x6f
+  };
+
+  /* dig +keepalive foo.dns.addere.ch */
+  private static final byte[] EDNS0_COOKIE_KEEPALIVE = {
+    (byte) 0x8e,
+    (byte) 0xdd,
+    0x01,
+    0x20,
+    0x00,
+    0x01,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x01,
+    0x03,
+    0x66,
+    0x6f,
+    0x6f,
+    0x03,
+    0x64,
+    0x6e,
+    0x73,
+    0x06,
+    0x61,
+    0x64,
+    0x64,
+    0x65,
+    0x72,
+    0x65,
+    0x02,
+    0x63,
+    0x68,
+    0x00,
+    0x00,
+    0x01,
+    0x00,
+    0x01,
+    0x00,
+    0x00,
+    0x29,
+    0x10,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x10,
+    0x00,
+    0x0a,
+    0x00,
+    0x08,
+    (byte) 0xeb,
+    (byte) 0xed,
+    (byte) 0xfc,
+    0x4c,
+    0x1c,
+    0x45,
+    0x20,
+    0x01,
+    0x00,
+    0x0b,
+    0x00,
+    0x00
+  };
+
+  /* dig +keepalive +subnet=1.2.3.4 foo.dns.addere.ch */
+  private static final byte[] EDNS0_SUBNET_COOKIE_KEEPALIVE = {
+    0x42, 0x3a, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x66, 0x6f, 0x6f,
+    0x03, 0x64, 0x6e, 0x73, 0x06, 0x61, 0x64, 0x64, 0x65, 0x72, 0x65, 0x02, 0x63, 0x68, 0x00, 0x00,
+    0x01, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x08,
+    0x00, 0x08, 0x00, 0x01, 0x20, 0x00, 0x01, 0x02, 0x03, 0x04, 0x00, 0x0a, 0x00, 0x08, 0x7c, 0x2e,
+    0x0d, 0x0e, (byte) 0x95, (byte) 0xf3, 0x4d, (byte) 0xff, 0x00, 0x0b, 0x00, 0x00
+  };
+
+  @Test
+  void testParseEdns0Empty() throws IOException {
+    Message msg = new Message(EDNS0_EMPTY);
+    assertArrayEquals(EDNS0_EMPTY, msg.toWire());
+  }
+
+  @Test
+  void testParseEdns0Cookie() throws IOException {
+    Message msg = new Message(EDNS0_COOKIE);
+    assertArrayEquals(EDNS0_COOKIE, msg.toWire());
+  }
+
+  @Test
+  void testParseEdns0CookieKeepalive() throws IOException {
+    Message msg = new Message(EDNS0_COOKIE_KEEPALIVE);
+    assertArrayEquals(EDNS0_COOKIE_KEEPALIVE, msg.toWire());
+  }
+
+  @Test
+  void testParseEdns0SubnetCookieKeepalive() throws IOException {
+    Message msg = new Message(EDNS0_SUBNET_COOKIE_KEEPALIVE);
+    assertArrayEquals(EDNS0_SUBNET_COOKIE_KEEPALIVE, msg.toWire());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/EmptyRecordTest.java b/src/test/java/org/xbill/DNS/EmptyRecordTest.java
index f9650e294..775f17f9c 100644
--- a/src/test/java/org/xbill/DNS/EmptyRecordTest.java
+++ b/src/test/java/org/xbill/DNS/EmptyRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,14 +37,13 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
 import org.junit.jupiter.api.Test;
 
 class EmptyRecordTest {
   @Test
-  void test_ctor() {
+  void ctor() {
     EmptyRecord ar = new EmptyRecord();
     assertNull(ar.getName());
     assertEquals(0, ar.getType());
@@ -52,14 +52,7 @@ void test_ctor() {
   }
 
   @Test
-  void test_getObject() {
-    EmptyRecord ar = new EmptyRecord();
-    Record r = ar.getObject();
-    assertTrue(r instanceof EmptyRecord);
-  }
-
-  @Test
-  void test_rrFromWire() throws IOException {
+  void rrFromWire() {
     DNSInput i = new DNSInput(new byte[] {1, 2, 3, 4, 5});
     i.jump(3);
 
@@ -73,7 +66,7 @@ void test_rrFromWire() throws IOException {
   }
 
   @Test
-  void test_rdataFromString() throws IOException {
+  void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("these are the tokens");
     EmptyRecord er = new EmptyRecord();
     er.rdataFromString(t, null);
@@ -86,13 +79,13 @@ void test_rdataFromString() throws IOException {
   }
 
   @Test
-  void test_rrToString() {
+  void rrToString() {
     EmptyRecord er = new EmptyRecord();
     assertEquals("", er.rrToString());
   }
 
   @Test
-  void test_rrToWire() {
+  void rrToWire() {
     EmptyRecord er = new EmptyRecord();
     DNSOutput out = new DNSOutput();
     er.rrToWire(out, null, true);
diff --git a/src/test/java/org/xbill/DNS/ExceptionTest.java b/src/test/java/org/xbill/DNS/ExceptionTest.java
index ad1edecde..0f5a0862f 100644
--- a/src/test/java/org/xbill/DNS/ExceptionTest.java
+++ b/src/test/java/org/xbill/DNS/ExceptionTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -42,25 +43,25 @@
 
 class ExceptionTest {
   @Test
-  void test_InvalidDClassException() {
+  void InvalidDClassException() {
     IllegalArgumentException e = new InvalidDClassException(10);
     assertEquals("Invalid DNS class: 10", e.getMessage());
   }
 
   @Test
-  void test_InvalidTTLException() {
+  void InvalidTTLException() {
     IllegalArgumentException e = new InvalidTTLException(32345);
     assertEquals("Invalid DNS TTL: 32345", e.getMessage());
   }
 
   @Test
-  void test_InvalidTypeException() {
+  void InvalidTypeException() {
     IllegalArgumentException e = new InvalidTypeException(32345);
     assertEquals("Invalid DNS type: 32345", e.getMessage());
   }
 
   @Test
-  void test_NameTooLongException() {
+  void NameTooLongException() {
     WireParseException e = new NameTooLongException();
     assertNull(e.getMessage());
 
@@ -69,7 +70,7 @@ void test_NameTooLongException() {
   }
 
   @Test
-  void test_RelativeNameException() throws TextParseException {
+  void RelativeNameException() throws TextParseException {
     IllegalArgumentException e = new RelativeNameException("This is my relative name");
     assertEquals("This is my relative name", e.getMessage());
 
@@ -78,7 +79,7 @@ void test_RelativeNameException() throws TextParseException {
   }
 
   @Test
-  void test_TextParseException() {
+  void TextParseException() {
     IOException e = new TextParseException();
     assertNull(e.getMessage());
 
@@ -87,7 +88,7 @@ void test_TextParseException() {
   }
 
   @Test
-  void test_WireParseException() {
+  void WireParseException() {
     IOException e = new WireParseException();
     assertNull(e.getMessage());
 
@@ -96,7 +97,7 @@ void test_WireParseException() {
   }
 
   @Test
-  void test_ZoneTransferException() {
+  void ZoneTransferException() {
     Exception e = new ZoneTransferException();
     assertNull(e.getMessage());
 
diff --git a/src/test/java/org/xbill/DNS/ExtendedErrorCodeOptionTest.java b/src/test/java/org/xbill/DNS/ExtendedErrorCodeOptionTest.java
new file mode 100644
index 000000000..f5cc714d6
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/ExtendedErrorCodeOptionTest.java
@@ -0,0 +1,106 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+
+class ExtendedErrorCodeOptionTest {
+  @Test
+  void testCodeOnly() throws IOException {
+    byte[] data =
+        new byte[] {
+          0,
+          15, // EDNS option code
+          0,
+          2, // option data length
+          0,
+          1 // extended error code
+        };
+    EDNSOption option = EDNSOption.fromWire(data);
+    assertTrue(option instanceof ExtendedErrorCodeOption, "Expected ExtendedErrorCodeOption");
+    ExtendedErrorCodeOption ede = (ExtendedErrorCodeOption) option;
+    assertEquals(1, ede.getErrorCode());
+    assertNull(ede.getText());
+    assertArrayEquals(data, ede.toWire());
+    assertArrayEquals(data, new ExtendedErrorCodeOption(1).toWire());
+  }
+
+  @Test
+  void testCodeAndText() throws IOException {
+    byte[] data =
+        new byte[] {
+          0,
+          15, // EDNS option code
+          0,
+          4, // option data length
+          0,
+          1, // extended error code
+          (byte) 'a',
+          (byte) 'b'
+        };
+    EDNSOption option = EDNSOption.fromWire(data);
+    assertTrue(option instanceof ExtendedErrorCodeOption, "Expected ExtendedErrorCodeOption");
+    ExtendedErrorCodeOption ede = (ExtendedErrorCodeOption) option;
+    assertEquals(1, ede.getErrorCode());
+    assertEquals("ab", ede.getText());
+    assertArrayEquals(data, ede.toWire());
+    assertArrayEquals(data, new ExtendedErrorCodeOption(1, "ab").toWire());
+  }
+
+  @Test
+  void testCodeAndTextNullTerminated() throws IOException {
+    byte[] inputData =
+        new byte[] {
+          0,
+          15, // EDNS option code
+          0,
+          5, // option data length
+          0,
+          1, // extended error code
+          (byte) 'a',
+          (byte) 'b',
+          0
+        };
+    EDNSOption option = EDNSOption.fromWire(inputData);
+    assertTrue(option instanceof ExtendedErrorCodeOption, "Expected ExtendedErrorCodeOption");
+    ExtendedErrorCodeOption ede = (ExtendedErrorCodeOption) option;
+    assertEquals(1, ede.getErrorCode());
+    assertEquals("ab", ede.getText());
+
+    byte[] outputDataNonNullTerminated =
+        new byte[] {
+          0,
+          15, // EDNS option code
+          0,
+          4, // option data length
+          0,
+          1, // extended error code
+          (byte) 'a',
+          (byte) 'b',
+        };
+    assertArrayEquals(outputDataNonNullTerminated, ede.toWire());
+  }
+
+  @Test
+  void testToStringCodeOnly() {
+    ExtendedErrorCodeOption option = new ExtendedErrorCodeOption(1);
+    assertEquals("UNSUPPORTED_DNSKEY_ALGORITHM", option.optionToString());
+  }
+
+  @Test
+  void testToStringUnknownCode() {
+    ExtendedErrorCodeOption option = new ExtendedErrorCodeOption(49152);
+    assertEquals("EDE49152", option.optionToString());
+  }
+
+  @Test
+  void testToStringCodeAndText() {
+    ExtendedErrorCodeOption option = new ExtendedErrorCodeOption(1, "ab");
+    assertEquals("UNSUPPORTED_DNSKEY_ALGORITHM: ab", option.optionToString());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/ExtendedFlagsTest.java b/src/test/java/org/xbill/DNS/ExtendedFlagsTest.java
index 216cb3e88..184d2b3ef 100644
--- a/src/test/java/org/xbill/DNS/ExtendedFlagsTest.java
+++ b/src/test/java/org/xbill/DNS/ExtendedFlagsTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -42,7 +43,7 @@
 
 class ExtendedFlagsTest {
   @Test
-  void test_string() {
+  void string() {
     // a regular one
     assertEquals("do", ExtendedFlags.string(ExtendedFlags.DO));
 
@@ -56,7 +57,7 @@ void test_string() {
   }
 
   @Test
-  void test_value() {
+  void value() {
     // regular one
     assertEquals(ExtendedFlags.DO, ExtendedFlags.value("do"));
 
diff --git a/src/test/java/org/xbill/DNS/ExtendedResolverTest.java b/src/test/java/org/xbill/DNS/ExtendedResolverTest.java
new file mode 100644
index 000000000..4b4d39f1a
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/ExtendedResolverTest.java
@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.net.UnknownHostException;
+import org.junit.jupiter.api.Test;
+
+class ExtendedResolverTest {
+  @Test
+  void testGetExtendedResolver() throws UnknownHostException {
+    ExtendedResolver r = new ExtendedResolver(new SimpleResolver[] {new SimpleResolver("0.0.0.0")});
+    assertEquals(1, r.getResolvers().length);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/FlagsTest.java b/src/test/java/org/xbill/DNS/FlagsTest.java
index 1ce8207df..0b860dfa5 100644
--- a/src/test/java/org/xbill/DNS/FlagsTest.java
+++ b/src/test/java/org/xbill/DNS/FlagsTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -43,7 +44,7 @@
 
 class FlagsTest {
   @Test
-  void test_string() {
+  void string() {
     // a regular one
     assertEquals("aa", Flags.string(Flags.AA));
 
@@ -57,7 +58,7 @@ void test_string() {
   }
 
   @Test
-  void test_value() {
+  void value() {
     // regular one
     assertEquals(Flags.CD, Flags.value("cd"));
 
@@ -75,7 +76,7 @@ void test_value() {
   }
 
   @Test
-  void test_isFlag() {
+  void isFlag() {
     assertThrows(IllegalArgumentException.class, () -> Flags.isFlag(-1));
     assertTrue(Flags.isFlag(0));
     assertFalse(Flags.isFlag(1)); // opcode
diff --git a/src/test/java/org/xbill/DNS/FormattedTimeTest.java b/src/test/java/org/xbill/DNS/FormattedTimeTest.java
index 243492cf2..53fc35958 100644
--- a/src/test/java/org/xbill/DNS/FormattedTimeTest.java
+++ b/src/test/java/org/xbill/DNS/FormattedTimeTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -46,20 +47,20 @@
 
 class FormattedTimeTest {
   @Test
-  void test_format() {
+  void format() {
     GregorianCalendar cal = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
-    cal.set(2005, 2, 19, 4, 4, 5);
+    cal.set(2005, Calendar.MARCH, 19, 4, 4, 5);
     String out = FormattedTime.format(cal.toInstant());
     assertEquals("20050319040405", out);
   }
 
   @Test
-  void test_parse() throws DateTimeParseException, TextParseException {
+  void parse() throws DateTimeParseException {
     // have to make sure to clear out the milliseconds since there
     // is occasionally a difference between when cal and cal2 are
     // instantiated.
     GregorianCalendar cal = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
-    cal.set(2005, 2, 19, 4, 4, 5);
+    cal.set(2005, Calendar.MARCH, 19, 4, 4, 5);
     cal.set(Calendar.MILLISECOND, 0);
 
     Instant out = FormattedTime.parse("20050319040405");
@@ -70,7 +71,23 @@ void test_parse() throws DateTimeParseException, TextParseException {
   }
 
   @Test
-  void test_parse_invalid() {
+  void parseEpoch() throws DateTimeParseException {
+    // have to make sure to clear out the milliseconds since there
+    // is occasionally a difference between when cal and cal2 are
+    // instantiated.
+    GregorianCalendar cal = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
+    cal.set(2005, Calendar.MARCH, 19, 4, 4, 5);
+    cal.set(Calendar.MILLISECOND, 0);
+
+    Instant out = FormattedTime.parse("1111205045");
+    GregorianCalendar cal2 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
+    cal2.setTimeInMillis(out.toEpochMilli());
+    cal2.set(Calendar.MILLISECOND, 0);
+    assertEquals(cal, cal2);
+  }
+
+  @Test
+  void parse_invalid() {
     assertThrows(DateTimeParseException.class, () -> FormattedTime.parse("2004010101010"));
     assertThrows(DateTimeParseException.class, () -> FormattedTime.parse("200401010101010"));
     assertThrows(DateTimeParseException.class, () -> FormattedTime.parse("2004010101010A"));
diff --git a/src/test/java/org/xbill/DNS/GPOSRecordTest.java b/src/test/java/org/xbill/DNS/GPOSRecordTest.java
index f8a268b79..c2ea64ea7 100644
--- a/src/test/java/org/xbill/DNS/GPOSRecordTest.java
+++ b/src/test/java/org/xbill/DNS/GPOSRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -37,7 +38,6 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
 import org.junit.jupiter.api.BeforeEach;
@@ -45,7 +45,7 @@
 
 class GPOSRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     GPOSRecord gr = new GPOSRecord();
     assertNull(gr.getName());
     assertEquals(0, gr.getType());
@@ -53,13 +53,6 @@ void test_ctor_0arg() {
     assertEquals(0, gr.getTTL());
   }
 
-  @Test
-  void test_getObject() {
-    GPOSRecord gr = new GPOSRecord();
-    Record r = gr.getObject();
-    assertTrue(r instanceof GPOSRecord);
-  }
-
   static class Test_Ctor_6arg_doubles {
     private Name m_n;
     private long m_ttl;
@@ -75,7 +68,7 @@ void setUp() throws TextParseException {
     }
 
     @Test
-    void test_basic() {
+    void basic() {
       GPOSRecord gr = new GPOSRecord(m_n, DClass.IN, m_ttl, m_long, m_lat, m_alt);
       assertEquals(m_n, gr.getName());
       assertEquals(DClass.IN, gr.getDClass());
@@ -90,35 +83,35 @@ void test_basic() {
     }
 
     @Test
-    void test_toosmall_longitude() {
+    void toosmall_longitude() {
       assertThrows(
           IllegalArgumentException.class,
           () -> new GPOSRecord(m_n, DClass.IN, m_ttl, -90.001, m_lat, m_alt));
     }
 
     @Test
-    void test_toobig_longitude() {
+    void toobig_longitude() {
       assertThrows(
           IllegalArgumentException.class,
           () -> new GPOSRecord(m_n, DClass.IN, m_ttl, 90.001, m_lat, m_alt));
     }
 
     @Test
-    void test_toosmall_latitude() {
+    void toosmall_latitude() {
       assertThrows(
           IllegalArgumentException.class,
           () -> new GPOSRecord(m_n, DClass.IN, m_ttl, m_long, -180.001, m_alt));
     }
 
     @Test
-    void test_toobig_latitude() {
+    void toobig_latitude() {
       assertThrows(
           IllegalArgumentException.class,
           () -> new GPOSRecord(m_n, DClass.IN, m_ttl, m_long, 180.001, m_alt));
     }
 
     @Test
-    void test_invalid_string() {
+    void invalid_string() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -147,7 +140,7 @@ void setUp() throws TextParseException {
     }
 
     @Test
-    void test_basic() {
+    void basic() {
       GPOSRecord gr =
           new GPOSRecord(
               m_n,
@@ -169,7 +162,7 @@ void test_basic() {
     }
 
     @Test
-    void test_toosmall_longitude() {
+    void toosmall_longitude() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -183,7 +176,7 @@ void test_toosmall_longitude() {
     }
 
     @Test
-    void test_toobig_longitude() {
+    void toobig_longitude() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -192,7 +185,7 @@ void test_toobig_longitude() {
     }
 
     @Test
-    void test_toosmall_latitude() {
+    void toosmall_latitude() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -206,7 +199,7 @@ void test_toosmall_latitude() {
     }
 
     @Test
-    void test_toobig_latitude() {
+    void toobig_latitude() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -222,7 +215,7 @@ void test_toobig_latitude() {
 
   static class Test_rrFromWire {
     @Test
-    void test_basic() throws IOException {
+    void basic() throws IOException {
       byte[] raw =
           new byte[] {
             5, '-', '8', '.', '1', '2', 6, '1', '2', '3', '.', '0', '7', 3, '0', '.', '0'
@@ -237,7 +230,7 @@ void test_basic() throws IOException {
     }
 
     @Test
-    void test_longitude_toosmall() throws IOException {
+    void longitude_toosmall() {
       byte[] raw =
           new byte[] {
             5, '-', '9', '5', '.', '0', 6, '1', '2', '3', '.', '0', '7', 3, '0', '.', '0'
@@ -249,7 +242,7 @@ void test_longitude_toosmall() throws IOException {
     }
 
     @Test
-    void test_longitude_toobig() throws IOException {
+    void longitude_toobig() {
       byte[] raw =
           new byte[] {
             5, '1', '8', '5', '.', '0', 6, '1', '2', '3', '.', '0', '7', 3, '0', '.', '0'
@@ -261,7 +254,7 @@ void test_longitude_toobig() throws IOException {
     }
 
     @Test
-    void test_latitude_toosmall() throws IOException {
+    void latitude_toosmall() {
       byte[] raw =
           new byte[] {
             5, '-', '8', '5', '.', '0', 6, '-', '1', '9', '0', '.', '0', 3, '0', '.', '0'
@@ -273,7 +266,7 @@ void test_latitude_toosmall() throws IOException {
     }
 
     @Test
-    void test_latitude_toobig() throws IOException {
+    void latitude_toobig() {
       byte[] raw =
           new byte[] {
             5, '-', '8', '5', '.', '0', 6, '2', '1', '9', '0', '.', '0', 3, '0', '.', '0'
@@ -287,7 +280,7 @@ void test_latitude_toobig() throws IOException {
 
   static class Test_rdataFromString {
     @Test
-    void test_basic() throws IOException {
+    void basic() throws IOException {
       Tokenizer t = new Tokenizer("10.45 171.121212 1010787");
 
       GPOSRecord gr = new GPOSRecord();
@@ -298,7 +291,7 @@ void test_basic() throws IOException {
     }
 
     @Test
-    void test_longitude_toosmall() {
+    void longitude_toosmall() {
       Tokenizer t = new Tokenizer("-100.390 171.121212 1010787");
 
       GPOSRecord gr = new GPOSRecord();
@@ -306,7 +299,7 @@ void test_longitude_toosmall() {
     }
 
     @Test
-    void test_longitude_toobig() {
+    void longitude_toobig() {
       Tokenizer t = new Tokenizer("90.00001 171.121212 1010787");
 
       GPOSRecord gr = new GPOSRecord();
@@ -314,7 +307,7 @@ void test_longitude_toobig() {
     }
 
     @Test
-    void test_latitude_toosmall() {
+    void latitude_toosmall() {
       Tokenizer t = new Tokenizer("0.0 -180.01 1010787");
 
       GPOSRecord gr = new GPOSRecord();
@@ -322,7 +315,7 @@ void test_latitude_toosmall() {
     }
 
     @Test
-    void test_latitude_toobig() {
+    void latitude_toobig() {
       Tokenizer t = new Tokenizer("0.0 180.01 1010787");
 
       GPOSRecord gr = new GPOSRecord();
@@ -330,18 +323,19 @@ void test_latitude_toobig() {
     }
 
     @Test
-    void test_invalid_string() throws IOException {
+    void invalid_string() {
       Tokenizer t = new Tokenizer("1.0 2.0 \\435");
-      try {
-        GPOSRecord gr = new GPOSRecord();
-        gr.rdataFromString(t, null);
-      } catch (TextParseException e) {
-      }
+      assertThrows(
+          TextParseException.class,
+          () -> {
+            GPOSRecord gr = new GPOSRecord();
+            gr.rdataFromString(t, null);
+          });
     }
   }
 
   @Test
-  void test_rrToString() throws TextParseException {
+  void rrToString() throws TextParseException {
     String exp = "\"10.45\" \"171.121212\" \"1010787.0\"";
 
     GPOSRecord gr =
@@ -350,7 +344,7 @@ void test_rrToString() throws TextParseException {
   }
 
   @Test
-  void test_rrToWire() throws TextParseException {
+  void rrToWire() throws TextParseException {
     GPOSRecord gr =
         new GPOSRecord(Name.fromString("The.Name."), DClass.IN, 0x123, -10.45, 120.0, 111.0);
 
diff --git a/src/test/java/org/xbill/DNS/HINFORecordTest.java b/src/test/java/org/xbill/DNS/HINFORecordTest.java
index 3fc156cf6..a25e6282c 100644
--- a/src/test/java/org/xbill/DNS/HINFORecordTest.java
+++ b/src/test/java/org/xbill/DNS/HINFORecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -38,14 +39,13 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
 import org.junit.jupiter.api.Test;
 
 class HINFORecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     HINFORecord dr = new HINFORecord();
     assertNull(dr.getName());
     assertEquals(0, dr.getType());
@@ -54,14 +54,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_getObject() {
-    HINFORecord dr = new HINFORecord();
-    Record r = dr.getObject();
-    assertTrue(r instanceof HINFORecord);
-  }
-
-  @Test
-  void test_ctor_5arg() throws TextParseException {
+  void ctor_5arg() throws TextParseException {
     Name n = Name.fromString("The.Name.");
     long ttl = 0xABCDL;
     String cpu = "i686 Intel(R) Pentium(R) M processor 1.70GHz GenuineIntel GNU/Linux";
@@ -77,7 +70,7 @@ void test_ctor_5arg() throws TextParseException {
   }
 
   @Test
-  void test_ctor_5arg_invalid_CPU() throws TextParseException {
+  void ctor_5arg_invalid_CPU() throws TextParseException {
     Name n = Name.fromString("The.Name.");
     long ttl = 0xABCDL;
     String cpu = "i686 Intel(R) Pentium(R) M \\256 processor 1.70GHz GenuineIntel GNU/Linux";
@@ -87,7 +80,7 @@ void test_ctor_5arg_invalid_CPU() throws TextParseException {
   }
 
   @Test
-  void test_ctor_5arg_invalid_OS() throws TextParseException {
+  void ctor_5arg_invalid_OS() throws TextParseException {
     Name n = Name.fromString("The.Name.");
     long ttl = 0xABCDL;
     String cpu = "i686 Intel(R) Pentium(R) M processor 1.70GHz GenuineIntel GNU/Linux";
@@ -97,7 +90,7 @@ void test_ctor_5arg_invalid_OS() throws TextParseException {
   }
 
   @Test
-  void test_rrFromWire() throws IOException {
+  void rrFromWire() throws IOException {
     String cpu = "Intel(R) Pentium(R) M processor 1.70GHz";
     String os = "Linux troy 2.6.10-gentoo-r6";
 
@@ -118,7 +111,7 @@ void test_rrFromWire() throws IOException {
   }
 
   @Test
-  void test_rdataFromString() throws IOException {
+  void rdataFromString() throws IOException {
     String cpu = "Intel(R) Pentium(R) M processor 1.70GHz";
     String os = "Linux troy 2.6.10-gentoo-r6";
 
@@ -131,7 +124,7 @@ void test_rdataFromString() throws IOException {
   }
 
   @Test
-  void test_rdataFromString_invalid_CPU() throws IOException {
+  void rdataFromString_invalid_CPU() {
     String cpu = "Intel(R) Pentium(R) \\388 M processor 1.70GHz";
     String os = "Linux troy 2.6.10-gentoo-r6";
 
@@ -142,7 +135,7 @@ void test_rdataFromString_invalid_CPU() throws IOException {
   }
 
   @Test
-  void test_rdataFromString_invalid_OS() throws IOException {
+  void rdataFromString_invalid_OS() {
     String cpu = "Intel(R) Pentium(R) M processor 1.70GHz";
 
     Tokenizer t = new Tokenizer("\"" + cpu + "\"");
@@ -152,7 +145,7 @@ void test_rdataFromString_invalid_OS() throws IOException {
   }
 
   @Test
-  void test_rrToString() throws TextParseException {
+  void rrToString() throws TextParseException {
     String cpu = "Intel(R) Pentium(R) M processor 1.70GHz";
     String os = "Linux troy 2.6.10-gentoo-r6";
 
@@ -163,7 +156,7 @@ void test_rrToString() throws TextParseException {
   }
 
   @Test
-  void test_rrToWire() throws TextParseException {
+  void rrToWire() throws TextParseException {
     String cpu = "Intel(R) Pentium(R) M processor 1.70GHz";
     String os = "Linux troy 2.6.10-gentoo-r6";
     byte[] raw =
diff --git a/src/test/java/org/xbill/DNS/HIPRecordTest.java b/src/test/java/org/xbill/DNS/HIPRecordTest.java
new file mode 100644
index 000000000..8e49ffdb8
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/HIPRecordTest.java
@@ -0,0 +1,146 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.PublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.ArrayList;
+import java.util.List;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DNSSEC.DNSSECException;
+import org.xbill.DNS.IPSECKEYRecord.Algorithm;
+
+class HIPRecordTest {
+  private final Name exampleCom = Name.fromConstantString("www.example.com.");
+  private final Name rvs = Name.fromConstantString("rvs.example.com.");
+  private final Name rvs1 = Name.fromConstantString("rvs1.example.com.");
+  private final Name rvs2 = Name.fromConstantString("rvs2.example.com.");
+  private final List<Name> servers = new ArrayList<>();
+
+  @BeforeEach
+  void beforeEach() {
+    servers.add(rvs1);
+    servers.add(rvs2);
+  }
+
+  @Test
+  void testRfcExample1() throws IOException, DNSSECException {
+    String example =
+        "www.example.com.      IN  HIP ( 2 200100107B1A74DF365639CC39F1D578\n"
+            + "                          AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D )";
+    try (Master m = new Master(new ByteArrayInputStream(example.getBytes()), Name.root, 900)) {
+      HIPRecord hip = (HIPRecord) m.nextRecord();
+      assertEquals(exampleCom, hip.getName());
+      assertEquals(2, hip.getAlgorithm());
+      PublicKey pk = hip.getPublicKey();
+      assertTrue(pk instanceof RSAPublicKey);
+      assertEquals(0, hip.getRvServers().size());
+
+      DNSOutput out = new DNSOutput();
+      hip.toWire(out, Section.ANSWER, null);
+      HIPRecord hip2 = (HIPRecord) Record.fromWire(out.toByteArray(), Section.ANSWER);
+      assertEquals(hip, hip2);
+    }
+  }
+
+  @Test
+  void testRfcExample2() throws IOException, DNSSECException {
+    String example =
+        "www.example.com.      IN  HIP ( 2 200100107B1A74DF365639CC39F1D578\n"
+            + "                          AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D\n"
+            + "                          rvs.example.com. )";
+    try (Master m = new Master(new ByteArrayInputStream(example.getBytes()), Name.root, 900)) {
+      HIPRecord hip = (HIPRecord) m.nextRecord();
+      assertEquals(exampleCom, hip.getName());
+      assertEquals(2, hip.getAlgorithm());
+      PublicKey pk = hip.getPublicKey();
+      assertTrue(pk instanceof RSAPublicKey);
+      assertEquals(1, hip.getRvServers().size());
+      assertEquals(rvs, hip.getRvServers().get(0));
+
+      DNSOutput out = new DNSOutput();
+      hip.toWire(out, Section.ANSWER, null);
+      HIPRecord hip2 = (HIPRecord) Record.fromWire(out.toByteArray(), Section.ANSWER);
+      assertEquals(hip, hip2);
+    }
+  }
+
+  @Test
+  void testRfcExample3() throws IOException, DNSSECException {
+    String example =
+        "www.example.com.      IN  HIP ( 2 200100107B1A74DF365639CC39F1D578\n"
+            + "                          AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D\n"
+            + "                          rvs1.example.com.\n"
+            + "                          rvs2.example.com. )";
+    try (Master m = new Master(new ByteArrayInputStream(example.getBytes()), Name.root, 900)) {
+      HIPRecord hip = (HIPRecord) m.nextRecord();
+      assertEquals(exampleCom, hip.getName());
+      assertEquals(2, hip.getAlgorithm());
+      PublicKey pk = hip.getPublicKey();
+      assertTrue(pk instanceof RSAPublicKey);
+      assertEquals(2, hip.getRvServers().size());
+      assertEquals(rvs1, hip.getRvServers().get(0));
+      assertEquals(rvs2, hip.getRvServers().get(1));
+
+      DNSOutput out = new DNSOutput();
+      hip.toWire(out, Section.ANSWER, null);
+      HIPRecord hip2 = (HIPRecord) Record.fromWire(out.toByteArray(), Section.ANSWER);
+      assertEquals(hip, hip2);
+    }
+  }
+
+  @Test
+  void testHipToString() {
+    Options.unset("multiline");
+    HIPRecord hip =
+        new HIPRecord(
+            exampleCom, DClass.IN, 900, new byte[] {1, 2, 3}, Algorithm.RSA, new byte[] {1, 2, 3});
+    assertEquals("2 010203 AQID", hip.rrToString());
+  }
+
+  @Test
+  void testHipToStringServers() {
+    Options.unset("multiline");
+    HIPRecord hip =
+        new HIPRecord(
+            exampleCom,
+            DClass.IN,
+            900,
+            new byte[] {1, 2, 3},
+            Algorithm.RSA,
+            new byte[] {1, 2, 3},
+            servers);
+    assertEquals("2 010203 AQID " + rvs1.toString() + " " + rvs2.toString(), hip.rrToString());
+  }
+
+  @Test
+  void testHipToStringMultiline() {
+    Options.set("multiline");
+    HIPRecord hip =
+        new HIPRecord(
+            exampleCom, DClass.IN, 900, new byte[] {1, 2, 3}, Algorithm.RSA, new byte[] {1, 2, 3});
+    assertEquals("( 2 010203\n\tAQID )", hip.rrToString());
+  }
+
+  @Test
+  void testHipToStringServersMultiline() {
+    Options.set("multiline");
+    HIPRecord hip =
+        new HIPRecord(
+            exampleCom,
+            DClass.IN,
+            900,
+            new byte[] {1, 2, 3},
+            Algorithm.RSA,
+            new byte[] {1, 2, 3},
+            servers);
+    assertEquals(
+        "( 2 010203\n\t" + "AQID\n\t" + rvs1.toString() + "\n\t" + rvs2.toString() + " )",
+        hip.rrToString());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/HTTPSRecordTest.java b/src/test/java/org/xbill/DNS/HTTPSRecordTest.java
new file mode 100644
index 000000000..5acfe4a1b
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/HTTPSRecordTest.java
@@ -0,0 +1,125 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.io.IOException;
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import org.junit.jupiter.api.Test;
+
+class HTTPSRecordTest {
+  @Test
+  @SuppressWarnings("deprecation")
+  void createParams() throws UnknownHostException, TextParseException {
+    List<Integer> mandatoryList = Arrays.asList(HTTPSRecord.ALPN, HTTPSRecord.IPV4HINT);
+    HTTPSRecord.ParameterMandatory mandatory = new HTTPSRecord.ParameterMandatory(mandatoryList);
+    assertEquals(HTTPSRecord.MANDATORY, mandatory.getKey());
+    assertEquals(mandatoryList, mandatory.getValues());
+
+    List<String> alpnList = Arrays.asList("h2", "h3");
+    HTTPSRecord.ParameterAlpn alpn = new HTTPSRecord.ParameterAlpn(alpnList);
+    assertEquals(HTTPSRecord.ALPN, alpn.getKey());
+    assertEquals(alpnList, alpn.getValues());
+
+    HTTPSRecord.ParameterPort port = new HTTPSRecord.ParameterPort(8443);
+    assertEquals(HTTPSRecord.PORT, port.getKey());
+    assertEquals(8443, port.getPort());
+
+    List<Inet4Address> ipv4List =
+        Collections.singletonList((Inet4Address) InetAddress.getByName("1.2.3.4"));
+    HTTPSRecord.ParameterIpv4Hint ipv4hint = new HTTPSRecord.ParameterIpv4Hint(ipv4List);
+    assertEquals(HTTPSRecord.IPV4HINT, ipv4hint.getKey());
+    assertEquals(ipv4List, ipv4hint.getAddresses());
+
+    byte[] data = {'a', 'b', 'c'};
+    SVCBBase.ParameterEch ech = new SVCBBase.ParameterEch(data);
+    assertEquals(HTTPSRecord.ECH, ech.getKey());
+    assertEquals(data, ech.getData());
+
+    HTTPSRecord.ParameterEchConfig echconfig = new HTTPSRecord.ParameterEchConfig(data);
+    assertEquals(HTTPSRecord.ECHCONFIG, echconfig.getKey());
+    assertEquals(data, echconfig.getData());
+
+    List<Inet6Address> ipv6List =
+        Collections.singletonList((Inet6Address) InetAddress.getByName("2001:db8::1"));
+    HTTPSRecord.ParameterIpv6Hint ipv6hint = new HTTPSRecord.ParameterIpv6Hint(ipv6List);
+    assertEquals(HTTPSRecord.IPV6HINT, ipv6hint.getKey());
+    assertEquals(ipv6List, ipv6hint.getAddresses());
+
+    byte[] value = {0, 1, 2, 3};
+    HTTPSRecord.ParameterUnknown unknown = new HTTPSRecord.ParameterUnknown(33, value);
+    assertEquals(33, unknown.getKey());
+    assertEquals(value, unknown.getValue());
+  }
+
+  @Test
+  void createRecord() throws IOException {
+    Name label = Name.fromString("test.com.");
+    int svcPriority = 5;
+    Name svcDomain = Name.fromString("svc.test.com.");
+    HTTPSRecord.ParameterMandatory mandatory = new HTTPSRecord.ParameterMandatory();
+    mandatory.fromString("alpn");
+    HTTPSRecord.ParameterAlpn alpn = new HTTPSRecord.ParameterAlpn();
+    alpn.fromString("h1,h2");
+    HTTPSRecord.ParameterIpv4Hint ipv4 = new HTTPSRecord.ParameterIpv4Hint();
+    ipv4.fromString("1.2.3.4,5.6.7.8");
+    List<HTTPSRecord.ParameterBase> params = Arrays.asList(mandatory, ipv4, alpn);
+    HTTPSRecord https = new HTTPSRecord(label, DClass.IN, 300, svcPriority, svcDomain, params);
+
+    assertEquals(Type.HTTPS, https.getType());
+    assertEquals(label, https.getName());
+    assertEquals(svcPriority, https.getSvcPriority());
+    assertEquals(svcDomain, https.getTargetName());
+    assertEquals(
+        Arrays.asList(HTTPSRecord.MANDATORY, HTTPSRecord.ALPN, HTTPSRecord.IPV4HINT).toString(),
+        https.getSvcParamKeys().toString());
+    assertEquals("alpn", https.getSvcParamValue(HTTPSRecord.MANDATORY).toString());
+    assertEquals("h1,h2", https.getSvcParamValue(HTTPSRecord.ALPN).toString());
+    assertEquals("h1,h2", https.getSvcParamValue(HTTPSRecord.ALPN).toString());
+    assertNull(https.getSvcParamValue(1234));
+    Options.unset("BINDTTL");
+    Options.unset("noPrintIN");
+    assertEquals(
+        "test.com.\t\t300\tIN\tHTTPS\t5 svc.test.com. mandatory=alpn alpn=h1,h2 ipv4hint=1.2.3.4,5.6.7.8",
+        https.toString());
+  }
+
+  @Test
+  void aliasMode() throws IOException {
+    String str = "0 a.b.c.";
+    byte[] bytes = SVCBRecordTest.stringToWire(str);
+    byte[] expected = new byte[] {0, 0, 1, 'a', 1, 'b', 1, 'c', 0};
+    assertArrayEquals(expected, bytes);
+    assertEquals(str, SVCBRecordTest.wireToString(bytes));
+  }
+
+  @Test
+  void serviceModePort() throws IOException {
+    String str = "1 . port=8443";
+    byte[] bytes = SVCBRecordTest.stringToWire(str);
+    byte[] expected = new byte[] {0, 1, 0, 0, 3, 0, 2, 0x20, (byte) 0xFB};
+    assertArrayEquals(expected, bytes);
+    assertEquals(str, SVCBRecordTest.wireToString(bytes));
+  }
+
+  @Test
+  void serviceModeEchMulti() throws IOException {
+    String str = "1 h3pool. alpn=h2,h3 ech=1234";
+    assertEquals(str, SVCBRecordTest.stringToWireToString(str));
+  }
+
+  @Test
+  void unknownKey() {
+    String str = "1 . sport=8443";
+    assertThrows(TextParseException.class, () -> SVCBRecordTest.stringToWire(str));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/HeaderTest.java b/src/test/java/org/xbill/DNS/HeaderTest.java
index 2d9fcf2e8..81c989a76 100644
--- a/src/test/java/org/xbill/DNS/HeaderTest.java
+++ b/src/test/java/org/xbill/DNS/HeaderTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -34,6 +35,7 @@
 //
 package org.xbill.DNS;
 
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNotSame;
@@ -53,7 +55,7 @@ void setUp() {
   }
 
   @Test
-  void test_fixture_state() {
+  void fixture_state() {
     assertEquals(0xABCD, m_h.getID());
 
     boolean[] flags = m_h.getFlags();
@@ -69,7 +71,7 @@ void test_fixture_state() {
   }
 
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     m_h = new Header();
     assertTrue(0 <= m_h.getID() && m_h.getID() < 0xFFFF);
 
@@ -86,7 +88,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_ctor_DNSInput() throws IOException {
+  void ctor_DNSInput() throws IOException {
     byte[] raw =
         new byte[] {
           (byte) 0x12,
@@ -134,7 +136,7 @@ void test_ctor_DNSInput() throws IOException {
   }
 
   @Test
-  void test_toWire() throws IOException {
+  void toWire() throws IOException {
     byte[] raw =
         new byte[] {
           (byte) 0x12,
@@ -181,7 +183,7 @@ void test_toWire() throws IOException {
   }
 
   @Test
-  void test_flags() {
+  void flags() {
     m_h.setFlag(0);
     m_h.setFlag(5);
     assertTrue(m_h.getFlag(0));
@@ -211,7 +213,7 @@ void test_flags() {
   }
 
   @Test
-  void test_flags_invalid() {
+  void flags_invalid() {
     assertThrows(IllegalArgumentException.class, () -> m_h.setFlag(-1));
     assertThrows(IllegalArgumentException.class, () -> m_h.setFlag(1));
     assertThrows(IllegalArgumentException.class, () -> m_h.setFlag(16));
@@ -224,27 +226,27 @@ void test_flags_invalid() {
   }
 
   @Test
-  void test_ID() {
+  void ID() {
     assertEquals(0xABCD, m_h.getID());
 
     m_h = new Header();
 
     int id = m_h.getID();
     assertEquals(id, m_h.getID());
-    assertTrue(id >= 0 && id < 0xffff);
+    assertThat(id).isNotNegative().isLessThanOrEqualTo(0xffff);
 
     m_h.setID(0xDCBA);
     assertEquals(0xDCBA, m_h.getID());
   }
 
   @Test
-  void test_setID_invalid() {
+  void setID_invalid() {
     assertThrows(IllegalArgumentException.class, () -> m_h.setID(0x10000));
     assertThrows(IllegalArgumentException.class, () -> m_h.setID(-1));
   }
 
   @Test
-  void test_Rcode() {
+  void Rcode() {
     assertEquals(0, m_h.getRcode());
 
     m_h.setRcode(0xA); // 1010
@@ -258,13 +260,13 @@ void test_Rcode() {
   }
 
   @Test
-  void test_setRcode_invalid() {
+  void setRcode_invalid() {
     assertThrows(IllegalArgumentException.class, () -> m_h.setRcode(-1));
     assertThrows(IllegalArgumentException.class, () -> m_h.setRcode(0x100));
   }
 
   @Test
-  void test_Opcode() {
+  void Opcode() {
     assertEquals(0, m_h.getOpcode());
 
     m_h.setOpcode(0xE); // 1110
@@ -278,13 +280,13 @@ void test_Opcode() {
   }
 
   @Test
-  void test_setOpcode_invalid() {
+  void setOpcode_invalid() {
     assertThrows(IllegalArgumentException.class, () -> m_h.setOpcode(-1));
     assertThrows(IllegalArgumentException.class, () -> m_h.setOpcode(0x100));
   }
 
   @Test
-  void test_Count() {
+  void Count() {
     m_h.setCount(2, 0x1E);
     assertEquals(0, m_h.getCount(0));
     assertEquals(0, m_h.getCount(1));
@@ -299,7 +301,7 @@ void test_Count() {
   }
 
   @Test
-  void test_setCount_invalid() {
+  void setCount_invalid() {
     assertThrows(ArrayIndexOutOfBoundsException.class, () -> m_h.setCount(-1, 0));
     assertThrows(ArrayIndexOutOfBoundsException.class, () -> m_h.setCount(4, 0));
 
@@ -308,19 +310,19 @@ void test_setCount_invalid() {
   }
 
   @Test
-  void test_getCount_invalid() {
+  void getCount_invalid() {
     assertThrows(ArrayIndexOutOfBoundsException.class, () -> m_h.getCount(-1));
     assertThrows(ArrayIndexOutOfBoundsException.class, () -> m_h.getCount(4));
   }
 
   @Test
-  void test_incCount_invalid() {
+  void incCount_invalid() {
     m_h.setCount(1, 0xFFFF);
     assertThrows(IllegalStateException.class, () -> m_h.incCount(1));
   }
 
   @Test
-  void test_decCount_invalid() {
+  void decCount_invalid() {
     m_h.setCount(2, 0);
     assertThrows(IllegalStateException.class, () -> m_h.decCount(2));
   }
@@ -362,7 +364,7 @@ void test_clone() {
     m_h.setCount(1, 0xFF);
     m_h.setCount(2, 0x0A);
 
-    Header h2 = (Header) m_h.clone();
+    Header h2 = m_h.clone();
 
     assertNotSame(m_h, h2);
     assertEquals(m_h.getID(), h2.getID());
@@ -375,5 +377,10 @@ void test_clone() {
     for (int i = 0; i < 4; ++i) {
       assertEquals(m_h.getCount(i), h2.getCount(i));
     }
+
+    h2.setCount(1, 1);
+    h2.setCount(2, 1);
+    assertEquals(0xFF, m_h.getCount(1));
+    assertEquals(0x0A, m_h.getCount(2));
   }
 }
diff --git a/src/test/java/org/xbill/DNS/IPSECKEYRecordTest.java b/src/test/java/org/xbill/DNS/IPSECKEYRecordTest.java
index 52eac3b45..688def1a2 100644
--- a/src/test/java/org/xbill/DNS/IPSECKEYRecordTest.java
+++ b/src/test/java/org/xbill/DNS/IPSECKEYRecordTest.java
@@ -1,8 +1,9 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
 import java.net.InetAddress;
@@ -14,17 +15,17 @@ class IPSECKEYRecordTest {
 
   @Test
   void ctor_0arg() {
-    IPSECKEYRecord record = new IPSECKEYRecord();
-    assertEquals(0, record.getPrecedence());
-    assertEquals(0, record.getGatewayType());
-    assertEquals(0, record.getAlgorithmType());
-    assertNull(record.getGateway());
-    assertNull(record.getKey());
+    IPSECKEYRecord ipsecKey = new IPSECKEYRecord();
+    assertEquals(0, ipsecKey.getPrecedence());
+    assertEquals(0, ipsecKey.getGatewayType());
+    assertEquals(0, ipsecKey.getAlgorithmType());
+    assertNull(ipsecKey.getGateway());
+    assertNull(ipsecKey.getKey());
   }
 
   @Test
   void ctor_8arg() {
-    IPSECKEYRecord record =
+    IPSECKEYRecord ipsecKey =
         new IPSECKEYRecord(
             n,
             DClass.IN,
@@ -34,37 +35,37 @@ void ctor_8arg() {
             IPSECKEYRecord.Algorithm.DSA,
             n,
             "".getBytes());
-    assertEquals(1, record.getPrecedence());
-    assertEquals(IPSECKEYRecord.Gateway.Name, record.getGatewayType());
-    assertEquals(IPSECKEYRecord.Algorithm.DSA, record.getAlgorithmType());
-    assertEquals(n, record.getGateway());
-    assertEquals(0, record.getKey().length);
+    assertEquals(1, ipsecKey.getPrecedence());
+    assertEquals(IPSECKEYRecord.Gateway.Name, ipsecKey.getGatewayType());
+    assertEquals(IPSECKEYRecord.Algorithm.DSA, ipsecKey.getAlgorithmType());
+    assertEquals(n, ipsecKey.getGateway());
+    assertEquals(0, ipsecKey.getKey().length);
   }
 
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("10 0 2 . CAFEBABE");
-    IPSECKEYRecord record = new IPSECKEYRecord();
-    record.rdataFromString(t, null);
-    assertEquals(10, record.getPrecedence());
-    assertEquals(IPSECKEYRecord.Gateway.None, record.getGatewayType());
-    assertEquals(IPSECKEYRecord.Algorithm.RSA, record.getAlgorithmType());
-    assertNull(record.getGateway());
-    assertEquals(6, record.getKey().length);
-    record = new IPSECKEYRecord();
+    IPSECKEYRecord ipseckey = new IPSECKEYRecord();
+    ipseckey.rdataFromString(t, null);
+    assertEquals(10, ipseckey.getPrecedence());
+    assertEquals(IPSECKEYRecord.Gateway.None, ipseckey.getGatewayType());
+    assertEquals(IPSECKEYRecord.Algorithm.RSA, ipseckey.getAlgorithmType());
+    assertNull(ipseckey.getGateway());
+    assertEquals(6, ipseckey.getKey().length);
+    ipseckey = new IPSECKEYRecord();
     t = new Tokenizer("( 10 1 2 192.0.2.3 CAFEBABE )");
-    record.rdataFromString(t, null);
-    assertEquals(1, record.getGatewayType());
-    assertTrue(record.getGateway() instanceof InetAddress);
-    record = new IPSECKEYRecord();
+    ipseckey.rdataFromString(t, null);
+    assertEquals(1, ipseckey.getGatewayType());
+    assertInstanceOf(InetAddress.class, ipseckey.getGateway());
+    ipseckey = new IPSECKEYRecord();
     t = new Tokenizer("10 2 2 2001:0DB8:0:8002::2000:1 CAFEBABE");
-    record.rdataFromString(t, null);
-    assertEquals(2, record.getGatewayType());
-    assertTrue(record.getGateway() instanceof InetAddress);
-    record = new IPSECKEYRecord();
+    ipseckey.rdataFromString(t, null);
+    assertEquals(2, ipseckey.getGatewayType());
+    assertInstanceOf(InetAddress.class, ipseckey.getGateway());
+    ipseckey = new IPSECKEYRecord();
     t = new Tokenizer("10 3 2 mygateway.example.com. CAFEBABE");
-    record.rdataFromString(t, null);
-    assertEquals(3, record.getGatewayType());
-    assertEquals(Name.fromConstantString("mygateway.example.com."), record.getGateway());
+    ipseckey.rdataFromString(t, null);
+    assertEquals(3, ipseckey.getGatewayType());
+    assertEquals(Name.fromConstantString("mygateway.example.com."), ipseckey.getGateway());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/ISDNRecordTest.java b/src/test/java/org/xbill/DNS/ISDNRecordTest.java
index ba941285a..ec28ccac3 100644
--- a/src/test/java/org/xbill/DNS/ISDNRecordTest.java
+++ b/src/test/java/org/xbill/DNS/ISDNRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -11,17 +12,17 @@ class ISDNRecordTest {
 
   @Test
   void ctor_5arg() {
-    ISDNRecord record = new ISDNRecord(n, DClass.IN, 0, "foo", "bar");
-    assertEquals("foo", record.getAddress());
-    assertEquals("bar", record.getSubAddress());
+    ISDNRecord isdn = new ISDNRecord(n, DClass.IN, 0, "foo", "bar");
+    assertEquals("foo", isdn.getAddress());
+    assertEquals("bar", isdn.getSubAddress());
   }
 
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("150862028003217 004");
-    ISDNRecord record = new ISDNRecord();
-    record.rdataFromString(t, null);
-    assertEquals("150862028003217", record.getAddress());
-    assertEquals("004", record.getSubAddress());
+    ISDNRecord isdn = new ISDNRecord();
+    isdn.rdataFromString(t, null);
+    assertEquals("150862028003217", isdn.getAddress());
+    assertEquals("004", isdn.getSubAddress());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/KEYBaseTest.java b/src/test/java/org/xbill/DNS/KEYBaseTest.java
index 0fbbf2a8c..eb62021f1 100644
--- a/src/test/java/org/xbill/DNS/KEYBaseTest.java
+++ b/src/test/java/org/xbill/DNS/KEYBaseTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -53,16 +54,11 @@ private static class TestClass extends KEYBase {
     }
 
     @Override
-    public Record getObject() {
-      return null;
-    }
-
-    @Override
-    void rdataFromString(Tokenizer st, Name origin) {}
+    protected void rdataFromString(Tokenizer st, Name origin) {}
   }
 
   @Test
-  void test_ctor() throws TextParseException {
+  void ctor() throws TextParseException {
     TestClass tc = new TestClass();
     assertEquals(0, tc.getFlags());
     assertEquals(0, tc.getProtocol());
@@ -86,7 +82,7 @@ void test_ctor() throws TextParseException {
   }
 
   @Test
-  void test_rrFromWire() throws IOException {
+  void rrFromWire() throws IOException {
     byte[] raw = new byte[] {(byte) 0xAB, (byte) 0xCD, (byte) 0xEF, (byte) 0x19, 1, 2, 3, 4, 5};
     DNSInput in = new DNSInput(raw);
 
@@ -111,7 +107,7 @@ void test_rrFromWire() throws IOException {
   }
 
   @Test
-  void test_rrToString() throws IOException {
+  void rrToString() throws IOException {
     Name n = Name.fromString("my.name.");
     byte[] key =
         new byte[] {0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF};
@@ -135,7 +131,7 @@ void test_rrToString() throws IOException {
   }
 
   @Test
-  void test_getFootprint() throws TextParseException {
+  void getFootprint() throws TextParseException {
     Name n = Name.fromString("my.name.");
     byte[] key =
         new byte[] {0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF};
@@ -166,7 +162,7 @@ void test_getFootprint() throws TextParseException {
   }
 
   @Test
-  void test_rrToWire() throws IOException {
+  void rrToWire() throws IOException {
     Name n = Name.fromString("my.name.");
     byte[] key =
         new byte[] {0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF};
diff --git a/src/test/java/org/xbill/DNS/KEYRecordTest.java b/src/test/java/org/xbill/DNS/KEYRecordTest.java
index eecea415c..96e51e489 100644
--- a/src/test/java/org/xbill/DNS/KEYRecordTest.java
+++ b/src/test/java/org/xbill/DNS/KEYRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -38,14 +39,13 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
 import org.junit.jupiter.api.Test;
 
 class KEYRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     KEYRecord ar = new KEYRecord();
     assertNull(ar.getName());
     assertEquals(0, ar.getType());
@@ -59,14 +59,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_getObject() {
-    KEYRecord ar = new KEYRecord();
-    Record r = ar.getObject();
-    assertTrue(r instanceof KEYRecord);
-  }
-
-  @Test
-  void test_ctor_7arg() throws TextParseException {
+  void ctor_7arg() throws TextParseException {
     Name n = Name.fromString("My.Absolute.Name.");
     Name r = Name.fromString("My.Relative.Name");
     byte[] key = new byte[] {0, 1, 3, 5, 7, 9};
@@ -88,7 +81,7 @@ void test_ctor_7arg() throws TextParseException {
   }
 
   @Test
-  void test_Protocol_string() {
+  void Protocol_string() {
     // a regular one
     assertEquals("DNSSEC", KEYRecord.Protocol.string(KEYRecord.Protocol.DNSSEC));
     // a unassigned value within range
@@ -100,7 +93,7 @@ void test_Protocol_string() {
   }
 
   @Test
-  void test_Protocol_value() {
+  void Protocol_value() {
     // a regular one
     assertEquals(KEYRecord.Protocol.IPSEC, KEYRecord.Protocol.value("IPSEC"));
     // a unassigned value within range
@@ -112,7 +105,7 @@ void test_Protocol_value() {
   }
 
   @Test
-  void test_Flags_value() {
+  void Flags_value() {
     // numeric
 
     // lower bound
@@ -141,7 +134,7 @@ void test_Flags_value() {
   }
 
   @Test
-  void test_rdataFromString() throws IOException {
+  void rdataFromString() throws IOException {
     // basic
     KEYRecord kr = new KEYRecord();
     Tokenizer st = new Tokenizer("NOAUTH|ZONE|FLAG10 EMAIL RSASHA1 AQIDBAUGBwgJ");
diff --git a/src/test/java/org/xbill/DNS/KXRecordTest.java b/src/test/java/org/xbill/DNS/KXRecordTest.java
index 42cbd748f..ce5e7e6c8 100644
--- a/src/test/java/org/xbill/DNS/KXRecordTest.java
+++ b/src/test/java/org/xbill/DNS/KXRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -35,20 +36,12 @@
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
 
 class KXRecordTest {
   @Test
-  void test_getObject() {
-    KXRecord d = new KXRecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof KXRecord);
-  }
-
-  @Test
-  void test_ctor_5arg() throws TextParseException {
+  void ctor_5arg() throws TextParseException {
     Name n = Name.fromString("My.Name.");
     Name m = Name.fromString("My.OtherName.");
 
diff --git a/src/test/java/org/xbill/DNS/LOCRecordTest.java b/src/test/java/org/xbill/DNS/LOCRecordTest.java
index 95c83d079..9ec9571f5 100644
--- a/src/test/java/org/xbill/DNS/LOCRecordTest.java
+++ b/src/test/java/org/xbill/DNS/LOCRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -11,36 +12,36 @@ class LOCRecordTest {
 
   @Test
   void ctor_0arg() {
-    LOCRecord record = new LOCRecord();
-    assertEquals(0.0, record.getVPrecision());
-    assertEquals(0.0, record.getHPrecision());
-    assertEquals(-100000.0, record.getAltitude());
-    assertEquals(-596.52323, record.getLongitude(), 0.1);
-    assertEquals(-596.52323, record.getLatitude(), 0.1);
-    assertEquals(0.0, record.getSize());
+    LOCRecord loc = new LOCRecord();
+    assertEquals(0.0, loc.getVPrecision());
+    assertEquals(0.0, loc.getHPrecision());
+    assertEquals(-100000.0, loc.getAltitude());
+    assertEquals(-596.52323, loc.getLongitude(), 0.1);
+    assertEquals(-596.52323, loc.getLatitude(), 0.1);
+    assertEquals(0.0, loc.getSize());
   }
 
   @Test
   void ctor_9arg() {
-    LOCRecord record = new LOCRecord(n, DClass.IN, 0, 1.5, 2.5, 3.5, 4.5, 5.5, 6.5);
-    assertEquals(6.5, record.getVPrecision());
-    assertEquals(5.5, record.getHPrecision());
-    assertEquals(3.5, record.getAltitude());
-    assertEquals(2.5, record.getLongitude());
-    assertEquals(1.5, record.getLatitude());
-    assertEquals(4.5, record.getSize());
+    LOCRecord loc = new LOCRecord(n, DClass.IN, 0, 1.5, 2.5, 3.5, 4.5, 5.5, 6.5);
+    assertEquals(6.5, loc.getVPrecision());
+    assertEquals(5.5, loc.getHPrecision());
+    assertEquals(3.5, loc.getAltitude());
+    assertEquals(2.5, loc.getLongitude());
+    assertEquals(1.5, loc.getLatitude());
+    assertEquals(4.5, loc.getSize());
   }
 
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("52 22 23.000 N 4 53 32.000 E -2.00m 0.00m 10000m 10m");
-    LOCRecord record = new LOCRecord();
-    record.rdataFromString(t, null);
-    assertEquals(10.0, record.getVPrecision());
-    assertEquals(10000.0, record.getHPrecision());
-    assertEquals(-2.0, record.getAltitude());
-    assertEquals(4.892, record.getLongitude(), 0.1);
-    assertEquals(52.373, record.getLatitude(), 0.1);
-    assertEquals(0.0, record.getSize());
+    LOCRecord loc = new LOCRecord();
+    loc.rdataFromString(t, null);
+    assertEquals(10.0, loc.getVPrecision());
+    assertEquals(10000.0, loc.getHPrecision());
+    assertEquals(-2.0, loc.getAltitude());
+    assertEquals(4.892, loc.getLongitude(), 0.1);
+    assertEquals(52.373, loc.getLatitude(), 0.1);
+    assertEquals(0.0, loc.getSize());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/LookupTest.java b/src/test/java/org/xbill/DNS/LookupTest.java
new file mode 100644
index 000000000..f3eb848d1
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/LookupTest.java
@@ -0,0 +1,487 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static java.util.Arrays.asList;
+import static java.util.Collections.singletonList;
+import static java.util.stream.Collectors.joining;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.xbill.DNS.ResolverConfig.CONFIGPROVIDER_SKIP_INIT;
+
+import java.io.IOException;
+import java.io.InterruptedIOException;
+import java.net.InetAddress;
+import java.net.URISyntaxException;
+import java.net.UnknownHostException;
+import java.nio.file.Paths;
+import java.util.List;
+import java.util.function.Function;
+import java.util.stream.IntStream;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mockito;
+import org.xbill.DNS.hosts.HostsFileParser;
+
+public class LookupTest {
+  public static final Name DUMMY_NAME = Name.fromConstantString("to.be.replaced.");
+  public static final String LONG_LABEL =
+      IntStream.range(0, 63).mapToObj(i -> "a").collect(joining());
+
+  private Resolver mockResolver;
+
+  @BeforeEach
+  void before() {
+    System.setProperty(CONFIGPROVIDER_SKIP_INIT, "true");
+    mockResolver = Mockito.mock(Resolver.class);
+  }
+
+  @AfterEach
+  void after() {
+    System.clearProperty(CONFIGPROVIDER_SKIP_INIT);
+  }
+
+  @Test
+  void testRun_absoluteQuery() throws Exception {
+    wireUpMockResolver(mockResolver, this::simpleAnswer);
+
+    Record[] results = makeLookupWithResolver(mockResolver, "example.com.").run();
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockResolver).send(messageCaptor.capture());
+
+    assertEquals(
+        Record.newRecord(Name.fromConstantString("example.com."), Type.A, DClass.IN, 0L),
+        messageCaptor.getValue().getSection(Section.QUESTION).get(0));
+
+    assertEquals(1, results.length);
+  }
+
+  @Test
+  void testRun_relativeQueryIsMadeAbsolute() throws Exception {
+    wireUpMockResolver(mockResolver, this::simpleAnswer);
+
+    Record[] results = makeLookupWithResolver(mockResolver, "example.com").run();
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockResolver).send(messageCaptor.capture());
+
+    assertEquals(
+        Record.newRecord(Name.fromConstantString("example.com."), Type.A, DClass.IN, 0L),
+        messageCaptor.getValue().getSection(Section.QUESTION).get(0));
+
+    assertEquals(1, results.length);
+  }
+
+  @Test
+  void testRun_searchAppended() throws Exception {
+    wireUpMockResolver(mockResolver, this::simpleAnswer);
+
+    Lookup lookup = makeLookupWithResolver(mockResolver, "host");
+    lookup.setSearchPath("example.com");
+    Record[] results = lookup.run();
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockResolver).send(messageCaptor.capture());
+
+    assertEquals(
+        Record.newRecord(Name.fromConstantString("host.example.com."), Type.A, DClass.IN, 0L),
+        messageCaptor.getValue().getSection(Section.QUESTION).get(0));
+
+    assertEquals(1, results.length);
+  }
+
+  @Test
+  void testRun_searchPathAndTooManyDots() throws Exception {
+    wireUpMockResolver(mockResolver, this::simpleAnswer);
+
+    Lookup lookup = makeLookupWithResolver(mockResolver, "host.subdomain");
+    lookup.setSearchPath("example.com");
+    Record[] results = lookup.run();
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockResolver).send(messageCaptor.capture());
+
+    assertEquals(
+        Record.newRecord(Name.fromConstantString("host.subdomain."), Type.A, DClass.IN, 0L),
+        messageCaptor.getValue().getSection(Section.QUESTION).get(0));
+
+    assertEquals(1, results.length);
+  }
+
+  @Test
+  void testRun_firstSearchPathAppendedHitsCNAME() throws Exception {
+    wireUpMockResolver(mockResolver, this::maybeCnameAnswer);
+
+    Lookup lookup = makeLookupWithResolver(mockResolver, "hostX");
+    lookup.setSearchPath("first.example.com", "second.example.com");
+    Record[] results = lookup.run();
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockResolver, times(2)).send(messageCaptor.capture());
+
+    List<Message> queries = messageCaptor.getAllValues();
+
+    assertEquals(
+        Record.newRecord(
+            Name.fromConstantString("hostX.first.example.com."), Type.A, DClass.IN, 0L),
+        queries.get(0).getQuestion());
+    assertEquals(
+        Record.newRecord(Name.fromConstantString("target.example.com."), Type.A, DClass.IN, 0L),
+        queries.get(1).getQuestion());
+
+    assertEquals(1, results.length);
+    assertEquals(Name.fromConstantString("target.example.com."), results[0].getName());
+    assertEquals(
+        singletonList(Name.fromConstantString("hostX.first.example.com.")),
+        asList(lookup.getAliases()));
+  }
+
+  Message maybeCnameAnswer(Message query) {
+    return answer(
+        query,
+        name -> {
+          if (name.toString().equals("hostX.first.example.com.")) {
+            return new CNAMERecord(
+                DUMMY_NAME, DClass.IN, 0, Name.fromConstantString("target.example.com."));
+          }
+          return new ARecord(DUMMY_NAME, DClass.IN, 0, InetAddress.getLoopbackAddress());
+        });
+  }
+
+  @Test
+  void testRun_firstSearchPathHitsServFail() throws Exception {
+    wireUpMockResolver(mockResolver, this::firstSERVFAILThenA);
+
+    Lookup lookup = makeLookupWithResolver(mockResolver, "host2");
+    lookup.setSearchPath("first.example.com", "second.example.com");
+    Record[] results = lookup.run();
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockResolver, times(2)).send(messageCaptor.capture());
+
+    List<Message> queries = messageCaptor.getAllValues();
+
+    assertEquals(
+        Record.newRecord(
+            Name.fromConstantString("host2.first.example.com."), Type.A, DClass.IN, 0L),
+        queries.get(0).getQuestion());
+    assertEquals(
+        Record.newRecord(
+            Name.fromConstantString("host2.second.example.com."), Type.A, DClass.IN, 0L),
+        queries.get(1).getQuestion());
+
+    assertEquals(1, results.length);
+    assertEquals(Lookup.SUCCESSFUL, lookup.getResult());
+  }
+
+  Message firstSERVFAILThenA(Message query) {
+    Message answer = new Message(query.getHeader().getID());
+    answer.addRecord(query.getQuestion(), Section.QUESTION);
+    Name questionName = query.getQuestion().getName();
+    if (questionName.equals(Name.fromConstantString("host2.first.example.com."))) {
+      answer.getHeader().setRcode(Rcode.SERVFAIL);
+    } else {
+      Record r = new ARecord(questionName, DClass.IN, 0, InetAddress.getLoopbackAddress());
+      answer.addRecord(r, Section.ANSWER);
+    }
+    return answer;
+  }
+
+  @Test
+  void testRun_CNAMELoop() throws Exception {
+    wireUpMockResolver(mockResolver, this::cnameLoopAnswer);
+
+    Lookup lookup = makeLookupWithResolver(mockResolver, "host");
+    lookup.setSearchPath("first.example.com", "second.example.com");
+    Record[] results = lookup.run();
+
+    assertNull(results);
+    assertEquals(Lookup.UNRECOVERABLE, lookup.getResult());
+    assertEquals("CNAME loop", lookup.getErrorString());
+  }
+
+  Message cnameLoopAnswer(Message query) {
+    return answer(
+        query,
+        name -> {
+          if (name.toString().equals("first.example.com.")) {
+            return new CNAMERecord(
+                DUMMY_NAME, DClass.IN, 0, Name.fromConstantString("second.example.com."));
+          }
+          return new CNAMERecord(
+              DUMMY_NAME, DClass.IN, 0, Name.fromConstantString("first.example.com."));
+        });
+  }
+
+  @Test
+  void testRun_reuseLookup() throws Exception {
+    wireUpMockResolver(mockResolver, this::simpleAnswer);
+
+    Lookup lookup = makeLookupWithResolver(mockResolver, "host");
+    lookup.setSearchPath("first.example.com", "second.example.com");
+    Record[] results = lookup.run();
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockResolver, times(1)).send(messageCaptor.capture());
+
+    List<Message> queries = messageCaptor.getAllValues();
+
+    assertEquals(
+        Record.newRecord(Name.fromConstantString("host.first.example.com."), Type.A, DClass.IN, 0L),
+        queries.get(0).getQuestion());
+
+    assertEquals(1, results.length);
+
+    results = lookup.run();
+    assertEquals(1, results.length);
+  }
+
+  @Test
+  void testRun_networkError() throws Exception {
+    when(mockResolver.send(any())).thenThrow(IOException.class);
+
+    Lookup lookup = makeLookupWithResolver(mockResolver, "host");
+    Record[] results = lookup.run();
+
+    assertNull(results);
+    assertEquals(Lookup.TRY_AGAIN, lookup.getResult());
+    assertEquals("network error", lookup.getErrorString());
+  }
+
+  @Test
+  void testRun_timeoutError() throws Exception {
+    when(mockResolver.send(any())).thenThrow(InterruptedIOException.class);
+
+    Lookup lookup = makeLookupWithResolver(mockResolver, "host");
+    Record[] results = lookup.run();
+
+    assertNull(results);
+    assertEquals(Lookup.TRY_AGAIN, lookup.getResult());
+    assertEquals("timed out", lookup.getErrorString());
+  }
+
+  @Test
+  void testRun_servFail() {
+    wireUpMockResolver(mockResolver, query -> fail(query, Rcode.SERVFAIL));
+
+    Lookup lookup = makeLookupWithResolver(mockResolver, "host");
+    Record[] results = lookup.run();
+
+    assertNull(results);
+    assertEquals(Lookup.TRY_AGAIN, lookup.getResult());
+    assertEquals("SERVFAIL", lookup.getErrorString());
+  }
+
+  @Test
+  void testRun_notFound() {
+    wireUpMockResolver(mockResolver, query -> fail(query, Rcode.NXDOMAIN));
+
+    Lookup lookup = makeLookupWithResolver(mockResolver, "host");
+    Record[] results = lookup.run();
+
+    assertNull(results);
+    assertEquals(Lookup.HOST_NOT_FOUND, lookup.getResult());
+    assertEquals("host not found", lookup.getErrorString());
+  }
+
+  @Test
+  void testRun_concatenatedNameTooLong() throws Exception {
+    wireUpMockResolver(mockResolver, this::simpleAnswer);
+
+    Lookup lookup = makeLookupWithResolver(mockResolver, LONG_LABEL);
+    // search path has a suffix that will make the combined name too long
+    lookup.setSearchPath(String.format("%s.%s.%s", LONG_LABEL, LONG_LABEL, LONG_LABEL));
+    Record[] results = lookup.run();
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockResolver).send(messageCaptor.capture());
+
+    // The current (somewhat surprising) behaviour is that the NameTooLongException is silently
+    // ignored, and resolution falls back to converting longName to an absolute name and querying
+    // that
+    assertEquals(
+        Record.newRecord(Name.fromConstantString(LONG_LABEL + "."), Type.A, DClass.IN, 0L),
+        messageCaptor.getValue().getSection(Section.QUESTION).get(0));
+
+    assertEquals(1, results.length);
+  }
+
+  @Test
+  void testNdots1() throws Exception {
+    mockResolver = Mockito.mock(Resolver.class);
+    wireUpMockResolver(mockResolver, this::simpleAnswer);
+    Lookup l = makeLookupWithResolver(mockResolver, "example.com");
+    l.setSearchPath("namespace.svc.cluster.local", "svc.cluster.local", "cluster.local");
+    Record[] results = l.run();
+    verify(mockResolver, times(1)).send(any(Message.class));
+    assertEquals(1, results.length);
+  }
+
+  @Test
+  void testNdotsFallbackToAbsolute() throws Exception {
+    mockResolver = Mockito.mock(Resolver.class);
+    wireUpMockResolver(mockResolver, name -> goodAnswerWhenNLabels(name, 3));
+    Lookup l = makeLookupWithResolver(mockResolver, "example.com");
+    l.setSearchPath("namespace.svc.cluster.local", "svc.cluster.local", "cluster.local");
+    l.setNdots(5);
+    Record[] results = l.run();
+    verify(mockResolver, times(4)).send(any(Message.class));
+    assertEquals(1, results.length);
+  }
+
+  @Test
+  void testNdotsFallbackToAbsoluteButNotTwice() throws Exception {
+    mockResolver = Mockito.mock(Resolver.class);
+    // Never answer with a positive response
+    wireUpMockResolver(mockResolver, name -> goodAnswerWhenNLabels(name, -1));
+    // Two dots with ndots=2, so implicitly absolute
+    Lookup l = makeLookupWithResolver(mockResolver, "service.example.com");
+    l.setNdots(2);
+    Record[] results = l.run();
+    verify(mockResolver, times(1)).send(any(Message.class));
+    assertThat(results).isNull();
+    assertThat(l.getResult()).isEqualTo(Lookup.HOST_NOT_FOUND);
+  }
+
+  @Test
+  void testLookup_constructorFailsWithMetaTypes() {
+    assertThrows(IllegalArgumentException.class, () -> new Lookup("example.com.", Type.OPT));
+  }
+
+  @Test
+  void testLookupFromHosts() throws TextParseException, URISyntaxException, UnknownHostException {
+    Lookup lookup = new Lookup("host.docker.internal", Type.A);
+    wireUpMockResolver(
+        mockResolver,
+        q -> {
+          throw new RuntimeException("The resolver should not be invoked");
+        });
+    lookup.setResolver(mockResolver);
+    lookup.setHostsFileParser(
+        new HostsFileParser(Paths.get(LookupTest.class.getResource("/hosts_example").toURI())));
+    Record[] run = lookup.run();
+    assertNotNull(run);
+    assertEquals(1, run.length);
+    assertEquals(
+        InetAddress.getByAddress(
+            "host.docker.internal", new byte[] {(byte) 192, (byte) 168, 10, 96}),
+        ((ARecord) run[0]).getAddress());
+  }
+
+  @Test
+  void testLookupFromHostsWithSearchDomain()
+      throws TextParseException, URISyntaxException, UnknownHostException {
+    Lookup lookup = new Lookup("host", Type.A);
+    lookup.setSearchPath("docker.internal");
+    wireUpMockResolver(
+        mockResolver,
+        q -> {
+          throw new RuntimeException("The resolver should not be invoked");
+        });
+    lookup.setResolver(mockResolver);
+    lookup.setHostsFileParser(
+        new HostsFileParser(Paths.get(LookupTest.class.getResource("/hosts_example").toURI())));
+    Record[] run = lookup.run();
+    assertNotNull(run);
+    assertEquals(1, run.length);
+    assertEquals(
+        InetAddress.getByAddress(
+            "host.docker.internal", new byte[] {(byte) 192, (byte) 168, 10, 96}),
+        ((ARecord) run[0]).getAddress());
+  }
+
+  private Message goodAnswerWhenNLabels(Message query, int numLabels) {
+    return answer(
+        query,
+        name -> {
+          if (name.labels() == numLabels) {
+            return new ARecord(DUMMY_NAME, DClass.IN, 60, InetAddress.getLoopbackAddress());
+          } else {
+            return null;
+          }
+        });
+  }
+
+  private Lookup makeLookupWithResolver(Resolver resolver, String name) {
+    Name queryName = Name.fromConstantString(name);
+    Lookup lookup = new Lookup(queryName, Type.A);
+    try {
+      lookup.setSearchPath((String[]) null);
+    } catch (TextParseException e) {
+      throw new RuntimeException(e);
+    }
+    lookup.setCache(null);
+    lookup.setResolver(resolver);
+    return lookup;
+  }
+
+  private void wireUpMockResolver(Resolver mockResolver, Function<Message, Message> handler) {
+    try {
+      when(mockResolver.send(any(Message.class)))
+          .thenAnswer(
+              invocation -> {
+                Message query = invocation.getArgument(0);
+                return handler.apply(query);
+              });
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  public static Message fail(Message query, int code) {
+    Message answer = new Message(query.getHeader().getID());
+    answer.addRecord(query.getQuestion(), Section.QUESTION);
+    answer.getHeader().setRcode(code);
+    return answer;
+  }
+
+  private Message simpleAnswer(Message query) {
+    Record r = new ARecord(DUMMY_NAME, DClass.IN, 60, InetAddress.getLoopbackAddress());
+    return answer(query, name -> r);
+  }
+
+  public static Message answer(Message query, Function<Name, Record> recordMaker) {
+    Message answer = new Message(query.getHeader().getID());
+    answer.addRecord(query.getQuestion(), Section.QUESTION);
+    Name questionName = query.getQuestion().getName();
+    Record response = recordMaker.apply(questionName);
+    if (response == null) {
+      answer.getHeader().setRcode(Rcode.NXDOMAIN);
+    } else {
+      if (DUMMY_NAME.equals(response.getName())) {
+        response = response.withName(query.getQuestion().getName());
+      }
+      response.setTTL(120);
+      answer.addRecord(response, Section.ANSWER);
+    }
+    return answer;
+  }
+
+  public static Message multiAnswer(Message query, Function<Name, Record[]> recordMaker) {
+    Message answer = new Message(query.getHeader().getID());
+    answer.addRecord(query.getQuestion(), Section.QUESTION);
+    Name questionName = query.getQuestion().getName();
+    Record[] response = recordMaker.apply(questionName);
+    if (response == null) {
+      answer.getHeader().setRcode(Rcode.NXDOMAIN);
+    } else {
+      for (Record r : response) {
+        if (DUMMY_NAME.equals(r.getName())) {
+          r = r.withName(query.getQuestion().getName());
+        }
+        r.setTTL(120);
+        answer.addRecord(r, Section.ANSWER);
+      }
+    }
+    return answer;
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/MBRecordTest.java b/src/test/java/org/xbill/DNS/MBRecordTest.java
index 6e9c6c2dd..a4bcf71dc 100644
--- a/src/test/java/org/xbill/DNS/MBRecordTest.java
+++ b/src/test/java/org/xbill/DNS/MBRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,13 +37,12 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
 
 class MBRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     MBRecord d = new MBRecord();
     assertNull(d.getName());
     assertNull(d.getAdditionalName());
@@ -50,7 +50,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_ctor_4arg() throws TextParseException {
+  void ctor_4arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name a = Name.fromString("my.alias.");
 
@@ -62,11 +62,4 @@ void test_ctor_4arg() throws TextParseException {
     assertEquals(a, d.getAdditionalName());
     assertEquals(a, d.getMailbox());
   }
-
-  @Test
-  void test_getObject() {
-    MBRecord d = new MBRecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof MBRecord);
-  }
 }
diff --git a/src/test/java/org/xbill/DNS/MDRecordTest.java b/src/test/java/org/xbill/DNS/MDRecordTest.java
index 774ccd1e9..c7977c814 100644
--- a/src/test/java/org/xbill/DNS/MDRecordTest.java
+++ b/src/test/java/org/xbill/DNS/MDRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,13 +37,12 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
 
 class MDRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     MDRecord d = new MDRecord();
     assertNull(d.getName());
     assertNull(d.getAdditionalName());
@@ -50,7 +50,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_ctor_4arg() throws TextParseException {
+  void ctor_4arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name a = Name.fromString("my.alias.");
 
@@ -62,11 +62,4 @@ void test_ctor_4arg() throws TextParseException {
     assertEquals(a, d.getAdditionalName());
     assertEquals(a, d.getMailAgent());
   }
-
-  @Test
-  void test_getObject() {
-    MDRecord d = new MDRecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof MDRecord);
-  }
 }
diff --git a/src/test/java/org/xbill/DNS/MFRecordTest.java b/src/test/java/org/xbill/DNS/MFRecordTest.java
index 56d926e56..b245b6d6b 100644
--- a/src/test/java/org/xbill/DNS/MFRecordTest.java
+++ b/src/test/java/org/xbill/DNS/MFRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,13 +37,12 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
 
 class MFRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     MFRecord d = new MFRecord();
     assertNull(d.getName());
     assertNull(d.getAdditionalName());
@@ -50,7 +50,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_ctor_4arg() throws TextParseException {
+  void ctor_4arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name a = Name.fromString("my.alias.");
 
@@ -62,11 +62,4 @@ void test_ctor_4arg() throws TextParseException {
     assertEquals(a, d.getAdditionalName());
     assertEquals(a, d.getMailAgent());
   }
-
-  @Test
-  void test_getObject() {
-    MFRecord d = new MFRecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof MFRecord);
-  }
 }
diff --git a/src/test/java/org/xbill/DNS/MGRecordTest.java b/src/test/java/org/xbill/DNS/MGRecordTest.java
index 1f9ee3ad8..ca9a9b12f 100644
--- a/src/test/java/org/xbill/DNS/MGRecordTest.java
+++ b/src/test/java/org/xbill/DNS/MGRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,20 +37,19 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
 
 class MGRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     MGRecord d = new MGRecord();
     assertNull(d.getName());
     assertNull(d.getMailbox());
   }
 
   @Test
-  void test_ctor_4arg() throws TextParseException {
+  void ctor_4arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name a = Name.fromString("my.alias.");
 
@@ -60,11 +60,4 @@ void test_ctor_4arg() throws TextParseException {
     assertEquals(0xABCDEL, d.getTTL());
     assertEquals(a, d.getMailbox());
   }
-
-  @Test
-  void test_getObject() {
-    MGRecord d = new MGRecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof MGRecord);
-  }
 }
diff --git a/src/test/java/org/xbill/DNS/MINFORecordTest.java b/src/test/java/org/xbill/DNS/MINFORecordTest.java
index 1769c5896..f86677392 100644
--- a/src/test/java/org/xbill/DNS/MINFORecordTest.java
+++ b/src/test/java/org/xbill/DNS/MINFORecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -13,17 +14,17 @@ class MINFORecordTest {
   void ctor_5arg() {
     Name respAddress = Name.fromConstantString("example.com.");
     Name errorAddress = Name.fromConstantString("error.com.");
-    MINFORecord record = new MINFORecord(n, DClass.IN, 0, respAddress, errorAddress);
-    assertEquals(respAddress, record.getResponsibleAddress());
-    assertEquals(errorAddress, record.getErrorAddress());
+    MINFORecord minfo = new MINFORecord(n, DClass.IN, 0, respAddress, errorAddress);
+    assertEquals(respAddress, minfo.getResponsibleAddress());
+    assertEquals(errorAddress, minfo.getErrorAddress());
   }
 
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("foo.com. bar.com.");
-    MINFORecord record = new MINFORecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("foo.com."), record.getResponsibleAddress());
-    assertEquals(Name.fromConstantString("bar.com."), record.getErrorAddress());
+    MINFORecord minfo = new MINFORecord();
+    minfo.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("foo.com."), minfo.getResponsibleAddress());
+    assertEquals(Name.fromConstantString("bar.com."), minfo.getErrorAddress());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/MRRecordTest.java b/src/test/java/org/xbill/DNS/MRRecordTest.java
index 086d516e8..d2e7b9418 100644
--- a/src/test/java/org/xbill/DNS/MRRecordTest.java
+++ b/src/test/java/org/xbill/DNS/MRRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,20 +37,19 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
 
 class MRRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     MRRecord d = new MRRecord();
     assertNull(d.getName());
     assertNull(d.getNewName());
   }
 
   @Test
-  void test_ctor_4arg() throws TextParseException {
+  void ctor_4arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name a = Name.fromString("my.alias.");
 
@@ -60,11 +60,4 @@ void test_ctor_4arg() throws TextParseException {
     assertEquals(0xABCDEL, d.getTTL());
     assertEquals(a, d.getNewName());
   }
-
-  @Test
-  void test_getObject() {
-    MRRecord d = new MRRecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof MRRecord);
-  }
 }
diff --git a/src/test/java/org/xbill/DNS/MXRecordTest.java b/src/test/java/org/xbill/DNS/MXRecordTest.java
index 1f48a6ae7..74e0fcafe 100644
--- a/src/test/java/org/xbill/DNS/MXRecordTest.java
+++ b/src/test/java/org/xbill/DNS/MXRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,21 +37,13 @@
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
 import org.junit.jupiter.api.Test;
 
 class MXRecordTest {
   @Test
-  void test_getObject() {
-    MXRecord d = new MXRecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof MXRecord);
-  }
-
-  @Test
-  void test_ctor_5arg() throws TextParseException {
+  void ctor_5arg() throws TextParseException {
     Name n = Name.fromString("My.Name.");
     Name m = Name.fromString("My.OtherName.");
 
@@ -65,7 +58,7 @@ void test_ctor_5arg() throws TextParseException {
   }
 
   @Test
-  void test_rrToWire() throws TextParseException {
+  void rrToWire() throws TextParseException {
     Name n = Name.fromString("My.Name.");
     Name m = Name.fromString("M.O.n.");
 
@@ -89,10 +82,10 @@ void test_rrToWire() throws TextParseException {
   @Test
   void rdataFromString_nullMXRecord() throws IOException {
     Tokenizer t = new Tokenizer("0 .");
-    MXRecord record = new MXRecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("."), record.getTarget());
-    assertEquals(record.getTarget(), record.getAdditionalName());
-    assertEquals(0, record.getPriority());
+    MXRecord mx = new MXRecord();
+    mx.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("."), mx.getTarget());
+    assertEquals(mx.getTarget(), mx.getAdditionalName());
+    assertEquals(0, mx.getPriority());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/MasterTest.java b/src/test/java/org/xbill/DNS/MasterTest.java
index c44335a18..f4c024992 100644
--- a/src/test/java/org/xbill/DNS/MasterTest.java
+++ b/src/test/java/org/xbill/DNS/MasterTest.java
@@ -1,7 +1,9 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -11,10 +13,61 @@
 import java.io.InputStream;
 import java.net.URISyntaxException;
 import java.nio.file.Paths;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DNSSEC.DNSSECException;
 
 class MasterTest {
 
+  /**
+   * Parse the <a href="https://www.internic.net/domain/root.zone">root zone file</a> to validate
+   * that we understand all record types.
+   */
+  @Test
+  void testRootZoneFile() throws IOException, DNSSECException {
+    List<Record> records = new ArrayList<>(26000);
+    Map<String, RRset> rrSets = new HashMap<>(13000);
+    try (Master master = new Master(MasterTest.class.getResourceAsStream("/root.zone"))) {
+      Record r;
+      while ((r = master.nextRecord()) != null) {
+        records.add(r);
+        String key =
+            r.getName()
+                + "/"
+                + (r.getType() == Type.RRSIG ? ((RRSIGRecord) r).getTypeCovered() : r.getType());
+        RRset set = rrSets.computeIfAbsent(key, n -> new RRset());
+        set.addRR(r);
+        assertFalse(r.getClass().isInstance(EmptyRecord.class), "EmptyRecord type check");
+        assertNotEquals(Integer.toString(r.getType()), Type.string(r.getType()));
+      }
+    }
+
+    assertEquals(25097, records.size());
+
+    // Test the signatures
+    DNSKEYRecord[] keys =
+        records.stream()
+            .filter(r -> r.getName().equals(Name.root) && r.getType() == Type.DNSKEY)
+            .map(r -> (DNSKEYRecord) r)
+            .toArray(DNSKEYRecord[]::new);
+    for (RRset set : rrSets.values()) {
+      for (RRSIGRecord sig : set.sigs()) {
+        int verifyCount = 0;
+        for (DNSKEYRecord key : keys) {
+          if (key.getFootprint() == sig.getFootprint()) {
+            DNSSEC.verify(set, sig, key, Instant.parse("2023-11-05T19:50:00Z"));
+            verifyCount++;
+          }
+        }
+        assertEquals(set.sigs().size(), verifyCount);
+      }
+    }
+  }
+
   @Test
   void nextRecord() throws IOException {
     Name exampleComName = Name.fromConstantString("example.com.");
@@ -62,6 +115,52 @@ void includeDirective() throws IOException, URISyntaxException {
     }
   }
 
+  @Test
+  void includeDirectiveComment() throws IOException, URISyntaxException {
+    try (Master master =
+        new Master(
+            Paths.get(MasterTest.class.getResource("/zonefileIncludeDirectiveComment").toURI())
+                .toString())) {
+      Record rr = master.nextRecord();
+      assertEquals(Type.SOA, rr.getType());
+    }
+  }
+
+  @Test
+  void relativeIncludeDirectiveViaStream() throws IOException {
+    try (InputStream is = MasterTest.class.getResourceAsStream("/zonefileIncludeDirective");
+        Master m = new Master(is)) {
+      assertThrows(TextParseException.class, m::nextRecord);
+    }
+  }
+
+  @Test
+  void includeDirectiveDisabled() throws IOException {
+    try (InputStream is = MasterTest.class.getResourceAsStream("/zonefileIncludeDirective");
+        Master m = new Master(is)) {
+      m.disableIncludes();
+      assertNull(m.nextRecord());
+    }
+  }
+
+  @Test
+  void includeDirectiveDisabledStrict() throws IOException {
+    try (InputStream is = MasterTest.class.getResourceAsStream("/zonefileIncludeDirective");
+        Master m = new Master(is)) {
+      m.disableIncludes(true);
+      assertThrows(TextParseException.class, m::nextRecord);
+    }
+  }
+
+  @Test
+  void includeDirectiveDisabledComment() throws IOException {
+    try (InputStream is = MasterTest.class.getResourceAsStream("/zonefileIncludeDirectiveComment");
+        Master m = new Master(is)) {
+      m.disableIncludes();
+      assertNull(m.nextRecord());
+    }
+  }
+
   @Test
   void expandGenerated() throws IOException {
     try (Master master = new Master(MasterTest.class.getResourceAsStream("/zonefileEx1"))) {
@@ -155,10 +254,10 @@ void invalidOriginNotAbsolute_ctorString() {
   }
 
   private Record skipTo(Master master, int type) throws IOException {
-    Record record;
+    Record r;
     do {
-      record = master.nextRecord();
-    } while (record != null && record.getType() != type);
-    return record;
+      r = master.nextRecord();
+    } while (r != null && r.getType() != type);
+    return r;
   }
 }
diff --git a/src/test/java/org/xbill/DNS/MessageTest.java b/src/test/java/org/xbill/DNS/MessageTest.java
index fa33b7617..48639a973 100644
--- a/src/test/java/org/xbill/DNS/MessageTest.java
+++ b/src/test/java/org/xbill/DNS/MessageTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -34,7 +35,7 @@
 //
 package org.xbill.DNS;
 
-import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -42,85 +43,144 @@
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
+import java.nio.ByteBuffer;
+import java.util.List;
 import org.junit.jupiter.api.Test;
+import org.xbill.DNS.utils.base64;
 
-public class MessageTest {
-  static class Test_init {
-    @Test
-    void test_0arg() {
-      Message m = new Message();
-      assertArrayEquals(new Record[0], m.getSectionArray(0));
-      assertArrayEquals(new Record[0], m.getSectionArray(1));
-      assertArrayEquals(new Record[0], m.getSectionArray(3));
-      assertArrayEquals(new Record[0], m.getSectionArray(2));
-      assertThrows(IndexOutOfBoundsException.class, () -> m.getSectionArray(4));
-      Header h = m.getHeader();
-      assertEquals(0, h.getCount(0));
-      assertEquals(0, h.getCount(1));
-      assertEquals(0, h.getCount(2));
-      assertEquals(0, h.getCount(3));
-    }
+class MessageTest {
+  @Test
+  void ctor_0arg() {
+    Message m = new Message();
+    assertTrue(m.getSection(0).isEmpty());
+    assertTrue(m.getSection(1).isEmpty());
+    assertTrue(m.getSection(2).isEmpty());
+    assertTrue(m.getSection(3).isEmpty());
+    assertThrows(IllegalArgumentException.class, () -> m.getSection(4));
+    Header h = m.getHeader();
+    assertEquals(0, h.getCount(0));
+    assertEquals(0, h.getCount(1));
+    assertEquals(0, h.getCount(2));
+    assertEquals(0, h.getCount(3));
+  }
 
-    @Test
-    void test_1arg() {
-      Message m = new Message(10);
-      assertEquals(new Header(10).toString(), m.getHeader().toString());
-      assertArrayEquals(new Record[0], m.getSectionArray(0));
-      assertArrayEquals(new Record[0], m.getSectionArray(1));
-      assertArrayEquals(new Record[0], m.getSectionArray(2));
-      assertArrayEquals(new Record[0], m.getSectionArray(3));
-      assertThrows(IndexOutOfBoundsException.class, () -> m.getSectionArray(4));
-      Header h = m.getHeader();
-      assertEquals(0, h.getCount(0));
-      assertEquals(0, h.getCount(1));
-      assertEquals(0, h.getCount(2));
-      assertEquals(0, h.getCount(3));
-    }
+  @Test
+  void ctor_1arg() {
+    Message m = new Message(10);
+    assertEquals(new Header(10).toString(), m.getHeader().toString());
+    assertTrue(m.getSection(0).isEmpty());
+    assertTrue(m.getSection(1).isEmpty());
+    assertTrue(m.getSection(2).isEmpty());
+    assertTrue(m.getSection(3).isEmpty());
+    assertThrows(IllegalArgumentException.class, () -> m.getSection(4));
+    Header h = m.getHeader();
+    assertEquals(0, h.getCount(0));
+    assertEquals(0, h.getCount(1));
+    assertEquals(0, h.getCount(2));
+    assertEquals(0, h.getCount(3));
+  }
 
-    @Test
-    void test_newQuery() throws TextParseException, UnknownHostException {
-      Name n = Name.fromString("The.Name.");
-      ARecord ar = new ARecord(n, DClass.IN, 1, InetAddress.getByName("192.168.101.110"));
-
-      Message m = Message.newQuery(ar);
-      assertArrayEquals(new Record[] {ar}, m.getSectionArray(0));
-      assertArrayEquals(new Record[0], m.getSectionArray(1));
-      assertArrayEquals(new Record[0], m.getSectionArray(2));
-      assertArrayEquals(new Record[0], m.getSectionArray(3));
-
-      Header h = m.getHeader();
-      assertEquals(1, h.getCount(0));
-      assertEquals(0, h.getCount(1));
-      assertEquals(0, h.getCount(2));
-      assertEquals(0, h.getCount(3));
-      assertEquals(Opcode.QUERY, h.getOpcode());
-      assertTrue(h.getFlag(Flags.RD));
-    }
+  @Test
+  void ctor_byteBuffer() throws IOException {
+    byte[] arr =
+        base64.fromString(
+            "EEuBgAABAAEABAAIA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAAAaAASO+rokwBAAAgABAAFHCwAGA25zMcAQwBAAAgABAAFHCwAGA25zNMAQwBAAAgABAAFHCwAGA25zM8AQwBAAAgABAAFHCwAGA25zMsAQwDwAAQABAADObwAE2O8gCsByAAEAAQABrVEABNjvIgrAYAABAAEAAVqZAATY7yQKwE4AAQABAAK9RQAE2O8mCsA8ABwAAQAD4a0AECABSGBIAgAyAAAAAAAAAArAcgAcAAEAAtDgABAgAUhgSAIANAAAAAAAAAAKwGAAHAABAACSagAQIAFIYEgCADYAAAAAAAAACsBOABwAAQAErVoAECABSGBIAgA4AAAAAAAAAAo=");
+
+    ByteBuffer wrap = ByteBuffer.allocate(arr.length + 2);
+
+    // prepend length, like when reading a response from a TCP channel
+    wrap.putShort((short) arr.length);
+    wrap.put(arr);
+    wrap.flip();
+    wrap.getShort(); // read the prepended length
+
+    Message m = new Message(wrap);
+    assertEquals(Name.fromConstantString("www.google.com."), m.getQuestion().getName());
+  }
+
+  @Test
+  void newQuery() throws TextParseException, UnknownHostException {
+    Name n = Name.fromString("The.Name.");
+    ARecord ar = new ARecord(n, DClass.IN, 1, InetAddress.getByName("192.168.101.110"));
+
+    Message m = Message.newQuery(ar);
+    assertEquals(1, m.getSection(0).size());
+    assertEquals(ar, m.getSection(0).get(0));
+    assertTrue(m.getSection(1).isEmpty());
+    assertTrue(m.getSection(2).isEmpty());
+    assertTrue(m.getSection(3).isEmpty());
 
-    @Test
-    void test_sectionToWire() throws IOException {
-      Message m = new Message(4711);
-      Name n2 = Name.fromConstantString("test2.example.");
-      m.addRecord(new TXTRecord(n2, DClass.IN, 86400, "other record"), Section.ADDITIONAL);
-      Name n = Name.fromConstantString("test.example.");
-      m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -1-"), Section.ADDITIONAL);
-      m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -2-"), Section.ADDITIONAL);
-      m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -3-"), Section.ADDITIONAL);
-      m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -4-"), Section.ADDITIONAL);
-      m.addRecord(new OPTRecord(512, 0, 0, 0), Section.ADDITIONAL);
-
-      for (int i = 5; i < 50; i++) {
-        m.addRecord(
-            new TXTRecord(n, DClass.IN, 86400, "example text -" + i + "-"), Section.ADDITIONAL);
-      }
-
-      byte[] binary = m.toWire(512);
-      Message m2 = new Message(binary);
-      assertEquals(2, m2.getHeader().getCount(Section.ADDITIONAL));
-      Record[] records = m2.getSectionArray(Section.ADDITIONAL);
-      assertEquals(2, records.length);
-      assertEquals(TXTRecord.class, records[0].getClass());
-      assertEquals(OPTRecord.class, records[1].getClass());
+    Header h = m.getHeader();
+    assertEquals(1, h.getCount(0));
+    assertEquals(0, h.getCount(1));
+    assertEquals(0, h.getCount(2));
+    assertEquals(0, h.getCount(3));
+    assertEquals(Opcode.QUERY, h.getOpcode());
+    assertTrue(h.getFlag(Flags.RD));
+  }
+
+  @Test
+  void sectionToWire() throws IOException {
+    Message m = new Message(4711);
+    Name n2 = Name.fromConstantString("test2.example.");
+    m.addRecord(new TXTRecord(n2, DClass.IN, 86400, "other record"), Section.ADDITIONAL);
+    Name n = Name.fromConstantString("test.example.");
+    m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -1-"), Section.ADDITIONAL);
+    m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -2-"), Section.ADDITIONAL);
+    m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -3-"), Section.ADDITIONAL);
+    m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -4-"), Section.ADDITIONAL);
+    m.addRecord(new OPTRecord(512, 0, 0, 0), Section.ADDITIONAL);
+
+    for (int i = 5; i < 50; i++) {
+      m.addRecord(
+          new TXTRecord(n, DClass.IN, 86400, "example text -" + i + "-"), Section.ADDITIONAL);
     }
+
+    byte[] binary = m.toWire(512);
+    Message m2 = new Message(binary);
+    assertEquals(2, m2.getHeader().getCount(Section.ADDITIONAL));
+    List<Record> records = m2.getSection(Section.ADDITIONAL);
+    assertEquals(2, records.size());
+    assertEquals(TXTRecord.class, records.get(0).getClass());
+    assertEquals(OPTRecord.class, records.get(1).getClass());
+  }
+
+  @Test
+  void testQuestionClone() {
+    Name qname = Name.fromConstantString("www.example.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message query = Message.newQuery(question);
+    Message clone = query.clone();
+    assertEquals(query.getHeader().getID(), clone.getHeader().getID());
+    assertEquals(query.getQuestion().getName(), clone.getQuestion().getName());
+  }
+
+  @Test
+  void testResponseClone() throws UnknownHostException {
+    Name qname = Name.fromConstantString("www.example.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message response = new Message();
+    response.getHeader().setFlag(Flags.QR);
+    response.addRecord(question, Section.QUESTION);
+    response.addRecord(
+        new ARecord(qname, DClass.IN, 0, InetAddress.getByName("127.0.0.1")), Section.ANSWER);
+    Message clone = response.clone();
+    assertEquals(clone.getQuestion(), response.getQuestion());
+    assertEquals(clone.getSection(Section.ANSWER), response.getSection(Section.ANSWER));
+  }
+
+  @Test
+  void normalize() throws WireParseException {
+    Record queryRecord =
+        Record.newRecord(Name.fromConstantString("example.com."), Type.MX, DClass.IN);
+    Message query = Message.newQuery(queryRecord);
+    Message response = new Message();
+    response.addRecord(queryRecord, Section.QUESTION);
+    response.addRecord(queryRecord, Section.ADDITIONAL);
+    response = response.normalize(query, true);
+    assertThat(response.getSection(Section.ANSWER)).isEmpty();
+    assertThat(response.getHeader().getCount(Section.ANSWER)).isZero();
+    assertThat(response.getSection(Section.ADDITIONAL)).isEmpty();
+    assertThat(response.getHeader().getCount(Section.ADDITIONAL)).isZero();
   }
 }
diff --git a/src/test/java/org/xbill/DNS/MnemonicTest.java b/src/test/java/org/xbill/DNS/MnemonicTest.java
index c58e6e05c..e89d6cdc9 100644
--- a/src/test/java/org/xbill/DNS/MnemonicTest.java
+++ b/src/test/java/org/xbill/DNS/MnemonicTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -52,7 +53,7 @@ void setUp() {
   }
 
   @Test
-  void test_no_maximum() {
+  void no_maximum() {
     assertThrows(IllegalArgumentException.class, () -> m_mn.check(-1));
     try {
       m_mn.check(0);
@@ -78,7 +79,7 @@ void test_no_maximum() {
   }
 
   @Test
-  void test_setMaximum() {
+  void setMaximum() {
     m_mn.setMaximum(15);
     assertThrows(IllegalArgumentException.class, () -> m_mn.check(-1));
     try {
@@ -110,7 +111,7 @@ void test_setMaximum() {
   }
 
   @Test
-  void test_setPrefix() {
+  void setPrefix() {
     final String prefix = "A mixed CASE Prefix".toUpperCase();
     m_mn.setPrefix(prefix);
 
@@ -122,7 +123,7 @@ void test_setPrefix() {
   }
 
   @Test
-  void test_basic_operation() {
+  void basic_operation() {
     // setUp creates Mnemonic with CASE_UPPER
     m_mn.add(10, "Ten");
     m_mn.add(20, "Twenty");
@@ -155,7 +156,7 @@ void test_basic_operation() {
   }
 
   @Test
-  void test_basic_operation_lower() {
+  void basic_operation_lower() {
     m_mn = new Mnemonic(MnemonicTest.class.getName() + " LOWER", Mnemonic.CASE_LOWER);
     m_mn.add(10, "Ten");
     m_mn.add(20, "Twenty");
@@ -188,7 +189,7 @@ void test_basic_operation_lower() {
   }
 
   @Test
-  void test_basic_operation_sensitive() {
+  void basic_operation_sensitive() {
     m_mn = new Mnemonic(MnemonicTest.class.getName() + " SENSITIVE", Mnemonic.CASE_SENSITIVE);
     m_mn.add(10, "Ten");
     m_mn.add(20, "Twenty");
@@ -227,14 +228,14 @@ void test_basic_operation_sensitive() {
   }
 
   @Test
-  void test_invalid_numeric() {
+  void invalid_numeric() {
     m_mn.setNumericAllowed(true);
     int value = m_mn.getValue("Not-A-Number");
     assertEquals(-1, value);
   }
 
   @Test
-  void test_addAll() {
+  void addAll() {
     m_mn.add(10, "Ten");
     m_mn.add(20, "Twenty");
 
diff --git a/src/test/java/org/xbill/DNS/NAPTRRecordTest.java b/src/test/java/org/xbill/DNS/NAPTRRecordTest.java
index 39559a9fc..2a0417c86 100644
--- a/src/test/java/org/xbill/DNS/NAPTRRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NAPTRRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -10,13 +11,13 @@ class NAPTRRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("100  50  \"s\"    \"http+N2L+N2C+N2R\"  \"\"   www.example.com.");
-    NAPTRRecord record = new NAPTRRecord();
-    record.rdataFromString(t, null);
-    assertEquals(100, record.getOrder());
-    assertEquals(50, record.getPreference());
-    assertEquals("s", record.getFlags());
-    assertEquals("http+N2L+N2C+N2R", record.getService());
-    assertEquals("", record.getRegexp());
-    assertEquals(Name.fromConstantString("www.example.com."), record.getReplacement());
+    NAPTRRecord naptr = new NAPTRRecord();
+    naptr.rdataFromString(t, null);
+    assertEquals(100, naptr.getOrder());
+    assertEquals(50, naptr.getPreference());
+    assertEquals("s", naptr.getFlags());
+    assertEquals("http+N2L+N2C+N2R", naptr.getService());
+    assertEquals("", naptr.getRegexp());
+    assertEquals(Name.fromConstantString("www.example.com."), naptr.getReplacement());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NSAPRecordTest.java b/src/test/java/org/xbill/DNS/NSAPRecordTest.java
index f9c250bb6..7903154af 100644
--- a/src/test/java/org/xbill/DNS/NSAPRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NSAPRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -10,10 +11,10 @@ class NSAPRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("0x47.0005.80.005a00.0000.0001.e133.ffffff000161.00");
-    NSAPRecord record = new NSAPRecord();
-    record.rdataFromString(t, null);
+    NSAPRecord nsap = new NSAPRecord();
+    nsap.rdataFromString(t, null);
     assertEquals(
         "G\\000\\005\\128\\000Z\\000\\000\\000\\000\\001\\2253\\255\\255\\255\\000\\001a\\000",
-        record.getAddress());
+        nsap.getAddress());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NSAP_PTRRecordTest.java b/src/test/java/org/xbill/DNS/NSAP_PTRRecordTest.java
index 8b94f40ab..bda3c5ab7 100644
--- a/src/test/java/org/xbill/DNS/NSAP_PTRRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NSAP_PTRRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,21 +37,20 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
 import org.junit.jupiter.api.Test;
 
 class NSAP_PTRRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     NSAP_PTRRecord d = new NSAP_PTRRecord();
     assertNull(d.getName());
     assertNull(d.getTarget());
   }
 
   @Test
-  void test_ctor_4arg() throws TextParseException {
+  void ctor_4arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name a = Name.fromString("my.alias.");
 
@@ -62,18 +62,11 @@ void test_ctor_4arg() throws TextParseException {
     assertEquals(a, d.getTarget());
   }
 
-  @Test
-  void test_getObject() {
-    NSAP_PTRRecord d = new NSAP_PTRRecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof NSAP_PTRRecord);
-  }
-
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("foo.bar.com.");
-    NSAP_PTRRecord record = new NSAP_PTRRecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("foo.bar.com."), record.getTarget());
+    NSAP_PTRRecord nsapPtr = new NSAP_PTRRecord();
+    nsapPtr.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("foo.bar.com."), nsapPtr.getTarget());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NSEC3PARAMRecordTest.java b/src/test/java/org/xbill/DNS/NSEC3PARAMRecordTest.java
index 47f4af042..6021254f8 100644
--- a/src/test/java/org/xbill/DNS/NSEC3PARAMRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NSEC3PARAMRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -11,10 +12,10 @@ class NSEC3PARAMRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("1 1 10 5053851B");
-    NSEC3PARAMRecord record = new NSEC3PARAMRecord();
-    record.rdataFromString(t, null);
-    assertEquals(NSEC3Record.Digest.SHA1, record.getHashAlgorithm());
-    assertEquals(NSEC3Record.Flags.OPT_OUT, record.getFlags());
-    assertNotNull(record.getSalt());
+    NSEC3PARAMRecord nsec3PARAMRecord = new NSEC3PARAMRecord();
+    nsec3PARAMRecord.rdataFromString(t, null);
+    assertEquals(NSEC3Record.Digest.SHA1, nsec3PARAMRecord.getHashAlgorithm());
+    assertEquals(NSEC3Record.Flags.OPT_OUT, nsec3PARAMRecord.getFlags());
+    assertNotNull(nsec3PARAMRecord.getSalt());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NSEC3RecordTest.java b/src/test/java/org/xbill/DNS/NSEC3RecordTest.java
index 4caf7f879..2000e1903 100644
--- a/src/test/java/org/xbill/DNS/NSEC3RecordTest.java
+++ b/src/test/java/org/xbill/DNS/NSEC3RecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -14,16 +15,16 @@ void rdataFromString() throws IOException {
     Tokenizer t =
         new Tokenizer(
             "1 1 10 5053851B PF2TNEL79K4HTCBINCDBE9FPBU5I04KD A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM TYPE65534");
-    NSEC3Record record = new NSEC3Record();
-    record.rdataFromString(t, null);
-    assertEquals(NSEC3Record.Digest.SHA1, record.getHashAlgorithm());
-    assertEquals(NSEC3Record.Flags.OPT_OUT, record.getFlags());
-    assertNotNull(record.getSalt());
-    record = new NSEC3Record();
-    record.rdataFromString(
+    NSEC3Record nsec3Record = new NSEC3Record();
+    nsec3Record.rdataFromString(t, null);
+    assertEquals(NSEC3Record.Digest.SHA1, nsec3Record.getHashAlgorithm());
+    assertEquals(NSEC3Record.Flags.OPT_OUT, nsec3Record.getFlags());
+    assertNotNull(nsec3Record.getSalt());
+    nsec3Record = new NSEC3Record();
+    nsec3Record.rdataFromString(
         new Tokenizer(
             "1 1 10 - PF2TNEL79K4HTCBINCDBE9FPBU5I04KD A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM TYPE65534"),
         null);
-    assertNull(record.getSalt());
+    assertNull(nsec3Record.getSalt());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NSECRecordTest.java b/src/test/java/org/xbill/DNS/NSECRecordTest.java
index 0f7306d76..e8b35afb4 100644
--- a/src/test/java/org/xbill/DNS/NSECRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NSECRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -11,9 +12,9 @@ class NSECRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("host.example.com. A MX RRSIG NSEC TYPE1234");
-    NSECRecord record = new NSECRecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("host.example.com."), record.getNext());
-    assertFalse(record.hasType(-1));
+    NSECRecord nsecRecord = new NSECRecord();
+    nsecRecord.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("host.example.com."), nsecRecord.getNext());
+    assertFalse(nsecRecord.hasType(-1));
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NSRecordTest.java b/src/test/java/org/xbill/DNS/NSRecordTest.java
index d9bcc3027..46f983a40 100644
--- a/src/test/java/org/xbill/DNS/NSRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NSRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,13 +37,12 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
 
 class NSRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     NSRecord d = new NSRecord();
     assertNull(d.getName());
     assertNull(d.getTarget());
@@ -50,7 +50,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_ctor_4arg() throws TextParseException {
+  void ctor_4arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name a = Name.fromString("my.alias.");
 
@@ -62,11 +62,4 @@ void test_ctor_4arg() throws TextParseException {
     assertEquals(a, d.getTarget());
     assertEquals(a, d.getAdditionalName());
   }
-
-  @Test
-  void test_getObject() {
-    NSRecord d = new NSRecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof NSRecord);
-  }
 }
diff --git a/src/test/java/org/xbill/DNS/NULLRecordTest.java b/src/test/java/org/xbill/DNS/NULLRecordTest.java
index 3e906c3cc..c1be03963 100644
--- a/src/test/java/org/xbill/DNS/NULLRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NULLRecordTest.java
@@ -1,15 +1,15 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
-import java.io.IOException;
 import org.junit.jupiter.api.Test;
 
 class NULLRecordTest {
 
   @Test
-  void rdataFromString() throws IOException {
+  void rdataFromString() {
     TextParseException thrown =
         assertThrows(
             TextParseException.class,
diff --git a/src/test/java/org/xbill/DNS/NXTRecordTest.java b/src/test/java/org/xbill/DNS/NXTRecordTest.java
index d5e7c0b9e..7d92400e4 100644
--- a/src/test/java/org/xbill/DNS/NXTRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NXTRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -11,9 +12,9 @@ class NXTRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("medium.foo.tld. A MX SIG NXT");
-    NXTRecord record = new NXTRecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("medium.foo.tld."), record.getNext());
-    assertNotNull(record.getBitmap());
+    NXTRecord nxtRecord = new NXTRecord();
+    nxtRecord.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("medium.foo.tld."), nxtRecord.getNext());
+    assertNotNull(nxtRecord.getBitmap());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NameTest.java b/src/test/java/org/xbill/DNS/NameTest.java
index 34fe542b0..e66f50b85 100644
--- a/src/test/java/org/xbill/DNS/NameTest.java
+++ b/src/test/java/org/xbill/DNS/NameTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -34,6 +35,7 @@
 //
 package org.xbill.DNS;
 
+import static java.lang.String.format;
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
@@ -45,11 +47,18 @@
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class NameTest {
-  static class Test_String_init {
+  @Nested
+  class Test_String_init {
     private final String m_abs = "WWW.DnsJava.org.";
     private Name m_abs_origin;
     private final String m_rel = "WWW.DnsJava";
@@ -62,12 +71,12 @@ void setUp() throws TextParseException {
     }
 
     @Test
-    void test_ctor_empty() {
+    void ctor_empty() {
       assertThrows(TextParseException.class, () -> new Name(""));
     }
 
     @Test
-    void test_ctor_at_null_origin() throws TextParseException {
+    void ctor_at_null_origin() throws TextParseException {
       Name n = new Name("@");
       assertFalse(n.isAbsolute());
       assertFalse(n.isWild());
@@ -76,19 +85,19 @@ void test_ctor_at_null_origin() throws TextParseException {
     }
 
     @Test
-    void test_ctor_at_abs_origin() throws TextParseException {
+    void ctor_at_abs_origin() throws TextParseException {
       Name n = new Name("@", m_abs_origin);
       assertEquals(m_abs_origin, n);
     }
 
     @Test
-    void test_ctor_at_rel_origin() throws TextParseException {
+    void ctor_at_rel_origin() throws TextParseException {
       Name n = new Name("@", m_rel_origin);
       assertEquals(m_rel_origin, n);
     }
 
     @Test
-    void test_ctor_dot() throws TextParseException {
+    void ctor_dot() throws TextParseException {
       Name n = new Name(".");
       assertEquals(Name.root, n);
       assertNotSame(Name.root, n);
@@ -97,7 +106,7 @@ void test_ctor_dot() throws TextParseException {
     }
 
     @Test
-    void test_ctor_wildcard() throws TextParseException {
+    void ctor_wildcard() throws TextParseException {
       Name n = new Name("*");
       assertFalse(n.isAbsolute());
       assertTrue(n.isWild());
@@ -108,7 +117,7 @@ void test_ctor_wildcard() throws TextParseException {
     }
 
     @Test
-    void test_ctor_abs() throws TextParseException {
+    void ctor_abs() throws TextParseException {
       Name n = new Name(m_abs);
       assertTrue(n.isAbsolute());
       assertFalse(n.isWild());
@@ -125,7 +134,7 @@ void test_ctor_abs() throws TextParseException {
     }
 
     @Test
-    void test_ctor_rel() throws TextParseException {
+    void ctor_rel() throws TextParseException {
       Name n = new Name(m_rel);
       assertFalse(n.isAbsolute());
       assertFalse(n.isWild());
@@ -138,13 +147,13 @@ void test_ctor_rel() throws TextParseException {
     }
 
     @Test
-    void test_ctor_7label() throws TextParseException {
-      // 7 is the number of label positions that are cached
-      Name n = new Name("a.b.c.d.e.f.");
+    void ctor_9label() throws TextParseException {
+      // 9 is the number of label positions that are cached
+      Name n = new Name("a.b.c.d.e.f.g.h.");
       assertTrue(n.isAbsolute());
       assertFalse(n.isWild());
-      assertEquals(7, n.labels());
-      assertEquals(13, n.length());
+      assertEquals(9, n.labels());
+      assertEquals(17, n.length());
       assertArrayEquals(new byte[] {1, 'a'}, n.getLabel(0));
       assertEquals("a", n.getLabelString(0));
       assertArrayEquals(new byte[] {1, 'b'}, n.getLabel(1));
@@ -157,18 +166,22 @@ void test_ctor_7label() throws TextParseException {
       assertEquals("e", n.getLabelString(4));
       assertArrayEquals(new byte[] {1, 'f'}, n.getLabel(5));
       assertEquals("f", n.getLabelString(5));
-      assertArrayEquals(new byte[] {0}, n.getLabel(6));
-      assertEquals("", n.getLabelString(6));
+      assertArrayEquals(new byte[] {1, 'g'}, n.getLabel(6));
+      assertEquals("g", n.getLabelString(6));
+      assertArrayEquals(new byte[] {1, 'h'}, n.getLabel(7));
+      assertEquals("h", n.getLabelString(7));
+      assertArrayEquals(new byte[] {0}, n.getLabel(8));
+      assertEquals("", n.getLabelString(8));
     }
 
     @Test
-    void test_ctor_8label() throws TextParseException {
-      // 7 is the number of label positions that are cached
-      Name n = new Name("a.b.c.d.e.f.g.");
+    void ctor_10label() throws TextParseException {
+      // 9 is the number of label positions that are cached
+      Name n = new Name("a.b.c.d.e.f.g.h.i.");
       assertTrue(n.isAbsolute());
       assertFalse(n.isWild());
-      assertEquals(8, n.labels());
-      assertEquals(15, n.length());
+      assertEquals(10, n.labels());
+      assertEquals(19, n.length());
       assertArrayEquals(new byte[] {1, 'a'}, n.getLabel(0));
       assertEquals("a", n.getLabelString(0));
       assertArrayEquals(new byte[] {1, 'b'}, n.getLabel(1));
@@ -183,12 +196,16 @@ void test_ctor_8label() throws TextParseException {
       assertEquals("f", n.getLabelString(5));
       assertArrayEquals(new byte[] {1, 'g'}, n.getLabel(6));
       assertEquals("g", n.getLabelString(6));
-      assertArrayEquals(new byte[] {0}, n.getLabel(7));
-      assertEquals("", n.getLabelString(7));
+      assertArrayEquals(new byte[] {1, 'h'}, n.getLabel(7));
+      assertEquals("h", n.getLabelString(7));
+      assertArrayEquals(new byte[] {1, 'i'}, n.getLabel(8));
+      assertEquals("i", n.getLabelString(8));
+      assertArrayEquals(new byte[] {0}, n.getLabel(9));
+      assertEquals("", n.getLabelString(9));
     }
 
     @Test
-    void test_ctor_removed_label() throws TextParseException, NameTooLongException {
+    void ctor_removed_label() throws TextParseException, NameTooLongException {
       String pre = "prepend";
       Name stripped = new Name(Name.fromString("sub.domain.example."), 1);
       Name concat = new Name(pre, stripped);
@@ -198,7 +215,23 @@ void test_ctor_removed_label() throws TextParseException, NameTooLongException {
     }
 
     @Test
-    void test_ctor_abs_abs_origin() throws TextParseException {
+    void ctor_removed_label_multiple() throws TextParseException {
+      Name two = Name.fromString("sub1.sub2.example.com.");
+      Name one = new Name(two, 1);
+      Name domain = new Name(one, 1);
+      Name tld = new Name(domain, 1);
+      Name root = new Name(tld, 1);
+      assertEquals(Name.fromString("sub2.example.com."), one);
+      assertEquals(Name.fromString("example.com."), domain);
+      assertEquals(Name.fromString("example.com."), new Name(two, 2));
+      assertEquals(Name.fromString("com."), tld);
+      assertEquals(Name.fromString("com."), new Name(two, 3));
+      assertEquals(Name.root, root);
+      assertEquals(Name.root, new Name(two, 4));
+    }
+
+    @Test
+    void ctor_abs_abs_origin() throws TextParseException {
       Name n = new Name(m_abs, m_abs_origin);
       assertTrue(n.isAbsolute());
       assertFalse(n.isWild());
@@ -215,7 +248,7 @@ void test_ctor_abs_abs_origin() throws TextParseException {
     }
 
     @Test
-    void test_ctor_abs_rel_origin() throws TextParseException {
+    void ctor_abs_rel_origin() throws TextParseException {
       Name n = new Name(m_abs, m_rel_origin);
       assertTrue(n.isAbsolute());
       assertFalse(n.isWild());
@@ -232,7 +265,7 @@ void test_ctor_abs_rel_origin() throws TextParseException {
     }
 
     @Test
-    void test_ctor_rel_abs_origin() throws TextParseException {
+    void ctor_rel_abs_origin() throws TextParseException {
       Name n = new Name(m_rel, m_abs_origin);
       assertTrue(n.isAbsolute());
       assertFalse(n.isWild());
@@ -249,12 +282,12 @@ void test_ctor_rel_abs_origin() throws TextParseException {
     }
 
     @Test
-    void test_ctor_invalid_label() {
+    void ctor_invalid_label() {
       assertThrows(TextParseException.class, () -> new Name("junk..junk."));
     }
 
     @Test
-    void test_ctor_max_label() throws TextParseException {
+    void ctor_max_label() throws TextParseException {
       // name with a 63 char label
       Name n = new Name("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.b.");
       assertTrue(n.isAbsolute());
@@ -278,7 +311,7 @@ void test_ctor_max_label() throws TextParseException {
     }
 
     @Test
-    void test_ctor_toobig_label() {
+    void ctor_toobig_label() {
       // name with a 64 char label
       assertThrows(
           TextParseException.class,
@@ -286,19 +319,30 @@ void test_ctor_toobig_label() {
     }
 
     @Test
-    void test_ctor_max_length_rel() throws TextParseException {
-      // relative name with three 63-char labels and a 62-char label
+    void ctor_length_too_long_rel() {
+      // We want to fail to crate this as there is no way to make a Name that long absolute,
+      // which means that it can not be used for lookups or updates.
+      String label63 = IntStream.range(0, 63).mapToObj(i -> "a").collect(Collectors.joining());
+      String label62 = IntStream.range(0, 62).mapToObj(i -> "a").collect(Collectors.joining());
+      assertThrows(
+          TextParseException.class,
+          () -> new Name(format("%s.%s.%s.%s", label63, label63, label63, label62)));
+    }
+
+    @Test
+    void ctor_longest_allowed_rel() throws TextParseException {
+      // relative name with three 63-char labels and a 61-char label
       Name n =
           new Name(
-              "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd");
+              "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd");
       assertFalse(n.isAbsolute());
       assertFalse(n.isWild());
       assertEquals(4, n.labels());
-      assertEquals(255, n.length());
+      assertEquals(254, n.length());
     }
 
     @Test
-    void test_ctor_max_length_abs() throws TextParseException {
+    void ctor_max_length_abs() throws TextParseException {
       // absolute name with three 63-char labels and a 61-char label
       Name n =
           new Name(
@@ -310,7 +354,56 @@ void test_ctor_max_length_abs() throws TextParseException {
     }
 
     @Test
-    void test_ctor_escaped() throws TextParseException {
+    void ctor_max_length_rel_with_root_origin() throws TextParseException {
+      // relative name with three 63-char labels and a 61-char label with Name.root as origin
+      Name n =
+          new Name(
+              "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+              Name.root);
+      assertTrue(n.isAbsolute());
+      assertFalse(n.isWild());
+      assertEquals(5, n.labels());
+      assertEquals(255, n.length());
+    }
+
+    @Test
+    void ctor_max_length_rel_with_abs_origin() throws TextParseException {
+      // relative name with three 63-char labels and a 52-char label with 9-char absolute name as
+      // origin
+      Name n =
+          new Name(
+              "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.dddddddddddddddddddddddddddddddddddddddddddddddddddd",
+              Name.fromString("absolute."));
+      assertTrue(n.isAbsolute());
+      assertFalse(n.isWild());
+      assertEquals(6, n.labels());
+      assertEquals(255, n.length());
+    }
+
+    @Test
+    void ctor_too_long_rel_with_rel_origin() {
+      // relative name with three 63-char labels and a 53-char label with an 8-char relative origin
+      assertThrows(
+          TextParseException.class,
+          () ->
+              new Name(
+                  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.ddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+                  Name.fromConstantString("relative")));
+    }
+
+    @Test
+    void ctor_too_long_rel_with_abs_origin() {
+      // relative name with three 63-char labels and a 53-char label with a 9-char absolute origin
+      assertThrows(
+          TextParseException.class,
+          () ->
+              new Name(
+                  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.ddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+                  Name.fromConstantString("absolute.")));
+    }
+
+    @Test
+    void ctor_escaped() throws TextParseException {
       Name n = new Name("ab\\123cd");
       assertFalse(n.isAbsolute());
       assertFalse(n.isWild());
@@ -320,7 +413,7 @@ void test_ctor_escaped() throws TextParseException {
     }
 
     @Test
-    void test_ctor_escaped_end() throws TextParseException {
+    void ctor_escaped_end() throws TextParseException {
       Name n = new Name("abcd\\123");
       assertFalse(n.isAbsolute());
       assertFalse(n.isWild());
@@ -330,32 +423,42 @@ void test_ctor_escaped_end() throws TextParseException {
     }
 
     @Test
-    void test_ctor_short_escaped() {
+    void ctor_short_escaped_one() {
+      assertThrows(TextParseException.class, () -> new Name("ab\\1cd"));
+    }
+
+    @Test
+    void ctor_short_escaped_two() {
       assertThrows(TextParseException.class, () -> new Name("ab\\12cd"));
     }
 
     @Test
-    void test_ctor_short_escaped_end() {
+    void ctor_short_escaped_end() {
       assertThrows(TextParseException.class, () -> new Name("ab\\12"));
     }
 
     @Test
-    void test_ctor_empty_escaped_end() {
+    void ctor_empty_escaped_end() {
       assertThrows(TextParseException.class, () -> new Name("ab\\"));
     }
 
     @Test
-    void test_ctor_toobig_escaped() {
+    void ctor_toobig_escaped() {
       assertThrows(TextParseException.class, () -> new Name("ab\\256cd"));
     }
 
     @Test
-    void test_ctor_toobig_escaped_end() {
+    void ctor_toobig_escaped_end() {
       assertThrows(TextParseException.class, () -> new Name("ab\\256"));
     }
 
     @Test
-    void test_ctor_max_label_escaped() throws TextParseException {
+    void ctor_idn_throws() {
+      assertThrows(TextParseException.class, () -> new Name("\u95e8.example.org."));
+    }
+
+    @Test
+    void ctor_max_label_escaped() throws TextParseException {
       // name with a 63 char label containing an escape
       Name n = new Name("aaaa\\100aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.b.");
       assertTrue(n.isAbsolute());
@@ -437,7 +540,7 @@ void test_ctor_max_label_escaped() throws TextParseException {
     }
 
     @Test
-    void test_ctor_max_labels() throws TextParseException {
+    void ctor_max_labels() throws TextParseException {
       StringBuilder sb = new StringBuilder();
       for (int i = 0; i < 127; ++i) {
         sb.append("a.");
@@ -456,7 +559,7 @@ void test_ctor_max_labels() throws TextParseException {
     }
 
     @Test
-    void test_ctor_toobig_label_escaped_end() {
+    void ctor_toobig_label_escaped_end() {
       assertThrows(
           TextParseException.class,
           () ->
@@ -464,7 +567,7 @@ void test_ctor_toobig_label_escaped_end() {
     }
 
     @Test
-    void test_ctor_toobig_label_escaped() {
+    void ctor_toobig_label_escaped() {
       assertThrows(
           TextParseException.class,
           () ->
@@ -472,40 +575,55 @@ void test_ctor_toobig_label_escaped() {
     }
 
     @Test
-    void test_fromString() throws TextParseException {
+    void fromString() throws TextParseException {
       Name n = new Name(m_rel, m_abs_origin);
       Name n2 = Name.fromString(m_rel, m_abs_origin);
       assertEquals(n, n2);
     }
 
     @Test
-    void test_fromString_at() throws TextParseException {
+    void fromString_at() throws TextParseException {
       Name n = Name.fromString("@", m_rel_origin);
       assertSame(m_rel_origin, n);
     }
 
     @Test
-    void test_fromString_dot() throws TextParseException {
+    void fromString_at_null() throws TextParseException {
+      Name n = Name.fromString("@", null);
+      assertSame(Name.empty, n);
+    }
+
+    @Test
+    void fromString_dot() throws TextParseException {
       Name n = Name.fromString(".");
       assertSame(Name.root, n);
     }
 
     @Test
-    void test_fromConstantString() throws TextParseException {
+    void fromString_separators() throws TextParseException {
+      assertEquals(Name.root, new Name("."));
+      assertThrows(TextParseException.class, () -> Name.fromString("\uFF0E"));
+      assertThrows(TextParseException.class, () -> Name.fromString("\u3002"));
+      assertThrows(TextParseException.class, () -> Name.fromString("\uFF61"));
+    }
+
+    @Test
+    void fromConstantString() throws TextParseException {
       Name n = new Name(m_abs);
       Name n2 = Name.fromConstantString(m_abs);
       assertEquals(n, n2);
     }
 
     @Test
-    void test_fromConstantString_invalid() {
+    void fromConstantString_invalid() {
       assertThrows(IllegalArgumentException.class, () -> Name.fromConstantString("junk..junk"));
     }
   }
 
-  static class Test_DNSInput_init {
+  @Nested
+  class Test_DNSInput_init {
     @Test
-    void test_basic() throws IOException {
+    void basic() throws IOException {
 
       final byte[] raw =
           new byte[] {3, 'W', 'w', 'w', 7, 'D', 'n', 's', 'J', 'a', 'v', 'a', 3, 'o', 'r', 'g', 0};
@@ -516,24 +634,24 @@ void test_basic() throws IOException {
     }
 
     @Test
-    void test_incomplete() throws IOException {
+    void incomplete() {
       assertThrows(WireParseException.class, () -> new Name(new byte[] {3, 'W', 'w', 'w'}));
     }
 
     @Test
-    void test_root() throws WireParseException {
+    void root() throws WireParseException {
       final byte[] raw = new byte[] {0};
       Name n = new Name(new DNSInput(raw));
       assertEquals(Name.root, n);
     }
 
     @Test
-    void test_invalid_length() throws IOException {
+    void invalid_length() {
       assertThrows(WireParseException.class, () -> new Name(new byte[] {4, 'W', 'w', 'w'}));
     }
 
     @Test
-    void test_max_label_length() throws TextParseException, WireParseException {
+    void max_label_length() throws TextParseException, WireParseException {
       byte[] raw =
           new byte[] {
             63, 'b', 'b', 'b', 'b', 'b', 'b', 'b', 'b', 'b', 'b', 'b', 'b', 'b', 'b', 'b', 'b', 'b',
@@ -548,7 +666,7 @@ void test_max_label_length() throws TextParseException, WireParseException {
     }
 
     @Test
-    void test_max_name() throws TextParseException, WireParseException {
+    void max_name() throws TextParseException, WireParseException {
       // absolute name with three 63-char labels and a 61-char label
       Name e =
           new Name(
@@ -577,7 +695,7 @@ void test_max_name() throws TextParseException, WireParseException {
     }
 
     @Test
-    void test_toolong_name() {
+    void toolong_name() {
       // absolute name with three 63-char labels and a 62-char label
       byte[] raw =
           new byte[] {
@@ -602,7 +720,7 @@ void test_toolong_name() {
     }
 
     @Test
-    void test_max_labels() throws TextParseException, WireParseException {
+    void max_labels() throws TextParseException, WireParseException {
       byte[] raw =
           new byte[] {
             1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a',
@@ -627,7 +745,7 @@ void test_max_labels() throws TextParseException, WireParseException {
     }
 
     @Test
-    void test_toomany_labels() {
+    void toomany_labels() {
       byte[] raw =
           new byte[] {
             1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a', 1, 'a',
@@ -647,7 +765,7 @@ void test_toomany_labels() {
     }
 
     @Test
-    void test_basic_compression() throws TextParseException, WireParseException {
+    void basic_compression() throws TextParseException, WireParseException {
       byte[] raw = new byte[] {10, 3, 'a', 'b', 'c', 0, (byte) 0xC0, 1};
       Name e = Name.fromString("abc.");
 
@@ -659,7 +777,7 @@ void test_basic_compression() throws TextParseException, WireParseException {
     }
 
     @Test
-    void test_two_pointer_compression() throws TextParseException, WireParseException {
+    void two_pointer_compression() throws TextParseException, WireParseException {
       byte[] raw = new byte[] {10, 3, 'a', 'b', 'c', 0, (byte) 0xC0, 1, (byte) 0xC0, 6};
       Name e = Name.fromString("abc.");
 
@@ -671,7 +789,7 @@ void test_two_pointer_compression() throws TextParseException, WireParseExceptio
     }
 
     @Test
-    void test_two_part_compression() throws TextParseException, WireParseException {
+    void two_part_compression() throws TextParseException, WireParseException {
       byte[] raw = new byte[] {10, 3, 'a', 'b', 'c', 0, 1, 'B', (byte) 0xC0, 1};
       Name e = Name.fromString("B.abc.");
 
@@ -683,7 +801,7 @@ void test_two_part_compression() throws TextParseException, WireParseException {
     }
 
     @Test
-    void test_long_jump_compression() throws TextParseException, WireParseException {
+    void long_jump_compression() throws TextParseException, WireParseException {
       // pointer to name beginning at index 256
       byte[] raw =
           new byte[] {
@@ -960,13 +1078,27 @@ void test_long_jump_compression() throws TextParseException, WireParseException
     }
 
     @Test
-    void test_bad_compression() {
+    void bad_compression() {
       byte[] raw = new byte[] {(byte) 0xC0, 2, 0};
       assertThrows(WireParseException.class, () -> new Name(new DNSInput(raw)));
     }
 
     @Test
-    void test_basic_compression_state_restore() throws TextParseException, WireParseException {
+    void bad_label_reserved_type1() {
+      byte[] raw = new byte[] {(byte) 0b0100_0000, 2, 0};
+      Exception e = assertThrows(WireParseException.class, () -> new Name(new DNSInput(raw)));
+      assertEquals("bad label type", e.getMessage());
+    }
+
+    @Test
+    void bad_label_reserved_type2() {
+      byte[] raw = new byte[] {(byte) 0b1000_0000, 2, 0};
+      Exception e = assertThrows(WireParseException.class, () -> new Name(new DNSInput(raw)));
+      assertEquals("bad label type", e.getMessage());
+    }
+
+    @Test
+    void basic_compression_state_restore() throws TextParseException, WireParseException {
       byte[] raw = new byte[] {10, 3, 'a', 'b', 'c', 0, (byte) 0xC0, 1, 3, 'd', 'e', 'f', 0};
       Name e = Name.fromString("abc.");
       Name e2 = Name.fromString("def.");
@@ -982,7 +1114,7 @@ void test_basic_compression_state_restore() throws TextParseException, WireParse
     }
 
     @Test
-    void test_two_part_compression_state_restore() throws TextParseException, WireParseException {
+    void two_part_compression_state_restore() throws TextParseException, WireParseException {
       byte[] raw =
           new byte[] {10, 3, 'a', 'b', 'c', 0, 1, 'B', (byte) 0xC0, 1, 3, 'd', 'e', 'f', 0};
       Name e = Name.fromString("B.abc.");
@@ -1000,7 +1132,7 @@ void test_two_part_compression_state_restore() throws TextParseException, WirePa
   }
 
   @Test
-  void test_init_from_name() throws TextParseException {
+  void init_from_name() throws TextParseException {
     Name n = new Name("A.B.c.d.");
     Name e = new Name("B.c.d.");
     Name o = new Name(n, 1);
@@ -1008,14 +1140,14 @@ void test_init_from_name() throws TextParseException {
   }
 
   @Test
-  void test_init_from_name_root() throws TextParseException {
+  void init_from_name_root() throws TextParseException {
     Name n = new Name("A.B.c.d.");
     Name o = new Name(n, 4);
     assertEquals(Name.root, o);
   }
 
   @Test
-  void test_init_from_name_empty() throws TextParseException {
+  void init_from_name_empty() throws TextParseException {
     Name n = new Name("A.B.c.d.");
     Name n2 = new Name(n, 5);
 
@@ -1026,7 +1158,20 @@ void test_init_from_name_empty() throws TextParseException {
   }
 
   @Test
-  void test_concatenate_basic() throws NameTooLongException, TextParseException {
+  void init_from_name_labels_exceeded() throws TextParseException {
+    Name n = new Name("a.b.c.d.");
+    assertThrows(IllegalArgumentException.class, () -> new Name(n, 6));
+  }
+
+  @Test
+  void init_from_name_labels_offset() throws TextParseException {
+    // 18 labels + root to exceed the cached offsets
+    Name n = new Name("a.b.c.d.e.f.g.h.1.2.3.4.5.6.7.8.9.0.");
+    assertEquals(Name.fromConstantString("1.2.3.4.5.6.7.8.9.0."), new Name(n, 8));
+  }
+
+  @Test
+  void concatenate_basic() throws NameTooLongException, TextParseException {
     Name p = Name.fromString("A.B");
     Name s = Name.fromString("c.d.");
     Name e = Name.fromString("A.B.c.d.");
@@ -1036,7 +1181,7 @@ void test_concatenate_basic() throws NameTooLongException, TextParseException {
   }
 
   @Test
-  void test_concatenate_abs_prefix() throws NameTooLongException, TextParseException {
+  void concatenate_abs_prefix() throws NameTooLongException, TextParseException {
     Name p = Name.fromString("A.B.");
     Name s = Name.fromString("c.d.");
     Name e = Name.fromString("A.B.");
@@ -1046,7 +1191,7 @@ void test_concatenate_abs_prefix() throws NameTooLongException, TextParseExcepti
   }
 
   @Test
-  void test_concatenate_too_long() throws TextParseException {
+  void concatenate_too_long() throws TextParseException {
     Name p =
         Name.fromString(
             "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb");
@@ -1058,7 +1203,7 @@ void test_concatenate_too_long() throws TextParseException {
   }
 
   @Test
-  void test_relativize() throws TextParseException {
+  void relativize() throws TextParseException {
     Name sub = Name.fromString("a.b.c.");
     Name dom = Name.fromString("c.");
     Name exp = Name.fromString("a.b");
@@ -1068,7 +1213,7 @@ void test_relativize() throws TextParseException {
   }
 
   @Test
-  void test_relativize_null_origin() throws TextParseException {
+  void relativize_null_origin() throws TextParseException {
     Name sub = Name.fromString("a.b.c.");
     Name dom = null;
 
@@ -1077,7 +1222,7 @@ void test_relativize_null_origin() throws TextParseException {
   }
 
   @Test
-  void test_relativize_disjoint() throws TextParseException {
+  void relativize_disjoint() throws TextParseException {
     Name sub = Name.fromString("a.b.c.");
     Name dom = Name.fromString("e.f.");
 
@@ -1086,7 +1231,7 @@ void test_relativize_disjoint() throws TextParseException {
   }
 
   @Test
-  void test_relativize_root() throws TextParseException {
+  void relativize_root() throws TextParseException {
     Name sub = Name.fromString("a.b.c.");
     Name dom = Name.fromString(".");
     Name exp = Name.fromString("a.b.c");
@@ -1096,7 +1241,7 @@ void test_relativize_root() throws TextParseException {
   }
 
   @Test
-  void test_wild() throws TextParseException {
+  void wild() throws TextParseException {
     Name sub = Name.fromString("a.b.c.");
     Name exp = Name.fromString("*.b.c.");
 
@@ -1105,7 +1250,7 @@ void test_wild() throws TextParseException {
   }
 
   @Test
-  void test_wild_abs() throws TextParseException {
+  void wild_abs() throws TextParseException {
     Name sub = Name.fromString("a.b.c.");
     Name exp = Name.fromString("*.");
 
@@ -1114,19 +1259,19 @@ void test_wild_abs() throws TextParseException {
   }
 
   @Test
-  void test_wild_toobig() throws TextParseException {
+  void wild_toobig() throws TextParseException {
     Name sub = Name.fromString("a.b.c.");
     assertThrows(IllegalArgumentException.class, () -> sub.wild(4));
   }
 
   @Test
-  void test_wild_toosmall() throws TextParseException {
+  void wild_toosmall() throws TextParseException {
     Name sub = Name.fromString("a.b.c.");
     assertThrows(IllegalArgumentException.class, () -> sub.wild(0));
   }
 
   @Test
-  void test_fromDNAME() throws NameTooLongException, TextParseException {
+  void fromDNAME() throws NameTooLongException, TextParseException {
     Name own = new Name("the.owner.");
     Name alias = new Name("the.alias.");
     DNAMERecord dnr = new DNAMERecord(own, DClass.IN, 0xABCD, alias);
@@ -1138,7 +1283,7 @@ void test_fromDNAME() throws NameTooLongException, TextParseException {
   }
 
   @Test
-  void test_fromDNAME_toobig() throws TextParseException {
+  void fromDNAME_toobig() throws TextParseException {
     Name own = new Name("the.owner.");
     Name alias =
         new Name(
@@ -1151,7 +1296,7 @@ void test_fromDNAME_toobig() throws TextParseException {
   }
 
   @Test
-  void test_fromDNAME_disjoint() throws NameTooLongException, TextParseException {
+  void fromDNAME_disjoint() throws NameTooLongException, TextParseException {
     Name own = new Name("the.owner.");
     Name alias = new Name("the.alias.");
     DNAMERecord dnr = new DNAMERecord(own, DClass.IN, 0xABCD, alias);
@@ -1162,7 +1307,19 @@ void test_fromDNAME_disjoint() throws NameTooLongException, TextParseException {
   }
 
   @Test
-  void test_subdomain_abs() throws TextParseException {
+  void label_min() throws TextParseException {
+    Name n = new Name("a.b.c.");
+    assertThrows(IllegalArgumentException.class, () -> n.getLabel(-1));
+  }
+
+  @Test
+  void label_max() throws TextParseException {
+    Name n = new Name("a.b.c.");
+    assertThrows(IllegalArgumentException.class, () -> n.getLabel(5));
+  }
+
+  @Test
+  void subdomain_abs() throws TextParseException {
     Name dom = new Name("the.domain.");
     Name sub = new Name("sub.of.the.domain.");
     assertTrue(sub.subdomain(dom));
@@ -1170,7 +1327,7 @@ void test_subdomain_abs() throws TextParseException {
   }
 
   @Test
-  void test_subdomain_rel() throws TextParseException {
+  void subdomain_rel() throws TextParseException {
     Name dom = new Name("the.domain");
     Name sub = new Name("sub.of.the.domain");
     assertTrue(sub.subdomain(dom));
@@ -1178,71 +1335,64 @@ void test_subdomain_rel() throws TextParseException {
   }
 
   @Test
-  void test_subdomain_equal() throws TextParseException {
+  void subdomain_equal() throws TextParseException {
     Name dom = new Name("the.domain");
     Name sub = new Name("the.domain");
     assertTrue(sub.subdomain(dom));
     assertTrue(dom.subdomain(sub));
   }
 
-  @Test
-  void test_toString_abs() throws TextParseException {
-    String in = "This.Is.My.Absolute.Name.";
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        // absolute
+        "This.Is.My.Absolute.Name.",
+        // relative
+        "This.Is.My.Relative.Name",
+        // wildcard
+        "*.A.b.c.e",
+        // one escaped digit
+        "my.escaped\\001.label.",
+        // two escaped digits
+        "my.escaped\\010.label.",
+        // escaped junk
+        "my.escaped.junk\\128.label.",
+      })
+  void variousToString(String in) throws TextParseException {
     Name n = new Name(in);
-
     assertEquals(in, n.toString());
   }
 
   @Test
-  void test_toString_rel() throws TextParseException {
-    String in = "This.Is.My.Relative.Name";
-    Name n = new Name(in);
-
-    assertEquals(in, n.toString());
-  }
-
-  @Test
-  void test_toString_at() throws TextParseException {
+  void toString_at() throws TextParseException {
     Name n = new Name("@", null);
     assertEquals("@", n.toString());
   }
 
   @Test
-  void test_toString_root() {
+  void toString_root() {
     assertEquals(".", Name.root.toString());
   }
 
   @Test
-  void test_toString_wild() throws TextParseException {
-    String in = "*.A.b.c.e";
-    Name n = new Name(in);
-    assertEquals(in, n.toString());
-  }
-
-  @Test
-  void test_toString_escaped() throws TextParseException {
-    String in = "my.escaped.junk\\128.label.";
-    Name n = new Name(in);
-    assertEquals(in, n.toString());
-  }
-
-  @Test
-  void test_toString_special_char() throws WireParseException {
+  void toString_special_char() throws WireParseException {
     byte[] raw = new byte[] {1, '"', 1, '(', 1, ')', 1, '.', 1, ';', 1, '\\', 1, '@', 1, '$', 0};
     String exp = "\\\".\\(.\\).\\..\\;.\\\\.\\@.\\$.";
     Name n = new Name(new DNSInput(raw));
     assertEquals(exp, n.toString());
   }
 
-  static class Test_toWire {
+  @Nested
+  class Test_toWire {
     @Test
-    void test_rel() throws TextParseException {
+    void rel() throws TextParseException {
       Name n = new Name("A.Relative.Name");
-      assertThrows(IllegalArgumentException.class, () -> n.toWire(new DNSOutput(), null));
+      DNSOutput out = new DNSOutput();
+      assertThrows(IllegalArgumentException.class, () -> n.toWire(out, null));
     }
 
     @Test
-    void test_null_Compression() throws TextParseException {
+    void null_Compression() throws TextParseException {
       byte[] raw = new byte[] {1, 'A', 5, 'B', 'a', 's', 'i', 'c', 4, 'N', 'a', 'm', 'e', 0};
       Name n = new Name("A.Basic.Name.");
 
@@ -1253,7 +1403,7 @@ void test_null_Compression() throws TextParseException {
     }
 
     @Test
-    void test_empty_Compression() throws TextParseException {
+    void empty_Compression() throws TextParseException {
       byte[] raw = new byte[] {1, 'A', 5, 'B', 'a', 's', 'i', 'c', 4, 'N', 'a', 'm', 'e', 0};
       Name n = new Name("A.Basic.Name.");
 
@@ -1266,7 +1416,7 @@ void test_empty_Compression() throws TextParseException {
     }
 
     @Test
-    void test_with_exact_Compression() throws TextParseException {
+    void with_exact_Compression() throws TextParseException {
       Name n = new Name("A.Basic.Name.");
 
       Compression c = new Compression();
@@ -1280,7 +1430,7 @@ void test_with_exact_Compression() throws TextParseException {
     }
 
     @Test
-    void test_with_partial_Compression() throws TextParseException {
+    void with_partial_Compression() throws TextParseException {
       Name d = new Name("Basic.Name.");
       Name n = new Name("A.Basic.Name.");
 
@@ -1296,13 +1446,13 @@ void test_with_partial_Compression() throws TextParseException {
     }
 
     @Test
-    void test_0arg_rel() throws TextParseException {
+    void ctor_0arg_rel() throws TextParseException {
       Name n = new Name("A.Relative.Name");
-      assertThrows(IllegalArgumentException.class, () -> n.toWire());
+      assertThrows(IllegalArgumentException.class, n::toWire);
     }
 
     @Test
-    void test_0arg() throws TextParseException {
+    void ctor_0arg() throws TextParseException {
       byte[] raw = new byte[] {1, 'A', 5, 'B', 'a', 's', 'i', 'c', 4, 'N', 'a', 'm', 'e', 0};
       Name n = new Name("A.Basic.Name.");
 
@@ -1312,13 +1462,13 @@ void test_0arg() throws TextParseException {
     }
 
     @Test
-    void test_root() {
+    void root() {
       byte[] out = Name.root.toWire();
       assertArrayEquals(new byte[] {0}, out);
     }
 
     @Test
-    void test_3arg() throws TextParseException {
+    void ctor_3arg() throws TextParseException {
       Name d = new Name("Basic.Name.");
       Name n = new Name("A.Basic.Name.");
 
@@ -1334,9 +1484,10 @@ void test_3arg() throws TextParseException {
     }
   }
 
-  static class Test_toWireCanonical {
+  @Nested
+  class Test_toWireCanonical {
     @Test
-    void test_basic() throws TextParseException {
+    void basic() throws TextParseException {
       byte[] raw = new byte[] {1, 'a', 5, 'b', 'a', 's', 'i', 'c', 4, 'n', 'a', 'm', 'e', 0};
       Name n = new Name("A.Basic.Name.");
 
@@ -1347,7 +1498,7 @@ void test_basic() throws TextParseException {
     }
 
     @Test
-    void test_0arg() throws TextParseException {
+    void ctor_0arg() throws TextParseException {
       byte[] raw = new byte[] {1, 'a', 5, 'b', 'a', 's', 'i', 'c', 4, 'n', 'a', 'm', 'e', 0};
       Name n = new Name("A.Basic.Name.");
 
@@ -1357,20 +1508,20 @@ void test_0arg() throws TextParseException {
     }
 
     @Test
-    void test_root() {
+    void root() {
       byte[] out = Name.root.toWireCanonical();
       assertArrayEquals(new byte[] {0}, out);
     }
 
     @Test
-    void test_empty() throws TextParseException {
+    void empty() throws TextParseException {
       Name n = new Name("@", null);
       byte[] out = n.toWireCanonical();
       assertArrayEquals(new byte[0], out);
     }
 
     @Test
-    void test_3arg() throws TextParseException {
+    void ctor_3arg() throws TextParseException {
       Name d = new Name("Basic.Name.");
       Name n = new Name("A.Basic.Name.");
 
@@ -1386,9 +1537,10 @@ void test_3arg() throws TextParseException {
     }
   }
 
-  static class Test_equals {
+  @Nested
+  class Test_equals {
     @Test
-    void test_same() throws TextParseException {
+    void same() throws TextParseException {
       Name n = new Name("A.Name.");
       assertEquals(n, n);
     }
@@ -1400,13 +1552,13 @@ void test_null() throws TextParseException {
     }
 
     @Test
-    void test_notName() throws TextParseException {
+    void notName() throws TextParseException {
       Name n = new Name("A.Name.");
       assertNotEquals(n, new Object());
     }
 
     @Test
-    void test_abs() throws TextParseException {
+    void abs() throws TextParseException {
       Name n = new Name("A.Name.");
       Name n2 = new Name("a.name.");
 
@@ -1415,7 +1567,7 @@ void test_abs() throws TextParseException {
     }
 
     @Test
-    void test_rel() throws TextParseException {
+    void rel() throws TextParseException {
       Name n1 = new Name("A.Relative.Name");
       Name n2 = new Name("a.relative.name");
 
@@ -1424,7 +1576,7 @@ void test_rel() throws TextParseException {
     }
 
     @Test
-    void test_mixed() throws TextParseException {
+    void mixed() throws TextParseException {
       Name n1 = new Name("A.Name");
       Name n2 = new Name("a.name.");
 
@@ -1433,7 +1585,7 @@ void test_mixed() throws TextParseException {
     }
 
     @Test
-    void test_weird() throws TextParseException {
+    void weird() throws TextParseException {
       Name n1 = new Name("ab.c");
       Name n2 = new Name("abc.");
 
@@ -1442,21 +1594,10 @@ void test_weird() throws TextParseException {
     }
   }
 
-  static class Test_compareTo {
-    @Test
-    void test_notName() throws TextParseException {
-      Name n = new Name("A.Name");
-      assertThrows(ClassCastException.class, () -> n.compareTo(new Object()));
-    }
-
-    @Test
-    void test_same() throws TextParseException {
-      Name n = new Name("A.Name");
-      assertEquals(0, n.compareTo(n));
-    }
-
+  @Nested
+  class Test_compareTo {
     @Test
-    void test_equal() throws TextParseException {
+    void equal() throws TextParseException {
       Name n1 = new Name("A.Name.");
       Name n2 = new Name("a.name.");
 
@@ -1465,36 +1606,38 @@ void test_equal() throws TextParseException {
     }
 
     @Test
-    void test_close() throws TextParseException {
-      Name n1 = new Name("a.name");
-      Name n2 = new Name("a.name.");
-
-      assertTrue(n1.compareTo(n2) > 0);
-      assertTrue(n2.compareTo(n1) < 0);
-    }
-
-    @Test
-    void test_disjoint() throws TextParseException {
-      Name n1 = new Name("b");
-      Name n2 = new Name("c");
+    void same() throws TextParseException {
+      Name n = new Name("A.Name.");
 
-      assertTrue(n1.compareTo(n2) < 0);
-      assertTrue(n2.compareTo(n1) > 0);
+      //noinspection EqualsWithItself
+      assertEquals(0, n.compareTo(n));
     }
 
     @Test
-    void test_label_prefix() throws TextParseException {
-      Name n1 = new Name("thisIs.a.");
-      Name n2 = new Name("thisIsGreater.a.");
+    void close() throws TextParseException {
+      Name n1 = new Name("a.name");
+      Name n2 = new Name("a.name.");
 
-      assertTrue(n1.compareTo(n2) < 0);
-      assertTrue(n2.compareTo(n1) > 0);
+      assertTrue(n1.compareTo(n2) > 0);
+      assertTrue(n2.compareTo(n1) < 0);
     }
 
-    @Test
-    void test_more_labels() throws TextParseException {
-      Name n1 = new Name("c.b.a.");
-      Name n2 = new Name("d.c.b.a.");
+    @ParameterizedTest
+    @CsvSource({
+      // disjoint
+      "b, c",
+      // label_prefix
+      "thisIs.a., thisIsGreater.a.",
+      // more_labels
+      "c.b.a., d.c.b.a.",
+      // octal_digits_low
+      "\\004.b.a., c.b.a.",
+      // octal_digits_high
+      "c.b.a.,\\237.b.a.",
+    })
+    void compare(String name1, String name2) throws TextParseException {
+      Name n1 = new Name(name1);
+      Name n2 = new Name(name2);
 
       assertTrue(n1.compareTo(n2) < 0);
       assertTrue(n2.compareTo(n1) > 0);
@@ -1502,7 +1645,7 @@ void test_more_labels() throws TextParseException {
   }
 
   @Test
-  void test_canonicalize() throws TextParseException {
+  void canonicalize() throws TextParseException {
     Name n1 = new Name("ABC.com");
     Name n2 = new Name("abc.com");
     Name n3 = new Name("\\193.com");
@@ -1521,7 +1664,7 @@ void test_canonicalize() throws TextParseException {
   }
 
   @Test
-  void test_to_string() throws TextParseException {
+  void to_string() throws TextParseException {
     Name n1 = new Name("abc.com");
     Name n2 = new Name("abc.com.");
 
@@ -1533,7 +1676,7 @@ void test_to_string() throws TextParseException {
   }
 
   @Test
-  void test_absolute() throws TextParseException {
+  void absolute() throws TextParseException {
     Name n1 = new Name("abc.com");
     Name n2 = new Name("abc.com.");
     Name n3 = new Name("abc.com", Name.root);
diff --git a/src/test/java/org/xbill/DNS/NioTcpClientTest.java b/src/test/java/org/xbill/DNS/NioTcpClientTest.java
new file mode 100644
index 000000000..a985714b9
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/NioTcpClientTest.java
@@ -0,0 +1,433 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.fail;
+import static org.xbill.DNS.NioClient.SELECTOR_TIMEOUT_PROPERTY;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.lang.reflect.Field;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketTimeoutException;
+import java.nio.ByteBuffer;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Pipe;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
+import java.time.Duration;
+import java.util.ArrayList;
+import java.util.ConcurrentModificationException;
+import java.util.List;
+import java.util.Queue;
+import java.util.concurrent.ConcurrentLinkedQueue;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicReference;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.opentest4j.AssertionFailedError;
+import org.xbill.DNS.utils.base16;
+
+@Slf4j
+class NioTcpClientTest {
+  @Test
+  void testCloseWithoutStart() {
+    assertDoesNotThrow(NioClient::close);
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {0, 1001})
+  void testSelectorTimeoutLimits(int timeout) {
+    System.setProperty(SELECTOR_TIMEOUT_PROPERTY, Integer.toString(timeout));
+    try {
+      assertThrows(IllegalArgumentException.class, NioClient::runSelector);
+    } finally {
+      System.clearProperty(SELECTOR_TIMEOUT_PROPERTY);
+    }
+  }
+
+  /**
+   * Verifies that NioClient.processReadyKeys() does not throw a ConcurrentModificationException
+   * when channels are registered with the selector while processReadyKeys() is iterating over
+   * selector.selectedKeys(). This simulates concurrent modifications that can occur under high
+   * load.
+   *
+   * <p>The test starts the selector thread, registers an initial key, and then rapidly registers
+   * new channels from another thread while making them ready. It fails if a
+   * ConcurrentModificationException is observed during the process.
+   *
+   * <p>Since this involves concurrency timing, the test may be flaky and not fail consistently,
+   * even if the underlying issue exists.
+   */
+  @Test
+  void testProcessReadyKeysShouldNotThrowConcurrentModificationException() throws Exception {
+    // Speed up selector loop
+    System.setProperty(SELECTOR_TIMEOUT_PROPERTY, "10");
+
+    try {
+      // Start selector thread
+      Selector selector = NioClient.selector();
+
+      // Add initial key to ensure selectedKeys isn't empty
+      Pipe initialPipe = Pipe.open();
+      initialPipe.source().configureBlocking(false);
+      SelectionKey key = initialPipe.source().register(selector, SelectionKey.OP_READ);
+      key.attach(
+          (NioClient.KeyProcessor)
+              readyKey -> {
+                try {
+                  // Slow down processing
+                  Thread.sleep(10);
+                } catch (InterruptedException ignored) {
+                  // ignore
+                }
+              });
+
+      // Watch for unexpected exceptions
+      AtomicReference<Throwable> sawCME = new AtomicReference<>(null);
+      Field selectorThreadField = NioClient.class.getDeclaredField("selectorThread");
+      selectorThreadField.setAccessible(true);
+      ((Thread) selectorThreadField.get(null))
+          .setUncaughtExceptionHandler(
+              (t, e) -> {
+                if (e instanceof ConcurrentModificationException) {
+                  // Violation of expected behavior
+                  sawCME.set(e);
+                }
+              });
+
+      List<Pipe> allPipes = new ArrayList<>();
+      Queue<Pipe> registrationQueue = new ConcurrentLinkedQueue<>();
+      NioClient.setRegistrationsTask(
+          sel -> {
+            Pipe pipe = registrationQueue.poll();
+            if (pipe != null) {
+              try {
+                SelectionKey sk = pipe.source().register(sel, SelectionKey.OP_READ);
+                sk.attach(
+                    (NioClient.KeyProcessor)
+                        readyKey -> {
+                          try {
+                            Thread.sleep(10);
+                          } catch (InterruptedException ignored) {
+                            // ignore
+                          }
+                        });
+              } catch (ClosedChannelException e) {
+                throw new RuntimeException(e);
+              }
+            }
+          },
+          true);
+
+      // Thread that registers new channels and makes some ready
+      Thread t1 =
+          new Thread(
+              () -> {
+                try {
+                  for (int i = 0; i < 100; i++) {
+                    Pipe pipe = Pipe.open();
+                    pipe.source().configureBlocking(false);
+                    registrationQueue.add(pipe);
+                    allPipes.add(pipe);
+
+                    // Make the channel ready to trigger selectedKeys modification
+                    if (i % 2 == 0) {
+                      pipe.sink().write(ByteBuffer.wrap("x".getBytes()));
+                    }
+
+                    // Help trigger overlap
+                    Thread.sleep(2);
+                  }
+                } catch (Exception ignored) {
+                  // ignore
+                }
+              });
+
+      // Thread that makes the remaining registrations ready
+      Thread t2 =
+          new Thread(
+              () -> {
+                try {
+                  for (int i = 0; i < 100; i++) {
+                    // Make the channel ready to trigger selectedKeys modification
+                    if (i % 2 != 0) {
+                      allPipes.get(i).sink().write(ByteBuffer.wrap("x".getBytes()));
+                    }
+
+                    // Help trigger overlap
+                    Thread.sleep(2);
+                  }
+                } catch (Exception ignored) {
+                  // ignore
+                }
+              });
+
+      t1.start();
+      t2.start();
+      t1.join(5000);
+      t2.join(5000);
+      NioClient.close();
+
+      // Assume correctness: fail if any exception was observed
+      assertThat(sawCME.get()).isNull();
+    } finally {
+      System.clearProperty(SELECTOR_TIMEOUT_PROPERTY);
+    }
+  }
+
+  @Test
+  void testResponseStream() throws InterruptedException, IOException {
+    try {
+      // start the selector thread early
+      NioClient.selector();
+      NioTcpClient nioTcpClient = new NioTcpClient();
+
+      Record qr = Record.newRecord(Name.fromConstantString("example.com."), Type.A, DClass.IN);
+      Message[] q = new Message[30];
+      for (int i = 0; i < q.length; i++) {
+        q[i] = Message.newQuery(qr);
+        // This is not actually valid data, but it increases the payload sufficiently to fill the
+        // send buffer, forcing NioTcpClient.Transaction#send into the retry
+        // see https://github.com/dnsjava/dnsjava/issues/357
+        for (int j = 0; j < 2048; j++) {
+          q[i].addRecord(
+              new AAAARecord(
+                  Name.fromConstantString("example.com."), DClass.IN, 3600, new byte[16]),
+              Section.AUTHORITY);
+        }
+      }
+
+      CountDownLatch cdlServerThreadStart = new CountDownLatch(1);
+      CountDownLatch cdlServerThreadEnd = new CountDownLatch(1);
+      CountDownLatch cdlQueryRepliesReceived = new CountDownLatch(q.length);
+      List<Throwable> exceptions = new ArrayList<>();
+      try (ServerSocket ss = new ServerSocket(0, 0, InetAddress.getLoopbackAddress())) {
+        ss.setReceiveBufferSize(16);
+        ss.setSoTimeout(15000);
+        Thread server =
+            new Thread(
+                () -> {
+                  try {
+                    cdlServerThreadStart.countDown();
+                    Socket s = ss.accept();
+                    for (int i = 0; i < q.length; i++) {
+                      log.debug("Waiting for reply #{}, id={}", i, q[i].getHeader().getID());
+                      try {
+                        InputStream is = s.getInputStream();
+                        byte[] lengthData = new byte[2];
+                        int readLength = is.read(lengthData);
+                        assertEquals(2, readLength);
+                        byte[] messageData =
+                            new byte[((lengthData[0] & 0xff) << 8) + (lengthData[1] & 0xff)];
+                        log.debug("Expecting message length={}", messageData.length);
+                        int totalReadMessageLength = 0;
+                        while (totalReadMessageLength < messageData.length) {
+                          int readMessageLength =
+                              is.read(
+                                  messageData,
+                                  totalReadMessageLength,
+                                  messageData.length - totalReadMessageLength);
+                          log.debug(
+                              "Received {} of {} bytes",
+                              totalReadMessageLength,
+                              messageData.length);
+                          totalReadMessageLength += readMessageLength;
+                        }
+
+                        assertEquals(messageData.length, totalReadMessageLength);
+                        log.debug(
+                            "Receive for #{}, id={} complete, parsing message",
+                            i,
+                            q[i].getHeader().getID());
+                        Message serverReceivedMessage = new Message(messageData);
+
+                        Message answer = new Message();
+                        answer.getHeader().setRcode(Rcode.NOERROR);
+                        answer.getHeader().setID(serverReceivedMessage.getHeader().getID());
+                        answer.addRecord(serverReceivedMessage.getQuestion(), Section.QUESTION);
+                        answer.addRecord(
+                            new ARecord(
+                                Name.fromConstantString("example.com."),
+                                DClass.IN,
+                                900,
+                                InetAddress.getLoopbackAddress()),
+                            Section.ANSWER);
+                        byte[] answerData = answer.toWire();
+                        ByteBuffer answerBuffer = ByteBuffer.allocate(answerData.length + 2);
+                        answerBuffer.put((byte) (answerData.length >>> 8));
+                        answerBuffer.put((byte) (answerData.length & 0xFF));
+                        answerBuffer.put(answerData);
+                        s.getOutputStream().write(answerBuffer.array());
+
+                      } catch (IOException e) {
+                        log.warn("Writing message to client failed", e);
+                        exceptions.add(e);
+                      }
+                    }
+                  } catch (IOException e) {
+                    log.warn("Server failed", e);
+                    exceptions.add(e);
+                  }
+
+                  cdlServerThreadEnd.countDown();
+                });
+        server.setDaemon(true);
+        server.start();
+
+        if (!cdlServerThreadStart.await(15, TimeUnit.SECONDS)) {
+          fail("timed out waiting for server thread to start");
+        }
+
+        for (int j = 0; j < q.length; j++) {
+          int jj = j;
+          nioTcpClient
+              .sendAndReceiveTcp(
+                  null,
+                  (InetSocketAddress) ss.getLocalSocketAddress(),
+                  q[j],
+                  q[j].toWire(),
+                  Duration.ofSeconds(15))
+              .whenComplete(
+                  (d, e1) -> {
+                    if (e1 == null) {
+                      try {
+                        assertEquals(q[jj].getHeader().getID(), new Message(d).getHeader().getID());
+                      } catch (IOException | AssertionFailedError e2) {
+                        exceptions.add(e2);
+                      }
+                    } else {
+                      log.warn("sendrcv failed", e1);
+                      exceptions.add(e1);
+                    }
+                    cdlQueryRepliesReceived.countDown();
+                  });
+        }
+
+        if (!cdlQueryRepliesReceived.await(15, TimeUnit.SECONDS)) {
+          fail("timed out waiting for answers in client");
+        }
+
+        if (!cdlServerThreadEnd.await(15, TimeUnit.SECONDS)) {
+          fail("timeout waiting for server to stop");
+        }
+      }
+
+      for (Throwable t : exceptions) {
+        log.error("Failure during test run", t);
+      }
+      assertEquals(0, exceptions.size(), "Test had exceptions in async code");
+    } finally {
+      NioClient.close();
+    }
+  }
+
+  @ParameterizedTest
+  @ValueSource(strings = {"000101", "0000", "0002", "000201"})
+  void testTooShortResponseStream(String base16ResponseBytes)
+      throws InterruptedException, IOException {
+    byte[] responseBytes = base16.fromString(base16ResponseBytes);
+    try {
+      // start the selector thread early
+      NioClient.selector();
+      NioTcpClient nioTcpClient = new NioTcpClient();
+
+      Record qr = Record.newRecord(Name.fromConstantString("example.com."), Type.A, DClass.IN);
+      Message q = Message.newQuery(qr);
+      CountDownLatch cdlServerThreadStart = new CountDownLatch(1);
+      CountDownLatch cdlServerThreadEnd = new CountDownLatch(1);
+      CountDownLatch cdlWaitForResult = new CountDownLatch(1);
+      List<Throwable> exceptions = new ArrayList<>();
+      try (ServerSocket ss = new ServerSocket(0, 0, InetAddress.getLoopbackAddress())) {
+        ss.setSoTimeout(15000);
+        Thread server =
+            new Thread(
+                () -> {
+                  try {
+                    cdlServerThreadStart.countDown();
+                    Socket s = ss.accept();
+                    try {
+                      InputStream is = s.getInputStream();
+                      byte[] lengthData = new byte[2];
+                      int readLength = is.read(lengthData);
+                      assertEquals(2, readLength);
+                      byte[] messageData =
+                          new byte[((lengthData[0] & 0xff) << 8) + (lengthData[1] & 0xff)];
+                      int totalReadMessageLength = 0;
+                      while (totalReadMessageLength < messageData.length) {
+                        int readMessageLength =
+                            is.read(
+                                messageData,
+                                totalReadMessageLength,
+                                messageData.length - totalReadMessageLength);
+                        totalReadMessageLength += readMessageLength;
+                      }
+                      assertEquals(messageData.length, totalReadMessageLength);
+
+                      // Send an invalid response, too short to contain an ID
+                      OutputStream os = s.getOutputStream();
+                      os.write(responseBytes);
+                      os.flush();
+                    } catch (IOException e) {
+                      fail(e);
+                    }
+                  } catch (SocketTimeoutException ste) {
+                    log.warn("Timeout waiting for a client connection", ste);
+                    exceptions.add(ste);
+                  } catch (IOException e) {
+                    log.warn("Server failed", e);
+                    exceptions.add(e);
+                  }
+
+                  cdlServerThreadEnd.countDown();
+                });
+        server.setDaemon(true);
+        server.start();
+
+        if (!cdlServerThreadStart.await(15, TimeUnit.SECONDS)) {
+          fail("timed out waiting for server thread to start");
+        }
+
+        nioTcpClient
+            .sendAndReceiveTcp(
+                null,
+                (InetSocketAddress) ss.getLocalSocketAddress(),
+                q,
+                q.toWire(),
+                Duration.ofSeconds(1))
+            .whenComplete(
+                (r, e) -> {
+                  cdlWaitForResult.countDown();
+                  if (e == null) {
+                    exceptions.add(new AssertionError("Got an answer but expected timeout"));
+                  }
+                });
+
+        if (!cdlWaitForResult.await(15, TimeUnit.SECONDS)) {
+          fail("Timeout");
+        }
+
+        if (!cdlServerThreadEnd.await(15, TimeUnit.SECONDS)) {
+          fail("timeout waiting for server to stop");
+        }
+      }
+
+      for (Throwable t : exceptions) {
+        log.error("Failure during test run", t);
+      }
+      assertEquals(0, exceptions.size(), "Test had exceptions in async code");
+    } finally {
+      NioClient.close();
+    }
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/NioUdpClientTest.java b/src/test/java/org/xbill/DNS/NioUdpClientTest.java
new file mode 100644
index 000000000..f0553fdb1
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/NioUdpClientTest.java
@@ -0,0 +1,133 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
+
+import io.vertx.core.Vertx;
+import io.vertx.core.datagram.DatagramSocket;
+import io.vertx.core.net.SocketAddress;
+import io.vertx.junit5.VertxExtension;
+import io.vertx.junit5.VertxTestContext;
+import java.io.EOFException;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.DatagramChannel;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
+import java.time.Duration;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.concurrent.CompletableFuture;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.condition.EnabledIf;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+
+@ExtendWith(VertxExtension.class)
+@SuppressWarnings("unchecked")
+@EnabledIf("notWindowsOrJre17Plus")
+class NioUdpClientTest {
+  private static SocketAddress localAddress;
+
+  @SuppressWarnings("java:S1144")
+  private static boolean notWindowsOrJre17Plus() {
+    String javaVersion = System.getProperty("java.version", "0");
+    return !System.getProperty("os.name").contains("Windows")
+        || Integer.parseInt(javaVersion.substring(0, javaVersion.indexOf('.'))) >= 17;
+  }
+
+  @BeforeAll
+  static void beforeAll(Vertx vertx, VertxTestContext context) {
+    DatagramSocket datagramSocket = vertx.createDatagramSocket();
+    datagramSocket.handler(
+        p -> datagramSocket.send(p.data(), p.sender().port(), p.sender().host()));
+    datagramSocket
+        .listen(0, "localhost")
+        .map(
+            s -> {
+              localAddress = s.localAddress();
+              return null;
+            })
+        .onComplete(context.succeedingThenComplete());
+  }
+
+  @AfterAll
+  static void afterAll() {
+    NioClient.close();
+  }
+
+  private CompletableFuture<byte[]> createAndSendQuery() {
+    NioUdpClient udp = new NioUdpClient();
+    Message query = Message.newQuery(Record.newRecord(Name.root, Type.A, DClass.IN));
+    return udp.sendAndReceiveUdp(
+        null,
+        new InetSocketAddress(localAddress.hostAddress(), localAddress.port()),
+        query,
+        query.toWire(),
+        65535,
+        Duration.ofSeconds(10));
+  }
+
+  @Test
+  void selectorWithAllCanceledKey() throws IOException {
+    Selector spiedSelector = spy(Selector.open());
+    when(spiedSelector.selectedKeys())
+        .thenAnswer(
+            a -> {
+              Set<SelectionKey> keys = (Set<SelectionKey>) a.callRealMethod();
+              for (SelectionKey key : keys) {
+                key.cancel();
+              }
+              return keys;
+            });
+
+    try (MockedStatic<Selector> sel = Mockito.mockStatic(Selector.class)) {
+      sel.when(Selector::open).thenReturn(spiedSelector);
+      CompletableFuture<byte[]> result = createAndSendQuery();
+      assertThatThrownBy(result::get).hasCauseInstanceOf(EOFException.class);
+    }
+  }
+
+  @Test
+  void readFromKeyFailsFuture() throws IOException {
+    Selector spiedSelector = spy(Selector.open());
+    when(spiedSelector.selectedKeys())
+        .thenAnswer(
+            selectedKeysIntercept -> {
+              Set<SelectionKey> keys = (Set<SelectionKey>) selectedKeysIntercept.callRealMethod();
+              Set<SelectionKey> mockedKeys = new HashSet<>(keys.size());
+              for (SelectionKey key : keys) {
+                SelectionKey spy = spy(key);
+                when(spy.channel())
+                    .thenAnswer(
+                        channelIntercept -> {
+                          DatagramChannel channel =
+                              (DatagramChannel) channelIntercept.callRealMethod();
+                          DatagramChannel spyChannel = spy(channel);
+                          doReturn(0).when(spyChannel).read(any(ByteBuffer.class));
+                          return spyChannel;
+                        });
+                mockedKeys.add(spy);
+              }
+
+              return mockedKeys;
+            });
+
+    try (MockedStatic<Selector> sel = Mockito.mockStatic(Selector.class)) {
+      sel.when(Selector::open).thenReturn(spiedSelector);
+      CompletableFuture<byte[]> result = createAndSendQuery();
+      assertThatThrownBy(result::get)
+          .cause()
+          .isInstanceOf(EOFException.class)
+          .hasMessageStartingWith("Could not read expected data");
+    }
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/OPENPGPKEYRecordTest.java b/src/test/java/org/xbill/DNS/OPENPGPKEYRecordTest.java
index 6d8529ab2..4e3155f75 100644
--- a/src/test/java/org/xbill/DNS/OPENPGPKEYRecordTest.java
+++ b/src/test/java/org/xbill/DNS/OPENPGPKEYRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
@@ -11,8 +12,8 @@ class OPENPGPKEYRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("CAFEBABE");
-    OPENPGPKEYRecord record = new OPENPGPKEYRecord();
-    record.rdataFromString(t, null);
-    assertArrayEquals(base64.fromString("CAFEBABE"), record.getCert());
+    OPENPGPKEYRecord openpgpkeyRecord = new OPENPGPKEYRecord();
+    openpgpkeyRecord.rdataFromString(t, null);
+    assertArrayEquals(base64.fromString("CAFEBABE"), openpgpkeyRecord.getCert());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/OPTRecordTest.java b/src/test/java/org/xbill/DNS/OPTRecordTest.java
index 571210ec1..286266c10 100644
--- a/src/test/java/org/xbill/DNS/OPTRecordTest.java
+++ b/src/test/java/org/xbill/DNS/OPTRecordTest.java
@@ -1,12 +1,18 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
+import java.util.Collections;
 import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.DNSSEC.Digest;
+import org.xbill.DNS.EDNSOption.Code;
+import org.xbill.DNS.utils.base16;
 
 class OPTRecordTest {
 
@@ -39,7 +45,39 @@ void testForEquality() {
   }
 
   @Test
-  void rdataFromString() throws IOException {
+  void testToString() {
+    try {
+      Options.set("BINDTTL");
+      OPTRecord optRecord = new OPTRecord(DEFAULT_PAYLOAD_SIZE, 0xFF, DEFAULT_EDNS_VERSION);
+      assertEquals(
+          ".\t\t\t\tOPT\t ; payload 1024, xrcode 255, version 0, flags 0", optRecord.toString());
+    } finally {
+      Options.unset("BINDTTL");
+    }
+  }
+
+  @Test
+  void testMessageToString() {
+    OPTRecord optRecord =
+        new OPTRecord(
+            DEFAULT_PAYLOAD_SIZE,
+            0xFF,
+            DEFAULT_EDNS_VERSION,
+            Flags.DO,
+            new TcpKeepaliveOption(100),
+            new DnssecAlgorithmOption(Code.DAU, Algorithm.ED25519, Algorithm.ED448),
+            new DnssecAlgorithmOption(Code.DHU, Digest.SHA384),
+            new DnssecAlgorithmOption(Code.N3U, NSEC3Record.Digest.SHA1));
+    Message m = Message.newQuery(Record.newRecord(Name.root, Type.A, DClass.IN));
+    m.addRecord(optRecord, Section.ADDITIONAL);
+    assertTrue(m.toString().contains(";; OPT PSEUDOSECTION:"));
+    assertTrue(m.toString().contains("DAU: [ED25519, ED448]"));
+    assertTrue(m.toString().contains("DHU: [SHA-384]"));
+    assertTrue(m.toString().contains("N3U: [SHA-1]"));
+  }
+
+  @Test
+  void rdataFromString() {
     TextParseException thrown =
         assertThrows(
             TextParseException.class,
@@ -47,8 +85,26 @@ void rdataFromString() throws IOException {
     assertTrue(thrown.getMessage().contains("no text format defined for OPT"));
   }
 
+  @Test
+  void rdataFromWire() throws IOException {
+    byte[] buf = base16.fromString("000029100000000000000C000A00084531D089BA80C6EB");
+    OPTRecord optRecord = (OPTRecord) OPTRecord.fromWire(new DNSInput(buf), Section.ADDITIONAL);
+    assertEquals(
+        Collections.singletonList(new CookieOption(base16.fromString("4531D089BA80C6EB"))),
+        optRecord.getOptions());
+  }
+
+  @Test
+  void rdataFromWire_nullPadded() throws IOException {
+    byte[] buf = base16.fromString("000029100000000000000C000A00084531D089BA80C6EB00");
+    OPTRecord optRecord = (OPTRecord) OPTRecord.fromWire(new DNSInput(buf), Section.ADDITIONAL);
+    assertEquals(
+        Collections.singletonList(new CookieOption(base16.fromString("4531D089BA80C6EB"))),
+        optRecord.getOptions());
+  }
+
   private void assertNotEqual(final OPTRecord optRecordOne, final OPTRecord optRecordTwo) {
-    assertFalse(optRecordOne.equals(optRecordTwo));
-    assertFalse(optRecordTwo.equals(optRecordOne));
+    assertNotEquals(optRecordOne, optRecordTwo);
+    assertNotEquals(optRecordTwo, optRecordOne);
   }
 }
diff --git a/src/test/java/org/xbill/DNS/OpcodeTest.java b/src/test/java/org/xbill/DNS/OpcodeTest.java
index a37ce871b..50c9bd320 100644
--- a/src/test/java/org/xbill/DNS/OpcodeTest.java
+++ b/src/test/java/org/xbill/DNS/OpcodeTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -42,12 +43,12 @@
 
 class OpcodeTest {
   @Test
-  void test_string() {
+  void string() {
     // a regular one
     assertEquals("IQUERY", Opcode.string(Opcode.IQUERY));
 
     // one that doesn't exist
-    assertTrue(Opcode.string(6).startsWith("RESERVED"));
+    assertTrue(Opcode.string(7).startsWith("RESERVED"));
 
     assertThrows(IllegalArgumentException.class, () -> Opcode.string(-1));
 
@@ -56,7 +57,7 @@ void test_string() {
   }
 
   @Test
-  void test_value() {
+  void value() {
     // regular one
     assertEquals(Opcode.STATUS, Opcode.value("STATUS"));
 
diff --git a/src/test/java/org/xbill/DNS/OptionsTest.java b/src/test/java/org/xbill/DNS/OptionsTest.java
index 2d3626e64..e3a86abb8 100644
--- a/src/test/java/org/xbill/DNS/OptionsTest.java
+++ b/src/test/java/org/xbill/DNS/OptionsTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -50,7 +51,7 @@ void setUp() {
   }
 
   @Test
-  void test_set_1arg() {
+  void set_1arg() {
     Options.set("Option1");
     assertEquals("true", Options.value("option1"));
 
@@ -63,7 +64,7 @@ void test_set_1arg() {
   }
 
   @Test
-  void test_set_2arg() {
+  void set_2arg() {
     Options.set("OPTION1", "Value1");
     assertEquals("value1", Options.value("Option1"));
 
@@ -77,7 +78,7 @@ void test_set_2arg() {
   }
 
   @Test
-  void test_check() {
+  void check() {
     assertFalse(Options.check("No Options yet"));
 
     Options.set("First Option");
@@ -87,7 +88,7 @@ void test_check() {
   }
 
   @Test
-  void test_unset() {
+  void unset() {
     // unset something non-existant
     Options.unset("Not an option Name");
 
@@ -106,7 +107,7 @@ void test_unset() {
   }
 
   @Test
-  void test_value() {
+  void value() {
     assertNull(Options.value("Table is Null"));
 
     Options.set("Testing Option");
@@ -116,7 +117,7 @@ void test_value() {
   }
 
   @Test
-  void test_intValue() {
+  void intValue() {
     assertEquals(-1, Options.intValue("Table is Null"));
 
     Options.set("A Boolean Option");
@@ -132,7 +133,7 @@ void test_intValue() {
   }
 
   @Test
-  void test_systemProperty() {
+  void systemProperty() {
     System.setProperty(
         "dnsjava.options", "booleanOption,valuedOption1=10,valuedOption2=NotAnInteger");
 
diff --git a/src/test/java/org/xbill/DNS/PXRecordTest.java b/src/test/java/org/xbill/DNS/PXRecordTest.java
index a41605e66..d1310a7c3 100644
--- a/src/test/java/org/xbill/DNS/PXRecordTest.java
+++ b/src/test/java/org/xbill/DNS/PXRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -10,10 +11,10 @@ class PXRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("10   net2.it.  PRMD-net2.ADMD-p400.C-it.");
-    PXRecord record = new PXRecord();
-    record.rdataFromString(t, null);
-    assertEquals(10, record.getPreference());
-    assertEquals(Name.fromConstantString("net2.it."), record.getMap822());
-    assertEquals(Name.fromConstantString("PRMD-net2.ADMD-p400.C-it."), record.getMapX400());
+    PXRecord pxRecord = new PXRecord();
+    pxRecord.rdataFromString(t, null);
+    assertEquals(10, pxRecord.getPreference());
+    assertEquals(Name.fromConstantString("net2.it."), pxRecord.getMap822());
+    assertEquals(Name.fromConstantString("PRMD-net2.ADMD-p400.C-it."), pxRecord.getMapX400());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/RPRecordTest.java b/src/test/java/org/xbill/DNS/RPRecordTest.java
index 724712204..ef78af9ac 100644
--- a/src/test/java/org/xbill/DNS/RPRecordTest.java
+++ b/src/test/java/org/xbill/DNS/RPRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -10,9 +11,9 @@ class RPRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("louie.trantor.umd.edu.  LAM1.people.umd.edu.");
-    RPRecord record = new RPRecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("louie.trantor.umd.edu."), record.getMailbox());
-    assertEquals(Name.fromConstantString("LAM1.people.umd.edu."), record.getTextDomain());
+    RPRecord rpRecord = new RPRecord();
+    rpRecord.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("louie.trantor.umd.edu."), rpRecord.getMailbox());
+    assertEquals(Name.fromConstantString("LAM1.people.umd.edu."), rpRecord.getTextDomain());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/RRSIGRecordTest.java b/src/test/java/org/xbill/DNS/RRSIGRecordTest.java
index 415cd09ce..3927066fb 100644
--- a/src/test/java/org/xbill/DNS/RRSIGRecordTest.java
+++ b/src/test/java/org/xbill/DNS/RRSIGRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -16,15 +17,15 @@ void rdataFromString() throws IOException, ParseException {
     Tokenizer t =
         new Tokenizer(
             "NSEC3 10 3 180 20161207204758 20161107195347 31055 example.com. GLqlvFaWiemLree+4WQeR+0ANSEYeuLW/KEWZw9mZPUJ1bcb1OQCxp43 7DNdPCSmS/RqJGiVGtSW8xsGoRgUwOdczL8s4j/z3pVi8wDlhw2jXE0k fGBiOshH+3VjZV4eLlDmDixZ3WmA9gzf0G+qAwRP9tjps2+vqRfXOpoj /UffmcMgZODEDGonHAOX/k35sBL+zIP4k6i6Kq/lpPZd8oxsxCwyxAYl E1oMxeE14TnRZoqCZdAEgvrViF91z/tnMbYAY/JNWYK4iREOuuWTLOox C0hKBsymi3fyLjwZ1NV1Bh3lqYN0rr1uo8ZSZmGrfLdg4l+hO4Xl6kG6 JTn27Q==");
-    RRSIGRecord record = new RRSIGRecord();
-    record.rdataFromString(t, null);
-    assertEquals(10, record.getAlgorithm());
-    assertEquals(31055, record.getFootprint());
-    assertEquals(Name.fromConstantString("example.com."), record.getSigner());
-    assertEquals(50, record.getTypeCovered());
+    RRSIGRecord rrsigRecord = new RRSIGRecord();
+    rrsigRecord.rdataFromString(t, null);
+    assertEquals(10, rrsigRecord.getAlgorithm());
+    assertEquals(31055, rrsigRecord.getFootprint());
+    assertEquals(Name.fromConstantString("example.com."), rrsigRecord.getSigner());
+    assertEquals(50, rrsigRecord.getTypeCovered());
     SimpleDateFormat formatter = new SimpleDateFormat("yyyyMMddhhmmss", Locale.US);
     formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
-    assertEquals(formatter.parse("20161207204758").toInstant(), record.getExpire());
-    assertEquals(formatter.parse("20161107195347").toInstant(), record.getTimeSigned());
+    assertEquals(formatter.parse("20161207204758").toInstant(), rrsigRecord.getExpire());
+    assertEquals(formatter.parse("20161107195347").toInstant(), rrsigRecord.getTimeSigned());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/RRsetTest.java b/src/test/java/org/xbill/DNS/RRsetTest.java
index a8cf3a4dd..b5305339c 100644
--- a/src/test/java/org/xbill/DNS/RRsetTest.java
+++ b/src/test/java/org/xbill/DNS/RRsetTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -34,7 +35,9 @@
 //
 package org.xbill.DNS;
 
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -42,12 +45,17 @@
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.time.Instant;
+import java.util.Collections;
 import java.util.List;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class RRsetTest {
-  private RRset<ARecord> m_rs;
+  private RRset m_rs;
   private Name m_name;
   private Name m_name2;
   private long m_ttl;
@@ -58,7 +66,7 @@ class RRsetTest {
 
   @BeforeEach
   void setUp() throws TextParseException, UnknownHostException {
-    m_rs = new RRset<>();
+    m_rs = new RRset();
     m_name = Name.fromString("this.is.a.test.");
     m_name2 = Name.fromString("this.is.another.test.");
     m_ttl = 0xABCDL;
@@ -94,7 +102,7 @@ void setUp() throws TextParseException, UnknownHostException {
   }
 
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     assertEquals(0, m_rs.size());
     assertThrows(IllegalStateException.class, () -> m_rs.getDClass());
     assertThrows(IllegalStateException.class, () -> m_rs.getType());
@@ -104,7 +112,7 @@ void test_ctor_0arg() {
 
     assertEquals("{empty}", m_rs.toString());
 
-    List<ARecord> rrs = m_rs.rrs();
+    List<Record> rrs = m_rs.rrs();
     assertNotNull(rrs);
     assertEquals(0, rrs.size());
 
@@ -114,7 +122,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_basics() {
+  void basics() {
     m_rs.addRR(m_a1);
 
     assertEquals(1, m_rs.size());
@@ -144,7 +152,7 @@ void test_basics() {
     assertEquals(m_ttl, m_rs.getTTL());
     assertEquals(Type.A, m_rs.getType());
 
-    List<ARecord> itr = m_rs.rrs();
+    List<Record> itr = m_rs.rrs();
     assertEquals(m_a1, itr.get(0));
     assertEquals(m_a2, itr.get(1));
 
@@ -195,17 +203,17 @@ void test_basics() {
   }
 
   @Test
-  void test_ctor_1arg() {
+  void ctor_1arg() {
     m_rs.addRR(m_a1);
     m_rs.addRR(m_a2);
     m_rs.addRR(m_s1);
     m_rs.addRR(m_s2);
 
-    RRset<ARecord> rs2 = new RRset<>(m_rs);
+    RRset rs2 = new RRset(m_rs);
 
     assertEquals(2, rs2.size());
     assertEquals(m_a1, rs2.first());
-    List<ARecord> itr = rs2.rrs();
+    List<Record> itr = rs2.rrs();
     assertEquals(m_a1, itr.get(0));
     assertEquals(m_a2, itr.get(1));
     assertEquals(2, itr.size());
@@ -216,6 +224,31 @@ void test_ctor_1arg() {
     assertEquals(2, sigs.size());
   }
 
+  @Test
+  void ctor_vararg() {
+    RRset set = new RRset(m_a1, m_a2);
+    assertEquals(Stream.of(m_a1, m_a2).collect(Collectors.toList()), set.rrs());
+    assertEquals(Collections.emptyList(), set.sigs());
+  }
+
+  @Test
+  void ctor_vararg_sig() {
+    RRset set = new RRset(m_a1, m_a2, m_s1);
+    assertEquals(Stream.of(m_a1, m_a2).collect(Collectors.toList()), set.rrs());
+    assertEquals(Collections.singletonList(m_s1), set.sigs());
+  }
+
+  @Test
+  void ctor_vararg_mismatch() {
+    TXTRecord txt = new TXTRecord(m_name, DClass.IN, 3600, "test");
+    assertThrows(IllegalArgumentException.class, () -> new RRset(m_a1, m_a2, txt));
+  }
+
+  @Test
+  void ctor_vararg_null() {
+    assertThrows(NullPointerException.class, () -> new RRset((Record[]) null));
+  }
+
   @Test
   void test_toString() {
     m_rs.addRR(m_a1);
@@ -231,18 +264,33 @@ void test_toString() {
     assertTrue(out.contains("[192.169.232.12]"));
   }
 
-  @SuppressWarnings("unchecked")
   @Test
-  void test_addRR_invalidType() throws TextParseException {
+  void test_toStringOnlySig() {
+    m_rs.addRR(m_s1);
+
+    String out = m_rs.toString();
+
+    assertFalse(out.contains("{empty}"));
+    assertTrue(out.contains(" sigs: "));
+    assertTrue(out.contains(m_name.toString()));
+  }
+
+  @Test
+  void test_toStringEmpty() {
+    assertEquals("{empty}", m_rs.toString());
+  }
+
+  @Test
+  void addRR_invalidType() throws TextParseException {
     m_rs.addRR(m_a1);
 
     CNAMERecord c = new CNAMERecord(m_name, DClass.IN, m_ttl, Name.fromString("an.alias."));
 
-    assertThrows(IllegalArgumentException.class, () -> ((RRset) m_rs).addRR(c));
+    assertThrows(IllegalArgumentException.class, () -> m_rs.addRR(c));
   }
 
   @Test
-  void test_addRR_invalidName() throws UnknownHostException {
+  void addRR_invalidName() throws UnknownHostException {
     m_rs.addRR(m_a1);
 
     m_a2 = new ARecord(m_name2, DClass.IN, m_ttl, InetAddress.getByName("192.169.232.11"));
@@ -251,7 +299,7 @@ void test_addRR_invalidName() throws UnknownHostException {
   }
 
   @Test
-  void test_addRR_invalidDClass() throws UnknownHostException {
+  void addRR_invalidDClass() throws UnknownHostException {
     m_rs.addRR(m_a1);
 
     m_a2 = new ARecord(m_name, DClass.CHAOS, m_ttl, InetAddress.getByName("192.169.232.11"));
@@ -260,7 +308,7 @@ void test_addRR_invalidDClass() throws UnknownHostException {
   }
 
   @Test
-  void test_TTLcalculation() {
+  void TTLcalculation() {
     m_rs.addRR(m_a2);
     assertEquals(m_a2.getTTL(), m_rs.getTTL());
     m_rs.addRR(m_a1);
@@ -272,12 +320,12 @@ void test_TTLcalculation() {
   }
 
   @Test
-  void test_Record_placement() {
+  void Record_placement() {
     m_rs.addRR(m_a1);
     m_rs.addRR(m_s1);
     m_rs.addRR(m_a2);
 
-    List<ARecord> itr = m_rs.rrs();
+    List<Record> itr = m_rs.rrs();
     assertEquals(m_a1, itr.get(0));
     assertEquals(m_a2, itr.get(1));
     assertEquals(2, itr.size());
@@ -288,11 +336,11 @@ void test_Record_placement() {
   }
 
   @Test
-  void test_noncycling_iterator() {
+  void noncycling_iterator() {
     m_rs.addRR(m_a1);
     m_rs.addRR(m_a2);
 
-    List<ARecord> itr = m_rs.rrs(false);
+    List<Record> itr = m_rs.rrs(false);
     assertEquals(m_a1, itr.get(0));
     assertEquals(m_a2, itr.get(1));
 
@@ -300,4 +348,19 @@ void test_noncycling_iterator() {
     assertEquals(m_a1, itr.get(0));
     assertEquals(m_a2, itr.get(1));
   }
+
+  @ParameterizedTest
+  @ValueSource(ints = {100, 50_000})
+  void cycleSimulationShortValues(int numOfCalls) {
+    RRset rrset = new RRset();
+    rrset.addRR(m_a1);
+    rrset.addRR(m_a2);
+
+    assertDoesNotThrow(
+        () -> {
+          for (int i = 0; i < numOfCalls; i++) {
+            rrset.rrs(true);
+          }
+        });
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/RTRecordTest.java b/src/test/java/org/xbill/DNS/RTRecordTest.java
index 2adebe19f..641e4d318 100644
--- a/src/test/java/org/xbill/DNS/RTRecordTest.java
+++ b/src/test/java/org/xbill/DNS/RTRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -35,20 +36,12 @@
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
 
 class RTRecordTest {
   @Test
-  void test_getObject() {
-    RTRecord d = new RTRecord();
-    Record r = d.getObject();
-    assertTrue(r instanceof RTRecord);
-  }
-
-  @Test
-  void test_ctor_5arg() throws TextParseException {
+  void ctor_5arg() throws TextParseException {
     Name n = Name.fromString("My.Name.");
     Name m = Name.fromString("My.OtherName.");
 
diff --git a/src/test/java/org/xbill/DNS/RcodeTest.java b/src/test/java/org/xbill/DNS/RcodeTest.java
index d98dec550..5e5f9e6b3 100644
--- a/src/test/java/org/xbill/DNS/RcodeTest.java
+++ b/src/test/java/org/xbill/DNS/RcodeTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -42,7 +43,7 @@
 
 class RcodeTest {
   @Test
-  void test_string() {
+  void string() {
     // a regular one
     assertEquals("NXDOMAIN", Rcode.string(Rcode.NXDOMAIN));
 
@@ -50,7 +51,7 @@ void test_string() {
     assertEquals("NOTIMP", Rcode.string(Rcode.NOTIMP));
 
     // one that doesn't exist
-    assertTrue(Rcode.string(20).startsWith("RESERVED"));
+    assertTrue(Rcode.string(30).startsWith("RESERVED"));
 
     assertThrows(IllegalArgumentException.class, () -> Rcode.string(-1));
 
@@ -59,12 +60,12 @@ void test_string() {
   }
 
   @Test
-  void test_TSIGstring() {
+  void TSIGstring() {
     // a regular one
     assertEquals("BADSIG", Rcode.TSIGstring(Rcode.BADSIG));
 
     // one that doesn't exist
-    assertTrue(Rcode.TSIGstring(20).startsWith("RESERVED"));
+    assertTrue(Rcode.TSIGstring(30).startsWith("RESERVED"));
 
     assertThrows(IllegalArgumentException.class, () -> Rcode.TSIGstring(-1));
 
@@ -73,7 +74,7 @@ void test_TSIGstring() {
   }
 
   @Test
-  void test_value() {
+  void value() {
     // regular one
     assertEquals(Rcode.FORMERR, Rcode.value("FORMERR"));
 
diff --git a/src/test/java/org/xbill/DNS/RecordTest.java b/src/test/java/org/xbill/DNS/RecordTest.java
index 00ec8c0a9..b00cfc781 100644
--- a/src/test/java/org/xbill/DNS/RecordTest.java
+++ b/src/test/java/org/xbill/DNS/RecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -37,17 +38,27 @@
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
 import static org.junit.jupiter.api.Assertions.assertNotEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNotSame;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.time.Instant;
+import java.util.function.Supplier;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class RecordTest {
   private static class SubRecord extends Record {
@@ -57,11 +68,6 @@ private static class SubRecord extends Record {
       super(name, type, dclass, ttl);
     }
 
-    @Override
-    public Record getObject() {
-      return null;
-    }
-
     @Override
     public void rrFromWire(DNSInput in) {}
 
@@ -98,7 +104,7 @@ public Object clone() throws CloneNotSupportedException {
   }
 
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     SubRecord sr = new SubRecord();
     assertNull(sr.getName());
     assertEquals(0, sr.getType());
@@ -107,7 +113,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_ctor_4arg() throws TextParseException {
+  void ctor_4arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     int t = Type.A;
     int d = DClass.IN;
@@ -121,7 +127,7 @@ void test_ctor_4arg() throws TextParseException {
   }
 
   @Test
-  void test_ctor_4arg_invalid() throws TextParseException {
+  void ctor_4arg_invalid() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name r = Name.fromString("my.relative.name");
     int t = Type.A;
@@ -138,7 +144,7 @@ void test_ctor_4arg_invalid() throws TextParseException {
   }
 
   @Test
-  void test_newRecord_3arg() throws TextParseException {
+  void newRecord_3arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name r = Name.fromString("my.relative.name");
     int t = Type.A;
@@ -155,7 +161,7 @@ void test_newRecord_3arg() throws TextParseException {
   }
 
   @Test
-  void test_newRecord_4arg() throws TextParseException {
+  void newRecord_4arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name r = Name.fromString("my.relative.name");
     int t = Type.A;
@@ -173,7 +179,7 @@ void test_newRecord_4arg() throws TextParseException {
   }
 
   @Test
-  void test_newRecord_5arg() throws TextParseException, UnknownHostException {
+  void newRecord_5arg() throws TextParseException, UnknownHostException {
     Name n = Name.fromString("my.name.");
     int t = Type.A;
     int d = DClass.IN;
@@ -191,7 +197,7 @@ void test_newRecord_5arg() throws TextParseException, UnknownHostException {
   }
 
   @Test
-  void test_newRecord_6arg() throws TextParseException, UnknownHostException {
+  void newRecord_6arg() throws TextParseException, UnknownHostException {
     Name n = Name.fromString("my.name.");
     int t = Type.A;
     int d = DClass.IN;
@@ -224,7 +230,7 @@ void test_newRecord_6arg() throws TextParseException, UnknownHostException {
   }
 
   @Test
-  void test_newRecord_6arg_invalid() throws TextParseException {
+  void newRecord_6arg_invalid() throws TextParseException {
     Name n = Name.fromString("my.name.");
     Name r = Name.fromString("my.relative.name");
     int t = Type.A;
@@ -241,7 +247,7 @@ void test_newRecord_6arg_invalid() throws TextParseException {
   }
 
   @Test
-  void test_fromWire() throws IOException {
+  void fromWire() throws IOException {
     Name n = Name.fromString("my.name.");
     int t = Type.A;
     int d = DClass.IN;
@@ -308,7 +314,7 @@ void test_fromWire() throws IOException {
   }
 
   @Test
-  void test_toWire() throws IOException {
+  void toWire() throws IOException {
     Name n = Name.fromString("my.name.");
     int t = Type.A;
     int d = DClass.IN;
@@ -355,7 +361,7 @@ void test_toWire() throws IOException {
   }
 
   @Test
-  void test_toWireCanonical() throws IOException {
+  void toWireCanonical() throws IOException {
     Name n = Name.fromString("My.Name.");
     int t = Type.A;
     int d = DClass.IN;
@@ -379,7 +385,7 @@ void test_toWireCanonical() throws IOException {
   }
 
   @Test
-  void test_rdataToWireCanonical() throws IOException {
+  void rdataToWireCanonical() throws IOException {
     Name n = Name.fromString("My.Name.");
     Name n2 = Name.fromString("My.Second.Name.");
     int t = Type.NS;
@@ -402,7 +408,7 @@ void test_rdataToWireCanonical() throws IOException {
   }
 
   @Test
-  void test_rdataToString() throws IOException {
+  void rdataToString() throws IOException {
     Name n = Name.fromString("My.Name.");
     Name n2 = Name.fromString("My.Second.Name.");
     int t = Type.NS;
@@ -437,27 +443,32 @@ void test_toString() throws TextParseException {
     assertTrue(out.contains("IN"));
     assertTrue(out.contains(ttl + ""));
 
-    Options.set("BINDTTL");
-
-    out = rec.toString();
-    assertTrue(out.contains(n.toString()));
-    assertTrue(out.contains(n2.toString()));
-    assertTrue(out.contains("NS"));
-    assertTrue(out.contains("IN"));
-    assertTrue(out.contains(TTL.format(ttl)));
-
-    Options.set("noPrintIN");
-    out = rec.toString();
-    assertTrue(out.contains(n.toString()));
-    assertTrue(out.contains(n2.toString()));
-    assertTrue(out.contains("NS"));
-    assertFalse(out.contains("IN"));
-    assertTrue(out.contains(TTL.format(ttl)));
+    try {
+      Options.set("BINDTTL");
+
+      out = rec.toString();
+      assertTrue(out.contains(n.toString()));
+      assertTrue(out.contains(n2.toString()));
+      assertTrue(out.contains("NS"));
+      assertTrue(out.contains("IN"));
+      assertTrue(out.contains(TTL.format(ttl)));
+
+      Options.set("noPrintIN");
+      out = rec.toString();
+      assertTrue(out.contains(n.toString()));
+      assertTrue(out.contains(n2.toString()));
+      assertTrue(out.contains("NS"));
+      assertFalse(out.contains("IN"));
+      assertTrue(out.contains(TTL.format(ttl)));
+    } finally {
+      Options.unset("BINDTTL");
+      Options.unset("noPrintIN");
+    }
   }
 
   @Test
-  void test_byteArrayFromString() throws TextParseException {
-    String in = "the 98 \" \' quick 0xAB brown";
+  void byteArrayFromString() throws TextParseException {
+    String in = "the 98 \" ' quick 0xAB brown";
     byte[] out = SubRecord.byteArrayFromString(in);
     assertArrayEquals(in.getBytes(), out);
 
@@ -468,7 +479,7 @@ void test_byteArrayFromString() throws TextParseException {
   }
 
   @Test
-  void test_byteArrayFromString_invalid() {
+  void byteArrayFromString_invalid() {
     StringBuilder b = new StringBuilder();
     for (int i = 0; i < 257; ++i) {
       b.append('A');
@@ -484,14 +495,14 @@ void test_byteArrayFromString_invalid() {
   }
 
   @Test
-  void test_byteArrayToString() {
+  void byteArrayToString() {
     byte[] in = new byte[] {' ', 0x1F, 'A', 'a', ';', '"', '\\', 0x7E, 0x7F, (byte) 0xFF};
     String exp = "\" \\031Aa;\\\"\\\\~\\127\\255\"";
     assertEquals(exp, SubRecord.byteArrayToString(in, true));
   }
 
   @Test
-  void test_unknownToString() {
+  void unknownToString() {
     byte[] data =
         new byte[] {
           (byte) 0x12,
@@ -510,7 +521,7 @@ void test_unknownToString() {
   }
 
   @Test
-  void test_fromString() throws IOException {
+  void fromString() throws IOException {
     Name n = Name.fromString("My.N.");
     Name n2 = Name.fromString("My.Second.Name.");
     int t = Type.A;
@@ -541,32 +552,40 @@ void test_fromString() throws IOException {
   }
 
   @Test
-  void test_fromString_invalid() throws IOException {
+  void fromString_empty() throws IOException {
     Name n = Name.fromString("My.N.");
+    Record r = Record.fromString(n, 0, DClass.IN, 3600, "\\# 0", Name.root);
+    assertInstanceOf(UNKRecord.class, r);
+    assertEquals(0, ((UNKRecord) r).getData().length);
+  }
+
+  @Test
+  void fromString_relative() throws IOException {
     Name rel = Name.fromString("My.R");
     Name n2 = Name.fromString("My.Second.Name.");
-    int t = Type.A;
-    int d = DClass.IN;
-    int ttl = 0xABE99;
-    InetAddress addr = InetAddress.getByName("191.234.43.10");
 
     assertThrows(
         RelativeNameException.class,
-        () -> Record.fromString(rel, t, d, ttl, new Tokenizer("191.234.43.10"), n2));
+        () -> Record.fromString(rel, Type.A, DClass.IN, 3600, "191.234.43.10", n2));
+  }
 
-    assertThrows(
-        TextParseException.class,
-        () -> Record.fromString(n, t, d, ttl, new Tokenizer("191.234.43.10 another_token"), n2));
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        "191.234.43.10 another_token",
+        "\\# 100 ABCDE",
+        "\\# 100",
+      })
+  void fromString_invalid(String data) throws IOException {
+    Name n = Name.fromString("My.N.");
+    Name n2 = Name.fromString("My.Second.Name.");
 
     assertThrows(
-        TextParseException.class,
-        () -> Record.fromString(n, t, d, ttl, new Tokenizer("\\# 100 ABCDE"), n2));
-
-    assertThrows(TextParseException.class, () -> Record.fromString(n, t, d, ttl, "\\# 100", n2));
+        TextParseException.class, () -> Record.fromString(n, Type.A, DClass.IN, 3600, data, n2));
   }
 
   @Test
-  void test_getRRsetType() throws TextParseException {
+  void getRRsetType() throws TextParseException {
     Name n = Name.fromString("My.N.");
 
     Record r = Record.newRecord(n, Type.A, DClass.IN, 0);
@@ -583,7 +602,7 @@ void test_getRRsetType() throws TextParseException {
   }
 
   @Test
-  void test_sameRRset() throws TextParseException {
+  void sameRRset() throws TextParseException {
     Name n = Name.fromString("My.N.");
     Name m = Name.fromString("My.M.");
 
@@ -605,7 +624,7 @@ void test_sameRRset() throws TextParseException {
   }
 
   @Test
-  void test_equals() throws TextParseException {
+  void equals() throws TextParseException {
     Name n = Name.fromString("My.N.");
     Name n2 = Name.fromString("my.n.");
     Name m = Name.fromString("My.M.");
@@ -690,7 +709,7 @@ void test_hashCode() throws TextParseException {
   }
 
   @Test
-  void test_cloneRecord() throws TextParseException {
+  void cloneRecord() throws TextParseException {
     Name n = Name.fromString("My.N.");
     byte[] d = new byte[] {23, 12, 9, (byte) 129};
     Record r = Record.newRecord(n, Type.A, DClass.IN, 0xABCDE9, d);
@@ -706,7 +725,7 @@ void test_cloneRecord() throws TextParseException {
   }
 
   @Test
-  void test_withName() throws TextParseException {
+  void withName() throws TextParseException {
     Name n = Name.fromString("My.N.");
     Name m = Name.fromString("My.M.Name.");
     Name rel = Name.fromString("My.Relative.Name");
@@ -725,7 +744,7 @@ void test_withName() throws TextParseException {
   }
 
   @Test
-  void test_withDClass() throws TextParseException {
+  void withDClass() throws TextParseException {
     Name n = Name.fromString("My.N.");
     byte[] d = new byte[] {23, 12, 9, (byte) 129};
     Record r = Record.newRecord(n, Type.A, DClass.IN, 0xABCDE9, d);
@@ -740,7 +759,7 @@ void test_withDClass() throws TextParseException {
   }
 
   @Test
-  void test_setTTL() throws TextParseException, UnknownHostException {
+  void setTTL() throws TextParseException, UnknownHostException {
     Name n = Name.fromString("My.N.");
     byte[] d = new byte[] {23, 12, 9, (byte) 129};
     InetAddress exp = InetAddress.getByName("23.12.9.129");
@@ -758,7 +777,7 @@ void test_setTTL() throws TextParseException, UnknownHostException {
   }
 
   @Test
-  void test_compareTo() throws TextParseException {
+  void compareTo() throws TextParseException {
     Name n = Name.fromString("My.N.");
     Name n2 = Name.fromString("my.n.");
     Name m = Name.fromString("My.M.");
@@ -806,7 +825,7 @@ void test_compareTo() throws TextParseException {
   }
 
   @Test
-  void test_getAdditionalName() throws TextParseException {
+  void getAdditionalName() throws TextParseException {
     Name n = Name.fromString("My.N.");
     Record r = new SubRecord(n, Type.A, DClass.IN, 0xABCDE9);
 
@@ -814,7 +833,7 @@ void test_getAdditionalName() throws TextParseException {
   }
 
   @Test
-  void test_checkU8() {
+  void checkU8() {
     assertThrows(IllegalArgumentException.class, () -> Record.checkU8("field", -1));
     assertEquals(0, Record.checkU8("field", 0));
     assertEquals(0x9D, Record.checkU8("field", 0x9D));
@@ -823,7 +842,7 @@ void test_checkU8() {
   }
 
   @Test
-  void test_checkU16() {
+  void checkU16() {
     assertThrows(IllegalArgumentException.class, () -> Record.checkU16("field", -1));
     assertEquals(0, Record.checkU16("field", 0));
     assertEquals(0x9DA1, Record.checkU16("field", 0x9DA1));
@@ -832,7 +851,7 @@ void test_checkU16() {
   }
 
   @Test
-  void test_checkU32() {
+  void checkU32() {
     assertThrows(IllegalArgumentException.class, () -> Record.checkU32("field", -1));
     assertEquals(0, Record.checkU32("field", 0));
     assertEquals(0x9DA1F02DL, Record.checkU32("field", 0x9DA1F02DL));
@@ -841,7 +860,7 @@ void test_checkU32() {
   }
 
   @Test
-  void test_checkName() throws TextParseException {
+  void checkName() throws TextParseException {
     Name n = Name.fromString("My.N.");
     Name m = Name.fromString("My.m");
 
@@ -849,4 +868,56 @@ void test_checkName() throws TextParseException {
 
     assertThrows(RelativeNameException.class, () -> Record.checkName("field", m));
   }
+
+  @Test
+  void testAllTypesHaveNoArgConstructor() {
+    for (int i = 1; i < 65535; i++) {
+      Supplier<Record> proto = Type.getFactory(i);
+      if (proto != null) {
+        try {
+          assertNotNull(proto.get());
+        } catch (Exception e) {
+          fail(
+              String.format(
+                  "Record type %s, (%d, %s) seems to have no or invalid 0arg ctor",
+                  Type.string(i), i, proto.getClass().getSimpleName()));
+        }
+      }
+    }
+  }
+
+  @Test
+  void testSerializable() throws IOException {
+    for (int i = 1; i < 65535; i++) {
+      try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
+        try (ObjectOutputStream oos = new ObjectOutputStream(bos)) {
+          if (Type.getFactory(i) != null) {
+            Record expected = Record.newRecord(Name.root, i, DClass.IN);
+            try {
+              oos.writeObject(expected);
+              try (ObjectInputStream ois =
+                  new ObjectInputStream(new ByteArrayInputStream(bos.toByteArray()))) {
+                Record actual = (Record) ois.readObject();
+                assertEquals(expected, actual);
+              }
+            } catch (Exception e) {
+              fail(
+                  String.format(
+                      "Record type %s (%d, %s) failed to (de)serialize",
+                      Type.string(i), i, expected.getClass().getSimpleName()),
+                  e);
+            }
+          }
+        }
+      }
+    }
+  }
+
+  // https://github.com/dnsjava/dnsjava/issues/254
+  @Test
+  void testEmptyTXTSerialization() throws IOException {
+    Name recordName = Name.fromString("name.name.");
+    Record r = Record.fromString(recordName, Type.TXT, DClass.IN, 0, "", recordName);
+    assertEquals("name.name.\t\t0\tIN\tTXT\t\"\"", r.toString());
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/ResolverConfigTest.java b/src/test/java/org/xbill/DNS/ResolverConfigTest.java
index 4a5693b08..f14683989 100644
--- a/src/test/java/org/xbill/DNS/ResolverConfigTest.java
+++ b/src/test/java/org/xbill/DNS/ResolverConfigTest.java
@@ -1,83 +1,216 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.junit.jupiter.api.Assumptions.assumeFalse;
+import static org.xbill.DNS.config.PropertyResolverConfigProvider.DNS_NDOTS_PROP;
+import static org.xbill.DNS.config.PropertyResolverConfigProvider.DNS_SEARCH_PROP;
+import static org.xbill.DNS.config.PropertyResolverConfigProvider.DNS_SERVER_PROP;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.Field;
+import java.net.InetSocketAddress;
 import java.util.Arrays;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.condition.DisabledOnOs;
 import org.junit.jupiter.api.condition.EnabledOnOs;
 import org.junit.jupiter.api.condition.OS;
+import org.xbill.DNS.config.InitializationException;
+import org.xbill.DNS.config.JndiContextResolverConfigProvider;
+import org.xbill.DNS.config.PropertyResolverConfigProvider;
+import org.xbill.DNS.config.ResolvConfResolverConfigProvider;
+import org.xbill.DNS.config.SunJvmResolverConfigProvider;
+import org.xbill.DNS.config.WindowsResolverConfigProvider;
 
 class ResolverConfigTest {
-
   @AfterEach
-  void tearDown() {
-    ResolverConfig.refresh();
+  void afterEach() throws Exception {
+    // make sure the ResolverConfig providers are not staying initialized after a test
+    Field configProvidersField = ResolverConfig.class.getDeclaredField("configProviders");
+    configProvidersField.setAccessible(true);
+    configProvidersField.set(null, null);
+    Field currentConfigField = ResolverConfig.class.getDeclaredField("currentConfig");
+    currentConfigField.setAccessible(true);
+    currentConfigField.set(null, null);
+  }
+
+  @Test
+  void testSkipInit() {
+    try {
+      System.setProperty(ResolverConfig.CONFIGPROVIDER_SKIP_INIT, Boolean.TRUE.toString());
+      assertTrue(ResolverConfig.getConfigProviders().isEmpty());
+    } finally {
+      System.setProperty(ResolverConfig.CONFIGPROVIDER_SKIP_INIT, Boolean.FALSE.toString());
+    }
   }
 
   @Test
-  void findProperty_Success() {
-    String[] dnsServers = {"server1", "server2"};
+  void properties() {
+    String[] dnsServers1 = {"192.168.1.1", "192.168.1.2", "192.168.1.1"};
+    String[] dnsServers2 = {"192.168.1.3"};
     // intentionally adding duplicate search entries for testing
     String[] dnsSearch = {"dnsjava.org", "example.com", "dnsjava.org"};
     Name[] searchPath =
         Arrays.stream(dnsSearch).map(s -> Name.fromConstantString(s + ".")).toArray(Name[]::new);
-    System.setProperty(ResolverConfig.DNS_SERVER_PROP, String.join(",", dnsServers));
-    System.setProperty(ResolverConfig.DNS_SEARCH_PROP, String.join(",", dnsSearch));
+    System.setProperty(DNS_SERVER_PROP, String.join(",", dnsServers1));
+    System.setProperty(DNS_SEARCH_PROP, String.join(",", dnsSearch));
+    System.setProperty(DNS_NDOTS_PROP, String.valueOf(5));
     try {
-      ResolverConfig.refresh();
-      ResolverConfig rc = ResolverConfig.getCurrentConfig();
-      assertTrue(rc.findProperty());
-      assertEquals("server1", rc.server());
-      assertEquals(2, rc.servers().length);
+      PropertyResolverConfigProvider rc = new PropertyResolverConfigProvider();
+      assertTrue(rc.isEnabled());
+      rc.initialize();
+
+      assertEquals(2, rc.servers().size());
+      assertEquals(dnsServers1[0], rc.servers().get(0).getAddress().getHostAddress());
+
+      // must remove no longer present servers
+      System.setProperty(DNS_SERVER_PROP, String.join(",", dnsServers2));
+      rc.initialize();
+      assertEquals(1, rc.servers().size());
+
       // any duplicate suffixes should be excluded
-      assertEquals(2, rc.searchPath().length);
-      assertEquals(searchPath[0], rc.searchPath()[0]);
-      assertEquals(searchPath[1], rc.searchPath()[1]);
+      assertEquals(2, rc.searchPaths().size());
+      assertEquals(searchPath[0], rc.searchPaths().get(0));
+      assertEquals(searchPath[1], rc.searchPaths().get(1));
+
+      assertEquals(5, rc.ndots());
     } finally {
-      System.clearProperty(ResolverConfig.DNS_SERVER_PROP);
-      System.clearProperty(ResolverConfig.DNS_SEARCH_PROP);
+      System.clearProperty(DNS_SERVER_PROP);
+      System.clearProperty(DNS_SEARCH_PROP);
+      System.clearProperty(DNS_NDOTS_PROP);
     }
   }
 
   @Test
-  @EnabledOnOs({OS.WINDOWS})
-  void findNT_Windows() {
-    assertTrue(ResolverConfig.getCurrentConfig().findWin());
+  void propertiesWithPort() {
+    String[] dnsServers = {
+      "192.168.1.1", "192.168.1.1:54", "::1", "0:0:0:0:0:0:0:1", "[::1]:54", "[::2]"
+    };
+    System.setProperty(DNS_SERVER_PROP, String.join(",", dnsServers));
+    try {
+      PropertyResolverConfigProvider rc = new PropertyResolverConfigProvider();
+      rc.initialize();
+
+      assertEquals(5, rc.servers().size());
+      assertEquals("192.168.1.1", rc.servers().get(0).getAddress().getHostAddress());
+      assertEquals(SimpleResolver.DEFAULT_PORT, rc.servers().get(0).getPort());
+
+      assertEquals("192.168.1.1", rc.servers().get(1).getAddress().getHostAddress());
+      assertEquals(54, rc.servers().get(1).getPort());
+
+      assertEquals("0:0:0:0:0:0:0:1", rc.servers().get(2).getAddress().getHostAddress());
+      assertEquals(SimpleResolver.DEFAULT_PORT, rc.servers().get(2).getPort());
+
+      assertEquals("0:0:0:0:0:0:0:1", rc.servers().get(3).getAddress().getHostAddress());
+      assertEquals(54, rc.servers().get(3).getPort());
+
+      assertEquals("0:0:0:0:0:0:0:2", rc.servers().get(4).getAddress().getHostAddress());
+      assertEquals(53, rc.servers().get(4).getPort());
+    } finally {
+      System.clearProperty(DNS_SERVER_PROP);
+    }
   }
 
   @Test
-  @DisabledOnOs({OS.WINDOWS})
-  void findNT_NotWindows() {
-    assertFalse(ResolverConfig.getCurrentConfig().findWin());
+  @EnabledOnOs(OS.WINDOWS)
+  void resolvConfDisabledOnWindows() {
+    ResolvConfResolverConfigProvider rc = new ResolvConfResolverConfigProvider();
+    assertFalse(rc.isEnabled());
   }
 
   @Test
-  @DisabledOnOs({OS.WINDOWS})
-  void findUnix() {
-    assertTrue(ResolverConfig.getCurrentConfig().findUnix());
+  @DisabledOnOs(OS.WINDOWS)
+  void resolvConfEnabledOnUnix() {
+    ResolvConfResolverConfigProvider rc = new ResolvConfResolverConfigProvider();
+    assertTrue(rc.isEnabled());
   }
 
   @Test
-  void resolvConfLoaded() {
-    assertTrue(
-        ResolverConfig.getCurrentConfig()
-            .findResolvConf(
-                ResolverConfigTest.class.getResourceAsStream("/test_loaded_resolv.conf")));
-    assertEquals(5, ResolverConfig.getCurrentConfig().ndots());
+  @EnabledOnOs(OS.WINDOWS)
+  void windowsEnabledOnWindows() {
+    WindowsResolverConfigProvider rc = new WindowsResolverConfigProvider();
+    assertTrue(rc.isEnabled());
   }
 
   @Test
-  void findNetware() {
-    assumeFalse(ResolverConfig.getCurrentConfig().findNetware());
+  @DisabledOnOs(OS.WINDOWS)
+  void windowsDisabledOnUnix() {
+    WindowsResolverConfigProvider rc = new WindowsResolverConfigProvider();
+    assertFalse(rc.isEnabled());
+  }
+
+  @Test
+  void resolvConf() {
+    ResolvConfResolverConfigProvider rc =
+        new ResolvConfResolverConfigProvider() {
+          @Override
+          public void initialize() {
+            try {
+              try (InputStream in =
+                  ResolverConfigTest.class.getResourceAsStream("/test_loaded_resolv.conf")) {
+                parseResolvConf(in);
+              }
+            } catch (IOException e) {
+              throw new RuntimeException(e);
+            }
+          }
+        };
+
+    rc.initialize();
+    assertEquals(1, rc.servers().size());
+    assertEquals(new InetSocketAddress("192.168.1.1", 53), rc.servers().get(0));
+    assertEquals(2, rc.searchPaths().size());
+    assertFalse(rc.searchPaths().contains(Name.fromConstantString("domain.com.")));
+    assertEquals(5, rc.ndots());
+  }
+
+  @Test
+  void jndi() {
+    JndiContextResolverConfigProvider rc = new JndiContextResolverConfigProvider();
+    assertTrue(rc.isEnabled());
+    rc.initialize();
+  }
+
+  @Test
+  void sunJvm() throws InitializationException {
+    SunJvmResolverConfigProvider rc = new SunJvmResolverConfigProvider();
+    assertFalse(rc.isEnabled());
+    rc.initialize();
+  }
+
+  @Test
+  void sunJvmServersEqualsJndi() throws InitializationException {
+    SunJvmResolverConfigProvider sun = new SunJvmResolverConfigProvider();
+    sun.initialize();
+    JndiContextResolverConfigProvider jndi = new JndiContextResolverConfigProvider();
+    jndi.initialize();
+    assertEquals(sun.servers(), jndi.servers());
+  }
+
+  @Test
+  @EnabledOnOs(OS.WINDOWS)
+  void windowsServersContainedInJndi() throws InitializationException {
+    JndiContextResolverConfigProvider jndi = new JndiContextResolverConfigProvider();
+    jndi.initialize();
+    WindowsResolverConfigProvider win = new WindowsResolverConfigProvider();
+    win.initialize();
+
+    // The servers returned via Windows API must be in the JNDI list, but not necessarily the other
+    // way round. Unless there are IPv6 servers which are not in the registry and Java <= 15 does
+    // not find.
+    for (InetSocketAddress winServer : win.servers()) {
+      assertTrue(
+          jndi.servers().contains(winServer),
+          winServer + " not found in JNDI, " + win.servers() + "; " + jndi.servers());
+    }
   }
 
   @Test
-  void findAndroid() {
-    assumeFalse(ResolverConfig.getCurrentConfig().findAndroid());
+  void refreshAsFirstCall() {
+    assertDoesNotThrow(ResolverConfig::refresh);
   }
 }
diff --git a/src/test/java/org/xbill/DNS/ResolverTest.java b/src/test/java/org/xbill/DNS/ResolverTest.java
new file mode 100644
index 000000000..365254a83
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/ResolverTest.java
@@ -0,0 +1,47 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.fail;
+
+import java.net.UnknownHostException;
+import java.time.Duration;
+import java.util.concurrent.CompletionException;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+import org.junit.jupiter.api.Test;
+
+class ResolverTest {
+  @Test
+  @SuppressWarnings("deprecation")
+  void resolverListenerExceptionUnwrap() throws InterruptedException, UnknownHostException {
+    // 1. Point to a blackhole address from RFC 5737 TEST-NET-1 to ensure a timeout
+    SimpleResolver resolver = new SimpleResolver("192.0.2.1");
+    resolver.setTimeout(Duration.ofSeconds(2));
+
+    Message query =
+        Message.newQuery(
+            Record.newRecord(Name.fromConstantString("example.com."), Type.A, DClass.IN));
+    CountDownLatch latch = new CountDownLatch(1);
+
+    // 2. Use the async method with a listener
+    resolver.sendAsync(
+        query,
+        new ResolverListener() {
+          @Override
+          public void receiveMessage(Object id, Message m) {
+            fail("Received message (should not happen)");
+            latch.countDown();
+          }
+
+          @Override
+          public void handleException(Object id, Exception ex) {
+            // 3. Observe the exception type
+            assertThat(ex).isNotInstanceOf(CompletionException.class);
+            latch.countDown();
+          }
+        });
+
+    latch.await(5, TimeUnit.SECONDS);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/ReverseMapTest.java b/src/test/java/org/xbill/DNS/ReverseMapTest.java
index 2a23c11ec..458aba480 100644
--- a/src/test/java/org/xbill/DNS/ReverseMapTest.java
+++ b/src/test/java/org/xbill/DNS/ReverseMapTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -42,25 +43,26 @@
 import org.junit.jupiter.api.Test;
 
 class ReverseMapTest {
+  private final String ipv4Addr = "192.168.0.1";
+  private final Name ipv4arpa = Name.fromConstantString("1.0.168.192.in-addr.arpa.");
+  private final Name ipv6arpa =
+      Name.fromConstantString(
+          "4.3.3.7.0.7.3.0.E.2.A.8.9.1.3.1.3.D.8.0.3.A.5.8.8.B.D.0.1.0.0.2.ip6.arpa.");
+  private final String ipv6addr = "2001:db8:85a3:8d3:1319:8a2e:370:7334";
+
   @Test
-  void test_fromAddress_ipv4() throws UnknownHostException, TextParseException {
-    Name exp = Name.fromString("1.0.168.192.in-addr.arpa.");
-    String addr = "192.168.0.1";
-    assertEquals(exp, ReverseMap.fromAddress(addr));
+  void fromAddress_ipv4() throws UnknownHostException {
+    assertEquals(ipv4arpa, ReverseMap.fromAddress(ipv4Addr));
 
-    assertEquals(exp, ReverseMap.fromAddress(addr, Address.IPv4));
-    assertEquals(exp, ReverseMap.fromAddress(InetAddress.getByName(addr)));
+    assertEquals(ipv4arpa, ReverseMap.fromAddress(ipv4Addr, Address.IPv4));
+    assertEquals(ipv4arpa, ReverseMap.fromAddress(InetAddress.getByName(ipv4Addr)));
     assertEquals(
-        exp, ReverseMap.fromAddress(new byte[] {(byte) 192, (byte) 168, (byte) 0, (byte) 1}));
-    assertEquals(exp, ReverseMap.fromAddress(new int[] {192, 168, 0, 1}));
+        ipv4arpa, ReverseMap.fromAddress(new byte[] {(byte) 192, (byte) 168, (byte) 0, (byte) 1}));
+    assertEquals(ipv4arpa, ReverseMap.fromAddress(new int[] {192, 168, 0, 1}));
   }
 
   @Test
-  void test_fromAddress_ipv6() throws UnknownHostException, TextParseException {
-    Name exp =
-        Name.fromString(
-            "4.3.3.7.0.7.3.0.E.2.A.8.9.1.3.1.3.D.8.0.3.A.5.8.8.B.D.0.1.0.0.2.ip6.arpa.");
-    String addr = "2001:0db8:85a3:08d3:1319:8a2e:0370:7334";
+  void fromAddress_ipv6() throws UnknownHostException {
     byte[] dat =
         new byte[] {
           (byte) 32, (byte) 1, (byte) 13, (byte) 184, (byte) 133, (byte) 163, (byte) 8, (byte) 211,
@@ -68,14 +70,14 @@ void test_fromAddress_ipv6() throws UnknownHostException, TextParseException {
         };
     int[] idat = new int[] {32, 1, 13, 184, 133, 163, 8, 211, 19, 25, 138, 46, 3, 112, 115, 52};
 
-    assertEquals(exp, ReverseMap.fromAddress(addr, Address.IPv6));
-    assertEquals(exp, ReverseMap.fromAddress(InetAddress.getByName(addr)));
-    assertEquals(exp, ReverseMap.fromAddress(dat));
-    assertEquals(exp, ReverseMap.fromAddress(idat));
+    assertEquals(ipv6arpa, ReverseMap.fromAddress(ipv6addr, Address.IPv6));
+    assertEquals(ipv6arpa, ReverseMap.fromAddress(InetAddress.getByName(ipv6addr)));
+    assertEquals(ipv6arpa, ReverseMap.fromAddress(dat));
+    assertEquals(ipv6arpa, ReverseMap.fromAddress(idat));
   }
 
   @Test
-  void test_fromAddress_invalid() {
+  void fromAddress_invalid() {
     assertThrows(UnknownHostException.class, () -> ReverseMap.fromAddress("A.B.C.D", Address.IPv4));
     assertThrows(IllegalArgumentException.class, () -> ReverseMap.fromAddress(new byte[0]));
     assertThrows(IllegalArgumentException.class, () -> ReverseMap.fromAddress(new byte[3]));
@@ -90,4 +92,38 @@ void test_fromAddress_invalid() {
           ReverseMap.fromAddress(dat);
         });
   }
+
+  @Test
+  void fromName_ipv4_valid() throws TextParseException, UnknownHostException {
+    assertEquals(ipv4Addr, ReverseMap.fromName(ipv4arpa).getHostAddress());
+    assertEquals("192.168.0.0", ReverseMap.fromName("168.192.in-addr.arpa.").getHostAddress());
+  }
+
+  @Test
+  void fromName_ipv6_valid() throws TextParseException, UnknownHostException {
+    assertEquals(ipv6addr, ReverseMap.fromName(ipv6arpa).getHostAddress());
+    assertEquals(
+        "2001:db8:0:0:0:0:0:0", ReverseMap.fromName("8.B.D.0.1.0.0.2.ip6.arpa.").getHostAddress());
+    assertEquals(
+        "2001:d00:0:0:0:0:0:0", ReverseMap.fromName("D.0.1.0.0.2.ip6.arpa.").getHostAddress());
+    assertEquals(
+        "2001:db0:0:0:0:0:0:0", ReverseMap.fromName("B.D.0.1.0.0.2.ip6.arpa.").getHostAddress());
+  }
+
+  @Test
+  void fromNameInvalid() {
+    assertThrows(UnknownHostException.class, () -> ReverseMap.fromName("host.example.com."));
+
+    assertThrows(UnknownHostException.class, () -> ReverseMap.fromName("ip6.arpa."));
+    assertThrows(UnknownHostException.class, () -> ReverseMap.fromName("caffee.ip6.arpa."));
+    assertThrows(
+        UnknownHostException.class,
+        () ->
+            ReverseMap.fromName(
+                "1.4.3.3.7.0.7.3.0.E.2.A.8.9.1.3.1.3.D.8.0.3.A.5.8.8.B.D.0.1.0.0.2.ip6.arpa."));
+
+    assertThrows(UnknownHostException.class, () -> ReverseMap.fromName("in-addr.arpa."));
+    assertThrows(UnknownHostException.class, () -> ReverseMap.fromName("caffee.in-addr.arpa."));
+    assertThrows(UnknownHostException.class, () -> ReverseMap.fromName("1.2.3.4.5.in-addr.arpa."));
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/SMIMEARecordTest.java b/src/test/java/org/xbill/DNS/SMIMEARecordTest.java
index 4de0bf2b6..6f101a419 100644
--- a/src/test/java/org/xbill/DNS/SMIMEARecordTest.java
+++ b/src/test/java/org/xbill/DNS/SMIMEARecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
@@ -12,12 +13,13 @@ class SMIMEARecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("(3 0 2 CAFEBABE)");
-    SMIMEARecord record = new SMIMEARecord();
-    record.rdataFromString(t, null);
+    SMIMEARecord smimeaRecord = new SMIMEARecord();
+    smimeaRecord.rdataFromString(t, null);
     assertEquals(
-        SMIMEARecord.CertificateUsage.DOMAIN_ISSUED_CERTIFICATE, record.getCertificateUsage());
-    assertEquals(SMIMEARecord.MatchingType.SHA512, record.getMatchingType());
-    assertEquals(SMIMEARecord.Selector.FULL_CERTIFICATE, record.getSelector());
-    assertArrayEquals(base16.fromString("CAFEBABE"), record.getCertificateAssociationData());
+        SMIMEARecord.CertificateUsage.DOMAIN_ISSUED_CERTIFICATE,
+        smimeaRecord.getCertificateUsage());
+    assertEquals(SMIMEARecord.MatchingType.SHA512, smimeaRecord.getMatchingType());
+    assertEquals(SMIMEARecord.Selector.FULL_CERTIFICATE, smimeaRecord.getSelector());
+    assertArrayEquals(base16.fromString("CAFEBABE"), smimeaRecord.getCertificateAssociationData());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/SOARecordTest.java b/src/test/java/org/xbill/DNS/SOARecordTest.java
index d96aa8471..ffc0f931b 100644
--- a/src/test/java/org/xbill/DNS/SOARecordTest.java
+++ b/src/test/java/org/xbill/DNS/SOARecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -75,7 +76,7 @@ void setUp() throws TextParseException {
     }
 
     @Test
-    void test_0arg() {
+    void ctor_0arg() {
       SOARecord ar = new SOARecord();
       assertNull(ar.getName());
       assertEquals(0, ar.getType());
@@ -91,14 +92,7 @@ void test_0arg() {
     }
 
     @Test
-    void test_getObject() {
-      SOARecord ar = new SOARecord();
-      Record r = ar.getObject();
-      assertTrue(r instanceof SOARecord);
-    }
-
-    @Test
-    void test_10arg() {
+    void ctor_10arg() {
       SOARecord ar =
           new SOARecord(
               m_an, DClass.IN, m_ttl, m_host, m_admin, m_serial, m_refresh, m_retry, m_expire,
@@ -117,7 +111,7 @@ void test_10arg() {
     }
 
     @Test
-    void test_10arg_relative_name() {
+    void ctor_10arg_relative_name() {
       assertThrows(
           RelativeNameException.class,
           () ->
@@ -127,7 +121,7 @@ void test_10arg_relative_name() {
     }
 
     @Test
-    void test_10arg_relative_host() {
+    void ctor_10arg_relative_host() {
       assertThrows(
           RelativeNameException.class,
           () ->
@@ -137,7 +131,7 @@ void test_10arg_relative_host() {
     }
 
     @Test
-    void test_10arg_relative_admin() {
+    void ctor_10arg_relative_admin() {
       assertThrows(
           RelativeNameException.class,
           () ->
@@ -147,7 +141,7 @@ void test_10arg_relative_admin() {
     }
 
     @Test
-    void test_10arg_negative_serial() {
+    void ctor_10arg_negative_serial() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -157,7 +151,7 @@ void test_10arg_negative_serial() {
     }
 
     @Test
-    void test_10arg_toobig_serial() {
+    void ctor_10arg_toobig_serial() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -175,7 +169,7 @@ void test_10arg_toobig_serial() {
     }
 
     @Test
-    void test_10arg_negative_refresh() {
+    void ctor_10arg_negative_refresh() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -185,7 +179,7 @@ void test_10arg_negative_refresh() {
     }
 
     @Test
-    void test_10arg_toobig_refresh() {
+    void ctor_10arg_toobig_refresh() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -203,7 +197,7 @@ void test_10arg_toobig_refresh() {
     }
 
     @Test
-    void test_10arg_negative_retry() {
+    void ctor_10arg_negative_retry() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -213,7 +207,7 @@ void test_10arg_negative_retry() {
     }
 
     @Test
-    void test_10arg_toobig_retry() {
+    void ctor_10arg_toobig_retry() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -231,7 +225,7 @@ void test_10arg_toobig_retry() {
     }
 
     @Test
-    void test_10arg_negative_expire() {
+    void ctor_10arg_negative_expire() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -241,7 +235,7 @@ void test_10arg_negative_expire() {
     }
 
     @Test
-    void test_10arg_toobig_expire() {
+    void ctor_10arg_toobig_expire() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -259,7 +253,7 @@ void test_10arg_toobig_expire() {
     }
 
     @Test
-    void test_10arg_negative_minimun() {
+    void ctor_10arg_negative_minimun() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -269,7 +263,7 @@ void test_10arg_negative_minimun() {
     }
 
     @Test
-    void test_10arg_toobig_minimum() {
+    void ctor_10arg_toobig_minimum() {
       assertThrows(
           IllegalArgumentException.class,
           () ->
@@ -374,7 +368,7 @@ void setUp() throws TextParseException {
     }
 
     @Test
-    void test_valid() throws IOException {
+    void valid() throws IOException {
       Tokenizer t =
           new Tokenizer(
               "M.h " + m_admin + " " + m_serial + " " + m_refresh + " " + m_retry + " " + m_expire
@@ -393,7 +387,7 @@ void test_valid() throws IOException {
     }
 
     @Test
-    void test_relative_name() throws IOException {
+    void relative_name() {
       Tokenizer t =
           new Tokenizer(
               "M.h " + m_admin + " " + m_serial + " " + m_refresh + " " + m_retry + " " + m_expire
@@ -422,7 +416,7 @@ void setUp() throws TextParseException {
     }
 
     @Test
-    void test_singleLine() {
+    void singleLine() {
       SOARecord ar =
           new SOARecord(
               m_an, DClass.IN, m_ttl, m_host, m_admin, m_serial, m_refresh, m_retry, m_expire,
@@ -437,7 +431,7 @@ void test_singleLine() {
     }
 
     @Test
-    void test_multiLine() {
+    void multiLine() {
       SOARecord ar =
           new SOARecord(
               m_an, DClass.IN, m_ttl, m_host, m_admin, m_serial, m_refresh, m_retry, m_expire,
@@ -490,7 +484,7 @@ void setUp() throws TextParseException {
     }
 
     @Test
-    void test_canonical() {
+    void canonical() {
       byte[] exp =
           new byte[] {
             1,
@@ -540,7 +534,7 @@ void test_canonical() {
     }
 
     @Test
-    void test_case_sensitive() {
+    void case_sensitive() {
       byte[] exp =
           new byte[] {
             1,
diff --git a/src/test/java/org/xbill/DNS/SPFRecordTest.java b/src/test/java/org/xbill/DNS/SPFRecordTest.java
index 49a9b2f2a..9d1dbf9aa 100644
--- a/src/test/java/org/xbill/DNS/SPFRecordTest.java
+++ b/src/test/java/org/xbill/DNS/SPFRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -10,9 +11,9 @@ class SPFRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("v=spf1 a mx ip4:69.64.153.131 include:_spf.google.com ~all");
-    SPFRecord record = new SPFRecord();
-    record.rdataFromString(t, null);
-    assertEquals(6, record.getStrings().size());
-    assertEquals(6, record.getStringsAsByteArrays().size());
+    SPFRecord spfRecord = new SPFRecord();
+    spfRecord.rdataFromString(t, null);
+    assertEquals(6, spfRecord.getStrings().size());
+    assertEquals(6, spfRecord.getStringsAsByteArrays().size());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/SRVRecordTest.java b/src/test/java/org/xbill/DNS/SRVRecordTest.java
index 13b656e9f..39eeb39a8 100644
--- a/src/test/java/org/xbill/DNS/SRVRecordTest.java
+++ b/src/test/java/org/xbill/DNS/SRVRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -10,12 +11,12 @@ class SRVRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("0 5 5060 sipserver.example.com.");
-    SRVRecord record = new SRVRecord();
-    record.rdataFromString(t, null);
-    assertEquals(0, record.getPriority());
-    assertEquals(5, record.getWeight());
-    assertEquals(5060, record.getPort());
-    assertEquals(Name.fromConstantString("sipserver.example.com."), record.getTarget());
-    assertEquals(record.getAdditionalName(), record.getTarget());
+    SRVRecord srvRecord = new SRVRecord();
+    srvRecord.rdataFromString(t, null);
+    assertEquals(0, srvRecord.getPriority());
+    assertEquals(5, srvRecord.getWeight());
+    assertEquals(5060, srvRecord.getPort());
+    assertEquals(Name.fromConstantString("sipserver.example.com."), srvRecord.getTarget());
+    assertEquals(srvRecord.getAdditionalName(), srvRecord.getTarget());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/SSHFPRecordTest.java b/src/test/java/org/xbill/DNS/SSHFPRecordTest.java
index 698c39140..349b94d42 100644
--- a/src/test/java/org/xbill/DNS/SSHFPRecordTest.java
+++ b/src/test/java/org/xbill/DNS/SSHFPRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
@@ -12,10 +13,10 @@ class SSHFPRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("2 1 CAFEBABE");
-    SSHFPRecord record = new SSHFPRecord();
-    record.rdataFromString(t, null);
-    assertEquals(SSHFPRecord.Algorithm.DSS, record.getAlgorithm());
-    assertEquals(SSHFPRecord.Digest.SHA1, record.getDigestType());
-    assertArrayEquals(base16.fromString("CAFEBABE"), record.getFingerPrint());
+    SSHFPRecord sshfpRecord = new SSHFPRecord();
+    sshfpRecord.rdataFromString(t, null);
+    assertEquals(SSHFPRecord.Algorithm.DSS, sshfpRecord.getAlgorithm());
+    assertEquals(SSHFPRecord.Digest.SHA1, sshfpRecord.getDigestType());
+    assertArrayEquals(base16.fromString("CAFEBABE"), sshfpRecord.getFingerPrint());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/SVCBRecordTest.java b/src/test/java/org/xbill/DNS/SVCBRecordTest.java
new file mode 100644
index 000000000..73726b3e1
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/SVCBRecordTest.java
@@ -0,0 +1,602 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import org.junit.jupiter.api.Test;
+
+public class SVCBRecordTest {
+  @Test
+  @SuppressWarnings("deprecation")
+  void createParams() throws UnknownHostException, TextParseException {
+    List<Integer> mandatoryList = Arrays.asList(SVCBRecord.ALPN, SVCBRecord.IPV4HINT);
+    SVCBRecord.ParameterMandatory mandatory = new SVCBBase.ParameterMandatory(mandatoryList);
+    assertEquals(SVCBRecord.MANDATORY, mandatory.getKey());
+    assertEquals(mandatoryList, mandatory.getValues());
+
+    List<String> alpnList = Arrays.asList("h2", "h3");
+    SVCBRecord.ParameterAlpn alpn = new SVCBRecord.ParameterAlpn(alpnList);
+    assertEquals(SVCBRecord.ALPN, alpn.getKey());
+    assertEquals(alpnList, alpn.getValues());
+
+    SVCBRecord.ParameterPort port = new SVCBBase.ParameterPort(8443);
+    assertEquals(SVCBRecord.PORT, port.getKey());
+    assertEquals(8443, port.getPort());
+
+    List<Inet4Address> ipv4List =
+        Collections.singletonList((Inet4Address) InetAddress.getByName("1.2.3.4"));
+    SVCBRecord.ParameterIpv4Hint ipv4hint = new SVCBRecord.ParameterIpv4Hint(ipv4List);
+    assertEquals(SVCBRecord.IPV4HINT, ipv4hint.getKey());
+    assertEquals(ipv4List, ipv4hint.getAddresses());
+
+    byte[] data = {'a', 'b', 'c'};
+    SVCBBase.ParameterEch ech = new SVCBBase.ParameterEch(data);
+    assertEquals(SVCBRecord.ECH, ech.getKey());
+    assertEquals(data, ech.getData());
+
+    SVCBRecord.ParameterEchConfig echconfig = new SVCBRecord.ParameterEchConfig(data);
+    assertEquals(SVCBRecord.ECHCONFIG, echconfig.getKey());
+    assertEquals(data, echconfig.getData());
+
+    List<Inet6Address> ipv6List =
+        Collections.singletonList((Inet6Address) InetAddress.getByName("2001:db8::1"));
+    SVCBRecord.ParameterIpv6Hint ipv6hint = new SVCBRecord.ParameterIpv6Hint(ipv6List);
+    assertEquals(SVCBRecord.IPV6HINT, ipv6hint.getKey());
+    assertEquals(ipv6List, ipv6hint.getAddresses());
+
+    byte[] value = {0, 1, 2, 3};
+    SVCBRecord.ParameterUnknown unknown = new SVCBRecord.ParameterUnknown(33, value);
+    assertEquals(33, unknown.getKey());
+    assertEquals(value, unknown.getValue());
+  }
+
+  @Test
+  void createRecord() throws IOException {
+    Name label = Name.fromString("test.com.");
+    int svcPriority = 5;
+    Name svcDomain = Name.fromString("svc.test.com.");
+    SVCBRecord.ParameterMandatory mandatory = new SVCBRecord.ParameterMandatory();
+    mandatory.fromString("alpn");
+    SVCBRecord.ParameterAlpn alpn = new SVCBRecord.ParameterAlpn();
+    alpn.fromString("h1,h2");
+    SVCBRecord.ParameterIpv4Hint ipv4 = new SVCBRecord.ParameterIpv4Hint();
+    ipv4.fromString("1.2.3.4,5.6.7.8");
+    List<SVCBRecord.ParameterBase> params = Arrays.asList(mandatory, ipv4, alpn);
+    SVCBRecord svcbRecord = new SVCBRecord(label, DClass.IN, 300, svcPriority, svcDomain, params);
+
+    assertEquals(Type.SVCB, svcbRecord.getType());
+    assertEquals(label, svcbRecord.getName());
+    assertEquals(svcPriority, svcbRecord.getSvcPriority());
+    assertEquals(svcDomain, svcbRecord.getTargetName());
+    assertEquals(
+        Arrays.asList(SVCBRecord.MANDATORY, SVCBRecord.ALPN, SVCBRecord.IPV4HINT).toString(),
+        svcbRecord.getSvcParamKeys().toString());
+    assertEquals("alpn", svcbRecord.getSvcParamValue(SVCBRecord.MANDATORY).toString());
+    assertEquals("h1,h2", svcbRecord.getSvcParamValue(SVCBRecord.ALPN).toString());
+    assertEquals("h1,h2", svcbRecord.getSvcParamValue(SVCBRecord.ALPN).toString());
+    assertNull(svcbRecord.getSvcParamValue(1234));
+    Options.unset("BINDTTL");
+    Options.unset("noPrintIN");
+    assertEquals(
+        "test.com.\t\t300\tIN\tSVCB\t5 svc.test.com. mandatory=alpn alpn=h1,h2 ipv4hint=1.2.3.4,5.6.7.8",
+        svcbRecord.toString());
+  }
+
+  @Test
+  void createRecordDuplicateParam() throws IOException {
+    Name label = Name.fromString("test.com.");
+    Name svcDomain = Name.fromString("svc.test.com.");
+    SVCBRecord.ParameterAlpn alpn = new SVCBRecord.ParameterAlpn();
+    alpn.fromString("h1,h2");
+    SVCBRecord.ParameterIpv4Hint ipv4 = new SVCBRecord.ParameterIpv4Hint();
+    ipv4.fromString("1.2.3.4,5.6.7.8");
+    List<SVCBRecord.ParameterBase> params = Arrays.asList(alpn, ipv4, alpn);
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> new SVCBRecord(label, DClass.IN, 300, 5, svcDomain, params));
+  }
+
+  @Test
+  void aliasMode() throws IOException {
+    String str = "0 a.b.c.";
+    byte[] bytes = stringToWire(str);
+    byte[] expected = new byte[] {0, 0, 1, 'a', 1, 'b', 1, 'c', 0};
+    assertArrayEquals(expected, bytes);
+    assertEquals(str, wireToString(bytes));
+  }
+
+  @Test
+  void serviceModeWithoutParameters() throws IOException {
+    String str = "1 .";
+    byte[] bytes = stringToWire(str);
+    byte[] expected = new byte[] {0, 1, 0};
+    assertArrayEquals(expected, bytes);
+    assertEquals(str, wireToString(bytes));
+  }
+
+  @Test
+  void serviceModePort() throws IOException {
+    String str = "1 . port=8443";
+    byte[] bytes = stringToWire(str);
+    byte[] expected = new byte[] {0, 1, 0, 0, 3, 0, 2, 0x20, (byte) 0xFB};
+    assertArrayEquals(expected, bytes);
+    assertEquals(str, wireToString(bytes));
+  }
+
+  @Test
+  void serviceModeAlpn() throws IOException {
+    String str = "1 . alpn=h3";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeNoDefaultAlpn() throws IOException {
+    String str = "1 . no-default-alpn";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeMultiKey() throws IOException {
+    String str = "1 . alpn=h3 no-default-alpn";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeIntKey() throws IOException {
+    String str = "1 . 1=h3";
+    assertEquals("1 . alpn=h3", stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeMultiValue() throws IOException {
+    String str = "1 . alpn=h2,h3";
+    byte[] bytes = stringToWire(str);
+    byte[] expected = new byte[] {0, 1, 0, 0, 1, 0, 6, 2, 'h', '2', 2, 'h', '3'};
+    assertArrayEquals(expected, bytes);
+    assertEquals(str, wireToString(bytes));
+  }
+
+  @Test
+  void serviceModeQuotedValue() throws IOException {
+    String str = "1 . alpn=\"h2,h3\"";
+    assertEquals("1 . alpn=h2,h3", stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeQuotedEscapedValue() throws IOException {
+    String str = "1 . alpn=\"h2\\,h3,h\\\\4\"";
+    String expectedStr = "1 . alpn=h2\\,h3,h\\\\4";
+    byte[] bytes = stringToWire(str);
+    byte[] expectedBytes =
+        new byte[] {0, 1, 0, 0, 1, 0, 10, 5, 104, 50, 44, 104, 51, 3, 104, '\\', 52};
+    assertArrayEquals(bytes, expectedBytes);
+    assertEquals(expectedStr, wireToString(bytes));
+  }
+
+  @Test
+  void serviceModeAlpnEscapedBytes() throws IOException {
+    String str = "1 . alpn=http/1.1,\\001aa\\003\\b,h2";
+    String expectedStr = "1 . alpn=http/1.1,\\001aa\\003b,h2";
+    byte[] bytes = stringToWire(str);
+    byte[] expectedBytes =
+        new byte[] {
+          0, 1, 0, 0, 1, 0, 18, 8, 104, 116, 116, 112, 47, 49, 46, 49, 5, 1, 97, 97, 3, 98, 2, 104,
+          50
+        };
+    assertArrayEquals(bytes, expectedBytes);
+    assertEquals(expectedStr, wireToString(bytes));
+  }
+
+  @Test
+  void serviceModeMandatoryAndOutOfOrder() throws IOException {
+    String str = "1 . alpn=h3 no-default-alpn mandatory=alpn";
+    assertEquals("1 . mandatory=alpn alpn=h3 no-default-alpn", stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeEscapedDomain() throws IOException {
+    String str = "1 dotty\\.lotty.example.com. no-default-alpn";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeEch() throws IOException {
+    String str = "1 h3pool. ech=1234";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeEchMulti() throws IOException {
+    String str = "1 h3pool. alpn=h2,h3 ech=1234";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeEchOutOfOrder() throws IOException {
+    String str = "1 h3pool. ech=1234 alpn=h2,h3";
+    assertEquals("1 h3pool. alpn=h2,h3 ech=1234", stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeEchQuoted() throws IOException {
+    String str = "1 h3pool. alpn=h2,h3 ech=\"1234\"";
+    assertEquals("1 h3pool. alpn=h2,h3 ech=1234", stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeObsoleteEchConfigName() throws IOException {
+    String str = "1 . echconfig=1234";
+    assertEquals("1 . ech=1234", stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeIpv4Hint() throws IOException {
+    String str = "3 . ipv4hint=4.5.6.7";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeIpv4HintList() throws IOException {
+    String str = "5 . ipv4hint=4.5.6.7,8.9.1.2";
+    byte[] bytes = stringToWire(str);
+    byte[] expected = new byte[] {0, 5, 0, 0, 4, 0, 8, 4, 5, 6, 7, 8, 9, 1, 2};
+    assertArrayEquals(expected, bytes);
+    assertEquals(str, wireToString(bytes));
+  }
+
+  @Test
+  void serviceModeIpv4HintQuoted() throws IOException {
+    String str = "5 . ipv4hint=\"4.5.6.7,8.9.1.2\"";
+    assertEquals("5 . ipv4hint=4.5.6.7,8.9.1.2", stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeIpv4HintMultiKey() throws IOException {
+    String str = "7 . alpn=h2 ipv4hint=4.5.6.7";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeIpv6Hint() throws IOException {
+    String str = "9 . ipv6hint=2001:db8::1";
+    assertEquals("9 . ipv6hint=2001:db8:0:0:0:0:0:1", stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeIpv6HintMulti() throws IOException {
+    String str = "2 . alpn=h2 ipv6hint=2001:db8::1,2001:db8::2";
+    assertEquals(
+        "2 . alpn=h2 ipv6hint=2001:db8:0:0:0:0:0:1,2001:db8:0:0:0:0:0:2",
+        stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeUnknownKey() throws IOException {
+    String str = "6 . key12345=abcdefg\\012";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeUnknownKeyBytes() throws IOException {
+    String str = "8 . key23456=\\000\\001\\002\\003";
+    byte[] bytes = stringToWire(str);
+    byte[] expected = new byte[] {0, 8, 0, 0x5B, (byte) 0xA0, 0, 4, 0, 1, 2, 3};
+    assertArrayEquals(expected, bytes);
+    assertEquals(str, wireToString(bytes));
+  }
+
+  @Test
+  void serviceModeUnknownKeyEscapedChars() throws IOException {
+    String str = "1 . key29=a\\b\\c";
+    assertEquals("1 . key29=abc", stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeUnknownKeyEscapedSlash() throws IOException {
+    String str = "65535 . key29=a\\\\b\\\\c";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeUnknownHighKey() throws IOException {
+    String str = "65535 . key65535=abcdefg";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void serviceModeUnknownKeyNoValue() throws IOException {
+    String str = "65535 . key65535";
+    assertEquals(str, stringToWireToString(str));
+  }
+
+  @Test
+  void masterFormatParsing() throws IOException {
+    String str =
+        "test.net. 86400 IN SOA test.net. test.net. 2020100900 3600 600 604800 300\n"
+            + "test.net. 86400 IN NS ns1.test.net.\n"
+            + "test.net. 300 IN HTTPS 0 www.test.net.\n"
+            + "test.net. 300 IN SVCB 1 . alpn=h2\n"
+            + "test.net. 300 IN HTTPS 1 .\n"
+            + "www.test.net. 300 IN A 1.2.3.4\n";
+    Master m = new Master(new ByteArrayInputStream(str.getBytes()));
+
+    Record r = m.nextRecord();
+    assertEquals(Type.SOA, r.getType());
+    r = m.nextRecord();
+    assertEquals(Type.NS, r.getType());
+    r = m.nextRecord();
+    assertEquals(Type.HTTPS, r.getType());
+    assertEquals("0 www.test.net.", r.rdataToString());
+    r = m.nextRecord();
+    assertEquals(Type.SVCB, r.getType());
+    assertEquals("1 . alpn=h2", r.rdataToString());
+    r = m.nextRecord();
+    assertEquals(Type.HTTPS, r.getType());
+    assertEquals("1 .", r.rdataToString());
+    r = m.nextRecord();
+    assertEquals(Type.A, r.getType());
+    assertEquals("1.2.3.4", r.rdataToString());
+    r = m.nextRecord();
+    assertNull(r);
+  }
+
+  @Test
+  void invalidText() {
+    String str = "these are all garbage strings that should fail";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void extraQuotesInParamValues() {
+    String str = "5 . ipv4hint=\"4.5.6.7\",\"8.9.1.2\"";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void aliasModeWithParameters() {
+    String str = "0 . alpn=h3";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void zeroLengthMandatory() {
+    String str = "1 . mandatory";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void zeroLengthAlpnValue() {
+    String str = "1 . alpn";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void zeroLengthPortValue() {
+    String str = "1 . port";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void zeroLengthIpv4Hint() {
+    String str = "1 . ipv4hint";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void zeroLengthEch() {
+    String str = "1 . ech";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void zeroLengthIpv6Hint() {
+    String str = "1 . ipv6hint";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void emptyKey() {
+    String str = "1 . =1234";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void emptyValue() {
+    String str = "1 . alpn=";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void emptyKeyAndValue() {
+    String str = "1 . =";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void unknownKey() {
+    String str = "1 . sport=8443";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void mandatoryListWithSelf() {
+    String str = "1 . mandatory=alpn,mandatory alpn=h1";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void mandatoryListWithDuplicate() {
+    String str = "1 . mandatory=alpn,ipv4hint,alpn alpn=h1 ipv4hint=1.2.3.4";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void mandatoryListWithMissingParam() {
+    String str = "1 . mandatory=alpn,ipv4hint alpn=h1";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void portValueTooLarge() {
+    String str = "1 . port=84438";
+    assertThrows(IllegalArgumentException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void portValueCharAfterInt() {
+    String str = "1 . port=443a";
+    assertThrows(IllegalArgumentException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void noDefaultAlpnWithValue() {
+    String str = "1 . no-default-alpn=true";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void emptyString() {
+    String str = "";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void svcPriorityTooHigh() {
+    String str = "65536 . port=443";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void invalidPortKey() {
+    String str = "1 . port<5";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void invalidSvcDomain() {
+    String str = "1 fred..harvey port=80";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void duplicateParamKey() {
+    String str = "1 . alpn=h2 alpn=h3";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void invalidIpv4Hint() {
+    String str = "1 . ipv4hint=2001:db8::1";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void invalidIpv6Hint() {
+    String str = "1 . ipv6hint=1.2.3.4";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void negativeSvcPriority() {
+    String str = "-1 . port=80";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void svcParamUnknownKeyTooHigh() {
+    String str = "65535 . key65536=abcdefg";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void svcParamUnknownKeyCharAfterInt() {
+    String str = "65535 . key123a=abcdefg";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void invalidSvcParamKey() {
+    String str = "65535 . keyBlooie=abcdefg";
+    assertThrows(TextParseException.class, () -> stringToWire(str));
+  }
+
+  @Test
+  void wireFormatTooShort() {
+    byte[] wire = new byte[] {0, 1, 0, 0, 1, 0, 10};
+    assertThrows(WireParseException.class, () -> wireToString(wire));
+  }
+
+  @Test
+  void wireFormatTooLong() {
+    byte[] wire = new byte[] {0, 0, 0, 1};
+    assertThrows(WireParseException.class, () -> wireToString(wire));
+  }
+
+  @Test
+  void wireFormatMandatoryTooLong() {
+    byte[] wire = new byte[] {0, 1, 0, 0, 0, 0, 3, 0, 1, 55};
+    assertThrows(WireParseException.class, () -> wireToString(wire));
+  }
+
+  @Test
+  void wireFormatAlpnTooShort() {
+    byte[] wire = new byte[] {0, 1, 0, 0, 1, 0, 3, 10, 1, 55};
+    assertThrows(WireParseException.class, () -> wireToString(wire));
+  }
+
+  @Test
+  void wireFormatNoDefaultAlpnTooLong() {
+    byte[] wire = new byte[] {0, 1, 0, 0, 2, 0, 1, 0};
+    assertThrows(WireParseException.class, () -> wireToString(wire));
+  }
+
+  @Test
+  void wireFormatPortTooLong() {
+    byte[] wire = new byte[] {0, 1, 0, 0, 3, 0, 4, 0, 0, 0, 0};
+    assertThrows(WireParseException.class, () -> wireToString(wire));
+  }
+
+  @Test
+  void wireFormatIpv4HintTooLong() {
+    byte[] wire = new byte[] {0, 1, 0, 0, 4, 0, 5, 1, 2, 3, 4, 5};
+    assertThrows(WireParseException.class, () -> wireToString(wire));
+  }
+
+  @Test
+  void wireFormatIpv6HintTooShort() {
+    byte[] wire = new byte[] {0, 1, 0, 0, 6, 0, 2, 1, 2};
+    assertThrows(WireParseException.class, () -> wireToString(wire));
+  }
+
+  public static byte[] stringToWire(String str) throws IOException {
+    Tokenizer t = new Tokenizer(str);
+    SVCBRecord svcbRecord = new SVCBRecord();
+    svcbRecord.rdataFromString(t, null);
+    DNSOutput out = new DNSOutput();
+    svcbRecord.rrToWire(out, null, true);
+    return out.toByteArray();
+  }
+
+  public static String wireToString(byte[] bytes) throws IOException {
+    DNSInput in = new DNSInput(bytes);
+    SVCBRecord svcbRecord = new SVCBRecord();
+    svcbRecord.rrFromWire(in);
+    return svcbRecord.rdataToString();
+  }
+
+  public static String stringToWireToString(String str) throws IOException {
+    return wireToString(stringToWire(str));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/SectionTest.java b/src/test/java/org/xbill/DNS/SectionTest.java
index 972c58305..00947467a 100644
--- a/src/test/java/org/xbill/DNS/SectionTest.java
+++ b/src/test/java/org/xbill/DNS/SectionTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -41,7 +42,7 @@
 
 class SectionTest {
   @Test
-  void test_string() {
+  void string() {
     // a regular one
     assertEquals("au", Section.string(Section.AUTHORITY));
 
@@ -52,7 +53,7 @@ void test_string() {
   }
 
   @Test
-  void test_value() {
+  void value() {
     // regular one
     assertEquals(Section.ADDITIONAL, Section.value("ad"));
 
@@ -64,7 +65,7 @@ void test_value() {
   }
 
   @Test
-  void test_longString() {
+  void longString() {
     assertEquals("ADDITIONAL RECORDS", Section.longString(Section.ADDITIONAL));
 
     try {
@@ -78,7 +79,7 @@ void test_longString() {
   }
 
   @Test
-  void test_updString() {
+  void updString() {
     assertEquals("ZONE", Section.updString(Section.ZONE));
 
     try {
diff --git a/src/test/java/org/xbill/DNS/SerialTest.java b/src/test/java/org/xbill/DNS/SerialTest.java
index 81bf87786..99fbbfbbf 100644
--- a/src/test/java/org/xbill/DNS/SerialTest.java
+++ b/src/test/java/org/xbill/DNS/SerialTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -42,35 +43,35 @@
 
 class SerialTest {
   @Test
-  void test_compare_NegativeArg1() {
+  void compare_NegativeArg1() {
     long arg1 = -1;
     long arg2 = 1;
     assertThrows(IllegalArgumentException.class, () -> Serial.compare(arg1, arg2));
   }
 
   @Test
-  void test_compare_OOBArg1() {
+  void compare_OOBArg1() {
     long arg1 = 0xFFFFFFFFL + 1;
     long arg2 = 1;
     assertThrows(IllegalArgumentException.class, () -> Serial.compare(arg1, arg2));
   }
 
   @Test
-  void test_compare_NegativeArg2() {
+  void compare_NegativeArg2() {
     long arg1 = 1;
     long arg2 = -1;
     assertThrows(IllegalArgumentException.class, () -> Serial.compare(arg1, arg2));
   }
 
   @Test
-  void test_compare_OOBArg2() {
+  void compare_OOBArg2() {
     long arg1 = 1;
     long arg2 = 0xFFFFFFFFL + 1;
     assertThrows(IllegalArgumentException.class, () -> Serial.compare(arg1, arg2));
   }
 
   @Test
-  void test_compare_Arg1Greater() {
+  void compare_Arg1Greater() {
     long arg1 = 10;
     long arg2 = 9;
     int ret = Serial.compare(arg1, arg2);
@@ -78,7 +79,7 @@ void test_compare_Arg1Greater() {
   }
 
   @Test
-  void test_compare_Arg2Greater() {
+  void compare_Arg2Greater() {
     long arg1 = 9;
     long arg2 = 10;
     int ret = Serial.compare(arg1, arg2);
@@ -86,7 +87,7 @@ void test_compare_Arg2Greater() {
   }
 
   @Test
-  void test_compare_ArgsEqual() {
+  void compare_ArgsEqual() {
     long arg1 = 10;
     long arg2 = 10;
     int ret = Serial.compare(arg1, arg2);
@@ -94,7 +95,7 @@ void test_compare_ArgsEqual() {
   }
 
   @Test
-  void test_compare_boundary() {
+  void compare_boundary() {
     long arg1 = 0xFFFFFFFFL;
     long arg2 = 0;
     int ret = Serial.compare(arg1, arg2);
@@ -104,26 +105,26 @@ void test_compare_boundary() {
   }
 
   @Test
-  void test_increment_NegativeArg() {
+  void increment_NegativeArg() {
     long arg = -1;
     assertThrows(IllegalArgumentException.class, () -> Serial.increment(arg));
   }
 
   @Test
-  void test_increment_OOBArg() {
+  void increment_OOBArg() {
     long arg = 0xFFFFFFFFL + 1;
     assertThrows(IllegalArgumentException.class, () -> Serial.increment(arg));
   }
 
   @Test
-  void test_increment_reset() {
+  void increment_reset() {
     long arg = 0xFFFFFFFFL;
     long ret = Serial.increment(arg);
-    assertEquals(0, ret);
+    assertEquals(1, ret);
   }
 
   @Test
-  void test_increment_normal() {
+  void increment_normal() {
     long arg = 10;
     long ret = Serial.increment(arg);
     assertEquals(arg + 1, ret);
diff --git a/src/test/java/org/xbill/DNS/SetResponseTest.java b/src/test/java/org/xbill/DNS/SetResponseTest.java
index 76d9d89e6..2f91302ad 100644
--- a/src/test/java/org/xbill/DNS/SetResponseTest.java
+++ b/src/test/java/org/xbill/DNS/SetResponseTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -44,161 +45,140 @@
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.EnumSource;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class SetResponseTest {
-  @Test
-  void test_ctor_1arg() {
-    final int[] types =
-        new int[] {
-          SetResponse.UNKNOWN,
-          SetResponse.NXDOMAIN,
-          SetResponse.NXRRSET,
-          SetResponse.DELEGATION,
-          SetResponse.CNAME,
-          SetResponse.DNAME,
-          SetResponse.SUCCESSFUL
-        };
-
-    for (int type : types) {
-      SetResponse sr = new SetResponse(type);
-      assertNull(sr.getNS());
-      assertEquals(type == SetResponse.UNKNOWN, sr.isUnknown());
-      assertEquals(type == SetResponse.NXDOMAIN, sr.isNXDOMAIN());
-      assertEquals(type == SetResponse.NXRRSET, sr.isNXRRSET());
-      assertEquals(type == SetResponse.DELEGATION, sr.isDelegation());
-      assertEquals(type == SetResponse.CNAME, sr.isCNAME());
-      assertEquals(type == SetResponse.DNAME, sr.isDNAME());
-      assertEquals(type == SetResponse.SUCCESSFUL, sr.isSuccessful());
-    }
-  }
-
-  @Test
-  void test_ctor_1arg_toosmall() {
-    assertThrows(IllegalArgumentException.class, () -> new SetResponse(-1));
-  }
-
-  @Test
-  void test_ctor_1arg_toobig() {
-    assertThrows(IllegalArgumentException.class, () -> new SetResponse(7));
-  }
-
-  @Test
-  void test_ctor_2arg() {
-    final int[] types =
-        new int[] {
-          SetResponse.UNKNOWN,
-          SetResponse.NXDOMAIN,
-          SetResponse.NXRRSET,
-          SetResponse.DELEGATION,
-          SetResponse.CNAME,
-          SetResponse.DNAME,
-          SetResponse.SUCCESSFUL
-        };
-
-    for (int type : types) {
-      RRset rs = new RRset();
-      SetResponse sr = new SetResponse(type, rs);
-      assertSame(rs, sr.getNS());
-      assertEquals(type == SetResponse.UNKNOWN, sr.isUnknown());
-      assertEquals(type == SetResponse.NXDOMAIN, sr.isNXDOMAIN());
-      assertEquals(type == SetResponse.NXRRSET, sr.isNXRRSET());
-      assertEquals(type == SetResponse.DELEGATION, sr.isDelegation());
-      assertEquals(type == SetResponse.CNAME, sr.isCNAME());
-      assertEquals(type == SetResponse.DNAME, sr.isDNAME());
-      assertEquals(type == SetResponse.SUCCESSFUL, sr.isSuccessful());
-    }
-  }
-
-  @Test
-  void test_ctor_2arg_toosmall() {
-    assertThrows(IllegalArgumentException.class, () -> new SetResponse(-1, new RRset()));
-  }
-
-  @Test
-  void test_ctor_2arg_toobig() {
-    assertThrows(IllegalArgumentException.class, () -> new SetResponse(7, new RRset()));
-  }
-
-  @Test
-  void test_ofType_basic() {
-    final int[] types =
-        new int[] {
-          SetResponse.DELEGATION, SetResponse.CNAME, SetResponse.DNAME, SetResponse.SUCCESSFUL
-        };
-
-    for (int type : types) {
-      SetResponse sr = SetResponse.ofType(type);
-      assertNull(sr.getNS());
-      assertEquals(type == SetResponse.UNKNOWN, sr.isUnknown());
-      assertEquals(type == SetResponse.NXDOMAIN, sr.isNXDOMAIN());
-      assertEquals(type == SetResponse.NXRRSET, sr.isNXRRSET());
-      assertEquals(type == SetResponse.DELEGATION, sr.isDelegation());
-      assertEquals(type == SetResponse.CNAME, sr.isCNAME());
-      assertEquals(type == SetResponse.DNAME, sr.isDNAME());
-      assertEquals(type == SetResponse.SUCCESSFUL, sr.isSuccessful());
+  private static final ARecord A_RECORD_1 =
+      new ARecord(
+          Name.fromConstantString("The.Name."),
+          DClass.IN,
+          0xABCD,
+          new byte[] {(byte) 192, (byte) 168, 0, 1});
+  private static final ARecord A_RECORD_2 =
+      new ARecord(
+          Name.fromConstantString("The.Name."),
+          DClass.IN,
+          0xABCD,
+          new byte[] {(byte) 192, (byte) 168, 0, 2});
+
+  @ParameterizedTest
+  @EnumSource(value = SetResponseType.class)
+  void ctor_1arg(SetResponseType type) {
+    SetResponse sr = SetResponse.ofType(type);
+    assertNull(sr.getNS());
+    assertEquals(type == SetResponseType.UNKNOWN, sr.isUnknown());
+    assertEquals(type == SetResponseType.NXDOMAIN, sr.isNXDOMAIN());
+    assertEquals(type == SetResponseType.NXRRSET, sr.isNXRRSET());
+    assertEquals(type == SetResponseType.DELEGATION, sr.isDelegation());
+    assertEquals(type == SetResponseType.CNAME, sr.isCNAME());
+    assertEquals(type == SetResponseType.DNAME, sr.isDNAME());
+    assertEquals(type == SetResponseType.SUCCESSFUL, sr.isSuccessful());
+  }
+
+  @ParameterizedTest
+  @EnumSource(
+      value = SetResponseType.class,
+      names = {
+        "DELEGATION",
+        "CNAME",
+        "DNAME",
+        "SUCCESSFUL",
+      })
+  void ofType_basic(SetResponseType type) {
+    RRset rs = new RRset();
+    SetResponse sr = SetResponse.ofType(type, rs);
+    assertSame(rs, sr.getNS());
+    assertEquals(type == SetResponseType.DELEGATION, sr.isDelegation());
+    assertEquals(type == SetResponseType.CNAME, sr.isCNAME());
+    assertEquals(type == SetResponseType.DNAME, sr.isDNAME());
+    assertEquals(type == SetResponseType.SUCCESSFUL, sr.isSuccessful());
+
+    SetResponse sr2 = SetResponse.ofType(type, rs);
+    assertNotSame(sr, sr2);
+  }
+
+  @ParameterizedTest
+  @EnumSource(
+      value = SetResponseType.class,
+      names = {
+        "UNKNOWN",
+        "NXDOMAIN",
+        "NXRRSET",
+      })
+  void ofType_singleton(SetResponseType type) {
+    SetResponse sr = SetResponse.ofType(type);
+    assertNull(sr.getNS());
+    assertEquals(type == SetResponseType.UNKNOWN, sr.isUnknown());
+    assertEquals(type == SetResponseType.NXDOMAIN, sr.isNXDOMAIN());
+    assertEquals(type == SetResponseType.NXRRSET, sr.isNXRRSET());
+    assertThrows(IllegalStateException.class, () -> sr.addRRset(new RRset()));
+
+    SetResponse sr2 = SetResponse.ofType(type);
+    assertSame(sr, sr2);
+  }
+
+  @Test
+  void addRRset() {
+    RRset rrs = new RRset();
+    rrs.addRR(A_RECORD_1);
+    rrs.addRR(A_RECORD_2);
+    SetResponse sr = SetResponse.ofType(SetResponseType.SUCCESSFUL, rrs);
 
-      SetResponse sr2 = SetResponse.ofType(type);
-      assertNotSame(sr, sr2);
-    }
+    RRset[] exp = new RRset[] {rrs};
+    assertArrayEquals(exp, sr.answers().toArray());
   }
 
-  @Test
-  void test_ofType_singleton() {
-    final int[] types = new int[] {SetResponse.UNKNOWN, SetResponse.NXDOMAIN, SetResponse.NXRRSET};
-
-    for (int type : types) {
-      SetResponse sr = SetResponse.ofType(type);
-      assertNull(sr.getNS());
-      assertEquals(type == SetResponse.UNKNOWN, sr.isUnknown());
-      assertEquals(type == SetResponse.NXDOMAIN, sr.isNXDOMAIN());
-      assertEquals(type == SetResponse.NXRRSET, sr.isNXRRSET());
-      assertEquals(type == SetResponse.DELEGATION, sr.isDelegation());
-      assertEquals(type == SetResponse.CNAME, sr.isCNAME());
-      assertEquals(type == SetResponse.DNAME, sr.isDNAME());
-      assertEquals(type == SetResponse.SUCCESSFUL, sr.isSuccessful());
-
-      SetResponse sr2 = SetResponse.ofType(type);
-      assertSame(sr, sr2);
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void ofTypeWithCachedRRset(boolean isAuthenticated) {
+    SetResponse sr =
+        SetResponse.ofType(
+            SetResponseType.SUCCESSFUL,
+            new Cache.CacheRRset(new RRset(A_RECORD_1), 0, 0, isAuthenticated));
+    assertEquals(isAuthenticated, sr.isAuthenticated());
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "false,true,true,true,true",
+    "false,false,true,false,false",
+    "true,true,false,true,false",
+    "true,false,false,false,false",
+  })
+  void addRRsetAuthenticated(
+      boolean addInitial,
+      boolean first,
+      boolean second,
+      boolean firstResult,
+      boolean secondResult) {
+    RRset rrs = new RRset(A_RECORD_1);
+    SetResponse sr;
+    if (addInitial) {
+      sr = SetResponse.ofType(SetResponseType.SUCCESSFUL, rrs, first);
+    } else {
+      sr = SetResponse.ofType(SetResponseType.SUCCESSFUL);
+      sr.addRRset(new Cache.CacheRRset(rrs, 0, 0, first));
     }
-  }
-
-  @Test
-  void test_ofType_toosmall() {
-    assertThrows(IllegalArgumentException.class, () -> SetResponse.ofType(-1));
-  }
-
-  @Test
-  void test_ofType_toobig() {
-    assertThrows(IllegalArgumentException.class, () -> SetResponse.ofType(7));
-  }
-
-  @Test
-  void test_addRRset() throws TextParseException, UnknownHostException {
-    RRset<ARecord> rrs = new RRset<>();
-    rrs.addRR(
-        new ARecord(
-            Name.fromString("The.Name."), DClass.IN, 0xABCD, InetAddress.getByName("192.168.0.1")));
-    rrs.addRR(
-        new ARecord(
-            Name.fromString("The.Name."), DClass.IN, 0xABCD, InetAddress.getByName("192.168.0.2")));
-    SetResponse sr = new SetResponse(SetResponse.SUCCESSFUL);
-    sr.addRRset(rrs);
 
     RRset[] exp = new RRset[] {rrs};
     assertArrayEquals(exp, sr.answers().toArray());
+    assertEquals(firstResult, sr.isAuthenticated());
+
+    sr.addRRset(new Cache.CacheRRset(new RRset(A_RECORD_1), 0, 0, second));
+    assertEquals(secondResult, sr.isAuthenticated());
+    assertEquals(2, sr.answers().size());
   }
 
   @Test
-  void test_addRRset_multiple() throws TextParseException, UnknownHostException {
-    RRset<ARecord> rrs = new RRset<>();
-    rrs.addRR(
-        new ARecord(
-            Name.fromString("The.Name."), DClass.IN, 0xABCD, InetAddress.getByName("192.168.0.1")));
-    rrs.addRR(
-        new ARecord(
-            Name.fromString("The.Name."), DClass.IN, 0xABCD, InetAddress.getByName("192.168.0.2")));
+  void addRRset_multiple() throws TextParseException, UnknownHostException {
+    RRset rrs = new RRset();
+    rrs.addRR(A_RECORD_1);
+    rrs.addRR(A_RECORD_2);
 
-    RRset<ARecord> rrs2 = new RRset<>();
+    RRset rrs2 = new RRset();
     rrs2.addRR(
         new ARecord(
             Name.fromString("The.Other.Name."),
@@ -212,7 +192,7 @@ void test_addRRset_multiple() throws TextParseException, UnknownHostException {
             0xABCE,
             InetAddress.getByName("192.168.1.2")));
 
-    SetResponse sr = new SetResponse(SetResponse.SUCCESSFUL);
+    SetResponse sr = SetResponse.ofType(SetResponseType.SUCCESSFUL);
     sr.addRRset(rrs);
     sr.addRRset(rrs2);
 
@@ -221,64 +201,41 @@ void test_addRRset_multiple() throws TextParseException, UnknownHostException {
   }
 
   @Test
-  void test_answers_nonSUCCESSFUL() {
-    SetResponse sr = new SetResponse(SetResponse.UNKNOWN, new RRset());
+  void answers_nonSUCCESSFUL() {
+    SetResponse sr = SetResponse.ofType(SetResponseType.UNKNOWN, new RRset());
     assertNull(sr.answers());
   }
 
   @Test
-  void test_getCNAME() throws TextParseException {
-    RRset<CNAMERecord> rrs = new RRset<>();
+  void getCNAME() throws TextParseException {
     CNAMERecord cr =
         new CNAMERecord(
             Name.fromString("The.Name."), DClass.IN, 0xABCD, Name.fromString("The.Alias."));
-    rrs.addRR(cr);
-    SetResponse sr = new SetResponse(SetResponse.CNAME, rrs);
+    RRset rrs = new RRset(cr);
+    SetResponse sr = SetResponse.ofType(SetResponseType.CNAME, rrs);
     assertEquals(cr, sr.getCNAME());
   }
 
   @Test
-  void test_getDNAME() throws TextParseException {
-    RRset<DNAMERecord> rrs = new RRset<>();
+  void getDNAME() throws TextParseException {
     DNAMERecord dr =
         new DNAMERecord(
             Name.fromString("The.Name."), DClass.IN, 0xABCD, Name.fromString("The.Alias."));
-    rrs.addRR(dr);
-    SetResponse sr = new SetResponse(SetResponse.DNAME, rrs);
+    RRset rrs = new RRset(dr);
+    SetResponse sr = SetResponse.ofType(SetResponseType.DNAME, rrs);
     assertEquals(dr, sr.getDNAME());
   }
 
-  @Test
-  void test_toString() throws TextParseException, UnknownHostException {
-    final int[] types =
-        new int[] {
-          SetResponse.UNKNOWN,
-          SetResponse.NXDOMAIN,
-          SetResponse.NXRRSET,
-          SetResponse.DELEGATION,
-          SetResponse.CNAME,
-          SetResponse.DNAME,
-          SetResponse.SUCCESSFUL
-        };
-    RRset<ARecord> rrs = new RRset<>();
-    rrs.addRR(
-        new ARecord(
-            Name.fromString("The.Name."), DClass.IN, 0xABCD, InetAddress.getByName("192.168.0.1")));
-
-    final String[] labels =
-        new String[] {
-          "unknown",
-          "NXDOMAIN",
-          "NXRRSET",
-          "delegation: " + rrs,
-          "CNAME: " + rrs,
-          "DNAME: " + rrs,
-          "successful"
-        };
+  @ParameterizedTest
+  @EnumSource(SetResponseType.class)
+  void test_toString(SetResponseType type) {
+    RRset rrs = new RRset(A_RECORD_1);
 
-    for (int i = 0; i < types.length; ++i) {
-      SetResponse sr = new SetResponse(types[i], rrs);
-      assertEquals(labels[i], sr.toString());
+    SetResponse sr = SetResponse.ofType(type, rrs);
+    if (type.isPrintRecords()) {
+      assertEquals(type + ": " + rrs, sr.toString());
+    } else {
+      assertEquals(type.toString(), sr.toString());
     }
   }
 }
diff --git a/src/test/java/org/xbill/DNS/SimpleResolverDeniedTest.java b/src/test/java/org/xbill/DNS/SimpleResolverDeniedTest.java
new file mode 100644
index 000000000..338d3069b
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/SimpleResolverDeniedTest.java
@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.time.Duration;
+import java.util.concurrent.CompletableFuture;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.io.IoClientFactory;
+import org.xbill.DNS.io.TcpIoClient;
+import org.xbill.DNS.io.UdpIoClient;
+
+class SimpleResolverDeniedTest {
+
+  @Test
+  void emptyResponseShouldThrowWireParseException() throws IOException {
+
+    Name zone = Name.fromString("example.");
+    Message query = Message.newUpdate(zone);
+    Record cnameRecord =
+        new CNAMERecord(Name.fromString("www", zone), DClass.IN, 300, Name.fromString("example."));
+    query.addRecord(cnameRecord, Section.UPDATE);
+
+    SimpleResolver simpleResolver = new SimpleResolver("127.0.0.1");
+    simpleResolver.setIoClientFactory(
+        new IoClientFactory() {
+          @Override
+          public TcpIoClient createOrGetTcpClient() {
+            return null;
+          }
+
+          @Override
+          public UdpIoClient createOrGetUdpClient() {
+            UdpIoClient udpMock = mock(NioUdpClient.class);
+            when(udpMock.sendAndReceiveUdp(
+                    any(),
+                    any(InetSocketAddress.class),
+                    any(Message.class),
+                    any(byte[].class),
+                    anyInt(),
+                    any(Duration.class)))
+                .thenAnswer(
+                    a -> {
+                      Message qparsed = new Message(a.<byte[]>getArgument(3));
+
+                      int id = qparsed.getHeader().getID();
+                      Message response = new Message(id);
+                      response.getHeader().setRcode(Rcode.REFUSED);
+                      byte[] rbytes = response.toWire(Message.MAXLENGTH);
+
+                      // This was the exact format returned by denying server
+                      assertArrayEquals(
+                          rbytes,
+                          new byte[] {(byte) (id >>> 8), (byte) id, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0});
+
+                      CompletableFuture<byte[]> f = new CompletableFuture<>();
+                      f.complete(rbytes);
+                      return f;
+                    });
+            return udpMock;
+          }
+        });
+
+    assertThrows(WireParseException.class, () -> simpleResolver.send(query));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/SingleCompressedNameBaseTest.java b/src/test/java/org/xbill/DNS/SingleCompressedNameBaseTest.java
index 48be23569..5ce90f773 100644
--- a/src/test/java/org/xbill/DNS/SingleCompressedNameBaseTest.java
+++ b/src/test/java/org/xbill/DNS/SingleCompressedNameBaseTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -54,15 +55,10 @@ private static class TestClass extends SingleCompressedNameBase {
     public Name getSingleName() {
       return super.getSingleName();
     }
-
-    @Override
-    public Record getObject() {
-      return null;
-    }
   }
 
   @Test
-  void test_ctor() throws TextParseException {
+  void ctor() throws TextParseException {
     TestClass tc = new TestClass();
     assertNull(tc.getSingleName());
 
@@ -79,7 +75,7 @@ void test_ctor() throws TextParseException {
   }
 
   @Test
-  void test_rrToWire() throws IOException {
+  void rrToWire() throws IOException {
     Name n = Name.fromString("my.name.");
     Name sn = Name.fromString("My.Single.Name.");
 
diff --git a/src/test/java/org/xbill/DNS/SingleNameBaseTest.java b/src/test/java/org/xbill/DNS/SingleNameBaseTest.java
index 38d193eec..b12351718 100644
--- a/src/test/java/org/xbill/DNS/SingleNameBaseTest.java
+++ b/src/test/java/org/xbill/DNS/SingleNameBaseTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -59,15 +60,10 @@ private static class TestClass extends SingleNameBase {
     public Name getSingleName() {
       return super.getSingleName();
     }
-
-    @Override
-    public Record getObject() {
-      return null;
-    }
   }
 
   @Test
-  void test_ctor() throws TextParseException {
+  void ctor() throws TextParseException {
     TestClass tc = new TestClass();
     assertNull(tc.getSingleName());
 
@@ -91,7 +87,7 @@ void test_ctor() throws TextParseException {
   }
 
   @Test
-  void test_rrFromWire() throws IOException {
+  void rrFromWire() throws IOException {
     byte[] raw =
         new byte[] {2, 'm', 'y', 6, 's', 'i', 'n', 'g', 'l', 'e', 4, 'n', 'a', 'm', 'e', 0};
     DNSInput in = new DNSInput(raw);
@@ -104,7 +100,7 @@ void test_rrFromWire() throws IOException {
   }
 
   @Test
-  void test_rdataFromString() throws IOException {
+  void rdataFromString() throws IOException {
     Name exp = Name.fromString("my.single.name.");
 
     Tokenizer t = new Tokenizer("my.single.name.");
@@ -118,7 +114,7 @@ void test_rdataFromString() throws IOException {
   }
 
   @Test
-  void test_rrToString() throws IOException {
+  void rrToString() throws IOException {
     Name exp = Name.fromString("my.single.name.");
 
     Tokenizer t = new Tokenizer("my.single.name.");
@@ -131,7 +127,7 @@ void test_rrToString() throws IOException {
   }
 
   @Test
-  void test_rrToWire() throws IOException {
+  void rrToWire() throws IOException {
     Name n = Name.fromString("my.name.");
     Name sn = Name.fromString("My.Single.Name.");
 
diff --git a/src/test/java/org/xbill/DNS/TKEYRecordTest.java b/src/test/java/org/xbill/DNS/TKEYRecordTest.java
index 10636c435..bae1c8343 100644
--- a/src/test/java/org/xbill/DNS/TKEYRecordTest.java
+++ b/src/test/java/org/xbill/DNS/TKEYRecordTest.java
@@ -1,15 +1,15 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
-import java.io.IOException;
 import org.junit.jupiter.api.Test;
 
 class TKEYRecordTest {
 
   @Test
-  void rdataFromString() throws IOException {
+  void rdataFromString() {
     TextParseException thrown =
         assertThrows(
             TextParseException.class,
diff --git a/src/test/java/org/xbill/DNS/TLSARecordTest.java b/src/test/java/org/xbill/DNS/TLSARecordTest.java
index e8bbe34a8..4a8e0f39e 100644
--- a/src/test/java/org/xbill/DNS/TLSARecordTest.java
+++ b/src/test/java/org/xbill/DNS/TLSARecordTest.java
@@ -1,22 +1,65 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.IOException;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.xbill.DNS.utils.base16;
 
 class TLSARecordTest {
+  @ParameterizedTest
+  @ValueSource(strings = {"CAFE", "CAFE CAFFEE"})
+  void rdataFromString(String rdata) throws IOException {
+    try (Tokenizer t = new Tokenizer("0 0 1 " + rdata)) {
+      TLSARecord tlsaRecord = new TLSARecord();
+      tlsaRecord.rdataFromString(t, null);
+      assertEquals(TLSARecord.CertificateUsage.CA_CONSTRAINT, tlsaRecord.getCertificateUsage());
+      assertEquals(TLSARecord.MatchingType.SHA256, tlsaRecord.getMatchingType());
+      assertEquals(TLSARecord.Selector.FULL_CERTIFICATE, tlsaRecord.getSelector());
+      assertArrayEquals(base16.fromString(rdata), tlsaRecord.getCertificateAssociationData());
+    }
+  }
+
+  @Test
+  void emptyAssociationDataFromWire() {
+    TLSARecord tlsaRecord = new TLSARecord();
+    DNSInput in = new DNSInput(new byte[] {0, 0, 1});
+    assertThrows(WireParseException.class, () -> tlsaRecord.rrFromWire(in));
+  }
+
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        "",
+        "0 0 1",
+        "0 0 1 CAFEBABEZ",
+        "0 0 1 CAFEBABEZ-",
+        "0 0 1 A",
+        "3 1 1 0D6FCE13243AA-"
+      })
+  void invalidRdataFromString(String rdata) {
+    try (Tokenizer t = new Tokenizer(rdata)) {
+      TLSARecord tlsaRecord = new TLSARecord();
+      assertThrows(TextParseException.class, () -> tlsaRecord.rdataFromString(t, null));
+    }
+  }
+
+  @Test
+  void emptyAssociationDataConstruction() {
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> new TLSARecord(Name.root, DClass.IN, 3600, 0, 0, 1, new byte[0]));
+  }
 
   @Test
-  void rdataFromString() throws IOException {
-    Tokenizer t = new Tokenizer("(0 0 1 CAFEBABE)");
-    TLSARecord record = new TLSARecord();
-    record.rdataFromString(t, null);
-    assertEquals(TLSARecord.CertificateUsage.CA_CONSTRAINT, record.getCertificateUsage());
-    assertEquals(TLSARecord.MatchingType.SHA256, record.getMatchingType());
-    assertEquals(TLSARecord.Selector.FULL_CERTIFICATE, record.getSelector());
-    assertArrayEquals(base16.fromString("CAFEBABE"), record.getCertificateAssociationData());
+  void nullAssociationDataConstruction() {
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> new TLSARecord(Name.root, DClass.IN, 3600, 0, 0, 1, null));
   }
 }
diff --git a/src/test/java/org/xbill/DNS/TSIGRecordTest.java b/src/test/java/org/xbill/DNS/TSIGRecordTest.java
new file mode 100644
index 000000000..90e8a9efd
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/TSIGRecordTest.java
@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.time.Duration;
+import java.time.Instant;
+import org.junit.jupiter.api.Test;
+
+class TSIGRecordTest {
+  @Test
+  void testTsigToStringFudge() {
+    TSIGRecord r =
+        new TSIGRecord(
+            Name.root,
+            DClass.IN,
+            60,
+            TSIG.HMAC_MD5,
+            Instant.ofEpochSecond(1),
+            Duration.ofSeconds(5),
+            new byte[16],
+            1,
+            0,
+            null);
+    assertEquals(
+        "HMAC-MD5.SIG-ALG.REG.INT. 1 5 16 AAAAAAAAAAAAAAAAAAAAAA== NOERROR 0", r.rrToString());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/TSIGTest.java b/src/test/java/org/xbill/DNS/TSIGTest.java
index af63a02af..416e87477 100644
--- a/src/test/java/org/xbill/DNS/TSIGTest.java
+++ b/src/test/java/org/xbill/DNS/TSIGTest.java
@@ -1,89 +1,703 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 import java.io.IOException;
+import java.lang.reflect.Field;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.nio.ByteBuffer;
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+import java.time.ZoneId;
+import java.util.AbstractMap;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.Executor;
+import javax.crypto.spec.SecretKeySpec;
+import lombok.Getter;
+import org.apache.commons.io.IOUtils;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.xbill.DNS.TSIG.StreamGenerator;
+import org.xbill.DNS.io.IoClientFactory;
+import org.xbill.DNS.io.TcpIoClient;
+import org.xbill.DNS.io.UdpIoClient;
+import org.xbill.DNS.utils.base64;
 
 class TSIGTest {
+  private final TSIG defaultKey = new TSIG(TSIG.HMAC_SHA256, "example.", "12345678");
+
   @Test
-  void test_TSIG_query() throws IOException {
-    TSIG key = new TSIG(TSIG.HMAC_SHA256, "example.", "12345678");
+  void signedQuery() throws IOException {
+    Record question = Record.newRecord(Name.fromString("www.example."), Type.A, DClass.IN);
+    Message query = Message.newQuery(question);
+    query.setTSIG(defaultKey);
+    byte[] qbytes = query.toWire(512);
+    assertEquals(1, qbytes[11]);
 
-    Name qname = Name.fromString("www.example.");
-    Record rec = Record.newRecord(qname, Type.A, DClass.IN);
+    Message qparsed = new Message(qbytes);
+    int result = defaultKey.verify(qparsed, qbytes, null);
+    assertEquals(Rcode.NOERROR, result);
+    assertTrue(qparsed.isSigned());
+    assertTrue(qparsed.isVerified());
+  }
+
+  /**
+   * Check all the string algorithm names defined in the javadoc. Confirm that java names also
+   * allowed, even though undocumented. This is to conserve backwards compatibility.
+   */
+  @ParameterizedTest
+  @CsvSource({
+    "hmac-md5,16",
+    "hmac-md5.sig-alg.reg.int.,16",
+    "hmac-sha1,20",
+    "hmac-sha224,28",
+    "hmac-sha256,32",
+    "hmac-sha256.,32",
+    "hmac-sha256-128,16",
+    "hmac-sha384,48",
+    "hmac-sha384-192,24",
+    "hmac-sha512,64",
+    "hmac-sha512-256,32",
+    // Java names
+    "HmacMD5,16",
+    "HmacSHA1,20",
+    "HmacSHA256,32",
+    "HmacSHA256/128,16",
+    "hmacsha256/128,16",
+  })
+  void queryStringAlg(String alg, int signatureLengthBytes) throws IOException {
+    TSIG key = new TSIG(alg, "example.", "12345678");
+
+    Record rec = Record.newRecord(Name.fromString("www.example."), Type.A, DClass.IN);
     Message msg = Message.newQuery(rec);
-    msg.setTSIG(key, Rcode.NOERROR, null);
+    msg.setTSIG(key);
     byte[] bytes = msg.toWire(512);
-    assertEquals(bytes[11], 1);
+    assertEquals(1, bytes[11]);
 
     Message parsed = new Message(bytes);
     int result = key.verify(parsed, bytes, null);
-    assertEquals(result, Rcode.NOERROR);
+    assertEquals(Rcode.NOERROR, result);
     assertTrue(parsed.isSigned());
+    assertTrue(parsed.isVerified());
+    assertThat(parsed.getTSIG().getSignature()).hasSize(signatureLengthBytes);
+  }
+
+  /** Confirm error thrown with illegal algorithm name. */
+  @Test
+  void queryStringAlgError() {
+    assertThrows(
+        IllegalArgumentException.class, () -> new TSIG("randomalg", "example.", "12345678"));
   }
 
   @Test
-  void test_TSIG_response() throws IOException {
-    TSIG key = new TSIG(TSIG.HMAC_SHA256, "example.", "12345678");
+  void queryIsLastAddMessageRecord() throws IOException {
+    Record rec = Record.newRecord(Name.fromString("www.example."), Type.A, DClass.IN);
+    OPTRecord opt = new OPTRecord(SimpleResolver.DEFAULT_EDNS_PAYLOADSIZE, 0, 0, 0);
+    Message msg = Message.newQuery(rec);
+    msg.setTSIG(defaultKey);
+    msg.addRecord(opt, Section.ADDITIONAL);
+    byte[] bytes = msg.toWire(512);
+    assertEquals(2, bytes[11]); // additional RR count, lower byte
+
+    Message parsed = new Message(bytes);
+    List<Record> additionalSection = parsed.getSection(Section.ADDITIONAL);
+    assertEquals(Type.string(Type.OPT), Type.string(additionalSection.get(0).getType()));
+    assertEquals(Type.string(Type.TSIG), Type.string(additionalSection.get(1).getType()));
+    int result = defaultKey.verify(parsed, bytes, null);
+    assertEquals(Rcode.NOERROR, result);
+    assertTrue(parsed.isSigned());
+    assertTrue(parsed.isVerified());
+  }
+
+  @Test
+  void queryAndTsigApplyMisbehaves() throws IOException {
+    Record rec = Record.newRecord(Name.fromString("www.example.com."), Type.A, DClass.IN);
+    OPTRecord opt = new OPTRecord(SimpleResolver.DEFAULT_EDNS_PAYLOADSIZE, 0, 0, 0);
+    Message msg = Message.newQuery(rec);
+    msg.addRecord(opt, Section.ADDITIONAL);
+    assertFalse(msg.isSigned());
+    assertFalse(msg.isVerified());
 
+    defaultKey.apply(msg, null); // additional RR count, lower byte
+    byte[] bytes = msg.toWire(Message.MAXLENGTH);
+
+    assertThrows(WireParseException.class, () -> new Message(bytes), "Expected TSIG error");
+  }
+
+  @Test
+  void tsigInQueryIsLastViaResolver() throws IOException {
+    SimpleResolver res =
+        new SimpleResolver("127.0.0.1") {
+          @Override
+          CompletableFuture<Message> sendAsync(Message query, boolean forceTcp, Executor executor) {
+            byte[] out = query.toWire(Message.MAXLENGTH);
+            try {
+              return CompletableFuture.completedFuture(new Message(out));
+            } catch (IOException e) {
+              CompletableFuture<Message> f = new CompletableFuture<>();
+              f.completeExceptionally(e);
+              return f;
+            }
+          }
+        };
+    res.setTSIGKey(defaultKey);
+
+    Name qname = Name.fromString("www.example.com.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message query = Message.newQuery(question);
+    Message response = res.send(query);
+
+    List<Record> additionalSection = response.getSection(Section.ADDITIONAL);
+    assertEquals(Type.string(Type.OPT), Type.string(additionalSection.get(0).getType()));
+    assertEquals(Type.string(Type.TSIG), Type.string(additionalSection.get(1).getType()));
+    int result = defaultKey.verify(response, response.toWire(), null);
+    assertEquals(Rcode.NOERROR, result);
+    assertTrue(response.isSigned());
+    assertTrue(response.isVerified());
+  }
+
+  @Test
+  void unsignedQuerySignedResponse() throws IOException {
     Name qname = Name.fromString("www.example.");
     Record question = Record.newRecord(qname, Type.A, DClass.IN);
     Message query = Message.newQuery(question);
-    query.setTSIG(key, Rcode.NOERROR, null);
-    byte[] qbytes = query.toWire();
+
+    Message response = new Message(query.getHeader().getID());
+    response.setTSIG(defaultKey, Rcode.NOERROR, null);
+    response.getHeader().setFlag(Flags.QR);
+    response.addRecord(question, Section.QUESTION);
+    Record answer = Record.fromString(qname, Type.A, DClass.IN, 300, "1.2.3.4", null);
+    response.addRecord(answer, Section.ANSWER);
+    byte[] rbytes = response.toWire(Message.MAXLENGTH);
+
+    Message rparsed = new Message(rbytes);
+    int result = defaultKey.verify(rparsed, rbytes, null);
+    assertEquals(Rcode.NOERROR, result);
+    assertTrue(rparsed.isSigned());
+    assertTrue(rparsed.isVerified());
+  }
+
+  @Test
+  void signedQuerySignedResponse() throws IOException {
+    Name qname = Name.fromString("www.example.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message query = Message.newQuery(question);
+    query.setTSIG(defaultKey);
+    byte[] qbytes = query.toWire(Message.MAXLENGTH);
     Message qparsed = new Message(qbytes);
+    assertNotNull(query.getGeneratedTSIG());
+    assertEquals(query.getGeneratedTSIG(), qparsed.getTSIG());
 
     Message response = new Message(query.getHeader().getID());
-    response.setTSIG(key, Rcode.NOERROR, qparsed.getTSIG());
+    response.setTSIG(defaultKey, Rcode.NOERROR, qparsed.getTSIG());
     response.getHeader().setFlag(Flags.QR);
     response.addRecord(question, Section.QUESTION);
     Record answer = Record.fromString(qname, Type.A, DClass.IN, 300, "1.2.3.4", null);
     response.addRecord(answer, Section.ANSWER);
-    byte[] bytes = response.toWire(512);
+    byte[] rbytes = response.toWire(Message.MAXLENGTH);
 
-    Message parsed = new Message(bytes);
-    int result = key.verify(parsed, bytes, qparsed.getTSIG());
-    assertEquals(result, Rcode.NOERROR);
-    assertTrue(parsed.isSigned());
+    Message rparsed = new Message(rbytes);
+    int result = defaultKey.verify(rparsed, rbytes, query.getGeneratedTSIG());
+    assertEquals(Rcode.NOERROR, result);
+    assertTrue(rparsed.isSigned());
+    assertTrue(rparsed.isVerified());
   }
 
   @Test
-  void test_TSIG_truncated() throws IOException {
-    TSIG key = new TSIG(TSIG.HMAC_SHA256, "example.", "12345678");
+  void signedQuerySignedResponseViaResolver() throws IOException {
+    Name qname = Name.fromString("www.example.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message query = Message.newQuery(question);
+
+    SimpleResolver res = new SimpleResolver("127.0.0.1");
+    res.setIoClientFactory(
+        new IoClientFactory() {
+          @Override
+          public TcpIoClient createOrGetTcpClient() {
+            return null;
+          }
+
+          @Override
+          public UdpIoClient createOrGetUdpClient() {
+            UdpIoClient udpClient = mock(UdpIoClient.class);
+            when(udpClient.sendAndReceiveUdp(
+                    any(),
+                    any(InetSocketAddress.class),
+                    any(),
+                    any(byte[].class),
+                    anyInt(),
+                    any(Duration.class)))
+                .thenAnswer(
+                    a -> {
+                      Message qparsed = new Message(a.getArgument(3, byte[].class));
+
+                      Message response = new Message(qparsed.getHeader().getID());
+                      response.setTSIG(defaultKey, Rcode.NOERROR, qparsed.getTSIG());
+                      response.getHeader().setFlag(Flags.QR);
+                      response.addRecord(question, Section.QUESTION);
+                      Record answer =
+                          Record.fromString(qname, Type.A, DClass.IN, 300, "1.2.3.4", null);
+                      response.addRecord(answer, Section.ANSWER);
+                      byte[] rbytes = response.toWire(Message.MAXLENGTH);
 
+                      CompletableFuture<byte[]> f = new CompletableFuture<>();
+                      f.complete(rbytes);
+                      return f;
+                    });
+            return udpClient;
+          }
+        });
+    res.setTSIGKey(defaultKey);
+
+    Message responseFromResolver = res.send(query);
+    assertTrue(responseFromResolver.isSigned());
+    assertTrue(responseFromResolver.isVerified());
+  }
+
+  @Test
+  void truncated() throws IOException {
     Name qname = Name.fromString("www.example.");
     Record question = Record.newRecord(qname, Type.A, DClass.IN);
     Message query = Message.newQuery(question);
-    query.setTSIG(key, Rcode.NOERROR, null);
-    byte[] qbytes = query.toWire();
+    query.setTSIG(defaultKey, Rcode.NOERROR, null);
+    byte[] qbytes = query.toWire(512);
     Message qparsed = new Message(qbytes);
 
     Message response = new Message(query.getHeader().getID());
-    response.setTSIG(key, Rcode.NOERROR, qparsed.getTSIG());
+    response.setTSIG(defaultKey, Rcode.NOERROR, qparsed.getTSIG());
     response.getHeader().setFlag(Flags.QR);
     response.addRecord(question, Section.QUESTION);
     for (int i = 0; i < 40; i++) {
       Record answer = Record.fromString(qname, Type.TXT, DClass.IN, 300, "foo" + i, null);
       response.addRecord(answer, Section.ANSWER);
     }
-    byte[] bytes = response.toWire(512);
+    byte[] rbytes = response.toWire(512);
 
-    Message parsed = new Message(bytes);
-    assertTrue(parsed.getHeader().getFlag(Flags.TC));
-    int result = key.verify(parsed, bytes, qparsed.getTSIG());
-    assertEquals(result, Rcode.NOERROR);
-    assertTrue(parsed.isSigned());
+    Message rparsed = new Message(rbytes);
+    assertTrue(rparsed.getHeader().getFlag(Flags.TC));
+    int result = defaultKey.verify(rparsed, rbytes, qparsed.getTSIG());
+    assertEquals(Rcode.NOERROR, result);
+    assertTrue(rparsed.isSigned());
+    assertTrue(rparsed.isVerified());
   }
 
   @Test
-  void rdataFromString() throws IOException {
+  void rdataFromString() {
     TextParseException thrown =
         assertThrows(
             TextParseException.class,
             () -> new TSIGRecord().rdataFromString(new Tokenizer(" "), null));
     assertTrue(thrown.getMessage().contains("no text format defined for TSIG"));
   }
+
+  @Test
+  void testTSIGMessageClone() throws IOException {
+    TSIGRecord old =
+        new TSIGRecord(
+            Name.fromConstantString("example."),
+            DClass.IN,
+            0,
+            TSIG.HMAC_SHA256,
+            Instant.ofEpochSecond(1647025759),
+            Duration.ofSeconds(300),
+            base64.fromString("zcHnvVwo0Zlsj0WckOO/ctRD2Znh+BjIWnSvTQdvj94="),
+            32,
+            Rcode.NOERROR,
+            null);
+
+    Name qname = Name.fromConstantString("www.example.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message response = new Message();
+    response.getHeader().setFlag(Flags.QR);
+    response.addRecord(question, Section.QUESTION);
+    response.addRecord(
+        new ARecord(qname, DClass.IN, 0, InetAddress.getByName("127.0.0.1")), Section.ANSWER);
+    response.setTSIG(defaultKey, Rcode.NOERROR, old);
+    byte[] responseBytes = response.toWire(Message.MAXLENGTH);
+    assertNotNull(responseBytes);
+    assertNotEquals(0, responseBytes.length);
+
+    Message clone = response.clone();
+    assertEquals(response.getQuestion(), clone.getQuestion());
+    assertEquals(response.getSection(Section.ANSWER), clone.getSection(Section.ANSWER));
+    assertEquals(response.getGeneratedTSIG(), clone.getGeneratedTSIG());
+    byte[] cloneBytes = clone.toWire(Message.MAXLENGTH);
+    assertNotNull(cloneBytes);
+    assertNotEquals(0, cloneBytes.length);
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {-1, 0, 101})
+  void testStreamGeneratorNthMessageArgument(int signEvery) {
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> new TSIG.StreamGenerator(defaultKey, null, signEvery));
+  }
+
+  @Test
+  void testTSIGStreamVerifierMissingMinimumTsig() throws Exception {
+    MockMessageClient client = new MockMessageClient(defaultKey);
+    int numResponses = 200;
+    byte[] query = client.createQuery();
+    List<Message> response;
+    try (MockMessageServer server = new MockMessageServer(defaultKey, numResponses, 200, false)) {
+      server.send(query);
+      response = server.getMessages();
+    }
+    Map<Integer, Integer> expectedRcodes = new HashMap<>();
+    for (int i = 0; i < numResponses; i++) {
+      expectedRcodes.put(i, i < 100 ? Rcode.NOERROR : Rcode.FORMERR);
+    }
+    expectedRcodes.put(numResponses - 1, Rcode.BADSIG);
+    client.validateResponse(query, response, expectedRcodes, false);
+  }
+
+  @ParameterizedTest(name = "testTSIGStreamVerifier(numResponses: {0}, signEvery: {1})")
+  @CsvSource({
+    "20,1",
+    "53,6",
+    "105,7",
+    "1000,100",
+  })
+  void testTSIGStreamVerifier(int numResponses, int signEvery) throws Exception {
+    MockMessageClient client = new MockMessageClient(defaultKey);
+    byte[] query = client.createQuery();
+    List<Message> response;
+    try (MockMessageServer server =
+        new MockMessageServer(defaultKey, numResponses, signEvery, false)) {
+
+      server.send(query);
+      response = server.getMessages();
+    }
+    Map<Integer, Integer> expectedRcodes = new HashMap<>();
+    for (int i = 0; i < numResponses; i++) {
+      expectedRcodes.put(i, Rcode.NOERROR);
+    }
+    client.validateResponse(query, response, expectedRcodes, true);
+  }
+
+  @ParameterizedTest(name = "testTSIGStreamVerifierLastMessage(numResponses: {0}, signEvery: {1})")
+  @CsvSource({
+    "53,6",
+    "105,7",
+    "1000,100",
+  })
+  void testTSIGStreamVerifierLastMessage(int numResponses, int signEvery) throws Exception {
+    MockMessageClient client = new MockMessageClient(defaultKey);
+    byte[] query = client.createQuery();
+    List<Message> response;
+    try (MockMessageServer server =
+        new MockMessageServer(defaultKey, numResponses, signEvery, true)) {
+
+      server.send(query);
+      response = server.getMessages();
+    }
+    Map<Integer, Integer> expectedRcodes = new HashMap<>();
+    for (int i = 0; i < numResponses; i++) {
+      expectedRcodes.put(i, Rcode.NOERROR);
+    }
+
+    expectedRcodes.put(numResponses - 1, Rcode.FORMERR);
+    client.validateResponse(query, response, expectedRcodes, false);
+  }
+
+  @Test
+  void testFromTcpStream() throws IOException {
+    DNSInput request = new DNSInput(IOUtils.resourceToByteArray("/tsig-axfr/request.bin"));
+    byte[] queryBytes = request.readByteArray(request.readU16());
+    Message query = new Message(queryBytes);
+    assertNotNull(query.getTSIG());
+    TSIG key =
+        new TSIG(
+            TSIG.HMAC_SHA256,
+            Name.fromConstantString("dnssecishardtest."),
+            new SecretKeySpec(
+                Objects.requireNonNull(
+                    base64.fromString("q4Gsu0nYoyub20//PATXhABobmrVUQyqq5TFzYHfC7o=")),
+                "HmacSHA256"),
+            Clock.fixed(Instant.parse("2023-11-01T20:52:08Z"), ZoneId.of("UTC")));
+
+    TSIG.StreamVerifier verifier = new TSIG.StreamVerifier(key, query.getTSIG());
+    DNSInput response = new DNSInput(IOUtils.resourceToByteArray("/tsig-axfr/response.bin"));
+
+    // Use a list, not a map, to keep the message order intact
+    List<Map.Entry<Message, byte[]>> messages = new ArrayList<>();
+    while (response.remaining() > 0) {
+      byte[] messageBytes = response.readByteArray(response.readU16());
+      Message message = new Message(messageBytes);
+      messages.add(new AbstractMap.SimpleEntry<>(message, messageBytes));
+    }
+
+    for (int i = 0; i < messages.size(); i++) {
+      Map.Entry<Message, byte[]> e = messages.get(i);
+      assertEquals(
+          Rcode.NOERROR, verifier.verify(e.getKey(), e.getValue(), i == messages.size() - 1));
+    }
+  }
+
+  @Test
+  void testLargeMessageIsNotLargerThanMax() {
+    Update update = new Update(Name.fromConstantString("zone.example.com."));
+    for (int i = 0; i < 3000; i++) {
+      TXTRecord r =
+          new TXTRecord(
+              Name.fromConstantString("name-" + i + ".zone.example.com."), DClass.IN, 900, "a");
+      update.absent(r.name, r.type);
+      update.add(r);
+    }
+
+    TSIG tsigKey = new TSIG(TSIG.HMAC_SHA384, "zone.example.com.", "c2VjcmU=");
+    update.setTSIG(tsigKey);
+    byte[] wireData = update.toWire(Message.MAXLENGTH);
+    assertThat(wireData).hasSizeLessThan(Message.MAXLENGTH);
+  }
+
+  @Test
+  void testAxfrLastNotSignedError() throws Exception {
+    Name name = Name.fromConstantString("example.com.");
+    ZoneTransferIn client =
+        new ZoneTransferIn(
+            name,
+            Type.AXFR,
+            0,
+            false,
+            new InetSocketAddress(InetAddress.getLocalHost(), 53),
+            defaultKey) {
+          @Override
+          TCPClient createTcpClient(Duration timeout) throws IOException {
+            return new MockMessageServer(defaultKey, 200, 20, true);
+          }
+        };
+
+    ZoneTransferException exception =
+        assertThrows(ZoneTransferException.class, () -> client.run(new ZoneBuilderAxfrHandler()));
+    assertTrue(exception.getMessage().contains(Rcode.TSIGstring(Rcode.FORMERR)));
+    assertTrue(exception.getMessage().contains("last"));
+  }
+
+  @Test
+  void testAxfr() throws Exception {
+    Name name = Name.fromConstantString("example.com.");
+    ZoneTransferIn client =
+        new ZoneTransferIn(
+            name,
+            Type.AXFR,
+            0,
+            false,
+            new InetSocketAddress(InetAddress.getLocalHost(), 53),
+            defaultKey) {
+          @Override
+          TCPClient createTcpClient(Duration timeout) throws IOException {
+            return new MockMessageServer(defaultKey, 200, 20, false);
+          }
+        };
+
+    ZoneBuilderAxfrHandler handler = new ZoneBuilderAxfrHandler();
+    client.run(handler);
+    // soa on first message, + a record on every message, +soa on last message
+    assertEquals(202, handler.getRecords().size());
+  }
+
+  @Test
+  void invalidAdditionalCount() {
+    Message q = Message.newQuery(Record.newRecord(Name.root, Type.A, DClass.IN));
+    Message m = new Message();
+    m.addRecord(Record.newRecord(Name.root, Type.A, DClass.IN), Section.QUESTION);
+    m.addRecord(Record.newRecord(Name.root, Type.A, DClass.IN), Section.ANSWER);
+    m.addRecord(
+        Record.newRecord(Name.fromConstantString("example.com."), Type.A, DClass.IN),
+        Section.ADDITIONAL);
+    assertDoesNotThrow(m::getTSIG);
+    assertDoesNotThrow(() -> m.normalize(q).getTSIG());
+  }
+
+  @Getter
+  private static class ZoneBuilderAxfrHandler implements ZoneTransferIn.ZoneTransferHandler {
+    private final List<Record> records = new ArrayList<>();
+
+    @Override
+    public void startAXFR() {}
+
+    @Override
+    public void startIXFR() {}
+
+    @Override
+    public void startIXFRDeletes(Record soa) {}
+
+    @Override
+    public void startIXFRAdds(Record soa) {}
+
+    @Override
+    public void handleRecord(Record r) {
+      records.add(r);
+    }
+  }
+
+  private static class MockMessageClient {
+    private final TSIG key;
+
+    MockMessageClient(TSIG key) {
+      this.key = key;
+    }
+
+    byte[] createQuery() throws TextParseException {
+      Name qname = Name.fromString("www.example.");
+      Record question = Record.newRecord(qname, Type.A, DClass.IN);
+      Message query = Message.newQuery(question);
+      query.setTSIG(key);
+      return query.toWire(Message.MAXLENGTH);
+    }
+
+    public void validateResponse(
+        byte[] query,
+        List<Message> responses,
+        Map<Integer, Integer> expectedRcodes,
+        boolean lastResponseSignedState)
+        throws IOException {
+      Message queryMessage = new Message(query);
+      TSIG.StreamVerifier verifier = new TSIG.StreamVerifier(key, queryMessage.getTSIG());
+
+      Map<Integer, Integer> actualRcodes = new HashMap<>();
+      for (int i = 0; i < responses.size(); i++) {
+        boolean isLastMessage = i == responses.size() - 1;
+        byte[] renderedMessage = responses.get(i).toWire(Message.MAXLENGTH);
+        Message messageFromWire = new Message(renderedMessage);
+        actualRcodes.put(i, verifier.verify(messageFromWire, renderedMessage, isLastMessage));
+        if (isLastMessage) {
+          assertEquals(messageFromWire.isVerified(), lastResponseSignedState);
+        }
+      }
+
+      assertEquals(expectedRcodes, actualRcodes);
+    }
+  }
+
+  private static class MockMessageServer extends TCPClient {
+    private final TSIG key;
+    private final int responseMessageCount;
+    private final int signEvery;
+    private final boolean skipLast;
+    @Getter private List<Message> messages;
+    private int recvCalls;
+
+    MockMessageServer(TSIG key, int responseMessageCount, int signEvery, boolean skipLast)
+        throws IOException {
+      super(Duration.ZERO);
+      this.key = key;
+      this.responseMessageCount = responseMessageCount;
+      this.signEvery = signEvery;
+      this.skipLast = skipLast;
+    }
+
+    @Override
+    void bind(SocketAddress addr) {
+      // do nothing
+    }
+
+    @Override
+    void connect(SocketAddress addr) {
+      // do nothing
+    }
+
+    @Override
+    public void close() {
+      // do nothing
+    }
+
+    @Override
+    void send(byte[] queryMessageBytes) throws IOException {
+      Message parsedQueryMessage = new Message(queryMessageBytes);
+      assertNotNull(parsedQueryMessage.getTSIG());
+
+      messages = new LinkedList<>();
+      StreamGenerator generator;
+      try {
+        generator = getStreamGenerator(signEvery, parsedQueryMessage);
+      } catch (NoSuchFieldException | IllegalAccessException e) {
+        throw new IOException(e);
+      }
+
+      Name queryName = parsedQueryMessage.getQuestion().getName();
+      Record soa =
+          new SOARecord(
+              queryName,
+              DClass.IN,
+              300,
+              new Name("ns1", queryName),
+              new Name("admin", queryName),
+              1,
+              3600,
+              1,
+              3600,
+              1800);
+      for (int i = 0; i < responseMessageCount; i++) {
+        Message response = new Message(parsedQueryMessage.getHeader().getID());
+        response.getHeader().setFlag(Flags.QR);
+        response.addRecord(parsedQueryMessage.getQuestion(), Section.QUESTION);
+        if (i == 0) {
+          response.addRecord(soa, Section.ANSWER);
+        }
+        Record answer =
+            new ARecord(
+                parsedQueryMessage.getQuestion().getName(),
+                DClass.IN,
+                300,
+                InetAddress.getByAddress(ByteBuffer.allocate(4).putInt(i).array()));
+        response.addRecord(answer, Section.ANSWER);
+
+        if (i == responseMessageCount - 1) {
+          response.addRecord(soa, Section.ANSWER);
+        }
+
+        generator.generate(response, !skipLast && i == responseMessageCount - 1);
+        messages.add(response);
+      }
+    }
+
+    @Override
+    byte[] recv() {
+      return messages.get(recvCalls++).toWire(Message.MAXLENGTH);
+    }
+
+    private StreamGenerator getStreamGenerator(int signEvery, Message parsedQueryMessage)
+        throws NoSuchFieldException, IllegalAccessException {
+      TSIGRecord queryMessageTSIG = parsedQueryMessage.getTSIG();
+      StreamGenerator generator;
+
+      // Hack for testing invalid server responses, the constructor would normally prevent such an
+      // invalid argument
+      if (signEvery > 100) {
+        generator = new StreamGenerator(key, queryMessageTSIG, 1);
+        Field signEveryNthMessage = StreamGenerator.class.getDeclaredField("signEveryNthMessage");
+        signEveryNthMessage.setAccessible(true);
+        signEveryNthMessage.set(generator, signEvery);
+      } else {
+        generator = new StreamGenerator(key, queryMessageTSIG, signEvery);
+      }
+      return generator;
+    }
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/TTLTest.java b/src/test/java/org/xbill/DNS/TTLTest.java
index 393eadd6e..1a91a0d33 100644
--- a/src/test/java/org/xbill/DNS/TTLTest.java
+++ b/src/test/java/org/xbill/DNS/TTLTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -47,7 +48,7 @@ class TTLTest {
   private final long W = 7 * D;
 
   @Test
-  void test_parseTTL() {
+  void parseTTL() {
     assertEquals(9876, TTL.parseTTL("9876"));
 
     assertEquals(0, TTL.parseTTL("0S"));
@@ -72,7 +73,7 @@ void test_parseTTL() {
   }
 
   @Test
-  void test_parseTTL_invalid() {
+  void parseTTL_invalid() {
     assertThrows(NumberFormatException.class, () -> TTL.parseTTL(null));
 
     assertThrows(NumberFormatException.class, () -> TTL.parseTTL(""));
@@ -87,7 +88,7 @@ void test_parseTTL_invalid() {
   }
 
   @Test
-  void test_format() {
+  void format() {
     assertEquals("0S", TTL.format(0));
     assertEquals("1S", TTL.format(1));
     assertEquals("59S", TTL.format(59));
@@ -107,7 +108,7 @@ void test_format() {
   }
 
   @Test
-  void test_format_invalid() {
+  void format_invalid() {
     assertThrows(InvalidTTLException.class, () -> TTL.format(-1));
 
     assertThrows(InvalidTTLException.class, () -> TTL.format(0x100000000L));
diff --git a/src/test/java/org/xbill/DNS/TcpKeepaliveOptionTest.java b/src/test/java/org/xbill/DNS/TcpKeepaliveOptionTest.java
new file mode 100644
index 000000000..5e0d6d35b
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/TcpKeepaliveOptionTest.java
@@ -0,0 +1,69 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.io.IOException;
+import java.time.Duration;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.utils.base16;
+
+class TcpKeepaliveOptionTest {
+
+  @Test
+  void constructorTests() {
+    assertFalse(new TcpKeepaliveOption().getTimeout().isPresent());
+    assertEquals(100, new TcpKeepaliveOption(100).getTimeout().getAsInt());
+    assertThrows(IllegalArgumentException.class, () -> new TcpKeepaliveOption(-1));
+    assertThrows(IllegalArgumentException.class, () -> new TcpKeepaliveOption(65536));
+    assertEquals(200, new TcpKeepaliveOption(Duration.ofSeconds(20)).getTimeout().getAsInt());
+    assertEquals(
+        Duration.ofSeconds(30),
+        new TcpKeepaliveOption(Duration.ofSeconds(30)).getTimeoutDuration().get());
+    assertEquals(
+        15,
+        new TcpKeepaliveOption(Duration.ofSeconds(1, 599_999_999))
+            .getTimeout()
+            .getAsInt()); // round down test
+    assertThrows(
+        IllegalArgumentException.class, () -> new TcpKeepaliveOption(Duration.ofMillis(-1)));
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> new TcpKeepaliveOption(Duration.ofHours(2))); // 2h > 6553.5 seconds
+  }
+
+  @Test
+  void wireTests() throws IOException {
+    byte[] emptyTimeout = base16.fromString("000B0000");
+    byte[] thirtySecsTimeout = base16.fromString("000B0002012C");
+    byte[] maxTimeout = base16.fromString("000B0002FFFF");
+    byte[] brokenLengthTimeout1 = base16.fromString("000B0001AA");
+    byte[] brokenLengthTimeout2 = base16.fromString("000B0005AABBCCDDEE");
+
+    EDNSOption option = EDNSOption.fromWire(emptyTimeout);
+    assertNotNull(option);
+    assertEquals(TcpKeepaliveOption.class, option.getClass());
+    assertFalse(((TcpKeepaliveOption) option).getTimeout().isPresent());
+
+    option = EDNSOption.fromWire(thirtySecsTimeout);
+    assertNotNull(option);
+    assertEquals(TcpKeepaliveOption.class, option.getClass());
+    assertEquals(300, ((TcpKeepaliveOption) option).getTimeout().getAsInt());
+
+    option = EDNSOption.fromWire(maxTimeout);
+    assertNotNull(option);
+    assertEquals(TcpKeepaliveOption.class, option.getClass());
+    assertEquals(65535, ((TcpKeepaliveOption) option).getTimeout().getAsInt());
+
+    assertThrows(WireParseException.class, () -> EDNSOption.fromWire(brokenLengthTimeout1));
+    assertThrows(WireParseException.class, () -> EDNSOption.fromWire(brokenLengthTimeout2));
+
+    assertArrayEquals(emptyTimeout, new TcpKeepaliveOption().toWire());
+    assertArrayEquals(thirtySecsTimeout, new TcpKeepaliveOption(300).toWire());
+    assertArrayEquals(maxTimeout, new TcpKeepaliveOption(65535).toWire());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/TokenizerTest.java b/src/test/java/org/xbill/DNS/TokenizerTest.java
index 4d17fbfa2..94c2ad7df 100644
--- a/src/test/java/org/xbill/DNS/TokenizerTest.java
+++ b/src/test/java/org/xbill/DNS/TokenizerTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -45,458 +46,464 @@
 import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
 import java.io.File;
-import java.io.FileWriter;
 import java.io.IOException;
-import org.junit.jupiter.api.BeforeEach;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class TokenizerTest {
-  private Tokenizer m_t;
-
-  @BeforeEach
-  void setUp() {
-    m_t = null;
-  }
-
   @Test
-  void test_get() throws IOException {
-    m_t =
+  void get() throws IOException {
+    Tokenizer t =
         new Tokenizer(
             new BufferedInputStream(
                 new ByteArrayInputStream(
                     "AnIdentifier \"a quoted \\\" string\"\r\n; this is \"my\"\t(comment)\nanotherIdentifier (\ramultilineIdentifier\n)"
                         .getBytes())));
 
-    Tokenizer.Token tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
+    Tokenizer.Token tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
     assertTrue(tt.isString());
     assertFalse(tt.isEOL());
-    assertEquals("AnIdentifier", tt.value);
+    assertEquals("AnIdentifier", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.WHITESPACE, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.WHITESPACE, tt.type());
     assertFalse(tt.isString());
     assertFalse(tt.isEOL());
-    assertNull(tt.value);
+    assertNull(tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.QUOTED_STRING, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.QUOTED_STRING, tt.type());
     assertTrue(tt.isString());
     assertFalse(tt.isEOL());
-    assertEquals("a quoted \\\" string", tt.value);
+    assertEquals("a quoted \\\" string", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOL, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOL, tt.type());
     assertFalse(tt.isString());
     assertTrue(tt.isEOL());
-    assertNull(tt.value);
+    assertNull(tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.COMMENT, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.COMMENT, tt.type());
     assertFalse(tt.isString());
     assertFalse(tt.isEOL());
-    assertEquals(" this is \"my\"\t(comment)", tt.value);
+    assertEquals(" this is \"my\"\t(comment)", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOL, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOL, tt.type());
     assertFalse(tt.isString());
     assertTrue(tt.isEOL());
-    assertNull(tt.value);
+    assertNull(tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
     assertTrue(tt.isString());
     assertFalse(tt.isEOL());
-    assertEquals("anotherIdentifier", tt.value);
+    assertEquals("anotherIdentifier", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.WHITESPACE, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.WHITESPACE, tt.type());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
     assertTrue(tt.isString());
     assertFalse(tt.isEOL());
-    assertEquals("amultilineIdentifier", tt.value);
+    assertEquals("amultilineIdentifier", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.WHITESPACE, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.WHITESPACE, tt.type());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOF, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOF, tt.type());
     assertFalse(tt.isString());
     assertTrue(tt.isEOL());
-    assertNull(tt.value);
+    assertNull(tt.value());
 
     // should be able to do this repeatedly
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOF, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOF, tt.type());
     assertFalse(tt.isString());
     assertTrue(tt.isEOL());
-    assertNull(tt.value);
+    assertNull(tt.value());
 
-    m_t = new Tokenizer("onlyOneIdentifier");
-    tt = m_t.get();
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
-    assertEquals("onlyOneIdentifier", tt.value);
+    t = new Tokenizer("onlyOneIdentifier");
+    tt = t.get();
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
+    assertEquals("onlyOneIdentifier", tt.value());
 
-    m_t = new Tokenizer("identifier ;");
-    tt = m_t.get();
-    assertEquals("identifier", tt.value);
-    tt = m_t.get();
-    assertEquals(Tokenizer.EOF, tt.type);
+    t = new Tokenizer("identifier ;");
+    tt = t.get();
+    assertEquals("identifier", tt.value());
+    tt = t.get();
+    assertEquals(Tokenizer.EOF, tt.type());
 
     // some ungets
-    m_t = new Tokenizer("identifier \nidentifier2; junk comment");
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
-    assertEquals("identifier", tt.value);
+    t = new Tokenizer("identifier \nidentifier2; junk comment");
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
+    assertEquals("identifier", tt.value());
 
-    m_t.unget();
+    t.unget();
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
-    assertEquals("identifier", tt.value);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
+    assertEquals("identifier", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.WHITESPACE, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.WHITESPACE, tt.type());
 
-    m_t.unget();
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.WHITESPACE, tt.type);
+    t.unget();
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.WHITESPACE, tt.type());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOL, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOL, tt.type());
 
-    m_t.unget();
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOL, tt.type);
+    t.unget();
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOL, tt.type());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
-    assertEquals("identifier2", tt.value);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
+    assertEquals("identifier2", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.COMMENT, tt.type);
-    assertEquals(" junk comment", tt.value);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.COMMENT, tt.type());
+    assertEquals(" junk comment", tt.value());
 
-    m_t.unget();
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.COMMENT, tt.type);
-    assertEquals(" junk comment", tt.value);
+    t.unget();
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.COMMENT, tt.type());
+    assertEquals(" junk comment", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOF, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOF, tt.type());
 
-    m_t = new Tokenizer("identifier ( junk ; comment\n )");
-    tt = m_t.get();
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
-    assertEquals(Tokenizer.IDENTIFIER, m_t.get().type);
-    assertEquals(Tokenizer.EOF, m_t.get().type);
+    t = new Tokenizer("identifier ( junk ; comment\n )");
+    tt = t.get();
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
+    assertEquals(Tokenizer.IDENTIFIER, t.get().type());
+    assertEquals(Tokenizer.EOF, t.get().type());
   }
 
   @Test
-  void test_get_invalid() throws IOException {
-    m_t = new Tokenizer("(this ;");
-    m_t.get();
-    assertThrows(TextParseException.class, () -> m_t.get());
-
-    m_t = new Tokenizer("\"bad");
-    assertThrows(TextParseException.class, () -> m_t.get());
-
-    m_t = new Tokenizer(")");
-    assertThrows(TextParseException.class, () -> m_t.get());
-
-    m_t = new Tokenizer("\\");
-    assertThrows(TextParseException.class, () -> m_t.get());
+  void get_invalidIncomplete() throws IOException {
+    try (Tokenizer t = new Tokenizer("(this ;")) {
+      t.get();
+      assertThrows(TextParseException.class, t::get);
+    }
+  }
 
-    m_t = new Tokenizer("\"\n");
-    assertThrows(TextParseException.class, () -> m_t.get());
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        "\"bad", ")", "\\", "\"\n",
+      })
+  void get_invalid(String data) {
+    try (Tokenizer t = new Tokenizer(data)) {
+      assertThrows(TextParseException.class, t::get);
+    }
   }
 
   @Test
-  void test_File_input() throws IOException {
+  void file_input() throws IOException {
     File tmp = File.createTempFile("dnsjava", "tmp");
-    try {
-      FileWriter fw = new FileWriter(tmp);
-      fw.write("file\ninput; test");
-      fw.close();
-
-      m_t = new Tokenizer(tmp);
-
-      Tokenizer.Token tt = m_t.get();
-      assertEquals(Tokenizer.IDENTIFIER, tt.type);
-      assertEquals("file", tt.value);
-
-      tt = m_t.get();
-      assertEquals(Tokenizer.EOL, tt.type);
-
-      tt = m_t.get();
-      assertEquals(Tokenizer.IDENTIFIER, tt.type);
-      assertEquals("input", tt.value);
-
-      tt = m_t.get(false, true);
-      assertEquals(Tokenizer.COMMENT, tt.type);
-      assertEquals(" test", tt.value);
-
-      m_t.close();
+    Files.write(tmp.toPath(), "file\ninput; test".getBytes(StandardCharsets.UTF_8));
+    try (Tokenizer t = new Tokenizer(tmp)) {
+      Tokenizer.Token tt = t.get();
+      assertEquals(Tokenizer.IDENTIFIER, tt.type());
+      assertEquals("file", tt.value());
+
+      tt = t.get();
+      assertEquals(Tokenizer.EOL, tt.type());
+
+      tt = t.get();
+      assertEquals(Tokenizer.IDENTIFIER, tt.type());
+      assertEquals("input", tt.value());
+
+      tt = t.get(false, true);
+      assertEquals(Tokenizer.COMMENT, tt.type());
+      assertEquals(" test", tt.value());
     } finally {
       tmp.delete();
     }
   }
 
   @Test
-  void test_unwanted_comment() throws IOException {
-    m_t = new Tokenizer("; this whole thing is a comment\n");
-    Tokenizer.Token tt = m_t.get();
+  void unwanted_comment() throws IOException {
+    Tokenizer t = new Tokenizer("; this whole thing is a comment\n");
+    Tokenizer.Token tt = t.get();
 
-    assertEquals(Tokenizer.EOL, tt.type);
+    assertEquals(Tokenizer.EOL, tt.type());
   }
 
   @Test
-  void test_unwanted_ungotten_whitespace() throws IOException {
-    m_t = new Tokenizer(" ");
-    Tokenizer.Token tt = m_t.get(true, true);
-    m_t.unget();
-    tt = m_t.get();
-    assertEquals(Tokenizer.EOF, tt.type);
+  void unwanted_ungotten_whitespace() throws IOException {
+    Tokenizer t = new Tokenizer(" ");
+    t.get(true, true);
+    t.unget();
+    Tokenizer.Token tt = t.get();
+    assertEquals(Tokenizer.EOF, tt.type());
   }
 
   @Test
-  void test_unwanted_ungotten_comment() throws IOException {
-    m_t = new Tokenizer("; this whole thing is a comment");
-    Tokenizer.Token tt = m_t.get(true, true);
-    m_t.unget();
-    tt = m_t.get();
-    assertEquals(Tokenizer.EOF, tt.type);
+  void unwanted_ungotten_comment() throws IOException {
+    Tokenizer t = new Tokenizer("; this whole thing is a comment");
+    t.get(true, true);
+    t.unget();
+    Tokenizer.Token tt = t.get();
+    assertEquals(Tokenizer.EOF, tt.type());
   }
 
   @Test
-  void test_empty_string() throws IOException {
-    m_t = new Tokenizer("");
-    Tokenizer.Token tt = m_t.get();
-    assertEquals(Tokenizer.EOF, tt.type);
-
-    m_t = new Tokenizer(" ");
-    tt = m_t.get();
-    assertEquals(Tokenizer.EOF, tt.type);
+  void empty_string() throws IOException {
+    Tokenizer t = new Tokenizer("");
+    Tokenizer.Token tt = t.get();
+    assertEquals(Tokenizer.EOF, tt.type());
+
+    t = new Tokenizer(" ");
+    tt = t.get();
+    assertEquals(Tokenizer.EOF, tt.type());
   }
 
   @Test
-  void test_multiple_ungets() throws IOException {
-    m_t = new Tokenizer("a simple one");
-    Tokenizer.Token tt = m_t.get();
-
-    m_t.unget();
-    assertThrows(IllegalStateException.class, () -> m_t.unget());
+  void multiple_ungets() throws IOException {
+    Tokenizer t = new Tokenizer("a simple one");
+    t.get();
+    t.unget();
+    assertThrows(IllegalStateException.class, t::unget);
   }
 
   @Test
-  void test_getString() throws IOException {
-    m_t = new Tokenizer("just_an_identifier");
-    final String[] out = {m_t.getString()};
-    assertEquals("just_an_identifier", out[0]);
+  void getStringIdentifier() throws IOException {
+    Tokenizer t = new Tokenizer("just_an_identifier");
+    assertEquals("just_an_identifier", t.getString());
+  }
 
-    m_t = new Tokenizer("\"just a string\"");
-    out[0] = m_t.getString();
-    assertEquals("just a string", out[0]);
+  @Test
+  void getStringQuoted() throws IOException {
+    Tokenizer t = new Tokenizer("\"just a string\"");
+    assertEquals("just a string", t.getString());
+  }
 
-    m_t = new Tokenizer("; just a comment");
-    assertThrows(TextParseException.class, () -> out[0] = m_t.getString());
+  @Test
+  void getStringComment() {
+    Tokenizer t = new Tokenizer("; just a comment");
+    assertThrows(TextParseException.class, t::getString);
   }
 
   @Test
-  void test_getIdentifier() throws IOException {
-    m_t = new Tokenizer("just_an_identifier");
-    String out = m_t.getIdentifier();
+  void getIdentifier() throws IOException {
+    Tokenizer t = new Tokenizer("just_an_identifier");
+    String out = t.getIdentifier();
     assertEquals("just_an_identifier", out);
 
-    m_t = new Tokenizer("\"just a string\"");
-    assertThrows(TextParseException.class, () -> m_t.getIdentifier());
+    t = new Tokenizer("\"just a string\"");
+    assertThrows(TextParseException.class, t::getIdentifier);
   }
 
   @Test
-  void test_getLong() throws IOException {
-    m_t = new Tokenizer((Integer.MAX_VALUE + 1L) + "");
-    long out = m_t.getLong();
-    assertEquals((Integer.MAX_VALUE + 1L), out);
+  void getLong() throws IOException {
+    Tokenizer t = new Tokenizer((Integer.MAX_VALUE + 1L) + "");
+    long out = t.getLong();
+    assertEquals(Integer.MAX_VALUE + 1L, out);
 
-    m_t = new Tokenizer("-10");
-    assertThrows(TextParseException.class, () -> m_t.getLong());
+    t = new Tokenizer("-10");
+    assertThrows(TextParseException.class, t::getLong);
 
-    m_t = new Tokenizer("19_identifier");
-    assertThrows(TextParseException.class, () -> m_t.getLong());
+    t = new Tokenizer("19_identifier");
+    assertThrows(TextParseException.class, t::getLong);
   }
 
   @Test
-  void test_getUInt32() throws IOException {
-    m_t = new Tokenizer(0xABCDEF12L + "");
-    long out = m_t.getUInt32();
+  void getUInt32() throws IOException {
+    Tokenizer t = new Tokenizer(0xABCDEF12L + "");
+    long out = t.getUInt32();
     assertEquals(0xABCDEF12L, out);
 
-    m_t = new Tokenizer(0x100000000L + "");
-    assertThrows(TextParseException.class, () -> m_t.getUInt32());
+    t = new Tokenizer(0x100000000L + "");
+    assertThrows(TextParseException.class, t::getUInt32);
 
-    m_t = new Tokenizer("-12345");
-    assertThrows(TextParseException.class, () -> m_t.getUInt32());
+    t = new Tokenizer("-12345");
+    assertThrows(TextParseException.class, t::getUInt32);
   }
 
   @Test
-  void test_getUInt16() throws IOException {
-    m_t = new Tokenizer(0xABCDL + "");
-    int out = m_t.getUInt16();
+  void getUInt16() throws IOException {
+    Tokenizer t = new Tokenizer(0xABCDL + "");
+    int out = t.getUInt16();
     assertEquals(0xABCDL, out);
 
-    m_t = new Tokenizer(0x10000 + "");
-    assertThrows(TextParseException.class, () -> m_t.getUInt16());
+    t = new Tokenizer(0x10000 + "");
+    assertThrows(TextParseException.class, t::getUInt16);
 
-    m_t = new Tokenizer("-125");
-    assertThrows(TextParseException.class, () -> m_t.getUInt16());
+    t = new Tokenizer("-125");
+    assertThrows(TextParseException.class, t::getUInt16);
   }
 
   @Test
-  void test_getUInt8() throws IOException {
-    m_t = new Tokenizer(0xCDL + "");
-    int out = m_t.getUInt8();
+  void getUInt8() throws IOException {
+    Tokenizer t = new Tokenizer(0xCDL + "");
+    int out = t.getUInt8();
     assertEquals(0xCDL, out);
 
-    m_t = new Tokenizer(0x100 + "");
-    assertThrows(TextParseException.class, () -> m_t.getUInt8());
+    t = new Tokenizer(0x100 + "");
+    assertThrows(TextParseException.class, t::getUInt8);
 
-    m_t = new Tokenizer("-12");
-    assertThrows(TextParseException.class, () -> m_t.getUInt8());
+    t = new Tokenizer("-12");
+    assertThrows(TextParseException.class, t::getUInt8);
   }
 
   @Test
-  void test_getTTL() throws IOException {
-    m_t = new Tokenizer("59S");
-    assertEquals(59, m_t.getTTL());
+  void getTTL() throws IOException {
+    Tokenizer t = new Tokenizer("59S");
+    assertEquals(59, t.getTTL());
 
-    m_t = new Tokenizer(TTL.MAX_VALUE + "");
-    assertEquals(TTL.MAX_VALUE, m_t.getTTL());
+    t = new Tokenizer(TTL.MAX_VALUE + "");
+    assertEquals(TTL.MAX_VALUE, t.getTTL());
 
-    m_t = new Tokenizer((TTL.MAX_VALUE + 1L) + "");
-    assertEquals(TTL.MAX_VALUE, m_t.getTTL());
+    t = new Tokenizer((TTL.MAX_VALUE + 1L) + "");
+    assertEquals(TTL.MAX_VALUE, t.getTTL());
 
-    m_t = new Tokenizer("Junk");
-    assertThrows(TextParseException.class, () -> m_t.getTTL());
+    t = new Tokenizer("Junk");
+    assertThrows(TextParseException.class, t::getTTL);
   }
 
   @Test
-  void test_getTTLLike() throws IOException {
-    m_t = new Tokenizer("59S");
-    assertEquals(59, m_t.getTTLLike());
+  void getTTLLike() throws IOException {
+    Tokenizer t = new Tokenizer("59S");
+    assertEquals(59, t.getTTLLike());
 
-    m_t = new Tokenizer(TTL.MAX_VALUE + "");
-    assertEquals(TTL.MAX_VALUE, m_t.getTTLLike());
+    t = new Tokenizer(TTL.MAX_VALUE + "");
+    assertEquals(TTL.MAX_VALUE, t.getTTLLike());
 
-    m_t = new Tokenizer((TTL.MAX_VALUE + 1L) + "");
-    assertEquals(TTL.MAX_VALUE + 1L, m_t.getTTLLike());
+    t = new Tokenizer((TTL.MAX_VALUE + 1L) + "");
+    assertEquals(TTL.MAX_VALUE + 1L, t.getTTLLike());
 
-    m_t = new Tokenizer("Junk");
-    assertThrows(TextParseException.class, () -> m_t.getTTLLike());
+    t = new Tokenizer("Junk");
+    assertThrows(TextParseException.class, t::getTTLLike);
   }
 
   @Test
-  void test_getName() throws IOException {
-    Name root = Name.fromString(".");
-    m_t = new Tokenizer("junk");
+  void getName() throws IOException {
+    Tokenizer t = new Tokenizer("junk");
     Name exp = Name.fromString("junk.");
-    Name out = m_t.getName(root);
+    Name out = t.getName(Name.root);
     assertEquals(exp, out);
+  }
 
+  @Test
+  void getNameRelative() throws IOException {
     Name rel = Name.fromString("you.dig");
-    m_t = new Tokenizer("junk");
-    assertThrows(RelativeNameException.class, () -> m_t.getName(rel));
+    Tokenizer t = new Tokenizer("junk");
+    assertThrows(RelativeNameException.class, () -> t.getName(rel));
+  }
 
-    m_t = new Tokenizer("");
-    assertThrows(TextParseException.class, () -> m_t.getName(root));
+  @Test
+  void getNameFromEmpty() {
+    Tokenizer t = new Tokenizer("");
+    assertThrows(TextParseException.class, () -> t.getName(Name.root));
   }
 
   @Test
-  void test_getEOL() throws IOException {
-    m_t = new Tokenizer("id");
-    m_t.getIdentifier();
+  void getEOL() throws IOException {
+    Tokenizer t = new Tokenizer("id");
+    t.getIdentifier();
     try {
-      m_t.getEOL();
+      t.getEOL();
     } catch (TextParseException e) {
       fail(e.getMessage());
     }
 
-    m_t = new Tokenizer("\n");
+    t = new Tokenizer("\n");
     try {
-      m_t.getEOL();
-      m_t.getEOL();
+      t.getEOL();
+      t.getEOL();
     } catch (TextParseException e) {
       fail(e.getMessage());
     }
 
-    m_t = new Tokenizer("id");
-    assertThrows(TextParseException.class, () -> m_t.getEOL());
+    t = new Tokenizer("id");
+    assertThrows(TextParseException.class, t::getEOL);
   }
 
-  @Test
-  void test_getBase64() throws IOException {
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        // basic
+        "AQIDBAUGBwgJ",
+        // with some whitespace
+        "AQIDB AUGB   wgJ",
+        // two base64s separated by newline
+        "AQIDBAUGBwgJ\nAB23DK",
+      })
+  void getBase64(String data) throws IOException {
     byte[] exp = {1, 2, 3, 4, 5, 6, 7, 8, 9};
-    // basic
-    m_t = new Tokenizer("AQIDBAUGBwgJ");
-    byte[] out = m_t.getBase64();
-    assertArrayEquals(exp, out);
-
-    // with some whitespace
-    m_t = new Tokenizer("AQIDB AUGB   wgJ");
-    out = m_t.getBase64();
-    assertArrayEquals(exp, out);
-
-    // two base64s separated by newline
-    m_t = new Tokenizer("AQIDBAUGBwgJ\nAB23DK");
-    out = m_t.getBase64();
+    Tokenizer t = new Tokenizer(data);
+    byte[] out = t.getBase64();
     assertArrayEquals(exp, out);
+  }
 
+  @Test
+  void getBase64Newline() throws IOException {
     // no remaining strings
-    m_t = new Tokenizer("\n");
-    assertNull(m_t.getBase64());
-
-    m_t = new Tokenizer("\n");
-    assertThrows(TextParseException.class, () -> m_t.getBase64(true));
-
-    // invalid encoding
-    m_t = new Tokenizer("not_base64");
-    assertThrows(TextParseException.class, () -> m_t.getBase64(false));
-
-    m_t = new Tokenizer("not_base64");
-    assertThrows(TextParseException.class, () -> m_t.getBase64(true));
+    Tokenizer t = new Tokenizer("\n");
+    assertNull(t.getBase64());
   }
 
   @Test
-  void test_getHex() throws IOException {
-    byte[] exp = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
-    // basic
-    m_t = new Tokenizer("0102030405060708090A0B0C0D0E0F");
-    byte[] out = m_t.getHex();
-    assertArrayEquals(exp, out);
+  void getBase64NewlineRequired() {
+    Tokenizer t = new Tokenizer("\n");
+    assertThrows(TextParseException.class, () -> t.getBase64(true));
+  }
 
-    // with some whitespace
-    m_t = new Tokenizer("0102030 405 060708090A0B0C      0D0E0F");
-    out = m_t.getHex();
-    assertArrayEquals(exp, out);
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void getBase64InvalidEncoding(boolean required) {
+    Tokenizer t = new Tokenizer("not_base64");
+    assertThrows(TextParseException.class, () -> t.getBase64(required));
+  }
 
-    // two hexs separated by newline
-    m_t = new Tokenizer("0102030405060708090A0B0C0D0E0F\n01AB3FE");
-    out = m_t.getHex();
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        // basic
+        "0102030405060708090A0B0C0D0E0F",
+        // with some whitespace
+        "0102030 405 060708090A0B0C      0D0E0F",
+        // two hexs separated by newline
+        "0102030405060708090A0B0C0D0E0F\n01AB3FE",
+      },
+      ignoreLeadingAndTrailingWhitespace = false)
+  void getHex(String data) throws IOException {
+    byte[] exp = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
+    Tokenizer t = new Tokenizer(data);
+    byte[] out = t.getHex();
     assertArrayEquals(exp, out);
+  }
 
+  @Test
+  void getHexNewline() throws IOException {
     // no remaining strings
-    m_t = new Tokenizer("\n");
-    assertNull(m_t.getHex());
-
-    m_t = new Tokenizer("\n");
-    assertThrows(TextParseException.class, () -> m_t.getHex(true));
+    Tokenizer t = new Tokenizer("\n");
+    assertNull(t.getHex());
+  }
 
-    // invalid encoding
-    m_t = new Tokenizer("not_hex");
-    assertThrows(TextParseException.class, () -> m_t.getHex(false));
+  @Test
+  void getHexNewlineRequired() {
+    Tokenizer t = new Tokenizer("\n");
+    assertThrows(TextParseException.class, () -> t.getHex(true));
+  }
 
-    m_t = new Tokenizer("not_hex");
-    assertThrows(TextParseException.class, () -> m_t.getHex(true));
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void getHexInvalidEncoding(boolean required) {
+    Tokenizer t = new Tokenizer("not_hex");
+    assertThrows(TextParseException.class, () -> t.getHex(required));
   }
 }
diff --git a/src/test/java/org/xbill/DNS/TypeBitmapTest.java b/src/test/java/org/xbill/DNS/TypeBitmapTest.java
index 23b5bd00f..e3100caad 100644
--- a/src/test/java/org/xbill/DNS/TypeBitmapTest.java
+++ b/src/test/java/org/xbill/DNS/TypeBitmapTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2011, org.xbill.DNS
@@ -33,26 +34,80 @@
 //
 package org.xbill.DNS;
 
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 import org.junit.jupiter.api.Test;
 
 class TypeBitmapTest {
   @Test
-  void test_empty() {
+  void empty() {
     TypeBitmap typeBitmap = new TypeBitmap(new int[] {});
-    assertEquals(typeBitmap.toString(), "");
+    assertEquals("", typeBitmap.toString());
   }
 
   @Test
-  void test_typeA() {
-    TypeBitmap typeBitmap = new TypeBitmap(new int[] {1});
-    assertEquals(typeBitmap.toString(), "A");
+  void typeA() {
+    TypeBitmap typeBitmap = new TypeBitmap(new int[] {Type.A});
+    assertEquals("A", typeBitmap.toString());
   }
 
   @Test
-  void test_typeNSandSOA() {
-    TypeBitmap typeBitmap = new TypeBitmap(new int[] {2, 6});
-    assertEquals(typeBitmap.toString(), "NS SOA");
+  void typeNSandSOA() {
+    TypeBitmap typeBitmap = new TypeBitmap(new int[] {Type.NS, Type.SOA});
+    assertEquals("NS SOA", typeBitmap.toString());
+  }
+
+  @Test
+  void typeNSandSOAArray() {
+    int[] typeArray = new int[] {Type.NS, Type.SOA};
+    TypeBitmap typeBitmap = new TypeBitmap(typeArray);
+    assertArrayEquals(typeArray, typeBitmap.toArray());
+  }
+
+  @Test
+  void typeAAndSOAToWire() {
+    int[] typeArray = new int[] {Type.A, Type.SOA};
+    TypeBitmap typeBitmap = new TypeBitmap(typeArray);
+    DNSOutput out = new DNSOutput();
+    typeBitmap.toWire(out);
+    assertArrayEquals(new byte[] {0, 1, 0b0100_0010}, out.toByteArray());
+  }
+
+  @Test
+  void typeAandNSEC3ToWireAndBack() throws WireParseException {
+    int[] typeArray = new int[] {Type.A, Type.NSEC3};
+    byte[] wire =
+        new byte[] {
+          // block
+          0,
+          // size
+          7,
+          // 0-7
+          0b0100_0000,
+          // 8-15,
+          0,
+          // 16-23,
+          0,
+          // 24-31,
+          0,
+          // 32-39
+          0,
+          // 40-47
+          0,
+          // 48-55
+          0b0010_0000
+        };
+
+    // Test serialization
+    TypeBitmap typeBitmapOut = new TypeBitmap(typeArray);
+    DNSOutput out = new DNSOutput();
+    typeBitmapOut.toWire(out);
+    assertArrayEquals(wire, out.toByteArray());
+
+    // Test parsing
+    DNSInput in = new DNSInput(wire);
+    TypeBitmap typeBitmapIn = new TypeBitmap(in);
+    assertArrayEquals(typeArray, typeBitmapIn.toArray());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/TypeTest.java b/src/test/java/org/xbill/DNS/TypeTest.java
index 394e06810..861322a0c 100644
--- a/src/test/java/org/xbill/DNS/TypeTest.java
+++ b/src/test/java/org/xbill/DNS/TypeTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -36,14 +37,18 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import java.io.ByteArrayInputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.List;
 import org.junit.jupiter.api.Test;
 
 class TypeTest {
   @Test
-  void test_string() {
+  void string() {
     // a regular one
     assertEquals("CNAME", Type.string(Type.CNAME));
 
@@ -54,7 +59,7 @@ void test_string() {
   }
 
   @Test
-  void test_value() {
+  void value() {
     // regular one
     assertEquals(Type.MAILB, Type.value("MAILB"));
 
@@ -69,13 +74,99 @@ void test_value() {
   }
 
   @Test
-  void test_value_2arg() {
+  void value_2arg() {
     assertEquals(301, Type.value("301", true));
   }
 
   @Test
-  void test_isRR() {
+  void value_2arg_outOfRange() {
+    assertEquals(-1, Type.value("TYPE65536", true));
+  }
+
+  @Test
+  void isRR() {
     assertTrue(Type.isRR(Type.CNAME));
     assertFalse(Type.isRR(Type.IXFR));
   }
+
+  private static final int MYTXT = 65534;
+  private static final String MYTXTName = "MYTXT";
+
+  private static class MYTXTRecord extends TXTBase {
+    MYTXTRecord() {}
+
+    public MYTXTRecord(Name name, int dclass, long ttl, List<String> strings) {
+      super(name, MYTXT, dclass, ttl, strings);
+    }
+
+    public MYTXTRecord(Name name, int dclass, long ttl, String string) {
+      super(name, MYTXT, dclass, ttl, string);
+    }
+  }
+
+  private static class TXTRecordReplacement extends TXTBase {
+    TXTRecordReplacement() {}
+
+    public TXTRecordReplacement(Name name, int dclass, long ttl, List<String> strings) {
+      super(name, Type.TXT, dclass, ttl, strings);
+    }
+
+    public TXTRecordReplacement(Name name, int dclass, long ttl, String string) {
+      super(name, Type.TXT, dclass, ttl, string);
+    }
+  }
+
+  @Test
+  void checkCustomRecords() throws Exception {
+    // test "private use" record
+
+    Type.register(MYTXT, MYTXTName, MYTXTRecord::new);
+    Name testOwner = Name.fromConstantString("example.");
+    MYTXTRecord testRecord = new MYTXTRecord(testOwner, DClass.IN, 3600, "hello world");
+
+    byte[] wireData = testRecord.toWire(Section.ANSWER);
+    Record customRecord = Record.fromWire(new DNSInput(wireData), Section.ANSWER, false);
+    assertEquals(MYTXTRecord.class, customRecord.getClass());
+    assertEquals(MYTXT, customRecord.getType());
+
+    byte[] textData = testRecord.toString().getBytes(StandardCharsets.US_ASCII);
+    Master m = new Master(new ByteArrayInputStream(textData));
+    customRecord = m.nextRecord();
+    assertNotNull(customRecord);
+    assertEquals(MYTXTRecord.class, customRecord.getClass());
+    assertEquals(MYTXT, customRecord.getType());
+    m.close();
+
+    Type.register(MYTXT, MYTXTName, null);
+    customRecord = Record.fromWire(new DNSInput(wireData), Section.ANSWER, false);
+    assertEquals(UNKRecord.class, customRecord.getClass());
+    assertEquals(MYTXT, customRecord.getType());
+
+    // test implementation replacement
+
+    try {
+      assertThrows(
+          IllegalArgumentException.class,
+          () -> Type.register(Type.TXT, "SOA", TXTRecordReplacement::new));
+
+      Type.register(Type.TXT, "TXT", TXTRecordReplacement::new);
+      TXTRecord testRecord2 = new TXTRecord(testOwner, DClass.IN, 3600, "howdy");
+      wireData = testRecord2.toWire(Section.ANSWER);
+      customRecord = Record.fromWire(new DNSInput(wireData), Section.ANSWER, false);
+      assertEquals(TXTRecordReplacement.class, customRecord.getClass());
+      assertEquals(Type.TXT, customRecord.getType());
+
+      byte[] textData2 = testRecord2.toString().getBytes(StandardCharsets.US_ASCII);
+      m = new Master(new ByteArrayInputStream(textData2));
+      customRecord = m.nextRecord();
+      assertNotNull(customRecord);
+      assertEquals(TXTRecordReplacement.class, customRecord.getClass());
+      assertEquals(Type.TXT, customRecord.getType());
+      m.close();
+
+    } finally {
+      // restore default implementation as needed by other tests
+      Type.register(Type.TXT, "TXT", TXTRecord::new);
+    }
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/U16NameBaseTest.java b/src/test/java/org/xbill/DNS/U16NameBaseTest.java
index 5ef26051a..79766a50b 100644
--- a/src/test/java/org/xbill/DNS/U16NameBaseTest.java
+++ b/src/test/java/org/xbill/DNS/U16NameBaseTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -72,15 +73,10 @@ public int getU16Field() {
     public Name getNameField() {
       return super.getNameField();
     }
-
-    @Override
-    public Record getObject() {
-      return null;
-    }
   }
 
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     TestClass tc = new TestClass();
     assertNull(tc.getName());
     assertEquals(0, tc.getType());
@@ -91,7 +87,7 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_ctor_4arg() throws TextParseException {
+  void ctor_4arg() throws TextParseException {
     Name n = Name.fromString("My.Name.");
 
     TestClass tc = new TestClass(n, Type.MX, DClass.IN, 0xBCDA);
@@ -105,7 +101,7 @@ void test_ctor_4arg() throws TextParseException {
   }
 
   @Test
-  void test_ctor_8arg() throws TextParseException {
+  void ctor_8arg() throws TextParseException {
     Name n = Name.fromString("My.Name.");
     Name m = Name.fromString("My.Other.Name.");
 
@@ -144,7 +140,7 @@ void test_ctor_8arg() throws TextParseException {
   }
 
   @Test
-  void test_rrFromWire() throws IOException {
+  void rrFromWire() throws IOException {
     byte[] raw =
         new byte[] {
           (byte) 0xBC,
@@ -177,7 +173,7 @@ void test_rrFromWire() throws IOException {
   }
 
   @Test
-  void test_rdataFromString() throws IOException {
+  void rdataFromString() throws IOException {
     Name exp = Name.fromString("My.Single.Name.");
 
     Tokenizer t = new Tokenizer(0x19A2 + " My.Single.Name.");
@@ -193,7 +189,7 @@ void test_rdataFromString() throws IOException {
   }
 
   @Test
-  void test_rrToString() throws IOException {
+  void rrToString() throws IOException {
     Name n = Name.fromString("My.Name.");
     Name m = Name.fromString("My.Other.Name.");
 
@@ -208,7 +204,7 @@ void test_rrToString() throws IOException {
   }
 
   @Test
-  void test_rrToWire() throws IOException {
+  void rrToWire() throws IOException {
     Name n = Name.fromString("My.Name.");
     Name m = Name.fromString("M.O.n.");
 
diff --git a/src/test/java/org/xbill/DNS/URIRecordTest.java b/src/test/java/org/xbill/DNS/URIRecordTest.java
index 48384e9e7..9571db784 100644
--- a/src/test/java/org/xbill/DNS/URIRecordTest.java
+++ b/src/test/java/org/xbill/DNS/URIRecordTest.java
@@ -1,17 +1,17 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
 import org.junit.jupiter.api.Test;
 
 class URIRecordTest {
   @Test
-  void test_ctor_0arg() {
+  void ctor_0arg() {
     URIRecord r = new URIRecord();
     assertNull(r.getName());
     assertEquals(0, r.getType());
@@ -23,16 +23,9 @@ void test_ctor_0arg() {
   }
 
   @Test
-  void test_getObject() {
-    URIRecord dr = new URIRecord();
-    Record r = dr.getObject();
-    assertTrue(r instanceof URIRecord);
-  }
-
-  @Test
-  void test_ctor_6arg() throws TextParseException {
+  void ctor_6arg() throws TextParseException {
     Name n = Name.fromString("my.name.");
-    String target = ("http://foo");
+    String target = "http://foo";
 
     URIRecord r = new URIRecord(n, DClass.IN, 0xABCDEL, 42, 69, target);
     assertEquals(n, r.getName());
@@ -45,8 +38,8 @@ void test_ctor_6arg() throws TextParseException {
   }
 
   @Test
-  void test_rdataFromString() throws IOException {
-    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF01 + " " + "\"http://foo:1234/bar?baz=bum\"");
+  void rdataFromString() throws IOException {
+    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF01 + " \"http://foo:1234/bar?baz=bum\"");
 
     URIRecord r = new URIRecord();
     r.rdataFromString(t, null);
@@ -56,9 +49,9 @@ void test_rdataFromString() throws IOException {
   }
 
   @Test
-  void test_rdataToWire() throws TextParseException {
+  void rdataToWire() throws TextParseException {
     Name n = Name.fromString("my.name.");
-    String target = ("http://foo");
+    String target = "http://foo";
     byte[] exp =
         new byte[] {
           (byte) 0xbe,
@@ -84,7 +77,7 @@ void test_rdataToWire() throws TextParseException {
   }
 
   @Test
-  void test_rrFromWire() throws IOException {
+  void rrFromWire() throws IOException {
     byte[] raw =
         new byte[] {
           (byte) 0xbe,
@@ -112,7 +105,7 @@ void test_rrFromWire() throws IOException {
   }
 
   @Test
-  void test_toobig_priority() throws TextParseException {
+  void toobig_priority() {
     assertThrows(
         IllegalArgumentException.class,
         () ->
@@ -121,14 +114,14 @@ void test_toobig_priority() throws TextParseException {
   }
 
   @Test
-  void test_toosmall_priority() throws TextParseException {
+  void toosmall_priority() {
     assertThrows(
         IllegalArgumentException.class,
         () -> new URIRecord(Name.fromString("the.name"), DClass.IN, 0x1234, -1, 42, "http://foo"));
   }
 
   @Test
-  void test_toobig_weight() throws TextParseException {
+  void toobig_weight() {
     assertThrows(
         IllegalArgumentException.class,
         () ->
@@ -137,7 +130,7 @@ void test_toobig_weight() throws TextParseException {
   }
 
   @Test
-  void test_toosmall_weight() throws TextParseException {
+  void toosmall_weight() {
     assertThrows(
         IllegalArgumentException.class,
         () -> new URIRecord(Name.fromString("the.name"), DClass.IN, 0x1234, 42, -1, "http://foo"));
diff --git a/src/test/java/org/xbill/DNS/UpdateTest.java b/src/test/java/org/xbill/DNS/UpdateTest.java
new file mode 100644
index 000000000..23457e8d7
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/UpdateTest.java
@@ -0,0 +1,68 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import java.io.IOException;
+import java.net.UnknownHostException;
+import java.util.UUID;
+import java.util.concurrent.CompletableFuture;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.io.IoClientFactory;
+import org.xbill.DNS.io.TcpIoClient;
+import org.xbill.DNS.io.UdpIoClient;
+
+class UpdateTest {
+  private static final Name exampleCom = Name.fromConstantString("example.com.");
+
+  private Update getLargeUpdateMessage() throws TextParseException {
+    Update u = new Update(exampleCom);
+    for (int i = 0; i < 2000; i++) {
+      u.add(
+          new TXTRecord(
+              new Name("name-" + i, exampleCom), DClass.IN, 900, UUID.randomUUID().toString()));
+    }
+    return u;
+  }
+
+  @Test
+  void toWireThrowsOnDisallowedTruncation() throws IOException {
+    Update u = getLargeUpdateMessage();
+    assertThatThrownBy(() -> u.toWire(Message.MAXLENGTH, false))
+        .isInstanceOf(MessageSizeExceededException.class);
+  }
+
+  @Test
+  void toWireAllowsTruncationByDefault() throws IOException, MessageSizeExceededException {
+    Update u = getLargeUpdateMessage();
+    int maxSize = 16384;
+    byte[] defaultOverloadResult = u.toWire(maxSize);
+    byte[] truncationAllowedResult = u.toWire(maxSize, true);
+    Message readBack = new Message(defaultOverloadResult);
+    assertThat(defaultOverloadResult).isEqualTo(truncationAllowedResult).hasSizeLessThan(maxSize);
+    assertThat(readBack.getHeader().getFlag(Flags.TC)).isTrue();
+  }
+
+  @Test
+  void resolverForbidsTruncation() throws TextParseException, UnknownHostException {
+    Update u = getLargeUpdateMessage();
+    SimpleResolver r = new SimpleResolver("127.0.0.1");
+    r.setIoClientFactory(
+        new IoClientFactory() {
+          @Override
+          public TcpIoClient createOrGetTcpClient() {
+            return (local, remote, query, data, timeout) -> CompletableFuture.completedFuture(data);
+          }
+
+          @Override
+          public UdpIoClient createOrGetUdpClient() {
+            throw new RuntimeException("Not implemented");
+          }
+        });
+    r.setTCP(true);
+    assertThatThrownBy(() -> r.send(u))
+        .rootCause()
+        .isInstanceOf(MessageSizeExceededException.class);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/WKSRecordTest.java b/src/test/java/org/xbill/DNS/WKSRecordTest.java
index 6996abc63..823f22902 100644
--- a/src/test/java/org/xbill/DNS/WKSRecordTest.java
+++ b/src/test/java/org/xbill/DNS/WKSRecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
@@ -12,12 +13,12 @@ class WKSRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("127.0.0.1 tcp ftp telnet smtp");
-    WKSRecord record = new WKSRecord();
-    record.rdataFromString(t, null);
-    assertNotNull(record.getAddress());
-    assertEquals(WKSRecord.Protocol.TCP, record.getProtocol());
+    WKSRecord wksRecord = new WKSRecord();
+    wksRecord.rdataFromString(t, null);
+    assertNotNull(wksRecord.getAddress());
+    assertEquals(WKSRecord.Protocol.TCP, wksRecord.getProtocol());
     assertArrayEquals(
         new int[] {WKSRecord.Service.FTP, WKSRecord.Service.TELNET, WKSRecord.Service.SMTP},
-        record.getServices());
+        wksRecord.getServices());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/X25RecordTest.java b/src/test/java/org/xbill/DNS/X25RecordTest.java
index 7e008e134..1dc8a094c 100644
--- a/src/test/java/org/xbill/DNS/X25RecordTest.java
+++ b/src/test/java/org/xbill/DNS/X25RecordTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -10,8 +11,8 @@ class X25RecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("311061700956");
-    X25Record record = new X25Record();
-    record.rdataFromString(t, null);
-    assertEquals("311061700956", record.getAddress());
+    X25Record x25Record = new X25Record();
+    x25Record.rdataFromString(t, null);
+    assertEquals("311061700956", x25Record.getAddress());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/ZoneMDRecordTest.java b/src/test/java/org/xbill/DNS/ZoneMDRecordTest.java
new file mode 100644
index 000000000..84508bef9
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/ZoneMDRecordTest.java
@@ -0,0 +1,216 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.xbill.DNS.ZoneMDRecord.Hash;
+import org.xbill.DNS.utils.base16;
+
+public class ZoneMDRecordTest {
+  @ParameterizedTest
+  @CsvSource({
+    "1,48", "2,64",
+  })
+  void testKnownHashLengths(int alg, int len) {
+    assertEquals(len, Hash.hashLength(alg));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "1,384", "2,512",
+  })
+  void testKnownHashNames(int alg, String suffix) {
+    assertEquals("SHA" + suffix, Hash.string(alg));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "0,0,12", "1,0,12", "0,1,48", "0,2,64",
+  })
+  void testConstructorSuccess(int scheme, int hash, int digestSize) {
+    ZoneMDRecord md =
+        new ZoneMDRecord(
+            Name.root, DClass.IN, 3600, 2147483648L, scheme, hash, new byte[digestSize]);
+    assertNotNull(md);
+    assertEquals(2147483648L, md.getSerial());
+    assertEquals(scheme, md.getScheme());
+    assertEquals(hash, md.getHashAlgorithm());
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "-1,0,0,12",
+    "4294967296,0,0,12",
+    "2147483648,-1,0,12",
+    "2147483648,257,0,12",
+    "2147483648,0,-1,12",
+    "2147483648,0,257,12",
+    "2147483648,0,0,11",
+    "2147483648,0,1,47",
+    "2147483648,0,1,49",
+    "2147483648,0,2,63",
+    "2147483648,0,2,65",
+  })
+  void testConstructorFails(long serial, int scheme, int hash, int digestSize) {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            new ZoneMDRecord(
+                Name.root, DClass.IN, 3600, serial, scheme, hash, new byte[digestSize]));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "2147483648,0,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,0,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+    "2147483648,1,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,1,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,1,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+  })
+  void testFromWireSuccess(long serial, int scheme, int hash, String digest) {
+    ZoneMDRecord md =
+        new ZoneMDRecord(
+            Name.root, DClass.IN, 3600, serial, scheme, hash, base16.fromString(digest));
+    assertNotNull(md);
+    assertEquals(2147483648L, md.getSerial());
+    assertEquals(scheme, md.getScheme());
+    assertEquals(hash, md.getHashAlgorithm());
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "-1,0,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "4294967296,0,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C5D",
+    "2147483648,0,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D",
+    "2147483648,0,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFF",
+    "2147483648,0,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057B",
+    "2147483648,0,0,FEBE3D4CFEBEFEBE3D4CFE",
+    "2147483648,-1,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,257,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,-1,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,257,FEBE3D4CFEBEFEBE3D4CFEBE",
+  })
+  void testFromWireFails(long serial, int scheme, int hash, String digest) {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            new ZoneMDRecord(
+                Name.root, DClass.IN, 3600, serial, scheme, hash, base16.fromString(digest)));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "2147483648,0,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,0,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+    "2147483648,1,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,1,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,1,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+  })
+  void testToAndFromWire(long serial, int scheme, int hash, String digestHex) throws IOException {
+    byte[] digest = base16.fromString(digestHex);
+    ZoneMDRecord md = new ZoneMDRecord(Name.root, DClass.IN, 3600, serial, scheme, hash, digest);
+    byte[] data = md.toWire(Section.ANSWER);
+    Record parsed = Record.fromWire(data, Section.ANSWER);
+    assertInstanceOf(ZoneMDRecord.class, parsed);
+    ZoneMDRecord parsedMd = (ZoneMDRecord) parsed;
+    assertEquals(serial, parsedMd.getSerial());
+    assertEquals(scheme, parsedMd.getScheme());
+    assertEquals(hash, parsedMd.getHashAlgorithm());
+    assertArrayEquals(digest, parsedMd.getDigest());
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    // Name ("."), ZoneMD = 63, DClass = 1, ttl=3600, length
+    "00_003F_0001_00000E10_0002_8000",
+    "00_003F_0001_00000E10_0004_80000000",
+    "00_003F_0001_00000E10_0006_80000000_00",
+    "00_003F_0001_00000E10_0008_80000000_00_00",
+    "00_003F_0001_00000E10_0011_80000000_00_00_FEBE3D4CFEBEFEBE3D4CFE",
+    "00_003F_0001_00000E10_0035_80000000_00_01_FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057B",
+    "00_003F_0001_00000E10_0037_80000000_00_01_FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFF",
+    "00_003F_0001_00000E10_0045_80000000_00_02_FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D",
+    "00_003F_0001_00000E10_0047_80000000_00_02_FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C5D",
+  })
+  void testFromWireFails(String hex) {
+    byte[] data = base16.fromString(hex.replaceAll("_", ""));
+    assertThrows(WireParseException.class, () -> Record.fromWire(data, Section.ANSWER));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "2023110500,1,241,1AADC4FDD0FDB404C4848A9D7C1F1C674C31ADDFDF747454BAE966048EAE0806158EBA5569EEC4638E7A765A72F5019D",
+    "2147483648,0,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,0,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+    "2147483648,1,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,1,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,1,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+  })
+  void testToAndFromRData(long serial, int scheme, int hash, String digestHex) throws IOException {
+    byte[] digest = base16.fromString(digestHex);
+    ZoneMDRecord md = new ZoneMDRecord(Name.root, DClass.IN, 3600, serial, scheme, hash, digest);
+    String data = md.rrToString();
+    assertEquals(serial + " " + scheme + " " + hash + " " + digestHex, data);
+
+    Record parsed = Record.fromString(Name.root, Type.ZONEMD, DClass.IN, 3600, data, Name.root);
+    assertInstanceOf(ZoneMDRecord.class, parsed);
+    ZoneMDRecord parsedMd = (ZoneMDRecord) parsed;
+    assertEquals(serial, parsedMd.getSerial());
+    assertEquals(scheme, parsedMd.getScheme());
+    assertEquals(hash, parsedMd.getHashAlgorithm());
+    assertArrayEquals(digest, parsedMd.getDigest());
+  }
+
+  @Test
+  void testToWrappedRdata() throws IOException {
+    String rdataIn =
+        "2147483648 0 2 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C";
+    ZoneMDRecord md =
+        (ZoneMDRecord)
+            Record.fromString(Name.root, Type.ZONEMD, DClass.IN, 3600, rdataIn, Name.root);
+    try {
+      Options.set("multiline");
+      String rdataOut = md.rrToString();
+      String[] lines = rdataOut.split("\n");
+      assertEquals(3, rdataOut.split("\n").length, "Expected lines");
+      assertTrue(lines[0].contains("("), "Missing opening parenthesis");
+      assertTrue(lines[1].contains("\t"), "Missing tabs");
+      assertTrue(rdataOut.endsWith(")"), "Missing closing parenthesis at end of string");
+    } finally {
+      Options.unset("multiline");
+    }
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "-1 0 0 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "4294967296 0 0 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648, 1 0 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648 257 0 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648, , 1 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648 0 257 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648 0 0 FEBE3D4CFEBEFEBE3D4CFE",
+    "2147483648 0 1 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057B",
+    "2147483648 0 1 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFF",
+    "2147483648 0 2 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D",
+    "2147483648 0 2 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C5D",
+  })
+  void testFromRDataFails(String rdata) {
+    assertThrows(
+        TextParseException.class,
+        () -> Record.fromString(Name.root, Type.ZONEMD, DClass.IN, 3600, rdata, Name.root));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/ZoneStressTest.java b/src/test/java/org/xbill/DNS/ZoneStressTest.java
new file mode 100644
index 000000000..3467f3105
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/ZoneStressTest.java
@@ -0,0 +1,246 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.openjdk.jcstress.annotations.Expect.ACCEPTABLE;
+import static org.openjdk.jcstress.annotations.Expect.ACCEPTABLE_INTERESTING;
+import static org.openjdk.jcstress.annotations.Expect.FORBIDDEN;
+
+import java.net.InetAddress;
+import java.util.List;
+import java.util.stream.Collectors;
+import lombok.SneakyThrows;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.openjdk.jcstress.Main;
+import org.openjdk.jcstress.annotations.Actor;
+import org.openjdk.jcstress.annotations.Arbiter;
+import org.openjdk.jcstress.annotations.Description;
+import org.openjdk.jcstress.annotations.JCStressTest;
+import org.openjdk.jcstress.annotations.Outcome;
+import org.openjdk.jcstress.annotations.State;
+import org.openjdk.jcstress.infra.results.II_Result;
+import org.openjdk.jcstress.infra.results.L_Result;
+
+class ZoneStressTest {
+  @Test
+  @Disabled("Too expensive to always run")
+  @Tag("concurrency")
+  void runZoneConcurrentReadStressTest() throws Exception {
+    // IntelliJ doesn't properly run the JCStress' annotation processor,
+    // use Maven to compile (and disable build-before-run)
+    Main.main(
+        new String[] {"-r", "target/jcstress", "-t", ZoneStressTest.class.getSimpleName(), "-v"});
+  }
+
+  public static class ZoneStressTestBase {
+    protected final Name zoneName;
+    protected final Zone zone;
+    protected final ARecord A1;
+    protected final ARecord A2_1;
+    protected final ARecord A2_2;
+    protected final Name mxName;
+    protected final InetAddress localhost4_1;
+    protected final InetAddress localhost4_2;
+    protected final InetAddress localhost4_3;
+
+    @SneakyThrows
+    public ZoneStressTestBase() {
+      zoneName = Name.fromConstantString("example.");
+      mxName = new Name("mx", zoneName);
+      SOARecord SOA1 =
+          new SOARecord(
+              zoneName,
+              DClass.IN,
+              3600L,
+              Name.fromConstantString("nameserver."),
+              new Name("hostadmin", zoneName),
+              1,
+              21600L,
+              7200L,
+              2160000L,
+              3600L);
+      NSRecord NS1 =
+          new NSRecord(zoneName, DClass.IN, 300L, Name.fromConstantString("nameserver1."));
+
+      localhost4_1 = InetAddress.getByName("127.0.0.1");
+      localhost4_2 = InetAddress.getByName("127.0.0.2");
+      localhost4_3 = InetAddress.getByName("127.0.0.3");
+      A1 = new ARecord(new Name("test1", zoneName), DClass.IN, 3600, localhost4_1);
+      A2_1 = new ARecord(new Name("test2", zoneName), DClass.IN, 3600, localhost4_2);
+      A2_2 = new ARecord(new Name("test2", zoneName), DClass.IN, 3600, localhost4_3);
+
+      Record[] zoneRecords =
+          new Record[] {
+            SOA1, NS1, A1, A2_1, A2_2,
+          };
+      zone = new Zone(zoneName, zoneRecords);
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent writes to the same RRset")
+  @Outcome(
+      id = {"10, 20", "20, 10"},
+      expect = ACCEPTABLE)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class Write extends ZoneStressTestBase {
+    @Actor
+    public void writer1() {
+      zone.addRecord(new MXRecord(mxName, DClass.IN, 3600, 10, A1.getName()));
+    }
+
+    @Actor
+    public void writer2() {
+      zone.addRecord(new MXRecord(mxName, DClass.IN, 3600, 20, A2_1.getName()));
+    }
+
+    @Arbiter
+    public void reader(II_Result r) {
+      r.r1 = poll(0);
+      r.r2 = poll(1);
+    }
+
+    private int poll(int index) {
+      List<Record> rrs = zone.findExactMatch(mxName, Type.MX).rrs(false);
+      return rrs.size() > index ? ((MXRecord) rrs.get(index)).getPriority() : -1;
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent add/read to the same RRset")
+  @Outcome(
+      id = {"[127.0.0.1]", "[127.0.0.1, 127.0.0.2]"},
+      expect = ACCEPTABLE)
+  @Outcome(
+      id = {"[127.0.0.2, 127.0.0.1]"},
+      expect = ACCEPTABLE_INTERESTING)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class AddRead extends ZoneStressTestBase {
+    @Actor
+    public void writer() {
+      zone.addRecord(new ARecord(A1.getName(), DClass.IN, 3600, localhost4_2));
+    }
+
+    @Actor
+    public void reader(L_Result r) {
+      r.r1 =
+          zone.findExactMatch(A1.getName(), Type.A).rrs(false).stream()
+              .map(record -> ((ARecord) record).getAddress().getHostAddress())
+              .collect(Collectors.toList());
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent remove/read to the same RRset")
+  @Outcome(
+      id = {"[127.0.0.3]", "[127.0.0.2, 127.0.0.3]"},
+      expect = ACCEPTABLE)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class RemoveRead extends ZoneStressTestBase {
+    @Actor
+    public void writer() {
+      zone.removeRecord(A2_1);
+    }
+
+    @Actor
+    public void reader(L_Result r) {
+      r.r1 =
+          zone.findExactMatch(A2_1.getName(), Type.A).rrs(false).stream()
+              .map(record -> ((ARecord) record).getAddress().getHostAddress())
+              .collect(Collectors.toList());
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent add/read to a new RRset")
+  @Outcome(
+      id = {"1, -1", "1, 1"},
+      expect = ACCEPTABLE)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class AddReadDifferentRRset extends ZoneStressTestBase {
+    private final Name testName;
+
+    @SneakyThrows
+    public AddReadDifferentRRset() {
+      testName = new Name("test", zoneName);
+    }
+
+    @Actor
+    public void writer() {
+      zone.addRecord(new ARecord(testName, DClass.IN, 3600, localhost4_1));
+    }
+
+    @Actor
+    public void reader(II_Result r) {
+      r.r1 = poll(A1.getName());
+      r.r2 = poll(testName);
+    }
+
+    private int poll(Name name) {
+      RRset rrs = zone.findExactMatch(name, Type.A);
+      return rrs != null ? rrs.size() : -1;
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent add and iteration")
+  @Outcome(
+      id = {"4, -1", "5, 1"},
+      expect = ACCEPTABLE)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class AddNewRRsetAndIterate extends ZoneStressTestBase {
+    private final Name testName;
+
+    @SneakyThrows
+    public AddNewRRsetAndIterate() {
+      testName = new Name("test", zoneName);
+    }
+
+    @Actor
+    public void writer() {
+      zone.addRecord(new ARecord(testName, DClass.IN, 3600, localhost4_1));
+    }
+
+    @Actor
+    public void reader(II_Result r) {
+      r.r2 = -1;
+      for (RRset rr : zone) {
+        r.r1++;
+        if (rr.getName().equals(testName)) {
+          r.r2 = rr.size();
+        }
+      }
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent add and iteration")
+  @Outcome(
+      id = {"4, 1", "4, 2"},
+      expect = ACCEPTABLE)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class AddToRRsetAndIterate extends ZoneStressTestBase {
+    @Actor
+    public void writer() {
+      zone.addRecord(new ARecord(A1.getName(), DClass.IN, 3600, localhost4_2));
+    }
+
+    @Actor
+    public void reader(II_Result r) {
+      r.r2 = -1;
+      for (RRset rr : zone) {
+        r.r1++;
+        if (rr.getName().equals(A1.getName())) {
+          r.r2 = rr.size();
+        }
+      }
+    }
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/ZoneTest.java b/src/test/java/org/xbill/DNS/ZoneTest.java
new file mode 100644
index 000000000..e31517416
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/ZoneTest.java
@@ -0,0 +1,713 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.net.InetAddress;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.NoSuchElementException;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+class ZoneTest {
+  private Name ZONE_NAME;
+  private SOARecord SOA1;
+  private SOARecord SOA2;
+  private NSRecord NS1;
+  private NSRecord NS2;
+  private ARecord A_UNIQUE;
+  private ARecord A_TEST;
+  private AAAARecord AAAA_1_TEST;
+  private AAAARecord AAAA_2_TEST;
+  private ARecord A_WILD;
+  private TXTRecord TXT_WILD;
+  private Zone ZONE;
+
+  @BeforeEach
+  void beforeEach() throws IOException {
+    ZONE_NAME = Name.fromConstantString("example.");
+    SOA1 =
+        new SOARecord(
+            ZONE_NAME,
+            DClass.IN,
+            3600L,
+            Name.fromConstantString("nameserver."),
+            new Name("hostadmin", ZONE_NAME),
+            1,
+            21600L,
+            7200L,
+            2160000L,
+            3600L);
+    SOA2 =
+        new SOARecord(
+            ZONE_NAME,
+            DClass.IN,
+            3600L,
+            Name.fromConstantString("nameserver."),
+            new Name("zoneadmin", ZONE_NAME),
+            1,
+            21600L,
+            7200L,
+            2160000L,
+            3600L);
+    NS1 = new NSRecord(ZONE_NAME, DClass.IN, 300L, Name.fromConstantString("nameserver1."));
+    NS2 = new NSRecord(ZONE_NAME, DClass.IN, 300L, Name.fromConstantString("nameserver2."));
+
+    InetAddress localhost4 = InetAddress.getByName("127.0.0.1");
+    InetAddress localhost6a = InetAddress.getByName("::1");
+    InetAddress localhost6b = InetAddress.getByName("::2");
+    A_UNIQUE =
+        new ARecord(
+            new Name("unique", ZONE_NAME), DClass.IN, 3600, InetAddress.getByName("127.0.0.3"));
+    A_TEST = new ARecord(new Name("test", ZONE_NAME), DClass.IN, 3600, localhost4);
+    AAAA_1_TEST = new AAAARecord(new Name("test", ZONE_NAME), DClass.IN, 3600, localhost6a);
+    AAAA_2_TEST = new AAAARecord(new Name("test", ZONE_NAME), DClass.IN, 3600, localhost6b);
+    A_WILD =
+        new ARecord(
+            new Name("*.wild", ZONE_NAME), DClass.IN, 3600, InetAddress.getByName("127.0.0.2"));
+    TXT_WILD = new TXTRecord(new Name("*.wild", ZONE_NAME), DClass.IN, 3600, "sometext");
+
+    Record[] zoneRecords =
+        new Record[] {
+          SOA1, NS1, NS2, A_UNIQUE, A_TEST, AAAA_1_TEST, AAAA_2_TEST, A_WILD, TXT_WILD,
+        };
+    ZONE = new Zone(ZONE_NAME, zoneRecords);
+  }
+
+  @Test
+  void exactNameNull() {
+    assertThatThrownBy(() -> ZONE.findExactMatch(null, Type.A))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.findExactMatch(null, -1))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.findExactMatch(Name.root, -1))
+        .isInstanceOf(InvalidTypeException.class)
+        .hasMessageContaining("type");
+  }
+
+  @Test
+  void exactNameExistingALookup() {
+    assertThat(ZONE.findExactMatch(A_TEST.getName(), Type.A)).isNotNull().containsExactly(A_TEST);
+  }
+
+  @Test
+  void exactNameAnyThrow() {
+    Name name = A_TEST.getName();
+    assertThatThrownBy(() -> ZONE.findExactMatch(name, Type.ANY))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("type ANY");
+  }
+
+  @Test
+  void findNameExistingALookup() {
+    SetResponse resp = ZONE.findRecords(A_TEST.getName(), Type.A);
+    assertEquals(oneRRset(A_TEST), resp.answers());
+  }
+
+  @Test
+  void findNameNXRRsetLookup() {
+    SetResponse resp = ZONE.findRecords(A_TEST.getName(), Type.TXT);
+    assertEquals(SetResponse.ofType(SetResponseType.NXRRSET), resp);
+  }
+
+  @Test
+  void findNameTwoAaaaLookup() {
+    SetResponse resp = ZONE.findRecords(AAAA_1_TEST.getName(), Type.AAAA);
+    assertEquals(oneRRset(AAAA_1_TEST, AAAA_2_TEST), resp.answers());
+  }
+
+  @Test
+  void findNameAnyLookup() {
+    SetResponse resp = ZONE.findRecords(A_TEST.getName(), Type.ANY);
+    assertTrue(resp.isSuccessful());
+    assertEquals(listOf(new RRset(A_TEST), new RRset(AAAA_1_TEST, AAAA_2_TEST)), resp.answers());
+  }
+
+  @Test
+  void findWildNameNull() {
+    assertThatThrownBy(() -> ZONE.findRecords(null, Type.A))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.findRecords(null, -1))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.findRecords(Name.root, -1))
+        .isInstanceOf(InvalidTypeException.class)
+        .hasMessageContaining("type");
+  }
+
+  @Test
+  void findWildNameNotSubdomain() {
+    assertThat(ZONE.findRecords(Name.root, Type.A))
+        .isNotNull()
+        .isEqualTo(SetResponse.ofType(SetResponseType.NXDOMAIN));
+  }
+
+  @Test
+  void findWildNameExistingALookup() {
+    Name testName = Name.fromConstantString("undefined.wild.example.");
+    SetResponse resp = ZONE.findRecords(testName, Type.A);
+    assertThat(resp.answers()).containsExactly(new RRset(A_WILD.withName(testName)));
+  }
+
+  @Test
+  void findWildNameExistingTxtLookup() {
+    Name testName = Name.fromConstantString("undefined.wild.example.");
+    SetResponse resp = ZONE.findRecords(testName, Type.TXT);
+    assertThat(resp.answers()).containsExactly(new RRset(TXT_WILD.withName(testName)));
+  }
+
+  @Test
+  void findWildNameNonExistingMxLookup() {
+    SetResponse resp =
+        ZONE.findRecords(Name.fromConstantString("undefined.wild.example."), Type.MX);
+    assertTrue(resp.isNXDOMAIN());
+  }
+
+  @Test
+  void findWildNameAnyLookup() {
+    Name testName = Name.fromConstantString("undefined.wild.example.");
+    SetResponse resp = ZONE.findRecords(testName, Type.ANY);
+    assertThat(resp.isSuccessful()).isTrue();
+    assertThat(resp.answers())
+        .containsExactly(
+            new RRset(A_WILD.withName(testName)), new RRset(TXT_WILD.withName(testName)));
+  }
+
+  @Test
+  void ctorNull() {
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, (String) null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, (Record[]) null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(Name.root, (String) null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(Name.root, (Record[]) null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, "some-file.dns"));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, new Record[0]));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, DClass.IN, null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(Name.root, DClass.IN, null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, DClass.IN, "localhost"));
+    assertThrows(InvalidDClassException.class, () -> new Zone(Name.root, -1, "localhost"));
+  }
+
+  @Test
+  void ctorMissingRecords() {
+    assertThrows(IOException.class, () -> new Zone(Name.root, new Record[0]));
+    assertThrows(IOException.class, () -> new Zone(Name.root, new Record[] {A_TEST}));
+    assertThatThrownBy(() -> new Zone(Name.root, new Record[] {SOA1}))
+        .isInstanceOf(IOException.class)
+        .hasMessageContaining("SOA owner");
+    assertThatThrownBy(() -> new Zone(ZONE_NAME, new Record[] {SOA1, NS1, SOA2}))
+        .isInstanceOf(IOException.class)
+        .hasMessageContaining("exactly 1 SOA");
+    assertThatThrownBy(() -> new Zone(ZONE_NAME, new Record[] {SOA1}))
+        .isInstanceOf(IOException.class)
+        .hasMessageContaining("no NS set");
+  }
+
+  @Test
+  void ctorInputStream() {
+    Zone zone =
+        assertDoesNotThrow(
+            () ->
+                new Zone(
+                    Name.fromConstantString("example.com."),
+                    ZoneTest.class.getResourceAsStream("/zonefileEx2")));
+    assertThat(zone.iterator().hasNext()).isTrue();
+    RRset set = zone.iterator().next();
+    assertThat(set.getType()).isEqualTo(Type.SOA);
+    assertThat(set.rrs(false)).hasSize(1);
+    assertThat(set.sigs()).hasSize(1);
+  }
+
+  @Test
+  void ctorWithoutOrigin() {
+    Zone zone =
+        assertDoesNotThrow(
+            () ->
+                new Zone(
+                    Name.fromConstantString("example.com."),
+                    ZoneTest.class.getResourceAsStream("/zonefileEx3")));
+    assertThat(zone.iterator().hasNext()).isTrue();
+    RRset set = zone.iterator().next();
+    assertThat(set.getType()).isEqualTo(Type.SOA);
+    assertThat(set.rrs(false)).hasSize(1);
+  }
+
+  @Test
+  void addRecord() throws TextParseException {
+    Name n = new Name("something", ZONE_NAME);
+    assertNull(ZONE.findExactMatch(n, Type.A));
+    ZONE.addRecord(A_TEST.withName(n));
+    assertNotNull(ZONE.findExactMatch(n, Type.A));
+  }
+
+  @Test
+  void addRecordExistingName() {
+    Name n = A_TEST.getName();
+    assertNotNull(ZONE.findExactMatch(n, Type.A));
+    assertNull(ZONE.findExactMatch(n, Type.MX));
+    MXRecord mx = new MXRecord(n, DClass.IN, 3600, 1, Name.root);
+    ZONE.addRecord(mx);
+    assertThat(ZONE.findExactMatch(n, Type.MX)).isNotNull().containsExactly(mx);
+  }
+
+  @Test
+  void addRecordExistingSet() {
+    Name n = A_TEST.getName();
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull().containsExactly(A_TEST);
+    ARecord a2 = new ARecord(n, DClass.IN, 3600, new byte[4]);
+    ZONE.addRecord(a2);
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull().containsExactly(A_TEST, a2);
+  }
+
+  @Test
+  void addRecordExistingSetOneType() {
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A))
+        .isNotNull()
+        .containsExactly(A_UNIQUE);
+    // Add a different record, testing that it was added to the existing set
+    ARecord a2 = new ARecord(A_UNIQUE.getName(), DClass.IN, 3600, new byte[4]);
+    assertDoesNotThrow(() -> ZONE.addRecord(a2));
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A))
+        .isNotNull()
+        .containsExactly(A_UNIQUE, a2);
+  }
+
+  @Test
+  void removeRecord() {
+    assertNotNull(ZONE.findExactMatch(A_TEST.getName(), Type.A));
+    ZONE.removeRecord(A_TEST);
+    assertNull(ZONE.findExactMatch(A_TEST.getName(), Type.A));
+  }
+
+  @Test
+  void addRRset() throws TextParseException {
+    Name n = new Name("something", ZONE_NAME);
+    assertNull(ZONE.findExactMatch(n, Type.A));
+    ZONE.addRRset(new RRset(A_TEST.withName(n)));
+    assertNotNull(ZONE.findExactMatch(n, Type.A));
+  }
+
+  @Test
+  void addRRsetExistingName() {
+    Name n = A_TEST.getName();
+    assertNotNull(ZONE.findExactMatch(n, Type.A));
+    assertNull(ZONE.findExactMatch(n, Type.MX));
+    MXRecord mx = new MXRecord(n, DClass.IN, 3600, 1, Name.root);
+    ZONE.addRRset(new RRset(mx));
+    assertThat(ZONE.findExactMatch(n, Type.MX)).isNotNull().containsExactly(mx);
+  }
+
+  @Test
+  void addRRsetExistingSet() {
+    Name n = A_TEST.getName();
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull().containsExactly(A_TEST);
+    ARecord a2 = new ARecord(n, DClass.IN, 3600, new byte[4]);
+    ZONE.addRRset(new RRset(a2));
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull().containsExactly(a2);
+  }
+
+  @Test
+  void addRRsetExistingSetOneType() {
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A))
+        .isNotNull()
+        .containsExactly(A_UNIQUE);
+
+    // Add a new set with a different record, testing that it replaced the existing set
+    ARecord a2 = new ARecord(A_UNIQUE.getName(), DClass.IN, 3600, new byte[4]);
+    assertDoesNotThrow(() -> ZONE.addRRset(new RRset(a2)));
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNotNull().containsExactly(a2);
+  }
+
+  @Test
+  void addRecordNull() {
+    assertThatThrownBy(() -> ZONE.addRecord(null))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+  }
+
+  @Test
+  void addRRsetNull() {
+    assertThatThrownBy(() -> ZONE.addRRset(null))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+  }
+
+  @Test
+  void addRecordOutOfZone() {
+    Record arecord = A_TEST.withName(Name.root);
+    assertThatThrownBy(() -> ZONE.addRecord(arecord))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("subdomain");
+  }
+
+  @Test
+  void addRRsetOutOfZone() {
+    RRset aset = new RRset(A_TEST.withName(Name.root));
+    assertThatThrownBy(() -> ZONE.addRRset(aset))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("subdomain");
+  }
+
+  @Test
+  void addSOARecordNewName() {
+    SOARecord newSoa = (SOARecord) SOA2.withName(Name.root);
+    assertThatThrownBy(() -> ZONE.addRecord(newSoa))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("SOA owner");
+  }
+
+  @Test
+  void addSOARRsetNewName() {
+    SOARecord newSoa = (SOARecord) SOA2.withName(Name.root);
+    RRset soaSet = new RRset(newSoa);
+    assertThatThrownBy(() -> ZONE.addRRset(soaSet))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("SOA owner");
+  }
+
+  @Test
+  void addSOARecordReplaceExisting() {
+    ZONE.addRecord(SOA2);
+    RRset soa = ZONE.findExactMatch(ZONE_NAME, Type.SOA);
+    assertThat(ZONE.getSOA()).isEqualTo(SOA2);
+    assertThat(soa).isNotNull().containsExactly(SOA2);
+  }
+
+  @Test
+  void addSOARRsetReplaceExisting() {
+    ZONE.addRRset(new RRset(SOA2));
+    RRset soa = ZONE.findExactMatch(ZONE_NAME, Type.SOA);
+    assertThat(soa).isNotNull();
+    assertThat(soa.size()).isEqualTo(1);
+    assertThat(soa.first()).isEqualTo(ZONE.getSOA()).isEqualTo(SOA2);
+  }
+
+  @Test
+  void addSOARRsetCheckSize() {
+    RRset soaSet = new RRset(SOA1, SOA2);
+    assertThatThrownBy(() -> ZONE.addRRset(soaSet))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("exactly 1 SOA");
+    assertThat(ZONE.getSOA()).isNotNull().isEqualTo(SOA1);
+  }
+
+  @Test
+  void removeSOARecord() {
+    SOARecord soa = ZONE.getSOA();
+    assertThatThrownBy(() -> ZONE.removeRecord(soa))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("remove SOA");
+    RRset soaSet = ZONE.findExactMatch(ZONE_NAME, Type.SOA);
+    assertThat(soaSet).isNotNull().containsExactly(ZONE.getSOA());
+  }
+
+  @Test
+  void removeRecordNull() {
+    assertThatThrownBy(() -> ZONE.removeRecord(null))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+  }
+
+  @Test
+  void removeRecordNonExisting() throws TextParseException {
+    Name n = new Name("some", ZONE_NAME);
+    RRset some = ZONE.findExactMatch(n, Type.DS);
+    assertThat(some).isNull();
+    assertDoesNotThrow(() -> ZONE.removeRecord(Record.newRecord(n, Type.DS, DClass.IN, 3600)));
+  }
+
+  @Test
+  void removeRecordUniqueType() {
+    RRset some = ZONE.findExactMatch(A_UNIQUE.getName(), Type.A);
+    assertThat(some).isNotNull();
+    assertDoesNotThrow(() -> ZONE.removeRecord(A_UNIQUE));
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNull();
+  }
+
+  @Test
+  void removeRecordNs() {
+    RRset nsSet = ZONE.findExactMatch(ZONE_NAME, Type.NS);
+    assertThat(nsSet).containsExactly(NS1, NS2);
+    ZONE.removeRecord(NS1);
+    nsSet = ZONE.findExactMatch(ZONE_NAME, Type.NS);
+    assertThat(nsSet).containsExactly(NS2);
+    assertThatThrownBy(() -> ZONE.removeRecord(NS2))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("all NS");
+    nsSet = ZONE.findExactMatch(ZONE_NAME, Type.NS);
+    assertThat(nsSet).containsExactly(NS2);
+  }
+
+  @Test
+  void removeRRsetNull() {
+    assertThatThrownBy(() -> ZONE.removeRRset(null, Type.A))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.removeRRset(null, -1))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.removeRRset(Name.root, -1))
+        .isInstanceOf(InvalidTypeException.class);
+  }
+
+  @Test
+  void removeRRsetNotExisting() throws TextParseException {
+    Name n = new Name("some", ZONE_NAME);
+    RRset some = ZONE.findExactMatch(n, Type.DS);
+    assertThat(some).isNull();
+    assertDoesNotThrow(() -> ZONE.removeRRset(n, Type.DS));
+  }
+
+  @Test
+  void removeRRsetMultiple() throws TextParseException {
+    Name n = new Name("*.wild", ZONE_NAME);
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull();
+    assertThat(ZONE.findExactMatch(n, Type.TXT)).isNotNull();
+    assertDoesNotThrow(() -> ZONE.removeRRset(n, Type.TXT));
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull();
+    assertThat(ZONE.findExactMatch(n, Type.TXT)).isNull();
+  }
+
+  @Test
+  void removeSOARRset() {
+    assertThatThrownBy(() -> ZONE.removeRRset(ZONE_NAME, Type.SOA))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("remove SOA");
+    assertThat(ZONE.findExactMatch(ZONE_NAME, Type.SOA)).isNotNull().containsExactly(SOA1);
+    assertThat(ZONE.getSOA()).isNotNull();
+  }
+
+  @Test
+  void removeNSRRset() {
+    assertThatThrownBy(() -> ZONE.removeRRset(ZONE_NAME, Type.NS))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("remove all NS");
+    assertThat(ZONE.findExactMatch(ZONE_NAME, Type.NS)).isNotNull();
+    assertThat(ZONE.getNS()).isNotNull().containsExactly(NS1, NS2);
+  }
+
+  @Test
+  void removeRRsetUniqueType() {
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNotNull();
+    assertDoesNotThrow(() -> ZONE.removeRRset(A_UNIQUE.getName(), Type.A));
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNull();
+  }
+
+  @Test
+  void removeRRsetUniqueTypeNonExisting() {
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNotNull();
+    assertDoesNotThrow(() -> ZONE.removeRRset(A_UNIQUE.getName(), Type.MX));
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNotNull();
+  }
+
+  @Test
+  void getNsReturnsSetCopyOfNs() {
+    RRset nsSet = ZONE.getNS();
+    assertThat(nsSet).containsExactly(NS1, NS2);
+    nsSet.deleteRR(nsSet.first());
+    assertThat(nsSet).hasSize(1).containsExactly(NS2);
+    assertThat(ZONE.getNS().rrs(false)).hasSize(2).containsExactly(NS1, NS2);
+  }
+
+  @Test
+  void removeAllTypes() {
+    Name n = A_TEST.getName();
+    assertThat(n).isEqualTo(AAAA_1_TEST.getName());
+    assertDoesNotThrow(() -> ZONE.removeRRset(n, Type.A));
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNull();
+    assertDoesNotThrow(() -> ZONE.removeRRset(n, Type.AAAA));
+    assertThat(ZONE.findExactMatch(n, Type.AAAA)).isNull();
+    SetResponse any = assertDoesNotThrow(() -> ZONE.findRecords(n, Type.ANY));
+    assertThat(any).isNotNull();
+    assertThat(any.isNXDOMAIN()).isTrue();
+  }
+
+  @Test
+  void iteratorHasAllInOrder() {
+    assertThat(ZONE)
+        .hasSize(7)
+        .containsExactly(
+            new RRset(SOA1),
+            new RRset(NS1, NS2),
+            new RRset(A_TEST),
+            new RRset(AAAA_1_TEST, AAAA_2_TEST),
+            new RRset(A_UNIQUE),
+            new RRset(A_WILD),
+            new RRset(TXT_WILD));
+  }
+
+  @Test
+  void iteratorHasAllInOrderWithNamesAtOrigin() {
+    MXRecord mx = new MXRecord(ZONE_NAME, DClass.IN, 3600, 1, A_TEST.getName());
+    ZONE.addRecord(mx);
+    assertThat(ZONE)
+        .hasSize(8)
+        .containsExactly(
+            new RRset(SOA1),
+            new RRset(NS1, NS2),
+            new RRset(mx),
+            new RRset(A_TEST),
+            new RRset(AAAA_1_TEST, AAAA_2_TEST),
+            new RRset(A_UNIQUE),
+            new RRset(A_WILD),
+            new RRset(TXT_WILD));
+  }
+
+  @Test
+  void iteratorHasAllInOrderWithNamesAtOriginForAXFR() {
+    MXRecord mx = new MXRecord(ZONE_NAME, DClass.IN, 3600, 1, A_TEST.getName());
+    ZONE.addRecord(mx);
+    assertThat(ZONE.AXFR())
+        .toIterable()
+        .hasSize(9)
+        .containsExactly(
+            new RRset(SOA1),
+            new RRset(NS1, NS2),
+            new RRset(mx),
+            new RRset(A_TEST),
+            new RRset(AAAA_1_TEST, AAAA_2_TEST),
+            new RRset(A_UNIQUE),
+            new RRset(A_WILD),
+            new RRset(TXT_WILD),
+            new RRset(SOA1));
+  }
+
+  @Test
+  void iteratorHasAllInOrderOrignOnly() throws IOException {
+    assertThat(new Zone(ZONE_NAME, SOA1, NS1, NS2))
+        .hasSize(2)
+        .containsExactly(new RRset(SOA1), new RRset(NS1, NS2));
+  }
+
+  @Test
+  void iteratorReturnsSetCopyOfSoa() {
+    RRset soaSet = ZONE.iterator().next();
+    assertThat(soaSet).containsExactly(SOA1);
+    soaSet.deleteRR(soaSet.first());
+    assertThat(ZONE.getSOA()).isNotNull();
+  }
+
+  @Test
+  void iteratorReturnsSetCopyOfNs() {
+    Iterator<RRset> it = ZONE.iterator();
+    it.next(); // Skip SOA
+    RRset nsSet = it.next();
+    assertThat(nsSet).containsExactly(NS1, NS2);
+    nsSet.deleteRR(nsSet.first());
+    assertThat(nsSet).hasSize(1).containsExactly(NS2);
+    assertThat(ZONE.getNS().rrs(false)).hasSize(2).containsExactly(NS1, NS2);
+  }
+
+  @Test
+  void iteratorReturnsSetCopy() {
+    Iterator<RRset> it = ZONE.iterator();
+    it.next(); // Skip SOA
+    it.next(); // Skip NS
+    RRset aSet = it.next();
+    assertThat(aSet).containsExactly(A_TEST);
+    aSet.deleteRR(aSet.first());
+    assertThat(aSet).isEmpty();
+    assertThat(ZONE.findExactMatch(A_TEST.getName(), Type.A)).hasSize(1);
+  }
+
+  @Test
+  void iteratorRemoveSOAFails() {
+    Iterator<RRset> iterator = ZONE.iterator();
+    assertThat(iterator).isNotNull();
+    assertThat(iterator.hasNext()).isTrue();
+    assertThat(iterator.next()).isEqualTo(new RRset(ZONE.getSOA()));
+    assertThatThrownBy(iterator::remove).hasMessageContaining("remove SOA");
+  }
+
+  @Test
+  void iteratorRemoveAxfrSOAFails() {
+    Iterator<RRset> iterator = ZONE.AXFR();
+    while (iterator.hasNext()) {
+      iterator.next();
+    }
+
+    assertThatThrownBy(iterator::remove).hasMessageContaining("remove SOA");
+  }
+
+  @Test
+  void iteratorRemoveNSFails() {
+    Iterator<RRset> iterator = ZONE.iterator();
+    assertThat(iterator).isNotNull();
+    assertThat(iterator.hasNext()).isTrue();
+    assertThat(iterator.next()).isEqualTo(new RRset(ZONE.getSOA()));
+    assertThat(iterator.hasNext()).isTrue();
+    assertThat(iterator.next()).isEqualTo(ZONE.getNS());
+    assertThatThrownBy(iterator::remove).hasMessageContaining("remove all NS");
+  }
+
+  @Test
+  void iteratorRemoveNoNextFails() {
+    assertThatThrownBy(ZONE.iterator()::remove)
+        .isInstanceOf(IllegalStateException.class)
+        .hasMessageContaining("Not at");
+  }
+
+  @Test
+  void iteratorRemoveASucceeds() {
+    Iterator<RRset> it = ZONE.iterator();
+    it.next(); // SOA
+    it.next(); // NS
+    it.next(); // A
+    it.remove();
+    assertThat(ZONE.findExactMatch(A_TEST.getName(), Type.A)).isNull();
+  }
+
+  @Test
+  void iteratorNextAfterLastFails() {
+    Iterator<RRset> iterator = ZONE.iterator();
+    while (iterator.hasNext()) {
+      iterator.next();
+    }
+
+    assertThatThrownBy(iterator::next)
+        .isInstanceOf(NoSuchElementException.class)
+        .hasMessageContaining("No more elements");
+  }
+
+  @Test
+  void isSerializable() throws IOException, ClassNotFoundException {
+    ByteArrayOutputStream oms = new ByteArrayOutputStream();
+    ObjectOutputStream oos = new ObjectOutputStream(oms);
+    oos.writeObject(ZONE);
+    byte[] zoneData = oms.toByteArray();
+    ByteArrayInputStream ims = new ByteArrayInputStream(zoneData);
+    ObjectInputStream ois = new ObjectInputStream(ims);
+    Zone z = (Zone) ois.readObject();
+    assertThat(z.getSOA()).isEqualTo(SOA1);
+    assertThat(z.findExactMatch(ZONE.getOrigin(), Type.SOA)).first().isEqualTo(SOA1);
+    assertDoesNotThrow(
+        () -> z.addRecord(A_TEST.withName(new Name("some-other-name", ZONE.getOrigin()))));
+  }
+
+  private static List<RRset> listOf(RRset... rrsets) {
+    return Stream.of(rrsets).collect(Collectors.toList());
+  }
+
+  private static List<RRset> oneRRset(Record... r) {
+    return Collections.singletonList(new RRset(r));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/ZoneWithSoaSigTest.java b/src/test/java/org/xbill/DNS/ZoneWithSoaSigTest.java
new file mode 100644
index 000000000..fe68cbe33
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/ZoneWithSoaSigTest.java
@@ -0,0 +1,206 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.time.Instant;
+import java.util.List;
+import java.util.stream.Collectors;
+import java.util.stream.StreamSupport;
+import org.junit.jupiter.api.Test;
+
+class ZoneWithSoaSigTest {
+  @Test
+  void canParseZoneWithSigs() throws IOException {
+    Name an = Name.fromString("10.in-addr.arpa.");
+    Name host = Name.fromString("z.example.com.");
+    Name secondary = Name.fromString("y.example.com.");
+    Name admin = Name.fromString("dns-ops.example.com.");
+
+    long ttl = 86400;
+    long serial = 2147483749L;
+    long refresh = 1800;
+    long retry = 900;
+    long expire = 691200;
+    long minimum = 10800;
+
+    // dummy set of records for a dummy zone
+    Record[] records =
+        new Record[] {
+          new SOARecord(an, DClass.IN, ttl, host, admin, serial, refresh, retry, expire, minimum),
+          new NSRecord(an, DClass.IN, ttl, host),
+          new NSRecord(an, DClass.IN, ttl, secondary),
+          new DNSKEYRecord(
+              an, DClass.IN, ttl, 256, 3, 5, "dummypublickey".getBytes(StandardCharsets.UTF_8)),
+          new RRSIGRecord(
+              an,
+              DClass.IN,
+              ttl,
+              Type.NS,
+              5,
+              ttl,
+              Instant.now(),
+              Instant.now(),
+              5,
+              an,
+              "dummysig1".getBytes(StandardCharsets.UTF_8)),
+          new RRSIGRecord(
+              an,
+              DClass.IN,
+              ttl,
+              Type.SOA,
+              5,
+              ttl,
+              Instant.now(),
+              Instant.now(),
+              5,
+              an,
+              "dummysig2".getBytes(StandardCharsets.UTF_8))
+        };
+
+    Zone z = new Zone(an, records);
+    List<RRset> rrSets = StreamSupport.stream(z.spliterator(), false).collect(Collectors.toList());
+
+    // there should be 3 RRsets (soa, ns, dskey)
+    assertThat(rrSets).hasSize(3);
+
+    // assert that there is 1 SOA and it is signed
+    List<RRset> allSoaSets =
+        rrSets.stream().filter(r -> r.getType() == Type.SOA).collect(Collectors.toList());
+    assertThat(allSoaSets).hasSize(1);
+    RRset onlySoaSet = allSoaSets.get(0);
+    assertThat(onlySoaSet.rrs()).hasSize(1);
+    assertThat(onlySoaSet.sigs()).hasSize(1);
+
+    // assert that there are 2 nameservers and they are signed
+    List<RRset> allNsSets =
+        rrSets.stream().filter(r -> r.getType() == Type.NS).collect(Collectors.toList());
+    RRset onlyNsSet = allNsSets.get(0);
+    assertThat(onlyNsSet.rrs()).hasSize(2);
+    assertThat(onlyNsSet.sigs()).hasSize(1);
+
+    // assert that there is 1 dskey and it is not signed
+    List<RRset> allKeySets =
+        rrSets.stream().filter(r -> r.getType() == Type.DNSKEY).collect(Collectors.toList());
+    RRset onlyKeySet = allKeySets.get(0);
+    assertThat(onlyKeySet.rrs()).hasSize(1);
+    assertThat(onlyKeySet.sigs()).isEmpty();
+  }
+
+  @Test
+  void canReplaceSoa() throws IOException {
+    Name an = Name.fromString("10.in-addr.arpa.");
+    Name host = Name.fromString("z.example.com.");
+    Name secondary = Name.fromString("y.example.com.");
+    Name admin = Name.fromString("dns-ops.example.com.");
+    Name admin2 = Name.fromString("dns-ops2.example.com.");
+
+    long ttl = 86400;
+    long serial = 2147483749L;
+    long refresh = 1800;
+    long retry = 900;
+    long expire = 691200;
+    long minimum = 10800;
+
+    Record soa =
+        new SOARecord(an, DClass.IN, ttl, host, admin, serial, refresh, retry, expire, minimum);
+    Record soaRrsig =
+        new RRSIGRecord(
+            an,
+            DClass.IN,
+            ttl,
+            Type.SOA,
+            5,
+            ttl,
+            Instant.now(),
+            Instant.now(),
+            5,
+            an,
+            "soa1Sig".getBytes(StandardCharsets.UTF_8));
+
+    // for otherSoa, admin is different than the original
+    Record otherSoa =
+        new SOARecord(an, DClass.IN, ttl, host, admin2, serial, refresh, retry, expire, minimum);
+    // for anotherSoaRrsig sig is different from the original
+    Record anotherSoaRrsig =
+        new RRSIGRecord(
+            an,
+            DClass.IN,
+            ttl,
+            Type.SOA,
+            5,
+            ttl,
+            Instant.now(),
+            Instant.now(),
+            5,
+            an,
+            "soa2sig".getBytes(StandardCharsets.UTF_8));
+
+    Record nsSig =
+        new RRSIGRecord(
+            an,
+            DClass.IN,
+            ttl,
+            Type.NS,
+            5,
+            ttl,
+            Instant.now(),
+            Instant.now(),
+            5,
+            an,
+            "nsSig".getBytes(StandardCharsets.UTF_8));
+
+    // dummy set of records for a dummy zone
+    Record[] records =
+        new Record[] {
+          soa,
+          new NSRecord(an, DClass.IN, ttl, host),
+          new NSRecord(an, DClass.IN, ttl, secondary),
+          new DNSKEYRecord(
+              an, DClass.IN, ttl, 256, 3, 5, "dummypublickey".getBytes(StandardCharsets.UTF_8)),
+          nsSig,
+          soaRrsig
+        };
+
+    Zone z = new Zone(an, records);
+    // replace Soa
+    z.addRecord(otherSoa);
+    // replace RRSig covering Soa
+    z.removeRecord(soaRrsig);
+    z.addRecord(anotherSoaRrsig);
+
+    List<RRset> rrSets = StreamSupport.stream(z.spliterator(), false).collect(Collectors.toList());
+
+    // there should be 3 RRsets (soa, ns, dskey)
+    assertThat(rrSets).hasSize(3);
+
+    // assert that there is 1 SOA and it is signed
+    List<RRset> allSoaSets =
+        rrSets.stream().filter(r -> r.getType() == Type.SOA).collect(Collectors.toList());
+    assertThat(allSoaSets).hasSize(1);
+    RRset onlySoaSet = allSoaSets.get(0);
+    assertThat(onlySoaSet.rrs()).hasSize(1);
+    assertThat(onlySoaSet.sigs()).hasSize(1);
+    // confirm that the SOA was replaced correctly
+    assertThat(((SOARecord) onlySoaSet.rrs().get(0)).getAdmin()).isEqualTo(admin2);
+    // confirm that the RRSig on the SOA was replaced correctly
+    assertThat((onlySoaSet.sigs().get(0)).getSignature())
+        .isEqualTo("soa2sig".getBytes(StandardCharsets.UTF_8));
+
+    // assert that there are 2 nameservers and they are signed
+    List<RRset> allNsSets =
+        rrSets.stream().filter(r -> r.getType() == Type.NS).collect(Collectors.toList());
+    RRset onlyNsSet = allNsSets.get(0);
+    assertThat(onlyNsSet.rrs()).hasSize(2);
+    assertThat(onlyNsSet.sigs()).hasSize(1);
+
+    // assert that there is 1 dskey and it is not signed
+    List<RRset> allKeySets =
+        rrSets.stream().filter(r -> r.getType() == Type.DNSKEY).collect(Collectors.toList());
+    RRset onlyKeySet = allKeySets.get(0);
+    assertThat(onlyKeySet.rrs()).hasSize(1);
+    assertThat(onlyKeySet.sigs()).isEmpty();
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/AlwaysOffline.java b/src/test/java/org/xbill/DNS/dnssec/AlwaysOffline.java
new file mode 100644
index 000000000..106a2b4cc
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/AlwaysOffline.java
@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(value = RetentionPolicy.RUNTIME)
+@Target(value = {ElementType.METHOD})
+public @interface AlwaysOffline {}
diff --git a/src/test/java/org/xbill/DNS/dnssec/Check.java b/src/test/java/org/xbill/DNS/dnssec/Check.java
new file mode 100644
index 000000000..81fa752b6
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/Check.java
@@ -0,0 +1,9 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import org.xbill.DNS.Message;
+
+class Check {
+  Message query;
+  Message response;
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/DnsSecVerifierTests.java b/src/test/java/org/xbill/DNS/dnssec/DnsSecVerifierTests.java
new file mode 100644
index 000000000..ce1b628b6
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/DnsSecVerifierTests.java
@@ -0,0 +1,147 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.time.Instant;
+import java.util.Properties;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+
+public class DnsSecVerifierTests {
+  private final DnsSecVerifier verifier = new DnsSecVerifier(new ValUtils());
+  private final DNSKEYRecord key;
+  private final KeyEntry keyEntry;
+  private final RRset unsigned;
+  private final RRset signed;
+  private final RRset multiSigned;
+  private static final int NUM_RRSIGS = 5;
+
+  DnsSecVerifierTests() throws NoSuchAlgorithmException, DNSSEC.DNSSECException {
+    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
+    kpg.initialize(2048);
+    KeyPair rsaKeyPair = kpg.generateKeyPair();
+    key =
+        new DNSKEYRecord(
+            Name.root,
+            DClass.IN,
+            3600,
+            DNSKEYRecord.Flags.ZONE_KEY,
+            DNSKEYRecord.Protocol.DNSSEC,
+            DNSSEC.Algorithm.RSASHA256,
+            rsaKeyPair.getPublic());
+    keyEntry = KeyEntry.newKeyEntry(new SRRset(key));
+    unsigned = new RRset(new ARecord(Name.root, DClass.IN, 3600, new byte[4]));
+    signed = new RRset(new ARecord(Name.root, DClass.IN, 3600, new byte[4]));
+    Instant inception = Instant.ofEpochSecond(3600);
+    Instant expiration = Instant.ofEpochSecond(7200);
+    signed.addRR(DNSSEC.sign(signed, key, rsaKeyPair.getPrivate(), inception, expiration));
+
+    multiSigned = new RRset(new ARecord(Name.root, DClass.IN, 3600, new byte[4]));
+    for (int i = 0; i < NUM_RRSIGS; i++) {
+      multiSigned.addRR(
+          DNSSEC.sign(
+              signed,
+              key,
+              rsaKeyPair.getPrivate(),
+              inception.plusSeconds(i),
+              expiration.plusSeconds(1)));
+    }
+  }
+
+  @BeforeEach
+  void beforeEach() {
+    verifier.init(new Properties());
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void validateUnsigned(boolean asSet) {
+    JustifiedSecStatus status;
+    if (asSet) {
+      status = verifier.verify(new SRRset(unsigned), keyEntry, Instant.ofEpochSecond(5400));
+    } else {
+      status = verifier.verify(unsigned, key, Instant.ofEpochSecond(5400));
+    }
+
+    assertEquals(SecurityStatus.BOGUS, status.status);
+    assertEquals(ExtendedErrorCodeOption.RRSIGS_MISSING, status.edeReason);
+    assertEquals("validate.bogus.missingsig_named:.:A", status.reason);
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void validateValid(boolean asSet) {
+    JustifiedSecStatus status;
+    if (asSet) {
+      status = verifier.verify(new SRRset(signed), keyEntry, Instant.ofEpochSecond(5400));
+    } else {
+      status = verifier.verify(signed, key, Instant.ofEpochSecond(5400));
+    }
+
+    assertEquals(SecurityStatus.SECURE, status.status);
+    assertEquals(-1, status.edeReason);
+    assertNull(status.reason);
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void validateNotYetValid(boolean asSet) {
+    JustifiedSecStatus status;
+    if (asSet) {
+      status = verifier.verify(new SRRset(signed), keyEntry, Instant.ofEpochSecond(1800));
+    } else {
+      status = verifier.verify(signed, key, Instant.ofEpochSecond(1800));
+    }
+
+    assertEquals(SecurityStatus.BOGUS, status.status);
+    assertEquals(ExtendedErrorCodeOption.SIGNATURE_NOT_YET_VALID, status.edeReason);
+    assertEquals("dnskey.not_yet_valid", status.reason);
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void validateExpired(boolean asSet) {
+    JustifiedSecStatus status;
+    if (asSet) {
+      status = verifier.verify(new SRRset(signed), keyEntry, Instant.ofEpochSecond(8000));
+    } else {
+      status = verifier.verify(signed, key, Instant.ofEpochSecond(8000));
+    }
+
+    assertEquals(SecurityStatus.BOGUS, status.status);
+    assertEquals(ExtendedErrorCodeOption.SIGNATURE_EXPIRED, status.edeReason);
+    assertEquals("dnskey.expired", status.reason);
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void validateTooManySignatures(boolean asSet) {
+    // Limit to max. 4 RRsigs
+    Properties config = new Properties();
+    config.put(DnsSecVerifier.MAX_VALIDATE_RRSIGS_PROPERTY, Integer.toString(NUM_RRSIGS - 1));
+    verifier.init(config);
+
+    JustifiedSecStatus status;
+    if (asSet) {
+      status = verifier.verify(new SRRset(multiSigned), keyEntry, Instant.ofEpochSecond(7208));
+    } else {
+      status = verifier.verify(multiSigned, key, Instant.ofEpochSecond(7208));
+    }
+    assertEquals(SecurityStatus.BOGUS, status.status);
+    assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, status.edeReason);
+    assertEquals("validate.bogus.rrsigtoomany:.:A", status.reason);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/MessageReader.java b/src/test/java/org/xbill/DNS/dnssec/MessageReader.java
new file mode 100644
index 000000000..373d438b1
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/MessageReader.java
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.Reader;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.Master;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class MessageReader {
+  Message readMessage(Reader in) throws IOException {
+    BufferedReader r;
+    if (in instanceof BufferedReader) {
+      r = (BufferedReader) in;
+    } else {
+      r = new BufferedReader(in);
+    }
+
+    Message m = null;
+    String line;
+    int section = 103;
+    while ((line = r.readLine()) != null) {
+      String[] data;
+      if (line.startsWith(";; ->>HEADER<<- ")) {
+        section = 101;
+        m = new Message();
+      } else if (line.startsWith(";; QUESTIONS:")) {
+        section = 102;
+      } else if (line.startsWith(";; ANSWERS:")) {
+        section = Section.ANSWER;
+        line = r.readLine();
+      } else if (line.startsWith(";; AUTHORITY RECORDS:")) {
+        section = Section.AUTHORITY;
+        line = r.readLine();
+      } else if (line.startsWith(";; ADDITIONAL RECORDS:")) {
+        section = 100;
+      } else if (line.startsWith("####")) {
+        return m;
+      } else if (line.startsWith("#")) {
+        continue;
+      }
+
+      switch (section) {
+        case 100: // ignore
+          break;
+
+        case 101: // header
+          section = 100;
+          data = line.substring(";; ->>HEADER<<- ".length()).split(",");
+          m.getHeader().setRcode(Rcode.value(data[1].split(":\\s*")[1]));
+          m.getHeader().setID(Integer.parseInt(data[2].split(":\\s*")[1]));
+          break;
+
+        case 102: // question
+          line = r.readLine();
+          data = line.split(",");
+          Record q =
+              Record.newRecord(
+                  Name.fromString(data[0].replaceAll(";;\\s*", "")),
+                  Type.value(data[1].split("\\s*=\\s*")[1]),
+                  DClass.value(data[2].split("\\s*=\\s*")[1]));
+          m.addRecord(q, Section.QUESTION);
+          section = 100;
+          break;
+
+        default:
+          if (line != null && !line.isEmpty()) {
+            Master ma = new Master(new ByteArrayInputStream(line.getBytes()));
+            Record nextRecord = ma.nextRecord();
+            if (nextRecord != null) {
+              m.addRecord(nextRecord, section);
+            }
+          }
+      }
+    }
+
+    r.close();
+    return m;
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/PrepareMocks.java b/src/test/java/org/xbill/DNS/dnssec/PrepareMocks.java
new file mode 100644
index 000000000..05b962bfe
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/PrepareMocks.java
@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(value = RetentionPolicy.RUNTIME)
+@Target(value = {ElementType.METHOD})
+public @interface PrepareMocks {
+  String value();
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/RTest.java b/src/test/java/org/xbill/DNS/dnssec/RTest.java
new file mode 100644
index 000000000..711ed326d
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/RTest.java
@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.util.ResourceBundle;
+import org.junit.jupiter.api.Test;
+import org.mockito.stubbing.Answer;
+
+class RTest {
+  @Test
+  void testCustomResourceBundle() {
+    ResourceBundle rb = mock(ResourceBundle.class);
+    when(rb.getString(anyString()))
+        .then((Answer<String>) invocation -> (String) invocation.getArguments()[0]);
+    R.setUseNeutralMessages(false);
+    R.setBundle(rb);
+    assertEquals("key", R.get("key"));
+    assertEquals("msg 1", R.get("msg {0}", 1));
+  }
+
+  @Test
+  void testExplicitNullBundle() {
+    R.setUseNeutralMessages(true);
+    assertEquals("key", R.get("key"));
+    assertEquals("key:1", R.get("key", 1));
+  }
+
+  @Test
+  void testNormal() {
+    R.setUseNeutralMessages(false);
+    R.setBundle(null);
+    assertEquals("no parameters", R.get("test.noparam"));
+    assertEquals("parameter: abc", R.get("test.withparam", "abc"));
+  }
+
+  @Test
+  void testMissingResource() {
+    R.setUseNeutralMessages(false);
+    R.setBundle(null);
+    assertEquals("test.notthere.noparam", R.get("test.notthere.noparam"));
+    assertEquals("test.notthere.withparam:abc", R.get("test.notthere.withparam", "abc"));
+    assertEquals(
+        "test.notthere.withparam:abc:null:1", R.get("test.notthere.withparam", "abc", null, 1));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java b/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java
new file mode 100644
index 000000000..f578f0aef
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Resolver;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.SimpleResolver;
+import org.xbill.DNS.TXTRecord;
+import org.xbill.DNS.Type;
+
+class ResolveExample {
+  static String ROOT =
+      ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";
+
+  public static void main(String[] args) throws Exception {
+    // Send two sample queries using a standard DNSJAVA resolver
+    SimpleResolver sr = new SimpleResolver("8.8.8.8");
+    System.out.println("Standard resolver:");
+    sendAndPrint(sr, "www.dnssec-failed.org.");
+    sendAndPrint(sr, "www.isc.org.");
+
+    // Send the same queries using the validating resolver with the
+    // trust anchor of the root zone
+    // https://data.iana.org/root-anchors/root-anchors.xml
+    ValidatingResolver vr = new ValidatingResolver(sr);
+    vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes("ASCII")));
+    vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII)));
+    System.out.println("\n\nValidating resolver:");
+    sendAndPrint(vr, "www.dnssec-failed.org.");
+    sendAndPrint(vr, "www.isc.org.");
+  }
+
+  private static void sendAndPrint(Resolver vr, String name) throws IOException {
+    System.out.println("\n---" + name);
+    Record qr = Record.newRecord(Name.fromConstantString(name), Type.A, DClass.IN);
+    Message response = vr.send(Message.newQuery(qr));
+    System.out.println("AD-Flag: " + response.getHeader().getFlag(Flags.AD));
+    System.out.println("RCode:   " + Rcode.string(response.getRcode()));
+    for (RRset set : response.getSectionRRsets(Section.ADDITIONAL)) {
+      if (set.getName().equals(Name.root)
+          && set.getType() == Type.TXT
+          && set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) {
+        System.out.println("Reason:  " + ((TXTRecord) set.first()).getStrings().get(0));
+      }
+    }
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/Rpl.java b/src/test/java/org/xbill/DNS/dnssec/Rpl.java
new file mode 100644
index 000000000..ca6bd6c89
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/Rpl.java
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+import org.xbill.DNS.Message;
+
+class Rpl {
+  List<SRRset> trustAnchors = new ArrayList<>(1);
+  Instant date;
+  String scenario;
+  List<Message> replays;
+  Map<Integer, Check> checks;
+  TreeMap<Integer, Integer> nsec3iterations;
+  String digestPreference;
+  boolean hardenAlgoDowngrade;
+  boolean hardenUnknownAdditional = true;
+  boolean enableSha1;
+  boolean enableDsa;
+  boolean loadBouncyCastle;
+  Integer minRsaSize;
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/RplParser.java b/src/test/java/org/xbill/DNS/dnssec/RplParser.java
new file mode 100644
index 000000000..c2641c81a
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/RplParser.java
@@ -0,0 +1,281 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.text.ParseException;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.time.ZoneOffset;
+import java.time.format.DateTimeFormatter;
+import java.time.format.DateTimeFormatterBuilder;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.TreeMap;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Master;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.TextParseException;
+import org.xbill.DNS.Type;
+
+/** Parser for the RPL unit-test files of unbound. */
+class RplParser {
+  private final InputStream data;
+  private final List<String> algoStrings = new ArrayList<>();
+
+  private enum ParseState {
+    Zero,
+    Server,
+    ENTRY_BEGIN,
+    STEP_QUERY,
+    STEP_CHECK_ANSWER
+  }
+
+  RplParser(InputStream data) {
+    this.data = data;
+    for (Field f : Algorithm.class.getFields()) {
+      this.algoStrings.add(f.getName());
+    }
+  }
+
+  Rpl parse() throws ParseException, IOException {
+    BufferedReader r = new BufferedReader(new InputStreamReader(data));
+    String line;
+    ParseState state = ParseState.Zero;
+    Rpl rpl = new Rpl();
+    Message m = null;
+    int section = -1;
+    int step = -1;
+    Check check = null;
+
+    while ((line = r.readLine()) != null) {
+      // comment or empty
+      if (line.isEmpty() || line.startsWith(";")) {
+        continue;
+      }
+
+      switch (state) {
+        case Zero:
+          if (line.startsWith("server:")) {
+            state = ParseState.Server;
+          } else if (line.startsWith("SCENARIO_BEGIN")) {
+            rpl.scenario = line.substring(line.indexOf(" ")).trim();
+            rpl.replays = new LinkedList<>();
+            rpl.checks = new TreeMap<>();
+          } else if (line.startsWith("ENTRY_BEGIN")) {
+            state = ParseState.ENTRY_BEGIN;
+            m = new Message();
+          } else if (line.startsWith("STEP")) {
+            String[] lineItems = line.split("\\s");
+            step = Integer.parseInt(lineItems[1]);
+            m = new Message();
+            r.readLine();
+            if (lineItems[2].equals("QUERY")) {
+              state = ParseState.STEP_QUERY;
+              check = new Check();
+            } else if (lineItems[2].equals("CHECK_ANSWER")) {
+              state = ParseState.STEP_CHECK_ANSWER;
+            }
+          }
+
+          break;
+
+        case Server:
+          if (line.matches("\\s*trust-anchor:.*")) {
+            SRRset rrset = new SRRset();
+            rrset.setSecurityStatus(SecurityStatus.SECURE);
+            rrset.addRR(parseRecord(line.substring(line.indexOf("\"") + 1, line.length() - 1)));
+            rpl.trustAnchors.add(rrset);
+          } else if (line.matches("\\s*val-min-rsa-size:.*")) {
+            rpl.minRsaSize = Integer.parseInt(line.split(":")[1].trim());
+          } else if (line.matches("\\s*val-override-date:.*")) {
+            String date = line.substring(line.indexOf("\"") + 1, line.length() - 1);
+            DateTimeFormatter formatter =
+                new DateTimeFormatterBuilder()
+                    .appendPattern("yyyyMMddHHmmss")
+                    .toFormatter()
+                    .withZone(ZoneId.of("UTC"));
+            rpl.date = LocalDateTime.parse(date, formatter).toInstant(ZoneOffset.UTC);
+          } else if (line.matches("\\s*val-nsec3-keysize-iterations:.*")) {
+            String[] lineItems =
+                line.substring(line.indexOf("\"") + 1, line.length() - 1).split("\\s");
+            if (lineItems.length % 2 != 0) {
+              throw new ParseException("val-nsec3-keysize-iterations invalid", 0);
+            }
+
+            rpl.nsec3iterations = new TreeMap<>();
+            for (int i = 0; i < lineItems.length; i += 2) {
+              rpl.nsec3iterations.put(
+                  Integer.parseInt(lineItems[i]), Integer.parseInt(lineItems[i + 1]));
+            }
+          } else if (line.matches("\\s*val-digest-preference:.*")) {
+            rpl.digestPreference = line.substring(line.indexOf("\"") + 1, line.length() - 1);
+          } else if (line.matches("\\s*harden-algo-downgrade:.*")) {
+            rpl.hardenAlgoDowngrade = !"no".equalsIgnoreCase(line.split(":")[1].trim());
+          } else if (line.matches("\\s*fake-sha1:.*")) {
+            rpl.enableSha1 = "yes".equalsIgnoreCase(line.split(":")[1].trim());
+          } else if (line.matches("\\s*fake-dsa:.*")) {
+            rpl.enableDsa = "yes".equalsIgnoreCase(line.split(":")[1].trim());
+          } else if (line.matches("\\s*harden-unknown-additional:.*")) {
+            rpl.hardenUnknownAdditional = "yes".equalsIgnoreCase(line.split(":")[1].trim());
+          } else if (line.matches("\\s*bouncycastle:.*")) {
+            rpl.loadBouncyCastle = "yes".equalsIgnoreCase(line.split(":")[1].trim());
+          } else if (line.startsWith("CONFIG_END")) {
+            state = ParseState.Zero;
+          }
+
+          break;
+
+        case ENTRY_BEGIN:
+        case STEP_CHECK_ANSWER:
+        case STEP_QUERY:
+          if (line.startsWith("MATCH") || line.startsWith("ADJUST")) {
+            // ignore
+          } else if (line.startsWith("REPLY")) {
+            String[] flags = line.split("\\s");
+            if (state != ParseState.STEP_QUERY) {
+              m.getHeader().setRcode(Rcode.value(flags[flags.length - 1]));
+            }
+
+            for (int i = 1; i < flags.length - (state == ParseState.STEP_QUERY ? 0 : 1); i++) {
+              if (flags[i].equals("DO")) {
+                // set on the resolver, not on the message
+              } else {
+                int flag = Flags.value(flags[i]);
+                if (flag > -1) {
+                  m.getHeader().setFlag(flag);
+                } else {
+                  throw new ParseException(flags[i] + ": not a Flag", i);
+                }
+              }
+            }
+          } else if (line.startsWith("SECTION QUESTION")) {
+            section = Section.QUESTION;
+          } else if (line.startsWith("SECTION ANSWER")) {
+            section = Section.ANSWER;
+          } else if (line.startsWith("SECTION AUTHORITY")) {
+            section = Section.AUTHORITY;
+          } else if (line.startsWith("SECTION ADDITIONAL")) {
+            section = Section.ADDITIONAL;
+          } else if (line.startsWith("ENTRY_END")) {
+            if (state == ParseState.ENTRY_BEGIN) {
+              rpl.replays.add(m);
+            } else if (state == ParseState.STEP_CHECK_ANSWER) {
+              check.response = m;
+              rpl.checks.put(step, check);
+              check = null;
+            } else if (state == ParseState.STEP_QUERY) {
+              check.query = m;
+            }
+
+            m = null;
+            state = ParseState.Zero;
+          } else {
+            Record rec;
+            if (section == Section.QUESTION) {
+              rec = parseQuestion(line);
+            } else {
+              rec = parseRecord(line);
+            }
+
+            m.addRecord(rec, section);
+          }
+
+          break;
+      }
+    }
+
+    return rpl;
+  }
+
+  private Record parseRecord(String line) throws IOException {
+    try {
+      Master ma = new Master(new ByteArrayInputStream(line.getBytes()), Name.root, 3600);
+      Record r = ma.nextRecord();
+      if (r.getType() == Type.RRSIG) {
+        RRSIGRecord rr = (RRSIGRecord) r;
+        // unbound directly uses the DER format for DSA signatures
+        // instead of the format specified in rfc2536#section-3
+        if (rr.getAlgorithm() == Algorithm.DSA && rr.getSignature().length > 41) {
+          Method dsaSignatureToDNS =
+              DNSSEC.class.getDeclaredMethod(
+                  "dsaSignatureToDNS", byte[].class, int.class, int.class);
+          dsaSignatureToDNS.setAccessible(true);
+          byte[] signature = (byte[]) dsaSignatureToDNS.invoke(null, rr.getSignature(), 20, 0);
+          RRSIGRecord fixed =
+              new RRSIGRecord(
+                  rr.getName(),
+                  rr.getDClass(),
+                  rr.getTTL(),
+                  rr.getTypeCovered(),
+                  rr.getAlgorithm(),
+                  rr.getOrigTTL(),
+                  rr.getExpire(),
+                  rr.getTimeSigned(),
+                  rr.getFootprint(),
+                  rr.getSigner(),
+                  signature);
+          Field f = getField(RRSIGRecord.class, "labels");
+          f.setAccessible(true);
+          f.set(fixed, rr.getLabels());
+          r = fixed;
+        }
+      }
+
+      return r;
+    } catch (Exception ex) {
+      if (ex.getMessage() != null && ex.getMessage().contains("expected an integer")) {
+        String[] lineItems = line.split("\\s");
+        StringBuilder sb = new StringBuilder();
+        for (String lineItem : lineItems) {
+          if (this.algoStrings.contains(lineItem)) {
+            sb.append(Algorithm.value(lineItem));
+          } else {
+            sb.append(lineItem);
+          }
+          sb.append(' ');
+        }
+
+        return parseRecord(sb.toString());
+      } else {
+        throw new IOException(line, ex);
+      }
+    }
+  }
+
+  private static Field getField(Class<?> clazz, String fieldName) throws NoSuchFieldException {
+    try {
+      return clazz.getDeclaredField(fieldName);
+    } catch (NoSuchFieldException e) {
+      Class<?> superClass = clazz.getSuperclass();
+      if (superClass == null) {
+        throw e;
+      } else {
+        return getField(superClass, fieldName);
+      }
+    }
+  }
+
+  private Record parseQuestion(String line) throws TextParseException {
+    String[] temp = line.replaceAll("\\s+", " ").split(" ");
+    if (Type.value(temp[2]) == -1) {
+      System.out.println(temp[2]);
+    }
+
+    return Record.newRecord(Name.fromString(temp[0]), Type.value(temp[2]), DClass.value(temp[1]));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java b/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java
new file mode 100644
index 000000000..99111c2d0
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java
@@ -0,0 +1,143 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.security.Security;
+import java.util.Properties;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.DNSSEC.Digest;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Rcode;
+
+class TestAlgorithmSupport extends TestBase {
+  @ParameterizedTest(name = "testAlgIsUnknown_{arguments}")
+  @ValueSource(strings = {"rsamd5", "eccgost"})
+  void testAlgIsUnknown(String param) throws IOException {
+    Message response = resolver.send(createMessage(param + ".ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("insecure.ds.noalgorithms:" + param + ".ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.UNSUPPORTED_DNSKEY_ALGORITHM, response);
+  }
+
+  @ParameterizedTest(name = "testEd_{arguments}")
+  @ValueSource(strings = {"ed448", "ed25519"})
+  void testEd(String param) throws IOException {
+    try {
+      Security.addProvider(new BouncyCastleProvider());
+      resolver.init(new Properties());
+      Message response = resolver.send(createMessage(param + ".nl./A"));
+      assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+      assertRCode(Rcode.NOERROR, response.getRcode());
+      assertNull(getReason(response));
+      assertEde(-1, response);
+    } finally {
+      Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+    }
+  }
+
+  @Test
+  void testDigestIdIsUnknown() throws IOException {
+    Message response = resolver.send(createMessage("unknown-alg.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("failed.ds.no_usable_digest:unknown-alg.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.UNSUPPORTED_DS_DIGEST_TYPE, response);
+  }
+
+  @AlwaysOffline
+  @Test
+  void testUnsupportedDigestInDigestPreference() {
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.digest_preference", "1,2,0");
+    assertThrows(IllegalArgumentException.class, () -> resolver.init(config));
+  }
+
+  @AlwaysOffline
+  @Test
+  void testFavoriteDigestNotInRRset() {
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.digest_preference", Digest.SHA384);
+    ValUtils v = new ValUtils();
+    v.init(config);
+    SRRset set = new SRRset();
+    set.addRR(
+        new DSRecord(
+            Name.root,
+            DClass.IN,
+            120,
+            1234,
+            Algorithm.DSA,
+            Digest.SHA1,
+            new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0}));
+    set.addRR(
+        new DSRecord(
+            Name.root,
+            DClass.IN,
+            120,
+            1234,
+            Algorithm.DSA,
+            Digest.SHA256,
+            new byte[] {
+              1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5,
+              6, 7, 8
+            }));
+    int digestId = v.favoriteDSDigestID(set);
+    assertEquals(0, digestId);
+  }
+
+  @AlwaysOffline
+  @Test
+  void testOnlyUnsupportedDigestInRRset() {
+    ValUtils v = new ValUtils();
+    SRRset set = new SRRset();
+    set.addRR(
+        new DSRecord(
+            Name.root,
+            DClass.IN,
+            120,
+            1234,
+            Algorithm.DSA,
+            Digest.GOST3411,
+            new byte[] {
+              1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5,
+              6, 7, 8
+            }));
+    int digestId = v.favoriteDSDigestID(set);
+    assertEquals(0, digestId);
+  }
+
+  @AlwaysOffline
+  @Test
+  void testOnlyUnsupportedAlgorithmInRRset() {
+    ValUtils v = new ValUtils();
+    SRRset set = new SRRset();
+    set.addRR(
+        new DSRecord(
+            Name.root,
+            DClass.IN,
+            120,
+            1234,
+            0 /*Unknown alg*/,
+            DNSSEC.Digest.SHA1,
+            new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0}));
+    int digestId = v.favoriteDSDigestID(set);
+    assertEquals(0, digestId);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBase.java b/src/test/java/org/xbill/DNS/dnssec/TestBase.java
new file mode 100644
index 000000000..a5745c784
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestBase.java
@@ -0,0 +1,350 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringReader;
+import java.lang.reflect.Method;
+import java.nio.charset.StandardCharsets;
+import java.time.Clock;
+import java.time.Duration;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Optional;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Executor;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.TestInfo;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSSEC.DNSSECException;
+import org.xbill.DNS.EDNSOption.Code;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Master;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.SimpleResolver;
+import org.xbill.DNS.TXTRecord;
+import org.xbill.DNS.Type;
+
+@Slf4j
+public abstract class TestBase {
+  private static final boolean offline = !Boolean.getBoolean("dnsjava.dnssec.online");
+  private static final boolean partialOffline =
+      "partial".equals(System.getProperty("dnsjava.dnssec.offline"));
+  private static final boolean record = Boolean.getBoolean("dnsjava.dnssec.record");
+  private boolean unboundTest = false;
+  private boolean alwaysOffline = false;
+
+  private final Map<String, Message> queryResponsePairs = new HashMap<>();
+  private final MessageReader messageReader = new MessageReader();
+  private FileWriter w;
+
+  protected static final String localhost = "127.0.0.1";
+  protected ValidatingResolver resolver;
+  protected Clock resolverClock;
+  protected String testName;
+
+  @BeforeEach
+  void beforeEach(TestInfo description) throws IOException, DNSSECException {
+    starting(description);
+    setup();
+  }
+
+  private void starting(TestInfo description) {
+    unboundTest = false;
+    testName = description.getTestMethod().orElseThrow(RuntimeException::new).getName();
+    if (description.getDisplayName().startsWith(testName + "_")) {
+      testName = description.getDisplayName();
+    }
+    resolverClock = mock(Clock.class);
+
+    try {
+      // do not record or process unbound unit tests offline
+      alwaysOffline = description.getTestMethod().get().getAnnotation(AlwaysOffline.class) != null;
+      if (description
+          .getTestClass()
+          .orElseThrow(RuntimeException::new)
+          .getName()
+          .toLowerCase(Locale.ROOT)
+          .contains("unbound")) {
+        unboundTest = true;
+        return;
+      }
+
+      DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ssXXX");
+      String filename =
+          "/recordings/"
+              + description.getTestClass().get().getName().replace(".", "_")
+              + "/"
+              + testName;
+      File f = new File("./src/test/resources" + filename);
+      if ((record || !f.exists()) && !alwaysOffline) {
+        resolverClock = Clock.systemUTC();
+        f.getParentFile().getParentFile().mkdir();
+        f.getParentFile().mkdir();
+        w = new FileWriter(f.getAbsoluteFile());
+        w.write("#Date: " + ZonedDateTime.now().format(formatter));
+        w.write("\n");
+      } else if (offline || partialOffline || alwaysOffline) {
+        PrepareMocks pm = description.getTestMethod().get().getAnnotation(PrepareMocks.class);
+        if (pm != null) {
+          Method m = TestBase.this.getClass().getDeclaredMethod(pm.value());
+          m.setAccessible(true);
+          m.invoke(TestBase.this);
+        }
+
+        InputStream stream = getClass().getResourceAsStream(filename);
+        if (stream != null) {
+          BufferedReader r = new BufferedReader(new InputStreamReader(stream));
+          String date = r.readLine().substring("#Date: ".length());
+          when(resolverClock.instant())
+              .thenReturn(ZonedDateTime.parse(date, formatter).toInstant());
+
+          Message m;
+          while ((m = messageReader.readMessage(r)) != null) {
+            for (int i = 0; i < 4; i++) {
+              assertThat(m.getHeader().getCount(i))
+                  .withFailMessage("Before normalization")
+                  .isEqualTo(m.getSection(i).size());
+            }
+
+            m = m.normalize(Message.newQuery(m.getQuestion()), true);
+            for (int i = 0; i < 4; i++) {
+              assertThat(m.getHeader().getCount(i))
+                  .withFailMessage("After normalization")
+                  .isEqualTo(m.getSection(i).size());
+            }
+            queryResponsePairs.put(key(m), m);
+          }
+
+          r.close();
+        }
+      }
+    } catch (Exception e) {
+      System.err.println(e);
+      throw new RuntimeException(e);
+    }
+  }
+
+  @AfterEach
+  void finished() {
+    try {
+      if (w != null) {
+        w.flush();
+        w.close();
+        w = null;
+      }
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @BeforeAll
+  static void setupClass() {
+    R.setBundle(null);
+    R.setUseNeutralMessages(true);
+  }
+
+  private void setup() throws NumberFormatException, IOException, DNSSECException {
+    // Some old keys are only 1023 bits long
+    System.setProperty("dnsjava.dnssec.algorithm_rsa_min_key_size", "1023");
+    resolver =
+        new ValidatingResolver(
+            new SimpleResolver("8.8.4.4") {
+              @Override
+              public CompletionStage<Message> sendAsync(Message query, Executor executor) {
+                Message response = queryResponsePairs.get(key(query));
+                if (response != null) {
+                  if (!log.isTraceEnabled()) {
+                    log.debug("---{}", key(query));
+                  }
+
+                  log.trace("---{}\n{}", key(query), response);
+                  return CompletableFuture.completedFuture(response);
+                } else if ((offline && !partialOffline) || unboundTest || alwaysOffline) {
+                  fail("Response for " + key(query) + " not found.");
+                }
+
+                Message networkResult;
+                try {
+                  networkResult = super.sendAsync(query, executor).toCompletableFuture().get();
+                  if (w != null) {
+                    w.write(networkResult.toString());
+                    w.write("\n\n###############################################\n\n");
+                  }
+                } catch (IOException | InterruptedException | ExecutionException e) {
+                  CompletableFuture<Message> f = new CompletableFuture<>();
+                  f.completeExceptionally(e);
+                  return f;
+                }
+
+                return CompletableFuture.completedFuture(networkResult);
+              }
+            },
+            resolverClock);
+
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors"));
+    resolver.setTimeout(Duration.ofHours(1));
+  }
+
+  protected void add(Message m) throws IOException {
+    this.add(key(m), m, true);
+  }
+
+  protected void add(String query, Message response) throws IOException {
+    this.add(query, response, true);
+  }
+
+  protected void add(String query, Message response, boolean clear) throws IOException {
+    queryResponsePairs.put(query, messageFromString(response.toString()));
+
+    // reset the resolver so any cached stuff is cleared
+    if (!clear) {
+      return;
+    }
+
+    try {
+      setup();
+    } catch (NumberFormatException | DNSSECException e) {
+      throw new IOException(e);
+    }
+  }
+
+  protected Message get(Name target, int type) {
+    return queryResponsePairs.get(key(target, type));
+  }
+
+  protected void clear() {
+    queryResponsePairs.clear();
+  }
+
+  protected Message createMessage(String query) throws IOException {
+    return Message.newQuery(
+        Record.newRecord(
+            Name.fromString(query.split("/")[0]), Type.value(query.split("/")[1]), DClass.IN));
+  }
+
+  protected Message messageFromString(String message) throws IOException {
+    return messageReader.readMessage(new StringReader(message));
+  }
+
+  protected String firstA(Message response) {
+    List<RRset> sectionRRsets = response.getSectionRRsets(Section.ANSWER);
+    if (!sectionRRsets.isEmpty()) {
+      for (Record r : sectionRRsets.get(0).rrs()) {
+        if (r.getType() == Type.A) {
+          return ((ARecord) r).getAddress().getHostAddress();
+        }
+      }
+    }
+
+    return null;
+  }
+
+  protected int getEdeReason(Message m) {
+    int edeReason =
+        Optional.ofNullable(m.getOPT())
+            .flatMap(
+                opt ->
+                    opt.getOptions(Code.EDNS_EXTENDED_ERROR).stream()
+                        .filter(o -> o instanceof ExtendedErrorCodeOption)
+                        .findFirst()
+                        .map(o -> ((ExtendedErrorCodeOption) o).getErrorCode()))
+            .orElse(-1);
+    if (edeReason != -1) {
+      assertEquals(getReason(m), getEdeText(m));
+    }
+    return edeReason;
+  }
+
+  protected void assertEde(int expected, Message m) {
+    int edeReason = getEdeReason(m);
+    String expectedText = expected == -1 ? null : ExtendedErrorCodeOption.text(expected);
+    String actualText = edeReason == -1 ? null : ExtendedErrorCodeOption.text(edeReason);
+    assertEquals(expectedText, actualText, "EDE does not match");
+  }
+
+  protected void assertRCode(int expected, int actual) {
+    assertEquals(Rcode.string(expected), Rcode.string(actual));
+  }
+
+  protected String getEdeText(Message m) {
+    return Optional.ofNullable(m.getOPT())
+        .flatMap(
+            opt ->
+                opt.getOptions(Code.EDNS_EXTENDED_ERROR).stream()
+                    .filter(ExtendedErrorCodeOption.class::isInstance)
+                    .findFirst()
+                    .map(o -> ((ExtendedErrorCodeOption) o).getText()))
+        .orElse(null);
+  }
+
+  protected String getReason(Message m) {
+    for (RRset set : m.getSectionRRsets(Section.ADDITIONAL)) {
+      if (set.getName().equals(Name.root)
+          && set.getType() == Type.TXT
+          && set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) {
+        StringBuilder sb = new StringBuilder();
+        List<String> strings = ((TXTRecord) set.first()).getStrings();
+        for (String part : strings) {
+          sb.append(part);
+        }
+
+        return sb.toString();
+      }
+    }
+
+    return null;
+  }
+
+  protected boolean isEmptyAnswer(Message response) {
+    return response.getSectionRRsets(Section.ANSWER).isEmpty();
+  }
+
+  private String key(Name n, int t) {
+    return n + "/" + Type.string(t);
+  }
+
+  private String key(Record r) {
+    return key(r.getName(), r.getType());
+  }
+
+  private String key(Message m) {
+    return key(m.getQuestion());
+  }
+
+  protected Record toRecord(String data) {
+    try {
+      InputStream in = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8));
+      Master m = new Master(in, Name.root);
+      return m.nextRecord();
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java b/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java
new file mode 100644
index 000000000..6b1657bd7
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java
@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestBogusReasonMessage extends TestBase {
+  @Test
+  void testLongBogusReasonIsSplitCorrectly() throws IOException {
+    Message response =
+        resolver.send(
+            createMessage(
+                "01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "failed.nxdomain.authority:{ isc.org. 2962 IN NSEC [01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF] sigs: [NSEC 5 2 3600 20160706234032 20160606234032 13953 isc.org. fnOJeQG2vOwrERAPIqAenLOosbIBT7UvmxOV8Az2ExOhlGxP2CEqZEc5NPVbidq4oZC2kHyG7x31D6LBJXeXgOuanv+uqPNe9UIiUhdj+Egf8FEWIOKp8nxgjQGiGSNbQenWjeWoR91sReFEU+Pn7NPlEI072MzEESOT8oVucx8=] }",
+        getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java b/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java
new file mode 100644
index 000000000..b288d60a5
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import org.junit.jupiter.api.Test;
+
+class TestByteArrayComparator {
+  private final byte[] b1 = new byte[] {0};
+  private final byte[] b2 = new byte[] {0};
+  private final byte[] b3 = new byte[] {1};
+  private final byte[] b4 = new byte[] {1, 0};
+
+  @Test
+  void testEquals() {
+    assertEquals(0, ByteArrayComparator.compare(b1, b2));
+  }
+
+  @Test
+  void testLessThan() {
+    assertEquals(-1, ByteArrayComparator.compare(b2, b3));
+    assertEquals(-1, ByteArrayComparator.compare(b1, b4));
+  }
+
+  @Test
+  void testGreaterThan() {
+    assertEquals(1, ByteArrayComparator.compare(b3, b2));
+    assertEquals(1, ByteArrayComparator.compare(b4, b1));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestCNames.java b/src/test/java/org/xbill/DNS/dnssec/TestCNames.java
new file mode 100644
index 000000000..aae2dddce
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestCNames.java
@@ -0,0 +1,176 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Section;
+
+class TestCNames extends TestBase {
+  @Test
+  void testCNameToUnsignedA() throws IOException {
+    Message response = resolver.send(createMessage("cunsinged.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(3, response.getSection(Section.ANSWER).size());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToUnsignedMX() throws IOException {
+    Message response = resolver.send(createMessage("cunsinged.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(2, response.getSection(Section.ANSWER).size());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToSignedA() throws IOException {
+    Message response = resolver.send(createMessage("csigned.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(4, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToSignedMX() throws IOException {
+    Message response = resolver.send(createMessage("csigned.ingotronic.ch./MX"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(2, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToSignedAExternal() throws IOException {
+    Message response = resolver.send(createMessage("csext.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(4, response.getSection(Section.ANSWER).size());
+    assertEquals(5, response.getSection(Section.AUTHORITY).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToInvalidSigned() throws IOException {
+    Message response = resolver.send(createMessage("cfailed.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "validate.bogus.badkey:dnssec-failed.org.:dnskey.no_ds_alg_match:dnssec-failed.org.:RSASHA1",
+        getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+  }
+
+  @Test
+  void testCNameToUnsignedNsec3() throws IOException {
+    Message response = resolver.send(createMessage("cunsinged.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToSignedNsec3() throws IOException {
+    Message response = resolver.send(createMessage("csigned.nsec3.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToInvalidSignedNsec3() throws IOException {
+    Message response = resolver.send(createMessage("cfailed.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "validate.bogus.badkey:dnssec-failed.org.:dnskey.no_ds_alg_match:dnssec-failed.org.:RSASHA1",
+        getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+  }
+
+  @ParameterizedTest(name = "testCNameToVoid_{index}")
+  @CsvSource({"cvoid1,2", "cvoid2,4", "cvoid3,6"})
+  void testCNameToVoid(String subdomain, int acount) throws IOException {
+    Message response = resolver.send(createMessage(subdomain + ".ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertEquals(acount, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToUnsignedVoid() throws IOException {
+    Message response = resolver.send(createMessage("cvoid4.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToExternalUnsignedVoid() throws IOException {
+    Message response = resolver.send(createMessage("cvoid.dnssectest.jitsi.net./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToSubSigned() throws IOException {
+    Message response = resolver.send(createMessage("cssub.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToVoidExternalInvalidTld() throws IOException {
+    Message response = resolver.send(createMessage("cvoidext1.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertEquals(2, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToVoidExternalValidTld() throws IOException {
+    Message response = resolver.send(createMessage("cvoidext2.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToVoidNsec3() throws IOException {
+    Message response = resolver.send(createMessage("cvoid.nsec3.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestDNames.java b/src/test/java/org/xbill/DNS/dnssec/TestDNames.java
new file mode 100644
index 000000000..147f8a079
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestDNames.java
@@ -0,0 +1,190 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNAMERecord;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Lookup;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestDNames extends TestBase {
+  @Test
+  void testDNameToExistingIsValid() throws IOException {
+    Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(5, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testDNameToNoDataIsValid() throws IOException {
+    Message response = resolver.send(createMessage("www.alias.ingotronic.ch./MX"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(3, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testDNameToNxDomainIsValid() throws IOException {
+    Message response = resolver.send(createMessage("x.alias.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testDNameDirectQueryIsValid() throws IOException {
+    Message response = resolver.send(createMessage("alias.ingotronic.ch./DNAME"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must not set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    for (RRset set : response.getSectionRRsets(Section.ANSWER)) {
+      if (set.getType() == Type.DNAME) {
+        DNAMERecord r = (DNAMERecord) set.first();
+        assertEquals(Name.fromString("ingotronic.ch."), r.getTarget());
+      }
+    }
+    assertEde(-1, response);
+  }
+
+  @Disabled("Now valid because of message normalization")
+  @Test
+  void testDNameWithFakedCnameIsInvalid() throws IOException {
+    Message m = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    Message message =
+        messageFromString(m.toString().replaceAll("(.*CNAME\\s+)(.*)", "$1 www.isc.org."));
+    add("www.alias.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.synthesize.nomatch:www.isc.org.:www.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDNameWithNoCnameIsValid() throws IOException {
+    Message m = resolver.send(createMessage("www.isc.ingotronic.ch./A"));
+    Message message =
+        messageFromString(m.toString().replaceAll("(.*CNAME.*)", "").replaceAll("\n\n", "\n"));
+    add("www.isc.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.isc.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertEquals(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    Lookup l = new Lookup("www.isc.ingotronic.ch");
+    l.setResolver(resolver);
+    Record[] results = l.run();
+    assertNotNull(results);
+    assertTrue(results.length >= 1);
+    assertEde(-1, response);
+  }
+
+  @Disabled("Now valid because of message normalization")
+  @Test
+  void testDNameWithMultipleCnamesIsInvalid() throws IOException {
+    Message m = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    Message message =
+        messageFromString(m.toString().replaceAll("(.*CNAME.*)", "$1\n$1example.com."));
+    add("www.alias.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.synthesize.multiple", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Disabled("Now valid because of message normalization")
+  @Test
+  void testDNameWithTooLongCnameIsInvalid() throws IOException {
+    Message m = resolver.send(createMessage("www.n3.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString()
+                .replaceAll(
+                    "(.*\\.)(.*CNAME)",
+                    "IamAVeryLongNameThatExeceedsTheMaximumOfTheAllowedDomainNameSys.temSpecificationLengthByAny.NumberThatAHumanOfTheSeventiesCouldHaveImagined.InThisSmallMindedWorldThatIs.NowAfterTheMillennium.InhabitedByOverSeven.BillionPeopleInFiveConts.n3.ingotronic.ch. $2"));
+    add("www.n3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.n3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.synthesize.toolong", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1() throws IOException {
+    Message nsecs = resolver.send(createMessage("alias.ingotronic.ch./NS"));
+    RRset nsecSet = null;
+    for (RRset set : nsecs.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().equals(Name.fromString("alias.ingotronic.ch."))) {
+        nsecSet = set;
+        break;
+      }
+    }
+
+    Message message = new Message();
+    message.getHeader().setRcode(Rcode.NXDOMAIN);
+    message.addRecord(
+        Record.newRecord(Name.fromString("www.alias.ingotronic.ch."), Type.A, DClass.IN),
+        Section.QUESTION);
+    for (Record r : nsecSet.rrs()) {
+      message.addRecord(r, Section.AUTHORITY);
+    }
+
+    for (RRSIGRecord sig : nsecSet.sigs()) {
+      message.addRecord(sig, Section.AUTHORITY);
+    }
+
+    add("www.alias.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.exists:www.alias.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDNameToExternal() throws IOException {
+    Message response = resolver.send(createMessage("www.isc.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testDNameChain() throws IOException {
+    Message response = resolver.send(createMessage("www.alias.nsec3.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestDefaultTrustAnchorStore.java b/src/test/java/org/xbill/DNS/dnssec/TestDefaultTrustAnchorStore.java
new file mode 100644
index 000000000..42dbddc0c
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestDefaultTrustAnchorStore.java
@@ -0,0 +1,94 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertIterableEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.util.Collections;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.TXTRecord;
+import org.xbill.DNS.TextParseException;
+
+class TestDefaultTrustAnchorStore {
+  @Test
+  void testNullKeyWhenNameNotUnderAnchor() throws TextParseException {
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    RRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN);
+    assertNull(anchor);
+  }
+
+  @Test
+  void testKeyWhenNameUnderAnchorDS() throws TextParseException {
+    SRRset set =
+        new SRRset(new DSRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    tas.store(set);
+    RRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN);
+    assertEquals(set, anchor);
+  }
+
+  @Test
+  void testKeyWhenNameUnderAnchorDNSKEY() throws TextParseException {
+    SRRset set =
+        new SRRset(
+            new DNSKEYRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    tas.store(set);
+    RRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN);
+    assertEquals(set.getName(), anchor.getName());
+  }
+
+  @Test
+  void testInvalidAnchorRecord() throws TextParseException {
+    SRRset set = new SRRset(new TXTRecord(Name.fromString("bla."), DClass.IN, 0, "root"));
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    assertThrows(IllegalArgumentException.class, () -> tas.store(set));
+  }
+
+  @Test
+  void testClear() throws TextParseException {
+    SRRset set =
+        new SRRset(
+            new DNSKEYRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    tas.store(set);
+    RRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN);
+    assertNotNull(anchor);
+    tas.clear();
+    assertNull(tas.find(Name.fromString("asdf.bla."), DClass.IN));
+  }
+
+  @Test
+  void testCaseInsensitiveAnchor() throws TextParseException {
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    SRRset set1 =
+        new SRRset(new DSRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    SRRset set2 =
+        new SRRset(new DSRecord(Name.fromString("Bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    tas.store(set1);
+    tas.store(set2);
+    RRset anchor = tas.find(Name.fromString("bla."), DClass.IN);
+    assertEquals(set2, anchor);
+    assertIterableEquals(Collections.singleton(set2), tas.items());
+  }
+
+  @Test
+  void testCaseInsensitiveSameSetAnchor() throws TextParseException {
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    SRRset set = new SRRset();
+    set.addRR(new DSRecord(Name.fromString("Bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    set.addRR(new DSRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    tas.store(set);
+    RRset anchor = tas.find(Name.fromString("bla."), DClass.IN);
+    assertEquals(set, anchor);
+    assertIterableEquals(Collections.singleton(set), tas.items());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java
new file mode 100644
index 000000000..f5a17827d
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java
@@ -0,0 +1,157 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.time.Instant;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestInvalid extends TestBase {
+  @ParameterizedTest(name = "testInvalid_{0}")
+  @CsvSource({
+    "bogussig.dnssec,dnskey.invalid,DNSSEC_BOGUS",
+    "bogussig.nsec3,dnskey.invalid,DNSSEC_BOGUS",
+    "sigexpired.dnssec,dnskey.expired,SIGNATURE_EXPIRED",
+    "sigexpired.nsec3,dnskey.expired,SIGNATURE_EXPIRED",
+    // unknownalgorithm would make you think this should return UNSUPPORTED_DNSKEY_ALGORITHM or
+    // UNSUPPORTED_DS_DIGEST_TYPE, but the zone has DS/DNSKEYs for alg=5, then a RRSig with alg=200.
+    // This results in a key not found, regardless of whether the alg is supported or not
+    "unknownalgorithm.dnssec,dnskey.no_key:dnssec.tjeb.nl.,DNSKEY_MISSING",
+    "unknownalgorithm.nsec3,dnskey.no_key:nsec3.tjeb.nl.,DNSKEY_MISSING",
+  })
+  @AlwaysOffline
+  void testInvalid(String param, String dnssecReason, String edeMnemonic) throws IOException {
+    Message response = resolver.send(createMessage(param + ".tjeb.nl./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "validate.bogus.badkey:" + param + ".tjeb.nl.:" + dnssecReason, getReason(response));
+    assertEde(ExtendedErrorCodeOption.code(edeMnemonic), response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testSignedBelowUnsignedBelowSigned() throws IOException {
+    Message response = resolver.send(createMessage("ok.nods.ok.dnssec.tjeb.nl./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertFalse(isEmptyAnswer(response));
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testSignedBelowUnsignedBelowSignedNsec3() throws IOException {
+    Message response = resolver.send(createMessage("ok.nods.ok.Nsec3.tjeb.nl./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertFalse(isEmptyAnswer(response));
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testUnsignedThatMustBeSigned() throws IOException {
+    Name query = Name.fromString("www.ingotronic.ch.");
+
+    // prepare a faked, unsigned response message that must have a signature
+    // to be valid
+    Message message = new Message();
+    message.addRecord(Record.newRecord(query, Type.A, DClass.IN), Section.QUESTION);
+    message.addRecord(
+        new ARecord(query, Type.A, DClass.IN, InetAddress.getByName(localhost)), Section.ANSWER);
+    add("www.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.missingsig", getReason(response));
+    assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response);
+  }
+
+  @Test
+  void testModifiedSignature() throws IOException {
+    Name query = Name.fromString("www.ingotronic.ch.");
+
+    // prepare a faked, unsigned response message that must have a signature
+    // to be valid
+    Message message = new Message();
+    message.addRecord(Record.newRecord(query, Type.A, DClass.IN), Section.QUESTION);
+    message.addRecord(
+        new ARecord(query, Type.A, DClass.IN, InetAddress.getByName(localhost)), Section.ANSWER);
+    Instant now = Instant.now();
+    message.addRecord(
+        new RRSIGRecord(
+            query,
+            DClass.IN,
+            0,
+            Type.A,
+            Algorithm.RSASHA256,
+            5,
+            now.plusSeconds(5),
+            now.minusSeconds(5),
+            1234,
+            Name.fromString("ingotronic.ch."),
+            new byte[] {1, 2, 3}),
+        Section.ANSWER);
+    add("www.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.answer.positive:{ www.ingotronic.ch."));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testReturnServfailIfIntermediateQueryFails() throws IOException {
+    Message message = new Message();
+    message.getHeader().setRcode(Rcode.NOTAUTH);
+    message.addRecord(
+        Record.newRecord(Name.fromString("ch."), Type.DS, DClass.IN), Section.QUESTION);
+    add("ch./DS", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    // rfc4035#section-5.5
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:ch.:failed.ds.notype:UNKNOWN", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testReturnOriginalRcodeIfPrimaryQueryFails() throws IOException {
+    Message message = new Message();
+    message.getHeader().setRcode(Rcode.REFUSED);
+    message.addRecord(
+        Record.newRecord(Name.fromString("www.ingotronic.ch."), Type.A, DClass.IN),
+        Section.QUESTION);
+    add("www.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    // rfc4035#section-5.5
+    assertRCode(Rcode.REFUSED, response.getRcode());
+    assertEquals("validate.response.unknown:UNKNOWN", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestKeyCache.java b/src/test/java/org/xbill/DNS/dnssec/TestKeyCache.java
new file mode 100644
index 000000000..0befb69b2
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestKeyCache.java
@@ -0,0 +1,123 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.time.Clock;
+import java.time.Instant;
+import java.util.Properties;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.TextParseException;
+
+class TestKeyCache {
+  @Test
+  void testNullPropertiesDontFail() {
+    KeyCache kc = new KeyCache();
+    kc.init(null);
+    assertNull(kc.find(Name.root, DClass.IN));
+  }
+
+  @Test
+  void testMaxCacheSize() throws TextParseException {
+    Properties p = new Properties();
+    p.put(KeyCache.MAX_CACHE_SIZE_CONFIG, "1");
+    KeyCache kc = new KeyCache();
+    kc.init(p);
+    KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 60);
+    KeyEntry nkeB = KeyEntry.newNullKeyEntry(Name.fromString("b."), DClass.IN, 60);
+    kc.store(nkeA);
+    kc.store(nkeB);
+    KeyEntry fromCache = kc.find(Name.fromString("a."), DClass.IN);
+    assertNull(fromCache);
+  }
+
+  @Test
+  void testTtlExpiration() throws TextParseException {
+    Clock clock = mock(Clock.class);
+    Instant now = Clock.systemUTC().instant();
+    when(clock.instant()).thenReturn(now);
+    KeyCache kc = new KeyCache(clock);
+    KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 1);
+    kc.store(nkeA);
+    when(clock.instant()).thenReturn(now.plusSeconds(5));
+    KeyEntry fromCache = kc.find(Name.fromString("a."), DClass.IN);
+    assertNull(fromCache);
+  }
+
+  @Test
+  void testTtlNoLongerThanMaxTtl() throws TextParseException {
+    Properties p = new Properties();
+    p.put(KeyCache.MAX_TTL_CONFIG, "1");
+    Clock clock = mock(Clock.class);
+    Instant now = Clock.systemUTC().instant();
+    when(clock.instant()).thenReturn(now);
+    KeyCache kc = new KeyCache(clock);
+    kc.init(p);
+    KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 60);
+    kc.store(nkeA);
+    when(clock.instant()).thenReturn(now.plusSeconds(5));
+    KeyEntry fromCache = kc.find(Name.fromString("a."), DClass.IN);
+    assertNull(fromCache);
+  }
+
+  @Test
+  void testPositiveEntryExactMatch() throws TextParseException {
+    KeyCache kc = new KeyCache();
+    KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a.a."), DClass.IN, 60);
+    KeyEntry nkeB = KeyEntry.newNullKeyEntry(Name.fromString("a.b."), DClass.IN, 60);
+    kc.store(nkeA);
+    kc.store(nkeB);
+    KeyEntry fromCache = kc.find(Name.fromString("a.a."), DClass.IN);
+    assertEquals(nkeA, fromCache);
+  }
+
+  @Test
+  void testPositiveEntryEncloserMatch() throws TextParseException {
+    KeyCache kc = new KeyCache();
+    KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 60);
+    KeyEntry nkeB = KeyEntry.newNullKeyEntry(Name.fromString("b."), DClass.IN, 60);
+    kc.store(nkeA);
+    kc.store(nkeB);
+    KeyEntry fromCache = kc.find(Name.fromString("a.a."), DClass.IN);
+    assertEquals(nkeA, fromCache);
+  }
+
+  @Test
+  void testCacheOnlySecureDNSKEYs() throws TextParseException {
+    KeyCache kc = new KeyCache();
+
+    DNSKEYRecord rA =
+        new DNSKEYRecord(Name.fromString("a."), DClass.IN, 60, 0, 0, 0, new byte[] {0});
+    SRRset setA = new SRRset(rA);
+    setA.setSecurityStatus(SecurityStatus.SECURE);
+    KeyEntry nkeA = KeyEntry.newKeyEntry(setA);
+    kc.store(nkeA);
+
+    DSRecord rB = new DSRecord(Name.fromString("b."), DClass.IN, 60, 0, 0, 0, new byte[] {0});
+    SRRset setB = new SRRset(rB);
+    KeyEntry nkeB = KeyEntry.newKeyEntry(setB);
+    kc.store(nkeB);
+
+    DNSKEYRecord rC =
+        new DNSKEYRecord(Name.fromString("c."), DClass.IN, 60, 0, 0, 0, new byte[] {0});
+    SRRset setC = new SRRset(rC);
+    KeyEntry nkeC = KeyEntry.newKeyEntry(setC);
+    kc.store(nkeC);
+
+    KeyEntry fromCacheA = kc.find(Name.fromString("a."), DClass.IN);
+    assertEquals(nkeA, fromCacheA);
+
+    KeyEntry fromCacheB = kc.find(Name.fromString("b."), DClass.IN);
+    assertNull(fromCacheB);
+
+    KeyEntry fromCacheC = kc.find(Name.fromString("c."), DClass.IN);
+    assertNull(fromCacheC);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java b/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java
new file mode 100644
index 000000000..eebf571d7
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestKeyCacheUsage extends TestBase {
+
+  @Test
+  void testUnsigned() throws IOException {
+    Message response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+
+    // send the query a second time to ensure the cache doesn't create a wrong behavior
+    response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java b/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java
new file mode 100644
index 000000000..e1009f243
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java
@@ -0,0 +1,113 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+
+class TestNSEC3NoData extends TestBase {
+  @ParameterizedTest(name = "testNodataNsec3_{index}")
+  @CsvSource({
+    "www.nsec3.ingotronic.ch./MX,DNSSEC_BOGUS",
+    // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the nsec3.ingotronic.ch.
+    // then return NODATA for the following query, "proofed" by the NSEC3 from the parent
+    "sub.nsec3.ingotronic.ch./A,DNSSEC_BOGUS",
+    // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the sub.nsec3.ingotronic.ch.
+    // then return NODATA for the following query, "proofed" by the NSEC3 from the child
+    "sub.nsec3.ingotronic.ch./DS,DNSSEC_BOGUS",
+    // rfc5155#section-7.2.4
+    // response does not contain next closer NSEC3, thus bogus
+    "a.unsigned.nsec3.ingotronic.ch./DS,NSEC_MISSING",
+  })
+  @AlwaysOffline
+  void testNodataNsec3(String query, String ede) throws IOException {
+    Message response = resolver.send(createMessage(query));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.nodata"));
+    assertEde(ExtendedErrorCodeOption.code(ede), response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNodataApexNsec3ProofInsecureDelegation() throws IOException {
+    // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the nsec3.ingotronic.ch. zone
+    // then return NODATA for the following query, "proofed" by the NSEC3 from the parent
+    // which has the DS flag removed, effectively making the reply insecure
+    Message response = resolver.send(createMessage("sub.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNodataApexNsec3WithSOAValid() throws IOException {
+    // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the nsec3.ingotronic.ch.
+    // then return NODATA for the following query, "proofed" by the NSEC3 from the parent
+    Message response = resolver.send(createMessage("sub.nsec3.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNoDSProofCanExistForRoot() throws IOException {
+    // ./DS can exist
+    resolver.getTrustAnchors().clear();
+    resolver
+        .getTrustAnchors()
+        .store(
+            new SRRset(
+                new RRset(
+                    toRecord(
+                        ".           300 IN  DS  16758 7 1 EC88DF5E2902FD4AB9E9C246BEEA9B822BD7BCF7"))));
+    Message response = resolver.send(createMessage("./DS"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNodataNsec3ForDSMustNotHaveSOA() throws IOException {
+    // bogus./DS cannot coexist with bogus./SOA
+    resolver.getTrustAnchors().clear();
+    resolver
+        .getTrustAnchors()
+        .store(
+            new SRRset(
+                new RRset(
+                    toRecord(
+                        "bogus.           300 IN  DS  16758 7 1 A5D56841416AB42DC39629E42D12C98B0E94232A"))));
+    Message response = resolver.send(createMessage("bogus./DS"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNsec3ClosestEncloserIsInsecureDelegation() throws IOException {
+    Message response = resolver.send(createMessage("a.unsigned.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNoData.java b/src/test/java/org/xbill/DNS/dnssec/TestNoData.java
new file mode 100644
index 000000000..29944832c
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNoData.java
@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestNoData extends TestBase {
+  @Test
+  void testFakedNoDataNsec3WithoutNsecs() throws IOException {
+    Message m = resolver.send(createMessage("www.nsec3.ingotronic.ch./A"));
+    Message message =
+        messageFromString(m.toString().replaceAll("www\\.nsec3\\.ingotronic\\.ch\\.\\s+.*", ""));
+    add("www.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.nodata"));
+    assertEde(ExtendedErrorCodeOption.NSEC_MISSING, response);
+  }
+
+  @Test
+  void testFakedNoDataNsec3WithNsecs() throws IOException {
+    Message m = resolver.send(createMessage("www.nsec3.ingotronic.ch./MX"));
+    Message message = messageFromString(m.toString().replaceAll("type = MX", "type = A"));
+    add("www.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.nodata"));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java b/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java
new file mode 100644
index 000000000..5bf409c24
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java
@@ -0,0 +1,118 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Section;
+
+class TestNonExistence extends TestBase {
+  @ParameterizedTest(name = "testNonExisting_{index}")
+  @ValueSource(
+      strings = {
+        "gibtsnicht",
+        "gibtsnicht.ingotronic.ch",
+        "gibtsnicht.nsec3.ingotronic.ch",
+        "gibtsnicht.gibtsnicht.ingotronic.ch",
+        "gibtsnicht.gibtsnicht.nsec3.ingotronic.ch"
+      })
+  void testNonExisting(String param) throws IOException {
+    Message response = resolver.send(createMessage(param + "./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testDoubleLabelABelowSignedNsec3MissingNsec3() throws IOException {
+    Message m = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A"));
+    Message message =
+        messageFromString(m.toString().replaceAll("L40.+nsec3\\.ingotronic\\.ch\\.\\s+300.*", ""));
+    add("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.nsec3_bogus", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDoubleLabelABelowSignedBeforeZoneNsec3() throws IOException {
+    // the query name here must hash to a name BEFORE the first existing
+    // NSEC3 owner name
+    Message response = resolver.send(createMessage("alias.1gibtsnicht.nsec3.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @ParameterizedTest(name = "testSignedNodata_{index}")
+  @ValueSource(
+      strings = {
+        "www.ingotronic.ch",
+        "www.nsec3.ingotronic.ch",
+        "a.b.ingotronic.ch",
+        "a.b.nsec3.ingotronic.ch",
+        "b.d.ingotronic.ch",
+        "b.d.nsec3.ingotronic.ch",
+      })
+  void testSignedNodata(String param) throws IOException {
+    Message response = resolver.send(createMessage(param + "./MX"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertTrue(response.getSectionRRsets(Section.ANSWER).isEmpty());
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testNxDomainWithInvalidNsecSignature() throws IOException {
+    Message m = resolver.send(createMessage("x.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("x.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("x.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.nxdomain.authority"));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWithInvalidNsecSignature() throws IOException {
+    Message m = resolver.send(createMessage("www.ingotronic.ch./MX"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("www.ingotronic.ch./MX", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.authority.nodata"));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataOnENT() throws IOException {
+    Message response = resolver.send(createMessage("b.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java b/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java
new file mode 100644
index 000000000..8b5cb4263
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java
@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.time.Instant;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.OPTRecord;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+/**
+ * These test run checks that are unable to occur during actual validations.
+ *
+ * @author Ingo Bauersachs
+ */
+class TestNormallyUnreachableCode {
+  private InetAddress localhost;
+
+  @BeforeEach
+  void setUp() throws UnknownHostException {
+    localhost = InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
+  }
+
+  @Test
+  void testVerifyWithoutSignaturesIsBogus() {
+    DnsSecVerifier verifier = new DnsSecVerifier(new ValUtils());
+    ARecord aRecord = new ARecord(Name.root, DClass.IN, 120, localhost);
+    SRRset set = new SRRset();
+    set.addRR(aRecord);
+    KeyEntry keys = KeyEntry.newKeyEntry(new SRRset());
+    JustifiedSecStatus res = verifier.verify(set, keys, Instant.now());
+    assertEquals(SecurityStatus.BOGUS, res.status);
+    assertEquals(ExtendedErrorCodeOption.RRSIGS_MISSING, res.edeReason);
+  }
+
+  @Test
+  void useAllEnumCode() {
+    assertEquals(
+        SecurityStatus.UNCHECKED, SecurityStatus.valueOf(SecurityStatus.values()[0].toString()));
+    assertEquals(
+        ResponseClassification.UNKNOWN,
+        ResponseClassification.valueOf(ResponseClassification.values()[0].toString()));
+  }
+
+  @Test
+  void testSmessageReturnsOptRecordOfOriginal() {
+    int xrcode = 0xFED;
+    Message m = Message.newQuery(Record.newRecord(Name.root, Type.NS, DClass.IN));
+    m.getHeader().setRcode(xrcode & 0xF);
+    m.addRecord(new OPTRecord(1, xrcode >> 4, 1), Section.ADDITIONAL);
+    SMessage sm = new SMessage(m);
+    assertEquals(m.toString(), sm.getMessage().toString());
+    assertEquals(xrcode, sm.getRcode());
+  }
+
+  @Test
+  void testCopyMessageWithoutQuestion() {
+    Message m = new Message();
+    m.addRecord(new ARecord(Name.root, DClass.IN, 120, localhost), Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    assertEquals(m.toString(), sm.getMessage().toString());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java
new file mode 100644
index 000000000..f9bd38347
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java
@@ -0,0 +1,142 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Properties;
+import org.junit.jupiter.api.Assumptions;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+
+class TestNsec3ValUtils extends TestBase {
+  @Test
+  void testTooLargeIterationCountMustThrow() {
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.nsec3.iterations.512", Integer.MAX_VALUE);
+    NSEC3ValUtils val = new NSEC3ValUtils();
+    assertThrows(IllegalArgumentException.class, () -> val.init(config));
+  }
+
+  @Test
+  void testInvalidIterationCountMarksInsecure() throws IOException {
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.nsec3.iterations.1024", 0);
+    config.put("dnsjava.dnssec.nsec3.iterations.2048", 0);
+    config.put("dnsjava.dnssec.nsec3.iterations.4096", 0);
+    resolver.init(config);
+
+    Message response = resolver.send(createMessage("www.wc.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("failed.nsec3_ignored", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testNsec3WithoutClosestEncloser() throws IOException {
+    Message m = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString()
+                .replaceAll(
+                    "((UDUMPS9J6F8348HFHH2FAED6I9DDE0U6)|(NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P))\\.nsec3.*",
+                    ""));
+    add("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.nsec3_bogus", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNsec3NodataChangedToNxdomainIsBogus() throws IOException {
+    Message m = resolver.send(createMessage("a.b.nsec3.ingotronic.ch./MX"));
+    Message message =
+        messageFromString(m.toString().replaceAll("status: NOERROR", "status: NXDOMAIN"));
+    add("a.b.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("a.b.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.nsec3_bogus", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNsec3ClosestEncloserIsDelegation() throws IOException {
+    // hash(n=9.nsec3.ingotronic.ch.,it=10,s=1234)=6jl2t4i2bb7eilloi8mdhbf3uqjgvu4s
+    Message cem = resolver.send(createMessage("9.nsec3.ingotronic.ch./A"));
+    Record delegationNsec = null;
+    RRSIGRecord delegationNsecSig = null;
+    for (RRset set : cem.getSectionRRsets(Section.AUTHORITY)) {
+      // hash(n=sub.nsec3.ingotronic.ch.,it=10,s=1234)=5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H
+      if (set.getName().toString().startsWith("5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = resolver.send(createMessage("a.sub.nsec3.ingotronic.ch./A"));
+    String temp = m.toString().replaceAll("^sub\\.nsec3.*", "");
+    // hash(n=sub.nsec3.ingotronic.ch.,it=11,s=4321)=8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA
+    temp = temp.replaceAll("8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA.*", "");
+    Message message = messageFromString(temp);
+    message.addRecord(delegationNsec, Section.AUTHORITY);
+    message.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("a.sub.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("a.sub.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.nsec3_bogus", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNsec3ClosestEncloserIsInsecureDelegation() throws IOException {
+    Message response = resolver.send(createMessage("a.unsigned.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertEquals("failed.nxdomain.nsec3_insecure", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testNsecEcdsa256() throws IOException {
+    Provider[] providers = Security.getProviders("KeyFactory.EC");
+    Assumptions.assumeTrue(providers != null && providers.length > 0);
+
+    Message response = resolver.send(createMessage("www.wc.nsec3-ecdsa256.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testNsecEcdsa384() throws IOException {
+    Provider[] providers = Security.getProviders("KeyFactory.EC");
+    Assumptions.assumeTrue(providers != null && providers.length > 0);
+
+    Message response = resolver.send(createMessage("www.wc.nsec3-ecdsa384.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtilsPublicKeyLoading.java b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtilsPublicKeyLoading.java
new file mode 100644
index 000000000..c5fe6e5e4
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtilsPublicKeyLoading.java
@@ -0,0 +1,78 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.spy;
+
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+import java.security.PublicKey;
+import java.util.concurrent.atomic.AtomicInteger;
+import org.junit.jupiter.api.Test;
+import org.mockito.stubbing.Answer;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC.DNSSECException;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Type;
+
+class TestNsec3ValUtilsPublicKeyLoading extends TestBase {
+  @Test
+  @PrepareMocks("prepareTestPublicKeyLoadingException")
+  void testPublicKeyLoadingException() throws Exception {
+    try {
+      Message response = resolver.send(createMessage("www.wc.nsec3.ingotronic.ch./A"));
+      assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+      assertRCode(Rcode.NOERROR, response.getRcode());
+      assertEquals("failed.nsec3_ignored", getReason(response));
+    } finally {
+      Type.register(Type.DNSKEY, Type.string(Type.DNSKEY), () -> spy(DNSKEYRecord.class));
+    }
+  }
+
+  void prepareTestPublicKeyLoadingException() {
+    Name fakeName = Name.fromConstantString("nsec3.ingotronic.ch.");
+    Type.register(
+        Type.DNSKEY,
+        Type.string(Type.DNSKEY),
+        () -> {
+          DNSKEYRecord throwingDnskey = spy(DNSKEYRecord.class);
+          AtomicInteger invocationCount = new AtomicInteger(0);
+          try {
+            doAnswer(
+                    (Answer<PublicKey>)
+                        a -> {
+                          if (((DNSKEYRecord) a.getMock()).getName().equals(fakeName)) {
+                            if (invocationCount.getAndIncrement() == 4) {
+                              throwDnssecException();
+                            }
+                            return (PublicKey) a.callRealMethod();
+                          }
+                          return (PublicKey) a.callRealMethod();
+                        })
+                .when(throwingDnskey)
+                .getPublicKey();
+          } catch (DNSSECException e) {
+            throw new RuntimeException(e);
+          }
+          return throwingDnskey;
+        });
+  }
+
+  private void throwDnssecException() throws DNSSECException {
+    try {
+      Constructor<DNSSECException> c = DNSSECException.class.getDeclaredConstructor(String.class);
+      c.setAccessible(true);
+      throw c.newInstance("mock-text");
+    } catch (NoSuchMethodException
+        | IllegalAccessException
+        | InvocationTargetException
+        | InstantiationException e) {
+      throw new RuntimeException(e);
+    }
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java b/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java
new file mode 100644
index 000000000..74a3f1658
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java
@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestPartiallyInvalid extends TestBase {
+  @Test
+  void testValidExising() throws IOException {
+    Message response = resolver.send(createMessage("www.partial.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testValidExisingNoType() throws IOException {
+    Message response = resolver.send(createMessage("www.partial.ingotronic.ch./MX"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertTrue(isEmptyAnswer(response));
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testValidNonExising() throws IOException {
+    Message response = resolver.send(createMessage("www.gibtsnicht.partial.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPositive.java b/src/test/java/org/xbill/DNS/dnssec/TestPositive.java
new file mode 100644
index 000000000..4973edd29
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestPositive.java
@@ -0,0 +1,79 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.MXRecord;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Section;
+
+class TestPositive extends TestBase {
+  @Test
+  void testValidExising() throws IOException {
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testValidNonExising() throws IOException {
+    Message response = resolver.send(createMessage("ingotronic.ch./ANY"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testValidAnswerToDifferentQueryTypeIsBogus() throws IOException {
+    // Fetch a regular 'A' response, then replace the query with MX
+    Message m = resolver.send(createMessage("www.ingotronic.ch./A"));
+    m.removeAllRecords(Section.QUESTION);
+    m.addRecord(
+        new MXRecord(
+            Name.fromConstantString("www.ingotronic.ch."),
+            DClass.IN,
+            3600,
+            0,
+            Name.fromConstantString("www.ingotronic.ch.")),
+        Section.QUESTION);
+
+    // Assert that this results in bogus nodata/nsec missing after message normalization
+    add("www.ingotronic.ch./A", m);
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.NSEC_MISSING, response);
+  }
+
+  @Test
+  void testCDonQueryDoesntDoAnything() throws IOException {
+    Message m = resolver.send(createMessage("www.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("(.*\\sRRSIG\\s+A\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("www.ingotronic.ch./A", message);
+
+    Message query = createMessage("www.ingotronic.ch./A");
+    query.getHeader().setFlag(Flags.CD);
+    Message response = resolver.send(query);
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPriming.java b/src/test/java/org/xbill/DNS/dnssec/TestPriming.java
new file mode 100644
index 000000000..80a7ee131
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestPriming.java
@@ -0,0 +1,261 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.security.MessageDigestSpi;
+import java.security.Provider;
+import java.security.Security;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestPriming extends TestBase {
+  @Test
+  void testDnskeyPrimeResponseWithEmptyAnswerIsBad() throws IOException {
+    Message message = new Message();
+    message.addRecord(Record.newRecord(Name.root, Type.DNSKEY, DClass.IN), Section.QUESTION);
+    add("./DNSKEY", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:.:dnskey.no_rrset:.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+  }
+
+  @Test
+  void testRootDnskeyPrimeResponseWithNxDomainIsBad() throws IOException {
+    Message message = new Message();
+    message.addRecord(Record.newRecord(Name.root, Type.DNSKEY, DClass.IN), Section.QUESTION);
+    message.getHeader().setRcode(Rcode.NXDOMAIN);
+    add("./DNSKEY", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:.:dnskey.no_rrset:.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+  }
+
+  @Test
+  void testDnskeyPrimeResponseWithInvalidSignatureIsBad()
+      throws IOException, NumberFormatException {
+    Message m = resolver.send(createMessage("./DNSKEY"));
+    Message message =
+        messageFromString(
+            m.toString()
+                .replaceAll("(.*\\sRRSIG\\sDNSKEY\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("./DNSKEY", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  @PrepareMocks("prepareTestDnskeyPrimeResponseWithMismatchedFootprintIsBad")
+  void testDnskeyPrimeResponseWithMismatchedFootprintIsBad() throws Exception {
+    try {
+      Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+      assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+      assertRCode(Rcode.SERVFAIL, response.getRcode());
+      assertEquals(
+          "validate.bogus.badkey:.:dnskey.no_ds_alg_match:.:RSASHA256", getReason(response));
+      assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+    } finally {
+      Type.register(Type.DNSKEY, Type.string(Type.DNSKEY), () -> spy(DNSKEYRecord.class));
+    }
+  }
+
+  void prepareTestDnskeyPrimeResponseWithMismatchedFootprintIsBad() {
+    Type.register(
+        Type.DNSKEY,
+        Type.string(Type.DNSKEY),
+        () -> {
+          DNSKEYRecord minus1FootprintDnskey = spy(DNSKEYRecord.class);
+          when(minus1FootprintDnskey.getFootprint()).thenReturn(-1);
+          return minus1FootprintDnskey;
+        });
+  }
+
+  @Test
+  @PrepareMocks("prepareTestDnskeyPrimeResponseWithMismatchedAlgorithmIsBad")
+  void testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad() throws Exception {
+    try {
+      Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+      assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+      assertRCode(Rcode.SERVFAIL, response.getRcode());
+      assertEquals(
+          "validate.bogus.badkey:.:dnskey.no_ds_alg_match:.:RSASHA256", getReason(response));
+      assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+    } finally {
+      Type.register(Type.DNSKEY, Type.string(Type.DNSKEY), () -> spy(DNSKEYRecord.class));
+    }
+  }
+
+  void prepareTestDnskeyPrimeResponseWithMismatchedAlgorithmIsBad() {
+    Type.register(
+        Type.DNSKEY,
+        Type.string(Type.DNSKEY),
+        () -> {
+          DNSKEYRecord minus1AlgorithmDnskey = spy(DNSKEYRecord.class);
+          when(minus1AlgorithmDnskey.getAlgorithm()).thenReturn(-1);
+          return minus1AlgorithmDnskey;
+        });
+  }
+
+  static class FakeShaProvider extends Provider {
+    protected FakeShaProvider() {
+      super("FakeShaProvider", 1, "FakeShaProvider");
+      put("MessageDigest.SHA", FakeSha.class.getName());
+      put("MessageDigest.SHA-256", FakeSha.class.getName());
+    }
+
+    public static class FakeSha extends MessageDigestSpi {
+      @Override
+      protected void engineUpdate(byte input) {}
+
+      @Override
+      protected void engineUpdate(byte[] input, int offset, int len) {}
+
+      @Override
+      protected byte[] engineDigest() {
+        return new byte[] {1, 2, 3};
+      }
+
+      @Override
+      protected void engineReset() {}
+    }
+  }
+
+  @Test
+  void testDnskeyPrimeResponseWithWeirdHashIsBad() throws Exception {
+    Provider p = new FakeShaProvider();
+    try {
+      Security.insertProviderAt(p, 1);
+      Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+      assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+      assertRCode(Rcode.SERVFAIL, response.getRcode());
+      assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response));
+      assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+    } finally {
+      Security.removeProvider(p.getName());
+    }
+  }
+
+  @Test
+  void testDsPrimeResponseWithEmptyAnswerIsBad() throws IOException {
+    Message message = new Message();
+    message.addRecord(
+        Record.newRecord(Name.fromString("ch."), Type.DS, DClass.IN), Section.QUESTION);
+    add("ch./DS", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:ch.:failed.ds.nonsec:ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response);
+  }
+
+  @Test
+  void testDsPrimeResponseWithNxDomainForTld() throws IOException {
+    Message message = new Message();
+    message.addRecord(
+        Record.newRecord(Name.fromString("ch."), Type.DS, DClass.IN), Section.QUESTION);
+    message.getHeader().setRcode(Rcode.NXDOMAIN);
+    add("ch./DS", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:ch.:failed.ds.nonsec:ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response);
+  }
+
+  @Test
+  void testDsNoDataWhenNsecIsFromChildApex() throws IOException {
+    Message nsec = resolver.send(createMessage("1.sub.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("sub.ingotronic.ch") && set.getType() == Type.NSEC) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("sub.ingotronic.ch./DS");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("sub.ingotronic.ch./DS", m);
+
+    R.setUseNeutralMessages(false);
+    Message response = resolver.send(createMessage("sub.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "validate.bogus.badkey:sub.ingotronic.ch.:failed.ds.nsec:dnskey.no_key:sub.ingotronic.ch.",
+        getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDsNoDataWhenNsecOnEntIsBad() throws IOException {
+    Message m = resolver.send(createMessage("e.ingotronic.ch./DS"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("e.ingotronic.ch./DS", message);
+
+    Message response = resolver.send(createMessage("a.e.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus:failed.ds.nsec.ent", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDsNoDataWhenOnInsecureDelegationWithWrongNsec() throws IOException {
+    Message nsec = resolver.send(createMessage("alias.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("alias.ingotronic.ch")
+          && set.getType() == Type.NSEC) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("unsigned.ingotronic.ch./DS");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("unsigned.ingotronic.ch./DS", m);
+
+    Message response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus:failed.ds.unknown", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java b/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java
new file mode 100644
index 000000000..b784e8363
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java
@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestRRsig extends TestBase {
+  @Test
+  @AlwaysOffline
+  void testRRsigNodata() throws IOException {
+    Message message = createMessage("www.ingotronic.ch./RRSIG");
+    add("www.ingotronic.ch./RRSIG", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./RRSIG"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.NSEC_MISSING, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testRRsigServfail() throws IOException {
+    Message message = createMessage("www.ingotronic.ch./RRSIG");
+    message.getHeader().setRcode(Rcode.SERVFAIL);
+    add("www.ingotronic.ch./RRSIG", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./RRSIG"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.response.unknown:UNKNOWN", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestSMessage.java b/src/test/java/org/xbill/DNS/dnssec/TestSMessage.java
new file mode 100644
index 000000000..105c6d59c
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestSMessage.java
@@ -0,0 +1,144 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.List;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.xbill.DNS.AAAARecord;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.TextParseException;
+import org.xbill.DNS.Type;
+
+class TestSMessage {
+  @Test
+  void testGetUndefinedSectionBelow() {
+    SMessage m = new SMessage(0, null);
+    assertThrows(IllegalArgumentException.class, () -> m.getSectionRRsets(-1));
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {0, 4, 100})
+  void testGetUndefinedSection(int section) {
+    SMessage m = new SMessage(0, null);
+    assertThrows(IllegalArgumentException.class, () -> m.getSectionRRsets(section));
+  }
+
+  @Test
+  void testGetEmptySection() {
+    SMessage m = new SMessage(0, null);
+    List<SRRset> sets = m.getSectionRRsets(Section.ANSWER);
+    assertEquals(0, sets.size());
+  }
+
+  @Test
+  void testGetEmptySectionByType() {
+    SMessage m = new SMessage(0, null);
+    List<SRRset> sets = m.getSectionRRsets(Section.ANSWER, Type.A);
+    assertEquals(0, sets.size());
+  }
+
+  @Test
+  void testGetSectionByType() throws UnknownHostException {
+    Message m = new Message();
+    Record r1 =
+        new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0}));
+    m.addRecord(r1, Section.ANSWER);
+    Record r2 =
+        new AAAARecord(
+            Name.root,
+            DClass.IN,
+            0,
+            InetAddress.getByAddress(new byte[] {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}));
+    m.addRecord(r2, Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    List<SRRset> result = sm.getSectionRRsets(Section.ANSWER, Type.A);
+    assertEquals(1, result.size());
+    assertEquals(Type.A, result.get(0).getType());
+  }
+
+  @Test
+  void testRecordCountForQuestionIsOne() {
+    SMessage m = new SMessage(0, null);
+    int count = m.getCount(Section.QUESTION);
+    assertEquals(1, count);
+  }
+
+  @Test
+  void testRecordCountForEmptySectionIsZero() {
+    SMessage m = new SMessage(0, null);
+    int count = m.getCount(Section.ADDITIONAL);
+    assertEquals(0, count);
+  }
+
+  @Test
+  void testRecordCountForIsValid() throws UnknownHostException {
+    Message m = new Message();
+    m.addRecord(
+        new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0})),
+        Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    int count = sm.getCount(Section.ANSWER);
+    assertEquals(1, count);
+  }
+
+  @Test
+  void testAnswerSectionSearchFound() throws UnknownHostException {
+    Message m = new Message();
+    Record r =
+        new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0}));
+    m.addRecord(r, Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    SRRset result = sm.findAnswerRRset(Name.root, Type.A, DClass.IN);
+    assertEquals(r, result.first());
+  }
+
+  @Test
+  void testAnswerSectionSearchNotFoundDifferentClass() throws UnknownHostException {
+    Message m = new Message();
+    Record r =
+        new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0}));
+    m.addRecord(r, Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    SRRset result = sm.findAnswerRRset(Name.root, Type.A, DClass.CH);
+    assertNull(result);
+  }
+
+  @Test
+  void testAnswerSectionSearchNotFoundDifferentType() throws UnknownHostException {
+    Message m = new Message();
+    Record r =
+        new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0}));
+    m.addRecord(r, Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    SRRset result = sm.findAnswerRRset(Name.root, Type.MX, DClass.IN);
+    assertNull(result);
+  }
+
+  @Test
+  void testAnswerSectionSearchNotFoundDifferentName()
+      throws UnknownHostException, TextParseException {
+    Message m = new Message();
+    Record r =
+        new ARecord(
+            Name.fromString("asdf."),
+            DClass.IN,
+            0,
+            InetAddress.getByAddress(new byte[] {0, 0, 0, 0}));
+    m.addRecord(r, Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    SRRset result = sm.findAnswerRRset(Name.root, Type.MX, DClass.IN);
+    assertNull(result);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java b/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java
new file mode 100644
index 000000000..821ff3898
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java
@@ -0,0 +1,140 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.util.Properties;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestTrustAnchorLoading extends TestBase {
+  @Test
+  void testLoadRootTrustAnchors() {
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+    assertNull(resolver.getTrustAnchors().find(Name.root, DClass.CH));
+  }
+
+  @Test
+  void testLoadRootTrustAnchorsFromFile() throws IOException {
+    resolver.getTrustAnchors().clear();
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.trust_anchor_file", "./src/test/resources/trust_anchors");
+    resolver.init(config);
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+  }
+
+  @Test
+  void testInitializingWithEmptyConfigDoesNotFail() throws IOException {
+    resolver.getTrustAnchors().clear();
+    Properties config = new Properties();
+    resolver.init(config);
+    assertNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+  }
+
+  @Test
+  void testInitializingWithNonExistingFileThrows() {
+    resolver.getTrustAnchors().clear();
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.trust_anchor_file", "xyz");
+    assertThrows(IOException.class, () -> resolver.init(config));
+  }
+
+  @Test
+  void testLoadRootTrustAnchorWithDNSKEY() throws IOException {
+    Message keys = resolver.send(createMessage("./DNSKEY"));
+    ByteArrayOutputStream bos = new ByteArrayOutputStream();
+    OutputStreamWriter osw = new OutputStreamWriter(bos);
+    for (RRset set : keys.getSectionRRsets(Section.ANSWER)) {
+      if (set.getType() == Type.DNSKEY) {
+        for (Record r : set.rrs()) {
+          osw.write(r.toString());
+          osw.write('\n');
+        }
+      }
+    }
+
+    osw.close();
+
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(new ByteArrayInputStream(bos.toByteArray()));
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testLoadRootTrustAnchorWithInvalidDNSKEY() throws IOException {
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_dnskey_invalid"));
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:.:dnskey.no_ds_alg_match:.:RSASHA256", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+  }
+
+  @Test
+  void testLoadRootTrustAnchorWithInvalidDS() throws IOException {
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_invalid"));
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testLoadRootTrustAnchorsAlongWithGarbage() throws IOException {
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_test"));
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.CH));
+  }
+
+  @Test
+  void testLoadEmptyTrustAnchors() throws IOException {
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_empty"));
+    assertNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+  }
+
+  @Test
+  void testInsecureWithEmptyTrustAnchor() throws IOException {
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_empty"));
+    assertNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("validate.insecure", getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java b/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java
new file mode 100644
index 000000000..1bb01f693
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java
@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestUnsigned extends TestBase {
+  @Test
+  void testUnsignedBelowSignedZoneBind() throws IOException {
+    Message response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testUnsignedBelowSignedTldNsec3NoOptOut() throws IOException {
+    Message response = resolver.send(createMessage("20min.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testUnsignedBelowSignedTldNsec3OptOut() throws IOException {
+    Message response = resolver.send(createMessage("yahoo.com./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testUnsignedBelowUnsignedZone() throws IOException {
+    Message response = resolver.send(createMessage("www.sub.unsigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java b/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java
new file mode 100644
index 000000000..d7b227a24
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java
@@ -0,0 +1,413 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.NSECRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestValUtils extends TestBase {
+  @Test
+  void testLongestCommonNameRootIsRoot() {
+    assertEquals(
+        Name.root,
+        ValUtils.longestCommonName(
+            Name.fromConstantString("example.com."), Name.fromConstantString("example.net.")));
+  }
+
+  @Test
+  void testNoDataWhenResultIsFromDelegationPoint() throws IOException {
+    Message nsec = resolver.send(createMessage("t.ingotronic.ch./A"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("sub.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = resolver.send(createMessage("sub.ingotronic.ch./MX"));
+    Message message =
+        messageFromString(m.toString().replaceAll("sub\\.ingotronic\\.ch\\.\\s+\\d+.*", ""));
+    message.addRecord(delegationNsec, Section.AUTHORITY);
+    message.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("sub.ingotronic.ch./MX", message);
+
+    Message response = resolver.send(createMessage("sub.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNameErrorWhenResultIsFromDelegationPoint() throws IOException {
+    Message nsec = resolver.send(createMessage("sub1.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("sub.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("s.sub.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NXDOMAIN);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("s.sub.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("s.sub.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.exists:s.sub.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNameErrorWhenNsecIsNotFromApex() throws IOException {
+    Message response = resolver.send(createMessage("1.www.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+  }
+
+  @Test
+  void testNameErrorWhenNsecIsLastAndQnameBefore() throws IOException {
+    Message nsec = resolver.send(createMessage("zz.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("z.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("y.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NXDOMAIN);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("y.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("y.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.exists:y.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNameErrorWhenNsecIsLastAndQnameDifferentDomain() throws IOException {
+    Message nsec = resolver.send(createMessage("zz.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("z.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("zingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NXDOMAIN);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("zingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("zingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.exists:zingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNameErrorWhenNsecIsLastAndQnameIsZoneApex() throws IOException {
+    Message nsec = resolver.send(createMessage("zz.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("z.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NXDOMAIN);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.exists:ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenDSResultIsFromChild() throws IOException {
+    Message m = resolver.send(createMessage("samekey.ingotronic.ch./MX"));
+    // this test needs to have the key in the cache
+    add("samekey.ingotronic.ch./DS", m, false);
+
+    Message response = resolver.send(createMessage("samekey.ingotronic.ch./DS"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataOfDSForRoot() throws IOException {
+    Message response = resolver.send(createMessage("./DS"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testNsecProvesNoDS() {
+    SecurityStatus s =
+        ValUtils.nsecProvesNoDS(
+            new NSECRecord(Name.root, DClass.IN, 0, Name.root, new int[] {Type.SOA, Type.NS}),
+            Name.root);
+    assertEquals(SecurityStatus.SECURE, s, "Root NSEC SOA and without DS must be secure");
+  }
+
+  @Test
+  void testNsecProvesNoDSWithDSPresentForRoot() {
+    SecurityStatus s =
+        ValUtils.nsecProvesNoDS(
+            new NSECRecord(
+                Name.root, DClass.IN, 0, Name.root, new int[] {Type.SOA, Type.NS, Type.DS}),
+            Name.root);
+    assertEquals(SecurityStatus.BOGUS, s, "Root NSEC with DS must be bogus");
+  }
+
+  @Test
+  void testNsecProvesNoDSWithSOAForNonRoot() throws IOException {
+    Name ch = Name.fromString("ch.");
+    SecurityStatus s =
+        ValUtils.nsecProvesNoDS(
+            new NSECRecord(ch, DClass.IN, 0, ch, new int[] {Type.SOA, Type.NS}), ch);
+    assertEquals(SecurityStatus.BOGUS, s, "Non-root NSEC with SOA must be bogus");
+  }
+
+  @Test
+  void testNoDataOnEntWithWrongNsec() throws IOException {
+    Message nsec = resolver.send(createMessage("alias.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("alias.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenNsecProvesExistence() throws IOException {
+    Message nsec = resolver.send(createMessage("www.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("www.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("www.ingotronic.ch./AAAA");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("www.ingotronic.ch./AAAA", m);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./AAAA"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenNsecHasCname() throws IOException {
+    Message nsec = resolver.send(createMessage("csigned.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("csigned.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("csigned.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("csigned.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("csigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenWcNsecProvesType() throws IOException {
+    Message nsec = resolver.send(createMessage("*.c.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("*.c.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("a.c.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("a.c.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("a.c.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenWcNsecProvesCname() throws IOException {
+    Message nsec = resolver.send(createMessage("*.cwv.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("*.cwv.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("a.cwv.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("a.cwv.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("a.cwv.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenWcNsecIsForDifferentName() throws IOException {
+    Message nsec = resolver.send(createMessage("*.c.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("*.c.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("b.d.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("b.d.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("b.d.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDsNoDataWhenNsecProvesDs() throws IOException {
+    Message nsec = resolver.send(createMessage("sub1.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("sub.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("sub.ingotronic.ch./DS");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("sub.ingotronic.ch./DS", m);
+
+    Message response = resolver.send(createMessage("sub.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "validate.bogus.badkey:sub.ingotronic.ch.:failed.ds.nsec.hasdata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testHasSignedNsecsWithoutSignedSigsReturnsFalse() {
+    Message m = new Message();
+    m.addRecord(
+        new NSECRecord(Name.root, DClass.IN, 0, Name.root, new int[] {Type.A}), Section.AUTHORITY);
+    SMessage sm = new SMessage(m);
+    boolean result = new ValUtils().hasSignedNsecs(sm);
+    assertFalse(result);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java b/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java
new file mode 100644
index 000000000..8116d5323
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java
@@ -0,0 +1,179 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestWildcard extends TestBase {
+  @Test
+  void testNameNotExpandedFromWildcardWhenNonWildcardExists() throws IOException {
+    // create a faked response: the original query/response was for
+    // b.d.ingotronic.ch. and is changed to a.d.ingotronic.ch.
+    Message m = resolver.send(createMessage("b.d.ingotronic.ch./A"));
+    add(
+        "a.d.ingotronic.ch./A",
+        messageFromString(m.toString().replace("b.d.ingotronic.ch.", "a.d.ingotronic.ch.")));
+
+    // a.d.ingotronic.ch./A exists, but the response is faked from *.d.ingotronic.ch. which must be
+    // detected by the NSEC proof
+    Message response = resolver.send(createMessage("a.d.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD));
+    assertRCode(Rcode.SERVFAIL, response.getHeader().getRcode());
+    assertEquals("failed.positive.wildcard_too_broad", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3() throws IOException {
+    // create a faked response: the original query/response was for
+    // b.d.nsec3.ingotronic.ch. and is changed to a.d.nsec3.ingotronic.ch.
+    Message m = resolver.send(createMessage("b.d.nsec3.ingotronic.ch./A"));
+    add(
+        "a.d.nsec3.ingotronic.ch./A",
+        messageFromString(
+            m.toString().replace("b.d.nsec3.ingotronic.ch.", "a.d.nsec3.ingotronic.ch.")));
+
+    // a.d.nsec3.ingotronic.ch./A exists, but the response is faked from
+    // *.d.nsec3.ingotronic.ch. which must be detected by the NSEC proof
+    Message response = resolver.send(createMessage("a.d.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD));
+    assertRCode(Rcode.SERVFAIL, response.getHeader().getRcode());
+    assertEquals("failed.positive.wildcard_too_broad", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @AlwaysOffline
+  @Test
+  void testLabelCountInSignaturesNotAllSame() throws IOException {
+    Message response = resolver.send(createMessage("b.d.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD));
+    assertRCode(Rcode.SERVFAIL, response.getHeader().getRcode());
+    assertEquals(
+        "failed.wildcard.label_count_mismatch:b.d.nsec3.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testSynthesisUsesCorrectWildcard() throws IOException {
+    Message m = resolver.send(createMessage("a.wc.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("a\\.wc\\.ingotronic.ch\\.", "\1.sub.wc.ingotronic.ch."));
+    add(Name.fromString("\1.sub.wc.ingotronic.ch.").toString() + "/A", message);
+
+    Message response = resolver.send(createMessage("\1.sub.wc.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.positive.wildcard_too_broad", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testPositiveWithInvalidNsecSignature() throws IOException {
+    Message m = resolver.send(createMessage("a.c.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("a.c.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("a.c.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.authority.positive"));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNodataWilcardWithoutCe() throws IOException {
+    // strip the closest encloser NSEC
+    Message m = resolver.send(createMessage("\1.c.ingotronic.ch./MX"));
+    Message message = messageFromString(m.toString().replaceAll("a\\.b\\.ingotronic\\.ch.*", ""));
+    add(Name.fromString("\1.c.ingotronic.ch./MX").toString(), message);
+
+    Message response = resolver.send(createMessage("\1.c.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testSynthesisUsesCorrectWildcardNodata() throws IOException {
+    Message m = resolver.send(createMessage("a.wc.ingotronic.ch./MX"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("a\\.wc\\.ingotronic.ch\\.", "\1.sub.wc.ingotronic.ch."));
+    add(Name.fromString("\1.sub.wc.ingotronic.ch.").toString() + "/MX", message);
+
+    Message response = resolver.send(createMessage("\1.sub.wc.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testSynthesisUsesCorrectWildcardNodataNsec3() throws IOException {
+    Message m = resolver.send(createMessage("a.wc.nsec3.ingotronic.ch./MX"));
+    Message message =
+        messageFromString(
+            m.toString()
+                .replaceAll("a\\.wc\\.nsec3.ingotronic.ch\\.", "\1.sub.wc.nsec3.ingotronic.ch."));
+    add(Name.fromString("\1.sub.wc.nsec3.ingotronic.ch.").toString() + "/MX", message);
+
+    Message response = resolver.send(createMessage("\1.sub.wc.nsec3.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDsNodataFromWildcardNsecChild() throws IOException {
+    Message m =
+        Message.newQuery(
+            Record.newRecord(Name.fromString("www.x.c.ingotronic.ch."), Type.A, DClass.IN));
+    m.addRecord(
+        new ARecord(
+            Name.fromString("www.x.c.ingotronic.ch."), DClass.IN, 300, InetAddress.getLocalHost()),
+        Section.ANSWER);
+    add("www.x.c.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("www.x.c.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response);
+  }
+
+  @Test
+  void testDsNodataFromWildcardNsecCovered() throws IOException {
+    Message m =
+        Message.newQuery(
+            Record.newRecord(Name.fromString("www.x.ce.ingotronic.ch."), Type.A, DClass.IN));
+    m.addRecord(
+        new ARecord(
+            Name.fromString("www.x.ce.ingotronic.ch."), DClass.IN, 300, InetAddress.getLocalHost()),
+        Section.ANSWER);
+    add("www.x.ce.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("www.x.ce.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/UnboundTests.java b/src/test/java/org/xbill/DNS/dnssec/UnboundTests.java
new file mode 100644
index 000000000..928d653a9
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/UnboundTests.java
@@ -0,0 +1,1272 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.Mockito.when;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.Security;
+import java.text.ParseException;
+import java.time.Duration;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import lombok.extern.slf4j.Slf4j;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.CNAMERecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNAMERecord;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+@Slf4j
+class UnboundTests extends TestBase {
+  void runUnboundTest() throws ParseException, IOException {
+    try {
+      InputStream data = getClass().getResourceAsStream("/unbound/" + testName + ".rpl");
+      RplParser p = new RplParser(data);
+      Rpl rpl = p.parse();
+      Properties config = new Properties();
+      if (rpl.nsec3iterations != null) {
+        for (Entry<Integer, Integer> e : rpl.nsec3iterations.entrySet()) {
+          config.put("dnsjava.dnssec.nsec3.iterations." + e.getKey(), e.getValue());
+        }
+      }
+
+      if (rpl.digestPreference != null) {
+        config.put(ValUtils.DIGEST_PREFERENCE, rpl.digestPreference);
+      }
+
+      config.put(ValUtils.DIGEST_HARDEN_DOWNGRADE, Boolean.toString(rpl.hardenAlgoDowngrade));
+
+      if (rpl.enableSha1) {
+        config.put(ValUtils.DIGEST_ENABLED + "." + DNSSEC.Digest.SHA1, Boolean.TRUE.toString());
+      }
+
+      if (rpl.enableDsa || rpl.enableSha1) {
+        config.put(
+            ValUtils.ALGORITHM_ENABLED + "." + DNSSEC.Algorithm.DSA, Boolean.TRUE.toString());
+        config.put(
+            ValUtils.ALGORITHM_ENABLED + "." + DNSSEC.Algorithm.DSA_NSEC3_SHA1,
+            Boolean.TRUE.toString());
+      }
+
+      if (!rpl.hardenUnknownAdditional) {
+        System.setProperty("dnsjava.harden_unknown_additional", Boolean.TRUE.toString());
+      }
+
+      if (rpl.loadBouncyCastle) {
+        Security.addProvider(new BouncyCastleProvider());
+      }
+
+      if (rpl.minRsaSize != null) {
+        config.put(ValUtils.ALGORITHM_RSA_MIN_KEY_SIZE, Integer.toString(rpl.minRsaSize));
+      }
+
+      for (Message m : rpl.replays) {
+        add(m);
+      }
+
+      // merge xNAME queries into one
+      List<Message> copy = new ArrayList<>(rpl.replays.size());
+      copy.addAll(rpl.replays);
+      List<Name> copiedTargets = new ArrayList<>(5);
+      for (Message m : copy) {
+        Name target = null;
+        for (RRset s : m.getSectionRRsets(Section.ANSWER)) {
+          if (s.getType() == Type.CNAME) {
+            target = ((CNAMERecord) s.first()).getTarget();
+          } else if (s.getType() == Type.DNAME) {
+            target = ((DNAMERecord) s.first()).getTarget();
+          }
+
+          while (target != null) {
+            Message a = get(target, m.getQuestion().getType());
+            if (a == null) {
+              a = get(target, Type.CNAME);
+            }
+
+            if (a == null) {
+              a = get(target, Type.DNAME);
+            }
+
+            if (a != null) {
+              target = add(m, a);
+              if (copiedTargets.contains(target)) {
+                break;
+              }
+
+              copiedTargets.add(target);
+              rpl.replays.remove(a);
+            } else {
+              target = null;
+            }
+          }
+        }
+      }
+
+      // promote any DS records in auth. sections to real queries
+      copy = new ArrayList<>(rpl.replays.size());
+      copy.addAll(rpl.replays);
+      for (Message m : copy) {
+        for (RRset s : m.getSectionRRsets(Section.AUTHORITY)) {
+          if (s.getType() == Type.DS) {
+            Message ds = new Message();
+            ds.addRecord(
+                Record.newRecord(s.getName(), s.getType(), s.getDClass()), Section.QUESTION);
+            for (Record rr : s.rrs()) {
+              ds.addRecord(rr, Section.ANSWER);
+            }
+
+            for (RRSIGRecord sig : s.sigs()) {
+              ds.addRecord(sig, Section.ANSWER);
+            }
+
+            rpl.replays.add(ds);
+          }
+        }
+      }
+
+      clear();
+      for (Message m : rpl.replays) {
+        add(m);
+      }
+
+      if (rpl.date != null) {
+        try {
+          when(resolverClock.instant()).thenReturn(rpl.date);
+        } catch (Exception e) {
+          throw new RuntimeException(e);
+        }
+      }
+
+      if (rpl.trustAnchors != null) {
+        resolver.getTrustAnchors().clear();
+        for (SRRset rrset : rpl.trustAnchors) {
+          resolver.getTrustAnchors().store(rrset);
+        }
+      }
+
+      resolver.init(config);
+      resolver.setTimeout(Duration.ofMinutes(1));
+
+      for (Check c : rpl.checks.values()) {
+        Message s = resolver.send(c.query).normalize(c.query, true);
+        log.trace(
+            "{}/{}/{} ---> \n{}",
+            c.query.getQuestion().getName(),
+            Type.string(c.query.getQuestion().getType()),
+            DClass.string(c.query.getQuestion().getDClass()),
+            s);
+        assertEquals(
+            c.response.getHeader().getFlag(Flags.AD),
+            s.getHeader().getFlag(Flags.AD),
+            "AD Flag must match");
+        assertEquals(
+            Rcode.string(c.response.getRcode()), Rcode.string(s.getRcode()), "RCode must match");
+      }
+    } finally {
+      Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+      System.clearProperty("dnsjava.harden_unknown_additional");
+    }
+  }
+
+  private Name add(Message target, Message source) {
+    Name next = null;
+    target.getHeader().setRcode(source.getRcode());
+    for (Record r : source.getSection(Section.ANSWER)) {
+      target.addRecord(r, Section.ANSWER);
+      if (r.getType() == Type.CNAME) {
+        next = ((CNAMERecord) r).getTarget();
+      } else if (r.getType() == Type.DNAME) {
+        next = ((DNAMERecord) r).getTarget();
+      }
+    }
+
+    for (Record r : source.getSection(Section.AUTHORITY)) {
+      if (r.getType() != Type.NS) {
+        target.addRecord(r, Section.AUTHORITY);
+      }
+    }
+
+    return next;
+  }
+
+  static void main(String[] xargs) throws IOException, ParseException {
+    Map<String, String> ignored =
+        new HashMap<String, String>() {
+          {
+            put("val_faildnskey_ok.rpl", "tests an unbound specific config option");
+            put("val_nsec3_nods_negcache.rpl", "we don't do negative caching");
+            put("val_unsecds_negcache.rpl", "we don't do negative caching");
+            put("val_negcache_dssoa.rpl", "we don't do negative caching");
+            put("val_negcache_nodata.rpl", "aggressive NSEC is not supported");
+            put("val_negcache_nxdomain.rpl", "aggressive NSEC is not supported");
+            put("val_nsec3_b3_optout_negcache.rpl", "we don't do negative caching");
+            put("val_dsnsec.rpl", "we don't do negative caching");
+            put("val_refer_unsignadd.rpl", "we don't do negative caching");
+            put("val_referglue.rpl", "we don't do negative caching");
+            put(
+                "val_noadwhennodo.rpl",
+                "irrelevant - if we wouldn't want AD, we wouldn't be using this stuff");
+            put("val_fwdds.rpl", "irrelevant, we're not a recursive resolver");
+            put("val_referd.rpl", "NSEC records missing for validation, tests caching stuff");
+            put("val_stubds.rpl", "tests unbound specific config (stub zones)");
+            put("val_cnametonsec.rpl", "incomplete CNAME answer");
+            put("val_cnametooptin.rpl", "incomplete CNAME answer");
+            put("val_cnametoinsecure.rpl", "incomplete CNAME answer");
+            put("val_nsec3_optout_cache.rpl", "more cache stuff");
+            put("val_unsecds_qtypeds.rpl", "tests the iterative resolver");
+            put(
+                "val_anchor_nx.rpl",
+                "tests resolving conflicting responses in a recursive resolver");
+            put(
+                "val_anchor_nx_nosig.rpl",
+                "tests resolving conflicting responses in a recursive resolver");
+            put("val_negcache_nta.rpl", "tests unbound option domain-insecure, not available here");
+          }
+        };
+
+    for (String f : new File("./src/test/resources/unbound").list()) {
+      String comment = ignored.get(f);
+      if (comment != null) {
+        System.out.println("    @Disabled(\"" + comment + "\")");
+      }
+
+      Rpl rpl = new RplParser(new FileInputStream("./src/test/resources/unbound/" + f)).parse();
+      System.out.println("    @Test");
+      System.out.println("    @DisplayName(\"" + f + ": " + rpl.scenario + "\")");
+      System.out.println(
+          "    void " + f.split("\\.")[0] + "() throws ParseException, IOException {");
+      System.out.println("        runUnboundTest();");
+      System.out.println("    }");
+      System.out.println();
+    }
+  }
+
+  @Test
+  @DisplayName("val_adbit.rpl: Test validator AD bit signaling")
+  void val_adbit() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_adcopy.rpl: Test validator AD bit sent by untrusted upstream")
+  void val_adcopy() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests resolving conflicting responses in a recursive resolver")
+  @Test
+  @DisplayName("val_anchor_nx.rpl: Test validator with secure proof of trust anchor nxdomain")
+  void val_anchor_nx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests resolving conflicting responses in a recursive resolver")
+  @Test
+  @DisplayName("val_anchor_nx_nosig.rpl: Test validator with unsigned denial of trust anchor")
+  void val_anchor_nx_nosig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ans_dsent.rpl: Test validator with empty nonterminals on the trust chain.")
+  void val_ans_dsent() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ans_nx.rpl: Test validator with DS nodata as nxdomain on trust chain")
+  void val_ans_nx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_any.rpl: Test validator with response to qtype ANY")
+  void val_any() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_any_cname.rpl: Test validator with response to qtype ANY that includes CNAME")
+  void val_any_cname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_any_dname.rpl: Test validator with response to qtype ANY that includes DNAME")
+  void val_any_dname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnameinsectopos.rpl: Test validator with an insecure cname to positive cached")
+  void val_cnameinsectopos() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_cnamenx_dblnsec.rpl: Test validator with cname-nxdomain for duplicate NSEC detection")
+  void val_cnamenx_dblnsec() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnamenx_rcodenx.rpl: Test validator with cname-nxdomain with rcode nxdomain")
+  void val_cnamenx_rcodenx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnameqtype.rpl: Test validator with a query for type cname")
+  void val_cnameqtype() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametocloser.rpl: Test validator with CNAME to closer anchor under optout.")
+  void val_cnametocloser() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_cnametocloser_nosig.rpl: Test validator with CNAME to closer anchor optout missing sigs.")
+  void val_cnametocloser_nosig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_cnametocnamewctoposwc.rpl: Test validator with a regular cname to wildcard cname to wildcard response")
+  void val_cnametocnamewctoposwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametodname.rpl: Test validator with a cname to a dname")
+  void val_cnametodname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_cnametodnametocnametopos.rpl: Test validator with cname, dname, cname, positive answer")
+  void val_cnametodnametocnametopos() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("incomplete CNAME answer")
+  @Test
+  @DisplayName("val_cnametoinsecure.rpl: Test validator with CNAME to insecure NSEC or NSEC3.")
+  void val_cnametoinsecure() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametonodata.rpl: Test validator with cname to nodata")
+  void val_cnametonodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametonodata_nonsec.rpl: Test validator with cname to nodata")
+  void val_cnametonodata_nonsec() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("incomplete CNAME answer")
+  @Test
+  @DisplayName("val_cnametonsec.rpl: Test validator with CNAME to insecure NSEC delegation")
+  void val_cnametonsec() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametonx.rpl: Test validator with cname to nxdomain")
+  void val_cnametonx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("incomplete CNAME answer")
+  @Test
+  @DisplayName("val_cnametooptin.rpl: Test validator with CNAME to insecure optin NSEC3")
+  void val_cnametooptin() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametooptout.rpl: Test validator with CNAME to optout NSEC3 span NODATA")
+  void val_cnametooptout() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametopos.rpl: Test validator with a cname to positive")
+  void val_cnametopos() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_cnametoposnowc.rpl: Test validator with a cname to positive wildcard without proof")
+  void val_cnametoposnowc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametoposwc.rpl: Test validator with a cname to positive wildcard")
+  void val_cnametoposwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnamewctonodata.rpl: Test validator with wildcard cname to nodata")
+  void val_cnamewctonodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnamewctonx.rpl: Test validator with wildcard cname to nxdomain")
+  void val_cnamewctonx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnamewctoposwc.rpl: Test validator with wildcard cname to positive wildcard")
+  void val_cnamewctoposwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cname_loop1.rpl: Test validator with cname loop")
+  void val_cname_loop1() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cname_loop2.rpl: Test validator with cname 2 step loop")
+  void val_cname_loop2() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cname_loop3.rpl: Test validator with cname 3 step loop")
+  void val_cname_loop3() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_deleg_nons.rpl: Test validator with unsigned delegation with no NS bit in NSEC")
+  void val_deleg_nons() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_dnametoolong.rpl: Test validator with a dname too long response")
+  void val_dnametoolong() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_dnametopos.rpl: Test validator with a dname to positive")
+  void val_dnametopos() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_dnametoposwc.rpl: Test validator with a dname to positive wildcard")
+  void val_dnametoposwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_dnamewc.rpl: Test validator with a wildcarded dname")
+  void val_dnamewc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName("val_dsnsec.rpl: Test pickup of DS NSEC from the cache.")
+  void val_dsnsec() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_afterprime.rpl: Test DS lookup after key prime is done.")
+  void val_ds_afterprime() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_cname.rpl: Test validator with CNAME response to DS")
+  void val_ds_cname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_cnamesub.rpl: Test validator with CNAME response to DS in chain of trust")
+  void val_ds_cnamesub() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_ds_cnamesubbogus.rpl: Test validator with bogus CNAME response to DS in chain of trust")
+  void val_ds_cnamesubbogus() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_gost.rpl: Test validator with GOST DS digest")
+  void val_ds_gost() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_gost_downgrade.rpl: Test validator with GOST DS digest downgrade attack")
+  void val_ds_gost_downgrade() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_sha2.rpl: Test validator with SHA256 DS digest")
+  void val_ds_sha2() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_sha2_downgrade.rpl: Test validator with SHA256 DS downgrade to SHA1")
+  void val_ds_sha2_downgrade() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_ds_sha2_downgrade_override.rpl: Test validator with SHA256 DS downgrade to SHA1")
+  void val_ds_sha2_downgrade_override() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_sha2_lenient.rpl: Test validator with SHA256 DS downgrade to SHA1 lenience")
+  void val_ds_sha2_lenient() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_entds.rpl: Test validator with lots of ENTs in the chain of trust")
+  void val_entds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_faildnskey.rpl: Test validator with failed DNSKEY request")
+  void val_faildnskey() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests an unbound specific config option")
+  @Test
+  @DisplayName(
+      "val_faildnskey_ok.rpl: Test validator with failed DNSKEY request, but not hardened.")
+  void val_faildnskey_ok() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("irrelevant, we're not a recursive resolver")
+  @Test
+  @DisplayName("val_fwdds.rpl: Test forward-zone with DS query")
+  void val_fwdds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_keyprefetch.rpl: Test validator with key prefetch")
+  void val_keyprefetch() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_keyprefetch_verify.rpl: Test validator with key prefetch and verify with the anchor")
+  void val_keyprefetch_verify() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_mal_wc.rpl: Test validator with nodata, wildcards and ENT")
+  void val_mal_wc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_negcache_ds.rpl: Test validator with negative cache DS response")
+  void val_negcache_ds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName(
+      "val_negcache_dssoa.rpl: Test validator with negative cache DS response with cached SOA")
+  void val_negcache_dssoa() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("aggressive NSEC is not supported")
+  @Test
+  @DisplayName(
+      "val_negcache_nodata.rpl: Test validator with negative cache NXDOMAIN response (aggressive NSEC)")
+  void val_negcache_nodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests unbound option domain-insecure, not available here")
+  @Test
+  @DisplayName("val_negcache_nta.rpl: Test to not do aggressive NSEC for domains under NTA")
+  void val_negcache_nta() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("aggressive NSEC is not supported")
+  @Test
+  @DisplayName(
+      "val_negcache_nxdomain.rpl: Test validator with negative cache NXDOMAIN response (aggressive NSEC)")
+  void val_negcache_nxdomain() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("irrelevant - if we wouldn't want AD, we wouldn't be using this stuff")
+  @Test
+  @DisplayName("val_noadwhennodo.rpl: Test if AD bit is returned on non-DO query.")
+  void val_noadwhennodo() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodata.rpl: Test validator with nodata response")
+  void val_nodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodatawc.rpl: Test validator with wildcard nodata response")
+  void val_nodatawc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodatawc_badce.rpl: Test validator with wildcard nodata, bad closest encloser")
+  void val_nodatawc_badce() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodatawc_nodeny.rpl: Test validator with wildcard nodata response without qdenial")
+  void val_nodatawc_nodeny() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodatawc_one.rpl: Test validator with wildcard nodata response with one NSEC")
+  void val_nodatawc_one() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodatawc_wcns.rpl: Test validator with wildcard nodata response from parent zone with SOA")
+  void val_nodatawc_wcns() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodatawc_wrongdeleg.rpl: Test validator with wildcard nodata response from parent zone")
+  void val_nodatawc_wrongdeleg() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodata_ent.rpl: Test validator with nodata on empty nonterminal response")
+  void val_nodata_ent() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodata_entnx.rpl: Test validator with nodata on empty nonterminal response with rcode NXDOMAIN")
+  void val_nodata_entnx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodata_entwc.rpl: Test validator with wildcard nodata on empty nonterminal response")
+  void val_nodata_entwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodata_failsig.rpl: Test validator with nodata response with bogus RRSIG")
+  void val_nodata_failsig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodata_failwc.rpl: Test validator with nodata response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test.")
+  void val_nodata_failwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodata_hasdata.rpl: Test validator with nodata response, that proves the data.")
+  void val_nodata_hasdata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodata_zonecut.rpl: Test validator with nodata response from wrong side of zonecut")
+  void val_nodata_zonecut() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nokeyprime.rpl: Test validator with failed key prime, no keys.")
+  void val_nokeyprime() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b1_nameerror.rpl: Test validator NSEC3 B.1 name error.")
+  void val_nsec3_b1_nameerror() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b1_nameerror_noce.rpl: Test validator NSEC3 B.1 name error without ce NSEC3.")
+  void val_nsec3_b1_nameerror_noce() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b1_nameerror_nonc.rpl: Test validator NSEC3 B.1 name error without nc NSEC3.")
+  void val_nsec3_b1_nameerror_nonc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b1_nameerror_nowc.rpl: Test validator NSEC3 B.1 name error without wc NSEC3.")
+  void val_nsec3_b1_nameerror_nowc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b21_nodataent.rpl: Test validator NSEC3 B.2.1 no data empty nonterminal.")
+  void val_nsec3_b21_nodataent() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b21_nodataent_wr.rpl: Test validator NSEC3 B.2.1 no data empty nonterminal, wrong rr.")
+  void val_nsec3_b21_nodataent_wr() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b2_nodata.rpl: Test validator NSEC3 B.2 no data.")
+  void val_nsec3_b2_nodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b2_nodata_nons.rpl: Test validator NSEC3 B.2 no data, without NSEC3.")
+  void val_nsec3_b2_nodata_nons() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b3_optout.rpl: Test validator NSEC3 B.3 referral to optout unsigned zone.")
+  void val_nsec3_b3_optout() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName(
+      "val_nsec3_b3_optout_negcache.rpl: Test validator NSEC3 B.3 referral optout with negative cache.")
+  void val_nsec3_b3_optout_negcache() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b3_optout_noce.rpl: Test validator NSEC3 B.3 optout unsigned, without ce.")
+  void val_nsec3_b3_optout_noce() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b3_optout_nonc.rpl: Test validator NSEC3 B.3 optout unsigned, without nc.")
+  void val_nsec3_b3_optout_nonc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b4_wild.rpl: Test validator NSEC3 B.4 wildcard expansion.")
+  void val_nsec3_b4_wild() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b4_wild_wr.rpl: Test validator NSEC3 B.4 wildcard expansion, wrong NSEC3.")
+  void val_nsec3_b4_wild_wr() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b5_wcnodata.rpl: Test validator NSEC3 B.5 wildcard nodata.")
+  void val_nsec3_b5_wcnodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b5_wcnodata_noce.rpl: Test validator NSEC3 B.5 wildcard nodata, without ce.")
+  void val_nsec3_b5_wcnodata_noce() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b5_wcnodata_nonc.rpl: Test validator NSEC3 B.5 wildcard nodata, without nc.")
+  void val_nsec3_b5_wcnodata_nonc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b5_wcnodata_nowc.rpl: Test validator NSEC3 B.5 wildcard nodata, without wc.")
+  void val_nsec3_b5_wcnodata_nowc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_cnametocnamewctoposwc.rpl: Test validator with a regular cname to wildcard cname to wildcard response")
+  void val_nsec3_cnametocnamewctoposwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_cname_ds.rpl: Test validator with NSEC3 CNAME for qtype DS.")
+  void val_nsec3_cname_ds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_cname_par.rpl: Test validator with NSEC3 wildcard CNAME to parent.")
+  void val_nsec3_cname_par() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_cname_sub.rpl: Test validator with NSEC3 wildcard CNAME to subzone.")
+  void val_nsec3_cname_sub() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_entnodata_optout.rpl: Test validator with NSEC3 response for NODATA ENT with optout.")
+  void val_nsec3_entnodata_optout() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_entnodata_optout_badopt.rpl: Test validator with NSEC3 response for NODATA ENT with optout.")
+  void val_nsec3_entnodata_optout_badopt() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_entnodata_optout_match.rpl: Test validator NODATA ENT with nsec3 optout matches the ent.")
+  void val_nsec3_entnodata_optout_match() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_iter_high.rpl: Test validator with nxdomain NSEC3 with too high iterations")
+  void val_nsec3_iter_high() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_nodatawccname.rpl: Test validator with nodata NSEC3 abused wildcarded CNAME.")
+  void val_nsec3_nodatawccname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_nods.rpl: Test validator with NSEC3 with no DS referral.")
+  void val_nsec3_nods() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_nods_badopt.rpl: Test validator with NSEC3 with no DS with wrong optout bit.")
+  void val_nsec3_nods_badopt() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_nods_badsig.rpl: Test validator with NSEC3 with no DS referral with bad signature.")
+  void val_nsec3_nods_badsig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName(
+      "val_nsec3_nods_negcache.rpl: Test validator with NSEC3 with no DS referral from neg cache.")
+  void val_nsec3_nods_negcache() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_nods_soa.rpl: Test validator with NSEC3 with no DS referral abuse of apex.")
+  void val_nsec3_nods_soa() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_optout_ad.rpl: Test validator with optout NSEC3 response that gets no AD.")
+  void val_nsec3_optout_ad() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("more cache stuff")
+  @Test
+  @DisplayName(
+      "val_nsec3_optout_cache.rpl: Test validator with NSEC3 span change and cache effects.")
+  void val_nsec3_optout_cache() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_wcany.rpl: Test validator with NSEC3 wildcard qtype ANY response.")
+  void val_nsec3_wcany() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_wcany_nodeny.rpl: Test validator with NSEC3 wildcard qtype ANY without denial.")
+  void val_nsec3_wcany_nodeny() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx.rpl: Test validator with nxdomain response")
+  void val_nx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nx_failwc.rpl: Test validator with nxdomain response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test.")
+  void val_nx_failwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nodeny.rpl: Test validator with nxdomain response missing qname denial")
+  void val_nx_nodeny() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nowc.rpl: Test validator with nxdomain response missing wildcard denial")
+  void val_nx_nowc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nsec3_collision.rpl: Test validator with nxdomain NSEC3 with a collision.")
+  void val_nx_nsec3_collision() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nx_nsec3_collision2.rpl: Test validator with nxdomain NSEC3 with a salt mismatch.")
+  void val_nx_nsec3_collision2() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nsec3_collision3.rpl: Test validator with nxdomain NSEC3 with a collision.")
+  void val_nx_nsec3_collision3() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nsec3_collision4.rpl: Test validator with nxdomain NSEC3 with a collision.")
+  void val_nx_nsec3_collision4() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nsec3_hashalg.rpl: Test validator with unknown NSEC3 hash algorithm.")
+  void val_nx_nsec3_hashalg() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nx_nsec3_nsecmix.rpl: Test validator with NSEC3 responses that has an NSEC mixed in.")
+  void val_nx_nsec3_nsecmix() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nsec3_params.rpl: Test validator with nxdomain NSEC3 several parameters.")
+  void val_nx_nsec3_params() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_overreach.rpl: Test validator with overreaching NSEC record")
+  void val_nx_overreach() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_positive.rpl: Test validator with positive response")
+  void val_positive() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_positive_nosigs.rpl: Test validator with positive response, signatures removed.")
+  void val_positive_nosigs() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_positive_wc.rpl: Test validator with positive wildcard response")
+  void val_positive_wc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_positive_wc_nodeny.rpl: Test validator with positive wildcard without qname denial")
+  void val_positive_wc_nodeny() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_pos_truncns.rpl: Test validator with badly truncated positive response")
+  void val_pos_truncns() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_qds_badanc.rpl: Test validator with DS query and a bad anchor")
+  void val_qds_badanc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_qds_oneanc.rpl: Test validator with DS query and one anchor")
+  void val_qds_oneanc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_qds_twoanc.rpl: Test validator with DS query and two anchors")
+  void val_qds_twoanc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("NSEC records missing for validation, tests caching stuff")
+  @Test
+  @DisplayName("val_referd.rpl: Test validator with cache referral")
+  void val_referd() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName("val_referglue.rpl: Test validator with cache referral with unsigned glue")
+  void val_referglue() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName("val_refer_unsignadd.rpl: Test validator with a referral with unsigned additional")
+  void val_refer_unsignadd() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_rrsig.rpl: Test validator with qtype RRSIG response")
+  void val_rrsig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_secds.rpl: Test validator with secure delegation")
+  void val_secds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_secds_nosig.rpl: Test validator with no signatures after secure delegation")
+  void val_secds_nosig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_spurious_ns.rpl: Test validator with spurious unsigned NS in auth section")
+  void val_spurious_ns() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests unbound specific config (stub zones)")
+  @Test
+  @DisplayName("val_stubds.rpl: Test stub with DS query")
+  void val_stubds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_stub_noroot.rpl: Test validation of stub zone without root prime.")
+  void val_stub_noroot() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ta_algo_dnskey.rpl: Test validator with multiple algorithm trust anchor")
+  void val_ta_algo_dnskey() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_ta_algo_dnskey_dp.rpl: Test validator with multiple algorithm trust anchor without harden")
+  void val_ta_algo_dnskey_dp() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ta_algo_missing.rpl: Test validator with multiple algorithm missing one")
+  void val_ta_algo_missing() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ta_algo_missing_dp.rpl: Test validator with multiple algorithm missing one")
+  void val_ta_algo_missing_dp() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_twocname.rpl: Test validator with unsigned CNAME to signed CNAME to data")
+  void val_twocname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_unalgo_anchor.rpl: Test validator with unsupported algorithm trust anchor")
+  void val_unalgo_anchor() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_unalgo_dlv.rpl: Test validator with unknown algorithm DLV anchor")
+  void val_unalgo_dlv() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_unalgo_ds.rpl: Test validator with unknown algorithm delegation")
+  void val_unalgo_ds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_unsecds.rpl: Test validator with insecure delegation")
+  void val_unsecds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName(
+      "val_unsecds_negcache.rpl: Test validator with insecure delegation and DS negative cache")
+  void val_unsecds_negcache() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests the iterative resolver")
+  @Test
+  @DisplayName("val_unsecds_qtypeds.rpl: Test validator with insecure delegation and qtype DS.")
+  void val_unsecds_qtypeds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_unsec_cname.rpl: Test validator with DS, unsec, cname sequence.")
+  void val_unsec_cname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_wild_pos.rpl: Test validator with direct wildcard positive response")
+  void val_wild_pos() throws ParseException, IOException {
+    runUnboundTest();
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/hosts/HostsFileParserTest.java b/src/test/java/org/xbill/DNS/hosts/HostsFileParserTest.java
new file mode 100644
index 000000000..bd42fbb2f
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/hosts/HostsFileParserTest.java
@@ -0,0 +1,347 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.hosts;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
+
+import java.io.BufferedWriter;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.URISyntaxException;
+import java.net.UnknownHostException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.FileSystem;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.StandardCopyOption;
+import java.nio.file.StandardOpenOption;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.nio.file.attribute.FileTime;
+import java.nio.file.spi.FileSystemProvider;
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+import java.time.ZoneId;
+import java.util.Optional;
+import org.apache.commons.io.file.spi.FileSystemProviders;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Type;
+
+class HostsFileParserTest {
+  private static final Name kubernetesName = Name.fromConstantString("kubernetes.docker.internal.");
+  private static final byte[] localhostBytes = new byte[] {127, 0, 0, 1};
+  private static Path hostsFileWindows;
+  private static Path hostsFileInvalid;
+  private static InetAddress kubernetesAddress;
+
+  @TempDir Path tempDir;
+
+  @BeforeAll
+  static void beforeAll() throws URISyntaxException, UnknownHostException {
+    hostsFileWindows = Paths.get(HostsFileParserTest.class.getResource("/hosts_example").toURI());
+    hostsFileInvalid = Paths.get(HostsFileParserTest.class.getResource("/hosts_invalid").toURI());
+    kubernetesAddress = InetAddress.getByAddress(kubernetesName.toString(), localhostBytes);
+  }
+
+  @Test
+  void testArguments() {
+    assertThrows(NullPointerException.class, () -> new HostsFileParser(null));
+    assertThrows(IllegalArgumentException.class, () -> new HostsFileParser(tempDir));
+  }
+
+  @Test
+  void handleNoValidClock() {
+    HostsFileParser p = new HostsFileParser(hostsFileWindows);
+    p.setClock(Clock.fixed(Instant.MIN, ZoneId.systemDefault()));
+    assertDoesNotThrow(() -> p.getAddressForHost(Name.root, Type.A));
+  }
+
+  @Test
+  void handleNoModificationTime() throws IOException {
+    FileSystemProvider spiedFsp = spy(FileSystemProviders.getFileSystemProvider(hostsFileWindows));
+    doAnswer(
+            a -> {
+              BasicFileAttributes attributes = spy((BasicFileAttributes) a.callRealMethod());
+              when(attributes.lastModifiedTime()).thenReturn(FileTime.from(Instant.MIN));
+              return attributes;
+            })
+        .when(spiedFsp)
+        .readAttributes(any(), eq(BasicFileAttributes.class));
+    Path spiedPath = spy(spiedFsp.getPath(hostsFileWindows.toUri()));
+    when(spiedPath.getFileSystem())
+        .thenAnswer(
+            a -> {
+              FileSystem spiedFs = spy((FileSystem) a.callRealMethod());
+              doReturn(spiedFsp).when(spiedFs).provider();
+              return spiedFs;
+            });
+    HostsFileParser p = new HostsFileParser(spiedPath);
+    assertDoesNotThrow(() -> p.getAddressForHost(Name.root, Type.A));
+  }
+
+  @Test
+  void testLookupType() {
+    HostsFileParser hostsFileParser = new HostsFileParser(hostsFileWindows);
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> hostsFileParser.getAddressForHost(kubernetesName, Type.MX));
+  }
+
+  @Test
+  void testEntireFileParsing() throws IOException {
+    HostsFileParser hostsFileParser = new HostsFileParser(hostsFileWindows);
+    assertEquals(
+        kubernetesAddress,
+        hostsFileParser
+            .getAddressForHost(kubernetesName, Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+  }
+
+  @Test
+  void testMissingFileIsEmptyResult() throws IOException {
+    HostsFileParser hostsFileParser = new HostsFileParser(tempDir.resolve("missing"));
+    assertEquals(Optional.empty(), hostsFileParser.getAddressForHost(kubernetesName, Type.A));
+  }
+
+  @Test
+  void testCacheLookupAfterFileDeleteWithoutChangeChecking() throws IOException {
+    Path tempHosts = Files.copy(hostsFileWindows, tempDir, StandardCopyOption.REPLACE_EXISTING);
+    HostsFileParser hostsFileParser = new HostsFileParser(tempHosts, false);
+    assertEquals(0, hostsFileParser.cacheSize());
+    assertEquals(
+        kubernetesAddress,
+        hostsFileParser
+            .getAddressForHost(kubernetesName, Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+    assertTrue(hostsFileParser.cacheSize() > 1, "Cache must not be empty");
+    Files.delete(tempHosts);
+    assertEquals(
+        kubernetesAddress,
+        hostsFileParser
+            .getAddressForHost(kubernetesName, Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+  }
+
+  @Test
+  void testFileDeletionClearsCache() throws IOException {
+    Path tempHosts =
+        Files.copy(
+            hostsFileWindows,
+            tempDir.resolve("testFileWatcherClearsCache"),
+            StandardCopyOption.REPLACE_EXISTING);
+    HostsFileParser hostsFileParser = new HostsFileParser(tempHosts);
+    Clock clock = mock(Clock.class);
+    hostsFileParser.setClock(clock);
+    Instant now = Clock.systemUTC().instant();
+    when(clock.instant()).thenReturn(now);
+    assertEquals(0, hostsFileParser.cacheSize());
+    assertEquals(
+        kubernetesAddress,
+        hostsFileParser
+            .getAddressForHost(kubernetesName, Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+    assertTrue(hostsFileParser.cacheSize() > 1, "Cache must not be empty");
+    Files.delete(tempHosts);
+    when(clock.instant()).thenReturn(now.plus(Duration.ofMinutes(6)));
+    assertEquals(Optional.empty(), hostsFileParser.getAddressForHost(kubernetesName, Type.A));
+    assertEquals(0, hostsFileParser.cacheSize());
+  }
+
+  @Test
+  void testFileChangeClearsCache() throws IOException {
+    Path tempHosts =
+        Files.copy(
+            hostsFileWindows,
+            tempDir.resolve("testFileWatcherClearsCache"),
+            StandardCopyOption.REPLACE_EXISTING);
+    Files.setLastModifiedTime(tempHosts, FileTime.fromMillis(0));
+    HostsFileParser hostsFileParser = new HostsFileParser(tempHosts);
+    Clock clock = mock(Clock.class);
+    hostsFileParser.setClock(clock);
+    Instant now = Clock.systemUTC().instant();
+    when(clock.instant()).thenReturn(now);
+    assertEquals(0, hostsFileParser.cacheSize());
+    assertEquals(
+        kubernetesAddress,
+        hostsFileParser
+            .getAddressForHost(kubernetesName, Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+    assertTrue(hostsFileParser.cacheSize() > 1, "Cache must not be empty");
+    Name testName = Name.fromConstantString("testFileChangeClearsCache.");
+    try (BufferedWriter w =
+        Files.newBufferedWriter(tempHosts, StandardCharsets.UTF_8, StandardOpenOption.APPEND)) {
+      w.append("127.0.0.1  ").append(testName.toString());
+      w.newLine();
+    }
+
+    Files.setLastModifiedTime(tempHosts, FileTime.fromMillis(10_0000));
+    when(clock.instant()).thenReturn(now.plus(Duration.ofMinutes(6)));
+    assertEquals(
+        InetAddress.getByAddress(testName.toString(), localhostBytes),
+        hostsFileParser
+            .getAddressForHost(testName, Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+  }
+
+  @Test
+  void testInvalidContentIsIgnored() throws IOException {
+    HostsFileParser hostsFileParser = new HostsFileParser(hostsFileInvalid);
+    assertEquals(
+        InetAddress.getByAddress("localhost", localhostBytes),
+        hostsFileParser
+            .getAddressForHost(Name.fromConstantString("localhost."), Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+    assertEquals(
+        InetAddress.getByAddress("localalias", localhostBytes),
+        hostsFileParser
+            .getAddressForHost(Name.fromConstantString("localalias."), Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+    assertEquals(
+        Optional.empty(),
+        hostsFileParser.getAddressForHost(Name.fromConstantString("some-junk."), Type.A));
+    assertNotEquals(
+        Optional.empty(),
+        hostsFileParser.getAddressForHost(Name.fromConstantString("example.org."), Type.A));
+  }
+
+  @Test
+  void testBigFileIsNotCompletelyCachedA() throws IOException {
+    HostsFileParser hostsFileParser = generateLargeHostsFile("testBigFileIsNotCompletelyCachedA");
+    hostsFileParser
+        .getAddressForHost(Name.fromConstantString("localhost-10."), Type.A)
+        .orElseThrow(() -> new IllegalStateException("Host entry not found"));
+    assertEquals(1, hostsFileParser.cacheSize());
+  }
+
+  @Test
+  void testBigFileCompletelyCachedA() throws IOException {
+    try {
+      System.setProperty("dnsjava.hostsfile.max_size_bytes", 1024 * 1024 * 1024 + "");
+      HostsFileParser hostsFileParser = generateLargeHostsFile("testBigFileCompletelyCachedA");
+      hostsFileParser
+          .getAddressForHost(Name.fromConstantString("localhost-10."), Type.A)
+          .orElseThrow(() -> new IllegalStateException("Host entry not found"));
+      assertEquals(1280, hostsFileParser.cacheSize());
+    } finally {
+      System.clearProperty("dnsjava.hostsfile.max_size_bytes");
+    }
+  }
+
+  @Test
+  void testBigFileIsNotCompletelyCachedAAAA() throws IOException {
+    HostsFileParser hostsFileParser =
+        generateLargeHostsFile("testBigFileIsNotCompletelyCachedAAAA");
+    hostsFileParser
+        .getAddressForHost(Name.fromConstantString("localhost-10."), Type.AAAA)
+        .orElseThrow(() -> new IllegalStateException("Host entry not found"));
+    assertEquals(1, hostsFileParser.cacheSize());
+  }
+
+  private HostsFileParser generateLargeHostsFile(String name) throws IOException {
+    Path generatedLargeFile = tempDir.resolve(name);
+    try (BufferedWriter w = Files.newBufferedWriter(generatedLargeFile)) {
+      for (int i = 0; i < 1024; i++) {
+        w.append("127.0.0.")
+            .append(String.valueOf(i))
+            .append(" localhost-")
+            .append(String.valueOf(i));
+        w.newLine();
+        w.append("::")
+            .append(Integer.toHexString(i))
+            .append(" localhost-")
+            .append(String.valueOf(i));
+        w.newLine();
+      }
+    }
+    return new HostsFileParser(generatedLargeFile);
+  }
+
+  @Test
+  void testBigFileNotFoundA() throws IOException {
+    HostsFileParser hostsFileParser = generateLargeHostsFile("testBigFileNotFoundA");
+    hostsFileParser
+        .getAddressForHost(Name.fromConstantString("localhost-1024."), Type.A)
+        .ifPresent(
+            entry -> {
+              throw new IllegalStateException("Host entry not found");
+            });
+    assertEquals(0, hostsFileParser.cacheSize());
+  }
+
+  @Test
+  void testBigFileNotFoundAAAA() throws IOException {
+    HostsFileParser hostsFileParser = generateLargeHostsFile("testBigFileNotFoundAAAA");
+    hostsFileParser
+        .getAddressForHost(Name.fromConstantString("localhost-1024."), Type.AAAA)
+        .ifPresent(
+            entry -> {
+              throw new IllegalStateException("Host entry not found");
+            });
+    assertEquals(0, hostsFileParser.cacheSize());
+  }
+
+  @Test
+  void testDualStackLookup() throws IOException {
+    HostsFileParser hostsFileParser = new HostsFileParser(hostsFileInvalid);
+    assertEquals(
+        InetAddress.getByAddress("localhost", localhostBytes),
+        hostsFileParser
+            .getAddressForHost(Name.fromConstantString("localhost."), Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+    byte[] ipv6Localhost = new byte[16];
+    ipv6Localhost[15] = 1;
+    assertEquals(
+        InetAddress.getByAddress("localhost", ipv6Localhost),
+        hostsFileParser
+            .getAddressForHost(Name.fromConstantString("localhost."), Type.AAAA)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+  }
+
+  @Test
+  void testDuplicateItemReturnsFirst() throws IOException {
+    HostsFileParser hostsFileParser = new HostsFileParser(hostsFileInvalid);
+    assertEquals(
+        InetAddress.getByAddress("example.com", new byte[] {127, 0, 0, 5}),
+        hostsFileParser
+            .getAddressForHost(Name.fromConstantString("example.com."), Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+
+    // lookup a second time to validate the cache entry
+    assertEquals(
+        InetAddress.getByAddress("example.com", new byte[] {127, 0, 0, 5}),
+        hostsFileParser
+            .getAddressForHost(Name.fromConstantString("example.com."), Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+  }
+
+  @Test
+  void testDuplicateItemReturnsFirstOnLargeFile() throws IOException {
+    Path generatedLargeFile = tempDir.resolve("testDuplicateItemReturnsFirstOnLargeFile");
+    try (BufferedWriter w = Files.newBufferedWriter(generatedLargeFile)) {
+      for (int i = 1; i < 1024; i++) {
+        w.append("127.0.0.").append(String.valueOf(i)).append(" localhost");
+        w.newLine();
+      }
+    }
+    HostsFileParser hostsFileParser = new HostsFileParser(generatedLargeFile);
+    assertEquals(
+        InetAddress.getByAddress("localhost", new byte[] {127, 0, 0, 1}),
+        hostsFileParser
+            .getAddressForHost(Name.fromConstantString("localhost."), Type.A)
+            .orElseThrow(() -> new IllegalStateException("Host entry not found")));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/lookup/LookupFailedExceptionTest.java b/src/test/java/org/xbill/DNS/lookup/LookupFailedExceptionTest.java
new file mode 100644
index 000000000..94b37c31a
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/lookup/LookupFailedExceptionTest.java
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Type;
+
+class LookupFailedExceptionTest {
+  @Test
+  void ctor_noNameAndType() {
+    LookupFailedException exception = new LookupFailedException();
+    assertNull(exception.getName());
+    assertEquals(0, exception.getType());
+  }
+
+  @Test
+  void ctor_withMessage() {
+    LookupFailedException exception = new LookupFailedException("message");
+    assertEquals("message", exception.getMessage());
+    assertNull(exception.getName());
+    assertEquals(0, exception.getType());
+  }
+
+  @Test
+  void ctor_withNameAndType() {
+    Name name = Name.fromConstantString("a.b.");
+    int type = Type.A;
+    LookupFailedException exception = new LookupFailedException(name, type);
+    assertEquals(name, exception.getName());
+    assertEquals(type, exception.getType());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/lookup/LookupResultTest.java b/src/test/java/org/xbill/DNS/lookup/LookupResultTest.java
new file mode 100644
index 000000000..3621b3a61
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/lookup/LookupResultTest.java
@@ -0,0 +1,103 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+import static java.util.Collections.singletonList;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.net.InetAddress;
+import java.util.Collections;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.CNAMERecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+
+class LookupResultTest {
+  private static final LookupResult PREVIOUS = new LookupResult(false);
+  private static final ARecord A_RECORD =
+      new ARecord(Name.fromConstantString("a."), DClass.IN, 0, InetAddress.getLoopbackAddress());
+
+  @Test
+  void ctor_nullRecords() {
+    assertThrows(
+        NullPointerException.class,
+        () -> new LookupResult(PREVIOUS, null, null, false, null, Collections.emptyList()));
+  }
+
+  @Test
+  void ctor_nullAliases() {
+    assertThrows(
+        NullPointerException.class,
+        () -> new LookupResult(PREVIOUS, null, null, false, Collections.emptyList(), null));
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void ctor_authOnly(boolean isAuthenticated) {
+    LookupResult lookupResult = new LookupResult(isAuthenticated);
+    assertEquals(isAuthenticated, lookupResult.isAuthenticated());
+    assertEquals(0, lookupResult.getAliases().size());
+    assertEquals(0, lookupResult.getRecords().size());
+    assertEquals(0, lookupResult.getQueryResponsePairs().size());
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void ctor_singleRecord(boolean isAuthenticated) {
+    LookupResult lookupResult = new LookupResult(A_RECORD, isAuthenticated, A_RECORD);
+    assertEquals(isAuthenticated, lookupResult.isAuthenticated());
+    assertEquals(0, lookupResult.getAliases().size());
+    assertEquals(1, lookupResult.getRecords().size());
+    assertEquals(1, lookupResult.getQueryResponsePairs().size());
+    assertNull(lookupResult.getQueryResponsePairs().get(A_RECORD));
+  }
+
+  @Test
+  void getResult() {
+    LookupResult lookupResult =
+        new LookupResult(
+            PREVIOUS, null, null, false, singletonList(A_RECORD), Collections.emptyList());
+    assertEquals(singletonList(A_RECORD), lookupResult.getRecords());
+  }
+
+  @Test
+  void getAliases() {
+    Name name = Name.fromConstantString("b.");
+    Record aRecord = new ARecord(name, DClass.IN, 0, InetAddress.getLoopbackAddress());
+    LookupResult lookupResult =
+        new LookupResult(PREVIOUS, null, null, false, singletonList(aRecord), singletonList(name));
+    assertEquals(singletonList(name), lookupResult.getAliases());
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void isAuthenticated(boolean isAuthenticated) {
+    LookupResult lookupResult =
+        new LookupResult(
+            new LookupResult(isAuthenticated),
+            null,
+            null,
+            isAuthenticated,
+            singletonList(A_RECORD),
+            Collections.emptyList());
+    assertEquals(isAuthenticated, lookupResult.isAuthenticated());
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void isAuthenticatedRequiresAllForTrue(boolean isAuthenticated) {
+    Name nameA = Name.fromConstantString("a.");
+    Name nameB = Name.fromConstantString("b.");
+    Record cname = new CNAMERecord(nameA, DClass.IN, 0, nameB);
+    Record a = new ARecord(nameB, DClass.IN, 0, InetAddress.getLoopbackAddress());
+    LookupResult lookupResult1 = new LookupResult(isAuthenticated);
+    LookupResult lookupResult2 =
+        new LookupResult(lookupResult1, cname, null, true, singletonList(a), singletonList(nameA));
+    assertEquals(isAuthenticated, lookupResult2.isAuthenticated());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/lookup/LookupSessionTest.java b/src/test/java/org/xbill/DNS/lookup/LookupSessionTest.java
new file mode 100644
index 000000000..77ec7769a
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/lookup/LookupSessionTest.java
@@ -0,0 +1,1474 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+import static java.lang.String.format;
+import static java.util.Arrays.asList;
+import static java.util.Collections.emptyList;
+import static java.util.Collections.singletonList;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.jupiter.api.Assertions.assertAll;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.lenient;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.when;
+import static org.xbill.DNS.DClass.IN;
+import static org.xbill.DNS.LookupTest.DUMMY_NAME;
+import static org.xbill.DNS.LookupTest.LONG_LABEL;
+import static org.xbill.DNS.LookupTest.answer;
+import static org.xbill.DNS.LookupTest.fail;
+import static org.xbill.DNS.LookupTest.multiAnswer;
+import static org.xbill.DNS.Type.A;
+import static org.xbill.DNS.Type.AAAA;
+import static org.xbill.DNS.Type.CNAME;
+import static org.xbill.DNS.Type.DNAME;
+import static org.xbill.DNS.Type.MX;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.URISyntaxException;
+import java.net.UnknownHostException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Executor;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.api.io.TempDir;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.EnumSource;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.mockito.ArgumentCaptor;
+import org.mockito.InOrder;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.xbill.DNS.AAAARecord;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.Address;
+import org.xbill.DNS.CNAMERecord;
+import org.xbill.DNS.Cache;
+import org.xbill.DNS.Credibility;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNAMERecord;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Resolver;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.SetResponse;
+import org.xbill.DNS.Type;
+import org.xbill.DNS.WireParseException;
+import org.xbill.DNS.hosts.HostsFileParser;
+
+@ExtendWith(MockitoExtension.class)
+class LookupSessionTest {
+  @Mock Resolver mockResolver;
+
+  @TempDir Path tempDir;
+
+  private static final ARecord LOOPBACK_A =
+      new ARecord(DUMMY_NAME, IN, 3600, InetAddress.getLoopbackAddress());
+  private static final ARecord EXAMPLE_A = (ARecord) LOOPBACK_A.withName(name("example.com."));
+  private static final AAAARecord LOOPBACK_AAAA;
+  private static final String INVALID_SERVER_RESPONSE_MESSAGE = "refusing to return it";
+  private HostsFileParser lookupSessionTestHostsFileParser;
+
+  static {
+    AAAARecord aaaaRecord = null;
+    try {
+      aaaaRecord =
+          new AAAARecord(
+              DUMMY_NAME,
+              IN,
+              3600,
+              InetAddress.getByAddress(Address.toByteArray("::1", Address.IPv6)));
+    } catch (UnknownHostException e) {
+      // cannot happen
+    }
+
+    LOOPBACK_AAAA = aaaaRecord;
+  }
+
+  @BeforeEach
+  void beforeEach() throws URISyntaxException {
+    lookupSessionTestHostsFileParser =
+        new HostsFileParser(
+            Paths.get(LookupSessionTest.class.getResource("/hosts_example").toURI()));
+  }
+
+  @AfterEach
+  void afterEach() {
+    verifyNoMoreInteractions(mockResolver);
+  }
+
+  @Test
+  void lookupAsync_absoluteQuery() throws InterruptedException, ExecutionException {
+    wireUpMockResolver(mockResolver, query -> answer(query, name -> LOOPBACK_A));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("a.b."))), result.getRecords());
+
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_absoluteQueryNoExtra(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    wireUpMockResolver(
+        mockResolver, query -> multiAnswer(query, name -> new Record[] {LOOPBACK_A, EXAMPLE_A}));
+
+    LookupSession lookupSession = lookupSession(useCache).irrelevantRecordMode(mode).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(name("a.b."), A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).isEmpty();
+      assertThat(result.getRecords()).containsExactly(LOOPBACK_A.withName(name("a.b.")));
+    }
+
+    assertCacheUnused(useCache, mode, lookupSession);
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_absoluteQuery_defaultClass() throws InterruptedException, ExecutionException {
+    wireUpMockResolver(mockResolver, query -> answer(query, name -> LOOPBACK_A));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("a.b."))), result.getRecords());
+
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_absoluteQueryWithHosts() throws InterruptedException, ExecutionException {
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .resolver(mockResolver)
+            .hostsFileParser(lookupSessionTestHostsFileParser)
+            .build();
+    CompletionStage<LookupResult> resultFuture =
+        lookupSession.lookupAsync(name("kubernetes.docker.internal."), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(
+        singletonList(LOOPBACK_A.withName(name("kubernetes.docker.internal."))),
+        result.getRecords());
+  }
+
+  @Test
+  void lookupAsync_absoluteQueryWithFailedHosts() throws IOException {
+    wireUpMockResolver(mockResolver, q -> fail(q, Rcode.NXDOMAIN));
+    HostsFileParser mockHosts = mock(HostsFileParser.class);
+    when(mockHosts.getAddressForHost(any(), anyInt())).thenThrow(IOException.class);
+    LookupSession lookupSession =
+        LookupSession.builder().resolver(mockResolver).hostsFileParser(mockHosts).build();
+
+    assertThatThrownBy(
+            lookupSession
+                    .lookupAsync(name("kubernetes.docker.internal."), A, IN)
+                    .toCompletableFuture()
+                ::get)
+        .cause()
+        .isInstanceOf(NoSuchDomainException.class);
+  }
+
+  @Test
+  void lookupAsync_absoluteQueryWithHostsInvalidType() {
+    wireUpMockResolver(mockResolver, query -> fail(query, Rcode.NXDOMAIN));
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .resolver(mockResolver)
+            .hostsFileParser(lookupSessionTestHostsFileParser)
+            .build();
+
+    assertThatThrownBy(
+            lookupSession
+                    .lookupAsync(name("kubernetes.docker.internal."), MX, IN)
+                    .toCompletableFuture()
+                ::get)
+        .cause()
+        .isInstanceOf(NoSuchDomainException.class);
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_absoluteAaaaQueryWithHosts() throws InterruptedException, ExecutionException {
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .resolver(mockResolver)
+            .hostsFileParser(lookupSessionTestHostsFileParser)
+            .build();
+    CompletionStage<LookupResult> resultFuture =
+        lookupSession.lookupAsync(name("kubernetes.docker.internal."), AAAA, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(
+        singletonList(LOOPBACK_AAAA.withName(name("kubernetes.docker.internal."))),
+        result.getRecords());
+  }
+
+  @Test
+  void lookupAsync_relativeQueryWithHosts() throws InterruptedException, ExecutionException {
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .resolver(mockResolver)
+            .hostsFileParser(lookupSessionTestHostsFileParser)
+            .build();
+    CompletionStage<LookupResult> resultFuture =
+        lookupSession.lookupAsync(name("kubernetes.docker.internal"), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(
+        singletonList(LOOPBACK_A.withName(name("kubernetes.docker.internal."))),
+        result.getRecords());
+  }
+
+  @Test
+  void lookupAsync_relativeQueryWithHostsNdots3() throws InterruptedException, ExecutionException {
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .resolver(mockResolver)
+            .ndots(3)
+            .hostsFileParser(lookupSessionTestHostsFileParser)
+            .build();
+    CompletionStage<LookupResult> resultFuture =
+        lookupSession.lookupAsync(name("kubernetes.docker.internal"), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(
+        singletonList(LOOPBACK_A.withName(name("kubernetes.docker.internal."))),
+        result.getRecords());
+  }
+
+  @Test
+  void lookupAsync_relativeQueryWithInvalidHosts() throws InterruptedException, ExecutionException {
+    wireUpMockResolver(mockResolver, query -> answer(query, name -> LOOPBACK_A));
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .resolver(mockResolver)
+            .hostsFileParser(
+                new HostsFileParser(tempDir.resolve("lookupAsync_relativeQueryWithInvalidHosts")))
+            .build();
+    CompletionStage<LookupResult> resultFuture =
+        lookupSession.lookupAsync(name("kubernetes.docker.internal"), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(
+        singletonList(LOOPBACK_A.withName(name("kubernetes.docker.internal."))),
+        result.getRecords());
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_absoluteQueryWithCacheMiss() throws InterruptedException, ExecutionException {
+    wireUpMockResolver(mockResolver, query -> answer(query, name -> LOOPBACK_A));
+    Cache mockCache = mock(Cache.class);
+    when(mockCache.getDClass()).thenReturn(IN);
+
+    LookupSession lookupSession =
+        LookupSession.builder().resolver(mockResolver).cache(mockCache).build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("a.b."))), result.getRecords());
+
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+    verify(mockCache).lookupRecords(name("a.b."), A, Credibility.NORMAL);
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockCache).addMessage(messageCaptor.capture());
+    Record question = messageCaptor.getValue().getQuestion();
+    assertEquals(IN, question.getDClass());
+    assertEquals(A, question.getType());
+    assertEquals(name("a.b."), question.getName());
+
+    verifyNoMoreInteractions(mockCache);
+  }
+
+  @Test
+  void lookupAsync_absoluteQueryWithoutCache() throws InterruptedException, ExecutionException {
+    wireUpMockResolver(mockResolver, query -> answer(query, name -> LOOPBACK_A));
+
+    LookupSession lookupSession =
+        LookupSession.builder().resolver(mockResolver).clearCaches().build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("a.b."))), result.getRecords());
+
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_absoluteQueryWithMultipleCaches()
+      throws InterruptedException, ExecutionException {
+    wireUpMockResolver(mockResolver, query -> answer(query, name -> LOOPBACK_A));
+    Cache mockCache1 = mock(Cache.class);
+    when(mockCache1.getDClass()).thenReturn(IN);
+    Cache mockCache2 = mock(Cache.class);
+    when(mockCache2.getDClass()).thenReturn(IN);
+    List<Cache> caches = new ArrayList<>(2);
+    caches.add(mockCache1);
+    caches.add(mockCache2);
+
+    LookupSession lookupSession =
+        LookupSession.builder().resolver(mockResolver).caches(caches).build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("a.b."))), result.getRecords());
+
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+    verify(mockCache2).lookupRecords(name("a.b."), A, Credibility.NORMAL);
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockCache2).addMessage(messageCaptor.capture());
+    Record question = messageCaptor.getValue().getQuestion();
+    assertEquals(IN, question.getDClass());
+    assertEquals(A, question.getType());
+    assertEquals(name("a.b."), question.getName());
+
+    verifyNoMoreInteractions(mockCache1);
+    verifyNoMoreInteractions(mockCache2);
+  }
+
+  @Test
+  void lookupAsync_absoluteQueryWithCacheHit() throws InterruptedException, ExecutionException {
+    Name aName = name("a.b.");
+
+    Cache mockCache = mock(Cache.class);
+    SetResponse response = mock(SetResponse.class);
+    when(response.isSuccessful()).thenReturn(true);
+    when(response.answers()).thenReturn(singletonList(new RRset(LOOPBACK_A.withName(aName))));
+    when(mockCache.getDClass()).thenReturn(IN);
+    when(mockCache.lookupRecords(aName, A, Credibility.NORMAL)).thenReturn(response);
+
+    LookupSession lookupSession =
+        LookupSession.builder().resolver(mockResolver).cache(mockCache).build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(aName, A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(aName)), result.getRecords());
+
+    verify(mockCache).lookupRecords(aName, A, Credibility.NORMAL);
+    verifyNoMoreInteractions(mockCache);
+  }
+
+  @Test
+  void lookupAsync_searchPathWithCacheMissAndHit() throws InterruptedException, ExecutionException {
+
+    wireUpMockResolver(mockResolver, q -> answer(q, n -> cname("host.tld.", "another.tld.")));
+
+    Cache mockCache = mock(Cache.class);
+    when(mockCache.getDClass()).thenReturn(IN);
+    // interestingly, a non-configured mock behaves the same way as a cache miss return value.
+    when(mockCache.lookupRecords(name("host.tld."), A, Credibility.NORMAL))
+        .thenReturn(mock(SetResponse.class));
+
+    SetResponse anotherTldResponse = mock(SetResponse.class);
+    when(anotherTldResponse.isSuccessful()).thenReturn(true);
+    when(anotherTldResponse.answers())
+        .thenReturn(singletonList(new RRset(LOOPBACK_A.withName(name("another.tld.")))));
+    when(mockCache.lookupRecords(name("another.tld."), A, Credibility.NORMAL))
+        .thenReturn(anotherTldResponse);
+
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .resolver(mockResolver)
+            .cache(mockCache)
+            .searchPath(name("tld."))
+            .build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("host"), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("another.tld."))), result.getRecords());
+
+    verify(mockCache).lookupRecords(name("host.tld."), A, Credibility.NORMAL);
+    verify(mockCache).addMessage(any());
+    verify(mockCache).lookupRecords(name("another.tld."), A, Credibility.NORMAL);
+    verifyNoMoreInteractions(mockCache);
+  }
+
+  @Test
+  void lookupAsync_negativeCacheRecords() throws InterruptedException, ExecutionException {
+
+    Cache mockCache = mock(Cache.class);
+    when(mockCache.getDClass()).thenReturn(IN);
+
+    SetResponse first = mock(SetResponse.class);
+    when(first.isNXDOMAIN()).thenReturn(true);
+    when(mockCache.lookupRecords(name("host.tld1."), A, Credibility.NORMAL)).thenReturn(first);
+
+    SetResponse second = mock(SetResponse.class);
+    when(second.isNXRRSET()).thenReturn(true);
+    when(mockCache.lookupRecords(name("host.tld2."), A, Credibility.NORMAL)).thenReturn(second);
+
+    SetResponse third = mock(SetResponse.class);
+    when(third.isSuccessful()).thenReturn(true);
+    when(third.answers())
+        .thenReturn(singletonList(new RRset(LOOPBACK_A.withName(name("host.tld3.")))));
+    when(mockCache.lookupRecords(name("host.tld3."), A, Credibility.NORMAL)).thenReturn(third);
+
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .resolver(mockResolver)
+            .cache(mockCache)
+            .searchPath(asList(name("tld1"), name("tld2"), name("tld3")))
+            .build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("host"), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("host.tld3."))), result.getRecords());
+
+    InOrder inOrder = inOrder(mockCache);
+    inOrder.verify(mockCache).lookupRecords(name("host.tld1."), A, Credibility.NORMAL);
+    inOrder.verify(mockCache).lookupRecords(name("host.tld2."), A, Credibility.NORMAL);
+    inOrder.verify(mockCache).lookupRecords(name("host.tld3."), A, Credibility.NORMAL);
+    verifyNoMoreInteractions(mockCache);
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void lookupAsync_twoCnameRedirectMultipleQueries(boolean useCache) throws Exception {
+    Function<Name, Record> nameToRecord =
+        name -> {
+          switch (name.toString()) {
+            case "cname.a.":
+              return cname("cname.a.", "cname.b.");
+            case "cname.b.":
+              return cname("cname.b.", "a.b.");
+            default:
+              return LOOPBACK_A.withName(name("a.b."));
+          }
+        };
+    wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
+
+    LookupSession lookupSession = lookupSession(useCache).build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("cname.a."), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("a.b."))), result.getRecords());
+    assertEquals(
+        Stream.of(name("cname.a."), name("cname.b.")).collect(Collectors.toList()),
+        result.getAliases());
+    if (useCache) {
+      assertEquals(3, lookupSession.getCache(IN).getSize());
+    }
+    verify(mockResolver, times(3)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,true,REMOVE",
+        "true,true,THROW",
+        "true,false,REMOVE",
+        "true,false,THROW",
+        "false,false,REMOVE",
+        "false,false,THROW",
+        "false,true,REMOVE",
+        "false,true,THROW",
+      })
+  void lookupAsync_twoDnameRedirectOneQuery(
+      boolean useCache, boolean includeSyntheticCnames, IrrelevantRecordMode mode)
+      throws Exception {
+    wireUpMockResolver(
+        mockResolver,
+        query -> {
+          Message answer = new Message(query.getHeader().getID());
+          answer.addRecord(query.getQuestion(), Section.QUESTION);
+          answer.addRecord(dname("example.org.", "example.net."), Section.ANSWER);
+          if (includeSyntheticCnames) {
+            answer.addRecord(cname("www.example.org.", "www.example.net."), Section.ANSWER);
+          }
+          answer.addRecord(dname("example.net.", "example.com."), Section.ANSWER);
+          if (includeSyntheticCnames) {
+            answer.addRecord(cname("www.example.net.", "www.example.com."), Section.ANSWER);
+          }
+          answer.addRecord(cname("www.example.com.", "example.com."), Section.ANSWER);
+          answer.addRecord(LOOPBACK_A.withName(name("example.com.")), Section.ANSWER);
+          return answer;
+        });
+
+    LookupSession lookupSession = lookupSession(useCache).irrelevantRecordMode(mode).build();
+    CompletionStage<LookupResult> resultFuture =
+        lookupSession.lookupAsync(name("www.example.org."), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("example.com."))), result.getRecords());
+    assertEquals(
+        Stream.of(name("www.example.org."), name("www.example.net."), name("www.example.com."))
+            .collect(Collectors.toList()),
+        result.getAliases());
+    if (useCache) {
+      assertEquals(4 + (includeSyntheticCnames ? 2 : 0), lookupSession.getCache(IN).getSize());
+    }
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void lookupAsync_twoCnameRedirectOneQuery(boolean useCache) throws Exception {
+    wireUpMockResolver(
+        mockResolver,
+        query -> {
+          Message answer = new Message(query.getHeader().getID());
+          answer.addRecord(query.getQuestion(), Section.QUESTION);
+          answer.addRecord(cname("cname.a.", "cname.b."), Section.ANSWER);
+          answer.addRecord(cname("cname.b.", "a.b."), Section.ANSWER);
+          answer.addRecord(LOOPBACK_A.withName(name("a.b.")), Section.ANSWER);
+          return answer;
+        });
+
+    LookupSession lookupSession = lookupSession(useCache).build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("cname.a."), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("a.b."))), result.getRecords());
+    assertEquals(
+        Stream.of(name("cname.a."), name("cname.b.")).collect(Collectors.toList()),
+        result.getAliases());
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "true,1", "false,1", "true,2", "false,2",
+  })
+  void lookupAsync_twoCnameRedirectIncompleteResponse(boolean useCache, int firstResponseCnames)
+      throws Exception {
+    wireUpMockResolver(
+        mockResolver,
+        query -> {
+          Message answer = new Message(query.getHeader().getID());
+          answer.addRecord(query.getQuestion(), Section.QUESTION);
+          if (query.getQuestion().getName().equals(name("cname.a."))) {
+            answer.addRecord(cname("cname.a.", "cname.b."), Section.ANSWER);
+            if (firstResponseCnames == 1) {
+              answer.addRecord(cname("cname.b.", "a.b."), Section.ANSWER);
+            }
+          } else {
+            if (firstResponseCnames == 2) {
+              answer.addRecord(cname("cname.b.", "a.b."), Section.ANSWER);
+            }
+            answer.addRecord(LOOPBACK_A.withName(name("a.b.")), Section.ANSWER);
+          }
+          return answer;
+        });
+
+    LookupSession lookupSession = lookupSession(useCache).build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("cname.a."), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("a.b."))), result.getRecords());
+    assertEquals(
+        Stream.of(name("cname.a."), name("cname.b.")).collect(Collectors.toList()),
+        result.getAliases());
+    if (useCache) {
+      assertEquals(3, lookupSession.getCache(IN).getSize());
+    }
+    verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_simpleCnameRedirect_oneQuery() throws Exception {
+    wireUpMockResolver(
+        mockResolver,
+        query -> {
+          Message answer = new Message(query.getHeader().getID());
+          answer.addRecord(query.getQuestion(), Section.QUESTION);
+          answer.addRecord(cname("cname.r.", DUMMY_NAME.toString()), Section.ANSWER);
+          answer.addRecord(LOOPBACK_A, Section.ANSWER);
+          return answer;
+        });
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("cname.r."), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A), result.getRecords());
+    assertEquals(singletonList(name("cname.r.")), result.getAliases());
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "true,NXDOMAIN,A",
+    "false,NXDOMAIN,A",
+    "true,NOERROR,MX",
+    "false,NOERROR,MX",
+  })
+  void lookupAsync_simpleCnameRedirect(boolean useCache, String rcode, String type)
+      throws ExecutionException, InterruptedException {
+    wireUpMockResolver(
+        mockResolver,
+        q -> {
+          if (q.getQuestion().getName().equals(name("cname.r."))) {
+            return answer(q, n -> cname("cname.r.", "a.b."));
+          } else {
+            return fail(q, Rcode.value(rcode));
+          }
+        });
+
+    LookupSession lookupSession = lookupSession(useCache).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(name("cname.r."), Type.value(type), IN).toCompletableFuture();
+
+    if (rcode.equals("NXDOMAIN")) {
+      assertThatThrownBy(future::get).cause().isInstanceOf(NoSuchDomainException.class);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getRecords()).isEmpty();
+    }
+    verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_simpleCnameRedirect() throws Exception {
+    Name cname = name("cname.r.");
+    Name target = name("a.b.");
+    Function<Name, Record> nameToRecord =
+        name -> cname.equals(name) ? cname(cname, target) : LOOPBACK_A;
+    wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(cname, A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("a.b."))), result.getRecords());
+    assertEquals(singletonList(cname), result.getAliases());
+    verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @EnumSource(value = IrrelevantRecordMode.class)
+  void lookupAsync_simpleCnameRedirectNoExtra(IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("cname.r.");
+    Name target = name("a.b.");
+    Function<Name, Record[]> nameToRecord =
+        name ->
+            query.equals(name)
+                ? new Record[] {cname(query, target)}
+                : new Record[] {
+                  LOOPBACK_A, EXAMPLE_A,
+                };
+    wireUpMockResolver(mockResolver, q -> multiAnswer(q, nameToRecord));
+
+    LookupSession lookupSession =
+        LookupSession.builder().resolver(mockResolver).irrelevantRecordMode(mode).build();
+
+    CompletableFuture<LookupResult> f =
+        lookupSession.lookupAsync(query, A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.REMOVE) {
+      LookupResult result = f.get();
+      assertThat(result.getRecords()).hasSize(1).containsExactly(LOOPBACK_A.withName(target));
+    } else {
+      assertThatThrownBy(f::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE)
+          .rootCause()
+          .isInstanceOf(WireParseException.class);
+    }
+
+    verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_cnameQuery() throws Exception {
+    Name query = name("cname.r.");
+    CNAMERecord response = cname(query, "a.b.");
+    Function<Name, Record> nameToRecord = name -> query.equals(name) ? response : LOOPBACK_A;
+    wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(query, CNAME, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(response), result.getRecords());
+    assertEquals(emptyList(), result.getAliases());
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_dnameQuery() throws Exception {
+    Name query = name("dname.r.");
+    DNAMERecord response = dname(query, "a.b.");
+    Function<Name, Record> nameToRecord = name -> name.equals(query) ? response : LOOPBACK_A;
+    wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(query, DNAME, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(response), result.getRecords());
+    assertEquals(emptyList(), result.getAliases());
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_cnameQueryExtra(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("cname.r.");
+    Name target = name("a.b.");
+    CNAMERecord response1 = cname(query, target);
+    CNAMERecord response2 = cname(name("additional.r."), target);
+    Function<Name, Record[]> nameToRecord =
+        name ->
+            query.equals(name) ? new Record[] {response1, response2} : new Record[] {LOOPBACK_A};
+    wireUpMockResolver(mockResolver, q -> multiAnswer(q, nameToRecord));
+
+    LookupSession lookupSession = lookupSession(useCache, mode).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(query, CNAME, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).isEmpty();
+      assertThat(result.getRecords()).containsExactly(cname(query, target));
+    }
+
+    assertCacheUnused(useCache, mode, lookupSession);
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_dnameQueryExtra(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("cname.r.");
+    Name target = name("a.b.");
+    DNAMERecord response1 = dname(query, target);
+    DNAMERecord response2 = dname(name("additional.r."), target);
+    Function<Name, Record[]> nameToRecord =
+        name ->
+            query.equals(name) ? new Record[] {response1, response2} : new Record[] {LOOPBACK_A};
+    wireUpMockResolver(mockResolver, q -> multiAnswer(q, nameToRecord));
+
+    LookupSession lookupSession = lookupSession(useCache, mode).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(query, DNAME, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).isEmpty();
+      assertThat(result.getRecords()).containsExactly(response1);
+    }
+
+    assertCacheUnused(useCache, mode, lookupSession);
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_simpleDnameRedirect() throws Exception {
+    Name query = name("x.y.to.dname.");
+    Function<Name, Record> nameToRecord =
+        name -> name.equals(query) ? dname("to.dname.", "to.a.") : LOOPBACK_A;
+    wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(query, A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("x.y.to.a."))), result.getRecords());
+    verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_simpleDnameRedirectSynthesizedCname() throws Exception {
+    Name query = name("x.y.example.org.");
+    wireUpMockResolver(
+        mockResolver,
+        q ->
+            multiAnswer(
+                q,
+                name ->
+                    new Record[] {
+                      dname("example.org.", "example.net."),
+                      cname("x.y.example.org.", "x.y.example.net."),
+                      LOOPBACK_A.withName(name("x.y.example.net.")),
+                    }));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(query, A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("x.y.example.net."))), result.getRecords());
+    assertEquals(singletonList(name("x.y.example.org.")), result.getAliases());
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "x.y.example.com.,x.y.example.org.,REMOVE",
+        "x.y.example.com.,x.y.example.org.,THROW",
+        "x.y.example.org.,x.y.example.com.,REMOVE",
+        "x.y.example.org.,x.y.example.com.,THROW",
+      })
+  void lookupAsync_simpleDnameRedirectWrongSynthesizedCname(
+      String from, String to, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("x.y.example.org.");
+    wireUpMockResolver(
+        mockResolver,
+        q ->
+            multiAnswer(
+                q,
+                name ->
+                    new Record[] {
+                      // Correct
+                      dname("example.org.", "example.net."),
+                      // Extra and wrong
+                      cname(from, to),
+                      // Correct
+                      LOOPBACK_A.withName(name("x.y.example.net.")),
+                      // Extra and wrong
+                      LOOPBACK_A.withName(name(to)),
+                    }));
+
+    LookupSession lookupSession =
+        LookupSession.builder().resolver(mockResolver).irrelevantRecordMode(mode).build();
+
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(query, A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).containsExactly(name("x.y.example.org."));
+      assertThat(result.getRecords())
+          .containsExactly(LOOPBACK_A.withName(name("x.y.example.net.")));
+    }
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_simpleDnameRedirectNoExtra(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name queryName = name("x.y.to.dname.");
+    wireUpMockResolver(
+        mockResolver,
+        question ->
+            multiAnswer(
+                question,
+                name ->
+                    name.equals(queryName)
+                        ? new Record[] {dname("to.dname.", "to.a.")}
+                        : new Record[] {
+                          // LOOPBACK_A will be transformed to 'x.y.to.a.'
+                          LOOPBACK_A, EXAMPLE_A,
+                        }));
+
+    LookupSession lookupSession = lookupSession(useCache, mode).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(queryName, A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertAll(
+          () -> {
+            assertThat(result.getAliases()).containsExactly(name("x.y.to.dname."));
+            assertThat(result.getRecords()).containsExactly(LOOPBACK_A.withName(name("x.y.to.a.")));
+          });
+    }
+
+    if (useCache && mode == IrrelevantRecordMode.THROW) {
+      // Verify that the invalid response didn't end up in the cache
+      Cache cache = lookupSession.getCache(IN);
+      verify(cache, times(1)).addMessage(any(Message.class));
+      assertEquals(1, cache.getSize());
+      assertTrue(cache.lookupRecords(name("example.com."), A, Credibility.NORMAL).isUnknown());
+    }
+
+    verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_simpleCnameWrongInitial(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("first.example.com.");
+    wireUpMockResolver(mockResolver, q -> answer(q, name -> cname("a.", "b.")));
+
+    LookupSession lookupSession = lookupSession(useCache).irrelevantRecordMode(mode).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(query, A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).isEmpty();
+      assertThat(result.getRecords()).isEmpty();
+    }
+
+    assertCacheUnused(useCache, mode, lookupSession);
+
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_simpleDnameWrongInitial(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("first.example.com.");
+    wireUpMockResolver(mockResolver, q -> answer(q, name -> dname("a.", "b.")));
+
+    LookupSession lookupSession =
+        lookupSession(useCache, mode == IrrelevantRecordMode.THROW)
+            .irrelevantRecordMode(mode)
+            .build();
+
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(query, A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).isEmpty();
+      assertThat(result.getRecords()).isEmpty();
+    }
+
+    assertCacheUnused(useCache, mode, lookupSession);
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  private static void assertCacheUnused(
+      boolean useCache, IrrelevantRecordMode mode, LookupSession lookupSession) {
+    if (useCache && mode == IrrelevantRecordMode.THROW) {
+      // Verify that the invalid response didn't end up in the cache
+      Cache cache = lookupSession.getCache(IN);
+      verify(cache, times(0)).addMessage(any(Message.class));
+      assertEquals(0, cache.getSize());
+    }
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "3,REMOVE",
+        "3,THROW",
+        "4,REMOVE",
+        "4,THROW",
+      })
+  void lookupAsync_redirectLoop(int maxRedirects, IrrelevantRecordMode mode) {
+    CNAMERecord cnameA = cname("a.", "b.");
+    CNAMERecord cnameB = cname("b.", "c.");
+    CNAMERecord cnameC = cname("c.", "d.");
+    CNAMERecord cnameD = cname("d.", "a.");
+    Function<Name, Record> nameToRecord =
+        name -> {
+          if (name.equals(cnameA.getName())) {
+            return cnameA;
+          } else if (name.equals(cnameB.getName())) {
+            return cnameB;
+          } else if (name.equals(cnameC.getName())) {
+            return cnameC;
+          } else if (name.equals(cnameD.getName())) {
+            return cnameD;
+          } else {
+            throw new RuntimeException("Unexpected query");
+          }
+        };
+    wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .maxRedirects(maxRedirects)
+            .resolver(mockResolver)
+            .irrelevantRecordMode(mode)
+            .build();
+
+    Class<? extends Throwable> expected =
+        maxRedirects == 3 ? RedirectOverflowException.class : RedirectLoopException.class;
+    assertThatThrownBy(
+            lookupSession.lookupAsync(cnameA.getName(), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(expected);
+    verify(mockResolver, times(maxRedirects)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest(name = "maxRedirects={0}")
+  @ValueSource(ints = {3, 4})
+  void lookupAsync_redirectLoopOneAnswer(int maxRedirects) {
+    wireUpMockResolver(
+        mockResolver,
+        query -> {
+          Message answer = new Message(query.getHeader().getID());
+          answer.addRecord(query.getQuestion(), Section.QUESTION);
+          answer.addRecord(cname("a.", "b."), Section.ANSWER);
+          answer.addRecord(cname("b.", "c."), Section.ANSWER);
+          answer.addRecord(cname("c.", "d."), Section.ANSWER);
+          answer.addRecord(cname("d.", "a."), Section.ANSWER);
+          return answer;
+        });
+
+    LookupSession lookupSession =
+        LookupSession.builder().resolver(mockResolver).maxRedirects(maxRedirects).build();
+
+    Class<? extends Throwable> expected =
+        maxRedirects == 3 ? RedirectOverflowException.class : RedirectLoopException.class;
+    assertThatThrownBy(lookupSession.lookupAsync(name("a."), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(expected);
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_NODATA() throws ExecutionException, InterruptedException {
+    wireUpMockResolver(mockResolver, q -> fail(q, Rcode.NOERROR));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertThat(result.getRecords()).isEmpty();
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_NXDOMAIN() {
+    wireUpMockResolver(mockResolver, q -> fail(q, Rcode.NXDOMAIN));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+    assertThatThrownBy(lookupSession.lookupAsync(name("a.b."), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(NoSuchDomainException.class);
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_SERVFAIL() {
+    wireUpMockResolver(mockResolver, q -> fail(q, Rcode.SERVFAIL));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+    assertThatThrownBy(lookupSession.lookupAsync(name("a.b."), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(ServerFailedException.class);
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_unknownFailure() {
+    wireUpMockResolver(mockResolver, q -> fail(q, Rcode.NOTIMP));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+    assertThatThrownBy(lookupSession.lookupAsync(name("a.b."), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(LookupFailedException.class);
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_NXRRSET() {
+    wireUpMockResolver(mockResolver, q -> fail(q, Rcode.NXRRSET));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+    assertThatThrownBy(lookupSession.lookupAsync(name("a.b."), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(NoSuchRRSetException.class);
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_TooLongNameDNAME() {
+    wireUpMockResolver(
+        mockResolver, q -> answer(q, n -> dname("to.dname.", format("%s.to.a.", LONG_LABEL))));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+    Name toLookup = name(format("%s.%s.%s.to.dname.", LONG_LABEL, LONG_LABEL, LONG_LABEL));
+    assertThatThrownBy(lookupSession.lookupAsync(toLookup, A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(InvalidZoneDataException.class);
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_MultipleCNAMEs() throws ExecutionException, InterruptedException {
+    Record testQuestion = Record.newRecord(name("a.b."), A, IN);
+    // According to https://docstore.mik.ua/orelly/networking_2ndEd/dns/ch10_07.htm this is
+    // apparently something that BIND 4 / BIND 9 before 9.1 could do.
+    wireUpMockResolver(
+        mockResolver,
+        query -> {
+          Message answer = new Message(query.getHeader().getID());
+          answer.addRecord(testQuestion, Section.QUESTION);
+          answer.addRecord(cname(testQuestion.getName(), "target1."), Section.ANSWER);
+          answer.addRecord(cname(testQuestion.getName(), "target2."), Section.ANSWER);
+          return answer;
+        });
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+    LookupResult result = lookupSession.lookupAsync(testQuestion).toCompletableFuture().get();
+
+    assertTrue(result.getRecords().isEmpty());
+    assertThat(result.getAliases()).containsExactly(testQuestion.getName());
+
+    // Two invocations as the result doesn't include an actual answer
+    verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_searchAppended() throws Exception {
+    wireUpMockResolver(mockResolver, query -> answer(query, name -> LOOPBACK_A));
+
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .resolver(mockResolver)
+            .searchPath(singletonList(name("example.com")))
+            .build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("host"), A, IN);
+    LookupResult lookupResult = resultFuture.toCompletableFuture().get();
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockResolver).sendAsync(messageCaptor.capture(), any(Executor.class));
+
+    assertThat(messageCaptor.getValue().getSection(Section.QUESTION))
+        .containsExactly(Record.newRecord(name("host.example.com."), Type.A, DClass.IN, 0L));
+
+    assertThat(lookupResult.getRecords())
+        .containsExactly(LOOPBACK_A.withName(name("host.example.com.")));
+  }
+
+  @Test
+  void lookupAsync_searchAppendTooLongName() throws Exception {
+    wireUpMockResolver(mockResolver, query -> answer(query, name -> LOOPBACK_A));
+
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .resolver(mockResolver)
+            .searchPath(singletonList(name(format("%s.%s.%s", LONG_LABEL, LONG_LABEL, LONG_LABEL))))
+            .build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name(LONG_LABEL), A, IN);
+    LookupResult lookupResult = resultFuture.toCompletableFuture().get();
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockResolver).sendAsync(messageCaptor.capture(), any(Executor.class));
+
+    assertEquals(
+        Record.newRecord(name(LONG_LABEL + "."), A, IN, 0L),
+        messageCaptor.getValue().getSection(Section.QUESTION).get(0));
+
+    assertEquals(
+        singletonList(LOOPBACK_A.withName(name(LONG_LABEL + "."))), lookupResult.getRecords());
+  }
+
+  @Test
+  void lookupAsync_twoItemSearchPath() throws Exception {
+    wireUpMockResolver(
+        mockResolver,
+        query -> answer(query, name -> name.equals(name("host.a.")) ? null : LOOPBACK_A));
+
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .resolver(mockResolver)
+            .searchPath(asList(name("a"), name("b")))
+            .build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("host"), A, IN);
+    LookupResult lookupResult = resultFuture.toCompletableFuture().get();
+
+    ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
+    verify(mockResolver, times(2)).sendAsync(messageCaptor.capture(), any(Executor.class));
+
+    List<Message> allValues = messageCaptor.getAllValues();
+    assertEquals(
+        Record.newRecord(name("host.a."), Type.A, DClass.IN, 0L),
+        allValues.get(0).getSection(Section.QUESTION).get(0));
+    assertEquals(
+        Record.newRecord(name("host.b."), Type.A, DClass.IN, 0L),
+        allValues.get(1).getSection(Section.QUESTION).get(0));
+
+    assertEquals(singletonList(LOOPBACK_A.withName(name("host.b."))), lookupResult.getRecords());
+  }
+
+  @Test
+  void lookupAsync_absoluteQueryWithCacheNoCycleResults()
+      throws InterruptedException, ExecutionException, UnknownHostException {
+    Name aName = name("a.b.");
+    InetAddress anotherAddress = InetAddress.getByName("192.168.168.1");
+    ARecord anotherA = new ARecord(aName, IN, 3600, anotherAddress);
+
+    Cache mockCache = mock(Cache.class);
+    when(mockCache.getDClass()).thenReturn(IN);
+    SetResponse response = mock(SetResponse.class);
+    when(response.isSuccessful()).thenReturn(true);
+    RRset rrSet = new RRset();
+    rrSet.addRR(LOOPBACK_A.withName(aName));
+    rrSet.addRR(anotherA);
+    when(response.answers()).thenReturn(singletonList(rrSet));
+    when(mockCache.lookupRecords(aName, A, Credibility.NORMAL)).thenReturn(response);
+
+    LookupSession lookupSession =
+        LookupSession.builder().resolver(mockResolver).cache(mockCache).build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(aName, A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(asList(LOOPBACK_A.withName(aName), anotherA), result.getRecords());
+
+    // should come out in the other order on the second try
+    resultFuture = lookupSession.lookupAsync(aName, A, IN);
+    result = resultFuture.toCompletableFuture().get();
+    assertEquals(asList(LOOPBACK_A.withName(aName), anotherA), result.getRecords());
+
+    verify(mockCache, times(2)).lookupRecords(aName, A, Credibility.NORMAL);
+    verifyNoMoreInteractions(mockCache);
+  }
+
+  @Test
+  void lookupAsync_absoluteQueryWithCacheCycleResults()
+      throws InterruptedException, ExecutionException, UnknownHostException {
+    Name aName = name("a.b.");
+    InetAddress anotherAddress = InetAddress.getByName("192.168.168.1");
+    ARecord anotherA = new ARecord(aName, IN, 3600, anotherAddress);
+
+    Cache mockCache = mock(Cache.class);
+    when(mockCache.getDClass()).thenReturn(IN);
+    SetResponse response = mock(SetResponse.class);
+    when(response.isSuccessful()).thenReturn(true);
+    RRset rrSet = new RRset();
+    rrSet.addRR(LOOPBACK_A.withName(aName));
+    rrSet.addRR(anotherA);
+    when(response.answers()).thenReturn(singletonList(rrSet));
+    when(mockCache.lookupRecords(aName, A, Credibility.NORMAL)).thenReturn(response);
+
+    LookupSession lookupSession =
+        LookupSession.builder().resolver(mockResolver).cache(mockCache).cycleResults(true).build();
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(aName, A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(asList(LOOPBACK_A.withName(aName), anotherA), result.getRecords());
+
+    // should come out in the other order on the second try
+    resultFuture = lookupSession.lookupAsync(aName, A, IN);
+    result = resultFuture.toCompletableFuture().get();
+    assertEquals(asList(anotherA, LOOPBACK_A.withName(aName)), result.getRecords());
+
+    verify(mockCache, times(2)).lookupRecords(aName, A, Credibility.NORMAL);
+    verifyNoMoreInteractions(mockCache);
+  }
+
+  @Test
+  void expandName_absolute() {
+    LookupSession session = LookupSession.builder().resolver(mockResolver).build();
+    List<Name> nameStream = session.expandName(name("a."));
+    assertEquals(singletonList(name("a.")), nameStream);
+  }
+
+  @Test
+  void expandName_singleSearchPath() {
+    LookupSession session =
+        LookupSession.builder().resolver(mockResolver).searchPath(name("example.com.")).build();
+    List<Name> nameStream = session.expandName(name("host"));
+    assertEquals(asList(name("host.example.com."), name("host.")), nameStream);
+  }
+
+  @Test
+  void expandName_notSetSearchPath() {
+    LookupSession session = LookupSession.builder().resolver(mockResolver).build();
+    List<Name> nameStream = session.expandName(name("host"));
+    assertEquals(singletonList(name("host.")), nameStream);
+  }
+
+  @Test
+  void expandName_searchPathIsMadeAbsolute() {
+    LookupSession session =
+        LookupSession.builder().resolver(mockResolver).searchPath(name("example.com")).build();
+    List<Name> nameStream = session.expandName(name("host"));
+    assertEquals(asList(name("host.example.com."), name("host.")), nameStream);
+  }
+
+  @Test
+  void expandName_defaultNdots() {
+    LookupSession session =
+        LookupSession.builder().resolver(mockResolver).searchPath(name("example.com")).build();
+    List<Name> nameStream = session.expandName(name("a.b"));
+    assertEquals(asList(name("a.b."), name("a.b.example.com.")), nameStream);
+  }
+
+  @Test
+  void expandName_ndotsMoreThanOne() {
+    LookupSession session =
+        LookupSession.builder()
+            .searchPath(name("example.com."))
+            .resolver(mockResolver)
+            .ndots(2)
+            .build();
+    List<Name> nameStream = session.expandName(name("a.b"));
+    assertEquals(asList(name("a.b.example.com."), name("a.b.")), nameStream);
+  }
+
+  private static CNAMERecord cname(String name, String target) {
+    return cname(name(name), name(target));
+  }
+
+  @SuppressWarnings("SameParameterValue")
+  private static CNAMERecord cname(Name name, String target) {
+    return cname(name, name(target));
+  }
+
+  private static CNAMERecord cname(Name name, Name target) {
+    return new CNAMERecord(name, IN, 120, target);
+  }
+
+  private static DNAMERecord dname(String name, String target) {
+    return dname(name(name), name(target));
+  }
+
+  @SuppressWarnings("SameParameterValue")
+  private static DNAMERecord dname(Name name, String target) {
+    return dname(name, name(target));
+  }
+
+  private static DNAMERecord dname(Name name, Name target) {
+    return new DNAMERecord(name, IN, 120, target);
+  }
+
+  private static Name name(String name) {
+    return Name.fromConstantString(name);
+  }
+
+  private LookupSession.LookupSessionBuilder lookupSession(boolean useCache) {
+    return lookupSession(useCache, false);
+  }
+
+  private LookupSession.LookupSessionBuilder lookupSession(
+      boolean useCache, IrrelevantRecordMode mode) {
+    return lookupSession(useCache, mode, false);
+  }
+
+  private LookupSession.LookupSessionBuilder lookupSession(boolean useCache, boolean throwOnUse) {
+    return lookupSession(useCache, IrrelevantRecordMode.REMOVE, throwOnUse);
+  }
+
+  private LookupSession.LookupSessionBuilder lookupSession(
+      boolean useCache, IrrelevantRecordMode mode, boolean throwOnUse) {
+    LookupSession.LookupSessionBuilder builder =
+        LookupSession.builder().resolver(mockResolver).irrelevantRecordMode(mode);
+    if (useCache) {
+      Cache cache = spy(new Cache());
+      builder.cache(cache);
+      if (throwOnUse) {
+        lenient()
+            .doThrow(new RuntimeException("Unexpected addMessage"))
+            .when(cache)
+            .addMessage(any(Message.class));
+        lenient()
+            .doThrow(new RuntimeException("Unexpected addRecord"))
+            .when(cache)
+            .addRecord(any(Record.class), anyInt());
+      }
+    }
+
+    return builder;
+  }
+
+  private void wireUpMockResolver(Resolver mockResolver, Function<Message, Message> handler) {
+    when(mockResolver.sendAsync(any(Message.class), any(Executor.class)))
+        .thenAnswer(
+            invocation -> {
+              Message query = invocation.getArgument(0);
+              return CompletableFuture.completedFuture(handler.apply(query));
+            });
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/utils/base16Test.java b/src/test/java/org/xbill/DNS/utils/Base16Test.java
similarity index 66%
rename from src/test/java/org/xbill/DNS/utils/base16Test.java
rename to src/test/java/org/xbill/DNS/utils/Base16Test.java
index 7d4409ddb..f1fbf61bf 100644
--- a/src/test/java/org/xbill/DNS/utils/base16Test.java
+++ b/src/test/java/org/xbill/DNS/utils/Base16Test.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -34,78 +35,86 @@
 //
 package org.xbill.DNS.utils;
 
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.ValueSource;
 
-class base16Test {
+class Base16Test {
   @Test
-  void test_toString_emptyArray() {
+  void toString_emptyArray() {
     String out = base16.toString(new byte[0]);
     assertEquals("", out);
   }
 
-  @Test
-  void test_toString_singleByte1() {
-    byte[] data = {(byte) 1};
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "0,00", "1,01", "16,10", "255,FF",
+      })
+  void toString_singleByte(int b, String hex) {
+    byte[] data = {(byte) b};
     String out = base16.toString(data);
-    assertEquals("01", out);
+    assertEquals(hex, out);
   }
 
   @Test
-  void test_toString_singleByte2() {
-    byte[] data = {(byte) 16};
+  void toString_array1() {
+    byte[] data = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
     String out = base16.toString(data);
-    assertEquals("10", out);
+    assertEquals("0102030405060708090A0B0C0D0E0F", out);
   }
 
   @Test
-  void test_toString_singleByte3() {
-    byte[] data = {(byte) 255};
-    String out = base16.toString(data);
-    assertEquals("FF", out);
+  void fromString_emptyString() {
+    byte[] out = base16.fromString("");
+    assertEquals(0, out.length);
   }
 
   @Test
-  void test_toString_array1() {
-    byte[] data = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
-    String out = base16.toString(data);
-    assertEquals("0102030405060708090A0B0C0D0E0F", out);
+  void fromString_null() {
+    assertNull(base16.fromString(null));
   }
 
   @Test
-  void test_fromString_emptyString() {
-    String data = "";
+  void fromString_invalidStringLength() {
+    String data = "1";
     byte[] out = base16.fromString(data);
-    assertEquals(0, out.length);
+    assertNull(out);
   }
 
-  @Test
-  void test_fromString_invalidStringLength() {
-    String data = "1";
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        "0102030405060708090A0B0C0D0E0F",
+        "0102030405060708090a0B0c0D0e0F",
+        "010203040506070809 0a\n0B\t0c0D0e0F",
+      })
+  void fromString_normal(String data) {
     byte[] out = base16.fromString(data);
-    assertNull(out);
+    byte[] exp = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
+    assertArrayEquals(exp, out);
   }
 
-  @Test
-  void test_fromString_nonHexChars() {
-    String data = "GG";
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        "01$02@030405060708090a0B0c0D0e0F",
+        "GG#!*^",
+      })
+  void fromString_invalid(String data) {
     byte[] out = base16.fromString(data);
-    /*
-     * the output is basically encoded as (-1<<4) + -1, not sure
-     * we want an assertion for this.
-     */
+    assertNull(out);
   }
 
   @Test
-  void test_fromString_normal() {
-    String data = "0102030405060708090A0B0C0D0E0F";
+  void fromString_Utf8Bom() {
+    String data = "EFBFBF";
     byte[] out = base16.fromString(data);
-    byte[] exp = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
-    assertEquals(exp.length, out.length);
-    for (int i = 0; i < exp.length; ++i) {
-      assertEquals(exp[i], out[i]);
-    }
+    assertArrayEquals(new byte[] {(byte) 0xEF, (byte) 0xBF, (byte) 0xBF}, out);
   }
 }
diff --git a/src/test/java/org/xbill/DNS/utils/base64Test.java b/src/test/java/org/xbill/DNS/utils/Base64Test.java
similarity index 83%
rename from src/test/java/org/xbill/DNS/utils/base64Test.java
rename to src/test/java/org/xbill/DNS/utils/Base64Test.java
index 497096024..9a997ce58 100644
--- a/src/test/java/org/xbill/DNS/utils/base64Test.java
+++ b/src/test/java/org/xbill/DNS/utils/Base64Test.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -40,242 +41,242 @@
 
 import org.junit.jupiter.api.Test;
 
-class base64Test {
+class Base64Test {
   @Test
-  void test_toString_empty() {
+  void toString_empty() {
     byte[] data = new byte[0];
     String out = base64.toString(data);
     assertEquals("", out);
   }
 
   @Test
-  void test_toString_basic1() {
+  void toString_basic1() {
     byte[] data = {0};
     String out = base64.toString(data);
     assertEquals("AA==", out);
   }
 
   @Test
-  void test_toString_basic2() {
+  void toString_basic2() {
     byte[] data = {0, 0};
     String out = base64.toString(data);
     assertEquals("AAA=", out);
   }
 
   @Test
-  void test_toString_basic3() {
+  void toString_basic3() {
     byte[] data = {0, 0, 1};
     String out = base64.toString(data);
     assertEquals("AAAB", out);
   }
 
   @Test
-  void test_toString_basic4() {
+  void toString_basic4() {
     byte[] data = {(byte) 0xFC, 0, 0};
     String out = base64.toString(data);
     assertEquals("/AAA", out);
   }
 
   @Test
-  void test_toString_basic5() {
+  void toString_basic5() {
     byte[] data = {(byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
     String out = base64.toString(data);
     assertEquals("////", out);
   }
 
   @Test
-  void test_toString_basic6() {
+  void toString_basic6() {
     byte[] data = {1, 2, 3, 4, 5, 6, 7, 8, 9};
     String out = base64.toString(data);
     assertEquals("AQIDBAUGBwgJ", out);
   }
 
   @Test
-  void test_formatString_empty1() {
+  void formatString_empty1() {
     String out = base64.formatString(new byte[0], 5, "", false);
     assertEquals("", out);
   }
 
   @Test
-  void test_formatString_shorter() {
+  void formatString_shorter() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 13, "", false);
     assertEquals("AQIDBAUGBwgJ", out);
   }
 
   @Test
-  void test_formatString_sameLength() {
+  void formatString_sameLength() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 12, "", false);
     assertEquals("AQIDBAUGBwgJ", out);
   }
 
   @Test
-  void test_formatString_oneBreak() {
+  void formatString_oneBreak() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 10, "", false);
     assertEquals("AQIDBAUGBw\ngJ", out);
   }
 
   @Test
-  void test_formatString_twoBreaks1() {
+  void formatString_twoBreaks1() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 5, "", false);
     assertEquals("AQIDB\nAUGBw\ngJ", out);
   }
 
   @Test
-  void test_formatString_twoBreaks2() {
+  void formatString_twoBreaks2() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 4, "", false);
     assertEquals("AQID\nBAUG\nBwgJ", out);
   }
 
   @Test
-  void test_formatString_shorterWithPrefix() {
+  void formatString_shorterWithPrefix() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 13, "!_", false);
     assertEquals("!_AQIDBAUGBwgJ", out);
   }
 
   @Test
-  void test_formatString_sameLengthWithPrefix() {
+  void formatString_sameLengthWithPrefix() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 12, "!_", false);
     assertEquals("!_AQIDBAUGBwgJ", out);
   }
 
   @Test
-  void test_formatString_oneBreakWithPrefix() {
+  void formatString_oneBreakWithPrefix() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 10, "!_", false);
     assertEquals("!_AQIDBAUGBw\n!_gJ", out);
   }
 
   @Test
-  void test_formatString_twoBreaks1WithPrefix() {
+  void formatString_twoBreaks1WithPrefix() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 5, "!_", false);
     assertEquals("!_AQIDB\n!_AUGBw\n!_gJ", out);
   }
 
   @Test
-  void test_formatString_twoBreaks2WithPrefix() {
+  void formatString_twoBreaks2WithPrefix() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 4, "!_", false);
     assertEquals("!_AQID\n!_BAUG\n!_BwgJ", out);
   }
 
   @Test
-  void test_formatString_shorterWithPrefixAndClose() {
+  void formatString_shorterWithPrefixAndClose() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 13, "!_", true);
     assertEquals("!_AQIDBAUGBwgJ )", out);
   }
 
   @Test
-  void test_formatString_sameLengthWithPrefixAndClose() {
+  void formatString_sameLengthWithPrefixAndClose() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 12, "!_", true);
     assertEquals("!_AQIDBAUGBwgJ )", out);
   }
 
   @Test
-  void test_formatString_oneBreakWithPrefixAndClose() {
+  void formatString_oneBreakWithPrefixAndClose() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 10, "!_", true);
     assertEquals("!_AQIDBAUGBw\n!_gJ )", out);
   }
 
   @Test
-  void test_formatString_twoBreaks1WithPrefixAndClose() {
+  void formatString_twoBreaks1WithPrefixAndClose() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 5, "!_", true);
     assertEquals("!_AQIDB\n!_AUGBw\n!_gJ )", out);
   }
 
   @Test
-  void test_formatString_twoBreaks2WithPrefixAndClose() {
+  void formatString_twoBreaks2WithPrefixAndClose() {
     byte[] in = {1, 2, 3, 4, 5, 6, 7, 8, 9}; // "AQIDBAUGBwgJ" (12 chars)
     String out = base64.formatString(in, 4, "!_", true);
     assertEquals("!_AQID\n!_BAUG\n!_BwgJ )", out);
   }
 
   @Test
-  void test_fromString_empty1() {
+  void fromString_empty1() {
     byte[] data = new byte[0];
     byte[] out = base64.fromString("");
     assertArrayEquals(new byte[0], out);
   }
 
   @Test
-  void test_fromString_basic1() {
+  void fromString_basic1() {
     byte[] exp = {0};
     byte[] out = base64.fromString("AA==");
     assertArrayEquals(exp, out);
   }
 
   @Test
-  void test_fromString_basic2() {
+  void fromString_basic2() {
     byte[] exp = {0, 0};
     byte[] out = base64.fromString("AAA=");
     assertArrayEquals(exp, out);
   }
 
   @Test
-  void test_fromString_basic3() {
+  void fromString_basic3() {
     byte[] exp = {0, 0, 1};
     byte[] out = base64.fromString("AAAB");
     assertArrayEquals(exp, out);
   }
 
   @Test
-  void test_fromString_basic4() {
+  void fromString_basic4() {
     byte[] exp = {(byte) 0xFC, 0, 0};
     byte[] out = base64.fromString("/AAA");
     assertArrayEquals(exp, out);
   }
 
   @Test
-  void test_fromString_basic5() {
+  void fromString_basic5() {
     byte[] exp = {(byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
     byte[] out = base64.fromString("////");
     assertArrayEquals(exp, out);
   }
 
   @Test
-  void test_fromString_basic6() {
+  void fromString_basic6() {
     byte[] exp = {1, 2, 3, 4, 5, 6, 7, 8, 9};
     byte[] out = base64.fromString("AQIDBAUGBwgJ");
     assertArrayEquals(exp, out);
   }
 
   @Test
-  void test_fromString_invalid1() {
+  void fromString_invalid1() {
     byte[] out = base64.fromString("AAA");
     assertNull(out);
   }
 
   @Test
-  void test_fromString_invalid2() {
+  void fromString_invalid2() {
     byte[] out = base64.fromString("AA");
     assertNull(out);
   }
 
   @Test
-  void test_fromString_invalid3() {
+  void fromString_invalid3() {
     byte[] out = base64.fromString("A");
     assertNull(out);
   }
 
   @Test
-  void test_fromString_invalid4() {
+  void fromString_invalid4() {
     byte[] out = base64.fromString("BB==");
     assertNull(out);
   }
 
   @Test
-  void test_fromString_invalid5() {
+  void fromString_invalid5() {
     byte[] out = base64.fromString("BBB=");
     assertNull(out);
   }
diff --git a/src/test/java/org/xbill/DNS/utils/BaseUtilsTest.java b/src/test/java/org/xbill/DNS/utils/BaseUtilsTest.java
new file mode 100644
index 000000000..e31b32c22
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/utils/BaseUtilsTest.java
@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.utils;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+public class BaseUtilsTest {
+  @ParameterizedTest
+  @ValueSource(ints = {8, 10, 24, 63, 64, 65})
+  void testWrapLines(int lineLength) {
+    String toWrap = String.format("%0" + ((lineLength * 3) + 5) + "d", 0);
+    String out = BaseUtils.wrapLines(toWrap, lineLength, "", false);
+    String[] lines = out.split("\n");
+    assertEquals(4, lines.length);
+    assertEquals(5, lines[3].length());
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {8, 10, 24, 63, 64, 65})
+  void testWrapLinesEndsWith(int lineLength) {
+    String toWrap = String.format("%0" + ((lineLength * 3) + 5) + "d", 0);
+    String out = BaseUtils.wrapLines(toWrap, lineLength, "", true);
+    assertEquals(')', out.charAt(out.length() - 1));
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {8, 10, 24, 63, 64, 65})
+  void testWrapLinesPrefix(int lineLength) {
+    String toWrap = String.format("%0" + ((lineLength * 3) + 5) + "d", 0);
+    String out = BaseUtils.wrapLines(toWrap, lineLength, "\t", false);
+    String[] lines = out.split("\n");
+    for (String line : lines) {
+      assertTrue(line.startsWith("\t"), "Line start with prefix");
+    }
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/utils/hexdumpTest.java b/src/test/java/org/xbill/DNS/utils/HexdumpTest.java
similarity index 96%
rename from src/test/java/org/xbill/DNS/utils/hexdumpTest.java
rename to src/test/java/org/xbill/DNS/utils/HexdumpTest.java
index 5d4e246bd..a562053c5 100644
--- a/src/test/java/org/xbill/DNS/utils/hexdumpTest.java
+++ b/src/test/java/org/xbill/DNS/utils/HexdumpTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 // -*- Java -*-
 //
 // Copyright (c) 2005, Matthew J. Rutherford <rutherfo@cs.colorado.edu>
@@ -38,7 +39,7 @@
 
 import org.junit.jupiter.api.Test;
 
-class hexdumpTest {
+class HexdumpTest {
   /*
    * this seems to be basically a debugging routine, so its most
    * important to check that the values are all rendered correctly,
@@ -46,7 +47,7 @@ class hexdumpTest {
    */
 
   @Test
-  void test_shortform() {
+  void shortform() {
     byte[] data =
         new byte[] {
           1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
@@ -172,10 +173,4 @@ void test_15() {
     String out = hexdump.dump(null, data, 1, 1);
     assertEquals("1b:\t0F \n", out);
   }
-
-  // strictly for stupid code coverage...a useless test
-  @Test
-  void test_default_constructor() {
-    new hexdump();
-  }
 }
diff --git a/src/test/resources/example.com.conf b/src/test/resources/example.com.conf
new file mode 100644
index 000000000..53bb578d8
--- /dev/null
+++ b/src/test/resources/example.com.conf
@@ -0,0 +1,17 @@
+$ORIGIN example.com.     ; designates the start of this zone file in the namespace
+$TTL 3600                ; default expiration time (in seconds) of all RRs without their own TTL value
+example.com.  IN  SOA   ns.example.com. username.example.com. ( 2020091025 7200 3600 1209600 3600 )
+example.com.  IN  NS    ns                    ; ns.example.com is a nameserver for example.com
+example.com.  IN  NS    ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for example.com
+example.com.  IN  MX    10 mail.example.com.  ; mail.example.com is the mailserver for example.com
+@             IN  MX    20 mail2.example.com. ; equivalent to above line, "@" represents zone origin
+@             IN  MX    50 mail3              ; equivalent to above line, but using a relative host name
+example.com.  IN  A     192.0.2.1             ; IPv4 address for example.com
+              IN  AAAA  2001:db8:10::1        ; IPv6 address for example.com
+ns            IN  A     192.0.2.2             ; IPv4 address for ns.example.com
+              IN  AAAA  2001:db8:10::2        ; IPv6 address for ns.example.com
+www           IN  CNAME example.com.          ; www.example.com is an alias for example.com
+wwwtest       IN  CNAME www                   ; wwwtest.example.com is another alias for www.example.com
+mail          IN  A     192.0.2.3             ; IPv4 address for mail.example.com
+mail2         IN  A     192.0.2.4             ; IPv4 address for mail2.example.com
+mail3         IN  A     192.0.2.5             ; IPv4 address for mail3.example.com
diff --git a/src/test/resources/hosts_example b/src/test/resources/hosts_example
new file mode 100644
index 000000000..2aa0b572a
--- /dev/null
+++ b/src/test/resources/hosts_example
@@ -0,0 +1,11 @@
+# Examples:
+#      192.168.1.10     dino.example.com        # example animal server
+#       10.10.10.10      cat.example.net        # another furry host
+
+# Added by Docker Desktop
+192.168.10.96 host.docker.internal
+192.168.10.96 gateway.docker.internal
+# To allow the same kube context to work on the host and the container:
+127.0.0.1 kubernetes.docker.internal
+::1 kubernetes.docker.internal
+# End of section
diff --git a/src/test/resources/hosts_invalid b/src/test/resources/hosts_invalid
new file mode 100644
index 000000000..2cf1e51b7
--- /dev/null
+++ b/src/test/resources/hosts_invalid
@@ -0,0 +1,13 @@
+127.0.0.5 example.com
+127.0.0.7 example.com
+127.0.0.2 ..
+ 
+127.0.0.3 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
+127.0.0.4 #bla
+	
+::/0 example.net
+:::1 invalid-ipv6
+127.0.0.256	invalid-ipv4
+127.0.0.1	 localhost localalias
+127.0.0.6	example.org #localalias some-junk
+::1 localhost
diff --git a/src/test/resources/jnamed.conf b/src/test/resources/jnamed.conf
new file mode 100644
index 000000000..93d5e74b6
--- /dev/null
+++ b/src/test/resources/jnamed.conf
@@ -0,0 +1,3 @@
+primary example.com example.com.conf
+key hmac-md5 example.com ZXhhbXBsZQ==
+port 1234
diff --git a/src/test/resources/keys/Knsec3.ingotronic.ch.+007+16758.private b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+16758.private
new file mode 100644
index 000000000..7639a0cff
--- /dev/null
+++ b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+16758.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 7 (NSEC3RSASHA1)
+Modulus: oG4lN/2gbJ5MfduJSQAUuuxiuSh1fUftKey6LhewMcUIG+zldhpwduzQmDT87nUo+OY2ePAxbxJLIOQqphD725gB/YRD+mcP9UZCqdXZzDRXCT+3QTZXgVQKO7imcCjLNkVlcazV5Ztf0le775vQDOn4AKrrjzmokvMeFYOIis+gr9K91sVVEriz6c88ksfc0YFu13PqQ+rtoVZgEygZ4Bl03XCxClw1ZSjl46Zoljnecxzv6sOkDJiUx78UrBJl1fZkN3rdCxroibgVVQmr+dYuru2VD+ZaSzXm4NNDInL85Z8DQgII7g30V6X2tOEk2klYTM4JuW9nIGjLjTmRmQ==
+PublicExponent: AQAB
+PrivateExponent: jxbOoWrYrChghxzJDNBCrRnrT8QzTmNZt7wJrtS39RwMiIO5gaZBSwEbZ7ZTJghfW+hRC3sITE3frl1zYJzjVk/07n4K94r248gf60TutkC0pG4s78AdOh+P5QZjhMQNw8EPot0KBnmXdI+F80dgwDPqXAYWha9imHa5DW082ri9dVB3Li1Z3BVMSZCH4urQq8XZRWqXw3CPSuWhKhWq+8vkE/jm+4QRIGumd4wkwdktPghl9mdm9N8uLqLd8qpJzGI40RFeSYzSpBWaMClxzaaS5gOm2ageB2KVMDq2wdCCBKVRyQpI4dHKvuRk5a+Z8m3Boi41mrK79pujbLqvgQ==
+Prime1: 0+sT4VN8sT3/N4xtgukMQU5TBTyU+l3HNSw/rFM5sainiIb4bKzJwlZ/WWAuVfyOE/EFtonu60isJe0ZQqd7jSATQ8W4fKDfeaaLHfkaQVMg247qRrXscYaIs9zOgDVqUu9kLQXoiJl5YwD1eq9in7KdD7z0EM/R0ECehqK6iqk=
+Prime2: wc1DoXpBTdKeBi/E5iYeaapwCTsiOEw8LEYHxZkJckUj+dGY+5aM3xUAI2BWcwD34bA7MrWBGKjZLhyItgnuahIHfVRrbDkCbpcKMywTos0tS/UcyX7PBXYMEl7/BjPrsZTmmjThukNbWs4uclnaBSO3ExDHRtxhBWnYXw9+lXE=
+Exponent1: b08fXxASA6rTveKVttgf5sF0G+EJQ0Q0mTpHq4T/XdB/RtfV7ocHZns2YsSBMgr4uYK0hH+Ira67NSSHSxpba/H4DHXzBAsftm8CzViFMOCv9oLnjQKLUcnfTdHh6TelRDCXhop+7BjoyFa9mZY7kDQqCRUvgREXXHJEkeUxZBk=
+Exponent2: piubHpzV26WIq2NQH8p1b0Kdd7zFVaJAQfH1/f5/NASGmVCXLLlkpm66RJr45PjikhfqWkt4mq1EMp5ytiuDyl0VIOg+h3fGVw6Yx1G2sHPer+9GNJrPZS5XoXTkk+v23rf+liBbn7rbXNvGxXO3VYrPEcDkLSUO53Ze+PsvHXE=
+Coefficient: hEg3DZhCgtU4qj6r7CfDrg+p04iKb95MPCe+G3WiBTkRKmbe1KjBmOfg2+ibrs3qxSenx6BXzRpO+kfapEfoPHYMr8j6VWKd6WOnsWRQze7mvu0F0IGSWJWQATaPLP+kM2peC5bXQTGqyR+Igp1TfcQlrwR3taB9WP/xbx91Gh4=
+Created: 20130326204908
+Publish: 20130326204908
+Activate: 20130326204908
diff --git a/src/test/resources/keys/Knsec3.ingotronic.ch.+007+62417.private b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+62417.private
new file mode 100644
index 000000000..b6db60868
--- /dev/null
+++ b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+62417.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 7 (NSEC3RSASHA1)
+Modulus: xwBbGRNUZnpQCnRUSjMCVikBGFuHpjq1g6XoWDdR4E0UW0ND19MQS3U2RudH27wqSlU3prrtq+ViJQ3V6AOoTDMNTtHVHD79RJ2GbaGo4BGaa7cMGCONf+JeNkvK/fXRw4YUln+yZyh2UMvikMACg/GH+qzooQFpPSxzUpZwarc=
+PublicExponent: AQAB
+PrivateExponent: VHcxM4aB13FpEdbohAn8nueOoHERNZxLuRIteWwZo5Pz5Py7Cht7GhwpKpU2ae0HIj/jfDBxevnE26dwuKb8woN1uCpUC3NhXr3yMWl+4oF080JHUcygWKclxfdJOjSUe2wHdQeSIoFq0V4lReXouyDFC5+q5OkSEmU3RW17hFE=
+Prime1: 5J6mAhSOzhlsKDPFiF0o1ch7YqhkQqr3JtKL4rEPNDon0QpJ7zhj5Dy5sg3vR5PmQ8mWc47EUznb2IsJOrV82Q==
+Prime2: 3tWgR6f7hf6BadHZG5Dw1QcK8VBUYR5Eq/0SwPE0bxcUO/dzZpn3AyEOl9KynSyFBOwUr2JOGTwOwXjjMFaqDw==
+Exponent1: XBjxJUtkz+/72yIoBCwLRDv0QKU3Zof68n/E7HiJeG+pFJQBfsYHr60q3WixqPMSwuIVos2zlxdq0gwIlsb/2Q==
+Exponent2: Uk6X4D/U8N5b0MlZJwx3WEg8q3ufXyv984ULu0actnfQ2oGBF6HBEl/QcxW5McLy8yl8TnfCHyIG1UGgsQch0w==
+Coefficient: YksGgB9xHXtFsUcA+UhxA4i6NDqfMu7jGzzcbKTVhG85hHtvnxXCP4wPzFF2Z0ew0m0V4OiOR4zk2iuKUjIHMQ==
+Created: 20130326204904
+Publish: 20130326204904
+Activate: 20130326204904
diff --git a/src/test/resources/logging.properties b/src/test/resources/logging.properties
new file mode 100644
index 000000000..36424839b
--- /dev/null
+++ b/src/test/resources/logging.properties
@@ -0,0 +1 @@
+handlers=org.slf4j.bridge.SLF4JBridgeHandler
diff --git a/src/test/resources/messages.properties b/src/test/resources/messages.properties
new file mode 100644
index 000000000..a1d0401ff
--- /dev/null
+++ b/src/test/resources/messages.properties
@@ -0,0 +1,2 @@
+test.noparam=no parameters
+test.withparam=parameter: {0}
diff --git a/src/test/resources/mockito-extensions/org.mockito.plugins.MockMaker b/src/test/resources/mockito-extensions/org.mockito.plugins.MockMaker
new file mode 100644
index 000000000..1f0955d45
--- /dev/null
+++ b/src/test/resources/mockito-extensions/org.mockito.plugins.MockMaker
@@ -0,0 +1 @@
+mock-maker-inline
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_eccgost b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_eccgost
new file mode 100644
index 000000000..d5066df85
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_eccgost
@@ -0,0 +1,139 @@
+#Date: 2015-01-06T22:35:00+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50990
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	eccgost.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+eccgost.ingotronic.ch.	300	IN	A	127.0.0.1
+eccgost.ingotronic.ch.	300	IN	RRSIG	A 12 3 300 20150125012943 20141226003214 33696 eccgost.ingotronic.ch. JUSb1od8YDPsNsSyXQCbXN4VGkjuHRxvlGAv3K4FA6mz4x4SQRlsD5GEYIpVMqeJft84sp3wB806CD11Z096tg==
+
+;; AUTHORITY RECORDS:
+eccgost.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+eccgost.ingotronic.ch.	300	IN	RRSIG	NS 12 3 300 20150125002026 20141226001257 33696 eccgost.ingotronic.ch. Wb6NEY7OcsBWbCLqis1YAuetf8+/WpJ/VqxndICaKU/1uLU6EznMuIUwUQ/vAXPJCagGvtGuMIU72AUiBExAPA==
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 507 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6159
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87373	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87373	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87373	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87373	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12005
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			973	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			973	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55502
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			974	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			974	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			974	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			974	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28480
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3582	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3582	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3582	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53132
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3317
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	eccgost.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+eccgost.ingotronic.ch.	300	IN	DS	22754 12 1 2757C751309FCDD6982EFD25AE24AFC4AE5352AF
+eccgost.ingotronic.ch.	300	IN	DS	22754 12 2 B5A1A00DF6234B3C33B1EFE43134EF5B7462C0F48FE4845746F2278912F6C9AD
+eccgost.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. K2CW7aMJbah4NiqK5McbSlYbLCJRtmkV4wMk5737D2a0B/N+xXB3yrahz3M/KdPQTLBw5gbHCnT4T/PobqvM8wPqsKZELoHsrYZX8nmvB+wPbZPK9nbkuc2G47iKqqhepY8jmfB6O9ekGS4L/5WA4RCpulki7QVmMKorJTc+NjQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 307 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_rsamd5 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_rsamd5
new file mode 100644
index 000000000..f32e12387
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_rsamd5
@@ -0,0 +1,139 @@
+#Date: 2015-01-06T22:35:01+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6805
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	rsamd5.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+rsamd5.ingotronic.ch.	300	IN	A	127.0.0.1
+rsamd5.ingotronic.ch.	300	IN	RRSIG	A 1 3 300 20150125010114 20141226001233 43856 rsamd5.ingotronic.ch. Rqgpczk/xOePnjzbdQX0FNdDH/71yhj3XvkQhcONHgpOojXys2az/WzeITHxxvMgYjfA0y8IYsgP/lNeLSEY5Bh4QLTsUc+vpRhz1nZa3gbNWtgRnFj0HYOM1yEsOaZMXUcDuycd3kgq9SVxqEO3r5yF5VbmntPymno92+OfX9M=
+
+;; AUTHORITY RECORDS:
+rsamd5.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+rsamd5.ingotronic.ch.	300	IN	RRSIG	NS 1 3 300 20150125010114 20141226001233 43856 rsamd5.ingotronic.ch. pYkIFh3yaO4yZvqL6fE6Bpgv8g8EiwaKyTb0rGKm8ign8f3PlOG+16mYt+Zn3qzihXiiGVtwpz1h7pf1A6BIx7wScnBfePWSvlu07NIfpbEmDEZRYXxNR12emOjGzgLhUnTQmpK3j6PFn8Gs2/H/kB1kIfM6bf/2/5hIRFVvsmM=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 632 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33880
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87372	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87372	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87372	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87372	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1473
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			972	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25499
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			973	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			973	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38713
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3581	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3581	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3581	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13332
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30570
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	rsamd5.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+rsamd5.ingotronic.ch.	300	IN	DS	58016 1 1 A1A8915F892FD435738A21E8440586B40C8502D0
+rsamd5.ingotronic.ch.	300	IN	DS	58016 1 2 622EA4C1715DDCB15A3177F6A5A04861AB32FCFB8493F90BD4964F3639DB9FDD
+rsamd5.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. ZHiH7NTk5zR3Ir9mjNcJL2x7Tasgj3yE1uaG71EdRtwubvShh4kLkFmER5YQqeUrXBvx5Pog+uHcK+WyX+7YD2GvQycFDheLPCB6BakK1nHid/JbzjXOtXhYCPh557tuZSzF7eLyZ+MhPMkvBJVG4NAGKaN85Dtavxn8JBn8QoQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 306 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testDigestIdIsUnknown b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testDigestIdIsUnknown
new file mode 100644
index 000000000..0ce723ede
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testDigestIdIsUnknown
@@ -0,0 +1,158 @@
+#Date: 2015-01-06T22:35:01+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30764
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	unknown-alg.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+unknown-alg.ingotronic.ch.	300	IN	A	127.0.0.1
+unknown-alg.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125010525 20141226010202 45093 unknown-alg.ingotronic.ch. MfedDEmkPC40ZTJzk7UMmnTqSUBwm/36FsPEnJ+xYSkserwjRJRcvWg3YobqlS/i9ZxKqZzvuXIumImOV1CXvf5ZzfDq2ioqUmtR0Nmvzg93lAahTMjgZd5UK5HSHADwsQq5IjreVyTE5lWc+7S22NgJhAcLZuG9sw+gCBxQK0o=
+
+;; AUTHORITY RECORDS:
+unknown-alg.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+unknown-alg.ingotronic.ch.	300	IN	RRSIG	NS 5 3 300 20150125000404 20141225232910 45093 unknown-alg.ingotronic.ch. lAhLOlkWySteesEUHzS5wFe4QTyQI1UfvT5sHvGK/1VSLKPkGUGBGYtDVptRxJKoYSU9/nwt4HvtLfwx8X8YxqEkFTxOcHAUpWrGlSTI4fgr/TH7TTr8EWaWK450U5hfZMWMcFIoW6PAi9kl9DjhGJ9fMT/y8G0iKK6i6xTVAf0=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 647 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1445
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87373	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87373	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87373	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87373	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23102
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			973	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			973	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15112
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			974	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			974	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			974	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			974	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58003
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3581	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3581	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3581	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8761
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27464
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	unknown-alg.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+unknown-alg.ingotronic.ch.	300	IN	DS	57133 5 123 88911F5CF5E92199654F89E46D36A5A394D248FE
+unknown-alg.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. CyQezuOmPS6VRuWmsFsLYTwDwwG0SQmo1VgtvsUbaYFaRT+iQNOyibvTfM7vVtUqFSim/zhfabcIvdzUqC3mJ84L2Ac7BfAVhdIr5k+uLE+Sabe1Ch/RWp5jREyLap+gN8UsjlP98VXN9wfaSd6wLDP5K088o0z/zDmBeLpwZl8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 263 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43836
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	unknown-alg.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+unknown-alg.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAb9q2O44+pGOH5jdPSJEryG9ngMwwQ2093jn4EkJYcci/I6uhFsORcif6bMtxTIOUt8mUCowNcENj8oJ8l/eS8Ndaj6jTywYwG94OEEdTRy0XqbGV/x0n24U3pQe76A4jBJYgLk6hOISGcGcvKpkOSzc1ZjUsnJCWGTXVZA9oBsJ
+unknown-alg.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAc7dNVEcGlIIucOGhtuBhYPOf/cZPFOokelc/hrubwt8uvMgs4wn76kc9esnjh5Z2DcyJCJwQuy3FLb3L00n8RaM37FSaH7azMnWqhULBS+hszS4XoJXu97B1D/KulTJaVsejBoAUnHToJ0aB90Kx+rk6EIxTjh0O/xOypKOoG1irRRf4Yh4SYMhZomaazZPRQYkRj6Va7VIPLif31qIPJl+L6q1njcJHcibS7H/cF2nvD4DD4CnRgGZXvKr5mxizz3YpJCHwo0nkqjBASdyfSSi6BKh4C8AR6yo9rIJpxYMA3ee7xRVC7p9/TOp2kO0XEJnlMP1/mMoV0TxcaCc2N8=
+unknown-alg.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150125005501 20141226002719 45093 unknown-alg.ingotronic.ch. nX6941AOHtN+glWVvCZae2LD4Hhm2/oOZAak9jksXYcH+W57Y0lab+AtQRWHV9LeuqjerO/iNx6Q8Zmiyk4TBgYJj+9y4klAEijAlhDCu2yAoU1zQwwbW4oiPex7m/krJIwV3J+DKJgiYbDprswMjzW+7YR4zKlSBp3aJ90WCfo=
+unknown-alg.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150125005501 20141226002719 57133 unknown-alg.ingotronic.ch. xm1WcmGCfR0V4h/6dyIAkicrySw8QktabT5ltsW4kq3ylI8ubo3ebe39hHdni2wV+wm+eFRG71XCeO/CV+neaJ8oLnNScKTDz35rAw1g+CTVLAS6MK7Y/bxLBOhvLLfJwir0KNmNleNGtSGByQ9AD8CzWhrmUIsszMQq3vpY2/zLqF5O++y9mYoLBNWw0g+DaPeu5TdmWQlL4B5z+I1nYi80LccBIxTkhq9Mu2lEhTLgIzj9GVYnzgJSTuSGnStEkSdCN/AJ1rNPWziOXIKilFF06z18bohAVbLzA44BR5khNmzT2HV4CK3KVIome9PJuSAwEM0N0jyUhgONxXRigQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 976 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed25519 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed25519
new file mode 100644
index 000000000..312bfd74b
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed25519
@@ -0,0 +1,112 @@
+#Date: 2020-01-26T20:03:58+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28087
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed25519.nl., type = A, class = IN
+
+;; ANSWERS:
+ed25519.nl.		3403	IN	RRSIG	A 15 2 3600 20200206000000 20200116000000 27662 ed25519.nl. o0g+PTzmqA+LqRcoR3qduXimU1u5/oMXJGIHOv9aq5+7sdz5Lz6V5Z+lUZyUFDUCGg+k1I0aT5mW3JwuVVi6Cw==
+ed25519.nl.		3403	IN	A	77.72.150.82
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 161 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54587
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			7303	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
+.			7303	IN	DNSKEY	256 3 8 AwEAAeN+h0loXPKt7lFdW2zKIDkVHyJ1aYGUVE1dMNBlRH3kTn40JKcHiPOs+fy0OFVCBwoKa1s9qZtdyP1UC0hgKoldj3oELK1yLI5MUbTMcNkWbBMRuxRz/CgZJu3IxcmuZWZMbn4LQDMj5YeiUiuWns5vipFGWWpyPyozQXmenSWOK2GJOwcm7I/DyHVtVdztTvqiHqzy2aRoxwPhmEuAoYzzuNJJw6JNEnXaN/7l2TIciskFyPVPBFZYHnk+1ma906dfehIR190z3lh1ZESL2Yy3VIE2QGpRU6Px4ydH5sXxZ2wSMgqNNga4kjnfM1msBqk3EI48RvTTkuV0yb1eFuU=
+.			7303	IN	RRSIG	DNSKEY 8 0 172800 20200211000000 20200121000000 20326 . UaaPoqlBlRixcabCWMJ9jVvevx+Sp8W5rMt06Tozfg/gefIspEKxw4fx22mRaAQZzdHq9Lt+Who4YpUX95CDrgDYtYJ9NOyICRNlWnY9FNqOW0AreCmEK0qqS52xYb72hJYpFrCILGLD6jl4Ar0LFi29iXnVLQ99+SvD8PPHHkEiIu1WhlES7taEavtbKijyjLYXwagQxSQCzMgkbWN1+S78kJGZEMaBODTZuiiGIw5Jy3OPAQxHQyLTElR5ZuEg59/sSnTCEfmoXcxG9/g6O1qWs6d9hDVadKfXhHr8OTXGoB25Ttp3CyZGdSqRkCwwJpWJ9SlaL+khcJoLFqwm8w==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 864 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43154
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			8754	IN	DS	34112 8 2 3C5B5F9B3557455C50751A9BE9EBE9238C88E19F5F07F930976917B51B95CD22
+nl.			8754	IN	RRSIG	DS 8 1 86400 20200207050000 20200125040000 33853 . s8pLNGhOt2S56ZmFJCUFjh72+nDKMxDBU5mH9GUBwsuJFmFs0aCBvAE8nPkU6lUN3d+UYJg9n8PEq0KP7Ea9v+HTnbDftKbQMbyL2tYhlP1+3CXwwozmD+1keq0AyFY6k7yj/d/ETcQYbmvz4Gudm0uJ4z+s1EDaGlLsXl4D7jFPhs117ASUBKFcphKEg3nKOhId04qOMf7ULz9evHggCPs9NCls+XHomo6HTSW+ZsoAi31ShiDnxnMU85nyst1sAT3xPsUZs/9TgFvmosPEUjkWtOUhypN6MYAS/kDbGECw41iEb1R4HRh2hOEhj7TLOpn2HfqC1pUrKRY7Ap7RSw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 366 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27023
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			3529	IN	DNSKEY	256 3 8 AwEAAdDXROYhplVlInShki5RxTj7vFwqk8grVOHwUjwUlvsKBJUknF1PN1TWpHoXvWFXDTviW7jVgPx6RH2I4b/Iq30zHgPxJYT3EtpTzRbX2F1WS5n31r8BrQc3V1LdCGknhpAw6c7SAntrZ6m6nkgDn6z0ySnWri659CjxUgsHCBmD
+nl.			3529	IN	DNSKEY	257 3 8 AwEAAcb+4kIsKoZM+3ZZpU9kzxrzw30e3b+L0KZeX+aAS3eM+Q+q27Jw0NZ3dqsPSif61GjRW6apjDZ9Ciab3oyEu7IpihVrw94DTjWZTVViZAijAIHwKUzY0YjkT3RvN+xgpw4uZs1SnqCZxYko+15esteKXW/nJpde0d9OeFFBaS2WTCycK+A6gd9DsOw91Y7Z2vrR/2g9N9dMIVq9neB1/KXXm4MttLqJyxRWZNAFTyLGQKzPpQDp9s3qowV2+pcHOh6lUTEeOWiAtotJ/5WyO91viZ5tBfClsyGpggBTaeUQ7T5adhAtX6nRkhePyAtQgCCf63ZpHyoyxvbkDM7yuA0=
+nl.			3529	IN	RRSIG	DNSKEY 8 1 3600 20200202095410 20200119113801 34112 nl. YGz3Y0XlKlWblNFPyt/T1cFUJkyB/mSLr9qWloZOUI4yyG/HqHU1aaS51UppjcGnAmCvcIYJ0tC8aNwEb+PW82czWJKX01A/493jQvCFPawqSFJWEFmiIdd7GVghAL5HFkZPyN1zeB/cYO3Y+/1UccY/r3QHlKmNpspJ7OoVo5/gcGvpE3vej5/DKDz/jiSo9wyEvLY09Ifpdsg03yJXCGMgD7kPDkPtnPWNNbUzmLiZbI0O4ePGS7q3G7Ink381KVS6f+3Dyjl0LQtEGEmyYglBl3w4DNAwlTvb7m5HEMarPYCs2Hy9zumSEoxNRpOhCSC3eNFuIT+4+cvzKEFOIw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41875
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed25519.nl., type = DS, class = IN
+
+;; ANSWERS:
+ed25519.nl.		3599	IN	DS	45515 15 2 1579CE721A8ADF5EF5222D48D6065FDD06E7BCE5C0154EC3EF1F30CC0D06EAAA
+ed25519.nl.		3599	IN	RRSIG	DS 8 2 3600 20200206093417 20200123053802 63744 nl. NhT3bOB2OFPf2tm8uG4QbbZVn/zwZRbHtOIcXc+hAUwZWKD3ZS5u+2gYEDwvG6G2hCtgcpIQZLAlnrlUs2j6EqSIbGJcof9fX+P3p3MMkvLZO3Sf17qOBETeVMsFSQPEdEyFInJWi4UxnJrjWpiLtdaxDJXIOJ0CDU2w6MfasHg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 249 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54226
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed25519.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ed25519.nl.		3599	IN	RRSIG	DNSKEY 15 2 3600 20200206000000 20200116000000 45515 ed25519.nl. J/S+wT1KqCBWpzHtiJKhJ+YWx498lhTnvIcvKL/+eyAooKRbVrF/gXCAZpiL1hS7visl+Vw4fjTnnKnZn8BgDQ==
+ed25519.nl.		3599	IN	DNSKEY	256 3 15 2tstZAjgmlDTePn0NVXrAHBJmg84LoaFVxzLl1anjGI=
+ed25519.nl.		3599	IN	DNSKEY	257 3 15 m1NELLVVQKl4fHVn/KKdeNO0PrYKGT3IGbYseT8XcKo=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 241 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed448 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed448
new file mode 100644
index 000000000..c90dbe818
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed448
@@ -0,0 +1,111 @@
+#Date: 2020-01-26T20:06:39+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38495
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed448.nl., type = A, class = IN
+
+;; ANSWERS:
+ed448.nl.		3599	IN	A	45.150.156.16
+ed448.nl.		3599	IN	RRSIG	A 16 2 3600 20200206000000 20200116000000 24480 ed448.nl. bvKGWUiNDA3bFq0ECVF+/BGtNrNZUmgvDVKtLwrBWJTd+du2exCuUWfZNW72QxIDwJxPcnbCAiwAhOXjdzWGZH5Rtyqrz+bOELH4VISCA3dTGleofgZpWBBwuzWAWd8A5hCm35eei6ffo0BCIlmFSSwA
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 207 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59993
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			7127	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
+.			7127	IN	DNSKEY	256 3 8 AwEAAeN+h0loXPKt7lFdW2zKIDkVHyJ1aYGUVE1dMNBlRH3kTn40JKcHiPOs+fy0OFVCBwoKa1s9qZtdyP1UC0hgKoldj3oELK1yLI5MUbTMcNkWbBMRuxRz/CgZJu3IxcmuZWZMbn4LQDMj5YeiUiuWns5vipFGWWpyPyozQXmenSWOK2GJOwcm7I/DyHVtVdztTvqiHqzy2aRoxwPhmEuAoYzzuNJJw6JNEnXaN/7l2TIciskFyPVPBFZYHnk+1ma906dfehIR190z3lh1ZESL2Yy3VIE2QGpRU6Px4ydH5sXxZ2wSMgqNNga4kjnfM1msBqk3EI48RvTTkuV0yb1eFuU=
+.			7127	IN	RRSIG	DNSKEY 8 0 172800 20200211000000 20200121000000 20326 . UaaPoqlBlRixcabCWMJ9jVvevx+Sp8W5rMt06Tozfg/gefIspEKxw4fx22mRaAQZzdHq9Lt+Who4YpUX95CDrgDYtYJ9NOyICRNlWnY9FNqOW0AreCmEK0qqS52xYb72hJYpFrCILGLD6jl4Ar0LFi29iXnVLQ99+SvD8PPHHkEiIu1WhlES7taEavtbKijyjLYXwagQxSQCzMgkbWN1+S78kJGZEMaBODTZuiiGIw5Jy3OPAQxHQyLTElR5ZuEg59/sSnTCEfmoXcxG9/g6O1qWs6d9hDVadKfXhHr8OTXGoB25Ttp3CyZGdSqRkCwwJpWJ9SlaL+khcJoLFqwm8w==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 864 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53319
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			23199	IN	DS	34112 8 2 3C5B5F9B3557455C50751A9BE9EBE9238C88E19F5F07F930976917B51B95CD22
+nl.			23199	IN	RRSIG	DS 8 1 86400 20200207200000 20200125190000 33853 . Uoj2zHzh4QFG8bFVuEz2M6KIkNDoVxcFsTlPgc9r/jcrHtmDD19FDzQxulwjsSTvg6Y55lknUriMR9A6gFbMKxVdqA1KNa7WqU3RhKvlztBK0BRnK3vYnA0FqxiuCkbckiSRJjkxGe2nLaehxP4Jkg2/1o+AvB1+8lBteKhclV4yfpMnAqdGKYvrNoFIzV90BHMLqs3nqHOg4N0LHzfFhyD7WUHp1/qAVxVD0Q7U2TfpRxWW8hoUZixl3maAcwLFoMCmwIGm9KdaynvwYNt91wfRWp2LLZ5aRDsvBeaHiTI9K1cUU007rKU9jORc7U8C43RJL4DL8afQLF4pingKgQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 366 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22319
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			3511	IN	DNSKEY	257 3 8 AwEAAcb+4kIsKoZM+3ZZpU9kzxrzw30e3b+L0KZeX+aAS3eM+Q+q27Jw0NZ3dqsPSif61GjRW6apjDZ9Ciab3oyEu7IpihVrw94DTjWZTVViZAijAIHwKUzY0YjkT3RvN+xgpw4uZs1SnqCZxYko+15esteKXW/nJpde0d9OeFFBaS2WTCycK+A6gd9DsOw91Y7Z2vrR/2g9N9dMIVq9neB1/KXXm4MttLqJyxRWZNAFTyLGQKzPpQDp9s3qowV2+pcHOh6lUTEeOWiAtotJ/5WyO91viZ5tBfClsyGpggBTaeUQ7T5adhAtX6nRkhePyAtQgCCf63ZpHyoyxvbkDM7yuA0=
+nl.			3511	IN	DNSKEY	256 3 8 AwEAAdDXROYhplVlInShki5RxTj7vFwqk8grVOHwUjwUlvsKBJUknF1PN1TWpHoXvWFXDTviW7jVgPx6RH2I4b/Iq30zHgPxJYT3EtpTzRbX2F1WS5n31r8BrQc3V1LdCGknhpAw6c7SAntrZ6m6nkgDn6z0ySnWri659CjxUgsHCBmD
+nl.			3511	IN	RRSIG	DNSKEY 8 1 3600 20200202095410 20200119113801 34112 nl. YGz3Y0XlKlWblNFPyt/T1cFUJkyB/mSLr9qWloZOUI4yyG/HqHU1aaS51UppjcGnAmCvcIYJ0tC8aNwEb+PW82czWJKX01A/493jQvCFPawqSFJWEFmiIdd7GVghAL5HFkZPyN1zeB/cYO3Y+/1UccY/r3QHlKmNpspJ7OoVo5/gcGvpE3vej5/DKDz/jiSo9wyEvLY09Ifpdsg03yJXCGMgD7kPDkPtnPWNNbUzmLiZbI0O4ePGS7q3G7Ink381KVS6f+3Dyjl0LQtEGEmyYglBl3w4DNAwlTvb7m5HEMarPYCs2Hy9zumSEoxNRpOhCSC3eNFuIT+4+cvzKEFOIw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31479
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed448.nl., type = DS, class = IN
+
+;; ANSWERS:
+ed448.nl.		3599	IN	DS	24480 16 2 85B885E4BC43270BDAA46860687D8F62D9BEEF1C6E9BEF21A7D80DC18A7943ED
+ed448.nl.		3599	IN	RRSIG	DS 8 2 3600 20200207144247 20200124023802 63744 nl. iBuueusdnKMiKRoiWXOi+ikw4gAkowyAspPklGY1t7U8nO8j+gxT3ooMBd9MdTFslgO7JVqIXUzdYZltUYgw4QsbOIPHZgJRKqsDk/e1PGd14OicoIi4U9QAvxDoiVs4JI7+u3sCi7IRKf2Bjov+3K7QWhKIftyjLaHZUhf9vcE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 247 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50838
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed448.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ed448.nl.		1799	IN	DNSKEY	257 3 16 8pYFjTum61L0k+q8HiIkEPipTTbuYnZceMVTJvqMZbhZdwzpkiYHRBHcVxmnOp1RJsGyt6I0myOA
+ed448.nl.		1799	IN	RRSIG	DNSKEY 16 2 1800 20200206000000 20200116000000 24480 ed448.nl. hMzUYoP9CvlqYajBDuODCxSpsouc96EG5A0aYTt78vhcRAuO7SP1n+AkqujGycZoCLNEt3IWONiAXOfAoGAPw3ZRh8W/ECqvX8fleB6UHlZKxrh8WPWn/wLZ2tsnBLXSnUGLypjFb5eqIeY6eUUB0CMA
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 264 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestBogusReasonMessage/testLongBogusReasonIsSplitCorrectly b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestBogusReasonMessage/testLongBogusReasonIsSplitCorrectly
new file mode 100644
index 000000000..b837e997f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestBogusReasonMessage/testLongBogusReasonIsSplitCorrectly
@@ -0,0 +1,121 @@
+#Date: 2016-06-07T23:59:45+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31158
+;; flags: qr rd ra ad cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+isc.org.		1163	IN	SOA	ns-int.isc.org. hostmaster.isc.org. 2016060700 7200 3600 24796800 3600
+isc.org.		1163	IN	RRSIG	SOA 5 2 7200 20160706234032 20160606234032 13953 isc.org. bX2SRqyh180R4DME+cdbFM+brddgfJfjDOniLnuKQCeMfWgXWh9ckkYISKglhXW+UCx377dsN1W07tYSHgc5lONcE4dxGftKsKk5yl6JRS9cC/JhIFuO/4kN8yZ1+ZnT1LQvprd/sFJtwABpFOyp/kG1MXnWArkPd6Twz7/9o+w=
+isc.org.		2962	IN	NSEC	01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF
+isc.org.		2962	IN	RRSIG	NSEC 5 2 3600 20160706234032 20160606234032 13953 isc.org. fnOJeQG2vOwrERAPIqAenLOosbIBT7UvmxOV8Az2ExOhlGxP2CEqZEc5NPVbidq4oZC2kHyG7x31D6LBJXeXgOuanv+uqPNe9UIiUhdj+Egf8FEWIOKp8nxgjQGiGSNbQenWjeWoR91sReFEU+Pn7NPlEI072MzEESOT8oVucx8=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 681 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34586
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			5080	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			5080	IN	DNSKEY	256 3 8 AwEAAarQO0FTE/l6LEKFlZllJIwXuLGd3q5d8S8NH+ntOeIMN81A5wAI18g3u9w/esNkThwgXTEa2mX1iOPdTcl3yRleAExxF22lEU2E0GKY2XdYr/BxP5fojJAPRgtEGDl72NSwSnD2/a8uPNirAJZoab36Hlw41QxEl7bmCo0280mt
+.			5080	IN	RRSIG	DNSKEY 8 0 172800 20160614235959 20160531000000 19036 . d6grk7MW27La3d35wcURuLnP5cRhM8OmrQxkuwhKg7riaG52E/1qMt9rrDz29EBWuBbiFnnsCrsteUcTQTThV0y6Uw0Iw/jdcm9LjLg1t2eTTm8JbS4sb0WWzkLecc9d+RMjuvyHa/wrJOpZSqwUloSOPnlg1/QqBBmQeNFS7lM5gcdvTGDVpP7Q4xXKgg/VxkXuBAepkTEnMxtD5ACJg28t4Eb+Sxe1AMX7N2YQ1rVuj1Z3b9mLFvLc/4u++/i2C/KZfTvmG1ev3S4ydwg1HNVqKEwj4d8iQO0TmZRzBmCdhVho8wHWez+3h3A9hUe+uo05kFY/a1ibs75AZKRCbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3573
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			4955	IN	DS	9795 7 1 364DFAB3DAF254CAB477B5675B10766DDAA24982
+org.			4955	IN	DS	9795 7 2 3922B31B6F3A4EA92B19EB7B52120F031FD8E05FF0B03BAFCF9F891BFE7FF8E5
+org.			4955	IN	RRSIG	DS 8 1 86400 20160617050000 20160607040000 60615 . Jq5yKki+K/BbgXUQYgUK7dSNWM+VXY96ZGHZt3CZSgL+nOGY1T8jMf7QXJYJ0z+G8qv3JhiofeX00QeOfTQDzXOFCXPto66SvAfHs0uVrC41pmxyQCBJOMkn6Z7LN6f4D+MFDD+gJii5bGbNh3pxe0WKTpg/Lr93s++CgprDFGY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29457
+;; flags: qr rd ra ad cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			364	IN	DNSKEY	256 3 7 AwEAAZ+JwpM2QvhT/1EXUPyoiythOolQZGOkjyBZs95c0nXZkz4pcah/s8WWkRgyrr+peLc1P5yoBwWR10/avmNIPfgeRuwKROdCtt+pe0DME9aZIpRGA7CJY18pJR94Zb+sB5ms4CQsOE67wSZZYZt7FSVNmmVHju8vTCDlqWh22m//
+org.			364	IN	DNSKEY	256 3 7 AwEAAebZOMc2aV6wi03zOgdiQhZqTbD043sXt5xRsTPn9vxukojZcsa6cOIrfqPb3l57m7u5H3r8inU8QbsC/aAYV7EOeSGNcK/lQepKSR+rlvq+7iMXoXVa9dL1tRpHDjNLp6QW+ly/jbfe5nzhptfbiiq3o/uSICf7SxF+Ho+vp4MD
+org.			364	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			364	IN	DNSKEY	257 3 7 AwEAAcMnWBKLuvG/LwnPVykcmpvnntwxfshHlHRhlY0F3oz8AMcuF8gw9McCw+BoC2YxWaiTpNPuxjSNhUlBtcJmcdkz3/r7PIn0oDf14ept1Y9pdPh8SbIBIWx50ZPfVRlj8oQXv2Y6yKiQik7bi3MT37zMRU2kw2oy3cgrsGAzGN4s/C6SFYon5N1Q2O4hGDbeOq538kATOy0GFELjuauV9guX/431msYu4Rgb5lLuQ3Mx5FSIxXpI/RaAn2mhM4nEZ/5IeRPKZVGydcuLBS8GZlxW4qbb8MgRZ8bwMg0pqWRHmhirGmJIt3UuzvN1pSFBfX7ysI9PPhSnwXCNDXk0kk0=
+org.			364	IN	RRSIG	DNSKEY 7 1 900 20160622150242 20160601140242 9795 org. MoLhr1SsXAwR4JWiAVjbBTlPB5v3V4AGi4N8CRNgeHLcy5YhMezA10sOGNaGMxbrNlgP/lLEAblAG2OUfH2b6B6JbZ8+mGdKjxT12fKwMa3YfQ42DlYHRnDolokGdm0geL2nN3CXIU+2BTDhbIe7Y+NVVuWV+0s9SetcWMNpHkBm8kPUoHJQS/uaw9EOJ5aM1whTcvEaH+Lbk0Fp0wBleN7ERv7NwPPA+9h5PF682ZoKk2/vzRaqThRgIx/h231rw6xkcciCsDMj3/urcq1m7BoW1wWK08lteHAAjcDwdnQmeVKSIAvWRa6qYby9rQ4Mu6ORMLr7Cc4Jwec7SolvNA==
+org.			364	IN	RRSIG	DNSKEY 7 1 900 20160622150242 20160601140242 12510 org. Rlq5SzA2zA9H61D1s7dG+J+zIUNd+r8j8HznA1z83xanFmJ/19hCtaMLWtbOgtC5eg1r1kPFY1Ddjl1s0IRHXhTFm5c7YQjYFVNrHsEA7pOcdwv2hltbQKjTgT/PfOu59RMt2NVMWPAffem0FyDlNIKbsctOe5y8Ot0wXIRugvU=
+org.			364	IN	RRSIG	DNSKEY 7 1 900 20160622150242 20160601140242 17883 org. UrU+wrSQCkm3pVjB4YwRMwI0axgfDfwbFjJkNUG7aE8lW/wvzHX60sq7aS8NQRNqQdiR/7PAs5NZF0kuRULiT+61GVBnEVGi71SrKZayhEuINxNjh3Tu22ogzTRLAAKfm/iHWH3awDPemIM6jqSQGRHEw88gm5Kl7qP1WboQ92pkqJjXSrQmbbsSbyvdRoey2k8/oMkCaG9UVmaxWNA/9zUIOg57gscaG2bqVlE0c7xQSKC4NhuF0ns2S6xcpkl73MS7ZuN6rDhccDJbqH5VZ+QtVUn44mDe5o5Yvon0iPIz0N0mjgPPCCuBT/rVbEYFRZ/PMlyi7GQOVnwZO18Sfg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44585
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DS, class = IN
+
+;; ANSWERS:
+isc.org.		14922	IN	DS	12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759
+isc.org.		14922	IN	DS	12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5
+isc.org.		14922	IN	RRSIG	DS 7 2 86400 20160622150242 20160601140242 12510 org. KafYznIS4q2FxkDTTZpw4iCsXIO/Nx2xD9oHVwKLSD3CL8Wp/Yn3fEeUfcmwsmiA81hSN1afBuQfhCH6FY78uGYOyyx5AX9Q/Qp0JY/sKUyp6z2TODSf314Nwuy21yOD1fll4VrS4OgqtND2y0Q9d8F1A+whyJd90b7IFdvmbSs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 283 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45223
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+isc.org.		166	IN	DNSKEY	256 3 5 AwEAAbiHaDVOPBsWPvRvtfYF2AeL4NOBf+mDktCFtaxdf7h7dHBzXAW86vMMvs8CbH5Qs5gJJT4vsRYh4lUtMJLBP8TMkAkhqm+57IKvQmsLCXgBFthgy1kq01GkgiwAysf0LL1N/yR0+GEfMsmjhDxRWb1lHl1O+blG2/l52vyZ060T
+isc.org.		166	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
+isc.org.		166	IN	RRSIG	DNSKEY 5 2 7200 20160706230738 20160606230738 12892 isc.org. Ah/AXCKOGFp0EsnM605S/56wK2z7ihmIIBufPdeVzikvR/P6kmctyfUnT8gpEFAyveT8tZtLJM3OCsjvaMSh/SVZ84T4ICvDCuG8YuzWkJS6WYh1QiAZFhrC2IRhXfdbtodL0iy7kse8MsmU5fLJS2t65UGlRioCQ3ji7GCNllHeVqzW5Xj7rKBTZqj/juoHCPSmSNsTpvIBJdHCVT4mjJexlBAMyOdpXLcs9Td5OSahO+gpD6fbb0MCG7EN5B9xaqVVr4Bawdk8eu5t/sZqbdU7VZUWwIP+i93CpIQnI2eKq2VIKslrxSycyVWJz1WBqOu6Dle8dYiu11dS+W02+w==
+isc.org.		166	IN	RRSIG	DNSKEY 5 2 7200 20160706230738 20160606230738 13953 isc.org. PbpBZU66p3fkgeLbVhRjChbNPxXVotQPs09nXOnVLiPHi0L16oqzpyAiPYDXxLZV1D+g7rUofvzU+dqD8toPXS9wXAlMk7yOuni7a0yopYyFcGGE3HUMOJAlO7RQSFNgUbebxS+h8y57jB932JjqVjGoDlfd227DqfBhlpl1o3Q=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 923 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToExternalUnsignedVoid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToExternalUnsignedVoid
new file mode 100644
index 000000000..11351f8d8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToExternalUnsignedVoid
@@ -0,0 +1,103 @@
+#Date: 2015-01-06T22:34:53+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19653
+;; flags: qr rd ra cd ; qd: 1 an: 1 au: 6 ad: 1 
+;; QUESTIONS:
+;;	cvoid.dnssectest.jitsi.net., type = A, class = IN
+
+;; ANSWERS:
+cvoid.dnssectest.jitsi.net.	10800	IN	CNAME	void.invalid.example.
+
+;; AUTHORITY RECORDS:
+.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400
+.			10800	IN	RRSIG	SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE=
+.			10800	IN	RRSIG	NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk=
+.			10800	IN	NSEC	abogado. NS SOA RRSIG NSEC DNSKEY
+everbank.		10800	IN	RRSIG	NSEC 8 1 86400 20150113170000 20150106160000 16665 . QZcGZd7ZHWpt4cbDBq4y27PePP+BswDry6qVkqNkuNRd8MSHh74SvwbhyWmqjLR0agHYPOT7+gG/6hZmJ2n6EHCXAngQYWxgO6I0acqbkbEC8Ecf3WN1VUT0PD0cntMFaJUAAA0W/hcINLYMd/K8QT5SVgnfmkkZdhjqBW0fmlA=
+everbank.		10800	IN	NSEC	exchange. NS DS RRSIG NSEC
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 703 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30978
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87381	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87381	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87381	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87381	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43389
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	net., type = DS, class = IN
+
+;; ANSWERS:
+net.			1016	IN	DS	35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D8BD973EE
+net.			1016	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . lvtZMm89bm5FBumG9OVTrChfGK7FuHkqEBDxT4QsR4IRE1frrHGyUSF1P9FjIpvE20dHjRvkl0llLTPNfQB97T/0QSKXVO1+mK+jM57AHPUbYZczgJ4iD4owxv50G8viJx58PSg3pGOP32CyJbgjKUxk5zbLKRnojuHT7FwdB+A=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 239 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30421
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	net., type = DNSKEY, class = IN
+
+;; ANSWERS:
+net.			1016	IN	DNSKEY	257 3 8 AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmXSuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQDS4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn
+net.			1016	IN	DNSKEY	256 3 8 AQPOLFKjvGKxyqclqQ0cOL99u9IQcUcMvVOpEgMC1lbsK7juIO5jeXF10hH2PhYdZF4HvPtHetU1P5cozol6ExskddyUw33MHIMIll3ryQhsN3MWRmmMZpj2gZhKsQQ+NJ81MxfYT40W6rQkVQ7t7J3+PQsPoEUXfFDxtzIBO5OgeQ==
+net.			1016	IN	RRSIG	DNSKEY 8 1 86400 20150111173857 20150104173357 35886 net. Ds4nPxTvsyrzL3G1+8lFLawSR9pyq1zbdvJdq2VL3SMjnarPdBdHD09A8WC5k21mm1yp9Yl4cgTP5Eb1PVOxhvcvrgMbHOdkDB5ZJP0sk6jwkTEY/abUDqC8nBdbbwVLGLhkfZCNEHPn2aYGNi2eBWRruzRS9cjAZlM0KbkPXNya+Xq0KkjsIaozkgaoDvmtqDmHoAZwxRVHryvIcB2iMAJjsLtfBR9uENb93D3fN8L+/EGkjuoyA6NEHWW3AeiTc5CK3cuF0RXrRVlC2ZlrNaBe9c2rurZDL8VHZGx/D2TIj7EcHU1Gb4Hxyb8xQYecG6PvmE5+cMYoOo7N0rCOhA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 743 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22947
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	jitsi.net., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+net.			900	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1420580071 1800 900 604800 86400
+net.			900	IN	RRSIG	SOA 8 1 900 20150113213431 20150106202431 6647 net. Oo+RNWfHsZh3xLf6tXP6fvy2NVGDm83QCNw6K0k5IWv68Qlq9O9JKGbyH38fsBe9yce5KXSbMP3x/STDNNQBMuF6bqtSmFntJ04IydrFXruUQ7ZYCOXOA+qIYEH7Uaoz8GAJ2g/VCngUJQRsJVbMC1p11WlbVSufCbKRmxLjHh8=
+A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net.	900	IN	RRSIG	NSEC3 8 2 86400 20150112060337 20150105045337 6647 net. S5luUHZNIAKGwCaXJrR3iMPf7zy8F01LXnIm69iMeH4iu7DjtAeYCDFk4yFch5mbuzhIbk4I3MEK2C4B6kQsQtaEO/qCbhT5JLyD0of5WDuvBumLz54RYHhv0gCSzzHt17+VM1suO58R9ciU1E/ZK7aqe55vnOFdySU9J5GtAbM=
+A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net.	900	IN	NSEC3	1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM
+BJLKS9K921PG1IINN15L0VRSEDGACIMT.net.	900	IN	RRSIG	NSEC3 8 2 86400 20150113060049 20150106045049 6647 net. vK/ekvWS+rAvJSO7MOPHSC48Dl1YEFB+9lPVij54nZgeDUva84SSATqCuzzM3feJYzATYNuqmeROq3vM2QOtbbuIltKIfryUmzo83+Im7ZLXh6lW53j0l4zsUmBvPaj4l8JJzpdrbqf7WB75664ANzv2wwXSWpV/F9PJYqVe+Hk=
+BJLKS9K921PG1IINN15L0VRSEDGACIMT.net.	900	IN	NSEC3	1 1 0 - BJM99D76H567GQKJV87VAIPCTVI7SD7A NS DS RRSIG
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 759 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSigned
new file mode 100644
index 000000000..e7341aac6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSigned
@@ -0,0 +1,236 @@
+#Date: 2015-01-06T22:34:58+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51540
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 6 ad: 11 
+;; QUESTIONS:
+;;	cfailed.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cfailed.ingotronic.ch.	300	IN	CNAME	www.dnssec-failed.org.
+cfailed.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010136 20141226005030 17430 ingotronic.ch. mgZy6VoaP0RNTOyEsr9QFpUoWSSCbuMi5SsJHqF/GE9q7ejF2SBBslVCufhRDrHFZHL2MO7NZGIpaYr3qQTBEuciPaNetBszGJS740pWwbz7pVENXsDUKbOr0Nyeai2aWh8EKuhk2kzAFCTguZe9w+oOZPEQYKTIHjvE5gLA7bA=
+www.dnssec-failed.org.	7200	IN	A	69.252.193.191
+www.dnssec-failed.org.	7200	IN	A	68.87.109.242
+www.dnssec-failed.org.	7200	IN	RRSIG	A 5 3 7200 20150109165051 20150102134551 41118 dnssec-failed.org. JYn9DWTh8isQjK7Xbc6b85MY4Sf4ZI4HQCatS5pN0zsEYjMVcwsv+hLxPwvAVpyDb/Ew4g9Vhuph/1/3DUmfOHRMJWe8bliRSVx+zsJGwGKf6wY+XkXmnSfNwYAzgO8nONVvhUUfFdZC+PDggQei5tlnnVh+HhFOlrfJK6baM14=
+
+;; AUTHORITY RECORDS:
+dnssec-failed.org.	1024	IN	NS	dns101.comcast.net.
+dnssec-failed.org.	1024	IN	NS	dns105.comcast.net.
+dnssec-failed.org.	1024	IN	NS	dns103.comcast.net.
+dnssec-failed.org.	1024	IN	NS	dns104.comcast.net.
+dnssec-failed.org.	1024	IN	NS	dns102.comcast.net.
+dnssec-failed.org.	1024	IN	RRSIG	NS 5 2 7200 20150109165051 20150102134551 41118 dnssec-failed.org. KgBDFY0Fmua62wqbOFEEYUmqRm89/8PNWce1Gpp1BclSvzBSe4+sId64tRlKxuCKY5SJU9X3XJhWQGSokNFyZPhcxjB1HmrA0YKArrzV1gJk/07uCQQt4vhLN98abxFJ0NcY/5MsXmeRPrMrbvQSV1Mzb+WSQi6nyNfWiaH22ts=
+
+;; ADDITIONAL RECORDS:
+dns101.comcast.net.	87424	IN	A	69.252.250.103
+dns101.comcast.net.	87424	IN	AAAA	2001:558:fe23:8:69:252:250:103
+dns102.comcast.net.	87424	IN	A	68.87.85.132
+dns102.comcast.net.	87424	IN	AAAA	2001:558:1004:7:68:87:85:132
+dns103.comcast.net.	87424	IN	A	68.87.76.228
+dns103.comcast.net.	87424	IN	AAAA	2001:558:1014:c:68:87:76:228
+dns104.comcast.net.	87424	IN	A	68.87.68.244
+dns104.comcast.net.	87424	IN	AAAA	2001:558:100a:5:68:87:68:244
+dns105.comcast.net.	87424	IN	A	68.87.72.244
+dns105.comcast.net.	87424	IN	AAAA	2001:558:100e:5:68:87:72:244
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 980 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46886
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87376	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87376	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87376	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87376	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13800
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			976	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			976	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31528
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			976	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			976	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			976	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			976	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39803
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3584	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3584	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3584	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8543
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22565
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87375	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87375	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87375	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87375	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40773
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1024	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1024	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1024	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5431
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			900	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			900	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			900	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			900	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			900	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			900	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			900	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31541
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec-failed.org., type = DS, class = IN
+
+;; ANSWERS:
+dnssec-failed.org.	1025	IN	DS	106 5 1 4F219DCE274F820EA81EA1150638DABE21EB27FC
+dnssec-failed.org.	1025	IN	DS	106 5 2 AE3424C9B171AF3B202203767E5703426130D76EF6847175F2EED355F86EF1CE
+dnssec-failed.org.	1025	IN	RRSIG	DS 7 2 86400 20150126170632 20150105160632 53348 org. fl/vMVXfynaiQTcME5ZuX+yIcMFidX9ykMnK8jBHug/BQW1OvqwxknH3q1UemVhS94KnQxNG+mQmEpHUX1BcQkHt57BFlreS0ZmDJpLvCeyT/6yG5jtNLBL3Vcyc1Bwq5OegPd7A7qaCQWaeXYOTBJsVbCZRLMfsh3mq1vBasOQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59607
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec-failed.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec-failed.org.	3600	IN	DNSKEY	257 3 5 AwEAAb/f/pB/FLWoYp3j+HtldGkbUMT6caAw2rej0DZkgXVFOKn4PWi3BYjCozjEqxeramt+9b1SMuOSJ8vGKWr0YKrfyfJigsVxpsMgJ7QWcxeMACjC/oM8BPjDFBby/CgQQE63nPVX2SfDWCRhEhTOnsPZpKJvq66IHF/w+3u0IpyeplQWvO+HJ9OQPOQrstM7d/IPa7yKEtqS2nhBT0GWX2/GYhT6oE7F4vc2VF9f6MjpB/pWPzkcx636YaxG9P0QRBvzdD/Wztcbz1Scgxw5sUlIkQAzWV1mJfvXF+7NqzGcc94/kMt1VUzN2kYASRyn1ALiFPfNLz4VMUvSw5fpNS0=
+dnssec-failed.org.	3600	IN	DNSKEY	256 3 5 AwEAAcedvQhRqSGpERVGT4afbPjTQmRm0qipv7iYmE6L2h1toIyjdb4/qScsYfY/C29k8aGe3qdW8zMFP/Py1Lo4EZaH5oX46HsmRkb1muYZ3vGXkm3Bj9/tlrUAcmMg4VV3e68sLkhS78uMZP7cUYe72Dem89g8YdzjV64DaHzSPYXR
+dnssec-failed.org.	3600	IN	RRSIG	DNSKEY 5 2 3600 20150109165051 20150102134551 41118 dnssec-failed.org. qnYEEspPHJthzgVkUk5IcR9Qr/8obR6wmFdHRmh01zz6q543ZMts4ItbMIVsRwHptIcw1M5vkUD0AhtM5rbwSyPOOa1jeL7WraFv6wHEruFAm2uQSiy/L525TB4/zTwML98jkICzdWVDhocV+PZjrLGRq2za7tT1mAX601rav4E=
+dnssec-failed.org.	3600	IN	RRSIG	DNSKEY 5 2 3600 20150207135051 20141010095051 29521 dnssec-failed.org. MbRITRRHKnev1/LFG00Lfcy0DsTbCsoch5KzuNFaWu91k35zB0fxhQqwOhgsOT4nR5P/MmxYxIYp2/u5D4quq4OmkeaQCN4f9YcGXVqTj9k27m0p/1ibRPEILVzIovSplOGzOSjJMl+Vv75dB2SdEF6mBadl5oE+S/+6ZSAKJX+cRUnr4ENkAGHCoCfQ6l2juMz9KWNFrf4ym4dPbZ6DNCu31AskjqRehP7HcSstW9sg1gYXZ0Jm0oPkahHqWDMFwCr/em5BSTY+WK+ligc1OFOFkEYh9/HwIDxz4sJMeCxiTJ81xi6vTz9Llyz+pehMgxeco74gSSWS1pXE6/jhvw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 952 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSignedNsec3
new file mode 100644
index 000000000..9b4f151b4
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSignedNsec3
@@ -0,0 +1,275 @@
+#Date: 2015-01-06T22:34:58+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57536
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 6 ad: 11 
+;; QUESTIONS:
+;;	cfailed.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cfailed.nsec3.ingotronic.ch.	300	IN	CNAME	www.dnssec-failed.org.
+cfailed.nsec3.ingotronic.ch.	300	IN	RRSIG	CNAME 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. XR45/Bj0H6L9GlqNLpgkmym00VqRQmuKINZ1aER3OR4OEiW2XMgKu6ta73sMYYIgr1lZv1Gz73WCFlfXU0pOOkS30y0nsVgOq2oshbHc7fJaPb5UXygCBR1o/zNMYUhX4Ebc63eh9qsNb62f2cJlm4EBHN83P1IR5ezFOuS/W1o=
+www.dnssec-failed.org.	7199	IN	A	68.87.109.242
+www.dnssec-failed.org.	7199	IN	A	69.252.193.191
+www.dnssec-failed.org.	7199	IN	RRSIG	A 5 3 7200 20150109165051 20150102134551 41118 dnssec-failed.org. JYn9DWTh8isQjK7Xbc6b85MY4Sf4ZI4HQCatS5pN0zsEYjMVcwsv+hLxPwvAVpyDb/Ew4g9Vhuph/1/3DUmfOHRMJWe8bliRSVx+zsJGwGKf6wY+XkXmnSfNwYAzgO8nONVvhUUfFdZC+PDggQei5tlnnVh+HhFOlrfJK6baM14=
+
+;; AUTHORITY RECORDS:
+dnssec-failed.org.	1023	IN	NS	dns105.comcast.net.
+dnssec-failed.org.	1023	IN	NS	dns102.comcast.net.
+dnssec-failed.org.	1023	IN	NS	dns101.comcast.net.
+dnssec-failed.org.	1023	IN	NS	dns103.comcast.net.
+dnssec-failed.org.	1023	IN	NS	dns104.comcast.net.
+dnssec-failed.org.	1023	IN	RRSIG	NS 5 2 7200 20150109165051 20150102134551 41118 dnssec-failed.org. KgBDFY0Fmua62wqbOFEEYUmqRm89/8PNWce1Gpp1BclSvzBSe4+sId64tRlKxuCKY5SJU9X3XJhWQGSokNFyZPhcxjB1HmrA0YKArrzV1gJk/07uCQQt4vhLN98abxFJ0NcY/5MsXmeRPrMrbvQSV1Mzb+WSQi6nyNfWiaH22ts=
+
+;; ADDITIONAL RECORDS:
+dns101.comcast.net.	87423	IN	A	69.252.250.103
+dns101.comcast.net.	87423	IN	AAAA	2001:558:fe23:8:69:252:250:103
+dns102.comcast.net.	87423	IN	A	68.87.85.132
+dns102.comcast.net.	87423	IN	AAAA	2001:558:1004:7:68:87:85:132
+dns103.comcast.net.	87423	IN	A	68.87.76.228
+dns103.comcast.net.	87423	IN	AAAA	2001:558:1014:c:68:87:76:228
+dns104.comcast.net.	87423	IN	A	68.87.68.244
+dns104.comcast.net.	87423	IN	AAAA	2001:558:100a:5:68:87:68:244
+dns105.comcast.net.	87423	IN	A	68.87.72.244
+dns105.comcast.net.	87423	IN	AAAA	2001:558:100e:5:68:87:72:244
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 992 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50511
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87375	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87375	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87375	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87375	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43188
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			975	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			975	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49410
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			976	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			976	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			976	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			976	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19603
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3584	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3584	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3584	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29571
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14282
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16947
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54802
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87375	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87375	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87375	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87375	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19703
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1023	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1023	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1023	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10916
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			899	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			899	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			899	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			899	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			899	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			899	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			899	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43081
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec-failed.org., type = DS, class = IN
+
+;; ANSWERS:
+dnssec-failed.org.	1024	IN	DS	106 5 1 4F219DCE274F820EA81EA1150638DABE21EB27FC
+dnssec-failed.org.	1024	IN	DS	106 5 2 AE3424C9B171AF3B202203767E5703426130D76EF6847175F2EED355F86EF1CE
+dnssec-failed.org.	1024	IN	RRSIG	DS 7 2 86400 20150126170632 20150105160632 53348 org. fl/vMVXfynaiQTcME5ZuX+yIcMFidX9ykMnK8jBHug/BQW1OvqwxknH3q1UemVhS94KnQxNG+mQmEpHUX1BcQkHt57BFlreS0ZmDJpLvCeyT/6yG5jtNLBL3Vcyc1Bwq5OegPd7A7qaCQWaeXYOTBJsVbCZRLMfsh3mq1vBasOQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54857
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec-failed.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec-failed.org.	3599	IN	DNSKEY	257 3 5 AwEAAb/f/pB/FLWoYp3j+HtldGkbUMT6caAw2rej0DZkgXVFOKn4PWi3BYjCozjEqxeramt+9b1SMuOSJ8vGKWr0YKrfyfJigsVxpsMgJ7QWcxeMACjC/oM8BPjDFBby/CgQQE63nPVX2SfDWCRhEhTOnsPZpKJvq66IHF/w+3u0IpyeplQWvO+HJ9OQPOQrstM7d/IPa7yKEtqS2nhBT0GWX2/GYhT6oE7F4vc2VF9f6MjpB/pWPzkcx636YaxG9P0QRBvzdD/Wztcbz1Scgxw5sUlIkQAzWV1mJfvXF+7NqzGcc94/kMt1VUzN2kYASRyn1ALiFPfNLz4VMUvSw5fpNS0=
+dnssec-failed.org.	3599	IN	DNSKEY	256 3 5 AwEAAcedvQhRqSGpERVGT4afbPjTQmRm0qipv7iYmE6L2h1toIyjdb4/qScsYfY/C29k8aGe3qdW8zMFP/Py1Lo4EZaH5oX46HsmRkb1muYZ3vGXkm3Bj9/tlrUAcmMg4VV3e68sLkhS78uMZP7cUYe72Dem89g8YdzjV64DaHzSPYXR
+dnssec-failed.org.	3599	IN	RRSIG	DNSKEY 5 2 3600 20150109165051 20150102134551 41118 dnssec-failed.org. qnYEEspPHJthzgVkUk5IcR9Qr/8obR6wmFdHRmh01zz6q543ZMts4ItbMIVsRwHptIcw1M5vkUD0AhtM5rbwSyPOOa1jeL7WraFv6wHEruFAm2uQSiy/L525TB4/zTwML98jkICzdWVDhocV+PZjrLGRq2za7tT1mAX601rav4E=
+dnssec-failed.org.	3599	IN	RRSIG	DNSKEY 5 2 3600 20150207135051 20141010095051 29521 dnssec-failed.org. MbRITRRHKnev1/LFG00Lfcy0DsTbCsoch5KzuNFaWu91k35zB0fxhQqwOhgsOT4nR5P/MmxYxIYp2/u5D4quq4OmkeaQCN4f9YcGXVqTj9k27m0p/1ibRPEILVzIovSplOGzOSjJMl+Vv75dB2SdEF6mBadl5oE+S/+6ZSAKJX+cRUnr4ENkAGHCoCfQ6l2juMz9KWNFrf4ym4dPbZ6DNCu31AskjqRehP7HcSstW9sg1gYXZ0Jm0oPkahHqWDMFwCr/em5BSTY+WK+ligc1OFOFkEYh9/HwIDxz4sJMeCxiTJ81xi6vTz9Llyz+pehMgxeco74gSSWS1pXE6/jhvw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 952 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedA b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedA
new file mode 100644
index 000000000..c2f0a963e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedA
@@ -0,0 +1,122 @@
+#Date: 2015-01-06T22:34:57+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52495
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 2 ad: 3 
+;; QUESTIONS:
+;;	csigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+csigned.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+csigned.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. ZBVECD9hhC0kSJPnvROZVE5bcN7mtDOuoYEJeTJZzuVU9ipLU7QljKmz4Lxhqq/MbdkpkR9Q2IgTjoDfVFbgZeattaQxjytAmKawXSFD6MzGEC2+JxE0+d1Q0N/1i+fH4EiIFpAZ3QDJjB6DIVb2cwX6TKGeETib2eB9g6aL+Dc=
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 810 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35772
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87376	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87376	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87376	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87376	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30053
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			976	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			976	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61795
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			977	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			977	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			977	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42380
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3585	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3585	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3585	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45992
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedAExternal b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedAExternal
new file mode 100644
index 000000000..55f11bec5
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedAExternal
@@ -0,0 +1,234 @@
+#Date: 2015-01-06T22:35:00+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28485
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 5 ad: 11 
+;; QUESTIONS:
+;;	csext.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+csext.ingotronic.ch.	300	IN	CNAME	www.isc.org.
+csext.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. dtPhpp6j05dVvEsL1y2sAM58ZmRapjsRhiej8KRdJcCOdGw2OFhSYrHdYgW74hTKEEZztJ2d/9iDUv+pOcu2+chBgs2NVokLtuqLnVvRm7OdaekT3RXDZfNfhSYwWukBzl6/oewu5KyeNnOAuDAWLlbTpgCZFCGbnNMVKe2exnU=
+www.isc.org.		60	IN	A	149.20.64.69
+www.isc.org.		60	IN	RRSIG	A 5 3 60 20150204233244 20150105233244 4521 isc.org. qX9Fqzc+cUB7TUgdAPDQztt+3L7A2TxqVPTGZht3gKb1oBizum2zL3Le6lSO/DI2b526/n+l6gyT7ZtSL058wmEWhXeFlurPojBEBCWYLBkJ7OBLTqMSKzVNN1zpdUIs2RA8QqLOhSWeFkBw0bcJaDnRC2uKr0513aMVJfk5uA8=
+
+;; AUTHORITY RECORDS:
+isc.org.		1027	IN	NS	ord.sns-pb.isc.org.
+isc.org.		1027	IN	NS	sfba.sns-pb.isc.org.
+isc.org.		1027	IN	NS	ns.isc.afilias-nst.info.
+isc.org.		1027	IN	NS	ams.sns-pb.isc.org.
+isc.org.		1027	IN	RRSIG	NS 5 2 7200 20150204233244 20150105233244 4521 isc.org. Olb3QQHiezY6ysFepLUtePsgyVqXgECmLMROkbaAJT5ndTyoMHy4NaX/zFc63LtvzilrS59l9x719c4Pcm37zuEEdKB1IdjtxYKzKqmCzJZ5GuSZ6XgLO2DPWoF2ws+1BVPJL2myZdoBeEu+cUxCLTsETOloSl9Jz5livJ+Xbxo=
+
+;; ADDITIONAL RECORDS:
+ns.isc.afilias-nst.info.	1027	IN	A	199.254.63.254
+ns.isc.afilias-nst.info.	1027	IN	AAAA	2001:500:2c:0:0:0:0:254
+ams.sns-pb.isc.org.	1027	IN	A	199.6.1.30
+ams.sns-pb.isc.org.	1027	IN	AAAA	2001:500:60:0:0:0:0:30
+ord.sns-pb.isc.org.	1027	IN	A	199.6.0.30
+ord.sns-pb.isc.org.	1027	IN	AAAA	2001:500:71:0:0:0:0:30
+sfba.sns-pb.isc.org.	1027	IN	A	149.20.64.3
+sfba.sns-pb.isc.org.	1027	IN	AAAA	2001:4f8:0:2:0:0:0:19
+ams.sns-pb.isc.org.	7200	IN	RRSIG	A 5 4 7200 20150204233244 20150105233244 4521 isc.org. SEjuacdGLjteFKFrB0UTyTcEjEP/VtAKeNWD6DqXLA4839PAk17M1qzCf13uKBGwtb9e1xr3U/GDlIhspbSkSNOIWBzfkKiM8PXQ9kZZuYaPrrz2sz5CzzyzThkz4bq4BicQwKNi/aD/ljLaCIWZDXfZwJabo0Uz+G3QlIq18YE=
+ams.sns-pb.isc.org.	7200	IN	RRSIG	AAAA 5 4 7200 20150204233244 20150105233244 4521 isc.org. EGLJUSGvW1gxEUglZKYLS2NmlJsPNzZQFZSORxTKIXqgF+0A2fZpk+/vkGwxiwqkOsV5Tu7kXUFzC7fIWEI7VDn/L8XKLz575upoMoGvA3bAZ/7VWXjLSXbyTFrDTP9GKSA4knIRtrIsOY+dKieSwIGV6sykBYA8ONMpPcj0sCY=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1205 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57660
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87374	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87374	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87374	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87374	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			974	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			974	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46749
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			975	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			975	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3597
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3582	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3582	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3582	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53222
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15854
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87373	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87373	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87373	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87373	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55128
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1022	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1022	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1022	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39672
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			898	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			898	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			898	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			898	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			898	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			898	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			898	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10645
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DS, class = IN
+
+;; ANSWERS:
+isc.org.		1027	IN	DS	12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759
+isc.org.		1027	IN	DS	12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5
+isc.org.		1027	IN	RRSIG	DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 283 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61039
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+isc.org.		7200	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
+isc.org.		7200	IN	DNSKEY	256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP
+isc.org.		7200	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10=
+isc.org.		7200	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 923 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedMX b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedMX
new file mode 100644
index 000000000..7b5e97a8e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedMX
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:34:59+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55073
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 1 
+;; QUESTIONS:
+;;	csigned.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+csigned.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+csigned.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. ZBVECD9hhC0kSJPnvROZVE5bcN7mtDOuoYEJeTJZzuVU9ipLU7QljKmz4Lxhqq/MbdkpkR9Q2IgTjoDfVFbgZeattaQxjytAmKawXSFD6MzGEC2+JxE0+d1Q0N/1i+fH4EiIFpAZ3QDJjB6DIVb2cwX6TKGeETib2eB9g6aL+Dc=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 670 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4926
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87374	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87374	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87374	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87374	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65501
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			974	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			974	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20356
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			975	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			975	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52970
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3583	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3583	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3583	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24421
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedNsec3
new file mode 100644
index 000000000..65621b682
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedNsec3
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:34:57+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18324
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 2 ad: 3 
+;; QUESTIONS:
+;;	csigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+csigned.nsec3.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+csigned.nsec3.ingotronic.ch.	300	IN	RRSIG	CNAME 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. BaI9bT+Df9JqQuHHfPrcDsghZm7o1CCRXla/uzgUOBcCggW5Bk90hlXm0ih7ZIzmk764zHWNOcMJoBrCQ7XcFVIWVp+YUUVqCM6LmqPkz6rXwmeNpAS2mc04cjEg/DGEMTVo3IJLVW+kv7orci9AdWpaaZCC9oKz7aX68AlJyPc=
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 822 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10716
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87376	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87376	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87376	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87376	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47183
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			976	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			976	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24709
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			977	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			977	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			977	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44808
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3585	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3585	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3585	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43983
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59500
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23927
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSubSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSubSigned
new file mode 100644
index 000000000..fe50b755e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSubSigned
@@ -0,0 +1,258 @@
+#Date: 2015-01-06T22:34:55+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20853
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 2 ad: 3 
+;; QUESTIONS:
+;;	cssub.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cssub.ingotronic.ch.	300	IN	CNAME	www.nsec3.ingotronic.ch.
+cssub.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Xmz99ucY+QTITwoo0KkCpZqmxqJp67uxfAvpOTSviID9cdQCs/LX8H5cPPOrgCxRIutuZczRKoSwt/w49Z3Kd9B2HrOfU3TY6pa7cXnG6vzV4Er/RKxdsIQJWCnzaF734FLn906exR7Cyznm+wSuubJvAiz0LMvC+SjJ9IynVx0=
+www.nsec3.ingotronic.ch.	300	IN	A	127.0.0.1
+www.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. jQhCY33aj9YTcCTHgl71PhM02o2LL6tdTy5M8TQw/Kt8D7wHxjVpu75eT9XEaM3abIqvygero5hCxyPW6IfF+FKmdx3MNigQiaB2sKu2XDNmFMbaucmVAWDRDMRY1BFavjz316JSb0rXX3XcS/ixbj9+jAm9lCXROcuzmOPB7vw=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 826 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24439
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87379	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87379	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87379	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87379	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 548
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			978	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32630
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			979	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			979	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26037
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3587	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3587	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3587	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53160
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56207
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87378	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87378	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87378	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87378	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36556
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			978	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36210
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			979	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			979	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32040
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3587	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3587	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3587	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13921
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 984
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62463
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedA b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedA
new file mode 100644
index 000000000..ef79a546d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedA
@@ -0,0 +1,205 @@
+#Date: 2015-01-06T22:34:54+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37558
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 3 ad: 6 
+;; QUESTIONS:
+;;	cunsinged.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cunsinged.ingotronic.ch.	300	IN	CNAME	www.20min.ch.
+cunsinged.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Oq75+uqbjTpblXzShoTm9TUViMxIS/iTdyGSi9tc4dsF/EKBtw0GyBjZA4iHNDkBPVudQ0u+aN9Zh+Mr+OgqyylCtfKKYRDRGYbPhkjs+EufU2FBoxYfPeMeaDTYXhN+prj9lla6IUkEsxZX+8SZlw/+GlJ0nVIDeN00L3U8y6Y=
+www.20min.ch.		599	IN	A	83.140.105.62
+
+;; AUTHORITY RECORDS:
+20min.ch.		3599	IN	NS	robotns2.second-ns.de.
+20min.ch.		3599	IN	NS	robotns3.second-ns.com.
+20min.ch.		3599	IN	NS	ns1.first-ns.de.
+
+;; ADDITIONAL RECORDS:
+ns1.first-ns.de.	600	IN	A	213.239.242.238
+ns1.first-ns.de.	299	IN	AAAA	2a01:4f8:0:a101:0:0:a:1
+robotns2.second-ns.de.	1016	IN	A	213.133.105.6
+robotns3.second-ns.com.	7199	IN	A	193.47.99.3
+robotns3.second-ns.com.	599	IN	AAAA	2a00:1158:4:0:0:0:add:a3
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 467 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18340
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87379	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87379	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87379	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87379	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37899
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			979	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64743
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			980	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61336
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3588	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3588	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3588	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18907
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43839
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87379	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87379	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87379	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87379	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45479
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			979	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5536
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			980	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			980	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20532
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	20min.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ch.			3600	IN	SOA	a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600
+ch.			3600	IN	RRSIG	SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	NSEC3	1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM=
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	NSEC3	1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 741 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedMX b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedMX
new file mode 100644
index 000000000..5a0659f3d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedMX
@@ -0,0 +1,197 @@
+#Date: 2015-01-06T22:34:54+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20119
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 1 ad: 1 
+;; QUESTIONS:
+;;	cunsinged.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+cunsinged.ingotronic.ch.	300	IN	CNAME	www.20min.ch.
+cunsinged.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Oq75+uqbjTpblXzShoTm9TUViMxIS/iTdyGSi9tc4dsF/EKBtw0GyBjZA4iHNDkBPVudQ0u+aN9Zh+Mr+OgqyylCtfKKYRDRGYbPhkjs+EufU2FBoxYfPeMeaDTYXhN+prj9lla6IUkEsxZX+8SZlw/+GlJ0nVIDeN00L3U8y6Y=
+
+;; AUTHORITY RECORDS:
+20min.ch.		300	IN	SOA	ns1.first-ns.de. postmaster.20min.ch. 2014121100 600 600 86400 600
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 311 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30770
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87379	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87379	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87379	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87379	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16869
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			979	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35599
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			980	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35095
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3588	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3588	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3588	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23106
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24914
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87379	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87379	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87379	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87379	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26910
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			979	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48955
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			980	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			980	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9000
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	20min.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ch.			3600	IN	SOA	a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600
+ch.			3600	IN	RRSIG	SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	NSEC3	1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM=
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	NSEC3	1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 741 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedNsec3
new file mode 100644
index 000000000..fd36d1cb2
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedNsec3
@@ -0,0 +1,240 @@
+#Date: 2015-01-06T22:34:53+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30287
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 3 ad: 2 
+;; QUESTIONS:
+;;	cunsinged.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cunsinged.nsec3.ingotronic.ch.	300	IN	CNAME	www.20min.ch.
+cunsinged.nsec3.ingotronic.ch.	300	IN	RRSIG	CNAME 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. rIfDPrgT5aS2eL0ZibS5jElaEZviflBjmKuzikS3r9/QXm+Ad/gO7+/cVdCjK98p4JOWW+RxowOQsL97bPhtmNQZiqUr1agKe3nLLqQw6Y+3hT74BZEcEHmi0xvzdS4syt4BdiiWkf9U7LnLZBvC4sK4d2gG1/apDJi1mOThcDw=
+www.20min.ch.		600	IN	A	83.140.105.62
+
+;; AUTHORITY RECORDS:
+20min.ch.		3600	IN	NS	ns1.first-ns.de.
+20min.ch.		3600	IN	NS	robotns2.second-ns.de.
+20min.ch.		3600	IN	NS	robotns3.second-ns.com.
+
+;; ADDITIONAL RECORDS:
+robotns2.second-ns.de.	1017	IN	A	213.133.105.6
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 391 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35001
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87380	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87380	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87380	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87380	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37625
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			980	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31241
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			981	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			981	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			981	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			981	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14796
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3589	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3589	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3589	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47626
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22107
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34962
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11098
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87380	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87380	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87380	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87380	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14971
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			980	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17809
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			980	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			980	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51464
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	20min.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ch.			3600	IN	SOA	a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600
+ch.			3600	IN	RRSIG	SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	NSEC3	1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM=
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	NSEC3	1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 741 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedVoid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedVoid
new file mode 100644
index 000000000..a7f0a45e4
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedVoid
@@ -0,0 +1,234 @@
+#Date: 2015-01-06T22:34:56+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16068
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 1 ad: 1 
+;; QUESTIONS:
+;;	cvoid4.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoid4.ingotronic.ch.	300	IN	CNAME	gibtsnicht.unsigned.ingotronic.ch.
+cvoid4.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. GJPzgBVNBOn1X/aX0VhnWdpr3eVFvil6+z2nyPo1ikIdf1hKkpt7uhC7NRpUM9+4Kapxjs+n3Om45LwXtnPrKQ4hYIJFjRoPwBgg+SZN5bFC38e1zSdZnhlSG5CVvz/E2Ga/9/Hoks87s7l3UPfW9/60GO9KTOwnr++PhL8RBa8=
+
+;; AUTHORITY RECORDS:
+unsigned.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032601 300 60 864000 300
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 302 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13057
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87377	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87377	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87377	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87377	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54555
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			977	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62611
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			978	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9284
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3586	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3586	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3586	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24290
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1013
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87377	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87377	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87377	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87377	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38352
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			977	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46761
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			978	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			978	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56933
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3586	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3586	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3586	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32818
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13560
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	unsigned.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+unsigned.ingotronic.ch.	300	IN	NSEC	v.ingotronic.ch. NS RRSIG NSEC
+unsigned.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 480 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalInvalidTld b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalInvalidTld
new file mode 100644
index 000000000..94a244486
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalInvalidTld
@@ -0,0 +1,122 @@
+#Date: 2015-01-06T22:34:59+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6215
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 6 ad: 1 
+;; QUESTIONS:
+;;	cvoidext1.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoidext1.ingotronic.ch.	300	IN	CNAME	example.invalid.
+cvoidext1.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. Xav60pS0YfajeVhUHndHfm+x6EwR84QywbttguX6n0aZIeh/wI4Hq9DBwGJXi69Q8yzLlnS8hL2UXKewYs4lPds0hYNDj6I01nxtUbZvsi+DDLnkQsdJ7pgWQh8L9zPDIMxOk2E6fcKD5M9DOV1ARfcXKwxUQX6cpy5xwp7/NGU=
+
+;; AUTHORITY RECORDS:
+.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400
+.			10800	IN	RRSIG	SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE=
+.			10800	IN	RRSIG	NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk=
+.			10800	IN	NSEC	abogado. NS SOA RRSIG NSEC DNSKEY
+international.		10800	IN	RRSIG	NSEC 8 1 86400 20150113170000 20150106160000 16665 . Bd+SEFOjCmN5pg924EOfuq15E0haMqLhX0Li2V3KDfosFYoA81Vs8Okg7Jvc5KJn1eRu4HnZlz81bIYZ9Kt5bJGoFie+5iCcnlZPBQhKTYN5M80/BepNJyrcvocFvgRDaEYv1si1cxRpLGMYDTVHHkykSNjygRTuVdP/JZ/A9LA=
+international.		10800	IN	NSEC	investments. NS DS RRSIG NSEC
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 879 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40638
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87374	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87374	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87374	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87374	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38951
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			974	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			974	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7331
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			975	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			975	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27566
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3583	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3583	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3583	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9517
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalValidTld b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalValidTld
new file mode 100644
index 000000000..818fc5a87
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalValidTld
@@ -0,0 +1,182 @@
+#Date: 2015-01-06T22:34:57+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46204
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 8 ad: 1 
+;; QUESTIONS:
+;;	cvoidext2.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoidext2.ingotronic.ch.	300	IN	CNAME	asdfasdfasdfasdfasdlallala.cz.
+cvoidext2.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. gmo4G24J9Mvp33WaOCGbCb458CVIs/4I4Y3LKckPljSGiABf/yaQGvS9l3IzJPQnYSX8YQ4DIqlk7eusuJQY0fy2aAdOm04FwmwqUwyTmsAZLFVj3QTdKegKd5Dn6X3dkn0tey+B+f9vvAC7463cXnFBV/IH/FarIrI6k9ojzKY=
+
+;; AUTHORITY RECORDS:
+cz.			900	IN	SOA	a.ns.nic.cz. hostmaster.nic.cz. 1420578481 900 300 604800 900
+cz.			900	IN	RRSIG	SOA 10 1 18000 20150120004808 20150106200801 12305 cz. wlLCApKp0+5n0FCqFyBqMMhIT3Ed0PZL096UZE52b6kbc1vlZMrJTVegCNAfqHA5lncr5IDiH74MRycOHXrASZbjRkrSlD/65Q6078U0eyUeMfkdTGtpbG4O9MIoYz2ZOYA+cm46kihukqqyL8TYW4k6tPPz38wM0ZtOOm6os68=
+38GIO0D33Q2JTSPH3U5Q11N5T26Q7Q4K.cz.	900	IN	RRSIG	NSEC3 10 2 900 20150115154919 20150103133802 12305 cz. PJPc+o6k8nLCNnQLA7TsWdzq48+QO864/hWGqVRSCi9ukLgGDMKqv+jElAfWaUEC5+VjcqVFbPN4axf3f3YrujByVEeEh7w4xyszNT1PXuW8aRzxQY25w56qZg/0RS7u3iPqTTXD326C0YSviz9U+cUS01SDDG/VykuYNZ4HFW0=
+38GIO0D33Q2JTSPH3U5Q11N5T26Q7Q4K.cz.	900	IN	NSEC3	1 0 10 67B58E8C9BC9DB56 38GKDLFFUNLEL0AGNO2LSLVJVKI68LAG NS
+8EFHGTJ1KPPOHHCDUN98RE9MQIJPGRTJ.cz.	900	IN	RRSIG	NSEC3 10 2 900 20150116070317 20150102073803 12305 cz. zOjazMb7y7VNKVJ0lV/GZWqzuQry0BGluA0L/r3jclBMei61EOK5OzZYz8w/rWbvYVD0bbRoicE2xnkfzABZU94vz+b62jYZQCbMymg53rYv3fiqIsxryxpZFxT/uJaHKpjN0qFUFbeWF6zSdx5LuH2d7dKK0GvQHm75YKljoXw=
+8EFHGTJ1KPPOHHCDUN98RE9MQIJPGRTJ.cz.	900	IN	NSEC3	1 0 10 67B58E8C9BC9DB56 8EFJ4IJ3TL227ELEVRADBRR79O7OI5GU NS DS RRSIG
+FT1N74TQU0J7F46PTJVFUISFDM2FASQ9.cz.	900	IN	RRSIG	NSEC3 10 2 900 20150116012634 20150103003759 12305 cz. DuInt8AROXCbNdXO8QTeha9mLCaa/yw+6OhWNrRf65ZduFNSz+HVsAOK2XTmDoLUbrqGWzVSLS+ICJHYld40A8ApKEziLg5Kml5sLdZqQ/B3eFKAlCs085ZVqTRn7CtcSNFlO99nbcrLFum7Bd791XqNObAUuWULgEoknq/CqVc=
+FT1N74TQU0J7F46PTJVFUISFDM2FASQ9.cz.	900	IN	NSEC3	1 0 10 67B58E8C9BC9DB56 FT1N8G39QDVVI8P5NMEPU90HLCN2JE96 NS SOA RRSIG DNSKEY NSEC3PARAM
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1229 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4951
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87377	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87377	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87377	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87377	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30086
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			977	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44855
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			978	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30639
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3586	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3586	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3586	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59579
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14960
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87376	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87376	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87376	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87376	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43914
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	cz., type = DS, class = IN
+
+;; ANSWERS:
+cz.			1022	IN	DS	54576 10 2 397E50C85EDE9CDE33F363A9E66FD1B216D788F8DD438A57A423A386869C8F06
+cz.			1022	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . usdJcSrC+uZEPY8AbHtkDdbuhCaz7ZGrKWHYZG3lixlcaEACfpf2Wl4Tz55FvIgCXKII9B6PUJ9umfupy+XOMvBUsjI8aD/Of8bEBWQ2QS35GOt8YMoyf5lI+nZT0hte/cY3Dgq0Vo2zHvvdrPC2kfgy0i/h4IMxLYWghQeCg1M=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23832
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	cz., type = DNSKEY, class = IN
+
+;; ANSWERS:
+cz.			18000	IN	DNSKEY	257 3 10 AwEAAay0hi4HN2r/BqMQTpIPIVDyjmyF+9ZWvr5Lewx+q+947o/GrRv4FGFfkZxf9CFfYVUf0jG5Yq4i06pGVNwJl81HS9Ux2oeHRXUvgtLnl5HeRVLL+zgI5byx9HSNr4bPO8ZEn5OjoayhkNyGSFr4VWrzQk/K02vLP4d1cCEzUQy30eyZto2/tG5ZwCU/iRkS1PJOcOW98hiFIfFDZv1XjbEpqEYhT2PATs6rt+BKwSHKGISmg1PNdg+y0rItemYMWr1f9BGAdtTWoPCPCYPjOZMPoIyA4tMscD+ww54Jf/QNoHccY4hO1yHiuAXG7SUn8jo0IKQ9W7JJxES0aqFCX/0=
+cz.			18000	IN	DNSKEY	256 3 10 AwEAAd3ZDGaLTUBExTP4AxFwNmoNUbi/VuWW5/vdee9lnZynOe6QoXfw8+yxwAKEB1IMrPxXVcc1PIHSecFQYcm5ydYAFo2FD0x+NAk+7quCmepMjuWEo1qRMxlgVMxBjWCCOUM+zhGfkq/6u0GEEHzonevsRMazhkIbIZUWQmBMvUu7
+cz.			18000	IN	RRSIG	DNSKEY 10 1 18000 20150116000000 20150102000000 54576 cz. Ghsts1kWqYSQ72PDf49ItDFLQjTGoTK6JA9Ogf/efflU6ZltiuuXVd17oKI15HPk1hjL/n9HNRiIf1htUpdA9vmUbYKfrjVp2MJXHIGNniH1vWU3cFxReh2dxMspUDTyK64LwBBbBIBmEWY7jadtzsvjdHXx1eqngN3e4WUPGS58JoSXVv1d38vcTZ1jYLWmOlnHrCvZEwj9t53Lq1Ln/fra2Ft3cfgO6i0P6qtBht/amX7kX1BAV0l6lO+fy0PXXbXWoTMRDIruId/8N0ND7FZolH+XBxSW9clDHzPx9ivkJsxKB3rHO8vNOVWcHyKyKacpW2O8FFUee5PLlCu+6g==
+cz.			18000	IN	RRSIG	DNSKEY 10 1 18000 20150119154437 20150106200801 12305 cz. P48hNLytBKd+6k+EnJuE5W24xWSmxqjCvQy6M4UwDACyMyxDMZP4DmWuRgb+g/2OjpfSdGFvNTPSrTKAx3sOMynqLMJzYWRb5bRf2lPEIeHQH2Eeo9wvwh14uakw6HzHcNovak21iVTNoN61vmYR5QT1RyuBwYgFBGgUbMeiYpc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 907 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidNsec3
new file mode 100644
index 000000000..210ec0d07
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidNsec3
@@ -0,0 +1,163 @@
+#Date: 2015-01-06T22:34:53+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10111
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 8 ad: 1 
+;; QUESTIONS:
+;;	cvoid.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoid.nsec3.ingotronic.ch.	300	IN	CNAME	gibtsnicht.nsec3.ingotronic.ch.
+cvoid.nsec3.ingotronic.ch.	300	IN	RRSIG	CNAME 7 4 300 20150125001848 20141225235834 62417 nsec3.ingotronic.ch. wkUoPvwxbSBQwn6foMsFYdPuGZNnmi1qKWN7sEtcuI4Hu17Gfjm7oBMpbj5fbaKETl83sqAAPQThWAeoYCM0DDhxyI114F6/fb52HLYgGFNLdMP3T75nHZiIcH8A2Z5t9DmqTEPmuSU3sZRCPYI7kfBXGHM1vb0gcLptQn5Zh20=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1248 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32391
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87380	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87380	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87380	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87380	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55778
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			980	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33974
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			981	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			981	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			981	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			981	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45078
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3589	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3589	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3589	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13899
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52296
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58137
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_1
new file mode 100644
index 000000000..dbe48177d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_1
@@ -0,0 +1,122 @@
+#Date: 2015-01-06T22:34:55+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61136
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 6 ad: 1 
+;; QUESTIONS:
+;;	cvoid1.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoid1.ingotronic.ch.	300	IN	CNAME	gibtsnicht.ingotronic.ch.
+cvoid1.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. bjZ5dgY+WNUzgkbA9Bvgz9Ux6lQxEVWzrtnkByK7C6itvwG3pS1LcxOCPi79a5PQqbGm1S4axCsEHtZkoZWWU2OEUvfiqJtATnxBGlb43q0eP8wQhmxMSqSC5DNedShLeT5v1hhvCyyJ7lEpMKwI1ROc/MMtFzvlWHKCqb81lxQ=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+eccgost.ingotronic.ch.	300	IN	NSEC	invalid.ingotronic.ch. NS DS RRSIG NSEC
+eccgost.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 905 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16825
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87378	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87378	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87378	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87378	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29298
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			978	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33412
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			979	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13219
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3587	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3587	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3587	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54010
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_2
new file mode 100644
index 000000000..b018677c1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_2
@@ -0,0 +1,124 @@
+#Date: 2015-01-06T22:34:56+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34279
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 6 ad: 1 
+;; QUESTIONS:
+;;	cvoid2.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoid2.ingotronic.ch.	300	IN	CNAME	cvoid1.ingotronic.ch.
+cvoid2.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. TXsbQfrVD9b/bdPeIpYrLFxPxiihDhWpASKTwlH2qdJq1jj95azjtUKXDaiY5NQHey83W4Z3cS37stNAc/K2Du8novIqfXesZqf7g/1kYl1Yd/WXnU8h3ImPBrx4uGj1mv5K31cxpdfRp5EP73rarc2rgzO+pnCoKV7ofSXXYOo=
+cvoid1.ingotronic.ch.	300	IN	CNAME	gibtsnicht.ingotronic.ch.
+cvoid1.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. bjZ5dgY+WNUzgkbA9Bvgz9Ux6lQxEVWzrtnkByK7C6itvwG3pS1LcxOCPi79a5PQqbGm1S4axCsEHtZkoZWWU2OEUvfiqJtATnxBGlb43q0eP8wQhmxMSqSC5DNedShLeT5v1hhvCyyJ7lEpMKwI1ROc/MMtFzvlWHKCqb81lxQ=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+eccgost.ingotronic.ch.	300	IN	NSEC	invalid.ingotronic.ch. NS DS RRSIG NSEC
+eccgost.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1099 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59670
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87378	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87378	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87378	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87378	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6373
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			978	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48616
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			979	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			979	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14302
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3587	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3587	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3587	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60529
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_3
new file mode 100644
index 000000000..9cca46d2b
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_3
@@ -0,0 +1,126 @@
+#Date: 2015-01-06T22:34:56+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59635
+;; flags: qr aa rd ra cd ; qd: 1 an: 6 au: 6 ad: 1 
+;; QUESTIONS:
+;;	cvoid3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoid3.ingotronic.ch.	300	IN	CNAME	cvoid2.ingotronic.ch.
+cvoid3.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. Hu0GdbBDRA0DKRD4+sXTmQepSP4MiNAgYgD31P0HsW90u7EMg/urDVtDR4SGRQjgAJek5+YtYWoVD3Daqzbu5F6lJp8BATK7BcMbERdTv3R+3jnBbElA8sxyHUXBnMjuj6P1ifjFEN8cnS7zCVEDGZdKZN58TOCpNtuHAzl1J8A=
+cvoid2.ingotronic.ch.	300	IN	CNAME	cvoid1.ingotronic.ch.
+cvoid2.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. TXsbQfrVD9b/bdPeIpYrLFxPxiihDhWpASKTwlH2qdJq1jj95azjtUKXDaiY5NQHey83W4Z3cS37stNAc/K2Du8novIqfXesZqf7g/1kYl1Yd/WXnU8h3ImPBrx4uGj1mv5K31cxpdfRp5EP73rarc2rgzO+pnCoKV7ofSXXYOo=
+cvoid1.ingotronic.ch.	300	IN	CNAME	gibtsnicht.ingotronic.ch.
+cvoid1.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. bjZ5dgY+WNUzgkbA9Bvgz9Ux6lQxEVWzrtnkByK7C6itvwG3pS1LcxOCPi79a5PQqbGm1S4axCsEHtZkoZWWU2OEUvfiqJtATnxBGlb43q0eP8wQhmxMSqSC5DNedShLeT5v1hhvCyyJ7lEpMKwI1ROc/MMtFzvlWHKCqb81lxQ=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+eccgost.ingotronic.ch.	300	IN	NSEC	invalid.ingotronic.ch. NS DS RRSIG NSEC
+eccgost.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39640
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87377	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87377	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87377	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87377	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10842
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			977	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34860
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			978	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			978	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34516
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3586	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3586	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3586	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50866
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameChain b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameChain
new file mode 100644
index 000000000..c570c0e8e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameChain
@@ -0,0 +1,165 @@
+#Date: 2015-01-06T22:35:18+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44507
+;; flags: qr aa rd ra cd ; qd: 1 an: 8 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.alias.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+alias.nsec3.ingotronic.ch.	300	IN	DNAME	alias.ingotronic.ch.
+alias.nsec3.ingotronic.ch.	300	IN	RRSIG	DNAME 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. eYGi6EDpW/j20NoDaULrBkHTSTJhk45F8wsIRmGvmbdodQtvXH5Ax8kReCg3BxlkVnL+I4aQL4GrNFUU9F05JgIXHhDyW7ZixGVtj1rz2jCYHFYiQZC6RZSntnoUKdhcbgs/KI5ffIoFFMzrFfT8Aw6lUpBti0HRtnOdtepBHSc=
+www.alias.nsec3.ingotronic.ch.	300	IN	CNAME	www.alias.ingotronic.ch.
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+www.alias.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1075 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59638
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87355	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87355	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87355	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87355	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1139
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			955	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28751
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			956	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45226
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3564	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3564	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3564	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40277
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48824
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39526
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameDirectQueryIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameDirectQueryIsValid
new file mode 100644
index 000000000..e734ecd3a
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameDirectQueryIsValid
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:35:18+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46984
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	alias.ingotronic.ch., type = DNAME, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 628 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36002
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87355	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87355	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87355	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87355	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16893
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			955	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52063
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			956	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			956	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54102
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3564	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3564	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3564	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52299
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1
new file mode 100644
index 000000000..d59718dc5
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1
@@ -0,0 +1,215 @@
+#Date: 2015-01-06T22:35:17+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54975
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	alias.ingotronic.ch., type = NS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+alias.ingotronic.ch.	300	IN	NSEC	a.b.ingotronic.ch. DNAME RRSIG NSEC
+alias.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 479 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63210
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87356	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87356	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87356	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87356	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43121
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			956	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13758
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			957	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49588
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3565	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3565	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3565	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2484
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34069
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87356	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87356	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87356	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87356	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4828
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			956	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61240
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			957	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11851
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3564	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3564	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3564	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51177
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExistingIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExistingIsValid
new file mode 100644
index 000000000..cc278235e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExistingIsValid
@@ -0,0 +1,123 @@
+#Date: 2015-01-06T22:35:18+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38821
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.alias.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+www.alias.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 839 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1484
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87355	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87355	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87355	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87355	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32079
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			955	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20143
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			956	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47237
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3564	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3564	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3564	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23654
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExternal b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExternal
new file mode 100644
index 000000000..187ce6540
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExternal
@@ -0,0 +1,235 @@
+#Date: 2015-01-06T22:35:19+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47623
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 5 ad: 11 
+;; QUESTIONS:
+;;	www.isc.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+isc.ingotronic.ch.	300	IN	DNAME	isc.org.
+isc.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125010136 20141226005030 17430 ingotronic.ch. Lq+1VhRumvgwRCg2inz0FZkNn28FaHbc2lfie4WJ6ScNxtvGmQwaVc7nGt5xcxQEZZc609yr+kEuYEHMckSiCoEY6jy7/qI9e2vGYe1UGzT2bbjWZ6j/v40kE7x/dWybFAcpaWJyi6x+Nx6n3EsNe30TqPLO9kGzuumYDHNnVMs=
+www.isc.ingotronic.ch.	300	IN	CNAME	www.isc.org.
+www.isc.org.		41	IN	A	149.20.64.69
+www.isc.org.		41	IN	RRSIG	A 5 3 60 20150204233244 20150105233244 4521 isc.org. qX9Fqzc+cUB7TUgdAPDQztt+3L7A2TxqVPTGZht3gKb1oBizum2zL3Le6lSO/DI2b526/n+l6gyT7ZtSL058wmEWhXeFlurPojBEBCWYLBkJ7OBLTqMSKzVNN1zpdUIs2RA8QqLOhSWeFkBw0bcJaDnRC2uKr0513aMVJfk5uA8=
+
+;; AUTHORITY RECORDS:
+isc.org.		1008	IN	NS	ns.isc.afilias-nst.info.
+isc.org.		1008	IN	NS	ord.sns-pb.isc.org.
+isc.org.		1008	IN	NS	sfba.sns-pb.isc.org.
+isc.org.		1008	IN	NS	ams.sns-pb.isc.org.
+isc.org.		1008	IN	RRSIG	NS 5 2 7200 20150204233244 20150105233244 4521 isc.org. Olb3QQHiezY6ysFepLUtePsgyVqXgECmLMROkbaAJT5ndTyoMHy4NaX/zFc63LtvzilrS59l9x719c4Pcm37zuEEdKB1IdjtxYKzKqmCzJZ5GuSZ6XgLO2DPWoF2ws+1BVPJL2myZdoBeEu+cUxCLTsETOloSl9Jz5livJ+Xbxo=
+
+;; ADDITIONAL RECORDS:
+ns.isc.afilias-nst.info.	1008	IN	A	199.254.63.254
+ns.isc.afilias-nst.info.	1008	IN	AAAA	2001:500:2c:0:0:0:0:254
+ams.sns-pb.isc.org.	1008	IN	A	199.6.1.30
+ams.sns-pb.isc.org.	1008	IN	AAAA	2001:500:60:0:0:0:0:30
+ord.sns-pb.isc.org.	1008	IN	A	199.6.0.30
+ord.sns-pb.isc.org.	1008	IN	AAAA	2001:500:71:0:0:0:0:30
+sfba.sns-pb.isc.org.	1008	IN	A	149.20.64.3
+sfba.sns-pb.isc.org.	1008	IN	AAAA	2001:4f8:0:2:0:0:0:19
+ams.sns-pb.isc.org.	7181	IN	RRSIG	A 5 4 7200 20150204233244 20150105233244 4521 isc.org. SEjuacdGLjteFKFrB0UTyTcEjEP/VtAKeNWD6DqXLA4839PAk17M1qzCf13uKBGwtb9e1xr3U/GDlIhspbSkSNOIWBzfkKiM8PXQ9kZZuYaPrrz2sz5CzzyzThkz4bq4BicQwKNi/aD/ljLaCIWZDXfZwJabo0Uz+G3QlIq18YE=
+ams.sns-pb.isc.org.	7181	IN	RRSIG	AAAA 5 4 7200 20150204233244 20150105233244 4521 isc.org. EGLJUSGvW1gxEUglZKYLS2NmlJsPNzZQFZSORxTKIXqgF+0A2fZpk+/vkGwxiwqkOsV5Tu7kXUFzC7fIWEI7VDn/L8XKLz575upoMoGvA3bAZ/7VWXjLSXbyTFrDTP9GKSA4knIRtrIsOY+dKieSwIGV6sykBYA8ONMpPcj0sCY=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1221 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21621
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87355	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87355	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87355	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87355	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41228
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			955	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25460
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			955	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29897
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3563	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3563	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3563	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46136
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50984
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87354	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87354	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87354	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87354	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38781
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1003	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1003	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1003	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14080
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			879	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			879	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			879	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			879	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			879	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			879	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			879	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48402
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DS, class = IN
+
+;; ANSWERS:
+isc.org.		1008	IN	DS	12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5
+isc.org.		1008	IN	DS	12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759
+isc.org.		1008	IN	RRSIG	DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 283 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58766
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+isc.org.		7181	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
+isc.org.		7181	IN	DNSKEY	256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP
+isc.org.		7181	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10=
+isc.org.		7181	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 923 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNoDataIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNoDataIsValid
new file mode 100644
index 000000000..15e91df4e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNoDataIsValid
@@ -0,0 +1,121 @@
+#Date: 2015-01-06T22:35:14+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20564
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.alias.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+www.alias.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 699 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12186
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87359	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87359	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87359	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87359	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60111
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			959	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24158
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			960	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			960	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19242
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3568	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3568	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3568	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60231
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNxDomainIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNxDomainIsValid
new file mode 100644
index 000000000..d6784a4f8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNxDomainIsValid
@@ -0,0 +1,123 @@
+#Date: 2015-01-06T22:35:15+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49797
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 6 ad: 1 
+;; QUESTIONS:
+;;	x.alias.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+x.alias.ingotronic.ch.	300	IN	CNAME	x.ingotronic.ch.
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 914 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64372
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87358	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87358	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87358	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87358	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36440
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			958	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58358
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			959	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			959	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4469
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3567	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3567	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3567	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61514
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithFakedCnameIsInvalid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithFakedCnameIsInvalid
new file mode 100644
index 000000000..040e37371
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithFakedCnameIsInvalid
@@ -0,0 +1,220 @@
+#Date: 2015-01-06T22:35:15+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59873
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.alias.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+www.alias.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 839 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32717
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87358	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87358	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87358	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87358	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22278
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			958	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39399
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			959	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			959	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30642
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3567	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3567	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3567	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 634
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21603
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87358	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87358	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87358	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87358	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64817
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			958	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11560
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			959	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24579
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3567	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3567	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3567	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3482
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithMultipleCnamesIsInvalid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithMultipleCnamesIsInvalid
new file mode 100644
index 000000000..081386efc
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithMultipleCnamesIsInvalid
@@ -0,0 +1,220 @@
+#Date: 2015-01-06T22:35:14+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49996
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.alias.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+www.alias.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 839 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25388
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87359	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87359	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87359	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87359	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64749
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			959	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55977
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			960	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			960	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25126
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3568	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3568	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3568	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46256
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51913
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87359	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87359	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87359	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87359	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50080
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			959	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34534
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			960	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			960	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31593
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3568	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3568	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3568	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43999
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithNoCnameIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithNoCnameIsValid
new file mode 100644
index 000000000..c72454d1c
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithNoCnameIsValid
@@ -0,0 +1,433 @@
+#Date: 2015-01-06T22:35:16+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13618
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 5 ad: 11 
+;; QUESTIONS:
+;;	www.isc.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+isc.ingotronic.ch.	300	IN	DNAME	isc.org.
+isc.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125010136 20141226005030 17430 ingotronic.ch. Lq+1VhRumvgwRCg2inz0FZkNn28FaHbc2lfie4WJ6ScNxtvGmQwaVc7nGt5xcxQEZZc609yr+kEuYEHMckSiCoEY6jy7/qI9e2vGYe1UGzT2bbjWZ6j/v40kE7x/dWybFAcpaWJyi6x+Nx6n3EsNe30TqPLO9kGzuumYDHNnVMs=
+www.isc.ingotronic.ch.	300	IN	CNAME	www.isc.org.
+www.isc.org.		44	IN	A	149.20.64.69
+www.isc.org.		44	IN	RRSIG	A 5 3 60 20150204233244 20150105233244 4521 isc.org. qX9Fqzc+cUB7TUgdAPDQztt+3L7A2TxqVPTGZht3gKb1oBizum2zL3Le6lSO/DI2b526/n+l6gyT7ZtSL058wmEWhXeFlurPojBEBCWYLBkJ7OBLTqMSKzVNN1zpdUIs2RA8QqLOhSWeFkBw0bcJaDnRC2uKr0513aMVJfk5uA8=
+
+;; AUTHORITY RECORDS:
+isc.org.		1011	IN	NS	ord.sns-pb.isc.org.
+isc.org.		1011	IN	NS	ns.isc.afilias-nst.info.
+isc.org.		1011	IN	NS	sfba.sns-pb.isc.org.
+isc.org.		1011	IN	NS	ams.sns-pb.isc.org.
+isc.org.		1011	IN	RRSIG	NS 5 2 7200 20150204233244 20150105233244 4521 isc.org. Olb3QQHiezY6ysFepLUtePsgyVqXgECmLMROkbaAJT5ndTyoMHy4NaX/zFc63LtvzilrS59l9x719c4Pcm37zuEEdKB1IdjtxYKzKqmCzJZ5GuSZ6XgLO2DPWoF2ws+1BVPJL2myZdoBeEu+cUxCLTsETOloSl9Jz5livJ+Xbxo=
+
+;; ADDITIONAL RECORDS:
+ns.isc.afilias-nst.info.	1011	IN	A	199.254.63.254
+ns.isc.afilias-nst.info.	1011	IN	AAAA	2001:500:2c:0:0:0:0:254
+ams.sns-pb.isc.org.	1011	IN	A	199.6.1.30
+ams.sns-pb.isc.org.	1011	IN	AAAA	2001:500:60:0:0:0:0:30
+ord.sns-pb.isc.org.	1011	IN	A	199.6.0.30
+ord.sns-pb.isc.org.	1011	IN	AAAA	2001:500:71:0:0:0:0:30
+sfba.sns-pb.isc.org.	1011	IN	A	149.20.64.3
+sfba.sns-pb.isc.org.	1011	IN	AAAA	2001:4f8:0:2:0:0:0:19
+ams.sns-pb.isc.org.	7184	IN	RRSIG	A 5 4 7200 20150204233244 20150105233244 4521 isc.org. SEjuacdGLjteFKFrB0UTyTcEjEP/VtAKeNWD6DqXLA4839PAk17M1qzCf13uKBGwtb9e1xr3U/GDlIhspbSkSNOIWBzfkKiM8PXQ9kZZuYaPrrz2sz5CzzyzThkz4bq4BicQwKNi/aD/ljLaCIWZDXfZwJabo0Uz+G3QlIq18YE=
+ams.sns-pb.isc.org.	7184	IN	RRSIG	AAAA 5 4 7200 20150204233244 20150105233244 4521 isc.org. EGLJUSGvW1gxEUglZKYLS2NmlJsPNzZQFZSORxTKIXqgF+0A2fZpk+/vkGwxiwqkOsV5Tu7kXUFzC7fIWEI7VDn/L8XKLz575upoMoGvA3bAZ/7VWXjLSXbyTFrDTP9GKSA4knIRtrIsOY+dKieSwIGV6sykBYA8ONMpPcj0sCY=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1221 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32562
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87358	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87358	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87358	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87358	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51051
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			958	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19837
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			959	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24177
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3567	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3567	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3567	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9736
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27756
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87357	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87357	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87357	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87357	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7390
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1006	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1006	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1006	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34399
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			882	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			882	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			882	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			882	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29726
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DS, class = IN
+
+;; ANSWERS:
+isc.org.		1011	IN	DS	12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759
+isc.org.		1011	IN	DS	12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5
+isc.org.		1011	IN	RRSIG	DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 283 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43826
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+isc.org.		7184	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
+isc.org.		7184	IN	DNSKEY	256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP
+isc.org.		7184	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10=
+isc.org.		7184	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 923 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62271
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87357	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87357	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87357	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87357	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46846
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			957	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18781
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			958	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			958	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			958	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5666
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3566	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3566	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3566	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16375
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29069
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87357	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87357	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87357	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87357	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39361
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1006	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1006	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1006	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52936
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			882	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			882	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			882	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			882	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34869
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DS, class = IN
+
+;; ANSWERS:
+isc.org.		1011	IN	DS	12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759
+isc.org.		1011	IN	DS	12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5
+isc.org.		1011	IN	RRSIG	DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 283 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53707
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+isc.org.		7184	IN	DNSKEY	256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP
+isc.org.		7184	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
+isc.org.		7184	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10=
+isc.org.		7184	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 923 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithTooLongCnameIsInvalid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithTooLongCnameIsInvalid
new file mode 100644
index 000000000..efe469e21
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithTooLongCnameIsInvalid
@@ -0,0 +1,356 @@
+#Date: 2015-01-06T22:35:17+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59527
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.n3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+n3.ingotronic.ch.	300	IN	DNAME	nsec3.ingotronic.ch.
+n3.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Ww/ymB77saHhLbwoTg5cVq5O/hr0Iqbutn/L/JJUUNeeS1ZTTmTaL93mfVKllO2p23j0hWg7aVLvGnKIfk8+FYQH6YVFoqVActac0vuTwCuJSX5EdeV5OhevQXCIoGcI93lt3WN29C9FYI1/o5z8vk9iZtw1kJ+tOrUcSKlgfiU=
+www.n3.ingotronic.ch.	300	IN	CNAME	www.nsec3.ingotronic.ch.
+www.nsec3.ingotronic.ch.	300	IN	A	127.0.0.1
+www.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. jQhCY33aj9YTcCTHgl71PhM02o2LL6tdTy5M8TQw/Kt8D7wHxjVpu75eT9XEaM3abIqvygero5hCxyPW6IfF+FKmdx3MNigQiaB2sKu2XDNmFMbaucmVAWDRDMRY1BFavjz316JSb0rXX3XcS/ixbj9+jAm9lCXROcuzmOPB7vw=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 854 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35467
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87357	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87357	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87357	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87357	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47591
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			957	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49208
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			958	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			958	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			958	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58278
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3565	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3565	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3565	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13703
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35066
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87356	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87356	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87356	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87356	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18452
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			956	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38903
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			957	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			957	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3695
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3565	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3565	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3565	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60056
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6716
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4224
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7930
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87356	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87356	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87356	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87356	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16079
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			956	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33342
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			957	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			957	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60462
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3565	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3565	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3565	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41420
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.dnssec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.dnssec
new file mode 100644
index 000000000..0068a1319
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.dnssec
@@ -0,0 +1,173 @@
+#Date: 2013-08-21T00:06:14+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20364
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	bogussig.dnssec.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+bogussig.dnssec.tjeb.nl.	285	IN	A	178.18.82.80
+bogussig.dnssec.tjeb.nl.	285	IN	RRSIG	A 5 4 600 20200101000000 20120627091948 23637 bogussig.dnssec.tjeb.nl. C8Qxh6KKVmO0ZwHvdlQUnWXOJNTGZYgHsXyGwgdU+yjQJp0zdbQF8InG4fEw3yVRgtRVW2b3IFiFimAOj8797IT4+QiAEb+JWoC27QrX/+iE6IqWpogbhiKm223w0shjo349ELzdXjNIxTquNYCSM9zYGfmJlT1OmYvh1LLyj/g=
+
+;; AUTHORITY RECORDS:
+bogussig.dnssec.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+bogussig.dnssec.tjeb.nl.	285	IN	RRSIG	NS 5 4 600 20200101000000 20120627091948 23637 bogussig.dnssec.tjeb.nl. kDOnemdOfAsiN4wjgAQ2b/4v3jcFGgBQrRQNvkhL29OOekdiJYDf2XlvY6CVyrqKRx5oFSu29tbIj6UDAsU6ObQu13JfYZ0FZqQyVjMjCNFUlZnGui7VVyPgi2rb3gKjWlX+FQhFYz1t8jtsopksMUGUVAI+oG61u3vaY0OUh/c=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		555	IN	A	195.169.221.157
+ns2.tjeb.nl.		555	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		556	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		556	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 830 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36619
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138548	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138548	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138548	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7247
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83355	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83355	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38189
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4155	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4155	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4155	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29247
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4155	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4155	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64862
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		555	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		555	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		555	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		555	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14587
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		555	IN	DS	8340 5 1 5733A59841EA708AE9223822124B07B555E17332
+dnssec.tjeb.nl.		555	IN	RRSIG	DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52275
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		556	IN	DNSKEY	256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P
+dnssec.tjeb.nl.		556	IN	RRSIG	DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 365 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40156
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	bogussig.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+bogussig.dnssec.tjeb.nl.	285	IN	DS	23637 5 1 AC0EEB922A964D8C78B37851CC8AAE1692886BC6
+bogussig.dnssec.tjeb.nl.	285	IN	RRSIG	DS 5 4 600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. DIBZxWmoKj9j/GyxWzBLNejuSvhk0nrb5yfihYTu0ZgQJtDlhSfTE1j9RkAfwlq8+nPwBqjpEIbe931cqpEZDE28CyeiIV18A5Dqo0/gHBkZu9RBl0+JIYW0U1VJZBA00fB476rlnbYslaylXbykxG1KHTcuLWqvO99z7lsEfVM=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 262 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.nsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.nsec3
new file mode 100644
index 000000000..b992f6bbc
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.nsec3
@@ -0,0 +1,174 @@
+#Date: 2013-08-21T00:06:16+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7880
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	bogussig.nsec3.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+bogussig.nsec3.tjeb.nl.	285	IN	A	178.18.82.80
+bogussig.nsec3.tjeb.nl.	285	IN	RRSIG	A 7 4 600 20150101000000 20110520094958 32453 bogussig.nsec3.tjeb.nl. W8LMPVphiwjNEnlmk0zTZTNg6c4MhplKjtqhHnt1d2Td8KBpzBLEU+egiq4IDvOWK42Jko5TCCI50y5Un1eX0O7pa+v2m5anAOOY452gBH1H8rY2sVTxtWSCzcq5T2MmF7QChDt10PlbCC1liL4VBugOLJ1FDywuQLpnazvPOIo=
+
+;; AUTHORITY RECORDS:
+bogussig.nsec3.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+bogussig.nsec3.tjeb.nl.	285	IN	RRSIG	NS 7 4 600 20150101000000 20110520094958 32453 bogussig.nsec3.tjeb.nl. 3W61pFbwMuNT2GZHgIODVnE7GKKMgmiJzpAKpIfeFCE2rQxIYLGtPYcyB1PHEKiVn/+oXg3B0KfRYGCGfS0jWeT9wo4V/e53UdzOIlEAWLFLPPHqjOhTQ7htSNc18ZwD+tsYgoj6vdIfT49TLvLZQqe2jCKJ0rir9a/Kx7yHN0M=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		553	IN	A	195.169.221.157
+ns2.tjeb.nl.		553	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		554	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		554	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 827 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13757
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138546	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138546	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138546	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48548
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83353	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83353	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7166
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4153	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4153	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4153	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54240
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4153	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4153	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27859
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		553	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		553	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		553	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		553	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5375
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		554	IN	DS	33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E
+nsec3.tjeb.nl.		554	IN	DS	21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377
+nsec3.tjeb.nl.		554	IN	RRSIG	DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4198
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		554	IN	DNSKEY	256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh
+nsec3.tjeb.nl.		554	IN	RRSIG	DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 363 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58727
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	bogussig.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+bogussig.nsec3.tjeb.nl.	556	IN	DS	32453 7 1 9866886BAB4AC1F8701687E488220437741B870E
+bogussig.nsec3.tjeb.nl.	556	IN	RRSIG	DS 7 4 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. ZETBW1W1Gx3VPNcH18KWJhlZ8QGQec+JRB9u+WGdp/rIq+6780iPUdXeXakqKyJGXcZd8jFo1YZ5otGbyaPxyxOX5qQmjEo22TcUZgfsUYCm5/BfKaIVq5tyRsT3qBGP1K3MelDZ8ahATQPXFHUnqKJ4RV4AnLk6e9V5rj6z4sI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 260 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.dnssec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.dnssec
new file mode 100644
index 000000000..0d7d4b13d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.dnssec
@@ -0,0 +1,173 @@
+#Date: 2013-08-21T00:06:15+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63037
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	sigexpired.dnssec.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+sigexpired.dnssec.tjeb.nl.	285	IN	A	178.18.82.80
+sigexpired.dnssec.tjeb.nl.	285	IN	RRSIG	A 5 4 600 20110628091948 20100628091948 47010 sigexpired.dnssec.tjeb.nl. VHpZcN2Pu+/anXg/DSHObQ0Rb+Xg9mPjSUccXvZhQiQ7KpIRFsV+c28fQG/KRp7upnQlzF0x0OG9aVijIeiuxzyymh1rG+EkmUL9d1kYiWrlASBClAh7MNXoQAD+7hndHYDm/xT6WXtgFIbrfUx/OhF/MbTtGn1BLGc2912Qs/c=
+
+;; AUTHORITY RECORDS:
+sigexpired.dnssec.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+sigexpired.dnssec.tjeb.nl.	285	IN	RRSIG	NS 5 4 600 20110628091948 20100628091948 47010 sigexpired.dnssec.tjeb.nl. PhOlt2TSE6gJdgPgyDsrVGXDsEg/0oeCHnYj99Nkaz5KhTYRnrFJUjcKWh4uDGzwxINxdgiesmwgPMO/EKabIhZRv8K6O6kmRHrPdH4ZLNFKVT5Ly+zTGS5dFQSoVv3Flb016vIGSDZxdcFAhVdzqm0rZg1CNkJdvcVPACwASFg=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		554	IN	A	195.169.221.157
+ns2.tjeb.nl.		554	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		555	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		555	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 836 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22753
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138547	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138547	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138547	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59940
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83354	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83354	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29772
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4154	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4154	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4154	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5661
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4154	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4154	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32649
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		554	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		554	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5928
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		554	IN	DS	8340 5 1 5733A59841EA708AE9223822124B07B555E17332
+dnssec.tjeb.nl.		554	IN	RRSIG	DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33538
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		555	IN	DNSKEY	256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P
+dnssec.tjeb.nl.		555	IN	RRSIG	DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 365 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33840
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sigexpired.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+sigexpired.dnssec.tjeb.nl.	285	IN	DS	47010 5 1 674BE2F020B2D307E0505E844840DD63ACB17CB8
+sigexpired.dnssec.tjeb.nl.	285	IN	RRSIG	DS 5 4 600 20110727165632 20100727165632 8340 dnssec.tjeb.nl. UIFRltFjBk5gEHjQ4OM9Quv/cuPkVYkPc0wjbmb2LoDHBGZ0MDJb6Ch1he7RxeDOe6KQ/m1PM2IoG57n+5kl6UXj/J8rmJw45ODrSVMNdAZZHJ4UUqx4CNzv4BlGnQc1x6qHHn/mPHF96Ma+anGBzi4/fk99dbqh3WJJ1uUM8u0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 264 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.nsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.nsec3
new file mode 100644
index 000000000..146e4928b
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.nsec3
@@ -0,0 +1,174 @@
+#Date: 2013-08-21T00:06:16+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2078
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	sigexpired.nsec3.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+sigexpired.nsec3.tjeb.nl.	286	IN	A	178.18.82.80
+sigexpired.nsec3.tjeb.nl.	286	IN	RRSIG	A 7 4 600 20100520094957 20090520094957 22928 sigexpired.nsec3.tjeb.nl. DsCkOAQ7CZhHBao7r2AU9x705AqbCEJ5b0J+zEKzNEjC7pDvy7RrBcwgvKhiwhNblvBvPU6LXl11qKddb0mHSRrR5neJ3LXiAEeig4TAT+IsFk79XJl6TAcCTAXYPbpYf8cbtgYbyAOTS9JDmej4aKP4B8vpB0cXRlWmWKj/8NU=
+
+;; AUTHORITY RECORDS:
+sigexpired.nsec3.tjeb.nl.	286	IN	NS	ns2.tjeb.nl.
+sigexpired.nsec3.tjeb.nl.	286	IN	RRSIG	NS 7 4 600 20100520094957 20090520094957 22928 sigexpired.nsec3.tjeb.nl. HxSs03s9vuL+e5DYiRrFBGi7N6fOrzwZVPvJLFcjHEJ6P1u6vtspNFoOc2HOxAetdxHeUdrPCxvrvrbnQLW4u6oobu0N7zKtF+lytCbDVyl2gUYADayf3XnG4uxUolUkU8QZuOYiLPkTNzL3k+PjAzqsCmUeNwdUbeJLOKFcD8Q=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		554	IN	A	195.169.221.157
+ns2.tjeb.nl.		554	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		555	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		555	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 833 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54087
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138547	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138547	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138547	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11045
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83354	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83354	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13198
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4154	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4154	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4154	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38179
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4153	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4153	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5863
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		553	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		553	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		553	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		553	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25050
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		554	IN	DS	33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E
+nsec3.tjeb.nl.		554	IN	DS	21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377
+nsec3.tjeb.nl.		554	IN	RRSIG	DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5411
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		554	IN	DNSKEY	256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh
+nsec3.tjeb.nl.		554	IN	RRSIG	DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 363 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62061
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sigexpired.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+sigexpired.nsec3.tjeb.nl.	556	IN	DS	22928 7 1 E6E3CB649AB6A75A3CC63DA102F732209ACC3446
+sigexpired.nsec3.tjeb.nl.	556	IN	RRSIG	DS 7 4 3600 20110417140921 20100417140921 21665 nsec3.tjeb.nl. vYYJzFbjol1BQVj+ERludhem01UT1DTMGvcjicDluoMXivinuXFB9QX+Ke5AZscUiRFHpkwJHEC5t66Z+2GUHGxIA2/p8bym2pnrVFUq2e/rZS4wr3Ge2BKkerwLDpxmHd8VBnxodFlk6b4GqUJymAQf6PUfkAf6RBYdASEdBbY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 262 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.dnssec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.dnssec
new file mode 100644
index 000000000..37ab1cfed
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.dnssec
@@ -0,0 +1,173 @@
+#Date: 2013-08-21T00:06:15+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61852
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	unknownalgorithm.dnssec.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	A	178.18.82.80
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	RRSIG	A 200 4 600 20200101000000 20120627091948 53226 unknownalgorithm.dnssec.tjeb.nl. tQyez4lEr7JzTX72UeaYwUFE5oogVrrQm2VGn3D70LP8oiIuWs8DH4NPBg2dkMcamTiDSH+BoVrk+SWCfJ4xMoolWhrzqioLIHuypSEfM6OkjxH6/0XluyecbBbAPbSvm4K/uREHglmskcg5qDdfX5rc34lyhjwE7ymYRPnwAEo=
+
+;; AUTHORITY RECORDS:
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	RRSIG	NS 200 4 600 20200101000000 20120627091948 53226 unknownalgorithm.dnssec.tjeb.nl. NgvVRuG8jngOxSehdNhwpMRreJ2GhosG7Jq9hhwn6T2y3JtPGdPnZ2YLivP78cDuAVF6VV7WzbaHxWnuBegAfzKU2kSl1x885AboLQ3jniRchSUfgoWKSJWXhDtXcGL6fwWqXeA3Er4ww8E72FAVKczuexhIa1Sv2pr2AdLTROA=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		554	IN	A	195.169.221.157
+ns2.tjeb.nl.		554	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		555	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		555	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 854 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33817
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138547	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138547	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138547	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39454
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83354	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83354	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49985
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4154	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4154	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4154	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47474
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4154	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4154	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12203
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		554	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		554	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29046
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		554	IN	DS	8340 5 1 5733A59841EA708AE9223822124B07B555E17332
+dnssec.tjeb.nl.		554	IN	RRSIG	DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32116
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		555	IN	DNSKEY	256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P
+dnssec.tjeb.nl.		555	IN	RRSIG	DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 365 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50593
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	unknownalgorithm.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	DS	53226 5 1 C7D58D23493A940041658E85BDBC03E2ED9F2690
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	RRSIG	DS 200 4 600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. bew64pyLZ5sNhEybacmvNhcs7iU1HI42SXctSdv54jdrRacG5U9kXGLubDx23xKX4ffXAefTyDL+frfRBFp7LF1Jw3CesZvnrJA4iwNi4tA+CtqNEPegnWm2HHPbelcuwxkCx0VLBzdKsm96kqezM8awljFZEl/PUik3PUhk6CY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 270 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.nsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.nsec3
new file mode 100644
index 000000000..de639da12
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.nsec3
@@ -0,0 +1,174 @@
+#Date: 2013-08-21T00:06:16+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21525
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	unknownalgorithm.nsec3.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+unknownalgorithm.nsec3.tjeb.nl.	285	IN	A	178.18.82.80
+unknownalgorithm.nsec3.tjeb.nl.	285	IN	RRSIG	A 200 4 600 20150101000000 20110520094958 39629 unknownalgorithm.nsec3.tjeb.nl. xI243fqO7RkuWgmyiK9OSNUQ45hOGGZmm1N+J6xwi3V8QkQtmWHpOgmtbMS/A3OTOwFb6vd2VV+LrARLZYY/lRou+vkVrL0vLxcageOJmEkedI8S8HP/U/g4VSJj3uMlxqgLOxeCAGXmqFxljMH5tPuicjzUiVnc/c0SKj8O0vs=
+
+;; AUTHORITY RECORDS:
+unknownalgorithm.nsec3.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+unknownalgorithm.nsec3.tjeb.nl.	285	IN	RRSIG	NS 200 4 600 20150101000000 20110520094958 39629 unknownalgorithm.nsec3.tjeb.nl. pMcWMv8kW8AyLrvwGDVea3wpxee84EPZn4cmNJISZhWInbxZo8BtOtJHSpwWbY5Nh1Z0qd0tJrhBI7Ek3Lszda/2Tz/PEh9WUXEyPQ67CgZW7l/NH1xZPEfP4Q0883j+t25F7bhXgdW8qHpXPpkKy9TjxiR7alQ4l5WNIDtI2k8=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		554	IN	A	195.169.221.157
+ns2.tjeb.nl.		554	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		555	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		555	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 851 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29473
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138547	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138547	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138547	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36416
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83354	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83354	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4465
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4154	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4154	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4154	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37669
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4154	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4154	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31112
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		554	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		554	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62047
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		555	IN	DS	21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377
+nsec3.tjeb.nl.		555	IN	DS	33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E
+nsec3.tjeb.nl.		555	IN	RRSIG	DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9653
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		555	IN	DNSKEY	256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh
+nsec3.tjeb.nl.		555	IN	RRSIG	DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 363 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38423
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	unknownalgorithm.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+unknownalgorithm.nsec3.tjeb.nl.	557	IN	DS	39629 7 1 7C7A8C7309C1B974A6C00E8418BB3DE40F21CADB
+unknownalgorithm.nsec3.tjeb.nl.	557	IN	RRSIG	DS 200 4 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. MCAkQ9lrNsU9jIlMgTk4/qAQLMKKr/nvWm7zd2PIZVyLJGXEJjSydol6Tczvgdz3VyZy0+6UP9JyEGt1TVcLbQr36SpLdxbxlyKf4I4A1d3mpL2QwKKnojGWwbtx8R7i1Ktw8JAsHsGLfFUe+THUL87HBjk1Vuly9+FzKNP1qHI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 268 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testModifiedSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testModifiedSignature
new file mode 100644
index 000000000..b885bb06d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testModifiedSignature
@@ -0,0 +1,97 @@
+#Date: 2013-08-21T00:06:16+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39790
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138546	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138546	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138546	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39048
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			83338	IN	DS	22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94
+ch.			83338	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . AuYFxV0Za5X6pLHTPxpmX8PBV8yODP6t5xcqlXSm9WNXjdpHs927Aa8mTgTtNOrtXWgTBQNhBhjrg1KxmV9To7eolWAgnLa6ZYM6FjO4PWkJxWye0UzufBCpjU5hIZ8P2E7BUyD+pFfO07+dr+44dXfV0eYiGYlyWQiO7SalOiE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5703
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			83338	IN	DNSKEY	256 3 8 AwEAAbxjQGBSu3RdzMwH7MD1o5nuv3PZ+iGBPIX+sHKLTOVOzp0xGho//69OLYfJj8B5Fm5Id7IicmSb67qAkkOZHYqSVyjkbsF2FeNVj7lFhCGnQ4EcjFdU/vlbL49z34ILXVEQBHl3vMS40i9py9BoJ4XJIy0I+vKqO2DyvxGEx+j1
+ch.			83338	IN	DNSKEY	257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50=
+ch.			83338	IN	DNSKEY	256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN
+ch.			83338	IN	RRSIG	DNSKEY 8 1 86400 20131004100909 20130819090909 22072 ch. Nwqv4Ibx3E8+0xjeHocT6/hNGB99sxwpA3Nnan82YRcwpc73M0B8xlvUb+tzsIHvbQVCL83MWWtBfwRsbd9a32eqHvCdzk7wdmgnc4e+vO2QBDrpqy/AXN4+urBK7iuueNy0yUpqjRlIoBE4Ku1Qo1HYQpKu1vUa29w9qMrvTjDIRudy5yJ4YHFYjWF25d80W8coIh00KL2IjAbeZXRYFaaMP9Vw7NQN3qNM64/6FWvGEtD3QNt3Xf86C4m27Antn+na6K3iGT+doMME2kFYJaGwOrHBlE9F3MqWMtRI4McMTnkc052MaOVGKvvtDzmpQBcNQTrrMO4rSC6OofBPBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39975
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		539	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		539	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		539	IN	RRSIG	DS 8 2 3600 20130909002703 20130813122537 51783 ch. Ke4stscv7T3wI6xZa7YsiGpmKhs7b8yPTL/HnIuwVnkIdhQfBB7lbXxdxEyLTLq04dmfiC03EtXCAZSHYovU5sE7O3UA11g7bSljxBLSmuCS6h4es2DMIwNWBexGiIkHAtoCL6zedfjGkexz3IYhMA96OfH+ft2nt4ykuDsXXB8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44453
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20130908212226 20130809202226 6031 ingotronic.ch. w8yqzYuixi+QI+UMdX3dVJVYynpp+d1wL8PwlqNMjL2dTsHxD6xSFefo+Zxxl2cte2soXuzU1pL5HiM34RgQL577FyVOInxfTpUEztG+z+PNS1xXBmHfGek9T70doaUwtdcP++V93H2Z9vG1dmgk0NYTKrKEYV30m0F4LUtWOMvnnZ50bIFi/PZAPAn1UJXK6m/A/tLfsECM4/YcZCE/R+Ce2wTKK0cmzFq0qo+QjznktvQr7BolDTjXb3TSssMwsB97RRfaRo6zZ4AMOa4ipCnd3IJBrCADzXtaGjp2ErfhwVxJCp9p+UVDqlYyMwEZO3MqJqpybzbvuQzNEOLVtw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20130908212226 20130809202226 17430 ingotronic.ch. Zv2um4K6MF35IV252+eZDTSpN/BF0ElGZXfVhrORtxgHLBaFQUGIAOvi7b6PlQTlMVhkaEQxwgxZSS1b81KqXeuqFC+Z9QUaX5N+A9c2klwOBV+njdktH6zi75bWWCnSN33wZsw1uOKgNEVSpF509GQq+2yUoJU7PHycmG4z0Y8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnOriginalRcodeIfPrimaryQueryFails b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnOriginalRcodeIfPrimaryQueryFails
new file mode 100644
index 000000000..b061e00c8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnOriginalRcodeIfPrimaryQueryFails
@@ -0,0 +1 @@
+#Date: 2013-08-21T00:06:16+02:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnServfailIfIntermediateQueryFails b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnServfailIfIntermediateQueryFails
new file mode 100644
index 000000000..488c7db99
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnServfailIfIntermediateQueryFails
@@ -0,0 +1,42 @@
+#Date: 2013-08-21T00:06:15+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25326
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20130908204313 20130809202226 17430 ingotronic.ch. OMZ2Z5XSFruxd0jBCyT1wYKzlz6aw2Ui2XmbBxp3Bom26n7UiEdjeGlTkoLce5gxsKaAgPuBLGy6MauZz9wLomlsMphsRAP7Y/U1c5UuKKFjF49cRSu/DTS9OstJ3YNIeoABphfPCMn6dOqBIJyjVHJybiBx2ZBROHdaC4cB1KM=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20130908202801 20130809202226 17430 ingotronic.ch. nYQXAE0xrUBWGMWP1cq+xhTFdD91xm2yfuP8SyjL9fI/0ixcW/fJs0PPPdLkStz3ZTGk/rO6alU64HCecshJdLLdwmjNH6cEt9LkudHA4/8TT0fMR7E3elzbYZPIK7iYEsjcfRKey02Hmq+Y+k3W4+lc2uFOlbNr02HfOwH7SDc=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20130908205459 20130809202226 17430 ingotronic.ch. cQ+BxomTy6psnCbedHYgSECQGeRaKghNGOpsFX1ra+WC6MZKdQWAiG/fRn/yU6L4bE1pi1FfFIfAWu79KWfQIbVhOSFUjcpqw/D3lwXtGVk9fjiNCSZN9vsoe6iXLoJtvd1hN/PeHUZAWRdJSkGH9EHEzsWfoki6+kryBYDFDyM=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47195
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138548	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138548	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138548	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSigned
new file mode 100644
index 000000000..62a67bc00
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSigned
@@ -0,0 +1,247 @@
+#Date: 2013-08-21T00:06:14+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48748
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	ok.nods.ok.dnssec.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	A	178.18.82.80
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	RRSIG	A 5 6 600 20200101000000 20120627091943 54150 ok.nods.ok.dnssec.tjeb.nl. NF+Z/ab5m254P22XCo4QA0ErU5mo/ELn1g+hX5gmEzS0A/1tbWxJlgZ3vWrNyBghE8Q2nm6Lw2hRKIGzUB8S7i6B10HMZNDMcdXcOG0sUArHlhkfCSGS81y+8Ry/45lyn4QYPNDlziaUt/6IeBwXPvjmaEfd3c13d0AF5qTz7H0=
+
+;; AUTHORITY RECORDS:
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	RRSIG	NS 5 6 600 20200101000000 20120627091943 54150 ok.nods.ok.dnssec.tjeb.nl. ddy2V0LFPwH96h3Mfg1OsPkuTxlGiJXquPvBuJmpXnM50LPWsUnCn42idMZgVQTePqA+GSCO3P5ql5Flwc/hDCPCOMsOOudEBtMu1jDDoyjrZdpb3tp0x0elrG6Ux8WB5EUKRVeTMcpoGTt0uO0s4KOYUYKgSRv45mHkNffdUag=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		555	IN	A	195.169.221.157
+ns2.tjeb.nl.		555	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		556	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		556	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 836 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19875
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138548	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138548	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138548	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63605
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83355	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83355	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50819
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4155	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4155	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4155	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38082
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4155	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4155	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63327
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		555	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		555	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		555	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		555	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39828
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		555	IN	DS	8340 5 1 5733A59841EA708AE9223822124B07B555E17332
+dnssec.tjeb.nl.		555	IN	RRSIG	DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58984
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		556	IN	DNSKEY	256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P
+dnssec.tjeb.nl.		556	IN	RRSIG	DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 365 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41324
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ok.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+ok.dnssec.tjeb.nl.	285	IN	DS	59280 5 1 C13C96F9AF5D63E74B3E21A04C46EEC14640A84C
+ok.dnssec.tjeb.nl.	285	IN	RRSIG	DS 5 4 600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. DbBJPY8+fItE/VoXXLXyWjyD7VX7Vfv2FsI9BQMbFqrPAcugotIPASV1HDoiZNlXd8314McC7baonMe1gADqhPRC5HQxaji/1ED7gQzF/dSKQdpiippDyAkwcLEOIhKKqpHACSp+QEzx8hoXZeJgOPqZo2NTMDHOfMiVmP+NVo8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 256 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42335
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ok.dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ok.dnssec.tjeb.nl.	556	IN	DNSKEY	256 3 5 AwEAAbqTfqZ3Mpwo2fZXfYN9+oLix0Au2ZyRfGjHKPgMCVDb94X7q6FWkrg01uxbcvfin9jvAzU5dG9SWh/S01NuXrthRbirLGngd4j0woNdQgRQZu3O8LhmUxTRobCFu+nkEOAOB6osS+yON0+3rATgAQxDsFJq+osg29CrzcrYhBBp
+ok.dnssec.tjeb.nl.	556	IN	RRSIG	DNSKEY 5 4 3600 20200101000000 20120627091948 59280 ok.dnssec.tjeb.nl. f8cF15NA+XEHUu8m5UzGLt5hhId4Bl2JKakjORGW3ayRdBUCvyMSk7FcJly6KUMpypxVmO/IpzIdiR8DGjFSlRsPF8gL/N9P9JfWAlmaYCDeSEdcaR57sL4KpDned9KgmVa7YKclj/wk/j9KK4ecDmsiPj9x6GH7a9WFI1oskRs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 371 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26534
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nods.ok.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nods.ok.dnssec.tjeb.nl.	285	IN	DS	18237 5 1 ED4130C00847B64B527F416D56308C0EFD0C09A1
+nods.ok.dnssec.tjeb.nl.	285	IN	RRSIG	DS 5 5 600 20200101000000 20120627091948 59280 ok.dnssec.tjeb.nl. AsDYw6FRuvPc/OUSf8yE0ZJuE2eoEa9N97qj4vMDNEJ6cRIhf6wl57V0ssndUnjXQ7ShiLDXXIiOnqkj+sHrCRms6btKR5aZyiFUF/D2nVG51E7kz/Z3FhsgTZpwFGDQkNX/uY376Em1u0Vl6oAhRsSs8dxw5cM1OcKQW529fYo=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 264 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28097
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nods.ok.dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nods.ok.dnssec.tjeb.nl.	556	IN	DNSKEY	256 3 5 AwEAAdmebhaUlvVyYVAyXq692krRBhj3DXq1EkLXujtwEKw+4dGgL2UZJSyeziBhiaunAq0PVE2hQwABuiw+d7NGNuRsIL4tUanzxN3AKWhOnFAKCqvpd+5b+USbVPbcmkbZsNNMAal9+W9yaPp+MqZXPZX+hW6YCJhLBzybxI4f5KN9
+nods.ok.dnssec.tjeb.nl.	556	IN	RRSIG	DNSKEY 5 5 3600 20200101000000 20120627091947 18237 nods.ok.dnssec.tjeb.nl. 0oNDvs/odYESMMuURD7XVXH5ryciZzjhDBT0FUL4tJYBHR9RbfDib3ehBKL+ZkLsCE4k/UbbkIfrs3XyZt7+Z1ZUqururAFY36jXLWnd5INHO9PPXDvQkUYGuFLj0+OQRT+TJYMqTRJZ1vNUqlQHje8J8MMgiKQFu6VTF9xLaKU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 381 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33309
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	ok.nods.ok.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	RRSIG	NSEC 5 6 18000 20200101000000 20120627091947 18237 nods.ok.dnssec.tjeb.nl. avkoLWRhNaE1eIS7kOqAzCtgAQk9HjAL0HEUl2idwJ/nmw1Mh4cal/34iEeTTJQ1LeclkAdiuv3doyl2vahhaovge+R0cY+Yw5N6qf86fyRIq7B0BK6iFXAQ4UZLDWf2dXv70Bwp/RywN2EMTnGJ7XOTP5kQqpV8pYAtauA2RpA=
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	NSEC	sigexpired.nods.ok.dnssec.tjeb.nl. NS RRSIG NSEC
+nods.ok.dnssec.tjeb.nl.	285	IN	SOA	ns2.tjeb.nl. tjeb.tjeb.nl. 2005080901 28800 7200 604800 18000
+nods.ok.dnssec.tjeb.nl.	285	IN	RRSIG	SOA 5 5 600 20200101000000 20120627091947 18237 nods.ok.dnssec.tjeb.nl. vEkdhN9MjgTnql2TOq8/g7lrTHTGSGTdsc2/zu2wzzizyajH8Nn1k6i7TjTiefxUZ8u7T/uSopVmavBwR/C/cG8YPJ2QEcTSmEh0gVin4rkzLAwkAABV0mCVPd5MAg5lJSim8Q3U37p/WKlB4U/s3yE3VJjOM170SXJFuY9XZCQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 518 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSignedNsec3
new file mode 100644
index 000000000..aba1833db
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSignedNsec3
@@ -0,0 +1,248 @@
+#Date: 2013-08-21T00:06:15+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40631
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	ok.nods.ok.Nsec3.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+ok.nods.ok.Nsec3.tjeb.nl.	285	IN	A	178.18.82.80
+ok.nods.ok.Nsec3.tjeb.nl.	285	IN	RRSIG	A 7 6 600 20150101000000 20110520094930 51119 ok.nods.ok.nsec3.tjeb.nl. ANNO/Gps0zLNrGo3D/SU1x5S2q2tuuIjd3fqqjj3JUDXNVzu9V2cC2Bt/BnpnF5QXfPO+qmnfk6Y63zpV4I3NN4/R3PaY3WXkyS+UsUDPtrt0mnsyNLnVJbp0cUbCHi2CuwIVaWFVtnfHIKk/DyDajfOtc5q77b+jKqAwrlN+I0=
+
+;; AUTHORITY RECORDS:
+ok.nods.ok.nsec3.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+ok.nods.ok.nsec3.tjeb.nl.	285	IN	RRSIG	NS 7 6 600 20150101000000 20110520094930 51119 ok.nods.ok.nsec3.tjeb.nl. Ihi9NiaUENtDnd7QRfk+rVpu+u28TYt/ABUJcDOwhBMGunMryv6xa0+QgTL5MTP2qA2Tx7E3EBK/aJq+Ll9oOX6ZnDJ4McAA9HMk4AK2mNy43uU77WIkW17pwyTxh5sCJTx5AJ3V2TB9dWBtjuCWbFfBYCUXMQgenftrKinNUTM=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		554	IN	A	195.169.221.157
+ns2.tjeb.nl.		554	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		555	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		555	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 833 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63252
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138547	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138547	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138547	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6681
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83354	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83354	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8159
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4154	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4154	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4154	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11951
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4154	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4154	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14217
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		554	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		554	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36588
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		555	IN	DS	21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377
+nsec3.tjeb.nl.		555	IN	DS	33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E
+nsec3.tjeb.nl.		555	IN	RRSIG	DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19122
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		555	IN	DNSKEY	256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh
+nsec3.tjeb.nl.		555	IN	RRSIG	DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 363 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28799
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ok.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+ok.nsec3.tjeb.nl.	556	IN	DS	29015 7 1 CC9E46C7B681556F305BFA23D28B76B2FD4645C9
+ok.nsec3.tjeb.nl.	556	IN	RRSIG	DS 7 4 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. a8SDAhKngJlF4ev6aNMn/N7shOW2NRBTHw89Gwh2uVImoac3BHj1jVoHBj0DLB/5wRdJOoRCXnHf0mjs00fvmnc4iKmth32/rptNr4edHDvlXnHtVyOXM0fb2fbFzoTy4bZhwWZL/diw7wPZ8DMPSElp90FaC1lziTzUqZzDGwE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 254 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6209
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ok.nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ok.nsec3.tjeb.nl.	556	IN	DNSKEY	256 3 7 AwEAAceWOJhsrAn2TBLPwK/Bi+PK0QG2yxRsuhaq/wRTr33WEjJ9b3xc0CDfiqqyGxUZ/TUpj6nSYWGYiijQdTQpE7SPDWfJdqKF49OHbfYu9pcOztuLhhXME7iqWB0E0L8aaIe+iT8sVWh0DMBMQxnn16YT6p2lpOhoLmXvX9BEtY8B
+ok.nsec3.tjeb.nl.	556	IN	RRSIG	DNSKEY 7 4 3600 20150101000000 20110520094959 29015 ok.nsec3.tjeb.nl. N7cMAbsKLWn2vIHcCrwSHYpQwIcwPvTTrUE0G6FmTHZZtaCvn4aJI48G0IkSxwdXqRkdo2QnFOwYb+909yR4bFVbkW18s1sjLrkoCX//+qC3HJUhqPg0NE930JlaMgB05gsdUKvsgnix4QbJeV+wDmX5A6fDqsMYzzTM9nJDC14=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 369 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21311
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nods.ok.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nods.ok.nsec3.tjeb.nl.	556	IN	DS	55175 7 1 A568CC122F255DB28A2D3722F73A3B0806F518F6
+nods.ok.nsec3.tjeb.nl.	556	IN	RRSIG	DS 7 5 3600 20150101000000 20110520094959 29015 ok.nsec3.tjeb.nl. By8MnTo378q+EuGJn0nHqXvUCKFlTuGZ0A7e2Cj8Obn4uXlYHH3jthhqHTkdnHaKEUleUQPahceiw/LOtDl/6NIawJhU/XsHeAISQSwtIFEDh+Et2PbiUm7ctJzc8/RI5JZUOdmigDp16MosJgaZtqQ/jrrXgmVuNUoyKjMSDh4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 262 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51720
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nods.ok.nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nods.ok.nsec3.tjeb.nl.	556	IN	DNSKEY	256 3 7 AwEAAcdRLBNRBImIcppogur+tBYqebD1/4o1NUlZUzCrd3l/zK6QNpCz0l0xFzIaHmUanzvRqvU3EBWv38V2Y4/o5JBmNQFsAdvGCa9PrA7qUcSLUhf8sQyZZ+H1C5lbsLkQeIHpt4v+lUSrCyqR0YxIpuOTmy5ndlkft8ZVnhpB6sRp
+nods.ok.nsec3.tjeb.nl.	556	IN	RRSIG	DNSKEY 7 5 3600 20150101000000 20110520094954 55175 nods.ok.nsec3.tjeb.nl. RDrU5bY24bqgA2yYFSe9RNNvOOy7KTb0GczvmG04hOgh3HprehZUqe57stXjNRvFCPNadAYvyXWXzr6Jwwardsq/yHx4Wc+Eg7FI3SKi9s4xfqQMznmhNReTbaOM9axhvh+Kjhhr0wd4ahTxUeR4RI7Ptt08S4YZR6xETg25Fes=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 379 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60428
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	ok.nods.ok.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nods.ok.nsec3.tjeb.nl.	285	IN	SOA	ns2.tjeb.nl. tjeb.tjeb.nl. 2005080901 28800 7200 604800 18000
+nods.ok.nsec3.tjeb.nl.	285	IN	RRSIG	SOA 7 5 600 20150101000000 20110520094954 55175 nods.ok.nsec3.tjeb.nl. gvLwLEFhql1MoJQ5H3jEJbW55lvuzEhOfr6lbps+lCXu3LDLDf65DqFp059Irel6Yhm8aG18wy0bEed4FR9bFf/QrIgwVHPurGwdt9jEgKX32ymzLraCrtjuHVs3lQ5n4TDtNg8j4anoE5rPhzdhfxXto6kCrFUmp8prrdNrC44=
+0QUE97DEAJOCAN6U144OOGAVCOPGSPJ3.nods.ok.nsec3.tjeb.nl.	285	IN	RRSIG	NSEC3 7 6 18000 20150101000000 20110520094954 55175 nods.ok.nsec3.tjeb.nl. gR78M3VVulOpbrZ7htYu0cteB0o09MkaenWab8DWL1Jkzyp+oVPmvPcDZ6PpTW4JPtBG95BXCk9as0ULf/bQg0YNFk2Dos05nNQNIS/S51lRRjj2BSINUVvV+9xmnMqPt6RixC+4jPIGJgh3cpVxOW9wOj/oOc2i+PevNPLmjDM=
+0QUE97DEAJOCAN6U144OOGAVCOPGSPJ3.nods.ok.nsec3.tjeb.nl.	285	IN	NSEC3	1 0 5 BEEF 6K87EVMP3OJ1N6STBBL5QGG00SSCMK23 NS
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 536 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testUnsignedThatMustBeSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testUnsignedThatMustBeSigned
new file mode 100644
index 000000000..8a6e594b6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testUnsignedThatMustBeSigned
@@ -0,0 +1,117 @@
+#Date: 2013-08-21T00:06:15+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56424
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138548	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138548	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138548	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60938
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			83340	IN	DS	22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94
+ch.			83340	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . AuYFxV0Za5X6pLHTPxpmX8PBV8yODP6t5xcqlXSm9WNXjdpHs927Aa8mTgTtNOrtXWgTBQNhBhjrg1KxmV9To7eolWAgnLa6ZYM6FjO4PWkJxWye0UzufBCpjU5hIZ8P2E7BUyD+pFfO07+dr+44dXfV0eYiGYlyWQiO7SalOiE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47777
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			83340	IN	DNSKEY	257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50=
+ch.			83340	IN	DNSKEY	256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN
+ch.			83340	IN	DNSKEY	256 3 8 AwEAAbxjQGBSu3RdzMwH7MD1o5nuv3PZ+iGBPIX+sHKLTOVOzp0xGho//69OLYfJj8B5Fm5Id7IicmSb67qAkkOZHYqSVyjkbsF2FeNVj7lFhCGnQ4EcjFdU/vlbL49z34ILXVEQBHl3vMS40i9py9BoJ4XJIy0I+vKqO2DyvxGEx+j1
+ch.			83340	IN	RRSIG	DNSKEY 8 1 86400 20131004100909 20130819090909 22072 ch. Nwqv4Ibx3E8+0xjeHocT6/hNGB99sxwpA3Nnan82YRcwpc73M0B8xlvUb+tzsIHvbQVCL83MWWtBfwRsbd9a32eqHvCdzk7wdmgnc4e+vO2QBDrpqy/AXN4+urBK7iuueNy0yUpqjRlIoBE4Ku1Qo1HYQpKu1vUa29w9qMrvTjDIRudy5yJ4YHFYjWF25d80W8coIh00KL2IjAbeZXRYFaaMP9Vw7NQN3qNM64/6FWvGEtD3QNt3Xf86C4m27Antn+na6K3iGT+doMME2kFYJaGwOrHBlE9F3MqWMtRI4McMTnkc052MaOVGKvvtDzmpQBcNQTrrMO4rSC6OofBPBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50312
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		541	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		541	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		541	IN	RRSIG	DS 8 2 3600 20130909002703 20130813122537 51783 ch. Ke4stscv7T3wI6xZa7YsiGpmKhs7b8yPTL/HnIuwVnkIdhQfBB7lbXxdxEyLTLq04dmfiC03EtXCAZSHYovU5sE7O3UA11g7bSljxBLSmuCS6h4es2DMIwNWBexGiIkHAtoCL6zedfjGkexz3IYhMA96OfH+ft2nt4ykuDsXXB8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22330
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20130908212226 20130809202226 6031 ingotronic.ch. w8yqzYuixi+QI+UMdX3dVJVYynpp+d1wL8PwlqNMjL2dTsHxD6xSFefo+Zxxl2cte2soXuzU1pL5HiM34RgQL577FyVOInxfTpUEztG+z+PNS1xXBmHfGek9T70doaUwtdcP++V93H2Z9vG1dmgk0NYTKrKEYV30m0F4LUtWOMvnnZ50bIFi/PZAPAn1UJXK6m/A/tLfsECM4/YcZCE/R+Ce2wTKK0cmzFq0qo+QjznktvQr7BolDTjXb3TSssMwsB97RRfaRo6zZ4AMOa4ipCnd3IJBrCADzXtaGjp2ErfhwVxJCp9p+UVDqlYyMwEZO3MqJqpybzbvuQzNEOLVtw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20130908212226 20130809202226 17430 ingotronic.ch. Zv2um4K6MF35IV252+eZDTSpN/BF0ElGZXfVhrORtxgHLBaFQUGIAOvi7b6PlQTlMVhkaEQxwgxZSS1b81KqXeuqFC+Z9QUaX5N+A9c2klwOBV+njdktH6zi75bWWCnSN33wZsw1uOKgNEVSpF509GQq+2yUoJU7PHycmG4z0Y8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27567
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032613 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20130908212440 20130809202440 17430 ingotronic.ch. Bv0THQWBGQh8Ymi6eLS7EIv8qA70/FmPrECD8ewe3nySf1N54/UqC++kOoIuG9sHoKNmSKl8SjoaYTulbVt0pUQROPKJh76eCAbfuusbY10dHWB4cZWYSY4NBW1z9twi9UfHHWhzeZloL/ILQG/eqVJAeKhlqwvhIzWzy2c1mWE=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20130908204313 20130809202226 17430 ingotronic.ch. D355Ot7NsJvQ0ED1dl4jSvr9Mxe2XnXwoXoF3d+dX5fikfJ5dnAH4txuGyAbVYchwmTmNpwdP2sPwPI/SBR9Ta7XuunxSfEUwibllU4GkktHNIBOzvH9fKZqqkpMfzIyxgthtEFr5WsKZACqKm02nykyoWIvbe2Ck3HVcscXVbY=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 475 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestKeyCacheUsage/testUnsigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestKeyCacheUsage/testUnsigned
new file mode 100644
index 000000000..e6e34bef8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestKeyCacheUsage/testUnsigned
@@ -0,0 +1,158 @@
+#Date: 2015-01-06T22:35:11+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1856
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	www.unsigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.unsigned.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+unsigned.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 278 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38534
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87363	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87363	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87363	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87363	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61854
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			963	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48752
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			964	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23116
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3572	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3572	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3572	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39476
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45944
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	unsigned.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+unsigned.ingotronic.ch.	300	IN	NSEC	v.ingotronic.ch. NS RRSIG NSEC
+unsigned.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 480 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51417
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	www.unsigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.unsigned.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+unsigned.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 278 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNoDSProofCanExistForRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNoDSProofCanExistForRoot
new file mode 100644
index 000000000..1e7a7b7a6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNoDSProofCanExistForRoot
@@ -0,0 +1,38 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  ., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+;hash(.) -> hash(a.)
+;key is the same as for nsec3.ingotronic.ch.
+79anvqbpbhcdqbbli9adpmg4p0sof39o. 300 IN NSEC3 1 0 10 1234 9umm3m67j29mljvnfbcqa4prsu1gir2r NS SOA RRSIG
+79anvqbpbhcdqbbli9adpmg4p0sof39o.   300 IN  RRSIG   NSEC3 7 1 300 20140215011722 20140116005424 16758 . BbqCmb/7I8FMxVbQuOTQ7+Yfpw/1NTNlL29y3AWu4GRh+v3Mrh13PqsS+pwEgBtHTQ2uUCMil+1kiUs2qNCnbz7N5gV3RNtiNZOW9dltU3B2gSwFuX4UKPdCuIrHTBeIVZo7IsSYZSL2/GZ3ECdwbL28KRtvvp1l7uOeHuDdmeIJm47XyowM9v+x1/iCch6GoDzw5XcuXFoEfT+4sXQdhxGneab64alYo49kSf1+lt0pwNTJOtNcyAHvrnsLO/g3Kk5cfR2MNw7ubVyJRicCYO82252LoXITZ/q2Y6k+OCquo5kmc0OLeijZySYF54xFyg2zlcv54j70c/wI9xle7g==
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.    300 IN  DNSKEY  257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+.           300 IN  RRSIG   DNSKEY 7 0 300 20140215011722 20140116005424 16758 . dFPeCHbVNX/k3Hx9XKC6T0WaboXStOxprTqqc8DQSvTTaUrazAwc41/ty1LMdgrcU1JpvZmB3UzLoQcFoYaMQKOcQyPm4GCABMzl0xNTWAOjYURIZggEIEuu61p4j0y4nc52CnRbLxgjUsQOAvPzgDyJHnQ7eSOnz9tZSrpyTmtzU/szKm623cH+7DkguG1QpbWCNl4cTjyqDPwefsdE82u/8PAQ0ANR/hy5sZ4IOwdOas/H1oYCMIc0y9IEtlYO0LPiOv9rx/UmgH64tuuLmmgiIGZXqExsh1XEsQqakCQ33Ux4+p1MCQl3uM/6WvGdJkKNR7/n4kktQy2BxF3ONA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3ProofInsecureDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3ProofInsecureDelegation
new file mode 100644
index 000000000..56d439691
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3ProofInsecureDelegation
@@ -0,0 +1,158 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  sub.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.    300 IN  SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300
+nsec3.ingotronic.ch.    300 IN  RRSIG   SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM=
+
+;hash(sub.nsec3.ingotronic.ch.), taken from parent zone and removed the DS
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS RRSIG
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. fjiw9C0JFM8mA45Wzu+0H4SMe7CIce05bKuTvXUMI6RY164xMRgU0a9mQpk++Upksk/eAnexzA/TlqYQISGg+/JWV/js5xUNc6jYVWUmy84wGPq2vSrC3uoLwBZgvmNjAJlEHMFFx3XX9ihS4+KhgFM66s5pqLiIAshPwe6wsqU=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			61065	IN	DNSKEY	256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED
+.			61065	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			61065	IN	RRSIG	DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DS	24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0
+ch.			824	IN	RRSIG	DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DNSKEY	257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk=
+ch.			824	IN	DNSKEY	256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ
+ch.			824	IN	DNSKEY	256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH
+ch.			824	IN	RRSIG	DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		2355	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		2355	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		2355	IN	RRSIG	DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3WithSOAValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3WithSOAValid
new file mode 100644
index 000000000..b8b733c32
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3WithSOAValid
@@ -0,0 +1,158 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  sub.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.    300 IN  SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300
+nsec3.ingotronic.ch.    300 IN  RRSIG   SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM=
+
+;hash(sub.nsec3.ingotronic.ch.), taken from parent zone and added a SOA, which makes this repsonse actually valid again
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS DS SOA RRSIG
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. hDh7ATOdwszkVQCMmbGXPdQu5j24W1SLVRU5ZcwsqPPkRYmgUUsCqchpaHNV216S1Q0PYkdDWiuoCv26fkNVIRIydNlGC+kw567qlq520En2dFdVlTf4FFjADglWbCDjHBYagSx6e/y1ekDsvtPLDxi80M9wFruAhNLXlFd1KsE=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			61065	IN	DNSKEY	256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED
+.			61065	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			61065	IN	RRSIG	DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DS	24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0
+ch.			824	IN	RRSIG	DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DNSKEY	257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk=
+ch.			824	IN	DNSKEY	256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ
+ch.			824	IN	DNSKEY	256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH
+ch.			824	IN	RRSIG	DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		2355	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		2355	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		2355	IN	RRSIG	DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3ForDSMustNotHaveSOA b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3ForDSMustNotHaveSOA
new file mode 100644
index 000000000..2df05dceb
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3ForDSMustNotHaveSOA
@@ -0,0 +1,38 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  bogus., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+;hash(bogus.) -> hash(cogus.)
+;key is the same as for nsec3.ingotronic.ch.
+uroghcuh4jsasbi1f0ompeqpo1fgssvn.bogus. 300 IN NSEC3 1 0 10 1234 k0uipho2c78uta6m47n625jfjbl776m3 NS RRSIG
+uroghcuh4jsasbi1f0ompeqpo1fgssvn.bogus. 300 IN  RRSIG   NSEC3 7 2 300 20140215011722 20140116005424 16758 bogus. D0q5h55pyybGzHMyxnHeFnchmmrEi1mZMuirbvZ/FgSZXN8zp0H5KW4FmOXMNMQwXLwXyYceymusBcGymM1DT3WeJWhds5LG1rqxvjk24Vbvaf/te+Q7aGxIXiEn3l5t3uHEM8m1Z0bc0wURzRLRLjhvaMXFUA06HaORYnEXlRmr3sl5d3BeQIoKtIgOWsdPB6Dk66saDFBAGc/EcWwmwHB6d+SKt1dUcYXYRPbIFL5Xx8EM4PKBE2dhiKi/2SYqQSx8pa8jtxBbBdpx6c/PchRA1zZ1w9V6TtIANSq2Hxrcj8Ey5nmeoR6M1p6r0Wtg46e0EJg0EGYB/rcrGlKilw==
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  bogus., type = DNSKEY, class = IN
+
+;; ANSWERS:
+bogus.    300 IN  DNSKEY  257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+bogus.          300 IN  RRSIG   DNSKEY 7 1 300 20140215011722 20140116005424 16758 bogus. cN174LuYu9b/3QYN/5gA1ByWEjXPRFjIUVdGG1hidB4rPuqzWsvI0tOZ7vcQTC9Lagm9IpEYdczyAZWOJZyb727xYqqAQKsLKy/rzdqsD/ICzX0bs6GDA356dYECzW9eR4SqpX3xtMmttYC4lZ140IcZ6hacUqsjMqsxAfHlBbbyaJIf7QUyagwzG87GRgI42/bv0dL69t+CwfoQu2hR1GUcpUOxqEVUz2oPXy+/Cii3fiL8uJ/e65x/QDlMqTpHQ8f/IqLcYPxs364fitgnvwo7j8nDDORgvNuyGYf6lkuMnlRO70IhFBdjG4wmd8lU3fERLhHPFlLOy9g/lbnivw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_1
new file mode 100644
index 000000000..1b67cdf1e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_1
@@ -0,0 +1,158 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38248
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM=
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 810L2KR9HCVTELBLO8GQM0EMIM8KD01E CNAME RRSIG
+;                                                                                                                    ^^^^^
+;                                                                                                                    Replaced from "A AAAA" and manually resigned
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20140215011722 20140116005424 62417 nsec3.ingotronic.ch. fjkZKkZ/QS3fr27G/YL502r/m5yvAj1H5DozJMFJ1uFbyUO/gTP6L1GF3pijt4BjcqbMz7h3uMUikcDEW+ieAy7G4k0y5uU0quHPJvP7pbslCvEs516UIiAvzKsbK7LTn1Dv4Wau0UkImiWXZwx666M6SNh/etebNngPr0ZwGe4=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 537 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			61065	IN	DNSKEY	256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED
+.			61065	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			61065	IN	RRSIG	DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DS	24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0
+ch.			824	IN	RRSIG	DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DNSKEY	257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk=
+ch.			824	IN	DNSKEY	256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ
+ch.			824	IN	DNSKEY	256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH
+ch.			824	IN	RRSIG	DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		2355	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		2355	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		2355	IN	RRSIG	DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_2
new file mode 100644
index 000000000..23f0d0bbc
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_2
@@ -0,0 +1,158 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  sub.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.    300 IN  SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300
+nsec3.ingotronic.ch.    300 IN  RRSIG   SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM=
+
+;hash(sub.nsec3.ingotronic.ch.), taken from parent zone
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS DS RRSIG
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20140215011722 20140116005424 62417 nsec3.ingotronic.ch. uen8Xh6XJzE+0Xw3vTOCt9w8B5TQ4w7VyLZtUIZaXkq2kS4xpwIiEw5YgrvR0YdlffhZi2IncBm9mxK7utPfz4GDyHurOZWQXzZS1umh8C0YiLwMjP7RybYakurL6BAJHh685XBTyVkUmbxcZ0udVvIwhvzqTamMj+0m04S20+4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			61065	IN	DNSKEY	256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED
+.			61065	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			61065	IN	RRSIG	DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DS	24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0
+ch.			824	IN	RRSIG	DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DNSKEY	257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk=
+ch.			824	IN	DNSKEY	256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ
+ch.			824	IN	DNSKEY	256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH
+ch.			824	IN	RRSIG	DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		2355	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		2355	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		2355	IN	RRSIG	DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_3
new file mode 100644
index 000000000..604bc5a04
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_3
@@ -0,0 +1,158 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  sub.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.    300 IN  SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300
+nsec3.ingotronic.ch.    300 IN  RRSIG   SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM=
+
+;hash(sub.nsec3.ingotronic.ch.), taken from parent zone
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS SOA RRSIG
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20140215011722 20140116005424 62417 nsec3.ingotronic.ch. FdU0H+o81azPLo4Enzj5BZHEeU/kKDIQiPQ/UIWB0NO5VDDNqn4eH+3klmMtElS0nhi/0PDN14SrPVPUaRYO9E9kw4/9XEaHmO5nn0uqYF5tERlgx3uJmJ/89Pg8Ai1bQkLi+FpeOS/Vvnj73GYy+eOItcRfatv67wY57eRQA6w=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			61065	IN	DNSKEY	256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED
+.			61065	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			61065	IN	RRSIG	DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DS	24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0
+ch.			824	IN	RRSIG	DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DNSKEY	257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk=
+ch.			824	IN	DNSKEY	256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ
+ch.			824	IN	DNSKEY	256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH
+ch.			824	IN	RRSIG	DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		2355	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		2355	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		2355	IN	RRSIG	DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_4 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_4
new file mode 100644
index 000000000..db7fcabd7
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_4
@@ -0,0 +1,197 @@
+#Date: 2013-08-04T20:43:22+02:00
+
+# This is data for a constructed test: when a zone switches from signed to
+# unsigned AND a resolver incorrectly returns data from the delegation point
+# (instead of from the delegated child), the zone must be treated as insecure
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52489
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.           162318  IN  DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.           162318  IN  DNSKEY  256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.           162318  IN  RRSIG   DNSKEY 8 0 172800 20130814235959 20130731000000 19036 . UUzEZTh+YdFwAThMqKdbiTJYoOYY2FoAwFanVv47w2lc9NTTz7Fb6wtnj/rb47ZtAdIGcBAlh5AWz1UisSIxW1f3bLXdHyaS6YlAZ8shdw5VMktJXrFlnnu8ibOdA8yADMuLvUARHknh9Ri78Po4CwvEdMA+FYha1YyHgm7j0DeqI2ZuRNhXqjF6p+u4Z9zqXjIDq29pog2eZI0NDUQ0EMpLpDuo0PdbbGh7QRiRjeSJ/Oqfb6FrWCn4J14NS6CctKRaumyHiN+SsGx/W+fCsODLkRb0WAVaAIytzNYT8R666eui0c7hnI4imUDUOC0unyj/396zZ1YWHCUgAyJIGg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63054
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.         75918   IN  DS  22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94
+ch.         75918   IN  RRSIG   DS 8 1 86400 20130811000000 20130803230000 49656 . oyIAnRmpT1taLwIrZg0/WV3iqMBiWSNjIAXWZkoO9wp+cr0kMeVcrhrXYHAOTqGsL301YtMAT43BAPq9Cq0CZ4sD5K6OFOzo284SigLicuuWo0eEakJFdeYObB/+9wOERyN4iMVryjIl7GMz3D+UgLWrYMWWDDyVbmAm7ZY/3zs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1681
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.         75919   IN  DNSKEY  257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50=
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAdmE6uljIBh3EdgS3jWT87HtnwhYwP/9/ciJH87VtWMSR8jtMqbr2CFWRFdO9sTIuQ27sOwYe24TXbHt2TBUR4EBiDuzVD+Oj7ikYK1hM0LslL0fYfCJZKVM2SCHnsdh2ExZda/o0v+HtVtRdL7MbTADGue+xGQg6MzvavRd8D2p
+ch.         75919   IN  RRSIG   DNSKEY 8 1 86400 20130904100909 20130720090909 22072 ch. 1DIfkQfa6JMWoGs+y6vAwZ4F9Vf698b3hOpSgw3/Y3cdF/GqINRDQqiMi8OzGX5wV38QrBIG4wTCqHLB51VlHh2MHhU6F45eR/oA62LP6mmdIEuuG6hv2RuUj9S09r3eedr34ETjv8mRkydqekOFDqJaDG8t+B5EVku/94FU81x0pma05wEOvl5+IWQ62YqVuuzqd+Zz8+bObx5X74VAATC053XSftqbih0NJ65dWptOyyqs7MCvTXVpyWf5ipkfULexCWi9pjY7EuviTcJjdhwndiURl+uwMyzfMmf5XBREvJE03t/Cd1Xp9Ee3Iot2rXOpbQ83tUw3xqsgtGkfMg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34393
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      3583    IN  DS  6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.      3583    IN  DS  6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.      3583    IN  RRSIG   DS 8 2 3600 20130831110238 20130801120230 27249 ch. rhEK+na/h6EbbDBbOCBb2igPPPnkwKqKsJ1tAn11PLrrOoXkJs3Ke9LM/y6vxebH03H4gCJtS8VAavyzKWM7tzeraZP1oWlK6g855PeAwGyGYxtT6JVvwlwaFXQqLVoLNJy60eTobRQyKy0OqdDRHm0W/frnPPkM/zXLTr5g9pY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40418
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      300 IN  DNSKEY  256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.      300 IN  DNSKEY  257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 6031 ingotronic.ch. XYDiDlvzokZfrlCk+ZfvBof8cbStGsDqd8YCOtBf/rvnAOWTdV1LGQ1LxE64udTObpKM/+oRgCWFcULnajdwljH2vRw6ZnY/VQAE3QmyNNQHTCQYfOkoYGzUrOQZ9QwTFQaP7FXc/kx0pJwvswhg/cC1WFy/PEM3ydfzYBTSthFxs2G5ZbONUR30jVRq1fjBkjh/+ev6HQZAy8MfIZRM8AvIWEJUOEYJuP8pkwbJaE2Mp70aA6SYULVLLTY9g0LxwtLnv9SpdEOr4w2nz6BQ195BG4Ky6t5vQya2J3LAcpxovooopUMLfM3Tvwarr4Otz2HVAzn95UmA36h5Yvo+WA==
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 17430 ingotronic.ch. jwsrJ+V3kqYu2PTsgEokovbFlT+kLgTCPrw5iVXy5F+iTnwxUt5Mq+RkJ58nuKGdqjLTGZIjSybO1vVRdrMU7xyby17pSI1wc0TE5yeJnXhQQgYLh074bPvVfL4vzslX8Ab8U+JL5zo0/PnrVZhswjJLsrddpzlgGbkTQmcgKiM=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30648
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.    300 IN  RRSIG   DS 5 3 300 20130902081456 20130803072435 17430 ingotronic.ch. ma2SzHd/Al7dZdivV0/D0M616DPN5bYQmUJMERLum+Dhw38Rl2/KbeBUiFsfamyBFsNLuG272Q35rZlOn62tmko/ysg7vttsZwqDsXXurAz53k4+7OISHYJ2kDFaLRxa5rGoKreCQ+YmiCMGGKtuFTtyoZb36Sl3cXbAKJRhIL0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11577
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DNSKEY  256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.    300 IN  DNSKEY  257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 16758 nsec3.ingotronic.ch. emr2IJwIyRsu/o9tX2w3PLYc1Z4u3quRUBfbrWgTbMe02YpCDieyp7+f/IxmRspKvUpEIp+c0pcpIj0oHNL0ve2rfq9n5WPpwaYaJ3KycCFWF+iWwEAzzOyNdxdLwqsLdhN5rTX1lNTexak0czJXa7XXqiqdqLnfFr+xz610UfZ0R/dZdbdwsoUBrGd9bfTg6RCDzO2YJf6TKCT6Yn1s3fDnRYgb8RGCVOO0S6r38hqXxEqLoaNVnj8Qjd3pi1PpKnZf6/xrhV1+cJRoUtl7G1gK9aXwkn93KNqurrvialvw/0vP7OM1+WJauq2mXcdFQ8huQmCHRlm9QRWreorPxQ==
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 62417 nsec3.ingotronic.ch. kMYZ2Xsa+n2x9vmiOYIIZqBp5S5IIeZVd6CmQNWY0UeztIhAH1xM2XEAXPbAZ5GqXjwtvWIir4+5S/U0IS4PwNOcTmysOX/jrsZVDDwpoidBoxTjnvD30pqTH9RkuiK9t5FpQYxNLmF8B6T4hK01g+OXC80QzBX4LEu8O4KDJ+8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 105 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  unsigned.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 1 902429770AEE28DCBC72350E8BC260AFF4F239C5
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 2 20B0949D09A8FE56C33BE9835B46DE749598FFE20AB4897A1D2ACCCC94A96DF7
+unsigned.nsec3.ingotronic.ch. 300     RRSIG   DS 7 4 300 20130903175754 20130804175754 62417 nsec3.ingotronic.ch. uERbvGIS0r3tBJy3rGBFc21bE6ySOCE48zhxgM0mJHj3Y4UzGuhSK14cR0cZpCcZXAIvSlYBsJ7UQOu4U6Flf6Ep/Wzm7iitfOvGYfROFrbHVLsDwH06l08UueFSQK8TfueiNo9D+glxhqercts30j6ZEYwcDXE+HcHnQrR7k+o=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
+
+# constructed response here: the NSEC3 is from the delegating zone for the
+# child zone
+# hash(n=unsigned.nsec3.ingotronic.ch.,it=10,s=1234)=s4k4ekrnhmvobs9ff9m8v911bvl7nduf
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNsec3ClosestEncloserIsInsecureDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNsec3ClosestEncloserIsInsecureDelegation
new file mode 100644
index 000000000..736649770
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNsec3ClosestEncloserIsInsecureDelegation
@@ -0,0 +1,197 @@
+#Date: 2013-08-04T20:43:22+02:00
+
+# This is data for a constructed test: when a zone switches from signed to
+# unsigned AND a resolver incorrectly returns data from the delegation point
+# (instead of from the delegated child), the zone must be treated as insecure
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52489
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.           162318  IN  DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.           162318  IN  DNSKEY  256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.           162318  IN  RRSIG   DNSKEY 8 0 172800 20130814235959 20130731000000 19036 . UUzEZTh+YdFwAThMqKdbiTJYoOYY2FoAwFanVv47w2lc9NTTz7Fb6wtnj/rb47ZtAdIGcBAlh5AWz1UisSIxW1f3bLXdHyaS6YlAZ8shdw5VMktJXrFlnnu8ibOdA8yADMuLvUARHknh9Ri78Po4CwvEdMA+FYha1YyHgm7j0DeqI2ZuRNhXqjF6p+u4Z9zqXjIDq29pog2eZI0NDUQ0EMpLpDuo0PdbbGh7QRiRjeSJ/Oqfb6FrWCn4J14NS6CctKRaumyHiN+SsGx/W+fCsODLkRb0WAVaAIytzNYT8R666eui0c7hnI4imUDUOC0unyj/396zZ1YWHCUgAyJIGg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63054
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.         75918   IN  DS  22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94
+ch.         75918   IN  RRSIG   DS 8 1 86400 20130811000000 20130803230000 49656 . oyIAnRmpT1taLwIrZg0/WV3iqMBiWSNjIAXWZkoO9wp+cr0kMeVcrhrXYHAOTqGsL301YtMAT43BAPq9Cq0CZ4sD5K6OFOzo284SigLicuuWo0eEakJFdeYObB/+9wOERyN4iMVryjIl7GMz3D+UgLWrYMWWDDyVbmAm7ZY/3zs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1681
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.         75919   IN  DNSKEY  257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50=
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAdmE6uljIBh3EdgS3jWT87HtnwhYwP/9/ciJH87VtWMSR8jtMqbr2CFWRFdO9sTIuQ27sOwYe24TXbHt2TBUR4EBiDuzVD+Oj7ikYK1hM0LslL0fYfCJZKVM2SCHnsdh2ExZda/o0v+HtVtRdL7MbTADGue+xGQg6MzvavRd8D2p
+ch.         75919   IN  RRSIG   DNSKEY 8 1 86400 20130904100909 20130720090909 22072 ch. 1DIfkQfa6JMWoGs+y6vAwZ4F9Vf698b3hOpSgw3/Y3cdF/GqINRDQqiMi8OzGX5wV38QrBIG4wTCqHLB51VlHh2MHhU6F45eR/oA62LP6mmdIEuuG6hv2RuUj9S09r3eedr34ETjv8mRkydqekOFDqJaDG8t+B5EVku/94FU81x0pma05wEOvl5+IWQ62YqVuuzqd+Zz8+bObx5X74VAATC053XSftqbih0NJ65dWptOyyqs7MCvTXVpyWf5ipkfULexCWi9pjY7EuviTcJjdhwndiURl+uwMyzfMmf5XBREvJE03t/Cd1Xp9Ee3Iot2rXOpbQ83tUw3xqsgtGkfMg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34393
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      3583    IN  DS  6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.      3583    IN  DS  6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.      3583    IN  RRSIG   DS 8 2 3600 20130831110238 20130801120230 27249 ch. rhEK+na/h6EbbDBbOCBb2igPPPnkwKqKsJ1tAn11PLrrOoXkJs3Ke9LM/y6vxebH03H4gCJtS8VAavyzKWM7tzeraZP1oWlK6g855PeAwGyGYxtT6JVvwlwaFXQqLVoLNJy60eTobRQyKy0OqdDRHm0W/frnPPkM/zXLTr5g9pY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40418
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      300 IN  DNSKEY  256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.      300 IN  DNSKEY  257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 6031 ingotronic.ch. XYDiDlvzokZfrlCk+ZfvBof8cbStGsDqd8YCOtBf/rvnAOWTdV1LGQ1LxE64udTObpKM/+oRgCWFcULnajdwljH2vRw6ZnY/VQAE3QmyNNQHTCQYfOkoYGzUrOQZ9QwTFQaP7FXc/kx0pJwvswhg/cC1WFy/PEM3ydfzYBTSthFxs2G5ZbONUR30jVRq1fjBkjh/+ev6HQZAy8MfIZRM8AvIWEJUOEYJuP8pkwbJaE2Mp70aA6SYULVLLTY9g0LxwtLnv9SpdEOr4w2nz6BQ195BG4Ky6t5vQya2J3LAcpxovooopUMLfM3Tvwarr4Otz2HVAzn95UmA36h5Yvo+WA==
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 17430 ingotronic.ch. jwsrJ+V3kqYu2PTsgEokovbFlT+kLgTCPrw5iVXy5F+iTnwxUt5Mq+RkJ58nuKGdqjLTGZIjSybO1vVRdrMU7xyby17pSI1wc0TE5yeJnXhQQgYLh074bPvVfL4vzslX8Ab8U+JL5zo0/PnrVZhswjJLsrddpzlgGbkTQmcgKiM=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30648
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.    300 IN  RRSIG   DS 5 3 300 20130902081456 20130803072435 17430 ingotronic.ch. ma2SzHd/Al7dZdivV0/D0M616DPN5bYQmUJMERLum+Dhw38Rl2/KbeBUiFsfamyBFsNLuG272Q35rZlOn62tmko/ysg7vttsZwqDsXXurAz53k4+7OISHYJ2kDFaLRxa5rGoKreCQ+YmiCMGGKtuFTtyoZb36Sl3cXbAKJRhIL0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11577
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DNSKEY  256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.    300 IN  DNSKEY  257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 16758 nsec3.ingotronic.ch. emr2IJwIyRsu/o9tX2w3PLYc1Z4u3quRUBfbrWgTbMe02YpCDieyp7+f/IxmRspKvUpEIp+c0pcpIj0oHNL0ve2rfq9n5WPpwaYaJ3KycCFWF+iWwEAzzOyNdxdLwqsLdhN5rTX1lNTexak0czJXa7XXqiqdqLnfFr+xz610UfZ0R/dZdbdwsoUBrGd9bfTg6RCDzO2YJf6TKCT6Yn1s3fDnRYgb8RGCVOO0S6r38hqXxEqLoaNVnj8Qjd3pi1PpKnZf6/xrhV1+cJRoUtl7G1gK9aXwkn93KNqurrvialvw/0vP7OM1+WJauq2mXcdFQ8huQmCHRlm9QRWreorPxQ==
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 62417 nsec3.ingotronic.ch. kMYZ2Xsa+n2x9vmiOYIIZqBp5S5IIeZVd6CmQNWY0UeztIhAH1xM2XEAXPbAZ5GqXjwtvWIir4+5S/U0IS4PwNOcTmysOX/jrsZVDDwpoidBoxTjnvD30pqTH9RkuiK9t5FpQYxNLmF8B6T4hK01g+OXC80QzBX4LEu8O4KDJ+8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 105 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  unsigned.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 1 902429770AEE28DCBC72350E8BC260AFF4F239C5
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 2 20B0949D09A8FE56C33BE9835B46DE749598FFE20AB4897A1D2ACCCC94A96DF7
+unsigned.nsec3.ingotronic.ch. 300     RRSIG   DS 7 4 300 20130903175754 20130804175754 62417 nsec3.ingotronic.ch. uERbvGIS0r3tBJy3rGBFc21bE6ySOCE48zhxgM0mJHj3Y4UzGuhSK14cR0cZpCcZXAIvSlYBsJ7UQOu4U6Flf6Ep/Wzm7iitfOvGYfROFrbHVLsDwH06l08UueFSQK8TfueiNo9D+glxhqercts30j6ZEYwcDXE+HcHnQrR7k+o=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
+
+# constructed response here: the NSEC3 is from the delegating zone for the
+# child zone
+# hash(n=unsigned.nsec3.ingotronic.ch.,it=10,s=1234)=s4k4ekrnhmvobs9ff9m8v911bvl7nduf
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithNsecs b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithNsecs
new file mode 100644
index 000000000..2455dbcb3
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithNsecs
@@ -0,0 +1,293 @@
+#Date: 2015-01-06T22:35:09+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25734
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 810L2KR9HCVTELBLO8GQM0EMIM8KD01E A AAAA RRSIG
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. hOo4U9QFigY0lLf6UzA/WlwjZsXfs5EZdfiumlAHv2H/I81TiWBtKQhOvMyVUOFq1dMq44JnO2KJEEuPRKKNPiER4a3Y/kzpjscW+yfUWjOzOmZX4d2p9ustljj125/PVUwAOeCP7a8fFZMG/7Xughx49B4WFsDrIUEbMsw3Iqo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 537 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20135
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87364	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87364	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87364	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87364	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16754
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			964	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6044
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			965	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			965	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			965	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			965	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60471
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3573	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3573	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3573	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17951
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16136
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40073
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36997
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87364	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87364	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87364	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87364	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49791
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			964	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8607
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			964	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 534
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3572	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3572	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3572	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33596
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33074
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40277
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithoutNsecs b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithoutNsecs
new file mode 100644
index 000000000..41b280d98
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithoutNsecs
@@ -0,0 +1,295 @@
+#Date: 2015-01-06T22:35:10+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18486
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.nsec3.ingotronic.ch.	300	IN	A	127.0.0.1
+www.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. jQhCY33aj9YTcCTHgl71PhM02o2LL6tdTy5M8TQw/Kt8D7wHxjVpu75eT9XEaM3abIqvygero5hCxyPW6IfF+FKmdx3MNigQiaB2sKu2XDNmFMbaucmVAWDRDMRY1BFavjz316JSb0rXX3XcS/ixbj9+jAm9lCXROcuzmOPB7vw=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 633 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23218
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87363	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87363	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87363	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87363	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56313
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			963	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32662
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			964	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			964	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64353
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3572	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3572	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3572	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13626
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48927
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49642
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25015
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87363	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87363	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87363	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87363	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34587
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			963	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19027
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			964	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			964	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6277
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3572	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3572	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3572	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26423
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58434
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7700
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedBeforeZoneNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedBeforeZoneNsec3
new file mode 100644
index 000000000..8540859e9
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedBeforeZoneNsec3
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:34:45+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7362
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	alias.1gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1056 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56361
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87388	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87388	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87388	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87388	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10038
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			988	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8248
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			989	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60008
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3597	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3597	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3597	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36858
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8889
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12982
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedNsec3MissingNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedNsec3MissingNsec3
new file mode 100644
index 000000000..ad3fab6e0
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedNsec3MissingNsec3
@@ -0,0 +1,297 @@
+#Date: 2015-01-06T22:34:46+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56602
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1060 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27538
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87387	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87387	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87387	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87387	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17381
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			987	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			987	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42716
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			988	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			988	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			988	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4183
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3596	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3596	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3596	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13829
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8061
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35158
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25776
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87387	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87387	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87387	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87387	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42269
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			987	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			987	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6552
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			987	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			987	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			987	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			987	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15230
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3595	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3595	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3595	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57871
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60830
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6067
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataOnENT b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataOnENT
new file mode 100644
index 000000000..903bb3871
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataOnENT
@@ -0,0 +1,118 @@
+#Date: 2015-01-06T22:34:45+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25863
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	b.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+alias.ingotronic.ch.	300	IN	NSEC	a.b.ingotronic.ch. DNAME RRSIG NSEC
+alias.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 481 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1668
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87389	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87389	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87389	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87389	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19837
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			988	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28569
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			989	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			989	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17551
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3597	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3597	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3597	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3475
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataWithInvalidNsecSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataWithInvalidNsecSignature
new file mode 100644
index 000000000..717907ef0
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataWithInvalidNsecSignature
@@ -0,0 +1,215 @@
+#Date: 2015-01-06T22:34:43+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65247
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 475 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10629
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87391	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87391	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87391	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87391	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35482
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			991	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12915
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			992	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			992	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59605
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3600	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3600	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3600	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21625
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5462
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87390	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87390	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87390	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87390	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 239
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			990	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17622
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			991	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27845
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3599	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3599	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3599	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17702
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_1
new file mode 100644
index 000000000..f9fe4b0b4
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_1
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:46+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32300
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400
+.			10800	IN	RRSIG	SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE=
+.			10800	IN	RRSIG	NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk=
+.			10800	IN	NSEC	abogado. NS SOA RRSIG NSEC DNSKEY
+gi.			10800	IN	RRSIG	NSEC 8 1 86400 20150113170000 20150106160000 16665 . jvKrJLijjO866a3A9fkv130tf/UsyS0FgH+k9afhIaNcvTzEwUeVP8+RosGM/b8BWhgASmx2ONSl+BD1LIH1JRkUXKZRVbItdDE27gdKQHTHORYybBDTiHHhnMet1vsceRvN77TAvrdFhm9RYFehZ3ddkQDvy8IACiA5PMhLyQg=
+gi.			10800	IN	NSEC	gift. NS DS RRSIG NSEC
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 646 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36258
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87387	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87387	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87387	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87387	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_2
new file mode 100644
index 000000000..0c5908dda
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_2
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:34:47+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19015
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+eccgost.ingotronic.ch.	300	IN	NSEC	invalid.ingotronic.ch. NS DS RRSIG NSEC
+eccgost.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 711 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61810
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87386	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87386	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87386	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87386	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38737
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			986	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			986	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12449
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			987	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			987	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			987	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			987	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3260
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3595	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3595	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3595	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41331
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_3
new file mode 100644
index 000000000..edf53cd38
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_3
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:34:45+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61261
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1049 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45173
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87388	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87388	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87388	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87388	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43258
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			988	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36397
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			989	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			989	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9276
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3597	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3597	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3597	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49214
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64194
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51334
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_4 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_4
new file mode 100644
index 000000000..e02b7389f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_4
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:34:44+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59323
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.gibtsnicht.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+eccgost.ingotronic.ch.	300	IN	NSEC	invalid.ingotronic.ch. NS DS RRSIG NSEC
+eccgost.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 722 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32975
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87389	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87389	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87389	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87389	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62255
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			989	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42506
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			990	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20975
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3598	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3598	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3598	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53458
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_5 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_5
new file mode 100644
index 000000000..fc1a1d098
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_5
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:34:43+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7636
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1060 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26832
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87390	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87390	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87390	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87390	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6927
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			990	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34194
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			991	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20509
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3599	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3599	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3599	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7967
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32230
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3112
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNxDomainWithInvalidNsecSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNxDomainWithInvalidNsecSignature
new file mode 100644
index 000000000..194e908c7
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNxDomainWithInvalidNsecSignature
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:34:44+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12938
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	x.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 692 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40248
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87390	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87390	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87390	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87390	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21278
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			989	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9749
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			990	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20291
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3598	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3598	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3598	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62908
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40211
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87389	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87389	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87389	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87389	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25429
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			989	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 742
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			990	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6866
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3598	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3598	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3598	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4819
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_1
new file mode 100644
index 000000000..7a17fde9d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_1
@@ -0,0 +1,118 @@
+#Date: 2015-01-06T22:34:46+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55491
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 475 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50097
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87387	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87387	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87387	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87387	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21262
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			987	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			987	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 221
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			988	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			988	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			988	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23462
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3596	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3596	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3596	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14899
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_2
new file mode 100644
index 000000000..ae556d7cd
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_2
@@ -0,0 +1,157 @@
+#Date: 2015-01-06T22:34:46+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20397
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 810L2KR9HCVTELBLO8GQM0EMIM8KD01E A AAAA RRSIG
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. hOo4U9QFigY0lLf6UzA/WlwjZsXfs5EZdfiumlAHv2H/I81TiWBtKQhOvMyVUOFq1dMq44JnO2KJEEuPRKKNPiER4a3Y/kzpjscW+yfUWjOzOmZX4d2p9ustljj125/PVUwAOeCP7a8fFZMG/7Xughx49B4WFsDrIUEbMsw3Iqo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 537 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13329
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87388	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87388	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87388	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87388	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27135
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			988	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14048
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			989	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			989	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6090
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3596	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3596	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3596	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8413
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63148
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46698
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_3
new file mode 100644
index 000000000..4431522ea
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_3
@@ -0,0 +1,118 @@
+#Date: 2015-01-06T22:34:44+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21797
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	a.b.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+a.b.ingotronic.ch.	300	IN	NSEC	*.c.ingotronic.ch. A RRSIG NSEC
+a.b.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125000532 20141225234703 17430 ingotronic.ch. HMCFItkk6JIV9hcHJ+p+OO5CI8B7H4fWy6w8kMfKPA/Z/lUcjlSKSexxd4ppubXfaVDhTW5j3Nd0rEpKbxztd9MZGVbvk7LJibvpD4ACR0xSmE69fyjrxrN/uDPYVPL5uOTklgDAlinQS3E6KulWr5iST9H4gmhfrk5MpvK4fcc=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 477 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3215
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87389	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87389	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87389	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87389	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19457
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			989	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13543
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			990	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44836
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3598	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3598	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3598	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26288
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_4 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_4
new file mode 100644
index 000000000..8fc98ee17
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_4
@@ -0,0 +1,157 @@
+#Date: 2015-01-06T22:34:42+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19002
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	a.b.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H A RRSIG
+4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. CqoGO4BUVNtHXxUXDPRCTvVPGnqBDwrO8Uyw1NKGELf71x5TKQKFZCBmlT8G/aRgK5fu7xor/zldHS+6yR7nfHEwdW2Y+GzpUawe8ul8nL+Z8DNDFTuCxJtnoP82X0u/EsaT63RVPZAP94jFlvOpzr9NN/De33EcNdl7B/EB/J0=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 537 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30530
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87391	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87391	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87391	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87391	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5039
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			991	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9676
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			992	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			992	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52839
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3600	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3600	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3600	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34478
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58519
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59867
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_5 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_5
new file mode 100644
index 000000000..62cb0d755
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_5
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:34:43+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47937
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	b.d.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+a.d.ingotronic.ch.	300	IN	NSEC	a.e.ingotronic.ch. A RRSIG NSEC
+a.d.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125011134 20141226002644 17430 ingotronic.ch. Xlth6wbhlD20uaeZZWKeREQgQBsYN6ztO8zPCWCeklur7YQ3X3aZJGhiNqPPhrdP2g9VEadeFQjCI5eGslXFoJtRPqAVswbk2K0wD8NSeoKRAXhW3N91AQodcalgOhiX5yuqST6gLxJl3WXgwUDvco+JvrfSFWV8FLwZ3RQ/26U=
+*.d.ingotronic.ch.	300	IN	NSEC	a.d.ingotronic.ch. A RRSIG NSEC
+*.d.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. CYABmp/vM/1o6z+h7pehEcE6wLRMeRBmWuVD0f2f+nynCX/DQyncjlyDcBc1SiQBuz5BQQz6fN8/vHjpAQXDpdOpftz/YLMME29g87c9APFRzhcU3imp87hFUKyaTBJ4VD9oLZ7NcTvsSnbvnn4pykZTUVI87jIt13zQuAdBPTs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 693 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2900
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87390	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87390	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87390	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87390	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63505
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			990	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45285
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			991	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40411
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3599	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3599	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3599	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9413
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_6 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_6
new file mode 100644
index 000000000..2642d093f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_6
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:34:42+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55533
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	b.d.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+944O996IVI1HPK8C89UTQR054EFGQF8T.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 BIKV50K9D505ABGB6K0F3JPQ62P5MGMI
+944O996IVI1HPK8C89UTQR054EFGQF8T.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. ggw9BV94fHJY0yfaqkdoAbh5CZiU99hSi5Y22hccMNzh8wPffhH+wEyuTj9OwKpiw6HCX6wFIKniTxeLlUeTtHvreBBgiaAGPqvNDCzn4lAwsIMSd8P9+fmrChoioqqJ4sBhWUCHRfwg0qqzpRC/PhOGaa3/7XZwYpnK/vgu2og=
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 8VOO8LLV6NQKGVAP6LG1M4QMLMOS8LMK CNAME RRSIG
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. oVpQ8URiobH7xZcbioe1KuVi7wDEvJDLlS1vN4phMRXDhe8JwA6iGHi8jq+iOT4FkzhO9LTsFJJEI6Nj509+1X2zvRwAfYauanMdXog5vh5d7WF+/Q3LxbybKeol0HvIrJGXeoVnaFJAh8WvMWwnb1tM6mHp1GKtWoWiH8pv6+0=
+74SO0776K6C87EPASDU8QK8SROIK00KK.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 7L2K0NAC88UN3IJV0404HF7PM543BN3F A RRSIG
+74SO0776K6C87EPASDU8QK8SROIK00KK.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. LgiRXOhpvpRNy0EsyYBIIjHyl8J32vg+EqLB2BMsfxWO311YP3lME0gp8PN4p0Qo/ZIE1Q/V+LFElSSvwroBsIB+/qFjdf4tj022dRDxvkRdEPgo6oO/xqK1rTOUkvPZRfpHuhZbZ0m/j8v2+RyfPLrM2x3ebzcSNT6tDIpL6+A=
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1049 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56181
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87391	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87391	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87391	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87391	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48499
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			991	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22381
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			992	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			992	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58697
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3600	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3600	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3600	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15181
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40988
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13710
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure
new file mode 100644
index 000000000..120484232
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:35:30+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55905
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	www.wc.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.wc.nsec3.ingotronic.ch.	300	IN	A	127.0.0.2
+www.wc.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. dIDse8tpnBhl5X20CZ5c8rO8cuj9dKMeA/qiyQYEqEFp1QnnVawapqDh1pCrJhBxcKnT7THqKSP6XpDIQA70jcHSecAVRqBZBA2coWZTSOi3dnsARJfIueh8kpsmtYsn6ejuG+7sroQKH9Niu4xoi433ez7Anr9itet9kAP9dmA=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 4FQSC7ORQNKH924CH6L2DOAISKM28080 CNAME RRSIG
+2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. BXhW2wGFkkGdsdGKqFMr9QqwGrtCA56D8CH/CKjOn51Udirm6asczVWIVStM0no1VIZNAa3oF6F/RzcDVKtkJTw4KHrSX5LHiWW19pyB1fql2krTQ3Zfr0mZsUb/JMf2/yPqXQu9QYN8XrlicZ60LwFWFRNO2gscMqgHnNtdidk=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 896 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7035
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87343	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87343	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87343	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87343	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44863
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			943	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			943	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13081
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			944	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			944	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12443
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3552	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3552	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3552	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6113
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41147
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28760
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation
new file mode 100644
index 000000000..c29d41842
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation
@@ -0,0 +1,535 @@
+#Date: 2015-01-06T22:35:28+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4332
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	9.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS DS RRSIG
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. Fj0oqoPcn/OEnskMdbw0fTkESOsr6nyhXAqiB0BrGv+PIQEeYPguOFDKvV5CkHaoX+R1OrLHnbc3TFrgopy8cA/Uo3+YxNhIJn6tnm9ynyw7n6RoqWNsY6SYiCwM44Ea4sW7xcMmz8YUiPAJe+NrJYVoFnGjRbRWhLqI+q1iU3M=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1048 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52037
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87345	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87345	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87345	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87345	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8702
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			945	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			945	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51929
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			946	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20671
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3554	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3554	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3554	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65359
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8194
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59006
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12595
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	a.sub.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+sub.nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032916 300 60 864000 300
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 4 300 20150125015740 20141226005740 47588 sub.nsec3.ingotronic.ch. Bf4LTgw0NTtweK4jIpwJHZ1TXexTWKUsBz2jG0/tMeTkcIZOUNVFrOxBfSG6/bMDUA3jSbz5jJ1m9s65BST+KkUqQX+vcRTWQAZT3Hrl3Si82mC1pxOB/84yyR1C0AYrgx9LA+XMsXP1asYWpIHMK+r8A5SVkOyH4lbhqOieEi4=
+8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA.sub.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 11 4321 8Q9N8IJMR07MUTMO8TDS0N9UEQA8QVD9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA.sub.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 5 300 20150125013111 20141226005322 47588 sub.nsec3.ingotronic.ch. le09pR2JyiMdQqnRMEzP8x0R4TM2GEjW4KQ3H/rwewL6FZYuTUUtby44kqCAVS9pZ+bxKtT0A7F5RG06S2fwSx5OP62O6OFQoz/qmjc4ecsaciSMX+Rh3BbVSy8NyHoy0v2G9kAijyXrdz9xBSm/nRoS74RjL2mu7TPw/PTM3mI=
+0NEGNVKPNDG8COAS7H0J86LJOO3HD9DA.sub.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 11 4321 4IGI4A0AMGQ33TEQ30KODCUNR3GUQ9PM A RRSIG
+0NEGNVKPNDG8COAS7H0J86LJOO3HD9DA.sub.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 5 300 20150125010632 20141226002446 47588 sub.nsec3.ingotronic.ch. UTxl/DGaYhwIhPk3igVHrExeG7bWR9/rSEOa+qmijHN2h/MnA7vf40Egh1kzCE5IEMlWbJTyH7SQtcIBO+QNY5wcZIs1ROhGsLQCK03d8MhYZeWw16+8kPpnwV1ZskVVHJ355Sm6iMumxEPmjEzhpxeDAQ3A9SHBBBHPZ0gk0Ew=
+DFLBG9075O3J47SUNJOFNAMQIE6355M6.sub.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 11 4321 FF6HDF6NIR1O4UO4N6BO1NT1P5BLEM45 A RRSIG
+DFLBG9075O3J47SUNJOFNAMQIE6355M6.sub.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 5 300 20150125011509 20141226005740 47588 sub.nsec3.ingotronic.ch. LOf771yhl0XefM1p1t99S7KH4hiQaT78qev2VFkdgv9WN/w2JrZOkO0bx5ikNzt2MuELtdh8IDTP9KdRss9XsSEr7AIkKg0CN3oG6xxKgt+rrY5O+GfbvrgBFhn7H4JGTBlacnAnoMjreyCSxNtE1bHSIZOHOevkxZ4voFIQ0OQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1076 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13990
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87345	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87345	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87345	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87345	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22861
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			945	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			945	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62841
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			946	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			946	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7825
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3554	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3554	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3554	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54026
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8144
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65284
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2523
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+sub.nsec3.ingotronic.ch.	300	IN	DS	14583 7 2 450CACC87D02E5FF421230909AA852C6FDD2687F884AA44254DD94DA85535077
+sub.nsec3.ingotronic.ch.	300	IN	DS	14583 7 1 D51C5631497C1D29CA98691288D65554DC02748E
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DS 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. YaXJXminnSCzuVyXM/bgnRohbK4kN+wMi8/14ahyigDbBktZ0TWNv3PaYXRE5TFRrnmFRka0TEeCcU4HjQv1goi7BHXvn9VtoAlsi2NrboZOTYt5vo4cFhyPkBPajJWfKtQE4W4AW2CdW6736gKzevMGsJza0ZE+phasic+lwnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 315 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21959
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+sub.nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAaxrudePJ21EN1RmgBFOZJG5tL4EBLzvqDwCasrBCCd7A/4cXJ2hGXpWhfmGi6Jw0aE2H9DSQf3Tpky1gIijeq/bwfxT4QIbrfqOn9Qoo0eVhJ5eLadg91vD9zPu9LrsV66dn8WIoeHyXOW6jTweKRVvTg0y3RMgofQwKj4ZLQuD
+sub.nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAfbT4DoA+kmKQSfhaS4IkklDaqgrxdD3OlrG9dctyUcoxignP3hChGSj9cX+ojrGakS4rI6H7oQVhPAdL2ZOr3mcrKgj52kwD+aAsW19nhS4aEahbseRm8Sq3ebt1zefQRezLrDC+3BPzeCMmuZe53bEN01BQpLwJHz86gtibPZ/xFkmSPIXK5AiqqGTULJRKFm8IqNVKvEwZ+OCiT5NH+Wfzidd+DfRjAD/N5TalP863+nZhp5TdoIPcQfxqrsYyv//UewvC/sijmw1uljwXncRNCA8nMKWKZwPFqJft7pGepRPvojSAmnPZjpHhZh+tHYMk4GQpACDJSF+9uCoOXM=
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 4 300 20150125004357 20141226000657 14583 sub.nsec3.ingotronic.ch. QbclcvQd9lPzpy8w1Z7g9jSeIHGMAwnHYf1wsi9w/dFaxOWnqKZxSkjbxu8JPq8WzDhGnXlCD/wksK7oAnvr1IStV4jSjh3JQ0JHlvy30c6n2ZEgN1Y6OlUTIH88eaEFEt8zykZKhMNPZcfhh+hqC7hl0oUzgZcA42Tn/U6JNz+DWfQBSJBmAUgzgQFcTnJkR/U9BRoCe19isbBXG2HwrmDNl3PYTudkeJTOEXSuKcTAUdV6twuZ7y+j7uWeqCkXRw9WBzAOQ/bH4x1JSGKt6OZOG5wJ2cdhBVHuR9hLfIJJau8ZgnKjKI2MQ3WWF23ZDMCBILsp3KFPUKEy3tZMKA==
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 4 300 20150125004357 20141226000657 47588 sub.nsec3.ingotronic.ch. KAsXqPyHIH2Y/iV8QR5JQ/EfUrVfxNeoaTYINar0gtvk84VThpsS/8lhpdwU9NbukXUyD0QZfQm+nF+WIFs4mYPU06tW2Nn0CHiPwBXdA8ZaApVasxbtCmk//BQi9LlRyMriylPUIZeUMLyTTisIffIdTuLBf9xhaYe81uZmpB8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 970 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40054
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87344	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87344	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87344	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87344	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49011
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			944	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19308
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			945	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			945	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			945	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			945	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5655
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3553	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3553	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3553	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7346
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61808
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23642
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13871
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+sub.nsec3.ingotronic.ch.	300	IN	DS	14583 7 2 450CACC87D02E5FF421230909AA852C6FDD2687F884AA44254DD94DA85535077
+sub.nsec3.ingotronic.ch.	300	IN	DS	14583 7 1 D51C5631497C1D29CA98691288D65554DC02748E
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DS 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. YaXJXminnSCzuVyXM/bgnRohbK4kN+wMi8/14ahyigDbBktZ0TWNv3PaYXRE5TFRrnmFRka0TEeCcU4HjQv1goi7BHXvn9VtoAlsi2NrboZOTYt5vo4cFhyPkBPajJWfKtQE4W4AW2CdW6736gKzevMGsJza0ZE+phasic+lwnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 315 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39441
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+sub.nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAfbT4DoA+kmKQSfhaS4IkklDaqgrxdD3OlrG9dctyUcoxignP3hChGSj9cX+ojrGakS4rI6H7oQVhPAdL2ZOr3mcrKgj52kwD+aAsW19nhS4aEahbseRm8Sq3ebt1zefQRezLrDC+3BPzeCMmuZe53bEN01BQpLwJHz86gtibPZ/xFkmSPIXK5AiqqGTULJRKFm8IqNVKvEwZ+OCiT5NH+Wfzidd+DfRjAD/N5TalP863+nZhp5TdoIPcQfxqrsYyv//UewvC/sijmw1uljwXncRNCA8nMKWKZwPFqJft7pGepRPvojSAmnPZjpHhZh+tHYMk4GQpACDJSF+9uCoOXM=
+sub.nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAaxrudePJ21EN1RmgBFOZJG5tL4EBLzvqDwCasrBCCd7A/4cXJ2hGXpWhfmGi6Jw0aE2H9DSQf3Tpky1gIijeq/bwfxT4QIbrfqOn9Qoo0eVhJ5eLadg91vD9zPu9LrsV66dn8WIoeHyXOW6jTweKRVvTg0y3RMgofQwKj4ZLQuD
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 4 300 20150125004357 20141226000657 14583 sub.nsec3.ingotronic.ch. QbclcvQd9lPzpy8w1Z7g9jSeIHGMAwnHYf1wsi9w/dFaxOWnqKZxSkjbxu8JPq8WzDhGnXlCD/wksK7oAnvr1IStV4jSjh3JQ0JHlvy30c6n2ZEgN1Y6OlUTIH88eaEFEt8zykZKhMNPZcfhh+hqC7hl0oUzgZcA42Tn/U6JNz+DWfQBSJBmAUgzgQFcTnJkR/U9BRoCe19isbBXG2HwrmDNl3PYTudkeJTOEXSuKcTAUdV6twuZ7y+j7uWeqCkXRw9WBzAOQ/bH4x1JSGKt6OZOG5wJ2cdhBVHuR9hLfIJJau8ZgnKjKI2MQ3WWF23ZDMCBILsp3KFPUKEy3tZMKA==
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 4 300 20150125004357 20141226000657 47588 sub.nsec3.ingotronic.ch. KAsXqPyHIH2Y/iV8QR5JQ/EfUrVfxNeoaTYINar0gtvk84VThpsS/8lhpdwU9NbukXUyD0QZfQm+nF+WIFs4mYPU06tW2Nn0CHiPwBXdA8ZaApVasxbtCmk//BQi9LlRyMriylPUIZeUMLyTTisIffIdTuLBf9xhaYe81uZmpB8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 970 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation
new file mode 100644
index 000000000..42e525f34
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation
@@ -0,0 +1,197 @@
+#Date: 2013-08-04T20:43:22+02:00
+
+# This is data for a constructed test: when a zone switches from signed to
+# unsigned AND a resolver incorrectly returns data from the delegation point
+# (instead of from the delegated child), the zone must be treated as insecure
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52489
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.           162318  IN  DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.           162318  IN  DNSKEY  256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.           162318  IN  RRSIG   DNSKEY 8 0 172800 20130814235959 20130731000000 19036 . UUzEZTh+YdFwAThMqKdbiTJYoOYY2FoAwFanVv47w2lc9NTTz7Fb6wtnj/rb47ZtAdIGcBAlh5AWz1UisSIxW1f3bLXdHyaS6YlAZ8shdw5VMktJXrFlnnu8ibOdA8yADMuLvUARHknh9Ri78Po4CwvEdMA+FYha1YyHgm7j0DeqI2ZuRNhXqjF6p+u4Z9zqXjIDq29pog2eZI0NDUQ0EMpLpDuo0PdbbGh7QRiRjeSJ/Oqfb6FrWCn4J14NS6CctKRaumyHiN+SsGx/W+fCsODLkRb0WAVaAIytzNYT8R666eui0c7hnI4imUDUOC0unyj/396zZ1YWHCUgAyJIGg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63054
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.         75918   IN  DS  22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94
+ch.         75918   IN  RRSIG   DS 8 1 86400 20130811000000 20130803230000 49656 . oyIAnRmpT1taLwIrZg0/WV3iqMBiWSNjIAXWZkoO9wp+cr0kMeVcrhrXYHAOTqGsL301YtMAT43BAPq9Cq0CZ4sD5K6OFOzo284SigLicuuWo0eEakJFdeYObB/+9wOERyN4iMVryjIl7GMz3D+UgLWrYMWWDDyVbmAm7ZY/3zs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1681
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.         75919   IN  DNSKEY  257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50=
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAdmE6uljIBh3EdgS3jWT87HtnwhYwP/9/ciJH87VtWMSR8jtMqbr2CFWRFdO9sTIuQ27sOwYe24TXbHt2TBUR4EBiDuzVD+Oj7ikYK1hM0LslL0fYfCJZKVM2SCHnsdh2ExZda/o0v+HtVtRdL7MbTADGue+xGQg6MzvavRd8D2p
+ch.         75919   IN  RRSIG   DNSKEY 8 1 86400 20130904100909 20130720090909 22072 ch. 1DIfkQfa6JMWoGs+y6vAwZ4F9Vf698b3hOpSgw3/Y3cdF/GqINRDQqiMi8OzGX5wV38QrBIG4wTCqHLB51VlHh2MHhU6F45eR/oA62LP6mmdIEuuG6hv2RuUj9S09r3eedr34ETjv8mRkydqekOFDqJaDG8t+B5EVku/94FU81x0pma05wEOvl5+IWQ62YqVuuzqd+Zz8+bObx5X74VAATC053XSftqbih0NJ65dWptOyyqs7MCvTXVpyWf5ipkfULexCWi9pjY7EuviTcJjdhwndiURl+uwMyzfMmf5XBREvJE03t/Cd1Xp9Ee3Iot2rXOpbQ83tUw3xqsgtGkfMg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34393
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      3583    IN  DS  6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.      3583    IN  DS  6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.      3583    IN  RRSIG   DS 8 2 3600 20130831110238 20130801120230 27249 ch. rhEK+na/h6EbbDBbOCBb2igPPPnkwKqKsJ1tAn11PLrrOoXkJs3Ke9LM/y6vxebH03H4gCJtS8VAavyzKWM7tzeraZP1oWlK6g855PeAwGyGYxtT6JVvwlwaFXQqLVoLNJy60eTobRQyKy0OqdDRHm0W/frnPPkM/zXLTr5g9pY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40418
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      300 IN  DNSKEY  256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.      300 IN  DNSKEY  257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 6031 ingotronic.ch. XYDiDlvzokZfrlCk+ZfvBof8cbStGsDqd8YCOtBf/rvnAOWTdV1LGQ1LxE64udTObpKM/+oRgCWFcULnajdwljH2vRw6ZnY/VQAE3QmyNNQHTCQYfOkoYGzUrOQZ9QwTFQaP7FXc/kx0pJwvswhg/cC1WFy/PEM3ydfzYBTSthFxs2G5ZbONUR30jVRq1fjBkjh/+ev6HQZAy8MfIZRM8AvIWEJUOEYJuP8pkwbJaE2Mp70aA6SYULVLLTY9g0LxwtLnv9SpdEOr4w2nz6BQ195BG4Ky6t5vQya2J3LAcpxovooopUMLfM3Tvwarr4Otz2HVAzn95UmA36h5Yvo+WA==
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 17430 ingotronic.ch. jwsrJ+V3kqYu2PTsgEokovbFlT+kLgTCPrw5iVXy5F+iTnwxUt5Mq+RkJ58nuKGdqjLTGZIjSybO1vVRdrMU7xyby17pSI1wc0TE5yeJnXhQQgYLh074bPvVfL4vzslX8Ab8U+JL5zo0/PnrVZhswjJLsrddpzlgGbkTQmcgKiM=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30648
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.    300 IN  RRSIG   DS 5 3 300 20130902081456 20130803072435 17430 ingotronic.ch. ma2SzHd/Al7dZdivV0/D0M616DPN5bYQmUJMERLum+Dhw38Rl2/KbeBUiFsfamyBFsNLuG272Q35rZlOn62tmko/ysg7vttsZwqDsXXurAz53k4+7OISHYJ2kDFaLRxa5rGoKreCQ+YmiCMGGKtuFTtyoZb36Sl3cXbAKJRhIL0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11577
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DNSKEY  256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.    300 IN  DNSKEY  257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 16758 nsec3.ingotronic.ch. emr2IJwIyRsu/o9tX2w3PLYc1Z4u3quRUBfbrWgTbMe02YpCDieyp7+f/IxmRspKvUpEIp+c0pcpIj0oHNL0ve2rfq9n5WPpwaYaJ3KycCFWF+iWwEAzzOyNdxdLwqsLdhN5rTX1lNTexak0czJXa7XXqiqdqLnfFr+xz610UfZ0R/dZdbdwsoUBrGd9bfTg6RCDzO2YJf6TKCT6Yn1s3fDnRYgb8RGCVOO0S6r38hqXxEqLoaNVnj8Qjd3pi1PpKnZf6/xrhV1+cJRoUtl7G1gK9aXwkn93KNqurrvialvw/0vP7OM1+WJauq2mXcdFQ8huQmCHRlm9QRWreorPxQ==
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 62417 nsec3.ingotronic.ch. kMYZ2Xsa+n2x9vmiOYIIZqBp5S5IIeZVd6CmQNWY0UeztIhAH1xM2XEAXPbAZ5GqXjwtvWIir4+5S/U0IS4PwNOcTmysOX/jrsZVDDwpoidBoxTjnvD30pqTH9RkuiK9t5FpQYxNLmF8B6T4hK01g+OXC80QzBX4LEu8O4KDJ+8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 105 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  unsigned.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 1 902429770AEE28DCBC72350E8BC260AFF4F239C5
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 2 20B0949D09A8FE56C33BE9835B46DE749598FFE20AB4897A1D2ACCCC94A96DF7
+unsigned.nsec3.ingotronic.ch. 300     RRSIG   DS 7 4 300 20130903175754 20130804175754 62417 nsec3.ingotronic.ch. uERbvGIS0r3tBJy3rGBFc21bE6ySOCE48zhxgM0mJHj3Y4UzGuhSK14cR0cZpCcZXAIvSlYBsJ7UQOu4U6Flf6Ep/Wzm7iitfOvGYfROFrbHVLsDwH06l08UueFSQK8TfueiNo9D+glxhqercts30j6ZEYwcDXE+HcHnQrR7k+o=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
+
+# constructed response here: the NSEC3 is from the delegating zone for the
+# child zone
+# hash(n=unsigned.nsec3.ingotronic.ch.,it=10,s=1234)=s4k4ekrnhmvobs9ff9m8v911bvl7nduf
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus
new file mode 100644
index 000000000..bc96bb340
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus
@@ -0,0 +1,293 @@
+#Date: 2015-01-06T22:35:29+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4070
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	a.b.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H A RRSIG
+4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. CqoGO4BUVNtHXxUXDPRCTvVPGnqBDwrO8Uyw1NKGELf71x5TKQKFZCBmlT8G/aRgK5fu7xor/zldHS+6yR7nfHEwdW2Y+GzpUawe8ul8nL+Z8DNDFTuCxJtnoP82X0u/EsaT63RVPZAP94jFlvOpzr9NN/De33EcNdl7B/EB/J0=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 537 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56602
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87344	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87344	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87344	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87344	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12984
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			944	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38377
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			945	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			945	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			945	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			945	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43754
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3553	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3553	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3553	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10069
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38115
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25812
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56275
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87344	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87344	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87344	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87344	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43002
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			944	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4041
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			944	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			944	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1277
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3552	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3552	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3552	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3516
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25335
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44320
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3WithoutClosestEncloser b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3WithoutClosestEncloser
new file mode 100644
index 000000000..d267da478
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3WithoutClosestEncloser
@@ -0,0 +1,297 @@
+#Date: 2015-01-06T22:35:28+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10035
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1060 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48118
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30744
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			946	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54353
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			946	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			946	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39530
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3554	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3554	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3554	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14008
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26735
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46506
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51992
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87345	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87345	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87345	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87345	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56174
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			945	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			945	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29049
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			946	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11093
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3554	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3554	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3554	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 907
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 977
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37865
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa256 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa256
new file mode 100644
index 000000000..c7dfe7398
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa256
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:35:30+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12560
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	www.wc.nsec3-ecdsa256.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.wc.nsec3-ecdsa256.ingotronic.ch.	300	IN	A	127.0.0.2
+www.wc.nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	A 13 4 300 20150125011638 20141226004859 11718 nsec3-ecdsa256.ingotronic.ch. hGzbQF4VEX6ElyuHpiWGZjbn3w4Kgs8JSd4gF1WhP1a6R+dXuV8MQiM6QGANd2w1ZsyTNcG48Oh6uDXbaydGNQ==
+
+;; AUTHORITY RECORDS:
+nsec3-ecdsa256.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	NS 13 3 300 20150125011658 20141226003607 11718 nsec3-ecdsa256.ingotronic.ch. +4TGfjT5xeiYyaO4djJ7l8UieBWAS6xItC8o4gbz7aquazQs1soT+rAw1g+3c4K7XBc9BSfXwS4z0rqKpJ2IhA==
+10VLR9985NIK55R4PDCL4C86BA92RJKP.nsec3-ecdsa256.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 31LKSGKTRGKLURR153AK64J90ET1Q7VS
+10VLR9985NIK55R4PDCL4C86BA92RJKP.nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	NSEC3 13 4 300 20150125004222 20141226002655 11718 nsec3-ecdsa256.ingotronic.ch. o0DVYmgeaLhxcKdd5OwIV+aqYjiLwiqVh2AHUy8/GrvdegZSMuI8i7rzuxzmMvchyWYc+aqiIsdF5HfkbBeX+g==
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 732 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54921
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87343	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87343	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87343	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87343	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18027
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			943	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			943	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53874
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			944	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			944	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54600
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3552	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3552	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3552	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20701
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16374
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3-ecdsa256.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3-ecdsa256.ingotronic.ch.	300	IN	DS	24801 13 2 88CCE5FCE4A356E10AD5ECA8EEED7EC8814277CE4791A94FE1A49B50BBB948FF
+nsec3-ecdsa256.ingotronic.ch.	300	IN	DS	24801 13 1 7E9B512FE0840FB596EA82894BA7FF4A7B052732
+nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. f57P+OkQdUyTus3thb8doi0qQ3whVRetDl6Sj2joISJ+Hmc+uG5Vzw8GAbLow3yumIHMGg6D59h/IKbJi5BA6F/ivr+LxWUm3XbJhLhNZpN3Pn8w0FuciH5Afu8gp0ohzA2Jc1n6vNF1DF5KUMqyUUm/lJLlDHAH7qCSvcHt7mo=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 314 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27735
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3-ecdsa256.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3-ecdsa256.ingotronic.ch.	300	IN	DNSKEY	256 3 13 TMiIf94UMj0oa7VwU25gnE4rxFs2nO/eSHFrR/juBKbk+bCgLHM4rKH4VvssNHmn5vvsvjuZtMtePwuS2YIm6w==
+nsec3-ecdsa256.ingotronic.ch.	300	IN	DNSKEY	257 3 13 Ten7/v9T+PaV9C9wWvFfxE/Yl9KVCMSWd+2a/hqDyNtywhcxr0yVBB9/QmM9Fl1vgaac6bZgGNEZWXptv1FXaQ==
+nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	DNSKEY 13 3 300 20150125011658 20141226003607 11718 nsec3-ecdsa256.ingotronic.ch. Q4P4J3hiheLNMFxvOP9wKMwmtPT+0khpAmNZKh6sF68/O/S7TTAnpI8Ku13fNvJYFwL9buEl5aPe3tRAZHmZBw==
+nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	DNSKEY 13 3 300 20150125011658 20141226003607 24801 nsec3-ecdsa256.ingotronic.ch. hXrbEWZUZlmf+sjRg0jx/sbolBLZ3Trd+F4Pf2iy9DTkCPSrHzWKKOoie/ovF1QLLETxmbqrXHSZBuJamlpoIg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 465 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa384 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa384
new file mode 100644
index 000000000..76618b0c6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa384
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:35:31+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21233
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	www.wc.nsec3-ecdsa384.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.wc.nsec3-ecdsa384.ingotronic.ch.	300	IN	A	127.0.0.2
+www.wc.nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	A 14 4 300 20150125000743 20141225234740 39491 nsec3-ecdsa384.ingotronic.ch. Yd8elljgUjLfYSy0rY7gBfttrig42BNNzSm1WhS5bmHzmJylFnRVM25b91yqAW2ccinrOcaNdIDE5bX9WXUPumLHJc5X/Kn1GIHCcQScoC0tr8BTD4526o79lVuVnTc4
+
+;; AUTHORITY RECORDS:
+nsec3-ecdsa384.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	NS 14 3 300 20150125005853 20141226004214 39491 nsec3-ecdsa384.ingotronic.ch. KIiuzqJsmy8xRJqdd7IvpBjQiUqiEPz5XxySWS8slHB3hmhW9fsdzjfHA15Z22lUoRIXYXGATOjZxfBntPPvtQ47TNq8qaxt8xxAkXNM9Xr/3kdMYctelGRW4Bu5Lzeo
+BJF4RC63JPAP9OEN6NMVFBLTG3RT824D.nsec3-ecdsa384.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 EHFCGCNSUDQECLCVFJAKPSAPU6IJGP5D CNAME RRSIG
+BJF4RC63JPAP9OEN6NMVFBLTG3RT824D.nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	NSEC3 14 4 300 20150125010505 20141226003022 39491 nsec3-ecdsa384.ingotronic.ch. nFYeW0c9S2OoiCWVishsl58AtLOYUSwDkNPpPaDYQm1i+Q0UdGOXnk+Yw9MiXj7wcvl1jaAkbMLAn6WaRocOdAQl2S7l2QN/6ZdX02y6yJPfRDIShYW2b+WSrbEG/fsr
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 836 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38908
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87342	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87342	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87342	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87342	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9434
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			942	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			942	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53000
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			943	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			943	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			943	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			943	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13857
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3551	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3551	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3551	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18602
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27656
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3-ecdsa384.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3-ecdsa384.ingotronic.ch.	300	IN	DS	899 14 2 A5F35102F5DF2856F2003049D030740D4BAD1EEC72ACCC3402C279F873A34B5A
+nsec3-ecdsa384.ingotronic.ch.	300	IN	DS	899 14 1 29AA736895A3A3F8B3C5C0309C017EFF90FEB343
+nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hJVcDnmPA0OetM2f8sbWmQXhvu0GfKQhR57a3OIMZwJRDScZ/hl15v2jMzPvekB+4hHn8Zf9akDzkrUcLFbCL+5VzXuXtjRElLHVvRN//8+xb5FF3gfKXy9SvrGnYsm8ZDjih1zS9mCI1n+krAdw2nDcOwWD6HCPW96yEtFocas=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 314 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28870
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3-ecdsa384.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3-ecdsa384.ingotronic.ch.	300	IN	DNSKEY	256 3 14 68j+WI9Rs6vK68I0R3UqfzqUhloOrZFI6fn6AHRpPdinUmZ63ATp6K4jED8Bea7d6/96/vKCl6aUo8as7sNxtVcE7x93Htsz7JEV7a3tUtkam3C9YuC3m8+VdF35agSL
+nsec3-ecdsa384.ingotronic.ch.	300	IN	DNSKEY	257 3 14 hQcr8vExudFuOusjGrfTC5V4JecOJQ2/ahtNRqTpIVafQG+iZ9aiOeaHRmw6oIB7E/LJKtXr99PQwA4fqrxXlEbc+OhG8iSNgYD9LoG2psmpeoqyVsOY2bYmBw7XD2/c
+nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	DNSKEY 14 3 300 20150125002339 20141225233316 899 nsec3-ecdsa384.ingotronic.ch. PO4InPbCNmcJ77b4heo/zQhqPx4/92RhBRDquDDp8TKYb57F86lZLnJX+YSnLx4ZTs/eCaWBwNBTiqN+XUKINBETCC2SD8ygYGmofmUANU9bZoOmB0DQ5xH+cpSuMUAR
+nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	DNSKEY 14 3 300 20150125002339 20141225233316 39491 nsec3-ecdsa384.ingotronic.ch. DVa/mHiv5pYDvzC6jHY0d6i8gfKAZGzFttXizD2y9supRNiII5Ji9COjQ43aG7mcO2DI9VgUoRcd+XKdC5Nn/0t2y80G7Y3YsNpgZ4sKbxaHahxEZAxIqAUST1Rb3+Gy
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 593 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testTooLargeIterationCountMustThrow b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testTooLargeIterationCountMustThrow
new file mode 100644
index 000000000..c3ac89419
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testTooLargeIterationCountMustThrow
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:28+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException
new file mode 100644
index 000000000..c5db4bfe6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:35:27+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7616
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	www.wc.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.wc.nsec3.ingotronic.ch.	300	IN	A	127.0.0.2
+www.wc.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. dIDse8tpnBhl5X20CZ5c8rO8cuj9dKMeA/qiyQYEqEFp1QnnVawapqDh1pCrJhBxcKnT7THqKSP6XpDIQA70jcHSecAVRqBZBA2coWZTSOi3dnsARJfIueh8kpsmtYsn6ejuG+7sroQKH9Niu4xoi433ez7Anr9itet9kAP9dmA=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 4FQSC7ORQNKH924CH6L2DOAISKM28080 CNAME RRSIG
+2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. BXhW2wGFkkGdsdGKqFMr9QqwGrtCA56D8CH/CKjOn51Udirm6asczVWIVStM0no1VIZNAa3oF6F/RzcDVKtkJTw4KHrSX5LHiWW19pyB1fql2krTQ3Zfr0mZsUb/JMf2/yPqXQu9QYN8XrlicZ60LwFWFRNO2gscMqgHnNtdidk=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 896 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56906
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62181
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			946	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64065
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			947	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			947	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			947	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			947	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41647
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3555	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3555	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3555	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38680
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21506
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34837
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExising
new file mode 100644
index 000000000..26639e8b8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExising
@@ -0,0 +1,159 @@
+#Date: 2015-01-06T22:35:11+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16004
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.partial.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.partial.ingotronic.ch.	300	IN	A	127.0.0.1
+www.partial.ingotronic.ch.	300	IN	RRSIG	A 5 4 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. OYNYXjNIKxup6LLAt9ljYbOHYRlXIUSaYg14UkTpjyQmqRTnlbIz+4S+n8l57liP8YbTY2mnl2x91JpHb4Zr/Ctzw35tVACfosuteELaGEgdcf6xplDVIKQtAQwm1vuZBCYNgGT2Zg3qPypqWndIpZu3bWZZlBaXgyCzyURBdWk=
+
+;; AUTHORITY RECORDS:
+partial.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+partial.ingotronic.ch.	300	IN	RRSIG	NS 5 3 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. d+G3QpjVut5sxsMrjk+Cvgu06jVN7SCMZnGD3EmcoBKXTK9CUyF0Gmt4oYl1OxEKEUslunt7JOZGqSo078xNr3KzfSis53mrMqbUmc4QEhi+Y6zGjEXAKWLoIn76GO26ee+E/sE1wiy9150hV3Wcbd5Ctrk5sxQzwYJMo4K+ErM=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 639 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40355
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87362	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87362	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87362	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87362	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4739
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			962	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			962	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65018
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			963	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60585
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3571	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3571	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3571	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43956
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28869
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DS	13138 5 1 8FF29061811A3FADE7757B05CE3AD82B6086D1DD
+partial.ingotronic.ch.	300	IN	DS	13138 5 2 394763F1A8678BB4F411ECD5D9C49FA071C253C9D834F6160667B853A6B7C4B9
+partial.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. GMEz0/NesDaxYzP4XHC5owCth8S713p6ltAYBi2azla5dWomDM80ptsptRLL85LP/pRUL/VHrSGLMOKjH2pFDzZzFfFoBSMK2LFol/E+hBg7gMEovDkaORsqfoVslloq6v+D/o3i2Qxs2GNRSiXjx7ghCYP8kN0qLCWDAcejHgw=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 307 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27071
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAZpJkpX2HWKaFlYyWe6ZFKl0EJ1SKDcOJpa2KpxY7LXNHgh2M48YGvns4rVWfwcdxlYBC8I0g9sp6+I3leShroDO+khZg7j3sCsljmxPynWQ2MT6vDexl1a85MDj7U27s16EhGbjfDyHZkLR/0VT17Vaw+cQu5gPtSN767suaRR3
+partial.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAdFaXI5Oh7YBgtdA3Lt1q3wvDAwTs/dqhZEWrRyFtudddJAof4IJa4lmheaUzxaDDtrRB9D5UGuhA9SQTxJTJWogsN5KJH0dBr/8MiL/H6CZHGXGzs1nCDiiyzq/AL/dyYJrRD+AOHqzXmuW7wjjvaWgGRDTYJ2pvCujpv/UPJ6Z1yo1Xz/zLhRgsv7SDjDapfh93ZuzH8tFei8Z06jm+j2Wt/Izj9P0chRwUOP2pjgD9fNVv9yNh2ktEGwnKR/N/tqmI6xyNed2x5Xupw/flckUTisx4O/JcfcjutczA8p5Bwl1+atwfZX3Fc6fkPJNeY7DS/6/bK+YNDngXAD0oP8=
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 10287 partial.ingotronic.ch. ErXJpzUqhyN/3lF6d+cQ9d4wXQ7iD10483V4dbuoli5mZjZWdODzxrOIdrD+s5JUGw0ZDlpuVobDGzah9aPKZzrsZkdn2+D1AmOd0g0yybrkq+aDVf5u9HfLzcjwta9ZZILaZh1fy8lMue+saVrQ6ApVqwX95IDtqmhZ99mUEa0=
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 13138 partial.ingotronic.ch. qgUereTamIG/Wy59QOglwGVSPwGtaR8zbdFpgGtyvLo1AgxqWp0ndkhaMfUp/PtRHe/4YlpCD3UYqC0xd06znt6gKUDygZEz6uxF9r1jXaj8kVXPkubMm0BB/BY1rxMV0LvtN3CcAlA1Ma6aaszSG8QczWSIOOpgKyRmg+OqV9eT157+YBlkB4tdBYitxApZfMbvUdMBtoS5bGHiUkjfIvim1OWq4rDq48rflI9A6u+39ahp1th5UvTyA5N5xoyWinheK6QJsXL6mSfchukg7JylebvuVTkvuM7/mgFLIFrow2vYWFL4NTjbu0EhJVedTEp9ENBMpGtxeFwyQ/P0oQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 964 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExisingNoType b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExisingNoType
new file mode 100644
index 000000000..607f12513
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExisingNoType
@@ -0,0 +1,157 @@
+#Date: 2015-01-06T22:35:11+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5930
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.partial.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+partial.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032732 300 60 864000 300
+partial.ingotronic.ch.	300	IN	RRSIG	SOA 5 3 300 20150131234913 20150101224913 10287 partial.ingotronic.ch. j9iaBtgpVcN1UdJRxfBoPmITC25ul+di6s0SZrDz/+tKZtJa2Pt5OEMuZwyPyoTXLxOw95/fsRBBEe7ltdU832BQbc7bc26y6lJRB8xYwtyr4ponxairB2qafUtJge50Euik5B5hvPEtJ0Uaqah9Tgd6jIk3FOZjr+eOS+3/Uus=
+www.partial.ingotronic.ch.	300	IN	NSEC	partial.ingotronic.ch. A AAAA RRSIG NSEC
+www.partial.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. eNizfw2eY5+3HBTqj3MHCS4N9oHo+wILp/SjEY2YVOvgWb9TafylcSQzcKV493wr/OLQYChAZylaXUwZEfKVXI5CM9kpksSOj4QqwP2IOiVBaYYCbycLhWOwZEADpDO9L1bQbpM1IW0EGrtOhwnAc1t9FX+3ihgq5R02OHMXXnk=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 505 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45090
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87362	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87362	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87362	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87362	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9660
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			962	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			962	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59668
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			963	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			963	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1543
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3571	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3571	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3571	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17828
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22934
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DS	13138 5 1 8FF29061811A3FADE7757B05CE3AD82B6086D1DD
+partial.ingotronic.ch.	300	IN	DS	13138 5 2 394763F1A8678BB4F411ECD5D9C49FA071C253C9D834F6160667B853A6B7C4B9
+partial.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. GMEz0/NesDaxYzP4XHC5owCth8S713p6ltAYBi2azla5dWomDM80ptsptRLL85LP/pRUL/VHrSGLMOKjH2pFDzZzFfFoBSMK2LFol/E+hBg7gMEovDkaORsqfoVslloq6v+D/o3i2Qxs2GNRSiXjx7ghCYP8kN0qLCWDAcejHgw=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 307 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16901
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAZpJkpX2HWKaFlYyWe6ZFKl0EJ1SKDcOJpa2KpxY7LXNHgh2M48YGvns4rVWfwcdxlYBC8I0g9sp6+I3leShroDO+khZg7j3sCsljmxPynWQ2MT6vDexl1a85MDj7U27s16EhGbjfDyHZkLR/0VT17Vaw+cQu5gPtSN767suaRR3
+partial.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAdFaXI5Oh7YBgtdA3Lt1q3wvDAwTs/dqhZEWrRyFtudddJAof4IJa4lmheaUzxaDDtrRB9D5UGuhA9SQTxJTJWogsN5KJH0dBr/8MiL/H6CZHGXGzs1nCDiiyzq/AL/dyYJrRD+AOHqzXmuW7wjjvaWgGRDTYJ2pvCujpv/UPJ6Z1yo1Xz/zLhRgsv7SDjDapfh93ZuzH8tFei8Z06jm+j2Wt/Izj9P0chRwUOP2pjgD9fNVv9yNh2ktEGwnKR/N/tqmI6xyNed2x5Xupw/flckUTisx4O/JcfcjutczA8p5Bwl1+atwfZX3Fc6fkPJNeY7DS/6/bK+YNDngXAD0oP8=
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 10287 partial.ingotronic.ch. ErXJpzUqhyN/3lF6d+cQ9d4wXQ7iD10483V4dbuoli5mZjZWdODzxrOIdrD+s5JUGw0ZDlpuVobDGzah9aPKZzrsZkdn2+D1AmOd0g0yybrkq+aDVf5u9HfLzcjwta9ZZILaZh1fy8lMue+saVrQ6ApVqwX95IDtqmhZ99mUEa0=
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 13138 partial.ingotronic.ch. qgUereTamIG/Wy59QOglwGVSPwGtaR8zbdFpgGtyvLo1AgxqWp0ndkhaMfUp/PtRHe/4YlpCD3UYqC0xd06znt6gKUDygZEz6uxF9r1jXaj8kVXPkubMm0BB/BY1rxMV0LvtN3CcAlA1Ma6aaszSG8QczWSIOOpgKyRmg+OqV9eT157+YBlkB4tdBYitxApZfMbvUdMBtoS5bGHiUkjfIvim1OWq4rDq48rflI9A6u+39ahp1th5UvTyA5N5xoyWinheK6QJsXL6mSfchukg7JylebvuVTkvuM7/mgFLIFrow2vYWFL4NTjbu0EhJVedTEp9ENBMpGtxeFwyQ/P0oQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 964 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidNonExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidNonExising
new file mode 100644
index 000000000..7e45eb44a
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidNonExising
@@ -0,0 +1,159 @@
+#Date: 2015-01-06T22:35:12+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33483
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	www.gibtsnicht.partial.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+partial.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032732 300 60 864000 300
+partial.ingotronic.ch.	300	IN	RRSIG	SOA 5 3 300 20150131234913 20150101224913 10287 partial.ingotronic.ch. j9iaBtgpVcN1UdJRxfBoPmITC25ul+di6s0SZrDz/+tKZtJa2Pt5OEMuZwyPyoTXLxOw95/fsRBBEe7ltdU832BQbc7bc26y6lJRB8xYwtyr4ponxairB2qafUtJge50Euik5B5hvPEtJ0Uaqah9Tgd6jIk3FOZjr+eOS+3/Uus=
+partial.ingotronic.ch.	300	IN	NSEC	a.b.partial.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+partial.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150114201832 20141215193100 10287 partial.ingotronic.ch. lPXkSiRb1MAI4Vvl7B21CPy5VLsoBwsNA5n6daRwUxXgMcQTgoeQF+/pU7ljIRr/8Ha3jIDBPIDMnH3t/UL2+9fTe0kch9EjeWTy4eTGJAwNZri6IwEnpAecFtWllSJKcFq6oYv7BK6hFfnDeRr95LOtFSqhdTXydPC+MtmN3YM=
+a.d.partial.ingotronic.ch.	300	IN	NSEC	www.partial.ingotronic.ch. A RRSIG NSEC
+a.d.partial.ingotronic.ch.	300	IN	RRSIG	NSEC 5 5 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. JLvNDN5napvCnhCvMYMA4bB/q/odOgHEUR1YDMvYGJDhjToN+ciwjuiiXYcSqHmF7fRQxi6c04eoq0sCgC+cM1Gpnw/JJPzOO6WoT3+gf3XGmdIg7n0Kp9W0/GIwkWp1h6/f3JDig/XY/1bJL9307VyWsc/Bq25O1u8h0gosTUw=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 753 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38613
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87362	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87362	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87362	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87362	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30892
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			962	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			962	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50832
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			963	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			963	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57379
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3571	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3571	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3571	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44173
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46232
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DS	13138 5 2 394763F1A8678BB4F411ECD5D9C49FA071C253C9D834F6160667B853A6B7C4B9
+partial.ingotronic.ch.	300	IN	DS	13138 5 1 8FF29061811A3FADE7757B05CE3AD82B6086D1DD
+partial.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. GMEz0/NesDaxYzP4XHC5owCth8S713p6ltAYBi2azla5dWomDM80ptsptRLL85LP/pRUL/VHrSGLMOKjH2pFDzZzFfFoBSMK2LFol/E+hBg7gMEovDkaORsqfoVslloq6v+D/o3i2Qxs2GNRSiXjx7ghCYP8kN0qLCWDAcejHgw=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 307 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16111
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAdFaXI5Oh7YBgtdA3Lt1q3wvDAwTs/dqhZEWrRyFtudddJAof4IJa4lmheaUzxaDDtrRB9D5UGuhA9SQTxJTJWogsN5KJH0dBr/8MiL/H6CZHGXGzs1nCDiiyzq/AL/dyYJrRD+AOHqzXmuW7wjjvaWgGRDTYJ2pvCujpv/UPJ6Z1yo1Xz/zLhRgsv7SDjDapfh93ZuzH8tFei8Z06jm+j2Wt/Izj9P0chRwUOP2pjgD9fNVv9yNh2ktEGwnKR/N/tqmI6xyNed2x5Xupw/flckUTisx4O/JcfcjutczA8p5Bwl1+atwfZX3Fc6fkPJNeY7DS/6/bK+YNDngXAD0oP8=
+partial.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAZpJkpX2HWKaFlYyWe6ZFKl0EJ1SKDcOJpa2KpxY7LXNHgh2M48YGvns4rVWfwcdxlYBC8I0g9sp6+I3leShroDO+khZg7j3sCsljmxPynWQ2MT6vDexl1a85MDj7U27s16EhGbjfDyHZkLR/0VT17Vaw+cQu5gPtSN767suaRR3
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 10287 partial.ingotronic.ch. ErXJpzUqhyN/3lF6d+cQ9d4wXQ7iD10483V4dbuoli5mZjZWdODzxrOIdrD+s5JUGw0ZDlpuVobDGzah9aPKZzrsZkdn2+D1AmOd0g0yybrkq+aDVf5u9HfLzcjwta9ZZILaZh1fy8lMue+saVrQ6ApVqwX95IDtqmhZ99mUEa0=
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 13138 partial.ingotronic.ch. qgUereTamIG/Wy59QOglwGVSPwGtaR8zbdFpgGtyvLo1AgxqWp0ndkhaMfUp/PtRHe/4YlpCD3UYqC0xd06znt6gKUDygZEz6uxF9r1jXaj8kVXPkubMm0BB/BY1rxMV0LvtN3CcAlA1Ma6aaszSG8QczWSIOOpgKyRmg+OqV9eT157+YBlkB4tdBYitxApZfMbvUdMBtoS5bGHiUkjfIvim1OWq4rDq48rflI9A6u+39ahp1th5UvTyA5N5xoyWinheK6QJsXL6mSfchukg7JylebvuVTkvuM7/mgFLIFrow2vYWFL4NTjbu0EhJVedTEp9ENBMpGtxeFwyQ/P0oQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 964 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testCDonQueryDoesntDoAnything b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testCDonQueryDoesntDoAnything
new file mode 100644
index 000000000..4da76fbc1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testCDonQueryDoesntDoAnything
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:35:26+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53070
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44772
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87347	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87347	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87347	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87347	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59154
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			947	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			947	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51168
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			948	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			948	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48789
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3556	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3556	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3556	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43654
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidAnswerToDifferentQueryTypeIsBogus b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidAnswerToDifferentQueryTypeIsBogus
new file mode 100644
index 000000000..dce835bad
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidAnswerToDifferentQueryTypeIsBogus
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:35:26+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17080
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11713
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87347	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87347	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87347	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87347	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41417
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			947	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			947	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37187
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			948	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			948	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11702
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3556	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3556	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3556	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51726
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidExising
new file mode 100644
index 000000000..bcd49eb7b
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidExising
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:35:26+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 416
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8443
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87348	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87348	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87348	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87348	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57680
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			948	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6455
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			948	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			948	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45403
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3556	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3556	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3556	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5657
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidNonExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidNonExising
new file mode 100644
index 000000000..f6c12ddcd
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidNonExising
@@ -0,0 +1,128 @@
+#Date: 2015-01-06T22:35:26+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17546
+;; flags: qr aa rd ra cd ; qd: 1 an: 12 au: 0 ad: 3 
+;; QUESTIONS:
+;;	ingotronic.ch., type = ANY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	A	127.0.0.1
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	RRSIG	A 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. GTY5ES29arEKcafghM9Ui3mdS+cS3vTtQ6ROJhCg5Lv+oaYMiMPhljJ1K5hF8r4Hpukc7ZyTf6bAez3/r2VlhMU5Q7qrx148sk63vgm8qaA3/78UKs3Fib1Z8D2fCmPHz3hmpKe/jtwX/nnyf5qhP7lpPy30QnjsjAD1xbQd1f8=
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1939 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35981
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87347	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87347	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87347	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87347	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2430
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			947	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			947	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21918
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			948	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			948	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43744
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3556	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3556	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3556	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18065
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithEmptyAnswerIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithEmptyAnswerIsBad
new file mode 100644
index 000000000..42b6e2fa6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithEmptyAnswerIsBad
@@ -0,0 +1,23 @@
+#Date: 2015-01-06T22:34:53+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57078
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithInvalidSignatureIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithInvalidSignatureIsBad
new file mode 100644
index 000000000..e9916759d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithInvalidSignatureIsBad
@@ -0,0 +1,63 @@
+#Date: 2015-01-06T22:34:51+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58452
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30876
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60920
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad
new file mode 100644
index 000000000..d9b90e6ce
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:52+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23439
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59888
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87381	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87381	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87381	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87381	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedFootprintIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedFootprintIsBad
new file mode 100644
index 000000000..9b1bb7e73
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedFootprintIsBad
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:51+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42047
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46248
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithWeirdHashIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithWeirdHashIsBad
new file mode 100644
index 000000000..0550f9c8e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithWeirdHashIsBad
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:50+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53507
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31035
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87383	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87383	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87383	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87383	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecIsFromChildApex b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecIsFromChildApex
new file mode 100644
index 000000000..a98526d0f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecIsFromChildApex
@@ -0,0 +1,276 @@
+#Date: 2015-01-06T22:34:51+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7434
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	1.sub.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+sub.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032794 300 60 864000 300
+sub.ingotronic.ch.	300	IN	RRSIG	SOA 5 3 300 20150201081246 20150102071246 3600 sub.ingotronic.ch. iyj09Qcj7m6Eec8MbAZiQW0sPEzTCtrulsANwrkOvg6wMTcKZt+EDaGRxdp0+6PcAURD60WP5PdKojY2qqN0th49nxA02e7d8xqlYDlD4B3svbviaf16p5AT012mFQ7JUSNQMgkj/4HznmfQtvpKjX+GHvlCBKKXbBKPFXKu77w=
+sub.ingotronic.ch.	300	IN	NSEC	alias.sub.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+sub.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150201075325 20150102071246 3600 sub.ingotronic.ch. Mm93ERE64aeLL7go+Dc0oamkdUWUAFe0zWDP1yYv1Zo+bVlk8WPxGdaT7soi/42qJZ27KMuYJBDgyy2GaapMbTgtLUcIwIp8fCtweVwoOSMs4jHCCmGNX6imjQR/xzx9Df0xYBYJNm3glN8qawn06tgpiG9zOqIQUcURr2E5lbo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 494 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39413
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 409
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			982	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			982	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55860
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			983	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			983	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32310
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3591	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3591	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3591	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23793
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49730
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	DS	42976 5 1 E638863370B9DE424C31CA03B99CCED96027B88C
+sub.ingotronic.ch.	300	IN	DS	42976 5 2 C54339C4B4EAACF8643D8FAE6C57836F8207F8D82088F1C51AF100123D2A42EF
+sub.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. m1gkZjYlA6aeCibofiRybFhOLgRvP+UG5nzWjH4yfzjPnfODRqo8TkEbRc1wUS1etARSq9TrsCjlWSKdn3JBdQfi0uGa27lLproj6oHi1+enh+OKIjFRxScP1bPPcbCALRFOeIp9JA1TEAGsyn+pWSwRF/wpEfrTTbOj94tsxX0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 303 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52421
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAbVAfHflzOy0uICze0QDBfbrZrU1UN1LNc5D987u8qhP9Vz2pd4yb3rSLOuH9hG7ouAkI63qmtmq6TP71jRXyHr4F9/ZbD3hzhCkyXdo+KaPO70VXWtdIZUom5WuA92pzTB/WuiaWJ217SUeRXU9e4NwrpbDINd6sXcb+sBEFDRt0d/VbwAxa7vo8fl5qOmr/PzD7FoKFTnTWTfUduRsHMdlyYY+j8JfikDdTdeRuYuHzUCO3q3BcUEHrBnKE87JtEM0TQnDSe9OaLFxYARq+LMdHY2P/OZP8nWStSnB8d3E7Sc/FEOQZ9xKkmh1japxgoStjcnBKvz53DmwIXcvcRc=
+sub.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAcsnnxVGj8qUAxBox/LKOrpdJG0S8Zfn/mMl+f52Odke62Et5blo+jrbXiOWa6+AlASOMYprqpaZ32b16UvtsuqruErqwy+M427TVTmG6LXEDe7rCNrJF0tIesQpwkA8WjlTRE2bcVHTwARL//smGhTlE9WTPAQGDdXyTUWYr1rX
+sub.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131230442 20150101222529 3600 sub.ingotronic.ch. mPYA7Wo+MdzLLleV32ZvynRVzdnL97XgGqzeUPiI7LSXfaSEOtpoE3GeosbLIjGmZ42wLTYOXWm4YS/Mb9ctQGuNPQRMgQbVPkv/aOO6tX+Vqq1XJkKgdb7dRdvvs4jzjIOH/a++OpUy0EBKKioAkwKCrcTNqLkRQ0IkTyoaaCA=
+sub.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131230442 20150101222529 42976 sub.ingotronic.ch. Z2/JMubvx8hgfIzmvmXVSfe/qCbZZ3XlJsj3ZrAa8+izrRODKYrGVOtJ+ONPOwid6NQN40yizJoxNFfvkDDqUiZJO6vpb9FmStj034RD1hfC/7qsLoCdOLkLoQwrQDoYTIwLywpsduCW83JzbGBzzCkC9+aoFPVXIkcGUqoQCdYB5OXzF9/2uWq8tD7AQ6t5MzPeMJC+VcNOjqBPRkunl27yUreNt1Nb65C38S72DAJNzAZIZqj1A8jZ6tk0fdixmZ+KWelP8S9SW2TpeGxwJ4kbHJJ+vSo7dkqRtnIYv4GPW6Xp3GH1oErTMGeqp9mquQ6n6jWP6ejlwc6puMxjNQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 952 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31198
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	A	127.0.0.1
+sub.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. n5sXfpaxmFD6fFEvMEW+DwUJSP3yshFzkbc6idvWENf2b7F90jp093w4y0YkYsG5fWroQvHCJAMnXbawOEfFWquLhVJc8HHvZDXUeQb55rFYg8qYd1fOoP7/Z5hbwBNLSCGn3JPjCRXVfnEa58lKARgr+KZ1gqI/2Dm+jOoZ2Uc=
+
+;; AUTHORITY RECORDS:
+sub.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+sub.ingotronic.ch.	300	IN	RRSIG	NS 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. sXlfjCvwDECHOum9PfpnP+/d7A1MntO1H4jYBpsFvQru3YoR02TghQhoReszEeds39AUWJFT8u9Bk+OrKUS+Ubi6i+wbaiKFpoRHdzWDN3YFu3flRx+2chdVl9KkGywcYBi2j51iDWjKbWoCE3E1t7OoA/DBqSACyeLLsolagpY=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 623 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12532
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27836
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			982	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			982	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39901
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			983	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			983	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45415
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3590	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3590	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3590	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9413
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecOnEntIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecOnEntIsBad
new file mode 100644
index 000000000..81fd3c985
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecOnEntIsBad
@@ -0,0 +1,235 @@
+#Date: 2015-01-06T22:34:52+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3444
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	e.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+a.d.ingotronic.ch.	300	IN	NSEC	a.e.ingotronic.ch. A RRSIG NSEC
+a.d.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125011134 20141226002644 17430 ingotronic.ch. Xlth6wbhlD20uaeZZWKeREQgQBsYN6ztO8zPCWCeklur7YQ3X3aZJGhiNqPPhrdP2g9VEadeFQjCI5eGslXFoJtRPqAVswbk2K0wD8NSeoKRAXhW3N91AQodcalgOhiX5yuqST6gLxJl3WXgwUDvco+JvrfSFWV8FLwZ3RQ/26U=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 479 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45334
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87381	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87381	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87381	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87381	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28115
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			981	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			981	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8220
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			982	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			982	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			982	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			982	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12780
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3590	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3590	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3590	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57848
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46058
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	a.e.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+a.e.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+a.e.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 269 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42039
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87381	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87381	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87381	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87381	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44314
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			981	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			981	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56200
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			982	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			982	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			982	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			982	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56568
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3590	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3590	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3590	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57563
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenOnInsecureDelegationWithWrongNsec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenOnInsecureDelegationWithWrongNsec
new file mode 100644
index 000000000..249ab3e5a
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenOnInsecureDelegationWithWrongNsec
@@ -0,0 +1,237 @@
+#Date: 2015-01-06T22:34:51+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54648
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	alias.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	NSEC	a.b.ingotronic.ch. DNAME RRSIG NSEC
+alias.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 640 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1473
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87383	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87383	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87383	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87383	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12527
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			983	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			983	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45087
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			984	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			984	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			984	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			984	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10272
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3592	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3592	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3592	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19066
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40136
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	www.unsigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.unsigned.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+unsigned.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 278 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8431
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19263
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			982	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			982	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2609
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			983	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			983	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29809
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3591	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3591	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3591	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43821
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithEmptyAnswerIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithEmptyAnswerIsBad
new file mode 100644
index 000000000..774c3059e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithEmptyAnswerIsBad
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:50+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45525
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54828
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87383	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87383	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87383	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87383	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithNxDomainForTld b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithNxDomainForTld
new file mode 100644
index 000000000..1a4c6802f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithNxDomainForTld
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:53+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28876
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21203
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87381	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87381	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87381	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87381	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testRootDnskeyPrimeResponseWithNxDomainIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testRootDnskeyPrimeResponseWithNxDomainIsBad
new file mode 100644
index 000000000..73a40852f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testRootDnskeyPrimeResponseWithNxDomainIsBad
@@ -0,0 +1,23 @@
+#Date: 2015-01-06T22:34:51+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24908
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithEmptyConfigDoesNotFail b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithEmptyConfigDoesNotFail
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithEmptyConfigDoesNotFail
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithNonExistingFileThrows b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithNonExistingFileThrows
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithNonExistingFileThrows
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInsecureWithEmptyTrustAnchor b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInsecureWithEmptyTrustAnchor
new file mode 100644
index 000000000..1c151a9c1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInsecureWithEmptyTrustAnchor
@@ -0,0 +1,23 @@
+#Date: 2015-01-06T22:35:27+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33750
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadEmptyTrustAnchors b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadEmptyTrustAnchors
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadEmptyTrustAnchors
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithDNSKEY b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithDNSKEY
new file mode 100644
index 000000000..bf5ce0ec1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithDNSKEY
@@ -0,0 +1,160 @@
+#Date: 2015-01-06T22:35:27+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40286
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46375
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46387
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32118
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2082
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			946	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29359
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			947	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			947	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			947	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			947	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60271
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3555	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3555	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3555	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32326
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDNSKEY b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDNSKEY
new file mode 100644
index 000000000..821f94804
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDNSKEY
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:35:27+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6910
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53829
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDS b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDS
new file mode 100644
index 000000000..2663e46c7
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDS
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:35:27+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 198
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7218
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchors b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchors
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchors
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsAlongWithGarbage b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsAlongWithGarbage
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsAlongWithGarbage
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsFromFile b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsFromFile
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsFromFile
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3NoOptOut b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3NoOptOut
new file mode 100644
index 000000000..26699db52
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3NoOptOut
@@ -0,0 +1,106 @@
+#Date: 2015-01-06T22:35:06+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9484
+;; flags: qr rd ra cd ; qd: 1 an: 1 au: 3 ad: 6 
+;; QUESTIONS:
+;;	20min.ch., type = A, class = IN
+
+;; ANSWERS:
+20min.ch.		300	IN	A	83.140.105.62
+
+;; AUTHORITY RECORDS:
+20min.ch.		3587	IN	NS	ns1.first-ns.de.
+20min.ch.		3587	IN	NS	robotns2.second-ns.de.
+20min.ch.		3587	IN	NS	robotns3.second-ns.com.
+
+;; ADDITIONAL RECORDS:
+ns1.first-ns.de.	588	IN	A	213.239.242.238
+ns1.first-ns.de.	287	IN	AAAA	2a01:4f8:0:a101:0:0:a:1
+robotns2.second-ns.de.	1004	IN	A	213.133.105.6
+robotns3.second-ns.com.	7187	IN	A	193.47.99.3
+robotns3.second-ns.com.	587	IN	AAAA	2a00:1158:4:0:0:0:add:a3
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 255 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30662
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87367	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87367	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87367	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87367	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23607
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			967	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			967	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 979
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			968	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			968	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			968	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			968	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57818
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	20min.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ch.			3588	IN	SOA	a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600
+ch.			3588	IN	RRSIG	SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3588	IN	RRSIG	NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3588	IN	NSEC3	1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3588	IN	RRSIG	NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM=
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3588	IN	NSEC3	1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 741 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3OptOut b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3OptOut
new file mode 100644
index 000000000..d0507d386
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3OptOut
@@ -0,0 +1,110 @@
+#Date: 2015-01-06T22:35:06+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15612
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 5 ad: 7 
+;; QUESTIONS:
+;;	yahoo.com., type = A, class = IN
+
+;; ANSWERS:
+yahoo.com.		1800	IN	A	98.138.253.109
+yahoo.com.		1800	IN	A	206.190.36.45
+yahoo.com.		1800	IN	A	98.139.183.24
+
+;; AUTHORITY RECORDS:
+yahoo.com.		87436	IN	NS	ns1.yahoo.com.
+yahoo.com.		87436	IN	NS	ns5.yahoo.com.
+yahoo.com.		87436	IN	NS	ns2.yahoo.com.
+yahoo.com.		87436	IN	NS	ns4.yahoo.com.
+yahoo.com.		87436	IN	NS	ns3.yahoo.com.
+
+;; ADDITIONAL RECORDS:
+ns1.yahoo.com.		87436	IN	A	68.180.131.16
+ns2.yahoo.com.		87436	IN	A	68.142.255.16
+ns3.yahoo.com.		87436	IN	A	203.84.221.53
+ns3.yahoo.com.		1800	IN	AAAA	2406:8600:b8:fe03:0:0:0:1003
+ns4.yahoo.com.		87436	IN	A	98.138.11.157
+ns5.yahoo.com.		87436	IN	A	119.160.247.124
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 284 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38276
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87368	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87368	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87368	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87368	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50370
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	com., type = DS, class = IN
+
+;; ANSWERS:
+com.			1036	IN	DS	30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
+com.			1036	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . EdNGsG+8slVhJncXMIfcIv5EWXpnDNbGHFHGO2qo64xZ7i8v3dMN0f2vvzNBMufCttyxWAC44s0fHzP24IuuLzTQRyPb4x7/xOXPNM/GsDSEWRrSxXD9wxswpa7XdD8gxqlrrLIlFkOJ59R88L/haMC7dzG0uo9lvE3r8fcynp4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 239 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40305
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	com., type = DNSKEY, class = IN
+
+;; ANSWERS:
+com.			1037	IN	DNSKEY	257 3 8 AQPDzldNmMvZFX4NcNJ0uEnKDg7tmv/F3MyQR0lpBmVcNcsIszxNFxsBfKNW9JYCYqpik8366LE7VbIcNRzfp2h9OO8HRl+H+E08zauK8k7evWEmu/6od+2boggPoiEfGNyvNPaSI7FOIroDsnw/taggzHRX1Z7SOiOiPWPNIwSUyWOZ79VmcQ1GLkC6NlYvG3HwYmynQv6oFwGv/KELSw7ZSdrbTQ0HXvZbqMUI7BaMskmvgm1G7oKZ1YiF7O9ioVNc0+7ASbqmZN7Z98EGU/Qh2K/BgUe8Hs0XVcdPKrtyYnoQHd2ynKPcMMlTEih2/2HDHjRPJ2aywIpKNnv4oPo/
+com.			1037	IN	DNSKEY	256 3 8 AQOzd48WKiAn+RyfIqkS/ZqQTguv/+dbIENccl9CWvJ8Sx7cLc29uZtDkHjmvqhgI6eKwt1sOhDQdyB6saNImQnG5z6ZoILNlW4h1ljy2LEi16WDf93iQnLekcW3Pr8b0YjmJZu6DXKUrcU1uBYtsULaHpa4ERUJFePn3dmX+2brVQ==
+com.			1037	IN	RRSIG	DNSKEY 8 1 86400 20150108192533 20150101192033 30909 com. qZxb8vx3uSMQJMcx9hLn6OyDBcq67tkDsvcE5Tk3y8UOiJghAJW/4zlyji1C8yQzACqcXtE8g21u3BGyGIhLIDG+v6kaOeqKrWGQfvqer8ihd0NpwuOguV4g68ZcE0qFgFYHNKcpqnxAgIYkcoRda+2tPxcCLTPzEPPyEY0pHX9zC2HL88EneK4xP3qn5YIRDbFfHdDXMU61uXh9p4ASRTpy1l+pKnSf2c/LoUBJyPdFjUw2lQPMHZSNo7qjTkJxv1Mn2WSp8rO+xknqQu12zqihIb40KIyZHPgQ5wCCCT70kf3RmKEqmH1F6T7AWT9oBAzuD192ACyRJSXm5KdW1Q==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 743 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12758
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	yahoo.com., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+com.			900	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1420580086 1800 900 604800 86400
+com.			900	IN	RRSIG	SOA 8 1 900 20150113213446 20150106202446 48758 com. qu8Cf1ULvc3Iziz9agwXZMNlbG29SEJLVSkeqoiH7KHk4BOu/VroRuYnSnO3XYfHmUfcb4iOulUFxywVWrKr+3WnDWI9K9W9ColDY1RQHuiZNV+V3wGmdf+LSXPiGgCT5INi3aCgCz7ASWee82D6uHg5DroaYqkd1mRHz4djry0=
+CK0POJMG874LJREF7EFN8430QVIT8BSM.com.	900	IN	RRSIG	NSEC3 8 2 86400 20150112055507 20150105044507 48758 com. jxmK9TYR0jbMXKL6irMe5NSnXv8TA54f3OnR6Z6FsGAYufuJ5GD38pHzAet0qkn+Bj4qH/mMsAH+McuXXpsLjQqOLI3Vi+ezSyiibgMDWMCx4485rFnoyWuv7P85jjDf0RI/Vi3KhJ2Eo7c7YGLwBeNlf7Rf+mOtsE+Pe/rwWO4=
+CK0POJMG874LJREF7EFN8430QVIT8BSM.com.	900	IN	NSEC3	1 1 0 - CK0QFMDQRCSRU0651QLVA1JQB21IF7UR NS SOA RRSIG DNSKEY NSEC3PARAM
+GPIKIEOSOPL79LLAGN0NKTKIIIG03PO1.com.	900	IN	RRSIG	NSEC3 8 2 86400 20150112051957 20150105040957 48758 com. nG70oihFwICnzK+GXlNIWLTNPpD05C6aWAWUC5rdBhGY/JkNWSdIk2+Gokv+BkNChaIixEO32hsmuLd5frh4E3UtJ1fhiIjX8Ty5FUAT5FM8URfy2nOxlgtp+/qhpM0Fl6YebYWBvjS87gT0m3ihpwyUX5Cc9TDfX/WRxEeYF94=
+GPIKIEOSOPL79LLAGN0NKTKIIIG03PO1.com.	900	IN	NSEC3	1 1 0 - GPIPCMMD0H5PRLQHL08EAICA0CBFSUMP NS DS RRSIG
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 759 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedZoneBind b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedZoneBind
new file mode 100644
index 000000000..4a2f726f4
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedZoneBind
@@ -0,0 +1,138 @@
+#Date: 2015-01-06T22:35:05+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56956
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	www.unsigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.unsigned.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+unsigned.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 278 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4514
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87368	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87368	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87368	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87368	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41695
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			968	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			968	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39298
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			969	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			969	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			969	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30277
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3577	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3577	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3577	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29421
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64953
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	unsigned.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+unsigned.ingotronic.ch.	300	IN	NSEC	v.ingotronic.ch. NS RRSIG NSEC
+unsigned.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 480 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowUnsignedZone b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowUnsignedZone
new file mode 100644
index 000000000..ed479f06d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowUnsignedZone
@@ -0,0 +1,138 @@
+#Date: 2015-01-06T22:35:06+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65513
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	www.sub.unsigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.sub.unsigned.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+sub.unsigned.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 282 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6175
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87367	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87367	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87367	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87367	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15153
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			967	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			967	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13386
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			968	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			968	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			968	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			968	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43748
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3576	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3576	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3576	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40343
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33055
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	unsigned.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+unsigned.ingotronic.ch.	300	IN	NSEC	v.ingotronic.ch. NS RRSIG NSEC
+unsigned.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 480 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords
new file mode 100644
index 000000000..fcd07f72d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:25+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords
new file mode 100644
index 000000000..f29ef16e1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:21+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testDsNoDataWhenNsecProvesDs b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testDsNoDataWhenNsecProvesDs
new file mode 100644
index 000000000..d2184c3d7
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testDsNoDataWhenNsecProvesDs
@@ -0,0 +1,239 @@
+#Date: 2015-01-06T22:35:21+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2340
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	sub1.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+sub.ingotronic.ch.	300	IN	NSEC	unknown-alg.ingotronic.ch. NS DS RRSIG NSEC
+sub.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. bNZQZZypKi/2MlAYJ6h0W69GSCLxnkvq4cXdR5oBfvcGlvP5AMnuqqY0HwjByPHqg8TMn/lrlpoXPODAjeAadRD73F3GD1YgyWDr1eCeSGCIHisadDYpzdeqgQNHxYbz2UMtB5d/6Q/C4yyzWuxk3Rpwg+bV77yYlOjDxgVYMhg=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 705 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41220
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87352	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87352	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87352	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87352	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28241
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			952	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39612
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			953	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			953	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32740
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3561	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3561	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3561	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17983
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14892
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	A	127.0.0.1
+sub.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. n5sXfpaxmFD6fFEvMEW+DwUJSP3yshFzkbc6idvWENf2b7F90jp093w4y0YkYsG5fWroQvHCJAMnXbawOEfFWquLhVJc8HHvZDXUeQb55rFYg8qYd1fOoP7/Z5hbwBNLSCGn3JPjCRXVfnEa58lKARgr+KZ1gqI/2Dm+jOoZ2Uc=
+
+;; AUTHORITY RECORDS:
+sub.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+sub.ingotronic.ch.	300	IN	RRSIG	NS 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. sXlfjCvwDECHOum9PfpnP+/d7A1MntO1H4jYBpsFvQru3YoR02TghQhoReszEeds39AUWJFT8u9Bk+OrKUS+Ubi6i+wbaiKFpoRHdzWDN3YFu3flRx+2chdVl9KkGywcYBi2j51iDWjKbWoCE3E1t7OoA/DBqSACyeLLsolagpY=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 623 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25278
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87352	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87352	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87352	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87352	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22717
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			952	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54290
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			953	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			953	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49739
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3561	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3561	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3561	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4917
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse
new file mode 100644
index 000000000..f29ef16e1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:21+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testLongestCommonNameRootIsRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testLongestCommonNameRootIsRoot
new file mode 100644
index 000000000..d6a19e510
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testLongestCommonNameRootIsRoot
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:24+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore
new file mode 100644
index 000000000..56fe87cf2
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:21+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62178
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	zz.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+z.ingotronic.ch.	300	IN	NSEC	ingotronic.ch. A RRSIG NSEC
+z.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. GGnZrgc0Q9aUOAh8w4G7j9GS2G2WcY16ZpETaX5J5x6ZshQGBgKzXDGo2A42YFLalrRas5h44O9qPMIWzwWlZMOB8vEoD+cWSjrBv/gQwzrCyxkBp4v3TLE9lFpvWwTqdKZO0MjrV37IRW91EFR4Mg2Nfb1CVDQaj67CT2ldYdo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 689 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19186
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87352	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87352	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87352	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87352	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46485
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			952	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54965
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			953	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			953	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18838
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3561	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3561	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3561	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26238
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57008
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87352	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87352	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87352	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87352	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44823
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			952	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29043
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			953	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62522
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3561	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3561	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3561	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24379
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain
new file mode 100644
index 000000000..652c4b6ce
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3858
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	zz.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+z.ingotronic.ch.	300	IN	NSEC	ingotronic.ch. A RRSIG NSEC
+z.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. GGnZrgc0Q9aUOAh8w4G7j9GS2G2WcY16ZpETaX5J5x6ZshQGBgKzXDGo2A42YFLalrRas5h44O9qPMIWzwWlZMOB8vEoD+cWSjrBv/gQwzrCyxkBp4v3TLE9lFpvWwTqdKZO0MjrV37IRW91EFR4Mg2Nfb1CVDQaj67CT2ldYdo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 689 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2610
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87353	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87353	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87353	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87353	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41375
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			953	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28417
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			954	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			954	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7903
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3562	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3562	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3562	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25373
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32204
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87353	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87353	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87353	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87353	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47679
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			953	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14319
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			954	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59925
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3562	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3562	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3562	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34298
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex
new file mode 100644
index 000000000..cfb02359f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:25+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46196
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	zz.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+z.ingotronic.ch.	300	IN	NSEC	ingotronic.ch. A RRSIG NSEC
+z.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. GGnZrgc0Q9aUOAh8w4G7j9GS2G2WcY16ZpETaX5J5x6ZshQGBgKzXDGo2A42YFLalrRas5h44O9qPMIWzwWlZMOB8vEoD+cWSjrBv/gQwzrCyxkBp4v3TLE9lFpvWwTqdKZO0MjrV37IRW91EFR4Mg2Nfb1CVDQaj67CT2ldYdo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 689 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46226
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87348	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87348	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87348	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87348	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14685
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			948	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64652
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			949	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			949	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11788
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3557	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3557	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3557	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55534
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2043
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87348	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87348	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87348	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87348	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58372
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			948	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49750
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			949	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			949	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17160
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3557	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3557	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3557	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13681
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsNotFromApex b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsNotFromApex
new file mode 100644
index 000000000..195cf70bd
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsNotFromApex
@@ -0,0 +1,118 @@
+#Date: 2015-01-06T22:35:22+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22814
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	1.www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 477 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53508
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87351	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87351	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87351	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87351	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36666
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			951	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23619
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			952	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			952	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14849
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3560	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3560	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3560	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44885
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint
new file mode 100644
index 000000000..ca7e65cb6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:24+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6532
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	sub1.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+sub.ingotronic.ch.	300	IN	NSEC	unknown-alg.ingotronic.ch. NS DS RRSIG NSEC
+sub.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. bNZQZZypKi/2MlAYJ6h0W69GSCLxnkvq4cXdR5oBfvcGlvP5AMnuqqY0HwjByPHqg8TMn/lrlpoXPODAjeAadRD73F3GD1YgyWDr1eCeSGCIHisadDYpzdeqgQNHxYbz2UMtB5d/6Q/C4yyzWuxk3Rpwg+bV77yYlOjDxgVYMhg=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 705 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31146
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87349	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87349	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87349	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87349	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16372
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			949	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39104
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			950	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6834
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3558	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3558	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3558	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3299
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55115
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87349	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87349	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87349	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87349	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17514
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			949	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53512
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			950	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			950	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38139
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3558	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3558	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3558	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29757
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOfDSForRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOfDSForRoot
new file mode 100644
index 000000000..a7d447378
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOfDSForRoot
@@ -0,0 +1,41 @@
+#Date: 2015-01-06T22:35:22+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57811
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400
+.			10800	IN	RRSIG	SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE=
+.			10800	IN	RRSIG	NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk=
+.			10800	IN	NSEC	abogado. NS SOA RRSIG NSEC DNSKEY
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 448 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65502
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87351	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87351	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87351	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87351	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOnEntWithWrongNsec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOnEntWithWrongNsec
new file mode 100644
index 000000000..7e3aa9a09
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOnEntWithWrongNsec
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:23+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3464
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	alias.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	NSEC	a.b.ingotronic.ch. DNAME RRSIG NSEC
+alias.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 640 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53101
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87350	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87350	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87350	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87350	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30899
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			950	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8785
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			951	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18505
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3559	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3559	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3559	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8855
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41255
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87350	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87350	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87350	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87350	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43022
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			950	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46782
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			951	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			951	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9216
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3559	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3559	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3559	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20989
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenDSResultIsFromChild b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenDSResultIsFromChild
new file mode 100644
index 000000000..67e087f24
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenDSResultIsFromChild
@@ -0,0 +1,157 @@
+#Date: 2015-01-06T22:35:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6051
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	samekey.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+samekey.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032788 300 60 864000 300
+samekey.ingotronic.ch.	300	IN	RRSIG	SOA 5 3 300 20150205115016 20150106105016 17430 samekey.ingotronic.ch. QbR6Z1is3E2h59dciJcIMGEwjq6FT42BIWdZJx2yThVOEEkcqBRX3UrXsWeeByMoyj2zIvlje8zCTFIQWT5zG/4gvt6x1VAQjDL+SJ7ZzNMBUoX42ySyH1vCosPXCwUGpjp2ODNXMBVQ67+llUi+JC+jg6L3CLa3EP4K4fobRgA=
+samekey.ingotronic.ch.	300	IN	NSEC	alias.samekey.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+samekey.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150205112840 20150106102924 17430 samekey.ingotronic.ch. NSvTE2dxRxxbqpxBcLZw3UKLiK/GZhSnHIm8f7OV1oNepPdYEhKQ1h0ou/KCl4QlJ3pqJq/phwqpssclEcA3bebi5IBp7uDTU1s1lAvvBg0XtGd5Sody9LelOObAhNFAeBy8f7PyA3ORIstEBf2bJCJ5X/UmMcexq3G/RS+wMpc=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 508 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51124
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87353	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87353	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87353	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87353	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35150
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			953	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63134
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			954	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			954	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35961
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3562	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3562	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3562	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40209
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57689
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	samekey.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+samekey.ingotronic.ch.	300	IN	DS	6031 5 2 DAFB8A4B65418C56F9BC6DE782EAE8C65F5F710A7AAA4E70A36E3E263028F01D
+samekey.ingotronic.ch.	300	IN	DS	6031 5 1 730C461CC98117784DC920C4FB19D284F22C1D64
+samekey.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. ABaSrSVKd/CoCD9HiieVOpexP9iUHLXFtrAG+1Q7iju4potpve5C30V9+XJoVsLhArQ90QcDspN95U45Qks4+r8S2MezBDM7jV5B34VGkrWb8+AltxqFg4bIl2VhGiwInW6KKVO161ZS76x5x2ssWhJzY8G8uC0LIxe10N7AfDc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 307 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57832
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	samekey.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+samekey.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+samekey.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+samekey.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150205095731 20150106090229 6031 samekey.ingotronic.ch. LuUccRlxgSN+RaFn1OXEFuDOelKnTj40UbXtTRU3DSvw5CSIsFYW5tz2qFMc9TKdyfXct4tCs1IbaxOxDn2S7gLGC0fSQJhR5QJBt//+d9/bPsrbzWdbX1VjGjK0Ei/BQYlybmda7mIhZgdT6PzXu00zR9wenJuUBETR7Iq0j2JSaFdD/NOxDKrMybH6sioa/D/iUV7tCCgNStppcpCE4QHK9ZZLtmwdPe0ai1zpFlJIAqclJeYANoQuul/MbR5QlPz64oVYq30kHK/OMd9sJTOtpcYqBCaknUygHuWOEzzVz8w1pd6XVFknzOiduFRO5eMJ0Epmme2QSOxNPbKSSg==
+samekey.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150205095731 20150106090229 17430 samekey.ingotronic.ch. Nnz0tzShNXJ5ypcEiLZ4Ky/dY2JULHptYl6G2wWkjZ2R98N3wDJkXQQN2XolOGwBmNyfdMAcI8AVL9SD1oRUmWPnj4yFBu5uS4qR037DsJYEz6pq4t8U0P7O+8Pnkvq/tFMLXE9E17CoWfLRhrqTq7U5kYYn/x0yIXpY0S6M1bA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 964 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecHasCname b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecHasCname
new file mode 100644
index 000000000..e9230ae3e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecHasCname
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:23+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50344
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	csigned.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+csigned.ingotronic.ch.	300	IN	NSEC	cssub.ingotronic.ch. CNAME RRSIG NSEC
+csigned.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. BCAjQxw7Hn8eMh8JNtWlHkprUpQPqCMa9Xca1SQTbgrkuKU6wPOd0tyvqZQZwXh90x54t/Z3OjFvT25Iqf3RSJ5T/1iJHUwdOlB5yHqc/c7E8yUs1cqSNf6ccXotsFJzXTLlpmrPzP7mjG5lpyGcN/hmXVWiMcq4SCeapRI19C4=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 644 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38761
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87350	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87350	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87350	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87350	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7194
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			950	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39259
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			951	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			951	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29906
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3559	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3559	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3559	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44555
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53393
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87350	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87350	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87350	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87350	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59544
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			950	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21621
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			951	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21667
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3559	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3559	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3559	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13905
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecProvesExistence b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecProvesExistence
new file mode 100644
index 000000000..16d480986
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecProvesExistence
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:25+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41730
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 636 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8881
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87348	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87348	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87348	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87348	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59326
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			948	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48712
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			949	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54200
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3557	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3557	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3557	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27755
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48898
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87348	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87348	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87348	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87348	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10818
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			948	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44946
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			949	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50782
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3557	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3557	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3557	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8263
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenResultIsFromDelegationPoint b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenResultIsFromDelegationPoint
new file mode 100644
index 000000000..9cd1d0f95
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenResultIsFromDelegationPoint
@@ -0,0 +1,373 @@
+#Date: 2015-01-06T22:35:22+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57267
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	t.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+sub.ingotronic.ch.	300	IN	NSEC	unknown-alg.ingotronic.ch. NS DS RRSIG NSEC
+sub.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. bNZQZZypKi/2MlAYJ6h0W69GSCLxnkvq4cXdR5oBfvcGlvP5AMnuqqY0HwjByPHqg8TMn/lrlpoXPODAjeAadRD73F3GD1YgyWDr1eCeSGCIHisadDYpzdeqgQNHxYbz2UMtB5d/6Q/C4yyzWuxk3Rpwg+bV77yYlOjDxgVYMhg=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 702 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8953
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87351	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87351	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87351	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87351	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17144
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			951	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3356
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			952	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			952	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62665
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3560	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3560	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3560	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43084
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48797
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+sub.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032794 300 60 864000 300
+sub.ingotronic.ch.	300	IN	RRSIG	SOA 5 3 300 20150201081246 20150102071246 3600 sub.ingotronic.ch. iyj09Qcj7m6Eec8MbAZiQW0sPEzTCtrulsANwrkOvg6wMTcKZt+EDaGRxdp0+6PcAURD60WP5PdKojY2qqN0th49nxA02e7d8xqlYDlD4B3svbviaf16p5AT012mFQ7JUSNQMgkj/4HznmfQtvpKjX+GHvlCBKKXbBKPFXKu77w=
+sub.ingotronic.ch.	300	IN	NSEC	alias.sub.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+sub.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150201075325 20150102071246 3600 sub.ingotronic.ch. Mm93ERE64aeLL7go+Dc0oamkdUWUAFe0zWDP1yYv1Zo+bVlk8WPxGdaT7soi/42qJZ27KMuYJBDgyy2GaapMbTgtLUcIwIp8fCtweVwoOSMs4jHCCmGNX6imjQR/xzx9Df0xYBYJNm3glN8qawn06tgpiG9zOqIQUcURr2E5lbo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 492 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49848
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87351	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87351	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87351	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87351	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14757
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			951	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38755
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			952	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			952	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45312
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3560	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3560	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3560	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36026
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55654
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	DS	42976 5 2 C54339C4B4EAACF8643D8FAE6C57836F8207F8D82088F1C51AF100123D2A42EF
+sub.ingotronic.ch.	300	IN	DS	42976 5 1 E638863370B9DE424C31CA03B99CCED96027B88C
+sub.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. m1gkZjYlA6aeCibofiRybFhOLgRvP+UG5nzWjH4yfzjPnfODRqo8TkEbRc1wUS1etARSq9TrsCjlWSKdn3JBdQfi0uGa27lLproj6oHi1+enh+OKIjFRxScP1bPPcbCALRFOeIp9JA1TEAGsyn+pWSwRF/wpEfrTTbOj94tsxX0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 303 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7891
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAbVAfHflzOy0uICze0QDBfbrZrU1UN1LNc5D987u8qhP9Vz2pd4yb3rSLOuH9hG7ouAkI63qmtmq6TP71jRXyHr4F9/ZbD3hzhCkyXdo+KaPO70VXWtdIZUom5WuA92pzTB/WuiaWJ217SUeRXU9e4NwrpbDINd6sXcb+sBEFDRt0d/VbwAxa7vo8fl5qOmr/PzD7FoKFTnTWTfUduRsHMdlyYY+j8JfikDdTdeRuYuHzUCO3q3BcUEHrBnKE87JtEM0TQnDSe9OaLFxYARq+LMdHY2P/OZP8nWStSnB8d3E7Sc/FEOQZ9xKkmh1japxgoStjcnBKvz53DmwIXcvcRc=
+sub.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAcsnnxVGj8qUAxBox/LKOrpdJG0S8Zfn/mMl+f52Odke62Et5blo+jrbXiOWa6+AlASOMYprqpaZ32b16UvtsuqruErqwy+M427TVTmG6LXEDe7rCNrJF0tIesQpwkA8WjlTRE2bcVHTwARL//smGhTlE9WTPAQGDdXyTUWYr1rX
+sub.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131230442 20150101222529 3600 sub.ingotronic.ch. mPYA7Wo+MdzLLleV32ZvynRVzdnL97XgGqzeUPiI7LSXfaSEOtpoE3GeosbLIjGmZ42wLTYOXWm4YS/Mb9ctQGuNPQRMgQbVPkv/aOO6tX+Vqq1XJkKgdb7dRdvvs4jzjIOH/a++OpUy0EBKKioAkwKCrcTNqLkRQ0IkTyoaaCA=
+sub.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131230442 20150101222529 42976 sub.ingotronic.ch. Z2/JMubvx8hgfIzmvmXVSfe/qCbZZ3XlJsj3ZrAa8+izrRODKYrGVOtJ+ONPOwid6NQN40yizJoxNFfvkDDqUiZJO6vpb9FmStj034RD1hfC/7qsLoCdOLkLoQwrQDoYTIwLywpsduCW83JzbGBzzCkC9+aoFPVXIkcGUqoQCdYB5OXzF9/2uWq8tD7AQ6t5MzPeMJC+VcNOjqBPRkunl27yUreNt1Nb65C38S72DAJNzAZIZqj1A8jZ6tk0fdixmZ+KWelP8S9SW2TpeGxwJ4kbHJJ+vSo7dkqRtnIYv4GPW6Xp3GH1oErTMGeqp9mquQ6n6jWP6ejlwc6puMxjNQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 952 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41767
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87351	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87351	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87351	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87351	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49409
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			951	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35186
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			951	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23542
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3559	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3559	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3559	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19631
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecIsForDifferentName b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecIsForDifferentName
new file mode 100644
index 000000000..f7d3a99d9
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecIsForDifferentName
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:19+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53349
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	*.c.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 642 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28003
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87354	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87354	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87354	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87354	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3842
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			954	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64566
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			955	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			955	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53409
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3563	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3563	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3563	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18388
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40922
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87354	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87354	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87354	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87354	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2222
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			954	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2371
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			955	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			955	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39664
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3563	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3563	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3563	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2175
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesCname b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesCname
new file mode 100644
index 000000000..1eeccc116
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesCname
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16955
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	*.cwv.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+*.cwv.ingotronic.ch.	300	IN	NSEC	*.d.ingotronic.ch. CNAME RRSIG NSEC
+*.cwv.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. BCuqOula4CbP7OMTfAcntmW8o/Irr0N4NOcG7h7AH+Z+1YBJmITWukLUL8iEmC5UnEXTi807YiCnv0Fp2qKyIxSO7x4Kfpb/smHQC1zgeCdfkiyXOIj9iePyizW0/7jJTTY0DQzDF0fPe5t393eS4qSDiwHSnFqsDN+jKPtR5A0=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 640 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7189
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87354	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87354	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87354	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87354	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24849
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			954	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49755
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			955	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			955	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37764
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3562	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3562	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3562	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58114
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48146
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87353	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87353	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87353	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87353	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59133
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			953	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61813
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			954	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			954	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12624
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3562	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3562	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3562	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55368
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesType b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesType
new file mode 100644
index 000000000..2c185a86d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesType
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:24+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54210
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	*.c.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 642 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39900
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87349	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87349	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87349	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87349	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12390
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			949	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21937
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			950	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52675
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3558	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3558	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3558	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27862
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59857
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87349	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87349	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87349	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87349	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58740
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			949	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33518
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			950	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			950	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60752
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3558	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3558	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3558	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35134
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDS b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDS
new file mode 100644
index 000000000..4c9809e7f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDS
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:22+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot
new file mode 100644
index 000000000..4c9809e7f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:22+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot
new file mode 100644
index 000000000..f29ef16e1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:21+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecChild b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecChild
new file mode 100644
index 000000000..cf479c051
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecChild
@@ -0,0 +1,158 @@
+#Date: 2015-01-06T22:35:05+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30309
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87368	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87368	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87368	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87368	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51543
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			968	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			968	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29661
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			969	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			969	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			969	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10556
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3577	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3577	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3577	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55011
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60076
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	c.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+a.b.ingotronic.ch.	300	IN	NSEC	*.c.ingotronic.ch. A RRSIG NSEC
+a.b.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125000532 20141225234703 17430 ingotronic.ch. HMCFItkk6JIV9hcHJ+p+OO5CI8B7H4fWy6w8kMfKPA/Z/lUcjlSKSexxd4ppubXfaVDhTW5j3Nd0rEpKbxztd9MZGVbvk7LJibvpD4ACR0xSmE69fyjrxrN/uDPYVPL5uOTklgDAlinQS3E6KulWr5iST9H4gmhfrk5MpvK4fcc=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 479 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60766
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	x.c.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 483 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8878
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.x.c.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 487 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecCovered b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecCovered
new file mode 100644
index 000000000..1163207ec
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecCovered
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:35:03+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50725
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87370	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87370	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87370	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87370	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29961
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			970	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35385
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			971	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			971	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20327
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3579	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3579	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3579	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47920
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20309
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	ce.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 699 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testLabelCountInSignaturesNotAllSame b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testLabelCountInSignaturesNotAllSame
new file mode 100644
index 000000000..5942bea3b
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testLabelCountInSignaturesNotAllSame
@@ -0,0 +1,298 @@
+#Date: 2015-01-06T22:35:02+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6386
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	b.d.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+b.d.nsec3.ingotronic.ch.	300	IN	A	127.0.0.1
+b.d.nsec3.ingotronic.ch.    300 IN  RRSIG   A 7 5 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. vYIVCLyXQa6nNezkqsRtXFfx5Ne/9O665IJRyIn5InKvS1YQ16rEbSAitkDNRU8rdYrojjbl0ZZD6VNh21UwM2QOpM+I/Fv8VXTLSOUD24unM3NjPUMI6sLk+25EFGjEqv+IConZgmMylZwqdtocH8gOXid1IYVsU1u6x47GsLs=
+b.d.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. eTKm2GV3eV5Y8U6GoqwV+r3ddroqbgszQ6ffKiDPOSnPjgBQ5NP0MgR4ZC8iP7yp/ycVAx8BsnCwUfv1CDIZ1eeOAFRDmOiUlU3NqUA+Lklz+HLkK67P9w8WKcVkn079CPyPvp6Z0VNHq1o3WhRhVWzRYK2BMvZhqT2anYe8uQY=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 8VOO8LLV6NQKGVAP6LG1M4QMLMOS8LMK CNAME RRSIG
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. oVpQ8URiobH7xZcbioe1KuVi7wDEvJDLlS1vN4phMRXDhe8JwA6iGHi8jq+iOT4FkzhO9LTsFJJEI6Nj509+1X2zvRwAfYauanMdXog5vh5d7WF+/Q3LxbybKeol0HvIrJGXeoVnaFJAh8WvMWwnb1tM6mHp1GKtWoWiH8pv6+0=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29930
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12727
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			971	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14423
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57122
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12690
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18356
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21569
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53334
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33527
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			971	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17311
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51328
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6320
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43131
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52988
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExists b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExists
new file mode 100644
index 000000000..ec55eeac7
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExists
@@ -0,0 +1,219 @@
+#Date: 2015-01-06T22:35:03+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5694
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	b.d.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+b.d.ingotronic.ch.	300	IN	A	127.0.0.2
+b.d.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. R/R9YKXD6MKoCLSiSyedgPvCyz4vC5twiGXU0ho/612q1zukfCBpfehpthnlhaers9I+3sQZKsRjUYq2e7hs+5pawLne4wxlAJUVR8qZ/u3U0zZlDLFyswQQebTUfx5cUn1r5xWTMsODa/Za3QcxaNWRBlX7SQmP4CaHVD8BlsY=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+a.d.ingotronic.ch.	300	IN	NSEC	a.e.ingotronic.ch. A RRSIG NSEC
+a.d.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125011134 20141226002644 17430 ingotronic.ch. Xlth6wbhlD20uaeZZWKeREQgQBsYN6ztO8zPCWCeklur7YQ3X3aZJGhiNqPPhrdP2g9VEadeFQjCI5eGslXFoJtRPqAVswbk2K0wD8NSeoKRAXhW3N91AQodcalgOhiX5yuqST6gLxJl3WXgwUDvco+JvrfSFWV8FLwZ3RQ/26U=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 829 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56054
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87370	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87370	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87370	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87370	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2068
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			970	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30440
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			971	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39575
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3579	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3579	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3579	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13421
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 472
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87370	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87370	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87370	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87370	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52500
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			970	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3503
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			971	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61608
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3578	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3578	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3578	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16525
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3
new file mode 100644
index 000000000..d32d948c8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3
@@ -0,0 +1,297 @@
+#Date: 2015-01-06T22:35:02+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6386
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	b.d.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+b.d.nsec3.ingotronic.ch.	300	IN	A	127.0.0.1
+b.d.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. eTKm2GV3eV5Y8U6GoqwV+r3ddroqbgszQ6ffKiDPOSnPjgBQ5NP0MgR4ZC8iP7yp/ycVAx8BsnCwUfv1CDIZ1eeOAFRDmOiUlU3NqUA+Lklz+HLkK67P9w8WKcVkn079CPyPvp6Z0VNHq1o3WhRhVWzRYK2BMvZhqT2anYe8uQY=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 8VOO8LLV6NQKGVAP6LG1M4QMLMOS8LMK CNAME RRSIG
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. oVpQ8URiobH7xZcbioe1KuVi7wDEvJDLlS1vN4phMRXDhe8JwA6iGHi8jq+iOT4FkzhO9LTsFJJEI6Nj509+1X2zvRwAfYauanMdXog5vh5d7WF+/Q3LxbybKeol0HvIrJGXeoVnaFJAh8WvMWwnb1tM6mHp1GKtWoWiH8pv6+0=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29930
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12727
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			971	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14423
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57122
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12690
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18356
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21569
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53334
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33527
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			971	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17311
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51328
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6320
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43131
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52988
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNodataWilcardWithoutCe b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNodataWilcardWithoutCe
new file mode 100644
index 000000000..58500bb3e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNodataWilcardWithoutCe
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:02+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19025
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	\001.c.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+a.b.ingotronic.ch.	300	IN	NSEC	*.c.ingotronic.ch. A RRSIG NSEC
+a.b.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125000532 20141225234703 17430 ingotronic.ch. HMCFItkk6JIV9hcHJ+p+OO5CI8B7H4fWy6w8kMfKPA/Z/lUcjlSKSexxd4ppubXfaVDhTW5j3Nd0rEpKbxztd9MZGVbvk7LJibvpD4ACR0xSmE69fyjrxrN/uDPYVPL5uOTklgDAlinQS3E6KulWr5iST9H4gmhfrk5MpvK4fcc=
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 697 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43123
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87372	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87372	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87372	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87372	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9093
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			972	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11698
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46520
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30476
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2117
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			971	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46135
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9267
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23660
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testPositiveWithInvalidNsecSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testPositiveWithInvalidNsecSignature
new file mode 100644
index 000000000..1f9f86940
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testPositiveWithInvalidNsecSignature
@@ -0,0 +1,219 @@
+#Date: 2015-01-06T22:35:04+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52897
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	a.c.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+a.c.ingotronic.ch.	300	IN	A	127.0.0.2
+a.c.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. geU9+RShND1QSzoFR2S1RAJxA6G4xzDzW7bzjFlzYdsFS22qF7sfkO09No9Dh8GaaYNZSyJ00y6ldeO+jWrqeulgP99ogJcdC9vGnzYJxgl6T1BPzKOMtLg/peXAqARBK1NyDgLTjNSmVPVda5Xpe6aAZDOr1elE464SkEMiQHg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 833 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23232
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87369	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87369	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87369	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87369	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15202
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			969	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46342
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			970	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			970	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32974
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3578	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3578	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3578	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51129
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56199
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87369	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87369	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87369	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87369	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36411
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			969	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21233
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			970	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42201
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3578	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3578	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3578	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52631
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcard b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcard
new file mode 100644
index 000000000..e7fcd9161
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcard
@@ -0,0 +1,219 @@
+#Date: 2015-01-06T22:35:03+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11754
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	a.wc.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+a.wc.ingotronic.ch.	300	IN	A	127.0.0.2
+a.wc.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. XZpNDVyI2aAxNL0fMgxbKCHH6iFYitqUSc6KETJARx12GJt/0fkas+y6YRfS5oz4pBi8dsnlb/rjsDYoQ6aG6hCvAKnqSmZFO27Zp39AR6Uf+UMTR2H4tAgpvTm5tFBPh9POiH/e9YzGacKrXNkOZETXYdwzV7RQ0Ct9Gt2qLEw=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+*.wc.ingotronic.ch.	300	IN	NSEC	*.sub.wc.ingotronic.ch. A RRSIG NSEC
+*.wc.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. ReylzrruAa2BPfMdmDkTLgj/cLWzXR7V22zk/LPIChZUI7K8JIZHUzFA2XO6Cho+Dj3SGEXlwwgncN6RNImAthvYh1SMfj6GjM7beo7g5WBbJrwkAnrR/G/LIXj4D0xhcX3yFrDVt9Xp1wSqrJmurvodjkbo/8m8O4yhZFSiuWM=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 835 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 255
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2733
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			970	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30372
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			971	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			971	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18005
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3579	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3579	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3579	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35032
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4440
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87370	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87370	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87370	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87370	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24442
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			970	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49540
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			971	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			971	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12172
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3579	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3579	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3579	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53492
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodata b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodata
new file mode 100644
index 000000000..1d52cd885
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodata
@@ -0,0 +1,215 @@
+#Date: 2015-01-06T22:35:01+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 575
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	a.wc.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+*.wc.ingotronic.ch.	300	IN	NSEC	*.sub.wc.ingotronic.ch. A RRSIG NSEC
+*.wc.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. ReylzrruAa2BPfMdmDkTLgj/cLWzXR7V22zk/LPIChZUI7K8JIZHUzFA2XO6Cho+Dj3SGEXlwwgncN6RNImAthvYh1SMfj6GjM7beo7g5WBbJrwkAnrR/G/LIXj4D0xhcX3yFrDVt9Xp1wSqrJmurvodjkbo/8m8O4yhZFSiuWM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 485 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52336
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87372	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87372	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87372	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87372	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19347
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			972	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6261
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			973	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			973	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15861
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3581	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3581	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3581	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47780
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11858
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87372	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87372	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87372	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87372	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52147
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			972	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42646
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			973	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			973	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39084
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3581	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3581	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3581	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5987
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodataNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodataNsec3
new file mode 100644
index 000000000..e4e522c85
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodataNsec3
@@ -0,0 +1,297 @@
+#Date: 2015-01-06T22:35:04+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22667
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	a.wc.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+O275F9OLQ9HNCER7U4SMD4V8AG7IPML9.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 QM439T9VOCEM9QOGUD483A42508V4G4E CNAME RRSIG
+O275F9OLQ9HNCER7U4SMD4V8AG7IPML9.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. oNHVOddpZW5FtTmBoQuwUk/8Ufa7OjqtzrJWNNcRufe7gJf/k+cKIGnf/JsZC4FFu+KlTbeOU2RkgfgdvjUv4B+5K9WM4Lc33/4lo4hiH9MiQBIKbneShRwBBCXTlUpSzJvksvl/Ld8VZJ2Dbe2q18A7JQvRNW1o1Gx9vxT1kO8=
+ES29HF5NN8D4NUDKH2QBR28NEVBFODG2.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 FH50CGGM3TBSI8M477ILPD3VAT8TM76S A RRSIG
+ES29HF5NN8D4NUDKH2QBR28NEVBFODG2.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. CMXrIb7iTUoxImX+qODyUAo0rJ4PyOdS6Fa5yLuCc8OgPTafAgXYNb7oF1esZcYJh6Bn05J+1kIbO9YnIeCLU74bUfQURaeQOwyC+/l/B5Hx1VFo+F304llVBsoge2VvT/IQrtFGBAKpZY5iiQO4DH5yI8yfHprskj3ZB0jvcIY=
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1050 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20815
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87369	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87369	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87369	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87369	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56020
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			969	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47777
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			970	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			970	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31925
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3578	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3578	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3578	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54791
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54694
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17499
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6987
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87369	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87369	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87369	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87369	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4743
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			969	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63386
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			970	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			970	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59366
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3578	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3578	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3578	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62132
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64272
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52804
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/root.zone b/src/test/resources/root.zone
new file mode 100644
index 000000000..24be51d68
--- /dev/null
+++ b/src/test/resources/root.zone
@@ -0,0 +1,25097 @@
+.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2023110500 1800 900 604800 86400
+.			86400	IN	RRSIG	SOA 8 0 86400 20231118050000 20231105040000 46780 . DjoF8WtNBOaFha3ymE3nNTa/gBHkftTrFV8+bWCpkdIjZVI8PvL0BEJlsoKCQNmXgOVo21+AIKyKE2pl0kiCoCawSjlIu2BaOqcOPtatjvYsZI/dBSxEc7h5UhDj6vEOAhiu+6f3caR1r9P4cF2DsME7gR6+sV7a6kEu4YiV1jt7YG1qsCeYeW4DR5pgYIQ3CvnfIA7sxxA+FAvMmbtvBin/AAtv+4/VkvEhJDUIsXGeNzuAt6Ilp5/PEX59s6zF0WoMy/OIVVfAR0KnsmPoo5BPZyNDXBBV6ZmGq8/f6aZoJ+gcm3fNq9+UAHKJ+oYfhZht2+ymOkdS6l9D8F2VyA==
+.			518400	IN	NS	a.root-servers.net.
+.			518400	IN	NS	b.root-servers.net.
+.			518400	IN	NS	c.root-servers.net.
+.			518400	IN	NS	d.root-servers.net.
+.			518400	IN	NS	e.root-servers.net.
+.			518400	IN	NS	f.root-servers.net.
+.			518400	IN	NS	g.root-servers.net.
+.			518400	IN	NS	h.root-servers.net.
+.			518400	IN	NS	i.root-servers.net.
+.			518400	IN	NS	j.root-servers.net.
+.			518400	IN	NS	k.root-servers.net.
+.			518400	IN	NS	l.root-servers.net.
+.			518400	IN	NS	m.root-servers.net.
+.			518400	IN	RRSIG	NS 8 0 518400 20231118050000 20231105040000 46780 . wBGo1yaZisA01u7C75dBaeietQukxXT8wmTOMWKTcP744RPpXkDjDeaws4BZC8prKdZyXPbeOaPtrwp7DF2nt3zlxxh8IWJOlgos7G7KlXxqd5V5UtXH8uaTvM0tMSJ5TAx3n/HJleoLfRis4NdSYL0GTFYBdANwHXJFKVeSkpn3pmXZylH2Iaqh4QfBEADitTLPu7LozA+nziweu2E/awIDYsp6H0Q9KmHA00/SX7WRlJnnSSCyQyEE3jm9GFYLmQo7RM+V2FfozFsfh2EY7IC7IM8RgjqTE1fchD51lrhhWzr9y0oYlSbaoRl56kYGTLFOjhTh1ppnxLQ7GU1Cvw==
+.			86400	IN	NSEC	aaa. NS SOA RRSIG NSEC DNSKEY ZONEMD
+.			86400	IN	RRSIG	NSEC 8 0 86400 20231118050000 20231105040000 46780 . wmb55sb6b77nHTDBxGKhKeou1jfGYYg0Pj1ekK8N/WlOfkhgoBJcmJncT2bgqUTXryrDGNIKq6pPT04GWW99DsEn0UOq80lztZW2snPnmg9nZqJ38gOsvAbG+RbIENOeEX9/3xm7/ZYAniFhryuUzauNVaDYtvaxY/shHgGW6VETN04aw/rFj25spxEFjUl+3Cy8KgaSsH6WTnQK9EG1q2CDhspeDedkzI5ozBbDH6maYIzLWVxeW+ShdoZs+m/vPtCh9OLADdHa6t96QO8NMIVHsjJNQWJGGDeX3SBj1lSz0sBNg48QSGL/zF719E0Bd5ZtNVdOcmypUE4tQvjjPg==
+.			172800	IN	DNSKEY	256 3 8 AwEAAddS95RV5uUtkUCN7vyvpb0kDZgmtXwN5Sj/d08+X7ND2sgWBabKnFhftrOsSx9DUhKR3gpMPIxac84Nou8Wzkiu2A/sTzP1F6KpCL8epgemdlZVd1ATHEjpB0KHIQmDjSEO/frGgi8ijQ2vDF3AMSrUwH7qntL1E5ufPHGKRM+agGghcAYfJHJN1dw7Ki3Fo22RDB3VZBxU9yJ3vl/T4hngeL7zK84vgl62tlJJw1rK5S/3U4p/bZarjtMFOHDfh0DEj1ywtRpkpPnge03gmINoa2tz+Kff67kbQb0NhHJYzPRpViaMEWZI9pgGH9ZyuFdNrNRx68XSiO7sya7/i+c=
+.			172800	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
+.			172800	IN	RRSIG	DNSKEY 8 0 172800 20231121000000 20231031000000 20326 . fdwy6D1E9vFN099dbnfAwV7uYYd1aXOpVZ56Vh6AFWyWWQxno07varI64fNCDCv5vMXoMkGXZO7+rb0ngfYS6sFFgdNUUz1O3EMgqGyzPM2dqe0YbeZT/m+10PdMZJRnNK6cK2swPcuSSZ8LatNwx+L2MlQ4ipxNwJRJko3jbJWGFTqttvXUA9fv3ecwe4ACVjLgM5sJBtxWlgM3nUXu9hf1JFo4NI8ePJ8LcxWHfxldKlSKkjigmEMLZx7sDl2CvAY5mK/qRtIN+6VIKyb2iZBC7UN8C6GpRv/3P8xCQ2FLAbOnh6ibUUTSZf8FP3KGZtnoSelSqdOhFI3beHP6EA==
+.			86400	IN	ZONEMD	2023110500 1 241 1AADC4FDD0FDB404C4848A9D7C1F1C674C31ADDFDF747454BAE966048EAE0806158EBA5569EEC4638E7A765A72F5019D
+.			86400	IN	RRSIG	ZONEMD 8 0 86400 20231118050000 20231105040000 46780 . 0mm+OTPKLHGBcr3TaEHU74N7jpuurIeuyd3tS5I2s+KJ6Sx5605ArLIvbSfXA1b265rErJN0sp5se2ldBJqIzO7UzkPHSvDoMR8AyuFx8nQskidqAH/M0xOeUzZmft9+3ny5MTauLuIEaTHo2/w6fY5R3+TI24bvCLvHpKxodEu9V0Yx5pxLCtuQvV7ZDV1fG00dYbsIZygdx9jjdx6tCfAtRogl12Sc2VN3+Hw0GlxCpt9GP6nh5LIcyGY4ilC1T9RZF23t96hJ2PgJho2vfib4hsWYN9kanjReEAd+du7HZAlMuLfawzA1Prh0+CrmrOexzkQnIOBQmxz24HrS2w==
+aaa.			172800	IN	NS	a.nic.aaa.
+aaa.			172800	IN	NS	b.nic.aaa.
+aaa.			172800	IN	NS	c.nic.aaa.
+aaa.			172800	IN	NS	ns1.dns.nic.aaa.
+aaa.			172800	IN	NS	ns2.dns.nic.aaa.
+aaa.			172800	IN	NS	ns3.dns.nic.aaa.
+aaa.			86400	IN	DS	23185 8 2 B18D0EC8791D98E167CA4D9745A0C27A6377E099D8F6A16A09567492AB16B7DE
+aaa.			86400	IN	DS	31852 8 2 89F7670AFC091B199B47900E4CE4135B9463B7F74D3D19A1C732E78C345D4DE6
+aaa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0OQVJoL1nMOk10u4lgU+LAIh85AdaFSwQmIBper8pa1YTh/+oPNqFIUExrNoNIZF1liR+8MVk23AGO9w4An7lNarY1oSinI6FdRPpT0OexI0DRywkI3CRTKTivENxAxjbt9o0sJHg4yNiwBJfv+KFaYCXAns7ppZT6WqdekqmcAh85g8GzZSiK6eujbM6TeDW2VTrxNn5k2x6/g+CXlUUHUT8RHtVvGohTi/kPRPt1fKtZOJH1d9Ne4bwYzuonTA3xdsGGqaqNr1LFtDNjZsHzk4Wwg+yNcewl6o1wt1wrHn0GllUW8vVHKut/K53VHjt+9mbnhdbVATrDeusLLzXA==
+aaa.			86400	IN	NSEC	aarp. NS DS RRSIG NSEC
+aaa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LyowmUUnY+25FKpqGtrg0W3J74F28Fdl8p5SNcW9MhiyMt7pGeFa7i6ZnnGknIY9pQ83pVxx7dgxen6q4ZDMAakcsr7JiOFEIVpeCfg27TNmsVuKjm8H8PWyPKhUwK/INDaz2W93b09HizwD7F3vIR1Ycz3hSYGtZyQmlPwu8A4hKotoVe762b+by3PAncWhkqw64I/B18fn+qhwh0Ua8fXLxKdfgB2/rlNzWxH2J30jwBor6cpQmDBIKGoEmc19v9pBg1jD1sQg6LXz+gpoJ2B2+8pLKRP2cjrlxBRDug/78Em2bRSZ7i9AQ+thCIANz1ZIzIjyhtUurV5Sm5iHIQ==
+a.nic.aaa.		172800	IN	A	37.209.192.9
+a.nic.aaa.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.aaa.		172800	IN	A	37.209.194.9
+b.nic.aaa.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.aaa.		172800	IN	A	37.209.196.9
+c.nic.aaa.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.aaa.	172800	IN	A	156.154.144.2
+ns1.dns.nic.aaa.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:2
+ns2.dns.nic.aaa.	172800	IN	A	156.154.145.2
+ns2.dns.nic.aaa.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:2
+ns3.dns.nic.aaa.	172800	IN	A	156.154.159.2
+ns3.dns.nic.aaa.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:2
+aarp.			172800	IN	NS	ac1.nstld.com.
+aarp.			172800	IN	NS	ac2.nstld.com.
+aarp.			172800	IN	NS	ac3.nstld.com.
+aarp.			172800	IN	NS	ac4.nstld.com.
+aarp.			86400	IN	DS	5751 8 2 7E8A14AB8F85009B9F19859815FA695954233FD9DAA6AB359044D12621A77E9F
+aarp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LczBmJuXTIYRfR/aUlO0ZFHgQDOpBzmeKAttdbpOLgClcOwZ0d01vHmrwTdO+Ip95LEYb+V5pm9HMSBCNBRD/kGO4lf/6/PLmPu56l6+WsAV6SfUtKrwbq4Ln3zRHK+pDLIPziNht/rQ9U+W4Hd9ncoE2VqTEDybA6bitqQ3yrjU7/o/QvQ7ElMWJjBAGOjXTFkbCeF+Ooo6ZzTy7tR/P3VPOrPBD8nZ7CCkEvSLug0tH37s+XTyfkyu9atTJlSjHAeP8AoVbmKSn9Syt/OYMs6TBv3nwq0Hjpo1LlsIHacmHG9f3sjJNzBBB7lSHCe5OEgHnYF8y8bcIQ2qRtKhHA==
+aarp.			86400	IN	NSEC	abb. NS DS RRSIG NSEC
+aarp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1Fj7zbJnHzzSTOems9PQTrp9WJBu9cZhefIDYDXP86pK1TmeR+n1LSJkroPzn80rWrPIHEmmQo7N9AR+aV00tHHC5eMdPx8ra+Hvnl5oYhW8zK9qEm9YLtnfdXXD8BfIaavnK1eMPlp8AnV6Gl3h3yXzTD8NSCVZ0J6BwBspaTzHrWcKak5cNmM5R1oQh5tpN2icmWz5ouXlq38XhxNArR9uJEj82YoI4OIRmZg4ZRmGzRALvLxTWcsyl10s7awww+yzRxT0LoqD+FAcWVbdjF1I32+nwUkuT5GEoZqLklI9w6LKjq5wDOpFIAz7r1vnCmCyh44njxLBf8bgY8hR4g==
+abb.			172800	IN	NS	a0.nic.abb.
+abb.			172800	IN	NS	a2.nic.abb.
+abb.			172800	IN	NS	b0.nic.abb.
+abb.			172800	IN	NS	c0.nic.abb.
+abb.			86400	IN	DS	16216 8 2 6DC3161E488F546A3BAA11018BF0123C789C56241C9C03DCB74CE07A5ACCB18F
+abb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eILEjXkVv1/Qt0IgLqfpRMxw3Hgsu4Bch9bF7xcyX+I89YwxkLj0YQTJo5ct41E/2ByUSYgPE1U8+9QllYzQm4h4R0ilPKXLhKkcc14q7hvoZuTheaKGDQ13I+FTBohMgZd44jiVaCgpu31xB7BfVprRRwqNaMOccHHKI7o+vC3+pwIQNDnU+WoWyOr/5cEo10RMNVxM8KG4oAiFhtMVVn4pgaB6vaRMgcNkJLyR8G26EDkfByBEqwNIEOLEhhcooFWdSvrdxIH2FhYRCDir89gIaC8pN9YbCGR4r8+Gg7aDUrAIdDk1LYMl+FwotZITTGv2hmDXQfnGFTtSzsSRIg==
+abb.			86400	IN	NSEC	abbott. NS DS RRSIG NSEC
+abb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vcQ550TFQslxkeU7lAV2TUx2MgnJD3bCTQZ93bYJrXX7klt29jygCiJVq4L9dvUZ+ldOl7EbDLVroRmitLsVcyN6nHgI0KfoS5lto9Kvhs604AgFAdCC1n8SrxaMQm5wD7rsKzni1LQLUbjpKMBaMb60LVnv/RE6XZSKpgemLW5EO2ekUGjYP9U/3bD73fRX+GiHLvmxRNXqdL9/PN1tmVPxP3QrKUJa3UexDG/HP/FjpN2fmXGHFrtURUDogzIrmgVepULxpBmRp6A4XnRNvTb6oT6Dv8Nh3pHiHnUNHpXDfYMzYaOaClWQBVc+izBlVgTLD3/d0OOBuC0Bv9wARA==
+a0.nic.abb.		172800	IN	A	65.22.112.41
+a0.nic.abb.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:41
+a2.nic.abb.		172800	IN	A	65.22.115.41
+a2.nic.abb.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:41
+b0.nic.abb.		172800	IN	A	65.22.113.41
+b0.nic.abb.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:41
+c0.nic.abb.		172800	IN	A	65.22.114.41
+c0.nic.abb.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:41
+abbott.			172800	IN	NS	a0.nic.abbott.
+abbott.			172800	IN	NS	a2.nic.abbott.
+abbott.			172800	IN	NS	b0.nic.abbott.
+abbott.			172800	IN	NS	c0.nic.abbott.
+abbott.			86400	IN	DS	41764 8 2 04C4003CF06316C866DF2DCF23304B3A25D30778AC1A838F986350010D2647CE
+abbott.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rR5lSQV+k+J0yjSrNwFk8CGnRYwExT0sf/+65AdgZr+YG8WGOe7wUoD9uMjGIwjbqC50MLUyuDLbMn1+EtgwOWgltXLx4iq5jQUK7OMSfUmcrSqfckFQKwHobtGEGG49gzTS3oXTDELH0KhP45tlMCFF2sNQF6pb8HlMoahgLX6yaRfj9C5MDKvvwRKn0te1YPSnzsD0LfZS4iTWhBj8PfPMlg4lSoKyADxcKIrucOq3x6GckJRtE5EYW8efBYxpbeqiHBYk+a28rw4z95cXZBjCMSKEBCZSd3DShdT2EQag3PMPR7tJvPbzadZKMJ/khBcdInL2qlKY2ccQEolBlw==
+abbott.			86400	IN	NSEC	abbvie. NS DS RRSIG NSEC
+abbott.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XWpwHNLO3m088pgoxbPLwhFxw66huYumJYet7/95csEcEN6Wb8fQ2sFfDPjkVk5/Ni9OobWP+fKHekG+pWDbRhDZYZz4f/Ai73JlmWEjVKKLicdmGFZO+OFvY6I3kqmnEuvsBQcptPf2MER+fmvS9jUgiFe0YWRaNiLbmOvyrwHl1HHCOBqdlnhIzvxqp56nS7NsDY8mbVlcoDj/md0lYcGlFBPzNp72rQLuoorBS5/KC4oNNuQGOFZpFBJGccL9coenNc4SpyA1R2l6F0dMHca5F6eoUsR589zi2wuH4UxmyS1yB3nbvh+TPrt0wo63e/oo/AnBqAdEqBvbsFz4mw==
+a0.nic.abbott.		172800	IN	A	65.22.156.41
+a0.nic.abbott.		172800	IN	AAAA	2a01:8840:9a:0:0:0:0:41
+a2.nic.abbott.		172800	IN	A	65.22.159.41
+a2.nic.abbott.		172800	IN	AAAA	2a01:8840:9d:0:0:0:0:41
+b0.nic.abbott.		172800	IN	A	65.22.157.41
+b0.nic.abbott.		172800	IN	AAAA	2a01:8840:9b:0:0:0:0:41
+c0.nic.abbott.		172800	IN	A	65.22.158.41
+c0.nic.abbott.		172800	IN	AAAA	2a01:8840:9c:0:0:0:0:41
+abbvie.			172800	IN	NS	dns1.nic.abbvie.
+abbvie.			172800	IN	NS	dns2.nic.abbvie.
+abbvie.			172800	IN	NS	dns3.nic.abbvie.
+abbvie.			172800	IN	NS	dns4.nic.abbvie.
+abbvie.			172800	IN	NS	dnsa.nic.abbvie.
+abbvie.			172800	IN	NS	dnsb.nic.abbvie.
+abbvie.			172800	IN	NS	dnsc.nic.abbvie.
+abbvie.			172800	IN	NS	dnsd.nic.abbvie.
+abbvie.			86400	IN	DS	56720 8 2 11E4530F78B2C9CB2455D04DFA886A61C3F23E1887E53245B7950FFF03AD8B2B
+abbvie.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vSP58BYnGdnakG4O1jNofJXFOWAT6U6uXk2bSBnaTa8/JtKGHDe8G2dkZW7OBxn9pOa5J49U1jeKUSZ/yr8CuT6qnQXRuAbRJQ4IuARkX1pNLHUJ+4BZhAXsxoUI10sasvpOBCWLPll/pKZG4E92pA2RYy9fe5sAo9rzKwjdy1t6Ny+skHmdE9sgfdj0BIv8y6QGzvle0cC7NJP9Zn9lN3zq0B8uyp/BhZZ+pyJYyaQZQgf9xD2ZCLnjrgvTHPAGghoLoqFeW0+ZUB46XnNnfn2rM89rJ0DcXhxMFWhU9Z8v7rz/wnEK6fVbApALLY53sNFpAwMzGaDa72u4dKW0bA==
+abbvie.			86400	IN	NSEC	abc. NS DS RRSIG NSEC
+abbvie.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BaOIWWdF58lkotxuUqJh2b7oIzUoOWzUEK3nPzCCiJfChVnMUfY3fwla/OPM47htPRx9urRNqJO6ZnRkks+MJmrgiNuws6yjg+hXxlscoo8H3rwrFoExHTbSXf5o++y5lo5oHkN0K7NRqgpc1ez5ynmdiMB5e3P+IgozadWog0ObRhjiUQK8QhzT9KYHT4ejg92207RVHj5Q/PrZqGlRjedVFcgBscyk4jExRttK0sYGbca/UWaEXSqrLA6nhmxoHnP7vdJ2Vl9LK+rUwE9AIJ/6OSjlB0Z+lywfXx5TNN5CBgkQRS0E3ezlbTVt/L3Xi3Gc/XoNe/OwiOBhr2Dx2Q==
+dns1.nic.abbvie.	172800	IN	A	213.248.219.41
+dns1.nic.abbvie.	172800	IN	AAAA	2a01:618:403:0:0:0:0:41
+dns2.nic.abbvie.	172800	IN	A	103.49.83.41
+dns2.nic.abbvie.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:41
+dns3.nic.abbvie.	172800	IN	A	213.248.223.41
+dns3.nic.abbvie.	172800	IN	AAAA	2a01:618:407:0:0:0:0:41
+dns4.nic.abbvie.	172800	IN	A	43.230.51.41
+dns4.nic.abbvie.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:41
+dnsa.nic.abbvie.	172800	IN	A	156.154.100.3
+dnsa.nic.abbvie.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.abbvie.	172800	IN	A	156.154.101.3
+dnsb.nic.abbvie.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.abbvie.	172800	IN	A	156.154.102.3
+dnsc.nic.abbvie.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.abbvie.	172800	IN	A	156.154.103.3
+dnsd.nic.abbvie.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+abc.			172800	IN	NS	ac1.nstld.com.
+abc.			172800	IN	NS	ac2.nstld.com.
+abc.			172800	IN	NS	ac3.nstld.com.
+abc.			172800	IN	NS	ac4.nstld.com.
+abc.			86400	IN	DS	39900 8 2 7ABC5A1F64FBBFAD550CFE06953AA56A030BE7212A77A60813FF633DE705DEC8
+abc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YhNmQBuVvtAXnweZBh6TGmieEHvH1juWKF/Ud0qcsPnv6s1PFALLrZonUIXeDyrh5kr+Mvx+LWVaYf8yiqeKguSf2VZQvQWuwYEuBJUmTjf3f928uhE5sN9+P+UYjU9D+65iEw5eQ8dIe25wwmpCqN+Vsod9t6PNsPPJEWUySQl+r4BcMc3aDDw8KSWMsBUz66jyWjgILcuikoszVQeuKAnmPRn0vs2RnLs8UGhE8BhJc2Cj1N9T8EJQCpx0b/MncgQVwecyfRBCogkE6X1HyW5u61zlGYUgB8qnrN2NCh/gk2BLfi+1aO0DlJQy2RXG9nemGRk3wUbLn57UA6V3Lw==
+abc.			86400	IN	NSEC	able. NS DS RRSIG NSEC
+abc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cpO1U0mns+iPow6F3i16HSdzk3NgtEuWOsvwnSBZsF2vacUpH8cCF0KWY18iTKOI1sAYJ+ua5T0xSviEdkGNZG9/bY2yxpTkNmizYVXSM57RVXS3q6esBHKUqjtOSVEZryZHKUgwDlgR5bKEmEnlUypZav2O6RYu6kN9zrd9wLwGCWGwQJqpVklET9RrSsiPRJEYpZ6TKgPTOMsHk8RIKvVTuGHJe6ZVWsne5hkj0Qf8Hdqxpgr5zLqo1KZMxP2oSqWBYu6EC3brXwwWpeh0lyjYDpISAC6vCsBrAqSTM4+6sIOUaquhbVVXxJ0yVtOnipW/v0RaZBTzwyYqimHylA==
+able.			172800	IN	NS	a.nic.able.
+able.			172800	IN	NS	b.nic.able.
+able.			172800	IN	NS	c.nic.able.
+able.			172800	IN	NS	ns1.dns.nic.able.
+able.			172800	IN	NS	ns2.dns.nic.able.
+able.			172800	IN	NS	ns3.dns.nic.able.
+able.			86400	IN	DS	45202 8 2 C7832F26B62FDF91DA819AC5FA524EAE2EEBE0651CAF074B59DC0176D49FD836
+able.			86400	IN	DS	48877 8 2 6EFFEC2F6DB34B2D1086A3B4CEDD6E4109135877E533D6D1BF0F7CA760EB018F
+able.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LPIVqiK4jxbr6+PWNHE5Ga7FWECtS9VwNNnbL9NND+VhkzpjFuu1fp1f3UMpc+dzy6AQjjSExZSgANYgTDegJSOHtwucuvuaUxm7fZvfz86iVZqAfa21C8cnNJIo0NYPYCMyIuWrQZhByzdZzTfyc7RRvuqDonAA1TfqdmZ8IZKQzgRMB+LBxp4nAGiWUG8tIdeGApDOg1xLnE9AarvQnMWX/8CdfawG5Sq0sL9UIwm6YA1UVQa7ZEEpt4CC35uL2kfEI7hrNMKvEbXFROvA9PBvGtJ82B4tNYo5B26Wo1PbCG4Azo6YLv6iwv+UUm1gFpWrDQLBDZkqwk0U3vCCTg==
+able.			86400	IN	NSEC	abogado. NS DS RRSIG NSEC
+able.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . my0EVDhvxO/dZwvWAIleKXjp27TLm9nQCOJzENzRTsros/sIxt3SN6+oPpPNHAewcs3bY4AZOKyQAl7gPbB75zMamgjogl+h5lsD9eFo1rw0+0OPHCI2AN0ZMX0oFC//itU0ZOmjQVdIGbmwtcr/O10qva1dL1hNHnZ3HcQx5IbXmKYAqFldI+8MapwW+JGuFhjLDReVuUaMNUIvFA09tsmOTr7bo197YmxzWknfZz40KuS6E2jE7redpprrkVv3PicB/X6VQWX5ENSnA45gly+wG4HK5hSG/oVpsBzj14hCb6iZoW9RiWSFVILJFUsYTbY3mrcGtm76bV9l2qAX6g==
+a.nic.able.		172800	IN	A	37.209.192.10
+a.nic.able.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.able.		172800	IN	A	37.209.194.10
+b.nic.able.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.able.		172800	IN	A	37.209.196.10
+c.nic.able.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.able.	172800	IN	A	156.154.144.3
+ns1.dns.nic.able.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:3
+ns2.dns.nic.able.	172800	IN	A	156.154.145.3
+ns2.dns.nic.able.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:3
+ns3.dns.nic.able.	172800	IN	A	156.154.159.3
+ns3.dns.nic.able.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:3
+abogado.		172800	IN	NS	a.nic.abogado.
+abogado.		172800	IN	NS	b.nic.abogado.
+abogado.		172800	IN	NS	c.nic.abogado.
+abogado.		172800	IN	NS	x.nic.abogado.
+abogado.		172800	IN	NS	y.nic.abogado.
+abogado.		172800	IN	NS	z.nic.abogado.
+abogado.		86400	IN	DS	31012 8 2 FCFC05F3629DA70F709FB54E7D17214483216D641F8A6CCA90AD02BE852E5A8C
+abogado.		86400	IN	DS	37480 8 2 5589C84DDBF5B50DB5C8A9D5CEA939409C24CE6369F7013F683A0BCA912AC8F3
+abogado.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y0XTPdEq3ueQSO35BxqXb315fUekfFQs5guoQKR3Vdyqk1c6X1ANDtmgIq5etlHlRc9Sjxyd1x4FTdzsu8Aws2neXALGZ+JB+15SBHJya5adlZdIc98IVh6z47I9tSJ0ZhV7KOJjZC7jTCyDdgYzhI2k9i0uWbrRR3GSlqn2FgdqaH7oLI02o0FVuRudY3oBfJG8Zt+jAKfqQcK0jHGXPtuWCtuWK6qB/e6XmTSijQxFw7KgHiN0TiziutCjZyWM0PzKImkOOvjZZsmbuXf+YRNI+eEyFeyx8+8VWfqcoULQXVn0i195i8cY9SXGPvaj2qo77zjMfbx/FALWNGC9QQ==
+abogado.		86400	IN	NSEC	abudhabi. NS DS RRSIG NSEC
+abogado.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0YrRzN1y3yGL4rpLcqoSAev7U5KUB1Az6NuirrelDRroMyj3ROK2D4e6VMkUCSyWaucstYWs9Cv+NFXmXlSStVrDnl2Xg9YG43bTb7VplaPsILOlM0yTjVe1dbP5Xp0rAP7eTH7qhBVBXvlefYHuJA6sWAIU3ODCCQPddaTprRycSC5Qo7kggyHVvdCLxhciXsWqtOnsALQnrMr6/4SlAVhRVZnGmmg6lkRJrfx7jeyCLmSKDe9iNfSx47fajlJi/lUIPAzCa+F6jUBUfRDGpoFNa4560OZfZFBIUH6u3OomU02NkTTiBrDDMpJJujfRxMbsPo+YsNCZHXgnWCApvA==
+a.nic.abogado.		172800	IN	A	37.209.192.10
+a.nic.abogado.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.abogado.		172800	IN	A	37.209.194.10
+b.nic.abogado.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.abogado.		172800	IN	A	37.209.196.10
+c.nic.abogado.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.abogado.		172800	IN	A	156.154.172.82
+x.nic.abogado.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.abogado.		172800	IN	A	156.154.173.82
+y.nic.abogado.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.abogado.		172800	IN	A	156.154.174.82
+z.nic.abogado.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+abudhabi.		172800	IN	NS	gtld.beta.aridns.net.au.
+abudhabi.		172800	IN	NS	gtld.alpha.aridns.net.au.
+abudhabi.		172800	IN	NS	gtld.delta.aridns.net.au.
+abudhabi.		172800	IN	NS	gtld.gamma.aridns.net.au.
+abudhabi.		86400	IN	DS	15247 8 1 D2C05AD2312EBE77F6149F8B962DD9012D6D2CCA
+abudhabi.		86400	IN	DS	15247 8 2 4146C35F5EE96A341EE8C8F0ACA17A2CBB52FCD1D6D1C95C9AAB70061A7AC692
+abudhabi.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f1YOYYPbD6Ty4ao8Pxy0we+7W+yj3reXI6L5MbKHm6Wxb+hqqRJKaveEKL6SopBYwqXJ/V4ClqYYhFcItC//AJMv3kVH3hbPDuczEeWR71/FN6V1dTDnciKO7WN7wHHn+ZVRyqaD6RaFQ8TnkWdOR/eAvgiqmXdOHO9C779rcPxONz6K5RfCbEO7AD9tWpX6l/eQOpasGoCjczr58bctuOQRgfZzt/QLZIyR/1g6TAt1s0BiMdPLE6uU3ByyJ4V5f9b0Vksepn7gi49h9qMN/Iu6r8MzFM/mmRCjJjROFVIrjGy0RZD+P+WR68LMg569vGMIiU8X571A6VvXUVITXw==
+abudhabi.		86400	IN	NSEC	ac. NS DS RRSIG NSEC
+abudhabi.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lH4gfyYrEDgOwwBXzToNodtVhJPJEZCDYoNmm2E3XssLHH3j4i0RuBmiUZXpDFa6SbC7FvDBFykQykd2PiezjmLUFGiUAJJCleDAsMFTmpazIK03rUpCvag5Q/os+zmFCe8E+XxXp5Ty6oR2vplgR4dCk+eZkQ39hVS3VwERqi6XGRxGjw26xB2ef6iS39NwXCEl6G05/X2gq1EeVoAb9T0ByVi7qlQ1aWlt8nWT8DU4eMewabKye71X6QXteJ6pgiAKA2wZaX09+eQPsZPxg12F95eh5DF2uSDvYNAJ2iC4QsX7z5c+K90pq8beRWNtFQ02NRCr0e6rTbgP5htk1A==
+ac.			172800	IN	NS	a0.nic.ac.
+ac.			172800	IN	NS	a2.nic.ac.
+ac.			172800	IN	NS	b0.nic.ac.
+ac.			172800	IN	NS	c0.nic.ac.
+ac.			86400	IN	DS	42665 8 2 4B15F405C98F4BC3A370B19E54DBE75DF201EDCD38577C51D277DC6559865D95
+ac.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . r/wHu2Tqvqyhf/soHiBO2ML/AcTKL72YeZu1PXJeTiTD0r0fJuX4Ahv2kMtyKIXvIzzgwANeFWrhNktzy3oFvJQfGL1ShSvw4zf0icB4gUCHNAZ7VbLB5nnEk1Xau0yL/sYJOMtsz3Z+pIDfGrUIUpDTeOodXFrc+FTnCSmYB47RLvbQuY00e4jp295gRh1GfzV/PGlJHkIGKuuOXs9vIrgcl65LMALsRynziEAk1aSIl/QG3KSsfe2RFkKYj0OUelV2PIYrX0dL+E2NmxiuyEtGVC689gdCpGfchfuBHYz8yxIBfChrb49dkE6KqllEzeXhFzmTPJeF22ql0lNKbw==
+ac.			86400	IN	NSEC	academy. NS DS RRSIG NSEC
+ac.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lh/M0iH9DcaJf/f1Kqw9cnqwO6woEYAYuwmyjaV9Br33c9vLDQtl7w377pdnoUwm0kbao0miJwq8riAgVUUu3qrIvJCp3FGTdD5ShPykjFjbQP2wWfJQ7njeNBGChS/tw+iIZumwOJSe+BGSYeD6Yr9c2yL4rC38szJEPaEIcqoD82hLmXjiqDl+oxa27lzEfAEenSeNye4CkosPMSDNmJ3cJqQorlvmvLuSRR9OKCPloXF8lsyOnYQYVwoqX16PVx5uc/2r0+jp8L0NPxIwpUapKRJ/35GXojT492OWH+y5wtMYrKOkTmgq3UJ6tXgt6R5K/H3+ot/jZnwnt9Zy/Q==
+a0.nic.ac.		172800	IN	A	65.22.160.1
+a0.nic.ac.		172800	IN	AAAA	2a01:8840:9e:0:0:0:0:1
+a2.nic.ac.		172800	IN	A	65.22.163.1
+a2.nic.ac.		172800	IN	AAAA	2a01:8840:a1:0:0:0:0:1
+b0.nic.ac.		172800	IN	A	65.22.161.1
+b0.nic.ac.		172800	IN	AAAA	2a01:8840:9f:0:0:0:0:1
+c0.nic.ac.		172800	IN	A	65.22.162.1
+c0.nic.ac.		172800	IN	AAAA	2a01:8840:a0:0:0:0:0:1
+academy.		172800	IN	NS	v0n0.nic.academy.
+academy.		172800	IN	NS	v0n1.nic.academy.
+academy.		172800	IN	NS	v0n2.nic.academy.
+academy.		172800	IN	NS	v0n3.nic.academy.
+academy.		172800	IN	NS	v2n0.nic.academy.
+academy.		172800	IN	NS	v2n1.nic.academy.
+academy.		86400	IN	DS	21439 8 2 15EB9367DEF52BA7DCE806A2D7ADC6D3B279503235057FA6E7405E96B39F9052
+academy.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GQy68pT6MZE2wVBa2stfMf1vLiXC5qpuv5UL4+1f+xRQV1ZafsQRn5HxgQV5qwoq8tgnclAfio7AvbNZ9QLr55Dkp+T0537ZVTY8lIONGUyAnuXMQ5x7SJtLJudRNItNs8ofzSY/XDSBFjBNf+2ki5Gn4LBgDPpTo7aTaKLHHIVOnuEzLhlZ/0kJ39XxuynnhJp5YULSEe9VWQuK3cDx4msXR0CX0d1vh14EfqVQEHRUNzSz6JVJAYoVdB+S3PRDBPAjv1jub7B78Sqb9eVZFvIrKOtT/NzBmB4SwlVwb74QoyuVcyjIPnAaeFNh+FAN+E+rHd620DFhAdklbAlB8A==
+academy.		86400	IN	NSEC	accenture. NS DS RRSIG NSEC
+academy.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rh8ldZ4zLJ23nRwCEGjOIedR7UX/qkKgPsIPASU9h0aEiozKUsEgaGznqucOTlCk8NYC+VehTRQuSeZherjOmX+vkBmhe4FG42o/GEI099LtVzzQ22v0dfATb0I6ifaWF9hjud/NULgiHwY4kcgvExcwaX4C9KqrLGpw4ZDSDB/Nrd4eZaRuSAvqFiwc4kjJL26HGR75is2LjuBT5Jvcx09JLBl6vsbxxOT8eRcfrxA1wySsX3tonYldnOB/3JmZPs86ZmOBZBdcZO2wBldM2u5HX4Bu58VYhXxbVlvbpfOg5H/N7BU11T2/4LMxUqTrVXvXZTWHWom9MxY6NgAVlA==
+v0n0.nic.academy.	172800	IN	A	65.22.24.37
+v0n0.nic.academy.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:37
+v0n1.nic.academy.	172800	IN	A	65.22.25.37
+v0n1.nic.academy.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:37
+v0n2.nic.academy.	172800	IN	A	65.22.26.37
+v0n2.nic.academy.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:37
+v0n3.nic.academy.	172800	IN	A	161.232.12.37
+v0n3.nic.academy.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:37
+v2n0.nic.academy.	172800	IN	A	65.22.27.37
+v2n0.nic.academy.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:37
+v2n1.nic.academy.	172800	IN	A	161.232.13.37
+v2n1.nic.academy.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:37
+accenture.		172800	IN	NS	ac1.nstld.com.
+accenture.		172800	IN	NS	ac2.nstld.com.
+accenture.		172800	IN	NS	ac3.nstld.com.
+accenture.		172800	IN	NS	ac4.nstld.com.
+accenture.		86400	IN	DS	35388 8 2 0C1DDB821C823AFEC10942D3DCD16D6306221E4EE7F2F524E5D9BAD48BAFD8FC
+accenture.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZOAmWpIExkDRwopOPuJfI6Rx9PCsev3SocLfmtnn8Jw8/koF+jEQsUgr8dpkhtjeRnXGwze3fp6sefxgFy+egNeoMhDZTWCMDADNp0/aOqm/ljLnl0+q2GNjvoL2n+HG120oI4RdusSv1FVOHwxjdpaB7Pi04vkEpVyDF/CxiSOytUIdTg1UfuqTexAkd34kOAgV05YX+ZWaJjHnHBBWcz34cqP5kgzCUFj88OiIKeKZmsgITU/NXqCTVOIlCyvRHJIq8WGfyplfvIEU89+ON1SFKnOe7Zx4c2cl/dTs2W4ga2N3qnH57Off/skARuzNWizSvzvUyPuqrZFQSO6I+A==
+accenture.		86400	IN	NSEC	accountant. NS DS RRSIG NSEC
+accenture.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JBHvuR32W9PhPpcp9367EOUp3OGFoeTITCjuDGlr/b4cvPb65AdF5P1QgtCdzbMwM0nUf/BMnhLewjn1CpwrPhxG0zu5QT8Qu2DyPHf29K5MSUHhnm0re/LeVGdTi318xaDt9iCX8ZpjLLnIIKZJhmYksVxX6aGiLrhHVgpSSfTeQqHbvuhMRrgEr/ZEersNrxl6p3Dx4Q6xZ/oseDHqvw/QbTgYBNTfm1F7W/tQCO1aOKaBn3HM6hjBDdP0EbdTArb5nqaHsQCo82bG8+XIBwrTBKy3qbh5s3b6nN8yq9INHc+CVNRcFs4f35m369s+f8SEgEoqeWy4KQfHrU6Qcg==
+accountant.		172800	IN	NS	a.nic.accountant.
+accountant.		172800	IN	NS	b.nic.accountant.
+accountant.		172800	IN	NS	c.nic.accountant.
+accountant.		172800	IN	NS	ns1.dns.nic.accountant.
+accountant.		172800	IN	NS	ns2.dns.nic.accountant.
+accountant.		172800	IN	NS	ns3.dns.nic.accountant.
+accountant.		86400	IN	DS	44389 8 2 6BEEC4C8BCC3A1E6B88C46E8348E3E7CF900524BBC2C92E42A202229BA7CD7F8
+accountant.		86400	IN	DS	59392 8 2 D07B6B81BECEF22A22BF731C3EB8932CB97414E494675EF8C7771D4B768AB6F5
+accountant.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mCBJvQcUkPyybMHj/LYgb5cG8X8x7JwYkWnbvpCUm6Ka8zTSqn95KKZbmF2g4YkKGQ3ZoZ/EiBdd1AeJybo/NHX9blDRVnFUR/MrBkoDWwEDOgucu8ygYjreTj8x99RuRX1H1ItNgBGgwwRnZJhhTIU/DGtBaPn/nyiFIiJZaZRXU3MsOgQG73hHPFMrdFMZtu1BEZvh5nVDnnMx/FZB2OOZURKo8S9XLcqCfhlZj4/K2jafs0dlR+/PAc+pJYluzPywR7sY9Kg2yG4euIT6KdshwPWCyukhm+JC17McIeBnS82rnq7FJV/Mcnh80PHYA4yKl9qIqXU7t3f3JJcnBQ==
+accountant.		86400	IN	NSEC	accountants. NS DS RRSIG NSEC
+accountant.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0fdBmWzmU7Qe8sh5K0eRleRXYzFQuPQ6hXXtgiEEr+NkO6gA8gjmfNZqJabxs5mDK0NxdW0XHZ4q35EDxs0xSd+2b9tq5T/FkhNlB65CrCbiK0HtdaIKceWo9LGwYJlKtGjD7EGzZ45yQygYEXZIhL2R1xvxe0N/r2Qx09rxvJSoOP6sEl7dXrEOITJpWljzDeQuCyaNprIHhOUsybD2MnwSZyXqhFz8URkhRvSy6u/XCuU1ZTYAZCM4rMU+ihp70wFEcSn7Drmd2nDIgkPDX1Who22AgmCoxKrgjaS215chNSghyTN1SxJ5Fg6T0w6kEux8RCZ3HtMfGCG11nd5KQ==
+a.nic.accountant.	172800	IN	A	37.209.192.10
+a.nic.accountant.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.accountant.	172800	IN	A	37.209.194.10
+b.nic.accountant.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.accountant.	172800	IN	A	37.209.196.10
+c.nic.accountant.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.accountant.	172800	IN	A	156.154.144.195
+ns1.dns.nic.accountant.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:c3
+ns2.dns.nic.accountant.	172800	IN	A	156.154.145.195
+ns2.dns.nic.accountant.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:c3
+ns3.dns.nic.accountant.	172800	IN	A	156.154.159.195
+ns3.dns.nic.accountant.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:c3
+accountants.		172800	IN	NS	v0n0.nic.accountants.
+accountants.		172800	IN	NS	v0n1.nic.accountants.
+accountants.		172800	IN	NS	v0n2.nic.accountants.
+accountants.		172800	IN	NS	v0n3.nic.accountants.
+accountants.		172800	IN	NS	v2n0.nic.accountants.
+accountants.		172800	IN	NS	v2n1.nic.accountants.
+accountants.		86400	IN	DS	57157 8 2 FE57F0CE1828F591E6EA40B797A64813B5C75624614F92A50A90AE164C24D2F7
+accountants.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qOGQt4qJzbtlg+jYEhQuYsy8/sUo0mjc83OMxM23qpN1iVE1g7yz+6UAt46hkjtQ4wk75L0H0aCVGXrW8bjs7+EyCTp7/ETEY+p6HMA9Gc85gXmjsUdV7VEeKwzx4+/cm+arBKyfNOkGngJayvETgCSTRb4+alYzX/E6QDSK3myretLviG8e6rc+EsXH9KpYsPq8MAvffNECkwFnHZ62FFrC8wNJqQgOsPuMDYhJwjtUnqPcsBSte/PB33L5bddRLevkLO6i8D7pGCaqNyir0pzJdltB3RBzVx85N1gEDCpmm20ukv+EKwcPbFuOJWh4FRzhiExTQpMckDeOI+IR2g==
+accountants.		86400	IN	NSEC	aco. NS DS RRSIG NSEC
+accountants.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Yt5SjTq+35fNuw/vePUFIPmCOmgf0Dn6Uh+P9JNXMTzJ8yaegWlt2pa7icEukWcE9dAF36ezhgEDtHQolmcFr6tRnejRxNqqrsmnS0j+NQMdT1jT5I8J6LWpPtV6j5FPzgTxPA621yw5RFiWoXn0xVZ+W13058sdtSt/NNu7y1o53p41Gzo7s/9oGy/HaPbKoo30Hhswpnbzb7YPjBcweZwBCodoTHuyD7BWkanTan9hSB1cuXQGz8vPJRMcQAlem+FqwBGxY0ShaBWJQNFoQNNqHxjQsTNwG1MEyR4yQvAYDc2VBQde+ML0kwPABVcKnmNmflN6wM3YsTM41fT77A==
+v0n0.nic.accountants.	172800	IN	A	65.22.32.31
+v0n0.nic.accountants.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:31
+v0n1.nic.accountants.	172800	IN	A	65.22.33.31
+v0n1.nic.accountants.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:31
+v0n2.nic.accountants.	172800	IN	A	65.22.34.31
+v0n2.nic.accountants.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:31
+v0n3.nic.accountants.	172800	IN	A	161.232.16.31
+v0n3.nic.accountants.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:31
+v2n0.nic.accountants.	172800	IN	A	65.22.35.31
+v2n0.nic.accountants.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:31
+v2n1.nic.accountants.	172800	IN	A	161.232.17.31
+v2n1.nic.accountants.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:31
+aco.			172800	IN	NS	a.dns.nic.aco.
+aco.			172800	IN	NS	m.dns.nic.aco.
+aco.			172800	IN	NS	n.dns.nic.aco.
+aco.			86400	IN	DS	8201 8 2 E32174A9C6E3E3899CF5E0FE6053D8D9E615E0C2993CA32DB589027F03AEC0C9
+aco.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sFO1w4qBJOWO02f5wMuqjL2NpL6tlPvQx/6zpzhR5FqGGmU+8PFJ7gshTFu+dN1FlV3PS27NlmJLhPa8K6osjtx9DerFnjN76LslKjsqhRNlVkx9uXQhPUvkBEmgaOa7HxydZcb8/sI/+z3FvGTtO0U1Wx893mz8GOKTOWJ5AccfLRCM+U3JhgfksrBH/zQF6oN/BSzT6QS5UzUFf2xQeACMW9C74jqlTZernXcNlGyTLUnT61Pry40v+edGg2HcAUt+cqAZsZhov7TycR6owk9qTdYgCbt8hNR943CEXkdofm+TqHsOxddaZ7KwrkRQLUr2GewHE0ERsGH75JZYSw==
+aco.			86400	IN	NSEC	actor. NS DS RRSIG NSEC
+aco.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ITfYX0cexqQ8q7A7PegDFiZjaDP3iGVJ4Jwz9q5bKqfVwporZ8m6/Q39UW+tobdEjmYrFNLHciaRo+f1k9exhjRE0UUNUFzQ6SVohOmsqnRjvuguYD2+oBhccp00tnXISvBud2AYfb1BLcc4bwxm+zUFGwCnHZmyUT3U4rDuatpIT/Cy+3DDJ7489B7L4qVPKPQ0fQbtamysL4czzTBdA1l+cx6RLdVQJqJE3viviAxQM67sdXfv1RvhsbviPy8PCwXq1FD2vcsFiDXZPFCZw1KYM/He32QwWUpSBcMXIlPFUtwr74vgkHVuoTUUQVuuojFRNMRCJxBl6bZ5yKzeJA==
+a.dns.nic.aco.		172800	IN	A	194.0.25.32
+a.dns.nic.aco.		172800	IN	AAAA	2001:678:20:0:0:0:0:32
+m.dns.nic.aco.		172800	IN	A	194.0.26.12
+m.dns.nic.aco.		172800	IN	AAAA	2001:67c:10e0:0:0:0:0:12
+n.dns.nic.aco.		172800	IN	A	194.0.24.12
+n.dns.nic.aco.		172800	IN	AAAA	2001:678:24:0:0:0:0:12
+actor.			172800	IN	NS	v0n0.nic.actor.
+actor.			172800	IN	NS	v0n1.nic.actor.
+actor.			172800	IN	NS	v0n2.nic.actor.
+actor.			172800	IN	NS	v0n3.nic.actor.
+actor.			172800	IN	NS	v2n0.nic.actor.
+actor.			172800	IN	NS	v2n1.nic.actor.
+actor.			86400	IN	DS	59464 8 2 FFAF29FF2113EDD3D797F86123BC6A7903F588A252BB9A85E35F2890CD2A283C
+actor.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RTJoXNP++P7id64dhSn26fF0a5iTA5W2Hf9HXdnamFld75XhA1arXhZ9kS1QgVVMuDoCBVRzMKVwRtVi+F1OfBhfIaIpLvh2KVsma2CwGPC7bOsBeGZRFThrlyERQRy0AF6NDtfwoEe1qw+W/hV530rvEjbTJBIBoBgNeBFbV95rLD/IZ7XWeaRV0bPekdnjsttA8kUhfFqMP4nMf+MqtOkl7z9bSsRQOPaBxXj91T8LWh8E5APsDhs8A+8yH7KLcdY1Pef8UvijuekHa6oz5oPUiRhaNSv3Q5uRSVs19uaXlDciyqA+SA1c3KHvvD/+HFN+iecwKXqJp/2UBqSX4A==
+actor.			86400	IN	NSEC	ad. NS DS RRSIG NSEC
+actor.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IToll7ZjHGZDlMpaJ8EAhPG8x8URi0PNnY2BUezVLtLlRoz4tJwWTMt9X1yW5sxarX2ddmq+eIIQvun/9iyryfuM6iL4K5GIVgXU+a6Y1MOWfohLIGhMmqSRGbSZ7f++M/w2xJLVBPccVarr2jKR5R1fqDyDbBPYLgFHPMhPfNwpzkU0J2TjMBMZqZGTFDJtl5AsPF+oYEe6wWONhj0pUGI1u2WYUEKQ2QoqAnSpCzHY4/lAvHbwxrKNcaId2TYDfRR1AnxHSMbGFbHDVoXQ3m0rBSHwJx7o1diw418PliI8EkWvRcg5P0kEeBo3Mk+Rk5n+xm6NLgrgS/wW6nF4Bg==
+v0n0.nic.actor.		172800	IN	A	65.22.32.60
+v0n0.nic.actor.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:60
+v0n1.nic.actor.		172800	IN	A	65.22.33.60
+v0n1.nic.actor.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:60
+v0n2.nic.actor.		172800	IN	A	65.22.34.60
+v0n2.nic.actor.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:60
+v0n3.nic.actor.		172800	IN	A	161.232.16.60
+v0n3.nic.actor.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:60
+v2n0.nic.actor.		172800	IN	A	65.22.35.60
+v2n0.nic.actor.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:60
+v2n1.nic.actor.		172800	IN	A	161.232.17.60
+v2n1.nic.actor.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:60
+ad.			172800	IN	NS	ad.ns.nic.es.
+ad.			172800	IN	NS	ad.cctld.authdns.ripe.net.
+ad.			172800	IN	NS	ns3.nic.fr.
+ad.			172800	IN	NS	dnsc.ad.
+ad.			172800	IN	NS	dnsm.ad.
+ad.			86400	IN	DS	10624 8 2 732AC3921E40EAC6C01B0C467BEDA420F42BF38B7C462E86D01D1D2C4EB9DA37
+ad.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1zbDjtnyU70Z2Us/tpGepzTZRmJ/yd4Ez3T8w6+TGLtfu4RTedOBbhBqjLw779n2hU5QhXQSBRkTBtE2UEAACPsqEiBf0uLGVNYxz97f5uSZ2XGWfOzlD7r/OlykYMWc9WMxAiqQbcgFQpou0sW63qvfmCzJ4Gjl99ny10kdghwGjK84/HwwVpnGI6NyiD9qaUEWTwxGub9W08pHdCQdcL1UYbQPwSvAoYUbGPAJ0adaTP+rS6kXUm+bocYEDitwfTnlF/+85epFE/H9VKHcVp3oUb45RbpLiqT3OPvKqXkGKIOGLmTQIc8nhuA1tjRCQaNzQz3R04HQvTon/4Xr0A==
+ad.			86400	IN	NSEC	ads. NS DS RRSIG NSEC
+ad.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D9eztRrpkXP3cbxS9wQJaJW44yg0e6mBGPOPJH8hwR9SpwY+1afSUmRJJhJetBzuMJdmMHg81Mw5gjcjeSTepjccE3S0+ROLxD6uVP587Dk5iRvXIwQSgKzSxaCfVvFBKVvo3X7bfSjBtz1ay2dKgcvY4+cU+iNHCTb63zH9y7dwn/JlWRKk57KsGNCfuGCkou5YvhvvhcJ9Sk92mtAoNt/GIu7zccUZgyAikN0dckK9e4P5aRgKhw2R36O8yFZ2cDEEwkKu2YbIHO7FBUVJWv3SGFSSSsMCh1DQLmCxS4M2eUjNFyf4H4mdmZIRXvZhm9s9JK9HYBaAN+fpaA/YJA==
+dnsc.ad.		172800	IN	A	194.158.74.10
+dnsc.ad.		172800	IN	AAAA	2a02:8060:32fa:0:0:0:0:b
+dnsm.ad.		172800	IN	A	194.158.74.9
+dnsm.ad.		172800	IN	AAAA	2a02:8060:32fa:0:0:0:0:a
+ads.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+ads.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+ads.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+ads.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+ads.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+ads.			86400	IN	DS	45211 8 2 DDC1297DFF56CC8B2DE6AE9D81734BC6E4440A99FFA17C40E565433F629C3000
+ads.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YoI1BJ4nnH+gBvF4JCwOKRiZurpU3IYS1Z/5fEAl72YXfsD8nXjlr5MOx9V0aukUFDIAX9vtvigb2GfYhOoRNrsyBpAgVSuJAlpDSV+86jwjMGB16dq3VJ4IhkiCJG5UkJRrH3RuOByN9TAUqcvJ+gYGPj33eHS+7YWZ6HavinJKMW2RwJYa7qYbrkSFlm6orTBWWgbZnkDyh5CUG3DZ4OQgjFPpQf47S9b10TicasA80rQfsiv08u1DANPJFQJ0zZT2ws8NgnhGC6v1OOkBEvlsUyPHnil/KrUZPelKWpCqvkXmtPvECgmsrFrqE6m4rLHDr86smqySZgty2y25sQ==
+ads.			86400	IN	NSEC	adult. NS DS RRSIG NSEC
+ads.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MyEeRHSo5evrx3iaheBQoMfCaLonkt/r+u2d9r7bY+sAvpoln//wQAGBI4dUcUfaxVLg08TnzEKqD0b3n5lw9FdFYlxbXE2ipmBVxlx4HJOIjYwnzwfnr0yAzi4zQip1wYfAFi7HengpOqbk3lXGFmubssEUORwcT7O1x1RDjJlc9unl+6kZRakoL/djUCfTMRGCeqO1tg2qhuC0Z3rEdTtk5K0GbfY/TDU9lGxKw/j0L/UZU41tk3rhbHH/fheARwCqzyTdu0YG7rIwyKT0oU12zQ8XfRePOf4NfihJOGncsMubsi+lCv5eeNGP/Vx5h3CAT33F24ceRyLrzrmuaA==
+adult.			172800	IN	NS	a.nic.adult.
+adult.			172800	IN	NS	b.nic.adult.
+adult.			172800	IN	NS	c.nic.adult.
+adult.			172800	IN	NS	x.nic.adult.
+adult.			172800	IN	NS	y.nic.adult.
+adult.			172800	IN	NS	z.nic.adult.
+adult.			86400	IN	DS	39064 8 2 8D2CCAD69F8EBA3C73214B4877386921586CA56F105B44FC91CEEF1B4AB59B80
+adult.			86400	IN	DS	64321 8 2 CA734AA86339CB101665A65C4F33F4E86B37CF2512FD4C1655C00026D6F70915
+adult.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hyZjew1DT4eL/fmVXieMRY0lf/3/Shj9FnpouDhY3hizUTQ30FKZq9oE+44aXAYDXgBIVLmKuRKAWsoV7JqVxZX8cFHWYjCPwJzYiscWEcbwfpXZ31PYAGeV1glH0IEPQnATrgOuFJv+ubjVP6zlFI2k9lJK+PatJjHiV+btpckZ31YfymrywFbLtWvHl7jU8W4w2Sbk36tOMFE+MhmMmLPUmU8MectyBWr7ahQWCp9xc59HLr9r8n+4JBzGg7elam6h0BwSk8q3xhJYEuvPFrPM0AlR4xhKt6vHEdpA4p6EH4Pc4QOgniNOGBAsm/BJ+JFGDKoT/xUDeoKiYzpahA==
+adult.			86400	IN	NSEC	ae. NS DS RRSIG NSEC
+adult.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cU/Q7KCY0Osjf1f8xfQvq/7bIkW1hpFAedkV5guje5hpl6I23lczuYxpLY1sYOVMc0OGdWeZIp9ru6g1b4Q7cX8ODORdx3cVZ/u+okhhnDW60HvHu9DcxZeANDPkM7xckEdgQ35jtecoYPAFD628L4AufT0Dh3Am1T8rJSKK2I8zApWvliv0B5omK+pFXBjzf6SK0HIWmQK97pODI1VJL7g9vJbVox4b9sAXXsxOzOLxtFeq/Y571xzdQOgtvptfECh8zvtbfqMtFtRVtI2mdjkq6cKEW72WsXYa2BiIPeqcgV5fZ+dAbPOUrcVXkII5MUZBnqulajezKgPx5Yu/NQ==
+a.nic.adult.		172800	IN	A	37.209.192.10
+a.nic.adult.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.adult.		172800	IN	A	37.209.194.10
+b.nic.adult.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.adult.		172800	IN	A	37.209.196.10
+c.nic.adult.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.adult.		172800	IN	A	156.154.172.82
+x.nic.adult.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.adult.		172800	IN	A	156.154.173.82
+y.nic.adult.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.adult.		172800	IN	A	156.154.174.82
+z.nic.adult.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+ae.			172800	IN	NS	ns1.aedns.ae.
+ae.			172800	IN	NS	ns2.aedns.ae.
+ae.			172800	IN	NS	ns4.apnic.net.
+ae.			172800	IN	NS	nsext-pch.aedns.ae.
+ae.			86400	IN	NSEC	aeg. NS RRSIG NSEC
+ae.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mB8+laxllu+4a9kInJCB0i5wB9/Vmr8T8z6qFhYRBbAz+fLrh2cdE0hO5cmwRajRUz5XWKSumh1FbobxjGNsXdlwXDkSxe3GrKGnnJc6PrEUu3y7dclefst8nt1EtcWFOfJvwrHZ3rcL5qt4nELSiIqu2mbT3nZQk35+EBDJQ5mdgwuBN8loRy/iVCQYBx0MWSvpcqyc8Sh7JbXlE7vwmJYhSysmFfRzFbPrzihEeOjXnPIpPppAjUICOFbfLSOkBmv5ACDucyH8dHhDGEm/sKiCWlTBqQEkG3+z51vU+34yX64wKNPaUZztk66YzCUV+VqIIL8JMyUiem5ZKnILkw==
+ns1.aedns.ae.		172800	IN	A	79.98.120.73
+ns1.aedns.ae.		172800	IN	AAAA	2a00:d30:120:0:0:0:0:73
+ns2.aedns.ae.		172800	IN	A	79.98.121.73
+ns2.aedns.ae.		172800	IN	AAAA	2a00:d30:121:0:0:0:0:73
+nsext-pch.aedns.ae.	172800	IN	A	199.4.137.1
+nsext-pch.aedns.ae.	172800	IN	AAAA	2001:500:7d:0:0:0:0:1
+aeg.			172800	IN	NS	ac1.nstld.com.
+aeg.			172800	IN	NS	ac2.nstld.com.
+aeg.			172800	IN	NS	ac3.nstld.com.
+aeg.			172800	IN	NS	ac4.nstld.com.
+aeg.			86400	IN	DS	34387 8 2 03500BE162E8B2BC43345D119763E29D9284DE715BDF66E55DD19B400A1E64AE
+aeg.			86400	IN	DS	39735 8 2 B28A67A4935609BCF1257AF4215B9FFCE0F7E917BC076BD69030A5D76008AE51
+aeg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GCMfafVJtV25vhrJ9GoOacEEDagHFDssufp4iKZZTnz5wY7J2L9EDoPLJ0JeoGqMx5WMiQjl7cUFykfxfel49JENjbrSQMdo6xv4UpBf+5fMoZF85iCbwaG/lMUPSEFOp0Z0y2yAQfevsddMKE4URLkVEK/dS/gFSr5pzVj6A5wYe0jk7NdIamptStl4JbEGqCGqa+ucAw99qM64P3u3E3dlhJE4aWX5L9rA37oVa3RHWJlu8/OqgABo5PYQn99qoD1p8QsbqSAmxV52LUTye+zmiiNOyZqbQmyBk63WwW14/1l0aJwW9BNQD50P64APwyjFHE6pq4+TECxlJACwgQ==
+aeg.			86400	IN	NSEC	aero. NS DS RRSIG NSEC
+aeg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b4aJUVzJwbzKKNy+yyn4Dsu5BM6M0zu10Oc+FVMhVUpFfGU6TpduGUyHbxwQufjw5UH27Bt1rDWl8wpdU3vftWRMkkK4yq5TAY7crb5LoU+Y2eBt9TKB3O4b4coxwwYwgT2LdsFfU8N2GMhSds//8Q7KDTNZmbiyaNGSxhatTirw+WQeMn7VCq0TgfnWEpaML7/B/I5NucxArlAqPfIgu5xdMnf4JcudagmkjWkPVXly8UppTzz9R0/7gzJ3IV4QtNJd5emEoBeN1AV2IUX3VX2GJe3MjsZR8VK9Zj4+CZqwUeWasLTwkzk8t4I1XSY0KDP54MN0K7nuVhwt/aJrug==
+aero.			172800	IN	NS	a0.nic.aero.
+aero.			172800	IN	NS	a2.nic.aero.
+aero.			172800	IN	NS	b0.nic.aero.
+aero.			172800	IN	NS	b2.nic.aero.
+aero.			172800	IN	NS	c0.nic.aero.
+aero.			86400	IN	DS	59071 8 2 1D81D38A696E94ADE581EBDEC47A2473A4A22712C33E5501D9756F98CE8B1714
+aero.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . in355lto3N65WE7OHBF9riskQiSSnRWplC+nmhKdp6VsIjV5WdJR+Sfyv933xVpYCXU05NyE0ybJrX9SGTTvm7v3aRqL+9BxcqxxYK/CtfICoe/IS/f/Z0lF9oB+hixdo8aQ/YDy54fXJHvqn5QEH8uaYRUOsl+8fKVDj2wnZcxy00GqmdUykkzh9TFZj6bsBQZ7qc6EYq9rDIPT3z65wUJDKgNTLvp2jhzUeavS12a9QIG+PVZvZOtWetfUvpEWOW2WS1wOUiEvtwIkghzmpM6KStZDWqgEpgDWit7v77cQOHrpJ4ShkZ4EbKCX/hL0s8q6fCBUVLCmSB7oV6Mv+Q==
+aero.			86400	IN	NSEC	aetna. NS DS RRSIG NSEC
+aero.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . R54W17U8zEmVoip0Xz1RRupjWhfFCyLmMP/qHGV7C86NSkJHiEwt07g2rXB/gdd+SNr9Fsn3sNU/kcQ0ft3hzNLf62LWWYDAaAxBzpic6Snxhg/gJWP3G7L4EsuH5BZOUQozzDp1vGN5WuzrN7L5LEDqHJ33G/R6NchLlMeFc/ybb92qYHKisiZmZBoFfPOMr9fxJZ+qZQRYKj9ntr/JDGMEYV3QNMnxOJ2iWn29g2dqOhcQZp7PKZUD4GnnM9+6DhYehzA9fLhv9mnmgUgkQJxYCK9TGK72DT/mAVLzT4cxs2qSYvgI2Ma9hjYwR3Z81U6tC85m3ttpza9HBEAq7A==
+a0.nic.aero.		172800	IN	A	199.254.51.1
+a0.nic.aero.		172800	IN	AAAA	2001:500:1d:0:0:0:0:1
+a2.nic.aero.		172800	IN	A	199.249.115.1
+a2.nic.aero.		172800	IN	AAAA	2001:500:43:0:0:0:0:1
+b0.nic.aero.		172800	IN	A	199.254.52.1
+b0.nic.aero.		172800	IN	AAAA	2001:500:1e:0:0:0:0:1
+b2.nic.aero.		172800	IN	A	199.249.123.1
+b2.nic.aero.		172800	IN	AAAA	2001:500:4b:0:0:0:0:1
+c0.nic.aero.		172800	IN	A	199.254.54.1
+c0.nic.aero.		172800	IN	AAAA	2001:500:20:0:0:0:0:1
+aetna.			172800	IN	NS	a.nic.aetna.
+aetna.			172800	IN	NS	b.nic.aetna.
+aetna.			172800	IN	NS	c.nic.aetna.
+aetna.			172800	IN	NS	ns1.dns.nic.aetna.
+aetna.			172800	IN	NS	ns2.dns.nic.aetna.
+aetna.			172800	IN	NS	ns3.dns.nic.aetna.
+aetna.			86400	IN	DS	40324 8 2 6A4C3C1CD8D865CE88FC01C009D393D12AB8B585A68A196C4B2651239F531B85
+aetna.			86400	IN	DS	49819 8 2 2F8CD71C2CA149B4DA0F60092C775FECDFF60B52D0A61064F458E0A99F378012
+aetna.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CRPBlLVSM1RJINw5KEgkArQ/sxrxK/n45WoxzJDSZ35nAMD5FNHzX81+wPpcOyo/4NDFi98wSOtWtsCXku2S8+jdXLx8wQP6y8j+Jv8Xgc6wqo/LuhnhQZvd30okqvhZWnJI+DdOhTWJihQE1H4bIziqpcKM/oQUHdAe4kTC/lzHjWgKOZhluA7vM6+E1+QU0qoiWHrVe+dkYethuPeVFUTny9BcGaecTBwnW9Jp+bcpHYiFIfxS7+dPjAZei6NrcrQFxNuJz3YtvNy3ojC0zvVl+PiwFF/D8a1ImAVUEj0jGGlhi8/3KNXsA2uif6XGQj36dcovjFcm+w9TDupFAw==
+aetna.			86400	IN	NSEC	af. NS DS RRSIG NSEC
+aetna.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eK5AT1Z4VvuWKlrB9P9q1wUB0bgzduNsXThOq0wzeR6ndz/CO/kF5A6x9Cy3sRQsud37GS+kWBqIXFENfmcC7gm898yi3t/bzcy6/JJV+Ha8qJiwa5xsi8APDwsEJQmDNBcTAqijKoQIMFcKSchiV1IOqwiSMu7GxKX8gipIYiqXPBZFLARB5d5xOMwoXmEyU/PUjMAhHM4Tmq97fedxApU988YZcLgHH4dk1EZYxMVGVOAlw/y3Ral5M8Wr6U0o9ykB6vVJY+0b6sOgtsjflp77NvYXf0PfPPMPnhN91B9Yff9XYT8h/AsM8dgfl6pOqPHZ1Re+pYRKjQZmDjQ8Fw==
+a.nic.aetna.		172800	IN	A	37.209.192.9
+a.nic.aetna.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.aetna.		172800	IN	A	37.209.194.9
+b.nic.aetna.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.aetna.		172800	IN	A	37.209.196.9
+c.nic.aetna.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.aetna.	172800	IN	A	156.154.144.5
+ns1.dns.nic.aetna.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:5
+ns2.dns.nic.aetna.	172800	IN	A	156.154.145.5
+ns2.dns.nic.aetna.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:5
+ns3.dns.nic.aetna.	172800	IN	A	156.154.159.5
+ns3.dns.nic.aetna.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:5
+af.			172800	IN	NS	ns.anycast.nic.af.
+af.			172800	IN	NS	ns1.anycastdns.cz.
+af.			172800	IN	NS	ns2.anycastdns.cz.
+af.			86400	IN	DS	3691 8 2 56C77864A2CD726F252634C8804A2AF33EA2CE70C49091E08C223BD2BB33CF5C
+af.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . itg0qF5FmPKMZbVHwZVLKcsgmhvmrcaDLzU5PlLqu3l0t0SOQVWBONbB9xizJPhrSezv8lM645sI6t7WW1a3fn6quA4Xov7FO8iGaDGYdhP1FLbzxyoNcXcyVJ6A8vWAo0lLdUbhMtIq7qwO5E+EtKYWXY2p8M3U3wsSNky7K10inmx7xqGkqP3e3AU5yvKkdzR85K/kDNfxpeK9sO8jkIbwPZHiNsaE/advPfJRYH8XpzYTpAqVkrUs4K/zsyyGEwA/ZoABTTZ+B/Qr4dbVTzsRsD+etj/AjqCERQAREJG2SSc/hf+MsGPLF9FGmJ45W2aqL46IhanTYODq8np20A==
+af.			86400	IN	NSEC	afl. NS DS RRSIG NSEC
+af.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . i/ZdWRKmtvt1FyLnCk2ye8G/YygZBMi4Bx3Fsh0EaZZ+hu/zK5yaM8mv68NHxMz1+MYR5tG3WUhlGBROBZFtQyJDtg7e6aH/3duPNK2atWLmptRUP7DVkh8Sg5/GPQUNJuskddbmcNcLg5c0aO2ul02pMxqiB+SUFGSl6eH4TJD0zwwfczFfYeFxmR33nd5fzpWY9Q48RJIr8dDbjxZ0VL08oPhqucGuP08kCy1niaQ1UNpuQ/zYKxyzFCdeTi0ElwW9xT8d3eTXXoVkvDzhDI3AFvG3j97VuIO0TUlCRo3aK//adrEsjvaTOrzB7cAsKq9faJ8lubtV7cdLgZdftg==
+ns.anycast.nic.af.	172800	IN	A	204.61.216.13
+ns.anycast.nic.af.	172800	IN	AAAA	2001:500:14:6013:ad:0:0:1
+afl.			172800	IN	NS	a.nic.afl.
+afl.			172800	IN	NS	b.nic.afl.
+afl.			172800	IN	NS	c.nic.afl.
+afl.			172800	IN	NS	x.nic.afl.
+afl.			172800	IN	NS	y.nic.afl.
+afl.			172800	IN	NS	z.nic.afl.
+afl.			86400	IN	DS	10006 8 2 DE6443D2666E4F9E6066E1B7F1C42E3CE849246F4E1EA06EC86951A002A2EFA6
+afl.			86400	IN	DS	13525 8 2 3ED455AF1ED7B0B93E6E2D245360464C9D6549DEF04606B10E76FD52BD692CA3
+afl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XRtlU4UfYnOWcJ22Ecd6KqvDsuz5kfEOMFabmgUzl9VfNA4toTEOi9cnGOLhb0j8iCSrD06otSw2psRyjvJ4MHDmWKNa66RFPa+ftD6nPFGPXenAyLByYaQgM67q/BIa+ngKXgfHXq1daizUjPD/C6i/DmywMY1Gy9f0eFGznAk3f7jMbhEM8mDsJiQP6V9xLBX93HQUuv1bjSERHRHpD1XvWzzfnBMVNqbRDuoozwifjPZif7KXqd/XELMey5RKfjJ4t25q0859S3WaNNKnttn5CEs+dP0/JMKxI1poHvvKs/vWlAojrKJUyEJ2oUhjTT0o/y4U4I1YCLrSzQzyOQ==
+afl.			86400	IN	NSEC	africa. NS DS RRSIG NSEC
+afl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CLqVmCIbCSoctEmw0UacNs5hGbbeT88E+V7jYZ2nOWaX5XxTm47iz+Ji+6aymyPQpksjF6OB4y6Y3oc8m6AG34y37ZaVxB/yU9ewSE7h0uaeMp3PHyHSsAse6aK3b66W/utwd+r7eaLg0yNQ4dqUGgpBhKhb/L5D+841vifZCBv+CkRt5i4sNBs5UaHh4aByMLBFNrMWj/eM62FGqjS7IJ6oawBVMKP/VEggAvv6EJM6obicxYfTrGZPZKtVvNB0ll9NoJPSuezs3y77+FrOgjJr/TGx42Non5iuYi0pD1nU9wfvNzt9U3t7+ZauCsr/hdE2c6QgSALKl7gGqhJ2QQ==
+a.nic.afl.		172800	IN	A	37.209.192.9
+a.nic.afl.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.afl.		172800	IN	A	37.209.194.9
+b.nic.afl.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.afl.		172800	IN	A	37.209.196.9
+c.nic.afl.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.afl.		172800	IN	A	156.154.172.82
+x.nic.afl.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.afl.		172800	IN	A	156.154.173.82
+y.nic.afl.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.afl.		172800	IN	A	156.154.174.82
+z.nic.afl.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+africa.			172800	IN	NS	nsp.netnod.se.
+africa.			172800	IN	NS	coza1.dnsnode.net.
+africa.			86400	IN	DS	44605 8 2 872009B128134F098AEB415390E1CCCE0DF64338F7D3345DF140C59FB15C7D82
+africa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YrJ+G/PYODKXkCmfuWOIG2dSQYwiOwlYUur03EIjfUz3777bbtp97vPGAuzIbTuP/br4lRdbaaNy2Ibt3RPpbU2s5ni+50bFEmWLVkl2wjlzHvXHn/YzBML3uaY6ThAbR8RXoUwPaGwciPYgSXRQcFAZpMS03BJIr9K9TEI/k9Ep6aiMD/m2G+wIO+awTKUiOy3WBV1U81JGwSAFA/yiX8pOiI1PKtfdixgr84VVAE9CzuH7iEd45/+4nQRnTN9xtxt48cfRsZ0Ktlv+J6hcUhHN+SBVy7O9tHAMn5mUdXLvqnulPCM+uXnrZoCfGuL6WjaijrFteoIpTXB7FYgF+w==
+africa.			86400	IN	NSEC	ag. NS DS RRSIG NSEC
+africa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zDw0+4dUFLv83uQ36cyxAwAG5TsLm3uVoBjKR6b9YgxZklZXkv7qAbhZc9cvlqJJAm9Y0f9NwqQMLzVWzxcTop5DwhQ5RaEgstDj/sEyt2faSar34ihH7O81nH1jS7hbHManagOJYdZmk1Dy+6PuqfzaDhfynn9H+oM9RFrWwe3Qm7UFhg2YivM7D4Ksef4NgIv5Q220T0p4xyUeb/1FZjDgNh/mkbKzRYxxhobhqTmVcw8EaQNKRU/wJpXCUcKS7SEBSpERGy9FbDFOWIfK9LygloaDB48w7lKDEmKd9sl14loh1ZzOcmJv70SA4iDEfJySY367xhEDEPYrmaQ29Q==
+ag.			172800	IN	NS	a0.cctld.afilias-nst.info.
+ag.			172800	IN	NS	a2.cctld.afilias-nst.info.
+ag.			172800	IN	NS	b0.cctld.afilias-nst.org.
+ag.			172800	IN	NS	b2.cctld.afilias-nst.org.
+ag.			172800	IN	NS	c0.cctld.afilias-nst.info.
+ag.			172800	IN	NS	d0.cctld.afilias-nst.org.
+ag.			86400	IN	DS	8905 8 2 E3CDCE330B6F170283C06A1E3AAD11C098AD4A83CFC0F3CB603ECFC49AF4A059
+ag.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QQnAFr1PCa2WCFfF04acpdY2IJwSMmBfQy2ktX0n4tohu/BuohhS1/jrzszWocmSTBszgKh050n+NoCyFSiRGClBtCRtok2+y1dkzmgmnUVb09/GZzDclBxRbaQ2UFqKGXXG3KbLVdv6hl2FY36ZM/32P/AOrKQstrgXhzW6cMNd0UwUK9chozyWqC4OrJwFsGKcwQMFLRhOR0fAZCubQfH9crEFTOinRlae/Un8EJZUMnwpkmg//1FnXwWw+EeccDgDu4sbX2Dz8Ih81stjB9HL8DQf2furao07VYGswBc/qNqfThryQGW+OHEhSCIulP0VtKhYnuBKDxOxi5VuqQ==
+ag.			86400	IN	NSEC	agakhan. NS DS RRSIG NSEC
+ag.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fadf/nekQHHquHFxoSA6R/5F6TwrkelOneovTqLMaAQ2vKy2wwzu0pvkAz56rvWSMbfmoexFhtnFYcD+t8eDWxBTF0oUZZt7OpryG49V6ycRqq97cGneRnUJehw40dSSHBOiQElZF9Vh2kGEw347Y3eBmySQqxtvnIFtQpHoOgibm/wZwqGbUs/sdR+wLhm3GnZhAEHtOpEXt0YSGVVsToH5zk9gQ5c6RkvEXmvTbjZjacXBJg9D+zMIoCvAuLqQX7Co23GNkOhjLrEVb+9E2/+1aI96HCpYy7iVEKLduAIpcOR35h98P/5qr9StnhEi3Sekqmp584QqJM3PehP2Yw==
+agakhan.		172800	IN	NS	a0.nic.agakhan.
+agakhan.		172800	IN	NS	a2.nic.agakhan.
+agakhan.		172800	IN	NS	b0.nic.agakhan.
+agakhan.		172800	IN	NS	c0.nic.agakhan.
+agakhan.		86400	IN	DS	44761 8 2 4B8C22972DCAA43686D72581C1CB59D1F18D111A24464B8FC3464E52C7200CEF
+agakhan.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bpI58DRFbSuUVLQBQclAMgahAm79OHZlVbmeLVSNfllbGO8LEHdKZH2QTAMsD/qjDVQtlKUirKRldcqW2jfej7/vXjBV+lHsVY/12/heT+aNi2xFGRsmzO9/IuFFpsdWPp8+QqX62niQZ482tOsvgQeC07l6v/CPHzYbnXUZY9bWRUphmm2orGawyIgwDUdpY+qQSwXfVmbhaL0e1KcXP2QLl2zBw3t9ssiHrYM5ZeUGA7on0o08IflB8HsOmu00MtK6srbALMi0tloyG2S7G3T09r9V+NzHUyEn036nEhsdxNat3c8KmQFBn/V7C5fjTQVzvOZdbCzZidAhetm5/A==
+agakhan.		86400	IN	NSEC	agency. NS DS RRSIG NSEC
+agakhan.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y9e6GqgZvUrqBrWe2xVnOBc39Q3CxRtnoSr5VJR9nwC/aMLpn0N9gtTM9v9wgYNrARfrD2Xkj2+Lbk977kPEOIrLsQd2UUiCtKAs1Yd1asvrbdnLxO4J9MuGoE39esiO92bZvFH8qjY4iG6RwWKQq3wo8ddSQq0Y1nr8eMH4d72OLn1x3xO3f85kp31ls+VWd2wQK9jFe4kNRHdL8O2db9dc0PzowZTTV3h70Bcim2vJkMWndHRNX9+BXW4c2EJQiWX+0l2bjX7MlemH99TAJaVnTx7/g6sJUFyg+lmYb4igRlos4djq5F5OBV/mhbnLbQx3UZj6D5cc8Upnd7RJjw==
+a0.nic.agakhan.		172800	IN	A	65.22.44.1
+a0.nic.agakhan.		172800	IN	AAAA	2a01:8840:2a:0:0:0:0:1
+a2.nic.agakhan.		172800	IN	A	65.22.47.1
+a2.nic.agakhan.		172800	IN	AAAA	2a01:8840:2d:0:0:0:0:1
+b0.nic.agakhan.		172800	IN	A	65.22.45.1
+b0.nic.agakhan.		172800	IN	AAAA	2a01:8840:2b:0:0:0:0:1
+c0.nic.agakhan.		172800	IN	A	65.22.46.1
+c0.nic.agakhan.		172800	IN	AAAA	2a01:8840:2c:0:0:0:0:1
+agency.			172800	IN	NS	v0n0.nic.agency.
+agency.			172800	IN	NS	v0n1.nic.agency.
+agency.			172800	IN	NS	v0n2.nic.agency.
+agency.			172800	IN	NS	v0n3.nic.agency.
+agency.			172800	IN	NS	v2n0.nic.agency.
+agency.			172800	IN	NS	v2n1.nic.agency.
+agency.			86400	IN	DS	3424 8 2 1ADD3AB87E1ADCF93DD66FDD6E4359737E7EF52C5B359B8B898EE928850BE071
+agency.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TBmEz9EzumjEuOymkQMdFhESDXrruXm2nqKUxrnv6dmuyExiT2AsUMdR2G6nxXfrI5xZZxjhGjOzdASrRYOZNFnTBcUlJXbjUioqY9TAPFTWOD12NHsXVtM4vCxCmTEIwUtRIqMmMsq5AyoMrpHqH29aV0carWBMPUsl4aNN3KwoYkG/Z89oXX3KTeIfJJNEjl1tKfNshz9vFSA5nNIPDT856hCuoHFwAVUGydvZ+SnE882BXrfN7fOvjRJANSrKD6rwIsDhUSt0wS82uefAhwBAomJB1n1Rt4Mh3rkF/ZEnFt0xmevd26hUubRkB4QSHpQnbgggLoRnt8FDSbXqdw==
+agency.			86400	IN	NSEC	ai. NS DS RRSIG NSEC
+agency.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j4/llP0pX6gweAWm4kyMvs/IYLoOt31z4XTtrxf7Dyz1rlq23ir2yiJPWdYLj9jjaYWb2+lNhuu8S2nFcb0g1jJrA4kQUdmjAdF3UWFzN5oYMTD7KKX2yYGa7mWbqrQYhpkO41VT8JT0tFf2zIL3Gun0X2uBiG4/KJeikGnjAQEYIZMWAXyuWi3Xj+om5ubToDQHdCrznvpCm2BFBp1yYKjqZNkDZB115Wo9S0H9bfFkSalUpPI58vrFw5TqSfXpWiOQRo4j6Zf7V5p+r/PnWCDJIItfVW2JYme0ysdpkozITTx/1ms9BhoLWoHXCMGB5hCJoU4mXx6lUWbipIWkOQ==
+v0n0.nic.agency.	172800	IN	A	65.22.24.2
+v0n0.nic.agency.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:2
+v0n1.nic.agency.	172800	IN	A	65.22.25.2
+v0n1.nic.agency.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:2
+v0n2.nic.agency.	172800	IN	A	65.22.26.2
+v0n2.nic.agency.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:2
+v0n3.nic.agency.	172800	IN	A	161.232.12.2
+v0n3.nic.agency.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:2
+v2n0.nic.agency.	172800	IN	A	65.22.27.2
+v2n0.nic.agency.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:2
+v2n1.nic.agency.	172800	IN	A	161.232.13.2
+v2n1.nic.agency.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:2
+ai.			172800	IN	NS	a.lactld.org.
+ai.			172800	IN	NS	pch.whois.ai.
+ai.			172800	IN	NS	anycastdns1-cz.nic.ai.
+ai.			172800	IN	NS	anycastdns2-cz.nic.ai.
+ai.			86400	IN	NSEC	aig. NS RRSIG NSEC
+ai.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qW4gfWuOBwca94ALigu9vDmOaWiDjqkphYeDbHL/pgn8AKZSPhHkpQ1aVnePPsc1QMwfeCKVrg2WbEDkxBlCOToYFLFT/7MiENTvfTpXbyuCzRme3zyulXFGuUadt0GrPdW1dktmWvyW4wPkwQKWhnHWQroDwDTNZLEPd99DwJbily7ejQJHyjDyFcRZRRzeC+lpMad1b9OHSyHErEOB10QE+gbvNMmAVCwKurVTGH/msYi2fJyOWd76+EOULF7WmxcZhfXx9xEgLkgWzdjO721NfaUJM168yAAdqA5t6CPJOk9dQCb9WYdtsqiAgRANH6iZ8iyVk09m6eT20cJ98w==
+anycastdns1-cz.nic.ai.	172800	IN	A	185.28.194.194
+anycastdns2-cz.nic.ai.	172800	IN	A	185.38.108.108
+anycastdns2-cz.nic.ai.	172800	IN	AAAA	2a00:fea0:dead:0:0:0:0:beef
+pch.whois.ai.		172800	IN	A	204.61.216.123
+pch.whois.ai.		172800	IN	AAAA	2001:500:14:6123:ad:0:0:1
+aig.			172800	IN	NS	a.nic.aig.
+aig.			172800	IN	NS	b.nic.aig.
+aig.			172800	IN	NS	c.nic.aig.
+aig.			172800	IN	NS	ns1.dns.nic.aig.
+aig.			172800	IN	NS	ns2.dns.nic.aig.
+aig.			172800	IN	NS	ns3.dns.nic.aig.
+aig.			86400	IN	DS	15685 8 2 572786514068659A43816CEF2D3774DB47DEC4783A3133F6BD7D63D0A37DCCA1
+aig.			86400	IN	DS	18592 8 2 5561856A59F0B23749C885D4DD398A52B087ED06216DAEE0AEB88B965C4F6994
+aig.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DysVuBG/zASD8l8lDmgYi91z+NlrvzG8zTAaWbWf8VhkLfRFSBXcr56Oo2kMTHrqDsK1koZqQyVIerj0PplVicHFB9jW+lHs7q71trV3zbMB+HKaMZTET0iOvp6kYZCvsUOvip7jVKUUa5RrpQfve1CVziG0OY8bU0ZbDpmPIDQKsKsvIiLmWZCdR9WOoV0rVZMRoyTo0hgoXVNKlc+KzidgVAOOqTv0bzTwxWUsqQktCrWVMhiAbFb5xwEfcAkT88aE/9LINe9598nTDu0oSoiBe6mPgkNAMDyEkfrJDh2201psU0WEymOfzOftJdqS/C/QCxqqxdbiVebGe/tWeA==
+aig.			86400	IN	NSEC	airbus. NS DS RRSIG NSEC
+aig.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . co1xIf3jfYqguQrKD17yQTfKhO2RCDySpQshn/XHegwS58kGBx+8lvOJb4/sGiK7H/ZiydUC23jZKlE2KfrxXfelLzoUl+Gu7gjYMMaCsuHbEKNy/18HYxytyfw+tV9+n8iubN5R6VblmlNCADaPCmgWHsUr/XGgMHqV8hTIutBo9kGZ1UVjuVtlevT10gEED50b7LaRLf5HrPIs+piQ+sVYJPi6FSi265va1tNj1ycWvmLqCqH/FHSsBE1wwRqb+tprMHF89JsjqXHKTbz/8C97udt2HMX0FBenVO87QG3EMbgZLbM499iYBJVMg60S3wYam50KoF6pg5U8NzPcOQ==
+a.nic.aig.		172800	IN	A	37.209.192.9
+a.nic.aig.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.aig.		172800	IN	A	37.209.194.9
+b.nic.aig.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.aig.		172800	IN	A	37.209.196.9
+c.nic.aig.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.aig.	172800	IN	A	156.154.144.6
+ns1.dns.nic.aig.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:6
+ns2.dns.nic.aig.	172800	IN	A	156.154.145.6
+ns2.dns.nic.aig.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:6
+ns3.dns.nic.aig.	172800	IN	A	156.154.159.6
+ns3.dns.nic.aig.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:6
+airbus.			172800	IN	NS	ac1.nstld.com.
+airbus.			172800	IN	NS	ac2.nstld.com.
+airbus.			172800	IN	NS	ac3.nstld.com.
+airbus.			172800	IN	NS	ac4.nstld.com.
+airbus.			86400	IN	DS	31023 8 2 FAFDD4F89FA42D1396B42A972019BD3DE013BD1708888FD77BD7DADA8A38936D
+airbus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TDLHfyRJKZreiI6BNMVyF89sM28FFFg6DsZnwpzqw9va/uObeLjXzNiWJwYM+vVZrO1QDOp4mZMxdBtK8EQhsXlGHsrzvDIMb1gPrMrJ1ETtopw40bqeuDSvRAgNMGUVf2+d6JHQ1qclbTYi5zLvBYvgVCmwc3eQxDlRYZ1nbzZhK0UYtloGh/91ednI8NTm0U0uVbSIqU6K2jCt/H3fU1jcznTyB2yrHvbPFiCwQ9vQMcXA3MWfEuTFn9IGvLt1GFG1YpMrLjLygGILxJ94ik8z07n6HeSlHJWOSQvDvtNT1r2Qsg+ACUoD1JLHl9NmNVI7wEFiA+7NagH+o1T2cQ==
+airbus.			86400	IN	NSEC	airforce. NS DS RRSIG NSEC
+airbus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MUpSSOubDQbiy1+XOFQ50aMyyfrwHZQv+n13irv+u38FItywC9U0IJ1OYejxRf3SQjDBuyAnfW1KiBMxmo2dX1UTlblTZZ20Nj39zcWr8WS7YeMifz3A1XrLv0qFonDvjfRza4IP2sDUPfpPF4fGMVjiOctX5mu9gccA1iFrn6e1qt2UGOuRZPpa4vvIxC5Jw/6+u3gruTNCqaNSFC1ZUherkfwTJQ67xxAiwltaJBAYWsyXdqy+AM39fCsQCpLDZhDqNe7el7NQ9N71sdcyT/6is/UF9EZAcQJ8e/mik6Iu0kc6T3V6U1JYLE2QgG7JbK7vEznDrgrrLa/p+0vIxQ==
+airforce.		172800	IN	NS	v0n0.nic.airforce.
+airforce.		172800	IN	NS	v0n1.nic.airforce.
+airforce.		172800	IN	NS	v0n2.nic.airforce.
+airforce.		172800	IN	NS	v0n3.nic.airforce.
+airforce.		172800	IN	NS	v2n0.nic.airforce.
+airforce.		172800	IN	NS	v2n1.nic.airforce.
+airforce.		86400	IN	DS	3715 8 2 D8C2C957776B06CC6B58A15DA206712613092E36E90AF34015D6881061DFB5A8
+airforce.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yakad+lkxXbj5kvb7K/yKW3YdWxGz+rTQjRJdukimnCS+hFsBZdGlxIIfFVX/XlMsGhjryPhL5h95S40PLgEvFtfU5aYIywqUQ9kHbD5cv1wCpBw029URO13sQtGAxxeB/CkCKW3C1854QAOqbw8wZfeh/6mcrBRd5SlsfMwNiWKmQDLPSWQj710G3VMMY7XfpNS84DWTLNZMC88CUR6zYeWI99M9mBykqR+S5qfBC/oIBtTYyr4YxiQVBo0rr9qVWSDyf78bEC3mjEMk3lVS3ETygAh9wg2gaywke8ngGw5yB8K8I6P+I9zDbfnivm7sJqnmYtutOnMdTZG0putoQ==
+airforce.		86400	IN	NSEC	airtel. NS DS RRSIG NSEC
+airforce.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 06Xd9mHsGW9bc4Ch1uAl9Og9u7swLElhJ8oqf4AtqgzCg5cDuex0qHF6Hgs8dUg3nAC4CDK/YVb7TnsXUSa+EFU2Bth69rn9WqtqvlYM4BpA26njFr95MG998kv9HK/xYTjYtowH/gh71W7fFYjFl4SKpkEy/7j/F0DQurvXPPZMoYCyiLJAkZYlBuQWpgkz6wPG1nGeyIKEJ835tDKI5XRy5rXDoDRc6erTwSmg9H51qoFA7VIIJMXPM9yplNaKmXtF62jQoo8Yyie39utCbc81Ml4Z5uZeY/pin7yIPUv9VJAKXASHmlzuw+DE+23jITEsrCXcKZIB5iOpsKzoAg==
+v0n0.nic.airforce.	172800	IN	A	65.22.32.34
+v0n0.nic.airforce.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:34
+v0n1.nic.airforce.	172800	IN	A	65.22.33.34
+v0n1.nic.airforce.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:34
+v0n2.nic.airforce.	172800	IN	A	65.22.34.34
+v0n2.nic.airforce.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:34
+v0n3.nic.airforce.	172800	IN	A	161.232.16.34
+v0n3.nic.airforce.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:34
+v2n0.nic.airforce.	172800	IN	A	65.22.35.34
+v2n0.nic.airforce.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:34
+v2n1.nic.airforce.	172800	IN	A	161.232.17.34
+v2n1.nic.airforce.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:34
+airtel.			172800	IN	NS	ac1.nstld.com.
+airtel.			172800	IN	NS	ac2.nstld.com.
+airtel.			172800	IN	NS	ac3.nstld.com.
+airtel.			172800	IN	NS	ac4.nstld.com.
+airtel.			86400	IN	DS	42300 8 2 A698E339483D094208DFB7B858CDF0401BFFC320AFCC5AEED3B03DFE82BFACC0
+airtel.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jNyBHjRxial95UPduDRL1jZXbywqiz0aRRq2MWtLpLLxgLUNPFgUP+z3c+nyz1Q6KLD6Hg5oY30NqpYnKPZ9r5Iyt+u4PRAGMIQIx239HzBtED27oSM5s6qJFV3xirdzJgZlPxHbO374xjrL8uvPSEOsOW+33oVRoKu9A5N5XJZ+hkKDNuh9H75xbKMWQrCkrrUJbRZdPBMaYzIB9rVo07f2W0IhPozK6kJc/5dfn75toYRDx9149RMSjKfJt2TUW6n7gRZEV8QsYAeviUqTinfMxUFfO2LdUARCMA8Th8ROgVgNTdsaOc4izfFwpV268LCTXQsQfJTiUvsjjmA7BQ==
+airtel.			86400	IN	NSEC	akdn. NS DS RRSIG NSEC
+airtel.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r/bAcGaRb8/Kn3ZNCMN/TEUntPszogfQPposjcFejarHww+eWeMUh3vDyIo0Bxi3nR8qJ9ch6JVFwnuJfRHnjEMnReabUUgkX/QLM8K3Gn/nBZJggqwR/vAsW/niszSg4j0Mi0jMZREPPNy0dWcX/iDLKE3IrxVMRndwLXMOGYE0C9tJNHSQBeQz2ScHCiqbKY/XBr83U9X/Xv42j0nuJXeiMq7TgsnPL8/jl5vkLh2EKEYAv1zCRcjsLW3Bb3oAm1IRphvALoDdMtceBXvF2uGWE+x2GW9vJEtACsXcTsoNexzDb6obBP9cbWP4luJaYIiMQWB6jVS5O0ncaxqXSA==
+akdn.			172800	IN	NS	a0.nic.akdn.
+akdn.			172800	IN	NS	a2.nic.akdn.
+akdn.			172800	IN	NS	b0.nic.akdn.
+akdn.			172800	IN	NS	c0.nic.akdn.
+akdn.			86400	IN	DS	25057 8 2 47E24CE61E8604C9A8FC169D5E073B280F24FA9132DCBB64E727003A8BF27157
+akdn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yAO3YkCsGARuwZS4XvAKEolIyrKwe4rcHJ8U8WK9M3QaeoHtZeMIRAk+VrhwRSdPHsoB+StkQ6835OZwMhONNiP8vcKk8wzznsUcm65R1TFh/amVxdZ/kh/3TB5O/ROA6vj5YXip0Z45+nfKBBANUJL+Lr3j/O3fouxrMTIbVM8y9h/RuN/NkzLe3PJR4iLziuIEku/IuzA96Cjl9+4jei2NtxZ9JgHHFXbyl9Ul/hCJXjXeOdVyVQITRhADF1o36yzd2VP2i4TTIzCIvjnGpwGqjQnv6+aTMYkx4g6jsBidfMNC0mOljJLhxRvuvdhw3oTjnz+JbCj3MqIHKCl1RA==
+akdn.			86400	IN	NSEC	al. NS DS RRSIG NSEC
+akdn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MCQuiEioiRfGEjbhRWfsf1ziMHaMa114p89xN/+bpoCe8F4Plv04LC9incKov46GXPJhIunhbQHoUYFy/oFrRKuvaEL87oOXd93MKzVaxdZ6oi4lUoVpVjQmVYZLXYGkKQqoYYqTl1zwzuS6sijL1nY+EM5O6a/VsOdTdE+tRZ4Dzc/VBjVCU7quBQhz4lt4jnzCnD5qaiJPxIFvaoS605ZlZ/DlHSlQrL3hFQfQFCZXM6DXIk1utGg4wIwM3Dc8Ipvl7zSslokO2aYgt+oUftXCuKObTb5XTLRgadRlL+nbfcPlqakpeee4tKTZsQAU3mLElubszViz1vyR8A5kSg==
+a0.nic.akdn.		172800	IN	A	65.22.44.17
+a0.nic.akdn.		172800	IN	AAAA	2a01:8840:2a:0:0:0:0:17
+a2.nic.akdn.		172800	IN	A	65.22.47.17
+a2.nic.akdn.		172800	IN	AAAA	2a01:8840:2d:0:0:0:0:17
+b0.nic.akdn.		172800	IN	A	65.22.45.17
+b0.nic.akdn.		172800	IN	AAAA	2a01:8840:2b:0:0:0:0:17
+c0.nic.akdn.		172800	IN	A	65.22.46.17
+c0.nic.akdn.		172800	IN	AAAA	2a01:8840:2c:0:0:0:0:17
+al.			172800	IN	NS	ns1.nic.al.
+al.			172800	IN	NS	nsx.nic.al.
+al.			172800	IN	NS	rip.psg.com.
+al.			172800	IN	NS	munnari.oz.au.
+al.			86400	IN	NSEC	alibaba. NS RRSIG NSEC
+al.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tNSusATl3Lye5nCqwSFjnz4Cwa320j5sc4DSKlvbumqvrsLpL/0UfNGKk4ervMaqoQGOsv71nCtb6Y9xRO8G8hmTQhk1NApHng2ZZIsbtHVUFAUGmGRg8WdXzEh+TNa9eYrLsrHU5lFWKbq810R2dTvrYT0kgan5QAxWC2UPLBSKgXH1wY5vryijnnrc6x9PYy+vHFhbDdaFFgjVT+sUz4E5Q/pHvrCoSDFczyOR/susBVUmINoSY/aCbqUx+8ipae3f815VAGbf5GSrsbRhkBObfTgkWFoJGw+DwkAN5KCVCo09KJDtImGi7X+q1QT16sBTGupuOhGGqTiwYAgfqw==
+ns1.nic.al.		172800	IN	A	194.1.149.230
+nsx.nic.al.		172800	IN	A	194.0.11.108
+nsx.nic.al.		172800	IN	AAAA	2001:678:e:108:0:0:0:53
+alibaba.		172800	IN	NS	a0.nic.alibaba.
+alibaba.		172800	IN	NS	a2.nic.alibaba.
+alibaba.		172800	IN	NS	b0.nic.alibaba.
+alibaba.		172800	IN	NS	c0.nic.alibaba.
+alibaba.		86400	IN	DS	7516 8 2 9BB7AC1C7877373106E72E767EF0A772F43682D030AD67B2C7E3E473A9B7B69F
+alibaba.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . N/FCaFJEmGobjZ0BlgEX75dj/Upwubvu4aTvUKSgWBSXqrx8sn695+0IYkR0Y0pE5EKeQrklBc+bAFaui2MIY1F61KKLzdLUyKReVlXqO4nkZMwriXbEX9vGbr2DCPiC+t6ShgifFs6XAda3DM2W3/rEPXUaaCGy+wsfb8RgzmhvyHAy0M0m/x+l2whimIRKor5GVy/cR33ltw0FY3T6bE/5eWlbp4t4/C27WQX2b5iDpiDGi70BGrVk3b07uf0PFBEZEd4vUzyFQrrxrrVvpuCLW3/EMetbzZg3NpFZzcK+mPNfe94tUb+91l9hqiHsHu3XVsjgrdDbfhAyrLFpBQ==
+alibaba.		86400	IN	NSEC	alipay. NS DS RRSIG NSEC
+alibaba.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RBQ6v6eI76zdclhbVIBsIlDj/0wrGLm+DOpWqfBXZr5Tee0PUGWDeI7nr5v9DwuEQuEpk1rPqz7BXLZOXrwypz3fKhzTmd9ARWV2BrgaZCY1CqQtfXW0F3+PiX8YZJN3FRmnJ8/TgHlGGI0rdgCz958SBVrofETrVU4rZbVE9YEK53xPWPX+06cNqpxcVX8gBf0zdjK6eUVRUuUvZEiGBBmgi3yifyXsDlVby7i6lmMx7AHsBTKTsfvYfz7gzPQX5Q7a67KU3jdv3jHCCGGgi9iDs9E8Kbg4KPLvKXgX8uFQ4QFPRl3VIZljpaw6sDGvBEgspdhNETMyhcnb5WvqkQ==
+a0.nic.alibaba.		172800	IN	A	65.22.132.9
+a0.nic.alibaba.		172800	IN	AAAA	2a01:8840:82:0:0:0:0:9
+a2.nic.alibaba.		172800	IN	A	65.22.135.9
+a2.nic.alibaba.		172800	IN	AAAA	2a01:8840:85:0:0:0:0:9
+b0.nic.alibaba.		172800	IN	A	65.22.133.9
+b0.nic.alibaba.		172800	IN	AAAA	2a01:8840:83:0:0:0:0:9
+c0.nic.alibaba.		172800	IN	A	65.22.134.9
+c0.nic.alibaba.		172800	IN	AAAA	2a01:8840:84:0:0:0:0:9
+alipay.			172800	IN	NS	a0.nic.alipay.
+alipay.			172800	IN	NS	a2.nic.alipay.
+alipay.			172800	IN	NS	b0.nic.alipay.
+alipay.			172800	IN	NS	c0.nic.alipay.
+alipay.			86400	IN	DS	9922 8 2 01DC2703DB44DCA0F990FF6B619DE1879DD06BDDA5756272751A4B510CFD76BF
+alipay.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CwnDYWEGPF1Ysw9Gz3BzhMaBW7rgkB2WPTU52h6eTDFjYfvlujYsLUMbhe9rtjBNcE8qlU0YLGm6iu2By2IJd6tAWThFSfWxLZqiYSdkX7f0JveN7mctwleKsLJyfRc0vjifWd0vhDo+MuvmlH+HcFStH+P0s1VcaLu11M/c/enKyzE6pdxdxfqGfCc4gBpV9C82eL+D3y8lV3fnsTRc8I8OBHuA1F9CD5jtnk2sEUtdtfwN581FsvEVF2m2qveyE2nbgWzibu9gTj80cpDqZNwAI1ehMC2OSuLU+WwFrobLLxvQxkeSonM3Tc//GNPAMEV9JnbK3YvwDsfua/Hv4g==
+alipay.			86400	IN	NSEC	allfinanz. NS DS RRSIG NSEC
+alipay.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HLYNNnxwjppk+Qkvz9s9eeloYuylIJEHwWDNUbwOr5Bcn2M2ZicrD2hi0UtbTvcRG93ro4wMgVTQtigkizuPT60QxJgZauM9jmW5L02qiZ+uR1Y3jAPs7jIDIFQsDRWyRxKCVXBhvQgCTduneJRtxsFkLEzzUAQUB+46oj6PNE4XEAYevE+8B6mfrgmRrxQkElWJKn4DBeR3UB8oThP7iwilXxfo74Kfhs2K9HCzbCudbH5mQ9nMgrPTpHu0orZfmpEQi39kHhr0mv+T1qxEKQDoPrtzuycW4SD7lCfWOFrIK3W61/UYsK76+JTi0TNG/r0kn7cXSWV17/YULgfa1Q==
+a0.nic.alipay.		172800	IN	A	65.22.128.25
+a0.nic.alipay.		172800	IN	AAAA	2a01:8840:7e:0:0:0:0:25
+a2.nic.alipay.		172800	IN	A	65.22.131.25
+a2.nic.alipay.		172800	IN	AAAA	2a01:8840:81:0:0:0:0:25
+b0.nic.alipay.		172800	IN	A	65.22.129.25
+b0.nic.alipay.		172800	IN	AAAA	2a01:8840:7f:0:0:0:0:25
+c0.nic.alipay.		172800	IN	A	65.22.130.25
+c0.nic.alipay.		172800	IN	AAAA	2a01:8840:80:0:0:0:0:25
+allfinanz.		172800	IN	NS	a.nic.allfinanz.
+allfinanz.		172800	IN	NS	b.nic.allfinanz.
+allfinanz.		172800	IN	NS	c.nic.allfinanz.
+allfinanz.		172800	IN	NS	d.nic.allfinanz.
+allfinanz.		86400	IN	DS	11155 8 2 2337B2A34993E96D38FC18DA0873463C467385BFE16E09E51245673F027F913A
+allfinanz.		86400	IN	DS	39881 8 2 8619BC44828EE2CDFB00E0C8E67AC0F7522AAAAB12149EA53B6B52C421120A0C
+allfinanz.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C1n1s+y8eyJRlryzdOjylH0eHFluDW+pNOlTAi1LbpJUTW0s8T3o6uje9h1BlKRb4JSEbocyngdtzbZI16AHJCjBjFG+/aSWltZDq1fAEEu+ZvkeXZSjJa4z5dIPF6R/Vr81eN8XN5aJAgaQ/4ZaIg4a2d+DNOtdHztL7DCGJiGqXxVcbRH2AzfdzVdO7+KhDQwsMIznKosnownnY8Fx9BcOjPI7b5eIalwSvdb2ykeM0WrlN1m/+YpcomR9zgIjRxgn53blyQ4QGk13h7U5HECkEr5dAH9k6ORI7y3MVEiXm3E+r53n+NdD2GJoQIOv++TAoqUb7jyudRQrCMsmHA==
+allfinanz.		86400	IN	NSEC	allstate. NS DS RRSIG NSEC
+allfinanz.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XIBfQr6KdMQtuwgdvlcIZvttF0lX06Olqk1yuX9bhHDI+++KTKrcg+CqsZVZw2RT5uGi1w+FVRcZ9yXeYhSN+uhoeFY1/bXs9KMU8udO/YB7x79gqtmLDIqJswiAbC04t2pTnYRn9sOoJsuWJx3vKXryI0mggD7Yqsopv8DsMPW29pZGfE9cQoo7PaYsU+4bFztE47OB70iLy3Z+DMgypAo3VQqw5cjYBhpenVfU2/qSoiIwmVi8AWpwstUJ8s4B/GcvtJETR4zBm17jnT4kH3zFD6yXFllwqhWWtyVkJ5OdEe29o3pLBk6L53qsaPhfV036HkS8VpTkm0vCK77TnQ==
+a.nic.allfinanz.	172800	IN	A	194.169.218.75
+a.nic.allfinanz.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:75
+b.nic.allfinanz.	172800	IN	A	185.24.64.75
+b.nic.allfinanz.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:75
+c.nic.allfinanz.	172800	IN	A	212.18.248.75
+c.nic.allfinanz.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:75
+d.nic.allfinanz.	172800	IN	A	212.18.249.75
+d.nic.allfinanz.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:75
+allstate.		172800	IN	NS	a0.nic.allstate.
+allstate.		172800	IN	NS	a2.nic.allstate.
+allstate.		172800	IN	NS	b0.nic.allstate.
+allstate.		172800	IN	NS	c0.nic.allstate.
+allstate.		86400	IN	DS	47509 8 2 101757B35BFEC8D399987D94B495B60ACC0DA525CF92D900C7566BCE6ECF9356
+allstate.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RZYHqafyTwA7VBHpgPaqhZ1NcJXtK+ot2C/ju4Yl0IbxOLvw6sNuHkMLoEmmDr/mB1O+8DQxT7GO5OKMmPZC2PYgp31IrJ7GeJNYoWFTlK71g65lOxTNrVtQ765u5jTRKFJH/vunFfGZJKtoW8vSY17menHny7fTp/R1544Tmvj8d4xEblqGzk7/xSNFVMLUjNWlk3KpJboqciUc355boT6DZNSB2IkkwVGl0QVuIfKvKW3fy2694VmpG72+K+Va5zTX9GBt4PHGxL6GZWd61uLEjK6W3t3nHOO/erxjkGjJmUNJQcLgAzYOAgfgCj87QbFhAP2rNCJxEUT5MiiGDw==
+allstate.		86400	IN	NSEC	ally. NS DS RRSIG NSEC
+allstate.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ViqtHWDT6mFJdkFnQeWPvO3oBLd3pF9Nlv7PdJrBLLTWDp226NNgJ+SwiTFL9egtlNIRzNY9I9D3F23ZEJp63nRn3WImtn5jBfek217u/jFyZ1ut051ZZEs+mNI8R8x/NhzH8v1MUAezAHhGpnyD7dpkPVPVmX1bE0CjoJIB1Wu7Aa2kDcd4FvMPgMADv9bEWP8oCSo+MG/oKthiYvaOP5GgWTYu4ePXzdnVjVtO4whm6w54UYT77tRsTkSYbGoaKAa4fMF6YEhHd3n77IZw8boAghOOTlgTSekq3slub+07D+/Wj1CbLK5R2nCXYdOSh+rouYA77n6bZTC3sj5ldg==
+a0.nic.allstate.	172800	IN	A	65.22.48.9
+a0.nic.allstate.	172800	IN	AAAA	2a01:8840:2e:0:0:0:0:9
+a2.nic.allstate.	172800	IN	A	65.22.51.9
+a2.nic.allstate.	172800	IN	AAAA	2a01:8840:31:0:0:0:0:9
+b0.nic.allstate.	172800	IN	A	65.22.49.9
+b0.nic.allstate.	172800	IN	AAAA	2a01:8840:2f:0:0:0:0:9
+c0.nic.allstate.	172800	IN	A	65.22.50.9
+c0.nic.allstate.	172800	IN	AAAA	2a01:8840:30:0:0:0:0:9
+ally.			172800	IN	NS	a.nic.ally.
+ally.			172800	IN	NS	b.nic.ally.
+ally.			172800	IN	NS	c.nic.ally.
+ally.			172800	IN	NS	x.nic.ally.
+ally.			172800	IN	NS	y.nic.ally.
+ally.			172800	IN	NS	z.nic.ally.
+ally.			86400	IN	DS	22405 8 2 774C1930A734067DC62E7AE54BCDEADAA2281A57155B8F0AF3683BFCBF7FE46C
+ally.			86400	IN	DS	40354 8 2 46BFEA1CA30072B089D2E566821640C144511B308DF1F0271402D569C7332783
+ally.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mhW7zbizX+TIUUA64KM5ODSSCEBUf6wwCuAX6Iz4gk2wshCcY0qQfi8AREM9I7dOa0N3nmF6dpEoBMJxrR9ylYUO06MJjudU81hJANXRY4JLlcuf6Q78DE0rMLKi0TPPo6asPO+wsgQX0yLaLUFS9gzSM45UoQ8gn9LC5zN9PnecfcVJ+2UTg9O0jHmY9sG+3PaZyiCqBlDnh+WmpS8+a5UpKdQlyuYPp8YnKq2H155PU+mArRcdK7s36YH5jsDtZLXxyLNFq/JM3feOiFPWUXTJMe4KayeWj3vgCYP5y6IIkQ5lbm5PqmZUdI/FyO8inNzPzu++VrnBkfc2ZH5UUQ==
+ally.			86400	IN	NSEC	alsace. NS DS RRSIG NSEC
+ally.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uJU72eOaldnPExkkr9x88HFLaTzr71HHnXeAr9wsXbSAkaZrq674GvKoEFQU7z0E351V46ldItqPTTPNsY+Y7MQyDqDZOUvcOQCtrzhgi3bjZ7gZ5jaVpy6zHi9LMmWt+SM2cuoulzXvReOzo0V3vswtSD/QihRhYvVVeIV8MlLlhYjD4jn6XtlyCp/7Z4oCTkSiRgiZL1/6wLzfpfBXhHVnjf3mr0x+vGIAE4R/+fBrE3iHX3/W2LCRtV692tp5/+mvsY9V1JVJhzefrFpShnlPWzRIiFRNF3yP06Dm49Ictui+ebITRdwBhp3+9XJjRE8KA0GeqC3jydOL8glcIQ==
+a.nic.ally.		172800	IN	A	37.209.192.9
+a.nic.ally.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ally.		172800	IN	A	37.209.194.9
+b.nic.ally.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ally.		172800	IN	A	37.209.196.9
+c.nic.ally.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.ally.		172800	IN	A	156.154.172.82
+x.nic.ally.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.ally.		172800	IN	A	156.154.173.82
+y.nic.ally.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.ally.		172800	IN	A	156.154.174.82
+z.nic.ally.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+alsace.			172800	IN	NS	d.nic.fr.
+alsace.			172800	IN	NS	f.ext.nic.fr.
+alsace.			172800	IN	NS	g.ext.nic.fr.
+alsace.			86400	IN	DS	7047 13 2 40AC4EDA437F376B0A772AC6F570055A6AA58D635AC07946A778ABEBB8E5C024
+alsace.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ItH7KqX6gJuGql9SIZDGpr8sGseQroUmKSFT/ET1Xr1Ufjh2AIvJ1YlkvEtMb57QU2+Y/gmy1y6qGFjVcDYNoVcubL/jTIurr/i7LsNK5AvByRBZiysdgyXzMRiCan5+1Mwf04vieQpBfsIP+gL8ZcpwT9MFwA5Gb0ZgbBubQg+g7c7/bN6bqGiDhR7eQePJYMbWJvN3vZF/f6oHpJllsnPTPEbW7bvzC5e4Glmc7bPSUJCpLOtEWME8yx+Tf/p1N7OTjwmHFGjt0uYNuhIed89rkit2rye8H1KcSJmn3IQfHhA2keSxKGoQTMZx4MVWIpfV0lwQsrjCAVztyCnYIg==
+alsace.			86400	IN	NSEC	alstom. NS DS RRSIG NSEC
+alsace.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CbEeBjRMl320hoV4jL/hP/6lk9HAAlq0yhg6B+DlLfsvwJ4iX5NtQrwp04AfrnX2CTivlmdf1wYGy83OdZBfmcJ9HT3OfTxmcjFOXxVenEYKcmqA686cfB3jxZGeERtWuuoEkobR+dH8y1t7zZUJEBs8m7yfIDcQJ5GV1iZAi7PxaqrUePqhDmNrgnoAHjVYS8kbUMGzbP8ZprXK7XJQae20SPd8gOoP78EITAaiY8lrfzhyU6EhZEtzmsZQ8PPYWXyFn4maCBsCO2p86yTJ8t2RG4MO0DIjwVpDFITBldd/dD2Gckwt+lzB+mGrl0DjWHVy8975OQbG5YjvJrLX8g==
+alstom.			172800	IN	NS	anycast9.irondns.net.
+alstom.			172800	IN	NS	anycast10.irondns.net.
+alstom.			172800	IN	NS	anycast23.irondns.net.
+alstom.			172800	IN	NS	anycast24.irondns.net.
+alstom.			86400	IN	DS	65377 10 2 54E1DA73874BC3C3291775181DE3F4B6A7B2828FA67A0B519C380C3C1F3B35A4
+alstom.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uqtf/CeaLVvAH17mUR4uc2VOatlyQ3CJTas5809O7SXGkkQ1NuRDPv3YJY61Hf5zk7vmsyndwy7fnDiTw5+DwJd4SsvMbM4GlrNy5K2PQ5jEN0I9AMvLeujWOsldzGtitUTAhXFfYkNcNFli1hTWevmDFNzBzA1c4WtfSr4Abxs9wLf23F4toOmJ4OJfymsKF6pjL2Z2QZg1W6A9v3O08plpzUoge60BRe9ranyh3dlEj/CPNsbQd8OsB1ZMGgGxdlSfFSgDM9cDRZHHbL/6Cp16hs4jhX5PP7o7g+Npvp8tr3E1fJHtaII5AEFvwFfnPKzuvwWkIsMyjmnaQfHorw==
+alstom.			86400	IN	NSEC	am. NS DS RRSIG NSEC
+alstom.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NqM4tDBatwHa8ebO0qbwuuM02zNm81x6ZL+OTD2ddxvSbNCa+ICimeKEwcQ5heZWHDSshc5pO47JgDocIFXi+IMXySRbNfG8vrkQW4Izc9MpRrfmy43YisUjLbOoNINBeYrABjGy+hzoXVphMYIGwHv0TG3WdSBjwSNNrU9rtd+i2GovBvr4VAqHLlYz7Fj6X3fhF+tScjN+zAGAmcrkxzxRr7hka6Xe8dUvxpSwBIPeCGDuGTUhQZ7kmRdDw+NaD/7CNuelqViLc+IMIEh1NWVwxU0b6van17e36IMIp/EhVUFI78frPBIBvhcj30vkoiU1vblwoOJohF6GeeG/xg==
+am.			172800	IN	NS	fork.sth.dnsnode.net.
+am.			172800	IN	NS	ns-cdn.amnic.net.
+am.			172800	IN	NS	ns-pch.amnic.net.
+am.			172800	IN	NS	ns-pri.nic.am.
+am.			86400	IN	DS	49625 13 2 30AEA154B17D52884C12DAB5650CE87B9628AA55110DE1890F1D335D995A606D
+am.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iYKQD/vpuSq5fvIrsMDM0jVD/w4MGfjPDiazQEmMg0kubLPx8XgZW3Au62KC20Yv5MBjcP5uxe0A+AWWKHz0GxwgVJz8jfMraqdjsqvU60idqEZerf0oMGTL3v6/7Et/gnN0ANv6ab04czYGLJcr9CFsjxgaes0bsOtLOw2Hbqzl4hxJGfGzVImGX0+v0fBuvj6jQkmQ6YQVLpjiv1pE7i39XTGYT/8ZlE6OhAUhbqnOhaGv905VadYsF7/JlQ9WMspLMWcV1ux75wi/cNSCwZ32zR9pWnECzPmuN/HnxRdhRL36WxleHN57WYMuH+lISWf5bAUETdMjyUs7MbDXaA==
+am.			86400	IN	NSEC	amazon. NS DS RRSIG NSEC
+am.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Do+fRV6buAhcVQs173Q9qPFgnardAn5/7e9lCQqSGZ57TbwTBiRMy8wtq7sItE3QE5f2LKGl87zbg56Fo6+qERo6nCdSVUcGLBU+F2hMi4Ln3KVdq4WgnH5huqF9C/5MIWKx3jyx3J0JMMwmccXdeNrE+siuagcrwta7sTO3I/npVC/SaH+6fUYOaserKxUUbF3UkWt+LnjyP7eWzmaF09Rc3gEeaC/p9VerqvwMTUaz+h+7Qplss7X8PDovXoFFRtgd9TgiwNcPBdcfa1/Gin5wxu51ryfw4skSL9tWSmW+CMhDGS0Xb2Mif+x2fEnlMXFS+td29FdHuOeX2j0Cuw==
+ns-pri.nic.am.		172800	IN	A	195.43.75.53
+ns-pri.nic.am.		172800	IN	AAAA	2001:7f9:8:53:0:0:0:1
+amazon.			172800	IN	NS	dns1.nic.amazon.
+amazon.			172800	IN	NS	dns2.nic.amazon.
+amazon.			172800	IN	NS	dns3.nic.amazon.
+amazon.			172800	IN	NS	dns4.nic.amazon.
+amazon.			172800	IN	NS	dnsa.nic.amazon.
+amazon.			172800	IN	NS	dnsb.nic.amazon.
+amazon.			172800	IN	NS	dnsc.nic.amazon.
+amazon.			172800	IN	NS	dnsd.nic.amazon.
+amazon.			86400	IN	DS	14854 8 2 4F9F1805F5689BF4AF48F0FA04BEF8727B83EAC65A669E8BF1A5EAFA83350D39
+amazon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dIcfL4NJ+PGMK9C1b5NNiSqTAAiOhjbmuDI415SF9s0TrHQN5z00Ev0VQINiH6wsYmjB64oLXkoC0QYI1fEN3prsVb9hmNlSQPX19iPCtE+C4lbWEnnvp1rQVAB1GIZn1KuY2snpJnaxUDEkKvdI9XcWGjIwoN7HRCzIQV3dcHFGKzFYyULY7CTpNnh6EiT71gD/ae3MOBbKjkfVoCuVRJ00NtzF0PubEfSUbdOsHmm8fOLt0EOMuev7O8f27buymOZ5nDTbSb674n7cc8IUAaSKxH3giCTptlAyP/sH4aNQ6CAMxfYz3BadIPFmXS8nxT/T664OozxIkv2R5i+IwA==
+amazon.			86400	IN	NSEC	americanexpress. NS DS RRSIG NSEC
+amazon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o0t9v4h2/aqzTXdftnlMdMXTQldKYfa/f7zHbXjd6RA+pLpmMwOWUma4vYIAoY5rtXC0xfSauswfFJAunPuM1tGQYuHwJVgHJtJ7ILiOtwJaRNw4BhnFp0gOrm5yH0v75wJ9KsuPrIxXIz+sJhEDnr2xMYqwcpBn2RPgNX54V+WrLA2ti6c1lcpz++bVVkWv8tGpuuCS1SclI7kNNk1VvoiiU5QsbdKtSCRT7CsewtSiwKf0iGFBy7BdUPw7lJOApsLlByeZ8d3Cv1Zy4T1XMdc1NKxxZNIosZBKOZ6d/URjQav0h3AguP2HdqCXQWWL3+MQS9+JFZZXcTKBYZt4/w==
+dns1.nic.amazon.	172800	IN	A	213.248.218.90
+dns1.nic.amazon.	172800	IN	AAAA	2a01:618:402:0:0:0:0:90
+dns2.nic.amazon.	172800	IN	A	103.49.82.90
+dns2.nic.amazon.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:90
+dns3.nic.amazon.	172800	IN	A	213.248.222.90
+dns3.nic.amazon.	172800	IN	AAAA	2a01:618:406:0:0:0:0:90
+dns4.nic.amazon.	172800	IN	A	43.230.50.90
+dns4.nic.amazon.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:90
+dnsa.nic.amazon.	172800	IN	A	156.154.100.3
+dnsa.nic.amazon.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.amazon.	172800	IN	A	156.154.101.3
+dnsb.nic.amazon.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.amazon.	172800	IN	A	156.154.102.3
+dnsc.nic.amazon.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.amazon.	172800	IN	A	156.154.103.3
+dnsd.nic.amazon.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+americanexpress.	172800	IN	NS	a.nic.americanexpress.
+americanexpress.	172800	IN	NS	b.nic.americanexpress.
+americanexpress.	172800	IN	NS	c.nic.americanexpress.
+americanexpress.	172800	IN	NS	ns1.dns.nic.americanexpress.
+americanexpress.	172800	IN	NS	ns2.dns.nic.americanexpress.
+americanexpress.	172800	IN	NS	ns3.dns.nic.americanexpress.
+americanexpress.	86400	IN	DS	31510 8 2 87098C48F0E74920DA2D916E8AEA9FC1E92919EE033EE569569942A5DCB02C02
+americanexpress.	86400	IN	DS	34516 8 2 1586CD9180548B70D0D4978F816744C95202F6D63E8685866025116314E629A7
+americanexpress.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t0cgIWbV/nhzCFoCrtO/G0kQqyinXR5S0/sPu8Tjp+FfcLwLMK8alvF4ErmdmU4NYntidEe9RBBDe3MLNW5TUHX2P/DEwAPmYtBB52YRgmI/fZS68xaqnxyXv8wHIa6geApKYpZgWQHbZ45dHPB42NB57UUOEcssr2mDpWnGk4vbNDyQwUb3liYzwESi12XAFlXzcdiInL05BblfWhLuGCPhhuG3hWD9AwNX3ue/oY99wnRkpEpsq3LBqTZGIh69a+czxT53ohR1P7V+cbB+HpERGCApCut+hzzPmRfcCLE/zw3zJpUAshGfv/Bz6fxB401JSdkNme63+TfMyPMusw==
+americanexpress.	86400	IN	NSEC	americanfamily. NS DS RRSIG NSEC
+americanexpress.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q3fDLs2ij4mEAXFzs8mb5IEoQ4lvVm8GdwXvfkGGlCDjBqiOFzg/5jkxJyqgrnRLbMvvAlnyB7hNaJ3Wvt9KeZgMJjjIDr+sSEY9/BoolriYICuUEQYH3BEHlpUx/5MJqc5pvyIn8MOGXcXj9GDhpSpJTfvs9Se32vuAUd+vQkcZdHtFPVGmrhl7ZbKOUdK7ErDEoWrbDZus+qw0Bt0ax25q7PndONdVykeGd54WM2zj1zHf0+DkgqjKllGNKVhFBKWSnxyb7OdIYszErQ1G/OYyJ9tq5CuF350hPjMtlKgCdUtV2oUvwoPcI7ljfMEljOesf8/0GRJYhApdTPCFvg==
+a.nic.americanexpress.	172800	IN	A	37.209.192.9
+a.nic.americanexpress.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.americanexpress.	172800	IN	A	37.209.194.9
+b.nic.americanexpress.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.americanexpress.	172800	IN	A	37.209.196.9
+c.nic.americanexpress.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.americanexpress.	172800	IN	A	156.154.144.9
+ns1.dns.nic.americanexpress.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:9
+ns2.dns.nic.americanexpress.	172800	IN	A	156.154.145.9
+ns2.dns.nic.americanexpress.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:9
+ns3.dns.nic.americanexpress.	172800	IN	A	156.154.159.9
+ns3.dns.nic.americanexpress.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:9
+americanfamily.		172800	IN	NS	ac1.nstld.com.
+americanfamily.		172800	IN	NS	ac2.nstld.com.
+americanfamily.		172800	IN	NS	ac3.nstld.com.
+americanfamily.		172800	IN	NS	ac4.nstld.com.
+americanfamily.		86400	IN	DS	61398 8 2 F6890DE22C9B4261C9FCFAC53FE0849FAA9B573EE95E027E070ABA270CD966AF
+americanfamily.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pUZIbeleHHL+TATSAiz34T3Som0lMXu7drTlWTRcWCnJeiJHYNxiG1vP7DUz/2Cv12WO4PJNLEan9qtZto9+TGm00ToTopwjtQfQS4TCKUYrBeza+ROMqdyEGprGLTtOH3g0QEVksU+HwAJ3QDEBqzXgfxU958KUUsmaUnP58EgYH3lSiooyoyMrzlcBIk5AI9noxW6Wo/qS3RB6nSm6zEnmyp+oFj72wydNmSREGla2poOfccARS9fIJUKoiu9hsxNAsPpemN+++F6b+mwIT3YdekIfwXPgofJ9sjTTBRxK8UQwFiiU6qDfQQWEXoDLsikvlO/cgXf4D6/4uckbog==
+americanfamily.		86400	IN	NSEC	amex. NS DS RRSIG NSEC
+americanfamily.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . brkHJh4uRLkgiKLrq3BfU2cYKtFlIbO3+GSQCAIS7AZicitOkTd62DeyF0nn+zIgVwO25CPB8Mfg9jusgyrw4R5fxtw1wX0+WhTHaWEais8bdOEcGH7IEG6bVLWh6w65leMDk1qrAZlRwuvH0lJG2Y426ikyZZgRM7CbRWNU8aDqm1aqSzFYhvCpNcKtl/Olj4xxI3B1zsM0fEZYsNXnyjN9xhwpauO+VVEABhAgqxzg8n63SyYudPLyoG/zIGfc1UOHLNIwqvIQcR2haLivqL0jdzjfgTsW5YoSkSUcbk4oX1/dkWq2ia4pONJL3Gn5VrW36ITA7OpGH9UfszTlTQ==
+amex.			172800	IN	NS	a.nic.amex.
+amex.			172800	IN	NS	b.nic.amex.
+amex.			172800	IN	NS	c.nic.amex.
+amex.			172800	IN	NS	ns1.dns.nic.amex.
+amex.			172800	IN	NS	ns2.dns.nic.amex.
+amex.			172800	IN	NS	ns3.dns.nic.amex.
+amex.			86400	IN	DS	22897 8 2 E17027E1218BA28CD5CC6847F0B7606066EE92EEA6B9901D4E8E41B3E9930B6E
+amex.			86400	IN	DS	33586 8 2 7DEB639C1B7C68838CB13AC4063CEF638BD32B47A399F6FE712E893A9A8CEC19
+amex.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sgIvCIqGmiDR6gej6YHyo2xSFgvtdPlKMs7UOyrNDy+Jf1Jfe61TYAgifMDbWokWN/fJLouIal+elPqSv8HrpqKSCNquObqUDXSc2lX4yPXpWoL2+Bp9jHX8UcQ6Ke5vr+WBzKSY4TOFWDF9Fz/M4S4IGnKCXpEWq3z8TPH+B3ibWnE0yRcPJsVvDd+22BsuASj8+i8LTOsU29Y0zN2d/pnR8t4Ox6kIUIpcMxCogpIk4kEb2bxq5ifIcEM4A9HaphOZBE/bxKYp+dgx/M93TI8BOoGIiIYQkLjxHlOMeaAdiz5Ph9pqW9J5fIrktffedBjrKXfvMT/kKTbtubXghA==
+amex.			86400	IN	NSEC	amfam. NS DS RRSIG NSEC
+amex.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y6JfHk00cSHRSs24Y/lMaNA25eTmVW7SnFdPWvkqewbaGvDhJI/3Emy7zm3qzpT7mQFeyTTFXCHTEDarzL9VarRTJjoRydgBUvCoUsqqaRjJlenUGGrf/qO8VwnTV758nkJoHPDIPktin8qw0lfWZ+IBzTo9M8VS3p6IbulupEpcoGosOmhWjH2eSCYCWs3b0vPuP2v3M4I8+CvcSsOznxYaUvqrjXZpOR6cQZoLE3o1qXQh/b1mK40Gv3RZocvcgJuwOfIxfltv9xLLJ5rSTGza6sbtQnWJhGt09RFMxEAGCW8H+9m7U1402Qz+S0tQxON9p7YYz4xQUeuuhAiJ0A==
+a.nic.amex.		172800	IN	A	37.209.192.9
+a.nic.amex.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.amex.		172800	IN	A	37.209.194.9
+b.nic.amex.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.amex.		172800	IN	A	37.209.196.9
+c.nic.amex.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.amex.	172800	IN	A	156.154.144.10
+ns1.dns.nic.amex.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a
+ns2.dns.nic.amex.	172800	IN	A	156.154.145.10
+ns2.dns.nic.amex.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a
+ns3.dns.nic.amex.	172800	IN	A	156.154.159.10
+ns3.dns.nic.amex.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a
+amfam.			172800	IN	NS	ac1.nstld.com.
+amfam.			172800	IN	NS	ac2.nstld.com.
+amfam.			172800	IN	NS	ac3.nstld.com.
+amfam.			172800	IN	NS	ac4.nstld.com.
+amfam.			86400	IN	DS	4101 8 2 D2C0246802AA5B615CFC8B700A5245ADFCA49477B37F870499A44AB272989A7D
+amfam.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FrB3rShW02IH0ozcWQQSgEpNQ65E9UdAeCu6vSOz2t2hFvJzZL3lyolM39RupYV/FRCsVqeQ/exLB6Fj6z8U4U7gIcRbQuQWpgZVF8l5+8rfKU+bky7zotwDfU+RX+JHpapW8SaYWZW0KOSlUo2CBqTYi7sDVyZk++/120XRaYQViMzoZc6SH4kJcwsZw8wbKKmzao8nUPkNsdUHvXOy44nZFieFXfnR8MOfAB9GLHrqjxJ4LKLVBRR7fzTkExFXRvqYTeohieXdVpMXVrYpe5Uyren/PUwGWPCJDs7GHtHTI2ng7mIFZlookn3P4LEP/w5z+06v1nSCfe5e9OkJgg==
+amfam.			86400	IN	NSEC	amica. NS DS RRSIG NSEC
+amfam.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DmJbd/tiwBsPqtDf07uL3QnBJPfEpBZAvj0pxIwDRGUxDGAn2RZexcbKIaDwIKjKLrlyNkyd9oP1jISZfD0YqTEcyHs6KKNTtGnm5FVaZZh/hlDrfLgGXLVY4BRu1pXT4wDl8qHmXySXaIV4MBz7Yi2g7MxE6CKyBNiSj0iBGkgez0gSq+MPuakF2lXzlFL3H+gHUx1xdvbZ39we4JI+Kaqx9pXmah34Wyfe+WD8Ug5vUIHU8EaiFnNC5GFKtKd9Ya+9rPqci2/sy2RTEHIlSbaJhUkJS9gZcXaI4Sy+3UrBvhdvtFNzJ9GgQSkPP4EHxztYoCvOYb4OFCxODxJDEQ==
+amica.			172800	IN	NS	a.nic.amica.
+amica.			172800	IN	NS	b.nic.amica.
+amica.			172800	IN	NS	c.nic.amica.
+amica.			172800	IN	NS	ns1.dns.nic.amica.
+amica.			172800	IN	NS	ns2.dns.nic.amica.
+amica.			172800	IN	NS	ns3.dns.nic.amica.
+amica.			86400	IN	DS	14902 8 2 A464DF4FD3A7B27EB3177A1813BC95D25D3F50E5AE5192619A272DCE8587CEA8
+amica.			86400	IN	DS	37714 8 2 D2D98DD38D76B5819CD3079B1772EA5370F5CD0843CD53AF0569985C6D92599F
+amica.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tlvcKwa7/LglT8P31cGUpFDpSHRQWAXWe/B9jSVkBQ4xR8Tm32w6TbJNdo1WnPYyZG+gdBXf06j2lUljUSGe8yMOd/F3xAj6mgcpVsYjuWZn0202JH3zNVDgxBeL8Gjx9MrTKw63793QBr5NEZvInd/ULS8G/5ZcOlJWMSD5DfGt0v5C3GjSTn4WWZ68+atH2pLFI1DfYZHGna9rGYz9zA0HF8/kQcHUA0O4BA4iGaqt+IBcuDfjSzskB1lzq/EhlF2B5W7Ou8UzfugbtSuFzAPylv/p5YL6yW+8VLLtQ4nm0mk3/PLq3a5Y965CXkAH33wwkC1v+4Kq7sDMPNX6MQ==
+amica.			86400	IN	NSEC	amsterdam. NS DS RRSIG NSEC
+amica.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d7vvVxzjK1aX5BbncpvMQSrfxNG+Q5GZMPtHa4PGrQxbtz9H8L3SCMQBH0K3E8ki5dAhw4FxnBwkcNQ+H5/A6uluYqyB9Akb5EaEBs7eHAEnA1Ejt0Bcsf/sVTYLqBlUv6Ik3VNl/FMoOz5AcoWfD0JPVijt6jNDwx0hN42mar73Q8vFmXW8KR+Kj8AiogNNXI1XVVy28wvgWpBZ/bY7hZ9xWDEfXaQkUh17JQc5a6yuuZGIzlWDOOO5SMdK5LExwR/eGniC1+0LwI6glgRU1u/R2wK+EghvUdGn5oHOBNM3VP1dVEBD/mtUIPv7ZUeXf9/J5AFAVguvb++6HfmLhg==
+a.nic.amica.		172800	IN	A	37.209.192.9
+a.nic.amica.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.amica.		172800	IN	A	37.209.194.9
+b.nic.amica.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.amica.		172800	IN	A	37.209.196.9
+c.nic.amica.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.amica.	172800	IN	A	156.154.144.11
+ns1.dns.nic.amica.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:b
+ns2.dns.nic.amica.	172800	IN	A	156.154.145.11
+ns2.dns.nic.amica.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:b
+ns3.dns.nic.amica.	172800	IN	A	156.154.159.11
+ns3.dns.nic.amica.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:b
+amsterdam.		172800	IN	NS	ns1.dns.amsterdam.
+amsterdam.		172800	IN	NS	ns3.dns.amsterdam.
+amsterdam.		172800	IN	NS	ns4.dns.amsterdam.
+amsterdam.		86400	IN	DS	29930 13 2 66E790789A927FE0510DFFBC2309654D9CC1B4D32FB3797B6EA6F31CAD59D7F3
+amsterdam.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0cwS1JAB8f8Qg71JxpaKa/8hLvLhBzLS04j4mxcsWrvbB/6CjBEUzUewYSD+CIjjMZz30Ge8AAJLN1YQDe3ozxzlbZipvbL8yAJZNM5boJoXHOh7ptaHJMbitKHCjdcssQEaqF9P9ZKKVV+nl71kMGGbgAF8lMbf+nqVuPlpW0oEyKixL4hUzeheOZevYdBJwH+Veq4SWIr9MDe5RNwW5jU4HMwyo3aXBjjgc9voDZOkGicNmiTRrpKQF9CNygSjqdj9NaV+uDvZ9VHagV6ZxpMWV59E/R2RAPPsKvpgfSNH6Uw2DnBXIWAXZz6uOP5SHxvSEsvtCdskOuQkEO1EDw==
+amsterdam.		86400	IN	NSEC	analytics. NS DS RRSIG NSEC
+amsterdam.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UIeReTjKcGXkQgQ4LEzV3p+wJqGhfphTPR/bkG0GhhWT0RtQ/PhUOefS7Hd2KlM4HddbvCNRO3a7YSAAiepanLqmHTE2Q+fLEn2aLfYiaDfUrXYhrtaQbdG8IIv4wB1nybbypCU02ow7jUVoQMlURmCKf8FSLBMS4Lis4vucVCoWnjawQ0PBc1F/8Z1DzoSdn59y4L9UrsK0F/xyqQWgahK6yeOp0uyHdtNZ0NnxHkqpbQB7J9EavNQJlFbxV7WW2kukZuv93vu8Yioq5oJJ/0Ect+uazrRN9IfDuPssPzyhqs3EVWF4RvZVlh16u1UCYRBcfQByQGYK9LhKwdfELw==
+ns1.dns.amsterdam.	172800	IN	A	194.0.28.4
+ns1.dns.amsterdam.	172800	IN	AAAA	2001:678:2c:0:194:0:28:4
+ns3.dns.amsterdam.	172800	IN	A	194.0.25.26
+ns3.dns.amsterdam.	172800	IN	AAAA	2001:678:20:0:0:0:0:26
+ns4.dns.amsterdam.	172800	IN	A	185.159.199.202
+ns4.dns.amsterdam.	172800	IN	AAAA	2620:10a:80ac:0:0:0:0:202
+analytics.		172800	IN	NS	a.nic.analytics.
+analytics.		172800	IN	NS	b.nic.analytics.
+analytics.		172800	IN	NS	c.nic.analytics.
+analytics.		172800	IN	NS	ns1.dns.nic.analytics.
+analytics.		172800	IN	NS	ns2.dns.nic.analytics.
+analytics.		172800	IN	NS	ns3.dns.nic.analytics.
+analytics.		86400	IN	DS	31084 8 2 C08755F7BE6273AF24944D2FC49C0D1590DDD440AAA7440A08FFC67E2288C5A1
+analytics.		86400	IN	DS	52096 8 2 55DFDF9C576CA2AD13DEEC42A7D0EB36DF9FF56500C5CB33FA0C0879C6F1D8D6
+analytics.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LRgYp7xm7Ng1tSw/26mbFgVWJwYYNAI0uR/KTfm/3uWDJnIv9GEnm7091+JoeMs8MWliHQvguOBSg12HAWYp682GyjtH5YfL9MZfuWR92gp4ZalmNXmMUzIQayip8dLNBSVtN37pZFlBqEiRxhYoCPGR9dW5dUQi/sf+XFSgL7fGFsm405A1cRsVyMAPXwE6nuYSpIMLwKOmmCqvaUWEld63525ymL+9b4ZbwEORBQAT2tSgM+tfp4YPlUV8LX8wWilKu/DCSSUQpV6DvQzzeZhNoaPdpF3vGTDgthHmjsEOc8NPnd7MH5W8aMnXmAlTpHu3tfRWt9Md+GenZi8s9A==
+analytics.		86400	IN	NSEC	android. NS DS RRSIG NSEC
+analytics.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nahTh0gyXLq08vxxL8tBrNYT+ywz7njRTdM4SIOo2ber/k80Nl7Z9qMGjSxZueJ++ZAn92zq/DPatPPh86jfMHRJcqsMaQBQPNXakp37vgFSn08Ye+VIyHIGDhBDEmioSQq8nwDxhmHRoVZJJBx87rw86XXsf3PvOAWtMQ6h+yYYb8jctbclZPQBAZipBHWcQwkeJBQRkaPM2d+pdrx5fII2oFnCeIjjSRzM4o6V9dUDqiWRhTL2xvyoZo9yKXAKnKy+UKnSmAixhfT9kzZsosBjweYkwHYE9FcSq+gxPr2piDrKuwlPNA4Tz6C2Z3GXgMBkc3rhjo99ukduqkjz/g==
+a.nic.analytics.	172800	IN	A	37.209.192.10
+a.nic.analytics.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.analytics.	172800	IN	A	37.209.194.10
+b.nic.analytics.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.analytics.	172800	IN	A	37.209.196.10
+c.nic.analytics.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.analytics.	172800	IN	A	156.154.144.12
+ns1.dns.nic.analytics.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:c
+ns2.dns.nic.analytics.	172800	IN	A	156.154.145.12
+ns2.dns.nic.analytics.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:c
+ns3.dns.nic.analytics.	172800	IN	A	156.154.159.12
+ns3.dns.nic.analytics.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:c
+android.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+android.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+android.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+android.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+android.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+android.		86400	IN	DS	4937 8 2 9D8E83DD4629DDAE1597428C5352EB7B9CECB4854548D960AC8D7112D24C7F08
+android.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ec+wrJrBq23BK9Lgicjs4AP0ChMWgFJIJg7EzlAs4PpADJrSF/bYyIH7soRP0oQW4ToKQOp8HuTllrRV5Twljro7uRS6zmxHqRIhA0IPhTfEFve6WbTpYmX5euF/Bt01dWBq3a17DkG0D/XWUutWlJwOOyl7Qf0wjdjVMaGwqmPb1JrztXVPORbhUe5jZXouNmgwQQsY6yA9e53rMG/OeFSkqLKOqnQaB28KYdlpH5oArHpAnp5kZHj1rPz2p/mSSAiVjNLKlxKQdtD1pQ8BgJhm9rrDl816Wx1gtAut/yLW92BKMFcJvDb8eKq7QLW+hOKSMKl6Y9Qybn/Cn40lEQ==
+android.		86400	IN	NSEC	anquan. NS DS RRSIG NSEC
+android.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . z3ZXAfXlnKVO8hRsuqJZoN69C2CA4iY3rf5EbotsdCE4F0WxnD1F6VGa/AtKUaZBU6MKxb+6DNYm3wYWC/EOSaAmyKn5c4L2LV15/k0+kmr8oulnZLydNe6ffeikGMEiqIHNvDHXINDyMvr+DpZI0cN3uda2VFWpsYwbabZSN+yWZTbM9qzapZ0jVr9MtC4QZrzUa4JAc4VTjgiLvw2MOxYTdXCQv4yg8KFU8MNfE+D2qui8mG5tHFmo/ZTavzOYW0mxipNOARM63ZNhzwggJVTlaK7Marm4jVEtFratefxfeqJG1CjgWm/w7xcXW8KjluuZVJmTkAIXcSL3PKJv+A==
+anquan.			172800	IN	NS	ns1.teleinfo.cn.
+anquan.			172800	IN	NS	ns2.teleinfoo.com.
+anquan.			172800	IN	NS	ns3.teleinfo.cn.
+anquan.			172800	IN	NS	ns4.teleinfoo.com.
+anquan.			86400	IN	DS	27565 8 2 F8BCDC5D341EC24CA492B2A1FADE90C2535844CB0F086A6AB77E0059EA2E8CDF
+anquan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GQz3bL6aCCUq+u5GUaldfqMn/4gtAxaQehkbNbgKDPfdxHIFtHDiQ/aLaDo+AdsKLofkzPQnSBJz7aA+L4BQTbBZIVxpXcBAzo7b8WDckrPKPppMkaJOd5zC/GkfPbqPYz4Hl29bsHePYQJt8g5j8Q0rplDXnStgZBB/fEnCnOKUNLBp0knYDnKNuNMgwsev0NeXNINJ45B7AxMiPpywpTR/Nn8cTHA49zTVDEJ/AVnohCGNAndXzY80sBjBJG5kCYEj3PsdNMu6MrtgcBAKQONZ8ltj6s1y4HzXAsTV+Z45RP13nzZAkHJjUpCiwAaV4T8G/FgxssVAQNWsm5ZVAg==
+anquan.			86400	IN	NSEC	anz. NS DS RRSIG NSEC
+anquan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mUv2dRCinbv5/RovYiHxhLnVJGoH7gmqCXKWIR35yt3SMR4UcHlV0IB9RwpcYeH4Gu1bKMFZmHW9Ls9D8AY0Gu4R1Plj4kloM39aRd9UMRInJhg+QXDvPBaL9O93zsUNqxokQR4OKltZ+XdMSKJgr9u5eYw6FrQ+uu+pbyM8BUcIScz0XHuusPh4gYa6IcklfMxtbJcYBofdbIASXc3XNuRRTHAVxNWKyuEFO0hHiokVxEkQeRKo4MOyZbbT9tyDs3PvoXFg/ltDPi1JzFJPz2mta/BYT/C9Vmr4R6kXxK8+dSAX7WtvJXtb3nodT9CiVlie4QdE7XM2Riv99cz7Zg==
+anz.			172800	IN	NS	a.nic.anz.
+anz.			172800	IN	NS	b.nic.anz.
+anz.			172800	IN	NS	c.nic.anz.
+anz.			172800	IN	NS	x.nic.anz.
+anz.			172800	IN	NS	y.nic.anz.
+anz.			172800	IN	NS	z.nic.anz.
+anz.			86400	IN	DS	25084 8 2 6A107B65405BFE98C0CC040FBD91A29D9FC927FEA447CA0AE4F5538ECF9FCBA5
+anz.			86400	IN	DS	62806 8 2 93266A86BC6D50AD9DA1DDE33B73589F9CD0BE961A058EB386475F63891206C8
+anz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . m1bGcGh1U+EWgEYzU4ymmfZ7iJDuk90ezUZ7S5NqN7UbDcYSS5yIuQkGVJyPcKDpP20Bt8Rcw1p4eMYLLvUidu32uL3/mU2DHqQ949NPbzm5+jLVqohzDgWqwQtWAI98a1jx/Y95Pq1ZdDPuFobyGooY/92Z5VXDTUR3FmhEQoxIoM0xhOJIe28RIChdRS7UWsil+ZkDoiqlwhVA1CWcrviArQ/7nLRlxG6YsPQOZTNdX6ewX1zxjaMsMOOXuUe9yBcWxNtOitTAeKlcAE5RrzdwgC9xiAaxmwJ7A4vhwqbW6MOF70C7x3ev0H0V4kQbjiFRdk5D/6YuXYVYLq4aqw==
+anz.			86400	IN	NSEC	ao. NS DS RRSIG NSEC
+anz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lBsYjriC4HBJpGxaoFIYf7UgwVfNI8hB2iPcPBFYeKhbzrAJ3hxX/AvblR/Vu3/ZVOUDf6YUZHWgsAGLQXsUN0vjK64SRSwdyNugvXP4yY/RIvUznT3xnA19B9pwVHFlcfKFH1/EcikR+a/xAlc1+zUk+MOHmtAXFtG44t7gcXi5KtUILIGtDiwdYZMJD85TJZuRBWPyly6XtM3LTq6/Xjzy4P6ayHoEGPorL6sbXMsGqQCOHFRId39pt3S2LRy9xXdlvzCS8N9eWqyY2miEBnBQzfq76smZz3IXlP5VmgB3Obq4e8HmRo95IccXDqj265+sxDRlccEKilpx1pPRgg==
+a.nic.anz.		172800	IN	A	37.209.192.9
+a.nic.anz.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.anz.		172800	IN	A	37.209.194.9
+b.nic.anz.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.anz.		172800	IN	A	37.209.196.9
+c.nic.anz.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.anz.		172800	IN	A	156.154.172.82
+x.nic.anz.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.anz.		172800	IN	A	156.154.173.82
+y.nic.anz.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.anz.		172800	IN	A	156.154.174.82
+z.nic.anz.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+ao.			172800	IN	NS	h.dns.pt.
+ao.			172800	IN	NS	ao01.dns.pt.
+ao.			172800	IN	NS	ao03.dns.pt.
+ao.			86400	IN	NSEC	aol. NS RRSIG NSEC
+ao.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QqPkDnk93nrGf2tu0/zUnciVFSGQw9Txt6Ou/yMag7ovP70u2+G1odMQn4dE7BpR2pp0RdnwfRm5OZowwk2S5Q723mFJv7lL1ZNKW+bESgI8aw68V/nt67lfdhYi21IvE1n/dD+0OL/cg3UGMb5tyzmO/l6KSq4rPCkiOGGW3uapXDoLY0owc5xv6JMR63pjgNd2z7oeTfGPEuK4uEzUc8UVJHfy6VaKCV5BnBj3DeTCZwBqkIeZkJFGWX1ldFvowSpjtDNdQGaOhf0A8pfG5fDfR3qQCrWCTlWYcOfN5iedvDCJdAy6qliQzc2Af50rGef1MU0EH0+Q+6PpSM+jfQ==
+aol.			172800	IN	NS	a0.nic.aol.
+aol.			172800	IN	NS	a2.nic.aol.
+aol.			172800	IN	NS	b0.nic.aol.
+aol.			172800	IN	NS	c0.nic.aol.
+aol.			86400	IN	DS	26461 8 2 05DE3346DF593B9DB78A40EFA9A8EB847347296974924FD837900DB7054C13B3
+aol.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LRQCrdl5bMQp7wlZL4qngXpMOnKFLhZ2IbNHYLqY/A85LGqFpW91RaMWpxmqMeYsDFIzjCrdz3c/cKKVTTMTTtSmGM55CiS03lRNTa6f/6Tfg956h7ygdCG0juW8s92IfzhKTQ7HzX4o6s16f6Mw4D+G8H8P5acbt6/9zXpI6JdYvOkgclugtGlWc696bo/qF2LEz8Un3TJW7Jg6UBEDauFE72yaAgfOnioriwceiDqWe3a3OwEuEDno87BRL98cWQ78Q/xpUR7+gsVELrfa2TnIPSJj9F/xTguXRf3jMN52Fm1i3G3sV/G8JHwnURQV1J1w24U+7pTpH/JPZzSiHg==
+aol.			86400	IN	NSEC	apartments. NS DS RRSIG NSEC
+aol.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . s0B1rA+aU3HBbFMNSLn51uIVXvMIWAkfDS8PPWIs69NCPSrs9QdeMbmzzXDDAOX8iKYlXiOe0PLVGjn4OIQR5pPKH95ObNLkzR0Q/KsLURaTc9lVks7LH88oiGKld9ncHqGJR7luhjBhrUCrQSXMopt3EWOj2/wzqm6i28a9w3uAD1S8NFfo8NMqc1gshQBleOpcph/3Ihs9CnI7wbPyR9og6BaTTet/DIuEG8KjrqrqFTkcavfVk3nVd5dUEDsdIZsDmUvRWJ3gdeKtB7OJMilKIGvPm5gfTNDvm11Y9UNrpaeqZf78pgIld5dAbSJkW9KpqzGWmf7yUAAEauhN2g==
+a0.nic.aol.		172800	IN	A	65.22.112.42
+a0.nic.aol.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:42
+a2.nic.aol.		172800	IN	A	65.22.115.42
+a2.nic.aol.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:42
+b0.nic.aol.		172800	IN	A	65.22.113.42
+b0.nic.aol.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:42
+c0.nic.aol.		172800	IN	A	65.22.114.42
+c0.nic.aol.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:42
+apartments.		172800	IN	NS	v0n0.nic.apartments.
+apartments.		172800	IN	NS	v0n1.nic.apartments.
+apartments.		172800	IN	NS	v0n2.nic.apartments.
+apartments.		172800	IN	NS	v0n3.nic.apartments.
+apartments.		172800	IN	NS	v2n0.nic.apartments.
+apartments.		172800	IN	NS	v2n1.nic.apartments.
+apartments.		86400	IN	DS	36754 8 2 E176954CD1754D3AB3E01A778F531D79DB8A010D674C6F6934F019C0E690F183
+apartments.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MMD7HMUba83Mus62U0Es7U5biwCOlY5FVJWlFvvGoMck3Enjxvc8YvuNK1If2QVW10hODSnG0Xua71ja4XHQg4yHTyxiaMcm3HV7xhJVkZhspY1izs/wIxPJjfspMa8HPzYq7fWCcry7Q/0uN4Hz6rmei/VdA6UHEYHG+JtDm2SW1YPPPGweEr60Ql1Mc0ITctPTMDJhjJ8nX+Qh16Tvnlj2LVauQBNF5jaWXbxTYAfoCF1gB6xpRSm/k4n49p7DD/QqLaTUSrrqf3Tm2ecAHhm4BTiDT+xgmhURtsayJDttegmVw4O4FfaAopO2CwKVgRZFks9LJxgWh3QXLOh61w==
+apartments.		86400	IN	NSEC	app. NS DS RRSIG NSEC
+apartments.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QKBAEjs9ei5npQgY0mXGN7iU1nGikZkXzuNNn2qdb9532iAq6cApKGqBqIXkjC+xZpoQM72PaY/tpaRbotcVxaJCDNTahJl7suRmcf2ynhrSzNaYm2JOSCJkUhN6t/arGGHUHQME8Ck+1oo9xayI9BC4kHPsX6lMKfof4mSlWNBrkW8ilGCDeuCylJZvpmnXn5izhuAzeGtYk+x8gs4sJWBXlnoTvWudAaGZ5n9o8LTK1LTiWxN20MR6+teHGLH19yW0kaZfiLU7DHwJHlKbZ+VcrjEMg7XIPdWAMnhMLAGX4zvqLgd913LGBEsoPbSrUyc/nfAquGtRQaTA6b0BHw==
+v0n0.nic.apartments.	172800	IN	A	65.22.28.56
+v0n0.nic.apartments.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:56
+v0n1.nic.apartments.	172800	IN	A	65.22.29.56
+v0n1.nic.apartments.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:56
+v0n2.nic.apartments.	172800	IN	A	65.22.30.56
+v0n2.nic.apartments.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:56
+v0n3.nic.apartments.	172800	IN	A	161.232.14.56
+v0n3.nic.apartments.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:56
+v2n0.nic.apartments.	172800	IN	A	65.22.31.56
+v2n0.nic.apartments.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:56
+v2n1.nic.apartments.	172800	IN	A	161.232.15.56
+v2n1.nic.apartments.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:56
+app.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+app.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+app.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+app.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+app.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+app.			86400	IN	DS	23684 8 2 3A5CC8A31E02C94ABA6461912FABB7E9F5E34957BB6114A55A864D96AEC31836
+app.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gwi0t1aOYPAK2Z+pPSNArV9QNbVt/Uk+rW9HR8m0hiCKc2VNNIkmpGKSNggwtWNP6XwC7AW1E4u+H5CVubXAzgtCTC8Drjv+sPFHujdl4P1Qxw+kObUm8XCNcLfqSi7zvY7IHHn7AnH1TLcOXRbsqL1NbxXh1/zSGeNlK/cwTtsLIdh/MR4J+hgBj5x6hpzuVGCuoMUBnlm9ScdVnJX9h5wwVhVrD1py1h2CmmCgORxTbLjJb5yIo0+F21YxKnLgx9a8lGRfcrnhL1sp9mGO0zkAat274bD2Ohu/v1n2kEZIeIAdPyEXOjQ1OrKFJ2aAy3j9c1osF8mFSLKWMUTWdQ==
+app.			86400	IN	NSEC	apple. NS DS RRSIG NSEC
+app.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zjCXrhdFFDZSXjfdTGoh/QK385AnMqcMReI6cvkLjP1tClB0HFmP3GrosnLWOqxM8DxHwVBTZD6LecOhjl1D/bcXwPS+/mF0z/nlgZ9xaHWoGUOtgmxDZ9R6cxQtKJdAIaFHRlY/sW/NYnkqManoOBdcOfCerbXmyp9ZM5y+3WsrJu+E3d3XX1einM8/p6TBogy8ZN9C6OxhTgfXoHp4WodZ00BBSYj89sVVcd808lZf+m/OBFnJK3dhrzM7F3luO1mY7Mu4r6JXGBoSNCadqVXaKD49vMKH57spHyFLdHhXm3/1s4YyIOXyw9bdf3nW+sYALcS2dVWTCCkogOKeKw==
+apple.			172800	IN	NS	a0.nic.apple.
+apple.			172800	IN	NS	a2.nic.apple.
+apple.			172800	IN	NS	b0.nic.apple.
+apple.			172800	IN	NS	c0.nic.apple.
+apple.			86400	IN	DS	50166 7 1 20DE4DA26E31E393746200E709C6F4E91FE65D4F
+apple.			86400	IN	DS	50166 7 2 B8038B6449B548E38FC74CE04D21726C9F052213A55573256C6867AED2E6C091
+apple.			86400	IN	DS	54541 7 1 07ECA60632B3A62AF2BE9E597D7C5B6F1BB1FC21
+apple.			86400	IN	DS	54541 7 2 EB3A275C32EEAB32B6F7F6A9EC1D19E327C68EAF1A55BD5B8DAC634BC416E8C6
+apple.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BQwoSrISR3hq8usnxMQwO+3Eyw09e9RDzIt5AjHuZkHMolQSNzT8g1k+f+0mxpL2NJbmNe1IvJ4AQXYPRKxRyx4x/KDKejwrrJPa5cYgRJK48LgHHU6BKhJKfjAbC+L9ATZxJPWy6ESK9vafb18bITx1VDdJVAqj7PFKCXXpKTnJBuAkzn6PAnWLfApxDbTm6eDgwKnxtJLhb5xB9qAdC+WmFVlNCPCLrSKVtwFPwac1fO9QiYoHL+YfC+UxriB03k4WbvjCJ79hu4azkecm0OAQcgrmRHZLEToeAZopY4fslw8bjx7orPOQ5FqGDtWB/sojg0YT73pYXbWN/nAXUQ==
+apple.			86400	IN	NSEC	aq. NS DS RRSIG NSEC
+apple.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MszOinmgMzjTcLiD/+uxp/eFsiv3r2K7vQrSQyFWIAWRscQymRK9v+QUVxiljFgzOzr7bKP+MD/Sb567HBTSNN1XNanfRBOPFZuxa2IBnKzG5D8ne+jZEBggy1iExwcivQ1GejXlv+MWRd2T62aMxrSaW/PYpStpkMZA9dPJmfn1qwFTL8LijD97W6RdfxSf/vKGA5wFzwf82NIvOVgoGEF6gfHJ9ARi64bAX2kzTBjVP5dS1OZiixIL9GW4XHts4cq8I+LeMbaXaikYrgz8mi1Fg8D3B6eOjUcxF8aAqQLqDAa3OfQpEmX7XL1Q4dBRkMZ6nArJd3eFFUF9NhwDpA==
+a0.nic.apple.		172800	IN	A	65.22.60.1
+a0.nic.apple.		172800	IN	AAAA	2a01:8840:3a:0:0:0:0:1
+a2.nic.apple.		172800	IN	A	65.22.63.1
+a2.nic.apple.		172800	IN	AAAA	2a01:8840:3d:0:0:0:0:1
+b0.nic.apple.		172800	IN	A	65.22.61.1
+b0.nic.apple.		172800	IN	AAAA	2a01:8840:3b:0:0:0:0:1
+c0.nic.apple.		172800	IN	A	65.22.62.1
+c0.nic.apple.		172800	IN	AAAA	2a01:8840:3c:0:0:0:0:1
+aq.			172800	IN	NS	ns1.anycast.dns.aq.
+aq.			172800	IN	NS	fork.sth.dnsnode.net.
+aq.			172800	IN	NS	ns99.dns.net.nz.
+aq.			86400	IN	NSEC	aquarelle. NS RRSIG NSEC
+aq.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WawML+aFdVcQFqeQtMK1z5iiRGHcjXr/sjmUiL3h1OZW6bcwrbEm0hvaVFaU2AfrDSNTIL/x+gYqRq6J5nW4oDFEaLv73xCuBFZRNKF4mUUbPKsrm3Nws5Rmd1gfxl4w76CD3ZbgztSsh45Ayw6WCKms2/YWGivJQ6hN7lZP31m/QBTZN9ikpblT1pIjSw6zHaHze3lrnmBH4YrAWGP6qTg9X29noorjXTRnzodhiTy3S40/iMs+EnKnW/s+j2uPmgpKL6CnBacDV54FE7LLT4pq+7ZmDOYCXICc4zYfBMHk2AoxhZDxKXHG41IctAIi19DDnNaFmjj8w17c+Oai1Q==
+ns1.anycast.dns.aq.	172800	IN	A	204.61.216.132
+ns1.anycast.dns.aq.	172800	IN	AAAA	2001:500:14:6132:ad:0:0:1
+aquarelle.		172800	IN	NS	d.nic.fr.
+aquarelle.		172800	IN	NS	f.ext.nic.fr.
+aquarelle.		172800	IN	NS	g.ext.nic.fr.
+aquarelle.		86400	IN	DS	22061 13 2 65A423EC214071521668ED047D2E74BA781E6495E0252CB8E08A7A633A89297D
+aquarelle.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qTHp26eBmoW+QQAaeSqd/WWFu6VZvDxpQsrIhxNMzTwvPkWbstJ1bIrFFTJj4yY5I+I7Pf8s8waoMqIer2E5TEBYG8c+rgG8ZSwJWHoP6DKUmfmUVItYu/wFdtjpOuQbz37N+cGf1VzaXjpyTH8UH+3KfRnNiN0Zk6Ajk00CUYEz6XGQcwEq7Od3vvJ4I+7Lj70b1giQz9YO7hbfBgKC7HTMYYohdl7NUXF3mkwsuPDOiyzhQUVn9ZI049W5zyWnF45/8bNVI5aqUvU/eB8ZxTvolkDIW1z5F8ijSu1GlVdfkE2YFs62PjatBvwnmMMJxSpyi+BE5joLdfdYJaqU6A==
+aquarelle.		86400	IN	NSEC	ar. NS DS RRSIG NSEC
+aquarelle.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hmdMKJUwzgYcqS1F45GfNZrNTsad5O80XecHJtPzsQsoSK47dNBQhRkjr3PK6Kd2BdFWD71mVr3U7/0/o6QuT042pANvHPShZgjJfz3NeZ/8DM4Dg1Qu75HHQS7yKgSPIoPUM533eNP7YNvXtAvOBsPSvZq9hbHADmhv3aJ0BfdWRJc4Y94yfuMxg4JSbp7sSI+R9Boq8k4R6mBxf9O5VmLZ2HFQg8W/vkl/oc8FY3elzMmxVH6HXBZxP3Fq23Iao+Cc9agjQ0WL2hg23D6laRifMpBrQP8YuApWZ9ro8eVmI+6OwGuakIDCC+IO7a8tyWjDTe2FTg00WzCRaoyc7A==
+ar.			172800	IN	NS	a.dns.ar.
+ar.			172800	IN	NS	b.dns.ar.
+ar.			172800	IN	NS	c.dns.ar.
+ar.			172800	IN	NS	d.dns.ar.
+ar.			172800	IN	NS	e.dns.ar.
+ar.			172800	IN	NS	f.dns.ar.
+ar.			172800	IN	NS	ar.cctld.authdns.ripe.net.
+ar.			86400	IN	DS	19606 8 2 4415CF1A2CF10DE94B92BC020F21D1BF4163B2E90F2A6F6A5D2A1740339D566C
+ar.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ln0KNdqj8f2RkWZSFnqu3J65Mwkn9wsL6VbtiBZuIdIPFllwOS5kPbN19IYDwF7p9xtKQmnCDYIv4YJvvpMyBjU8jLldgjnokmX7HFmeA03ubnF6XuGiQGN1plMIIuQ2o2zOgKq8zeO0eVK9SSLAvlgzM4C/KhvnrWfv5wZURy7NjSkJuZ8Y/FHN6UMBE7X1F+hUN71kGibFPebu1XJ6HnoERnvpm5X3suzC9SqR1OmvT7d3wu858pcbGhnhvjGkRHfL+Fg+P+mRvPrtsvN8Eqm54RCpp1HOHKGXiAlkTHXL9FeGEwwInOODGzQEzbwzYWk4oMShroFg/M9NX7YLOA==
+ar.			86400	IN	NSEC	arab. NS DS RRSIG NSEC
+ar.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BUXgwkJVo7FHdCbM+QBx8fBgdkJnXpwLpDvVUtq+s8iRI0NKw/msXCX1kg+lPXwY9bQX8mEo6WtWCyxjTU/m1IqJCkgy3ZcepvJdgPh9dS+EjTqrhWwtWLuUHGsAAkzy2LptG3JZ5bp3uJQNZSPxBPJQJhlQ6GkCTJcbeG1As9x3ITnw3Vg9M9X0+bxmEAytHSDhf/blhHhx23tdpKsuBZjud5Ja8dlhPKWbjUMvsDmkMeBt9u6bAbEgEPnlQepZUQnqIRm/Ss5NkTA03cYVrbC9WwowHFLTBB9tH3POeoUWTcz58vpXXfkByHOtKsChkOWlZ2cOXzFQJuanwcvJjg==
+a.dns.ar.		172800	IN	A	200.108.145.50
+a.dns.ar.		172800	IN	AAAA	2801:140:0:0:0:0:0:10
+b.dns.ar.		172800	IN	A	200.108.147.50
+b.dns.ar.		172800	IN	AAAA	2801:140:11:0:0:0:0:50
+c.dns.ar.		172800	IN	A	200.108.148.50
+c.dns.ar.		172800	IN	AAAA	2801:140:10:0:0:0:0:10
+d.dns.ar.		172800	IN	A	192.140.126.50
+d.dns.ar.		172800	IN	AAAA	2801:140:dddd:0:0:0:0:50
+e.dns.ar.		172800	IN	A	170.238.66.50
+e.dns.ar.		172800	IN	AAAA	2801:140:eeee:0:0:0:0:50
+f.dns.ar.		172800	IN	A	130.59.31.20
+f.dns.ar.		172800	IN	AAAA	2001:620:0:ff:0:0:0:20
+arab.			172800	IN	NS	gtld.beta.aridns.net.au.
+arab.			172800	IN	NS	gtld.alpha.aridns.net.au.
+arab.			172800	IN	NS	gtld.delta.aridns.net.au.
+arab.			172800	IN	NS	gtld.gamma.aridns.net.au.
+arab.			86400	IN	DS	20671 8 1 A3CC3AD421EC53930B28B255900F9F005C881AE7
+arab.			86400	IN	DS	20671 8 2 164F98C3DDC5C95932ED38AFC1EAC629B8B10484598DD6B3D288C6BD95778730
+arab.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JbAVm1HrL5Bv7TYc2PNUmAh5BxDxUQ08pqg4x2BrD+/s5EWVukLjnY0fApHYBNbnaOhlUAVgBiVUkoOQE38Aqc+azN7MsdSSvpaOLbuQ31Ad8SJaPCBqyttbROtdqWBIjUug1EvBA0KaRXp5JYbjC9sbOM0HQuK8uDCrGUbzCblTO/hkHGfIIKZiMbaUvGN/8cYIfAtxh7VB2dyQecUoT7uOq1kukRBbcYu4ShLoAuRPZ5Ee1rFdGkimXPKk6MawtECeihiwGkVmzfzvYMrJ3vDL+9D35lP+Aj+SoJoUlh4s98Fd8Pdma7d5Kxqlfg8UZeohWou+HocN5WNIcEHxzw==
+arab.			86400	IN	NSEC	aramco. NS DS RRSIG NSEC
+arab.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ILd1t6B3DKqXh+8/VBhEMx/WMO7ajR9VFlizbV2eMCz7cMO08F6TCqLSXosKW1550ZFucU3iU+OJRuKcKIHZxHyXAD5OhTlxFvZL11j39ZgEd2MD6TezsAd7Hpaf/MWBJuU7xKb+KkKGUuN7FhNeI8SNKJmOks6uITUQSQJzV3sKSE+ytZVozsRd+hkEJOflb9mFlqTTCRbUC/xViSw2Q/EXQj7VUeFjSgnqQoeF2GYZPYUd5cqE7iyPNpaY88txZ5IyGL+DqE6hknG4GMh/t9yTojGhxWncZHH804GpQRIUI96Q1MIn2yWmjYghhV/EYpLCeQtdGxKPKmD8KteKHQ==
+aramco.			172800	IN	NS	a.nic.aramco.
+aramco.			172800	IN	NS	b.nic.aramco.
+aramco.			172800	IN	NS	c.nic.aramco.
+aramco.			172800	IN	NS	ns4.dns.nic.aramco.
+aramco.			172800	IN	NS	ns5.dns.nic.aramco.
+aramco.			172800	IN	NS	ns6.dns.nic.aramco.
+aramco.			86400	IN	DS	6265 8 2 AEB0CBB0275B05900F98A2F97CB6A47ACCF5D2F559439DDC79AFC695341A9DEE
+aramco.			86400	IN	DS	22207 8 2 2AF8A3FC1AAB39C9117F19956A83F0353FB0C206B33F253331080C91343781B3
+aramco.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TWz9XZXza4LlJzMByBBAQRTPmUnO/RSbg03YNgDamcjIL7u0kqz+HsCTSO+wm9PShLRqF3Q9bo1fs0pgzgWpelpVDfWOejAQrl+tzxZu1tGCbLCKox9FcMZFcS/XKj9VGvIecQWmhwHCWveeqgdDjc1iiBOfzjRuNyEjC/XOC8utWHE+4q025inMvq4ljPrGCnv3MF3d/eYFFXVMIsJbC1Ps+Pw+TX0Q5u+SmTkOJPB5Tjxudv/ffUrkzCR4rQn6KIPNbdjKVsG3AhST+4+rvTcLhHH/vCnlTMB8k1RxGtJQLcuV4E+SyAjGGmaYoLylQSkJraGUuB6bT2ZazEh2fw==
+aramco.			86400	IN	NSEC	archi. NS DS RRSIG NSEC
+aramco.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uYXpwrmgXQc/8gzWTSyxw5eyOpIL7f8KtViNVBN6otMpP0V9MeWL1mza2etBh5kkwyYBI/yxKhU1vxqpM5oD3cjmUWMr7rWK6Gd2VgtZRUUOXn8t6lj4OIaKiWItUjNfa4GoM5Q+0xb45cSBKorkcKOXoAzdRRyHM49NKxk7AZ3lGn/xc1KLYyqs7IriHO5zeQyY8VMQu6KAPIIPPbaX3PBfyEWeS6aNVtmNWNGS0QS530p4sNWAtV1iMvFRGpCQYpF4aCCOrTUXfVh3FfVCuYCcHmHxmVb2xSeepaisgDYc5RHrtBoNpsr4IGwxTskhq+AeuONWGR2xHG4R1O68ug==
+a.nic.aramco.		172800	IN	A	37.209.192.9
+a.nic.aramco.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.aramco.		172800	IN	A	37.209.194.9
+b.nic.aramco.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.aramco.		172800	IN	A	37.209.196.9
+c.nic.aramco.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.aramco.	172800	IN	A	156.154.156.14
+ns4.dns.nic.aramco.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:e
+ns5.dns.nic.aramco.	172800	IN	A	156.154.157.14
+ns5.dns.nic.aramco.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:e
+ns6.dns.nic.aramco.	172800	IN	A	156.154.158.14
+ns6.dns.nic.aramco.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:e
+archi.			172800	IN	NS	a0.nic.archi.
+archi.			172800	IN	NS	a2.nic.archi.
+archi.			172800	IN	NS	b0.nic.archi.
+archi.			172800	IN	NS	c0.nic.archi.
+archi.			86400	IN	DS	11134 8 2 ED2B030F401540096B716481CD8897E37D9A8CECBDFD98C709F4860C77501680
+archi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0nmlrRp6fc8zVTtAhM0SRDR7cQS6Bxbk90q8AehdzdJxMgGneKU2QDUjl/hI8cLAoy+zQyWJOjlKXRrpvzOZS2nzaaql4JHFoD6Lhhhu33KLdLnez/3rEqxOaHENV6ONDD0aqiT1WDU2ZpGCYCNzVTwPRIgzi4jKU3JYfzjbCTsNd5r5HgvCdt+7nbPT9IHR6bqfrAQk+9ORXn7FVNnTT2yOnfvq8vQ5W1ayr0DiXVTm1yAo9opyn80FEpad8YE3zxsjmB7AnR8XomPXHiQovMmbEr5rXvvXwb0X5mNc4Tl+Ct4W11C8OWAfv77sosEQ98d8rs+25OzYsXjZPvckdA==
+archi.			86400	IN	NSEC	army. NS DS RRSIG NSEC
+archi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l3R/a1odgxx6npPNsuV8zkuSkRQP/zKeLvkUHFtrMHjZG/Cq7oAZV1ygYJK5wcNO77ntsrOMMyqVQt1nDW67qmRk3hlPKfHb4xg0ikqZOB+SAy+seCrK8weX4WZNHk5zedtYIpYm8SJDQfbFOnWNPnav+f/FwPITM7T+XiHkxcMiJGly9QXPWiDJAKfBvi1YgvDn41fnNzfJ493X/NDwqsRBYQRe+ab91DVksozkX084KpXEYNRJKO9UA8xMgHt4ktdOiRYOAH42dhMOzNekJmIziShNfc+DPXBUb6sk2+MfPTNkBhuvlFIF5RWA7/qO5Snf+zWHvLEx4NkruQK63A==
+a0.nic.archi.		172800	IN	A	65.22.84.1
+a0.nic.archi.		172800	IN	AAAA	2a01:8840:52:0:0:0:0:1
+a2.nic.archi.		172800	IN	A	65.22.87.1
+a2.nic.archi.		172800	IN	AAAA	2a01:8840:55:0:0:0:0:1
+b0.nic.archi.		172800	IN	A	65.22.85.1
+b0.nic.archi.		172800	IN	AAAA	2a01:8840:53:0:0:0:0:1
+c0.nic.archi.		172800	IN	A	65.22.86.1
+c0.nic.archi.		172800	IN	AAAA	2a01:8840:54:0:0:0:0:1
+army.			172800	IN	NS	v0n0.nic.army.
+army.			172800	IN	NS	v0n1.nic.army.
+army.			172800	IN	NS	v0n2.nic.army.
+army.			172800	IN	NS	v0n3.nic.army.
+army.			172800	IN	NS	v2n0.nic.army.
+army.			172800	IN	NS	v2n1.nic.army.
+army.			86400	IN	DS	5296 8 2 E3738FDAF25D7707191EB37C73924358896E8D046B8D5DDF4D40664ABE87296B
+army.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PV9MObaRfAn1anrZME1+Hh88WFkA30iHXHYMdz4wYtup56E0mV1zdkvq6+xMGR4HkiDPtDuk1kTtIfXmy0sye153zIFJL8qKi82uVo++JBwyE0PAykgqfjw1kR5q7sofakyZtHE7lGdJuxO/Zck/fGfJiwoKFJqXJ+n4j+s2T21YWlL8mOU3K/L11beXjaRE+jIt7CVNrANRwYqPHI7OhNCOoVuZX6c5K3zsR8D+kl1QoQP598GJMqywYBfC3hj1eYmD26bkMvrdG/EGtKDBoB28BmcWDmYvoSVDqXk6dmZ5APEYzNAYkY/7G6PloVghm5e7JIpk2kQl88WZ7c6lDw==
+army.			86400	IN	NSEC	arpa. NS DS RRSIG NSEC
+army.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XemcixdaAxZoyq73mmC+BBZDoj0iOPcSFk8D7Ynzn1kn0NqdL0cBTS6KsR3aXZhaJMaxx2bx+teZYYNSKKJ80G0KJB9/ep00FauUcoKcGYnrVvnSiIZlrTiwzc7tDtGhkHXevrT0JFjSzrXcWuV1db5G7iOVRwj+sSiOqOz3n3lQA80VZcfLJHLshdmGMWnVfaZbFbgNweBQMFP9/1A+piM7YUZhYLK/0vTjmku9Z+E41/2ArnARFl5eE7sKlshCAdnTEhfU7uJE0s2d96sXJQ8qSFcBhkNKbDsD1EAjybuyBH+5pdDghksLNjAkGlAC4okx41cRChitHsSaVk4QhQ==
+v0n0.nic.army.		172800	IN	A	65.22.28.59
+v0n0.nic.army.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:59
+v0n1.nic.army.		172800	IN	A	65.22.29.59
+v0n1.nic.army.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:59
+v0n2.nic.army.		172800	IN	A	65.22.30.59
+v0n2.nic.army.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:59
+v0n3.nic.army.		172800	IN	A	161.232.14.59
+v0n3.nic.army.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:59
+v2n0.nic.army.		172800	IN	A	65.22.31.59
+v2n0.nic.army.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:59
+v2n1.nic.army.		172800	IN	A	161.232.15.59
+v2n1.nic.army.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:59
+arpa.			172800	IN	NS	a.ns.arpa.
+arpa.			172800	IN	NS	b.ns.arpa.
+arpa.			172800	IN	NS	c.ns.arpa.
+arpa.			172800	IN	NS	d.ns.arpa.
+arpa.			172800	IN	NS	e.ns.arpa.
+arpa.			172800	IN	NS	f.ns.arpa.
+arpa.			172800	IN	NS	g.ns.arpa.
+arpa.			172800	IN	NS	h.ns.arpa.
+arpa.			172800	IN	NS	i.ns.arpa.
+arpa.			172800	IN	NS	k.ns.arpa.
+arpa.			172800	IN	NS	l.ns.arpa.
+arpa.			172800	IN	NS	m.ns.arpa.
+arpa.			86400	IN	DS	42581 8 2 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9
+arpa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D9Fv3PmER8PHZLEvqlSbSO6eKxL/YR1kNZoMeoGBHMUZY87uwxji9YIPISkwxpk9beFJ/xjcXS7F0mpXmwQ8KyBpGeNyvoHhCyyGaR8SGm/YsfObvafVQ2U9glzMiaHr9gnIymajh1uT0TGnuux40bKtTljdgSfmy330TUicK30ZCYJeeGe2JlwKh6KASkgBDvOR/33/UmCVoXorf2vzKiUXgeI74tD91MHhgJVjFFU9K6c6spa05yBaq3BEru4Xki1Ohs3TnhfGRk6l1+hrTM9aK1/W7ZA3AXUGNDaUTtA392B7C27Mm4blyXfUr119UIMhXzgzzUd52NSslEh5ag==
+arpa.			86400	IN	NSEC	art. NS DS RRSIG NSEC
+arpa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fT5gYKKkQ96W9raH2reVsSir/Zl0K1K5JPwgp3hjJxJrbO3EVjsd+jCrTzPg4UhdvPL5yfFQ7MICHGElEL18JUdCa5zjU+8aAsQRfuNOInCgbM5kFRrZWXYC8Ef/zviEo4zbpTFoAaVD3chwUTs8sYhmRwg2m+LF0327zJibymTfYQ/1hF6UHz4QNK9P01wWdKKln6azz42qNpnAn9VF03AG9x3rfnChCgAx1gKgYKgTkxmIx/UHVsNK7jRY7BvoXaSLwXGW3kY2wyKpx+qEbLXgKU3QjR3xT/c0bIKtoonpQz9fkfhIfYm+58AVmmiC8tV+WF5qec5VVPFXkHoLJg==
+a.ns.arpa.		172800	IN	A	198.41.0.4
+a.ns.arpa.		172800	IN	AAAA	2001:503:ba3e:0:0:0:2:30
+b.ns.arpa.		172800	IN	A	199.9.14.201
+b.ns.arpa.		172800	IN	AAAA	2001:500:200:0:0:0:0:b
+c.ns.arpa.		172800	IN	A	192.33.4.12
+c.ns.arpa.		172800	IN	AAAA	2001:500:2:0:0:0:0:c
+d.ns.arpa.		172800	IN	A	199.7.91.13
+d.ns.arpa.		172800	IN	AAAA	2001:500:2d:0:0:0:0:d
+e.ns.arpa.		172800	IN	A	192.203.230.10
+e.ns.arpa.		172800	IN	AAAA	2001:500:a8:0:0:0:0:e
+f.ns.arpa.		172800	IN	A	192.5.5.241
+f.ns.arpa.		172800	IN	AAAA	2001:500:2f:0:0:0:0:f
+g.ns.arpa.		172800	IN	A	192.112.36.4
+g.ns.arpa.		172800	IN	AAAA	2001:500:12:0:0:0:0:d0d
+h.ns.arpa.		172800	IN	A	198.97.190.53
+h.ns.arpa.		172800	IN	AAAA	2001:500:1:0:0:0:0:53
+i.ns.arpa.		172800	IN	A	192.36.148.17
+i.ns.arpa.		172800	IN	AAAA	2001:7fe:0:0:0:0:0:53
+k.ns.arpa.		172800	IN	A	193.0.14.129
+k.ns.arpa.		172800	IN	AAAA	2001:7fd:0:0:0:0:0:1
+l.ns.arpa.		172800	IN	A	199.7.83.42
+l.ns.arpa.		172800	IN	AAAA	2001:500:9f:0:0:0:0:42
+m.ns.arpa.		172800	IN	A	202.12.27.33
+m.ns.arpa.		172800	IN	AAAA	2001:dc3:0:0:0:0:0:35
+art.			172800	IN	NS	a.nic.art.
+art.			172800	IN	NS	b.nic.art.
+art.			172800	IN	NS	c.nic.art.
+art.			172800	IN	NS	d.nic.art.
+art.			86400	IN	DS	29485 8 2 BF041A7EC6CA857F5D85151C66F561DEB9C863B98E05670C345C9CF9ED199AEE
+art.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pnuBnr9QtfIUx5W4UuVRMd1yjVtwaae/nKOYtAyyjGabrR1Q6ZxwzOw/0V91R1WlKHrlBbbd4UCh5HFbb/XZCA79OAIPoEBZ2+JJnN1tWUdIJoYVrN3xrjw9+jTttsC0JkbQMu5ScDZx/3QifzhKBSRfyo5hjn7MjumoECH927qzcqIqFxSTcf56qhAw0AK1OCgpSsnCzhx2l7QBuoj5QfnE2VnjuGqGCLeo8HsQJyP83BEz9574BZQ6/w1sVAe2uywiehDGW0ypSm1HEaTJi9j8mDHPI7ub2EhWDG9ocWyzkuxBJX4kytR9ZeS/pDOynsFzcNUJ/pCLYgpuzm6uIw==
+art.			86400	IN	NSEC	arte. NS DS RRSIG NSEC
+art.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O09zteskJ491hvafcxMWWFBJ56Z8HMgdSGKGXeZsWI4iHgdMT5hrY65mZgZ1T8tOaDYiA9MsvMW5sDNUgCY3we9/BXDxg8ndXgsQIcCyt8HpAKKu/UAFtOZ+EfJat/UlQ65mUTSOf8m66j8iGY9Zgm3fuWpA1buq51we6HG0h81okQc/smYEK2yMCYDtKF3N6R2dOgx6P4jjYkhqhKdJ3Z5ERNHBm7IXkJ/Fjj8dziXo4Hk4RJAEbdFhJW4GqeHEp6iiRqhnI/XuzRRl+LZmg11ahcIQTqHWHpB1sWVHdkFP5NQIyNPWm4cXPw0MUXZCoTa3pNN0hFZqTO9PBXeZ9w==
+a.nic.art.		172800	IN	A	194.169.218.49
+a.nic.art.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:49
+b.nic.art.		172800	IN	A	185.24.64.49
+b.nic.art.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:49
+c.nic.art.		172800	IN	A	212.18.248.49
+c.nic.art.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:49
+d.nic.art.		172800	IN	A	212.18.249.49
+d.nic.art.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:49
+arte.			172800	IN	NS	ac1.nstld.com.
+arte.			172800	IN	NS	ac2.nstld.com.
+arte.			172800	IN	NS	ac3.nstld.com.
+arte.			172800	IN	NS	ac4.nstld.com.
+arte.			86400	IN	DS	46728 8 2 D197248E95610371F7624D79D397037EA5E200E6F338BCCEDF5E93BB68448152
+arte.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jiUQnJcJTSFY+UrgtIuBNwCsNG4Nxx0lsUE3OP3OOWYRRvy7g1fNXJwlCdw6odq1SfiIQZFSjIFMmwNxLwMaYrWZ0krZf+BCt3ZVhBg0u+TVFzvMSzLPdB76eO2F6yNfLWqu6bUGyrBFs26d/0haqaKB5CBYcEVYfX1RE5ttSMx2o4BLum0FIZWTwh0w94MTIYtpEJSHJtq/0ZH/cxcWZz5YcpvpNcA3MSX5jyFmy7CLJvU0K14khUnakWsAW6rhjoK4i3jm028dF9SpgnQhqz34VBFcYh5mRpcH1eUTZXnA+TOsEbw40zmcfc9V3lAwfgSjebUnQbqECGAsuq8jUg==
+arte.			86400	IN	NSEC	as. NS DS RRSIG NSEC
+arte.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pLbahetmFnRP63MaB2lXjedoqVe3tc54v++WeWf3GlXRvTZdaZHtDlhKsGCOmHzyNwjNGY2BwZMjWsRS4VjhEiCTmmHSHRNjQUd4TRdH3MgWDZQ3RqH/rAthe+4rl8iCNBvCWhmg3eOG6TmOaburaVuptswH/B1H/gPuqUJ5fy4bEX4hIftsLiuIeYJEY4tusdnIfA5Aa57oT4bm7DA1rtC4EyZWJK/1BVor7hiUT3xcgr6QNyHpesTGWwneYGEaGK2JK3fPfoftjLyJ/M+KXVjZdaj/Oy/mygyQklfJ/+comYgwqznLl9Ynw6bYniTL5ejQN2PJ5cQgl3GRzl8kLQ==
+as.			172800	IN	NS	ns1.asnic.biz.
+as.			172800	IN	NS	ns2.asnic.info.
+as.			172800	IN	NS	ns3.asnic.org.
+as.			172800	IN	NS	ns4.asnic.uk.
+as.			172800	IN	NS	ns5.asnic.us.
+as.			172800	IN	NS	pch.nic.as.
+as.			86400	IN	NSEC	asda. NS RRSIG NSEC
+as.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0WtnyhpMLhhSY86WIhkML8St11yE8SiN3OsORhUkJwPVy8Im6w6h/ds1LvLiK0oCt8ql1fM1zihuRu9WnRHnFFQiLgF4hWX8qIPMWj3UOlT7QBvTgHdWNQhGh1cbsYztwweRUt5NnJfv0xlYNedaWZFJRjOJmdfEtl+9hYryaF9dmqn+FYrd6qhqmWBOcuthTRuA6PjntKXXtASA0WvuX7FqGd79/V+3ctSznjE/lEhhkUnLLtebMlIt3AOnUtWt0nAYDupdPUd/mUUJmlE2J8v3Z3HQy9JfAVOjlcpNDhprjidveqdK81h1c+fVTH9djAwszRl/xyY+CjBizwjffg==
+pch.nic.as.		172800	IN	A	204.61.216.111
+pch.nic.as.		172800	IN	AAAA	2001:500:14:6111:ad:0:0:1
+asda.			172800	IN	NS	a0.nic.asda.
+asda.			172800	IN	NS	a2.nic.asda.
+asda.			172800	IN	NS	b0.nic.asda.
+asda.			172800	IN	NS	c0.nic.asda.
+asda.			86400	IN	DS	26782 8 2 DEA162D88DB4BF889A745FF70CC6D0E56245350E4AECDDB262CDB1A0663347DF
+asda.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rTisS/UP65cjpxtuEWnTF2bVGbbWZ8iKYh6MVnB8+zL9UUzdpZlQSAA2bOeZV5SJhdplIROU5I2sKqRk0ZbUAZh2V46oKIMRG/125Lt9p6HNogBl1TMhFZBDR0nV6zZuMDfmp9msOk9g1dRgRWqOZLc/dlZCESpP2HUsOOQ0BrIHnXUaXQvloFNfgyvTj+aZxx6kCyDJxa8fdAKLBKzRp/rLHh2o5zj1L1oA+EGF2O1QH3XuhVsRO1IhT9WkF0XtHgrIDq1at/rSVZc86tZml7Ofm36Hrleg7Oqk/nnwPM1sgc5rxQ61y/3bLtPybwVk4Rl2FI8Rj9R1tgg2oVF8Fg==
+asda.			86400	IN	NSEC	asia. NS DS RRSIG NSEC
+asda.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m7H4S5wJH922IC7Hf4J0TgoKc74Kem8Ips69azGmEEFeyBrER2KGJrMuiJ9+0E5Rooxi6NhdApW0Uqigb0XtGL7CpNXKzBI+rjoMn7Qs8LbwYLIlTgGOSUOP3Pfiy9dpHEMjdmOUykTF0TgjEUNMktFDtelGOwQpZHe/FVVpHU28WZ/c9q0kvbBcU9PJ2CCFO05WrScW58gdeP6+cY5WUTMsDUX3CV1IlKgS42fgAUDW/38ILkiYwf/hUqgCkp1osLIK4cQIjC4D1W3bjextJa7MqeJXqcI6r6MIpiAQ7V21H/QsrOv2o6wYO0rTfhO1ChUp7xwn0BTiA98DkTabQQ==
+a0.nic.asda.		172800	IN	A	65.22.112.43
+a0.nic.asda.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:43
+a2.nic.asda.		172800	IN	A	65.22.115.43
+a2.nic.asda.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:43
+b0.nic.asda.		172800	IN	A	65.22.113.43
+b0.nic.asda.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:43
+c0.nic.asda.		172800	IN	A	65.22.114.43
+c0.nic.asda.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:43
+asia.			172800	IN	NS	a0.asia.afilias-nst.info.
+asia.			172800	IN	NS	a2.asia.afilias-nst.info.
+asia.			172800	IN	NS	b0.asia.afilias-nst.asia.
+asia.			172800	IN	NS	b2.asia.afilias-nst.org.
+asia.			172800	IN	NS	c0.asia.afilias-nst.info.
+asia.			172800	IN	NS	d0.asia.afilias-nst.asia.
+asia.			86400	IN	DS	23407 8 2 0F51A4E5EF96B66C2078F7735B41860C83DA0746DDDA1A1B2B893AB056B3058C
+asia.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l8tSy6DZtneA4jzuXWWUCL2jhus3vY1k0/iG2OZa1baR7wJuVdLIrJQv/kQ6rYScE2NMskAJnVPhcAvlCU+iBKkaKAsNeLgKLhdBmDJxx9EncC981WxSRTIN290bWBeFi+F61+aruwNGVIKJdlxm69vGHkfSZLjpKHQ3BkHduYL0sCMtZ+5WJvQvuS+PLIoL0UAwX04ovxibv39r+s00L8eS2K0p1XCmtZd/5cHbgxKVB0Cp+3ejGZ9gyvooPcu7t1v9LOzGcFzFxicimKr6w3NwDJ8hWRDKYJtVM+ey7pnqjzvFBL+k1IEwhst2YFxySMwhfK2FS594X5CqnScHjA==
+asia.			86400	IN	NSEC	associates. NS DS RRSIG NSEC
+asia.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0TEwQDSmxGKDr4xRpilZEJkx9ymtg3C+xsMRcTAUk9RIzY2KL7rKWeB0ecctiEIXv77STEE6zbQUgdU9v87d6xeBKlxsBIv/a0x+mWoKm94eb3xIQ9+Pf48gLXp4ECbnDdVx5BDHsoQAOMdZujzHyMcDLOQnEJHZidqcrW4vAmQR9EJxZ6NIURTWWLkN53HBfVjdSi83uyjFOINwSWr84OeaXGHI2iE74oa3oCgWLYezbei6M9IivvYkFPRrr1Tp4ioCh68tYN3OpH0BSvmk7KcNxkhXsm2dqO6XcjeeUuWhD6ldIAjWJcB0yxd4I0NX/95O3YNAKOgg6wBFN+wjNA==
+b0.asia.afilias-nst.asia.	172800	IN	A	199.254.28.1
+b0.asia.afilias-nst.asia.	172800	IN	AAAA	2001:500:16:0:0:0:0:1
+d0.asia.afilias-nst.asia.	172800	IN	A	199.254.30.1
+d0.asia.afilias-nst.asia.	172800	IN	AAAA	2001:500:18:0:0:0:0:1
+associates.		172800	IN	NS	v0n0.nic.associates.
+associates.		172800	IN	NS	v0n1.nic.associates.
+associates.		172800	IN	NS	v0n2.nic.associates.
+associates.		172800	IN	NS	v0n3.nic.associates.
+associates.		172800	IN	NS	v2n0.nic.associates.
+associates.		172800	IN	NS	v2n1.nic.associates.
+associates.		86400	IN	DS	51694 8 2 B92F8F575097B95AB00AF8DE35F962205DDD4BC0662B1DD212B5D062D679D338
+associates.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . js4tNJ66VNPblF8XHybPW0dMuetJjWd3mTFtClmAW6AMxGVKcl1m05JyhzzTuXMeA7hQSVu12Qg2+3Oa9G1pISDIo/PdgblM3YkeWy6XE8goPP3p1sQoZX2uUuWTvaSBzA4b0/vt9XViqegfTVlbj8YocNu+S6WJ66gqXWbALo5RIfw5iuIZt6e8lr3DtzjZdoAaTlZAhR39/nTmjYISwbLP5Bi8EugfJA3Vc5OOuygKnzemChpYcLKdP1gYgc5oPu2pMNusut47UzVhaP0QAhRxot1EjCpZ5JR+ai0NMwmsx+3Pc98tpgWm0QKGvyWcU+7Jms2p3zKvEgI+/vvOwg==
+associates.		86400	IN	NSEC	at. NS DS RRSIG NSEC
+associates.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . n5eB8BbdVfGQEJHPY+JLjWBUR4fKAEQry3AJK0yceIoBgbVVwpuRVLNlf4GIHKWz0MxLYcctSoLqP73SJ6y/HesJUmhy4OnM9Z6hLy8xZRcjzOB2f0V1mfeCkmdTjI6t5On3S/a0uGLisnJnpjhMfPfn2rmrHSRfHA1Lcu+P//ENFNkDQS7YOOUhoW6SThfevYWiMS7jNlmB81V7XkJ2JModJelKmLRKfzGAE+6ADjAal0kEOx7Kh7FI7AKIOVCnW5BCuzeg3jcU4I+DTmOhO08zgjY8rUxUYkgBAMXbkLFvKq9tXFtFF9BQkQEAneAlBBOF3NrG1WGw/HWDdzn+3g==
+v0n0.nic.associates.	172800	IN	A	65.22.28.27
+v0n0.nic.associates.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:27
+v0n1.nic.associates.	172800	IN	A	65.22.29.27
+v0n1.nic.associates.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:27
+v0n2.nic.associates.	172800	IN	A	65.22.30.27
+v0n2.nic.associates.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:27
+v0n3.nic.associates.	172800	IN	A	161.232.14.27
+v0n3.nic.associates.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:27
+v2n0.nic.associates.	172800	IN	A	65.22.31.27
+v2n0.nic.associates.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:27
+v2n1.nic.associates.	172800	IN	A	161.232.15.27
+v2n1.nic.associates.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:27
+at.			172800	IN	NS	d.ns.at.
+at.			172800	IN	NS	j.ns.at.
+at.			172800	IN	NS	n.ns.at.
+at.			172800	IN	NS	r.ns.at.
+at.			172800	IN	NS	u.ns.at.
+at.			172800	IN	NS	ns1.univie.ac.at.
+at.			172800	IN	NS	ns2.univie.ac.at.
+at.			172800	IN	NS	ns9.univie.ac.at.
+at.			86400	IN	DS	1253 13 2 BA17C1BACB3FB49F7760AD1F7E71E17AB39EE0DF3E9D3BF23FD3D70D6CF1719E
+at.			86400	IN	DS	18942 13 2 AE5F0BD73C8F48F3D55CDC4070F9407873176C364DE4BC92BF96887685E6E55F
+at.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GbOcVb7zPH6EfRjNEfEs3L2DYocIM1EyKni2ak2xkad9FW+06ICLC6eNwyPg3riwRaIAqfeL2CxM3PmnnYf3Lu/6OvBTngma7dMtoWR2dUjfkjxDye+GwF8af7FmZQHqQJZ/iX7nR5iOfdGRRt56VxEZp6jgok8/OimxBlAHc7sVRuVNAsAMLPN72IPzuoRnbsKL0XsbmPU6OiOSF30scPOlO/cnIBeZ+COXqbp+ELT7/KYWAkMXeSLa0P9UsJ/6f1afThFt3YznQ1luK6be5zhEsSthRUx5bQ/sKezkKGZKguiENO+q6EOE8cW8/H/7SQlQn+mhg6PJvJASvUXp1g==
+at.			86400	IN	NSEC	athleta. NS DS RRSIG NSEC
+at.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . B/ut3h5/Wqpx5p3aEAKuYcWGaR7BMoLGW1Tyy440sNLAkIWfLdCgl5RHOQYQ7WiNxa7UUjM2XusiH0sWY1x0bt2oCu4EO0kFWIgFKEh4cUnCkkmJ6W4xVCJA1TryPjy8/PWr0xLUuWOvjPHEXueqjqzSLku7LEnRDu9p5MC4hyaDO764Xy1q/fM89+R4qXb2R2B83S7l4uZjxWfWBBsmlcpxwsby92SctkSt5MSuRaYnvopAjdy/Hvu5vMvyZEiCj4m6ld2EwlVSM4xooeSRe7hM8r6V3F+7pjn67oSm1+RJtyS4aP3oGxgXyDYIy5za3nhoXZBKbFOG1B7fE+E9gA==
+dns-mk.univie.ac.at.	172800	IN	A	78.104.145.4
+dns-mk.univie.ac.at.	172800	IN	AAAA	2001:628:453:bb:0:0:0:4
+ns1.univie.ac.at.	172800	IN	A	78.104.144.2
+ns1.univie.ac.at.	172800	IN	AAAA	2001:628:2030:4301:0:0:0:2
+ns2.univie.ac.at.	172800	IN	A	192.92.125.2
+ns2.univie.ac.at.	172800	IN	AAAA	2001:678:1c:0:0:0:0:2
+ns5.univie.ac.at.	172800	IN	A	193.171.255.77
+ns5.univie.ac.at.	172800	IN	AAAA	2001:628:453:4305:0:0:0:53
+ns9.univie.ac.at.	172800	IN	A	194.0.10.100
+ns9.univie.ac.at.	172800	IN	AAAA	2001:678:d:0:0:0:0:cafe
+d.ns.at.		172800	IN	A	81.91.161.98
+d.ns.at.		172800	IN	AAAA	2a02:568:20:1:0:0:0:d
+j.ns.at.		172800	IN	A	194.146.106.50
+j.ns.at.		172800	IN	AAAA	2001:67c:1010:12:0:0:0:53
+n.ns.at.		172800	IN	A	81.91.173.130
+n.ns.at.		172800	IN	AAAA	2a02:568:281:0:0:0:0:130
+r.ns.at.		172800	IN	A	194.0.25.10
+r.ns.at.		172800	IN	AAAA	2001:678:20:0:0:0:0:10
+u.ns.at.		172800	IN	A	185.102.12.2
+u.ns.at.		172800	IN	AAAA	2a02:850:ffff:0:0:0:0:2
+athleta.		172800	IN	NS	a.nic.athleta.
+athleta.		172800	IN	NS	b.nic.athleta.
+athleta.		172800	IN	NS	c.nic.athleta.
+athleta.		172800	IN	NS	ns1.dns.nic.athleta.
+athleta.		172800	IN	NS	ns2.dns.nic.athleta.
+athleta.		172800	IN	NS	ns3.dns.nic.athleta.
+athleta.		86400	IN	DS	14776 8 2 CC5CE98FE2C8EBB8DA9B7CEF6EFAE743B1B92A8B60D276C42510FD7C55177632
+athleta.		86400	IN	DS	24775 8 2 27E604906E1205089032C4CF28BC8E12C35D6DD3C1D5FE612EF5FAE0AA5AC6BA
+athleta.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FhaRqA8G7PscyoFXamGsU5UHiv6yHmj9DOkRnG7QysenyGYwCoP4+rLFN8xhznG8xC7yN3BnqDau770bjYZP63mGA64oNpF03L+yf2spIe6WyATjC2a/CBUU5cAewGfDJ9iuXg4Z8G54+COXymUNV3cIbbES+CfzVCvDV4WUYNVRxJzEhc+TEao+wu5hdjsvO/JCNab2waF8G5Q8mAHQuAtakN6BYBdf6EPYdXeRhRi5EHsVcxOyct+h+hq6kkHVgm3Vp1V9NWlX6v7bcM6qIuD7bip89qOGeNRrRHaDePyAkZIvewxV4Unb4CrfTz17kY/hXMGFdnfJ1nweBGpgBw==
+athleta.		86400	IN	NSEC	attorney. NS DS RRSIG NSEC
+athleta.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bl0ZxPfCR7/4VLVGguQcI34jdZWQCF6X+sQGMIbfis5dR67g+DyRkBS8oZsItyXs7Yeq0GA0WUCjNCFKwN0Z3Dtb43cZ2eQpzgXOIwZX22jI6BBnHY5k5Jk+0EXNa6e8On9IAVy4M9WpBBFVh9xOC/Z48FCg7URMvD6ui2JYyVD1LDsu3xbflbE2LdgHLE1xo0tlQqQPZ0gIK1M41o+xunv2FjIwpIGRPg4MFacDDMjuvi+faMXeOwedmbLzm+zkTa6MJ5xDahI+3iNt4Z28MSWrfw3Q4NnSal0p0cBhwIrUhLSVuDEE8vDl7QX6zwI6VugxoZv3Dv1nre4IDGHtvg==
+a.nic.athleta.		172800	IN	A	37.209.192.9
+a.nic.athleta.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.athleta.		172800	IN	A	37.209.194.9
+b.nic.athleta.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.athleta.		172800	IN	A	37.209.196.9
+c.nic.athleta.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.athleta.	172800	IN	A	156.154.144.16
+ns1.dns.nic.athleta.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:10
+ns2.dns.nic.athleta.	172800	IN	A	156.154.145.16
+ns2.dns.nic.athleta.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:10
+ns3.dns.nic.athleta.	172800	IN	A	156.154.159.16
+ns3.dns.nic.athleta.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:10
+attorney.		172800	IN	NS	v0n0.nic.attorney.
+attorney.		172800	IN	NS	v0n1.nic.attorney.
+attorney.		172800	IN	NS	v0n2.nic.attorney.
+attorney.		172800	IN	NS	v0n3.nic.attorney.
+attorney.		172800	IN	NS	v2n0.nic.attorney.
+attorney.		172800	IN	NS	v2n1.nic.attorney.
+attorney.		86400	IN	DS	37909 8 2 C4A297804CE08F6EC8BDB6EBDC8C0907DA680A9FEB90555AC0B6BB8F38026CE4
+attorney.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x9VBPtwmqcoBOdJiVo1WsGMwiy35xGJvey/Vh1+qVxBB3OWeuaZ1h8sGVNTXKg+zEIbgULzlgSao6VjbV3bt/o1l3Rx48tlFQEcfD1nFMTuGJLkh/qd9UE+fXMoL3exGIks0gh3mx04izgoJwINCMdmkjqirnvtKejrCL3d5foi9zqp8ey6/XZ9uVVqfZS55PLTPHb/sbUCca1xbbzn7GQvzkf/3FRzSuyHe2Z0Jnf69sfdBIuT4koAiU4IaRKhPN2UbYXWySd0nf07qrDZCE5LFI79HYITaFTvY++2m4tpWNzvejjHdn+BYyeCQAhv2HEAmIfuIIEX8QMban87Dtg==
+attorney.		86400	IN	NSEC	au. NS DS RRSIG NSEC
+attorney.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zu/Y5APWeZrp8WKkEeqEefhPQl62/8pG0aVfvxK5ywkHJqAPi03FvOgmp2/mYu09OMVz8K4eY4rWu8TWGgixlhZgh6pzuDeccyCTyRc76qLn+Srfe1sbsfLJwT4MKOs6zpZnxDHNKyBKNAnnkBHqeNrAweO1BZhAETUNXcqZ9yFCuszfvc8dW+n3/PbIn3pNocQbAywe3N8uFZLrWQ72pSHgIA+79fk0zMz4x2W7hz3pQUlUqV+3aAX5ft2j3Xq0bJue2QMKeiLEWlTXIshVPD0uOHrPfpjw8sSgUI1aZrhpsnl99F5aw60FZyt8X+Zn7JaEMK+Fl40JcvQbEW5DJw==
+v0n0.nic.attorney.	172800	IN	A	65.22.20.20
+v0n0.nic.attorney.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:20
+v0n1.nic.attorney.	172800	IN	A	65.22.21.20
+v0n1.nic.attorney.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:20
+v0n2.nic.attorney.	172800	IN	A	65.22.22.20
+v0n2.nic.attorney.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:20
+v0n3.nic.attorney.	172800	IN	A	161.232.10.20
+v0n3.nic.attorney.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:20
+v2n0.nic.attorney.	172800	IN	A	65.22.23.20
+v2n0.nic.attorney.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:20
+v2n1.nic.attorney.	172800	IN	A	161.232.11.20
+v2n1.nic.attorney.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:20
+au.			172800	IN	NS	q.au.
+au.			172800	IN	NS	r.au.
+au.			172800	IN	NS	s.au.
+au.			172800	IN	NS	t.au.
+au.			86400	IN	DS	51895 8 2 6C7D509BD4DF32AF255FF847152B7B00316AC0BA44B853B3C9F9C7119AAA599C
+au.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UIJ84AbJn0R7Jk1Chx8FSCng0wrJf8mZBXbwNTe75YslxUSD07LVWy9ZUFs2PqLf1GueQGme2r+u9bpIQ8JDoP7cN9qt/NBCPdMhSMaoG7eNsrCFzoOKXD5mvoYjreCUGRoUVjPQgd6lCLgSLpPZ1nrc2INc07PhW5s34l4NhEszHEtyIIW9hnUhGcuOthPZN3AJ4FukE1yQksNxWR0kQcuNiKVdzW/hCvEjSKEROJNRIVUedre0dOxZdp0uaLNG9K+YzP2t7Uvqfartd8/ZB1Fz81SGBS8vpO9SA52A487hi5Qi85I+hxnD6SuPSJ9NlA1AQ4/XDMP6tXdtwYg6nQ==
+au.			86400	IN	NSEC	auction. NS DS RRSIG NSEC
+au.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RWeiNaOuY3K3//KdqUZcnrZO7qt84I/Y3OY2XVeRtz8bdlTzMVlIZBm6nsojFri2AezTyhGxZ4OzoAbOdwLugLKFr0JveqPNz+UEcRFNMflqasb9v7SE7D5fZhcPwUO9tyuOEd4LAKbZB4hYciGcnN2N1AziV/+rAXZkqbC0SBLDCFASWcABObG7woCOm6nmNzCi+u8iUWso3lBJE7CI0zUfQwBqtwMY6xlB+SKtcYOTeE0h9nmuzTgCb6yqEuWLF27pu/rC2H5MqyhxcRInvLweDo08/I11n/D2l9eYMwaIxfQxA8FLRQHEhdzhRAtrRteIy3eHniP+VlGbsVC+SQ==
+cctld.alpha.aridns.net.au.	172800	IN	A	37.209.192.6
+cctld.alpha.aridns.net.au.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:6
+gtld.alpha.aridns.net.au.	172800	IN	A	37.209.192.10
+gtld.alpha.aridns.net.au.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+cctld.beta.aridns.net.au.	172800	IN	A	37.209.194.6
+cctld.beta.aridns.net.au.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:6
+gtld.beta.aridns.net.au.	172800	IN	A	37.209.194.10
+gtld.beta.aridns.net.au.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+cctld.delta.aridns.net.au.	172800	IN	A	37.209.198.6
+cctld.delta.aridns.net.au.	172800	IN	AAAA	2001:dcd:4:0:0:0:0:6
+gtld.delta.aridns.net.au.	172800	IN	A	37.209.198.10
+gtld.delta.aridns.net.au.	172800	IN	AAAA	2001:dcd:4:0:0:0:0:10
+cctld.gamma.aridns.net.au.	172800	IN	A	37.209.196.6
+cctld.gamma.aridns.net.au.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:6
+gtld.gamma.aridns.net.au.	172800	IN	A	37.209.196.10
+gtld.gamma.aridns.net.au.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+munnari.oz.au.		172800	IN	A	202.29.151.3
+munnari.oz.au.		172800	IN	AAAA	2001:3c8:9007:1:0:0:0:21
+munnari.oz.au.		172800	IN	AAAA	2001:3c8:9009:181:0:0:0:2
+q.au.			172800	IN	A	65.22.196.1
+q.au.			172800	IN	AAAA	2a01:8840:be:0:0:0:0:1
+r.au.			172800	IN	A	65.22.197.1
+r.au.			172800	IN	AAAA	2a01:8840:bf:0:0:0:0:1
+s.au.			172800	IN	A	65.22.198.1
+s.au.			172800	IN	AAAA	2a01:8840:c0:0:0:0:0:1
+t.au.			172800	IN	A	65.22.199.1
+t.au.			172800	IN	AAAA	2a01:8840:c1:0:0:0:0:1
+auction.		172800	IN	NS	v0n0.nic.auction.
+auction.		172800	IN	NS	v0n1.nic.auction.
+auction.		172800	IN	NS	v0n2.nic.auction.
+auction.		172800	IN	NS	v0n3.nic.auction.
+auction.		172800	IN	NS	v2n0.nic.auction.
+auction.		172800	IN	NS	v2n1.nic.auction.
+auction.		86400	IN	DS	28861 8 2 A36871C0FBDE1696E659A812BE9CA47A2B140C26BDBD84C61C6BA3A25175A2FD
+auction.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kz7tULZoOCSWsVE0dMMgbxjRrJsoaUbF+VP+pYYvB+f8PAVAaxZy6bR5QG9QAz4zHj4bL8OPucn/GS7G4GKMSed6ksAjASG8xEVIrPU7yCSZ14XAyhnwrn5Ulg5dMnyiTZBRP9B29ijJwhsG2+sIjw2c9lxwPFz4kz7SyhBr8KLUt16ivSnG9F7TeiBMZO5HKej57aAWYNHnGb2/rxrZTYc14yniS217v7pP8L3VBv2XXlPOICYhEBEI6fytWodzfDu+YytjVhGPtr4+YdZggdkqyuhc62oCxE/baLKTc00gS2cX3xUOhqZsa8nmPrwHL1U8CD5ucqDvFHHU5e+kbw==
+auction.		86400	IN	NSEC	audi. NS DS RRSIG NSEC
+auction.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hp3iNi6TdCb9yZFut/mp+sXWfA5ZZ7k3ojb9tNT6L8X/Z2wkz48wcgb1xptaQulUk3vG2CIj8Jak0tkxW/ZzWUBw96kRsWXdf2mkPriaYy2Rpq9nsQEq1adxTFSGUrs0UDCEURsYtbSrSSUtkBzfZ89OYEEugrSHxSsy6jIlfyVE4rUJQdLcMs0x0afg5z36J7ZqJ5CNyu6n4x3MOlDMsgbM0X4G5PGb9mFCZf9qNuPdfpxEnjV5MioJCn/V4f2jWJ59LtJnQrGxUHcp1/iQAzmMVjFyy3p8Qjcr6GUECoUQbaNyxHx4Ql+TbuRVtF6UBOdo/Tde5s+058kemq65nw==
+v0n0.nic.auction.	172800	IN	A	65.22.32.55
+v0n0.nic.auction.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:55
+v0n1.nic.auction.	172800	IN	A	65.22.33.55
+v0n1.nic.auction.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:55
+v0n2.nic.auction.	172800	IN	A	65.22.34.55
+v0n2.nic.auction.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:55
+v0n3.nic.auction.	172800	IN	A	161.232.16.55
+v0n3.nic.auction.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:55
+v2n0.nic.auction.	172800	IN	A	65.22.35.55
+v2n0.nic.auction.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:55
+v2n1.nic.auction.	172800	IN	A	161.232.17.55
+v2n1.nic.auction.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:55
+audi.			172800	IN	NS	a0.nic.audi.
+audi.			172800	IN	NS	a2.nic.audi.
+audi.			172800	IN	NS	b0.nic.audi.
+audi.			172800	IN	NS	c0.nic.audi.
+audi.			86400	IN	DS	47809 8 2 AA1FA212D47D097669F357C0C70ED8BE45EDCD5BA04D951F4ED9F9A260476FCA
+audi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JPluo65RbWWW2ShWedujCpgfYelPa9/waIA+JKQR7aosQUfxMT3vTmpytg0ZhW+6amV7LbNu6oo9/DEy3NAD2f5SQDTmF90wU1gVM1++4OJNrvNHVGCZY48cqgEWMJlJJ9nExvOTkaVbE3CDAPRJDW+NFgJh/9i2thIYpNJ5THYN6wb27yfI3aX5W1PDQPZ3Tie26XlAGcroVsT+d19V4vt8omQ0HnuNPEFX0UHZfVtdlLQJD/X1Uu1O5DQCbhnOryOeRMKwDlEcyQddFhqx3kQUgxgXP+95AFcpw8dzxfNjeiFG5pnkx3fDTDZUKU9wfP6d/QfCqzsB0AkIXh/7/w==
+audi.			86400	IN	NSEC	audible. NS DS RRSIG NSEC
+audi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XzVxRvjdj67hDIIsZa63bd3zDcCLn1JoC2gf5Te5ipAVEfR0DW2NiMFiGU3bx3Vs03Tq7O6olQLAwO3x9u2fBZrh9eu2AtokIlbPzjHS+6he7XKZNfTIlWXDen3Ll+N+Duq4PvkYp6dpeYhXbY+ERda5vYDuGLEu+S8d4TveD0bu/U5LEVJZvojSk4npy8Tey2uQnEmVfJLmJfmzLCv2Z62tu0NuSq4zbWAWwm0q0f3UrcqI4NXF5MS8MsvGGDg4tAINxABI3PdDzgWcnwMZuU3EJg4mbvfuZmzBLwl7fE2PJxSLeXftmDmrGDw/4hIWAol0bWb/j412c5EGEB5ojQ==
+a0.nic.audi.		172800	IN	A	65.22.208.17
+a0.nic.audi.		172800	IN	AAAA	2a01:8840:ca:0:0:0:0:17
+a2.nic.audi.		172800	IN	A	65.22.211.17
+a2.nic.audi.		172800	IN	AAAA	2a01:8840:cd:0:0:0:0:17
+b0.nic.audi.		172800	IN	A	65.22.209.17
+b0.nic.audi.		172800	IN	AAAA	2a01:8840:cb:0:0:0:0:17
+c0.nic.audi.		172800	IN	A	65.22.210.17
+c0.nic.audi.		172800	IN	AAAA	2a01:8840:cc:0:0:0:0:17
+audible.		172800	IN	NS	dns1.nic.audible.
+audible.		172800	IN	NS	dns2.nic.audible.
+audible.		172800	IN	NS	dns3.nic.audible.
+audible.		172800	IN	NS	dns4.nic.audible.
+audible.		172800	IN	NS	dnsa.nic.audible.
+audible.		172800	IN	NS	dnsb.nic.audible.
+audible.		172800	IN	NS	dnsc.nic.audible.
+audible.		172800	IN	NS	dnsd.nic.audible.
+audible.		86400	IN	DS	14606 8 2 616BFE32B134D3ADA721660AEB86F2065FF600A1511530F3180F4F2E89588913
+audible.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ymen/TRNOzuldUzRcqFTSzPWKRdHzlqMwur19i1GQG8Tcv5/8OX9eQ+KbbhXrCeCSiZHkU2/spjLOb7PDaXJs3trusgFYpV0GE73ydYAl9lidXMT6NPmlONlMq2SvK9QKgfaSauWuCgOqef5xUHwu99NRc0lsGaariLWM76l1mLqDNj2Q/ld0WVBTtPkmgGXhKLaFe7nP2KaG2b/O9dvECFVooT4sxhJAIz37D0ml9hm+m8SyC+ygMi2eVJkhJVZ//aDtfCmv+vmFgaZaX5fy6DKXMisfWIWOXmZ7pg/un4A6HvmrWoiwQ0zLMxX+5w1sfu2bZl1m+fwFZGkedwotw==
+audible.		86400	IN	NSEC	audio. NS DS RRSIG NSEC
+audible.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dwRr6fqsDF+hTchL480CAQ0emYZpIYUzshOPwgLyE110ISVVkMLVSCD4XZ5sJ4GEKduvGR94mtQD3PM2N/R7LpuJoL/x2TIuZkygVqW0j4OsmB/OJxRzdEsCl6vZKB24Lu7WOBe1TR5EXG3ZSmpyaB5LAOOQQVSBAWazbQyvbVKfI35zx7KpzVT41CFJ7UhwJoyRaCRQMcdxDcG81lqWyVDLWBZTAXr5Q4aocQlqVqDzkw1+6wIo/mHEoOTY5ksvx/ATZNNs4q433rWrysq2kNdfYujtK7oseZSagmv4EjEpwFBTqveabe/fxQfR01CwjN7bjZec3Rdq8LHKmCkavg==
+dns1.nic.audible.	172800	IN	A	213.248.218.56
+dns1.nic.audible.	172800	IN	AAAA	2a01:618:402:0:0:0:0:56
+dns2.nic.audible.	172800	IN	A	103.49.82.56
+dns2.nic.audible.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:56
+dns3.nic.audible.	172800	IN	A	213.248.222.56
+dns3.nic.audible.	172800	IN	AAAA	2a01:618:406:0:0:0:0:56
+dns4.nic.audible.	172800	IN	A	43.230.50.56
+dns4.nic.audible.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:56
+dnsa.nic.audible.	172800	IN	A	156.154.100.3
+dnsa.nic.audible.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.audible.	172800	IN	A	156.154.101.3
+dnsb.nic.audible.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.audible.	172800	IN	A	156.154.102.3
+dnsc.nic.audible.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.audible.	172800	IN	A	156.154.103.3
+dnsd.nic.audible.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+audio.			172800	IN	NS	a.nic.audio.
+audio.			172800	IN	NS	b.nic.audio.
+audio.			172800	IN	NS	c.nic.audio.
+audio.			172800	IN	NS	d.nic.audio.
+audio.			86400	IN	DS	10807 5 1 A8743F3C50BF77807EF5713D614F4CF1C0567F95
+audio.			86400	IN	DS	10807 5 2 859C5604B1A595B5E139D2904314E6E5EEE152ACE825A74ECA32A3E1290F178C
+audio.			86400	IN	DS	20191 5 1 BB72622C591C9F739AF49C13EEDB7F2796CBC8FB
+audio.			86400	IN	DS	20191 5 2 775C07F584233B85606AC3874441C97AD1AF7F144D3E9F0FD779F1E064E49316
+audio.			86400	IN	DS	49027 5 1 F2611084038A67137A2A8EF584402BAD64EE365D
+audio.			86400	IN	DS	49027 5 2 5679B4ABDCC3A065FE7FDDDCF8AD1D7EBE22323D758ABC315AB4D4D8B49CF684
+audio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Bcq1koH3Cj+6mjWDs+3Ky/EGTVJ/PgAdfiRkYp8moMVTNcJn0FwcafjgR2WjNpBeB+iQ58HhAhaNgC4Q0nvufwO3vBtCg0O4N6x3qhATl48C3ZvtDkNqCLo6m1h94Nj+5hyY9pP8E4tTMT24G/gbQmrM6O1QDVJPx72S6d9V98Y0W33NZsvb+LshKhgmJzx1Ixfh9/ndC3Of/QouEt8tzRw4gapCcb79sEjO3JhCyOm/FnT8Of82maMcLBG9JF8+h1EZV1zFbHYPGbUBIEtjGn6wqZlHfvDzvZe/0NrnkkNLGsonPxyOU77LLTiwi+VxHRJFnV2rmo7aS63rUr9YxA==
+audio.			86400	IN	NSEC	auspost. NS DS RRSIG NSEC
+audio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wUcWt1A0b+M2UcO5akaK5a021hl0CSUIDcCIglFE95mSHpTfsoVRl6zfA+uT3LMVFKfzMGDh7s4/NuQhFnSSebVRBdM9W1aHen2mRhziN/VY5p/2fxD6drOrnuMSMvZENDgwmTlb/KOGTsdfOKnNrt6v7k47Juvintu5gY4gzQhSEGPxRcxDnTTjnf6NyLqiWlGMnm4FhBHQEd613SgRWLNiP4eJi6F9div8EErmJREeBGbs/aLbUG9birZ3ypVc2vqiOweCfTLGrTTsfDsi0N4ZsmgJfY3yAUCmOIAPkfGhsFcWxhaZa/S6T7mPFTg0gaq64BFyUkV+zQK5qdvfXg==
+a.nic.audio.		172800	IN	A	194.169.218.150
+a.nic.audio.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:150
+b.nic.audio.		172800	IN	A	185.24.64.150
+b.nic.audio.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:150
+c.nic.audio.		172800	IN	A	212.18.248.150
+c.nic.audio.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:150
+d.nic.audio.		172800	IN	A	212.18.249.150
+d.nic.audio.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:150
+auspost.		172800	IN	NS	a.nic.auspost.
+auspost.		172800	IN	NS	b.nic.auspost.
+auspost.		172800	IN	NS	c.nic.auspost.
+auspost.		172800	IN	NS	x.nic.auspost.
+auspost.		172800	IN	NS	y.nic.auspost.
+auspost.		172800	IN	NS	z.nic.auspost.
+auspost.		86400	IN	DS	23341 8 2 CDCE581A5B4B9280A865FC7BD798572016629E0B4C56CAC1A3FCCEFB0D4329A2
+auspost.		86400	IN	DS	50557 8 2 8631F3B3DAA56F69E46A0513AE0BA9943A0992A664A7EBC25C2A4E8792C5DF83
+auspost.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BBTtra94Ff4RVwDzAC92wnlgsZ/Z7bBKfSZTINU7cv6SeiTG/zuIu5cNYDqgYc+bBerbZKxYUlrmSg/gR+YpUtOSbFn37/lZo+QCdsEyc0JBU1KavjmiXcwiiHBKpFh6/1+z9c5voJAM657J9qV8CzBJdQxBEKGVZf3tU0O0XiPb4l6p/m98cwnXItumL3se84NdathfwGWZ6yADVW0IZDn1egtvZ6SNJDYfOxui14dyVCFWyA5rfVfKmvhGLnZns8gLx8/88Gf/f7EBwzeip33z1hfYLc+yzcNHbGDLD7ZmY5JLHKiQ9EOeIDgRaq/MXewoJsqsrnMZGzbfC721dQ==
+auspost.		86400	IN	NSEC	author. NS DS RRSIG NSEC
+auspost.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . p65KNPyZ/TR5a+E8yGMjERblSQ9fzj79PzT2sp4GYn7LTggpf96CesZeFsjub4CL7oMJPM3ru+PRGkod5TB0WlZwC5Eaz4kAsfhqEEwK4vn+lhF+owDEoYrqJLJzX+S+tkUqWJjPaSPgEPqRGxgrYPjLbf01f1vu1e9q9+7NhbxiCQyPQOLc/pama2Cys56fAZGytUrZEsTe/Ri+pihNkzEBPCdJ42kQLSjKhe6ggB+CjVoW+DthmjiwqYZQzOQ+vZ/EJ1NLrq3ew2cbQh2gAQNNzD/eVTfd+WC9v9Lyw/JsCo5nDv8oGAmPw4HXcp38+V/WyrKG4bOm0W4jAhiJMQ==
+a.nic.auspost.		172800	IN	A	37.209.192.9
+a.nic.auspost.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.auspost.		172800	IN	A	37.209.194.9
+b.nic.auspost.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.auspost.		172800	IN	A	37.209.196.9
+c.nic.auspost.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.auspost.		172800	IN	A	156.154.172.82
+x.nic.auspost.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.auspost.		172800	IN	A	156.154.173.82
+y.nic.auspost.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.auspost.		172800	IN	A	156.154.174.82
+z.nic.auspost.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+author.			172800	IN	NS	dns1.nic.author.
+author.			172800	IN	NS	dns2.nic.author.
+author.			172800	IN	NS	dns3.nic.author.
+author.			172800	IN	NS	dns4.nic.author.
+author.			172800	IN	NS	dnsa.nic.author.
+author.			172800	IN	NS	dnsb.nic.author.
+author.			172800	IN	NS	dnsc.nic.author.
+author.			172800	IN	NS	dnsd.nic.author.
+author.			86400	IN	DS	4690 8 2 FC1AAA00C7D9798C3BBEED82B37AAFBA04AE15E97016E9A8B646AC5C37572DA3
+author.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tTTNQCOYjjG7aQwczwg6GiVuqiZLL3vQNzoP++aRawIs7FfDgFCqw/EkzShD2V37+VerRoewBLXIOpD49SJfERMpXME/yIkWFaRXZ7fUUn8j2jC9jOTeHLxEuqDH4IAzoh4FmOLY0c2Copla1B9j7zKRHRQYHLV7S0jbFGe18EqH88gC5x0RtXgWkvUQo05Arh7kZ6UM5FiJjVHMXkXRem47ZeLsB+bj/v+fHPApXhGwRMSOkGfdWgfZrzwkgzUlyzf1fArdQSqG03Lc6WYPt/smZyU/QK8WH6rglcQoO1q0eiO/SdsyKK82rrv7YZmSmseysDgx2V4vYiAsQKILnQ==
+author.			86400	IN	NSEC	auto. NS DS RRSIG NSEC
+author.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . shPW5SIzdjI+GFJYyH8QhvTJe/nvY+KIbkZlRKHJaWM/IzHxQH+wCauIcOfHeNrQBRmY/cT5+85+u6KT21jYdvq4vq/z8LCRH5fZWTehxbsJVbhQeFnRO7DhExPzLP2YjycXqph4qd/FRJ2mqDO6Yuayqf6GYwHF/RtLYwiyKOPmnjduxcnRwke9uxUCDC3JiViUZGbeG9l/gcLIFlONGIa+rxeLKdF48HCVAjAnJFdoIwBk+FwAnY3EAEaidnbFBhMJISh/76Z4OSKN5pnRzMf58QfMrM0D0sZVpJ2fZpWOb5v6wj3NpPEq1UF6d81V4qSmPdAW52AAo6FOxjw6Vw==
+dns1.nic.author.	172800	IN	A	213.248.218.60
+dns1.nic.author.	172800	IN	AAAA	2a01:618:402:0:0:0:0:60
+dns2.nic.author.	172800	IN	A	103.49.82.60
+dns2.nic.author.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:60
+dns3.nic.author.	172800	IN	A	213.248.222.60
+dns3.nic.author.	172800	IN	AAAA	2a01:618:406:0:0:0:0:60
+dns4.nic.author.	172800	IN	A	43.230.50.60
+dns4.nic.author.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:60
+dnsa.nic.author.	172800	IN	A	156.154.100.3
+dnsa.nic.author.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.author.	172800	IN	A	156.154.101.3
+dnsb.nic.author.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.author.	172800	IN	A	156.154.102.3
+dnsc.nic.author.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.author.	172800	IN	A	156.154.103.3
+dnsd.nic.author.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+auto.			172800	IN	NS	a.nic.auto.
+auto.			172800	IN	NS	b.nic.auto.
+auto.			172800	IN	NS	c.nic.auto.
+auto.			172800	IN	NS	d.nic.auto.
+auto.			86400	IN	DS	41492 5 1 4EF1EDDD59DAEE765CD1ED0205081D46D25BBE7C
+auto.			86400	IN	DS	41492 5 2 01B3B92918B955D84A70F1BC254513D6FD90A33E8ABABC0AAFCF8830AC259C2C
+auto.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1At9kcIz5fk83Ugi3OmSmo80xiwdDraBLEmwCgjJ92R5sFWl50jMimWl8sSxQYfHG9cL5W4pWMxZypqrWFaKO2TsWNPq9FN9qPMAhlHwKIwFKylUHp8DAQgj1QdWHr9diDO/6qRE1CEBwur9S6Gw0NrlVsOcWDAN+BbESmIUTHFKT12VR4jnHeAWqds/K1NgYITfaxKa2S1Brp1gt0ReS4yGNAXZqx+g33Mhc1y9rHVOJAowdJctb+W///8S1zuMNVgTwq/R7j2+0W6sDMXfax+rxitVn0SuGyPk18Hr+DmEla9+nMGgxZDOFtdnnaYY8PssiI9dUGG9r1JI3rmO4g==
+auto.			86400	IN	NSEC	autos. NS DS RRSIG NSEC
+auto.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0bL1OWNajpjbUnNruv7MtO+4kFj+/8jo96Gbqq8InU5NrSeR7wl4Ezw2k8mEOSDO+FjA3zgf7Qc3XR/WZH+Ju/Kn795jD0nnZ7hkPHgAD5F0Vj8PZXwD5UTIQ8b5oehVrTDQA9ppswPONiwQgb8Aes+38HWc2L9bX0sxD6w8ySWj7DZbXi0u9PpMWlmuR55dlmHo2ed8sNQUBYIrTXJfVwg8vgiGYA0imAskuXYE4VgTjV9NFgsPxBmUxfHhSU9S5IsKqQu8S1FGCRf/MaaJOY0zz5oc1I9eHDDC/xXqXtvhG9CZyo/QqW3ymynTjPS0eH0aWZ8+gJ5jOmE2uxteHQ==
+a.nic.auto.		172800	IN	A	194.169.218.131
+a.nic.auto.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:131
+b.nic.auto.		172800	IN	A	185.24.64.131
+b.nic.auto.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:131
+c.nic.auto.		172800	IN	A	212.18.248.131
+c.nic.auto.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:131
+d.nic.auto.		172800	IN	A	212.18.249.131
+d.nic.auto.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:131
+autos.			172800	IN	NS	a.nic.autos.
+autos.			172800	IN	NS	b.nic.autos.
+autos.			172800	IN	NS	c.nic.autos.
+autos.			172800	IN	NS	d.nic.autos.
+autos.			86400	IN	DS	12979 8 2 B803B9558F22EFB130A7B8A43E1CB855B94DE8DC5558A1BC350DBA0560E27BCD
+autos.			86400	IN	DS	61492 8 2 34F530B8473FA65A88C5F81552EFAD281321445F6DC77ED685E06071BB56F0DD
+autos.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CnUESaacq/p0LBoCBlKVm7yDGAUHJ6Z4k4W1+PJmbdvo0BAHS4qcVU3hd6WKsGkALsdiGm8jT71twNVOX7QzmEz7nUzgTlHuxSYO3VaJFlu/a0DEroziybdMujF4bW3g96w4T4zxWtYRcWu+dUa4EyujxrNWIr3ClzW+LndLZQH/sGbe5ig/SMKF9KGJ6MgP1tuBnO8/mi0SaqGUfdIOIaPjBFeujvvFV6tadzXWqsnSB0zg5vcGoy355IEFdR1QMYg3m6+U/zFEFH2d9W0BiPghQBK26aCJjkwc1rpAUu0ha15ya2b7/7uL716oe1ed6RUff/uZRlfaYhYCCfAl+Q==
+autos.			86400	IN	NSEC	avianca. NS DS RRSIG NSEC
+autos.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F+h4AH6576XFxjFHimMId2xmzjyX8RO7bEYPCPQ5RD5rEL7cu+FeLQH4hKhSIAPTiFjbiH9wSNAcCKQrMQ06YyQCJWMB9Mabr6vyGJDQqKoTbMp4Vyl0ZHfegFYC0BLA3Sd9xoimGUtLE0ret90ElmOGsqw7sfk9iA6GRmbp08vqk9rgyM6iD4kLfhphK0LXZVC3KefY21ILgV1bHfodm9uXicSTrntYWcvbM3Qk0acsyzBRTCvglw4zq//EUJT/EEWlhIntvb+nYhhQKHC/lup4idY92wAj9OqUMuxFv1evajTLU96OLiy144joZhJ6ZePLpuUvtG4ISPRxwut7Pg==
+a.nic.autos.		172800	IN	A	194.169.218.136
+a.nic.autos.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:136
+b.nic.autos.		172800	IN	A	185.24.64.136
+b.nic.autos.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:136
+c.nic.autos.		172800	IN	A	212.18.248.136
+c.nic.autos.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:136
+d.nic.autos.		172800	IN	A	212.18.249.136
+d.nic.autos.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:136
+avianca.		172800	IN	NS	a0.nic.avianca.
+avianca.		172800	IN	NS	a2.nic.avianca.
+avianca.		172800	IN	NS	b0.nic.avianca.
+avianca.		172800	IN	NS	c0.nic.avianca.
+avianca.		86400	IN	DS	16027 8 2 A87EC8292B65CD932F5B29C32773DABFFF897E71B9921FA4F000F826542F65CC
+avianca.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . byeY4h74DUnVBFmWAII6RSqG8xd0zjL/1GoWMPMZi1TebSdJGei5f6Nh52zus90gYWXjPY6+GSqI3+OeNoHU0+s63qEV4kaQJmiOjJ2JzgUj7mMd5OhCwJ922gVxYOCvJYK1I+7yGqvwDgdvk4YiFQ1zp5dzWxXcLmIh3dxLPNAQ/T5xGEPFxchfl0mPGWlvQLB9xyxcKdI2wJPVIetAa+olSoUSOLP+J7xZnPy0FBiuqOyzf9dm6HkMn+G8+K2/jgViCDouyX+2+8P1dPuY09lVLt9J03inS9mrtW/MG7fsNhKEKChob5RsViBHzXYKEoThPdV42jS0xzV77Ec2mA==
+avianca.		86400	IN	NSEC	aw. NS DS RRSIG NSEC
+avianca.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Wofis7xoIzzb39ezTra2UoYkZY3tT4zAIX9CK6zYn9tg8n5EebIwOgcTZPAcznuiZymcw2RLl/9O6vClYOoRA412PZbCoPjtasejlbY81HOmmQ2xqKwustfd+//RtGu1XjvEc2Raj5yol2zmTka6dWv2+phzRGfGX5tm+9EiVHjVQVSkT5C9pnoqlqhZthTjWtyaEzGHaoTKjX4nnd0aRd7RdlFq2/uxRQRpxmeNAuu633eWeC64etviNpc7vZuJUuWrpr+nFzhnWlK7wexgCI8L79T9qroPtD6ky5RXGsvEvFUjpcKcExlu4rL39Y9wIVKHDxUVHYfCWGY5e1LEZg==
+a0.nic.avianca.		172800	IN	A	65.22.80.17
+a0.nic.avianca.		172800	IN	AAAA	2a01:8840:4e:0:0:0:0:17
+a2.nic.avianca.		172800	IN	A	65.22.83.17
+a2.nic.avianca.		172800	IN	AAAA	2a01:8840:51:0:0:0:0:17
+b0.nic.avianca.		172800	IN	A	65.22.81.17
+b0.nic.avianca.		172800	IN	AAAA	2a01:8840:4f:0:0:0:0:17
+c0.nic.avianca.		172800	IN	A	65.22.82.17
+c0.nic.avianca.		172800	IN	AAAA	2a01:8840:50:0:0:0:0:17
+aw.			172800	IN	NS	ns1.dns.aw.
+aw.			172800	IN	NS	ns3.dns.aw.
+aw.			172800	IN	NS	ns4.dns.aw.
+aw.			172800	IN	NS	aw01.setarnet.aw.
+aw.			172800	IN	NS	aw02.setarnet.aw.
+aw.			86400	IN	DS	47978 13 2 8704B1C84A372EC2938559C5FD677384CD8C2DE72C1DA0F56C0162101013BC17
+aw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D3tw4I5XV445mT9aDKb7ALAQN8pR7veypPKr94v5HXQ68L0Rs2IE7ilovNVxHpYDZwExgUyarmDj1g3ISCrVGcCJe/yX5NSVpgZphvWarfjuTweR7WAPUH0xBnoZDPziyZLr13EcseBP2j684az/jtQZX9jBcrrDlCR3UEYxQHRCZI7MKkj6UnWR2qJ2NE0nTzc7RLTIbEVVYjciOgTByomlk8gGp/xw2ENjNYE+a+f++v2OOPkpuGtyx0Th1NE3JmusrtnnbhLAm+5/QX8I7k2mmT8LFsjBLnMZhm59XPogIw9nYK8ctVhBOYWUXPDZfu/uswPbl/TVTczhSi84dg==
+aw.			86400	IN	NSEC	aws. NS DS RRSIG NSEC
+aw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GFRAq1RdySPg5N9m3+VwziNMxaX87mNceJxbLdqnB5aWVxGuwEGDIgTdlsskDlFtcminE1kKFKuGq95HT6MEgF7NWfJhjmVUr+3IwQ89N4QMoE2iopWJvKa/MjSfm/l1M7giGsfz1BUw03XoW7wJQc7d8wFCcrNUh4BqIf5IjOu5tKQwy6VkfmECtfW4XQ25Hi1+D24FYsDY123RkJu1xf7vwiM0jvQBpRJOoHwdT7vamEWeFzRBEGAS2ieqvv3GKJyaHifFReYpXmrF3COdO0DpnnP6sMuaWckQBH7dThdbThzPRg/XVvdvP6wwlJTsp0odfB5NDuexwaHu6nznAg==
+ns1.dns.aw.		172800	IN	A	194.0.28.2
+ns1.dns.aw.		172800	IN	AAAA	2001:678:2c:0:194:0:28:2
+ns3.dns.aw.		172800	IN	A	194.0.25.25
+ns3.dns.aw.		172800	IN	AAAA	2001:678:20:0:0:0:0:25
+ns4.dns.aw.		172800	IN	A	185.159.199.201
+ns4.dns.aw.		172800	IN	AAAA	2620:10a:80ac:0:0:0:0:201
+aw01.setarnet.aw.	172800	IN	A	201.229.0.26
+aw02.setarnet.aw.	172800	IN	A	201.229.0.27
+aws.			172800	IN	NS	dns1.nic.aws.
+aws.			172800	IN	NS	dns2.nic.aws.
+aws.			172800	IN	NS	dns3.nic.aws.
+aws.			172800	IN	NS	dns4.nic.aws.
+aws.			172800	IN	NS	dnsa.nic.aws.
+aws.			172800	IN	NS	dnsb.nic.aws.
+aws.			172800	IN	NS	dnsc.nic.aws.
+aws.			172800	IN	NS	dnsd.nic.aws.
+aws.			86400	IN	DS	54182 8 2 76F2C3FBB9F23FF5F59A4CD63B8D5D5174B3F2E0F034B7323C1543312F37301D
+aws.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . G0Yynn+ZpZsKkBRvbVXsnH8+3iKFkmI1huF+YYC/YCame+GH7edYLeJletyj5tWDEvpSQUPifP1BiO/wuFA2RnDNBgfP1nLwEW4bDVqzNgDmcLwFBbRQ7tRdl9oTdc+ujZZWF+uGzu3xOPPJFvCewhX6lERZLB3gheqG1sNSErrEO/PtikgU+pX1oAF2bI5qW+KeUXawXbvp3HZ6IdiFwvPWH7nmURP9cSxpN06/Q2Vm8Xr4otG3ARIMkMUoK+Uex++4M96KhPeg6zbW+bBSthEU+O6gONKMWmg5jryPR0dLNujv4+E3O9pUzS0H83GOtAF3Zem+G3noqIy8dLgP/g==
+aws.			86400	IN	NSEC	ax. NS DS RRSIG NSEC
+aws.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qc/FAlNbvOQiD1/t/GOyqmhihDlpexyUQ7Kdm69BJKOucOlqVy5jUAQtLIZ9XZD/vvjlsrFndCE6sATj3ANCjLB+YRScY9KcJInbNnm6L2bzPCP8Dh52nuBHv09O9FgjxYj1B9uTAm1S9hv6r316rTgzgDsVN5s3UkSCrf5dFxvEwG2PrjmmBXPsINsOGSK5RkO98xOkgRi5Mf0lhay8ihkJig4MaqBUlvQMsUHiKyxhtfDNvNwYi9uSNmw+4qneeVPc2HPI0NjJVYWo5WVO54WRbwhYHoH36bxYhmyOlsJ0kBkUmMLb3nBG96JpJI7zDZbBwBGs53kisxiIsqctXA==
+dns1.nic.aws.		172800	IN	A	213.248.218.53
+dns1.nic.aws.		172800	IN	AAAA	2a01:618:402:0:0:0:0:53
+dns2.nic.aws.		172800	IN	A	103.49.82.53
+dns2.nic.aws.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:53
+dns3.nic.aws.		172800	IN	A	213.248.222.53
+dns3.nic.aws.		172800	IN	AAAA	2a01:618:406:0:0:0:0:53
+dns4.nic.aws.		172800	IN	A	43.230.50.53
+dns4.nic.aws.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:53
+dnsa.nic.aws.		172800	IN	A	156.154.100.3
+dnsa.nic.aws.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.aws.		172800	IN	A	156.154.101.3
+dnsb.nic.aws.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.aws.		172800	IN	A	156.154.102.3
+dnsc.nic.aws.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.aws.		172800	IN	A	156.154.103.3
+dnsd.nic.aws.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+ax.			172800	IN	NS	ns1.aland.net.
+ax.			172800	IN	NS	ns2.aland.net.
+ax.			172800	IN	NS	ns3.alcom.fi.
+ax.			172800	IN	NS	ns4.alcom.fi.
+ax.			86400	IN	DS	54055 8 2 4299C76D8767752C8A10579C4465CBC1C61AD2E1A0D68B42DF75645322F06202
+ax.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AiHJwBmlkmyTLJGV92xKYz4kbZ0KOvor7buNK1PKh9McpoVLEwpaDvL8Tm8s6VwbTGaKCKoB3FEyepbh0pEUI03UjHVMJn55P4LW+vcsaNM2fkPlwvcBdxsaUer/ZNY2McJAjq9PrcMq5/YK1jNycbXi4j9qWObBZpiVSxEWuo0puErh/R/6Y7qqf6rL8yHBX/95xaZCjIE2MSQUWLNclRgsTznQxEOJZZdx5qyo9fwPknfc60pkXfLAnEoc/c2ZKjz71pIEuIlKI06s1CWB1lJFAYX6VHXrjTUupZvVKKAUXYBoJkGiVHnp7Ko9bczM93knwXJd/8ryx4xDpIB9Nw==
+ax.			86400	IN	NSEC	axa. NS DS RRSIG NSEC
+ax.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IC0btbjpHfRmDu9o0xy5UYpahO/+Q5MUxdtOHC5RGlK6IcTt75sAFEmfv8qSYiRIl3zcchBH3MJTjHxlvbEOJYvFKVKJiETNsxYnmnAAtiL8UsPe8YKI5XKVQtnSWxe3mNc0ubZbUcbZ9w59kstrUidzwtqOkcxot3DhQgvfe47eVHF3oyRkewsO8yIhLt0JAmFQi7YYfZQ/PZdvzE787cmuumSO802ipcO8IucecRN2DHMjPaNI5XZUBNI4rm/DQkCU3bBTifQVpdpwEuSHDqze1GUBbxn2M506N4+Lyqu8Ml41qnNn2+6XagV99K2Rycps+E7Ok94asGP451qHhg==
+axa.			172800	IN	NS	a.nic.axa.
+axa.			172800	IN	NS	b.nic.axa.
+axa.			172800	IN	NS	c.nic.axa.
+axa.			172800	IN	NS	ns1.dns.nic.axa.
+axa.			172800	IN	NS	ns2.dns.nic.axa.
+axa.			172800	IN	NS	ns3.dns.nic.axa.
+axa.			86400	IN	DS	5080 8 2 4D57320629FFDD40E328D66E6B2C7EBCA3945CE8D09A78E6E336DDDB6EAD6711
+axa.			86400	IN	DS	62554 8 2 E0444F158023DD294CB64EBCE2B642BD7D26EDDF0D5A1592B12C9D6411C1C448
+axa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1mREtLmaHIghX208EhY29yl76DtsWYPDiAEgD2Wkba9/dyJZwlG8qTSm6aSCIl/YVWIApAJETz8StS56hvxgD7RiulzDSHD27txZrd32GjjC1tvFeJFOzxhXm5LGCk5voUAxE2gfW/K4jF2tJgZIou/gN9fttLtkRkB5ByfUEAVigrgWx1V0iuzQR8qtsnTE/zdVLD+9QjBbOt1krRRcrG82SZj9etvwBZJIwBPc8ZzXCqNYeBAdfZb4XvrL3k4k6y4eZv3liXQuNsNMHR2H5h83sekwqH3BUdsyo9yQMNyP0tyXBnnlLp1lt6bGWqCqmV0l1PI8u5MQhOJCyiUtXw==
+axa.			86400	IN	NSEC	az. NS DS RRSIG NSEC
+axa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JmMuGhRnYAo2TteEP4P+1ksOce8PVWm+a85/zFX12CcCxSScVHs6Ci55V1oK0VW7ASIrh4FQhHVdj0rHt83nupPPB6mQ25+PL0J+zpl7Koh7V7VGJnxXPAoSa22/ipW25iSaTWsDyvbFWd6g9B2NC4dFBvBH7o9TVYYHwuwFUtEdC3oHLBTfQWI5Z5EHmP6L5xKm9AI0EvTHUuJI/bj5aOl+dr1yf/19nIqKBpZQISQntFwkawfYLbH61qU/y3BRtYD1QIvan+7wIE09TenGbJ/XlFaEJDGxX5/SEBQPnh9Y2teNzqkuYxoEQLa9Yn6xiG2J+xY7TPOpbYNYXWXiMg==
+a.nic.axa.		172800	IN	A	37.209.192.9
+a.nic.axa.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.axa.		172800	IN	A	37.209.194.9
+b.nic.axa.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.axa.		172800	IN	A	37.209.196.9
+c.nic.axa.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.axa.	172800	IN	A	156.154.144.20
+ns1.dns.nic.axa.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:14
+ns2.dns.nic.axa.	172800	IN	A	156.154.145.20
+ns2.dns.nic.axa.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:14
+ns3.dns.nic.axa.	172800	IN	A	156.154.159.20
+ns3.dns.nic.axa.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:14
+az.			172800	IN	NS	az.hostmaster.ua.
+az.			172800	IN	NS	ns3.intrans.az.
+az.			172800	IN	NS	rip.psg.com.
+az.			86400	IN	DS	48544 8 2 4CB64B087166BD2A837EFCEDC5D210F3FFBEDB7E6535998B27A1E43B948967CC
+az.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vv3ibpTD52stjov2dzrwD8iOOcfLx7v6yPhBADtaGzk2ddJoDW/lO/rtZUHMh94r3eKYnybJoVDBpwotnYwTBpUxVp4D+AaF/3VqsFxgEKgVf+JbvIgRpLftP7htZPmznM+b1hr1PR/guV/mCigZybQ5F5dWWPwXkuIcQ4k62bD4vBPpoNNrRcpXiGejodXuSFg+fSHRV8k9CJkJgzcxNB71p2L8AeKm5S5VB/F17ZzjfwdSawIYlfkpSqef05dq2riT0IzaEfqy3XZO1EJNMB5Fi+szd7KmMW4O+3rusCi0OWUpZVzyIQ8Mm9tb46pVPXYOMi6eKtYT0t698m3xnw==
+az.			86400	IN	NSEC	azure. NS DS RRSIG NSEC
+az.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rchi3tcoTt1iOAm/BEoSkKAKzzaGGJrXPYkEZ0f6z9kJglrALBM2cO//CvioDd4OSCznR16heMro0TJ7iypIbyOcRk8umaaFCeLNXnzlOTm+jrdp64cY7YYHs4e3HA6T7CnmsfWSRcVturRk9dnUF6ngQTrGi64b4tGyham6+wPj61eILHsa9w6X+eJ5RfzXxgQzjTLfooVgaVgL/3eJfW96YNvw4+sSiCUoZM2b1+4+zJez14MRB2lUICBj9keBPej5GqMl/xLjev4+RQxUdUC9wrVxvzxswbNxMYNem1komAbF4Scjna/K6uKQ9qolru9pe4pQLNjS6dRySVR/sg==
+ns3.intrans.az.		172800	IN	A	148.251.2.246
+azure.			172800	IN	NS	dns1.nominetdns.uk.
+azure.			172800	IN	NS	dns2.nominetdns.uk.
+azure.			172800	IN	NS	dns3.nominetdns.uk.
+azure.			172800	IN	NS	dns4.nominetdns.uk.
+azure.			172800	IN	NS	dnsa.nominetdns.uk.
+azure.			172800	IN	NS	dnsb.nominetdns.uk.
+azure.			172800	IN	NS	dnsc.nominetdns.uk.
+azure.			172800	IN	NS	dnsd.nominetdns.uk.
+azure.			86400	IN	DS	25698 8 2 2C2D532D450F86FBC9238816088ED98AE6C8A5F665706DD634BA4E63A8D8837F
+azure.			86400	IN	DS	40166 8 2 9F412D488BC68DE48010ED08D94CC6830CD604296F3BDF244AC9D7DFA74AE458
+azure.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qB4jmDr/xX5FBohoRgOqKFvMdfLpU2SoL+HUxEneoCuXrJeJEms62Z9TVClUXPQfg+0qbFubGkSVEz/pYukoAEcb8W4Mo27UnJmejoPvG9qiWQwZcbprNEWajzgeWuQysZpwtL8c4IFS1yXfFXKQdus6UuFXoCLbfHw0mUSM9zHXJidzUP7XCdfUE7l0ilVcBHpDsymcxhjpVo4XTjiHz+YzvCoyCi/gfXl2Eqjm5xCsMvIHt28hs1IzTqZsQRUTybAzbyeXU6BFano4KKRvy2mr4pcbapkE6w0+QDZCCjPYaRnBimy+FyAiFeZ1XOch8KxJfCz2iB0x0ozl3PJU1Q==
+azure.			86400	IN	NSEC	ba. NS DS RRSIG NSEC
+azure.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qD2oCmDsSvhD2HBvappaf5TRTvpLZnReIbFEYJoEBhqubQ3Q4mzlz2gdu1Mlr78dyVq67H/Lb4PyTYobIosAsfmf2uPRedlYTHgmHkoqjsa7w0kXc43aOE0nLuPLVxQgz3W1ZQtCE4kI79BuLgC05FvjyL8z9Wa5c0lmSefFY0tm813xLvhHDE1PhYXHCUsm70z4apb9juAGqA7OwI/mHhsO8QDWN9W+QnxOGoVdDrRJwl/rocI1hTvMpp9zyb4UbvG6TOhpdN9UNmIyNVv+Yc+Bkq85fNKN0WNIGst/KagZ5IlgKjVyMkQflYaWh0uTgcvAvFil0+zDwFbhq239nA==
+ba.			172800	IN	NS	ns.ba.
+ba.			172800	IN	NS	una.utic.net.ba.
+ba.			172800	IN	NS	sava.utic.net.ba.
+ba.			86400	IN	NSEC	baby. NS RRSIG NSEC
+ba.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PGtjui1IiqcqmfXDHWQ5r3GTBo/+J3gFkw2WJZdJAvS51wfnxSxWi7bE5m8FuCO8acLMZvmxkbNQKhRUyfH9hYuhdZW8ZZ8xwWkgjCJ9NxIsUdjdeCOrunnkwWtEzqh6NMYKxnYP76qe5EnQv6z8oC7z0OgnetsFuiDvpLx0viJgxgZ6bt7mUa2iZHsYtSwU3QNP/1mXbgZa325EOIGfb1Apln4ah+YXTTk+AuDc2XAz6U2ek9MD0rLURM5EsPA0CHlNOSb2JkaQjhAZ3AEl33gfB/mdITsYgvgIAS+POiwQD7obUH4V3VybaAAyDOVvVWyIPfxKc35IykmqKHhAdA==
+sava.utic.net.ba.	172800	IN	A	195.130.35.3
+una.utic.net.ba.	172800	IN	A	204.61.216.117
+una.utic.net.ba.	172800	IN	AAAA	2001:500:14:6117:ad:0:0:1
+ns.ba.			172800	IN	A	195.130.35.5
+baby.			172800	IN	NS	a.nic.baby.
+baby.			172800	IN	NS	b.nic.baby.
+baby.			172800	IN	NS	c.nic.baby.
+baby.			172800	IN	NS	d.nic.baby.
+baby.			86400	IN	DS	11182 8 2 6B39CCC9BA6C73C818D68522547E5D56DB46E13607DC0E83047D6E111067DCB2
+baby.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lmByUDMhq89dO2QVHL/0BiBccGdkfe3ioMzewx7fy8M+/QfhhHsqrePZkuWcZApIKUwWIIIcPl4dgnri5etakKqt2e38jitGViAen0maAnHqOF3LP3Lsy8XWLU3+bBzPGo1ZMIubIb3M+VP9Tur+4zeWm6NE6aeknVP89xr0ZBM4YuXSZ4Ojmm29bqDMHuaSXwK68QaXMC8iVLfFmyqyuYr4L1+kb1pnR9p2LyPX4Lo9KvkDwyqYAssZsea0B5p3ve7TLw5Y8W6Fr6bnKORBe3bXwMDXRUaKdN/5n0B4DXFABCfM6IF51dCc+gt1KbsKItqQAEbODljWUEsRwN24IQ==
+baby.			86400	IN	NSEC	baidu. NS DS RRSIG NSEC
+baby.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zQbpQM2OXF1Zf1cs8ujfawHA6+sZ3r3g6ssYm3gGT6i2rDho/YYnfVKHx+gtEmm4r1G8tlqlWBewbQS/tlDay79A5xBjzefguE6+wySl8Ivrpln10Yr76PgKyGc7dOpt+t5j+nZb3baYpqn9uTas2tAR+n4RUhfuUndhw+FZMqW2q0O14FFN9Q9NQBe14d8BoTpRrmX7WsQ1Y5s0bABaiQ9IpB3OdaXPpBBDY6j577Td3I7jATKXz2NbIyiOnyKZDX0OfYoUsqM4osFEztd3nRTdFLucTIwwHNW6aVTTLctZ1VYF3Tds3PNElyKxqFqKPG5STFuh/sjf4PQP30Dx0w==
+a.nic.baby.		172800	IN	A	194.169.218.101
+a.nic.baby.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:101
+b.nic.baby.		172800	IN	A	185.24.64.101
+b.nic.baby.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:101
+c.nic.baby.		172800	IN	A	212.18.248.101
+c.nic.baby.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:101
+d.nic.baby.		172800	IN	A	212.18.249.101
+d.nic.baby.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:101
+baidu.			172800	IN	NS	a.zdnscloud.com.
+baidu.			172800	IN	NS	b.zdnscloud.com.
+baidu.			172800	IN	NS	c.zdnscloud.com.
+baidu.			172800	IN	NS	d.zdnscloud.com.
+baidu.			172800	IN	NS	f.zdnscloud.com.
+baidu.			172800	IN	NS	g.zdnscloud.com.
+baidu.			172800	IN	NS	i.zdnscloud.com.
+baidu.			172800	IN	NS	j.zdnscloud.com.
+baidu.			86400	IN	DS	63817 8 2 13605EBD9736B66B1EB3B2DB5865CA66B5EFD2BE720087FE4441039F3AA4CF3D
+baidu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XOYpO4qqYqrXx8jxmKT2c8Zza0xkcgVTzvIqeVbbN7/TUwiOJWGwOs9J8WGYrHucq0JCnws6ocv4xgR+wqgXCMVTJE0GGHPXhtNbRFOqLSGB3Ta+b4xseknl9V1+/2Go9rXmyNx3ywgPPhtPG+hbW/82xow2Mrw4iDdXYeLqqq4QkDoYLV537eJKHhCSLdy4wlsh4flKa8Xm93PIQEjQR5qMRjn3WShFmtiKLNCFctXT/fzN5NZOmzSOiQ04sEA5Rk4s+teOP/16vwuqDAdYs8y9MeR2LruuwK1aB1mU7UUO+lVCmeSeb5HyS84rRYT+Xpi4IiYlPct1EW/nMyqF+Q==
+baidu.			86400	IN	NSEC	banamex. NS DS RRSIG NSEC
+baidu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IejtYq+dn6x3eBkZb/g/fE9h+gIss+jz8vRyFFwHSkaOOmR7Yrh9oNxfekkGNV1dpaN3MFCuyxBKN/4VwfMlkPW84ig3DgrxStX9KJdo+axCHWjpYTsRA+m/B3+o3vMY1ezFNHVGv530+C2E8xxKPr/+wB564tuv+dc871nnWcQXb0LXxSx8CvC1gSk+IPtEJvG0eeBIUGqAS7zWwyL4Bxon/PGTD1buz2azaGqPOQeCpVW9AVmSoNwR3PtbMbXGXLUojY8vfn23IhO+6QZrkrWtH3grtbtT8Q54G2BNb+A7O+0IfXQTDZ4IpABawIvfkNYzDeIo9EUpb1GFqxl9bw==
+banamex.		172800	IN	NS	a.nic.banamex.
+banamex.		172800	IN	NS	b.nic.banamex.
+banamex.		172800	IN	NS	c.nic.banamex.
+banamex.		172800	IN	NS	ns1.dns.nic.banamex.
+banamex.		172800	IN	NS	ns2.dns.nic.banamex.
+banamex.		172800	IN	NS	ns3.dns.nic.banamex.
+banamex.		86400	IN	DS	38095 8 2 EB04C740FB681AB87A2376CFB9E5CE3A865F930DA98246836670D0BB29478229
+banamex.		86400	IN	DS	48619 8 2 0EC0CEA382D19EA64E24C4C8B5DCD64217A362F580401DDF31B3EF3D78E35A9B
+banamex.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BNEbkStGeI98EFgPiZUWbR9OOPMl4A8IclVDaQswVNQYEn4vnw5iQl9oZnxbvkRk849pPCUUBA2f7USuj+i357WLEC/TqS/zt7V+RknhPBW3cezQ31uvBnMAjbaFX8hyJeWbz/GOsr19ltX22vGFS3uu+c0xLyRnsEURURtpKeOd/HuQxmBY09+Fq+7XVehJhaprhKH/QaWDzAqY7CEnmM4knaF3rpchzToNVlwmQUEMVpK4ZCC7sgPX2i4R8TmA/O7QSY5g1ECUZ2pzqHUFzSQMnb4PQGLUv8hk7JHpwPA3Z/r+ZzwqpbjhG0DlQfYZBoFH1JCeuOGBaKoTfj2JyQ==
+banamex.		86400	IN	NSEC	bananarepublic. NS DS RRSIG NSEC
+banamex.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eJXjSH94dCJFS3JlqkG1aDGg2wOgXPsQCQ7IjM/ajY79TO/J4SlvV4AUdVqv8Ia6n48y7UChua11q9xI3ogrwqRcZY7lij7DqRG30k4JUhI0vfZrTCHhY+wtoLsokphWlq2RrDT9B+GY2ZjRQdpjTXmU68o5aiM5BEHGx84wNZlhsKq0QlpiinsBgtMXLnM+K7gxOM0ago2HVOdoo0gsEu/I46RMaiJSoqCyORNGMJ9NJcrLlROG3YbTpc86z30Kdn7QA3UqI1TezxA8S6srIdLau5MO7cZoVzi5T2c6e009gTTpizmGw9cRuHzZmcEDWYv7O40f3EuYBfZ/oaekhw==
+a.nic.banamex.		172800	IN	A	37.209.192.9
+a.nic.banamex.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.banamex.		172800	IN	A	37.209.194.9
+b.nic.banamex.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.banamex.		172800	IN	A	37.209.196.9
+c.nic.banamex.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.banamex.	172800	IN	A	156.154.144.21
+ns1.dns.nic.banamex.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:15
+ns2.dns.nic.banamex.	172800	IN	A	156.154.145.21
+ns2.dns.nic.banamex.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:15
+ns3.dns.nic.banamex.	172800	IN	A	156.154.159.21
+ns3.dns.nic.banamex.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:15
+bananarepublic.		172800	IN	NS	a.nic.bananarepublic.
+bananarepublic.		172800	IN	NS	b.nic.bananarepublic.
+bananarepublic.		172800	IN	NS	c.nic.bananarepublic.
+bananarepublic.		172800	IN	NS	ns1.dns.nic.bananarepublic.
+bananarepublic.		172800	IN	NS	ns2.dns.nic.bananarepublic.
+bananarepublic.		172800	IN	NS	ns3.dns.nic.bananarepublic.
+bananarepublic.		86400	IN	DS	36871 8 2 4A4B1A43D4525BE366F7CC568365D7D619DACE7F6895E3C31390A079A7A03589
+bananarepublic.		86400	IN	DS	42796 8 2 28BB727EE05F747A4EB0FC5E0D807542FA005A2A571C039FD34BE55F3378BB5B
+bananarepublic.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sk7DedArM7TTkjFsVHD5x4wRWcZazNJ6EySP5wtiADQCtMF+CAVG+yYZI/v5ALLB3OlVK589CdbomP06ZXGWFkjffzvRXc6vJmH1K4SZgPj/0vbLmiA5dmx1WvRHtcVYa3/ayJqT9eTr4FEp9jK6erXav5rz1+Z0uSkAg8Rv9aSHffKmkVPIB/y/oEq8S9xh/SCH5i8/M4I0CVTR+Ru2cgwuRiT25iQ3VUWw0nNb9mHN/fJuvguzeYKL0JnWIn/On6ytvfH+FutI800aM3ZrU/gDsIF36mJjIk8idLeuPIc4Kekb6SUf2Ew4LyDYm0YtluA+ykpG3MlqnNiulBHMTQ==
+bananarepublic.		86400	IN	NSEC	band. NS DS RRSIG NSEC
+bananarepublic.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HbvQbgqEJHvxq0Nf8s3JSAuet3CmeOQnOiEJyEf/Ij8y3jFUBXOwYLEkSLB7t72GUCTYt+kN969jKeIX06h8JU1iFbPBT1yeBT/mdf8RZxnsKpG9CaZljma2Xp2wRlc8FKlRE9ptXIQhkq5iTJglpuUvdFki5VjCjmhVhVHsmIEB0txO486Bq/tj8XJz9X8HqlHYCL7mnqpwmThHpGMDOSDFSuEfvWiIvpLJ5/lVutQ2wG616z12hjYxUzr9NIFXiMsonICpYXG9Q3vZtYENtVUYhuulwdEfpZ05ITEph8HeiBhMYy6G5RSbnSMud5gXq+tZiAJUUZqZDkF3lprFOg==
+a.nic.bananarepublic.	172800	IN	A	37.209.192.9
+a.nic.bananarepublic.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.bananarepublic.	172800	IN	A	37.209.194.9
+b.nic.bananarepublic.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.bananarepublic.	172800	IN	A	37.209.196.9
+c.nic.bananarepublic.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.bananarepublic.	172800	IN	A	156.154.144.22
+ns1.dns.nic.bananarepublic.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:16
+ns2.dns.nic.bananarepublic.	172800	IN	A	156.154.145.22
+ns2.dns.nic.bananarepublic.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:16
+ns3.dns.nic.bananarepublic.	172800	IN	A	156.154.159.22
+ns3.dns.nic.bananarepublic.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:16
+band.			172800	IN	NS	v0n0.nic.band.
+band.			172800	IN	NS	v0n1.nic.band.
+band.			172800	IN	NS	v0n2.nic.band.
+band.			172800	IN	NS	v0n3.nic.band.
+band.			172800	IN	NS	v2n0.nic.band.
+band.			172800	IN	NS	v2n1.nic.band.
+band.			86400	IN	DS	5455 8 2 69EF1EDB0708B50D7F22CCB045FA49699B12E5E7F86DCCC3DD84BAEC7390AC35
+band.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0v4b6UpAy/m1h6YAMVx1qh84Hna3fXiZ992bo6V8vTNKYRyaI3IZiMKHUe8yQugjoWxh0fPAs7qLF6idF2WJVGPF1y4DqxCURiiLmXR+ekKB3cP1YibSH2GRs4sS0lwcDympw9O7kvKq3yudofUjBsMhdMtIGbTfqO5ZGqPL3NH6CTYvUvKa9y8V8Aum4oWW9VcvplEKLp4HqcWwhPpD5gVjnYrGTfKnJPLiR0rwRSM6PJ5RgVoQqx48M/YQxCNnHw2iR9TNWFDySpyNn5ctsKX2tD3NLksAQuLci41y0xrQlcimkZ1xOknEvdknqSrVth8aUFiTobXQOJV7kZwMAw==
+band.			86400	IN	NSEC	bank. NS DS RRSIG NSEC
+band.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Jv7d22ghqManMimJY8fBb2CLytSTm3O0rDSkBeSpLsxWZPi1QdN0L/YjC+hcJb2Q0rAbfvJMyT0d8pNVZvPJvmdzbGFfQGRCMmjYlYgrwrliis2AFz/UNNmY7W9PSLc30+wSa3HJork6itl1+xZy9olDVjzHOJ9zDa5btAndyoZ1YQUQO2H33x5jGpu6wsdJMslVyhUUo33eS8qgVxyu8g1hgbSfIZt3/bs629+m4IiG3UIBDa0TeT1/nfYXEDNDSgz9P+x6s/jZzlqSF6V3QSm4DjrsXizQMcFLhvVgEzEfme6XCqFiIwFITjbfwNg60s0jZUd2j8ZgliyPhegNkA==
+v0n0.nic.band.		172800	IN	A	65.22.28.45
+v0n0.nic.band.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:45
+v0n1.nic.band.		172800	IN	A	65.22.29.45
+v0n1.nic.band.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:45
+v0n2.nic.band.		172800	IN	A	65.22.30.45
+v0n2.nic.band.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:45
+v0n3.nic.band.		172800	IN	A	161.232.14.45
+v0n3.nic.band.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:45
+v2n0.nic.band.		172800	IN	A	65.22.31.45
+v2n0.nic.band.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:45
+v2n1.nic.band.		172800	IN	A	161.232.15.45
+v2n1.nic.band.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:45
+bank.			172800	IN	NS	d.nic.bank.
+bank.			172800	IN	NS	e.nic.bank.
+bank.			172800	IN	NS	f.nic.bank.
+bank.			172800	IN	NS	w.nic.bank.
+bank.			172800	IN	NS	x.nic.bank.
+bank.			172800	IN	NS	y.nic.bank.
+bank.			86400	IN	DS	15994 8 2 659D10863A42E4957AD8F9AD97A56F8DE227AA74FC9E3AA4C0E8AFAC0458071A
+bank.			86400	IN	DS	21997 8 2 07EDD24219EE1FA88D97695EA28C3722A29B566813CBFDCC4DBF498892B8FF0C
+bank.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t5woRILpUQikl/FUGL7Bm8dtry458/ykvi5BUojmDehoRhHD3OpmL1X6cVlU7cJhPHxgtGi+e8NQE1+v5QcClNVrPA1BWj+jBWgIjBETvGuYevl2e68RTmk7uiEgORApisCHCD/sECDnrud+aU28M/YC+muWqbGjRn/WA5aWWGrscqD7VPn808sqEEO2sPoj5LRMFdA5Zu9ODP55nMmkYSYcxEbJ1ZUgtiPM3jUjPvbMjqoSZLet8oS7qL+SzDnQ7MG9MW2lSt5ruTAF2/uiiGc8dCwKHrBoUhcFv1XrF0Tm7M0j5QtP2Ke+yIp93PUQkuaTX7xBBpSCfbFnwW8q4w==
+bank.			86400	IN	NSEC	bar. NS DS RRSIG NSEC
+bank.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YJc4owECxWhBwLUu581yISG27VWzf6/BDYyo3h1P1i3yfY1kZ8WwUeGxAF7AwAMdOUR68hRsPRow8xLQIHaeIZG6fQCJEbfQ4PVSz8BHa7jKWG8fC+w/4k6gw1Egq/iYM5N9HhxAg5Q1IxTSjatO002WgKI3IC1l/BaDcBtkdqis1y1qb9HGl+ZjIlfpRDbGdwuitHICAqqdtO8XVIEJEuFpNFX+tarmjDaye7stFj2SvQIpB/CSFwnp+hlOtPD0jgyMiaFOcUoGbkOz3dRHpSHJ33Y/dA8vl/RBwX7QJ9y9RilPH6N91dD4dW5whM23x42G2p4NYpmwBsATgUHJAQ==
+d.nic.bank.		172800	IN	A	156.154.103.27
+d.nic.bank.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:27
+e.nic.bank.		172800	IN	A	156.154.104.27
+e.nic.bank.		172800	IN	AAAA	2610:a1:1011:0:0:0:0:27
+f.nic.bank.		172800	IN	A	156.154.105.27
+f.nic.bank.		172800	IN	AAAA	2610:a1:1012:0:0:0:0:27
+w.nic.bank.		172800	IN	A	37.209.192.10
+w.nic.bank.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+x.nic.bank.		172800	IN	A	37.209.194.10
+x.nic.bank.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+y.nic.bank.		172800	IN	A	37.209.196.10
+y.nic.bank.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+bar.			172800	IN	NS	a.nic.bar.
+bar.			172800	IN	NS	b.nic.bar.
+bar.			172800	IN	NS	c.nic.bar.
+bar.			172800	IN	NS	d.nic.bar.
+bar.			86400	IN	DS	55406 8 1 EECF54C6DAB2CF3FA76EFFCE97B78F432050DA9E
+bar.			86400	IN	DS	55406 8 2 8E8E102E6751DA62E354BD322C9BDD42C29BF6A413B29DA5BDC579E2ED3C8DA1
+bar.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ia8oGv9VVKQlGNSB9le3/k8im15ZaTgidyr4IaaJfdOWaFwMaFFVbWh9ptFqscPLqv3ZyqC5Hg6h+VLFL5GiLN9Mq8cS0O+pD2SNnv8yugukTnHDB+ccxrD8el0BdrAC+L8O8/zxp0+ZdndFqkvQPaf3lUFLrQI0PASXOAhjVsYpcSBjsKcexAZVaCqgktLgSuHWDwPVGGvfcCjdAJovS0/v7Me/kIMRu3w/QupVs2efKneELtpT8BCvrc4PelxKpaQejIEzfjVN5BuIvBYt4H5WIZ4g9T7Ypg2lK34T8jjbj89cJOpcOvErgL5hugY7VheQlOyDqIKXK8Ncmsa58w==
+bar.			86400	IN	NSEC	barcelona. NS DS RRSIG NSEC
+bar.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BxOXb2t3ZldJnjjIQaLV+aaC27rIBHslK5gcIf0p+CNr+BgVQdO7qVXc8F6JYBF2l9Wgh5gymKnyyviJkU524CaVaelnCY2Kbm1OeDpdBqBQJCk6mi/amPTl3EsaEr6Tv5Pv/mXN69Tdqy2QCMl6alI4Fl/0HMoc4Nkp2DqDCvNfuNetLwCvgbpGIcQBTFhDkjRGot19AfmqvEX4hzPmmF1qk6QCNHp4dhRnZ+6RYcvb+0qiuHbOfHD3OB/psFCvuM3Y5LhC626hi76wDApnJzquTJZEvD9K8tTsH7KG3ZLtA9nHAezYVuhC3t+oKk3wrW6h++maFsDhIbbAcKtuTw==
+a.nic.bar.		172800	IN	A	194.169.218.56
+a.nic.bar.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:56
+b.nic.bar.		172800	IN	A	185.24.64.56
+b.nic.bar.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:56
+c.nic.bar.		172800	IN	A	212.18.248.56
+c.nic.bar.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:56
+d.nic.bar.		172800	IN	A	212.18.249.56
+d.nic.bar.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:56
+barcelona.		172800	IN	NS	anycast9.irondns.net.
+barcelona.		172800	IN	NS	anycast10.irondns.net.
+barcelona.		172800	IN	NS	anycast23.irondns.net.
+barcelona.		172800	IN	NS	anycast24.irondns.net.
+barcelona.		86400	IN	DS	42241 10 2 950D7E77E7D64382A3C69654AE15EC70A497E6E9002D10EB1BF9C1B89F77EEF7
+barcelona.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1rr5tPrsd1tWiNxq4B63uC3NPsGmEcaUa6wkA1FuM5ZzydvsJIA5Ec2zgjnsjUn7T7PKprfXo9k3ebixPovBITrpFAgm9I+7mz6JnuOtvS0uEeLUf2p0R80HBIhCr0Ng/H3idPy2KO+YA5UyXPBZab4jVHkwnPGGBi5BNUz4oVHcE7Z9hGPQI1V3OFmX1pUjH8MJjpyv9XQi3qe+Sr/EwmEmxg6byHCxBk7Q0P74xz3JNRczLgM9b/3DyX67UZu7Nu5e/eqEPpdW+oyBjHD6/xjllpax1HxKZXJPWY1wLZJ2bmcd4YmKcW5vqn7khVG0TU4aLBkIQMSy0fQTe9Thvg==
+barcelona.		86400	IN	NSEC	barclaycard. NS DS RRSIG NSEC
+barcelona.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EUd5Xn2hSyHiK7zaNz2xKpw6IH2MmPo1Mpq0vUIsBZaKH1lHWcW2BYzLkQxcXVCRWBxTFloyiQdtvZ7Hae6xoLfbYAx0LkgOD8nLdqbnJKUXR04uYPIqH8IxPWp4jBYn6pOrL9oAdvmHKPVidwIBbxq1hVuomt+Frl/68PtYMnYGmWtrVWIJhOOqjeAvsZCOgd7OlgqiNttRFPvn8wA1V70UAGIkwKpnXXumUevM+/pADcVZy10BjmTuEwiGROV8zKikOOp8Dr+mcxIU0MW3tRBJmJDTQa3CJVTxtbA4a71hToEJA3+mWnZebaoRvMuvjUW/zA75izqk3qk4A1pSAg==
+barclaycard.		172800	IN	NS	a0.nic.barclaycard.
+barclaycard.		172800	IN	NS	a2.nic.barclaycard.
+barclaycard.		172800	IN	NS	b0.nic.barclaycard.
+barclaycard.		172800	IN	NS	c0.nic.barclaycard.
+barclaycard.		86400	IN	DS	8476 8 2 5FF69331A1FE54D3D3EA6F4B746444C19C1E61813AC3902E099CB25C369A39C4
+barclaycard.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aU91GzXP/WGb8lZz9WwG/dkrVeENqpAg/Qyi5p3f0Xq77e2eYG+yjGkAaQOsjDUuqAesAztkdwC+KCeYgJ+zXu4tZ1WqvzioiiWVY7n6nDcpwuKB4lZyZAAlXcU2f7g3Dl66sb/q0uGH51v1yknGeWpJc884kB0k+7oNd9oeq1ri1uRexWgsO5ashrh0YBUOWFNO0SBi7IlFNEnxZyUKeU426nbNZ6rPN6iPObi8pxeJsROtQl+6rMI2k7tNTg4mO38omcT7LSggq/flLSTBc5tqr42S/XXSu8+15mhlqRQJRIQR+wRO8ul2VfjBmdHgKF92CsZKNmaGGzIvuSr5Qg==
+barclaycard.		86400	IN	NSEC	barclays. NS DS RRSIG NSEC
+barclaycard.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . piOcQ8ZWmkSY+1+Bqee9OGEt88MqjsNnfEj7MpY4sH1zGkrqc9bHBnUx83x1rBs5Yl9lX+4UrJwgHTLyN/VtVOQuQ34cJBCRCbW/DF0neqdbIHu8IkIiudkcKU5go8hkJyrEh/4xJFJaqD2BE3sHVxYdO/RHG7J27f3Hl6zpg8xc6/jYVJu0+xg2nY49BSoGSFH2Jl698NZH6rS8tNG0cOKPJtS2WDv8pHg0TWjXpTQSNqOGQxmCvx62yjZg2HwiVyNGyghqewgUf6Rh1Ku6Oe/ZHc/QNTTaVSiob06T9R+5ANoK0FvpAOvm3II7navRtqSEFbu/GviBAmZjCPkFfA==
+a0.nic.barclaycard.	172800	IN	A	65.22.120.9
+a0.nic.barclaycard.	172800	IN	AAAA	2a01:8840:76:0:0:0:0:9
+a2.nic.barclaycard.	172800	IN	A	65.22.123.9
+a2.nic.barclaycard.	172800	IN	AAAA	2a01:8840:79:0:0:0:0:9
+b0.nic.barclaycard.	172800	IN	A	65.22.121.9
+b0.nic.barclaycard.	172800	IN	AAAA	2a01:8840:77:0:0:0:0:9
+c0.nic.barclaycard.	172800	IN	A	65.22.122.9
+c0.nic.barclaycard.	172800	IN	AAAA	2a01:8840:78:0:0:0:0:9
+barclays.		172800	IN	NS	a0.nic.barclays.
+barclays.		172800	IN	NS	a2.nic.barclays.
+barclays.		172800	IN	NS	b0.nic.barclays.
+barclays.		172800	IN	NS	c0.nic.barclays.
+barclays.		86400	IN	DS	52234 8 2 616F95C6929BD5FBF6A06A38445F48CA787B2C32CA5ED7220065DF54E71E9EF8
+barclays.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tl7pvPpXwTm1Cs1BL1mmH3whjWsRYzu3eHqNbIH+2qqvfFZdE3BbnoLDLEbY7JE/DVZSg/kORTIVAXhrjvSLpIVpPWJjWAJjggbQlpjTQ4PNXUDih4mOWw9ozDq12MBBi/LJMH22OECZetdkm736x9R3U3PGmMwQgm/BiGKTJ+Yr2drEMmO2iTTaZkrMiJx5xhRlS3ylJ4cISNTLU8Qf3n0ir4UL7f067oSgNdTJ9lYtSVZmixw7fGRluIW0FpTf8jsMe2H5nh/sYTPo4yO2lUwHGClthgTTCujHxlO5MO8i3+xeMw7A3GSZe8X0+QLbL4HRDfIXvgk8Ybb2aTfXUA==
+barclays.		86400	IN	NSEC	barefoot. NS DS RRSIG NSEC
+barclays.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aEep12n7u01oa1bClq2D1aURjDGyExc01mfWZiKYoTwcN7YQAp8vzRxgY3ejVN4tpsB6ZvaATHOuoH5E/dGlurgCNlRIYzAoARbTtuLZsUajZPp5RJbRGlNxPqDjMWSMPWGRIr4rOEM8dLt1VsEvf7n825GcIiVVtLKPL4Wprx+Lnd5XmrckDY1c8H6yALPN/d5GZEB65UzZFFtf7QVI1Ior/4yFMvNvx2xb/fFOIl6Z5+SXo5tnlgEu6bDW3KVZPK9KvBAt7wJN7anM8IS7UlF0pouVGaTyKj7uVdmf5TUrsyQVOXNvPHGK846XZLmd3G2LkWsxQGFTP1RrHxrltw==
+a0.nic.barclays.	172800	IN	A	65.22.120.1
+a0.nic.barclays.	172800	IN	AAAA	2a01:8840:76:0:0:0:0:1
+a2.nic.barclays.	172800	IN	A	65.22.123.1
+a2.nic.barclays.	172800	IN	AAAA	2a01:8840:79:0:0:0:0:1
+b0.nic.barclays.	172800	IN	A	65.22.121.1
+b0.nic.barclays.	172800	IN	AAAA	2a01:8840:77:0:0:0:0:1
+c0.nic.barclays.	172800	IN	A	65.22.122.1
+c0.nic.barclays.	172800	IN	AAAA	2a01:8840:78:0:0:0:0:1
+barefoot.		172800	IN	NS	a0.nic.barefoot.
+barefoot.		172800	IN	NS	a2.nic.barefoot.
+barefoot.		172800	IN	NS	b0.nic.barefoot.
+barefoot.		172800	IN	NS	c0.nic.barefoot.
+barefoot.		86400	IN	DS	35550 8 2 2A380080B296E5BF1C8212618288FDDBC665F7689A31DFDC7EECCFAEFE17203D
+barefoot.		86400	IN	DS	39166 8 2 138E51B866FD0185F6AA90CBF125CD40356C00A14EFAB23344F702F267E45EEA
+barefoot.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hOyLfjTniAlp57LDIK9Z4JSE38mMdpNY+g/+HssZn65r6R+EyGduo0FREvprk9zsVrChIkwoMJWuu7BRGMmGByN8/5HOmn20C+L+p1USWAI5OLZYLabpQBt3IIJEOAC+2g5zin2c1RoswAdBu65odWhqYANgxcMaoZMGs/l2VY8WAvhxwJ68RwiMu7fbcxLbWshagwZkyEq308JFQ4F+RbH47r2YwyNptJbRGgH6ufWJ/GmCLvbjYgF+eDvgVNpRflJbJd6B58zRXn6mtxFvLxrP3r1znUxIn+pgkz7F/vu8QGaieapx7zwgLKcPS8jlrHPXxxF1F0kVX/Ks1DSgPA==
+barefoot.		86400	IN	NSEC	bargains. NS DS RRSIG NSEC
+barefoot.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RQZBMQjtNn5SqcjxIwzS+wR9e/Ng8ceh8lR7A8LcXJ1xV/R9rre2Xis7KOWcN5MRE5jx+Kx6H6Z8JyTMmiq2PcpWLyQVr8tmBgfhjLdpPrrkFD8KcOhwNIm7gXAqpS28X+iO90tJnPwL6MRgWnUC5q7vPFZaSuIzZcWhYm5w1cxChBpAxdb1iouKX2CILP7FZewBp+FAjkUH6N5zCCkleHUFf15vvmauCwgHd/2jWs23htq5vFuaBm9U0G4zHw1ZmmwRR221e42QwUApmuZcRkUHLzWarrCZdxvJEtxIGSTj9TfxdMX9Jnn6ohty05e4iRTdXcVrR3b1HsROolIpuw==
+a0.nic.barefoot.	172800	IN	A	65.22.56.17
+a0.nic.barefoot.	172800	IN	AAAA	2a01:8840:36:0:0:0:0:17
+a2.nic.barefoot.	172800	IN	A	65.22.59.17
+a2.nic.barefoot.	172800	IN	AAAA	2a01:8840:39:0:0:0:0:17
+b0.nic.barefoot.	172800	IN	A	65.22.57.17
+b0.nic.barefoot.	172800	IN	AAAA	2a01:8840:37:0:0:0:0:17
+c0.nic.barefoot.	172800	IN	A	65.22.58.17
+c0.nic.barefoot.	172800	IN	AAAA	2a01:8840:38:0:0:0:0:17
+bargains.		172800	IN	NS	v0n0.nic.bargains.
+bargains.		172800	IN	NS	v0n1.nic.bargains.
+bargains.		172800	IN	NS	v0n2.nic.bargains.
+bargains.		172800	IN	NS	v0n3.nic.bargains.
+bargains.		172800	IN	NS	v2n0.nic.bargains.
+bargains.		172800	IN	NS	v2n1.nic.bargains.
+bargains.		86400	IN	DS	33742 8 2 D6D6432E43AC528FFB2C3CB4A6F058CF9E40E2DC290FEE965A8A3C49ADF2D50F
+bargains.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . e5vXS2NKvxoEOaWFGbfmkcow8d/8TFsBrpbW1UkBnksx6rVgnLvjRLi1M9oXmf9+b4h0/WtxrpbZGmKeUMr3QZ3OZJp3Yoooa6c7fNOEjWE422bXy/Om9v/0JwUbEcyJUVp/5lAVQhoWfRcpW68uslkqFnh0CV1LcJrOfkczIr5HqiHHdb9fwtmF85qpZ3U/2ZGiTutMoVt5AxV0NkQm0A3o4l4tzKJ5L7cIEgrYYxbUxr7kBHDc36Xe9tZo0kpuTSKBvQtpQ4IqIVGEhsWr2A4tTabJxA6p8ERtjNtY6gG/M9uv+Bgu8mX5fDkSIBDivPRcqHJI0oocx8jU6T2y1A==
+bargains.		86400	IN	NSEC	baseball. NS DS RRSIG NSEC
+bargains.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rQ3ZfTE2R41mYGwyinmbsHrer5BqFTFPDnBU9MnzphBDHEj5GeMh5FTjDh6WaBqXOR6nl5/JpAsMByzNqU+qtRWtO6pxyIrtiKMr665UiD9MyFOCTmQiEkDd6f8pIDo+2SH4uf/xvWL4Lie4u7AYJ16Dr6dZRBeaEgL7HBKxIX6g2pE8Iq7TljLmVR4e+7XgTMufh9xTgsv0GRVpi3Lks9uP+BGd71FkHVGTCkJ3Efh4vLJZXUzGWgr09aTFHMjqbG03NXxsgWvMtLu7/3fI4/eqk55f2VLLqxyZk2Hlq1xIU/qm/9ErN/A0QSkG55c0ERHgmhQHEWsNSbvhIimlgA==
+v0n0.nic.bargains.	172800	IN	A	65.22.20.62
+v0n0.nic.bargains.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:62
+v0n1.nic.bargains.	172800	IN	A	65.22.21.62
+v0n1.nic.bargains.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:62
+v0n2.nic.bargains.	172800	IN	A	65.22.22.62
+v0n2.nic.bargains.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:62
+v0n3.nic.bargains.	172800	IN	A	161.232.10.62
+v0n3.nic.bargains.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:62
+v2n0.nic.bargains.	172800	IN	A	65.22.23.62
+v2n0.nic.bargains.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:62
+v2n1.nic.bargains.	172800	IN	A	161.232.11.62
+v2n1.nic.bargains.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:62
+baseball.		172800	IN	NS	a.nic.baseball.
+baseball.		172800	IN	NS	b.nic.baseball.
+baseball.		172800	IN	NS	c.nic.baseball.
+baseball.		172800	IN	NS	ns1.dns.nic.baseball.
+baseball.		172800	IN	NS	ns2.dns.nic.baseball.
+baseball.		172800	IN	NS	ns3.dns.nic.baseball.
+baseball.		86400	IN	DS	11122 8 2 440E52AF38C50A3E6EDDD224AA4C2DDB50A3B6313EBD36BAAACE8FF520D03A07
+baseball.		86400	IN	DS	28711 8 2 349E8B6A2E0890837FF4B69F7EFB0F44E3C32DC976FA74962DD8F812D7712F66
+baseball.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . w1Hwn6/fpKSMlHSOn0POfOFiVkUdNh9plZl1JjGBzAjB6hPJs0sdi8WKpQcZMHr5SPrr4pTDkrHlV7yB9k3TW591OhDC6NtpGxbGEa1W2LkzKajgCPWnrHtaSOEaLW+R5BfG237fEHUf89BgwASDeGLlDaxrf/qJU2xMs55+2fsWKgUa9j2xD9//3lQMHUnmAOvPiK4xUHtRU61khXX3zmFLi5erLQhpmEXWJckuZEhrlYTVzn8ScrB21ucfBI7GhmmoX7NXtYvERxscxPVDLHAWigYs4DPBkdwEMzjZZJ6r0EYxebG/v9BxevCEPsUQe1xTYmpDbEEx2My6RUkt8Q==
+baseball.		86400	IN	NSEC	basketball. NS DS RRSIG NSEC
+baseball.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FpdLMEwO4XaW3MxLc9hyLhSSjzMQMb3gCKmt+UvKOvLbvm2+egDAVKFLmwDnOunMXj4R9I9Q/AwdBO2tFa40zZchmrE6UxF+9spfZKVbxqkfKAR4nBgPGcnPxsHUoqgh4ksWVS3NtGnaZQNboNwISV3BZgJPyIrzxAj2w47EIP+FmO6E6RkHv/i5hOvgmTuU1mcA0vKXGNKLgW+0iww5UeApvkIC91v6W5Mj+oF/caXxbJuybCx/F7GpSmjoxxvxq80bIrZPQ0XHB9k8PvziCFSkDQrBFdigFgefdRcQElEvy+4qOC3yITP1IdW2mMqrSP36shL+mc7mrsNP6Xc/Ig==
+a.nic.baseball.		172800	IN	A	37.209.192.10
+a.nic.baseball.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.baseball.		172800	IN	A	37.209.194.10
+b.nic.baseball.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.baseball.		172800	IN	A	37.209.196.10
+c.nic.baseball.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.baseball.	172800	IN	A	156.154.144.200
+ns1.dns.nic.baseball.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:c8
+ns2.dns.nic.baseball.	172800	IN	A	156.154.145.200
+ns2.dns.nic.baseball.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:c8
+ns3.dns.nic.baseball.	172800	IN	A	156.154.159.200
+ns3.dns.nic.baseball.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:c8
+basketball.		172800	IN	NS	a.nic.basketball.
+basketball.		172800	IN	NS	b.nic.basketball.
+basketball.		172800	IN	NS	c.nic.basketball.
+basketball.		172800	IN	NS	x.nic.basketball.
+basketball.		172800	IN	NS	y.nic.basketball.
+basketball.		172800	IN	NS	z.nic.basketball.
+basketball.		86400	IN	DS	46201 8 2 CA5C951D022F3965AB936D403CFBB48F2D753D7B32DDE3AC146B419693DFBF30
+basketball.		86400	IN	DS	48130 8 2 02653B2567731FF23C16036C9F0D51A3596FB8C93B6BD0801B74E7267AF995AF
+basketball.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o2JF+yoJWJ8tgomEzGg/QS7/cYKHTNhmbcw/x9pNf0FyRHCuxtvlh2MRo/Ms5uRfhY+rzzf+GygBuOEaK3MtVqUylhHn/eVfQFhJ5D+sOPj3qGj3CsQ2jNjRI7gF1tvVePkm1cMLJCuPd3gk5Ym1mYC3sohNu0kKcY3+U1Y+A2FkiQflsyMpRb9ITAw65DOBi/EHzeK4mr3uEM/9qnrSUcfg8Y+lyu7OFsTJIIQQUDv5ekZxWfZFnQmV+VXt+iiQREWIr3COWxDQWPmot5RMoHd6vhv+7aX9fr7MGFBrtvZ0Fo99I+mlghx3y8/Mt9RbHWPm6/ID2llv91qks0eZMA==
+basketball.		86400	IN	NSEC	bauhaus. NS DS RRSIG NSEC
+basketball.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DteXbWSdbI0wx6zUPjZyvRD/6R70QYJ6voVYXfL2jKclYhSw4lK6OWOj5vxR7JhXelt3HnAmv0R+omt6aOB3rgVqb2JJ6HkFIBsh9bEruN6U47lANcSPY5hVBXEIOu84/03zfprt8rK2lQSsuxYdWyQGnEfNBtumSRsK0FtAqdZZqCmiTjOuU8Tn846+stIBMF/15f44J5xZmCgWgZVJkrmZx6lav1Q0BtiTfLC07gUmP5xNf9LEieH6A0ebxVRmpqD6D7g4ud3ioftWnKUr8z94evRnycZNyCyh63k401+enjX89+6Hrj9J+1T8O8Jak56d0ZfyZRhpD4C1iKraUA==
+a.nic.basketball.	172800	IN	A	37.209.192.10
+a.nic.basketball.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.basketball.	172800	IN	A	37.209.194.10
+b.nic.basketball.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.basketball.	172800	IN	A	37.209.196.10
+c.nic.basketball.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.basketball.	172800	IN	A	156.154.172.82
+x.nic.basketball.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.basketball.	172800	IN	A	156.154.173.82
+y.nic.basketball.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.basketball.	172800	IN	A	156.154.174.82
+z.nic.basketball.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+bauhaus.		172800	IN	NS	anycast9.irondns.net.
+bauhaus.		172800	IN	NS	anycast10.irondns.net.
+bauhaus.		172800	IN	NS	anycast23.irondns.net.
+bauhaus.		172800	IN	NS	anycast24.irondns.net.
+bauhaus.		86400	IN	DS	3408 10 2 8E5C6C53E04001F14305794F1B28EB612B8D297CC190F8662B53E3710CE82456
+bauhaus.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ot1S6wn0sEbUZD93dWO4sviwQVn+jhSWK4VUjUe8wKMXEbidpPypq7wPniTDLe+0oMNePpPTtp9PzlqiESXI9LadcDvA/VM0rL7npGMzAleU9II4dieORbF9KUZ2z+tJt/9JvvJ2J6D7Kb4/H1aQyUpH8m8lonosO9A4gPBkV1v9AbPnM/Y47cKR/BVF52ilLvlqHpkLSlqLCsDuHeAUDjCGFUYM+npxvTNl7KlNe4eGuJ4IgtnYB1rM90GiuSDb8aadSWMtgUrde8q7O6sa/RGN8ha9XNZdYBhCrcHx+UGGV5RrNpslqf9lTrgryLrqa3oIShLjmV5eweQb8alG3w==
+bauhaus.		86400	IN	NSEC	bayern. NS DS RRSIG NSEC
+bauhaus.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JXC4Fq6+3SBG0HE0IcspF25UdfQKgZwMSQ8u644Oo+hlyGFeCwrXMp8zGxIxawAVKm9g5uoJzY1aJ4L6frW6uaYl6nKDUJut805Pw+9BJJavm95vdZf7KJhmRcDKMlhCogbwf1lOchu3F00han9oBJ4nkx1hAfTbY792fOyWtj7HTxQBin1CXCDEo7cIvzlDbwljiJywZgUzvuSfx02WBaq5FI+F/uXu7EDfGURORz47M0fMZhosLsMvO82ebwEgSjkdD8kVqR4X2rSyUAc7Rjj2IorKCfuqPuEjrkOuvhatGAg87PfaiJJ4X02Na7KE6aTR9b6bS+kfvii/qNbHYw==
+bayern.			172800	IN	NS	ari.beta.tldns.godaddy.
+bayern.			172800	IN	NS	ari.alpha.tldns.godaddy.
+bayern.			172800	IN	NS	ari.delta.tldns.godaddy.
+bayern.			172800	IN	NS	ari.gamma.tldns.godaddy.
+bayern.			172800	IN	NS	anycast9.irondns.net.
+bayern.			172800	IN	NS	anycast10.irondns.net.
+bayern.			172800	IN	NS	anycast23.irondns.net.
+bayern.			172800	IN	NS	anycast24.irondns.net.
+bayern.			86400	IN	DS	27095 8 2 C8D5A25263EF9EAAB175F1CA68623488AA7919E16814F516CC369E09F237623A
+bayern.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cEZ8TGNkI4t4DIiS85yuXCID1VGXGqdgRiEdOaS5TXDN95vkp9hBRJUdE4FllDu/dVDW7XfwWYfpNZLEXUQuXVNQUnheRShnUIG/H00tm0EPtDqaY+sPMDYw6/+DdnAZYXlGbGlJNlK98HI2MGR3KlBMygB2LG6S8JVwTMSJ6qtyzN271zhSBk0zbICknnglYwVX71mlSRDKwEh0KIWMTZ28WskFC45Cs+EIQ20QbOemikEv167094qPdQhywTuEgDhDGn9uRDUZCVNE1k6zHSE32mSDTy42aWv0RTUbERwjLYgwH/ThoZWFIa8bEA6eeZNQT1rVrMqdO+K377hpDQ==
+bayern.			86400	IN	NSEC	bb. NS DS RRSIG NSEC
+bayern.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mGJEwnR8FySXHKGM7W4nltPxpl39Qoa+hDNv6NNFjvSmEQa/+l20d5geBo886Ar34mbhZ/5sGmbywwhqHcPbUmjkO6iG9+0qfEC86qZAomn3GpdOkOQsELds+ShejHPTKAYzu5lNDjtZXo5DQRMMGcT6F1HpAkdTDyab8+qPGo+ge+f3xECbUUxUfidtEErseB9uILND7HJIsq8QV5UctbX0J5J3R1cb4HsHhWhbWNdzGlm7zSzlkaoE5cmRfW0EoedAOK7o0Xw9wN6TQWVu8CFoq31G9x2aAc41xXNHfzFFrAeysrnWf85oUkO5a5sITsKdLxYKMeZqxOvhPX4Yxw==
+bb.			172800	IN	NS	ns1.nic.bb.
+bb.			172800	IN	NS	ns2.nic.bb.
+bb.			172800	IN	NS	ns3.nic.bb.
+bb.			172800	IN	NS	ns4.nic.bb.
+bb.			172800	IN	NS	ns5.nic.bb.
+bb.			86400	IN	NSEC	bbc. NS RRSIG NSEC
+bb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mykh8klGaeVPhsOBtl5AOHFd1Dr+HpifdBlQWHTrZCoHHO3ryTZLEgbvUaDk5p7HTCT5ykpNF68WbheZKxsP+ijau+HFY8Aok+VpQ32m/D6gFJLXxxN+/9Nq1oRced9vdFuv8YFIdGIEoEulSL19pHKrfDOzbBGgegJcG8NouOlk0VCh7qLrhfC76+MfcolhUJjSPUwOObFvcjiHDaEoL2tvt++IE4tbhhlGjKWKesbIz6zAH0TSpvVCRP3fZsSEb+j6kSZIwHsAUg/3+uvpAIqnqGKnmnZ0SP2gLipv8u/Bd1JkgzLIrkgEY5FvTMa6a1SFVuaj5QgeD5Mxdo67bw==
+ns1.nic.bb.		172800	IN	A	64.68.192.10
+ns1.nic.bb.		172800	IN	AAAA	2400:cb00:2049:1:0:0:a29f:1835
+ns2.nic.bb.		172800	IN	A	198.41.222.254
+ns2.nic.bb.		172800	IN	AAAA	2400:cb00:2049:1:0:0:c629:defe
+ns3.nic.bb.		172800	IN	A	64.68.196.10
+ns3.nic.bb.		172800	IN	AAAA	2620:49:3:0:0:0:0:10
+ns4.nic.bb.		172800	IN	A	64.68.197.10
+ns4.nic.bb.		172800	IN	AAAA	2620:49:4:0:0:0:0:10
+ns5.nic.bb.		172800	IN	A	200.50.92.195
+bbc.			172800	IN	NS	dns1.nic.bbc.
+bbc.			172800	IN	NS	dns2.nic.bbc.
+bbc.			172800	IN	NS	dns3.nic.bbc.
+bbc.			172800	IN	NS	dns4.nic.bbc.
+bbc.			172800	IN	NS	dnsa.nic.bbc.
+bbc.			172800	IN	NS	dnsb.nic.bbc.
+bbc.			172800	IN	NS	dnsc.nic.bbc.
+bbc.			172800	IN	NS	dnsd.nic.bbc.
+bbc.			86400	IN	DS	10550 8 2 A5006C3437CE92E184D0E45AD5E31C35FFC69353AEFEC0926B78D04A6D3C99BD
+bbc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WyQ2uSXaFLqv3Iy5xLd1KFVBPcqwFPk8IXWzn43lgxcGxQiuVPoMoRir6w+nctjIu44HHie6Qzz2iGt8OH8WMT+SleAs4jxRKiZBvwaGXfsc7wawMPG/RJ015Z0E1ky3BNXPlCefx8lMPPlw5cER1eKeYRTTmvsR0a17NM8Dh86ifYWcIVJUn3blUE+Z/SymWx9/I5gG7UMrjvwR5UAwEkpN1LisqsASa9kx92gZZ1Zsb7p7RBJqk9xE3nnOHLLoD07zUF3zq16Tpcz8dj7k3pEjOUiQujmIw3hXAN2x7fjMBA28FT2YsPNbmqfJNhj5F3I78aR7S7DnIJU7HuWTVw==
+bbc.			86400	IN	NSEC	bbt. NS DS RRSIG NSEC
+bbc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tKrr8+B7trCz9A8vjVZ4f1wvBYneOMe8+3XkSJiD7aeyjbpY8s+yDJwBfdXHKr3C23UuhD2kAeRDgZDte0xy1T4t91NJ9bFArXV+PzIJjhbxj+FSHWug+Pks5fokpzuFlb+M7vxLpb3WwA4FzFyllkpxGV5Hg+Blp80nJ98NCGnxWFRI/27PkKf8f8LQWWGbTlBTI6sWWjNQQyCzlUjKHVP0HK0Alef42JFE2am1eG/Sl6HqZ+wAZOR81U+5ydMXZiYFHC3dMVpQ/jVo9ojBz7j9sqNpad63GbawM6Q8E2+2IVqukTvMze5rLVzyCBqxIBJ/nNUQPeSLfXth+dzpMw==
+dns1.nic.bbc.		172800	IN	A	213.248.219.4
+dns1.nic.bbc.		172800	IN	AAAA	2a01:618:403:0:0:0:0:4
+dns2.nic.bbc.		172800	IN	A	103.49.83.4
+dns2.nic.bbc.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:4
+dns3.nic.bbc.		172800	IN	A	213.248.223.4
+dns3.nic.bbc.		172800	IN	AAAA	2a01:618:407:0:0:0:0:4
+dns4.nic.bbc.		172800	IN	A	43.230.51.4
+dns4.nic.bbc.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:4
+dnsa.nic.bbc.		172800	IN	A	156.154.100.3
+dnsa.nic.bbc.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.bbc.		172800	IN	A	156.154.101.3
+dnsb.nic.bbc.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.bbc.		172800	IN	A	156.154.102.3
+dnsc.nic.bbc.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.bbc.		172800	IN	A	156.154.103.3
+dnsd.nic.bbc.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+bbt.			172800	IN	NS	a0.nic.bbt.
+bbt.			172800	IN	NS	a2.nic.bbt.
+bbt.			172800	IN	NS	b0.nic.bbt.
+bbt.			172800	IN	NS	c0.nic.bbt.
+bbt.			86400	IN	DS	41827 8 2 06A56F660DFF926AF3C13EA685E7322EBCAE343D10A15AA9815F27E959B24EE5
+bbt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bMqISAxY/Pq9RP1Xso7+dzFtq6qH4c449Q1j7I6i3MVyegxgpoEZ88IuL0Xn7APBuP34TaL3iC0ssYfEFcqeiiIH/ZHQnAVM6Ok6MUxW43bWqcR3O1ox5JHIELydYtPpaI1sXJV8Pq/qeYRa06iA3sS8OgLHBQNmnMDTuyMxoggWBvlC3JBfqhNPakT3Pq8qf4DDOEF481MgIBr6W8uGJvHPgGq6ta+WGBZtd4MazyFTyDDuCoVGrElX9lu2KBeqz2qY63/PUMEifAFrUMWyZrjvsw95Byk/etrfYHO5TADjtPO71zbJB9cux4YODUbcKYM++7mY5dwayWaG6qigYw==
+bbt.			86400	IN	NSEC	bbva. NS DS RRSIG NSEC
+bbt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . i3nBSJW8QXMhFlHtrm+QvwhJa8HJKaVra05qzRFA2JGnie2cffFyeRpjdcAF/tEBrr6SHLg7J+/bSmaKZyabgwy2jPl8vhm5EdkSFIeZ9uJYXFJs62CD+2feJ35uqYgnibG3lwlnpSx0I/5rIHx2DIST9ojKkJPGLu55Q/gA5f0GBAeoWeus4M7Q3GS+7/jS0Lar3VQGbUZqfIV6TfpjWyIWUiyoe3ITKeG88ItjH+7SGxAY8LKI1Z88gKq5mGB+7klz6YtwldZYpVcwaiXPPPI7t9Z9xQFE/yZF8smzquhxjzBOmlatXf/+foROSoSPfFoFbABaV4a3+YoHzwV9Hw==
+a0.nic.bbt.		172800	IN	A	65.22.112.44
+a0.nic.bbt.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:44
+a2.nic.bbt.		172800	IN	A	65.22.115.44
+a2.nic.bbt.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:44
+b0.nic.bbt.		172800	IN	A	65.22.113.44
+b0.nic.bbt.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:44
+c0.nic.bbt.		172800	IN	A	65.22.114.44
+c0.nic.bbt.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:44
+bbva.			172800	IN	NS	dns1.nic.bbva.
+bbva.			172800	IN	NS	dns2.nic.bbva.
+bbva.			172800	IN	NS	dns3.nic.bbva.
+bbva.			172800	IN	NS	dns4.nic.bbva.
+bbva.			172800	IN	NS	dnsa.nic.bbva.
+bbva.			172800	IN	NS	dnsb.nic.bbva.
+bbva.			172800	IN	NS	dnsc.nic.bbva.
+bbva.			172800	IN	NS	dnsd.nic.bbva.
+bbva.			86400	IN	DS	30962 8 2 E800C51F8933F6EB2F234B542F1C83C8E703D9448BFF8AAC4356EDC1EB6AD7C9
+bbva.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WBB/Cb2+LTvsSucOCID46gcG4lNvCsx8E5QeysV7S/XbUMtOWj3RwGSx6uwYHBOp3QlwMpkecvAMDf2ZqrnNAyJib4XI3tm6CBfyRPfCmATgX0MZ1o2q85ZIwCmZJoumVZCehH/e0rxzfgC8kwvWAkifqM+O223kznZVLA2EUnnnZYfCOgXR5Qx8zSq5N5H/v4L9lwJal7m7sWreK6PNys6pK5uLMSyV5lw3ymXhraEJD6Z9vhmDryJBiq3n+lIjbRIramTbg6P0dyH3LIxzF3wjxNXDYl9dOsyDvNGDiz9MlzTnuVe7gV5oXj87nIi6omfKNk0i3IEEkH3vEyrDEA==
+bbva.			86400	IN	NSEC	bcg. NS DS RRSIG NSEC
+bbva.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tgMUTAnv6D9sWahhmEj9vwjdOkRwXD0d02mjHBupVukLzDsq4m7TMCOZVJdVYe1d23KFKRU75DN062ksfKC6Cnn2aW2rvxHvMO1tyoM6wynZeS2DvfhJE79Ejbtxc8U1JGea7bKT19jw7beBmLGZTvYS0kIRNnYzYboRy9Q36nNbYbZwjihKejpwizOTML2kwJezPGnEPs4XTEH6XOwlUQ1ry9UmR7wxTcqff9KsW8/hz90h7igzguDFX7JXNKxHApP6UvIvoMJMtjDQY7eF9UBNy22nXjCHlNgd3qfRRm9F2Lh8HGy6Uidli7tCduVWy0iI9OzWBlhMeNr34Rr8cQ==
+dns1.nic.bbva.		172800	IN	A	213.248.219.44
+dns1.nic.bbva.		172800	IN	AAAA	2a01:618:403:0:0:0:0:44
+dns2.nic.bbva.		172800	IN	A	103.49.83.44
+dns2.nic.bbva.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:44
+dns3.nic.bbva.		172800	IN	A	213.248.223.44
+dns3.nic.bbva.		172800	IN	AAAA	2a01:618:407:0:0:0:0:44
+dns4.nic.bbva.		172800	IN	A	43.230.51.44
+dns4.nic.bbva.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:44
+dnsa.nic.bbva.		172800	IN	A	156.154.100.3
+dnsa.nic.bbva.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.bbva.		172800	IN	A	156.154.101.3
+dnsb.nic.bbva.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.bbva.		172800	IN	A	156.154.102.3
+dnsc.nic.bbva.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.bbva.		172800	IN	A	156.154.103.3
+dnsd.nic.bbva.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+bcg.			172800	IN	NS	a0.nic.bcg.
+bcg.			172800	IN	NS	a2.nic.bcg.
+bcg.			172800	IN	NS	b0.nic.bcg.
+bcg.			172800	IN	NS	c0.nic.bcg.
+bcg.			86400	IN	DS	10891 8 2 E3428A6F71B3F25036A32EAFB4811EE26D0E4C2F9E1098C0071AB25431CB339D
+bcg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YxImMQ/0Ie0TcJPXKuDheAsOJQyTs33NAUUZuE01ZpnuHoZvYR5ARAvfqIL1v39m0bZHVlHju7ZP9dpiNvBKMzw2+GnZNuTHm3b/g4iPVvcVSYymttvb09f1M62YBJpGq7LFnzCodzUzPCxz86L6hOmf+Ww09bm001YbZQTfNjK5hQAVxDbFRtydOnLXe+03HGR4ev4z47bqPeF5gmh2El0F5D65LpnpmD5g4V0bTVatBWQ/5ly6bqi7oa8qFrpJj8CeK8RuDKplDjsJCxThPYtrtptt/uET2YRuF9pXwigfdCxjR50WUCfC1uKvqZNpctcmcdb0PLlru6PMAykGSw==
+bcg.			86400	IN	NSEC	bcn. NS DS RRSIG NSEC
+bcg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OK9sj3XyEncnLtsdW2LQPY5YEpqm6EaXiz+TOn1r6oTQGfzCEtDJxwjYj8hKtDffVRa8nvxTX0gx4dW0iOMP7yuoKRmlQ2dlbkC7+SeFVbmNTtx6xfpgLCowXiRsbCPqMR9gAXEmLlMPP49wvhhEvVX+9FiYRZBahI41hY5pvMwjMjkBweJ3JSKLTTwzcbt7GORsEko3VYgUcZ/2eSv4kTlHFH+JjRpRY42y8N8REovWlcwipDFcorCzlt9Lk0knVt2WepdHbSKloXFUjVh8k8gDs1rPNkwHEvmk6u6EwWKVnNEXsD9Ecp7bZFP6HxDA3rixkMo1bEnKsqraV0KyAw==
+a0.nic.bcg.		172800	IN	A	65.22.216.25
+a0.nic.bcg.		172800	IN	AAAA	2a01:8840:d2:0:0:0:0:25
+a2.nic.bcg.		172800	IN	A	65.22.219.25
+a2.nic.bcg.		172800	IN	AAAA	2a01:8840:d5:0:0:0:0:25
+b0.nic.bcg.		172800	IN	A	65.22.217.25
+b0.nic.bcg.		172800	IN	AAAA	2a01:8840:d3:0:0:0:0:25
+c0.nic.bcg.		172800	IN	A	65.22.218.25
+c0.nic.bcg.		172800	IN	AAAA	2a01:8840:d4:0:0:0:0:25
+bcn.			172800	IN	NS	anycast9.irondns.net.
+bcn.			172800	IN	NS	anycast10.irondns.net.
+bcn.			172800	IN	NS	anycast23.irondns.net.
+bcn.			172800	IN	NS	anycast24.irondns.net.
+bcn.			86400	IN	DS	20194 10 2 2C1FAF28AFB91E2A2FE1A6C27E480CE2077CCFF57CD7E8EAC1B658CF2B9D9260
+bcn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mg4rL4XVrkRL6HTCGcDeTltpTX/p3OUThE5TvY8W+tbt/TCsHG502ERqzjCHoIOpJLNzLWXjqzGPg+kFjJ+MDSHuUXYkp1CtHVDNaFcqqPNWZCPCv8FUfbfN7PY+NQhaCyMCsFX6bQHFHnz19FgyFd2xzOBiinh16Q13x6cpn7pAhAg9tZyqsMZXv6b8hVcFjqtXKqSzjtA73nxZ4yNEFd/fUbqL2F/ERDlzbgBNZj0oq6+k1lJAxPviJHYsqbYDqCx/IXNtHsJiFJ4lgmt7h45zQ6LsjF64jnGt4ooX5fep7uJAu6tqCxftvQFHKuedxOp7s+tm3rVoXHK7orDWaw==
+bcn.			86400	IN	NSEC	bd. NS DS RRSIG NSEC
+bcn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CH6OJKJQRT0q5g4i++oKgjNP5zI7haC/4XrXtEKyRgMVGNgNmZ/cKB82BR1fkPrBG+TokwJcnLmtsl3Qw1wtflJgRm3wDqHo2BWvAfYeU6lnauPXMwv99JJGbSv6cm5H7N+NRQlK4W9B0bcSyOZmusFAGMwBlcOmMxG7a/LjihouGnXyCQkI8eRGCKSgd8lY7XIgcrXMhWaLfmU1qL9fTGBZ/a/u5x4lmGfXrKpdJD21nh1lVwRaHHUf8kGe58lQf6fuS6LAHtjitmOodAT4VyJ7jZZKK6W3oohPl6fnV0IzVytD5SFtYg7BcqhF39boHpSvdy9M26D4B2loScWmtg==
+bd.			172800	IN	NS	dns.bd.
+bd.			172800	IN	NS	bd-ns.anycast.pch.net.
+bd.			172800	IN	NS	surma.btcl.net.bd.
+bd.			172800	IN	NS	jamuna.btcl.net.bd.
+bd.			86400	IN	DS	26044 8 1 2DAD1B7F8CA778464F536FDDD15EFD24CCCB62EF
+bd.			86400	IN	DS	26044 8 2 BD01C4B4345D21FC38AA88129F7BC00FDD7B422799CC6703736E3B381F37DD5B
+bd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZpZhI4Nl0e5CKLEyf3UQXS2kWTAIheelqLB/gisl1VnCEmZpyJj+b+wEFeWqf4nuflQp80Nx6hkF+q2h4F56HekxwhniilR095Ir8wZuh6dG1i3bMQa2wzJSBVCiY+y8yzWoygiAEp88PdNTDbzQe7iKpOrKk+ock/RfcbYklwUBBK5Cv89yWYWKu15ZMaQbYx+L1jVbdwXWa0fiUQ8pDD9ke6XnFwseDgLsl5NKY2XdYqCFz6yKrrPVQ3NR+FOL6gtqptEPXCXSFxfPL4ADd2avqBS9lOefRcxNl0zQv4j40SawbPZRImR41TXDhTjwq+frqZzDO6xnABnwksQPfw==
+bd.			86400	IN	NSEC	be. NS DS RRSIG NSEC
+bd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . X/hX8TOHWu2JuYENVd84MhmfJifkTer7wx7gnE06Z5Sck6wT8VvvP0LMBPSzkqs/An27DZDIEtpkJctB0dIk9XZUUrsDXXdtKLTPzyUbZTUU/kOKMGd9fTqhhQ+3FB4T76zBd4+6HhwOJNmUrj5tRSzh8pNd8W8z89SaRbgjHiWIgVnGhh9LrJu3/W2QbECTDD3bOqXyFHPmqIZlElyi4x9hpioJRbXr/oZlS/UIhqqK6I/PcLY6be6/M3V8Pt1rXhJZFqMIvNv8UcpYP3JGHj/yBJrC6uP/q8YrEmiaAgeqPvk+Cd2Sv4mdZJhOCWij9vM0yLGosnO56RiHeT0YPQ==
+dns.bd.			172800	IN	A	123.49.12.112
+dns.bd.			172800	IN	AAAA	2407:5000:88:5:0:0:0:3
+bayanno.btcl.net.bd.	172800	IN	A	180.211.212.213
+bayanno.btcl.net.bd.	172800	IN	AAAA	2407:5000:88:2:0:0:0:3
+ekushey.btcl.net.bd.	172800	IN	A	123.49.50.51
+ekushey.btcl.net.bd.	172800	IN	AAAA	2407:5000:88:1:0:0:0:2
+jamuna.btcl.net.bd.	172800	IN	A	203.112.194.231
+jamuna.btcl.net.bd.	172800	IN	AAAA	2407:5000:88:4:0:0:0:231
+surma.btcl.net.bd.	172800	IN	A	203.112.194.232
+surma.btcl.net.bd.	172800	IN	AAAA	2407:5000:88:4:0:0:0:232
+be.			172800	IN	NS	a.nsset.be.
+be.			172800	IN	NS	b.nsset.be.
+be.			172800	IN	NS	c.nsset.be.
+be.			172800	IN	NS	d.nsset.be.
+be.			172800	IN	NS	y.nsset.be.
+be.			172800	IN	NS	z.nsset.be.
+be.			86400	IN	DS	12664 8 2 75141E9B1188A95A7A855BF47E278A742A5E3F2DDEED8E995D749D48F2F0E72D
+be.			86400	IN	DS	52756 8 2 5485AC33DD7C7ED237EA2A4BD269731C816960FE181042024484B5CECA6ECC9F
+be.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QSBCjC11SdRdpOcoiGRpnM9fGEDrgLg4glugxL8Gg+VIvpT05nXyz3sCLKhpVOvoGBGlBqwIiJdyod0cCJimXmsXqDt/Dor7FioghobAN23F+6PeTS/mou2BHWIjsSrQRvgWRpAlx1hgTSzUvPnsogSU6iJBLYQqWZ3QIZqITdLubiAKZ80j4XIC0JNv0jeF5HLsID6Sip0crstGr7wknpNShdhf3lrNvXuT5YA1L+WVIhzZBN8wZMHyzkuTM4QGw4W6/3z/U2c2v8hIWhdB0JKTUmRtrH1ssq+R9NIqPx6bl/3co9SvngmLK1arkcapyD0E6KDWlFZlSxB+p8wnMQ==
+be.			86400	IN	NSEC	beats. NS DS RRSIG NSEC
+be.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pHQCPjy3OT77+dU1qrcBCVytbOvVks/nMRCimfEcZdRXrtBkCdviWzXSt0Fps/hZrmeV46f8ISGJ0+8gyCEoeBjbYqCatM0HLz1/Q6+OfubhyaNvEp0mg1MPJsEK6HoEvOX/Lv666iYVb/oxQOFy7dBLUxnyJnfm0suK9AhJm7LxYHoKwacBLeHjuSZSk4MyxnlGIT7KfM8r17tXqnjSzihR54pV1ptG+Cb6e/Xr4prM+nwxwhvaO/DcQ43B403nX1aqS5gscPIgisn6s8agjcjRyYZMu9g2dDFMiYv5HCRQRJfJR6k6F7sT2Rbv97lFfZCr4pIb5EsClp4F6H4zAQ==
+a.nsset.be.		172800	IN	A	194.0.6.1
+a.nsset.be.		172800	IN	AAAA	2001:678:9:0:0:0:0:1
+b.nsset.be.		172800	IN	A	194.0.37.1
+b.nsset.be.		172800	IN	AAAA	2001:678:64:0:0:0:0:1
+c.nsset.be.		172800	IN	A	194.0.43.1
+c.nsset.be.		172800	IN	AAAA	2001:678:68:0:0:0:0:1
+d.nsset.be.		172800	IN	A	194.0.44.1
+d.nsset.be.		172800	IN	AAAA	2001:678:6c:0:0:0:0:1
+y.nsset.be.		172800	IN	A	120.29.253.8
+y.nsset.be.		172800	IN	AAAA	2001:dcd:7:0:0:0:0:8
+z.nsset.be.		172800	IN	A	194.0.25.36
+z.nsset.be.		172800	IN	AAAA	2001:678:20:0:0:0:0:36
+beats.			172800	IN	NS	a0.nic.beats.
+beats.			172800	IN	NS	a2.nic.beats.
+beats.			172800	IN	NS	b0.nic.beats.
+beats.			172800	IN	NS	c0.nic.beats.
+beats.			86400	IN	DS	3234 7 1 D046927A7B31B59E7AAA612D56E1F8DA77CC9E91
+beats.			86400	IN	DS	3234 7 2 3BAD4FE26537C9B141EBA6CB27F3E5640F302028B78C767D1780F1D85FB659D1
+beats.			86400	IN	DS	4606 7 1 5016CFAFB58908893B6288C1150B6DEBB1C0436F
+beats.			86400	IN	DS	4606 7 2 A5F26C1DD2B6F050BF9C1439E0C53295E502769BE20991866084AAEF6BA2ED7D
+beats.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C3P9sQQn17ilATwAfywURk0azNYJjW5q+MHmH95cCEpuwLzeQEOVxBKmTnL11rg6qQGG/oRojTGi3BhFce4CHQq4Bt1o9r0D9YyNNKq9jJ1IzeRVJMFAeMnhy6otZStwklR/ZpwP4OQxSgDfVYSBvCXTigxjWkPJl4/H/6JA6ipaC2LiEhWps1Hw9xEW2QBzVhfFJxwqrVU0lr0Krb6mz0ZpwSoD1YyGMVCTzGfGfAgErGMKrC0EON6O9eExOYfc4iJsn9pK12KBXQJ10byGYtEt7YFB/75UQF5FER+eHYW0oowr4hsg5VEKrMy3lGOACIlPsdYVcR1dcRU8BIcjZw==
+beats.			86400	IN	NSEC	beauty. NS DS RRSIG NSEC
+beats.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TdpiBgeFV441vf6Dp9uEJ3g1WhoG0T9h3yVqrQp6JgS9av37bIwq61YjjmHwwm7a81bi60SW83T1inUwXhDT8WisQZ3qad9ypt1KTkQEdblMbeDdXQh37EuSORskJQhOR+F+jlohYKX+p3BvdRFhuWLt3mjLY1GVOt/GgvLMWqYw2pmLr20W6Oj/Czgf2MQbh1Qhal6jK9ScHX1VItMGngm3soQgalKEaDmXY93t9QhMigFW8LSOUVzDuo4EoTYKFQruww0MvshjCa2fFES6SNj3s35o6ShDmXwNOMkxcdA7prCYFrm/ym98WFo4OTWLSXkLLQQOwwR/HnZhYz9lsg==
+a0.nic.beats.		172800	IN	A	65.22.60.9
+a0.nic.beats.		172800	IN	AAAA	2a01:8840:3a:0:0:0:0:9
+a2.nic.beats.		172800	IN	A	65.22.63.9
+a2.nic.beats.		172800	IN	AAAA	2a01:8840:3d:0:0:0:0:9
+b0.nic.beats.		172800	IN	A	65.22.61.9
+b0.nic.beats.		172800	IN	AAAA	2a01:8840:3b:0:0:0:0:9
+c0.nic.beats.		172800	IN	A	65.22.62.9
+c0.nic.beats.		172800	IN	AAAA	2a01:8840:3c:0:0:0:0:9
+beauty.			172800	IN	NS	a.nic.beauty.
+beauty.			172800	IN	NS	b.nic.beauty.
+beauty.			172800	IN	NS	c.nic.beauty.
+beauty.			172800	IN	NS	d.nic.beauty.
+beauty.			86400	IN	DS	35340 8 2 2489479F7A6E57341C7C5508C55113491C519DD846258A6593C4D1ABA57D463E
+beauty.			86400	IN	DS	52406 8 2 C5C45B79DBE67A132237B020F4966FE32FBE61553487E38D47918561568E9957
+beauty.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vdi9BiIXUHBMWKdGr8nKYwCVMMjRpmok9d6KdCfp+A1tv97hZknk6ve4FBeTGk1ycvGBi9fuUbEg/UKjM1yxCV+EiMz2Fpky1+Tcams81L0oHCN3Pee0xkJuGZtimQiTS1mA/UeqQ31NTx1TyhZz2MMh755QuckMTWvm8iFo3UqNS+ZThilpsR8KWxmTCyROHkHrzCBVMYhiACwsqMjJkrDigSXClv3RT6ZPSyI9zM+/0YhALjZej9PQAygigrnZJVfyRgFU8cRBE0I2p7VMRxKTmxFukUt0L7b68ODciMxPAUBO1IDXTf572viZHFQqKqOsVGiKERMRd+VpZX2vaA==
+beauty.			86400	IN	NSEC	beer. NS DS RRSIG NSEC
+beauty.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A/+NqHKYOOtPT5qXbthhK36fCa4IlhO6wFOSf4jb4mwqfViwABMpeC74rDKGSmyjQ/7QMrh526AGTVigsOTF5oaEbBnCR3DNobawCjaDWdN7u18FuSayNqw4jDI0xvvnvRsrfYkF2/eozD2CXa1fbbGGipKs6APsN3AkxoFdjl6ylcP6S/9YZQFMWt+1Hn8J8u1IUVV7pSc/oEMI3PE5oHYVXprMPuxPCrR5XkVGFNhIvqXXpMrfPiuWZuiGKfa9pags8XhNl4Ubxn0k8DBhwHPBKfI3Qn2x6XitTP13t+C8LnDH93Vjs2ysM8C76ya9SfEWk8faRBDMjbnypi06yA==
+a.nic.beauty.		172800	IN	A	194.169.218.119
+a.nic.beauty.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:119
+b.nic.beauty.		172800	IN	A	185.24.64.119
+b.nic.beauty.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:119
+c.nic.beauty.		172800	IN	A	212.18.248.119
+c.nic.beauty.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:119
+d.nic.beauty.		172800	IN	A	212.18.249.119
+d.nic.beauty.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:119
+beer.			172800	IN	NS	a.nic.beer.
+beer.			172800	IN	NS	b.nic.beer.
+beer.			172800	IN	NS	c.nic.beer.
+beer.			172800	IN	NS	x.nic.beer.
+beer.			172800	IN	NS	y.nic.beer.
+beer.			172800	IN	NS	z.nic.beer.
+beer.			86400	IN	DS	39367 8 2 32940AB06D3524457F9DDEAD6C3C0C76729EEC27C5CC02244CEA24E9FD9E47F4
+beer.			86400	IN	DS	61849 8 2 11485CF30D665A82C06691C37983FD4ECA2068ADD702ACE7374EC00E800F788F
+beer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AalJPOid3I8val8kmeXdXLWIvc/7pbZj6Va99EcC4NmUlqNfwptsJWm5rnDXS2/vwuzDDWKGWJO1+HSvi/s3vmL20gTV6OtF2WUIeMwPsVxZu5x5ug80ZhGIAYeMHK1aQaWr7kFgAtnlCDWG5A4Og1AvWxRoSAh2QzZatErb9OkEuAHwCUs6YAhbUd/qhbGneAejw/86tE6bTIQ4u4xCE07bOvn2EH8midxeq7uwOnG3gOtKKiqy8sUWbHxMUZUwlYc+ODR+1DZ8Uv/RIVW/bCI0KCmjQtZRtK/U4On8Nd2EC3jITI7LQJa/W9Bb+lOebJxUUtetF3oEzju8qJf1NQ==
+beer.			86400	IN	NSEC	bentley. NS DS RRSIG NSEC
+beer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uNcWu9pUxNxYkTRnHdErxcZGRc0lVCPwE+R6I4lVuN9MuGWsC5fTZ+mw1dKi/1cBS39OT9NsE9kS2oCkHcPw0nAsU/PJ8WB8PFyDbpJBTaNu076jAX4OTImExoI7ebicWBuHPVW841KWHCu5lcda3NMknwJUv49NzEvw1qMQskJu4ue46eW2T0IoEoq17TgBnu/OY0GkBqRHgv3w626UypzMl60iLwTnxBB02PlBLQWHUh7V19Fh9TbuJMLfGq4qHnuI9PFnA0Q/sy7Sju58G3833JhP2B1nPoq5e9EWLoGO2GzkL6vA1kxz4OVljUl4MeqC3FM+szDoGezfQ7c+3w==
+a.nic.beer.		172800	IN	A	37.209.192.10
+a.nic.beer.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.beer.		172800	IN	A	37.209.194.10
+b.nic.beer.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.beer.		172800	IN	A	37.209.196.10
+c.nic.beer.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.beer.		172800	IN	A	156.154.172.82
+x.nic.beer.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.beer.		172800	IN	A	156.154.173.82
+y.nic.beer.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.beer.		172800	IN	A	156.154.174.82
+z.nic.beer.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+bentley.		172800	IN	NS	dns1.nic.bentley.
+bentley.		172800	IN	NS	dns2.nic.bentley.
+bentley.		172800	IN	NS	dns3.nic.bentley.
+bentley.		172800	IN	NS	dns4.nic.bentley.
+bentley.		172800	IN	NS	dnsa.nic.bentley.
+bentley.		172800	IN	NS	dnsb.nic.bentley.
+bentley.		172800	IN	NS	dnsc.nic.bentley.
+bentley.		172800	IN	NS	dnsd.nic.bentley.
+bentley.		86400	IN	DS	56257 8 2 CF15159EC1841AE2CF91D95B5889EB14574EFBCFB069132903E025345A39AF7B
+bentley.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MlGo+5wmcdIHIjhzQ6ilsSrdjVYiXp1cITevb2sryKi7UQbS6meq7PQV1WeZFFxrdFXILAZjiHgXtnlh+3T3AIUBRj7MbmYtANaEm6W1CslJtyROE5i7VaQbATqpET2URxvyElxFJRUIXOLCIOFC7AJ2Fzr3OuxVVFOPXivfCpPk7HyiIbfksYN/zZGXRtsanNpHvNaYLUnwTCe4TQWDJPwb5DlVXVJlrzia3cYaTThKaI20PNypeHqacl3zTHaIVzV4IVcNoKN03ZtXZWBO7hydAmwMtHLcTD2FTHPS8rQHYb+I427/IBX53MTji6zzMGxjFkgzXBBELbzVBrrIBw==
+bentley.		86400	IN	NSEC	berlin. NS DS RRSIG NSEC
+bentley.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GBvNb8bG/hxCsTigxUp38G4uuIW0CIxj88NlTfHNs5/6LXe/nkJKfAjvX17ghy1qEDT3PsjLr3Ss1u3gnSOXvq7q6WR0OjBDYR9YrWI5Pv08eneX5Cxzj424PMHPV0ZGm88zVYyrGRJusTGG/vO1iH4QrZv17k8wUOeyEcgxTcXr21WGiRnLkc+bGBUaeAmZNGVncFsbht5bBfHwutWNjDWI3ZewpqlcHFcUsvQZ4Q6oLyhl0uNPmVZb4DEacv1JJxtDc674KeUGhRIHkrGGgfzBFWfoiD2y3d+bLPbqull06/0Xy8yutXp+UNQhejB3VNBn6mghcMzP1xc03YukSg==
+dns1.nic.bentley.	172800	IN	A	213.248.219.5
+dns1.nic.bentley.	172800	IN	AAAA	2a01:618:403:0:0:0:0:5
+dns2.nic.bentley.	172800	IN	A	103.49.83.5
+dns2.nic.bentley.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:5
+dns3.nic.bentley.	172800	IN	A	213.248.223.5
+dns3.nic.bentley.	172800	IN	AAAA	2a01:618:407:0:0:0:0:5
+dns4.nic.bentley.	172800	IN	A	43.230.51.5
+dns4.nic.bentley.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:5
+dnsa.nic.bentley.	172800	IN	A	156.154.100.3
+dnsa.nic.bentley.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.bentley.	172800	IN	A	156.154.101.3
+dnsb.nic.bentley.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.bentley.	172800	IN	A	156.154.102.3
+dnsc.nic.bentley.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.bentley.	172800	IN	A	156.154.103.3
+dnsd.nic.bentley.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+berlin.			172800	IN	NS	a.dns.nic.berlin.
+berlin.			172800	IN	NS	m.dns.nic.berlin.
+berlin.			172800	IN	NS	n.dns.nic.berlin.
+berlin.			86400	IN	DS	25424 8 2 479DD34641C6386048518F9A39AAFBA26172060EE36A91F478EBE521AA1CFFD5
+berlin.			86400	IN	DS	47974 8 2 B1DDC962A9293CDA1C2AE8F951C86A8F391248C50751AD61F642D46D0F644B41
+berlin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . r4OCHDmSCXf7qDrOQL4NQXDliYV7IKAnXulxCnjChnaJ7lCwtHoWA7ZxHm8zi9t/1NnaeCCqeB8xFLaIa4zIyii7hcQG9exKkByKQYQZTvNUDgM/hh1YEQFBNyLd27IaiTaEfWyeL61QJM3VfXCM/yKbup5f5quKRoBgRqIAYry12JqR1wBf7qLHRYs4XyGv2t99Gl6nBvHGwM9NU9n8yVSzuZKfHbJijnP8iJ7YfsNJos3hTIH0kxBq9fzMsrXpz9LtAFVqByu7UDtBeUd2TnlXN6G/Q0lfetsT72WltVpZ+ZjdQXGmrXg20qK4soBzpcGHOgpD3fd4iN2xg62sqg==
+berlin.			86400	IN	NSEC	best. NS DS RRSIG NSEC
+berlin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qdu8qtuMerZ42oBM4lUPeo3S9+wOBnIlQUO6ZvzXlnl7IIcrbRxUVpFb74N/W6Rdv5cRP2IKqNgHHbhlp6u+USyD+KnO9qCMUR8fG/0kYXuiCgbrcIz4CunWKa0vQx3FnSHIqHA3+fREzPWzL/2yG66s28X3y4GSWPl9WAzK9b0OB+2Vf4mKqefsiTy1Zpu01kgEDqon0yXGJbPh1DSy2FWawKC8eKfVN8uHa/Cpcvy64tujG1A8whzd1ZZK2QfHUqjvAVhfWorgptJnXGvi3GCGSPNa7GWTUOQxDy3XqGnodySHQPVe/vHQuwybconF8s0zXrQoyp8g508sCF3srw==
+a.dns.nic.berlin.	172800	IN	A	194.0.25.16
+a.dns.nic.berlin.	172800	IN	AAAA	2001:678:20:0:0:0:0:16
+m.dns.nic.berlin.	172800	IN	A	194.0.26.5
+m.dns.nic.berlin.	172800	IN	AAAA	2001:67c:10e0:0:0:0:0:5
+n.dns.nic.berlin.	172800	IN	A	194.0.24.5
+n.dns.nic.berlin.	172800	IN	AAAA	2001:678:24:0:0:0:0:5
+best.			172800	IN	NS	a.nic.best.
+best.			172800	IN	NS	b.nic.best.
+best.			172800	IN	NS	c.nic.best.
+best.			172800	IN	NS	d.nic.best.
+best.			86400	IN	DS	13966 8 2 1B34271DC3CAC4D1FAA279893902BD3330EAB9675DAB6DBA03FD163437E7D12A
+best.			86400	IN	DS	41279 8 2 D0C266B147E9FA7122215CCCA36B23D43407BD2F03B2E3B6E917D350B31AA5FD
+best.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kujRBaQ4UN/Yd+rPLNN5L5PvtZ19XVfKU0l8h+dHTWFr7Ggar0muCZ0V7EYbW2MJ4/OSAaR9TOBQQ3if7UzNJ3ehS12M+L1lKO19hRkUUNuzJvu/qo/SRRtLdcUIU1zM3TMNQUsy0Ojfkkv2j2kP8itFAADJxrol1wT8mCVyxASdhiaxVf9r/cj7Gj7aOqGBenbf4PEePBZtUQpbOznO82LsRapXEP/RAB92YH/5uCQLmYWimwFtXTsSQdjxW8h4SgSkFMkhEEtJmLkPh9wuYe71xk69jc3i8Ci1j9AJNzdr8jireBwaC9Va6G89ngQV/to/lV3kIlwJahc0Pg4QqQ==
+best.			86400	IN	NSEC	bestbuy. NS DS RRSIG NSEC
+best.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RsMmWjsCaxF7+W64BkWaVBou4eKT4K6jol72fF1kAjltqp6VA12zE2fW95V7aCP/hedkthnsewmPY5s0IdjfWAlciEFtxAxkTaWxN6mZ2N1ci4V45ayfFRRd4VS6ZPbEpOYxNfsYxTeM0OwlHk7NsgsOOpSzuv2UW5qdG8RGHI+A+IYx1u1FAPdA45aRlpc1QjyVt1h+gfhLOKUvvGcKdFLNakAS4gg+fvz5QZTGsJ3zaSLUh4wtaIEPDr0GunSnzUzfs54heIDgpoOufyDKCKQDIPh0gGKimAeK4F+ACPZmH/iNbktGWOwIfVSGmj/H0wtCl/BiyQe+d4/m+Kq7/w==
+a.nic.best.		172800	IN	A	194.169.218.109
+a.nic.best.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:109
+b.nic.best.		172800	IN	A	185.24.64.109
+b.nic.best.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:109
+c.nic.best.		172800	IN	A	212.18.248.109
+c.nic.best.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:109
+d.nic.best.		172800	IN	A	212.18.249.109
+d.nic.best.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:109
+bestbuy.		172800	IN	NS	a0.nic.bestbuy.
+bestbuy.		172800	IN	NS	a2.nic.bestbuy.
+bestbuy.		172800	IN	NS	b0.nic.bestbuy.
+bestbuy.		172800	IN	NS	c0.nic.bestbuy.
+bestbuy.		86400	IN	DS	1501 8 2 6E98E0865F6A8CD3E69F0A03CB0D9D80333A31D113AD85BBA7571F87262C5D32
+bestbuy.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OtCou83JFaUAuSgS7K7addRlLUBiuVpv165rwyV2mX+HJrKEWQNnQgDAxcmNh5rOeQnzbZVZ9658js2+au0hwWIxOKu11iCrQxFi5oCchKUHRsDItGb1hKZRwJCJVnl8dnIWsUukxdHEAPRRUPM5K4v/VszjE/B32cjCbiMgQlrL2AWCNJ/kMw684bobKnfbX9eivawHcvg6uB2YqBwZkiGFM3fuEc6bXPWwsx5t1/e4/YX2S9GzKGdeT8/22tw2pRB35Un387FE8m8hVEzbjQZZMfpQLz4iq8xq9cs0Il4z5HfrPUsmKbz9BwfxB2bcOZ7Hqb9/kSHgqNsKK4l8Yg==
+bestbuy.		86400	IN	NSEC	bet. NS DS RRSIG NSEC
+bestbuy.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . z5+wGrQgtbHese2Y6lMTGtVMaCcbnqlM9NIKiZt9jcj95XZBPP7SjaIs002iHkLZhdJW6WLLtrO4VJ+jZ6K5JsMyMgvil/Tm9Slr0IPw6Pv92FU0PrbA2fO8f4j3QMOjCQSgVZdx+ksRkXG23WTWIcjdx6dFLA0Wr4eDcoV8BCY9DllIhRE5K6y/DHNjby78vAtJUCgs4VxHl10/sF3jvVZctrUZ/P35Ewt3WMUeMXDJj2wZa48vVOvWPkEpiiLCddMko8rQjAQBWPjmd6aUuIy4Ds3ZDMogPELb4988K/4gpkoBg0zsGRamUGeGEf4iskqyMZv5kBBVecieD47G1g==
+a0.nic.bestbuy.		172800	IN	A	65.22.216.9
+a0.nic.bestbuy.		172800	IN	AAAA	2a01:8840:d2:0:0:0:0:9
+a2.nic.bestbuy.		172800	IN	A	65.22.219.9
+a2.nic.bestbuy.		172800	IN	AAAA	2a01:8840:d5:0:0:0:0:9
+b0.nic.bestbuy.		172800	IN	A	65.22.217.9
+b0.nic.bestbuy.		172800	IN	AAAA	2a01:8840:d3:0:0:0:0:9
+c0.nic.bestbuy.		172800	IN	A	65.22.218.9
+c0.nic.bestbuy.		172800	IN	AAAA	2a01:8840:d4:0:0:0:0:9
+bet.			172800	IN	NS	a0.nic.bet.
+bet.			172800	IN	NS	a2.nic.bet.
+bet.			172800	IN	NS	b0.nic.bet.
+bet.			172800	IN	NS	c0.nic.bet.
+bet.			86400	IN	DS	34666 8 2 E514F93C9FF69EC196E47CDFA00E39946382363CF2CAC7DF3DF562F35B31A2BC
+bet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aG9T5LNUDT6gspMEEsvdD1ftWQ0hG3wp4vdU9rOmS5U6uV4g3iolLxq0G3Q0fqiTpzh6dCUXXqoo9pvBHjOem/09MgFw95nEKlOryWi3eDlWvBf3ndJavwzmshTsKKzjcacaqpvbpoZrwf5aM7nMxTgKQyBICtLGu6viq58li3uOT+jUjW+IGC5t1p+uNVrMi+aebFj+PrflKlnfggNtNVAvgXg/4z/fcrtIp5IBFrhvBqSmgGkW+VbeKNm25XbSRhkUelNfrJSVwpybmlPV7J7lWkwFH4p1s+EZ4wXovQ21/RbXvzNhxprKmgfrcP1mifYH8IdL/ZYVJt/HgYEMZA==
+bet.			86400	IN	NSEC	bf. NS DS RRSIG NSEC
+bet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d9EOY+1E3LGY3kmOlxt1TIsg5CgjXfMzpMfTXqtELspAkAEGFRJw1/xwtDQP07Hva27tVcoRNakTxNPjTxrfsbPx8StNqQvN8xtZneILk48+UwAYeoFHPvHUkZaHAZOhwfZ0iBfJtNPk7Lu0jKes4J4LRj8KLAxJr02s8NpnW59Gw4WS7b6Pv7524Y8O6g2ZBX8WE/fY4DYCXb0Rtcwmbou7qt+uVgJDCdqupIQzRCq5L/5tl1WyRFwuAP2RUvhibOgl8zNO/SnJFCMBWraok7Au388pEv5JKTtvhBPLshpgejiGixujgeoVLqCmGejDFwQnkNfFTBai/Ay/75AaEA==
+a0.nic.bet.		172800	IN	A	65.22.36.17
+a0.nic.bet.		172800	IN	AAAA	2a01:8840:26:0:0:0:0:17
+a2.nic.bet.		172800	IN	A	65.22.39.17
+a2.nic.bet.		172800	IN	AAAA	2a01:8840:29:0:0:0:0:17
+b0.nic.bet.		172800	IN	A	65.22.37.17
+b0.nic.bet.		172800	IN	AAAA	2a01:8840:27:0:0:0:0:17
+c0.nic.bet.		172800	IN	A	65.22.38.17
+c0.nic.bet.		172800	IN	AAAA	2a01:8840:28:0:0:0:0:17
+bf.			172800	IN	NS	a.registre.bf.
+bf.			172800	IN	NS	pch.ns.registre.bf.
+bf.			172800	IN	NS	ns-bf.nic.fr.
+bf.			172800	IN	NS	dns-tld.ird.fr.
+bf.			86400	IN	NSEC	bg. NS RRSIG NSEC
+bf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ESFJEGZCEQzfYta2BKdHw7nNayVmd3YKh5EEerbphOJN/nzNrloaijJuMntYxkbttzbXUu3Yg/QBimbyRtoXcHKgRFEABrc9aKvNCe+8fHWdWno4CGyaPyU2Vf5e6xilKlN0h6J0yq6IIqOLdP/WlOTF9EhENywlB6rqG1LlQBvevLLBVKFutfeMhriTvp/LI0PlyWGLGKoRRLaJd83Xg93vyR5kjOLLuM7gcanCbnc55mNMelvo46nI93BEDJLQ6GOL9ecWhQL5/4OCk5aCovoy3iWiEG4nqCFfiVNOk14wvKks9jLLJuUBYozM4dJVvpAqJD/xDDbaXgGQOQjBwg==
+a.registre.bf.		172800	IN	A	212.52.146.50
+pch.ns.registre.bf.	172800	IN	A	204.61.216.141
+pch.ns.registre.bf.	172800	IN	AAAA	2001:500:14:6141:ad:0:0:1
+bg.			172800	IN	NS	a.nic.bg.
+bg.			172800	IN	NS	b.nic.bg.
+bg.			172800	IN	NS	c.nic.bg.
+bg.			172800	IN	NS	d.nic.bg.
+bg.			172800	IN	NS	e.nic.bg.
+bg.			172800	IN	NS	p.nic.bg.
+bg.			86400	IN	DS	58606 8 2 305151EBB808CFA54A262403982D4C27E081B1C4ACCDAD4B4D83CE091188B1A0
+bg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lmT9US2EkV3TOWwuELwgdJp+zdiTIBZ8Y8luX43jM8Z8AvCOKwxVH/98+8/EKGQTOK06R2zcdyhp+bff9DcFpZOtn6pQOzVcdyS/dOd3FLM+vzW+N+XOUSuNClDK3RP3RRTZk4zzhtSjHbiyRkyaRRp64ADQ8ZaUwWfR0jk22LjaT4sOxFCyDnB1RGpofg9VQLSbmPnxJJ2Jh0F8bZuvyK+cogYv9hQ67tReUrsgJT6p9MxQ20Idbs4gnAtPIuRSf4e4lB3hwOPpheV+aTltG05RE91pJQOi8Xda7XKNctOpz8wP1xnxUddIR0yFA/ekWAGI4WTZOPPONeoEMMaguQ==
+bg.			86400	IN	NSEC	bh. NS DS RRSIG NSEC
+bg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lTMqM33p1ycLn4hkme9UjL5XNYblTI9EV0b5+Ep7cTJmTSg+yCbtDcmJL8kR6VFAMccu5RnG0ibmg9pYCDSivOpmJ3SDa/Ds8b6UfWOZ1W92nXbzyrCZEINhcua5OlsvfjOONyPsX1mAg8n4EPtErPb0yBqVizh06E+t+8F8n/PTFBzNhCjwb95NCKLRfCaIWpjwiRywOLBW+bGjTJEPHuawpESp7QJQNBd5MWf7LUnsXNd9F82cCZIIbImHKN2goGdOelm3k5vQ2Yl/NECwXFpVSSqSmWpa+BRDC7v3ePPZenbwzMH5UG4umYbJESNdzx5PZknjELrl3zIwgCg+tw==
+a.nic.bg.		172800	IN	A	192.92.129.99
+a.nic.bg.		172800	IN	AAAA	2a02:6a80:0:0:192:92:129:99
+b.nic.bg.		172800	IN	A	193.68.3.232
+b.nic.bg.		172800	IN	AAAA	2a02:6a80:0:0:193:68:3:232
+c.nic.bg.		172800	IN	A	193.68.99.99
+c.nic.bg.		172800	IN	AAAA	2a02:6a80:0:0:193:68:99:99
+d.nic.bg.		172800	IN	A	194.0.32.1
+d.nic.bg.		172800	IN	AAAA	2001:678:3c:0:0:0:0:1
+e.nic.bg.		172800	IN	A	185.143.80.1
+e.nic.bg.		172800	IN	AAAA	2a02:6a80:530e:0:0:0:0:1
+p.nic.bg.		172800	IN	A	204.61.216.110
+p.nic.bg.		172800	IN	AAAA	2001:500:14:6110:ad:0:0:1
+bh.			172800	IN	NS	a.nic.bh.
+bh.			172800	IN	NS	b.nic.bh.
+bh.			172800	IN	NS	c.nic.bh.
+bh.			172800	IN	NS	d.nic.bh.
+bh.			86400	IN	DS	42035 8 2 DE6B7CEF6B195F0AAC140C56C68868105D8F05967342C96A8192EFE7B433BD1E
+bh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OFpTkXqAE0sbrYWRy1Jg2U1XDaaeG33EP1lfLS98wNjf/60lRhdieWpbq7wDr02EW5oO6Hza3BtmBGcBx2YQ0L2qr6eRzpDj7Oxsau7zdYb22hQR/c1J030zXVJdkuBZc8DBglrEC1nR69eIlj51zJmK4sHJjFTzhf9GGxrmKF3yRSpVemYETGCh4LZy6AyWUlsvb2eooaRJcdVkcFWJQyQG6Ig+OzUS+hnOPsJ1E96dAtOs7XY+XyBL/IfE62Kcbll496LMZFIUNQg9Sj/qFLZlqVISztq3/IwJ965+BhQYHDHMbR5MyWE4x/zHfAQHzPf2hKn3oMLb1CpmwJqXGQ==
+bh.			86400	IN	NSEC	bharti. NS DS RRSIG NSEC
+bh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gTSilJJixCjDXWnBPOyE0y0tfoG/sTbsR0gvzekM33P2YBwUAJBWNTfRsC5QbJigw67LUCp5VAFFCdV3YxOSezsY31c2BFffvPVr6SzUoAKX+DDfD/ZW9I7sYqjfJ+PRYpoULm8FQT8MBLN16miPwnV2cMj+q1LyJM6ojR4E/buFbFa9Y7aH9uX+3OcPe60j4AQSeKZscZqQCFzZAqICaB4PEC296k9n6NHqCCLiljLUVxDqB4x5t/WTqnNhrxJ2COHw7+6jkhI1qgbCRtWMamY34mLwiyVVgpMh1UCS29vytAY9h2hyuNeHhLefP8puJCQ4MujgL35oMJiI70CzBw==
+a.nic.bh.		172800	IN	A	194.169.218.115
+a.nic.bh.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:115
+b.nic.bh.		172800	IN	A	185.24.64.115
+b.nic.bh.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:115
+c.nic.bh.		172800	IN	A	212.18.248.115
+c.nic.bh.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:115
+d.nic.bh.		172800	IN	A	212.18.249.115
+d.nic.bh.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:115
+bharti.			172800	IN	NS	ac1.nstld.com.
+bharti.			172800	IN	NS	ac2.nstld.com.
+bharti.			172800	IN	NS	ac3.nstld.com.
+bharti.			172800	IN	NS	ac4.nstld.com.
+bharti.			86400	IN	DS	13206 8 2 BCF1EFC6D85CA9939AF95BE715D7093082BAC953E8539F88D21B16054D5A22CA
+bharti.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Oyy7HayCuhgezX3QEUbM81RVgkElH2ppEtlgxWRMd9gv9W/zBPtCfpMQBd/IsIH2TpP09/P8IvyfmSdf7NJNn2fzeKFrQab/W5ejCfFRCF/SpgiJwXAZ75Qb4f1RF9L038VKlZ4G4PBJkJMLR3m0uXBNq5DOses1mSZBATjVIE0YHCyPme+QsqZmxtN+01f4gnTsiGZdn0tDHXrmY0qJbs4PA7e2QkfuLhdYC0eVKr2BeAeCVDiGishK//Y2WbHjr1WMdKt7yuYvqzbLT+EsTTJ30dp0FA3fSan5wnTBY0AKbnrTDkrdNxbVBnY+eSbc+Hw/zndKvu/juK8PLLdltw==
+bharti.			86400	IN	NSEC	bi. NS DS RRSIG NSEC
+bharti.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FTj4YmDCqJ91mndHau5TLKmb1MuvuGUzHtfC5X8R+xFSU2nJAQWQMhfJigOuAoAdysyFVH+j9taaSYcvFuR+WUAaGPumcuZ8PdmaDUawZhMFu+T+QFs2SWYr8S6ItyvrC0Xc4ZPkfKyIMXCCR048fJ1fujxjh0BLMltgydM12C9tQ6+V+68OQv4MBjpzMhEphK3W+bvB3EE532JPive/W1Yd37O6QCI00+VEFhcXcLhUqWI1uRi5Zfzpv2vBPujyyW1RLiKZE8Y3pfUV5SCYZdEHwOIPeFUsbldSjef1qxsB/sxkayutv9OUkQwuP8jV6ahhW6S9CDdiHkxV/Zbe5g==
+bi.			172800	IN	NS	bi.cctld.authdns.ripe.net.
+bi.			172800	IN	NS	ns.nic.bi.
+bi.			172800	IN	NS	ns1.nic.bi.
+bi.			172800	IN	NS	anyns.nic.bi.
+bi.			172800	IN	NS	ns-bi.afrinic.net.
+bi.			86400	IN	NSEC	bible. NS RRSIG NSEC
+bi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fVaGINHD6VE+1c8w7ShO9zTAsFHhsabDop7J5EoS43tOqf5uYtNQ1hBmFOBwqZ7CY8UK/6T43lUwd/w3zwHWT+XjgLYTCi9cKmYkskZ+EApQmO6JW2Q+CO/2K1i/phKXftDAuPykN/c/mA4IOx7LUnzF/P91lH4M6HARYkNWSAB3CMFawFBPkjDytHSop7TfJ0O6pg/hxVWprCCrDe1z1YAhkkf3n8zcA9f+sSHjuX2T3iY4AANkaGmLTnbYvq4zz9Ee77jCKQzQr2J+0xhTvW3FGNHgsgxlnERQrpUErTIxl8+zOJD8o072OV7wZwY05osHJ2zvvMxNhlWPrlANUw==
+anyns.nic.bi.		172800	IN	A	204.61.216.61
+anyns.nic.bi.		172800	IN	AAAA	2001:500:14:6061:ad:0:0:1
+ns.nic.bi.		172800	IN	A	196.2.8.205
+ns1.nic.bi.		172800	IN	A	196.2.12.205
+bible.			172800	IN	NS	a.nic.bible.
+bible.			172800	IN	NS	b.nic.bible.
+bible.			172800	IN	NS	c.nic.bible.
+bible.			172800	IN	NS	ns1.dns.nic.bible.
+bible.			172800	IN	NS	ns2.dns.nic.bible.
+bible.			172800	IN	NS	ns3.dns.nic.bible.
+bible.			86400	IN	DS	634 8 2 C09ED93543E2A43516C5379A9EBD54364D4226015112CDFB24199A7F91936DDC
+bible.			86400	IN	DS	8386 8 2 0E7835E59CA10B1E14B9F6AB4EED2B9F27B5BA318C66B4DE22166C4A6686B9C3
+bible.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . smM/VaIKUkxOG4zGYKKive6z1fTydEaAsuMSAvB0rpBLajfX94OKXgk2tI25XyQ62je+ddqvF5e9Y6qC9YLYMxD47GxJSdQRxptzITInbki75FZTOQZUITKWIZ47K8ejGaQJaZGBC/KEpmys4+lZImvyt874VZSuUJtKUHksKGV5ufXWpuASzAHUnKMxQKpofwxznUQpfUI6JM913OXZ76h+bn++yRdT49/ICx7W9RYE7ApRtlS9a4ZFgf59Q48mKdHxfhxw/UjiBd6mIrQH5MO9aNHaNo4zzFKxIRGd/zjnHP7uWOgQrkSogLqc1Yd21yifAiueKV0ryOJqmxu+yw==
+bible.			86400	IN	NSEC	bid. NS DS RRSIG NSEC
+bible.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Eco4YPy+tKPEyPmjCdfwHS/QP6OlTnbc3wqTymmfIBPArFz4wtXS37B1eQZH9pf8KRbBZYTTj2LWehsB+henAxqlovCl2lWMo1nhqxM7YciJljN2U4EiEEcTK8oFbS1fL7U362iamficUErvnosrdeMVfzkDcPbUunM5A2AJuW3nfUp7ptA1Jz8TeysION8NeexFYE5z4i/Kx0e2l1iF91GKeL2ZYK79+hfpAstsBEQJhZYFck5b6dIwVomvoOiEzEjbg7AwEUypBtHX0N63t8zW1kk1B2ZpzuVr+kAYJGVLsyt7sRwluwn8l2ybcYST0rv00UzGMZnX/MOj4V9fcA==
+a.nic.bible.		172800	IN	A	37.209.192.10
+a.nic.bible.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.bible.		172800	IN	A	37.209.194.10
+b.nic.bible.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.bible.		172800	IN	A	37.209.196.10
+c.nic.bible.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.bible.	172800	IN	A	156.154.169.100
+ns1.dns.nic.bible.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:64
+ns2.dns.nic.bible.	172800	IN	A	156.154.170.100
+ns2.dns.nic.bible.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:64
+ns3.dns.nic.bible.	172800	IN	A	156.154.171.100
+ns3.dns.nic.bible.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:64
+bid.			172800	IN	NS	a.nic.bid.
+bid.			172800	IN	NS	b.nic.bid.
+bid.			172800	IN	NS	c.nic.bid.
+bid.			172800	IN	NS	ns1.dns.nic.bid.
+bid.			172800	IN	NS	ns2.dns.nic.bid.
+bid.			172800	IN	NS	ns3.dns.nic.bid.
+bid.			86400	IN	DS	20119 8 2 EB851AB057822A4C0092B8A500066227424C6BCE0E50B45D40B21476B18056B8
+bid.			86400	IN	DS	64954 8 2 72F2C783CC339208A8DFE0411272CE3A327C4610B3FD6DD67B6E4C5B27B868BB
+bid.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cegic4n6IS3fybDcUVvo21kXClSOPibuPtfm/FQKj+U7CfqrgV+hFr906H+vIHblxFNObPdLqoNeViSVTmAnT6i9tm+kgf4/+dRAYR5Cb/6wul3O+C/WsZXBEQQaguQPoF2VUN3Ngmtykpb8Mir5Q35JvXmr2xMld5yFiyJ3Szymt3bj0M+TSHYP+YCKSyBWnMVzxk5lDGV9JbwAIHaaEMXr7/DHfZkCuHuN3lVVLYY2kJkYwP1LlWupXOGDYldE9MUQ/C3yIebQAIZVWRTjg6vVJ/vI/XQEx4BJ5XTzvqsokKfIFEst1lSxOwGEtzEakPqo0ailxE7XK/hiX0Puow==
+bid.			86400	IN	NSEC	bike. NS DS RRSIG NSEC
+bid.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ag6c6+vJ/OrcDpd1WbTE0tkQ0uU6Rx84JaPB6jMFXhlihxzafqbj8C+PitLki/FsUgYzwIbqFaX8cCMkrlghNQGDP7MZ8Dydu3zjBJpKX5JrXvPpOjJRXyvlMqOJ1y2bfndZJtQJnqMEiUn9xScZSPScYQGwryXYNJ/XMPlLKyhGms3p1tpUaM+O0+hkMg9RF2eoYtszw/qFNTOrYFv3XUBjGjsdxOciEgYqQq7vi2llx85gbs6YLAb1xmIgFclBlwX2ZT3qWdJY+mjcdwZpQ0r8APIsrG+ofWLQ3jODEF7a7laUMMRgEdknFp6ctxl33+9yIOfb3JXkbLBnY7ENug==
+a.nic.bid.		172800	IN	A	37.209.192.10
+a.nic.bid.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.bid.		172800	IN	A	37.209.194.10
+b.nic.bid.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.bid.		172800	IN	A	37.209.196.10
+c.nic.bid.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.bid.	172800	IN	A	156.154.144.25
+ns1.dns.nic.bid.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:19
+ns2.dns.nic.bid.	172800	IN	A	156.154.145.25
+ns2.dns.nic.bid.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:19
+ns3.dns.nic.bid.	172800	IN	A	156.154.159.25
+ns3.dns.nic.bid.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:19
+bike.			172800	IN	NS	v0n0.nic.bike.
+bike.			172800	IN	NS	v0n1.nic.bike.
+bike.			172800	IN	NS	v0n2.nic.bike.
+bike.			172800	IN	NS	v0n3.nic.bike.
+bike.			172800	IN	NS	v2n0.nic.bike.
+bike.			172800	IN	NS	v2n1.nic.bike.
+bike.			86400	IN	DS	32614 8 2 65FFD9EF34AE62688731D986023B138529964729AA847BF3B3FD0730202E7EB4
+bike.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GfqFkRsUyleJtwYQwvC31rQl5UEw+2iHHtnZYBzAUPaO0c4/OxtSAuIRHSEuimYaA+dr9t2O4/wLD2j/JkCVoVYR2gRfAd8XhHe9/4jO+OdssAnte0pip/mm7GZLaOQir2CNgTz2BGw0ziTp7Y9ox4Qtl/XRXRfprIF/jGhY7q0H+6d5S614jT4EzXyLTbhHgP3u8UDIv1Q7cR6VRgrkVgletQ052zSkfpQURwM6qGZxU05m0Pbab/yyjjJGquBMGeSb9/90wDUQSVzbhf9KGvT9mr7ZFpwJxEdFcjHCH7n4Sc63Ya7+ZfSKudvDHh/gnp89W726YKiVd+dRbhnWPQ==
+bike.			86400	IN	NSEC	bing. NS DS RRSIG NSEC
+bike.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CqGPJVw2hvI2nvsMooOKlnnv8BeY+GA2q3+ZFcsm87oHomzp0rJkRvqJiww6oBL0idN39eHK/XfQQniwJ9xZajzv19wlqzS/ld0qX9yO6XIK+HTFVUNkOKP0f6f3d29gjFiG3fj11ZJVUr5dc27Yc3nxar73QeiaiUGwpdtQXdXKIOBZecFllftWya3GPyM7C4CgEXFPGMQ855Fgm7t5EbV0+Py4DGSjSdNT2DwwD3k7nl2hMsRdQe6mdLa/KejX4s9CW7htHnak5vV5PaOZrB4etrkfmG56B6eN8dDBPd7rXLMYJzrFX6ukbR2XMXBeaH0cPQiybm4JjbIVZmNrBQ==
+v0n0.nic.bike.		172800	IN	A	65.22.24.44
+v0n0.nic.bike.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:44
+v0n1.nic.bike.		172800	IN	A	65.22.25.44
+v0n1.nic.bike.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:44
+v0n2.nic.bike.		172800	IN	A	65.22.26.44
+v0n2.nic.bike.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:44
+v0n3.nic.bike.		172800	IN	A	161.232.12.44
+v0n3.nic.bike.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:44
+v2n0.nic.bike.		172800	IN	A	65.22.27.44
+v2n0.nic.bike.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:44
+v2n1.nic.bike.		172800	IN	A	161.232.13.44
+v2n1.nic.bike.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:44
+bing.			172800	IN	NS	dns1.nominetdns.uk.
+bing.			172800	IN	NS	dns2.nominetdns.uk.
+bing.			172800	IN	NS	dns3.nominetdns.uk.
+bing.			172800	IN	NS	dns4.nominetdns.uk.
+bing.			172800	IN	NS	dnsa.nominetdns.uk.
+bing.			172800	IN	NS	dnsb.nominetdns.uk.
+bing.			172800	IN	NS	dnsc.nominetdns.uk.
+bing.			172800	IN	NS	dnsd.nominetdns.uk.
+bing.			86400	IN	DS	35654 8 2 5D6D052D2F2CBB18E7F16AA68B42E37B7ED0FC58BD491E8E97C8AEAFB3279C81
+bing.			86400	IN	DS	54939 8 2 AA18F258897855E86489C4A522EA45DA55918BCD1C6DD418322081331DF89E85
+bing.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fAyOjTFLwdOnPmjSUoCI3dCUwusc/9fSUnrCnZo/vjmZJonlXJTYnncXh/jkd6aD5fYs2Td88cklp7+JFZrnAX8DbWwqc91QeypSWO/BJyrMEalJxdCDtTrU21D9EvSESqtl3mgVjKv6axnvCckaOEejHK2dgwZWJSwK4HYbsg78C39kO7uSG1nZkC+anDdmzlkj4BCiWl3mUh2QIQ0vQpB3Re2NaaIrcCH0Y/1lCFvbBiObk0cCxjzkkduYFaDsnZn4e/m0ngGBy1tA4utm+gkqPexuHk3KpI4v4zaYhQTL3Dn5kU6Oz97YmmfmXooxtJrHOGt953zwiVJN7V3giw==
+bing.			86400	IN	NSEC	bingo. NS DS RRSIG NSEC
+bing.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vclAzePw5kgdGP76Cr6lCh0vXHaRHlZOeL2/hR7B1EE+osNQsvttKScobRBvbWVzpKjEWEmsDrHp4PF8CLz9eSnafrsUvRapGMv98bvxxzkhn6m79jlq3JrCEtG4/iqv3A05Ahw3L7/xNZEuFd9fWW4XQ8zklis2EI85/PS0C9+M+7TBleyeDGL+N8LOKeF5upCGr7Q9SX8LA6Zjk/QvbkyfH1KNSkBOrrk4EGKewSLmmAnZLZPl9Uc1zATC1vHVtxNc/FWA5p2NCcjYKapjc755MP6gogM6Oo5hUvj3p00DT55f8lWhs/QQPl10ZHadmKJRkbC2dd4ui4ypLX9k6Q==
+bingo.			172800	IN	NS	v0n0.nic.bingo.
+bingo.			172800	IN	NS	v0n1.nic.bingo.
+bingo.			172800	IN	NS	v0n2.nic.bingo.
+bingo.			172800	IN	NS	v0n3.nic.bingo.
+bingo.			172800	IN	NS	v2n0.nic.bingo.
+bingo.			172800	IN	NS	v2n1.nic.bingo.
+bingo.			86400	IN	DS	26002 8 2 03BDACC0AA8EC5264BE4AEAE020B6868CF219757CFFB96E809B02AF985571BD2
+bingo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . i2QrNZKfFqEWgCsh5m5YZo4fB9ek5RGIK0TaK6mFBNp1XZZiRzpVBqlgjDFTxbY9uWUwq/wZ8X+i0RzPJBGEnbil3UqHUkP6q723LBKXr3+nPCFee6SpbNmIUbvt44knqY4I5U02Dh3LDHG3vuCjRTHQMnxKVS8oGyy7j5AZD8Er+bHC8fKiFjRO0rkk+cMnxt43kZKiDO2mkVfBN+NaPKtj6NCMEpy3H7z0UHPkfXAnVcMqWm2wCONUGWONnY8DS4Hq1iINYoocxZOidl9YqHxF/Emf/g02wjKe6q1Owh5F9gCr9n5NJXeN5fDOsktcKpjJYFBQaN1USp+9uBRUjQ==
+bingo.			86400	IN	NSEC	bio. NS DS RRSIG NSEC
+bingo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uDXvfE8ss4yDnjNllLuOderuarvXJDAq4sOZMkPyDV+++N2HH+xp6iWTMfniuYEuz6WxvsqyPH/XazL1N4zdoow/diM8pmbSODRpIdutIjX+kkwKeoKlBxltYGOtXLgUFZPRufjUc/EpfUZufXxSywLqyksFw2H/3YXYyReYEfFTEj2rE4Wvj0NFxz44oD25m5YCpPnNZ9kkqMp4+vFi+4tIewoaJ+wHW1kLcrr+yuVM1gCtUlHp0joY8XHQOzSmgON++j4kGh47wUH8XGvdJgrPqc/vG0H9N5qIseGUL7PRBpB2BmssM7es+cCxwvrFRG/9Zmdo1fWOVhsuNHZLIQ==
+v0n0.nic.bingo.		172800	IN	A	65.22.32.62
+v0n0.nic.bingo.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:62
+v0n1.nic.bingo.		172800	IN	A	65.22.33.62
+v0n1.nic.bingo.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:62
+v0n2.nic.bingo.		172800	IN	A	65.22.34.62
+v0n2.nic.bingo.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:62
+v0n3.nic.bingo.		172800	IN	A	161.232.16.62
+v0n3.nic.bingo.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:62
+v2n0.nic.bingo.		172800	IN	A	65.22.35.62
+v2n0.nic.bingo.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:62
+v2n1.nic.bingo.		172800	IN	A	161.232.17.62
+v2n1.nic.bingo.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:62
+bio.			172800	IN	NS	a0.nic.bio.
+bio.			172800	IN	NS	a2.nic.bio.
+bio.			172800	IN	NS	b0.nic.bio.
+bio.			172800	IN	NS	c0.nic.bio.
+bio.			86400	IN	DS	16334 8 2 AEAF99CE9C6F64B1607605DAE987D3BD0ACD4C5490691322B98C592C9C27B14B
+bio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DeipbbnSZ2AC1GpUo7Plg+bX8QbN/pE0H9o8GUqr/e1T+P6GAcUQOI2tSpUui7vZAXb7Y/cF9qqoSKTrgQs9A/TyzgSnLt7Y4NuItxX401D+QpSRs/icxedMvT3ozzOTVjb0MybX1rbbmY5WGyPegFkmKL+SEFQwAwjq6mZOPRNbBplept2mwALC2UbAJKqzK3HVi4RPcSkSeyGUGNX13i4hQySI4Pql0Lq8XJL89c0yN5CweJNzeEI6Ducwv1IAFOIOFMvrNCUk548OB/6EpXpWfcXLNmQ6ojh8u6QbpYs55WSCUsSP0LZhOWtZGFyuMnfY3JCzpa0AZWznJa6KFg==
+bio.			86400	IN	NSEC	biz. NS DS RRSIG NSEC
+bio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MsPpojLfFUrVcI1SbyN12LdVoir3tSS/lEEkWbHgLufB9FlOv9DiCw4KbfuYWzwgPh4ZlBz+mV1SyXxKpoGRaI0k+eQ78eZ2fGcAS80/IprEbboKtN55vitGTdYHf66ITZojlkE5HgAgpqK1BtomuI2C2ZQwZKXvGBctHyNSolKQRfpsptAQoVtMkdrQWIz/GOUKJ5T5U9dB4XPt+WHeUlHL+su7oieUV5VL7kUmJN89tNQ+tLJH3cmZzU9QrWDNWzSOAg4D8hBJ6CZr7feouJLSkNVBk5naZ8vJ2fbZ7cLt8Su/61Wh6uUhKzJOfP7UIcZd1KzGoZhQf4GyXkqVmQ==
+a0.nic.bio.		172800	IN	A	65.22.84.9
+a0.nic.bio.		172800	IN	AAAA	2a01:8840:52:0:0:0:0:9
+a2.nic.bio.		172800	IN	A	65.22.87.9
+a2.nic.bio.		172800	IN	AAAA	2a01:8840:55:0:0:0:0:9
+b0.nic.bio.		172800	IN	A	65.22.85.9
+b0.nic.bio.		172800	IN	AAAA	2a01:8840:53:0:0:0:0:9
+c0.nic.bio.		172800	IN	A	65.22.86.9
+c0.nic.bio.		172800	IN	AAAA	2a01:8840:54:0:0:0:0:9
+biz.			172800	IN	NS	a.gtld.biz.
+biz.			172800	IN	NS	b.gtld.biz.
+biz.			172800	IN	NS	c.gtld.biz.
+biz.			172800	IN	NS	w.gtld.biz.
+biz.			172800	IN	NS	x.gtld.biz.
+biz.			172800	IN	NS	y.gtld.biz.
+biz.			86400	IN	DS	11044 8 2 E41AF415E6CD0727C2924D6E60B896FB9C6D81831AC90C9DCA4C22497701AB1A
+biz.			86400	IN	DS	13075 8 2 5114C10474C1467017A378DA75E6845511F78FEA480A4469A3BAFC54B2738E11
+biz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xkPT7HyXFc9E8ibVBgkkq0WrPp0WU89IF9AgRybyM0wG6I+imivPtqltp504N/pq8YCLhOUdzVBVTcOUAYIbHMlVftwKjhtIzLvyNPzN9tz6iKiNv2Usy2CsDb/7OEOLDdxlY1CA+QNwz4+NFVXlzMmmtBSAdfRVll3OLusSooJ+rMl0AS5aeoopXKGvWsxxMiUogV3xQ8o0xk6Q2vL5SGpclq6G41oD3st68r7gzxqqlUWJ6vhkgDdCM9lrmhvEl38TYRJDdDKCY38idDafUNWaOBSTfTyvLuJK6GtTfVRWi8WFdEvNk/knaErt7RVgnpwSOrp6+OMaha89o8AeSg==
+biz.			86400	IN	NSEC	bj. NS DS RRSIG NSEC
+biz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TjlVQOkzq6GZ3xMiduD9AjVLxfhFkrSDvdU+Yho6srZr78zYIoz19k4tWsZYAPBN1WensOrogymJ6OD86R3ERsKKSEuTkdyHNjijsrUaCxCWWQZfOM1XAuLffqXfipuazlTKrcUAldoNFblvWk1Grzzeyn9yOgotTMjSbBwTQ/7AhzhsE1nevhlmqOAWxzBmTQ4Gyh1llvovyYIsWSO3vcmo8MbpAH61J9Gp9q2GAthN7sXO0F0eK8UtSaFZK2wjpmOTKBRosTC6J09ZWUN4edjLxHo2rKrqWmTpbfkpH9XpsLtprR+686EfmwAyJS8XMX552tktcIR6JfrXylDBxQ==
+ns1.asnic.biz.		172800	IN	A	213.248.219.254
+ns1.asnic.biz.		172800	IN	AAAA	2a01:618:403:0:0:0:0:254
+a.gtld.biz.		172800	IN	A	156.154.124.65
+a.gtld.biz.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:30
+b.gtld.biz.		172800	IN	A	156.154.125.65
+c.gtld.biz.		172800	IN	A	156.154.127.65
+w.gtld.biz.		172800	IN	A	37.209.192.13
+w.gtld.biz.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:13
+x.gtld.biz.		172800	IN	A	37.209.194.13
+x.gtld.biz.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:13
+y.gtld.biz.		172800	IN	A	37.209.196.13
+y.gtld.biz.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:13
+bj.			172800	IN	NS	ns1.nic.bj.
+bj.			172800	IN	NS	ns2.nic.bj.
+bj.			172800	IN	NS	pch.nic.bj.
+bj.			172800	IN	NS	ns-bj.nic.fr.
+bj.			172800	IN	NS	ns-bj.afrinic.net.
+bj.			86400	IN	DS	26617 8 2 F408C0B3C28D87A76175348B27F6D26CA47231FC29071AB6B5F849777C6548B5
+bj.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F/DDyphro4/huOTpjzSbGclvdm6ZycScZM6PeUsuxV9YvtFl7s/JtNw8x2FI5cc30bJLqgRrmh2ZwGm/F/gICZ34/xDJ+ASoFH5DLieccLsDYPaVthHZ/TR2dW/Ctd++iiK0HGO1N8R6+PtV9G8puafBPafyMjWzRMBqIEf/Hc/ggxTsrKtP/Q3Fju6Z+DcAS+8f3Lj4BWMRtpoG1uzglQTCRtMqAmcmO390w15VNtMvaUfwYZGrjxm/hopbmfzMGM/dQ5D6mgqAcJx82sBhIf6ZPwjoQn8r/lxZLnDQjNPdIlaW9bl/par4uoY3Kk3qaC5cw0TqlOcxBYqHUL8KMA==
+bj.			86400	IN	NSEC	black. NS DS RRSIG NSEC
+bj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GQRE6KOtCwKpJWisMGHlvTbY2kXPVmmDqvf+NTTZVUChnhM1BUW7nuvEC2ZqqSb6cFGAt5uzSytK6zFkcKTriaboO2hmLuvellnf4R37qCiJkkJv1Q9GGhk2tmwwkLQ/92HhRyJpN+wNv/ShtwL5edNaatB9ggcDe7+skaxiEAMvcn9cg1cxPENLAFKeQfnvrubm+M+sNvCM3C5TmcSKDEQiLry64cCdovtUSmHsAa39Jg6kQUcBk9J6B3NyEGjSAzmnwQU+n2bUCRrRnCMHi47s3+ltLnwizC0r+F6isyyTxb9ZisPEiZQJmXlYfLI9pzVhHSZbRGKfZwRWv9QdWg==
+ns1.nic.bj.		172800	IN	A	154.65.28.218
+ns2.nic.bj.		172800	IN	A	41.85.191.2
+pch.nic.bj.		172800	IN	A	204.61.216.125
+pch.nic.bj.		172800	IN	AAAA	2001:500:14:6125:ad:0:0:1
+black.			172800	IN	NS	a0.nic.black.
+black.			172800	IN	NS	a2.nic.black.
+black.			172800	IN	NS	b0.nic.black.
+black.			172800	IN	NS	c0.nic.black.
+black.			86400	IN	DS	28819 8 2 FA6792252A660261B2C191A71BCEDBE4CDD7BF61C33AA5F04E558ABEB8F96BD9
+black.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . s0/RN4CWXdeT/FtOmbT3+SYJFzOLqrduRFkINm/K4wYw+t3mDErXvwCwTpc6MT2e42Fi+vgJo5qhhS5y+Jv7Pnu1JJ5yALaSAIADAFbNuHiXPWFZIPE8bXTYzZlZjs19hh3Df1Go/1TCeWKz0n5BNeweD7LtuAhnxw1YDnP6y4vCdPABecosXU3BF4rg+u1D9Hleo8b9lpwg5JRYmk1jQylqdP+L6LTxSDFXYP5xRL4S6yOiqX/F3b9GDEHUiDatLoLsqJ+tOQids9f312w9TyUPHVFtajdjE62JZJqrateeRx/S9K91ThMNuP2Ce/orc8k2x77+KkL7Ce9OTEvXng==
+black.			86400	IN	NSEC	blackfriday. NS DS RRSIG NSEC
+black.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ogj3Wd7MvU1I/hy1TTR/FitdRxTGCWHN7+UKbNzCwUZ1OcwVSF/XxYbOCiZMfBOLpbjKdtDOELVKkETX/8rAGXjN0SSshmsA7JgOiUMYbzNRo4CiQgIxMmNGsDEXyAFPESARIGHQv6kdOgPqn+sILsXGYD0O04OL6MgfqjVwGi5SFvLZphzD6maleT5mvZJpbKLVfOv4w1RV+nuWFaPrt50No6g4ZdPnnGJkld8sEIJuNxQVZi/SjzhAhQIxaNgmK58rC9utj9IDCKbeLL8tms5lb9KS9lLD2lVNJUn+l0tcJDGCo91jAhm7Y22uEAIOFf/Vv2TgJlCNpL6RxHHPkQ==
+a0.nic.black.		172800	IN	A	65.22.68.33
+a0.nic.black.		172800	IN	AAAA	2a01:8840:42:0:0:0:0:33
+a2.nic.black.		172800	IN	A	65.22.71.33
+a2.nic.black.		172800	IN	AAAA	2a01:8840:45:0:0:0:0:33
+b0.nic.black.		172800	IN	A	65.22.69.33
+b0.nic.black.		172800	IN	AAAA	2a01:8840:43:0:0:0:0:33
+c0.nic.black.		172800	IN	A	65.22.70.33
+c0.nic.black.		172800	IN	AAAA	2a01:8840:44:0:0:0:0:33
+blackfriday.		172800	IN	NS	a.nic.blackfriday.
+blackfriday.		172800	IN	NS	b.nic.blackfriday.
+blackfriday.		172800	IN	NS	c.nic.blackfriday.
+blackfriday.		172800	IN	NS	x.nic.blackfriday.
+blackfriday.		172800	IN	NS	y.nic.blackfriday.
+blackfriday.		172800	IN	NS	z.nic.blackfriday.
+blackfriday.		86400	IN	DS	47938 13 2 92074D73F8C4E1B874E8C6B3F76C6994A02D962A948C94E1A504DFD7CA1CDA4B
+blackfriday.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U+qKWtbR6gTvSrPy7+yHrpvnE4Zxs8pN4XTaqBizAuwGS11SnI4pCkXKbj/BTjlrGk9Xrk5rp1uUHlFV0MOq4LPi2cQ1qT6Eb4q7pxvCtvlqc68BagobcAk+UilvpwezvrmKVhfqPVPQs1wlL7R7EAgZ3frebGVEUic8Fsc8Sp2GbxOBoR7JNTaFSttgF0wHaXKcwvU6wewUz7D3VEFIlEJz0ZU09HRNXoj7paW/yaB5juE979BQwEKMriIQRpBCP3JF9XV5IlX9qM0mRXG8sPhKs1NHwcRK15Gc93/xEji7nYiEpFzCdU1g66NfPnmcRqRguLqYLcyZFJ5cVY+vPA==
+blackfriday.		86400	IN	NSEC	blockbuster. NS DS RRSIG NSEC
+blackfriday.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zKqFp+wdwjTD1sGq6+K74hQjQn/bUVSPYRHkqZy1bxwMlJYBu5tz4RI968azl9qwDWYEOGJ4BnCY2Qs5+HnIsup9uL1Sqw9Muj+qkcmpHlBtQ0w2zpCX1vbiYcm9TgJPDcKCUjK1fjQGyK73Ort6ZK/TGZCpQXr9OK9f7Zk5MwuaIKg8f9B8m4z4l2zl2NIXJjOT/3OnZA0yw3vAjp41wOYeRXFLh2qNT90XfL/tI72lnRmR1WkbcLN7QVDoa2gAawLED8sphSYCXbaiKbTjADPZ6G5U2rXCeFLO13Q8AsTqMa/Oc0ZdGR8dzMVAhRWQorHlI9QvBf21dcnAFQLWRw==
+a.nic.blackfriday.	172800	IN	A	37.209.192.10
+a.nic.blackfriday.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.blackfriday.	172800	IN	A	37.209.194.10
+b.nic.blackfriday.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.blackfriday.	172800	IN	A	37.209.196.10
+c.nic.blackfriday.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.blackfriday.	172800	IN	A	156.154.172.82
+x.nic.blackfriday.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.blackfriday.	172800	IN	A	156.154.173.82
+y.nic.blackfriday.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.blackfriday.	172800	IN	A	156.154.174.82
+z.nic.blackfriday.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+blockbuster.		172800	IN	NS	a0.nic.blockbuster.
+blockbuster.		172800	IN	NS	a2.nic.blockbuster.
+blockbuster.		172800	IN	NS	b0.nic.blockbuster.
+blockbuster.		172800	IN	NS	c0.nic.blockbuster.
+blockbuster.		86400	IN	DS	20059 8 2 7CC46EE5DB147183B41BDA17AC3A5CE97963064F139E80A7C2B60AA8BD5200E7
+blockbuster.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gtG+1LQPkWb0lV8RtcH3s5/3pUp9lHZkgZR7hWRz6ZUpp6649uacsMW6qgJDmH5hm/RR5uPndtBYXivJw2r9Y46DQ2MfhK55wAik5Zll39ERw3ksoyZ65hN/gZ2gHzE5WjElb9wK9s+dhECqvtv6tcToSy0EcbgvrKetp0M3rKsf6uty0rPbSwkam4WfGD3AiTeP1kj3fnbyiRZZrvdqIR6ruXvzq/Ppw5gssqR43nUXeAefW98ITDS0cATJV7e3dTmGkMAz9OdG9pef/RUDima4BvhhdmxDPRY9O4odux2h1BZB0HxE2LIZh5iLlYOzHrFpBQebbwWI4bsBanX4jg==
+blockbuster.		86400	IN	NSEC	blog. NS DS RRSIG NSEC
+blockbuster.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . un8IRV38iud06Vx0Td1divGOCnvwwnujytkEIm7aafr+LphGQbDtDD0s1DprGOuyi9MvwlbHGVhJgSwlYqTITATGRUqfrGwoXz4tvvL5HQYjXlAo8AqA/Ezabx6fLhcm5nEVkVNWw86cs8GyJAwadWK6WxlRoOqwkjE548FdnnkfRAKxnXaOy2NxP3Xv0sFFyiluRkgQBJE0LlHtUUmcx1MmahdBK6zoLNAOsPgyfC95pIXwC3Gob0kFkL9T53kSRvETdjw0jgKsxwnzZtvuFg1KYIRiclLF+/bVDe7ezLfqbx3mWnSt2ueoqmu3+7owXCnO83YEcJrgNzQAAxYrpQ==
+a0.nic.blockbuster.	172800	IN	A	65.22.92.25
+a0.nic.blockbuster.	172800	IN	AAAA	2a01:8840:5a:0:0:0:0:25
+a2.nic.blockbuster.	172800	IN	A	65.22.95.25
+a2.nic.blockbuster.	172800	IN	AAAA	2a01:8840:5d:0:0:0:0:25
+b0.nic.blockbuster.	172800	IN	A	65.22.93.25
+b0.nic.blockbuster.	172800	IN	AAAA	2a01:8840:5b:0:0:0:0:25
+c0.nic.blockbuster.	172800	IN	A	65.22.94.25
+c0.nic.blockbuster.	172800	IN	AAAA	2a01:8840:5c:0:0:0:0:25
+blog.			172800	IN	NS	a.nic.blog.
+blog.			172800	IN	NS	b.nic.blog.
+blog.			172800	IN	NS	c.nic.blog.
+blog.			172800	IN	NS	d.nic.blog.
+blog.			86400	IN	DS	16976 8 1 F4535C694F892FFEB740C35CC9665B52E360DF7D
+blog.			86400	IN	DS	16976 8 2 9862DE44E1E7E44215165000C4B87BD3F46D439C686166DA0CA79E06896958B7
+blog.			86400	IN	DS	43975 8 2 94023BE3A769704F45ECB9FEA13BBBAB6ADCDB4D8BB39E621E3CBF223FB5CA53
+blog.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yh9UCs9UCmwNip413mS7zCdCCAIupMUjqUNnkWhszQQCiS9cPhLhvE+8USEMDk6jP5kBmODYG/VrDWxXN5KwyoikX/wtm1Bxu8FHDDBbC4Y2UxiMtT34f5cb22whvi9UFumDtfUiQ9OicW+oo6pBu4sap12yQdK3zm7eEkqIpU6RFDq5TrHAzrIejPcAAfAQq0MRi0asOOvVIIwx0g8LVV7/9HeQMugS5LNmRahgl5JV1CZ+hcGbwQqPdKTnaWy4OqFYPQTebmCAjYteTbGjmpdD0suXFJ/GY07SGLp6VGRBbyglCEXUk/PH9uHl+VAbaz4pUZ+ICWCZv2kXTL2EQQ==
+blog.			86400	IN	NSEC	bloomberg. NS DS RRSIG NSEC
+blog.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xhy93II+1S1XHALzfSfm/nAHilil1lvH3Mos5NiFPVcDqlEwmiDxe2y/Am7ec0s4NpLk1QIbphXyWEyTkCnbAUJ3LmNH/Z2fXvdDs67+vb3MxcE7FnEjuQj3o34ldQfoUKSXooaGdyb8yzMIKMpkiyHxcq3MFBhjLYV9qMRtR5PGg2aLV+83z+CtXoPeWCOUu7sZPMJTaouPPeTMj2qW+D7Hc+/xm9zb05J/bqXTtueUHYTNN06macdruG8zz7/b6gZhEpfeGnNV/mfPjrqmuaSuQMKLZyOHtsx0b9ufNktz3tkJlHxzyw3NLypWyS9SRaFkitgUNmTh2e+q2c5IRQ==
+a.nic.blog.		172800	IN	A	194.169.218.94
+a.nic.blog.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:94
+b.nic.blog.		172800	IN	A	185.24.64.94
+b.nic.blog.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:94
+c.nic.blog.		172800	IN	A	212.18.248.94
+c.nic.blog.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:94
+d.nic.blog.		172800	IN	A	212.18.249.94
+d.nic.blog.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:94
+bloomberg.		172800	IN	NS	ac1.nstld.com.
+bloomberg.		172800	IN	NS	ac2.nstld.com.
+bloomberg.		172800	IN	NS	ac3.nstld.com.
+bloomberg.		172800	IN	NS	ac4.nstld.com.
+bloomberg.		86400	IN	DS	46338 8 2 98A66BE30959371E15EAF5D4A65ADA3393050610A2E5B7AE321B694C876258C9
+bloomberg.		86400	IN	DS	49654 8 2 DA5A6B59DF8DA1F4B814D38FB01359BCCBEE0E6595E19FC569C1830CE452447C
+bloomberg.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NEpoEhe07hU/m0GtyyL5Shf5pxws6uSqibg+uRNjT8aoSHPosipMIEIILk1BYR0Teyy/PWiiT7W0a3QF/4r0xmxHBBIcyWXbl29KKo/EHwsI+qlNnywerOEikUfe0TMaAcxLvRcPprLp43glsTfDVQ5X8N0/j0tZsW5ZAjzQGNY7sqOvpAiKbdv2PLGpzo8Z0dAwkIGkFffNZdtaJFIShXYWjGk4eZLvsTA1vZxSawIIo1cCE+fAVeTjTx0wRTKnArVfiANaixvFZsPE4+Rc7Fe8fxQT+UhlBRZk4IHYpwElwwbnZu2sVa/ZXPqyBLoOELFXib2k8et/HamnCBCt2g==
+bloomberg.		86400	IN	NSEC	blue. NS DS RRSIG NSEC
+bloomberg.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WdAEsQNne/U4gkK5LtXOJZ6ygJ5n08W8avJgOnp4kG8WchmPCSeMvBkg7JjZlUnOL4Aj9z2BfOnvbYOO5NNoNmzk4+1ESmHoZ7k4cEwC2xv53CnO8X8NlpSBXNyr1zssd3zd/YZt81XgVnsq5pNctT33Bex2p5kws1+PC1l9dmqcGtDGJmDmoQEPqHcPxOw2MjyuMaiKgqWGezFKyAP37lQAAq1iqNndfppQXxhE7npzTzm7Hd1hlbgKFytI4VNpbyCi8hZCUJ1DrmtYWV7Z45wp8d4DIPQeaWdDo2+9Kk4Xb57x4xnN+0mCgyOqY63OCu6PumoAqMklUOswOf4r0g==
+blue.			172800	IN	NS	a0.nic.blue.
+blue.			172800	IN	NS	a2.nic.blue.
+blue.			172800	IN	NS	b0.nic.blue.
+blue.			172800	IN	NS	b2.nic.blue.
+blue.			172800	IN	NS	c0.nic.blue.
+blue.			86400	IN	DS	13015 8 2 337188914037F0D7831C5C732516D7310C1D291F55ECFE67CD8B9F4CED0B706A
+blue.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cZ5A+QGd3H4epmBfwvH2L2+bSGzaN4q6XpQjpmKQ+fjkS00iyDQZft1v3PZNyz3GB1q2WIORnkHvj7/FnsU//iOMYQ7AdHVCG3hjiJHKBa+cl7WkoDNBtjXX3yRddMPbumLlDsv46N0NzPj6s3ES2wSTSZA6oD9A53Os5mCEI+GxiqgwTtHsdL3kQk0WUenqFmtJNpipp3SP0wcU0us+8ekjZqv5rIbPAtbRR9uqrJgc8UBrlKhI+B+RDbr94Kzm8E2jWGlBUkvUXcpF5Sbb219IOl9LGy6SvmzGa86iixLUJHRtQc4NE5fMDdQgeYthSPY67Yilwk6Pb22M5Tg4Bg==
+blue.			86400	IN	NSEC	bm. NS DS RRSIG NSEC
+blue.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jbfklwIe4qMuJDaEtjtxB6uNQpk+jiD1lq6sDdaBtJjbhIdFX5uVPb4oubT3IEfRrg5vM9G1IKCNC+Od1pbifuIyQXazFfZ+QoryQO+pYeNXt1X50kmtQCotRtoHd7BQlmfgJUSrXUaEUXkxk13szQ14rDv1LhxcJxMV+5xBNPSj85E4UeJFHUAE36SVPEFWkvoDWxzxgLAu3jKnvONpXT+XAbgns0Gw+39+C0T2v75rX2n16ayIwywJDIaQ6EC5tlvokODtOwj63W6bd2ugmP4prDrsZxnMs4VBZHP9KI4fWXfOXT3wBDxpL2Npdewul9B5qVoLc2KWp8y7cS/I9w==
+a0.nic.blue.		172800	IN	A	65.22.28.9
+a0.nic.blue.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:9
+a2.nic.blue.		172800	IN	A	65.22.31.9
+a2.nic.blue.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:9
+b0.nic.blue.		172800	IN	A	65.22.29.9
+b0.nic.blue.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:9
+b2.nic.blue.		172800	IN	A	65.22.31.13
+b2.nic.blue.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:13
+c0.nic.blue.		172800	IN	A	65.22.30.9
+c0.nic.blue.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:9
+bm.			172800	IN	NS	a0.bm.afilias-nst.info.
+bm.			172800	IN	NS	a2.bm.afilias-nst.info.
+bm.			172800	IN	NS	b0.bm.afilias-nst.org.
+bm.			172800	IN	NS	b2.bm.afilias-nst.org.
+bm.			172800	IN	NS	c0.bm.afilias-nst.info.
+bm.			172800	IN	NS	d0.bm.afilias-nst.org.
+bm.			86400	IN	DS	37810 8 2 E3E102B0B9334884C32BA5EE04C628E94D9D66B9026287109066EBEEECFEBC20
+bm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jMMjfXogeV/Rme95an2KoNCPMPSJLlaz6NRlzVYFXxWmD44oEpENl+xIFhZdvYcMrP00EENtpZpL95oVSn3sdf0alhJGodxileeuErFZWUWLhyFkjh0VPZLJlFa3/5/K5Uyw5xT/RoauolEp3lF7H9p7NXb3ZnbBu+0cisXkzADsk0BMA+D8jconsrm4d/JCilVSVvceKLtQ0qGlS8hhSGw03mwJsDzawG53Yvj6Hw9AwBve8q4plBCH5pJVI194p+3mMuJQc24aJidSS/4q/FFWLRmXfXZU1pNmtXAorZjoDpbtzOzZzIYyPpA4cZQFrHesKtr72tUNfevix4wgfw==
+bm.			86400	IN	NSEC	bms. NS DS RRSIG NSEC
+bm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dJoWFKUkonasgtEuSx+DJiZBISxadXefLnGSj/5GJePCm0dWwBNVqNNRMFMEtw4lKrQCNFQnwIxD49W/lguwhJQ6QKO4LM7oMRbeMLSvsNTbV6jHUDABHr7P5/Em+aoLlvPkwddjz6FmU61ziwBzQl4QEGrZBY5KRIMMDqeIUsmg+U3sCjTEBNrTeT6G/Tb41RH9Xanz4Fh6M6RCnMOTblJ1MotwHqPBnU0xZ85kDzu3FrEfwoOPLejpSbYsFqO5TFQ6y4Ltg+wq66Zr2J2ZQerqgFTRu+hkS8cLct0t/IcEumDjvP6KFoshW3xdQeXn7Tkv0mQ2yXmF8h9Sz+hS4w==
+bms.			172800	IN	NS	a0.nic.bms.
+bms.			172800	IN	NS	a2.nic.bms.
+bms.			172800	IN	NS	b0.nic.bms.
+bms.			172800	IN	NS	c0.nic.bms.
+bms.			86400	IN	DS	6109 8 2 CF017A68F34CCC1A4F72FB998385A5E9EEB60CFD9FF8043AB6E6B4F9495A4A6F
+bms.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ucs9NBwrckl1w5pTNAGUFoAmXFVyXp4mfEnm37ij0Ss0jNwU47isnl7sMhQW9eaBPbKdqmn/c/a3FIsPEwf/JZQvZpkwjpio8mjhY9ND0ELhoxROP4dAzwwb8+N95tcITEil+xH1f8ZDnOExiTwnSHxfd+GtUkTrLQu5ePF38qoKH9J6jlkyaXuWEk7yY/i45i//d1vIunHpOZcgkWvyV/3TyGktSECGDVfXvTFFVdohG10BVchYdRYpaW3CFIvTZnk8yWaPxv+S2G8CvtYioo3vadUoDG3tEoQQ4y1w/LG5Izmxr42d4ssgUzRQqRn9m+0Eknt8301sjODdrQmvmw==
+bms.			86400	IN	NSEC	bmw. NS DS RRSIG NSEC
+bms.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kgSkD7CX61kbbobO5Zo631POtTPpNMWi/w9i+vCf/Kgz2smPvkrBpHJrZzrnoibGKQqlKqxb7XNSbR700jjSJ7bDl1KWU/DoOgHPFdcrPHw2oqD/eCIpwrDcXqyAvuiEO8OF3pl7O/0CH6RJqWSyViXXs+Ovy2z0KxGSMWT2vC6hJZh2W36s8y/6gTLWgb4IHej3OjxT0Co/hP3tjX7IoY4cc22VhYOAdRXlfR+wI+lPfhq4XlMd/9ynNnWY7/ktv5tdpQYUuj/NfnvAG1o8pfTChwyaFIYF+/bp0wfSCscIEA1+IvZlmbakXtFTRgpgCAzkCMdAvyOeDy32UwqrYA==
+a0.nic.bms.		172800	IN	A	65.22.112.45
+a0.nic.bms.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:45
+a2.nic.bms.		172800	IN	A	65.22.115.45
+a2.nic.bms.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:45
+b0.nic.bms.		172800	IN	A	65.22.113.45
+b0.nic.bms.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:45
+c0.nic.bms.		172800	IN	A	65.22.114.45
+c0.nic.bms.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:45
+bmw.			172800	IN	NS	a.nic.bmw.
+bmw.			172800	IN	NS	b.nic.bmw.
+bmw.			172800	IN	NS	c.nic.bmw.
+bmw.			172800	IN	NS	d.nic.bmw.
+bmw.			86400	IN	DS	41084 8 2 6C86D7E525248DF05C8DD7720648D4CB629DAAE2DCD163BFC74D28312FD5311A
+bmw.			86400	IN	DS	43579 8 2 B543B5ADBA44E6E32D11C93BB4E729D80FA1197F59B2AE505A1E292605234793
+bmw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wPA2lI6+6br+2cDCdOBlIA+/g3KtZTApnnfgngaBlSoMZDRs4zwfXKOprQ5a4jhXvGzXarcL75SbLlB+6Radh1g0FNcVfQUXp/ymxf1Zz8ED9muIcZqobNqVyMpXBVnDNJrJNvgZa/43pc417JnfSPqLM91LITEk7BKAhQp39Zm1f0D28RfUKMu+U1pF8HybLrAkeNqbFo8YjDzaLCvcL9ZaCmMWVkmJ9Qxm1p3VvZEB+UPbPMLfi2OGhMn+oE0SS3TcmC5nOA5wwxilLw61P3MNLOZaH59omMjX6n6oUv81gJ8A/7OnXUpphG+WmRLgvA1zIZllVLPOuGfztWXwWg==
+bmw.			86400	IN	NSEC	bn. NS DS RRSIG NSEC
+bmw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ouXwsd7k8vCbe7rwYHy3mR9tssEZQrkiSRIYrqNgySE2uI3VpYyOX1rIn03EyaKbauRzwyXQLETIMW73d5Mzn0RwX98lDyw2rSIdWAa+r/6DTjr9MUTIEyEaqEedb7P5isOH5cses8SK94B+9j5qi5RHoVtxRaJoypTb1v+wiTgnqpFNV1Nq8z1ZRppqxYLZyJTM6FHYwST83Z1sa6hqoLh+hfofLNu27Eppj3V9iWd33b4Rrxw/ciBt4bXg0fkOq8ecZsfWC7J24l4oyByz08wkk47wb8mpVxdbk+0NwkAHxsTC8rs+MCP62nOsOnYte2PWGlOYGlfunqO0cOMK7w==
+a.nic.bmw.		172800	IN	A	194.169.218.76
+a.nic.bmw.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:76
+b.nic.bmw.		172800	IN	A	185.24.64.76
+b.nic.bmw.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:76
+c.nic.bmw.		172800	IN	A	212.18.248.76
+c.nic.bmw.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:76
+d.nic.bmw.		172800	IN	A	212.18.249.76
+d.nic.bmw.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:76
+bn.			172800	IN	NS	ns1.bnnic.bn.
+bn.			172800	IN	NS	ns2.bnnic.bn.
+bn.			172800	IN	NS	ns4.apnic.net.
+bn.			172800	IN	NS	bn-ns.anycast.pch.net.
+bn.			86400	IN	DS	37217 8 2 C07408E9E9E8D893257B987EBCB7B8C11889A2E40A66106CC05A6F12FBF629E6
+bn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GKpjlcdFSsCMIV5ZXHmbrNNl3wzEGajXKYxpQSi9vqA1zLz8ps2K4Do+W1eE4PncgwtWMxLWe6ZJ+EUwUml8QT/XSlr+/tqNgwV7hsGFjyvdhd7qHEpvfqV4XNVmJ6AcYuqqaru/tYYzCrt3nKLPMkrNNxWjZwoE9S4+d/fpMxGopDmO3A/ps85fssH92CbYzKqIjcfQXXZ++NR895It+qlwI7PnbOWlDtkhrg5s2TB5y5bPFBNznfLKp5UVMwlYMxkSyxNQgrOCjNJdOG0YeW6TTj0zufHsmJk8ao8hfJGFNw9F1l66Yszy5XD1to69R5ie5QL9HGylDrwQbpUHPA==
+bn.			86400	IN	NSEC	bnpparibas. NS DS RRSIG NSEC
+bn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cRiwcYOXc2YIufOVseM7N6gNATZhhcwK2liDAoWLIf6Nv+Wn+XuwRwBpL7OYt/NeITgrEtdTeQgMzu7PxBgeph0xop6Rp4kSj2dzvpJ5qmsHeDZ3MiTeKc8Sise8BEMWry5GrTiPrrVrsf9G4q3Y3B/Q7OCjPBP9xultPf5PKXbkgQ7VWYxJapMG4sYnyV8V2YeRjPXviDy3a5S8RTMv6hLZq/bfqOr17wYuFdFTcIlEokOambTH+OsxuxtIM6VJlwhW+u+Cc4VZmq43bzLnQDkJZJ5DqrDqbaui4bddKTB5IruswQFrkGqbUdt0jxhh/crt8InG2ZEc30UWSCtwNQ==
+ns1.bnnic.bn.		172800	IN	A	194.0.1.33
+ns2.bnnic.bn.		172800	IN	A	202.93.214.163
+bnpparibas.		172800	IN	NS	a0.nic.bnpparibas.
+bnpparibas.		172800	IN	NS	a2.nic.bnpparibas.
+bnpparibas.		172800	IN	NS	b0.nic.bnpparibas.
+bnpparibas.		172800	IN	NS	c0.nic.bnpparibas.
+bnpparibas.		86400	IN	DS	51937 8 2 84170B93B26C6D2041AE501A63ED72AAD0FE327B139C21ED23329717F1DD2034
+bnpparibas.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jj0WPbo8NxXiGGHKjDTElV/oj18KeTvWSUAw0tLBUX6O++tyT+PpYhTPLR9IZjz8Udy2Yv0e2VzVm+4medMtBEf6NTElq3NlCNWpY8+x46yhPHVGB4A88hTpvGgVaGLXaVMjxwJBbd5Sll+7G2UIPOX1a68+79ljO+YlyquP4A65Hc2CodEb8s4KFdi6wZTwOJD9Mxgx7BonhKdCuJFnblp1ml4LG0gICbxFP445PmS9nB0SoPneP7GoY839+ggrA0LfQOpN4bg5bBolx8tQ+/CYkh8ALHuscomuNtYI9kArOE5zrZwk5hkz+De4jBqV8VBy34JIW2URouAxt+wGEA==
+bnpparibas.		86400	IN	NSEC	bo. NS DS RRSIG NSEC
+bnpparibas.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KGm39yEjWAkIk3qIM4DbJkylyiO3pUa0ehy6MVM12l8IisiSuXspsK0EL67oQmons5yEPKPndhzFlFE/H24FdP+4jCDWmvtjKX87NKeL4OEi5sLCMeJ6vvsuIz+AaDlx6X0XOr1hIoD1PgfjxTgdYpg4uvJmfBBW5NIie8mD/au4dp6LXyzc/gYBZ8hiA7Q+HhWeXs/Huscf86zCEeclzA4HlbinT6FoShYY8sQKSlURoqnizS2Ge8oZyiu9vZo7XkXoMdRx/Mjg3DcKiNLpgeOwsyfu/f9CYjPJ6FwiWmUQxp5aCEABYXzmtEKaEwDoHIULAcEMTp7id0545/pJUQ==
+a0.nic.bnpparibas.	172800	IN	A	65.22.64.9
+a0.nic.bnpparibas.	172800	IN	AAAA	2a01:8840:3e:0:0:0:0:9
+a2.nic.bnpparibas.	172800	IN	A	65.22.67.9
+a2.nic.bnpparibas.	172800	IN	AAAA	2a01:8840:41:0:0:0:0:9
+b0.nic.bnpparibas.	172800	IN	A	65.22.65.9
+b0.nic.bnpparibas.	172800	IN	AAAA	2a01:8840:3f:0:0:0:0:9
+c0.nic.bnpparibas.	172800	IN	A	65.22.66.9
+c0.nic.bnpparibas.	172800	IN	AAAA	2a01:8840:40:0:0:0:0:9
+bo.			172800	IN	NS	ns.dns.br.
+bo.			172800	IN	NS	ns.nic.bo.
+bo.			172800	IN	NS	ns2.nic.fr.
+bo.			172800	IN	NS	anycast.ns.nic.bo.
+bo.			86400	IN	NSEC	boats. NS RRSIG NSEC
+bo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cya60GRDDX1xMAF31bAAFU/2KT8wp0nAYtLtJWYvL4/w5wBHOmUTJB+87Nvulyx1hN6sEZYNSmqRSKI2sNlGKxtdOIqcVyXMYXbf0/EQRyvEJPUHBNTjm9gF3oCgh/J++XZlO/kb5fKOpm6c9U5XgKHEOB1qukkK1N2gBS1cKZAUXN2T1vf7Yek41FGRun3wMNJGLfPj/jLxtYwXxO6PFxil7KLMi0XoFkzyOhIIzeceD8sUR8BVE4HRfGgsiL8VlzmgehzBZzLu6EtbSKyf5e4PQehvVSnFRHa3GFcTLtyhF2A6hwlOF8bGUdEDhpdWo2QKj1YI3KHZqNwQA0V3Rw==
+ns.nic.bo.		172800	IN	A	166.114.1.40
+anycast.ns.nic.bo.	172800	IN	A	204.61.216.48
+anycast.ns.nic.bo.	172800	IN	AAAA	2001:500:14:6048:ad:0:0:1
+boats.			172800	IN	NS	a.nic.boats.
+boats.			172800	IN	NS	b.nic.boats.
+boats.			172800	IN	NS	c.nic.boats.
+boats.			172800	IN	NS	d.nic.boats.
+boats.			86400	IN	DS	184 8 2 A4A33B365286ABB2176F9F617093D4DADE9CD2AF1C8B4955DB2B0AD92B6940D5
+boats.			86400	IN	DS	59980 8 2 A5E1E3D7C3A1CD95834BE1A4F1B403EB0018E4918D107C25A61360B2B7E585DD
+boats.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EMkxvDCh1xHJZ2RmmSDPzKNRfz76sF4YNcWK1FIJwstQrU675OnsohyDLEhgMDtkrwv2GH8fh7d5vsf/Q5XmXvLQ6DIN6vqBL8quhk3QmMNgXd7/3KxAa+QXmd1hCVO37/EGhqzyyyGaEz0UhsDOkr9ev0gV9Q+CDJ19zNXD7q3AYMBDMnbXVXC5GHyVWGqQvO+HVfc3LhuDLQ/DtWxWp0qWaTFGcmuOEOb2atPC5x+8LHkcvLjJ0huQuBQigr8Qdv5rcF3e/KTqUnnZXNibWrgqQrJnU3hfkov3XzHE2TRJy35oQ6mwo1+toz41otJXne2wuBttSjkE0QJmdQicSA==
+boats.			86400	IN	NSEC	boehringer. NS DS RRSIG NSEC
+boats.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZLf9z4qZ5dVmxOr9N9Y8s80DLueiOWTKBAfqqB0a3kBQxpgZThvXLwgyi9kZBfE5u4O+S0jkL8kIS5FP/VerjmLsg89JngvMhCchK1W7JlvlMvZeD9cGRLAj6ltdgXRKhStDRe2Ct5zw4j+NFHCmYN0fxoNpABsrxGtTQ8xRhbDsgEEk2hRoFFB+zembGcYYscu1iwP9IFm8jKtA7WV+oRyVd1xapl75f3/NQ3c+OtflIHePOPXsde2vhCL1H6iDk8hiVGDNZUwUGWbytu9WA/PCfSh0ZotgM6Non0sKru8/x5VbHAwYy1Rm+3WNIIxfbNz70XxRow57oat0V6BGcw==
+a.nic.boats.		172800	IN	A	194.169.218.134
+a.nic.boats.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:134
+b.nic.boats.		172800	IN	A	185.24.64.134
+b.nic.boats.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:134
+c.nic.boats.		172800	IN	A	212.18.248.134
+c.nic.boats.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:134
+d.nic.boats.		172800	IN	A	212.18.249.134
+d.nic.boats.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:134
+boehringer.		172800	IN	NS	a0.nic.boehringer.
+boehringer.		172800	IN	NS	a2.nic.boehringer.
+boehringer.		172800	IN	NS	b0.nic.boehringer.
+boehringer.		172800	IN	NS	c0.nic.boehringer.
+boehringer.		86400	IN	DS	37117 8 2 98508B91E23EEF16223B93512B6FFD370F83CED809A7A157A98A8B07BE84E0CE
+boehringer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rMYYbNyvYM/a+KqUns25YNs455aUfTzBJdam1kPEwZ+OouRnY9gRDBEbBOlV0cMOVTAX4e0Ub7wtnc8TAk2Q9fmRAMBiAY/QnHCH/9/8LRnkm/5tl4bBWAxtgPrODznPsJS12Kw73YcpQZkkElhZKclfVOUKcgtFdYNxpLlOFR9pQUdrGYn/sfcSIP7PgACawrmjV8P/QwjIFy1nIferDOd132PtKMnJeGT4sLGymiZskkVgKGLFk+SWk009RWb/k2ZlXCWnhU9fARwzLk+HkeSqL1qz3mMA9h3PMnbi1SY15J0U8zjjF4IvSvoBTvcJcp0B+CK3iap9dp3j4q5vOQ==
+boehringer.		86400	IN	NSEC	bofa. NS DS RRSIG NSEC
+boehringer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sQSyiJw6uF8kirWFXF8E35wfrrdlqq1EG6P2+iysw6fnswGIziMp4AGKcpKQRGvBoBO3SNh9HB+0MGHT//0FvAcS542nEH4len5C0LrUWs2l290iaDBeWoOkHnfm2yz9BWwocd0iPrVz77GOHBn1UAR5e+y9hKzcM/bhCkdOwmbiqpUd6l1739YXJJFHfrisDFnp9Gvdt63Hh2JjMh0DhDPHbBh/NgBsazqnhTkjpgCRgalPql3gnsBve5fYjWjjWLLmJlAc4YhgFF3jboDduIRE5jkiTqE38Qnj3k/hT4WaAA7rDrGaPmrIvQBy+oTYvY4pUsaW2t3pN1XpHNjzaw==
+a0.nic.boehringer.	172800	IN	A	65.22.188.17
+a0.nic.boehringer.	172800	IN	AAAA	2a01:8840:b6:0:0:0:0:17
+a2.nic.boehringer.	172800	IN	A	65.22.191.17
+a2.nic.boehringer.	172800	IN	AAAA	2a01:8840:b9:0:0:0:0:17
+b0.nic.boehringer.	172800	IN	A	65.22.189.17
+b0.nic.boehringer.	172800	IN	AAAA	2a01:8840:b7:0:0:0:0:17
+c0.nic.boehringer.	172800	IN	A	65.22.190.17
+c0.nic.boehringer.	172800	IN	AAAA	2a01:8840:b8:0:0:0:0:17
+bofa.			172800	IN	NS	ac1.nstld.com.
+bofa.			172800	IN	NS	ac2.nstld.com.
+bofa.			172800	IN	NS	ac3.nstld.com.
+bofa.			172800	IN	NS	ac4.nstld.com.
+bofa.			86400	IN	DS	35541 8 2 5BF7C416FA5DBA14158B807FF4EB2F0438DB45D35D0F0AF4F6FEFF148399B455
+bofa.			86400	IN	DS	64354 8 2 BF0D0E96761317B889DD50495191A1FE5D5342703C381C21EDE518E843BEB658
+bofa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XFiVqvyoDgWs5SLhpgHfVi0CiIz7dx1P9OAyeBuxKHSiXCAzl917I1uAZyJTG+XsNRqzRkOme7BT981aSI/b0ubzmWdPji7IftJzEzzO4GPJJWrBWwGzykkbjXKVAp88+YgxvZTe38jo0NcNwMbuPye0+t+1e7qtuG76YTYNK9PjDfzX65lcjLUrj1MNoVhmZQhzoIQREs/jO8ZrIR84cm7469Z73RrGs5qn7j+3HSGSVniK0ru2cEeY6oFa6l0r5AOq0NtkUWRuhK4AbOqtCWiUFRXOckvmzhHtSDe40b1c/wJ/MKeTyKKQHtU4zXXqDW4f2j288/M6sjY3mERUQQ==
+bofa.			86400	IN	NSEC	bom. NS DS RRSIG NSEC
+bofa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RB9X0o5StHag5jcdv8cE7oGJYr2zCJ9oNXpndrTmtu/TaDyXDgRHhmUQ3Ij2vft2Y2IzIZZr2A5ZcyGZZPs6rHF/Dt6xFeZj7FFLmXnl3MIZJE7HKI/CZVy8o7gBdFCUwd/25qGh5XtJb2MHvAgXjpy+fgPWZizUnh7C6VtgeTDoRU2suZ6UFzUYeSaRGU3Tqk0mdOrkUkbfQkSBVDaSUS6iV8N7os275UNOMlNHlwfY1WHP5ckWfjJ1yS+u3NLyU3sZEahglXh7o4cYGar7xIzo+kTnbtl8Jeg9ZGEDp2CcpKcxAFW58a98Z5V9Q7CBjk4VsaDYu9AUq7M0oJhdrw==
+bom.			172800	IN	NS	a.dns.br.
+bom.			172800	IN	NS	b.dns.br.
+bom.			172800	IN	NS	c.dns.br.
+bom.			172800	IN	NS	d.dns.br.
+bom.			172800	IN	NS	e.dns.br.
+bom.			172800	IN	NS	f.dns.br.
+bom.			86400	IN	DS	2471 13 2 351532C0B3A206B6B0F3B70DB8DC5F588CA48A9A0AADF743B483AAEB063AF2ED
+bom.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eC97GHRXyKbLW9kykmi6XA7jpyYG5IOFYs7i3CT4O+6YRDmHgWlPrWxjwhEOebrllDY/vLxzeImb+nKqPo2vvsVlgl3UMEcVnxIvRXzXCfTmFdls0Vh6F0EDFdQ+JXWb9ptjbArFikq72tj2TnwmgzRxGYvyqEiUncKOZnk3fcjck7ub5HhKYLl/96TLlRFrNeXIri9mLA9qj1BJGj9kKW1TfDNK6KN3qWtAQqj3LnwnRt8GY65usX+UbQT5FcSRrlk79Az91foitf5NPdQ/m10oCsb/0N0ZM+8zOLjogeXR0nNLkmb7SiWHlh/hPiNg8qRlV3muBZBhXAxd+sxwgw==
+bom.			86400	IN	NSEC	bond. NS DS RRSIG NSEC
+bom.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Jaa5DF/7FoZnzRUzaBM7NzKECWNBD3KLvYJqkoyNXB8HsT/oj0HzHzSLwSfkHsWD/ZiWm1Pm40HTcjr3oxFR9WcJRpJGYrc8tuptwd17CQT3yDUUKncU3iXeP31z2h89z5qaJQX3QYqOX1FhE4ln1OBqzdoiyreEuviqLoBOJQHCBq1YVzN7ySMPsNTQNjR7UezQNBUFN+ZckJ+9rASuvTdCXLlXgQFnZjw0jSHQSeDqY+NLcMO15Ib0YZs+iRF+Kbgq9b9oywoiLKo0fv/dgcoy/XZQAVgkohk97Jso/6r9iAWxASui/zshn/Jr5YMIFmzxzB+s+dy8YqcKR+RdBQ==
+bond.			172800	IN	NS	a.nic.bond.
+bond.			172800	IN	NS	b.nic.bond.
+bond.			172800	IN	NS	c.nic.bond.
+bond.			172800	IN	NS	d.nic.bond.
+bond.			86400	IN	DS	35002 8 2 FA12AA0EBA1F60642345CEEFBDD7A36EC310EB1602547BEAAD5A1793ECCA9DD5
+bond.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LZgmyjsxNoWYWSc75KduA6ECTNdRVoMrErdldoJBrOHdKynhyTUlyUAVw8APlEVVo1RPTrw3I8TlRgKA8Xah/MfZk5WnWjN5dn3++z/jyahmEJkbRdtLrcOyNowL+qpZztBw2axCczFfZ5cnoj8m0FlXb5nQkeVMk33/xi6GaKGPd4cBi0CxjXCgSRbmlMnZO3lrYKxYird0dZB2BVZM4N4wisots9AtpfxSFomlOy+SBQGeOOOU55yySm+RruPB97eVPH32MKQyi9ti4Rj6EUpsTAdBbDbsaHCKeihK1FwnzR/wm3Nl2xkrE9qz+/gm8CdwMzH7BmYEdysmIppNzw==
+bond.			86400	IN	NSEC	boo. NS DS RRSIG NSEC
+bond.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . STgwe2kN8xajj7U7z1rlvnO8LNJBgBKi7mtcHmWELnHBkz1p+xy1WXitMkDYHjBKut+uceZXANQA/Eu4V1MuOQSFgBXIZr7TS3x+aAfHvrw0Uq6UoL6CO8oN1YoEp06HSu5m0U/nakNLtjIf0v9e8EDg1OtzdmofiqjphF2xCl3u7JPWYWWrYpU8pPwNRox2h+CLMqGyxx6fn9ogHzqIFYp349UkPwtZJUi3T4kYnxmzEfUf0D78VG3j6xXKC8RqdQPuUWcFnfebex0KdInee0zZHm7WY1aiBrECN20N3QhQKcArYhmFk982QRuoIYDfCfWltJ1NcF137hD/nRTi7Q==
+a.nic.bond.		172800	IN	A	194.169.218.85
+a.nic.bond.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:85
+b.nic.bond.		172800	IN	A	185.24.64.85
+b.nic.bond.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:85
+c.nic.bond.		172800	IN	A	212.18.248.85
+c.nic.bond.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:85
+d.nic.bond.		172800	IN	A	212.18.249.85
+d.nic.bond.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:85
+boo.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+boo.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+boo.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+boo.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+boo.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+boo.			86400	IN	DS	42175 8 2 ABE304D422168068884FCB9BB10AA300AD2340EE85A894740D127CF0F97E206E
+boo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rK0EiVnIu4rrz75+VDX/oGNEIoWw0fMs8lSXzH6WKKgdNtGp5a41P1T07ZnGyZlmDcYh/xZw0kcCZg57+UDsdtKOOgNO6ml/RmG4RZYFRIrOcODJyPeHIV+eiMC7bk8rHx9cusbjA7qp08haoHn2xIzPoqrS8h6ufQLNMUiSZfB/u48Ih7YvV8F1w27pTXjNovfe7FMaF/J/o9WH1x197dQoVJ+d+/On/ptTamQwdqjqUAghbelAHXrQV47wSacR0BPxY/eJQRPlKDa4WCa2YoV+NMSnIDcw72GfBSKgjqsJW+bYAL0s9UB5mFNgchNkgojFg5U3PSyLWEcz5M7+Dg==
+boo.			86400	IN	NSEC	book. NS DS RRSIG NSEC
+boo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CeAQ3w8t1P8NRb6A3pd+/p1kZMFRlRSShLQ8gBToAWyun6+UKTfW6ptI4iiXdM4fLyF2qk0qUQC9fap+VX3wEybQVqcd5rvq+yd9X5ok/+OUuGq6OHY1IOsHDB/sN7N8EUBxRk5tnvWr7VASNPyXQzSjM4D6cT1+ywFAHdwmkql7ty3Eta/Y/j7lNJywoPzl2uuCHXAU9B+rrWVw81P6YnkV62JfRIvnlbutu1mTrz2t3yh+1jZazA1mt21LWnCQKTlQLChnYNdkFxRXEIGPsvtr/kXXsQB5Q75vP0P+DjPAb4EmwQnnUZn19ohqEgmsMhDQhyUJLlOTScqioQjt4g==
+book.			172800	IN	NS	dns1.nic.book.
+book.			172800	IN	NS	dns2.nic.book.
+book.			172800	IN	NS	dns3.nic.book.
+book.			172800	IN	NS	dns4.nic.book.
+book.			172800	IN	NS	dnsa.nic.book.
+book.			172800	IN	NS	dnsb.nic.book.
+book.			172800	IN	NS	dnsc.nic.book.
+book.			172800	IN	NS	dnsd.nic.book.
+book.			86400	IN	DS	44297 8 2 66BF547095380BD991DEAD7D74CEFD93B8CFB8A8EABB9F43881B6842DE837237
+book.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1rKmg+rsIDyKnvHvAHlgDX7wExElxXH6hjL0bRzApUOZ+xwPxx1WaQQzQrLHA02//azdT9AZhrlb/cdwnCU155t4ru4oCcqU9CRQ3Yk4fm6rwPgNivNtrSS4Kr6Dq9/OHUsyavyy+W2rGoYuZQBV9Gq8mRC/e+gkvxa1WXuRy/87B5iQ6udbkoB/Al6o9fX4TEVn2bDMcJUHHr7e7AwiLrhmJwDdI9Xxjf9b2HfMVmA9FZarFcYwHi3AsIKffJ636xgG4V+L0KcEdZirgElNmX1QI+zVcI2FmQZe/r2b3IH+I9NDl85xYw1kbU7oozCWHSNac2IQnGWrJH6WGtpnHg==
+book.			86400	IN	NSEC	booking. NS DS RRSIG NSEC
+book.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bp8ulxGHEGYBf/oKfrqDa5pLgpaJB2pYHFROceK3VZzXVwWtYwmmAtSKOw3EJmihCPSUkK7LA1mD4a+l4OuuscQIvCrMB/5+mxqmsHddBcKBt9RUu/3hxU2cBEeMJqfPppqAD/JDJLbFCK2PKWEkK0JXo1u4aC70f+NVCGGagCKslbfUU+6HxJk26ohA2NkVztpYjpOktJ6A5W0Zk+POZYide5poN43MO067382vQ9BGrZznlmYFVeEpg9t0K3cV+I2f3vmXx6dLm33SYGTZW98f0Dg3MKI9p7DJd2yQBWSDrqqrxnL7Pb4obG52NGHz7w+lxMXPiFZQTh+nXsshzQ==
+dns1.nic.book.		172800	IN	A	213.248.218.61
+dns1.nic.book.		172800	IN	AAAA	2a01:618:402:0:0:0:0:61
+dns2.nic.book.		172800	IN	A	103.49.82.61
+dns2.nic.book.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:61
+dns3.nic.book.		172800	IN	A	213.248.222.61
+dns3.nic.book.		172800	IN	AAAA	2a01:618:406:0:0:0:0:61
+dns4.nic.book.		172800	IN	A	43.230.50.61
+dns4.nic.book.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:61
+dnsa.nic.book.		172800	IN	A	156.154.100.3
+dnsa.nic.book.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.book.		172800	IN	A	156.154.101.3
+dnsb.nic.book.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.book.		172800	IN	A	156.154.102.3
+dnsc.nic.book.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.book.		172800	IN	A	156.154.103.3
+dnsd.nic.book.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+booking.		172800	IN	NS	a.nic.booking.
+booking.		172800	IN	NS	b.nic.booking.
+booking.		172800	IN	NS	c.nic.booking.
+booking.		172800	IN	NS	ns1.dns.nic.booking.
+booking.		172800	IN	NS	ns2.dns.nic.booking.
+booking.		172800	IN	NS	ns3.dns.nic.booking.
+booking.		86400	IN	DS	5470 8 2 0E779C706C569B36A19A7D788C043979B9AB862EF84E913B51920A9C4106C9AB
+booking.		86400	IN	DS	29245 8 2 35E34127BC68CC91698D0B5EC4562002AA8293DA7C6CE0BC1C75CFF3E6529EC4
+booking.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YZM0aWYYbzh8gp7YFrYbOEov4u6+C4QXtS3UOAYBexXiyGUwKY1P1KSThk63Wnk/2qoVsydsJe1K5QNO61sjDwDiVi9vz8MOmkxgH+o9N/LaVzJflnoOdXd/PnF9fz1nU1xHjgWmVOM8jQC55I4YZ+2M4f0B0jXp3QlyasN3NH5iPTQjghVwM6hXuzK+BwqBne5z/Hj+EufWDHfzuu1wPD907XC4VDjgZL0/+Dvkh26LOM9OflreIsgFUeptY87nu0XO7kFtmMq6MJCV60jIjV5Do+uRjLEKzLR2dK3hi2HdSqrHLKbx+GLazDjm6jfTajAD/6KfNVLFVuq8ake4gw==
+booking.		86400	IN	NSEC	bosch. NS DS RRSIG NSEC
+booking.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lHUAX7cIFoUSapqIP+rGCMzqds1JNiAoMEyrZI+3TP7lgW1C/iGo1pEM5ONJ0W+l+2fCie+/slk4ta8sM8aHScK62lOf1aKyK+HPysIA2qZMjzIkECPE1nRDDu5qdx7vj+Hoe8pzwGo4LIW6n2qmdL54H7K1IiabbQKBCH2d02uuBpBQi283ozxyCSPq3p3D0uCGfm8y5nQtpeHgd0iROsLO+ngMBokJ8RhhOVLztDpCYWTFZXLs2Z8G4mmXi0eGUZh3kxzYrKpqUPuiEnNHHHI6PIFnfKsHFNPiLIkmSIX93cGzmnLu9hqHqfJF2eJedhfWrSm6L+73intHp3PPVQ==
+a.nic.booking.		172800	IN	A	37.209.192.9
+a.nic.booking.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.booking.		172800	IN	A	37.209.194.9
+b.nic.booking.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.booking.		172800	IN	A	37.209.196.9
+c.nic.booking.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.booking.	172800	IN	A	156.154.144.27
+ns1.dns.nic.booking.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:1b
+ns2.dns.nic.booking.	172800	IN	A	156.154.145.27
+ns2.dns.nic.booking.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:1b
+ns3.dns.nic.booking.	172800	IN	A	156.154.159.27
+ns3.dns.nic.booking.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:1b
+bosch.			172800	IN	NS	a0.nic.bosch.
+bosch.			172800	IN	NS	a2.nic.bosch.
+bosch.			172800	IN	NS	b0.nic.bosch.
+bosch.			172800	IN	NS	c0.nic.bosch.
+bosch.			86400	IN	DS	60941 8 2 1DFBED7CA1EED1F0FC7C79BFAC760F2D796D423B13CFF9334A00745AFC7AE286
+bosch.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LuCOienukeeLL5Qc5rKFEyjtnLuOqOyKlNh6k+tu8qIppekpAuyWaM8Zo8AkWM0bF7xy3KdorhBDKC+bkZk85QLKW3mNkCtItZyNYOCafYsG8zFpIYRnDODGyj7aBDPtw4lLbLsfLRXQTVnKruaFQ6g9gx1ycF58dltjWpO+2qxdEeT7Xidx49E+WyuUbr/URMiNQBrYOJMWBTND3CfxwI45vE+gqoAphkKbytANy8dLX1NIFBTjrFoJuaopVOS7+4oJmrB2KNNLOr0HUtcasP3Njk7cD5VXFk8ndha9aiX/SSt2EHhG07n4MZyE1g2FMmkV2SQvRapMCfin2yOgPw==
+bosch.			86400	IN	NSEC	bostik. NS DS RRSIG NSEC
+bosch.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Io6X2Rsa1QTwku6r5Z3CESRi8Ak6vSybnJW6KnupTNnNm+u/eWdL/FX44hhx3rm9cdXRtpi3D7sXiTOfl4+8o5NdO6L/o/CAfxLa+havLtR4YYL99klhJVjFGaC7LzN/VUen+Xw4JDwJlVSgU6o4N+hHKyAvW/F4FwWja2luc8FgivbH0KoLyFs1nQHCCGUpZoox6uFhDQLPwVUqHXk1E+x6/o5udjsgcMvJKD72U2aFBuJBUWdQK2o7JCoaDqBnpUCbAQqOTl4gZbLlkiv48JUuUzAT5a0whZuefec+ODzimJr29tqXxuBKlBjDBAVwxKeGlYJMptDXuDbVydELrA==
+a0.nic.bosch.		172800	IN	A	65.22.112.46
+a0.nic.bosch.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:46
+a2.nic.bosch.		172800	IN	A	65.22.115.46
+a2.nic.bosch.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:46
+b0.nic.bosch.		172800	IN	A	65.22.113.46
+b0.nic.bosch.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:46
+c0.nic.bosch.		172800	IN	A	65.22.114.46
+c0.nic.bosch.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:46
+bostik.			172800	IN	NS	d.nic.fr.
+bostik.			172800	IN	NS	f.ext.nic.fr.
+bostik.			172800	IN	NS	g.ext.nic.fr.
+bostik.			86400	IN	DS	45431 13 2 16D460DE3B5D232225100E179AB80BD20A398618160C5B1C934A39F5E207ED45
+bostik.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Hjw3WqtgPEYoHoPv76ZBs3ynqQhkPFylBIOFuVuZown1AVHgUt1NaFV+kRtZ581WN8oWd0Yjl+WdpbyEkJizQqn5aaqUVIEQpHRWRXkgMlQBaG5X67Fw5XLJUAd5TgnaNz3LHbTMaeRwbsuRWaNIFqmHPqZBocQ3pGKkUagbfw8COzUrtHERJTGYddy6dFMEArSt7TZtEHIqCeaEB2weEh43E5McZpRl0FlYt9Uv2Wavq1EF/qM+3tSN8yc5ihUmjGrQZXNHMdIknxyNZqDwjjyUqoXpv2/aXSJOeRj5IEGYZjaJ4Lg5dYWnBt8IUCTB7cqTzmao5UbGGyLRE1Wt/w==
+bostik.			86400	IN	NSEC	boston. NS DS RRSIG NSEC
+bostik.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WG9QiA7szok7YhwH/gPfl2YzHKXv7QK8/NOm4p/lOO9FETUj4mXzAy3IUe9IOhU9SEHbBTpSYYah8WiAefekSJZ1HR7pargIACG/Wdd69S5Xpr0G3bdYi3BBI7RLI4F3WN1AUMO++shSwoIfpKKMjRMmlyC9ukUqipSVV5szkymrNeHb/qcSYMXZysdpahYzhZlJ+XRsowT1enSm+JqQiT+kJavsShQNlXgRIdHeE42g9BShY4bTCWe+Y1/FEnZlcq1YrkUW4+b16LAUTRyQv8ine0aAwUKU3BpfRFvUf4siAN3nx2o3aMwpvaGnsTsCsS14KHAhn3JfOjHkkA5iag==
+boston.			172800	IN	NS	a.nic.boston.
+boston.			172800	IN	NS	b.nic.boston.
+boston.			172800	IN	NS	c.nic.boston.
+boston.			172800	IN	NS	x.nic.boston.
+boston.			172800	IN	NS	y.nic.boston.
+boston.			172800	IN	NS	z.nic.boston.
+boston.			86400	IN	DS	1189 8 2 32DA17D1E9CD92EEBD7214B36B30FA8C8956ABBA7435F46B3A55D1455D8E01A2
+boston.			86400	IN	DS	42907 8 2 253F8A2AA4BF2067B9B72BA983849F63A1B8482A1CF613879196482D1FFA2038
+boston.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mYzZt5EDkKV9iEWYLADwW+o8s8XDYhai8G+u/wFKCH9J4pu1E8GPsXdjYjffyFR8qB0Mehlv9oXixlrQVIkSuB/iGB3NHil4mzjoBWw7d+X2ye8jgM663sd0U1IgP4f6IL3XfN1q8OMwJ7+QI4kwe2chiyFg8MIVWA1PBkMk4F9KaQFcrc/W6cxe1OPNvAp5Kj4+5Mapr8XrV7MZc0lHD4kc7J4T/4KwoTTHM1RKixBgUjf2yk8g/yR0eyZH5C7mmpFoAbQZGLAtIcD3WDYDAUBtXGtQWyf7wfAxfpBpNL1dgFELdor8L+2cA6Wk+l1yVd9tGTZcuv1EvSYA9n/qtw==
+boston.			86400	IN	NSEC	bot. NS DS RRSIG NSEC
+boston.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L7cSUUebxlsrPWkQdTA4BjbRiTIfJxkOrUrjLffCILFEQAe3zsh3aR2ex9fVY7i79xadhGJ+drYj4vB01hEKbLzy47KpcVOYtIcExHMfGnddQGoypFXdEdB62LSbboWk8jkmFHSIrm398vFSHBP6/3yKKi9x8Gi9J8uecf7mZOcGDUwJAEzHCpD1veVW4SMdI0RHM9wRSl7eeE81PYALqJLmtAoVbh10Yn12xkwo1GZ2Jc7TswH4WYLuSfn0S8M9CrE8b1qZhDOinMEp8tpSS+IREJVAhtK8agNqiv1aG+GR9F5F0JecaUDTgxSF33YLM2jUSGodu31vZvZZvdBFsw==
+a.nic.boston.		172800	IN	A	37.209.192.10
+a.nic.boston.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.boston.		172800	IN	A	37.209.194.10
+b.nic.boston.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.boston.		172800	IN	A	37.209.196.10
+c.nic.boston.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.boston.		172800	IN	A	156.154.172.82
+x.nic.boston.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.boston.		172800	IN	A	156.154.173.82
+y.nic.boston.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.boston.		172800	IN	A	156.154.174.82
+z.nic.boston.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+bot.			172800	IN	NS	dns1.nic.bot.
+bot.			172800	IN	NS	dns2.nic.bot.
+bot.			172800	IN	NS	dns3.nic.bot.
+bot.			172800	IN	NS	dns4.nic.bot.
+bot.			172800	IN	NS	dnsa.nic.bot.
+bot.			172800	IN	NS	dnsb.nic.bot.
+bot.			172800	IN	NS	dnsc.nic.bot.
+bot.			172800	IN	NS	dnsd.nic.bot.
+bot.			86400	IN	DS	58741 8 2 ECA26804355A4735CAA906601C7D388AF755AB40F599D02F29D16F347705EE42
+bot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . W5uYpluucMnkjP5LLGDcpbJsn5CA3aZobBcgZcTBiNbZGKOFrl1Si+H8k+nI9FApSh9Zegc5ae0paHIb7rlu8kNU0pdiH8HiovM0TLBjOkAdvEmAn4MSjqCZoa98udtB+rt4cyee9lJiPtBJeWs13nX4rkNa3PLeKFM3XEx1SezjcnySWjiQKAHI+plw9Bwu3b8XIE6wKVxOM1dRPwiiUZVfjG7sYVP7SKi9veOS7Y6WaKVbcBjBkWZRHPagZlfqZwND0tDzEwJdtslgcwO7n8qbvi++Os2xENQ/VaJwYBXZgno52JvVdH7GdVPX7QI5PsXJHhS3aaakNxOvxtGOQQ==
+bot.			86400	IN	NSEC	boutique. NS DS RRSIG NSEC
+bot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wWyBIKxcvRg14t0NhNjj9qs9ujLBU/JwOde4TYkBwkyjDBIaMmqQwYzc4WV2xdQyF1ephuNdtxPear5D+RVrokWLPmjgcu/5sEvMA/BCaPDRQ9WPWgloUPXKHmeyGlElJXbQGdY2h3YxFIgpovrlc5TStI8HEsg1Eh6xImoKhiTB9BB6uMTsqbQzL6FALdUsq9QJP3+hy43KXkWM1LvjMQrzPM28RRGoII7ZnLHRMb3wZOs2o+C5O2ydt+trO8QZOlGHzK70jbQRKe3j66tFXJQPpWu7fxjKcEIPalzihB7jeWp7iOvYQ2XECFsAygHXfPTXXDo6u8lSYwcYi5QqNg==
+dns1.nic.bot.		172800	IN	A	213.248.218.55
+dns1.nic.bot.		172800	IN	AAAA	2a01:618:402:0:0:0:0:55
+dns2.nic.bot.		172800	IN	A	103.49.82.55
+dns2.nic.bot.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:55
+dns3.nic.bot.		172800	IN	A	213.248.222.55
+dns3.nic.bot.		172800	IN	AAAA	2a01:618:406:0:0:0:0:55
+dns4.nic.bot.		172800	IN	A	43.230.50.55
+dns4.nic.bot.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:55
+dnsa.nic.bot.		172800	IN	A	156.154.100.3
+dnsa.nic.bot.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.bot.		172800	IN	A	156.154.101.3
+dnsb.nic.bot.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.bot.		172800	IN	A	156.154.102.3
+dnsc.nic.bot.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.bot.		172800	IN	A	156.154.103.3
+dnsd.nic.bot.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+boutique.		172800	IN	NS	v0n0.nic.boutique.
+boutique.		172800	IN	NS	v0n1.nic.boutique.
+boutique.		172800	IN	NS	v0n2.nic.boutique.
+boutique.		172800	IN	NS	v0n3.nic.boutique.
+boutique.		172800	IN	NS	v2n0.nic.boutique.
+boutique.		172800	IN	NS	v2n1.nic.boutique.
+boutique.		86400	IN	DS	31354 8 2 83FFDC35018A75A4C287E7F29B0181EF0F7495F28E9E65AE00561DDD55942459
+boutique.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KqBfO3GRkiGbwxsUevtCwBmGTMR8/ztAsb1D2yEffFybbILGiPwoPPN85ayWOw03Bc/trgVZlM+k8gD9eGIYKCAdUPmjDv5oezEFT3g8peLHXNQHqV/kO2uttjmC0YD7OGzbKyhBXru2k2FKghTHKZuX6KXpjMlBH2/aJasTVil8eZoQsGNn7ZgQarQ/vUjFtZ8+wSQaF4497YuwKBnmg58TYEGGqDcnnqh8amn4502NLR2Kddvkx7uBmYmWKxKnvSc12VhRa5x2GJAfSGiYdOaFHJrr6JAhLU3VQ9/rRYIdQmlvVIbHLoYkZrN/hIhbF5u+WwqerFMyWBztM8Ej8A==
+boutique.		86400	IN	NSEC	box. NS DS RRSIG NSEC
+boutique.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . opIIt/kS56JRauFjcQ5CtoA5iX2ijbD0G6ikYKbin5pCY0jOsyUQUD1BEVOGuRs6+W7YyDhghqeBUHqd3ZC1qHoingSxzjvd4hbI6yGOOKTKxU1A+kE4jTAMix/nOP+Y0yfbgSCnko/fh4732isIQto0YGjkd/754Q7DnknwmIQWfS0tmOPon5upfqwsEZcG4DEzzfiF+Quy3L5PreeKuS6KQ24hf0aEwyLQ9O2Z/exJ5S3BhSIrEbuq+Hn7KpkSbh7p8wT6PcNi/05u6MF6C6GhgjYAo1aeLcbNrfcB642oYl99u93AqFIr22xmr3v6QyWvYyvc/UcnPLgE1AyE3w==
+v0n0.nic.boutique.	172800	IN	A	65.22.24.12
+v0n0.nic.boutique.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:12
+v0n1.nic.boutique.	172800	IN	A	65.22.25.12
+v0n1.nic.boutique.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:12
+v0n2.nic.boutique.	172800	IN	A	65.22.26.12
+v0n2.nic.boutique.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:12
+v0n3.nic.boutique.	172800	IN	A	161.232.12.12
+v0n3.nic.boutique.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:12
+v2n0.nic.boutique.	172800	IN	A	65.22.27.12
+v2n0.nic.boutique.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:12
+v2n1.nic.boutique.	172800	IN	A	161.232.13.12
+v2n1.nic.boutique.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:12
+box.			172800	IN	NS	a.nic.box.
+box.			172800	IN	NS	b.nic.box.
+box.			172800	IN	NS	c.nic.box.
+box.			172800	IN	NS	d.nic.box.
+box.			86400	IN	DS	47542 8 1 F59D467614D996277C9EA8E52EB920623B9FA4FE
+box.			86400	IN	DS	47542 8 2 31CC9F53054303443FA06F368C54971D8E12C89655CB768A951D908701E82800
+box.			86400	IN	DS	63242 8 2 F63250257503CCE60195E71C2E346A2D8BDE06DCBD666B9EE4F860D75988702D
+box.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Kmou/7Epm77j2yXpWCjeBm1KmB9CaB/WvFJif9gWpYFKenMORwQtuayTC2TatVozirICjORHsqbUwLZLmcAClx/PXsOmUZgFZ2RGRGGYgc1Z2c9lhV64pDA9Esluj/LVBrgm32xlLW18oabcaG8t6RVrXpsxyAdmCyygiNmx7NySJhpVn8xBkGWFQLxtEPnT8Ar59olC4QPYvhLl2o6QaEolfe51qJBSQGqioH1/zIrBpgxYO0QWx2pRpoQqX4r0mbybKeYwrlub0acXGMlJLcQ8TuFaXh7yIxa+vZiP1bvWtngj1roKEEHYBbVtpd+8t2FS7HDcG3J130Cf69F08g==
+box.			86400	IN	NSEC	br. NS DS RRSIG NSEC
+box.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mTbaYAxqKy7Qm3UqpxmnWjhxdVMvf9hZi5d2W5EXOX+DZMGAWbtOBt2Bg8hH4jE3ZjVEYfpVswL6l8dxjkhY0Y4PW/vFdIJZJShzqd6JDFvE7YTfrwGM8tQkGQDWi8zz8Y5DmszqQzvJn7rauwmCQLrV21ujYTXJgyCbTUQ0c9mZbifAuRavUhs0rzX5m5IDyjbqYmJavvQmDhHK70hvDO28T8oxa8m0TJPofReOMnA49uMGp6C1KGi5TeFowoidehG++ohAIR/9040C0AO0MA5cKyxMXlObt9bTka2jmz0+8XSDLpP3Wfs8BdRWxLcVBp8UrdxIpM6wppgKJ0nbng==
+a.nic.box.		172800	IN	A	194.169.218.139
+a.nic.box.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:139
+b.nic.box.		172800	IN	A	185.24.64.139
+b.nic.box.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:139
+c.nic.box.		172800	IN	A	212.18.248.139
+c.nic.box.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:139
+d.nic.box.		172800	IN	A	212.18.249.139
+d.nic.box.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:139
+br.			172800	IN	NS	a.dns.br.
+br.			172800	IN	NS	b.dns.br.
+br.			172800	IN	NS	c.dns.br.
+br.			172800	IN	NS	d.dns.br.
+br.			172800	IN	NS	e.dns.br.
+br.			172800	IN	NS	f.dns.br.
+br.			86400	IN	DS	2471 13 2 5E4F35998B8F909557FA119C4CBFDCA2D660A26F069EF006B403758A07D1A2E4
+br.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . frw5+LDMYRP+4u8SOADyYXnKO/O2oMOM34KXm9/vHCf1BqlDss1vMOzyILj2QNNJKvQEXntvEAPNb1nHHJvjCF0OQmXKZa0TXUzrqFWDc2jpWwkI/UpzOWQqzEDrEZIybO0BRGu47Jpo8wloBv7eCCecos1XzJ2t3fiMMOYdvJ0UsbN0tqZrNKhafdpgKbD02uvmyheCS8rZRvC02VtL4pnixRhRtX9+9nBtFlmisr1NtBDQxg8wmVXPF0jLtr7FWhRSWwFQ83q6qpjAPsUoypFLlRYLKc5y+osmlLxKcRwyA88QUHCyy9oK4xL+zpnk8zrfMQD/iis6OkMOSEYucw==
+br.			86400	IN	NSEC	bradesco. NS DS RRSIG NSEC
+br.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tMY5iDN93w5+MmvAKByB5W9FcIoJGO7BOhlok9T5/Rbd0jgZwwoJd/guKPVjENDlvIA2QpPm51p4udfFjwLCBpI/ePG3LQVeR0ioGOBkIGVNFd24O6c9LJtsmcalZpdyMm+AC+wVCAw5jawDDF2VCadyy9Zq2nkMuXAdoEVSS4wJ/E3f70/9nR+hcH2EZFO9jbmAdZc9Z8Yf4oZIcIQEdQ0a2Yej+46R9l/0VM8kngs8CIvE1PpDocUgHd89+RnE9DpK0ij5iODvE9mv9SprumlZwrDE0R01mEZGa3lCQONn6v3787R+lpEPZzy8LWEoYxYYG/Xfuf1/+MgOtEGF2w==
+a.dns.br.		172800	IN	A	200.219.148.10
+a.dns.br.		172800	IN	AAAA	2001:12f8:6:0:0:0:0:10
+b.dns.br.		172800	IN	A	200.189.41.10
+b.dns.br.		172800	IN	AAAA	2001:12f8:8:0:0:0:0:10
+c.dns.br.		172800	IN	A	200.192.233.10
+c.dns.br.		172800	IN	AAAA	2001:12f8:a:0:0:0:0:10
+d.dns.br.		172800	IN	A	200.219.154.10
+d.dns.br.		172800	IN	AAAA	2001:12f8:4:0:0:0:0:10
+e.dns.br.		172800	IN	A	200.229.248.10
+e.dns.br.		172800	IN	AAAA	2001:12f8:2:0:0:0:0:10
+f.dns.br.		172800	IN	A	200.219.159.10
+f.dns.br.		172800	IN	AAAA	2001:12f8:c:0:0:0:0:10
+ns.dns.br.		172800	IN	A	200.160.0.5
+ns.dns.br.		172800	IN	AAAA	2001:12ff:0:a20:0:0:0:5
+bradesco.		172800	IN	NS	a0.nic.bradesco.
+bradesco.		172800	IN	NS	a2.nic.bradesco.
+bradesco.		172800	IN	NS	b0.nic.bradesco.
+bradesco.		172800	IN	NS	c0.nic.bradesco.
+bradesco.		86400	IN	DS	61375 8 2 A0FFE5A2C7C1CB086855963D43117563E509CA1E6B27D87EF9CE011C195B8344
+bradesco.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Jv0ayILE3lpbbhuSAuTkrfiVfeozPQ5gggCof4DXUtBG4JPvy/kLvuGQYaW/tmYv5SznMougUy6372L7B8iPNCrpxo7hJLDHYVhqS5Zhwu0k93AFqCSiIKk67zplGh4iZGoVvbXChMSLYDxyQb40mH2ufnhFxYOU0UKqogAVYQo3S5ozgzPeBwSka19jmzqfOKbLHh6upNnNnyuRXPiZpnQ8jrroKpqENd77LhQI3zsQZ6SewFt0rymlaMyJFUTzZVIp5LeDrDGEzJMrZVVF5l/11O6Qu/VFuv53PuZc32BDNikvI9dePLUZ6hCr6pWElPvoZU0oQ2f6e/5wk3j4Ag==
+bradesco.		86400	IN	NSEC	bridgestone. NS DS RRSIG NSEC
+bradesco.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pLNE7PD9jy4b9kJ4zArKWCl2LrD82jotuy+rHw9ZRmKaqcCaOL1BGDt6X793DuuXBIdSc38WnK5S9PRQPlft6UgC6bLNc9iHRLP/KjO/qit2Uq7sMBlGDvJt238fb+K/MorMt173nI23mXGLai2wC5NRQWMEFdSFxMRDTbEsXnE23VQlkaHf7xNZro5yumXFr5O6LnSrnGuxj03nhtbLMolpNisRW81HMg1qcBzs1mJaO07C4MzmIWuEf2ZkAjKYy1x+3QWgWj77vz4+iupdN5Nn76rugOt79k2UIKAmvejc2e6TJY3Pur4Cvz0X5Xylcz29Hpxu/nY971W8SaS+7A==
+a0.nic.bradesco.	172800	IN	A	65.22.124.2
+a0.nic.bradesco.	172800	IN	AAAA	2a01:8840:7a:0:0:0:0:2
+a2.nic.bradesco.	172800	IN	A	65.22.127.2
+a2.nic.bradesco.	172800	IN	AAAA	2a01:8840:7d:0:0:0:0:2
+b0.nic.bradesco.	172800	IN	A	65.22.125.2
+b0.nic.bradesco.	172800	IN	AAAA	2a01:8840:7b:0:0:0:0:2
+c0.nic.bradesco.	172800	IN	A	65.22.126.2
+c0.nic.bradesco.	172800	IN	AAAA	2a01:8840:7c:0:0:0:0:2
+bridgestone.		172800	IN	NS	a.gmoregistry.net.
+bridgestone.		172800	IN	NS	b.gmoregistry.net.
+bridgestone.		172800	IN	NS	k.gmoregistry.net.
+bridgestone.		172800	IN	NS	l.gmoregistry.net.
+bridgestone.		86400	IN	DS	8575 8 2 AA4B874CF014A4DF2E7DC9E5A6B8B3EFA5DC966A834F4802BEB19B5CD7442403
+bridgestone.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KeUhKTDYrLP9T69YGpMOrNUP1ZU6JTx7JbySoOs4fWsbxW/AzGpRlJ8wFdZkvJNNbmi9dJLTJsaZ2Og4vnMeRksPlm3DLakGkN6Dzm//N6GtkbHhqKbAwESLgObaWG+fUar/8ZDIYO06x87oWdHtYp7n9O2BYmZNmHrO5lEZBhn2QuENRsD0cs9XfTvGN7Y5CmkYXM66ztNgN1tPFap43zKkboVz0AZUcgj7lN3+n9d0nL6KeKUJBqPV2X73GzSfu5DxjNhx2hjAMyTZyPLXSZRnLfwwtYqLhaSZT6RfnvUZVfUQMViLcOzujQW5hLkHAjdXo7N9RqeBfGkTRivwbQ==
+bridgestone.		86400	IN	NSEC	broadway. NS DS RRSIG NSEC
+bridgestone.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . c+i+fFK201R5Nr5bDaS42UIq0qWnBirIdKfxbW9yp1+Tyfe0k3tEdcIsuhIMrNwILgqI8MRwPf0Hh5s4xuey2mlWte8tyPP9PM9p+vwTqA07Ifgc9w5w7UDU87HDHjK1VH18lpBZh4GlQZg3lFPNfA5eh2W9XjeL3YpJmtG+JH1jwZoZIUX7cYUEF/pojKnBSHocSNPIaDS0fCHQR1XQfNmMJhESjh4oRW0a98jr3MVrNRfYBMQEMwRAX0JfxpYIfoLKXywFKHn5z5HCZSknhmogfxNO9dOeWPkF8zyXifupYdNj6g/GRcnkqT6WuuE/G02UkmyttLnhhBCj5h8zgA==
+broadway.		172800	IN	NS	dns1.nic.broadway.
+broadway.		172800	IN	NS	dns2.nic.broadway.
+broadway.		172800	IN	NS	dns3.nic.broadway.
+broadway.		172800	IN	NS	dns4.nic.broadway.
+broadway.		172800	IN	NS	dnsa.nic.broadway.
+broadway.		172800	IN	NS	dnsb.nic.broadway.
+broadway.		172800	IN	NS	dnsc.nic.broadway.
+broadway.		172800	IN	NS	dnsd.nic.broadway.
+broadway.		86400	IN	DS	47576 8 2 CCC4CE45AACB1C0ECD8181D968B86BEFF3B34D1A71576F137CA43529FF8F12BB
+broadway.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AlflIjY08ml2dWt+PvCVDxy58nDulxbnYNn6MOIw9SPw4qdxOHbu0a6ydPlMMy5oXVKS//YkMNbRBLKsC8lGtvBrlSMtIE/QpD9isWKPPtz/XL3FfMilGTFg5s8ZMSHD4JBtHzE+XHSi3ltb9Mwbie8doWVa/3PFJDADUSXhd3HCNu0QdtqD/fE0ceePbWeuW/wMoS/+kWPLEFYbGGB6/DRhtoDF1KCvJm0ubu2Akks0W011W6RBVNvGf4Nx7GPMMfDu46jznjn4Do2yUCmWpHS9v1P2ymhXym+cEjp1Mia6narAV5s36orHydgGPI+0uU//fi44xEcgxemiPVPHaQ==
+broadway.		86400	IN	NSEC	broker. NS DS RRSIG NSEC
+broadway.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d2wq/7eLAIb5jgrnst+7vRBER+/c1wP10U4ttVQIsI+oaA33UMjHajzy7y6pH6YNAqANHLi7C/704vyIO8PWuuqDM+epUOey2a498WFJFuOehhgWCwfNd487EjPuSvBOtK90QaPnJVb/yyYuPOkyKlpL3bW9yPM4XR6s8fC4XoI125lKn5R/dwP6AFxwouysh7LrPh7Vxn7OzKHubBfjMYCA3AqAGjvRLuAv7f+WrwdtWnCs9P1G8bukNISSssOfBouV2lLg4qkzEX1Z/vs5drQgxdsua3OiIVWsDalo3Bd7gZXIR55ZH7MMwiwExAgFM+6kFKkLgCLPawRiEzoS3Q==
+dns1.nic.broadway.	172800	IN	A	213.248.217.38
+dns1.nic.broadway.	172800	IN	AAAA	2a01:618:401:0:0:0:0:38
+dns2.nic.broadway.	172800	IN	A	103.49.81.38
+dns2.nic.broadway.	172800	IN	AAAA	2401:fd80:401:0:0:0:0:38
+dns3.nic.broadway.	172800	IN	A	213.248.221.38
+dns3.nic.broadway.	172800	IN	AAAA	2a01:618:405:0:0:0:0:38
+dns4.nic.broadway.	172800	IN	A	43.230.49.38
+dns4.nic.broadway.	172800	IN	AAAA	2401:fd80:405:0:0:0:0:38
+dnsa.nic.broadway.	172800	IN	A	156.154.100.3
+dnsa.nic.broadway.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.broadway.	172800	IN	A	156.154.101.3
+dnsb.nic.broadway.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.broadway.	172800	IN	A	156.154.102.3
+dnsc.nic.broadway.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.broadway.	172800	IN	A	156.154.103.3
+dnsd.nic.broadway.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+broker.			172800	IN	NS	v0n0.nic.broker.
+broker.			172800	IN	NS	v0n1.nic.broker.
+broker.			172800	IN	NS	v0n2.nic.broker.
+broker.			172800	IN	NS	v0n3.nic.broker.
+broker.			172800	IN	NS	v2n0.nic.broker.
+broker.			172800	IN	NS	v2n1.nic.broker.
+broker.			86400	IN	DS	8746 8 2 7B7C64B10EB518A94BBFD3A75A5A31F9E3C67A18BAB01113A136DFD08D44B4A1
+broker.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NYOipbGLd4ho0EfC1UDBtFNoJuq1QZvBGecUA2/fVo9DXYn/pdLEqS8W5+0+1yrgN/Sh+0FD3oBLsCAWuT/f0oTDASlLjm0whSIqstEOLnR8ABYdXBsHIBUwzL+KXUhRDRt2iIZvce5EH0gf+8v7rrzI130Pu5mr0CzTfxc6HmUH9cTymut5uLWPv6jSZlfZBpfH9N6Q6wVdXsbuqBFYogCHT/02kJObv0Ky43DrtyEaeeiMVHODlpaWVGAw4zFYPB+troiLbVz2mjfUhBEujFiFxjqmLNtTIiG7slDUoaCswfbCG9LT75tHMCDct6xMC4/QuNZJNfq/wE7YPHHcFQ==
+broker.			86400	IN	NSEC	brother. NS DS RRSIG NSEC
+broker.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EtapWsPydjNT1YhHGr8hIqlUqW9//53A+vH7LP2vhH+upoP/xbH4LVzZHicyGhQMKSOjDnjkELDLx6TlDmvtsLHa928HzvxANrDP1Fw8uRWW1aABOKsRWFuqCYeXzanP4/Xlg/lR9oGCFxXOYjt+KmkkOTg69hPGc1lACDUBfEb/93vAx3LLj84+EiPPt2S0RQpwpIvQ/PR1Hwnfki/KW1nRglzNnYFrS1zB6EcZ8NP57AZGHy2MrVotJTYngmaMcTajJq9sTkmEg4rmD7k8bMj9N/5hSSTGDNxRfXcaz74z9NN/bxbxd9iJkPDPiqgJeOOSHTaijc/J0mzrFZC/lA==
+v0n0.nic.broker.	172800	IN	A	65.22.20.67
+v0n0.nic.broker.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:67
+v0n1.nic.broker.	172800	IN	A	65.22.21.67
+v0n1.nic.broker.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:67
+v0n2.nic.broker.	172800	IN	A	65.22.22.67
+v0n2.nic.broker.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:67
+v0n3.nic.broker.	172800	IN	A	161.232.10.67
+v0n3.nic.broker.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:67
+v2n0.nic.broker.	172800	IN	A	65.22.23.67
+v2n0.nic.broker.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:67
+v2n1.nic.broker.	172800	IN	A	161.232.11.67
+v2n1.nic.broker.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:67
+brother.		172800	IN	NS	a.gmoregistry.net.
+brother.		172800	IN	NS	b.gmoregistry.net.
+brother.		172800	IN	NS	k.gmoregistry.net.
+brother.		172800	IN	NS	l.gmoregistry.net.
+brother.		86400	IN	DS	6875 8 2 8955E563809E8DFE8F6B18FB0B23AD043DC6957E2AAC1A5F2C8B4CA3244270EB
+brother.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Nz2HH8PPO7bvjgIaVuuIjrfzT9OkxyoTVIl9DlniTjsyfs055QOBeELPoqz/5eLSvP0GlXHplg8LCmJI539n/u76aBYHzsiNnHjVc3BLu5KfpnsuP5OLoTYlLEdj70BGjw9py5b7S+PCdgYwtGiGIo2HvLsV/81CNGE8Wh70CE6FDVqc0CcfF/NCVctCPYydriqS+/flUnAjKVuhnqYKuFvVcJ3LbFY+k1PdtY4EF8f+N4Cj6i1879WGLgL3x99ZfdltG6dyBTLiRxSO6tRmLO1gejylssSAvs/KEwqH+LlXEBawbJJrKqjpL+8G1QCXm0gJu/pV+7ZBhC2u9LbADg==
+brother.		86400	IN	NSEC	brussels. NS DS RRSIG NSEC
+brother.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zGRK8JoERTrAjxM4d8VbzR080OXo4qrTJzsquiN0f8LGoswP4RduZbuM7SdvbT1a63GQbljaC4uhjl+pGlGrylUuWLHDdlxa/eow7urDeP+HInF3Em5NosozjyabdG4tjSAUwJWpjn8sY7NDYxD+wjb6BFek3aohTo0gasPl2I7G9dZosRjXpMT00f+omYA7VkJfx3bMrHqFl7nL7Xe5SJBYCsukDtUUAXsc+bpNrrEkfxaWEFK2/ZhHt7VFLAChX7B4bgr+3Hc2T7BEbjEMS0Dtopn3RmVD60Y9RBycCqQ3hk17b3Zp1aBEOqfkY69eXQZPtHEMxVq4SsnYVfJHXA==
+brussels.		172800	IN	NS	a.nsset.brussels.
+brussels.		172800	IN	NS	b.nsset.brussels.
+brussels.		172800	IN	NS	c.nsset.brussels.
+brussels.		172800	IN	NS	d.nsset.brussels.
+brussels.		172800	IN	NS	y.nsset.brussels.
+brussels.		172800	IN	NS	z.nsset.brussels.
+brussels.		86400	IN	DS	28780 8 2 EA50CAB83940B6AA791BD1A0C47ABD6C8549D43CF2776A48FAC633260F3BEE93
+brussels.		86400	IN	DS	62419 8 2 D753CE72A834C746DF60A7D2C7BD6E64151C576FCD066F95E451C3B5955D8294
+brussels.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FFgh22Z9YZ2wjUYRp5tZi70FS95GlkimvhMxRxHd2l/nyoR0aF5OTQkCsS54RgxxCNDTn+xz9emaKjIKu7Qy1YJJI63wAxoLUBvoeNJOZyPiuPXRS7AqrMPhnKpMGLJkKNsWYywwjOcCt7kn3rIx5alnxVuDPsLRbrB6Bf1oGjylGjjTKXofinRZC2z3bFwDd0neTBGXuq+GZRJGA7zIf0JRFLh5CLpDPr1BQgfFrT5ZZqwWvovxYVJcZpkBbidkqT06Iy1klBs4mySszpYgIkaAo3Qojyz/6No/aWUBLY5+vbm67deal7BU3cmOgWIV/A+EpJ2g4bjtjcSDTHKiGQ==
+brussels.		86400	IN	NSEC	bs. NS DS RRSIG NSEC
+brussels.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MdENA/maM7l3h078ODE9lRyq6UhFCv2xeHpGrMUHLww1SJ80QgaRTAe0ETySO88evgw/BuOzBoDUSXwPSIeyuTqcsybriocOD1RmfBQBK9PsB4LXzimBxoNpMLgIeLTPSQP/r3drP0ey10UnsKCvt7xb8jQ8gdERT2KGozu0e4KthnZTopQDU9BU3nl2VOL2eOpynAg7HyhWdvKT18TljtoV0ovj2jBuxaGGaF8LqOHr4OQmgT0V8MEJQLZs076JGFMFeiscRqyYhGR6EIDpAP7nis91wNxEZ5R7exEzHSy1Y4rkeWDklaDAuFC0bf4SQjwBaKO73nHT/2A1m6IUBA==
+a.nsset.brussels.	172800	IN	A	194.0.6.1
+a.nsset.brussels.	172800	IN	AAAA	2001:678:9:0:0:0:0:1
+b.nsset.brussels.	172800	IN	A	194.0.37.1
+b.nsset.brussels.	172800	IN	AAAA	2001:678:64:0:0:0:0:1
+c.nsset.brussels.	172800	IN	A	194.0.43.1
+c.nsset.brussels.	172800	IN	AAAA	2001:678:68:0:0:0:0:1
+d.nsset.brussels.	172800	IN	A	194.0.44.1
+d.nsset.brussels.	172800	IN	AAAA	2001:678:6c:0:0:0:0:1
+y.nsset.brussels.	172800	IN	A	120.29.253.8
+y.nsset.brussels.	172800	IN	AAAA	2001:dcd:7:0:0:0:0:8
+z.nsset.brussels.	172800	IN	A	194.0.25.14
+z.nsset.brussels.	172800	IN	AAAA	2001:678:20:0:0:0:0:14
+bs.			172800	IN	NS	ns36.cdns.net.
+bs.			172800	IN	NS	anyns.dns.bs.
+bs.			172800	IN	NS	anyns.pch.net.
+bs.			86400	IN	NSEC	bt. NS RRSIG NSEC
+bs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YTdADvSIQY3xpNmA886cawur4/kQK8FXK54Udo/XuDrq+6YUkY6JFq2bO1mB/y+KebTire0bz8swTmt+gPU8IaRRIoQMRt7bJ189Ee0yxQh4ayfazbMkJ2EnDZ/XQD7BzpCJegLL6JyZq223XFYSPLRv7uMREXgHLyVdLMPDrNkApzK4yNNlhOVfuqSkS3wFr3djOKrYY9tgdMFNaIIe20NQ01BL1MzKpWrCTSkDnzKHCtGuiefJi6k0WE4+bt5vRwd/7bYNf3rJ90CMffszvzuu44eyj324XGgjwkaUXxNzoQnzfH/rOYuoDn6D3+7z/Sv5m8nO/yHeLLJaFq9hGQ==
+anyns.dns.bs.		172800	IN	A	204.61.216.68
+anyns.dns.bs.		172800	IN	AAAA	2001:500:14:6068:ad:0:0:1
+bt.			172800	IN	NS	ns.itu.ch.
+bt.			172800	IN	NS	ns1.druknet.bt.
+bt.			172800	IN	NS	ns2.druknet.bt.
+bt.			172800	IN	NS	ns3.druknet.bt.
+bt.			172800	IN	NS	auth00.ns.uu.net.
+bt.			172800	IN	NS	auth61.ns.uu.net.
+bt.			172800	IN	NS	phloem.uoregon.edu.
+bt.			86400	IN	DS	14989 8 2 97023B81563CD7E07BF03EB44ECBAC8F11610C00FFD41F62B254AB95D643D911
+bt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YPjDJLvJC3DSjrxDSPD3zcatJ3f6d5/Sufj1QCnY9h5rXbwoJl+vaf/ZrnreIuIgNiGUT59X9XLVShJ3YAxIL0BdPX6VE3uRXV+kBTOAu4l7N/51BLWzkSOYnDd4eP4WY2QNXo0icM2r0T2fLJcSn5m1vV0iECoMxe9C92ck5sv28ok7XZQgywufLdKpO5WAi7Noc2/eHpCY9yYrTVMUEOih3mkSyLKDkq3/5TVU9NEvBecraknaoW9fq/q23q5kr5NelCZzV+wK08XySl9adVMCsZ39pLnfPvqrRUFsY0uXQMfLfIEOZDmky+tM2EmHqj5Ci+pZ0c0QPOjfrnPBxQ==
+bt.			86400	IN	NSEC	build. NS DS RRSIG NSEC
+bt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l8fwI9UW5ZXc4ZyVy+Fr/BwjU+CxLBaOdBPWm+MDJebMDcFb01p+ErOg23rV/OyN3lGSYOsMp1/l6FIGJDPMx1diz1xiwel8ubyx55Ig8h4L9STu2vv1h2V39NpZc/utxtUzMDH8ETUPny924drQz1ILEtnkKeTgiRS+M/+nZZzPKbZ3ICnYIJNF+zvLb0xBFkv6JOyoP+DLdLmqM9vMqDosJS3rjOzfQGB+E7BfoST5L/gcrjG59dO+WBUdp3jhXpfoU2fgelIIeBMMk3HcMeUruiMz746qUHVCYAyV/kP2ShlAEQsh5F+0//EwbOZ2InLdHG3qp8VOsc8XjvF7nQ==
+ns1.druknet.bt.		172800	IN	A	202.144.128.200
+ns1.druknet.bt.		172800	IN	AAAA	2405:d000:0:100:0:0:0:200
+ns2.druknet.bt.		172800	IN	A	202.144.128.210
+ns2.druknet.bt.		172800	IN	AAAA	2405:d000:0:100:0:0:0:210
+ns3.druknet.bt.		172800	IN	A	204.61.216.17
+ns3.druknet.bt.		172800	IN	AAAA	2001:500:14:6017:ad:0:0:1
+build.			172800	IN	NS	a.nic.build.
+build.			172800	IN	NS	b.nic.build.
+build.			172800	IN	NS	c.nic.build.
+build.			172800	IN	NS	d.nic.build.
+build.			86400	IN	DS	30770 8 2 68E3857B46D09FE8C87B6144A5D61F9613440A6407331AC598970C29809B56F7
+build.			86400	IN	DS	38839 8 2 DC44B2ECC9762A6D722A9882017FE051422FE7548782168404E5394C2331E8E3
+build.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uPgY5AlRaMjkVQShyGz6/e0KPSI+hYdDocKIY/PLL75bydf+zwYO54j/aJBQPIV7bwqzqQdfDBlsW6dInQ95eaeGpZqz3H0MR2XqbhNRkebA3HcoprxKOHVRdiCjOP7n9e4/eEozZj4pjfHousCHZxBOFGEDlW6GDjKWzCsfmF3ipP1OEMl8lPE7hGwQIoLfcyKMCgL9SkZx+j9yjRthIqi+HtHsxCI/l+W6epF69VRzyeDvapXbut+GPdtCtgJwo36qME+DRZ7/+Q1aWF+AGts0LW5r+Zb/4sa7qdxeXhYnc7QAf+x4JeM4VmFiloDH942xKXRRSfEFym+/MQWFFw==
+build.			86400	IN	NSEC	builders. NS DS RRSIG NSEC
+build.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pyJPudorIFjeCwGC21PmoNqxdbROy9ETFSHDH/auB7Mkf3qd9dkID1NpgaKK2U+9jEHGQG6nbfLjT4dvbLgdKjtGDlmrC7IiiytyzWxZhRlcCyu57yhuG3pxT6/BvWe3M7ZZNgUjLzi5fFxjapNLv7QJmGxyqQ9GcrYRK1ENuOOAVF3FYRnEHjdVxC2UnKcSOg2bmJAqIRejuQbGap/g70NA9QA+VOaVixT6roMW/uWxWEzL2IT+Fp8HS7XCG7lt83X2LF4xwZx9PBEC+LITONiuATFvJKLUkj6tdNcr7v9E77/W7DxNGL6vN5yzaBlv/3qjXZ0csFC28pZcH5WFJQ==
+a.nic.build.		172800	IN	A	194.169.218.20
+a.nic.build.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:20
+b.nic.build.		172800	IN	A	185.24.64.20
+b.nic.build.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:20
+c.nic.build.		172800	IN	A	212.18.248.20
+c.nic.build.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:20
+d.nic.build.		172800	IN	A	212.18.249.20
+d.nic.build.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:20
+builders.		172800	IN	NS	v0n0.nic.builders.
+builders.		172800	IN	NS	v0n1.nic.builders.
+builders.		172800	IN	NS	v0n2.nic.builders.
+builders.		172800	IN	NS	v0n3.nic.builders.
+builders.		172800	IN	NS	v2n0.nic.builders.
+builders.		172800	IN	NS	v2n1.nic.builders.
+builders.		86400	IN	DS	65089 8 2 0D0F85296845893F83BF7DB013340EC59238C81AD4B6E3DA33BA5B1632A748C3
+builders.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . X5NJl1DUAoEcDbzh/4omBaM1pnPtlzERgrrk87iMmirk4fqJWclKBqD8fsrbCa+HXRrhW26pvgM2aJeVOK0aV0MmLxwaJD3vW9F7nY+qGEedDHIUFqBdNFzJGMn8bh21g84uiLgPh28xUyg1K3S1XfAmn0Qwetj0G8kuLRT9LrpJSMyYbkCAIPEj8GZ4GRYI9zgkXfYKpbqzw95i4HTKqdlh3wMuUGyARBqwK2J4pfRjLRJB83CECv/kgjANhdgHQQnA9QlesMrSGdM9oznCaonfcQGB8o92UYZmGqgrznqHDHyPbLG7zkHCpafs2614Zr0zjf9iKaKZzni6NL13VQ==
+builders.		86400	IN	NSEC	business. NS DS RRSIG NSEC
+builders.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VidNbRGoo0PvUuRijE6dOfC53A2gRn3ChvaPxXqmDpNQQjSr8AmyvP9m0tGr0GMLY6MBKmTQ1Sxad9jMp5Ma2J2fBnIF79Gzge55TFHSfbgZwCss9Kr0YTztwOVOK4Kk+qONgoOuz9ModBpbDha8RLFz79OfXOJytTDbf5JXrUcl9MoIYCmno9H5Gvh8P8bmJ8vvTe+wVcwaQSjB+292F5iqFWoxjaPFjDQMnFRaHwFvl7VmYho+3NCiYGEbKCO7o01bR04+bS2Mx6mHmlxtJEhoab1dBOsENgueqE7GstWb9kUDW6aju4uPdEtVof6vvewvVR5qswzU6BKFWZDOBQ==
+v0n0.nic.builders.	172800	IN	A	65.22.28.24
+v0n0.nic.builders.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:24
+v0n1.nic.builders.	172800	IN	A	65.22.29.24
+v0n1.nic.builders.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:24
+v0n2.nic.builders.	172800	IN	A	65.22.30.24
+v0n2.nic.builders.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:24
+v0n3.nic.builders.	172800	IN	A	161.232.14.24
+v0n3.nic.builders.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:24
+v2n0.nic.builders.	172800	IN	A	65.22.31.24
+v2n0.nic.builders.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:24
+v2n1.nic.builders.	172800	IN	A	161.232.15.24
+v2n1.nic.builders.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:24
+business.		172800	IN	NS	v0n0.nic.business.
+business.		172800	IN	NS	v0n1.nic.business.
+business.		172800	IN	NS	v0n2.nic.business.
+business.		172800	IN	NS	v0n3.nic.business.
+business.		172800	IN	NS	v2n0.nic.business.
+business.		172800	IN	NS	v2n1.nic.business.
+business.		86400	IN	DS	27997 8 2 7F17414B2EBDD17B8BF3F1205BC82E2EE158DF8DE4CF46DACEFF55447F0EE429
+business.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bMW/HRlzhx4DF8JMjxqH85zG7e1PC8p/7hJnbD4+CquAdWW/QyhF8j8eyKUIqiGKO6HRv8oXWIEA6aNpqD8kuN8GPmZqzrnT25gSuCpbstX7cdF5f14EZfYy1ZyIVFz+XpL6LSjBsHLOWvqte82O686SDNnbZj0jzPcpgMkYtzT+HVM4oq4N/d2UCDg1RE+vRuK+Ly3hoe5cwwCFWfiSjFOF2pBCWpPfZWRbwvyWiXnYXMCm0ezpahdY0JEPEkhbg11kYzS8+uWIT2mkhjfIZQAi+5WB5oVjU2qHOgoNf6XPjiwbP2e2qINLUleq/0BlVQ1zrniPioaKnspCnC+8nA==
+business.		86400	IN	NSEC	buy. NS DS RRSIG NSEC
+business.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IB+kONoem+eu/71OyKLIktqSmWfgWmwFz8pPqi1YLC04vSw+DdgaI0T2QyiaUS6PQ4CQEAjg/6rBMGwaHHqHz1Q+PaxwjqZazsbcI0BQd7fsIp6aFu78sdhz3GwSw/u7MJwVuto0CN/jIn7hkleor4Sdz3l8DolxZ2/zwEYcCiCb6OErSoUcZPE+zLZ3ShQCvTooZXSjpcZxvmYWO/Fopr5ZkiOm7tnnEW5f1+uSKOnm5U0UlBF/Iwvj1AFvq09d0ec2675rI1GlB2uhWL45f9pWRRATLGxw62jIdzGgUCuGupcN9mWoxQv+vP2YhwcL0MyIKWj7F9EOY0p8XhRybw==
+ns1.dns.business.	172800	IN	A	157.90.205.138
+ns1.dns.business.	172800	IN	AAAA	2a01:4f8:252:4295:0:0:9d5a:cd8a
+ns2ke.dns.business.	172800	IN	A	147.135.106.237
+ns2ke.dns.business.	172800	IN	AAAA	2604:2dc0:200:2eb:0:0:0:237
+v0n0.nic.business.	172800	IN	A	65.22.32.38
+v0n0.nic.business.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:38
+v0n1.nic.business.	172800	IN	A	65.22.33.38
+v0n1.nic.business.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:38
+v0n2.nic.business.	172800	IN	A	65.22.34.38
+v0n2.nic.business.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:38
+v0n3.nic.business.	172800	IN	A	161.232.16.38
+v0n3.nic.business.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:38
+v2n0.nic.business.	172800	IN	A	65.22.35.38
+v2n0.nic.business.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:38
+v2n1.nic.business.	172800	IN	A	161.232.17.38
+v2n1.nic.business.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:38
+buy.			172800	IN	NS	dns1.nic.buy.
+buy.			172800	IN	NS	dns2.nic.buy.
+buy.			172800	IN	NS	dns3.nic.buy.
+buy.			172800	IN	NS	dns4.nic.buy.
+buy.			172800	IN	NS	dnsa.nic.buy.
+buy.			172800	IN	NS	dnsb.nic.buy.
+buy.			172800	IN	NS	dnsc.nic.buy.
+buy.			172800	IN	NS	dnsd.nic.buy.
+buy.			86400	IN	DS	16411 8 2 C9C2D0F38695BCF73FE5C6FE4A049282848F45F887C4C72B337BCA9FB50ABC33
+buy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WOzFglUq3elCLIsEGBje+Czr4+pr8+dxosQ03w5Alo4b2GvYs9IdoMe5rrq2wmk12KAeFPxVvGYKEH1xkdN5sbc66Mbw6tTMqfFIAh1aR0b5ZxjciGtXkD9tx4qsKjZyl+Oqb5DW18QNuI4q4TE1omOI3NWze7C3X7kjxWPNc8UER/EhkoMG9AQ2XIS70DsR6/GC5Go3pMk4DpqCrTA+Q7Q0GzneZy1qu4W22LycNM7egCWqbLx9WX7iOBUu+mryamJpomSobaW8RJdiiUj9jDptr7kIPpcTkTNnsUnszJZaZf1Jgn3FDYbVlkL7w+b4Wx97bhx9t+Te+zNL62mAaQ==
+buy.			86400	IN	NSEC	buzz. NS DS RRSIG NSEC
+buy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bknar1k0wHPgW2HvcCc3ElQL58qoSjk5hM4Uquuv6GvVEcT9psbrNuW1yOqhKEJ1pseLCyXNPD1FvuscFwJUQTybZoWLkx0IEIC1L2/5jDX9/mxqVjDA7dlRJ7whWG1ZlaD06iXpWfTwds9Lo+wkUnulqD3xQ3NcgInrGgJ0LK+p/znDfeUOpeuIFsG3InM2CGbBScJ5RgPmC14VHx0AM1S6nCIiBu9DBwcQMtywec+Nt99scPe80JHF2tLAWJoOiZHYzG+bgzeDr78HevKnbEx65M/wQBj0uAUopU+EYeSyobvd5bB6r2vsdElEmZtFhjC2N3smEc5+SeiNjq28Tg==
+dns1.nic.buy.		172800	IN	A	213.248.218.62
+dns1.nic.buy.		172800	IN	AAAA	2a01:618:402:0:0:0:0:62
+dns2.nic.buy.		172800	IN	A	103.49.82.62
+dns2.nic.buy.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:62
+dns3.nic.buy.		172800	IN	A	213.248.222.62
+dns3.nic.buy.		172800	IN	AAAA	2a01:618:406:0:0:0:0:62
+dns4.nic.buy.		172800	IN	A	43.230.50.62
+dns4.nic.buy.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:62
+dnsa.nic.buy.		172800	IN	A	156.154.100.3
+dnsa.nic.buy.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.buy.		172800	IN	A	156.154.101.3
+dnsb.nic.buy.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.buy.		172800	IN	A	156.154.102.3
+dnsc.nic.buy.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.buy.		172800	IN	A	156.154.103.3
+dnsd.nic.buy.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+buzz.			172800	IN	NS	a.nic.buzz.
+buzz.			172800	IN	NS	b.nic.buzz.
+buzz.			172800	IN	NS	c.nic.buzz.
+buzz.			172800	IN	NS	ns1.dns.nic.buzz.
+buzz.			172800	IN	NS	ns2.dns.nic.buzz.
+buzz.			172800	IN	NS	ns3.dns.nic.buzz.
+buzz.			86400	IN	DS	21817 8 2 EEA009D624A40B9AFAA8F0FA040A3D0FC900AB565E27AA90CEBB67B481C9816C
+buzz.			86400	IN	DS	60340 8 2 FBA59E35952704AE0656BC122AEC20528C8D49600E314E8BDF0AE00CE8C336B7
+buzz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PG5+fjCc7+3qhhy4eJZkxIOPM9lUxb2vHBPtK0JPmCf+kK9/HQkWTqC8A9CfDs6bHDEUZbkh24oP1aSbXIIP4NjGisNQgb3RoRjUxo5qYhYVaeNRMzucU2jdxfXIjWUoFNdbirEj2feMq1eMR88vRCRZ8iBsqt9cmao27LifLJUoQ0n9ftxAFhbkG5UboAGeu2UNE4CN3IKaL3A1CQT5SVmM9Afrdm7L4RUDlqTxTLP4hwfdLhEAFvv7Z4devifVKNxJrUB7l4VroaC3DEIINTmCAUqMjw0dQTqBegjZ6m53Tga08rkVAR/yOn0iJc4fC+yvIODcTsGMLIo+lQCndA==
+buzz.			86400	IN	NSEC	bv. NS DS RRSIG NSEC
+buzz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FllayhocofpiPtKINV0suwOgoH5Yl6FQKo6lPUObpMJPYHwB4Xpa9fdpoJNq+9gJbfRNKs3WAKV8cobVxWekIy2DE5dvTF2OHv8SWgfLAL+qaKORKR9GJNTdmckJQX/Yi0T9/hCPgJkufv0SNy10EsoyrQulPhSWT9+tJkwYqHB6RT5JUQAtlTDugNPy29GH5tPxOFd1RXcUZgb/JLsJ28No3mjdHPAM0/vEe9gRrHSkQpUSy8oktTBXaA01Zp1mVeDc6f/96qomoBWmhDwSVfx0dKkB8QX5c4EOdWVxo1z/kKX7V6UqiiacW81ZhEnayga18OK13GFpFROfhOIkmg==
+a.nic.buzz.		172800	IN	A	37.209.192.10
+a.nic.buzz.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.buzz.		172800	IN	A	37.209.194.10
+b.nic.buzz.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.buzz.		172800	IN	A	37.209.196.10
+c.nic.buzz.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.buzz.	172800	IN	A	156.154.144.29
+ns1.dns.nic.buzz.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:1d
+ns2.dns.nic.buzz.	172800	IN	A	156.154.145.29
+ns2.dns.nic.buzz.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:1d
+ns3.dns.nic.buzz.	172800	IN	A	156.154.159.29
+ns3.dns.nic.buzz.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:1d
+bv.			172800	IN	NS	x.nic.no.
+bv.			172800	IN	NS	y.nic.no.
+bv.			172800	IN	NS	z.nic.no.
+bv.			172800	IN	NS	nn.uninett.no.
+bv.			172800	IN	NS	nac.no.
+bv.			172800	IN	NS	server.nordu.net.
+bv.			86400	IN	DS	33800 13 2 5FA7FB1C36C810CBBEEA4557CE1B96175FB14B5E5F400A9D7AA36BA6B60FBD0E
+bv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UlE/VVWsecgONglXJu0bHZrgnaSiCan73Cy4AbO1ISwrTUsOHYCqwSV2qL+affjTE/VOcmljt2IK+Cy0NH4C6GBzRDsMhxzZ37LoGhrRSNK1EqyrlXAtIC72SFoouIms7qvIi2sW56WA72K0FK9QE5HtpuvJw7APIc3onVG4wsQShwXOuGb5BH+fh4cAYv5N2fvvehjkKQxPpMR0UcjFiPqlw46WqHkdZYHYAnlbAhP63zwd75xjbM3oXwCzRPQiNvtxey/+2JgU5CCtG2haSnnNE1SuK2plq6PqqUzQDx07zDWf4B299+JtxNOfGmI9T0VH8NcCI85ZFvsVl028Eg==
+bv.			86400	IN	NSEC	bw. NS DS RRSIG NSEC
+bv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IvYRm4eM5DLpS4nnH6R8xDbs5SGuvvlcGwlRkmrRB5dAuX41Jy+AkRP74sldz7tQ/Ky+EIfPLc7KCJ45QTfAgLXafG9UhyidJn8UN9HKuaYZsvXwFnBi/DiL0fHIns+pUWA/3Go9WfmQBqpUNA10JGqjnCqZzG3tnsJVSRNnosWvirT0wdOZOZzixPuG8x9WYJKyc1fs6rN/3Wp9G4Y3T1/dmITiqPbfgyCVozYpOgazHQhN6NIW3YU7nA56kDozzzJhzXdSdmYbAYGfrwR/N4xcA2tN/3N6vFl40wLTVhkUwCr1ntjZv6r5aJkx+IBiNLbL/nW4wSOCuY9iwNaPog==
+bw.			172800	IN	NS	pch.nic.net.bw.
+bw.			172800	IN	NS	dns1.nic.net.bw.
+bw.			172800	IN	NS	ns-bw.afrinic.net.
+bw.			172800	IN	NS	master.btc.net.bw.
+bw.			86400	IN	NSEC	by. NS RRSIG NSEC
+bw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NRCLXYT0KYD5KIfrZ5Hmc2hcQSkoFBTfTZX2TZfuZ0zwUDP9u3xrkZkRiBDLL/wuWtKz3Cvj2UgOJJvM9eQPj+g3Sa2WKMhyNFFia6jI0SiScSc21xTwCKn+U8eF9293ImhXf+exQXJM9+cnXx0hc/fOeK8bWoJgmFf431Je1aoZuU9oZFS0+lyJkXtwSB0MbKnUsA1PXG/GFC08Olm7ea82unfALcPPHj/g9PEm0hVwrhgeCJjOHknOsls/TWWaPhsxot9HW3zlvxN/+CF2sm1iuvjvQRpfTiSJmTfmOOzDhZriDwvoWLLlVU2o71K29exluOQgjSntDGqZOixe5A==
+master.btc.net.bw.	172800	IN	A	168.167.168.37
+master.btc.net.bw.	172800	IN	AAAA	2c0f:ff00:0:6:0:0:0:3
+master.btc.net.bw.	172800	IN	AAAA	2c0f:ff00:0:6:0:0:0:5
+dns1.nic.net.bw.	172800	IN	A	168.167.98.226
+dns1.nic.net.bw.	172800	IN	AAAA	2c0f:ff00:1:3:0:0:0:226
+pch.nic.net.bw.		172800	IN	A	204.61.216.70
+pch.nic.net.bw.		172800	IN	AAAA	2001:500:14:6070:ad:0:0:1
+by.			172800	IN	NS	dns1.tld.becloudby.com.
+by.			172800	IN	NS	dns2.tld.becloudby.com.
+by.			172800	IN	NS	dns3.tld.becloudby.com.
+by.			172800	IN	NS	dns4.tld.becloudby.com.
+by.			172800	IN	NS	dns7.tld.becloudby.com.
+by.			86400	IN	DS	495 13 2 2D14284F8E47B53F839BD8068D438680B4B6C7A645769C9D89B47DF0C5359B7B
+by.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gzBEamCKDfKYnV2KPZyi/k5c69VJdWXG0/HO6oiUCS+ppye+ZU6bRv4/ljQFXuBuE7kD2zYxd3WUv0Zv50a0430PhLyjsjSD/GgwSeHrb0CmVFb14s/7MBFRHGXgnrzXBSSXYJ3q5GakLrlZO5RpKuzfzjaNtBbPCn8tta/1lgjdZFZvfp/GbNBzIXHGyFa7r7BnUzDn1VwxqIFSpiQsu+HY4mdsyrkQUY4Yyav1aaJuvyhh10gjbZD1HRQr3l9JOcR0h7ckqaUmFY++JBFeLzFNKU5qiDvnWnX2j9dwgM4rmnmKihzjq+VtBZOlrzaZSvHUBcfQm2loupDhJzXTvg==
+by.			86400	IN	NSEC	bz. NS DS RRSIG NSEC
+by.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . N4i9in/aHm1rO2i5aDrrmNbO7iBsW8MaCkFfjUiQoc5kzlTVIJTm6RhU4LZUO0OXvgMDlsgRIHmP5+UFSeB7LqIa69HpH4LsU9gA1IO9UofWYbngm+ALth+inEI2aSTkQUF8hxtEjxtUOLFhGynSdDSJBvRm5G13UVV9vUfpbZUKeJLWm6tOIfAK3q/JtiofPyXck4/EjCPjVI2FBcFiBCRDn+xguKra1g+g0KTTOZYusnb5MOrReBLKJQaGDg1U00DtMz6esi02W8XEgk0FbPjHUD8E+edCPV2ayR/vQEmIg03FVWQMoDf41T9UplBnHzFg2JdAMU97NO6fk8NqiQ==
+bz.			172800	IN	NS	a0.cctld.afilias-nst.info.
+bz.			172800	IN	NS	a2.cctld.afilias-nst.info.
+bz.			172800	IN	NS	b0.cctld.afilias-nst.org.
+bz.			172800	IN	NS	b2.cctld.afilias-nst.org.
+bz.			172800	IN	NS	c0.cctld.afilias-nst.info.
+bz.			172800	IN	NS	d0.cctld.afilias-nst.org.
+bz.			86400	IN	DS	22882 8 2 088AD52A5E8E9ADF54345CB21753A54F71BFB8E2674F08B02B64AB53F45EAB9F
+bz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VpeefdS76xMS8DJ2casYweVHj07n7TYf+KX4Zwum8CJh0+RyOEsHy92sEvsPHDonnzvJe9MWSp28fso5+GGpLt+sdpdhIOxkXHIlWnp9DeVjP0H/otZaKAWT9kuEy8eiD8spZSUK9bCukgZVn3/+o1zTcvTmtgDDwG/SdN5vtCM2aEi1Z0PNn2Oz6gElLGx2tSxN/oNm7yuRnLdXx2nFmgOUbFBL0iRVUpKZcV5M0fXkc/O7r9O+YBFoy+Jtj9RsjlviW0ddIWBlyFlykeB+KrSmWPJKH22Wk3qepBD6sp1klqRkSeeB06YBU67r37EgqtZshl0E4nmnFI0egDG0DQ==
+bz.			86400	IN	NSEC	bzh. NS DS RRSIG NSEC
+bz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jjdcZwhEaYVwHxrobxwBnRAhjyWNxdxt0V5QVzbeezqfQOCbeODgWAxc81UNH6z9zbRhdkHnGQhiI0byTjG0ISZ26xeY+9S/1uovFqm7Z4iBtAuWbYjE6rNtSPceIUjDxOBkBtKnKz6gB1uPVy9r518VuWZuVaW9CDwnR0qnY/tteqw9PIhoJzc9my9PucEmRvyJ1AtAgmQGlDQDeigJvPQ1sQdCOUiU49vNiNIgWGyFHf9rTI8RJm4Wv05Xsc6wg9VvU8mzEo+LQgasAtFgiCQvjcUYfh69xnisSUAk7Ws2wDw8ShF0vzyEboPNBGae+0uDZlFK3tgYM6FS2PvVpA==
+bzh.			172800	IN	NS	d.nic.fr.
+bzh.			172800	IN	NS	f.ext.nic.fr.
+bzh.			172800	IN	NS	g.ext.nic.fr.
+bzh.			86400	IN	DS	21101 13 2 1142355E16DA610E0872122F8E5F542EE0D3668ABB727F3A031E2C14757B2445
+bzh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wloyDOHmFCsewmDQ5ZqolbRbv6AfZPd1Wic/M1mxzsLHrijc9IkWEBvHN840KxPO8uahYuXLtyd7/fmtHLjq0KbgDFg6/3r66TPNI66oCTIylc9SXTBSOgbb5mtNi2FZrmjCjnAip1m6F6qfHHByCOasjFypBkiPAFuSoSEzykLYE12p5EdpmxB0tRDjLnD5MCCo92xuMYiId+s1+Isj2rxHcGdcyV6v9w/Q1Ab14EXguUtyxibmMHJTD0Z5oi/xhwYQFs5wRAb1R2BR1kl3BzejlraI10LqPZq3xCAe71JQPB5vM7SkywXXcAKeBSmgXcXgymV4Or0F4JI0bDjxKA==
+bzh.			86400	IN	NSEC	ca. NS DS RRSIG NSEC
+bzh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lpN37pYOyBALn8E8DaBsuznuO0VwWZT5avKWpBWs3kCF8uXvaz8yPioiapp+aAGhBocBHWRnVU4Y/3NNO+lalGXDHjEW3PAmmFyn85ugZdlNYJSA5o+QR6WQNnxMfRdSbkEn+poguUYvuXgIAVezPct1nyHH1Rc5KGFYHuxnPQGiqS4wAeMHWfT2lywBoHr/EFKcQCTXkNrb3WxmjgoRgdUHVQTI4OWd7yQrli9WMr6hjhXPRpdDIHEdGI/XhuEsATnWSRSOeSTBU8ihVO0D9rPo/3ojP8t2p5mbJBfM/S32X9Q+dyLFSUJzl4tO2w8wOZ/9M63eQWYEvO2b7bbvbw==
+ca.			172800	IN	NS	c.ca-servers.ca.
+ca.			172800	IN	NS	d.ca-servers.ca.
+ca.			172800	IN	NS	j.ca-servers.ca.
+ca.			172800	IN	NS	any.ca-servers.ca.
+ca.			86400	IN	DS	18560 13 2 86EC28ED5BFF076186306DC8CE3B4E3EC0433D9D5D34C7CA8DAC7B1934E8B324
+ca.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zIiTwZ/osvU8laDUcRpLGBrZySsUj1n+umMHWHNtbim31sfZQnlPvfaSQXCyxWaR79DJohZUFlh/3gFHgyWfoHZ8a7oAu5ReK8UQUwwo7hn0iR6JOUOVwG5hdi5a/ku0rogJtsaZxkl1bT2Cvx5lb3zuch2Zfe1zpliajvJR1HDHmoPp0nVLLrFANadW/5eIAVhZOyn0gHTEtBeMO2MZ/0grF2iY+jCfPRwZY2pq1NDQG7723zlt9Djb25sAUjzjqTCjOEnOR4Vc/GyetZkGQNbZ/RklzYTuRncGFUiTiXN53EEAfvmpbJl2fvO738I3+4m4+yV4a7gAnQ0M9zlGJw==
+ca.			86400	IN	NSEC	cab. NS DS RRSIG NSEC
+ca.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V097NOv+i9hWVhy7t+EcGA/R3kWEDKtnI+5cZdh3sD45wbsFKaqNbVm8e4fVSj6eu+iMa3vnueO9PbPWrh3kzRBrzfQ/2cQdgGznNgyePOHdRxs4Ynpg5t/feNNtF5+9tF/FKILJ7eiQQbw5oWPZ7bCHtPTa8F0dTF91nhF8adMFF4JRtvLlRVu75rfPmI+Po0FBkzVbg7a2CI0/TX46HPzQFAi1CPzsDZ0cz6y3pc0DiJYi72iZQ/5NzkJtJd2wMrD1GYTVsqsAtuCRGlz/bT2YjeOQqhzSnLJJwWbi3PgpkGauL+7EhuyOzRVLKVTSL2jP5keLZCgvevL0vpg3AQ==
+any.ca-servers.ca.	172800	IN	A	199.4.144.2
+any.ca-servers.ca.	172800	IN	AAAA	2001:500:a7:0:0:0:0:2
+c.ca-servers.ca.	172800	IN	A	185.159.196.2
+c.ca-servers.ca.	172800	IN	AAAA	2620:10a:8053:0:0:0:0:2
+d.ca-servers.ca.	172800	IN	A	45.142.220.101
+d.ca-servers.ca.	172800	IN	AAAA	2a0e:dbc0:0:0:0:0:0:101
+j.ca-servers.ca.	172800	IN	A	198.182.167.1
+j.ca-servers.ca.	172800	IN	AAAA	2001:500:83:0:0:0:0:1
+cl1-tld.d-zone.ca.	172800	IN	A	185.159.197.56
+cl1-tld.d-zone.ca.	172800	IN	AAAA	2620:10a:80aa:0:0:0:0:56
+cl2-tld.d-zone.ca.	172800	IN	A	185.159.198.56
+cl2-tld.d-zone.ca.	172800	IN	AAAA	2620:10a:80ab:0:0:0:0:56
+cab.			172800	IN	NS	v0n0.nic.cab.
+cab.			172800	IN	NS	v0n1.nic.cab.
+cab.			172800	IN	NS	v0n2.nic.cab.
+cab.			172800	IN	NS	v0n3.nic.cab.
+cab.			172800	IN	NS	v2n0.nic.cab.
+cab.			172800	IN	NS	v2n1.nic.cab.
+cab.			86400	IN	DS	33811 8 2 B0AC01BE28D9AA827609E9CEE95D686C81D7FCF279D75B54444CC00D9126D8CB
+cab.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uI7vXhhXIa7RXkk0sxPbviRFEgF15lzQlBtrMHeIPO0Cz9QnSztNtCy3IlVNyUX3omffRZ71K0eIuVKKuoRLYybT2m9l7j4X5tjzjC69nXNdy+eqdwpAb6YSSd+mjh2Rv98OlfCf/avNANNO/ozVzHTy8kZPhFq9bxgQG+iIwEArlhLIJdwQj8enqqb79S0zZJjIxYhuYJYlynmGpjxwmer+jWH+l7n+vkhI2D8BIxfD3cLFYmHU6Ob5ScOinTxTw3r/Wxnqius+FoIUtQ5sSS/vNeLKPIBJ/Aevf1ns7B40hCvsRHwUIO6NNHQANYJkyqCLujvQxnQyz+Txhp3iWA==
+cab.			86400	IN	NSEC	cafe. NS DS RRSIG NSEC
+cab.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ym4LBDrp8M4VJxZnnq7iBI2F3DmregrFatING322rYMY9h+Ppb00h5yTaE09/XcWp1OyBqYodTEb3MlX6qyQtUZUBMz7zmTqAwIt0jq3WZO8OOa12PaNj+lggqhzAFh93P0twA8vCoGAjcuVcLrpR30a7EEsdfxJ7U3wtt0sgx4Q38T9iIY2kFp/Iz1TRKdX6q49vdEszN5ykeFNwqDs9j3637uowGkuzmsov74+wSiFSMFXoA55JFJtDJlpvl5v6XRZnCazN4HSMnuWjSSUnuwH0dtBXAEUTYGFfH1wiw9sPua4202BdO7zgJQtNqkayrzEb94DD/1uBdasBOSKIQ==
+v0n0.nic.cab.		172800	IN	A	65.22.28.29
+v0n0.nic.cab.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:29
+v0n1.nic.cab.		172800	IN	A	65.22.29.29
+v0n1.nic.cab.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:29
+v0n2.nic.cab.		172800	IN	A	65.22.30.29
+v0n2.nic.cab.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:29
+v0n3.nic.cab.		172800	IN	A	161.232.14.29
+v0n3.nic.cab.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:29
+v2n0.nic.cab.		172800	IN	A	65.22.31.29
+v2n0.nic.cab.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:29
+v2n1.nic.cab.		172800	IN	A	161.232.15.29
+v2n1.nic.cab.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:29
+cafe.			172800	IN	NS	v0n0.nic.cafe.
+cafe.			172800	IN	NS	v0n1.nic.cafe.
+cafe.			172800	IN	NS	v0n2.nic.cafe.
+cafe.			172800	IN	NS	v0n3.nic.cafe.
+cafe.			172800	IN	NS	v2n0.nic.cafe.
+cafe.			172800	IN	NS	v2n1.nic.cafe.
+cafe.			86400	IN	DS	20284 8 2 8C701B4BA51B9CD153830F6FA9A50EEEE63A98032728AA974D9466D7EE0E1FC4
+cafe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oIxDzUu/E0jCPboDqPPLC506Dq/CZjI76c+T+KAseOAJGPaT2OWMvoPfMCmtUDlYVe2o5xFpx+3rRTZp3dNfggzl7aNCwpkNtuRwNY8zmb0aaAh9P6Sup3UZTtkGdRjOOk4NZruMwER0y/UPuvR/q9aLvURj7OFNyMyXkU0qkXriMIDC0fdB+R437F5QLFC47d8LOgTTXMUKOBdBIGfNVR6drcDHDNDBreu/w2vwCdyDenS0uQp21sk1GKEDfT2we4hybUaE9mJA2hXmSAa2TZhrUHnrbMcH7kYD6mvpBQOMTy9nYJB8RC5MbMAuYxeBXu6WHPdxr97eZh/k5Kyi8g==
+cafe.			86400	IN	NSEC	cal. NS DS RRSIG NSEC
+cafe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CrzRBH/b5oO5L16frkubhAuL/wLKQHBqyoVCGvIUGqMekrLLbXHO5cO4Ds/7Lt843z/h3UjSCQIvgbdH7Y7IAZ0bHthGzCVso4+FVUJW56I2YRwVkWSvdFOlxlEJ6QgtjrAli0iiBy6gnVs9fmhjHHQBlD1NQjVyp1T/128B/3vVLiy6xrvr/Is0olNuGTmh/FVQz+mDgcsPR262q47mEEKOB/3ATQgwSqHQi10kS5FnBNoH7k83dDc4RmuCRbg+qw+W8Evmpw+gZUZCYVgvuzQVUvqoH9prVmB1cjg/CR+3cI/LCgcya5Z3Cm3D04DoNc4KXc0Dc7xD6c5xQkoFDw==
+v0n0.nic.cafe.		172800	IN	A	65.22.20.44
+v0n0.nic.cafe.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:44
+v0n1.nic.cafe.		172800	IN	A	65.22.21.44
+v0n1.nic.cafe.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:44
+v0n2.nic.cafe.		172800	IN	A	65.22.22.44
+v0n2.nic.cafe.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:44
+v0n3.nic.cafe.		172800	IN	A	161.232.10.44
+v0n3.nic.cafe.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:44
+v2n0.nic.cafe.		172800	IN	A	65.22.23.44
+v2n0.nic.cafe.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:44
+v2n1.nic.cafe.		172800	IN	A	161.232.11.44
+v2n1.nic.cafe.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:44
+cal.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+cal.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+cal.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+cal.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+cal.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+cal.			86400	IN	DS	18550 8 2 5D5349186BBCC0B98DCC5662AF9140FFE0B36F982043E2888043BA80665B08E3
+cal.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uC8HyxxA+BUABr0+djmRrRVmVr718+yDK3Z1hmEGo6LnZF4E2CsA0Z2RXaw5GH9MqEBm3nYQ9SQqYAO8gZ7OamVhVZxQhGUr7ThCQRQpyF/mh2r6JbIE67aCpKv4kTG93ID0eri9eu2iNA8kftULZleDgBqJTrmAwYN+PB5aS0fnOnz6LnX3FdHCXPAHd4aRCc5oN2hGZoqwIiLaQmDv9Vn2I/6gScHtXvwppNLFywE2XvAXVXXEpH5xnSsDtMEn4zHtaG5juIx/6Ct3fLYO0M+f/02x+ZFpJORAKKG7E67IC50/CG7PiE+KRrr+njFeIHruVoyf2L6yMW57fVSLIA==
+cal.			86400	IN	NSEC	call. NS DS RRSIG NSEC
+cal.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aCD4ALzB8pDGGAJxyFZve3ty4jB7k7NQp+AFvmeILIuk3r5BTv25o2KT59Fiz7NgZhaY+cd/mFh+N+VJwrV/cvdQFsn6HnLpO4o/wqBZysRTC5qnDezgM8Oj1oXAH0i+pXKI7gj8bdTIX519oswUk1fOHHbK7gCBvNknlSW3adcl8EOgdIdPiYol46/r/Jn4/rDtlAAsNnh2sJB/iJyxq+1fjRyZJwm+wW3jWD9sUPrJWfR01e5LYE8PQS2OWJauyPiW2cnyFW6NsLZ2XxZubE/FopIUJ9cBDzb3jEas6O1koe2L2ov2oZ5Reyb3jcobqGUMqPXWGohshjr5oKKpkw==
+call.			172800	IN	NS	dns1.nic.call.
+call.			172800	IN	NS	dns2.nic.call.
+call.			172800	IN	NS	dns3.nic.call.
+call.			172800	IN	NS	dns4.nic.call.
+call.			172800	IN	NS	dnsa.nic.call.
+call.			172800	IN	NS	dnsb.nic.call.
+call.			172800	IN	NS	dnsc.nic.call.
+call.			172800	IN	NS	dnsd.nic.call.
+call.			86400	IN	DS	58357 8 2 52A3A1C699DACB7D621A198268E5E76AB21931B19693D310595C504670E18C0E
+call.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . N0kiZ5q0WlZG4dyqQeVaTJCDKpMeUY6j0b4/vRsCDuqR2r84sXJ442iZlU4saqm9nsh23u2YSj8wkJzJTSUTP33RUd0jFRI8UsjwJVr+Rveu+TzYVzOykQJOu//Drj9uAgs66jOKKu8xoVeNrpXhsHbZAMN+HhvIRShOqBNeXETHrHLsjo6/UwCEYzzrB4X9X36UL8HzF/llkJwQzvEXTFga/7smtYxCg/ufQDquIsZ55L0t5kcTTpqlzdtLJr7QJj01WgavkLWlW78lm35YcOwSeq/POJ3iiudpiIvkoDXwzqG0zM4++bAF2kF6QnxQNzkn0O1h9kho1layX1C7Gw==
+call.			86400	IN	NSEC	calvinklein. NS DS RRSIG NSEC
+call.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xcEd9tea2rdxmhBNG7qI4dsqNe5xL/TaqqxJUaQMnxC7RwGc548LBt3wGHqIPtP7nDkSHyHGbm5oBvpGCzCyKXVjpUdPDdtptV07upXBNplkTuUquAwxrDV54waINtK2vCC8TagZ7R63e3GaCQoV9irAKm3KILMeguVKfJFAVKiyUR+wDgmFzQ/v+palXCMmTGjekkWf4bL33TWnHdrQPyPA9+oNjvGZ56TSRzlmxtcwNenFC8EWnpZGMGEjIV3LD36RO0VZq0KgWQ6bY/PLRexiQjuhD5TXr9dRW3c2rgNhV0OD72dcObQny4VWT/z1TL3hQkZWed0biEqsp7S22A==
+dns1.nic.call.		172800	IN	A	213.248.218.63
+dns1.nic.call.		172800	IN	AAAA	2a01:618:402:0:0:0:0:63
+dns2.nic.call.		172800	IN	A	103.49.82.63
+dns2.nic.call.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:63
+dns3.nic.call.		172800	IN	A	213.248.222.63
+dns3.nic.call.		172800	IN	AAAA	2a01:618:406:0:0:0:0:63
+dns4.nic.call.		172800	IN	A	43.230.50.63
+dns4.nic.call.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:63
+dnsa.nic.call.		172800	IN	A	156.154.100.3
+dnsa.nic.call.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.call.		172800	IN	A	156.154.101.3
+dnsb.nic.call.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.call.		172800	IN	A	156.154.102.3
+dnsc.nic.call.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.call.		172800	IN	A	156.154.103.3
+dnsd.nic.call.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+calvinklein.		172800	IN	NS	a.nic.calvinklein.
+calvinklein.		172800	IN	NS	b.nic.calvinklein.
+calvinklein.		172800	IN	NS	c.nic.calvinklein.
+calvinklein.		172800	IN	NS	ns1.dns.nic.calvinklein.
+calvinklein.		172800	IN	NS	ns2.dns.nic.calvinklein.
+calvinklein.		172800	IN	NS	ns3.dns.nic.calvinklein.
+calvinklein.		86400	IN	DS	4525 8 2 AF8C19B09CE15428675BD900E02276BFD651F263C822C7393EE3AB06791EEAF9
+calvinklein.		86400	IN	DS	46744 8 2 BB8A91F6ED57B17DA3D9F3F91B7ECE068799BA0F09C5310BCBC80150BF1555A3
+calvinklein.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YhAhYahw+KWF1ZGN1ymDcarlEjfIoLGw54qa9wiyRf80A02iqbOM7xOEosFeNiRTdIR3srSNLWyJPP+hWMsJlSOo151n15qK2/7ey+2UWg87I0DIaYvgEMostMwQtrWDQ+b7oBw5YjBXVa46rybisywGcWdqnrBB261OGkHE1Wc+PIqtp84zjgiqat5+2tdW3qWoTM/SzB4GVUaFIOIqpOABcCNJ+Vf1DSDxW37kgBZEeSYPDAXnuimodMHTWrHsaQJhEQ+UtpLJQD0vl3NSoi9y9QlidTP98zOV/zamAxeYV10vj7j8gKItN2X8KHh/rgXM9N7mOjPiPk5+LQ9gcw==
+calvinklein.		86400	IN	NSEC	cam. NS DS RRSIG NSEC
+calvinklein.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WwYgOo50r6MKFNCUWf8i1H+SZEXf2MN2ziOOuyphIYDuiweZsP23Il/33t9avCZHySdBH+3zA0PIFgkVZJxNLAu0sEdmWXYEsIEE5NdSrAL258Y2zk+iEnTzVrXmK+ZpGNbDRYS9xrtYW3AyD+R2rYnMqY09crH23X2iStJg7JJ8Ze3aMhUi7/4nhFIRzu0MyMQpNmdbp3gg4fn4kHiq3LmNDxBOyM86fU7ki7zTEtCovZFllX3z3Xcce4bJILALgoHUi+yr6mdrbyAPPibWnA6P9+hEdygV8xtHBhsJnX5RCzE0gFxLniE5xVOuZeRfccsAxpmhH6bxEVDPt/7jyg==
+a.nic.calvinklein.	172800	IN	A	37.209.192.9
+a.nic.calvinklein.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.calvinklein.	172800	IN	A	37.209.194.9
+b.nic.calvinklein.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.calvinklein.	172800	IN	A	37.209.196.9
+c.nic.calvinklein.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.calvinklein.	172800	IN	A	156.154.144.31
+ns1.dns.nic.calvinklein.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:1f
+ns2.dns.nic.calvinklein.	172800	IN	A	156.154.145.31
+ns2.dns.nic.calvinklein.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:1f
+ns3.dns.nic.calvinklein.	172800	IN	A	156.154.159.31
+ns3.dns.nic.calvinklein.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:1f
+cam.			172800	IN	NS	a.nic.cam.
+cam.			172800	IN	NS	b.nic.cam.
+cam.			172800	IN	NS	c.nic.cam.
+cam.			172800	IN	NS	d.nic.cam.
+cam.			86400	IN	DS	5089 8 2 A17021ADA565F6B13749741DC51A25B0F524BAE6B753343155CFE8426CD29462
+cam.			86400	IN	DS	27179 8 2 F8C48547453F63FCC5BF62884A1F885FE50D467079E7B17DA3C8D0A2DC92474D
+cam.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WBEuLV0hHRsPXABQWe4+66e8BHkd4B746+EhakakaUpk6j+qJxRk/O2woqT3EyNN9FP7ZRpgFzpfcMKaQsxx2nFVFOSfEvAaX8X85dMQHVEtr3C4n76c+1pSlcp4MXs664Qg05JlSQaG4WzbuuFExGg1mqlDRZRN4UvY0l9BfeAasK9Wd57tgUm8GyT2VoWA0JE8zGIYL5VRlqjvGaGCv/DqisTWEPv822z1jctwjuALU/Bc+++uwIPAXbendMY45FL530+7+ictGg78PU1BxAZ58A3eI5ay17uQcPYzjs9gS0rEzTxj1eh2TZZkPZXjTun+IYqBHxu6uBEUhxZh1w==
+cam.			86400	IN	NSEC	camera. NS DS RRSIG NSEC
+cam.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nVwlnkQfkpmXSsPyz29fbFj/vzwCaTw525iM4plkIUoyMtpGBH1YRijZpzhjdnbwdP9jzmpmpi0hNjzGWHkc3CbJ2bt2ucbrhPNC6Ds8XFLl2an+23iZ9wCJ2CMF2uhl1GDKfdyV9C9/VfpumM8+JJCr2/2WGKrkYxdymhFxOrMB9jc96SDuO4zEHMveSRA9IAUQj5s626362QF8uf/ItaTVKDPVlwp6PFTgK1z6dDUTUu4PWxQ86jeN43ZTDJjeQq9+/jRlTupZBus0ss/uLVPdjXQgjxVeNV727Tu0pM1wf4XEp3YvyeODHxfK7WxbN0g32RnnHIgMv6XI5V6/Sw==
+a.nic.cam.		172800	IN	A	194.169.218.77
+a.nic.cam.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:77
+b.nic.cam.		172800	IN	A	185.24.64.77
+b.nic.cam.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:77
+c.nic.cam.		172800	IN	A	212.18.248.77
+c.nic.cam.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:77
+d.nic.cam.		172800	IN	A	212.18.249.77
+d.nic.cam.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:77
+camera.			172800	IN	NS	v0n0.nic.camera.
+camera.			172800	IN	NS	v0n1.nic.camera.
+camera.			172800	IN	NS	v0n2.nic.camera.
+camera.			172800	IN	NS	v0n3.nic.camera.
+camera.			172800	IN	NS	v2n0.nic.camera.
+camera.			172800	IN	NS	v2n1.nic.camera.
+camera.			86400	IN	DS	23809 8 2 D3A9137A8B8DF3D9DA4F91CF8C0EE79CA9C3577C9CB7033488C97DE376D83D59
+camera.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iZL8cfAOc7Ns1T/0ITuWOtoZNeIWAA+dlY9sLey5dSVapxWeYCcn1mh+rulVVo41I3ZO5ZnfwsV7X70BtSqaM9q1migfiAqydeU8nEFT8N/zz8YQw1PYQD0J6g+eyKaYozdrynrMDyKOCYymCZuj8dewEw9s1kdb3Lebl+YP9lKLLOAm7wTbTvqeJke0JnrRQj0UoPTC+IwHo4/EjcHFjvvninemAUsGNDLOmVv4SCVq81toAxQIG6zYntL+JagF4/cqER9PPO2/00QpHVfl9Aagw4n/qKjJLTiVeZbXGeIGTg/5U2DW3sWG1fk2beB0kZ8gXG8LsPvK4hQg5k3WJw==
+camera.			86400	IN	NSEC	camp. NS DS RRSIG NSEC
+camera.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pr/z4t0cLby/O5wXjIzcupOCLoguet3UVAjnKFssbzKEiJ4DboSBfQZzp8ePmZ76fzNAlbZSTxynAhdS3HWEJiTqP638PYHrQr3i8LNHi4DY5Udiy2t3K36VyK5m5toeOByJatE2DKNSKRQqG68sOoC3/hrxxNtr5zBzpiPEi9VQjdnnueyWFF+KGeblo31t3vLiBA+kizst8wSAfYbfcl7z7UwWZzL+Yky4mXQXS4KRe31KJRza6IsKo3o/KyrxBsXMWUfLNtn0G+Ekh+qWa9UX0sueCgyMuHvBlXDWWtF6kS7Zu6sRZNoOyrTVDGKV7zBvdoRL5qKA3Qg2HlcF/w==
+v0n0.nic.camera.	172800	IN	A	65.22.24.26
+v0n0.nic.camera.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:26
+v0n1.nic.camera.	172800	IN	A	65.22.25.26
+v0n1.nic.camera.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:26
+v0n2.nic.camera.	172800	IN	A	65.22.26.26
+v0n2.nic.camera.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:26
+v0n3.nic.camera.	172800	IN	A	161.232.12.26
+v0n3.nic.camera.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:26
+v2n0.nic.camera.	172800	IN	A	65.22.27.26
+v2n0.nic.camera.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:26
+v2n1.nic.camera.	172800	IN	A	161.232.13.26
+v2n1.nic.camera.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:26
+camp.			172800	IN	NS	v0n0.nic.camp.
+camp.			172800	IN	NS	v0n1.nic.camp.
+camp.			172800	IN	NS	v0n2.nic.camp.
+camp.			172800	IN	NS	v0n3.nic.camp.
+camp.			172800	IN	NS	v2n0.nic.camp.
+camp.			172800	IN	NS	v2n1.nic.camp.
+camp.			86400	IN	DS	16906 8 2 D846CC0B84C3EE2DE1A364728AF8F069798D4F23AAA13D5B8BB161BD8B9D0466
+camp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NcwDvoOhyVWzucJ1x4HNusYlNpZXK5gkJp6psoCw9t4n8mUh2VY9xvBrNERO5j3gPbzps42cNzlRxL2rFNlL1SjIVALZ+hdyeBKZhoTV4IWYi/as7ottk6PMKxTS//1z22kXYAMGUQe5jIqPbZo5P/9Myn1oJrWwrVW9Lxo1Kfa4rdfFIsL0J3PQVhJuERlIPaCTibXGd0hBTR5JD3bhrdgrkKKVC3bHN2xDf87s6rX1BwhhrhSFfDrJOf5ZvwX4s/qnossg8IdCLGbVI2D8dIHZ4y/gZWwLnJ9PgUH55JuPZw9os9AFx2Ds7VRe9jTIsd5jkuWTKMYOGnZ8pDUUDA==
+camp.			86400	IN	NSEC	canon. NS DS RRSIG NSEC
+camp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uTYHAk38ydIsWbzKAZcqgKtDg3dgsqdw3ZtyE2ATnnVyTUa/3GLJ8tOnx+sH3HA/hfWIbxRieY7WldGI/SfjCOKXyBnLbrZSNgcYIkFd7HLmGWeH7+KA4rW5SkmXuahecvflAZhn8rzk92rsFl9a6vIVVBMueO1Yo26wjm8dBWZ8Ou7+rRzZJxnxEw1TfwfoDT3745ouEsmhRkFUp3P1ohbc+d9piKz3tiFIilYwvMAj8jib+s+59GnRYmYnCiIgVTGbf7R+gJOgfOg4HiOIOkk4uSMhh+XxDjfFFW66FsaIwKb2G5R7dshvYVQqaOm49Y5Kg8zILvvebzuOVAULaw==
+v0n0.nic.camp.		172800	IN	A	65.22.28.51
+v0n0.nic.camp.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:51
+v0n1.nic.camp.		172800	IN	A	65.22.29.51
+v0n1.nic.camp.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:51
+v0n2.nic.camp.		172800	IN	A	65.22.30.51
+v0n2.nic.camp.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:51
+v0n3.nic.camp.		172800	IN	A	161.232.14.51
+v0n3.nic.camp.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:51
+v2n0.nic.camp.		172800	IN	A	65.22.31.51
+v2n0.nic.camp.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:51
+v2n1.nic.camp.		172800	IN	A	161.232.15.51
+v2n1.nic.camp.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:51
+canon.			172800	IN	NS	a.gmoregistry.net.
+canon.			172800	IN	NS	b.gmoregistry.net.
+canon.			172800	IN	NS	k.gmoregistry.net.
+canon.			172800	IN	NS	l.gmoregistry.net.
+canon.			86400	IN	DS	5225 8 2 9A1FC16A90ACF3C7D3233480F45F595DEBDEF3F71AE637BF3F8093670DDA7D8A
+canon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hL2J2HIIvoS8IJxTgrBNIqflBEWhS9D2+2Axx8N5gO9EqZzezy7YyIO2VyMwdoJcXiNm+SibZxayv5JfMGgzmol5m3W5CwsLOFfGd3pChkyIShhjfqdjp/NZBDQS1E5rkat6RlAsVp8zn3mBPrfNolN2sFxXxjy2BDMmGHRDO7Zuom9fVEkjqj3fivGo9caW4Pjc7z044nOeavZyVGg3AFuqPiH1oxE+VRUEcTe0wpHBKmaUMj5afb1LEk+wpztaDC7sIRarBhxl07P6M675j0WSn+gCVY+ac8KWpNvQNK/Xuht2LszDy9gJ2ZUsJjnjFq/RHmhBjuc3NyYcO5/BSw==
+canon.			86400	IN	NSEC	capetown. NS DS RRSIG NSEC
+canon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RlSugNBO4lLr6Gde7zVHt/3S73QuT0EOVBmEgufbm2q2vPc1WrLCxkFQ9TEcog69koY+1OEuwg1XkoDKOCmacqFqqzLzLKsDIzlQG81lO0UhazZWd/iArTWznxgerOfhOkUahxrnOWoCGB6jdsRQnxM/UtSTGHMZ0PxcWusy9q9jp+F3Vs2QHG6ykvK8RqQVS3/OZ4s0x2Dmqs5ugDY4FkcaoN8jYL8kwKSsmdbGTG0EJcH4Ic9zwkil9/lFpT5oyX//ARf8FixRAK00H+ClMTurgvYVjd21U3G41+e7wTE7Ux+8gv3sjX75DJEojidRPuSZt5twH6XcePWBS2z9Ng==
+capetown.		172800	IN	NS	nsp.netnod.se.
+capetown.		172800	IN	NS	coza1.dnsnode.net.
+capetown.		86400	IN	DS	58120 8 2 0D66710DD001E9120A86952CEBB8C21AEDD72D5E2CA46F0A40266529E7133107
+capetown.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tExHHcI/rI9D6+VFwB8/J+sf6eZWOlK9sChEd3sH6Sri6XVbKytq4jJGe6g1x0RBLl4sCTf9mtNh7iYaVfFTHiSlc0z1m2aaL4H1HWX/h12uI5eqjsbmlBm2TXtDF0nbfvtf7oUc1G+uZDMDXW7VXKbddPwQXWR57TjAZZf3Nu/nsvaM4P3SU1TD8iQ+uGuvYeMLZSMwciKQE3h26PQL0OEhy5t3ZXKBgxyhOXA5BByaBrUHJXIKTsxaCGaYFGJgvPlJjsp3RTZUZNBZaNAcIBWbYL3obds/gy1Jyp3PL1w9vbM+NXSDM55rjgqAhA4QOGEp4pb9z4kN6tEp2HprDg==
+capetown.		86400	IN	NSEC	capital. NS DS RRSIG NSEC
+capetown.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kwrPUGyCxeke7+EXV51zGpQ20tbGievIgRTwFrPFbbP1MEIsdfty8WMF4xyTeEgylJXXR6fc9UxYyLX3HiwE8LcY6v310QMbH18nbrjLhwmxZeIuVw+uzVr+xzMooQgUUocTG2B5anvn3RCwYLSFMuMAkjMvdS8v0dJTYiWwCCtPt2pXFMHpVIXcaYz4LnKawzEGPMot4NfGZsTvieCft/BXJtuU+jDD+F+B9b651TWXOfgstbhLwBhUAdTV3HtAtEw7Tl98pRgeicntKNZE+jW0QJ/Kj9OQb7XgN/Z17lX/NpIRP4TBDvXtKdSjW9H82tPjWn3YphnDsnWvJb1b3w==
+capital.		172800	IN	NS	v0n0.nic.capital.
+capital.		172800	IN	NS	v0n1.nic.capital.
+capital.		172800	IN	NS	v0n2.nic.capital.
+capital.		172800	IN	NS	v0n3.nic.capital.
+capital.		172800	IN	NS	v2n0.nic.capital.
+capital.		172800	IN	NS	v2n1.nic.capital.
+capital.		86400	IN	DS	9469 8 2 E4832B3A24031E377C4D82A22C87EFADEE41FAC941FD1FAC7A2AB5ECC9B821A0
+capital.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rvr0hR4qkpC6szIfCBDbrQuEKyyTOuVD734j2tTdOMCCv+wdsZxXDHGLAoLJZygLCWE5ct7owzoJAxnttcsPiZYzNmArU09crq4QVzOhXP3VxV6ZhghjmAWNIsLeRoCayI3a3hrRY8qv16bsWEg688hW5qE7PohOofoLnOmtOZUGKcs6PK6kdw8IXUk1ZjaXlCthmMEi+FSwxjO5W1w7mhiuaSKtY5Tyy84tMkGoOQzhZtakMUcaFwnDA955MxXfR75fAz1/W0xxvGItptLiGfYbF6CuDmQ6JOSQviHSyClozReocR4+WOriZ2TNDUytObbdHblveMg0RxKFb+Amnw==
+capital.		86400	IN	NSEC	capitalone. NS DS RRSIG NSEC
+capital.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j9NlLBZacGQ7KjOXkMn2h9lv1JhoGSTk3/p/Y2hadXK/Mpdbvo8ZrYfh1GgSoVbF2oXDSxR59doZ9GN2x0pgEayb0frsoIeyq2p2h6hyKA63Dlw4wr/IVu5EiTSriBPmztwhNOvJe695adXKypQVLUsqAWRVUqFIW6O42QWsh7RIQSGCHI+8BZiyN3kSObFgYWo3C1+QJmLrmugwE2+9KLLotfS4/UASxQfAbWp6mXrd3nDrCsypKWPnqhkEHBGCvWQZnuFN+uXItF3LXslpeqpNgbTkJGSgX4OVWaG6yo+0OOMiLeDeWW1Pqfz628fq5kDnFjOOR7XoqqSz4bbt+g==
+v0n0.nic.capital.	172800	IN	A	65.22.28.10
+v0n0.nic.capital.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:10
+v0n1.nic.capital.	172800	IN	A	65.22.29.10
+v0n1.nic.capital.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:10
+v0n2.nic.capital.	172800	IN	A	65.22.30.10
+v0n2.nic.capital.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:10
+v0n3.nic.capital.	172800	IN	A	161.232.14.10
+v0n3.nic.capital.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:10
+v2n0.nic.capital.	172800	IN	A	65.22.31.10
+v2n0.nic.capital.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:10
+v2n1.nic.capital.	172800	IN	A	161.232.15.10
+v2n1.nic.capital.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:10
+capitalone.		172800	IN	NS	ac1.nstld.com.
+capitalone.		172800	IN	NS	ac2.nstld.com.
+capitalone.		172800	IN	NS	ac3.nstld.com.
+capitalone.		172800	IN	NS	ac4.nstld.com.
+capitalone.		86400	IN	DS	16365 8 2 017564F7C0204B23E19605E08E5DCF57C286D6D5097B53440DE91D4F04D3ABAC
+capitalone.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MKPNIbPzD7/EcJcxjO7fsRi7jF2lxCrUHf5BFRuVwDek2O/dZB6lq1hg+4XpTJh9ipn3Tn2mN9JFE5WOcccTCSkwGBCscMXtp3DFGoTg0M+zs0DwadyS/sROY71LzLa2Hyfp1lvdqZISOrHC0nTIt6CYT689dWuYqWXk3lGAXFs/UrH389glJHjNfXYL/zYMmbLQFBifLHNbsXH9awunh+0pa2yKRuxZPuxFeryPsHchGA/T9wgT5qehbrrDdQjomWcm1coa28kKiMJq+Gsvz9DnGzxm200bYC9Oah43xXmou/w8nOkzyosRS93OGbqwMEK1ejrvaiHUwwkFQuwHJg==
+capitalone.		86400	IN	NSEC	car. NS DS RRSIG NSEC
+capitalone.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0qSan+z0ShFzX1BnsPACZyCZVHaNWKg9B/H5vcAw0acLqi4UhwJdzdjODeI8/YSrvEHf3ki6KRTauAPW0gidzW3V/kzpuxL61d5DS9ENaNqdq/8jJ7Bfh0uJIRal89ZZYZTubzS+VgCXsl0/vmIdEaBI5LDCPZYulgaXk0oI5UWE5cYLK8lgrnajFX3hGNbc980CgMh114dVo/P13klyaDUE4DbcQSajSg7vK5i7FreajFqCH1+YhIs4okjfNQdfBSPgVgy2cZMBmMwnIPDhF+ro3TlnQX1UOtCH6cQAd1NXlr3B2VawuyEp317ZuUQWePQ0C7u/thMC4uflERExGQ==
+car.			172800	IN	NS	a.nic.car.
+car.			172800	IN	NS	b.nic.car.
+car.			172800	IN	NS	c.nic.car.
+car.			172800	IN	NS	d.nic.car.
+car.			86400	IN	DS	6293 5 2 519D12765966B6F6E6BE8236B0A6510B86025FDC7BCBAA1630B8632A9471A4D3
+car.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wNTOpyirvMUmIqjFKYfL7Xq6dwTCCYU6IfM1vnsBBfu0JZCGD0jUJhBpQZjpmsT2kJ9GJVHMQIo5KKsBkWLIjs3o883reVofTnMOvf4lHx4++aIzUXcGb24rbM/vh611HxEuS3WDQ44h/qR3o7X6kFsT0UNtxWVqY4XcJvrVLVMNVp88sCsCAUZRJolB9Sm/FI8bFrHwAj1MIWVvZRgEOU8M6MOhG53D4gECwcME2mEFUP3yF73OSjIGG/dM96aXaJo9pFb25BPHG2D2532gHTzwyaTj9hig+7pcOclsIAdOazDtukHqEgPi38Oky32DUxXPoXhZji0yDcCB8PXqqA==
+car.			86400	IN	NSEC	caravan. NS DS RRSIG NSEC
+car.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IBxbiRJeF2Zcqrqu5XlWguQr3gCv1ZcL07+SxeLDv9tPixxTwIb5LA4CtcYYVht4KUVktvzIg90A5bV/7ajdr2MKCbbu2Q+69EYWBzydUv9iHqRRMAu9rEtyF/iw4CVnk+dbsEHe04sZmqyugdTf60IE425XLtXXMu9KoAMY6z4SZnCww2URGRRw1sZu9XzVEYQV3MUQ75dGvKzfqGHDAdYtSimkQV5yrvNEheNneSAPHBxMZBRX1KgMze7C5oBZW44imgUNpSG0HgvHSR7IolibYxVxamCebkU8DPz2s3Z0F5MEcaBB1eXrFarueBjEYQCnu5o7lTq97rGX3Tz0/A==
+a.nic.car.		172800	IN	A	194.169.218.130
+a.nic.car.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:130
+b.nic.car.		172800	IN	A	185.24.64.130
+b.nic.car.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:130
+c.nic.car.		172800	IN	A	212.18.248.130
+c.nic.car.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:130
+d.nic.car.		172800	IN	A	212.18.249.130
+d.nic.car.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:130
+caravan.		172800	IN	NS	a.nic.caravan.
+caravan.		172800	IN	NS	b.nic.caravan.
+caravan.		172800	IN	NS	c.nic.caravan.
+caravan.		172800	IN	NS	ns1.dns.nic.caravan.
+caravan.		172800	IN	NS	ns2.dns.nic.caravan.
+caravan.		172800	IN	NS	ns3.dns.nic.caravan.
+caravan.		86400	IN	DS	3526 8 2 370991B8E6E9F532E4B6DDF051FAE510353E27E0B99A3F9B7B359C48620C507E
+caravan.		86400	IN	DS	28732 8 2 E06FED6FA549445050D4745F1BB53D854AB42ABC74F0E7FDE4E93A887E362E64
+caravan.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1TFZBNxtWMqRyHrA3DstN+H4JhBLYSMFD5dZq8ReF7fW+OsQO7Fy2JWjq9fadDZtb2xyydpbfAFQIP4l5gP3uj8+vkyrd7unGSWeqVShKWsM4wu9oohJzPoZz9JRmycF+GM99qZDfKR51QAbqk9wUVB1xTPdyXFH5txPE7PsVB/BFeBZzTUp9jitvaFdVkWVsTDFbWKm7QNmKhi3PBN3ZJ/EdQPMcoZzqM06rkBv/buU68njVuD3L7jc9B8BDRxhCA8sRoZF5PzpE6rZxOMUDYA3ZD+EONQL2jA7/jutdE3BgdOAEF7XYGRahKQeFRLpGIMC4FJHFr2BYv278b4zUA==
+caravan.		86400	IN	NSEC	cards. NS DS RRSIG NSEC
+caravan.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UJwXKaTc1mq0FtbQaJL7c5hZqbqiaPgqplqp+IvisoYR1YW4i/DmMm96fbwUScczU4RIm510nmEJH/pE2hxviy7pQCfjRq6cqhSaQdXO42XeJ+jcDaFp00Ui09E7uOExriEoQQzi19rsV+uPgIsAG9pfhOOXaUSZK7p8SIPvhYDppfbNXY8JxkVRdgjHytGkyp1Xmd2a5ib92FOKEgApzKVxfhW8q6afT6dGqnb8Dh5JgdIymquYC0TEXII6N0KAF02qEx8Ry4JE28cYGR95z7vRiGloA+I99x+sxO1UGEs594m/QiIMDS/4H4IFpkm1cuYzi5GRD93p1NuaTeOg/g==
+a.nic.caravan.		172800	IN	A	37.209.192.9
+a.nic.caravan.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.caravan.		172800	IN	A	37.209.194.9
+b.nic.caravan.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.caravan.		172800	IN	A	37.209.196.9
+c.nic.caravan.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.caravan.	172800	IN	A	156.154.144.32
+ns1.dns.nic.caravan.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:20
+ns2.dns.nic.caravan.	172800	IN	A	156.154.145.32
+ns2.dns.nic.caravan.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:20
+ns3.dns.nic.caravan.	172800	IN	A	156.154.159.32
+ns3.dns.nic.caravan.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:20
+cards.			172800	IN	NS	v0n0.nic.cards.
+cards.			172800	IN	NS	v0n1.nic.cards.
+cards.			172800	IN	NS	v0n2.nic.cards.
+cards.			172800	IN	NS	v0n3.nic.cards.
+cards.			172800	IN	NS	v2n0.nic.cards.
+cards.			172800	IN	NS	v2n1.nic.cards.
+cards.			86400	IN	DS	40594 8 2 0A2EC0D96558B08E99F3EB0CFA6B80CE64CB9994CF16726D56AF60FD2B5D3F9D
+cards.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zmCFdLCPpSrkMLRx3ir4wTKIEXcdq573/L/FBzwnJSLGO2XAoNlfcVz7zHJ0r7Tv/uVnUEeFafAQERKonlZLJRJ4F4iycTmagL9Y8a7O2C26uzsYeuDflGsLoSab6OekNJ5Qq1Dtyjkx5zQUBkfBRhNxTDq+4Cncn6RU4+C7TRmkCnZMNw7LSJBsF98k+BxkewUOclLIBiVUDZYCzYvnzWeaEzbvVav/bm7ZMUY3wTBP2qNflTOg/A3X+lFC/WNgw1XPuJ9WCYZy5D3wNxCw7GhFKe9FicBXS0o47gcuKM0m0IatpsbymAoIcCp8Fh8MaO4cuANh6VGrvlIQUAV7aQ==
+cards.			86400	IN	NSEC	care. NS DS RRSIG NSEC
+cards.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aZnXKGl6GZ4OM7yYl+N+cVQsI29hI2UPWB/ApbLBJV//DHMXvwnDJHffmpIMYMm/OiQ6PDTQd7agB1OnLeYPtyjLSIYzBj7PgBpUjPyGq0w2admrz7KqGTdhl4j9M3aOQFNpR6FgvU0/QmWeST2zgzTss7hpNNCgqzJa7W9C8bWhlVnqSe1sfe8SGY6FdRXlpaHbYCTsoyyvhTjeoaUS97auJ135/tLl6d7hdBg1nC1uzEWa3S7ZDGQAHLRUViEZf/9rXpzt3ilLAEuN0cYmW5ryi3jZAGJR10rATBrBi4OGzwGFX8F8McCOBPfm2+J8jx5254NJ0yWDTlP/+aZk4Q==
+v0n0.nic.cards.		172800	IN	A	65.22.32.50
+v0n0.nic.cards.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:50
+v0n1.nic.cards.		172800	IN	A	65.22.33.50
+v0n1.nic.cards.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:50
+v0n2.nic.cards.		172800	IN	A	65.22.34.50
+v0n2.nic.cards.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:50
+v0n3.nic.cards.		172800	IN	A	161.232.16.50
+v0n3.nic.cards.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:50
+v2n0.nic.cards.		172800	IN	A	65.22.35.50
+v2n0.nic.cards.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:50
+v2n1.nic.cards.		172800	IN	A	161.232.17.50
+v2n1.nic.cards.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:50
+care.			172800	IN	NS	v0n0.nic.care.
+care.			172800	IN	NS	v0n1.nic.care.
+care.			172800	IN	NS	v0n2.nic.care.
+care.			172800	IN	NS	v0n3.nic.care.
+care.			172800	IN	NS	v2n0.nic.care.
+care.			172800	IN	NS	v2n1.nic.care.
+care.			86400	IN	DS	17539 8 2 549AD6134B230096AD3BF9E7AF9CE64FFF941884104A23428720D55E6007871A
+care.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fAMTiWx3b2OuS2rg/SO/NTV/tSTTM58Q8OCpYbIRPe8BqI6z338bIcd1U9gPL/21csdSAQjNuOzNcGu6vAPKV/zfoQul6BkGLRZDrAfzDphQU0vBlpOp6Fug+6MThLwf001MfSHHtw6z7ez4zZxEwqpCkPyKF7cNZMHEUlVFpMNzmlXktwqtMT0pI/qQYVhQ+u7r0FYgkx3UnfAAFVXzJh21C/McyYo0eRk61NMoD6B2CQrjby1h0XDgfHDG6PwYHSr51NTO0mACRrsqucHlv2yXswKsycPy/Zsa5wDB9o/WeWDYTn/3tF/nUnWnqdg6tYWKl7cDfjLvaTm0m1Oq1A==
+care.			86400	IN	NSEC	career. NS DS RRSIG NSEC
+care.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uevkC6zt2LNpTk6yE1GUnFOQm+D/85Y3YuaE47OcmxB497coX2hO0h3Q5ee3Xiy2dRSDD4fZ5MPvRfvZ72EgI/fpWNqm2oE7xDzP2XbontnKNRPItUw2MEdCCFOq+3hcJEh/I43DUSVgTqZvDf7ce1PeoFSsnXKunq4pWa7M0ikSdQwLd4EgVEsa1BchJyzx3xBWEfbrda5qfRJmjLDhRCgGrgFtneGKF6/Y+RXeDrhkvPOvG+1LYgA5a9lQypx0ndWbwE+jyO4MhCj30pDvDeMEtqttPSOmOAtWlssYwjZ0zFDmIYLAm9KDcoxDaaYcZYAC5ULG2qGdytBTUmYi9Q==
+v0n0.nic.care.		172800	IN	A	65.22.32.5
+v0n0.nic.care.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:5
+v0n1.nic.care.		172800	IN	A	65.22.33.5
+v0n1.nic.care.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:5
+v0n2.nic.care.		172800	IN	A	65.22.34.5
+v0n2.nic.care.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:5
+v0n3.nic.care.		172800	IN	A	161.232.16.5
+v0n3.nic.care.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:5
+v2n0.nic.care.		172800	IN	A	65.22.35.5
+v2n0.nic.care.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:5
+v2n1.nic.care.		172800	IN	A	161.232.17.5
+v2n1.nic.care.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:5
+career.			172800	IN	NS	dns1.nic.career.
+career.			172800	IN	NS	dns2.nic.career.
+career.			172800	IN	NS	dns3.nic.career.
+career.			172800	IN	NS	dns4.nic.career.
+career.			172800	IN	NS	dnsa.nic.career.
+career.			172800	IN	NS	dnsb.nic.career.
+career.			172800	IN	NS	dnsc.nic.career.
+career.			172800	IN	NS	dnsd.nic.career.
+career.			86400	IN	DS	11480 8 2 252513A3ADE85062B3943C4D19B9DE1A0AE15176AC5D0C6D15C6B79B70F36FF8
+career.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jgO+/UnBVp3l22kRHHHQ4IgmoctFDAZSUcRq0/5AKoLltaWUeO8jjtCcm14Cyh/9a9jkAY/amYJDW232w1PyN/ZNFRdFjpul6MuzSO5QMjFf7z4ic9WCpGnPbPsNiXa8NOb1imqt23ybjDYzrP+93AlvjcT/6PXNBR23aWoHDeGqkADVLIiXYbc8ETWW3rIyKhMidC/FOR94DllpS3vk3BB+8eX236q5lF6V7ifI8XK3aYlysq5MEPAbn9dS3QQtyjsgKgoXeTHBijnI5P3oSXHFtFDzfXcgdnARPUbvTk2oNAPJEU66KrXM3SSDvGHz686f3XUU6oj+S6toyDp9dA==
+career.			86400	IN	NSEC	careers. NS DS RRSIG NSEC
+career.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . w2jKfU4CqOVkavue+EfO2QeiPFT1SiafeEqdKGrq0sRrtyh5deqM3xUm4Z1ktxOTWLXeOAGQ6OCOaRGbdVabdpDYWpbOmmZO/Zjdn/k5TrnApkl2AlsySaCS+8KvRBAbP2vXa0hsU1fPbvIINQpLHDtQ/0YcUP9/gW/wKNmftZeB4quqepBYXLxXEbYuic+WDs/naZ7Z/5imX2NRkr08+zaSYBWgfobuF6Cm4LBjpDlOpV+UGU763YqwBiX1FznT4/pCyMxd2TT4FqDCg1pP85RHJJ/yKzso1IJzkK8adsBCNMriTr6g6CiNGgL0QxeISjDiUQrSsJGLs5PsqNnQCg==
+dns1.nic.career.	172800	IN	A	213.248.219.121
+dns1.nic.career.	172800	IN	AAAA	2a01:618:403:0:0:0:0:121
+dns2.nic.career.	172800	IN	A	103.49.83.121
+dns2.nic.career.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:121
+dns3.nic.career.	172800	IN	A	213.248.223.121
+dns3.nic.career.	172800	IN	AAAA	2a01:618:407:0:0:0:0:121
+dns4.nic.career.	172800	IN	A	43.230.51.121
+dns4.nic.career.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:121
+dnsa.nic.career.	172800	IN	A	156.154.100.3
+dnsa.nic.career.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.career.	172800	IN	A	156.154.101.3
+dnsb.nic.career.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.career.	172800	IN	A	156.154.102.3
+dnsc.nic.career.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.career.	172800	IN	A	156.154.103.3
+dnsd.nic.career.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+careers.		172800	IN	NS	v0n0.nic.careers.
+careers.		172800	IN	NS	v0n1.nic.careers.
+careers.		172800	IN	NS	v0n2.nic.careers.
+careers.		172800	IN	NS	v0n3.nic.careers.
+careers.		172800	IN	NS	v2n0.nic.careers.
+careers.		172800	IN	NS	v2n1.nic.careers.
+careers.		86400	IN	DS	29944 8 2 778E821FCA074FC5E155D0866CBAB618EC617866BF7A090BA85CCD71B3B249B5
+careers.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CZctdGd7K0JO8A7Wf2MvNjub8pGImY8bADfljyyI7XYgvNwat5edYl/RZSHDzrmxvQdaqy3Yi1R1b5AvvH2/vFdoHYzA1LfeRAdF5pva2eL9SGDvOwUc/3kniP/OLkS5UPhzsIkcd3YIz/01vwXvJhP7R4CpJ3b/FESAE839veXGdpUcjthZxElGdRJbZfAR69s1Q1afEsA/pQ+eb9Wr0fuEXbI4pE7doOC8oeXxhBz+splaMHH67XK08+DuBnxG3MQhy2tl4jzNa68jV18Y1NlTKBQZkm037j1aftqDm622e6UYLIvNNOlpHJrRQj74IzKLlhQ9n3ZVQrEdcblH7A==
+careers.		86400	IN	NSEC	cars. NS DS RRSIG NSEC
+careers.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mJ7kEP7VzENOLzgMAxPUOQGKPBO9IVGkNloFdy2ThM+TjoKwwiosFpUbw9ddKH//Ck+VYnHSxGGocY8yGTMQ5r32IjADfctYkZTKFhHN4xD0LaZ/eo4wzJGUM8cxCLr3oX3iECBDJPnr1UcXqVZqddoM0riQbIUNXFcfSlYsFElJs0GZXn6vzFDMeKGKGeClkz4L/n0ndbzFZZY5gXmy6smbl8OEJp8Gitj8PIcP8WbriyFHrO/PpkpeTutNu/7zcubbX87OupfiFjaOKyHi5Ldvy1gfSfbwJVB75npdOgndXZ086cizAJPOHAHBY0eT1TeWnJ3UNbddYXUX3wD86Q==
+v0n0.nic.careers.	172800	IN	A	65.22.24.48
+v0n0.nic.careers.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:48
+v0n1.nic.careers.	172800	IN	A	65.22.25.48
+v0n1.nic.careers.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:48
+v0n2.nic.careers.	172800	IN	A	65.22.26.48
+v0n2.nic.careers.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:48
+v0n3.nic.careers.	172800	IN	A	161.232.12.48
+v0n3.nic.careers.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:48
+v2n0.nic.careers.	172800	IN	A	65.22.27.48
+v2n0.nic.careers.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:48
+v2n1.nic.careers.	172800	IN	A	161.232.13.48
+v2n1.nic.careers.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:48
+cars.			172800	IN	NS	a.nic.cars.
+cars.			172800	IN	NS	b.nic.cars.
+cars.			172800	IN	NS	c.nic.cars.
+cars.			172800	IN	NS	d.nic.cars.
+cars.			86400	IN	DS	26272 5 2 8253077194F36991396AC49542ED2BE77D88E972D5ABDB0D832F2D5CD2C7F71A
+cars.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UgmjG1+igBVDvc/ra/BbmteNve6M3TFVLQPjhvQx5bVWkSMi6eqndFyDFTxCZzR1v0kWXCT+dANfGIft8qec8VOFZUc59bHLJomcQqx2AiUP35+qBMHnL2EWnD98dokFibUQ2Uj9w/cmLUHeupIKWuIjCv43v27vUsDDQ607CLwsTnn6AJw9+q3s28S8qR+UfGUM0LYM7jDHqL6dyQG5iBxeTGMHR68T5nHHd5SRlP1HiaE4KbN96ZCtCeDGczBENscdJ9H/HQMAmBChshDncTfnNGL1O+k4q116kAo2XJuntTqA8gWy2t+Y96ePbTihEISaC6ZTq0R6O6EMXr/WqQ==
+cars.			86400	IN	NSEC	casa. NS DS RRSIG NSEC
+cars.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ln8wx+5GFxmj2qs3D9g4fo3UXBbneDAbp+ouFZ0mJitj/Q2mmc30otPZjal6QfICpZ3qb83KhAdUfzTUFyw0dFQpPzNW/NJZOSLc22NbQtir9nPuGf+PXU3FT/y9uFVskk/XItomJ7K/R981rLGCx+opBgjFnPt4a95jDYr9WX8SUbGyeJsxoAMq/pynZiBRNnVdiQ5gcCEqX5dNq26pz4dyN2HzbHoAgnf24x9KdYg9zmGNPw2CJhqNNdrFLASKQ0tYkZu+JQxyqvF197dooVILW3zRM6OtbPfK15hp9PP+dRHS0rXuDH0b27e+3L/fLp+wiyKR+G7nwjgi/2ykpQ==
+a.nic.cars.		172800	IN	A	194.169.218.129
+a.nic.cars.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:129
+b.nic.cars.		172800	IN	A	185.24.64.129
+b.nic.cars.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:129
+c.nic.cars.		172800	IN	A	212.18.248.129
+c.nic.cars.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:129
+d.nic.cars.		172800	IN	A	212.18.249.129
+d.nic.cars.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:129
+casa.			172800	IN	NS	a.nic.casa.
+casa.			172800	IN	NS	b.nic.casa.
+casa.			172800	IN	NS	c.nic.casa.
+casa.			172800	IN	NS	x.nic.casa.
+casa.			172800	IN	NS	y.nic.casa.
+casa.			172800	IN	NS	z.nic.casa.
+casa.			86400	IN	DS	12820 8 2 DFD8771512E3E5D525FCBEF9BC186FDA12797D20977A41CB663DCD18D8E38CEA
+casa.			86400	IN	DS	39931 8 2 9870940F409B2A9D22AB87E5239F8A18B1C44A9B6528ECD318DD78D23EAC761B
+casa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . coVTfo4T7msUpWBZBFir3BqBvxFYq+z7WmThiVvN5Qic1BUxbm696z+OhKf11x9PVyKhDqk0fqf4DzzM2Z8OYp10D0NdLjqrXq270NWVQ2o6BxnpErkPDeITGFEeFqDmecKXCj1SgrTf/NFqgiiWI4Ftge/rrnik1bpbY5Z+4M1MAUCMkVcD+RL768ohdsTxTVtoMcfl5oTH/VqAKXIdB2KL0uxRwekYrY6GdB7kRCNrCk9yrx8GMN+ouQfOZJQIoDymDEvK8PpfzJ4NUv1yFqwxqU3X0U03w0VlhBV6G6CArD3pHmXsEmPTYyXbXtrgQq8fMCoda2vWtxSKTLoLwQ==
+casa.			86400	IN	NSEC	case. NS DS RRSIG NSEC
+casa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QJwvaLEkimZMY/Nq1rvaH+r4u/hYqKcjW+Ll9mzQSo3k76st3pgOCLuNeoNdJZcq0ooQcBrkFkxJsbE9ptsY8iLcM0/9DJO/nDPpyRGrTTyZyETCqNWfTPUM6OYhZCPmG+qlxdACVozSDcQ1XNmgyKbPv6VNKUC3/RmwOSjYotAn6sVptGsaeta+f63a8TLAwJvQEecm7+dAOAXjQk59zP+n1HN3eRTiX+f+9X4Iqe/XmcvopKraeNmv33dbl07GiUE7BVSy3SnSqiIBZMTm3OmQBsD0YUR8E3BxCiIi6fSoX3pHqskoGH2dnNYFc7Fl+10PCNfRJEX8o1suxvwYwg==
+a.nic.casa.		172800	IN	A	37.209.192.10
+a.nic.casa.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.casa.		172800	IN	A	37.209.194.10
+b.nic.casa.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.casa.		172800	IN	A	37.209.196.10
+c.nic.casa.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.casa.		172800	IN	A	156.154.172.82
+x.nic.casa.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.casa.		172800	IN	A	156.154.173.82
+y.nic.casa.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.casa.		172800	IN	A	156.154.174.82
+z.nic.casa.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+case.			172800	IN	NS	a.nic.case.
+case.			172800	IN	NS	b.nic.case.
+case.			172800	IN	NS	c.nic.case.
+case.			172800	IN	NS	d.nic.case.
+case.			86400	IN	DS	5844 7 1 D1AF65D9493FE00BC5BC2DED27B91F870645D559
+case.			86400	IN	DS	5844 7 2 4F478B408DA99CB2D196CD2D61A8872B5D2F5A578FBD25E73F4EC19BC4F58579
+case.			86400	IN	DS	53709 7 1 EB8ABDCDE220029A7DD36547CA1A028C7D23C76A
+case.			86400	IN	DS	53709 7 2 71056E4EA918DC68B82A74E22D56519AE1A26C7CA756B754893CBBC10A0AFFEE
+case.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yexgRMEB4nahhyNv1RyrxQ5j5n3Nlf7BhlNo/1lfQYnmT+sDYzqPKkMOY/EePWYouUGeWJYl8oXQ3hcRafhMZg5AyjwawCI2I2IOBUY+KQJIYZ1hyJ6m+BUEfjwSXr+jA9qpdNFBgX5RbYTduEjvsHjgt3jlIvHBP9tMiSRy0srYcob4patI2oOXIZ47Mz3vn0adA4xFo2hfCMnLsDusQUjDcEPkTq3VRzc22JOmgHf85i37UPq1mgg+QRRFaKyC5mMk4Hhwq7VlIbbp424xcV9EcRsOQahkp3SVfsslyNmWPqRcEHoZJCUpa+K4jT4UcCl7p81mDl121otIzhOjxA==
+case.			86400	IN	NSEC	cash. NS DS RRSIG NSEC
+case.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HUwwNnA3wXLenNleMcRVc5mXtwoNNvKWP0q3hWXQ6PeunYvWfW+84LCGUUXYV5kZYqucj93f/C9jW3ybBcEhaRJm8ZVfqlhJfS/M+M3qA6M72411wEGnLExOIQqv/vDYNu63NldIxSYynZlCB9NPoDbb8Y19wKVg7aBJzCz2ktp3G8zhZtbZcczgeJgvSVw1cPR/BCssvckcbvYJf/fRNzulommcWz46Q7bjRTHV7+thW008dp0HXXS7IV3Qs/8TZcGJW0aNRPVZdVzJyZ+gsoz8zHSL/+xHbfO8MvBBNvQXwdPe28Vzo0mNzx/UtvXHxckirljsoMJ8q2sAIzIfLA==
+a.nic.case.		172800	IN	A	194.169.218.140
+a.nic.case.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:140
+b.nic.case.		172800	IN	A	185.24.64.140
+b.nic.case.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:140
+c.nic.case.		172800	IN	A	212.18.248.140
+c.nic.case.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:140
+d.nic.case.		172800	IN	A	212.18.249.140
+d.nic.case.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:140
+cash.			172800	IN	NS	v0n0.nic.cash.
+cash.			172800	IN	NS	v0n1.nic.cash.
+cash.			172800	IN	NS	v0n2.nic.cash.
+cash.			172800	IN	NS	v0n3.nic.cash.
+cash.			172800	IN	NS	v2n0.nic.cash.
+cash.			172800	IN	NS	v2n1.nic.cash.
+cash.			86400	IN	DS	38860 8 2 8FF5818A6631FE5ED105D1E518DE91A91535A52CF8C0E90BA448F0DC78FDF536
+cash.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nRtyD0DF88jcIC66bDl7hpTRpKgGMO/FKNa2JA7pZgxi8VLgdYs3QRyo/EPMNNiURtQLWLiYRk2bfEemzQGv+7KaisrcUHB+EBjyto9c3MUAK4SWRAuNZ5pLj4W6NiJ18Nu6lLLMYzzIdp1sSc4wStdQd9/gGWLYqTj8U0AqQadrIZP9sqKPUm7EiYIiTuCVAnhEuDb0Nqe62GgttU4wvobLm8BpNFSUuWwea6AuZW+MUa7S4kpFeAx7IwuTIfuanBj6FFkN65ni0SJzo8ohJVU08+liP8Q01VcgmJ9jNARa4vrEKfORup4PwlStQVFUgDEVAP7lNsvwP6yoaZhN8w==
+cash.			86400	IN	NSEC	casino. NS DS RRSIG NSEC
+cash.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F2uc2yrYDDu5z4uD/51njb7qwuU5TjdWXGuS8Wq7T0hy+wujKN8VAafQZ46Vl0yj+fKnc+V1BZDZRnUgs2/qNs3BhMf7hRWrty2+2LpcSuEhjE2C74G/27UMAvql3pcgr1qPScm+Cv3epGehdKcyhSXRMxWUFyJnOWJ581/y6sn90+5KEj8HZ/lNIMZcteouYRQUs1H/TRW7owLO7mVcpwn700LgwPIahzADOClGzlEGK3cUWAWsUsy9YgbVT7Em0nETsl+tIOpCfhPl49v7BUiq+xyb/NE9uofWCyVL0CzWxAqQLg5VNYMacXOS9S/4Hb2uNQRi3SX+rnDZ+28VIQ==
+v0n0.nic.cash.		172800	IN	A	65.22.32.44
+v0n0.nic.cash.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:44
+v0n1.nic.cash.		172800	IN	A	65.22.33.44
+v0n1.nic.cash.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:44
+v0n2.nic.cash.		172800	IN	A	65.22.34.44
+v0n2.nic.cash.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:44
+v0n3.nic.cash.		172800	IN	A	161.232.16.44
+v0n3.nic.cash.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:44
+v2n0.nic.cash.		172800	IN	A	65.22.35.44
+v2n0.nic.cash.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:44
+v2n1.nic.cash.		172800	IN	A	161.232.17.44
+v2n1.nic.cash.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:44
+casino.			172800	IN	NS	v0n0.nic.casino.
+casino.			172800	IN	NS	v0n1.nic.casino.
+casino.			172800	IN	NS	v0n2.nic.casino.
+casino.			172800	IN	NS	v0n3.nic.casino.
+casino.			172800	IN	NS	v2n0.nic.casino.
+casino.			172800	IN	NS	v2n1.nic.casino.
+casino.			86400	IN	DS	50410 8 2 AC39E42D7CD1A4212EC2539A9A9BAC07A8AB840C97823C6205E9264CB1A024EA
+casino.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hkMHpLGvGzAL6Ur2eIMiQXe+SZFqjOReTVoOD31mIBuAwUrGBqjw8DyxfRUrTtObiKUYrd2iHdH3xM8eREgEU8reeV4Rp5d5nQGduQDyuEtqfHgcNh1mWZc5xOoJ4pDBv872ZthelagAWJXtVcDgO1wQIsV3gepDgNTFuw9BP03/KzKja0XSOm/uKa84u67TD6V9xSTpH/PHd4aJ+sK8MtPCue50p3kNzZw6jo3xKqbcPplTLeTJAEQnsPgee3ZOjI7GgXphzgmtkDpeMkwtfs+kVbkK/A0Sz2DIVb7tIjJoQ7b1197FrVmu0Pj7CXEXCZEJpfTUPqsnJqc25cZLiw==
+casino.			86400	IN	NSEC	cat. NS DS RRSIG NSEC
+casino.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Rjp2G+2dCeLEYIRCbJxNyRrY5iMbS9eWD3Zk69vcXMu+xXa0MsN9HwwuIraFMcXbCmvtuS3K8tNpq8dslpmH3YGyOTPYoeO674YlpemAUdhKQRzTNlKN3KZMCJtqTkvY6bPU6/iyW7yQMESuzxnc6+QK9i6PIB45z3BjJIC/LpGr1VqpFk2Ej06xMqsgQ9C9p8UWRJaLQ2WkLDVw1uhJ+B7aLZNWuBeco7R2JYC1JacK3zJnVC0nrg/wa1Evs6Wzr2UmDI1pH/4c2AB5TQzWT7cT1uC5UOzKs7MRTZg1BTS3DY11vSVWoTAbXLyc5BmcNt+F36L//xZ+M9P5L8zvhw==
+v0n0.nic.casino.	172800	IN	A	65.22.20.18
+v0n0.nic.casino.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:18
+v0n1.nic.casino.	172800	IN	A	65.22.21.18
+v0n1.nic.casino.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:18
+v0n2.nic.casino.	172800	IN	A	65.22.22.18
+v0n2.nic.casino.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:18
+v0n3.nic.casino.	172800	IN	A	161.232.10.18
+v0n3.nic.casino.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:18
+v2n0.nic.casino.	172800	IN	A	65.22.23.18
+v2n0.nic.casino.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:18
+v2n1.nic.casino.	172800	IN	A	161.232.11.18
+v2n1.nic.casino.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:18
+cat.			172800	IN	NS	ns.nic.cat.
+cat.			172800	IN	NS	cat.pch.net.
+cat.			172800	IN	NS	ns1.nic.es.
+cat.			172800	IN	NS	nsc.nic.de.
+cat.			172800	IN	NS	anyc1.irondns.net.
+cat.			172800	IN	NS	switch.nic.cat.
+cat.			86400	IN	DS	58737 10 2 4DCE567C12F637D51A755B9585C0C3C4036ABA446261AC994F7F5E91EED4C365
+cat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dkzxtwDryPQLlf+edP8YsptBda7uB0z3Sa0ILTHPQF2zwyJ5v0kH2f0yAWqL3eyEowjlKMW8hOOmk0bMvWEUjOLj6vHJs7WMfR0OiuqMhImbgEYrbWxdNo7ROTBv2lelT5sLCeiqK0bV+M6VzeHYrc+TEfL0swEY7OJfI78KqYYKOPswE9KjGQwcbb7RrPzO9z7Ww/ANRixDmOYOfU+wx7q38ktv6RP75BVMW76ozWIqTu+j1/fILf6+xn5q8fU7IY1cgnGUG4FKEO+Sl/TqTfFAzj0vO8YzIcbBxnsT0yIpMWhb13Ga9r3noaI2eL6ZoiwCYoNy2nIiC0CM4y82bA==
+cat.			86400	IN	NSEC	catering. NS DS RRSIG NSEC
+cat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SJAiPSr+QWOccAwYvjNEyVrZsHi8rWMZAuWigugdY39YYha8aJazaZxK6VqPnjZ65oKyvYlNGFmeH+uiaVVAPRg4SHczGrN68t25v2Y8VIT4VM72PD7N2L3z0zWoovZ41H6bTyHIVrgN9SK/p2eMWmmtOu6t8uNVl5UEp7eDmNopVBlX4YnhC2GuF68NX0b7MZUXDEJ5KkxqypZYPGzRv+niB4rvPeJkVcV1lvkkB0tH6D2tQHV2qbkuW/iKnHrufsD8BIokKF66UBMD/fD8xIjHCua2FGGWIzFsazPxEH8ORMp7KENuPvh2YlMKAoBNDneCzL5oAB7CfKbPrR3bPw==
+ns.nic.cat.		172800	IN	A	84.88.0.162
+ns.nic.cat.		172800	IN	AAAA	2001:40b0:1:3:0:0:0:2
+switch.nic.cat.		172800	IN	A	130.59.31.29
+switch.nic.cat.		172800	IN	AAAA	2001:620:0:ff:0:0:0:2f
+catering.		172800	IN	NS	v0n0.nic.catering.
+catering.		172800	IN	NS	v0n1.nic.catering.
+catering.		172800	IN	NS	v0n2.nic.catering.
+catering.		172800	IN	NS	v0n3.nic.catering.
+catering.		172800	IN	NS	v2n0.nic.catering.
+catering.		172800	IN	NS	v2n1.nic.catering.
+catering.		86400	IN	DS	18272 8 2 10B5ED103AF8ACB750D87840FA7EE1E64F0ACC4ABB62DB629D72CC0E44B4D2EB
+catering.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yL5RgOkyy7XlVUpux6aLnnTgLTuviuSNmQooJwc1oXsivFgTc34+N0jN8+jjA37Foilryy67WKHO+z7n0ugdCjrDw+GmHq5i9QOqXHl5qHYldSAeQoNTnu/3L7KMC5HpBM9nTK6ghv4Vc5lSU1Bj5I3FBt/yrGW6S40pB3HKbvICQ1catqssE/hs2aqLt5q4tfmdFSmgCNJENtW/73kokO5TtTSo+EcxTDaExGgNLs8QyQ7b6jhW/EaX1T7147/lh5Y9SZvLrL1BaAK9dNfcih8knhi2XdAosW72Dsmhyy9ajDbPwpygfNDz/Hr4LhLUQUtnDGqeHyCDDv0VGV0okg==
+catering.		86400	IN	NSEC	catholic. NS DS RRSIG NSEC
+catering.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uQb26W+eOJjqwu81PZF05EqP7wg/hpM6IMAIVHt6XCgvqIYwvlLH0vB+yWokso/ym5FLa01YK8G6JuSoeSUJAuCbT3hb3HLaBg6HNcPmkL/miq5nP1CxEjMYujyzPTAoQe29+jg5CaL6OqdvTgDsnq4wdIXFylDvjWH3PP62oQTELu59ySQKWMbo2ul2FVvbHB4gwhahf6NgQBXDGdT5Oe5cYQvqpeL8eP0ra4ZjUgFKxw+X58htr8h/5BzzzBJUFvGSBgWEPt1dLo3186DFsH/Zw0opNE3yqZh1CBzB1rndY0a9ShYDhWDBetPZC+O82KwhSvMfXZiZ7/HnU6849A==
+v0n0.nic.catering.	172800	IN	A	65.22.32.24
+v0n0.nic.catering.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:24
+v0n1.nic.catering.	172800	IN	A	65.22.33.24
+v0n1.nic.catering.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:24
+v0n2.nic.catering.	172800	IN	A	65.22.34.24
+v0n2.nic.catering.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:24
+v0n3.nic.catering.	172800	IN	A	161.232.16.24
+v0n3.nic.catering.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:24
+v2n0.nic.catering.	172800	IN	A	65.22.35.24
+v2n0.nic.catering.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:24
+v2n1.nic.catering.	172800	IN	A	161.232.17.24
+v2n1.nic.catering.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:24
+catholic.		172800	IN	NS	a.nic.catholic.
+catholic.		172800	IN	NS	b.nic.catholic.
+catholic.		172800	IN	NS	c.nic.catholic.
+catholic.		172800	IN	NS	x.nic.catholic.
+catholic.		172800	IN	NS	y.nic.catholic.
+catholic.		172800	IN	NS	z.nic.catholic.
+catholic.		86400	IN	DS	20539 8 2 433482CE6522917B6F0C77C23765CDD4BDAC8C05FF5012FFEA892CC9DCDB07F8
+catholic.		86400	IN	DS	21967 8 2 A6AAC594F31E65E79E0DCEDE4D0A0B10EAA0F4DB43DD7174FD928E01BD5542A0
+catholic.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eMQZJgGzskg2P0GcnTOjq/8xcYLOfTcUmYnFUgGGEMe7owvb48Y2M/F34Id3bZUhVfrbvL0yF08epWY76K/6gAZ5on/j5CmPg3ss+tqP4LrHxz7XQd398Fci620BU3ritFYLQjGbEbWrFfSheGhdkvYuCyLRkgcrBrdULAN+5ehqunZlo6gxVNdbippk6PTC3mmPYqb8rocdXIZpX8efcNUJPTK93nOmw8mAvFr7p/P05B3QqWk9qQMa/yO4DLLX9Udqq+4l522Q7ltN2horratl0BwB34wMe4buGTxWH8YXma1IWReXFcyRosE26mdvx2TF2TbA0xP37bGelkLWUg==
+catholic.		86400	IN	NSEC	cba. NS DS RRSIG NSEC
+catholic.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wGGbh+JfzjWMRPlOD38Cw9LV1XSgsR+r2bOypCid9lgIVplomECdVOwviyNWEbZf1thePu1N9DDoqJHahniK8wLh3b/1zw5rb0iF7zm/av1Innix1feFxbS6jq5AuAkYKISNbYPOjslTAC+LTzWfH7jaxYyzNmq+zOuRZ7edAO2I89+KkYSwqvWg9JgkdPqMk7iimM3cDAjQiJsvZTsQHEOZPICRaaecIcfWm6JR7EIOctEFMJ28JDbZGg1rL0TJS0yG6gZ2XToRjRbzdyJ+jSn2HnK+mduYgoSQp3GSJomTwINECmRtTsqRJZCRZbbivtLIjjAnLG8QPgJGA8yP8w==
+a.nic.catholic.		172800	IN	A	37.209.192.9
+a.nic.catholic.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.catholic.		172800	IN	A	37.209.194.9
+b.nic.catholic.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.catholic.		172800	IN	A	37.209.196.9
+c.nic.catholic.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.catholic.		172800	IN	A	156.154.172.82
+x.nic.catholic.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.catholic.		172800	IN	A	156.154.173.82
+y.nic.catholic.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.catholic.		172800	IN	A	156.154.174.82
+z.nic.catholic.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+cba.			172800	IN	NS	a.nic.cba.
+cba.			172800	IN	NS	b.nic.cba.
+cba.			172800	IN	NS	c.nic.cba.
+cba.			172800	IN	NS	d.nic.cba.
+cba.			86400	IN	DS	44287 8 2 8CA6ADAEA243428A99943519846FD6F6BD355EC4990533D0569EE0E6075EB863
+cba.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . I8q4jVKhYxGZp1S3xVf7bhW3WzK8lKW5s6sn+LqFdP1SPTYNxXauCnB0oKBbFDh2xRm5LjtalzjOG9bj55+GtlcRlFWcnMFQIRiUfLXeh61w9dXAU98FhN0iJEyNFn8L/t3OU8Cg+ZGdvjdiODtRW5W6cKWfyRAuPEtmnZ3XcKRMoYnDyr1tTv7jgOYu1z8x9e5U+qv7w+nCV9ojm6ijjUs0tzWq/gr2HyoKvY7V2VpreKfUJFia3c4aGrxExphBfWqUFuGnxQAVsiU6Zt8tOZplUaHiQoBP3VOy5lBTUEhhT6hXZE6rjp9ZTVX6kOrmQRxosG5FDer3b5KX5AgeWw==
+cba.			86400	IN	NSEC	cbn. NS DS RRSIG NSEC
+cba.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . K0iivqpk5n8PZSS4E+2hubjWnzJ4m+Z6TYJDf0AAzDYdwTZfhc0GntwzYr4/x4xnhvo/gKJ7dBlhg8/HBm3rQIx4Sh6O61KxAdqN+R3W4y2P7CmSyhMJTPG1SyukM6I1lYTTR61Chc3FzhCeS4otSW9xjLi2AEeHtr4EVKRVnqJjhm0QyOBM8vljskYK7Bd3aR8Hdvu5XnLRJSAl4z820S7GqRdUyyNMLTW2jYkdzTKeIrA/es+OF7otwPzHXm9hz7vLPOori8qpFbu9wVdLidTY7YW+zWqB4FHO9qQr907bV2mg2EoKA9p4k4GwtfwI284xaS1uxkCvW8EY+/8CpQ==
+a.nic.cba.		172800	IN	A	37.209.192.9
+a.nic.cba.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cba.		172800	IN	A	37.209.194.9
+b.nic.cba.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cba.		172800	IN	A	37.209.196.9
+c.nic.cba.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+d.nic.cba.		172800	IN	A	37.209.198.9
+d.nic.cba.		172800	IN	AAAA	2001:dcd:4:0:0:0:0:9
+cbn.			172800	IN	NS	a.nic.cbn.
+cbn.			172800	IN	NS	b.nic.cbn.
+cbn.			172800	IN	NS	c.nic.cbn.
+cbn.			172800	IN	NS	ns1.dns.nic.cbn.
+cbn.			172800	IN	NS	ns2.dns.nic.cbn.
+cbn.			172800	IN	NS	ns3.dns.nic.cbn.
+cbn.			86400	IN	DS	38299 8 2 1907C6C2996FC1DF2198492F294525824C6321AE8A891284B0BC74EFC2083538
+cbn.			86400	IN	DS	53419 8 2 030DE643AAAF4C8F1D7D61A6D3E89EB48ED654916C60C670B72A083F43C48312
+cbn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cCl7E0e/HXRmTp2s0Vz/ZTh91jKfSfBRS/KO0RM2i4oB6CFakbueXJkvWAgoRC3NRJ3YiIh1E3w45qV9TyamoYhnFjTH4OjIg3gqzA3c+UOSQWvP/mXGcEkKKc8jKwSRqSXy8ahfvRs6MQFSCvwGdwQzGjfQAuhOK/KwbccEKzzY33IXvvtu4eVZDfus3moF9HlEzrVqR/yVGHUltW0mxO72fmAYuSbyqDLS59xMnQvB1rJEiE1C07CiGnS84YbKu7+1zIo/mSnO4cXo3cpKub2KRYKUol8t1+CZKQTEZ3pb/+R0AGWF/h0vTwKyFDmvKxCiuv+a2ARwwQRarTLuJA==
+cbn.			86400	IN	NSEC	cbre. NS DS RRSIG NSEC
+cbn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . McF01sUpnu1NfB04/la1aD54V+gafiMxraodJYhbVgvFnxJRrwlhlUNg2SRbu1enVOC5bVfW1p6XjdfBKvN4G1gCIP2TPOS1WFlbdhttmIvXD3cJyekXjlLbT4v9XBv8kkQrOdPPMVEpmGc781mxZpvdzH3G7tdtwTt9+eSvIwwn2TZWviztnIlKgX0K/J3VU1S40aecUK5pUhGzjkA/wA6tbDJ2iGaltEVo5S4uFKA3r3tjrrXLw0LTMVjcDgy+QYKTCsqvxspr1a8rhE9SIhQEO9zbZhT/JqTmCHRxW2eUB2wRhwvZEPvsiCYzFEb2yEiXLNuj7HHUuPndZmI70w==
+a.nic.cbn.		172800	IN	A	37.209.192.9
+a.nic.cbn.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cbn.		172800	IN	A	37.209.194.9
+b.nic.cbn.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cbn.		172800	IN	A	37.209.196.9
+c.nic.cbn.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.cbn.	172800	IN	A	156.154.144.35
+ns1.dns.nic.cbn.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:23
+ns2.dns.nic.cbn.	172800	IN	A	156.154.145.35
+ns2.dns.nic.cbn.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:23
+ns3.dns.nic.cbn.	172800	IN	A	156.154.159.35
+ns3.dns.nic.cbn.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:23
+cbre.			172800	IN	NS	a.nic.cbre.
+cbre.			172800	IN	NS	b.nic.cbre.
+cbre.			172800	IN	NS	c.nic.cbre.
+cbre.			172800	IN	NS	ns1.dns.nic.cbre.
+cbre.			172800	IN	NS	ns2.dns.nic.cbre.
+cbre.			172800	IN	NS	ns3.dns.nic.cbre.
+cbre.			86400	IN	DS	29824 8 2 1E62D3EA2EC98F8360413E0291EE4A9F51870C43A37CC027317FBA746FDE3FE2
+cbre.			86400	IN	DS	46225 8 2 F737A4FD2C347F5F1D4E4DF8F4977BA169F28829557FBC8C477051C041268FCC
+cbre.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f9pn+XammVp0mKcmf+madPjWWUq5KESiSgqNUCNNkOej/sruqR2uDhYZeJOhUCELOGKmyRavhY3wR/4581ylRqJS/ELbUnvfKUWUl9ulrVczz15gRF2F7N/R/CyTAGXtjPkWTM3DES/v3yf42awgT0YovW+kg4qqws8AHUXqYWaGJEwcda58zUISE172JDrTOkAq6MV/XFq2Pywv/DbODeN82tU0LC8oGCBZhghPZoH6LedSZnSspBxu5Eqneopqgety1UpuKIyPEIzvJI8BrRGI963l6oP+q7Jyu3klsqrq5d2+rUahIE5T3xy68vGua58FERfSZxBqUhSR5p++FA==
+cbre.			86400	IN	NSEC	cc. NS DS RRSIG NSEC
+cbre.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uZCkN7MjdmVwpRugWniBeq78QzpmtpOAZMI0EwgdimAIjFzcZ5U7lm05557kV2INF2l7FxbO/aJvT4IlDh3QHSQIXos5kBNb2podzI8kQsBcYKENxYhIbuwDmYw1I+h9yzazFJ7ThBrMRIS2UCBaCqDvoVzR4T0JzXh6/mSYVi6qvDFqsJpzMytSsz+X8Lh+0SCFsA+i2zYUETW92ADaWjuMxV+jzVTEnSh3c6z3iSWGxucaAEH5MirsYOQNoU0OnTPHHAp88KAqLUz/3BYHJyvddGv4Wg7/IzwpUNdkHe3CNS4cV05QhiEIc2JhwiMyRsXRCVx9PayIBXna4bJ2FA==
+a.nic.cbre.		172800	IN	A	37.209.192.9
+a.nic.cbre.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cbre.		172800	IN	A	37.209.194.9
+b.nic.cbre.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cbre.		172800	IN	A	37.209.196.9
+c.nic.cbre.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.cbre.	172800	IN	A	156.154.144.36
+ns1.dns.nic.cbre.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:24
+ns2.dns.nic.cbre.	172800	IN	A	156.154.145.36
+ns2.dns.nic.cbre.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:24
+ns3.dns.nic.cbre.	172800	IN	A	156.154.159.36
+ns3.dns.nic.cbre.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:24
+cc.			172800	IN	NS	ac1.nstld.com.
+cc.			172800	IN	NS	ac2.nstld.com.
+cc.			172800	IN	NS	ac3.nstld.com.
+cc.			172800	IN	NS	ac4.nstld.com.
+cc.			86400	IN	DS	519 8 2 E1EC6495ABD34562E6F433DEE201E6C6A52CB10AF69C04D675DA692D2D566897
+cc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x/jq7lMTAaeTnGSM/K5jOVcSFruFw1E2SACxFMmzVgGMAVrQFH58vaNT6LtGW92kL2Aw7OR7jgE6huWr8C+i1vF1TpO7/yhR4Jw50NcLRoZTnYQC/MWAYc+satPlUJxpllhhYvj1T95IPsTtelygm3sJKnlHXsgQ6neKNMf357ECmNuqSbBrTMH9BM6DTfzM8ssBlkgOeJW4cnWzfGqWDdXX9voUbu03KvMEcBbOtB4JYMKPFyHP9LGUBd3JCxMbTIWs5xRd4oc9MpQPpH0UIX72dabMkPX7nv0cBDflVYM432QGzq+3/rj/MoQYmj+4es+N17SPeuqclW1Q6z0j3Q==
+cc.			86400	IN	NSEC	cd. NS DS RRSIG NSEC
+cc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aXAc8GrNsEWublkEI16cSqFtqoQFqprProcygsJ8dGiUX+NA65+LepnqKpROTZScbZUMZJXzTpoQ4Kx4LXYMVlNHGZsvRKXHMV6DdPNulX7zoPgZ09i1PL08AziaqhSznLn1JKVa8Q+m6x2UiG44ysxaP69Sq0j63vsrtRBTw4zJz2aBHRrApyO6liSh/9k9GdhWC/MhIFDUbM3Y+DYXmBsVkhftijSfXKiOu4fVN5g6qBgJ8PwP56qOpOn6cgTpyowNZVnYomQ1dlfoJ9FhjSWh7vywBOhrStWXja8EC44ZkeaIu8QuYQ//VxlD2rn/2OVm2MJJ9X1b2+vn6CBifw==
+cd.			172800	IN	NS	ns-root-21.scpt-network.net.
+cd.			172800	IN	NS	ns-root-22.scpt-network.net.
+cd.			172800	IN	NS	ns-root-23.scpt-network.net.
+cd.			86400	IN	NSEC	center. NS RRSIG NSEC
+cd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dN1R25gNRaM95qFpCbVNpBpmKCLxHDCIU0iFvHCNdm1s/YzmTIKcQCuLNt6XfXdW6as0s6uGGVgxaqGINQoAto47eTGr9N4+8B9uIXnEu0taDR0L5EpgegZ2CRNThNRv4MhrJ4VvTVbjVtu1U4WhF/GafgsrxpAQcJanMftPTLI9yMdkfCgIk/jDR2NFgxTUlYR932CpXh/ftc9iBCcxxWYHy/FuhTdk1hlpd916uml6XQ7nbMZ+Zd+fpH19eByjWeuFFLCnD6I3w8imCJ5UlRGjin411edr882skoAmDU2VGoXSss26UDVlKZUjmLtcWf2qn75bV4wFAF+eQ4gYwQ==
+center.			172800	IN	NS	v0n0.nic.center.
+center.			172800	IN	NS	v0n1.nic.center.
+center.			172800	IN	NS	v0n2.nic.center.
+center.			172800	IN	NS	v0n3.nic.center.
+center.			172800	IN	NS	v2n0.nic.center.
+center.			172800	IN	NS	v2n1.nic.center.
+center.			86400	IN	DS	44842 8 2 878CABEBA9FD175F4D525664473452CFF09B626D60754B0D49B8F81AEF73C9C3
+center.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z/H0G7uW0ADCAIso/BRXzUD4Wrqp3TfHKdtU+52j6Az7iJHNtrli2xHgG0KBTyN0VZ/+YKl1+32PJ337stRzapAD4jkz9hg2pvp9Eg7PB5DwW1IafEanDtF/Ri5b89xXXzbU8xCYiOoQIFOryVea1V8kKCP6yRdz6yTLLkxT7gLXm96emoGfuahRsLFqn+xlKff+tVf30NnjUJC3AJVMhL3oTqQ5HZVt/3lvA2onyTO9gWHxui6oU6w9F/D8dytDVc/Nl6ABqKsYpwnCd2VhmLrRSKJ0vINyxe46BhkvBw3fBSzAfoac+LLE3dk8p+daOYZpvyBjcnSN+MT2P8UcfQ==
+center.			86400	IN	NSEC	ceo. NS DS RRSIG NSEC
+center.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AmWOvOwtkIOPzsruLMXLIaklBopMTBWP81bPi2hnOOeaBvd29PwqMvrUELlgX3fQNceSZNI/06DgOs5GewSiw7oogz5rZ1Yi9+kjwETf2arREUJZ5PCWHoRFn8m+9rhJYM1fR2FqdJOd02490s+FmhduPwF5yxIlEUaG1StR98YbELv2N3N80T8FUucIK7P/zGJH4+GLBkq01Nf1TguoyqqPDxPwS3aIYTdT64rLQWUdBZSYPx73b7qXhZ2yS73x3yamUlS0POzrgX2PzTsoaxkzp3x7b8ntd+TyVlxPHRcFEi+YNlt+J4v4AU/JAYoXZg3tSGt0PV8IE671lItm3g==
+v0n0.nic.center.	172800	IN	A	65.22.28.4
+v0n0.nic.center.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:4
+v0n1.nic.center.	172800	IN	A	65.22.29.4
+v0n1.nic.center.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:4
+v0n2.nic.center.	172800	IN	A	65.22.30.4
+v0n2.nic.center.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:4
+v0n3.nic.center.	172800	IN	A	161.232.14.4
+v0n3.nic.center.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:4
+v2n0.nic.center.	172800	IN	A	65.22.31.4
+v2n0.nic.center.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:4
+v2n1.nic.center.	172800	IN	A	161.232.15.4
+v2n1.nic.center.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:4
+ceo.			172800	IN	NS	a.nic.ceo.
+ceo.			172800	IN	NS	b.nic.ceo.
+ceo.			172800	IN	NS	c.nic.ceo.
+ceo.			172800	IN	NS	d.nic.ceo.
+ceo.			86400	IN	DS	20929 8 1 BF13ED10CE2850F7C686261F06DA97A0E5EB78A6
+ceo.			86400	IN	DS	20929 8 2 DCE04F950578106C1C5F8386DB709467091C961227606F0A761C7A0E10E2DDC7
+ceo.			86400	IN	DS	47971 8 1 C1D4B59F029DBFCC32C1B3524EE5F5B87735EA60
+ceo.			86400	IN	DS	47971 8 2 CA81C48A6831FD48D45CAF9A0DEB74D0E8B8F217CDD05CFD7090C1F926219AEA
+ceo.			86400	IN	DS	63689 8 1 DB7A8F6AADCEE147D241A9778857E94707234D4E
+ceo.			86400	IN	DS	63689 8 2 F2AB788C2802C3F219D53F37E7E1687ECF2E453E04BC5ABCC0B444FC0E35B1EE
+ceo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vem3qzLMcs7Vv8J50j6VSXPIrpLlz89plxyFGeTcjB5sMuUCgvMMnoFmyODSiRuLRUBlc5gxFGeSzju9zoX7sPXXtqTduQ25L4GwQnPJq0FWaDqOqvTPqhUnBTGBIEE/ZSaKwaIUPsFu5jgKdt5JUI8R78xrbieD6iGbvYpMtmQkLTaKkg4BQgu62WeYgtOpISUtKI4unnsop6ZWiPQpUlcPiotI9pfk47Au7SYSIPaLc07QescI4i82ZrGaMpE6gNxIRJB10gmxAX/zGx4mAakg0zTCIICg0uuMTO+f18WXGkPuHrCEw6GX6sQ5uHE9873arKlsHUZ1G8ZajPGoaw==
+ceo.			86400	IN	NSEC	cern. NS DS RRSIG NSEC
+ceo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rJCXVjRCUnrJ4raN3XTARb5XMfyga/f0BHkMce21hye4DkpZ3TUnKr4fcANVU78ld8DCMnTqKdEoo0epdA04a62+25PVSXapAScVa/MCqrnIicJHBCQqCaQ89JKVVL4YmeJKGdczzkd6pZjJ7h3sMedksxQ21717hbHgODAvVeAXCnCZbvkxZ+1SI4YhLPEJRUroKvnXK8OvOBE1YWED7e2FrnPH181E5JHB1Bqb8ilvdGdXrHYOKGpW3Z/5y5S7uYh32jL0U3nJsAWytOyFTJA+OMYxRMP+mb7Wfdk8I4yUiohDuA/8dt++lfBvv4KSFN6/sV3t0FOwemXIP6bJZw==
+a.nic.ceo.		172800	IN	A	194.169.218.78
+a.nic.ceo.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:78
+b.nic.ceo.		172800	IN	A	185.24.64.78
+b.nic.ceo.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:78
+c.nic.ceo.		172800	IN	A	212.18.248.78
+c.nic.ceo.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:78
+d.nic.ceo.		172800	IN	A	212.18.249.78
+d.nic.ceo.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:78
+cern.			172800	IN	NS	a0.nic.cern.
+cern.			172800	IN	NS	a2.nic.cern.
+cern.			172800	IN	NS	b0.nic.cern.
+cern.			172800	IN	NS	c0.nic.cern.
+cern.			86400	IN	DS	20371 8 2 5A48EAB25C4CF4978949D677C182876C48A6C5B7E2282926A954E8E9C8BEC393
+cern.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QAWkVxvK8Xjr2EugcwpFGq/LiDqj5tSIWwmHtkCp2/r2xNMUQ3DbtYDLTYu2yizBesFx0R7/gGwleTQTqMeNRZROBmEU0HVPg1qbHzqoAVRuvqaoQspB0rsblmU70gNOQEzLQk5O1k3+WzJE8u/8GfFQf7yMksuNyxxeIYGMal1vQlR5/ImHvnIjHTnZWY06KAhpPODnaI3Bs2Deg2QaLENTDCaotaV75qxcBUp2sDugA3+k/AB0T/JNHDXGNXeiayUz+Dd5YF8yAdLpw/VlujeY9//CZLtbR6RBTGInz9Dj9DSaLl1aMOOqld+FWcjH1FJptWXBKMsNIrXGzWMAMg==
+cern.			86400	IN	NSEC	cf. NS DS RRSIG NSEC
+cern.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hVfubWRvlSvvNb0e0rSWwLXAOi6HTm80Jf5/vLUvjyIGtN8JXRz/N8NX/lD4NgxzMAnyHnbF0bbfm3HmYZBz6EdTI4GxN4LJhoNCNuNl95tFY5ggcevOst69xREF7aeSaPo5sEXhtFSmpDfeyi7dMocjge1jurPE39k5zozVeTl1sLVNjtVYAQnjZYlX7dS8CRWIEdArmxHcBbB1NYu1OB2jWsMZHFRURCki3BMLupgQ898zst+EB6szly7tcEbKbYR6okV056+Xeu9GpC8DLac+eVPdDZWyg5JrKFY0LNBKw1eQdzVkPC8Rtc6AFvJUrytWgJza55ePciqkUgNmLw==
+a0.nic.cern.		172800	IN	A	65.22.224.1
+a0.nic.cern.		172800	IN	AAAA	2a01:8840:da:0:0:0:0:1
+a2.nic.cern.		172800	IN	A	65.22.227.1
+a2.nic.cern.		172800	IN	AAAA	2a01:8840:dd:0:0:0:0:1
+b0.nic.cern.		172800	IN	A	65.22.225.1
+b0.nic.cern.		172800	IN	AAAA	2a01:8840:db:0:0:0:0:1
+c0.nic.cern.		172800	IN	A	65.22.226.1
+c0.nic.cern.		172800	IN	AAAA	2a01:8840:dc:0:0:0:0:1
+cf.			172800	IN	NS	a.ns.cf.
+cf.			172800	IN	NS	b.ns.cf.
+cf.			172800	IN	NS	c.ns.cf.
+cf.			172800	IN	NS	d.ns.cf.
+cf.			86400	IN	NSEC	cfa. NS RRSIG NSEC
+cf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NLg0gOwOGBN6cX6/sd0cgHEs2CZvdASyrLcBP7xq1oc9p5V1NVau2+Ptc5dEEdK5KbsvZSZH3SepfQ6U5rP4sBv+x2I10bDa5K/5eeDWA9c6qqNeUgMvCex6sfkBMyxEqFeItcMg9tY925NJJa5rtQOEw7PDm+nYrpY7DnahEnPJ6HbYrGApBqUJ3n9LgBsi0q52s6hNv1LKbNjFoZTHWN5AQhgmyo+wOTfSss0xaf2imWGkncaPJMmVuBnC5OBRrMUDd79L524SWKG9Bmoyv239OvkNdgHlFwV2S/pfW4RcnSMFHXhdt0DiDjj4pjEOAo8HkA21AA17W1no4xytTg==
+a.ns.cf.		172800	IN	A	185.21.168.17
+a.ns.cf.		172800	IN	AAAA	2a04:1b00:4:0:0:0:0:1
+b.ns.cf.		172800	IN	A	185.21.169.17
+b.ns.cf.		172800	IN	AAAA	2a04:1b00:5:0:0:0:0:1
+c.ns.cf.		172800	IN	A	185.21.170.17
+c.ns.cf.		172800	IN	AAAA	2a04:1b00:6:0:0:0:0:1
+d.ns.cf.		172800	IN	A	185.21.171.17
+d.ns.cf.		172800	IN	AAAA	2a04:1b00:7:0:0:0:0:1
+cfa.			172800	IN	NS	ac1.nstld.com.
+cfa.			172800	IN	NS	ac2.nstld.com.
+cfa.			172800	IN	NS	ac3.nstld.com.
+cfa.			172800	IN	NS	ac4.nstld.com.
+cfa.			86400	IN	DS	53505 8 2 AFC328685D96EA41036F4563042DB2D7485C8AD9C790BD22111ABD414BCAFD17
+cfa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NbpJ6eOwpbEShLtfOgznzptv2LfDy5caZWKan2gcKB1HX17sU4X3s/N1Z/YbGpRZnFUwsaYqXzqZ0VmuPsQnNC8jA1SyO0J5KRrrYSyYB4/rLJUR2EegdxeSPqRODuFUgazbA1esneigV45SKFxkCo/70xFf0EHWr1DaKf+67EALZhAU2ca7N3BAGOdrpqFiP7AOzRFpwW8GQcZ48VLWoeBGwnzIY1DxB99+m2m9mM7ryCiSGiBKF2h/x4E7zXjkmcA8fedb1c91Xw4Bdjd5v+OW3mswBGt94qrbUReE4/TPzrGqFx2+eBlQxmHQF3DD2LN9ZwOTpwsklpeHamsEkw==
+cfa.			86400	IN	NSEC	cfd. NS DS RRSIG NSEC
+cfa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EWIgFJiOMK5svG7Vd3dsITXz49gk7mXnW+e2PubqXjzEdSc8XKp4Sz4v3EfQgB73YE3ot9jXHDuF5l3qglf948GpnA+bqS3qcJcdI364YSvN2zU/4whgE9KOMOLq22lkcPgpNyjFtCRFI8BFEFqLv+WjzP+h/Nq98Pho8+OPGD/x61G1htqJNQT61Lh0z45N19Rfr9j6Oia+VYAqsyVxKFXVmFjhgbMmLd1x/Isp33T9biZghaZ3m7nCN2wcd6bmxFmlkEmMTzNPVCJug2IM8yhpIXr97m4suOxSPjU94AwaDhtlyC8ivU6T0nybTXyD1R0h2cmrjdUheNoaJwMKRw==
+cfd.			172800	IN	NS	a.nic.cfd.
+cfd.			172800	IN	NS	b.nic.cfd.
+cfd.			172800	IN	NS	c.nic.cfd.
+cfd.			172800	IN	NS	d.nic.cfd.
+cfd.			86400	IN	DS	10525 8 2 42FD41D6533AC785EF64CF9BD36B16463C5A161DA2AF25EC08C114B40E82F2D8
+cfd.			86400	IN	DS	27333 8 2 63F199E72594324007D15C0B77B25F4C643E07F0064EAADF08341287856571AA
+cfd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . suZCYJXvSXQ6nPpTYhr12f84ylygkkfTdS8d7gPvwKbxIrqVKK6a6Ezw04ww9G8Z4SnEosQ3lohDuYApNpcouSEEKd7SkCvIafiby0yJmCp7Rye7LnC0O8X/DEtCpnaB5b8RO1W4fV+SSFGUGr6P+g/FUBh7BF/3/7j/MCgHuN2hR147RcltsKXzv5C1Sr/WEGLinUN9Sk492tAuclwmsOLe9vcmX1K4J5U83iE/Z+eCzZE176IyvmjyfKSrkv8KBkMgnQ5xvh1ShccRr6cr5ZO7DWsiIVNy2zYHdBjSCLf0wcvSWM6l7HpkwP9Pf7U/zP4ggngLtdKOnP2Hm5Hbdg==
+cfd.			86400	IN	NSEC	cg. NS DS RRSIG NSEC
+cfd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GQ8hxl6PAYvgpdL5Mao82LDbVWWZZ1qdxTXgXlfW9/t7s4aS3dT70oWz5POsIi8FUNsXatPfNj8tYatLt6khUjCd3nhKGvKiVpztWmjB2zgo0sCyyR/srNlFu2zGAzzDgVFqP7/vvgovVlXqExjdUk94m+R1bTFFuOPQPD/3IepXCtCZEwRJWDfI40rHEEikhgvalQl1DnIFUfue3rEleHlHN2dOHzwCtEQNpTTwlUpoEN0pISJ0WCmLt/+xyKYPD3sqO/ACm5F5oAB2xNoenhd2aXs3T1rDZY1+MerK77raNtNbcgriBwLia08a8uXjKLEWGNQsYrJW9CQiXzdEbw==
+a.nic.cfd.		172800	IN	A	194.169.218.122
+a.nic.cfd.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:122
+b.nic.cfd.		172800	IN	A	185.24.64.122
+b.nic.cfd.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:122
+c.nic.cfd.		172800	IN	A	212.18.248.122
+c.nic.cfd.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:122
+d.nic.cfd.		172800	IN	A	212.18.249.122
+d.nic.cfd.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:122
+cg.			172800	IN	NS	sunic.sunet.se.
+cg.			172800	IN	NS	dns-fr.dnsafrica.net.
+cg.			172800	IN	NS	dns-za.dnsafrica.net.
+cg.			86400	IN	NSEC	ch. NS RRSIG NSEC
+cg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J1XyvO4qEI9U0rOu8WsS4gV0LCKBM+INTCFvOwX8hqZhPrDkm+ozQQX44rxb0/B+ifFBL0V98OQadXaBuX//whWWYSd4RiL4O2PiOIjfhZBWiw5Dpqa41TwSQsng7RDXqGxaD/dusz7gWkpV8FM23gub8qpR7obIUweyrsmFbt3pc5yyacceHFjykzl2Z/fuyZnBArrs61ZhS0nPG2g7o9lhKp49VWxR/NwFvAls9G9ObPZ/mWTCpUWDpPF98sHbcE48XcT9Ejhbx/25FmQiodK/sMBe9ArvHdq5qrOaS1N74eLDcJmSCA2x5rcvmT+aXgUSAzX5GAZtnPukUF8cCw==
+ch.			172800	IN	NS	a.nic.ch.
+ch.			172800	IN	NS	b.nic.ch.
+ch.			172800	IN	NS	d.nic.ch.
+ch.			172800	IN	NS	e.nic.ch.
+ch.			172800	IN	NS	f.nic.ch.
+ch.			86400	IN	DS	10 13 2 0E175543A74D9083EA977BAB2BEE98A771995F80982FB796B2B0B9CC6413D1A6
+ch.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . q0N+CvCktVZJsLUNngRGkAvfaVe1zi/yTk2fUywLBETSju7RVlpI6AlpCQbP0aulpCgaoE3dOplyWBtpwhi93UUQoe6qMQIvVrCG+sQ41l7SSagS/6FfYh4NAwN3Bb3nxaN82sYKw9Lb1DQpRmlwzbJmLh5e5J2uIJ1OmyuTSsH01b1JmrWDBJn4qph0F8BYdO0E+QspRcyRv+97VtveOMo9sXKYa6+p/eMQD8AGyNBmPPhmf3qqvRfC93GNY0m6mP/BQyWWQjTl6Q2+AqjrqXPzkGu1FS80XI0eFrLNgKuxOUDN3z8ObyvcoKtVXWhJCPSTLYawqX46hb8oO3HKDw==
+ch.			86400	IN	NSEC	chanel. NS DS RRSIG NSEC
+ch.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o1wH08OjV+BG/P+COUecr9pqRU+mXC084VpTLNgNSlgD8DMtK5lEv8dov0imGR7XtgLesA9M4nxMNAxpP0veDdNtLKJvuNuFTFroruX5ZiqzsUtQU9Vd7jqt/7CpmIxjsFluMekosavs0VFkgfDzye58MTHESyLEMA4U8z+RhEiSfQsp0UMfgvwBtoP00YjeAIdrvDiqjSEFHWU30R958+GFa10IZ5O+I9f5/jPmCd2uCjHkuDa4bhh0It5eX/0zdCg0rcg68OLPpG/R/NDCNYx5YOaJCIlu/9K1fleUWKhfNaCthHv9k2yvp7v351EreXqXeMkJWEEhwQ+BkfBSLw==
+ns.itu.ch.		172800	IN	A	156.106.192.121
+ns.itu.ch.		172800	IN	AAAA	2a00:7580:60:2141:0:0:0:10
+a.nic.ch.		172800	IN	A	130.59.31.41
+a.nic.ch.		172800	IN	AAAA	2001:620:0:ff:0:0:0:56
+b.nic.ch.		172800	IN	A	130.59.31.43
+b.nic.ch.		172800	IN	AAAA	2001:620:0:ff:0:0:0:58
+d.nic.ch.		172800	IN	A	194.0.25.39
+d.nic.ch.		172800	IN	AAAA	2001:678:20:0:0:0:0:39
+e.nic.ch.		172800	IN	A	194.0.17.1
+e.nic.ch.		172800	IN	AAAA	2001:678:3:0:0:0:0:1
+f.nic.ch.		172800	IN	A	194.146.106.10
+f.nic.ch.		172800	IN	AAAA	2001:67c:1010:2:0:0:0:53
+chanel.			172800	IN	NS	a0.nic.chanel.
+chanel.			172800	IN	NS	a2.nic.chanel.
+chanel.			172800	IN	NS	b0.nic.chanel.
+chanel.			172800	IN	NS	c0.nic.chanel.
+chanel.			86400	IN	DS	23974 8 2 DE196611E08D7B8A34A9248763C03EF9AECC8C617FEF0B60662964711CD5E24B
+chanel.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZK27UPTszGwbgVb4q48w35eLd+nKzOjzxXXvc4f6Tsy0uGUJPd4QjDHUtuFyheBPqhkuXfnmNmvPHGcq+Fy2GKJXqY473mnIqQg+89Z09TIJ0KP7ANtTjH19uzDLovn320GLlQ8PpGRI90Rd+7uOv8nls5iJVw2OFCWzqXpRdL4dipBVdJpZXDJ34JVnA+SXLkh4aDKKuCpxS8bjnlnDLwHxHFM5mOnPUB9+at1/EstlzFVq7PrY/JOHszVv457glzZjlFVtZRm2o3y0Ak6CFdYlpNA1JERS5s4CTAQo+8B4Z3r2tY4WbY0z0/REOJJbDyvMrPhkDxSeoIN72mp2Hw==
+chanel.			86400	IN	NSEC	channel. NS DS RRSIG NSEC
+chanel.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jbCVS7Nd68Sz1mYD7N+DqgYyP5aZYM/Ut/N7NvOcHqyY6ijTPxzFy7/S+D7zq7grMGfJFcJrVV8EZoD/+87u4LWTx+N45iG7sRLwiy7FmmhR5N5Oegdl1+scjX1vOYj9OOAGIfYMCzHYEppdH4QdAzyOEyUeA1zUp1LMIpPinZz7saSAbjiUE6L0g9MiMe57m7909kpEmr7Alh3xiVFCKxFVkDmxI0ZNuPlqfga/YGdUlrOnNgzPCuKxjBCiDzL8hJ9kptmL7leD8xOMuQLwG+U9vYaNlwNoMVRKrIdiEwSldrGkk24x/k3WMQk37/iMr67f40VOYKZNoOPBeh6Pwg==
+a0.nic.chanel.		172800	IN	A	65.22.112.47
+a0.nic.chanel.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:47
+a2.nic.chanel.		172800	IN	A	65.22.115.47
+a2.nic.chanel.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:47
+b0.nic.chanel.		172800	IN	A	65.22.113.47
+b0.nic.chanel.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:47
+c0.nic.chanel.		172800	IN	A	65.22.114.47
+c0.nic.chanel.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:47
+channel.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+channel.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+channel.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+channel.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+channel.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+channel.		86400	IN	DS	37051 8 2 AD6600649AD83F822CEEA5731EA43CB0C560636908219FE59BC5B0D0E5757840
+channel.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wUZdtbv42JXAPAdWgzn6HtOCRF9FrjF12q9MP2Gv851lvfO7MvN83Nqv0CKcP43nwOil3vLwhWreXJIpD+okK285fleKWYDL2r3JaHSoCxF4SjZa8r92f8T9tsUnmQ6Fov3mDcCeJ4OqbtaCUCFvbXIhHSUYLrsFy50DPKyYsMWtsmjIFVism1uDakOgf3BZxAiWm6la1MZhmNU1y7mB+2aHV7brVx4J/DYZWi4XF6zUg0JTufyIEMppVoSF2LV1XXQeSll/S912C/CPVdNfH91iBUEtZ2NEI3BGFVpeMrudPYmRwSKhLQcUKahFi2Fp1hNKpLA3cbhKlBpl+8OaUw==
+channel.		86400	IN	NSEC	charity. NS DS RRSIG NSEC
+channel.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nD8H6FtdWBNtYanDO6KwF7vH2iUINisa8yOvBObGHaowqlvntYnNimhJWKFWiq9cMeX5pPvIx+Wt4BBQqDzIyW22qGywAOM17+oYmsGYZ1z8wh3jdg0Q6cfJ/YCq1MP9zkEm4QLFq5DHqa/y0RY1Du3Xxv+On/3zO+66ej4PbYdRmYUpM/Bm+3L2bRhGcFQQSI9Vh7p8l3g41Grhjc7+DUkyYAqeWJlnSeFMnjr2Fv2nG7xNHkYtNx3dYAhRXfwqoDh8JXTy33ZsjRyxHGDMrTlSvYIqPM4OCVRPVUEJvPf+SIFdzLsPBGMWC8ZUqXnBPoGoPUrEMy96vTekzfyPdw==
+charity.		172800	IN	NS	v0n0.nic.charity.
+charity.		172800	IN	NS	v0n1.nic.charity.
+charity.		172800	IN	NS	v0n2.nic.charity.
+charity.		172800	IN	NS	v0n3.nic.charity.
+charity.		172800	IN	NS	v2n0.nic.charity.
+charity.		172800	IN	NS	v2n1.nic.charity.
+charity.		86400	IN	DS	52489 8 2 FA42C0A07830A438C791E59D07B39121B72564A6B0AF5EB4F2235E5D16D656F7
+charity.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Rth/mGjcEcyTrs3H7cR+IFIMHKdr8MLG4G6dmHZkLHs/fq5MpRI01e/ikTdKkQ3Pb98IyrClMRcOo0ZaOv3saNLU01/KWc50SNySwscYArbxFZpl6Y0tnI82A3Q7LyvbHJTLwY4MTq3mInFUpch/xjvTOgjyNBPsTaiAEF2MW6Mu1h6rrCs0+BCXHQrmnqK70LGuiscQAtKkv8FROLT7rPsJUorFvHeG7XpShHikkOaM5y14iJYtWN9Fhd578jx7HtyoDpIZWPW9k9TrjVgUSKzgAMI1M6OBg4cM5cXQN3EmoVSu73LUhN8oXL7Ip2u3j9tfVSKqNddj2aB+4+OP6g==
+charity.		86400	IN	NSEC	chase. NS DS RRSIG NSEC
+charity.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MVTKZ9ExnBBeJsa6ftDwpg2lpcXG+opams7JJJFbfJsDzhtQDyOd0Kg6YaKSQRVLmiTHBFWqsJacWgqdiB0WugwxGVIjwV1h6nfbz66aivY6r1jpX7/f2bID/KQXmzNcpoA4LBX2xl7cKlOrFmZ/Ku1tjnNEW1O+hAoAf8Wiaa5o9vAeJxG20Sw04KNdl8DMFxvMBGOy+vaiXYCdrEUa7HDPkIq16EJDTxN5TO5bOS7siy8f+3sm0iYk5r9V//0rsQYkfoWRfZwI+aMcasqCIxouDsRfUeHsHOcuKSlL71cB1NwO01E+hSyMt9vehJahDnN/yG5abtRDg3JDC+qFtA==
+v0n0.nic.charity.	172800	IN	A	65.22.20.61
+v0n0.nic.charity.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:61
+v0n1.nic.charity.	172800	IN	A	65.22.21.61
+v0n1.nic.charity.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:61
+v0n2.nic.charity.	172800	IN	A	65.22.22.61
+v0n2.nic.charity.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:61
+v0n3.nic.charity.	172800	IN	A	161.232.10.61
+v0n3.nic.charity.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:61
+v2n0.nic.charity.	172800	IN	A	65.22.23.61
+v2n0.nic.charity.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:61
+v2n1.nic.charity.	172800	IN	A	161.232.11.61
+v2n1.nic.charity.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:61
+chase.			172800	IN	NS	a.nic.chase.
+chase.			172800	IN	NS	b.nic.chase.
+chase.			172800	IN	NS	c.nic.chase.
+chase.			172800	IN	NS	ns4.dns.nic.chase.
+chase.			172800	IN	NS	ns5.dns.nic.chase.
+chase.			172800	IN	NS	ns6.dns.nic.chase.
+chase.			86400	IN	DS	35866 8 2 618F99E685339CF7C8AFAC24EC3C9A7EAA56B41F622D34F23AF944B83BE839AF
+chase.			86400	IN	DS	38962 8 2 7E231DFE930CAA42C760D3298C2F9B4B4F22AADC5A0FE6C7784E4E2177A0E317
+chase.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hAZYpqpHe790l8CbKVguFxAS3QKutlHtzhFbVHey4p+280Ple6l4qJOgvW7DRLefSx5DW7ZY6+1d3sLwv7oi/Tywme2jrv73IcLPIj7PJCjm9kkcmuswuFbvs1rnPkUmpTn/9gpfR7KQCKuy7BBK093jbywPRsL2Dit6KiZJ7iYC97HzvrGgD05mzMq+DoA55QOo2FmAsj+ezrNf6ruq56NC7/6kQ4nuS2C54sajlm4G+U6i5JMMore7SYG2+NBLp3oTC2/KeC1nqSr4sHvzOXfNxrPiV0dN0Z8g/TDSaREcMFENmebFLmyTClf6oicf7AV41U63B1RjrytdogjeMg==
+chase.			86400	IN	NSEC	chat. NS DS RRSIG NSEC
+chase.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NxMMbE6eErpp4A9NrS+iSOR1SOV9SbqvsoayGCPsfxPpeR5ls+do0A6Ww7ok1Unachqn0D6CtAPCjPK+zTjN8En+h2so57FB/wGFT+t8eS9xtd6kVQiiWOgRTnoiwztLn+tOc4aSzi0Wn64NKv2HhN+4uorvMsyE6DfFHUZ2TPStA7qbV85YBcwOX95XJmvLPkS3pchXbprHMrNmaG1Su2g6QjsW6niwrnSqHNCaFL60T3nYvU+JeAPuUDoP5HaRLh3qBX1Wfm5jSycFLdVwt3s84ecKjWPxtM3azPJwl6qQz+I5IkKOuR8TrSPxG2pWRL+EAsye5iVihsvCvrJ9HQ==
+a.nic.chase.		172800	IN	A	37.209.192.9
+a.nic.chase.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.chase.		172800	IN	A	37.209.194.9
+b.nic.chase.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.chase.		172800	IN	A	37.209.196.9
+c.nic.chase.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.chase.	172800	IN	A	156.154.156.39
+ns4.dns.nic.chase.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:27
+ns5.dns.nic.chase.	172800	IN	A	156.154.157.39
+ns5.dns.nic.chase.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:27
+ns6.dns.nic.chase.	172800	IN	A	156.154.158.39
+ns6.dns.nic.chase.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:27
+chat.			172800	IN	NS	v0n0.nic.chat.
+chat.			172800	IN	NS	v0n1.nic.chat.
+chat.			172800	IN	NS	v0n2.nic.chat.
+chat.			172800	IN	NS	v0n3.nic.chat.
+chat.			172800	IN	NS	v2n0.nic.chat.
+chat.			172800	IN	NS	v2n1.nic.chat.
+chat.			86400	IN	DS	45004 8 2 CFBAED6BB4F9A66E0ECBA421E368DD33B881319A74D3375D3A0F8A88FB9BDA59
+chat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dBtQyIMHJseJenz1fsDBFIiOawnbltS3fWOXCt4o2BXJZzM4IIHyjK7D5yHEyRTnZyV2B51kBAa8IzK1uAGbPPLGRtkt/BTpUc6hrn0yA4aCjDJF1xO2FwCEU0Cc7Ny+DyZ1Sc7/SWeqnUg7tKU/xg1eGjtljy1GQieHhSZyWQrYaz7sXL9Hxhxdjcl1Igrbd4NTJ1B7QPFKwIU9Aegx8X8VsZ94qxA1Lfpp9LEp1upUaRmq6WZ3sm1bRp+mD7Q7xBMDqbY1VrZmxaKNxUkWbrLLyYmln/sfHuKEnPhlmXKF6Sc5IDfha90iSpVEKoGpwMj4Npb0Jjb6wEB8MjaeUA==
+chat.			86400	IN	NSEC	cheap. NS DS RRSIG NSEC
+chat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zGP0f/t2/eU29rGwKy3UXbubayG1EE+eG0nfPNsJrduvC7JXQoTm44Ot2uJyA/w5ATDxW9+sfeXJ7hLF9bnxxT3YBpldoIdQ89vj0Wfn7Hai3AslJOYgGOiX3uSlyxLEzpb013GgvA5OtuwfHCnYjqsG/CmYMOngMsSZTWVqLa8YFoZSfzQlAVyWsB9WmfsMBqECBj4J/t2LsnGv4utvWrzf/vTzeG48Jnuz2g+Iw2AhMBfc9CyZCyzqWK1mk8oZySUEKLr3kOCWGbwNDim3dsxDXcTrP9NeqiG+9EcfEuK7Nivmk25Fm3QON3I16rb+mA5QDdw5B0/4ExGWkc+y3g==
+v0n0.nic.chat.		172800	IN	A	65.22.32.42
+v0n0.nic.chat.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:42
+v0n1.nic.chat.		172800	IN	A	65.22.33.42
+v0n1.nic.chat.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:42
+v0n2.nic.chat.		172800	IN	A	65.22.34.42
+v0n2.nic.chat.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:42
+v0n3.nic.chat.		172800	IN	A	161.232.16.42
+v0n3.nic.chat.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:42
+v2n0.nic.chat.		172800	IN	A	65.22.35.42
+v2n0.nic.chat.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:42
+v2n1.nic.chat.		172800	IN	A	161.232.17.42
+v2n1.nic.chat.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:42
+cheap.			172800	IN	NS	v0n0.nic.cheap.
+cheap.			172800	IN	NS	v0n1.nic.cheap.
+cheap.			172800	IN	NS	v0n2.nic.cheap.
+cheap.			172800	IN	NS	v0n3.nic.cheap.
+cheap.			172800	IN	NS	v2n0.nic.cheap.
+cheap.			172800	IN	NS	v2n1.nic.cheap.
+cheap.			86400	IN	DS	48844 8 2 6956C9CFAD73CD2BC1F638FE272FBAB440593ACCEE4CC6F9BCC60C3C172218AB
+cheap.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HvsM94WK1AhflcuokpsMPcVIWaSSg0QLOFZJEpTksk1EbKhuayzDPC5leHbC6tsgkJQaz8ZknCgVCJVSKKLihxvk1xTvyszzzabzvXI1F+B+tLt3bhN2JurKnQLWtmM5AijRjzfzpaqw4xbZ3LtDQygdS4ccYCfEilO5TeNne/bOevB40a7kse6gZjuigfvUrQL0hBO/QCmop5P9w8ZBjxW7R0BRAL3Uut15uqzEERBPYfmnpk2ueqBw6xMbHhtgmI13KVa/GLlkSA96rJnoTx8tk++uIL7rscy/Kv1AuZSJf8xTROujxdIBzDRe81WuOIydQQVdMXGrt7sTwRDpLA==
+cheap.			86400	IN	NSEC	chintai. NS DS RRSIG NSEC
+cheap.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kIsbJe6kygixB2VHh0D7LjOhLM8yfnQlvUVpgFyi9K1AOw3egfkKqKhKujsxq/Vq4JF9VsbVtElS6nFofKKxlClL6kR4yVEfK1Ft+Mp4JLE7Gnm3VrJ5VUY7qaX9u5D7cVN3w7gw40nrHId1r3Q9edBIJFnUixNHOYA/h2N5EcUgNMtc8xCbtyssi/HNyU57aGAxnwU7tYQaNxWfSIbTg4ktQBKbmhCK9yibrxPJakQJg8qOIvEDJVcLzDze+YwHjylaNz/ju6cAVzI8t0fbZYo41N7m909EI04LsGUR/1WyihX8YCNjeXOcbmckv1qztg2ltXrEGfUMRDxlWgZkfg==
+v0n0.nic.cheap.		172800	IN	A	65.22.20.26
+v0n0.nic.cheap.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:26
+v0n1.nic.cheap.		172800	IN	A	65.22.21.26
+v0n1.nic.cheap.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:26
+v0n2.nic.cheap.		172800	IN	A	65.22.22.26
+v0n2.nic.cheap.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:26
+v0n3.nic.cheap.		172800	IN	A	161.232.10.26
+v0n3.nic.cheap.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:26
+v2n0.nic.cheap.		172800	IN	A	65.22.23.26
+v2n0.nic.cheap.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:26
+v2n1.nic.cheap.		172800	IN	A	161.232.11.26
+v2n1.nic.cheap.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:26
+chintai.		172800	IN	NS	a.nic.chintai.
+chintai.		172800	IN	NS	b.nic.chintai.
+chintai.		172800	IN	NS	c.nic.chintai.
+chintai.		172800	IN	NS	ns1.dns.nic.chintai.
+chintai.		172800	IN	NS	ns2.dns.nic.chintai.
+chintai.		172800	IN	NS	ns3.dns.nic.chintai.
+chintai.		86400	IN	DS	58834 8 2 71DC6C01F954DA83B6CDC9E95BEABCF8A72FCF478B56F7B4E1214E965BCBFE7C
+chintai.		86400	IN	DS	63010 8 2 1CA7FEBCC15FB6098755EB40502C9ECDDC2E9E0053F6C686A06A11C94FCC220F
+chintai.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oD4H1TIK7QTCM+anXgQJUC/MfQj9l+OUJYDmCUr3IJUZYNxSPiKtcdJ3+u/O3BKrgc0Im0TSt5fr+apAn2lAHRdtOT54ZLI/TT8jZZMk2YUAU1c+tugXHNSQ9aUHwraH1p5+p4qcIbuLIK4cbPtI1Yzh3v3G9z9okv39zsqrMyaH45yZ2K6BWseY3yAXSz6ikamkSNcglkQWfxI1F7W02MF55YGiKreWM/CLoJq1heC8Xmm66FxJadW4OtFkuizebzEncddKMCu1RU+vUYx3W8xZKzzqU9hO5TiWtHc2RwOF3iTo8UJj+kg4R+6In7dskMQ8TWhByjNY6zRSKsEFRQ==
+chintai.		86400	IN	NSEC	christmas. NS DS RRSIG NSEC
+chintai.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O2aYg7cdoUtlwDezS5QjZyzhRGzBV66/sQuZzM3j6Rzl7Hv9iGTsL9LmZ9xJ8Oz/ihbWSZhZElkxqql0hdwtpHzyULtyuKouwnuuJFKJJ88MdW2jFyT1R8uwzUiJ7XIeNEt+WklvNv+IfqH+omzy6w8WxZytcTqDARVKiwxSTzwBQpu72CA0pqRAFnDyOEcwjWqx2fSNwUMBszd+WcGbXM+/vAKBS95tLfuoI+o19HGioCohj1tRO5pPI6Z3VPKg+TglZgIcH5KjcodQrL+O+Mh60Bhh5SNRZUhjHAW0XrRJ87KGjEn4kQCQgG9NWb52NctvjnXIRyjEBi5Fza8R3g==
+a.nic.chintai.		172800	IN	A	37.209.192.9
+a.nic.chintai.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.chintai.		172800	IN	A	37.209.194.9
+b.nic.chintai.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.chintai.		172800	IN	A	37.209.196.9
+c.nic.chintai.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.chintai.	172800	IN	A	156.154.144.40
+ns1.dns.nic.chintai.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:28
+ns2.dns.nic.chintai.	172800	IN	A	156.154.145.40
+ns2.dns.nic.chintai.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:28
+ns3.dns.nic.chintai.	172800	IN	A	156.154.159.40
+ns3.dns.nic.chintai.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:28
+christmas.		172800	IN	NS	a.nic.christmas.
+christmas.		172800	IN	NS	b.nic.christmas.
+christmas.		172800	IN	NS	c.nic.christmas.
+christmas.		172800	IN	NS	d.nic.christmas.
+christmas.		86400	IN	DS	2827 5 1 45A7AB7FFC9AED55E130DEEBC6A12A007052C326
+christmas.		86400	IN	DS	2827 5 2 B359C6393C81C5C19E651290CE278F6D9E6B73B625E2809EA4FA7CEE67DF4A3E
+christmas.		86400	IN	DS	23941 5 1 BC0C1CCFFABD83A031323C84E60B6B755356A8BE
+christmas.		86400	IN	DS	23941 5 2 31B3839A387CF1C59F5A9FD953E54C7D5852606C0B20E86281148B6D4AAAC042
+christmas.		86400	IN	DS	51184 5 1 B14C7AA2999B35F27382961870CB8E480A1F5F0B
+christmas.		86400	IN	DS	51184 5 2 1A80057885DE5C3E07689CD77E954733A4B21658C65BEE06F69B8F8E5F47170D
+christmas.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WOcx9ohxnjpDcJ4lHv78FJal0/Z8IroODQIBqutrzX2/LAGZp9Fy83iJ301TXyED5lByMXmQprThcOYXDOdvuwrlER0Kp+RdIRdBPW9/aqnrYZjO88jfYzJeXE9CTbsluutsxq65icl+pX1q0HCy78rKtxt2R/AUi5IOS0r3NLIkNkC1xCWXYE37XoYOy3AwEsWDh9jVWxpVLWL2TobCzAv/XOJg+j/QUg9WSS9a6Ocmyf7PteizJ4idBtABQ7kOPGnkbuYtE6SPgvQXtR95JdF52db4BmENNo6k5BXDYkhlmIO1t48AEtKXpSBcRBx+MAkF8C8wS7/opdWvP6KxgA==
+christmas.		86400	IN	NSEC	chrome. NS DS RRSIG NSEC
+christmas.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hw8NukUFSijTQnFDUhi96UZbhPoUY1dL+UtLb4PSknlAKM2wLFHNAn9xhXOy9qc0fW4GNVQiGkU5SSLxDdx5yX4NnCXBJaZZUhchhgITeQ4tENuExUD6Hc7GAixRLoAPrwedcANSTRg4A48qNTwh2K4VG4ZoqXTOWgEUevJzM5GtrMh0W5iT+uFl1BlMawHj20UpLBz/4SMH2y/WmpAnYMjq0wtswr2QP7+3EQBMHxCNlOIbggLKES6srSg+t7Ab8K2uiV5uUT7Sl5WhKb7zd2XzkwlP4hEpJ91Jqla8AdM2JJp3yAdK25jGSUpeg0tf+jQXcp+pkxLUW6DZrS7deA==
+a.nic.christmas.	172800	IN	A	194.169.218.153
+a.nic.christmas.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:153
+b.nic.christmas.	172800	IN	A	185.24.64.153
+b.nic.christmas.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:153
+c.nic.christmas.	172800	IN	A	212.18.248.153
+c.nic.christmas.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:153
+d.nic.christmas.	172800	IN	A	212.18.249.153
+d.nic.christmas.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:153
+chrome.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+chrome.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+chrome.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+chrome.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+chrome.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+chrome.			86400	IN	DS	56911 8 2 C036AD5481A57EACDECF5780DE4AEC4A1C433732D50DA29A66A1643656D065BA
+chrome.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . b04/ZlhT1IRiBpxS5i0AJ/TfDoB2o5SwXghgR83aNOfMXUSmYknkgs9NCPV6y8Iak2tZNo4fXGoMKtBgnSv2RDrr0/ayQtiKGPvvM9pFpF4QeeHWFR+ItB3FpcMF5Z3BSCxHKfIYUaZeAWr3Ilu6lJtcC9s1BRehBEpus+KgVIbe4yMssUC0V4gQlxDjHXxuOtumELWNTAXMLP/wmzC6F6h3aq14fOgRIVj+Xz3Go5IMYdnJuBNCW1IJZitLrWBUR7nq89q0l1dhf+8bXKgzZtliy/JjfTQdYmace3WTuM5J4FHUYIT6etgjsdLx8CELqBwIF+v49WqD2e0XeiTd6w==
+chrome.			86400	IN	NSEC	church. NS DS RRSIG NSEC
+chrome.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qMhSPy7VQ1HgW2aZCWgP1TjBklnIv0OWpWz/V5Hb+VF6nzL691UeIIx7G/X4QCHf0Rl5iri1oGASVw0RdJYPofGoQ7mTasLrFOl1ENaQvVudv3+xS2p40znShSNyvKTXpUYPDlqz6HAvlpiy3ugixV8vVFd26/6SqKS6Tl0R0frgkHrvSfD0qf4LpJdLZds9mwvFaQqP9ST2RJFVWf2wgdX+dYJgYV5Xv8x2gSYUapAXm6tX2D8tpwazseC31k8BqOlwuF5f7/5hQmnpwokcS+rNLbIiqPn9lvN2zRYthkwz/qgJbVwd15ILo53mQ78Ka9Yy9DvFPcTl9jmZC1MnmA==
+church.			172800	IN	NS	v0n0.nic.church.
+church.			172800	IN	NS	v0n1.nic.church.
+church.			172800	IN	NS	v0n2.nic.church.
+church.			172800	IN	NS	v0n3.nic.church.
+church.			172800	IN	NS	v2n0.nic.church.
+church.			172800	IN	NS	v2n1.nic.church.
+church.			86400	IN	DS	15331 8 2 0F54AF90A54221FEBFC21487ADDA2C595EF2EF9B5ABC706D1938B1F95F20D9C9
+church.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xwuFBL1slcj+UUEXoP3F6MMp1gAYo7iF5iMP1eUu1ZVAduC1nFfhUyEuldu6iW8qv61u0MZ77IasgUEpFiNml+ypK6YsYG+r74IiS+l34JAXcgXl28rIdH+8n9ZJjihMjYG67AGhdlxdqAIZEuULTEv0Mp2HUmZKfat6CAcc0g3szTuDiWf1DlUajKhX2hJyvWD99olY3dMl56zy6wObPJKLp4+lsjMU4rA4HzpRpPtz78kggURWrXztWkkVWEuMQakPPLFNXWDANQDXM4CTcQZQFT7+VTsn3bxVvgKWXBat9J5rQU9PlVwIoUqM9BsR2GIa7w3aukkow4Gsf8FefQ==
+church.			86400	IN	NSEC	ci. NS DS RRSIG NSEC
+church.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . emfoLOUiHh6gYEPPUdnW2f0oYbiRxFkFA/S8rUyjW+rnNdMCLWJp88BrqySeLM2g27LMWeraaJ9teBrwWu2Tu3GZyRxl3TzSJpyi4BmgFVVMq7YzEK7aCEpBsxvx0/gT2sR24x99x1cuETn3czj4hDtA+SEikCeTutmBTCjRKSwZYUUn/ycmP+/8Ht1mxf+3GRuOOI1es00PEatO7u9n3R4XLgc9B4+kUFzR49nvQoRVjEqS+rFO2iX08aojvaF27N+F7SaKAAbE++bsOP7iNlljtBuXZ3j20m/ZsxZyWtPEQnJzeHJ6ZzJnyAmYt2POwKT8eD35pFy//uOVEU2R/w==
+v0n0.nic.church.	172800	IN	A	65.22.24.39
+v0n0.nic.church.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:39
+v0n1.nic.church.	172800	IN	A	65.22.25.39
+v0n1.nic.church.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:39
+v0n2.nic.church.	172800	IN	A	65.22.26.39
+v0n2.nic.church.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:39
+v0n3.nic.church.	172800	IN	A	161.232.12.39
+v0n3.nic.church.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:39
+v2n0.nic.church.	172800	IN	A	65.22.27.39
+v2n0.nic.church.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:39
+v2n1.nic.church.	172800	IN	A	161.232.13.39
+v2n1.nic.church.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:39
+ci.			172800	IN	NS	ci.hosting.nic.fr.
+ci.			172800	IN	NS	ns.nic.ci.
+ci.			172800	IN	NS	any.nic.ci.
+ci.			172800	IN	NS	ns-ci.afrinic.net.
+ci.			172800	IN	NS	phloem.uoregon.edu.
+ci.			86400	IN	DS	60224 8 2 0FB751F1B2230B9EF643DDCE8C30ACD1E7CC20FA7D52346CA074A32B8F01C686
+ci.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fFstoU3uiUv/lZch76UUDyqRSmxn8tjhStGvppicESo5yAVg5LR05jYcp2xRExVjNd1m6pmVsnjFsq2kbCkRaLs73F10btxlG3rEfD+lm4QhzR2eVCN/YeAPUQs83AKfFelBFefLNwEDJdhz9lz5WNKst4+7OyzpWX6n64HePgADTgOGY1xwMDWD4SWCEgwySGYDHD4KrydeYpGIoeqbxb071Af7H9A4gp7LxQar2nKDf2hiXIpGodJ+3ChL/kl6PE5I/JNGjURkP7C0r+nd/wcp5s4g7+TsEFldo7j3/WHPnexcjgNk6xvLzuvBuEe7eIERenQTBgT4R+p2pCHCBA==
+ci.			86400	IN	NSEC	cipriani. NS DS RRSIG NSEC
+ci.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HHaDahHr3woAyrGj0odJpYvTx27JNRdr4XugK5L4EVtJnMoUPH+93nPouHPh3v3+AmO6OARgYHzcXZWyZsH5fjYrkavvPDB/u7gw7KhkzqpFMGZCsu06/GZFurK6uvcdXPoW4CVHnlOBsn3XJt9Bk4Ewn76GmRXCLha0Zt8wHSBXXJh9ELpwtBzCh2Pa4E8VPOhYxAzWumPSETwMM4AqrZoR0s8wznn9cFn9uQP56Pc1S2DXnUHxo4uHqU/QwyG6aokh9nIPk8jx0wcYjkOwKbolj1zRmAXXf5QluSR/R1lqST7R6tLeY17J5Wbg4jsC34iLjNtJlHRlvDL3NWC8YQ==
+any.nic.ci.		172800	IN	A	204.61.216.120
+any.nic.ci.		172800	IN	AAAA	2001:500:14:6120:ad:0:0:1
+ns.nic.ci.		172800	IN	A	196.49.0.84
+cipriani.		172800	IN	NS	a0.nic.cipriani.
+cipriani.		172800	IN	NS	a2.nic.cipriani.
+cipriani.		172800	IN	NS	b0.nic.cipriani.
+cipriani.		172800	IN	NS	c0.nic.cipriani.
+cipriani.		86400	IN	DS	17209 8 2 41ADAC2BF52A4A5EA210CE9DB7AB6114A28CF916F1E06B1F4C3EEE90077D6147
+cipriani.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BdwbZkyN28xRaBT+vaRqO4IVoiZXgzpTg3vQRR074VQx2V1T3iV+8UTxGzTGci9JL1jhJeQ7zzNqn1QMI+SyajAVp6Gj1ofhJm320/5U8+0MRq9sUinnx8sgQldF2Pt4KpiKiW5mJavEUbuB5cAzc/VlcOfGrhM5DZYlHNYuT4QTTxwUcQKsNwa0x/6V2096AuL5xcQezxgTpKvUqZ3TysIpWrET6RsSlaNCUAihH6zYjDoImJswNLfw7iONP6UZDCpugtt+R0R2dklx0ngxCK0OBoIxuOXwNOUcLrVLLgZxre4H4Pac4RGZO38oePfy1Hv5vAvmEbBPa89hZC6i2Q==
+cipriani.		86400	IN	NSEC	circle. NS DS RRSIG NSEC
+cipriani.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IWQNsxY2SWrstwqWsKW2jM+LcDIzOf4RVU6Jh65tAaZJ6D6JVuDdjTznFt3H2Sa21dGSCMs8hYP4JsMs64YS593xz9FER7QTNAJ/HMBExFVU33WvJaGtgnVQttl/fIs1W5WYIo5QGWcTmoEVIIb93xdXXIF1ApiNNEYd65jUfF65Lc+9AAECiU1FEADmv5r+De/sgeI0kfOLU//MV2RTO+1i4fxIMNPnsMo0bgQ88mEabmRHT15FZPR/iIzHx/PBH8MeOJO7avA73RO1Cj2tdvmf4rITBhJbTJ0lxqv5hZVfHJ53A92yse5BVrZxrsdfAIeqOE0lCaLuIa4V5zroVA==
+a0.nic.cipriani.	172800	IN	A	65.22.236.41
+a0.nic.cipriani.	172800	IN	AAAA	2a01:8840:e6:0:0:0:0:41
+a2.nic.cipriani.	172800	IN	A	65.22.239.41
+a2.nic.cipriani.	172800	IN	AAAA	2a01:8840:e9:0:0:0:0:41
+b0.nic.cipriani.	172800	IN	A	65.22.237.41
+b0.nic.cipriani.	172800	IN	AAAA	2a01:8840:e7:0:0:0:0:41
+c0.nic.cipriani.	172800	IN	A	65.22.238.41
+c0.nic.cipriani.	172800	IN	AAAA	2a01:8840:e8:0:0:0:0:41
+circle.			172800	IN	NS	dns1.nic.circle.
+circle.			172800	IN	NS	dns2.nic.circle.
+circle.			172800	IN	NS	dns3.nic.circle.
+circle.			172800	IN	NS	dns4.nic.circle.
+circle.			172800	IN	NS	dnsa.nic.circle.
+circle.			172800	IN	NS	dnsb.nic.circle.
+circle.			172800	IN	NS	dnsc.nic.circle.
+circle.			172800	IN	NS	dnsd.nic.circle.
+circle.			86400	IN	DS	37745 8 2 89E27D8EFD40F6E9A05D3A8A4AE933A41056E574008D30B20C8AD9A7D07785DB
+circle.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dDjr3XGXiaYKOrwValUYgkyduK4XKQ9H1jwyID9hmzV+u5rOVJLW4K3OTINTN4kRNnopWmRN4mtTL5sTJiOpfAQ8pU+GyUDzWP0DjrOF0SbWhX+cm/MPWwHGxrYOX2ZVOQzIRvisBGJnHg/VlFsh87pZgr+LGeOPZQVZerWwAcCngmUtUNVTwp6f1EGuEatkhEBK/GAdH4y0tEfhHJ1aKBtE4DpGktuhHDXcWKBJho3epHTYrPPQIDxxnWbyfvXpmgj0wIjF4nRo0IIX2SAfF0G0aFYAZhWs8ARqD9NA/0G45fYhOMztPZGDZj39sDzs7BUtTx9sOSkwQjU9Yq936A==
+circle.			86400	IN	NSEC	cisco. NS DS RRSIG NSEC
+circle.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ab5JntFfZT0WEpW4lsBQBhXsOYbLRHay0UX8Go6sZ5NiBzCIhVZ/ZbWFAcjLpZ1/6+qm+d2fJ7o5wCfNIXk4Hz+pib/LeCQYULRgPYMCtVCrd3VlMFfYGWPWZYohpfPz6/xDpo6HgXqEjVPUe0WODWyXvVNLd/ZRKnEp+SyLgaWKfLvvowa3MS+EcpWNz1Rk5XkgiABrFxdlm/uHAycjR0Ld3OYLsZW1I3EQ/tXQ0emyFSiFlG0l3aAZguW4OKuEIR5nMb6dWSQSJI0HBAiXEfEHTArKIV1xUckBJ4D6KOvXJU/paJFLgMtodf0P7fnnfEPdk1uICMM1ZUomt6StjQ==
+dns1.nic.circle.	172800	IN	A	213.248.218.64
+dns1.nic.circle.	172800	IN	AAAA	2a01:618:402:0:0:0:0:64
+dns2.nic.circle.	172800	IN	A	103.49.82.64
+dns2.nic.circle.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:64
+dns3.nic.circle.	172800	IN	A	213.248.222.64
+dns3.nic.circle.	172800	IN	AAAA	2a01:618:406:0:0:0:0:64
+dns4.nic.circle.	172800	IN	A	43.230.50.64
+dns4.nic.circle.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:64
+dnsa.nic.circle.	172800	IN	A	156.154.100.3
+dnsa.nic.circle.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.circle.	172800	IN	A	156.154.101.3
+dnsb.nic.circle.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.circle.	172800	IN	A	156.154.102.3
+dnsc.nic.circle.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.circle.	172800	IN	A	156.154.103.3
+dnsd.nic.circle.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+cisco.			172800	IN	NS	a.nic.cisco.
+cisco.			172800	IN	NS	b.nic.cisco.
+cisco.			172800	IN	NS	c.nic.cisco.
+cisco.			172800	IN	NS	ns1.dns.nic.cisco.
+cisco.			172800	IN	NS	ns2.dns.nic.cisco.
+cisco.			172800	IN	NS	ns3.dns.nic.cisco.
+cisco.			86400	IN	DS	51292 8 2 2985226F8C44213F8C73E65288EB6F0138383E2BA2CC627A8FD8D7F836B62C48
+cisco.			86400	IN	DS	63049 8 2 42D0C12C3B954C6297A8810386E8D5D80F38A383F7C911630A5C1F3C81AF890B
+cisco.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TuuPknRDUZFhilBMaoE6kSituYHWmpWtsdkMkj4bZaLQ7HHTH+T3Di1A/WM/aL7o2dQQMgSSp7BLiLroo40O7KPSjAmnEswvZNfq/3hjraRLLEYEpkAzqazYalk2sBtXajVdkf/+LcbcCMnd04S3SbdZJRr2zd4XBSQBDu7sM8on+dPG1tx6c/60OYjxXeQchVasE8nhdEAsge5LLcyNqDumMLrio1Ar2DOoEtUPOIN0eoJYrq63USwCAZdUN1WccZVIn1nxrZXEchJKHGD2U2vKKFNw575ExV4Q2hNEpQNk8ykBUmwrFt8rYPVP1FG0s3lgrKfEPNsjPYjnB9a87g==
+cisco.			86400	IN	NSEC	citadel. NS DS RRSIG NSEC
+cisco.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . amO+QvG2aDrS/NtQmO7XZ/n+OfNTWaCql8mFU+RkdgGXV+8dMdXEP7Oij0vS0RQkW5gUQUc3NW125Qc5ciYh+e8URfFvY0S1CMf796akVHWTB8vdsgAGCownebZMi/JfFEYcD5AKJNsdNImYJVUmetGjIEhHX6A6wFxZWoyA58jEFApkLkX+aJa1CiTJtzzFUuWdNh3NzW6BydQhAeg237SqGJJIQu7bd5ya4fGl7CpeEZZZV8hQg8UY5dQ9E61EJBUV/iGxT10mJjvuYOUQgO58jwEH++yW/KZRawCBfuukxgBEeCv9MyeB8YItJfAMwIMLeqsmy9wU8CZS5fvSNA==
+a.nic.cisco.		172800	IN	A	37.209.192.9
+a.nic.cisco.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cisco.		172800	IN	A	37.209.194.9
+b.nic.cisco.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cisco.		172800	IN	A	37.209.196.9
+c.nic.cisco.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.cisco.	172800	IN	A	156.154.144.44
+ns1.dns.nic.cisco.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:2c
+ns2.dns.nic.cisco.	172800	IN	A	156.154.145.44
+ns2.dns.nic.cisco.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:2c
+ns3.dns.nic.cisco.	172800	IN	A	156.154.159.44
+ns3.dns.nic.cisco.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:2c
+citadel.		172800	IN	NS	a0.nic.citadel.
+citadel.		172800	IN	NS	a2.nic.citadel.
+citadel.		172800	IN	NS	b0.nic.citadel.
+citadel.		172800	IN	NS	c0.nic.citadel.
+citadel.		86400	IN	DS	43942 8 2 6A252BA4B61331A3D35B5D06AE744643AF83053295C42C0C2E65FCEBBA07834F
+citadel.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . I0vR5VjZKadXkmQosPb/yO9gScgFf5rHFZ5xZV1v7qrexybE9uPeNUODbxXSdk7yWqBMMTBZUjs9c+fQBRXgfWsCgZOpRtcyt9n4+aAs+45fv+4Jnt+npf/CpyWGXRaLy7YOR9AMuyeEH0myuxs+ckQXOpm4BdujljblstylNbUwzKS3u/qtGcz7mUUpnuoLH3+yUQz7VjF3ITZtK6Kb+FExbhHIQ//csdcoCsSgvoSjN0Inv+L5CAISs6WtDORnC/GuoNcEr8G4wNacKTOW099haFt2iArYx36qZ5i3Bvrzf2m5ZQ06BezCyyiKNQ49/Kc6/t3Nw/tkGb2Oiu8IqA==
+citadel.		86400	IN	NSEC	citi. NS DS RRSIG NSEC
+citadel.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 026LC1W0a3Y13FelAWLsyBUvbzkEmK6JskhYM/S7gMLn07zbnjYz3Sni7L1iV01h3tLDelJL8VTtq6yIN37wurJAKC4sfRZJRyjBgqdwrqixZuKYX8XHy6vwqWA/Vv0hknr8fdGlQYtvOoJhVVotmRjsd3RDHuoP0DkOEuClbZUjb2DODULDeqOqMAi8vr4aIHZ3lLWmD5hT2EtR5m/QLzMNTxYgELlCuTgR0k1DZ7fCyLCdHx7pinVMcTNw18icxZ1o/QAp/WOKtsI9cF8r1WWTmoits/JV9/CHki5nqL0BJxWQ3GB6ibkwr9HlZBAo4khcrwZrGeYeVJAIs24Nqg==
+a0.nic.citadel.		172800	IN	A	65.22.112.33
+a0.nic.citadel.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:33
+a2.nic.citadel.		172800	IN	A	65.22.115.33
+a2.nic.citadel.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:33
+b0.nic.citadel.		172800	IN	A	65.22.113.33
+b0.nic.citadel.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:33
+c0.nic.citadel.		172800	IN	A	65.22.114.33
+c0.nic.citadel.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:33
+citi.			172800	IN	NS	a.nic.citi.
+citi.			172800	IN	NS	b.nic.citi.
+citi.			172800	IN	NS	c.nic.citi.
+citi.			172800	IN	NS	ns1.dns.nic.citi.
+citi.			172800	IN	NS	ns2.dns.nic.citi.
+citi.			172800	IN	NS	ns3.dns.nic.citi.
+citi.			86400	IN	DS	44680 8 2 D1435F2313EA1D9B9A4AD59FC626DB5DC1BCA1DFF3EA52060C1AABA786128FCB
+citi.			86400	IN	DS	49387 8 2 9E8F9D0B17E64BE572031238573F83D2A6FC1EE6C925DDB5062B1698A91D7A2A
+citi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rxlGM47sUT0T9+Bt+CywQ+a6WoolHvHNLVdIyDTCGSSZ8UL7PKx14mKLWdgUMYOUoSVHQ+AmI8m7A04GaAVeIAM0f0OWcnFqFqKWX88a7xxZ1mdyPtKrssys9XzF2aoS78Tija2I11J/ffHVftd9IImf+BSeIdy9ZaTGyD9qx6s9PvchSrXXkwL9rUjDyNxvwzI+yMDqPYqpOFYDOIvcv0ywL/NebaE+evANCDzBWFhtyLwU5hn+Qtx8W6PICJUQMduQkVGgaOFfUHra2FM2CGJLX+d0TVCadvGM1ME0faSfK9Qx2BqQGom/4D6+3+7xA6pY8UVVQ6FTIGas+jXhvA==
+citi.			86400	IN	NSEC	citic. NS DS RRSIG NSEC
+citi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WlHRVqRf7s4PWlFApoOO9U2q5W3aH1HdBr3AtVg5xSZXH5z9Emx+csHIEBwLoDAyOKc9DUiRADxqRMZE2i93e+Z6ZXQk2GQvncW5XIwWkX8BOqGPfeE4JF+6l+YXY43f2hFbtJgchRuas/u/cUQxREoaZIJ3D5k0ExdBbA/FS1Ccz7Shckwr3FC2wNHgGdk1VyIevGhjTtTl1+qZDiwHgxQrgxPASt7vNiQX445wxdvZoY42LDLjzZQuxGP29LW51z4FfTuTZ1fqtJ2VmCin/JjAjYXHD5+npR7sNFr7+74OgtulYTEbQGU8vmN6oAPnpRg9c+iYRm0qUFg7jXVwLA==
+a.nic.citi.		172800	IN	A	37.209.192.9
+a.nic.citi.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.citi.		172800	IN	A	37.209.194.9
+b.nic.citi.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.citi.		172800	IN	A	37.209.196.9
+c.nic.citi.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.citi.	172800	IN	A	156.154.144.213
+ns1.dns.nic.citi.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:d5
+ns2.dns.nic.citi.	172800	IN	A	156.154.145.213
+ns2.dns.nic.citi.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:d5
+ns3.dns.nic.citi.	172800	IN	A	156.154.159.213
+ns3.dns.nic.citi.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:d5
+citic.			172800	IN	NS	a.zdnscloud.com.
+citic.			172800	IN	NS	b.zdnscloud.com.
+citic.			172800	IN	NS	c.zdnscloud.com.
+citic.			172800	IN	NS	d.zdnscloud.com.
+citic.			172800	IN	NS	f.zdnscloud.com.
+citic.			172800	IN	NS	g.zdnscloud.com.
+citic.			172800	IN	NS	i.zdnscloud.com.
+citic.			172800	IN	NS	j.zdnscloud.com.
+citic.			86400	IN	DS	12331 8 2 CDBFC9F67E7F97E1759BF1BCAA26C853BC5DDE881551E1FA4A633E8BD6B8C9BD
+citic.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hs7zo6n3xq9NH/ROYoKbb+iGOsGe5CnWB8qggjOj856vDrmV1U+HJeVyMh7WUDYdQwMCHPVJniHb91lh4fjEWnvwf4TrBcs6jGV/mNtH+3B7eWAf029gklzq4Ah1wTAMjRM+CVmlGPOwJYEL1bOV5M6jenjxcnegzUTFgNRXl+bjPnaBqFSYEPTBcopHAhrov/l7CoqVAlMMP0ZGHHAc0pSWwFQCbq/uKYYXgoU8B4dQK1+Zwm8L0j8cmUk3s4xqN60xgFymmCjuPQCu6+w/q9nem+gbeU/s2Asw13WRw8AmhF1ijWIkzDqmsl0nOUMiAFAvAsDXB97Y9vL9yePjdw==
+citic.			86400	IN	NSEC	city. NS DS RRSIG NSEC
+citic.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QujwCjsbbfLZPqeRCX1US+OJ2DQ0FcRw6Bb8ft37QXN2v+hUjA0qeJEF+vXsPidWQyoThYoLei/f+Vo/10Q/7QOPa2060D58AhnqAHTYe/Tk2Ys8mnGq3LsUWnl01n2F7cGpM5ZPFJ8nnExJr1urWOyNUR2LdemmrCLHhN/s/e8YiQUdfrmY66R9xCuGcWRdOMjmW7WOQmpF+zoynGespNW2Em6t+yAVJcLIz2Fp2VLKoVJsV08GokbmSTiIuH60NUG+V/cWb4SVVdf60Syx9R+XaW2XB4VdgCGjfi6z6Hzpp+ldljB4/YAuDMbidPXEyFiZPOL+QtRm6KIgKImzQA==
+city.			172800	IN	NS	v0n0.nic.city.
+city.			172800	IN	NS	v0n1.nic.city.
+city.			172800	IN	NS	v0n2.nic.city.
+city.			172800	IN	NS	v0n3.nic.city.
+city.			172800	IN	NS	v2n0.nic.city.
+city.			172800	IN	NS	v2n1.nic.city.
+city.			86400	IN	DS	32800 8 2 10D3A1350CB71FFD64E8AB13DA40CC6A697267AE989B92A8DF1460C5AFCDF87A
+city.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BGfwPFTeJwgPj7Pjm8bcxFeOTU87tii5N9KGG6WnGBzcag45WrL86H7LL39a7xIw+oWmqAZprFhaJZPsuDE+OIkR5DKVRSuQUTiEFM9rbvs7K8a7kFUZw6chWyKmKLi+Py/8Vy2ftYTKE7ziTBHKLemoDa6Yo0Hbs6zOJQ8Koe2fvdYUAIgIghvXOzx0oumuD+CS8nEP0JU7FxGIovVmaKr0aNVc21n7mymOa3SmjfSPUTuvVMfjipb+H0fcgQIERabPShYrmyxz2XNMGz3Ba77KQ/VJErC8VzxClKkIhgbJF0cahM9G/9TfrmTqsGFgnUmGHHa6huJ3p5NOrwBMAw==
+city.			86400	IN	NSEC	ck. NS DS RRSIG NSEC
+city.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vyyol6Z8xFMRZWszVfwc3/1DquRbcA/tOeuKP/Z13iOAzkeBujxPtKYgiWqIO7HxsYJyvqOCBwScaDeY1pewF00UhjrpZWjdNO4Mn3HKljx2CCdU+2458tww9IRZsPh7GslJr6jS/r6iOnn/3GXTe8fsAd7T77KGidJ4sqQ3ViyRYlTiD3mC75riAdrsLOWNCRs06R8I2KukE9YDVkxrUxHmxMnb7Dw1Wm5uwnISS0LrMqfDpRnabi4P++OunjvtrFEnhYZ57rQayASWlMc1axRA/rK3p8TefpsOxKtXlVzOUhsqqw07Q9fFc9J37Rc9Vuuu6mNJAGHJJ0fi37W7kg==
+v0n0.nic.city.		172800	IN	A	65.22.24.4
+v0n0.nic.city.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:4
+v0n1.nic.city.		172800	IN	A	65.22.25.4
+v0n1.nic.city.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:4
+v0n2.nic.city.		172800	IN	A	65.22.26.4
+v0n2.nic.city.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:4
+v0n3.nic.city.		172800	IN	A	161.232.12.4
+v0n3.nic.city.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:4
+v2n0.nic.city.		172800	IN	A	65.22.27.4
+v2n0.nic.city.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:4
+v2n1.nic.city.		172800	IN	A	161.232.13.4
+v2n1.nic.city.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:4
+ck.			172800	IN	NS	circa.mcs.vuw.ac.nz.
+ck.			172800	IN	NS	parau.oyster.net.ck.
+ck.			172800	IN	NS	poiparau.oyster.net.ck.
+ck.			172800	IN	NS	downstage.mcs.vuw.ac.nz.
+ck.			86400	IN	NSEC	cl. NS RRSIG NSEC
+ck.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OVMG1TKY5u3RkVYeazN9Kg8X+7LHXu5xPOhqDIgrq0AzDC76aNQUEOb1RiXiM2Wp0sY48g1/5Yd8jhYxF6qGJRBcxeJP4++84eElKe0haH2ncXPIjz7mevV56DIYAfw3ydK7LCggW+p2rJTTWCN0KCPtJ1O/mDpAk7/9Jd/eKSTfBi46Hna5gFs+5JrhmsJB5jCBTQ03clAUEKR/SefyTuv0V4FTV9ZQn4EMJLmg5/KVOTLLOFZzC6mS+805CVhKode7bx07EYfTJT531c3CE5Ki9g7SctX2W/c2l6wM7Emow1kvYH2qRJXodNxOLLJVPl7/pNpF9fkOOL6zE9p/hA==
+parau.oyster.net.ck.	172800	IN	A	202.65.32.128
+poiparau.oyster.net.ck.	172800	IN	A	202.65.32.127
+cl.			172800	IN	NS	a.nic.cl.
+cl.			172800	IN	NS	b.nic.cl.
+cl.			172800	IN	NS	c.nic.cl.
+cl.			172800	IN	NS	cl1.dnsnode.net.
+cl.			172800	IN	NS	cl-ns.anycast.pch.net.
+cl.			172800	IN	NS	cl1-tld.d-zone.ca.
+cl.			172800	IN	NS	cl2-tld.d-zone.ca.
+cl.			86400	IN	DS	21199 8 2 7D756DFFAB6D3CD9C786FF5C659954C22944FAEF9433EEE26F1D84EB5370B394
+cl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dDwGGWUp+FRhh9GniztGiySyCRXVpAzM8//NoHiDKFXDAe7izQiWCKKnKqR/GeudR2sRCLdIxWgiDjN8NSkQdhJ5Px3gEm2s82o27ChUQPjIv1rK1xvyO3YAR91sjEBE6yEk7Tgymu90kjOdYwrjL4wMxvU1bKmyuTfHVKz0dKvIexKxSpLVDWH63KILGV6Axc+a+yI3Nn9/re2fCLtPHWdJFTAbeTw32KPYmg9KTMgofz9dk4bn6vI/M40NTp5Nz6jZvKuoRP9ypKTMiNDLBdFCJDXcT4TmaOgymNRXZkA9s6djLlOoJ7FIHZQgueV1MnKqUD/6eoJ95VJaP6hFLA==
+cl.			86400	IN	NSEC	claims. NS DS RRSIG NSEC
+cl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YexC/WGDz31MqJ5CCnKpB5rbweeGLTI2w03dcrJsyslDJTvd03u4aEZXXY+K1k1Ha6TV/sZooYjHltduAU0LIT7WDR56RtGrk1whRErUabWM339rC0xexfG9SM0RCquUYEb+YPJgQqxMhoCGA6Ma1Dj8+VRJLTotyB376FbyNhAfGNnb8bna8zYqUyoSNmCS7ApYxL7symuF0sNU9DZZBABoFEfdinNCKXQY8V5SyxO+kSiwVu/mA22atRrz1EgsOLffyY6V4wEGUYcXaJ2Iz1CbRUdjEaAxfPpj4cUllw9GkXYBjTiW09gnC2FGcPubjlHpLu6HBUQF4InvO/Jeew==
+a.nic.cl.		172800	IN	A	190.124.27.10
+a.nic.cl.		172800	IN	AAAA	2001:1398:121:0:190:124:27:10
+b.nic.cl.		172800	IN	A	200.7.4.7
+b.nic.cl.		172800	IN	AAAA	2001:1398:274:0:200:7:4:7
+c.nic.cl.		172800	IN	A	200.16.112.16
+c.nic.cl.		172800	IN	AAAA	2001:1398:275:0:200:16:112:16
+ssdns-tld.nic.cl.	172800	IN	A	200.7.5.14
+ssdns-tld.nic.cl.	172800	IN	AAAA	2001:1398:276:0:200:7:5:14
+claims.			172800	IN	NS	v0n0.nic.claims.
+claims.			172800	IN	NS	v0n1.nic.claims.
+claims.			172800	IN	NS	v0n2.nic.claims.
+claims.			172800	IN	NS	v0n3.nic.claims.
+claims.			172800	IN	NS	v2n0.nic.claims.
+claims.			172800	IN	NS	v2n1.nic.claims.
+claims.			86400	IN	DS	2119 8 2 98654E9430C03144F60667837F175CD420236C9A1EDD20131E653D2368A50DCD
+claims.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tlAFN4etG93qlIt43OpDoD/+KwsCbfx7q/yBFfMk+mSxQa6bEAb71FfxS0ZBbWA2K2k3RPI97OpCcJX0CCtX5c+plgxC5kjbu282Fxqq1dJofSrcWWIQLQ5va5A6L28WIJadKpOU7h17CLuXPh0M3F510Aw+R6jG5pZpe+UScN//oHExX/mtHnW/uXDmyG8LYg8pb9OFaS8ym5MN6am51SiYdjbjgahcr5or0IOZm+Lch2Il/HUvM48pN4pSC3XyvPINalOw8BxiEFgOyO4tB37FIEYrNZjFibtZoF+CiLDXB0clk5/IlzEkhLB0I1d2vTAzvVAAF4dRa5EHIQtw3Q==
+claims.			86400	IN	NSEC	cleaning. NS DS RRSIG NSEC
+claims.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JS8vSCJDC+fra2AVVKNi03kBon6YMozMGbr7KFpCaIblIMjcmP3Bys4IuzIcQgrkgWAtpJmTj3PhEOW3O6SKpUKqM2tyhSaP4kIlbIns4CseaA0qTRscyDIco4yx5j8GZ4+Gb3keFy9Y/5PUZI+N3OCYhr7D1fOOOome7NScPKpuW6ZH6d8y1alINdOYRtiYvOBHAhqagJq8j/GMT05a3+tZSCxxC6qLN4H02B0ivCwrldxAYzvtOSSHRRMFAxsORhbpY0WcDGL+u/OjpdqjIz/F4dGjgYuUlgGtevmb8jkXnDIO376jZjmobVMIjTRqip2JzEUrXhL/0TivEFaBLQ==
+v0n0.nic.claims.	172800	IN	A	65.22.20.60
+v0n0.nic.claims.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:60
+v0n1.nic.claims.	172800	IN	A	65.22.21.60
+v0n1.nic.claims.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:60
+v0n2.nic.claims.	172800	IN	A	65.22.22.60
+v0n2.nic.claims.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:60
+v0n3.nic.claims.	172800	IN	A	161.232.10.60
+v0n3.nic.claims.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:60
+v2n0.nic.claims.	172800	IN	A	65.22.23.60
+v2n0.nic.claims.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:60
+v2n1.nic.claims.	172800	IN	A	161.232.11.60
+v2n1.nic.claims.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:60
+cleaning.		172800	IN	NS	v0n0.nic.cleaning.
+cleaning.		172800	IN	NS	v0n1.nic.cleaning.
+cleaning.		172800	IN	NS	v0n2.nic.cleaning.
+cleaning.		172800	IN	NS	v0n3.nic.cleaning.
+cleaning.		172800	IN	NS	v2n0.nic.cleaning.
+cleaning.		172800	IN	NS	v2n1.nic.cleaning.
+cleaning.		86400	IN	DS	47050 8 2 182550E0C9232702E0700934C97C42E20B831C0987EE0E1B98BD726C1CB0F28D
+cleaning.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KKj7TMnmGmsworh4b8JnKOzCMBL53F7LlqFm67O3eY1E+FOppm+kYaLeGDAJBUK2RUDtbKeh8MbD8PlQg4jWEBzasz1FsF11CVc4+mJhpXSmmfJfZeAZrX1hvKziSk/SdUGzAhzQFiyG3BwVXzqbyO4UyMLG/UmJ9Iab3NhWFdbIJjilBogBkNC6Pqx5PUNz+TIHwJ1g4OuO1DSD2PI+BFZJcuttAP9uMO3NHXoB2iQ9b2IEv1OkxGEx19QHEzf6puKza4wBgPyaRI2DEwISaKCI6Md+YMaGrn55Mac65Kh0z/i2KHHB70knxzy/o2hGU7puVXuxOV0KTKk0hU2I4Q==
+cleaning.		86400	IN	NSEC	click. NS DS RRSIG NSEC
+cleaning.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ru6ugZyFHBIZMZg09DxSkRRkQDreCUoz1pQofutsWb4n+aWeprp1mal4Xp1jXzIj/XDhJ+QVZ3SrE5aVNUKUP7YZ4lrfxXhJxqssDN8DlzuiBhWcxWqnU30fUOOT35jBUOf1Xb/tg5zcSayCPf+19ikbDsyGNM4G5RfHHULqn+yEtsSyHsnPUDOjiqrsuN5Z9ee1Inun8CKLLEd6VDgKJFQULhKDMHlbMCGCa96cHp3C2F7srb+JdS+4xM3W+v1qjjFBRvnI9CSPTgzIrdJxR5ailHGi9J2YGyRYbhb5H2C/I4YzPEjlThqw9lWPqq79zgbB8HuYHP0QFf2JytDBtw==
+v0n0.nic.cleaning.	172800	IN	A	65.22.20.27
+v0n0.nic.cleaning.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:27
+v0n1.nic.cleaning.	172800	IN	A	65.22.21.27
+v0n1.nic.cleaning.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:27
+v0n2.nic.cleaning.	172800	IN	A	65.22.22.27
+v0n2.nic.cleaning.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:27
+v0n3.nic.cleaning.	172800	IN	A	161.232.10.27
+v0n3.nic.cleaning.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:27
+v2n0.nic.cleaning.	172800	IN	A	65.22.23.27
+v2n0.nic.cleaning.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:27
+v2n1.nic.cleaning.	172800	IN	A	161.232.11.27
+v2n1.nic.cleaning.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:27
+click.			172800	IN	NS	ns1.uniregistry.net.
+click.			172800	IN	NS	ns2.uniregistry.info.
+click.			172800	IN	NS	ns3.uniregistry.net.
+click.			172800	IN	NS	ns4.uniregistry.info.
+click.			86400	IN	DS	65517 13 2 D09A2C14C4382634EDCCF9634FB32E91511E1E642F3C38468BA2407F1D1BAD24
+click.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lG+KOrQcSvTF4j70ckocEqMbftcXT8otjUjIb+U8W0eQC9jjAq0z2agEzXoJw7d7vdv14hSqF4AulPgPbLe6u7N2rU57ikpimRVGkPoTdiePoRIHRspQLkz4E1zEH+dHVRaGeRKH/vt2fvgAn8sykch4OgDgig4TLy35fr8uGbNpA/jVRfN47tfBXo4c7UIKqoAwpcYLkiIk5nzDkXozvNp104iUBSVJuChLSMwXMun5r7iARwuM5A5FNZ7aCi6Tm2q/qYMy9HNbbq8GvvdqJbQ2YUmoWCd6Py9exbxFYWUKvZni1uWbl818vzd6Cyno5JgfWeLrfer3P67mjtC2bg==
+click.			86400	IN	NSEC	clinic. NS DS RRSIG NSEC
+click.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JYPdlJzSXTuMAIanU4pC4C8TLz/z1+7d5/jw7x47JopG5DgEdRj6NU+UDw6/u+Cx0KHm6scix6Kx8FbuDW69LBxvsSKF7pBQv4y9K+YgmfJ3vS2GAGbVLg8sCHlu1d022I7Rl1psMCk0OBuD4ix16pGMIPWCEfE18XIAw+Mg1OzKrIMK0qfE9GXb6d2ytHl1xq+4Qti++kNbULn8ACc2vhICHwsplSyyZgy0IgrRzZ54mDJM8tvtYUVmRM+8uL9AVDLHZttRdqwCYYTTwgM1H8OWT7oGoZw7jHlRUNvRCMQKQJCCyMAVXROq0OEZadl5K+22A0obKAppP1u0w4WrnA==
+clinic.			172800	IN	NS	v0n0.nic.clinic.
+clinic.			172800	IN	NS	v0n1.nic.clinic.
+clinic.			172800	IN	NS	v0n2.nic.clinic.
+clinic.			172800	IN	NS	v0n3.nic.clinic.
+clinic.			172800	IN	NS	v2n0.nic.clinic.
+clinic.			172800	IN	NS	v2n1.nic.clinic.
+clinic.			86400	IN	DS	44914 8 2 AF3D84251DFB43F15442B1B300AC65252BD0C3FF91BF6711412CB3D6EFE49C43
+clinic.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KiGTqpJmfYdgSSZfP3A6llL5FTiVkRUhFDVUG0d5sFANmUttRCju490CtwX8JtjK1x9HVNXAvXNSzER9wtckfAQUliqBOgt4FPsU2FH+1+93EkB3FhidHgoUA+su9v6rigu7U8e0qregtt3hpzWZv8QLoLQVIDPo0xn2Ve1g5KZND9OVa3Y7w2EQseyfALzqL4igAMpQXrdEfMe5g3NBRa1ycn/4jKRB9nqHNUvRiCTXQ17fd2ZafJcxo0hg7U1//NwscqCc/yJaxESEgwCBM5eHGBlN5sQEU0CADIxhNLvg7mz9r6EgcOHGXBOJAzkRK3POC3uYzY7v67A5CjXZjw==
+clinic.			86400	IN	NSEC	clinique. NS DS RRSIG NSEC
+clinic.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KpCyo9Yb5RIo6d48iqiQ5yN0YVNU48xLdzPm1GD/XvhN+Qh504wbFU2fDGcb2okE8lK9tK3UaynDSEmj7POGbRnkcToE4RonOdx6/y3TU5D99RaBTDzuIutTY4Crxn2Ne3A7xDZNVJmZC/gFIkTg7J7ABu3WPCSXFl3MSOQx7ydEf1K5V5vqTyxgg21kOBDES156J/WaFP6NUqT770zSyNFDdZM+SENsxG2/099nh3Cyd6raWBxNZFUspPlfhQmRWZ5/DlZzj3NXfCDtXms+Xq/k1FS/Y8k5hcv6z0scyYXXddSKOjPB/Pb8QHKusjUUWwPyLNisCzSHOOxjIn+BPA==
+v0n0.nic.clinic.	172800	IN	A	65.22.32.47
+v0n0.nic.clinic.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:47
+v0n1.nic.clinic.	172800	IN	A	65.22.33.47
+v0n1.nic.clinic.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:47
+v0n2.nic.clinic.	172800	IN	A	65.22.34.47
+v0n2.nic.clinic.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:47
+v0n3.nic.clinic.	172800	IN	A	161.232.16.47
+v0n3.nic.clinic.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:47
+v2n0.nic.clinic.	172800	IN	A	65.22.35.47
+v2n0.nic.clinic.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:47
+v2n1.nic.clinic.	172800	IN	A	161.232.17.47
+v2n1.nic.clinic.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:47
+clinique.		172800	IN	NS	a0.nic.clinique.
+clinique.		172800	IN	NS	a2.nic.clinique.
+clinique.		172800	IN	NS	b0.nic.clinique.
+clinique.		172800	IN	NS	c0.nic.clinique.
+clinique.		86400	IN	DS	51286 8 2 2456B103E69D9F788B97912B8DFBA0FBFDF574ABFA166DDD1C773DCF252B3BDE
+clinique.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BPynGRZBmoO/YEkkP1LjjjIPw2JDadUxFxTv/1G3nAWw1QuYEE6ZyYYfLATULyDi6LlOp/kj7kfi6nf1mbqWDe4vqqOw4/C8ST87BbWPuwXXMZsFw/uqWYeC3dv74aerYbIVJUNMTVX7qKSnfJwEE7guBmONSZ+xdB7FRUCG9GQFGvl0jxINTywLyTwn3u8b70wPpUSzcpDx+rOV23A4ZrozqkErnxE6PLx6mZobmB3sUUh03x/zYNbnlYcn5Z+7O06pKoiZXFACa7PWVst8eDPNkh68C+H40X5v+ClTwy1d6J+c5Sbx7+3LPB/FADmy1m+inDPYhx6BH/Hzss0fnA==
+clinique.		86400	IN	NSEC	clothing. NS DS RRSIG NSEC
+clinique.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pszXZvxkVBrXRtHnoA0pii9exMu1YQSa+suHOkFmpjxpYrrCMf7lhvYh0skT8rdh89yK7qww3Pa404jgLspNyQmAX6ryrFvU0slJonEUWm37V+DRF6UjmSebz0UB6V/Kdf9Og2JDyFboN52n28JC27nZ99pFQz2RMH8ErIGJhVsqG1E4BhI1d87cKniriSe8F6MOyDWHoFTlx6gyzRELZskwSIFXavYYMVNe2oIf3tGxahVsXAb3GTh1eKp0242MUBLHmbKz1dg6UbQz162DO1oq1MfPSWX+EfGBLWs6b/UWGbHBkqc9hlnwC+VsV3FDgO0gRwQfMyor3rtcfLJe9g==
+a0.nic.clinique.	172800	IN	A	65.22.52.41
+a0.nic.clinique.	172800	IN	AAAA	2a01:8840:32:0:0:0:0:41
+a2.nic.clinique.	172800	IN	A	65.22.55.41
+a2.nic.clinique.	172800	IN	AAAA	2a01:8840:35:0:0:0:0:41
+b0.nic.clinique.	172800	IN	A	65.22.53.41
+b0.nic.clinique.	172800	IN	AAAA	2a01:8840:33:0:0:0:0:41
+c0.nic.clinique.	172800	IN	A	65.22.54.41
+c0.nic.clinique.	172800	IN	AAAA	2a01:8840:34:0:0:0:0:41
+clothing.		172800	IN	NS	v0n0.nic.clothing.
+clothing.		172800	IN	NS	v0n1.nic.clothing.
+clothing.		172800	IN	NS	v0n2.nic.clothing.
+clothing.		172800	IN	NS	v0n3.nic.clothing.
+clothing.		172800	IN	NS	v2n0.nic.clothing.
+clothing.		172800	IN	NS	v2n1.nic.clothing.
+clothing.		86400	IN	DS	28429 8 2 568008019C12E27101DDBE2DEC57563701D527FFFD4A61AE82D7C54FEBAD2F2D
+clothing.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vyZnwYMXkBLpE2pNP35ZHZmD3Iw/c5bRjsArARqh63i4HKsiBkAXl9aVsmMNgVzm4K2OsJYd1oxSWeaKl19EeTDMu/gJrmT8E6WXKseQkSR79dN/9ZWYjiGcgcigBxgdcBMcDDVbhelIXchhsMP/5tctCgXsYP9y1OKNH7RVWnAmSPaHzwd/XsSIk8BkCLJPJtAKFl+3i8q6jCFyCpvK2eIz9FtKRmKsfFM8dAO68qvR2xZl1pIYPsEbMeO7dnA++6YvZW3w+/QYKGwSyO2/rV2y3TlRSeuVtT2FzLGq+7Zn41kRRvihJN2OYHH/dQ+hLzhVscloXyPCw8oMRjhRCQ==
+clothing.		86400	IN	NSEC	cloud. NS DS RRSIG NSEC
+clothing.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RSdP1mRCM1UBNZT2DFmnAI58sBVZVRD+3WbM5VQKnxtF+BLhWeLwAVfcM9e17Bhbn5gulgvYFZ4ebp7LOV17Q1DrVJ4m6HWKfvDkYpqPyeRvwavbpEW3nnR9WGq5BGIJixcV+ITHW7WhterhE4X4VFcfqpdnzf9ntD1hvmNRPUDcgvvNvMXPgRb0mxcMCB9z5dVAbwWUYNeKc+cyEjllIJl0v0ja61HiYrYRowVyWk3gQ8jJCrF646AEI1O5Ssa2TJGzilOqH52BReH0EaC21fTRolOrA/xYpcGg8MTkVhbS8+/Gc/BXCLEtoNFEJmtBc680y9QjqlDoYWV48zRAoQ==
+v0n0.nic.clothing.	172800	IN	A	65.22.24.13
+v0n0.nic.clothing.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:13
+v0n1.nic.clothing.	172800	IN	A	65.22.25.13
+v0n1.nic.clothing.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:13
+v0n2.nic.clothing.	172800	IN	A	65.22.26.13
+v0n2.nic.clothing.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:13
+v0n3.nic.clothing.	172800	IN	A	161.232.12.13
+v0n3.nic.clothing.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:13
+v2n0.nic.clothing.	172800	IN	A	65.22.27.13
+v2n0.nic.clothing.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:13
+v2n1.nic.clothing.	172800	IN	A	161.232.13.13
+v2n1.nic.clothing.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:13
+cloud.			172800	IN	NS	ns1.uniregistry.net.
+cloud.			172800	IN	NS	ns2.uniregistry.info.
+cloud.			172800	IN	NS	ns3.uniregistry.net.
+cloud.			172800	IN	NS	ns4.uniregistry.info.
+cloud.			86400	IN	DS	23374 8 2 0503A8FB36BC97CF3FBA3B0186BE04364E5743B345A89288FD5DFB9672D73619
+cloud.			86400	IN	DS	48499 8 2 655C17351152D0B6A959B7AC2C674CA37BB3513F612CF803EAE16F572C648AB4
+cloud.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0p1oi8isHA2cJtSrVEhYgG9q+lmyCiN2lDripOBExaVZDmQZUgQfQFQnbx4rPG4d6+LktIkxkyBHSORaOydPQwP38r2CKB/0IBBo0hog+FDsMEuE+JbmGu0uuY1pHjwYOfmU4y9cKZDHjEhNlkA3cVKPbQrH0+JsnQz856nBUJYDjtglLqFyFP8L55p2FW1dhSs+1b02ctzln/NMUxRn5q0zkEh7XjxUEuD9iU1t5X7FyO0y7WsWxkiFNRpZ42vRStgw+6N/dpLzXZUVkHUyCW5DOEfvdeq1hRCbqcKf/2q4vtgRSDmAd21ex/aUaHAHJ23wMiijgi70iicix7qY/w==
+cloud.			86400	IN	NSEC	club. NS DS RRSIG NSEC
+cloud.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ljjjXk5XubFGryvBEDnxk2+eVCO+/nXd/dN+Kl4jZlqfroXP2X+Vz54uGORFkRqfj5E0rU/zVDZQCMj2uPxtVG+3z9Ql74bgZNoidVft7WGJ5YVj3Bbn+9tGMxqUIV0l4/+u//aXpa1E+LlmIn61PxnEJXELfa10q9F8d2KhpUdkbx0s0/TSMpi2xtyPr3Ovazh+bxpFIHkIsK1o0zeBbD2eBqY856E1hiTvPXHS6lYg+CDpcCN+XfPqrjTGwtsMtDTW6MwDfwqBpeueUUCkwpLGbpuTduHTLllvljC/2NImU9XvfWZYczLiJPFHPcDy9/uNpFmeww9HOiXGAIQvcQ==
+club.			172800	IN	NS	a.nic.club.
+club.			172800	IN	NS	b.nic.club.
+club.			172800	IN	NS	c.nic.club.
+club.			172800	IN	NS	ns1.dns.nic.club.
+club.			172800	IN	NS	ns2.dns.nic.club.
+club.			172800	IN	NS	ns3.dns.nic.club.
+club.			86400	IN	DS	20392 8 2 1F1EBACD947952CE4DF8A80045EC37D088A49B72618FEB92B91229DE4D31B7B4
+club.			86400	IN	DS	54682 8 2 4FC0DBB4F04BE413BA1C0B1E92F4C5F0CCEBF7856370E20671AF6417499DB258
+club.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BH2Fys50et3FM/fGOc71xzE0sL3hEtQ7kJTYYCZSPEvOvNM8uhtz4+QJzYgG6N6e+lndMa2jvUP4ptfaX1X4Uy7L1rHBK1Gl+YY1ZZzAF6u6Na0kaE7Rl/X4u6kSrgymcZ7S6rVKo672PRKIxSygybZtlExe9bn0PcsLFd1du4ZQzvsyw6vyIf30WqcZOK04zqwnAfy3uLOJgt/Z030DmdGYin3202ESN949+sS03yXh3khq27dmIwZNYTMwMGVBWtxT9T/LTlaf5hAzqHbY/NGb4jOCLzB9qTLVeWeHtFMecJRcBvxg7ILIJtSmH5vnlGMlRjdq/ZuM4HjiPrmQ/g==
+club.			86400	IN	NSEC	clubmed. NS DS RRSIG NSEC
+club.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ESwA02NsXkAlsQF3LIoCItnS9ohEup3syzeSS2Pdm5JaJddB3owHpTwllnLwVtzVFi2oB5ol3X+isLbiOgBAYuwXxAW+49bT3IexC49EX67ZuQTNfFh8iyVGXRMAUjxX+37BJXXbKCKC/MvOS0ZJl6a7PZpLZkoFkb2g3DFfyBXBO8mT4r00XNGCQySeXkILKtyqCMBfkDVOvXI6AtDy5XBkMku5fv6DOFkDd3hzLVbG1tWWHM/ioxQFCNg7UytJflQPqtqR/awxIDaiKzngR3ZUXkZvz9fvzSd0Bmy+dLFiOXyp212yh0NbhAuhXc31o+LLbPqsZMX+H+tomiyxAA==
+a.nic.club.		172800	IN	A	37.209.192.10
+a.nic.club.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.club.		172800	IN	A	37.209.194.10
+b.nic.club.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.club.		172800	IN	A	37.209.196.10
+c.nic.club.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.club.	172800	IN	A	156.154.144.215
+ns1.dns.nic.club.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:d7
+ns2.dns.nic.club.	172800	IN	A	156.154.145.215
+ns2.dns.nic.club.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:d7
+ns3.dns.nic.club.	172800	IN	A	156.154.159.215
+ns3.dns.nic.club.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:d7
+clubmed.		172800	IN	NS	ac1.nstld.com.
+clubmed.		172800	IN	NS	ac2.nstld.com.
+clubmed.		172800	IN	NS	ac3.nstld.com.
+clubmed.		172800	IN	NS	ac4.nstld.com.
+clubmed.		86400	IN	DS	2823 8 2 49AFA8257AEF277EADCE81A3B3712BE90AEC8A22363B302884ACF373EADADF0C
+clubmed.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ctu11Fgw7NsmjKffMzo4jT+YHOh5JMAl0Avaum5EX8nS44WmaT3SSRs5ctmeOVB7lLppmaug3YIoBQz6HbsJMqjsUGITUu73ayhaTl+pH++yoi/SC6uZbplYUk9YspaNfFl1REktMJa1mSlU2wLgDdB7wnoWjxnowq9DA8/xCHpMXttovwQnAuwZsc48Kw8pdKU9QDWpRkFwBYtZ43W9wZxTdFgBMoj3oIzFjiI34Fwpqyz+uFXmVjttPGkqT0B6RVJrAVqIXgZaDhA8ZqNXRI5glQ1WbqW9s+awEH/rEnSsFDk/lau+JU7KfONK62bs8nLrXsIL5hXITdqQ/URPFQ==
+clubmed.		86400	IN	NSEC	cm. NS DS RRSIG NSEC
+clubmed.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yFj/apS30x6d9+u4fwLKklqonFFSXfMeFsebjXb1QxCxW5yRnx1EvCEYnDsGsUorHt4asd7eQezpubM9SiGPlQS6fNV5Uv3PddIQ4ckpyg32CZ+V0Nf4yryIyRikQlwFgXhUJYh40ScsoNQlev5fnwTZmR2TjptARinIGozxSbcwF2z8p39i6yamGHi0AV3GS+y9uruY57TbW9oNguqhB7yIG1gjqOuTyZ6Wuo3j+hgK1/94SU9wq6Ml13e9dWu5Yb5SExc/X06gE6kBZsSMFEFvXnDF7l1wu+LRSNKtzk2dcjxMyfGLcH9GRDu5KbiSRVb1gsB5nzFxY0gfLLtZqA==
+cm.			172800	IN	NS	ns.itu.ch.
+cm.			172800	IN	NS	kim.camnet.cm.
+cm.			172800	IN	NS	lom.camnet.cm.
+cm.			172800	IN	NS	auth02.ns.uu.net.
+cm.			172800	IN	NS	sanaga.camnet.cm.
+cm.			86400	IN	NSEC	cn. NS RRSIG NSEC
+cm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r6bdnkSTkJJhd3N0W/RMaMmcRXDkeSZk3To8bNAARbVNlwW3co3ZyAfoNc5eL1IVC/n8wy6nRaPz2PJFBGNTiwdzw5V4dU9+bt/Sxc0r0EMyBBhRj115SfIEV8b7J3fFlqTs7O/pLTobpS0kgeJjaLRTf5dwCyqO5U8ybXdYrry4BOxPedcDf3DErpcolkJBVaJb0PNPhOeuDXYG4W3NJ21MiyyJRdrndEOjSV6wuVJ0W039FXGFzk0CBR/QEofq7NkfKowocAWBLJ/uxvjq4d9hedK2SmFOn4qp69NbVcl9jVMA7W62+ZRKEWbp0yWfr5NIvfByqGmPAdNGybSEUA==
+kim.camnet.cm.		172800	IN	A	195.24.192.35
+lom.camnet.cm.		172800	IN	A	195.24.192.34
+sanaga.camnet.cm.	172800	IN	A	195.24.192.17
+cn.			172800	IN	NS	a.dns.cn.
+cn.			172800	IN	NS	b.dns.cn.
+cn.			172800	IN	NS	c.dns.cn.
+cn.			172800	IN	NS	d.dns.cn.
+cn.			172800	IN	NS	e.dns.cn.
+cn.			172800	IN	NS	ns.cernet.net.
+cn.			86400	IN	DS	57724 8 2 5D0423633EB24A499BE78AA22D1C0C9BA36218FF49FD95A4CDF1A4AD97C67044
+cn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lyydPdNLplReyh3bR+NklFHi0bxuZPc0M5CFSROWtHWj3BFXSWCwMu4M1deTtLIY02nyvpj5v4dtF2iLODZ5CCKIQXEcEPn+xZskYRt9YCbJDinozLZXGZO79UqATre5iYQvWyRf8hua8T/mS4lcWCzqLWFdrSAT3W5SLgoUxJl1CPqLQcuZw5ShIcKAtcL3D5ok6aSKo/7nHX6DcYjJ/oUENI2Kc4aWyEghnba4YpJXJg52+iWQo7BmmlJHk++HSDJ8soHWRvtbZsVV8le8ZNBAUG8qmSPfN6Qs2hlCxtGhcsVNMAmkfZqopq/9Y27G6Yptbm+Lq48NdGMBGIYxuw==
+cn.			86400	IN	NSEC	co. NS DS RRSIG NSEC
+cn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . T6Bvtj9BxBXlufJKBCG/ihK21AQyhyb1hodAU41LbXQrM6F/8aAbW/HGiSlLis0+F25EuvTqlDJq7G08exgrlAfQsW2n9HZdpWOco4JzjJEYH0LtZdfktwQYdgoCBcY1V20MA8O6fO6cMHvWJukAKaZKk6mmXTfiGNiuZtgcKsWvcYl2+WB8ZfYvbsaDVQD4h/3017zrpAUQqhOVSrozc/X+047xcvbBic4jAmV9Je/SXogzROaZPHxcMiPla0l5Spz8QOyfUk3ZJ36bpyjsbNlHKboS78Ac3KRJe6FME07wA4GMJ1/gTmckUIM5TeIxM8YwQIwcSMI7C/peQxIjrA==
+ns1.conac.cn.		172800	IN	A	111.235.161.1
+ns1.conac.cn.		172800	IN	AAAA	2401:b400:1:0:0:0:0:1
+ns2.conac.cn.		172800	IN	A	111.235.162.1
+ns2.conac.cn.		172800	IN	AAAA	2401:b400:8:0:0:0:0:1
+ns3.conac.cn.		172800	IN	A	111.235.163.1
+ns3.conac.cn.		172800	IN	AAAA	2401:b400:9:0:0:0:0:1
+ns4.conac.cn.		172800	IN	A	111.235.164.1
+ns5.conac.cn.		172800	IN	A	111.235.165.1
+a.dns.cn.		172800	IN	A	203.119.25.1
+a.dns.cn.		172800	IN	AAAA	2001:dc7:0:0:0:0:0:1
+b.dns.cn.		172800	IN	A	203.119.26.1
+b.dns.cn.		172800	IN	AAAA	2001:dc7:1:0:0:0:0:1
+c.dns.cn.		172800	IN	A	203.119.27.1
+c.dns.cn.		172800	IN	AAAA	2001:dc7:2:0:0:0:0:1
+d.dns.cn.		172800	IN	A	203.119.28.1
+d.dns.cn.		172800	IN	AAAA	2001:dc7:1000:0:0:0:0:1
+e.dns.cn.		172800	IN	A	203.119.29.1
+e.dns.cn.		172800	IN	AAAA	2001:dc7:3:0:0:0:0:1
+h.dns.cn.		172800	IN	A	125.208.32.1
+h.dns.cn.		172800	IN	AAAA	2001:dc7:fffe:0:0:0:0:1
+i.dns.cn.		172800	IN	A	125.208.33.1
+i.dns.cn.		172800	IN	AAAA	2001:dc7:ffff:0:0:0:0:1
+j.dns.cn.		172800	IN	A	125.208.34.1
+j.dns.cn.		172800	IN	AAAA	2001:dc7:fffd:0:0:0:0:1
+k.dns.cn.		172800	IN	A	125.208.35.1
+k.dns.cn.		172800	IN	AAAA	2001:dc7:fffc:0:0:0:0:1
+l.dns.cn.		172800	IN	A	125.208.36.1
+l.dns.cn.		172800	IN	AAAA	2001:dc7:fffb:0:0:0:0:1
+a.ngtld.cn.		172800	IN	A	125.208.40.1
+a.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffc1:0:0:0:0:1
+b.ngtld.cn.		172800	IN	A	125.208.41.1
+b.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffc2:0:0:0:0:1
+c.ngtld.cn.		172800	IN	A	125.208.42.1
+c.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffc3:0:0:0:0:1
+d.ngtld.cn.		172800	IN	A	125.208.43.1
+e.ngtld.cn.		172800	IN	A	125.208.44.1
+ta.ngtld.cn.		172800	IN	A	42.83.130.1
+ta.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffd1:0:0:0:0:1
+tb.ngtld.cn.		172800	IN	A	42.83.131.1
+tb.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffd2:0:0:0:0:1
+tc.ngtld.cn.		172800	IN	A	42.83.132.1
+tc.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffd3:0:0:0:0:1
+td.ngtld.cn.		172800	IN	A	42.83.133.1
+te.ngtld.cn.		172800	IN	A	42.83.134.1
+ns1.teleinfo.cn.	172800	IN	A	103.61.60.1
+ns1.teleinfo.cn.	172800	IN	AAAA	2402:7d80:0:0:0:0:0:1
+ns3.teleinfo.cn.	172800	IN	A	103.61.62.1
+co.			172800	IN	NS	ns1.cctld.co.
+co.			172800	IN	NS	ns2.cctld.co.
+co.			172800	IN	NS	ns3.cctld.co.
+co.			172800	IN	NS	ns4.cctld.co.
+co.			172800	IN	NS	ns5.cctld.co.
+co.			172800	IN	NS	ns6.cctld.co.
+co.			86400	IN	DS	61744 8 2 B9ADCA87453C1F69A9A524681F4179A88374C546A45892ACC10E2653519ACCBD
+co.			86400	IN	DS	62110 8 2 4857EE1A85E661C92156AD09B40139DAE7D5BE37D117A1223289F0E20CF9D654
+co.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . M177bC5hdPzQX8QVkVVDyKebIjcAOseRkd54UisxzrY0Z+oUcjCkFozc5ui4izwtvN3ADg+0KGoSm747nN4xRuuxJZHbg9hJZCeNKsb/OAepVoW7S78R+ib2HEE8moJYZNQB13GDoULdr1z+uZ5v2UrePjams3iExO/wlefi/L04Je1t0TfYtT2CbMF30qZh0bpjLdp5/JPUV0E5gSz4f3aYSEFphPmT+SZ3/6FbzmH0GgPWsl1WCO8JB1AtPcVrpbulwCtmQT0JSiZjA2/W5ZFz1bx0geWeFJnIsE8QbgVFvFhAQb+O/To+2zr4bW2u/hQBDWZsjyZLSiAx1SyDJg==
+co.			86400	IN	NSEC	coach. NS DS RRSIG NSEC
+co.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qVTBAchCBIuOE+6ZRRDzaHoAfMJnZUk/POfIX/9T5pBo65u5EEcHNV+Dc1ZKuuYwfZJOfO0GpZ2yIr2NRQUXiqGG1rHs7xIGxYUNjV2KjGSAcT4f2vPg6d+w693o6it8xtTtoVBbUD9ZTI7POaZDh4A1pGelgbHK+GvJB+ywCOEIXK4dUHweP7v3sSTOyYVm6jBUHfBg0qfvE8/+ndkBHzPuHEORa3k7QhbbSjeqdOsWa1NKBOUss2H8beQQ8cmSdoIXgNnbZe6Gc/Damtz6rJAqajneaP6ZEkEjQTpebdOePNJjeEsZ2i/vh0oiWe3nkG26PFuCSdC2xQGpN4xvQg==
+ns1.cctld.co.		172800	IN	A	37.209.192.14
+ns1.cctld.co.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:14
+ns2.cctld.co.		172800	IN	A	37.209.194.14
+ns2.cctld.co.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:14
+ns3.cctld.co.		172800	IN	A	37.209.196.14
+ns3.cctld.co.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:14
+ns4.cctld.co.		172800	IN	A	156.154.103.25
+ns4.cctld.co.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:21
+ns5.cctld.co.		172800	IN	A	156.154.104.25
+ns5.cctld.co.		172800	IN	AAAA	2610:a1:1011:0:0:0:0:21
+ns6.cctld.co.		172800	IN	A	156.154.105.25
+ns6.cctld.co.		172800	IN	AAAA	2610:a1:1012:0:0:0:0:21
+coach.			172800	IN	NS	v0n0.nic.coach.
+coach.			172800	IN	NS	v0n1.nic.coach.
+coach.			172800	IN	NS	v0n2.nic.coach.
+coach.			172800	IN	NS	v0n3.nic.coach.
+coach.			172800	IN	NS	v2n0.nic.coach.
+coach.			172800	IN	NS	v2n1.nic.coach.
+coach.			86400	IN	DS	7096 8 2 2C8F67D678443E464938744000D71FE49762EF2F18EB51992D0AA5C9D7B88C6D
+coach.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mhbm/BIU6Yzmn/PDPEFKSYRphOEVe+eMQhf2EZeNkHyT2UUoaho9+ANGVT/itlZs1HA9vNL6AEyTF3nkMmD3NElgnCcE8ou4YR5dSLIBjKofL5vHTNvvzakx7r/PlNgyZNAg8mxcJl5InECxaCU3QK/xBt4JmokdIrXEyEHlX6P9APZOWa2UxHHNe7hTmsJuGxoB6rdazqLXs7DGwUfy4ni1Fgjf0bGT4oF7UAAY6bZBTiKIB1CjRVoatQOXIUSMoWF5Q+/DJ8IjEJs6/WwI1Rb35Vvc8Viu8IFh9E4fN46hXp2pB7vF4avQvsnBVL85lCYndBhFVOfyoOAmAmB7PQ==
+coach.			86400	IN	NSEC	codes. NS DS RRSIG NSEC
+coach.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tMWNCuAhT7KoqF7Zi7vbekSs/wzb73DzJQOHv0ci+XIZoFcuxlGNpI4DSWb/Nc/d0DrexOBrJ2SDLA+U74HflIGLutFi/73JKZN1lISpTh1o0mfFChjjfc/9zbEGlBuqGj/HF+kyr9ZEVUA4/W2fvtrNarAQRl4dGqsuskbMaREfaZmMagozKacunlMw39uK2fCHWeMQXf3YH3/3ZSkt4djbcnnczlpSp+mi8m9HLBlz3gulSOh3D/xcf4wjt2P80e4J8Uv/DRhcQRGmAr6/GLfJUEouMyECqIdmguYdekKfxUyyyAGlwekrOtiLwvHGcHlQGSgls/wuZMTfyBFYTg==
+v0n0.nic.coach.		172800	IN	A	65.22.32.41
+v0n0.nic.coach.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:41
+v0n1.nic.coach.		172800	IN	A	65.22.33.41
+v0n1.nic.coach.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:41
+v0n2.nic.coach.		172800	IN	A	65.22.34.41
+v0n2.nic.coach.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:41
+v0n3.nic.coach.		172800	IN	A	161.232.16.41
+v0n3.nic.coach.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:41
+v2n0.nic.coach.		172800	IN	A	65.22.35.41
+v2n0.nic.coach.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:41
+v2n1.nic.coach.		172800	IN	A	161.232.17.41
+v2n1.nic.coach.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:41
+codes.			172800	IN	NS	v0n0.nic.codes.
+codes.			172800	IN	NS	v0n1.nic.codes.
+codes.			172800	IN	NS	v0n2.nic.codes.
+codes.			172800	IN	NS	v0n3.nic.codes.
+codes.			172800	IN	NS	v2n0.nic.codes.
+codes.			172800	IN	NS	v2n1.nic.codes.
+codes.			86400	IN	DS	60022 8 2 8202CE29FC05C3D18A4E2B64481F9E14D900D210F86B9B6226AB3EF0ACA364D7
+codes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NnOFlXlh3JQAXvxpfJMh60mXFeRSQclc4lpOViw2PoFMrTrOi7AKsu7o0iOlwwUgDf2sTpeD39UZAM0YKHfmrEjFsO6NPZxpZejar1EUckzzaLgTKcDezg+6WsKdjzsX+ScqzlE7bOEMR2rkecQeDbFtfEtI+LAE+LDYuX5TRiQtDjNyUt5IRZ1VN9GExXM+yEKmyBOd2iJWspBrWxQvx3nUsEYSeDmsaIv+8uKij3S8mGPHXOJrhEZKjAeSmU88/l06h7SAM9DCQc5to+Bx6VhILzTzCAra7QuksIIAGczfwlUv4OiHkeluMco0O3VyIom/frZKm+O/mOTVyPTK/g==
+codes.			86400	IN	NSEC	coffee. NS DS RRSIG NSEC
+codes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hny8XFUUf9xyzK+iEk+ILpBe3tcQ0JGpspZ3/ubfxsaRSkaCygqY8m9vNidpQl1It1gdz+iSi3z5otq2CgOl7z08Ih+07NzqqMkzVWylM33dHmBKDHUBb2aNW32cTM+a5MmiLPc0cZFRqlI6lij51MIDB9rbDUiN08WJjRNlBNyE5kR4xd0F+VbiLXDIVhTKw9sNaYu8lRdghrkurXPKsk9rBZ2uS0K+tdIxlF3uhIY3gSfqEbccXJG4h5Ka9kht0sp3hCewG9lXvaEd7dTsI6X9lV0Tj/69g6ZBFyqgG5yTaBOrT6BBxoIsEde4Tg9ffgOHcd+IQ22Q/h9TBdZMLg==
+v0n0.nic.codes.		172800	IN	A	65.22.32.43
+v0n0.nic.codes.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:43
+v0n1.nic.codes.		172800	IN	A	65.22.33.43
+v0n1.nic.codes.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:43
+v0n2.nic.codes.		172800	IN	A	65.22.34.43
+v0n2.nic.codes.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:43
+v0n3.nic.codes.		172800	IN	A	161.232.16.43
+v0n3.nic.codes.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:43
+v2n0.nic.codes.		172800	IN	A	65.22.35.43
+v2n0.nic.codes.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:43
+v2n1.nic.codes.		172800	IN	A	161.232.17.43
+v2n1.nic.codes.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:43
+coffee.			172800	IN	NS	v0n0.nic.coffee.
+coffee.			172800	IN	NS	v0n1.nic.coffee.
+coffee.			172800	IN	NS	v0n2.nic.coffee.
+coffee.			172800	IN	NS	v0n3.nic.coffee.
+coffee.			172800	IN	NS	v2n0.nic.coffee.
+coffee.			172800	IN	NS	v2n1.nic.coffee.
+coffee.			86400	IN	DS	37636 8 2 A131F5C4F1C6415C615B2B0B297CC9F97CEECB22CFA36D74270642FA8F0EEDAB
+coffee.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DbLgSLRUUOPz2rsTci+qS9IbqEeiUglYXVlkFgBzshCEd+JKLcPwp+/mS2ZT8I7EpiBvuu4TZcbQqhlIIMnADa+azhn/FgtvHY1Xnd7S8zjNlnwHAYHBvKoGkEcYc4Suc+h7ZBRaAT1Nlh2iVS0mNf5z8L6ud3hC4/n6sGJoho6OUlKpHSMzpk6BhJiUDQ7IyXD/G2iN7c6b+OHnsBnY73pzYp/PFwAKdxsP0n0lzoOp42Ryr8qgrS360dmP5AsAA5ypD3tlK02ZuG9njTYGr2p3fdxtajxF+sgVs2H6vMWyHPaw5kOGJ/VMdBnrn09tHnHqixruzt1iI8lB3AUSxw==
+coffee.			86400	IN	NSEC	college. NS DS RRSIG NSEC
+coffee.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OGlFJ4ZF0GqyMUOLOCjM/uMTCx++spIbFK/mqbZhcQsZJSA5dV81tdtB9wvcSgLsB0wycBIn9bXNETvo0tD8c1TuUDlMrz6xksn9kLCozsrbzZdSu79HeJQfgIkVS90feeilTsHK3alAzBzNV3LriEJ7f9PUyt834DBQZhrvA8vjOck+NSTE/IKmRTnQmEpHE3PlmT5A1jUsFcwJaLOV8AImLJE8at2kZuJmiBn+Iqa0V2bmxrhdhal16IrCaKawcM4Hl4/jYOR2ukoPYgmAoONI0IW3PXz93K8BdDjf6o9WUCMMQClZwldGHSVbuoSrsrDiB/4QwjkaPfOCP/iIIw==
+v0n0.nic.coffee.	172800	IN	A	65.22.28.41
+v0n0.nic.coffee.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:41
+v0n1.nic.coffee.	172800	IN	A	65.22.29.41
+v0n1.nic.coffee.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:41
+v0n2.nic.coffee.	172800	IN	A	65.22.30.41
+v0n2.nic.coffee.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:41
+v0n3.nic.coffee.	172800	IN	A	161.232.14.41
+v0n3.nic.coffee.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:41
+v2n0.nic.coffee.	172800	IN	A	65.22.31.41
+v2n0.nic.coffee.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:41
+v2n1.nic.coffee.	172800	IN	A	161.232.15.41
+v2n1.nic.coffee.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:41
+college.		172800	IN	NS	a.nic.college.
+college.		172800	IN	NS	b.nic.college.
+college.		172800	IN	NS	c.nic.college.
+college.		172800	IN	NS	d.nic.college.
+college.		86400	IN	DS	46634 8 1 E8D1436ABC9B53D4219D05356CC1687732014B60
+college.		86400	IN	DS	46634 8 2 7BEBB696E117D17EFA506B8DD2209D2C49E97E6635596FF3177BE76BE0463C3C
+college.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XpVGVukuM/o/unnsyloJaI4jd005Q1GRODyk9ih06UHQ8xhYQ1PLOdVBx0bnQeHj6Cf+uqgbse0RSlKr0YBaumJYn5eCy3vJdeDUhBq+AOzQsORk/+HtsC2DLTnfmYBD+jpNFfP9fvUF0wkz57PUw83QVHHTlEU8EKtGPNCWB6Szpmg/8IQkojxx6Etsz9GlOWuJpIJnrhoPqe7u/bLnDLA1yC+8J4zLdg31kE9g86tDrr6PIOvZsN0HuztBmc+phMQjgnnO284zjWsIDpuLvMm7lLKUpbDgQh2H5VH6icP7hhQUaMc2uYlFkbvqZ+ykRWG2tSEO4Li7o7uXZ8t3bg==
+college.		86400	IN	NSEC	cologne. NS DS RRSIG NSEC
+college.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tnk3cQ+UcrUP5IPGg9xclZvs4PPZICajdkcZkKXu7+Tgz1hcBo1RYGfmMDkYSIicOWSferQpDTSAts0dg0zhsP4Lf/+tTwx6SLs08ephQhbkQFu7D21VX8JxcCvsfwXkhh1O3mjH/6gDVFuqPjM/haaAkYJa471kuSLSN4Lhawa3K8x73L3BCdHJB0GK4OoECDW0sivogn7V4KNYSwZfwJOqNJsQWAVoYZRU9v1YP083XV06/f8bipEkgg3pR8SbPZzj3jGqqN9JGHVcM3edCfcZ1SbBqxFOZjMumK2coXutdVLga4fy4CFdP+rJ6NK+xMmQMKhu8k9OymScyaAx2Q==
+a.nic.college.		172800	IN	A	194.169.218.44
+a.nic.college.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:44
+b.nic.college.		172800	IN	A	185.24.64.44
+b.nic.college.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:44
+c.nic.college.		172800	IN	A	212.18.248.44
+c.nic.college.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:44
+d.nic.college.		172800	IN	A	212.18.249.44
+d.nic.college.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:44
+cologne.		172800	IN	NS	dns.ryce-rsp.com.
+cologne.		172800	IN	NS	ns1.dns.business.
+cologne.		172800	IN	NS	ns1.ryce-rsp.com.
+cologne.		86400	IN	DS	26533 10 2 B3A50F0FE5E706E83B98EAFE1AE7AC0DBB95219C8C6EAFB94CE1DE36B2A7F51F
+cologne.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . h+awRu4W3geN1tjvx+aoZM3nITDpzM2/DlbCIe/SABQKLhQ2RlSnAiY6AGKmMM2JL1rj/5hh5MBip8C3h8V1hVGWzQWPRxSC72deZHlSHBk2kcxYCVm0jPjHcwCxj12filSCJCf7tbnKGlRfB5B+H0QmHHa0Qk58rn6fPWr45Oin8Rrq23fx3HA33Hp3iqhO1MfItyheOc49kdotv7L7zv1RZwoE1FwwkOvSFSyr3GIoS/bQG/ZJMWlglUrXS4u0VhAWDYWyVVqc0gobRrU8hYUqQzjpDHVRoEORHhe4rjSDcdrKF6ULZPBfle/M8pDfUM/cq2KdcO1LJI0vb0gplg==
+cologne.		86400	IN	NSEC	com. NS DS RRSIG NSEC
+cologne.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q069vOdjAiVfH69eWE8+FoBgRh3iNdPmNrNeZLItNQ0vUWwGmqNX0Ns00M0s81AfVHbA0MvGVkUn3xqIiDCZeHfIH1HN7PB4EthNRxlwPbuFaW2SlqD/ku4pVTna5EhU6gL9oUlXLWG1Ks611we+SBQYVw61L15pYHMeUlDjmK8zZHhXYwwks16LDnmtacZ49OUD37ZA2HMRk68bUcTh7LdenukJxf/r1orTVICjFH0ntqGRVzV5OgpjQbBPpNUnZWeIWN/1N4/OlZ7qNp+9OQv7BWWf9yKvm506r4AtVVBDFlo7v+ylV09idOkcvyfZCOZzWUG2UbNljC1zyGeDMQ==
+com.			172800	IN	NS	a.gtld-servers.net.
+com.			172800	IN	NS	b.gtld-servers.net.
+com.			172800	IN	NS	c.gtld-servers.net.
+com.			172800	IN	NS	d.gtld-servers.net.
+com.			172800	IN	NS	e.gtld-servers.net.
+com.			172800	IN	NS	f.gtld-servers.net.
+com.			172800	IN	NS	g.gtld-servers.net.
+com.			172800	IN	NS	h.gtld-servers.net.
+com.			172800	IN	NS	i.gtld-servers.net.
+com.			172800	IN	NS	j.gtld-servers.net.
+com.			172800	IN	NS	k.gtld-servers.net.
+com.			172800	IN	NS	l.gtld-servers.net.
+com.			172800	IN	NS	m.gtld-servers.net.
+com.			86400	IN	DS	30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
+com.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t4ADNyZwW1sU/41DtrUFVFgFcXRfoEu3OhZy5zCR+XE4ShiKXq76OzEFfja5RY/r366IZJq/hfmd1QAEOiUTmxPaupveww9V2or2T1bO6nEX3fK3WTVsv/m/4Bk2kV04mhZZIIlxtTdvgbHrJz7QeoKBRAxYGQVapH/ecJYeDDaxRkPFZL4qk0VDqMn3fagw0QaYkR9+Er+Y4DyNyI6SSPRGvIK7C8LHlQhZy1wSWE1mL7sGd7mF7YjtU0y2xWEGLYnmPfyAf7zQRR8biDU0mTM4QLoCgIDTtpGuxTaXWBCYvd1gKA8qRQd/T5MlG05fcIOA63SzQHZhl2bShKim5A==
+com.			86400	IN	NSEC	comcast. NS DS RRSIG NSEC
+com.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vdJUnMh3wbNLtJZV+XvpZ8Z3am0z62pHCL8Ap/FRJRXm6dKR/blG2oZ9vvZM4Bdw0v0XeAywTTyoOHJYYKBz34JAtU26qk07psifJYg7qa6TRHKMWUDMvQ2z+T3O1sjG01hqzE4kg/dB3e+xoMGOBw+dj0FWioHBrPrxogzpTVrdMjTCsgxH4bRdlCLSUKk2iguLsxifc6I+FJlSSf5k4G4d6ksYcnl65m/89RDqoLOD/+MrNPm7pmEEb/eliDgUB2hHrZ1yuihKQCDO2TwAffXuZNR/4629BMvvNTRJVMzcTAsLvpgF3nQZhjzva/Mn6CHRNOkMh3lshKOh/uI5Ww==
+ns.amarshallinc.com.	172800	IN	A	71.163.249.97
+dns1.tld.becloudby.com.	172800	IN	A	93.125.25.72
+dns1.tld.becloudby.com.	172800	IN	AAAA	2a00:c827:a:2:0:0:0:2
+dns2.tld.becloudby.com.	172800	IN	A	93.125.25.73
+dns2.tld.becloudby.com.	172800	IN	AAAA	2a00:c827:a:3:0:0:0:2
+dns3.tld.becloudby.com.	172800	IN	A	185.98.83.4
+dns3.tld.becloudby.com.	172800	IN	AAAA	2a01:ba80:e:c:1:0:0:4c
+dns4.tld.becloudby.com.	172800	IN	A	31.44.1.137
+dns4.tld.becloudby.com.	172800	IN	AAAA	2a0e:b81:8001:1001:0:0:0:2
+dns7.tld.becloudby.com.	172800	IN	A	31.44.5.245
+ns.blacknightsolutions.com.	172800	IN	A	81.17.240.204
+ns.blacknightsolutions.com.	172800	IN	AAAA	2a01:a8:dc1:33:0:0:0:33
+ns2.blacknightsolutions.com.	172800	IN	A	78.153.202.4
+ns2.blacknightsolutions.com.	172800	IN	AAAA	2a01:a8:dc2:33:0:0:0:33
+a.mynic.centralnic-dns.com.	172800	IN	A	194.169.218.114
+a.mynic.centralnic-dns.com.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:114
+b.mynic.centralnic-dns.com.	172800	IN	A	185.24.64.114
+b.mynic.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:114
+c.mynic.centralnic-dns.com.	172800	IN	A	212.18.248.114
+c.mynic.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:114
+d.mynic.centralnic-dns.com.	172800	IN	A	212.18.249.114
+d.mynic.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:114
+ns1.samsung.centralnic-dns.com.	172800	IN	A	194.169.218.112
+ns1.samsung.centralnic-dns.com.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:112
+ns2.samsung.centralnic-dns.com.	172800	IN	A	185.24.64.112
+ns2.samsung.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:112
+ns3.samsung.centralnic-dns.com.	172800	IN	A	212.18.248.112
+ns3.samsung.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:112
+ns4.samsung.centralnic-dns.com.	172800	IN	A	212.18.249.112
+ns4.samsung.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:112
+ns1.xn--cg4bki.centralnic-dns.com.	172800	IN	A	194.169.218.113
+ns1.xn--cg4bki.centralnic-dns.com.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:113
+ns2.xn--cg4bki.centralnic-dns.com.	172800	IN	A	185.24.64.113
+ns2.xn--cg4bki.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:113
+ns3.xn--cg4bki.centralnic-dns.com.	172800	IN	A	212.18.248.113
+ns3.xn--cg4bki.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:113
+ns4.xn--cg4bki.centralnic-dns.com.	172800	IN	A	212.18.249.113
+ns4.xn--cg4bki.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:113
+a.xn--q7ce6a.centralnic-dns.com.	172800	IN	A	194.169.218.17
+a.xn--q7ce6a.centralnic-dns.com.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:17
+b.xn--q7ce6a.centralnic-dns.com.	172800	IN	A	185.24.64.17
+b.xn--q7ce6a.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:17
+c.xn--q7ce6a.centralnic-dns.com.	172800	IN	A	212.18.248.17
+c.xn--q7ce6a.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:17
+d.xn--q7ce6a.centralnic-dns.com.	172800	IN	A	212.18.249.17
+d.xn--q7ce6a.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:17
+ns-tld1.charlestonroadregistry.com.	172800	IN	A	216.239.32.105
+ns-tld1.charlestonroadregistry.com.	172800	IN	AAAA	2001:4860:4802:32:0:0:0:69
+ns-tld2.charlestonroadregistry.com.	172800	IN	A	216.239.34.105
+ns-tld2.charlestonroadregistry.com.	172800	IN	AAAA	2001:4860:4802:34:0:0:0:69
+ns-tld3.charlestonroadregistry.com.	172800	IN	A	216.239.36.105
+ns-tld3.charlestonroadregistry.com.	172800	IN	AAAA	2001:4860:4802:36:0:0:0:69
+ns-tld4.charlestonroadregistry.com.	172800	IN	A	216.239.38.105
+ns-tld4.charlestonroadregistry.com.	172800	IN	AAAA	2001:4860:4802:38:0:0:0:69
+ns-tld5.charlestonroadregistry.com.	172800	IN	A	216.239.60.105
+ns-tld5.charlestonroadregistry.com.	172800	IN	AAAA	2001:4860:4805:0:0:0:0:69
+dns3.dotukr.com.	172800	IN	A	37.187.75.31
+hoppy.iom.com.		172800	IN	A	217.23.163.140
+pebbles.iom.com.	172800	IN	A	83.218.14.53
+ns-mg.malagasy.com.	172800	IN	A	51.178.182.212
+ns1.neoip.com.		172800	IN	A	51.195.14.249
+ns2.neoip.com.		172800	IN	A	45.83.41.38
+ns1.nic-ge.com.		172800	IN	A	3.66.58.155
+ns2.nic-ge.com.		172800	IN	A	35.153.81.228
+ac1.nstld.com.		172800	IN	A	192.42.173.30
+ac1.nstld.com.		172800	IN	AAAA	2001:500:120:0:0:0:0:30
+ac2.nstld.com.		172800	IN	A	192.42.174.30
+ac2.nstld.com.		172800	IN	AAAA	2001:500:121:0:0:0:0:30
+ac3.nstld.com.		172800	IN	A	192.42.175.30
+ac3.nstld.com.		172800	IN	AAAA	2001:500:122:0:0:0:0:30
+ac4.nstld.com.		172800	IN	A	192.42.176.30
+ac4.nstld.com.		172800	IN	AAAA	2001:500:123:0:0:0:0:30
+rip.psg.com.		172800	IN	A	147.28.0.39
+rip.psg.com.		172800	IN	AAAA	2001:418:1:0:0:0:0:39
+dns.ryce-rsp.com.	172800	IN	A	194.0.11.114
+dns.ryce-rsp.com.	172800	IN	AAAA	2001:678:e:114:0:0:0:53
+ns1.ryce-rsp.com.	172800	IN	A	193.56.204.153
+ns1.ryce-rsp.com.	172800	IN	AAAA	2a0c:8f40:0:701:0:0:0:153
+ns3.seacomnet.com.	172800	IN	A	41.87.126.253
+ns3.seacomnet.com.	172800	IN	AAAA	2c0f:feb0:0:0:0:0:0:3
+ns4.seacomnet.com.	172800	IN	A	41.87.127.253
+ns4.seacomnet.com.	172800	IN	AAAA	2c0f:feb0:0:0:0:0:0:4
+ns2.teleinfoo.com.	172800	IN	A	103.61.61.1
+ns2.teleinfoo.com.	172800	IN	AAAA	2402:7d80:8888:0:0:0:0:1
+ns4.teleinfoo.com.	172800	IN	A	103.61.63.1
+ns2.tojikiston.com.	172800	IN	A	193.111.11.4
+ns01.trs-dns.com.	172800	IN	A	64.96.1.1
+ns01.trs-dns.com.	172800	IN	AAAA	2620:57:4001:0:0:0:0:1
+dns1.u-registry.com.	172800	IN	A	51.222.128.197
+a.zdnscloud.com.	172800	IN	A	203.99.24.1
+b.zdnscloud.com.	172800	IN	A	203.99.25.1
+c.zdnscloud.com.	172800	IN	A	203.99.26.1
+d.zdnscloud.com.	172800	IN	A	203.99.27.1
+f.zdnscloud.com.	172800	IN	A	114.67.16.204
+g.zdnscloud.com.	172800	IN	A	42.62.2.16
+i.zdnscloud.com.	172800	IN	AAAA	2401:8d00:1:0:0:0:0:1
+j.zdnscloud.com.	172800	IN	AAAA	2401:8d00:2:0:0:0:0:1
+comcast.		172800	IN	NS	dns1.nic.comcast.
+comcast.		172800	IN	NS	dns2.nic.comcast.
+comcast.		172800	IN	NS	dns3.nic.comcast.
+comcast.		172800	IN	NS	dns4.nic.comcast.
+comcast.		172800	IN	NS	dnsa.nic.comcast.
+comcast.		172800	IN	NS	dnsb.nic.comcast.
+comcast.		172800	IN	NS	dnsc.nic.comcast.
+comcast.		172800	IN	NS	dnsd.nic.comcast.
+comcast.		86400	IN	DS	21809 8 2 10E13E49F33ED1E42CA5D829093548118280D27664EB9DB6B52956189B5DBC67
+comcast.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pSBEM1dsxUC6AZZpSTY4E+OMclTzagikAQaQSDDny3IqiQLxEdAUpii8E3tNbyRmEEUkjHCoFLdoMzfw/x/IrthmVsaEgVlHe5kGuRDd44fJsdzHsYhln2X8Zu3zj0W1jOKk8hC5iw8XZqevhNhnQ4XlMIRIhZsLmWXkimAuYpPWTHQBhqm2KK7dECyZqTugH8yBH8o9cHdVFiJmQMg543ZfByMM66p6r7+AWmqP2ICtlyKxOTEkZpeSvD9C5UESSd3MLNjX8avSoVQ/O8pnGEZmK6OZo6XM62+BePvy/2Tk3jG1lGyaJ6J6WwoaCTE0YYAVyZo+XKjOPdcNPxozDg==
+comcast.		86400	IN	NSEC	commbank. NS DS RRSIG NSEC
+comcast.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hs2O2Znl0wMRHCrVS8ZV+MFOMUd30MzOhy+vAse3QcbFOvC59fIPLPqkBTmgtjkBhsiQWGngLEN/qtNFpeEVCAYoevOqG1I2FbVJGb/rNLMcqMyP3SvUbkrP+6hseRUN4fXTMZBi6T8n/d0j7kiVwls2bd7/2HmSohJopXGqZ50KcM7YAQhtwnBc4s+lbtPetcSqsbwkK8d5d8EQtakbHXhXZrPaVQzdh5P1u+0q2Ahj1UGhYZkw0B7gqWHNEpPtlrA+siBwrxI4YD8fDmqIjn7S9PaamPtzYROMp4AZtxeIvcotNY33qGs8cv7aPwsKxaRaHfuNDfdhYIaJvMrnIQ==
+dns1.nic.comcast.	172800	IN	A	213.248.219.6
+dns1.nic.comcast.	172800	IN	AAAA	2a01:618:403:0:0:0:0:6
+dns2.nic.comcast.	172800	IN	A	103.49.83.6
+dns2.nic.comcast.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:6
+dns3.nic.comcast.	172800	IN	A	213.248.223.6
+dns3.nic.comcast.	172800	IN	AAAA	2a01:618:407:0:0:0:0:6
+dns4.nic.comcast.	172800	IN	A	43.230.51.6
+dns4.nic.comcast.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:6
+dnsa.nic.comcast.	172800	IN	A	156.154.100.3
+dnsa.nic.comcast.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.comcast.	172800	IN	A	156.154.101.3
+dnsb.nic.comcast.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.comcast.	172800	IN	A	156.154.102.3
+dnsc.nic.comcast.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.comcast.	172800	IN	A	156.154.103.3
+dnsd.nic.comcast.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+commbank.		172800	IN	NS	a.nic.commbank.
+commbank.		172800	IN	NS	b.nic.commbank.
+commbank.		172800	IN	NS	c.nic.commbank.
+commbank.		172800	IN	NS	d.nic.commbank.
+commbank.		86400	IN	DS	25681 8 2 CCB3F1BCFD33D277ECE719B8AAD64A84B6722C4A46235605F3DF06D435F59B6D
+commbank.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UFzjmiK/NtPNqttzdBif7wNJAytH9Rp4MM0nn19LIY9ATdmtP771hyRQ9JIHbB7bKUy29kULN+FlLmmzrFlW4Joe90t/etU1lJ5JmL6BggCl78u25wpayznQUciPd4XhlTA2hqmX4HyoHJQAGKcJoW0IQahUOpVRbXyx4Eza4eT9pWi3sz+Lkn3uNbjlZWIqmKDDhIjdNQ5pD2Z73oY4YZo5p/Xj7LlAB91B4MN/IrMWgxg4sz3gCxBG8IugdH6dnzYryA0HiEv6sv1SmhtIOwwS5jORbb47Hb/N7bEhxuxi3qiX+eziZ+S7jrEOVC9JhE4ILciI3OZw/9Iym8fZVQ==
+commbank.		86400	IN	NSEC	community. NS DS RRSIG NSEC
+commbank.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GuGuIWXLf6V779PTHAwvUqn+l8MLtJ8dV1m6Qyih1eRocTCr/aYxGwOTgdygtBukenjW5JnAivtEBwZc8FPh8piptlwMk+WjuOYvAF0aOL88oO50Bz3n1w6rdXkK7jpDh3Jtkz91rBVrg445gpnGt599t6rBYaFFO/tbMAUwRTFRde+u4XA5vTMTSxpQQpkiG5EXFSZ86TVYg/RNUqQ80/TtoKyHqoPEqqicwixm+ZKZYTHCE8RoODvTQ84f+4zivkYZphiEYJkF4eF2P2ZQvrG2DaZdDFLhJ50gbVRMQT67TvukdC60HNUSwuy6IU3AngQ+HElDAF0+psnc/O0/Rg==
+a.nic.commbank.		172800	IN	A	37.209.192.9
+a.nic.commbank.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.commbank.		172800	IN	A	37.209.194.9
+b.nic.commbank.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.commbank.		172800	IN	A	37.209.196.9
+c.nic.commbank.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+d.nic.commbank.		172800	IN	A	37.209.198.9
+d.nic.commbank.		172800	IN	AAAA	2001:dcd:4:0:0:0:0:9
+community.		172800	IN	NS	v0n0.nic.community.
+community.		172800	IN	NS	v0n1.nic.community.
+community.		172800	IN	NS	v0n2.nic.community.
+community.		172800	IN	NS	v0n3.nic.community.
+community.		172800	IN	NS	v2n0.nic.community.
+community.		172800	IN	NS	v2n1.nic.community.
+community.		86400	IN	DS	41077 8 2 F9EFF79788BF6867B89D159CE55ACB532F65A3A8CD50A49A1A298EBE08384D7D
+community.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JEyPk0vK12toqLMNuMciTZ49hWDmhGlCt7IDcFaoFwbri3deMOCPqY/iAIvBDYeVKJ52N83uLBn6C6F0OuMp4ru6crt1w10Lu1zV0TnYEewtgxqhtmcWRgOQc/Um7MN/7rVVlH4KSDrZES9c4m2CgVtc1yEQmS6xBUoB+xCH3mN4V/2n3FXNZE68hKWoAPXmswDNnTo0sbEG5/38ZSh0FOV1DFbZx+f25fZvYIaQDIUQu6lNTQJ0+fKCpH1quH9SxU59YaVswrmCPJkS/qxkJC8lfnk208jgF18M+Jd8zpaF1SpNaYjCQhkgZFB1B6lZOQOWboM2ax+7juYTd8UZHg==
+community.		86400	IN	NSEC	company. NS DS RRSIG NSEC
+community.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aG6DhFrwJBaYxglZmvYve0AQZQJHI4WvS7RAxgv+XbZp9I80gINDTV70roi1TFBOhOEBAn7jVwr6dHukUtRHFSDGm0q2Em7FeMCeZaJ/vsKO+1Adgu4+aeglO4LyJlgbb1fG592NKZtIQU/rJu/N1TA80JNxbaFD8amMAXKS/zG2XxU51orb1W6zsBMHDPUpI51Pvxkt2viwhWvXcM0fclc8F6ONromPcgXuHrEMZjIKcAMqcQ8qcILJyDc9x5HeDvvvHJSHLLTzQqSrFtVPXOP2zfHSlD2dw8OFLIwl5yEsA+RTZj+rMNx8EyPT71rzpvMW6n6stsfy+XioLPrlnQ==
+v0n0.nic.community.	172800	IN	A	65.22.24.10
+v0n0.nic.community.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:10
+v0n1.nic.community.	172800	IN	A	65.22.25.10
+v0n1.nic.community.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:10
+v0n2.nic.community.	172800	IN	A	65.22.26.10
+v0n2.nic.community.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:10
+v0n3.nic.community.	172800	IN	A	161.232.12.10
+v0n3.nic.community.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:10
+v2n0.nic.community.	172800	IN	A	65.22.27.10
+v2n0.nic.community.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:10
+v2n1.nic.community.	172800	IN	A	161.232.13.10
+v2n1.nic.community.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:10
+company.		172800	IN	NS	v0n0.nic.company.
+company.		172800	IN	NS	v0n1.nic.company.
+company.		172800	IN	NS	v0n2.nic.company.
+company.		172800	IN	NS	v0n3.nic.company.
+company.		172800	IN	NS	v2n0.nic.company.
+company.		172800	IN	NS	v2n1.nic.company.
+company.		86400	IN	DS	11266 8 2 CA9EA07E5EF40B031C8B7CE22D30076665054333B8D56B2979C481DF8CB5F983
+company.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F3c9KbEzZkQbMO50s4Bg7NifLbTNlzv+Ad5mqS1JqWs1LBJh6GC5Gxod9dGBlL0ydU8+nP28SJSfKc2ZTmOf0HlqdcmvtyfUnsf0NBxaiRPRHFkSd9x0lKLT+ghWHCa3CEc/7p7a+xfvJw5XOeNxFA/bMi3REfnLiCu571jYN+cBkxXh1E4U4HxJU8O+xEqeMR+UrDDbQLJ3xP9iD9ZWb4EHG3M3sfCJp3xFk4IW0E18MYiKKd/HNB9Ewy8eso2UusmNIgj5DDgA5fQWaI/K0oEhFKK4sX3i1O9Uf4i/BaKcq3PIkupDB47LhIiG5ThfaVQdniOaCVKU8+3zzMEeQw==
+company.		86400	IN	NSEC	compare. NS DS RRSIG NSEC
+company.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . n1LRgcCnEksv9SFJvrI1pXtaGbDYXOX+VDS47WRpHd3CBlbgT0VO+1HL7/plVMCgNneKlRYugVK1xbVgiP66L4x5cuKGKy6MBo1R80ND6x+ROFWSbDVcwAEAR07d/hlWFiuX0B2kGUg6kSw1AcvL/DgNDwkvWS0NDMRM7bIid7Ep3HQ2VHa/YPYos5XGeySazGvY2eOdOhpw5zezBCOUbyTmi8KhmaAMguYJtKSiGBlcBPH0vndkkBhs6gE+jIDmIQc324pY93Vvq8E/81QPkXYbV6VeBokJBllZ5HBT+9BBGPzLeZk1do5MRIXeW+32fvgn+z0trIbP5Eo7dxf6EQ==
+v0n0.nic.company.	172800	IN	A	65.22.24.36
+v0n0.nic.company.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:36
+v0n1.nic.company.	172800	IN	A	65.22.25.36
+v0n1.nic.company.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:36
+v0n2.nic.company.	172800	IN	A	65.22.26.36
+v0n2.nic.company.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:36
+v0n3.nic.company.	172800	IN	A	161.232.12.36
+v0n3.nic.company.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:36
+v2n0.nic.company.	172800	IN	A	65.22.27.36
+v2n0.nic.company.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:36
+v2n1.nic.company.	172800	IN	A	161.232.13.36
+v2n1.nic.company.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:36
+compare.		172800	IN	NS	a.nic.compare.
+compare.		172800	IN	NS	b.nic.compare.
+compare.		172800	IN	NS	c.nic.compare.
+compare.		172800	IN	NS	x.nic.compare.
+compare.		172800	IN	NS	y.nic.compare.
+compare.		172800	IN	NS	z.nic.compare.
+compare.		86400	IN	DS	12634 8 2 40C8DBBA65AC7385A2DD35E299EE6010D850197DD7A438DCCAC7D13C2D32D953
+compare.		86400	IN	DS	27319 8 2 3B57AC3D5396B250896E78B988F741BEACF93733DAF02048F86763AEA3272445
+compare.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bAk/8bY6Y4jZESBuKhXpozjdIy60vrYTOPIB3ZztP5Xo60ZqPHiQEIC1I2H3BWDoy4KnsQQ7PxwcWsGHzzKaBXVPmtZsu35ygdN+ZUlkpBr13wQn/qdWIEfyU9M2sA2j5CO49Nr6P17MD4f40G4jdwG4tAfYueHZkv91kLrgC8wtO29wgmVnTYy4RO/95tPfDxoadZxYWrX4deFF/TRjesSy8I5WJSwAwhtuuzKjmTp+WPI1Rt8G4APhBs1ZHA8epe7UALJTy9/YsOVPVF3sbjSW+G2oeZVVat6l+2p3+ZNnHeK5+vKxSxM56SKZj8HWjLmKo6XIYdn72A8By93qYA==
+compare.		86400	IN	NSEC	computer. NS DS RRSIG NSEC
+compare.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kjJLHhTM0qD3195bP6jX0xdiVlVYxVlh5S20SlnsyjGPn87j631UQlDNUd1MTLdY83qmC5WOuAcByRIFqwEW+xM6pu+B5Izi7dlKQhfhn0sFMVGnEM/fFCCi3GRoVa7sPWRYfw6rVeb52jHQwrp+RDZ7D3GGedlIzw6pYvVTqgUAkXGgh0viqycBw2r60R9W/F1w1laeRzj4A8O4xc/mR1l08TO7dKqI8eCTFYTrZ81dVuqm9oW2Bnn5khYEOIcGf0lQrtz3hXSAbR8T1Cc9gCujsGtPsuBlY2uAmrfa11owvtOkuJpb3KfFXxIIjNXrHAzJWIPNLoviRbqqNnvCDA==
+a.nic.compare.		172800	IN	A	37.209.192.9
+a.nic.compare.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.compare.		172800	IN	A	37.209.194.9
+b.nic.compare.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.compare.		172800	IN	A	37.209.196.9
+c.nic.compare.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.compare.		172800	IN	A	156.154.172.82
+x.nic.compare.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.compare.		172800	IN	A	156.154.173.82
+y.nic.compare.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.compare.		172800	IN	A	156.154.174.82
+z.nic.compare.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+computer.		172800	IN	NS	v0n0.nic.computer.
+computer.		172800	IN	NS	v0n1.nic.computer.
+computer.		172800	IN	NS	v0n2.nic.computer.
+computer.		172800	IN	NS	v0n3.nic.computer.
+computer.		172800	IN	NS	v2n0.nic.computer.
+computer.		172800	IN	NS	v2n1.nic.computer.
+computer.		86400	IN	DS	29629 8 2 49C52C30C178F8CF305CFE47ED6B6FAEC79E6200AB71B74DD1BFE4B2A9253438
+computer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VpQDc37F1Q5Oq4nfsb2tCVkyNRm2q2kkMng70y8Hcbd74vYnIB1h4m6TcmwVFfKiqZicyozl7z8l59GfDxY7QRsz5VNfNKpPwtyx7JPzkw6SkIHHBS2F5T0zqoSLc1jCtVZFmyuqwmaIjjwxG0UtJzzMsfFj/08pt+NHVOauDxKeEw74ECfVZHy1c8fGvd/8MDsdZAyilf1u6/YrVSOr75qadgEanVb4qmcLBNpX7K5t7qKnhkgLb112vV/NvrAbwfPFTjBCXYbj/eW4eqHRnM8yTQW+4+awaavKxXsIJLRsWtD3NL6LqRieNzj3zzAkBYpqNClWfKWbDafyt40jVg==
+computer.		86400	IN	NSEC	comsec. NS DS RRSIG NSEC
+computer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . P0Q6yTqDFlwk58C4fDKy3zX8b6hg8NbvwEdlVeWn/mmRQGXYnJ3O4hF4sum4xJiPUyU0sH4qnRH0OfSDKnnXsCHwLuXc7VkB9Sc9T46rd6H3gn9wnUmaZhfrL4xDLaKsvM4SxyXMPslsNuESxD9dDjkn2HAaBweV0mPbroBpBHpFscigG09b5g/9RC3ZQoZ0+84D7o3T/A5SZRY3ZHn12IYqOU/6HpCaLxj2CDLOj96KsGXzEh6StHcjCVLA1+wU+v9salO987Fa/3iIGI/tdV3hVQYrc3PcwxuAJUHiMOd5IfnW6pGMyPj+AD4dVJ+x96DnvWS8yjDy+k5cPG0Xfw==
+v0n0.nic.computer.	172800	IN	A	65.22.28.19
+v0n0.nic.computer.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:19
+v0n1.nic.computer.	172800	IN	A	65.22.29.19
+v0n1.nic.computer.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:19
+v0n2.nic.computer.	172800	IN	A	65.22.30.19
+v0n2.nic.computer.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:19
+v0n3.nic.computer.	172800	IN	A	161.232.14.19
+v0n3.nic.computer.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:19
+v2n0.nic.computer.	172800	IN	A	65.22.31.19
+v2n0.nic.computer.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:19
+v2n1.nic.computer.	172800	IN	A	161.232.15.19
+v2n1.nic.computer.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:19
+comsec.			172800	IN	NS	ac1.nstld.com.
+comsec.			172800	IN	NS	ac2.nstld.com.
+comsec.			172800	IN	NS	ac3.nstld.com.
+comsec.			172800	IN	NS	ac4.nstld.com.
+comsec.			86400	IN	DS	34356 8 2 690FA5ECE1031BE50DDD9AC71D413546CB3D1F3D9914563C0B8C32E53F491B32
+comsec.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tu2c1tqSRxIo9y2wOduRfHIrwGILYjO5A+uqDk8MSV7J88hxxnuqQBymI9l0KZrdz84hgR+wNoarYPNuglI3Km/zz1oACl3FuRkV1plqNS6VfzgqIZGWO7J3Yi7cG06/fTkRGQYl4iHiG/g/CVVzcJ1X6RjS0XWpUKE6FLBjmyFE/XAk+lzwsG2JWXjkDYv29WF8lq8HqQIQYlXcrjKRPMm+/ml236bnoZ9JPfaDk2cxRjSfJW6Zbj8UtcRY+BrC5lR0+KiJ7MgiuWfpIqxr36XdSCT/Seom+6BtgqmzzefI84VXy8ryBkI7ss3oI95G9vZ8AFQX1q3AvNnmf7VEMA==
+comsec.			86400	IN	NSEC	condos. NS DS RRSIG NSEC
+comsec.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eOxgziH9Auxjzw8TMz2phxph9Y+xUQlcC6C7H7HRM/EAbCdg64KI1XWNKABXo9z+j0QGlPiZ9nfpR+bmMFPGkwGdMsQciXCxM+HCFhaqIhD0A/48QgPUQpj4MI0pQcbW4eyheTjXDsSk8qDp3mS2PmQ+qvg93GjUzmFv7MQxC7XxI5XN6fIRgVRVNeXZx1hgnt7kFo/sPFBAuqZrmuGP432NkQrV1jfwLvWvzU53IQym9vJgHS/380P7Khf3N89v+0f4QANttwa7Tq0Yk6BWrbTP2QpJy7DhadcZAiKdM0YpQjWyidBj0VhXq6lNUWrBjkJw/nASpy/JBqUyZRv0Ew==
+condos.			172800	IN	NS	v0n0.nic.condos.
+condos.			172800	IN	NS	v0n1.nic.condos.
+condos.			172800	IN	NS	v0n2.nic.condos.
+condos.			172800	IN	NS	v0n3.nic.condos.
+condos.			172800	IN	NS	v2n0.nic.condos.
+condos.			172800	IN	NS	v2n1.nic.condos.
+condos.			86400	IN	DS	19774 8 2 71B1FDAD0A762CEA8A5B132165BC53355873C05623B8E093F03B30E0117BC757
+condos.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FnUCD7tZ+zdNEMPdLVnDluxML3S69LptnJU8T7hCjxi4emF0M2EnuFG9GldJrUkqeuCCgFTCkXvWGFYEFe+i/ceZ7R9wXEihF1PdwHA5OeK0E8xfDeou6hNzsrr6xGGeK4TZyr2xULNtXJx2DWKKlanrXoq3u1NmYDEhm6Vbjthlnd3tCQELxFUgU3lwvWD9FxFdUZaz8KKSXj1SHClNsnQY4Bt21kw0rdhzJp7jnX7skRsX4uHaT8m2Xy8tjBVbai2IUBi6GmEIQ0P4TJ7c/lEK/+H11w4pWNRkWwnritRkVwb57Occfl0/sZCwKPYb9YAq0kVOYX5CcCV4TVs6AQ==
+condos.			86400	IN	NSEC	construction. NS DS RRSIG NSEC
+condos.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KbY3TIgdcwAM3JLizVwCWLzQzWaOa7/9+92m+4mwUHqVoUk6v9GjqOhkfNIhIU9vZ59Sjw47ho/FwS7qckO8EttP8nwTORWT2qTbO2TXQJLcaqoD6ztHIXZeuVdPFHROjhJkPoe9MdXkL3JM2MbMuKzoNc8OE6+7ohQzezy+hnQD7LYd0IwvPXwWgEy3XTRXraFHTTM5n1wUZv16+/Gm6wUziqst4iVS4SrXhCsjFGNM07DtxotaL8PRKZkbpIkU5GHk0H4aSEo0Q74NtmvZoAR8j7qRpLXEbZBTJUbGzmYnsT4C0u+343ON5owCht166+MuAJkUnOrseAeO3rK+ag==
+v0n0.nic.condos.	172800	IN	A	65.22.20.63
+v0n0.nic.condos.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:63
+v0n1.nic.condos.	172800	IN	A	65.22.21.63
+v0n1.nic.condos.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:63
+v0n2.nic.condos.	172800	IN	A	65.22.22.63
+v0n2.nic.condos.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:63
+v0n3.nic.condos.	172800	IN	A	161.232.10.63
+v0n3.nic.condos.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:63
+v2n0.nic.condos.	172800	IN	A	65.22.23.63
+v2n0.nic.condos.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:63
+v2n1.nic.condos.	172800	IN	A	161.232.11.63
+v2n1.nic.condos.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:63
+construction.		172800	IN	NS	v0n0.nic.construction.
+construction.		172800	IN	NS	v0n1.nic.construction.
+construction.		172800	IN	NS	v0n2.nic.construction.
+construction.		172800	IN	NS	v0n3.nic.construction.
+construction.		172800	IN	NS	v2n0.nic.construction.
+construction.		172800	IN	NS	v2n1.nic.construction.
+construction.		86400	IN	DS	64792 8 2 810C9892AE0CEF123C2AB4B09A8BF2547BEBA98819E21B5698032E9026E5FAF7
+construction.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1wXlXdSz1/JGgypZx0afm8f9mv0a/GZSR7KsIGVHjFy9fmRRf1tI7qrltWJjMWXCPxRt2kraA3XmJd7qZ98WKqIjV8Ru+PFA2DeG0pSPKNXq+oxZ44kTuFmMXN4cgAhnupBa0EM37xt2XengoMYsdIm2XmXnSOKiRp0/64j4nQC1fTWqrtElBvllb6JL3Req465Sj21/9lVjcL8IgD/N0afFkS+KegZCKSoNJxzChN6mGXYShcBJDEFg4nYC7SvYg9/WPHUE5nv2JPTm1GrfqxoTOzXN6cIK43b/ahlaf+VjrQhXOSGCD3GsKRqlXzrCGCsE5lkz/QcfAgywKcJ0JA==
+construction.		86400	IN	NSEC	consulting. NS DS RRSIG NSEC
+construction.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . enrjck3bB0bUcbCs4jEgurLFxNFKLtm0Zk5r50E0Ltf8aTk0TO0pZSwLDhSR/wnRYnLwXhoSW0MVh5RepNBMLM7XfwJzRjEdEIc81r+aeZHk0wQVj+VTkkwM1kCtX4VMdC5y+guTZg8bXxWJ97vHSQtjIblsxfa0pPGOvs7pw8i21dqBaZfnOJ8IeNKNDj9gM3vsHVyGbS99R+7nDEHmgwEi4qiEb+CAoCby3d9XjyVC/SZsYrlxNgH2cyDF9gb35Lv3pv6KJQHACLGeAg9bSU4Nco86GNLdtMRvHtekcdqFha4Y8k91THh4kfRctNGnaPPaB+2DbB6gf1CfT0WWqQ==
+v0n0.nic.construction.	172800	IN	A	65.22.20.50
+v0n0.nic.construction.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:50
+v0n1.nic.construction.	172800	IN	A	65.22.21.50
+v0n1.nic.construction.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:50
+v0n2.nic.construction.	172800	IN	A	65.22.22.50
+v0n2.nic.construction.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:50
+v0n3.nic.construction.	172800	IN	A	161.232.10.50
+v0n3.nic.construction.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:50
+v2n0.nic.construction.	172800	IN	A	65.22.23.50
+v2n0.nic.construction.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:50
+v2n1.nic.construction.	172800	IN	A	161.232.11.50
+v2n1.nic.construction.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:50
+consulting.		172800	IN	NS	v0n0.nic.consulting.
+consulting.		172800	IN	NS	v0n1.nic.consulting.
+consulting.		172800	IN	NS	v0n2.nic.consulting.
+consulting.		172800	IN	NS	v0n3.nic.consulting.
+consulting.		172800	IN	NS	v2n0.nic.consulting.
+consulting.		172800	IN	NS	v2n1.nic.consulting.
+consulting.		86400	IN	DS	62590 8 2 D5E3B9150E958295E81D8760002FF9E5CFFD91F95903581E648465A2ABCBE2F0
+consulting.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XynNRv4mBPuwoVaSgy1n6kcGmpo2pFKp7V1mkETl1Wi1PwjB1jes4t8ewUv44hxZGCYCZKHF+tMWKA1cJqsGMJaNGnsSJq/zjlrZtKlS8nGgwvF9D8aAzSyAnYj70hGtyJNIjO58QRgIIP7fzqGEH+EsJ6lCHBIkaWUOM6sYRav4jljUpQ4iKkirTXW5YPCWz0a/TLnYlTV4/EGaf4BWgTxBXrpx/ScaDbUt9C3sYlwY2FFKYp35i3kWA3OliwhEbGko1adsa9GOOvd9SZWqX8oXFoNGGHqzaM6ZcHx5PPQ0CNzr7YJCCswD+T5uRdQ45JD43behB2ClxyYXRMSCjg==
+consulting.		86400	IN	NSEC	contact. NS DS RRSIG NSEC
+consulting.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uVfK12k6NV2V1KeCoeMrtQbMh/0bDzUwVoKEuRuUeEatanWvtjekMppMwQ9+09pxehR+ySHvDN2gdhCtw1yWKhmENQbEt9APSmJEeXkQhcM3uF0YevzYw8q7rsmSTlsOH63CtKkeiZlB0nbKF6FhUnm7NccvZxNkEFvagpFgQJ92QaupqlK4gCsDIDHWii5MDoJiqzxI1zDFv1lFHXaeQzPSBN3wPn1VA15M6wbSfWKjKMG1LBBU7e7YYOKQdUxn+9r0HqLHywaWC5SQWLNCj/KQC7NJjNuvVmvWQbMbKBc5O8aSFmmqPV0jL/coAJ7fP6+vPcQKfG6ic5TdDsw6Hg==
+v0n0.nic.consulting.	172800	IN	A	65.22.24.65
+v0n0.nic.consulting.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:65
+v0n1.nic.consulting.	172800	IN	A	65.22.25.65
+v0n1.nic.consulting.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:65
+v0n2.nic.consulting.	172800	IN	A	65.22.26.65
+v0n2.nic.consulting.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:65
+v0n3.nic.consulting.	172800	IN	A	161.232.12.65
+v0n3.nic.consulting.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:65
+v2n0.nic.consulting.	172800	IN	A	65.22.27.65
+v2n0.nic.consulting.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:65
+v2n1.nic.consulting.	172800	IN	A	161.232.13.65
+v2n1.nic.consulting.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:65
+contact.		172800	IN	NS	v0n0.nic.contact.
+contact.		172800	IN	NS	v0n1.nic.contact.
+contact.		172800	IN	NS	v0n2.nic.contact.
+contact.		172800	IN	NS	v0n3.nic.contact.
+contact.		172800	IN	NS	v2n0.nic.contact.
+contact.		172800	IN	NS	v2n1.nic.contact.
+contact.		86400	IN	DS	53062 8 2 222B955DB8B21EE60995CCA8DE45627D6E0156627453FEC444EF6C57339E8375
+contact.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fWWlFFtdvKhL+l7vUbRT8hQ7xTbeXLqCpjW/02T6QwVSzZNBWZ6VixCK4WDmVklbogkAIztMBMPIFwwLJoeN8tgrFbn4VLmtqBZDipvr4HJAJWr2NOz4ZTJeNX3MjaThcNWL11KHvD4nLr/TeSE5AbU+ZAvys06KAFQJoJit08RIWypW2dxLekDFW7/YapmgNfa5HthTO0oGONcgs1KxdLboKqDmFJZwu4qRrK/rOh3XVTOZ5WoDmpCkvczrqRWPuXKLNDIEE8HyhabkLZamClmTsPUw6hEzeoy8hfrHFGYNDW3bWntvD7ZqOL5Z6vVcvzBxqvgS3Fp9vXb4N5NfxQ==
+contact.		86400	IN	NSEC	contractors. NS DS RRSIG NSEC
+contact.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1c3tK40C3cxO/SkXOXzLfeM9jMY8L/cIWJ4bNwDirGJNy5/9dHAG7RvCutqJPI0r0Obu9xNA5ZRAUBNYcuK+HWf/Xgw0ekHfaw6krYBZseFjFUJul+bEe5ug2oEFXYrYFn+oBkooJScxOQtlIqM3Jj+e7eE8RY7N3vscG6gpe09rOv+L0nx8/t8NRVzkEd4o5zEhZhgXvthR61jqQBbUP7sESYjb0kdXvkNsJhPNjXLXbdhoBaU+LfXXYxBrJ21trokdzF2+46jlKGtTmGc6sguBRmNVJO9/oQeRaSUS+tBzSF/3VT70tNZ/wR9v7kot0rFk6HPlvpSTCOdZdfDYHQ==
+v0n0.nic.contact.	172800	IN	A	65.22.24.34
+v0n0.nic.contact.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:34
+v0n1.nic.contact.	172800	IN	A	65.22.25.34
+v0n1.nic.contact.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:34
+v0n2.nic.contact.	172800	IN	A	65.22.26.34
+v0n2.nic.contact.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:34
+v0n3.nic.contact.	172800	IN	A	161.232.12.34
+v0n3.nic.contact.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:34
+v2n0.nic.contact.	172800	IN	A	65.22.27.34
+v2n0.nic.contact.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:34
+v2n1.nic.contact.	172800	IN	A	161.232.13.34
+v2n1.nic.contact.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:34
+contractors.		172800	IN	NS	v0n0.nic.contractors.
+contractors.		172800	IN	NS	v0n1.nic.contractors.
+contractors.		172800	IN	NS	v0n2.nic.contractors.
+contractors.		172800	IN	NS	v0n3.nic.contractors.
+contractors.		172800	IN	NS	v2n0.nic.contractors.
+contractors.		172800	IN	NS	v2n1.nic.contractors.
+contractors.		86400	IN	DS	20974 8 2 CCE032DCFD77C2F610E6EC3616944F62054504247EF87827D63A4CAF9C3047D5
+contractors.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qkMErrbGkUReEfR3G5onG9Z6ooia04pOjACHMF1BSA/1hBmK8tzzcm5lynrdmRL7xG3upskhSawxwOd0V4creZALxqwynxpM+riC+PNRrdk2qmLL+5sRZal6KbOn8Ml79epTGsgiVWdivc0wvtc9mJ8m5zPHwNm4mmWtNmBZogzE++RrxTQhBraf4Bykb9Zez4f6Fpie05wyoHQxUCWz5o6PE5B1C41fl8k6qSiAR3oNtEReBE3iZnVYifbzIZVd/FWrAgYHLCar3mmgH6jXY34fjGLTzH2g7faBp45czGIcuOQKbpLz1QaqX81bdcaVn0CcQTbUO/ZK4hgbZiz6ww==
+contractors.		86400	IN	NSEC	cooking. NS DS RRSIG NSEC
+contractors.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y4iFRgF0+gmPNGpIjtXtil9rDu8PdvebH8Mwgl2fXfv0F9bkfvhQ3LGGkFjssYWwogLzpc65RVVHpGjhMjCBFQR1dAlcI9PdJ95Pu9amXX8a2tBYpjgSTLEfOkaLXPiGtEP24GqWj6azGFovf/CtIrUFBAQrA5GM24j4S4BIs1vgx8fdI2qwY9OsZqZz9Oa/vcNYhh32kdaOA/q6UVKQSsgYSjJH8NnocGhix6x13/cCLnGCRNtpw2A195SdCwFU8XJeU1uffHa5BvHQEfR5D9NkSsQ0EsSkyM7qJaAa5kcePXPEYoVxfNxaCu2vpsN/vp25meO9pU7NrniMEX/TNQ==
+v0n0.nic.contractors.	172800	IN	A	65.22.24.56
+v0n0.nic.contractors.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:56
+v0n1.nic.contractors.	172800	IN	A	65.22.25.56
+v0n1.nic.contractors.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:56
+v0n2.nic.contractors.	172800	IN	A	65.22.26.56
+v0n2.nic.contractors.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:56
+v0n3.nic.contractors.	172800	IN	A	161.232.12.56
+v0n3.nic.contractors.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:56
+v2n0.nic.contractors.	172800	IN	A	65.22.27.56
+v2n0.nic.contractors.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:56
+v2n1.nic.contractors.	172800	IN	A	161.232.13.56
+v2n1.nic.contractors.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:56
+cooking.		172800	IN	NS	a.nic.cooking.
+cooking.		172800	IN	NS	b.nic.cooking.
+cooking.		172800	IN	NS	c.nic.cooking.
+cooking.		172800	IN	NS	x.nic.cooking.
+cooking.		172800	IN	NS	y.nic.cooking.
+cooking.		172800	IN	NS	z.nic.cooking.
+cooking.		86400	IN	DS	19084 8 2 1EBFD6587779A23692ABF0AF38F79AB41282E544AB54F04A6C07168523234587
+cooking.		86400	IN	DS	28069 8 2 CE234A5239CC651D9613917E4D5D4795EA8A0C7A63DB0C3AE69BB5FA6CABA352
+cooking.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RKnphI/mffZ/LYloOc9QXopyq0gyn5YCvqn1W+QdbYEKaZ0J4ppKFmQmyD5MyU0DH3GlJaH8sHoG1ZFj/KPz6VqFlAPWcN8MNhVJ4+3UKNGy36tiSeDwshP1IPiGo2T7Qoz0FqDs6o+g7hht5lwX/Os6Q+p6xs7yqOXT42u1FDLMwyXY/TchI0iuMx0DnTxxHcZCB/ZcGZeae2Uu3FigGTohZH96/R42sgl3ngos1x0KWmnMehQUjf1klMomVoMcpdBqnFAQ7yVI2y8w8MeeTzN0pgU8AR7qTvtCFsIwFtUmllUKRjSzjbRiIl2W0iEoGEjF8OcO9nl8u1M/hSykwg==
+cooking.		86400	IN	NSEC	cool. NS DS RRSIG NSEC
+cooking.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fvEpdslCUXIyzxtM7giRfMpKI2bGoczaP/rFlBf3lDlgHtHj0z24buJ7ICLmi/mEJ7Iq6Ytaf9KkpWQOP8+hBcErU1x5vJWtvexwAFqLpV1vM/qM0Tt2iavpyJ0B5q9Gvl8BAyYKdv2EIVCbi8CSikr90bdMSM6MYYH3abzKxStje9YlpgQSuce+QCLeVwr/1OLNa+vITnh+wHYYJMPfePcZDMeG4AElpjw1eoik4lKV4fopQDHgO0Nbmz+fdrXw7xlsTzO/VpxgUzBRqYkfmu8q7Y8ujxc+volGw+sRizkGrreEEwThAdbdPVlMSliGyAB28+J62QMVlIJw/05wTw==
+a.nic.cooking.		172800	IN	A	37.209.192.10
+a.nic.cooking.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.cooking.		172800	IN	A	37.209.194.10
+b.nic.cooking.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.cooking.		172800	IN	A	37.209.196.10
+c.nic.cooking.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.cooking.		172800	IN	A	156.154.172.82
+x.nic.cooking.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.cooking.		172800	IN	A	156.154.173.82
+y.nic.cooking.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.cooking.		172800	IN	A	156.154.174.82
+z.nic.cooking.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+cool.			172800	IN	NS	v0n0.nic.cool.
+cool.			172800	IN	NS	v0n1.nic.cool.
+cool.			172800	IN	NS	v0n2.nic.cool.
+cool.			172800	IN	NS	v0n3.nic.cool.
+cool.			172800	IN	NS	v2n0.nic.cool.
+cool.			172800	IN	NS	v2n1.nic.cool.
+cool.			86400	IN	DS	62176 8 2 96734F338D4E0324B2D2D4749966FD092409783EC337BAB67574D72BCAB7C19E
+cool.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Rm76uwXki02k2EB46zU6SOiaceY7t+Yjl71PohAxTiexU8FjxRyXPP2GJ3YzUQSQNmH4XbAQDFNAC7Pg/iN3SzQ4jNYaFF8ZY9ZKljdN6CDqUKBs5vfSQ9XzcrucOn1R3c7LqsLaHdQFfieGYOrxEJM8KRFFh1P7jwt/NZsIM/4PBSb111mByszTa3kFcThIqvEGywQRAXsefG0FqLTXla5Z47RgepB0vXT5Tujn/GZUvbAF79o5XPsYdaWBtjn/huKhN3Tw0pxDxWDeagjgFTUWlYsOFTs7TJgHFT/Um9iOzZ6Qdud2by167JtO0eooeVmkmZVrkZhgf3piKkdvzQ==
+cool.			86400	IN	NSEC	coop. NS DS RRSIG NSEC
+cool.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nScVUHEBue30QTA+gBhqc+Nvfsps5sDlSTdQl8BLehBRunMYI98233qChkehecf4xSMKQxdAwErdRo6fhFdq2f3Ou+SI9PKQXLC9acUJvo7fNfazUt/cRP4mqZaZXzxHoDZ80p6bVgoVt3M4jXeiyQet7boxBrh3jblW8PLcuPq18Zpg4768WPXTdGy3Hr742wCAarzC1L+dVcT+Huvuc0BgbINe3lNhv0zRevbyV0yAJkE6ejxvBOgaJCFeDXRtDZJ5x39Rpzq3el9FFU0tuS9Z9OaxGz/7VC//FNoJHZyCHRhSVpbsWIl95h9PUxymOee7dBaLo95L7uJx1xjT1w==
+v0n0.nic.cool.		172800	IN	A	65.22.24.38
+v0n0.nic.cool.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:38
+v0n1.nic.cool.		172800	IN	A	65.22.25.38
+v0n1.nic.cool.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:38
+v0n2.nic.cool.		172800	IN	A	65.22.26.38
+v0n2.nic.cool.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:38
+v0n3.nic.cool.		172800	IN	A	161.232.12.38
+v0n3.nic.cool.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:38
+v2n0.nic.cool.		172800	IN	A	65.22.27.38
+v2n0.nic.cool.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:38
+v2n1.nic.cool.		172800	IN	A	161.232.13.38
+v2n1.nic.cool.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:38
+coop.			172800	IN	NS	ns1.uniregistry.net.
+coop.			172800	IN	NS	ns2.uniregistry.info.
+coop.			172800	IN	NS	ns3.uniregistry.net.
+coop.			172800	IN	NS	ns4.uniregistry.info.
+coop.			86400	IN	DS	39183 13 2 FD71E26868BF7F277DFA0800AA6F51E12E00C8B61841B35DAAE12CD86A34606F
+coop.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0lMpgVEgcnhkcDBoYi360+fs/j6lOXXfkYcOcYR7CAGqciAydUPsKy9ay8oWwxOVMmGyaPG/N2gvw26MGU0fXXxIprO9z+CWoQLGu/REc15DVh1AMY5GKTCphItp5Eaicvf+NhPZwrNXyWCJ6fsnq40iSnz48oBnMzBmvIWQekAYwZ4EkvvpzSmVGqyK28cFYIjPX46WeWoqL/Uo3ZqYSCz7PHLtDkETJ72kegA3ATNB6Qif9oAi0Y1umjq3rbk6K7pNhOWGHlvLPplA4ZzNrFQAd9mtU+x4O/pt4AI1z1T/hkT43mZ5/rjWNao9W1VmCN9vxDZ7pwEilMff69zKkA==
+coop.			86400	IN	NSEC	corsica. NS DS RRSIG NSEC
+coop.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RDgEC/6INB2TJe6rxmcHdmvW6vF/E1LYp9QfzIz94AkgZc0QP9bHLIfH6wueB2mxRuFiF/a6Hp6PEQ6GpX/hnuJoJxl74NDr5RZcSLT4+hYL0BfAkfy+oR6Mn6t77Zf1amhasCoZtH1cyoZV6vHgxXLoXMVb+nqdm0VhJ+mOnn+EU4Nh7j11dVcsXkajmbDQF2NMZabNqgRWIYtermAZUIButtXIA4VPAOG2ZZHLK7kwqAqFlY9zfIDgnziFfIeZRFbUzQ56Z5ERjue59+G9gfcGPhUBP1DzWy0JI5KyviZvM342tVKBbMHXN0Gck5Aoiktk3P+hLn/whkFZjFstEA==
+corsica.		172800	IN	NS	d.nic.fr.
+corsica.		172800	IN	NS	f.ext.nic.fr.
+corsica.		172800	IN	NS	g.ext.nic.fr.
+corsica.		86400	IN	DS	16766 13 2 FB25F2D69835BF52CD5389473CD4B0C58D581385EE40B1D1A357135A8CE26997
+corsica.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f9TKOlua1eYyx01q6hR8bdOB807Nfnb5RFVk5YPiS8yUnTDZbvlIjcGqV7feZ91LYFv1BwUtu/LaZnnMv2WAFxPJrORrCQa4Xfw3WkRQCZlobGX+ry/AIyWbKUJW33XoVeCrPV+XrW4wV4B0uMdyS+DJcdOPFX/3faVELU8/sEzC9r0bh8pemi5t1NtBITwFDQ3uewcUT+ZTnjr824uAK/v12vPGpFhorYpbNLSPiH5ysjrU5nHwfk4N5S1RXIlZhzQbjCEc1Bot1sp3H4vutPA0kFGrHeY8CxtG/DHztlIatN3p2f5ynxgMViIzDKcEQrqICqBNZeeWkQJjjnrdtg==
+corsica.		86400	IN	NSEC	country. NS DS RRSIG NSEC
+corsica.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q6DtXoVGBL7gejnU6yUbjUOwwleGDlLR2kGEkWQuvztmlVb5XDslbODO3lqO02Lwux+q51Cdh5d7gBPZ3Bb2h3faCL+wzu6qBvC2Y9CLBCVppPXkrAwPHJI4D0aI2ECML3lA5THRodZJE8Dcoof5lQMxZKxLVOmSCn5ewmFKVH2c/9L+coS5+6SuUK3zXTHXgWAdoslYouWH0xNasMmrrr3Mh+WT6QQPwL3p1j516zYhbBA5NipERhwvrsvZOM6YqPpSKYKdBISXYmmmMK0IHO5JyC0yHqqMyDXpBnouWwvsrawGaPwqMe0lGNz1LpvXtgRrjdy0jiMcfzuQ7320xw==
+country.		172800	IN	NS	ns1.uniregistry.net.
+country.		172800	IN	NS	ns2.uniregistry.info.
+country.		172800	IN	NS	ns3.uniregistry.net.
+country.		172800	IN	NS	ns4.uniregistry.info.
+country.		86400	IN	DS	28436 13 2 94DD44E372B69204CB1FE63DDD1D7A831642D96D00E9DDA589DDAA02E0922CDD
+country.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dirI8EBUXhGpgj4HiLmMkPXhgnP4nQQAV94u42V7HhF51QG1cimiq6a8blEvvgLm9VuHtNN091vk52Q4hC4kOgkdhm3HsebEUzxNxe4nbC4R5lzoSOsZ0sPa6HdwR7PSIdgMCtDeLV/xsZiggf9X1HfsSbwsJ0X0mwPisPhfHpI0Rt4AmOOcyPSON97RL2RUTg6Ei06X8WOKuHWTMUgKP2vWdaf2/WjM5etqCJAaBxMNzkq5J18niowR2UhpKEYyOKYu6NXJrKIYF91YMA+L8xpMqfFtFKNnLK3EOAIEw/CUt8dlINyM0iY0QR8TA1bWvbAHzG9Q9i62znoSCTg2eA==
+country.		86400	IN	NSEC	coupon. NS DS RRSIG NSEC
+country.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZEW1onfvcbZPA5IVDhdTAqmwJKOcwlOFL5uLA1k/J5nm81jM3PruALbz6txenMBczFYiEtHHaI8lnVB0sMi3JMk4ir4r8r5ErQ1Ga1wNhYAvMIwPURES+1EwIH+yCBd+15wsP/iFQcJnA5Cwenaw1uODq5N2XVyOlMhlE0o/DqX6zWhLqlkfc/LHV/9uDW8HhzYWPQd0/QEztlek/Ftt8MO8uISGO2RI8VzxxwnQVS9IU98qkOzqfAhf3pfdqFprfhfzRLeOYJoY7JcX3mAz2Z5LmQzIhwBoH8TXhjas/XFi0OFo0sSobEDvyO+vNvX9i/HN3JMBHsxR3v58omI7aQ==
+coupon.			172800	IN	NS	a.nic.coupon.
+coupon.			172800	IN	NS	b.nic.coupon.
+coupon.			172800	IN	NS	c.nic.coupon.
+coupon.			172800	IN	NS	ns1.dns.nic.coupon.
+coupon.			172800	IN	NS	ns2.dns.nic.coupon.
+coupon.			172800	IN	NS	ns3.dns.nic.coupon.
+coupon.			86400	IN	DS	10297 8 2 215A8514706A344478D609F1F92E86C0934BA02AE9B7D965AAC116E68DF1AFEA
+coupon.			86400	IN	DS	24754 8 2 28AC37A1524040F644439B351BB5929F2EE66B8B6D6EA40D499A0DB7455EF0C3
+coupon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ppQwGxB8NdwxqbO5KHl+aeZ2puSvhFicPHGooNtjNNl9uVKzer71bupkFNeb+ecsYPHK0l+ZJzcYlZ1aA6VWMY5muJ5GGaSkHxTkliitLDyyXX8EXHS5w5jd4q8du8YhRpgSsqnyF/nz0NFBWNJF0vUvW+2iZYskziq/Z/OMHTvJcqUMfS/wDpO+owUYdyJ99sZn8ZdSRJE3TzoWx78f2OhzCz0A84lMxW7j8o6vWKWpVOqUL4nMOTovgnOnam5npXWVl3m12/PzcK9XsGt7T7Zcms0HLBtlNqMTKsQHs2YRXujXEYKsnna7tZs/AvK4X/Wbqi5Rn4Bb073b0biLcw==
+coupon.			86400	IN	NSEC	coupons. NS DS RRSIG NSEC
+coupon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LPR2KpS/fXEt7Bghha4JqlwDflOeLq2AhTM93pVukYcFILJdDD+lfVKQPNjMCLkWpUI00kEWVAPiAPH+s0fX59QR6pjn836sUajVOmDxVdvgF1YK7XX1TAuRghCemh3dHZGgpZicqffeucfbHTRkltaR5q679VVJAUFWJDNIAeeHYoGTplUC5O1CdpTBCts+SU7shYd0MehKLiJJrX4NlYreomjIakb1feZupYffAiyVzIy3QDNvrX++Dofk2WcmlETVeGBAXfvU5FPQexNrA5i934rOO/PhkazsQd6vTqQ376kceZJvQ8unRy4xbTu8rU93HK/nfE0Mk1SG/IOSfg==
+a.nic.coupon.		172800	IN	A	37.209.192.10
+a.nic.coupon.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.coupon.		172800	IN	A	37.209.194.10
+b.nic.coupon.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.coupon.		172800	IN	A	37.209.196.10
+c.nic.coupon.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.coupon.	172800	IN	A	156.154.144.217
+ns1.dns.nic.coupon.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:d9
+ns2.dns.nic.coupon.	172800	IN	A	156.154.145.217
+ns2.dns.nic.coupon.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:d9
+ns3.dns.nic.coupon.	172800	IN	A	156.154.159.217
+ns3.dns.nic.coupon.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:d9
+coupons.		172800	IN	NS	v0n0.nic.coupons.
+coupons.		172800	IN	NS	v0n1.nic.coupons.
+coupons.		172800	IN	NS	v0n2.nic.coupons.
+coupons.		172800	IN	NS	v0n3.nic.coupons.
+coupons.		172800	IN	NS	v2n0.nic.coupons.
+coupons.		172800	IN	NS	v2n1.nic.coupons.
+coupons.		86400	IN	DS	35041 8 2 81D5A5BC4DE79409836063937978ADDACE94166D41A4D005B328C8DCB9D0F936
+coupons.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ii1uDgJSmVEhkplQaD11byF4dFLtS9v2W8L2fiFmo6ZkNfRBVrTljKVq6ScTfk+xEOH2U/7p2OxMNQMTK2k6yh87hfvQgmw1WWpZNKqR9NI+0H5PT3u9J72VUF7NzXQz11wwOcxLoyUNEZUgOOk47sqBsTLlM4spHqKPP7vW32fCSqbAT2ebZJiMmuFZCpqHW7gQhxDJ2/cnuGXCGyHC+4Ykor3jLs+TE6tE/j7L2YpzN/SJikqofkkw1KSz3jm35S5RJcZXFTyNDWuARWwaWYrv3jhw5GKSj/ZRsQvCEbPLUxvaN7cA8Kw4ouFIIXkj3akzlQSIcftJjOaRuBnCvg==
+coupons.		86400	IN	NSEC	courses. NS DS RRSIG NSEC
+coupons.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lkDp38dpvcUVf8JP23U6sf5xkfrY3Tazs+wpKjWUrc/cgcAv8PhDETmaWjIxdz7voZcJHM23ShaAqDuHwh3Mm+Pld+jw5P6YlCjiIG4mt0zTTaEs3kMILw8vOXNwla2y0DL6JVUpKRUkeR7Hl6kpTZvLvN6X6DgEO5kR90bJJt+tLay1iNq0wZ1DKLte74h6mFr/uCqhv98+WhmtMYGByYuk30N/hIiwreJeA5SHgMvIp1Jtcb1hhFjp1nt4wfNaHo7Azf25Ra2EzzgG11R702/6ULXg4k1kqq+qJ2OT8//Af32yn0aVI4pKM2pXIW0Vsrwofjk5VSIL8pLObHi3hQ==
+v0n0.nic.coupons.	172800	IN	A	65.22.24.29
+v0n0.nic.coupons.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:29
+v0n1.nic.coupons.	172800	IN	A	65.22.25.29
+v0n1.nic.coupons.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:29
+v0n2.nic.coupons.	172800	IN	A	65.22.26.29
+v0n2.nic.coupons.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:29
+v0n3.nic.coupons.	172800	IN	A	161.232.12.29
+v0n3.nic.coupons.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:29
+v2n0.nic.coupons.	172800	IN	A	65.22.27.29
+v2n0.nic.coupons.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:29
+v2n1.nic.coupons.	172800	IN	A	161.232.13.29
+v2n1.nic.coupons.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:29
+courses.		172800	IN	NS	a.nic.courses.
+courses.		172800	IN	NS	b.nic.courses.
+courses.		172800	IN	NS	c.nic.courses.
+courses.		172800	IN	NS	x.nic.courses.
+courses.		172800	IN	NS	y.nic.courses.
+courses.		172800	IN	NS	z.nic.courses.
+courses.		86400	IN	DS	15277 8 2 0F2AC6152763313A36B063646929B4B8B35B5E4C0EAF12D54EC3982A78157D2D
+courses.		86400	IN	DS	34960 8 2 DC3B228B7E6F2EEA82FAD1ADEB93171D4D3CA3892A3E0E94035CD89D258DF087
+courses.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eMFC+YQQoiyUAoWMcToG2Y2j9xLgvnXgdTgd1ttOVR+oelAFJ/XUa+lBZdVL8Mdaf6mm14JgGJ6T5Qn/F/QBUrJBlV3sANgM3AKAoMO+0H796Vvqfa7XVojh9Lvtq9YCjYc96Dz3tpst7i1CLf3mt7Gh+CZwYHIaXt2AVmEOs0rIPTRWlPegrsKCSEjsAPFkU1EI1G12CiJxEQt/qEanf/hgbX2Fj7m/U2mMUgAyTDynk5AURoAlmwRTbQnic2QAKhiDTmg3+V+A+vPwpBw1KmSygyeLCs3GTV+azcK3iDlsQ7Le9l3YNUI4fUB1IRc6ymSFHGwcspK9Hk/4Xl4eAg==
+courses.		86400	IN	NSEC	cpa. NS DS RRSIG NSEC
+courses.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ce6kbFT4WQe/vGqKdag7E6fmPDlgpNBlwKIll9DhKNx6MG/X7u+PsPuO+92T0rqe3/JvOCPeNTWpX0BOhspCkmJQ2PyIVS82RA8KzRZpdSpOvHjhna8ZMKVgAhMNfxpVgrZonb6A7RNNBeHjSkavIb0Bg0B1fDKAbLGpmcAsgPhy+knpSNq7Gxolb7VZjJFrEdBGPXZcd3r7LN3DVud25J3elARisOJH45zzpVEYtYKpcSLcGfVbQz/qp0erRL9ub4c+nNfH4Elxnspkzn95Av8IqLEjeEjhPboSGZ3vbUHWQXNVwilaCteldAKdQI6WAV2lOg8589LFRgItIDRocg==
+a.nic.courses.		172800	IN	A	37.209.192.9
+a.nic.courses.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.courses.		172800	IN	A	37.209.194.9
+b.nic.courses.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.courses.		172800	IN	A	37.209.196.9
+c.nic.courses.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.courses.		172800	IN	A	156.154.172.82
+x.nic.courses.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.courses.		172800	IN	A	156.154.173.82
+y.nic.courses.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.courses.		172800	IN	A	156.154.174.82
+z.nic.courses.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+cpa.			172800	IN	NS	a.nic.cpa.
+cpa.			172800	IN	NS	b.nic.cpa.
+cpa.			172800	IN	NS	c.nic.cpa.
+cpa.			172800	IN	NS	x.nic.cpa.
+cpa.			172800	IN	NS	y.nic.cpa.
+cpa.			172800	IN	NS	z.nic.cpa.
+cpa.			86400	IN	DS	6397 8 2 DDF80B47684502EB3921D4FE2B9307CD49F14BD1A896BF694CAE0ED767666CBC
+cpa.			86400	IN	DS	25351 8 2 A5062C23EF5598A091792978FD4F5BA6729A9A30BFCF880FC1CC7D0708A3313D
+cpa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wJkaIiHeeqKn5xHCc51nfDa89cA/pUNQr8ubizE1bVXut22AXeohyDW7j338idggpfm1VsswfdRZjl5rzCDyTiHYNWwCKsITAv8Ug6Y7cur8hquWVIZYgguqYCz3pux7SoKsRkMKIae/EqMB7lr5F8wAxOchtOBtcwa5Jd4faAF638B5WuvnwtWS5C74i2LuWfuotYl3r02PH0kKfbxkQ5n2aAAKrmvJ02LOWsCXeX/1877oFCRAZpBwhWuOYxmcdgbkEnhksXPuBzx/Oj3d+iWFljsxw7ck0v6majNJ7uPnlGvgDaPHVdPqG5C8+k5O9kJ6bBVYmg/e7Qg6sHB2uw==
+cpa.			86400	IN	NSEC	cr. NS DS RRSIG NSEC
+cpa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ys3ymWaxQWUwUNYwBdRgYCT3e0kp6JCWA1GtiPkqdmKfoPjhb3S9Jdy8GCDMJyB6IHTVU4Vb2xc7+KV7gwPCidxfBMruT/bwRUZRTAT5aoaD7Uwh0Hi8KaupFspUPmmfjna0qihZxcRHBZ7v+Yzpr7K3OH/UQPL8nRXBt1/SDn0ob08EfnoIvfRBwbiBL83TZP/ue21t4Pl5I6k0BPy8wrb7xh5I43Gg5JDtLLpcnYktqkmGS+W/peabNEav4ortbpLLWW+hmOIqMu9FGP09A+HjnKacu8y0fv+4nfvFic9nKeKrG9GAkpIkaRtpFxgZwprzndZnchACD2k0/FSdWw==
+a.nic.cpa.		172800	IN	A	37.209.192.9
+a.nic.cpa.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cpa.		172800	IN	A	37.209.194.9
+b.nic.cpa.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cpa.		172800	IN	A	37.209.196.9
+c.nic.cpa.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.cpa.		172800	IN	A	156.154.172.82
+x.nic.cpa.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.cpa.		172800	IN	A	156.154.173.82
+y.nic.cpa.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.cpa.		172800	IN	A	156.154.174.82
+z.nic.cpa.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+cr.			172800	IN	NS	a.lactld.org.
+cr.			172800	IN	NS	p.nic.cr.
+cr.			172800	IN	NS	de.nic.cr.
+cr.			172800	IN	NS	ca1.nic.cr.
+cr.			172800	IN	NS	ca2.nic.cr.
+cr.			172800	IN	NS	dns.nic.cr.
+cr.			86400	IN	DS	10517 13 2 268FB03099E07547620F19A62F101DAEA146DCEE6FAAA18263E0B3DA4E997D6C
+cr.			86400	IN	DS	10517 13 4 11D20D7C408A1F289F6ECE30F241CA4BEB6ABE9D6376E8C6BE2FEE6400038989EE5C447340A5F2E7676454BBBEABFC95
+cr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tPHo6RrQ/efleJ5ptoIeqLcl+TULYLdyE9uF772fhwNK3Da5yXGPiNaXSt7JGJBx9BJf6WdsAuP+mjdfKy+Il3qVEak07rXbBgFxzxA8yRZ2DoU0ljj1SJUi9izixD7q7CQG06kY4v9VTjyo/zKas/B+r+SMtHMpcgNcO7BC0jJyzclSoE3V0oPK/1eirozLt49zOUShA3dQyGuf/8Lyylezz4b4PfkHha1Z7ax/Nu1oA/Op51C1035kbbm5i7RdeDEhmCfS/W7tH+Gib+Vg/Xo3+1Rv+PCwVkVJKSuhsyVw1GWSxsgQI7wKC+ShffkDCLQMoHURKUsmGG2fUDVXKg==
+cr.			86400	IN	NSEC	credit. NS DS RRSIG NSEC
+cr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oPAxO1H/hAnxOvUddWeh5JvlEjWUzOqBrJ2nDuIHwinHmorZN2Uy6RhnhVzLXiGVgbQxH7s4bI36TGQLB23zab02zxunMRPVFrVAi7noYkC12BAD7tTVlRp5BWMnMHOw+9O9Qf2SBcx3llyUl47OyIkaqOdTSQRtp7ReGeGuyjtuFD7Fk9rI9ivfn+4G1n3kqy9HGY2jroSF0pta+j3CadVm0UCGflVPBhIKdVpx/nUaSfoapkisjcjb9TIsZw+0V/MMY9qczGLbUtmvCQNThVK5cqxKhPBg2nQzx5Jm5cA6UVuVLLfse7LybKvnHX9hfkw+LSv1M/lsoxj0R0AEMw==
+ca1.nic.cr.		172800	IN	A	185.159.197.100
+ca1.nic.cr.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:100
+ca2.nic.cr.		172800	IN	A	185.159.198.100
+ca2.nic.cr.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:100
+de.nic.cr.		172800	IN	A	194.0.11.107
+de.nic.cr.		172800	IN	AAAA	2001:678:e:107:0:0:0:53
+dns.nic.cr.		172800	IN	A	200.107.82.100
+dns.nic.cr.		172800	IN	AAAA	2001:13c7:7004:1:0:0:0:d100
+dns-ext.nic.cr.		172800	IN	A	200.107.82.219
+dns-ext.nic.cr.		172800	IN	AAAA	2001:13c7:7004:110:0:0:0:219
+p.nic.cr.		172800	IN	A	204.61.216.89
+p.nic.cr.		172800	IN	AAAA	2001:500:14:6089:ad:0:0:1
+credit.			172800	IN	NS	v0n0.nic.credit.
+credit.			172800	IN	NS	v0n1.nic.credit.
+credit.			172800	IN	NS	v0n2.nic.credit.
+credit.			172800	IN	NS	v0n3.nic.credit.
+credit.			172800	IN	NS	v2n0.nic.credit.
+credit.			172800	IN	NS	v2n1.nic.credit.
+credit.			86400	IN	DS	49534 8 2 DC1DB287046FCA135C071640A2DA5B5A357AAA6AE900BB324035BAEBBD461A90
+credit.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xL7JrwszekEUednQcqq2ZV9HrmVAUSX4WuLdqY4YWYVsPG/CIX049M6yZ57Hv0x6DeuTIpWrvFNxw0KHFvfPEv+s20h6777mxxLyUNHUaL2xF8InG4bQ/Izx0yE8/03eFJYSf5S5+s0RpK0/qEZA9xID7oN9obTC+J1rh6iChs82BkUog71d5b5+BkYFv82EiNSyqvyHikzXjC79csLguJv358zIHrX+JOweq+wIb0C1LrwWA08/moddnXyAK/HFJeXhsYgskNKMNYuivlvcq9LYRtrBciq5codj22bWv5lKgdB0/sbYW9abqbLBTDxv5zj4BYgs7LS6HTH/7c5LhA==
+credit.			86400	IN	NSEC	creditcard. NS DS RRSIG NSEC
+credit.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V30I/mdhu67dg7QL34y3muN5aOcnMtX/9US/912cNyZXWF/LPP7neoBx1aj5jMRqDh/T2Q2dUFvqFcfMBjISbWQwgiTKFCwqPusc6Y6EZWSke/He08KuzT+A3b4+h297AFyWnKJWzMJ464o83robuyNUS94ALXhRKeP7TkxQ3OolNlHZZzJJ41g55uqouRm2L3S5w7B6hU9eSFasZ9tQVLhTbINua0mI/kw05UrtEmatVwfrazY/QssAo9Wex46wIV9Hw60rveHTGpLbOxOdlM9uSfNh38M7v7CL/xgmSDgjh8Nm4UIYEEiccttSqKeQV2ID7EYMyIYpilh+BxCrTQ==
+v0n0.nic.credit.	172800	IN	A	65.22.32.54
+v0n0.nic.credit.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:54
+v0n1.nic.credit.	172800	IN	A	65.22.33.54
+v0n1.nic.credit.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:54
+v0n2.nic.credit.	172800	IN	A	65.22.34.54
+v0n2.nic.credit.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:54
+v0n3.nic.credit.	172800	IN	A	161.232.16.54
+v0n3.nic.credit.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:54
+v2n0.nic.credit.	172800	IN	A	65.22.35.54
+v2n0.nic.credit.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:54
+v2n1.nic.credit.	172800	IN	A	161.232.17.54
+v2n1.nic.credit.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:54
+creditcard.		172800	IN	NS	v0n0.nic.creditcard.
+creditcard.		172800	IN	NS	v0n1.nic.creditcard.
+creditcard.		172800	IN	NS	v0n2.nic.creditcard.
+creditcard.		172800	IN	NS	v0n3.nic.creditcard.
+creditcard.		172800	IN	NS	v2n0.nic.creditcard.
+creditcard.		172800	IN	NS	v2n1.nic.creditcard.
+creditcard.		86400	IN	DS	53764 8 2 E405DD422F4A0B2554A51B063D92E9709A2BF309DC2D5BEC2C914065636D3FE4
+creditcard.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EbSY+RGsj/KSECoMTY0Xl6IfRGbdrLF7YxblivOxpdm4dHEnPrsYMGRmRc5DnRXOOeFFWp/Fmbyl+0i1vCDJNq5s+MljkeRTVJtpDL5UTCGVowbcEsAKZGKvIJtarfLgy756tbSYKrLt4c7Qdmburp1LETkBrElPiYZp5gUM+m9J2xkktA3LfyTWceKLa6qSQ9ng+lyOQ/PXbXrAlAPxZ4eVnEE0RdA0wkcZbthZfY37LYo4ipdky2EmZfNCrqTtiOpmaKx2QeauqYq/uVqhBvhJvUoXDrK8VvN5KfzY11W+Sd8KAKwIPGEzKcwnESCoVNNRfuVb3z3zcr3jvDjgEw==
+creditcard.		86400	IN	NSEC	creditunion. NS DS RRSIG NSEC
+creditcard.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WUHMhGaotJ30qJyhk334ThKDqknJpdBNEKSqBrTcL52+HOrCYDvX9/6qu4T5j88q4Lg0/FeY57kCCSMdpRiJH58opBafrz4rJBe/mXDjhFcRWrBLWhcA4CXv/kk2qi/R+YUDvP09CYCSHGSkoDoF1qqnhpSX1YYL4s5luye1680kMzLPSW32j2+A3OKXTPOLyQmwi8v8cOdFMEexUdtfYdAzGgaqLd9eZbKPPHUosYIx49mN1Xcor0V2yh9KTEqwVN1EhAnW1pw6lZh0xXh5nPbC7+lVuLNhm1UhugUFx+jJ9BvIXtKq6PRmndCxGiJCY+0a2BGaVTk3dySfGwCEEw==
+v0n0.nic.creditcard.	172800	IN	A	65.22.20.65
+v0n0.nic.creditcard.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:65
+v0n1.nic.creditcard.	172800	IN	A	65.22.21.65
+v0n1.nic.creditcard.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:65
+v0n2.nic.creditcard.	172800	IN	A	65.22.22.65
+v0n2.nic.creditcard.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:65
+v0n3.nic.creditcard.	172800	IN	A	161.232.10.65
+v0n3.nic.creditcard.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:65
+v2n0.nic.creditcard.	172800	IN	A	65.22.23.65
+v2n0.nic.creditcard.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:65
+v2n1.nic.creditcard.	172800	IN	A	161.232.11.65
+v2n1.nic.creditcard.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:65
+creditunion.		172800	IN	NS	ns1.uniregistry.net.
+creditunion.		172800	IN	NS	ns2.uniregistry.info.
+creditunion.		172800	IN	NS	ns5.uniregistry.net.
+creditunion.		172800	IN	NS	ns6.uniregistry.info.
+creditunion.		86400	IN	DS	11419 13 2 2393DDF8501D382CB4A700C85ABCC974A95AAD110898B8BECC4BDBA60B5E50F1
+creditunion.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GaoeAIpEfAXFSFKKcD2pHdvqyPXpkCD2AxeBui3Xtn8Iw+iRvkdLL1pqBVmDr8lNvlO3uOgjxDxJQqTgqGcZpR1ENq7JHG86iR2J02uLbLYe9dn2DEmELheF4uwO06Xk+fYayp///qp/q5nglUEhtzgct+OT8c/vvXn6ZdMFnui4sKzw2zykBvY389o9pJxA6idbMiP/6NDEYHMgEFsRTUA7TnN16TZzWNfFPtydhU1knnHJpLeWzJJzNDwsBDQhuHyhPUpynkFZf3RG0pywncZ9wucyoudl70Qho7bCuy70KGo39mg/xtyWNxxUWcAbgWgSYCsrVXkZxU0KaHPEQg==
+creditunion.		86400	IN	NSEC	cricket. NS DS RRSIG NSEC
+creditunion.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BPP/p86tje4LbDSwYI2weIC1yltTlmFXjhBDcxRok+V1xEzg6mWU95Fao6I1PU24Fx7SyXY8Ulj7380+LWsp8MLc02e6lrJl/HFWQTMDfCe1/VpPfe0LqE/jefkkJHqXakHRUUDuFjrkBCj90cn4s2l0KYBC1nBLoJKUcPhhITwiPwfopcSNFmlLN2MQHcvJccwAgpGTJdiuo9iE5uWo+ELVNcpk0udvV8gYuDsXIktkHfL6llCAdbNdU4Xanb+44iCvDgJZuUME7HHxSm7pwhKqVoT6OpLlUp6UUx1Ggv5MYv+FpU3mlwntMlCJAdaPNAo6a/eeyqUinEtX5OnCEA==
+cricket.		172800	IN	NS	a.nic.cricket.
+cricket.		172800	IN	NS	b.nic.cricket.
+cricket.		172800	IN	NS	c.nic.cricket.
+cricket.		172800	IN	NS	ns1.dns.nic.cricket.
+cricket.		172800	IN	NS	ns2.dns.nic.cricket.
+cricket.		172800	IN	NS	ns3.dns.nic.cricket.
+cricket.		86400	IN	DS	31300 8 2 F17F7981F1F544769763F21F8C1222D7CBE9393B89A84EA84D4ABF9A72950751
+cricket.		86400	IN	DS	41779 8 2 300973057D1EEAEAA9A7A558359564F48E7654B88CD3C81D23E48F700701AFCE
+cricket.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JIq/E5Hdd2WAoU8XS9aWke3qNgQA9YTyUQwl9IpY9UzBzsMWmQAnHRHG5+strusG8ihtcXfrg8FsKSoK8V2KgCICvgsGGhNMcOWDPlEPoIfWPlbhajEmui/cr1FW3uJtACxlVzE20bIb1FwDytyntHfd81Ge2Xixnykenc09TIdR9TI0SqUThNMsq4Mvo00tLyzq+vkM58qEzVb0UwOOjXQx2cPktJX77A7xOidvhB9w8lBUIM0jp6Wteu7djDbm/kQUNkn5c1nQQ2k8tzM9vN9XL7+dgHFs/lEJQEVaWhD/qMaRBNOWkzsfPg7ApdOPGrfLfFSqM1/a5271Q4mf6g==
+cricket.		86400	IN	NSEC	crown. NS DS RRSIG NSEC
+cricket.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oKTQm9M7APvtRzIyDNcXQX1pH3si+L4syD/4uphHSa3FCzI2ps70Q//GeTIdA2IZqoX9sXLJcSc3LQEMFRLzkJ4zUhrspJd451PVi5RScUnToK+EyGYfF81FwxwrDsTUJsl6K2E+0rubBOBYLQdpj4T4ZVnyosODhA5oHdJMtT3Wj+8Cf9c8faOU1ba8Pi/Bwpk9pM3s+UXDpKYh7jPhnmnP8kpdMXNrHARoBUvxiNQ2Ildrg3miBod08d+ARZ53OTSQNmpYIvJbT4nTcaZ2PN0zvIXdFkoyzRAlfufQOUM/M173J3FNsBcOMvGscHZDXguizagdcMKnzFD0b/6ECw==
+a.nic.cricket.		172800	IN	A	37.209.192.10
+a.nic.cricket.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.cricket.		172800	IN	A	37.209.194.10
+b.nic.cricket.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.cricket.		172800	IN	A	37.209.196.10
+c.nic.cricket.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.cricket.	172800	IN	A	156.154.144.220
+ns1.dns.nic.cricket.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:dc
+ns2.dns.nic.cricket.	172800	IN	A	156.154.145.220
+ns2.dns.nic.cricket.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:dc
+ns3.dns.nic.cricket.	172800	IN	A	156.154.159.220
+ns3.dns.nic.cricket.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:dc
+crown.			172800	IN	NS	a.ns.nic.crown.
+crown.			172800	IN	NS	b.ns.nic.crown.
+crown.			86400	IN	DS	41194 8 2 F7C822B56B709256E744781B677C0B32DA1E218EAC286A2543B064A19A40F3D5
+crown.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZZlMEEookDje4epUZs/MmFrUoOY2/8xsZky1VxZqatxaddUlKP2f9/R4NhIDVbDtRzNxik4Q1XWHuUx++L3T160mlY51xq+Oz7w8pqdM6aysPSJ33UK5cIic+zlFWFNgTCXLtPLAvk25UWjM1T/o0XGYizvioG94SE258d2TEekbRbFQTKqB5+55Ym8pXqhb00WWqQPjAXbFXoEKZryC+ITUQTmSDrUKT0Ko9cWjJ5AmLif+66tuRIT7TsOgCt1Vi38NwJpX8H1PG4kWfPladyy/I+Zn3DpwkdqrZbQ4a7WLzZ/mfUb1CTKC8oRkiUHy9wTjAMqkDJfSgYSFotqmng==
+crown.			86400	IN	NSEC	crs. NS DS RRSIG NSEC
+crown.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m3EWQm9PoS8kqscneiIYciui4e8uV/Dp3reeDQ3ktfqbNnEY+Mlirdr83a0E71iPIHORW7yvVFs5hcBe7gCzJq8dr+BbW3UpxNKHRo4ad2G9VbRHvz9UtQuHErBM15xSyvG2coo5OwWJH1ZrcXqU3gyDWNJ6yKotVOmw5V6xyU3I6BeY0STp6BwAHoGdgmm9PW1mi/sz2rFLVn6G08KtHk0ZwDGzoxKgmHJJCe/Mr5Xba/Jyhb+DTbknAVYKSY6F6GmWhJU7CCoDuZa+DD4tT0MW5PmpqmDk9THa0zNYb4KCVpLHmIZSfX2mKIVAq3sqKYz38p71wTbAubTg5CNaUQ==
+a.ns.nic.crown.		172800	IN	A	185.159.197.5
+a.ns.nic.crown.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:5
+b.ns.nic.crown.		172800	IN	A	185.159.198.5
+b.ns.nic.crown.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:5
+crs.			172800	IN	NS	a0.nic.crs.
+crs.			172800	IN	NS	a2.nic.crs.
+crs.			172800	IN	NS	b0.nic.crs.
+crs.			172800	IN	NS	c0.nic.crs.
+crs.			86400	IN	DS	63622 8 2 D1647F1F8B7A8508B81F1D822C27581B628F7351EE8D99B8DC32A2BD802E0C37
+crs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qdEokfrDxrxsoShF2nVu9mYYMyjAxw8DbFnpsKHVHHaUmdomobOd3pwAUQj8+45lRvGy8LdFENTsZ48tHuCOsiw00iR9RN3rjsWTlHugL+rtfMBR+KGj/Q9xThP4Yv4ysQc5pvuYs9gtqIUVFYb2QIFgWcuR1GqFIXMzHij60HdOcH2gTrswTgXqTkxxpk9iQTvTK0QOyuTpvfqicbKj/5pqEOQNcrEG+yeHYQaXGT2bJKIMrs9ngffiSi4lQU+iMU16VbpPrDHtMuUpn1ggyLVqH7B0ISmw3fzlxBwhorH8MxgeG8ayZ6lpoTaFiEUgKZfMS9j+MlLzeB3h/8HXiA==
+crs.			86400	IN	NSEC	cruise. NS DS RRSIG NSEC
+crs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NS3r4zLl+8Y26dhRSVKa3SK2/GXEC/R3533FqgExam6bdtRwM/IvYRS/yh8jrMI93VfQ9buotr4/UiGpkZQR2SL0MLHdThdfh9KlKQRpcSF1MX7apEE02vEq14guuvsf4O9q9S4W7JlQLcGdTxD3vz7A2BmNNxtN4/Rr4UC08qCJJm8ezxOic3DoALYsbvGC8kGT9epJKlsOLvktClCEfUyPgDukv5cxnr5+3LU6iI7au7lvNFf0ewaWWDDQp2zqEUJ7xQhU574AtMBvP3ug5fMwyL3al8GEHVKLLN+XOQDbGxBFfz/r4I9iphC5IAv8IaDczKBIQFOfmUwWInnYnQ==
+a0.nic.crs.		172800	IN	A	65.22.112.25
+a0.nic.crs.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:25
+a2.nic.crs.		172800	IN	A	65.22.115.25
+a2.nic.crs.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:25
+b0.nic.crs.		172800	IN	A	65.22.113.25
+b0.nic.crs.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:25
+c0.nic.crs.		172800	IN	A	65.22.114.25
+c0.nic.crs.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:25
+cruise.			172800	IN	NS	a0.nic.cruise.
+cruise.			172800	IN	NS	a2.nic.cruise.
+cruise.			172800	IN	NS	b0.nic.cruise.
+cruise.			172800	IN	NS	c0.nic.cruise.
+cruise.			86400	IN	DS	33220 8 2 254D748F9E700BD632010EEFFE96CC5A1DFEF5B4A85A18A1AB4962EA81F9937F
+cruise.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qZV9KkLhJmLid4z0bZurO03E5eaFK9uwKrX+z231XfPiAKmJwprDhsKOuPAwfTO1vrUETligguR3t1OQO+JOFn6wnqkEWjM5zITN5Z0bhSz1zHif7C/n+1WOwnLGOnzBCCMXHzhiF7akqHwOQ4x7UpW4SpTrLFXfgBAYPnJC/5GCjKggeRMmVZ3KrILsu/zZ79VS8U/e0JZhtOGEUg80CEvdYHhEM5lispEY7mU2xKwybNJa6CUMMsRDUxR4cqI0thIK6ejEbqCotMQmKghWeri/GdZTumg+7PozJwJMhdJ7oW9yy7hGFDrNY4zb7Gyn1G2nzx8xbUlsGG/qjG/55A==
+cruise.			86400	IN	NSEC	cruises. NS DS RRSIG NSEC
+cruise.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JSkrPETnRE8dT1OaTbcfTzEjS93vtzT+YAia2uFW5q8Pk7OSha+mUuJmOUaPJYRJpFs0EyPwJRjqlEjL6+AjUYlKfI58Bp77BoTKR/NW9YQDGOcVVIu1JwqKdkqYVlxeMYxsnv2ccdqZ615etlX0TqQF9F14RylNcDsLU/x/f/Gm4OjE8yXxlxKXCxQWPBniwhFdePOqD9rb0x8ihEk7x6W5PVEUY1lUqUI2X4NUMGy2a6vSKh7F4Uz6+1OSFp1FLxUQmATfCtIFa/x+N3GAj8DBPhxaOCUlQ67Ax0XoUAK8qw1vo05CmvW7UBPItmE9QPs6TIEz9DZOaM3cx0ernA==
+a0.nic.cruise.		172800	IN	A	65.22.192.25
+a0.nic.cruise.		172800	IN	AAAA	2a01:8840:ba:0:0:0:0:25
+a2.nic.cruise.		172800	IN	A	65.22.195.25
+a2.nic.cruise.		172800	IN	AAAA	2a01:8840:bd:0:0:0:0:25
+b0.nic.cruise.		172800	IN	A	65.22.193.25
+b0.nic.cruise.		172800	IN	AAAA	2a01:8840:bb:0:0:0:0:25
+c0.nic.cruise.		172800	IN	A	65.22.194.25
+c0.nic.cruise.		172800	IN	AAAA	2a01:8840:bc:0:0:0:0:25
+cruises.		172800	IN	NS	v0n0.nic.cruises.
+cruises.		172800	IN	NS	v0n1.nic.cruises.
+cruises.		172800	IN	NS	v0n2.nic.cruises.
+cruises.		172800	IN	NS	v0n3.nic.cruises.
+cruises.		172800	IN	NS	v2n0.nic.cruises.
+cruises.		172800	IN	NS	v2n1.nic.cruises.
+cruises.		86400	IN	DS	33562 8 2 1DDFE341F6A4826600129A02D4586888063E21C358E093D8AB4C4B5933D73E01
+cruises.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . afBLUrL/a+g+mjhrioGpDrRfDb51f/WR+gADwOQOmewxw6lAN/WJKcTNHD6oIM7Cj/yIhONpIwWnR2VV4vy8ssq1sslCCq7BjpL23j/5TthlZK0eglRpGXm+2pvAq6nCtV1yAX4fjIeBXj0YRjSaCR1QE9r3M1v8VLqzldigw87CA4Q155cElIHVqyCC4iq3LT16TqCKkEltQKXbUxDV7QpLVPR554biAodwlCGudmlaRwcbHbyyNAgiY5WYBa86t0hnViit1Nb3n0mhiQTHia0rNah0W1BR8dYS42mdmBdTE9UQEFzlOSkEZCNuwsGpH85YCjoL08/XJuhSKXwFKQ==
+cruises.		86400	IN	NSEC	cu. NS DS RRSIG NSEC
+cruises.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wDMHOCRdQ68PH0YeDcPoycPrdErsOxVLViZnx/GSZX9K29BJG1Nc4XqvcusrhAysPyrNAEs1yW3oRc7kkX/gcWpy/vDaoXm/Nj64OhVK4oio3U9tBWqzK8i6BEeX2pnCfDgpS3bqkomuTB+yvCdE8HDVwmgqxJE/pSqcNuSMYJ9H3+CuDVEA2KghmFx7EUk+eScc+dCjoHOhfS01CHMjlq0LTSdGgQpZseNlN0JeqpiMj0M5PrYHrZTpD4Fh5MT8BV70xlAJMLVEs+frZtFZXTFU/lIIUdLO8ZcxMaiiEMYKElzUGIKIqyG4JqRKWVGCfR7MN/eiMhQ1wxWMJP1iuA==
+v0n0.nic.cruises.	172800	IN	A	65.22.24.30
+v0n0.nic.cruises.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:30
+v0n1.nic.cruises.	172800	IN	A	65.22.25.30
+v0n1.nic.cruises.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:30
+v0n2.nic.cruises.	172800	IN	A	65.22.26.30
+v0n2.nic.cruises.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:30
+v0n3.nic.cruises.	172800	IN	A	161.232.12.30
+v0n3.nic.cruises.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:30
+v2n0.nic.cruises.	172800	IN	A	65.22.27.30
+v2n0.nic.cruises.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:30
+v2n1.nic.cruises.	172800	IN	A	161.232.13.30
+v2n1.nic.cruises.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:30
+cu.			172800	IN	NS	cu.cctld.authdns.ripe.net.
+cu.			172800	IN	NS	ns.dns.br.
+cu.			172800	IN	NS	ns.ceniai.net.cu.
+cu.			172800	IN	NS	ns2.gip.net.
+cu.			172800	IN	NS	ns2.ceniai.net.cu.
+cu.			172800	IN	NS	rip.psg.com.
+cu.			86400	IN	NSEC	cuisinella. NS RRSIG NSEC
+cu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MdwijIkE8lbPkzZSPWlEs4wWzqFNXatbr7yhsxHYzVTym86X2mv0GDQY5MG6CWcGA/oaWU+3IZ3Pt67HZHjp6/+/pYV2EJWuf+Z5sGXpfzb6glRb6ZBwYWbqzfy5igEu+EqzB2Ie1MmxhPU29ab4l/LehzEGGIQrEWZvQ744Bxp2yuqy7ibtzdO2wU61miJkyIjUsTH/g8bD2EuIAhzPNVBdnWyaau+C2jnHDBeomUMffGt6D9g6YOWeTMyL7oGNodfU6ofM7nCo2vo6uP6jnaD8exZGlkzra7ujnGUuPcDVT4J4UqqwzidDkk567+EaaRRL/lu3FsRWbN9ev7wdbQ==
+ns.ceniai.net.cu.	172800	IN	A	169.158.128.136
+ns.ceniai.net.cu.	172800	IN	AAAA	2001:1340:1:128:0:0:0:136
+ns2.ceniai.net.cu.	172800	IN	A	169.158.128.88
+cuisinella.		172800	IN	NS	a.nic.cuisinella.
+cuisinella.		172800	IN	NS	b.nic.cuisinella.
+cuisinella.		172800	IN	NS	c.nic.cuisinella.
+cuisinella.		172800	IN	NS	x.nic.cuisinella.
+cuisinella.		172800	IN	NS	y.nic.cuisinella.
+cuisinella.		172800	IN	NS	z.nic.cuisinella.
+cuisinella.		86400	IN	DS	7819 8 2 34AD4E3123591F60CA6F54EF8225C5B9EA2CF0325CA3AF1C73DA9BE243C1FBBB
+cuisinella.		86400	IN	DS	35209 8 2 1FC1EE72FADCC8085A2F62C861BDDB4B556DFC33B9356845550BE284DE05B383
+cuisinella.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1Z+lhAwuMb0hmrCJ+Vh0qMGeZ1DvO17vVrMxAb0wsfm+RkgCTUY+JM5c/jMCgqzslkoCSAzNr+Cahfhj0uRZitCdznyuFjRSuKZh8Y0KjP4Otq7PSDkyMjgwUTIt0JLY5nJlSis/AqQIYVFFfgEQTCifBBo0bndpW99btgLRTc7pHPJccElJRFkqoHsZkFfPGApzMUFOzKIhbYXPpwnzQCaF37Xgg4p69YDw4Ff4IVJv+tD7OC4ZEYNjf3ZDgcsnBNCr+dFVWErANKjlc7Sl09ijwEViT9mwibFUd0G6WzHCmL4b6vZDc6zxGMvHt/whCkcYJ4J1DHvEGVysshH9bw==
+cuisinella.		86400	IN	NSEC	cv. NS DS RRSIG NSEC
+cuisinella.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DAgwvNHG0ajNaXH/3jr/q7K1Rog0rWYD6GoVDZWodWffgq+d9aQR+h5yfJk31fAddm2E5C5vK6MVGQGT6gCo4xy1h2CYiNA+E59dnNEqWyUzuw2lE9h9sqNP93tzHAsvDOU2CSVXrT1VAZzZEVPA0xYrVr1vMIXW3xbCQ9OqphuQ7732LgM8dMJipZkwHrD5afm6aYvQIi2prOZtuNz6TuP1bHx23Mkx1QuD8rXPX++YZ77Z2yHzdRQtz5tu1UyUFuaAJJD4hibSunlDg0+fEFbx0dRAzkHpdtskgHuJGr1qTypRvoDpNUeISwPVAlDUixE6TbTEoISKpPBFzipXgQ==
+a.nic.cuisinella.	172800	IN	A	37.209.192.9
+a.nic.cuisinella.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cuisinella.	172800	IN	A	37.209.194.9
+b.nic.cuisinella.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cuisinella.	172800	IN	A	37.209.196.9
+c.nic.cuisinella.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.cuisinella.	172800	IN	A	156.154.172.82
+x.nic.cuisinella.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.cuisinella.	172800	IN	A	156.154.173.82
+y.nic.cuisinella.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.cuisinella.	172800	IN	A	156.154.174.82
+z.nic.cuisinella.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+cv.			172800	IN	NS	c.dns.pt.
+cv.			172800	IN	NS	ns.dns.cv.
+cv.			172800	IN	NS	anyc.dnsnode.net.
+cv.			172800	IN	NS	cv01.dns.pt.
+cv.			86400	IN	NSEC	cw. NS RRSIG NSEC
+cv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZSMg8bGvO6rYz3dCZEnVUp5U6UrEcYonjktx2YlWDwBichf0nfE9MBg0am9aCAJBtgoiokKEdfRVsnYjEQLn8X3zu494zEPQY7qRXtU621g/7mkd+7MWOgP2Y8+Zj0+UGFG7s57B6jV2BPEiomiqCEYnhJ1uI8Lq5ezUE1S6Adyp770JZcT74vgKRnzPwfb4PuDoekwzTVeebRVMvAvWWBkESZKmo4z4yU+DB0+ifl83crWIAoWhbx+QySfNDS6pGKHde7QFYaKhcz/Ww+3usEDptKVLGeInjAYZ3gd5C07DxKtd8uuEhb8S9p8p1by2swvpNB3QOM6XjMtcBOXhFA==
+ns.dns.cv.		172800	IN	A	41.221.192.220
+cw.			172800	IN	NS	cw.cctld.authdns.ripe.net.
+cw.			172800	IN	NS	ns0.ja.net.
+cw.			172800	IN	NS	ns1.dns.cw.
+cw.			172800	IN	NS	kadushi.curinfo.cw.
+cw.			172800	IN	NS	ns01-server.curinfo.cw.
+cw.			86400	IN	NSEC	cx. NS RRSIG NSEC
+cw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rWNu8izESjCJ5OJlqDYsh1bJWI7cHMA/UZBQVH8Z0uzy08C4H1giWqHrTcB3+fnWbfh2Rasto2kvAccsMEVk868HzAPjqHvBtkgLLqoL/kpW5VS6EP9o/oitQZlJGz2pmS/L48L35aAXq9chg2mjwDjN31dTODhINWMGdiIAaqImA1jpBs05FPdmVjAqO8pc+wkzv7P3JogWhKcvbu833XHWME0HtnzEWnr0/2gexUWr6sfhbTLWagVbb/eoXjvTOeKrfuRObuT1ZRxbiHZyK3Rg9GKEAOUX/wB46Oa6/Gzn7tn9QdSIEuDiwk68CRk+K/NvW1zXBdU8i2laS0djBQ==
+kadushi.curinfo.cw.	172800	IN	A	65.208.122.63
+ns01-server.curinfo.cw.	172800	IN	A	65.208.122.36
+ns1.dns.cw.		172800	IN	A	194.0.28.6
+ns1.dns.cw.		172800	IN	AAAA	2001:678:2c:0:194:0:28:6
+cx.			172800	IN	NS	ns.anycast.nic.cx.
+cx.			172800	IN	NS	ns1.anycastdns.cz.
+cx.			172800	IN	NS	ns2.anycastdns.cz.
+cx.			86400	IN	DS	6500 8 2 4854A102492CE0C50C714F366EBBD520CBA38BBEFC91CF295EEE8E6EF7D48CA5
+cx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ctB+ovQUA9OSxDAox+7m27x+vGWVndQ5O5kNs4NYX+g8T5R/Lxd7Mgn5bij1kYxI6OcyI3l8Cq0NYlPVKcMxhNgESysM4yBEMTZYvx2d5X5uAWCqBTMMcDYA2ZEZiSzET8dBvJ6s5g5QbxI2vQhmA9e7MTQjmz/ysQDFBl0sbcMO2KTo0Jju6fHeE8Db3Ud0fjw2JIJoj18SinI2QYhOyXbW9aQnqztcEpap8SKvoOfzvSQs2fPFnZ4GvQvL3dSA3Va0lGlLPTBQsJ1FwVoUbTtlBh49y0aMb1SAJhoCG6I4rC7MjEQYGbepYrzzmsOmGMBn855eRbwWONFYjHKmMg==
+cx.			86400	IN	NSEC	cy. NS DS RRSIG NSEC
+cx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tGPunRF7XGLrmoFZrVbVu/z4rwB5sMeGUOT5Qi3gg5LHrHVpol5/7huVAp7Sx6b31CaY7xHISNDls+pr02If7DgSg+BUW/orEUGH4rudXocg2WvEApQMY04/RAT8iB/56Xw1laN13Kr1mZt9r5TBdw9S9kT2VHNFVot6mOiea/jh1eoYrB8vAqRfPtIz2w2dxGo9q2taf3SAqBLFoadnPnYnFnhqcv/42xFhwjwOoIdrrf83LEQB1V9QOeQBicMyMkMzlCEpSsW/oqcmV5W4l2sgLv2F8SVNujFlbc4OnbyKtCKKsqebZtGfVUwLvxDdFxkqoQqbFCjlo27uOco7hQ==
+ns.anycast.nic.cx.	172800	IN	A	204.61.216.16
+ns.anycast.nic.cx.	172800	IN	AAAA	2001:500:14:6016:ad:0:0:1
+cy.			172800	IN	NS	ns4.apnic.net.
+cy.			172800	IN	NS	ns31.rcode0.net.
+cy.			172800	IN	NS	cy-ns.anycast.pch.net.
+cy.			172800	IN	NS	estia.ics.forth.gr.
+cy.			172800	IN	NS	cynic4.dns.cy.
+cy.			172800	IN	NS	cynic6.dns.cy.
+cy.			86400	IN	DS	53051 13 2 23E40296DD897E15A7B78061B987F240D0415ABC20382FDCDAEC24C7FC8A9E0F
+cy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VAo3aqOM1tLCIbNP9sABlxc3bNzI3Ob6JuIE5t7ZA1f0i2p8813IYZamKbBt+fWA9KAR75ljPhI2A/711PlF2v+7jGEUh1Y4MWfgVtr22nEaQyUTGWzNZLnDNj1Bs8Htyjge69SsL1ddvoW3plZywbCXU3E3CtnEx0XF9pJ9vV/rr8eZp6PjoWEF5kgaax9TUVnUny38by/TY+HBjhZOtPaFzQw4iPr3q3F7E0C3H8v9W46ZkwNOvQ4hgRMswa/DpKI/u6UawievIA0Uymvr0+dIB51s1vlC74HAoluj4EHmnsSOQR6UL/13LtkqARDrOulObhxV1cgKKFF7+nFdRg==
+cy.			86400	IN	NSEC	cymru. NS DS RRSIG NSEC
+cy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ASq7nvFiZdmiM/14bnzt+tlLyUJ8BPZXrI8oVyiubaODYxpKSPGg58cEeQxDsrJDzshfd9a8B7oDalvIFuFPhS7z2uUlenlBzGB2VXPOqMmK47c7CyeQ9DRwKnw5yx7KOt1JZmPggfuq9sPl4Rr+smi6oNGWs6/SnFx8l1DbQOtELL1uVwhoCZ9J4j0hS/GcYSpsoA/hqeWvIcWUwupkwwSFOnEYOqRmlV6/MHb8qhnWIbpEV7ZMzsz8lR+2nS6Z2e8cucl/uuoiSOy7W73ENqUCU8sKFvAutiqR/PRWEm752SpQyTW838EvkSvLMToP6nelkOtJsBwPGXBaNXZW5w==
+cynic4.dns.cy.		172800	IN	A	194.42.29.16
+cynic6.dns.cy.		172800	IN	A	194.42.29.5
+cymru.			172800	IN	NS	dns1.nic.cymru.
+cymru.			172800	IN	NS	dns2.nic.cymru.
+cymru.			172800	IN	NS	dns3.nic.cymru.
+cymru.			172800	IN	NS	dns4.nic.cymru.
+cymru.			172800	IN	NS	dnsa.nic.cymru.
+cymru.			172800	IN	NS	dnsb.nic.cymru.
+cymru.			172800	IN	NS	dnsc.nic.cymru.
+cymru.			172800	IN	NS	dnsd.nic.cymru.
+cymru.			86400	IN	DS	34255 8 2 B85680D4065DB4E7CFAF8B349DD43901EC51B78F5E9C57C332BC6D905BEBA702
+cymru.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A6mi4eJZ1inUudMQt0H5y5/I37UKqjHpSvKeB6MxTkrd4c1dxNharvcCAimGWG6TnINV3/eZXqlPMbbxysuT3UPua1BQlqIKwkCGRAY95cYDkwnr3/kgTMDV8nxKxhOCw8Cf0/JsrOkjvHp/pHJV0Q+S96akdj66/trVabrV+0RjGYSyu8aIqB2DZ/9Y0dRp84EQl0SeaV1jXIYNsbcWCd22x8OQFTEFzXTm/nETE01Ru7BSnG1JxoJob9N4ed0vvjYxRsl7k6JwhEudmUjWGZxCP7EHhcN0DTo46MB5DYrT7mvp/POV+oUkkMoGgjrOEtX0qJXLEJNWU5KhBLs/Dg==
+cymru.			86400	IN	NSEC	cyou. NS DS RRSIG NSEC
+cymru.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hzpJ9/KB0BtJx7HNb5qQ5STptIH2gFmIdG5aeT0yRmFKE91xXNICO+OHEemJEBPsunq6VysmCPnIL8s3EksAXsd/kEGZZCi4ocmzx/0FYtrrOM4n32tTqJwGK8zeNDVp2N3uBxeFgo5MLaLVX2Kw69PKti/YaCxqocQ5FjHDSOVUTYga49zHiDkInXm2zVFTZLsavtOsbcgRlzHy175SvLYf3qTp6DvQ/GMZA8/0oXeeBPUiwAyxn+S6jyTzkZbyOvQzX6ww7xEHppa+uJH8feDVM9cwOcINApLz2mvD/CK1sBJFaF3a4m09Yd2p5VKhkmE2SvBaG+PoSdq/eW+/pg==
+dns1.nic.cymru.		172800	IN	A	213.248.219.3
+dns1.nic.cymru.		172800	IN	AAAA	2a01:618:403:0:0:0:0:3
+dns2.nic.cymru.		172800	IN	A	103.49.83.3
+dns2.nic.cymru.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:3
+dns3.nic.cymru.		172800	IN	A	213.248.223.3
+dns3.nic.cymru.		172800	IN	AAAA	2a01:618:407:0:0:0:0:3
+dns4.nic.cymru.		172800	IN	A	43.230.51.3
+dns4.nic.cymru.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:3
+dnsa.nic.cymru.		172800	IN	A	156.154.100.3
+dnsa.nic.cymru.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.cymru.		172800	IN	A	156.154.101.3
+dnsb.nic.cymru.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.cymru.		172800	IN	A	156.154.102.3
+dnsc.nic.cymru.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.cymru.		172800	IN	A	156.154.103.3
+dnsd.nic.cymru.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+cyou.			172800	IN	NS	a.nic.cyou.
+cyou.			172800	IN	NS	b.nic.cyou.
+cyou.			172800	IN	NS	c.nic.cyou.
+cyou.			172800	IN	NS	d.nic.cyou.
+cyou.			86400	IN	DS	19927 13 2 2079B2824EEE39EC9AB51F32B199A6BCC68162CA56BD12C2740B8C800FC611C4
+cyou.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tVuLSAhCSj8QoXabtcz/K5lwITZ8mpBTiR+mUW/vfzIjI4C8iXlxvnF1hc/n1C1gb2scU/qKu0Ez5CiPROrt852Ao/OnAUQszZDZwfxHsvBeVcULRjIzbXtS2aERmh1TL/ezpkh0YUjeEzDJzo5OFKW//FADYBzh6LxyLudh2zdXtDLpnOCna3ZOjPLeaDu1yMcUGoDr9/9zIUfFIUHSqs1NZHnDYQhYGvFkQ1oPpBIQCRtodRQEddFxiF9jqe4nO/HdWuFgcs+4nJt6CoHrelxCDhxspLSg1xKXXJvsJBaBIU5QArCGTpBKGh+lLNOE2NmgTsot9RTAk1kgKF01Hg==
+cyou.			86400	IN	NSEC	cz. NS DS RRSIG NSEC
+cyou.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z+6xM3NG/7tzFEqgojcFye7cvGlUFPmHDdbX/Jb4uNrygCxnSAnPYRfahyG3CrHrGO/eJ92kNSUuuFQyO4UcsWwrdFhcORWNFZiWfjCD8UQ9eLpwFe7BxR4arYyN0tF6VQ+5HWNYQOB5sDLbt8k7Q9mxHx/5ER7GtTCYhONmSsRhNpmpplW2kwdvO4hNyyDXcpeM/pz6PHLWNe9K+nYDLtRQFqx0eFy7+bYtrCGAredKg4riuH19uPqB3M34OhWc7jGJld65y7HZmDWRvIs7s166MaNWpeYKv77ZpmYSUX4zOZYMlUy5XKdzWOAqanKPN//KFGob32X1sRo+Vf6nhA==
+a.nic.cyou.		172800	IN	A	194.169.218.120
+a.nic.cyou.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:120
+b.nic.cyou.		172800	IN	A	185.24.64.120
+b.nic.cyou.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:120
+c.nic.cyou.		172800	IN	A	212.18.248.120
+c.nic.cyou.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:120
+d.nic.cyou.		172800	IN	A	212.18.249.120
+d.nic.cyou.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:120
+cz.			172800	IN	NS	a.ns.nic.cz.
+cz.			172800	IN	NS	b.ns.nic.cz.
+cz.			172800	IN	NS	c.ns.nic.cz.
+cz.			172800	IN	NS	d.ns.nic.cz.
+cz.			86400	IN	DS	20237 13 2 CFF0F3ECDBC529C1F0031BA1840BFB835853B9209ED1E508FFF48451D7B778E2
+cz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gksxAF48Ac1m3WNpRGRtRVytrsk+9YrSpU+SZiyQ0z5uEii4zM2lNCzi79Q7ojLfYqaz9GH7VnppgUH8QcHn3WeerC2Ia81hI9Q6voj1ps8f1cQKM3pXgL2YqF4FsuTILyzAmuzFdBUSVZsoE1qRxxOYtj7qJV84/b2ZCfvOBLth/l6pP2Wz2/G2RYJy4q79Rei/ss/3ydAYwRDk9Zw3LtMLngjGqRvDn5incxL7tJsIimUFdlHRDlT3xzxE2OYbxYvErkprU+E6N4Sgo6unYLkVw7XE8BimxQ+OK5OuPn/JZR5Qdc393QRnm1R9f077CjxgrTrPP2Y5g88xpL9nkg==
+cz.			86400	IN	NSEC	dabur. NS DS RRSIG NSEC
+cz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . u6eqLyIwlhdEp7KsSduGEFrJDy3TckuFhtKvfS/qnsndFZ/nZy604HTTpGJRO966moeIWqysPyUB2lqSzQ0qoQPGtMVHd2ynC3Yi3mb6F6QiaAfqJJBPUqU/eDHolhgCJmejqH2qFcWJ6Ep19sxAgMbvl2pOk+sNZUtt1geUdKjgwsZdsujYK5kO9cmV8gfYRKiFs+8k98akhuzcv6TADJi5NlIIRrjFkQZPbZzDn4K4v7NWEm8XAh8P4PSdz5p8A6o1iIKLJKyJKGVireOjUt29av+rg+9+SDi9FYn7Mptx7OPZn5S6EaEdKELHHhGzTd4ebn4lDS0xgMbi16EmMg==
+gt.anycastdns.cz.	172800	IN	A	185.28.194.194
+gt.anycastdns.cz.	172800	IN	A	185.38.108.108
+gt.anycastdns.cz.	172800	IN	AAAA	2a00:fea0:dead:0:0:0:0:beef
+kenic.anycastdns.cz.	172800	IN	A	185.28.194.194
+kenic.anycastdns.cz.	172800	IN	A	185.38.108.108
+na.anycastdns.cz.	172800	IN	A	185.28.194.194
+na.anycastdns.cz.	172800	IN	A	185.38.108.108
+ns1.anycastdns.cz.	172800	IN	A	185.38.108.108
+ns1.anycastdns.cz.	172800	IN	AAAA	2a00:fea0:dead:0:0:0:0:beef
+ns2.anycastdns.cz.	172800	IN	A	185.28.194.194
+ssnic.anycastdns.cz.	172800	IN	A	185.28.194.194
+ssnic.anycastdns.cz.	172800	IN	A	185.38.108.108
+d.ext.nic.cz.		172800	IN	A	193.29.206.2
+d.ext.nic.cz.		172800	IN	AAAA	2001:678:1:0:0:0:0:2
+a.ns.nic.cz.		172800	IN	A	194.0.12.1
+a.ns.nic.cz.		172800	IN	AAAA	2001:678:f:0:0:0:0:1
+b.ns.nic.cz.		172800	IN	A	194.0.13.1
+b.ns.nic.cz.		172800	IN	AAAA	2001:678:10:0:0:0:0:1
+c.ns.nic.cz.		172800	IN	A	194.0.14.1
+c.ns.nic.cz.		172800	IN	AAAA	2001:678:11:0:0:0:0:1
+d.ns.nic.cz.		172800	IN	A	193.29.206.1
+d.ns.nic.cz.		172800	IN	AAAA	2001:678:1:0:0:0:0:1
+mw-e.ns.nic.cz.		172800	IN	A	185.43.134.10
+mw-e.ns.nic.cz.		172800	IN	AAAA	2001:148f:fffd:0:0:0:0:10
+tz-e.ns.nic.cz.		172800	IN	A	185.43.134.11
+tz-e.ns.nic.cz.		172800	IN	AAAA	2001:148f:fffd:0:0:0:0:11
+dabur.			172800	IN	NS	a0.nic.dabur.
+dabur.			172800	IN	NS	a2.nic.dabur.
+dabur.			172800	IN	NS	b0.nic.dabur.
+dabur.			172800	IN	NS	c0.nic.dabur.
+dabur.			86400	IN	DS	12355 8 2 BC18991E60B16ED8791D94EA935D83E9D40E2CBA9AC8B824A40191E5F5F50AE4
+dabur.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sEELQbe1LmoF4eBae4zHmocs+wS/sCcWTYP8yEWgIxtscMnFBekRfMDLQcSrndyd/ULBsb9NywiaDsp+bJntAOJ4BKIG/lZJ9PKDRoHCzJ5ustMXetCNy5kzKleuxbajhKRUt239Yxb/YXtomIy7v3a6PelZPgFCCfEmxgZE9GDu/BpLGn9nttilYCqDNsVEKXsUdxS/kOIkYxH4YBxG2/X40DOmpMnaxTDZ+OWOmu2OTi81jRmatnrc5ycIoeckQliowTRzizCn538VuD3bDvlmz6h4y8oCIWpfAlZh3VfDOyfqPBKsMk7ApCSAsUYQS/lgNmDiuxPigWGTN6t14Q==
+dabur.			86400	IN	NSEC	dad. NS DS RRSIG NSEC
+dabur.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AM7xN96giQWNN1bUtUPeJm8NzLFFg/CrW70+SzYF3THdXcdTLua+hJS2M2lnHed6SLWBKc8//lWsgUb8336v7q0xd0kYX6cgiTsaw8OLdzLrtjrftwEnchpSXm9B6Bg3PijN0zRQ5K5dUMTsaoipy8wk7QmKksIkT3EFAEYPrpcgUt3pxxXit2ORBL5og8mob5EmntLn003a2+wAmmGdH/SKF6LmItcBciRi1CWgHbHicsHN1Er9HWH0mA2tmjoFYcRkswGtPokjbe8wpocHV2exaCGZG6lZoLQVNytoQz5JSJvvw7UWeYqBwsjqKmkcvgXhoYx+9/3q6S7jb97jHw==
+a0.nic.dabur.		172800	IN	A	65.22.180.25
+a0.nic.dabur.		172800	IN	AAAA	2a01:8840:ae:0:0:0:0:25
+a2.nic.dabur.		172800	IN	A	65.22.183.25
+a2.nic.dabur.		172800	IN	AAAA	2a01:8840:b1:0:0:0:0:25
+b0.nic.dabur.		172800	IN	A	65.22.181.25
+b0.nic.dabur.		172800	IN	AAAA	2a01:8840:af:0:0:0:0:25
+c0.nic.dabur.		172800	IN	A	65.22.182.25
+c0.nic.dabur.		172800	IN	AAAA	2a01:8840:b0:0:0:0:0:25
+dad.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+dad.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+dad.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+dad.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+dad.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+dad.			86400	IN	DS	26870 8 2 E0CA4BC0FD88A68E2A90402FD62DA9F321940B79F5D1E01BA1141D2B5301D8F5
+dad.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hmIyxQEegitssBZGCM/AWMKZP6Jv/lQH2xn4T6O5k+qiETuu5pTxUD4lId/K/NwH3yE3My/4LxJoS0tRA5JYtPjcqNkh0aHc59VyM2F9PCnWgYhOxUrUplLRyI2/B3L1U+7/sB5H3Jrz7mzGvUnf3o2q4lGpjMSP+Qutp2C/rQAX41X67XYtt8648Vh0xnLC9T3T7xYSGz2X5LxaFpeW07WcAfF0b1GBC6+THppgYMRTkU3Nt5e9YsgS9BggJWXpEKgFSJXqoApeVs4I5Z4Kli+yYli6zqcp0QEoike486uROiS5K2ydT4X7lsVormcGDUrsuPrKzl9ZjYGB9XQLcw==
+dad.			86400	IN	NSEC	dance. NS DS RRSIG NSEC
+dad.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Trei7vq3hmOxl/Fv3pJoog76kaUIrLeKJpQ5Naxzh4nbTFC8WlIuT2K0pCnbdsDFaM8Vuk/HzI/gS+GJbQ0KsmbYCYueo6XcF8Rx8p095iFAu7K/NguiS2VS8eM5jXte7dcm1ovZpo281GyhWb5GKgSLCLpLCEMkN4gU4YhYJkb+hqxP4Bl+tzyzK+tSKniyUwCaUw4xiLHtngAVA46KmZeUWQiDq11pulb4bUyeRkbbmwfBXvdD563TyVceV8A6e8HfUyAA4ZhmvUKAB1vBxyG1P+nbPs9FoapAtncCMHTSyexew4iPlnShF/R/9tZJqhw1zd9iuD5k2g8r9nhULg==
+dance.			172800	IN	NS	v0n0.nic.dance.
+dance.			172800	IN	NS	v0n1.nic.dance.
+dance.			172800	IN	NS	v0n2.nic.dance.
+dance.			172800	IN	NS	v0n3.nic.dance.
+dance.			172800	IN	NS	v2n0.nic.dance.
+dance.			172800	IN	NS	v2n1.nic.dance.
+dance.			86400	IN	DS	22036 8 2 D2494CB312C97D6A1A075F55601BA62CB59D2672E23658E3EDACF4777BC614B1
+dance.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . H1nnrurV/R9kUr3Ao4rH4KBBEB0jc760Hr5h4jQciQ0zRzdHjeBK9vrnT6R4+queCURbpczLx4ykhFqEaStzhKyfyEVVA2KbtIWLmfiVgPMSW685V//hkVugQ8g9zDW8hh4QqZm6tV1dH2/Eyki6Ys/69sFeJt/8bChxU9ctaqmmw7twfX1vHjsBp9M7W2ncM+jEhedLb5Oolt9koxpVDCh8gHbMlI4TdOF0Wm3opiLucLfTDVq/HHYZ4agw+WobpGObWqsR822A9nUTMWxw4EZkV06144B2aLRUza8P1R5giGBIzLc7C75KNYoaZN+cqOZDovon1nCNd9fD8pFDuw==
+dance.			86400	IN	NSEC	data. NS DS RRSIG NSEC
+dance.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1GINjXlqHkvMfjokn2r+b8wIII1IXBZd0+Da+vb2zmsiIJRcnyP1gBTEm1bJyaPZjnV+tDhMGhxSDgJIzSOSVtV6R+MHDqGPGp+zG4U8BqzJtAaY2BJ/O1Yoa3vbeSDXOIaAnRiLVjf7zErU4/jmrmZLNd2zdZhsgx5G3vPBd1C9U7ySyEwWlcraYV3i+R/9DaZGh9/V+N8FvpPk9/MUWLTAEYg8e9GeznaTc6wXq4kg4gePuAHUn0sErOLigh5PvsTsH3xd3V6WHQFBaOhyJ2/eCNCFx3qW2yPuKDMpa0JCmY1w4M2EYJt9ycNODwegU/05HjrhfJxQvB83XtP60A==
+v0n0.nic.dance.		172800	IN	A	65.22.24.50
+v0n0.nic.dance.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:50
+v0n1.nic.dance.		172800	IN	A	65.22.25.50
+v0n1.nic.dance.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:50
+v0n2.nic.dance.		172800	IN	A	65.22.26.50
+v0n2.nic.dance.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:50
+v0n3.nic.dance.		172800	IN	A	161.232.12.50
+v0n3.nic.dance.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:50
+v2n0.nic.dance.		172800	IN	A	65.22.27.50
+v2n0.nic.dance.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:50
+v2n1.nic.dance.		172800	IN	A	161.232.13.50
+v2n1.nic.dance.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:50
+data.			172800	IN	NS	a0.nic.data.
+data.			172800	IN	NS	a2.nic.data.
+data.			172800	IN	NS	b0.nic.data.
+data.			172800	IN	NS	c0.nic.data.
+data.			86400	IN	DS	31144 8 2 C9BB359F8D99FB1AE7CF5A5972BD18448EE89775E7B6FB0BD19D3BEC970A4E8B
+data.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . M6vIzy+hxLPHnRdXzt3gsYhrnRG1LG7cCBdmwsvE+cSMj/lZiXlftk38Rsg/z97izKIYzutAN1/vDjoirJ7gq/Af6mvuDD4OI2cC9mYDv3KEsIFrju0yNZyKtNuOVRySEQz2IP0yLUj7gUlXGMuGv5ROZK5F5z5ep0n3H8FUrTAQKJkyiLyO1kZzb7jPD0LgLCurG8u46T0ucwouk90t5EJHIIT6pWAhuA2fa48gMK8vWbm0m6CvQK6jI0wZzXZscRX5i1LqRI5v719dJ4O5jjQVv3BYtx0Rudk733uvngoSAEmPTHShJerADym+Nfu7uZeV8HmfGvEp8y1YxafqBQ==
+data.			86400	IN	NSEC	date. NS DS RRSIG NSEC
+data.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r58sRvrrGDUQWDYgzAlnOSn5Svna3LLBpeLb9pjo6Mn4/X4/ULCqmoU9Qt58FbHfmdTmfTnfms/lxIB+AIt2XqElyywRnbmKfVLpmyLuCagoFQjRc4+DmkCw0fOhjxvPOM/Nwp2yMonvwLiIkUwbYR6amV5vBf2cy1dsTYXy/CaGoPeZ6AuhryoNvydFbFFvZ9vjClnb2oMFy4wxjgZNLbx8LryroXc+3XSQ+prXoZgABw0BWeNA+Gx5S7ouCW7Di/BIWapxdKMOQc8TgZwdBShIwIrIy0W+i7jcLiERuotK+gNWlRta3pf5M7GTnlJ+xlNxsI+JfM8/Ej4O5t8X5A==
+a0.nic.data.		172800	IN	A	65.22.96.25
+a0.nic.data.		172800	IN	AAAA	2a01:8840:5e:0:0:0:0:25
+a2.nic.data.		172800	IN	A	65.22.99.25
+a2.nic.data.		172800	IN	AAAA	2a01:8840:61:0:0:0:0:25
+b0.nic.data.		172800	IN	A	65.22.97.25
+b0.nic.data.		172800	IN	AAAA	2a01:8840:5f:0:0:0:0:25
+c0.nic.data.		172800	IN	A	65.22.98.25
+c0.nic.data.		172800	IN	AAAA	2a01:8840:60:0:0:0:0:25
+date.			172800	IN	NS	a.nic.date.
+date.			172800	IN	NS	b.nic.date.
+date.			172800	IN	NS	c.nic.date.
+date.			172800	IN	NS	ns1.dns.nic.date.
+date.			172800	IN	NS	ns2.dns.nic.date.
+date.			172800	IN	NS	ns3.dns.nic.date.
+date.			86400	IN	DS	17974 8 2 89F996CD425D64FBD8DEBA987615D4C3D8DE899F626643B4BFC6FA7BF8F996E5
+date.			86400	IN	DS	30325 8 2 B0A4309D9AD85D8050259A80A8261B1003251CB1D2F3C74AA30E09335AAF2501
+date.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nJR/QyTpsxxkioOK4G/riJbelalAUaE4odD01CK4qj6uiGOLmOaZt4FntdbobanLSJVQfobxXq1L0e+kMh99Yb7wahTC62SJo9r6K9XlrKIzptL+X6oL+DUB4tDXzTjabeuaw6T/cM0p9PDr3jcuPUBBU3AZTfemtLpzL1AsMF5dwPvCvjrRvAPwQEnor7gzNGuQrXVfMx3owAPrkf40xMTKA9ObF718KEz5iBiftDiENaUzfI1SqmyJCV4UO/AiSvJ/NZ6AT4TGIbjF3I1DPYmYTY5RSjcBRujhl20QK1rHLvvakp37ZMF98ziPZuisqTgbHlKAmgT2y4L+qMa7jg==
+date.			86400	IN	NSEC	dating. NS DS RRSIG NSEC
+date.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Qu1frG6cSZ5KC/5nE9CAwE6C/2BDkwowoV/yvxPxOYoCykbfumTycxAo+prvEWGir2fviGSPH+SzZKt2m4uv6MwlfyYt9kNZzCiGWanBR4ag9t7vnwbj99KkJhvPPBTtyf3tmd0RJ9xVW5kL2jEB4Jo+2Gze1W8jRp8xMpPztl3OCFKIjdCWV1Y3tRwHaAK5erGscxINWtocnnmEZGKF3cwRwKXa3CE1GtqUIQLQpd6pGJ/d8RKV2hL4LEFIUjmPqwaXbmaI0u8Sr6T/8RF13QAhgAoBq/Ky+V9zYl2de1m5byLbZc+tC9wqKLxxhd/9vWz8FK5PPxbSqC8Zm0r8AQ==
+a.nic.date.		172800	IN	A	37.209.192.10
+a.nic.date.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.date.		172800	IN	A	37.209.194.10
+b.nic.date.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.date.		172800	IN	A	37.209.196.10
+c.nic.date.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.date.	172800	IN	A	156.154.144.46
+ns1.dns.nic.date.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:2e
+ns2.dns.nic.date.	172800	IN	A	156.154.145.46
+ns2.dns.nic.date.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:2e
+ns3.dns.nic.date.	172800	IN	A	156.154.159.46
+ns3.dns.nic.date.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:2e
+dating.			172800	IN	NS	v0n0.nic.dating.
+dating.			172800	IN	NS	v0n1.nic.dating.
+dating.			172800	IN	NS	v0n2.nic.dating.
+dating.			172800	IN	NS	v0n3.nic.dating.
+dating.			172800	IN	NS	v2n0.nic.dating.
+dating.			172800	IN	NS	v2n1.nic.dating.
+dating.			86400	IN	DS	14914 8 2 46E07950175A552B198F6739926F1B881C5CCAB279839247684840018A9F4CC0
+dating.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mgFQX4zY5DCdALyeXm+Ahd2hCR276RBsqPEPJIEOMfhEQRFtrlDx1GHzLDzEwq0YiVY3pfaEyhz72LfYYGpIFEf/v3zUxA9Us+NN1tU+OJOba0ORBFOBeKygNMbcU8nuA7g/J+bf1/2cumBOSRWMbN8JVBmzyJyHs71xwC3h7J3Fmzp6DEBHJIcaNI3qUGcBpbWvbZxelgGeT7iYKDB3lBOcLrphjRwnRp82mF0bLddus1G22fmBvOOThZ4VM02DonQXQNKCaOsqYeWLCdxjaUVLMazfwh7wrGjHsLTTYw+DjdSiXE6lLdyflGGNSNTqg/69n8z8KxrFkyVVvkh6vg==
+dating.			86400	IN	NSEC	datsun. NS DS RRSIG NSEC
+dating.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . X1x6McTbDOIIR7EIjSKDE/Ui0KzTrZsTG6ncwCBzzZ0x8yvbNaJG71es6sd5CJDit4U/0J1F1qAQsJqyLhwGJDtDqmdnTTEjylElk+yYy8dVGeWkyoR8XDvjualILo6NAiLXDlaWlJ0vW67jnnySeu4U4r4QC3Gvf6FwyNvHELWIUuBVCjTDGzaGLF0ORDdjOK4tSR76kX7ZcbvUQ/4dLYBhnbY6ZHgcPAysAU7brreMpskBgEvIa+zJdzGvFgpMzwFMhkRb3sxAOukHDsSjbe/3dx9uCeFlK4EWqklgLxEsfodtCZV8nNtHFagkmJeTv447Q8gjwwRaQ9uMqcRY7g==
+v0n0.nic.dating.	172800	IN	A	65.22.28.28
+v0n0.nic.dating.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:28
+v0n1.nic.dating.	172800	IN	A	65.22.29.28
+v0n1.nic.dating.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:28
+v0n2.nic.dating.	172800	IN	A	65.22.30.28
+v0n2.nic.dating.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:28
+v0n3.nic.dating.	172800	IN	A	161.232.14.28
+v0n3.nic.dating.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:28
+v2n0.nic.dating.	172800	IN	A	65.22.31.28
+v2n0.nic.dating.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:28
+v2n1.nic.dating.	172800	IN	A	161.232.15.28
+v2n1.nic.dating.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:28
+datsun.			172800	IN	NS	a.gmoregistry.net.
+datsun.			172800	IN	NS	b.gmoregistry.net.
+datsun.			172800	IN	NS	k.gmoregistry.net.
+datsun.			172800	IN	NS	l.gmoregistry.net.
+datsun.			86400	IN	DS	11344 8 2 FB16FD51D18855F4127721BAB619CA805D69817A84CE73B90BE152205CA31A40
+datsun.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dh/yTAIwzIJ7rPDkquqV8ch4uaixNBPuc3LjtpGq7EW0aOMyB6paYDmIev/C6tE1USKIvxmt5jIOHne3aoJZb/bhRM3pK3zMlQbEi7B1rJkqH0tDvjlxBu0ubywQmUx7tYuN1wMi0W0OrSmri/a7hdlcDu07QRTjDzDR0MauBIbNkRxHfVGH2Dwv9IlU5Ln7rxaXZHXjTpZLQP6XMjzKdiVCMZLe7J7nIbOaw/PxuCM/4JXcPSR7c+7wIizydYnYs1lT6kALHhxPPV3EphCBPz+M1oiDssRfK/5ltwch5im8qQNYgedRqkArqUiIdopihNimOLjfaamjl3i1Gh9Hbw==
+datsun.			86400	IN	NSEC	day. NS DS RRSIG NSEC
+datsun.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nWewSCPziwCKaXosrcCmcobUM4hPnoMboqVw6RpHSE7hLDKBY4CIB1/59VadN6XsjhPA2RyIW3y9J3SfgB4W6/dHX35yI5KFpL/MKQUCiwgi3uCr3TDTYXQHyiHr5KdB9PXTHDyiKjJ8U2FokerQiWqDYeJakQN5OFvfAi12mSmuUvJSAZzEYEPUFwNI832Z6PWqxMxV3tqZ94MNSzGDIvuyJndZiccYJDcjAzS7cLH5btWJFbEre04QPWot9CbTZFgWAl6ahvROn42lOZJhYIexNmW7WSuKrOrBkEIaveLC3aoBEtL2ewPg3Y7L4UAIF2nPhxSE4f0+D5Yzew4kAA==
+day.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+day.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+day.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+day.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+day.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+day.			86400	IN	DS	41746 8 2 BCD63DA0F1195997A0EA25780E7B0675EC7877052CD6FE837E8F112C1FAD3886
+day.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mR1CkCuIGGtV+apxqZ5la6fZKfVfWkPdqnb6BWvwy1YF3ps6KY+UC0OOxSn8ZY0eGkXP02vefhNvs//3irYlSGwwAtFvI65ICBviwMbKG2fXKuvNqzNOmOfXeCZShlLJw/BXfjGTmD7byNatO+9RJC4UKQSjPkXbjENd5KYxbR5fuXeGHsS3cOuYUbjq9jnLl1DVT1P55hWS2niPXyNXf4auZ29sdNjGksH4tcCPGZa7De7f1O6emyDIt/Q3El5W93BKyGSq2+Yfomysls6KDUoXcWm4+qbLcgOmFsaI2t5z1yy0Eps+GUFMEmFs4xTS+/9NtjH4h6ANdhQVekvd7g==
+day.			86400	IN	NSEC	dclk. NS DS RRSIG NSEC
+day.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ljdxhPEvvgb0jgnKKadxq3ilzGpZP8Rs4RtdU9W/7MzQlux6dbNguSDHD6IcpEo/XN2SerVZ9ozYH+qJ1wuKRC2p/XBikWtp9pLCBN+HKNi4Kkg3MojfrbsjFbSV9SDOFpak8kRbeXx07vNDPyfpk9Qg9sioAUozoDvW9wkRThvmtKruY9eKFMKFiZHJyo42AgUywtPVlc/gso3Hsn+uMm6ONHBXx3nF9mxPyVQIY3jKjm6pbuWq3cneNWmdux9I0+FrsjsfFV8RMdTJ9Cm/ZatE6EI8DhXzfCfRlEu+18CFTPeYn4W1BMITTE/cneSJJHhstI3JrMlZXAyPi31K3Q==
+dclk.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+dclk.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+dclk.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+dclk.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+dclk.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+dclk.			86400	IN	DS	44237 8 2 2DB4B865E2A04B4324E6B5359ACF3FDBCEB10E9E2AE8597FF7A71B9D770A70E1
+dclk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vKXi4Qo3dR++gPMSXTWUQuqJG+gEgB6dhZZJHCpg7FKVqdyI35EQ+grohkTEG37iN0q6xnZF/tcoqrkxQ6vsQx/nnb/UxWPChMp65weta4bFAHnqvZ0z+1By+Kz7mHt5Apntfq1AlTT1h+WHbunQ3AgYIJ30utwLIcF4X+OGs3lf8vqNpbPLhC5PPTXxd0AGLYHfy9beoUcJLPvTk2pCzzGBPFjkWZsrnUm+Q9pMz0tQpC5zCPJvwt3GzPfZeu8B99gdqhII6c/ljFyPbOkD2ILhve3sveVuwPOd450fB8fLz+0D41yYEdJ0eAse+4wbqi2P1mBeo/M8g0R6swhoDQ==
+dclk.			86400	IN	NSEC	dds. NS DS RRSIG NSEC
+dclk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XAFPDux0nDrxpvI/jjJHh8UZby9efclZ7jPpSD8c0zExvb55UNyJwNnQEAkcaMBRUMEIKS9Zx8OcwkOdDHqXEDpHejxqrgZ1hSUnf5G40RetzHZs/d1BFybiP0YjcvNQDGxjQ4tOhbkgek6Zi+cOJT0JID8UU5dGBdirJEYgo12C95NjAmuHrbJB0wzZA4Lee5QE//uQt02hMeWtqHCtfVUck10lKWSqjLINyeeSF7brihp7VroJR0j++vy5UUjNDd4d8++3wTVFIu8IrameAb/8zUSwISguejqNlLe7SvnHGC/sT/0OowghxjA94UegExcwVFZ/pU691c9rlru5ng==
+dds.			172800	IN	NS	a.nic.dds.
+dds.			172800	IN	NS	b.nic.dds.
+dds.			172800	IN	NS	c.nic.dds.
+dds.			172800	IN	NS	x.nic.dds.
+dds.			172800	IN	NS	y.nic.dds.
+dds.			172800	IN	NS	z.nic.dds.
+dds.			86400	IN	DS	4084 8 2 653AC51723253E888C2887191E1F89C34C4ECEF2F18E4EEB247F1FAAE3AFC6B2
+dds.			86400	IN	DS	51931 8 2 13EF8FE3E8E2AFAE0A24B7453D086E2EB0DF7828B03A8AF18FCAE43BEC07FD38
+dds.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . taa8g4YQbcT95jUscm6dEotp+B1EbApvcsTyQInpU7TVxgFa/oP0fcjNAsIaRr7N4n6FjQOJa4TW65s9OPDqir0CEOCSYSS6y+Fk0dXZ3lR9nHF+Mms7lu0YYNhEMWzwSks6JKD/r/OHaBs4EP53etrdIA4FklHwO1CurrSzKcwU113L6zMWst/1v1hEKPPLU4EC5raZlFtmLs8fif5NBzzGagjZGCRbMoJzTKrBnuwHR+YxhdIP3T+wRfGcwHbJxP7eu2HW4weJEy2QnMepVzx3OFITWhmtFAOWMPQy/1x7aB0Lc81A6bRkvQcUQLLmR3+zDRzFZzKLR5C2+TzGBw==
+dds.			86400	IN	NSEC	de. NS DS RRSIG NSEC
+dds.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WIhfTBz/HV8Bsnu4ywGUvk+73vPMaMGpPYOuI92tffpU1t5Sb7sfY35JAUHYuAAG4jhHZDynYh68GwD1hFzMwa/TMtG5iWNp8a2FMmWgYH8DS4ZY9nz/wnhbCXzgP4AvxXFDXBWYYCt2NwRB6MXZbE77uGWAedb31Ty0uxN7XWpmXpS/lssnHzIqVFBmI2KM3RJ2mkun0JixWLLeWsb0JZcRBLkyjN4EmR79lAUf8iMJeiU/nLxzwAuqD3bDjomvlxeOArpZDgO8IqzStciIJfWIifrdi5EFN29M63nNlYxv+KywqDq1YsEdFRhjYr+WEf23cW/caTEifrcqyXg+5A==
+a.nic.dds.		172800	IN	A	37.209.192.10
+a.nic.dds.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.dds.		172800	IN	A	37.209.194.10
+b.nic.dds.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.dds.		172800	IN	A	37.209.196.10
+c.nic.dds.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.dds.		172800	IN	A	156.154.172.82
+x.nic.dds.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.dds.		172800	IN	A	156.154.173.82
+y.nic.dds.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.dds.		172800	IN	A	156.154.174.82
+z.nic.dds.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+de.			172800	IN	NS	a.nic.de.
+de.			172800	IN	NS	f.nic.de.
+de.			172800	IN	NS	l.de.net.
+de.			172800	IN	NS	n.de.net.
+de.			172800	IN	NS	s.de.net.
+de.			172800	IN	NS	z.nic.de.
+de.			86400	IN	DS	26755 8 2 F341357809A5954311CCB82ADE114C6C1D724A75C0395137AA3978035425E78D
+de.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cHmMELJxrmvmtn1XlvAk+JloM+85kYJ4aTAjo3HpBArT6jUcubmRcTgBUpi/uswCO1++TzsPuP6K0tbDYzphy59ZgOacXb1CEG3lFD5xAYyEaGuagdiE0xW+Hfk+CvMpK3095e522VrGXhNqxht6z+NxVxWMhoV8/5P0tyGLJF4aKnW6Mly+b1x2cLKd6L8Q1oPNSdqKzdu2WSCNDPqOlXrJnT9XTzDBND6DDrfHFGhyfqfD9fgKKyt/q2353a5fWGgdjMxgsh+W7B8tbxkRhv2iwJ9nLov9Xd4QGSi+4OcD4samFimHqfhYGAZ+APeXpt1TrBh653AO0mHt0MoG3A==
+de.			86400	IN	NSEC	deal. NS DS RRSIG NSEC
+de.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gkeE1LmfDw/bGcngiAfKIDB31l1mYpDLwqyFwiV7P9fTq/64NtQBCqb+cD/rNjrn8HxwArLsRTe7G7b31Sap7b2Nqjy3X5O4P5pfGSNW14pONpQUvrQsL+jJRq5j+FygBhVTeQa9oGZfq341WmO4twhbucRgtGeKnbsGd6hHXgy0ziz4EJ86Qfif4mwOLJvIBkxZg6m1HiOL4ZIv5/DZ8sUo1+y9/fc/rzc0xGej0EnWY9eNAYJPzN3uNstkygOUIW4+7O4JxNT0ZX0P+/8gPBTJG6Mo6bPlAfRRJljIiIw3+EvfP0zRIVfHOJxhbircxu56VGJOe6ln8jZEjKSeVg==
+dns-ro.denic.de.	172800	IN	A	81.91.161.99
+pr-dns.denic.de.	172800	IN	A	194.0.11.111
+pr-dns.denic.de.	172800	IN	AAAA	2001:678:e:111:0:0:0:53
+a.nic.de.		172800	IN	A	194.0.0.53
+a.nic.de.		172800	IN	AAAA	2001:678:2:0:0:0:0:53
+f.nic.de.		172800	IN	A	81.91.164.5
+f.nic.de.		172800	IN	AAAA	2a02:568:0:2:0:0:0:53
+nsc.nic.de.		172800	IN	A	194.0.11.110
+nsc.nic.de.		172800	IN	AAAA	2001:678:e:110:0:0:0:53
+z.nic.de.		172800	IN	A	194.246.96.1
+z.nic.de.		172800	IN	AAAA	2a02:568:fe02:0:0:0:0:de
+deal.			172800	IN	NS	dns1.nic.deal.
+deal.			172800	IN	NS	dns2.nic.deal.
+deal.			172800	IN	NS	dns3.nic.deal.
+deal.			172800	IN	NS	dns4.nic.deal.
+deal.			172800	IN	NS	dnsa.nic.deal.
+deal.			172800	IN	NS	dnsb.nic.deal.
+deal.			172800	IN	NS	dnsc.nic.deal.
+deal.			172800	IN	NS	dnsd.nic.deal.
+deal.			86400	IN	DS	1547 8 2 D803CD689AF6D85A8D11D95F330D35E7587831DC01F61886D4C47F3E5398AF29
+deal.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VzgjcTrzmPDQYGpFGnrhJGpYFER9d3++d1n33+1dIOHdifzHmYXZ4Y5TWknu+CBHUsc8W9oII8F9cDH32eok3qY1k2YTQI/fLoBWNuhzqZnwAWLjbG6qnouS/YKQyh5QIxp3WnQwVimIdFZOu5N3wJp8Cik397YBj3Gw7Haj5Q3XlnUojwHWgUV2G7HMiXhnGdLK0oZSdY2sKqaasLcMGsnN3xsKNie89VYiFEEHfydX/VILiVxj5fi1ZJDXgZN6+QFPxVYc9O9PpkxmazwGxFHxn60k9iCZmRq02Ab1bhmwnnih/mpY4ostFz+8DJc7rvotncl7VNDgGURl56D91A==
+deal.			86400	IN	NSEC	dealer. NS DS RRSIG NSEC
+deal.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o/OqL5W9h5wn4jAasQiQf+49dFfwa6EusIi98QoXCQDqoUZer1Sjze9vku1EBSk3qQa8bwaDLiEtwJN67zXUsC5uOkJ2yX0bo9uZejyKNp6ou5gNOIIKQ3LgL3GE3zbTEXdKQ2hCg360aP8moBRgAUQ392ZRs4dcz5EIlBXnWlHct0RPimVLTk7GUryGNaCvhb3/3loIjGiju86SijjnXQQHgemrOof7i29a6UsvO2Q8zP4a7K6TNgcPX4jqhACE2OTMfrDdoxsu9/7XdPHBX056qDyoJ4dxVP/OuN36twQMhsFFGZs0J2tA6BbSzr+JscU9kNBl8bU/aJY7YEDLIQ==
+dns1.nic.deal.		172800	IN	A	213.248.218.65
+dns1.nic.deal.		172800	IN	AAAA	2a01:618:402:0:0:0:0:65
+dns2.nic.deal.		172800	IN	A	103.49.82.65
+dns2.nic.deal.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:65
+dns3.nic.deal.		172800	IN	A	213.248.222.65
+dns3.nic.deal.		172800	IN	AAAA	2a01:618:406:0:0:0:0:65
+dns4.nic.deal.		172800	IN	A	43.230.50.65
+dns4.nic.deal.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:65
+dnsa.nic.deal.		172800	IN	A	156.154.100.3
+dnsa.nic.deal.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.deal.		172800	IN	A	156.154.101.3
+dnsb.nic.deal.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.deal.		172800	IN	A	156.154.102.3
+dnsc.nic.deal.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.deal.		172800	IN	A	156.154.103.3
+dnsd.nic.deal.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+dealer.			172800	IN	NS	a.nic.dealer.
+dealer.			172800	IN	NS	b.nic.dealer.
+dealer.			172800	IN	NS	c.nic.dealer.
+dealer.			172800	IN	NS	d.nic.dealer.
+dealer.			86400	IN	DS	31586 8 1 2300A755B90E6E18845757994FFD35D160F8B1C3
+dealer.			86400	IN	DS	31586 8 2 8C442BFE32DAFF402FCC59D26A90F5ECAC593FB6BA8A6396BD21686E3BD0D24B
+dealer.			86400	IN	DS	43516 8 1 E4209E3F2BFDBF136D547329F367AE9BD03A3BEB
+dealer.			86400	IN	DS	43516 8 2 AFFEE7DB437839677F9B16547175BFA4F22A0CFC0FC2F374AF5884C523EFA54C
+dealer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fQhQ8JEDzVmaqYU5fWNWWAbQIAPGAS/T+kEOhVAC4TwpUI6J2Ea1/4jqiG9GLIAztAEqngWR0tXp2mYR1W1817n0k+SPCeZJebynTWLFvS/j2dA1SM9PCTIi3p5ZbwI8QzQXptkx6ZKTCMxfdDRgJMp8JJMaGLDW/EwxdTbpKEJ4YWmviaptWH7319BRdN30huoplumrhZ1AohEI0RnnDTAYahil1MIeFEUJ1FSNB82fI8W+/3zIGOXYyRLwyRM7Z1LIj/RrA7owuNHTrdp60wLqSguUAnF4w8SgmDXA4Bejf4ynk6tdebBhGe/JSkUFaKcVxLqSP1xg76+Iyzdk4A==
+dealer.			86400	IN	NSEC	deals. NS DS RRSIG NSEC
+dealer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U1gcVNvEt42264YDg9aPfR4oa9/nPey6uyatJFeL6Ax+GestX18qjJHGqrbpQNXZSRIk1kKJxzvcoRiO9qodcw4ZtirU3W0UJ+perFTwbCJlGiWEv7zrZUwYU7ojKH3esk+BdphvcHqnBDtk7sjF9NjP3L0c3wFbEv7ZLHon6WTdRUwRtBo+iORpK9ZJINJ+emqn4bkGvDABRts2vcG6bpfphuHZoNOhOWksL83cVpTL8MHC3Ny5pecd7y2bMK3nwyDUggdfkPyWI06NtnP8JHkNZg3pQjcYhssYw7LbSghOp1VqYCAD+xwDN/NNiVOBC0nbcGZ1rJaP3wMjj/J20w==
+a.nic.dealer.		172800	IN	A	194.169.218.138
+a.nic.dealer.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:138
+b.nic.dealer.		172800	IN	A	185.24.64.138
+b.nic.dealer.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:138
+c.nic.dealer.		172800	IN	A	212.18.248.138
+c.nic.dealer.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:138
+d.nic.dealer.		172800	IN	A	212.18.249.138
+d.nic.dealer.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:138
+deals.			172800	IN	NS	v0n0.nic.deals.
+deals.			172800	IN	NS	v0n1.nic.deals.
+deals.			172800	IN	NS	v0n2.nic.deals.
+deals.			172800	IN	NS	v0n3.nic.deals.
+deals.			172800	IN	NS	v2n0.nic.deals.
+deals.			172800	IN	NS	v2n1.nic.deals.
+deals.			86400	IN	DS	32710 8 2 79CCE4262F66137FA812ECEFE1BC11046A85CF728ACA6BB5F6DEFFFA61A506C1
+deals.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . m0It9GXXiDtIf2uctYwWq91V4umQnc/vkRxdxJ93JCHQxiI1NEgNqn+n3hXIAYtTNfl8YEEb8CN83W2OmtgkNSm6APuU7EXI5PU2wTHXKDMwYaBMEz2Zr1dhcuYxvBRlacFziupaswgo1mTyyQqQYy4x4Vmtf3tlXfSH32b3LRvmm5QMEnzaADO25Zml0WOhXd2p10fH7mT3fy4K1OWjP15U81M+8Ozzkw4F75IVc4xVEx/U9cUg0QNFsFasTpy9eIXazVzdGdHc7Fzk2g5ZaGNNMBjdUIvzbS85JjV2ljH8eaTMT22KsingZr7b4VjYxsm91FvRu/kZnonzcaEpsQ==
+deals.			86400	IN	NSEC	degree. NS DS RRSIG NSEC
+deals.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CUqru7wDT4dLuXSTmF30ptSd70nNZXskmkrwuPKfNgFLs9fuDRCCwirodpbRzkAKv6oc3apV5j9bj3IvHxEa0+2K5oeexMaQ3mheFkjnDG8KIAtTZ91XEpDm11g0ec99UJ32UH6E2EKjjx3+iBDI395B5VekBQEiMGR1aE47eI1HWQYr3k3eMwF6U1XVe6Mlc+DNGC7eWioav75/1Cae1xCW+IpkWBsBN4emRsyfYsilg+kESNRnRczWcCi1gOpWEqGC77SD0sqMGJl773rbWQXNw8VRQuTTquXKal6Fd17F+7CFMiRsqpO2+1GHPxHJFp0215PYo2/PkEoWg3mhZg==
+v0n0.nic.deals.		172800	IN	A	65.22.20.15
+v0n0.nic.deals.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:15
+v0n1.nic.deals.		172800	IN	A	65.22.21.15
+v0n1.nic.deals.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:15
+v0n2.nic.deals.		172800	IN	A	65.22.22.15
+v0n2.nic.deals.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:15
+v0n3.nic.deals.		172800	IN	A	161.232.10.15
+v0n3.nic.deals.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:15
+v2n0.nic.deals.		172800	IN	A	65.22.23.15
+v2n0.nic.deals.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:15
+v2n1.nic.deals.		172800	IN	A	161.232.11.15
+v2n1.nic.deals.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:15
+degree.			172800	IN	NS	v0n0.nic.degree.
+degree.			172800	IN	NS	v0n1.nic.degree.
+degree.			172800	IN	NS	v0n2.nic.degree.
+degree.			172800	IN	NS	v0n3.nic.degree.
+degree.			172800	IN	NS	v2n0.nic.degree.
+degree.			172800	IN	NS	v2n1.nic.degree.
+degree.			86400	IN	DS	64015 8 2 A0EF2C85BF1D4F53A28654036BAA10E5E6C124F4FDB4E46B2F05DE8BBB07E6D7
+degree.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sNQek6MFyA40p0zyg3gOd+M+Cb2L8w4LZsA6uKh8hI4BLV9Kcd6HaQI9Gvpe0EgzXZ0wyAJFLPTK3slHpI83TkPeAbF4CFmaugLS5wg6a9htfDqT58j1SE56BQoFTNHWXNc2dH+ONK51uku/YqDCkkRm5Gw79cYiEqGHI8c5CYvb+whgGKxxDpcI2TSBMNmvfmFq054OH7mYRswF+eEdsCrXRcvDbZwzUI75F8aUIMj0J59qwXFXsL2J6NousDfbHSr/gf+1kcfj6/tWRzCGdWKSGN5Pw6+H4pd5EnoUekbYSitGIxsvYX00nHV9HpyLf+F7NoJEjffH22MV2ovhzA==
+degree.			86400	IN	NSEC	delivery. NS DS RRSIG NSEC
+degree.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o2igxhCLqRVcgzW3pNr18+wtIz0uFNE6GVjrzxFL64HJiEIDKao8/iFS9C2C2353Nq8W/zk91WAnSoWLSqZyDgYqIfHsLdeqYvcytRrRGOP07lapgqP7VPmDj+qQ/p4VjU4t+HM9JlU3PDIVZHlTXMMyOtj6fqenQZoCNoPSt4hJ275NcZw0XtcTflPFlus+w0sruc5qBJA9Oirqc4E5bfB4OZnueenX0oTrovbC2dddIAydvJlAhFkVF4PCLlh6PBCNbMPG9kG/5+o7I4xFnDMWkSxhSfXscb+sCuam4VStZ2AWG98/uIfQRg0m/sORe1PrtCRhdF9fJproeO9ysA==
+v0n0.nic.degree.	172800	IN	A	65.22.24.61
+v0n0.nic.degree.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:61
+v0n1.nic.degree.	172800	IN	A	65.22.25.61
+v0n1.nic.degree.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:61
+v0n2.nic.degree.	172800	IN	A	65.22.26.61
+v0n2.nic.degree.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:61
+v0n3.nic.degree.	172800	IN	A	161.232.12.61
+v0n3.nic.degree.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:61
+v2n0.nic.degree.	172800	IN	A	65.22.27.61
+v2n0.nic.degree.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:61
+v2n1.nic.degree.	172800	IN	A	161.232.13.61
+v2n1.nic.degree.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:61
+delivery.		172800	IN	NS	v0n0.nic.delivery.
+delivery.		172800	IN	NS	v0n1.nic.delivery.
+delivery.		172800	IN	NS	v0n2.nic.delivery.
+delivery.		172800	IN	NS	v0n3.nic.delivery.
+delivery.		172800	IN	NS	v2n0.nic.delivery.
+delivery.		172800	IN	NS	v2n1.nic.delivery.
+delivery.		86400	IN	DS	60874 8 2 B647A584112E0F531F2A28AA94B345079D603BBB409E11A55A16F459C60AF4DF
+delivery.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HuhFKrdAj2AJMEGSHqGTsFITLJqlPIkMXq+YMEcaKyi6SzOmk6Uverbe38dAZE95ZFPZMsL31bfx8cQnLYnBOWlSRWM1jWiwD30DVCjNmBFg+JW85VKwM+fohdyafcte6Xl1/Y6frf7jheIEasshmMuwy94YEnTvgUcvtH4ZwIgEaTqHN5xwHYlH53+8C4Rg2m2mT5KX3WZrpYo2eW++SuZDyiFHG9XylJ58mZkFHw+ZCHna8gFcQFaQJU8FlDYdDM/uZPOhv4MuDjD+yVCFjGrZerYz2yNZ2wk9S9hisjJ50EIuMZ0+RvGSJRZOFrTPXjH74Lt/DyUzlY6eToTmBw==
+delivery.		86400	IN	NSEC	dell. NS DS RRSIG NSEC
+delivery.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SB00XDX8Nh3TF4f2QOjANVtUkzLwH7IkmIGzZpfZPPRIFsJWtavqLFNCYVYkVQ+5FzLqU+nSqcAR1VlEe9R7dSe5wpOdevI8GJ/eLPZRVS+oOfAW0K7D8yeG15AkZfB8nsh2E8B3iY8Np6/CLnUua9DAdG8UOole3VIBg+Oy9Xo90c4WO8t4NXdKVTp4bJoLrxLkY/5CN+QhpXJddZlLQ6X0at8eh/RzjcDJ63Pa7gpXFLKhmbtnsi6rlkvu+3zPGTg5gvGEJ+D+WxDZoKc5SUyb5Oindxy1sMmdySoKUOtJ1+WLNEx7DMDzM2ZYi+/7XOqvbAueRgekqT17ezq0fA==
+v0n0.nic.delivery.	172800	IN	A	65.22.28.48
+v0n0.nic.delivery.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:48
+v0n1.nic.delivery.	172800	IN	A	65.22.29.48
+v0n1.nic.delivery.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:48
+v0n2.nic.delivery.	172800	IN	A	65.22.30.48
+v0n2.nic.delivery.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:48
+v0n3.nic.delivery.	172800	IN	A	161.232.14.48
+v0n3.nic.delivery.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:48
+v2n0.nic.delivery.	172800	IN	A	65.22.31.48
+v2n0.nic.delivery.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:48
+v2n1.nic.delivery.	172800	IN	A	161.232.15.48
+v2n1.nic.delivery.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:48
+dell.			172800	IN	NS	a.nic.dell.
+dell.			172800	IN	NS	b.nic.dell.
+dell.			172800	IN	NS	c.nic.dell.
+dell.			172800	IN	NS	ns1.dns.nic.dell.
+dell.			172800	IN	NS	ns2.dns.nic.dell.
+dell.			172800	IN	NS	ns3.dns.nic.dell.
+dell.			86400	IN	DS	3580 8 2 44C5F896B1F96A4B5F85385DDA8648E5F050D94CF53B244D243CAA0877A5A3C0
+dell.			86400	IN	DS	22471 8 2 3B9DEEF2F217EE45D415525DE6979D780F2AFA1A1C95B8F2F437BD636CFD2095
+dell.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . neRsgEkHhMp7TvIum8wXD6xKTQDSUEJ3bWNvGKbDHaTzppeESosb6OikQNtQwwGxM9Zhru6aMhPGoNU8ZwZ8UjD3mqrqqW1J1RdF1klyJV0GdGFI1+iJpasVmGRrQffJi1vSPzNXFeyTF7SIqPr1d6xyWdm6Quo7hAiEKwaKxP6K3NBOeH0E1fHUlZPy013sJIrsi+B3NRRtz1oQHj7NTembjGnQW4jX/Oe37jZD/QP335Z6iZ644UAsyM9Mng2Ykv399p92XEf8/m5OnfcyQnCskNYczK2PrztQFFbwpZOpW47IzUhi4oXlZcYMOAE6Y4JtZrRRRJ55qh2a7gBvdA==
+dell.			86400	IN	NSEC	deloitte. NS DS RRSIG NSEC
+dell.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gjwwxOcjR7hEjWc+8apNCFM8C2ac3mF4w+ti+E9LWhMMynka2glRQypyDj7UMPamxlJq4X0bDo3TKLj1bxhGRqS7wiQuJMPFmMRrFBLwARlJKS0Q0/IuK5e2mKBoV8mRV0pgXj+JX+EmKLj0KUC13eiANDN+mtdg5Yfd06iunWgUh/V3z8o+zu/zEz8LOEeP5Dsf4t5ghUQfj53rch2L3acW7k8pm8lv1XsLmUyJa1W3eJOKu16u7pqlWFX76vjwdM9iYIKi7peamQarzWN/lmO+7Yd9MkAKLy4tavJILZaOOdzSK5UDilpcvS7EUzvduCiWkEsJLp8tqEwZtbl7mQ==
+a.nic.dell.		172800	IN	A	37.209.192.9
+a.nic.dell.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.dell.		172800	IN	A	37.209.194.9
+b.nic.dell.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.dell.		172800	IN	A	37.209.196.9
+c.nic.dell.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.dell.	172800	IN	A	156.154.144.47
+ns1.dns.nic.dell.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:2f
+ns2.dns.nic.dell.	172800	IN	A	156.154.145.47
+ns2.dns.nic.dell.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:2f
+ns3.dns.nic.dell.	172800	IN	A	156.154.159.47
+ns3.dns.nic.dell.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:2f
+deloitte.		172800	IN	NS	a.nic.deloitte.
+deloitte.		172800	IN	NS	b.nic.deloitte.
+deloitte.		172800	IN	NS	c.nic.deloitte.
+deloitte.		172800	IN	NS	d.nic.deloitte.
+deloitte.		86400	IN	DS	29626 7 2 456B29B8B2F010F1159BD118E9A3E9FCB29E385E3BF206199379A65E5BAA7F7D
+deloitte.		86400	IN	DS	41922 13 2 FD71F550C4E968F52E85DFB13EB0DA6068B0FA4970ADE6CBF96300C872A90998
+deloitte.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QyhwyZL6/A682fuFfN4GzQ6E4a4Jd4Dl3Okhvw92h6CXz9ImejcbyB1XpWtLjcfyPAPIbe7nH3XSqmIZ/jblXn7xk4ivLIONYzZtjB4/2p0uy5Zfoh5nNUGSjnO8DDTQiSZDsNADl/nTG1bKASIQ4g2c5FsbPSwCDIeM0GEapnYTEcSRpavOp7GQtTSh29dm6wIIHSUNXtuyDfScKdlElh4EFxLWtJ8C4U3TRe6yasx5OJrsprWUhaGsKgZCf1LMaha2iVa+3QBKwUUvGKAYDATS6I7ieaoMTJ8JF2o3i0kzaH6boX85fK5DXSfvVMKqJ6NhecPP0I5uKJvzr8RN6g==
+deloitte.		86400	IN	NSEC	delta. NS DS RRSIG NSEC
+deloitte.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Dqj5jV+YujKzZaihO0Y6x9mWmTXnjzhoSfxDuC1iZ08P+SJAgdG+bvnzOCA9o4C9YsxGnPeSLIQN6BE0u0PDGhBrgLz6XQIWnh5ylZEvyczOtyDQVravZu1SDIm6M3dsdW20dAByeKiuKZdFMKn0MPU/ShaaAseyR+7jQB/nWh8LTZGKFg3mOF9UkVR3vGt/918uuILW1GT3accNHrOEYXFaLaGPo7TCdwTRfGze+MJGmG5Jb9hF5FtWAIm29zmyTrRu7oiormMPNZmRVUp2UoUpLp1GKURRcsQmLlqB8NtxiS6VZdnofvLN0IYqV4V1LakqE18N1su6y8MeBtPFWw==
+a.nic.deloitte.		172800	IN	A	194.169.218.80
+a.nic.deloitte.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:80
+b.nic.deloitte.		172800	IN	A	185.24.64.80
+b.nic.deloitte.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:80
+c.nic.deloitte.		172800	IN	A	212.18.248.80
+c.nic.deloitte.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:80
+d.nic.deloitte.		172800	IN	A	212.18.249.80
+d.nic.deloitte.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:80
+delta.			172800	IN	NS	a0.nic.delta.
+delta.			172800	IN	NS	a2.nic.delta.
+delta.			172800	IN	NS	b0.nic.delta.
+delta.			172800	IN	NS	c0.nic.delta.
+delta.			86400	IN	DS	64069 8 2 88613E5643F713D61B4E642F2638BD959492C3E0D116FBE27AF764DC6C0ED75B
+delta.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NAzpvnnPuosE12PztSugjDjDih9mMYhOjlCQL+raZKkO/8ExQN5478KgfLlWXy2wkuAQ4oX+c9rkxscyKSaSFeNJuKSrGu67QfvNMPtq5Bt3hg5Yo2TekamKdXD/RrGz34nQBWoatwGDme7fKC5wGkml29B53NxT2aMCpyAXeTppDwDUosk4ZGKjanQJQmDiZxCz3QLoFZAVKpAAaA280WGoBmyB5F+TExr9lPtAwNnctzuDd8px14+tFNWhHuo8RVIQp1Ap1v2jrb6D9GeX89KdT/O3cnAStP3cOOk3HjUSLvhcduHcXWkoBkV6YQbgSnX/Mqt9Nmsyi04W1PuHiQ==
+delta.			86400	IN	NSEC	democrat. NS DS RRSIG NSEC
+delta.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FCuuhMKB99OJnY6SnTxESZif5aWYIi9WGf9Yye4cPcJS0oP4Va14Z1RZLdJ3ASeTrqlmBdwkXm37TeFInkRH2ns46RUg0YNMwYcI03IB7NiF340Eu7klXLLJHpJ/BIlJ7LyF6OrFhsiF/xrh1c5Sd6LKKWiZ+b52dBk7eLaAoKQTzk6T1dPynjFtk1SJBSha3cAeo4ikmiHmB8N2++lXY7tyoNoHObNI9lXlSAFdvj1rCWLwNx+Oi33ct8JqMQB2QdFAK+rDwc18/pVZ++VaeOBz++Q4dFNShCu0EgTNSGtNTK/JgQFHtzVuaPGjSMbcgLuym5Q+1vAelPj/VGpHqQ==
+a0.nic.delta.		172800	IN	A	65.22.224.25
+a0.nic.delta.		172800	IN	AAAA	2a01:8840:da:0:0:0:0:25
+a2.nic.delta.		172800	IN	A	65.22.227.25
+a2.nic.delta.		172800	IN	AAAA	2a01:8840:dd:0:0:0:0:25
+b0.nic.delta.		172800	IN	A	65.22.225.25
+b0.nic.delta.		172800	IN	AAAA	2a01:8840:db:0:0:0:0:25
+c0.nic.delta.		172800	IN	A	65.22.226.25
+c0.nic.delta.		172800	IN	AAAA	2a01:8840:dc:0:0:0:0:25
+democrat.		172800	IN	NS	v0n0.nic.democrat.
+democrat.		172800	IN	NS	v0n1.nic.democrat.
+democrat.		172800	IN	NS	v0n2.nic.democrat.
+democrat.		172800	IN	NS	v0n3.nic.democrat.
+democrat.		172800	IN	NS	v2n0.nic.democrat.
+democrat.		172800	IN	NS	v2n1.nic.democrat.
+democrat.		86400	IN	DS	32314 8 2 225235F8FD2305949050D93CAA91EDBA96FEDB42FE018D125CCC0373776F0725
+democrat.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sc0m4Ud2W7Jq+g9DFcptkDkmHp7zYqi+2HzEeroMVHJzMf5di2pd+RAoT76C78pJ2iGyqwFIl4VCjPqYWecTBydl8FbjSX9WbzfP4Cps+lQ2jLjzFoG4KH0XxgzUHJ7exGPc7o7zjSPgNTNBT/vmJrKtaCUgySRAwJ2Fdmiq47gBPtcx6K040jovI0WKhKokvdIo4GX4Y1p2eJ+tidAgm/aO3KCwhBySYPok7P46G406koew05YFdjjb4rLwo0OZXddXD3kYRpU7NYbcv9yKrEjZa2LMBFkVQtahL/NTsblgrLRlpgyI0gJQcaUsY4odOR+8bXX7DGZ+98TKEa1fkw==
+democrat.		86400	IN	NSEC	dental. NS DS RRSIG NSEC
+democrat.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . otaGtP92Kr6mAkd3isoXzRivXGnyBIe7L7WQOhznaT7NcnWDVbmA/8SegLf5PgRQvcJVBKX6kE3Lu9jcruGHR8Tm+vWiLP+fGL4foKI7tCYQr/M0MJ5eu+VmZ/xfV38N/Kl8WKzpoPqjb8FD7gcxP42+BxVlVuqcAEOMcosxPsNpZH2w8nIFushj0CTAQmGTcTDSP1K0S4Y0wB/EgimXQ+NdVhpnTlXlOGCwdDR6ZdbGZE6zKwt85x94LLZsEkiHUUtUVLM015VBCdwfh1nJBlah8NU0pPWyKPfyA9Qmnq/qN5w59nm7EfM65eO121tpo4DfxSHNuVbTkO1uaI6yQQ==
+v0n0.nic.democrat.	172800	IN	A	65.22.32.32
+v0n0.nic.democrat.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:32
+v0n1.nic.democrat.	172800	IN	A	65.22.33.32
+v0n1.nic.democrat.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:32
+v0n2.nic.democrat.	172800	IN	A	65.22.34.32
+v0n2.nic.democrat.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:32
+v0n3.nic.democrat.	172800	IN	A	161.232.16.32
+v0n3.nic.democrat.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:32
+v2n0.nic.democrat.	172800	IN	A	65.22.35.32
+v2n0.nic.democrat.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:32
+v2n1.nic.democrat.	172800	IN	A	161.232.17.32
+v2n1.nic.democrat.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:32
+dental.			172800	IN	NS	v0n0.nic.dental.
+dental.			172800	IN	NS	v0n1.nic.dental.
+dental.			172800	IN	NS	v0n2.nic.dental.
+dental.			172800	IN	NS	v0n3.nic.dental.
+dental.			172800	IN	NS	v2n0.nic.dental.
+dental.			172800	IN	NS	v2n1.nic.dental.
+dental.			86400	IN	DS	29074 8 2 D20A39CB427D7BA59A4483AC8E4E774A5D197DFA36AD7A47696501619DFD6B5F
+dental.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aQLn7rk9iB+X48ZH6BZX59AvuvYQ4x9ks8lBlqdtDijwp/024bou8mdiMNnkp1UIDz3mBRH0+sRukm51gBiYIe5sA8bHqPAYHWOUWsxsw1T095F0j3EshPJ/F4PDfDdjVC+8FRT/n7C0z+VLR/Y32EKPxa6T4dwVPXvwBtwRceB199P+0jvoqkNl7+Ot+hnWSq/8S6F83oOGkTAIzpD12XZW3morLFR5h5gPScMvNhUu5MayasvCEUz1uz7Q/jr8dMrBA6ZToUXWimHKJlqxyRLJ+KSMLZVEcpkLOKwXwKeFacBMwkk4RR/PJlkesmMDgtzLs4njPZRSk6K5FPYgtw==
+dental.			86400	IN	NSEC	dentist. NS DS RRSIG NSEC
+dental.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eu5xotUFbocdMPPtgv4eNDbabXK1kB8aLpzi+uTATw4kneoNhHy+w31XSsIuEYWS8/8Nmjw+Z9JmZeL7lungZPQvAgz3oUKdhSim29uv8gN9GSs6XUJ5g3pa0JyNi0XJQDpFaE2lW6fPWiwQeYAQ/qa7e+JWtd8OZ5nICxwV+x1Kr7Pbb/f7lslRPYlzuSm0EbtJhfe8xr2L+69+gE2b06HwUcic4ln5QeaVQBxErFnZSCPQbEv9FOPUdhyQt/OLyUQU4pLvmyxTfdPCEFXitEUD31PThHYJilwPx2YhzyKyfnnX4/Dt3O6de98UCjzQJiKih/uoOZI++EO4BaFGOA==
+v0n0.nic.dental.	172800	IN	A	65.22.24.49
+v0n0.nic.dental.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:49
+v0n1.nic.dental.	172800	IN	A	65.22.25.49
+v0n1.nic.dental.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:49
+v0n2.nic.dental.	172800	IN	A	65.22.26.49
+v0n2.nic.dental.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:49
+v0n3.nic.dental.	172800	IN	A	161.232.12.49
+v0n3.nic.dental.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:49
+v2n0.nic.dental.	172800	IN	A	65.22.27.49
+v2n0.nic.dental.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:49
+v2n1.nic.dental.	172800	IN	A	161.232.13.49
+v2n1.nic.dental.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:49
+dentist.		172800	IN	NS	v0n0.nic.dentist.
+dentist.		172800	IN	NS	v0n1.nic.dentist.
+dentist.		172800	IN	NS	v0n2.nic.dentist.
+dentist.		172800	IN	NS	v0n3.nic.dentist.
+dentist.		172800	IN	NS	v2n0.nic.dentist.
+dentist.		172800	IN	NS	v2n1.nic.dentist.
+dentist.		86400	IN	DS	44359 8 2 7FA7576377DD2904A2DC223D4D21C8D75B394F65794AFB21CDA90BF56C78C8CE
+dentist.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0werNtD7cz5z0o30RqPHEhAHCDmaC/bTZUEdzEIu8ZDE1/nHE4bs4ArcmjI3JE2k6p7bFg6VlmqzEsVc73DHWMk4OWP5+3Cn8JxcGfSGIK9D3SVhxR0vD+pptLQtxhvNOgt7hWdlpIEhOupSqIj4E2wHf+XGIxZNy2GInxRx3Yf69BuO6kBexmPZmEEvv7PnF/k7jk67LRa5VmyWo1rF3rbSznEtgu3UqEgkH38csOIluS1RH4iTbDks8V9Ir1E+4cgjMRrs0a8FBTFMG+92V5kIR5bNICPhnpXKhsKsc87FMakc/5RkXCE9ZskGTZr/z56XXUjCA7V7mljIa1W8nA==
+dentist.		86400	IN	NSEC	desi. NS DS RRSIG NSEC
+dentist.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qAgV6JIwPsv6Nr+Lywi4lbSQep5zvvcPIdwxZczki4Zbeljl0FEO8QCkFjDpVqMrgEyYcF5WZ+lAto5ftaGvL8QQzuznorkHyL95darO5PI6Ql71d+z2OoeaClQkVHW++WQqEBIh4kIqmdm9ZEJ2uQW6IXkTOtQVKixjvlhxUazwZdCt8v4oodl/CWzv41p5I7GNukJrXc3s+eIvACV0R2NIcFP8Qa4TlbTsJxD/sAs9pCWUqwVG2P/goef+uWNiRoBwBALf5UJQlF4iFyAhRMoI7UWtsf8Et4ZgKAFP+E+LgfdWRVjLF+MC1IvmxMa50HUiRV+SyBiIQ68h3g74Eg==
+v0n0.nic.dentist.	172800	IN	A	65.22.24.27
+v0n0.nic.dentist.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:27
+v0n1.nic.dentist.	172800	IN	A	65.22.25.27
+v0n1.nic.dentist.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:27
+v0n2.nic.dentist.	172800	IN	A	65.22.26.27
+v0n2.nic.dentist.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:27
+v0n3.nic.dentist.	172800	IN	A	161.232.12.27
+v0n3.nic.dentist.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:27
+v2n0.nic.dentist.	172800	IN	A	65.22.27.27
+v2n0.nic.dentist.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:27
+v2n1.nic.dentist.	172800	IN	A	161.232.13.27
+v2n1.nic.dentist.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:27
+desi.			172800	IN	NS	dns1.emdns.uk.
+desi.			172800	IN	NS	dns2.emdns.uk.
+desi.			172800	IN	NS	dns3.emdns.uk.
+desi.			172800	IN	NS	dns4.emdns.uk.
+desi.			172800	IN	NS	dnsa.emdns.uk.
+desi.			172800	IN	NS	dnsb.emdns.uk.
+desi.			172800	IN	NS	dnsc.emdns.uk.
+desi.			172800	IN	NS	dnsd.emdns.uk.
+desi.			86400	IN	DS	5621 8 2 2AE99319E83D075EAC0F4B572822E3685027038688B38CEB2C5445E09606F752
+desi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DOYlT92PR4MgAlwP191FFBKL1QFoHTEBspmk8b7eTYrjX7/IpC+l2MpvNt7aRDgvrVq8zyRs16mBXo0LySLSjhz836zdekzaS5Ky60aCyr7uxHvPd6SwAegIMVzUpvUFPYrRrnjctyfbacJdCr0BBrVAdAziOcWVzhOorP5ZJZPb0ITBRMOgEwXCc/oZRezyBAoqkZrs0Pa4GNfaGrAbLEOG5Y4DLICn7Jwk+Ko1nFW+8F0w3LPmfprdbTRMpMgTjJ0Hxax9AwXXGBuAj762qn60bKZ8Aw5dZkDhaVWNuUn1CEiMjGm9DKm+Z2GS/kFfkXUtUxHMGKCa+sPKWT4G7g==
+desi.			86400	IN	NSEC	design. NS DS RRSIG NSEC
+desi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eba8irmbD+tQD/1NbHnKOPIy6z52uDC6p7yr6wG1q04GNwGAfbFIzwzbkDrwq1GpSa0jXpLH4DEEUAXhds7MwG6ma/y4PIwm8mwHOlKGCFFEs7AfG25JCIpxWSzdz3ehBrEwq/SCQ2ZtMHz6MYcmJWtNxnfcQzUKnYtFEu+8a2sCQL1EUTv1NgKToUDtm6CYNXwxWxzXO7YAzR+ozkkn9on7lSJfoaflkvWeUqgyK/sNu7UJUjMA7Uyw4RrlQtM1j7c7VICk/21ffQweyj3RiUakblkOOk52UwShm28a6RUwV18n4/eBnn0L0gKqfctO8cqZeLH30zfzWAI4uWf8qg==
+design.			172800	IN	NS	a.nic.design.
+design.			172800	IN	NS	b.nic.design.
+design.			172800	IN	NS	c.nic.design.
+design.			172800	IN	NS	x.nic.design.
+design.			172800	IN	NS	y.nic.design.
+design.			172800	IN	NS	z.nic.design.
+design.			86400	IN	DS	27199 8 2 EAEC6E1B661B0264846FF8F70858CC63711F0627781386B9024360656679ECF5
+design.			86400	IN	DS	50422 8 2 400C06349DA05FF7C9B9D8C11857E8E9C3CE947EA05CC4C7C6DE878BF2A496EE
+design.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ktA0IDEMtXDOPsBlpoVNskerHX3oanoEQULpx7ynTULU7GjVfal9RwPsnrt/jTQ1bnqVhOInZS3XD46AlA3ioWaA2Vee0wFUFUz6l55mqYTTsl/BV0jyx4c7MW9Xt6KIqmikOAuE1O+3oGH/22BTyRbGV7itIrBzYZmVkTRoEexv3eoD1OHAzAL6IEsP9x1rW5yyioDMSrSEa8wp3CO2oVXHKAQFK9UVgp0ommvBp/0MKuH/2+7xNiQb4LpG+yIWwc/prTX616PWbC71P7k5lTA1Gri7ZuXOa2aKU+89AMhMeI8sOdVIJJY1QxZxrOq3NCEoxP1ziUAQPnAOs78U2w==
+design.			86400	IN	NSEC	dev. NS DS RRSIG NSEC
+design.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j9MJKUGWJ/zpMlvFa4el3szei0NVxIOrAHsZdz4QdoB9ZCdNBkwAWHmYHaHeZwk0X3A8RNHgMF5KbS9x7osrerU6g+jYzVREta16hMvKcpQYtjCO0gyDrYo5blMr/Oj3qql1o4JS6lPgt7NpcMgVuqXdpSZzab4hT0tsknDwNSNuJA38YQmQNwAb58PW8s5DkkbZMGDgYf0ZVyL59PitihRRX8azavugnA5i2nXMdVC0eRjYVWqxh6zK8frvQB4I18aogKRMx5nAsfwWYFHB0RAawXHHHvdEk+3qhRaaAEJH1iiVGUkJ4jPv7Swv1ACCAYdInuQgbxxdEthhEytVag==
+a.nic.design.		172800	IN	A	37.209.192.10
+a.nic.design.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.design.		172800	IN	A	37.209.194.10
+b.nic.design.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.design.		172800	IN	A	37.209.196.10
+c.nic.design.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.design.		172800	IN	A	156.154.172.82
+x.nic.design.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.design.		172800	IN	A	156.154.173.82
+y.nic.design.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.design.		172800	IN	A	156.154.174.82
+z.nic.design.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+dev.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+dev.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+dev.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+dev.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+dev.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+dev.			86400	IN	DS	60074 8 2 B942E2CE5AEBF62FCA59D05707E6DBB795211D540D8ADBA02E9E89E833424785
+dev.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VbDW5XY2GvUOiORi549M+Ze2Bb3JHIFJRc64u70PZyjNhPoMY7r+QM12yxqPUL1yHp/2ERGpCcGQUTUJptuDZJMf+HDC/+3e8bl++yWWHCoK7kCgMwQ76rG3nhMxqO0fc4yW8irSZP+qN2HK7LSgMGja96x6km178pTwuROWvQIaQBY4sagYLavdT++YFUgaTRy/e0u6R77FqO95bByvZzc6837jX/k3xCvfh4ng+fPx5P2y/DMrsj3orWOxxMdWCIDk3XjRJgcbnIdKIZk4kyDRomMwZd8EBMhim1Ovs2vtUUMjeR+8FOXPyYxj/OJOtLQUlposb7CtBndR9z47eA==
+dev.			86400	IN	NSEC	dhl. NS DS RRSIG NSEC
+dev.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . efeU1Q5CtA26oVryWBaP58QwAiqKRDYirkD/kP1C7K2UPVkQRnBMy924t4pfsdvRlJmJ4tMk0YKv50MZ5IkBuxhpazPtmDeQDDvqUanMSAChpg9xp5EJSUmZ/oAk+2yReB1dK/mFu5EMOPs/usYxURAxLFitUW/yHNHe0PG1Z0S0fNnZmWvn7HQVacJTBQ629yPUB1zIPEhI7mm7ze+u72J6n3Q0u+lLmyJ4Dyjf/0bu3hLEp363eQlc8srImh+tZBANSMt3aWRplnPJtvPSzCIszr8vC+zebXxW7puaZriCQlilcqv5Yj/8HjI/vtZsVO3MI3S7WnmEa230qiWmjw==
+dhl.			172800	IN	NS	a.nic.dhl.
+dhl.			172800	IN	NS	b.nic.dhl.
+dhl.			172800	IN	NS	c.nic.dhl.
+dhl.			172800	IN	NS	d.nic.dhl.
+dhl.			86400	IN	DS	31860 7 1 89FE558D6EA8DCAF797B2235DC3C246108A2B74E
+dhl.			86400	IN	DS	31860 7 2 BCD5350BD4181A15DE2FE9FB448AAE594DA19BFBFCE42AFC9D63693DBD45A4B9
+dhl.			86400	IN	DS	33051 7 1 E2FBEE1CC8DA9CE0BD4D74A688491ED1315D0568
+dhl.			86400	IN	DS	33051 7 2 8F83E4018FB981E5F7D18DF96549EC57B31A143C6F8A6D010038108525425B7E
+dhl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . goDsCiI0d1m+9cqPwYNn5LqvuIkOa/h0aaVk6XLlqRdr+YrAXtin40G1rIqyiPKemvGj6Xwa8qIGLEVz44w/4YA4T4Mtp6N0el1uJsbrBziCV89hsGyYkj9G2ysi4PAjP+kCzPE75Qo7RV+NSSeNMh7czTCYGbI4aaqPrgiCnnWhcOYH2QuHuKP/xjpRfFkUIBBJekH30TL7XfDPkEJ8VP8CsQBoo40NC7rXlQw39bDFlgbD0c+pfUmhKv/f5aJUw9rdaOjmrdvrb2GYQEObJH9TckvdV+MjpmnJnm4uy5asSt58GIEfF0nNKCT5G5LJB7JLSGbvgzI3GVx4tQvwAw==
+dhl.			86400	IN	NSEC	diamonds. NS DS RRSIG NSEC
+dhl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XuxEYqY10lqUY7feq+vWbxvuq+9JJ2YLens+K/PREbwwrxkSFgqaXdh7Rhbh2LsHBg6FH+TL9mRUFuoFu6a1yq+XTDvtDzioMQOemgxwffspm0o7C7o8FL6Nsi7os/72XG0mPWgSWRYlu4w3PiKvX67DfqdBRo/oCKNtHlXfByW7bmPUrGUUpUbll1mV2GHKkLD0FYn36Mi995h/e3jHrH/xmNBuq00hFD/YiMu8dqXETFd4+juctiPD4niP6SIshQWSyp5PXjKB5E/vgwG/IAzaaAEMwaOU0xldTLcA37OFo4oeFLzG0/qvrE20htqCtW3jtNS4nH8POiV0qIWiAQ==
+a.nic.dhl.		172800	IN	A	194.169.218.82
+a.nic.dhl.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:82
+b.nic.dhl.		172800	IN	A	185.24.64.82
+b.nic.dhl.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:82
+c.nic.dhl.		172800	IN	A	212.18.248.82
+c.nic.dhl.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:82
+d.nic.dhl.		172800	IN	A	212.18.249.82
+d.nic.dhl.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:82
+diamonds.		172800	IN	NS	v0n0.nic.diamonds.
+diamonds.		172800	IN	NS	v0n1.nic.diamonds.
+diamonds.		172800	IN	NS	v0n2.nic.diamonds.
+diamonds.		172800	IN	NS	v0n3.nic.diamonds.
+diamonds.		172800	IN	NS	v2n0.nic.diamonds.
+diamonds.		172800	IN	NS	v2n1.nic.diamonds.
+diamonds.		86400	IN	DS	112 8 2 E66F5D68588DF7BA7BCF572688355FC59A367276C3C309EBDB6FFE155D5A2FB2
+diamonds.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NeGs4hq+CMFWJ5gVQnQQWrL9vAviTT3xJMy2UnZqU1PnyHpyPjsikQlymBGDttC81GGzIgYqG8KKPNNvaBnPSuw5P6xRU1nQkokaO7xllVJ7Epl9aAFevvh/mVhKsopxZXftIz3MaVAcblPI1qGSrKzcot8Nl6Dn7oOUykiSkM8xDoL1WeRo0fc+zytEP8l/VGUEJt8+Z+7WnDXJnOUsa5X0bMIbycrKejxir4lD6Yirh7I6/pnrF+nmXKRf+MTDju6bHoGImDF5NRdg3F0bGAblPDhs3+AvnwvOCXNmGch16BFa3wf63YspyX892baOGH9I0cXEO/a/OJ68j1FGVA==
+diamonds.		86400	IN	NSEC	diet. NS DS RRSIG NSEC
+diamonds.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sNelVXS/4s9k7mAV3UY8YwwiLqqFAQX8W18gBvvZc9mKanKPv4z96aflugPXoGXeKUNVGGV2Sfz5pivb+gWd1fF6m3t+MSKCmSU3UC6Dxwh1f7KiDZyXzMa1JZWhDgxMThvCC5s7j0W6OhngKOqj2jFXx8G94VClz6LKffm+fT/A8lAzjOPFYiNhOGCzWCjFNBHKErUcFopTmTZnrCL2NOBLPbAchb2h6gkGrcGNxDaVT3nHbmGu3PQydM1scxRgTkoiGFMF9mSC9J/NP5/B7tjmOMXo39DIms4mENvggbbL8+gaWIKq81kKd5PiZG7CsR3E21yfvwwCOqSiwOudgg==
+v0n0.nic.diamonds.	172800	IN	A	65.22.24.60
+v0n0.nic.diamonds.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:60
+v0n1.nic.diamonds.	172800	IN	A	65.22.25.60
+v0n1.nic.diamonds.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:60
+v0n2.nic.diamonds.	172800	IN	A	65.22.26.60
+v0n2.nic.diamonds.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:60
+v0n3.nic.diamonds.	172800	IN	A	161.232.12.60
+v0n3.nic.diamonds.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:60
+v2n0.nic.diamonds.	172800	IN	A	65.22.27.60
+v2n0.nic.diamonds.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:60
+v2n1.nic.diamonds.	172800	IN	A	161.232.13.60
+v2n1.nic.diamonds.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:60
+diet.			172800	IN	NS	a.nic.diet.
+diet.			172800	IN	NS	b.nic.diet.
+diet.			172800	IN	NS	c.nic.diet.
+diet.			172800	IN	NS	d.nic.diet.
+diet.			86400	IN	DS	2464 5 1 58AB5506CD049DDD784C487957D5D87C44E238B0
+diet.			86400	IN	DS	2464 5 2 A2624874743790CB52066E9B50B06EBF915DC80355E2F9C10094295DE2ADDFB7
+diet.			86400	IN	DS	11962 5 1 5D42445C9C0AA2C65F6B9E23F90B3D5C30C4A256
+diet.			86400	IN	DS	11962 5 2 A3D113A8AF70BC8B9D35FC555A0EC7474482383FC4F73CA605F0EC498288FDC9
+diet.			86400	IN	DS	35167 5 1 91AADEAC68B9579FC6602CA5FCC770BCFB7536B5
+diet.			86400	IN	DS	35167 5 2 64ECE39F08B2542CFD13D6C484E25F29B2BB29FBA98E082DD5294F9011F73020
+diet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QIcWRSxTd7EM/JE6tyzsa+HfAsRkfiB+HqNbhZmTs5QrV1NNI43tDIsKI7UjDY7my8yZa1X8FW5KUuZNq0mjxKCMVF5k7jddLWv0i8CPvTkIBwgn44QmLeophykqHxVQmkxVYW0Ox2mUJ/C94wIPiCXHDNE/cihJ3o+kXWPvbe3r1rCGKgXyABfPCWtLUPIBVyX+oxTiKVgbiNZFlLwBLjUp2RgjXu2eKNO6bLx0i1HFketSE1QUW+cpSjvPcQquiUWYmDXV+tVKtuXro19fbWHWzLPug6pqbqyO8ETlpzVARvfpGB961hcB17SRTVSrP+Tz5ReWnFzJ4kMVla6hRg==
+diet.			86400	IN	NSEC	digital. NS DS RRSIG NSEC
+diet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Jycts6lL/ufO5OVSdW281PO/vSmV4bjs1tAJ1GlQWK7cT6vrxkzHACaDaOcu9RSNRsByGVCMc42vdd8tETgdR748Iulg7M+tBELGLRGEDPuTpEQ/1Q+H0VGkVqlZEW0TGh25BZ2nU3Xc/BW7O3nukPYwCO27kfF5xUH/05neV20k1hTa3DQJI/LV2PrpePv3VCUC5ykPZzYM6PmV4lyI2A8vp/du+XUt5rVbh0bxH4qHAZ5gw+iRHeuiEtzUpPrXOOhnkiGo3Ew2v9O9gBsJxxPI/uw6y8vD7XRb0TBnq8BVUplSjwWC0pvUSEyXWAOoEd5a/tMCGYb6J1tA6Z+CWg==
+a.nic.diet.		172800	IN	A	194.169.218.145
+a.nic.diet.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:145
+b.nic.diet.		172800	IN	A	185.24.64.145
+b.nic.diet.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:145
+c.nic.diet.		172800	IN	A	212.18.248.145
+c.nic.diet.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:145
+d.nic.diet.		172800	IN	A	212.18.249.145
+d.nic.diet.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:145
+digital.		172800	IN	NS	v0n0.nic.digital.
+digital.		172800	IN	NS	v0n1.nic.digital.
+digital.		172800	IN	NS	v0n2.nic.digital.
+digital.		172800	IN	NS	v0n3.nic.digital.
+digital.		172800	IN	NS	v2n0.nic.digital.
+digital.		172800	IN	NS	v2n1.nic.digital.
+digital.		86400	IN	DS	22126 8 2 70F9666735926ED661AC90BD6C0F9C2A7BFB6AD24F5E9A4892AD7D25D7E151F5
+digital.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Z0MVGUnhdZQsRHKI/cRRgGX1rct9gyc6y4sVvMW9IhzYduDsob+qJqmlecUWPu8dFefRRCawc9BPI1dL0H3zklkNLJ/L5HqtuUG1hDYdMgU6n733mhniKzZALIqcBrb84HVNSa/Q3TRMYfjQMbo+aUddP7A4Ux/k3jA90sKRiAgsfQQYn8HSLaLciRbbPkPanmxFiJMq6KKwPjDeNlyVQj3YXt9umRny0sbSVQJ2QSXth4bP3g0nR+pcbFlqKMnmUpTzhNK5KWu47CDwkK514vChx9zB/vtTawPNx2DnoTRyDXoKM5s65wRjuYibxVuMHL5xXHGKlsCbqOElvvUftA==
+digital.		86400	IN	NSEC	direct. NS DS RRSIG NSEC
+digital.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . s8Tgtjn/fY1C/Az07qNOklnIanaL/PcMVDUcyAnkP9L1jNufDjjzW9k5n1SF1ScRi4kiKYx8+87ncBpdWQGugtWHJOiMaQEo2O9eOG8eHNi+UlktFYoxFIvMnE28l88x8uiM7XUu9dWWQlsJ/9N7CwHVqzAQO4w1J7rghVfFgBIpDrDBVuG2gU1pcCa9pwH2+DYdVkaEC9DowbQj4FbaNj8iilpeIvxBWPEiQHk7vOiQ6e0NCD6LA1ACa98uQLi4pIH+GPHC83KR2yZs/dLR/fx5j6FpSCyY61W6cY0aWg0ESNOBTkV3OjHXKpVk1ufxR1BJdZ3UKn7YlCFXo2ddDQ==
+v0n0.nic.digital.	172800	IN	A	65.22.20.36
+v0n0.nic.digital.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:36
+v0n1.nic.digital.	172800	IN	A	65.22.21.36
+v0n1.nic.digital.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:36
+v0n2.nic.digital.	172800	IN	A	65.22.22.36
+v0n2.nic.digital.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:36
+v0n3.nic.digital.	172800	IN	A	161.232.10.36
+v0n3.nic.digital.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:36
+v2n0.nic.digital.	172800	IN	A	65.22.23.36
+v2n0.nic.digital.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:36
+v2n1.nic.digital.	172800	IN	A	161.232.11.36
+v2n1.nic.digital.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:36
+direct.			172800	IN	NS	v0n0.nic.direct.
+direct.			172800	IN	NS	v0n1.nic.direct.
+direct.			172800	IN	NS	v0n2.nic.direct.
+direct.			172800	IN	NS	v0n3.nic.direct.
+direct.			172800	IN	NS	v2n0.nic.direct.
+direct.			172800	IN	NS	v2n1.nic.direct.
+direct.			86400	IN	DS	29044 8 2 DD72F7EEC3B8CE0E6A278A6D560ABACABCDFF4A4A9062EB8DBD96EDDC910B140
+direct.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xxFwrpsPacF5+6SY83HUGXCwu5Joy0EEodLjANKsVNTj8VYKDv8lvafMy3VjjKONMwwJlRZfCFUV5sekm+j76EeC/mobFuXt0kS95tOO1CpcDiPvimZ9jTcP8V2IAtKbaak4Io96oV47tAbLPvdnNLHK/wYYihWU/AqPjfK5ys0CooEpN3hLQ60URonxHHKeWhtrhdVqOpE1u+0mTXgdCMRHrp+MPk8JOr7kjmrLgxzIH2HhPhotGHwcwAXgQFn9Tvo80SjLxuMLkCQDVJpRnqnX8xAFbiZYlVRZE0xja8BYl2gxd4ey6KjgtU3dx6L/ajjEYFx1LPsdNs7FT2XSyw==
+direct.			86400	IN	NSEC	directory. NS DS RRSIG NSEC
+direct.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BV1HjAkQmT3bgBhudDcyibzN1xFS+bpOhCTfqM4ry8rwQu0lNkOMOjq0sRhfrH8l+EgYKlq2DloM79EU12h9wtwZxyz/oWse2WweZXN4Mkt0VahumhQWJ245UX2cYTA2l/8Jx2AMdvID6Vf9UvFX5yuRg+IfZUphRayFHdait2zvS89F36Dat620axW+KmTP67DhH7CgTcNIF3WSvatZuSS+B8+8G9hfL600beoiZvfLQfWUjqhGp4d2qVVMvVQn1cOMegJThEotHWdisF0nfrJjiR301Lns4z2TEej2L6TWmfGnkK3urTLnoitBlR+VWsTFpJVQBpj0U/27ozAFSg==
+v0n0.nic.direct.	172800	IN	A	65.22.24.46
+v0n0.nic.direct.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:46
+v0n1.nic.direct.	172800	IN	A	65.22.25.46
+v0n1.nic.direct.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:46
+v0n2.nic.direct.	172800	IN	A	65.22.26.46
+v0n2.nic.direct.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:46
+v0n3.nic.direct.	172800	IN	A	161.232.12.46
+v0n3.nic.direct.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:46
+v2n0.nic.direct.	172800	IN	A	65.22.27.46
+v2n0.nic.direct.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:46
+v2n1.nic.direct.	172800	IN	A	161.232.13.46
+v2n1.nic.direct.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:46
+directory.		172800	IN	NS	v0n0.nic.directory.
+directory.		172800	IN	NS	v0n1.nic.directory.
+directory.		172800	IN	NS	v0n2.nic.directory.
+directory.		172800	IN	NS	v0n3.nic.directory.
+directory.		172800	IN	NS	v2n0.nic.directory.
+directory.		172800	IN	NS	v2n1.nic.directory.
+directory.		86400	IN	DS	59725 8 2 0D647C2701E4D9988D38939E1E372C77DBC0F76D21C8D2BD6E40A21FBD4441A3
+directory.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GVcmWvJznDxejSi91dG46sdf0Ze1qOe9U9r+w6ZXcvGr3oduG7RSJZSvoFXg5nvMTP7ycBhEw4P0pkf7NmvMVsQ9oB697eE/UYUN7+rM8FDoKl/Q5bXPgq9u1KjjdFII9KbCyRxvtE/lm/ZZ+CbtiNOvbCFe7iqnlzkL5AedU6m+OEToyc+Ihhw2WKH/2V33s5zhEUNbd1cyQA4iBBA0D73jooOCEzZFVvq+escneMxbyEF8pTYYHMj+bmHo2OEImswVIJLu0/d+VpAZavbpiP1a9ddL7p9LND9q4YdmGho236i3tc9WCzZXkCWHBx2Z/Zaqrcy5mkITnVj5y2NUvQ==
+directory.		86400	IN	NSEC	discount. NS DS RRSIG NSEC
+directory.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sQPxQXR4Mr4ynxMSG3AEEXU58mVGP/wwSgSqdC2FzEFIgcyItNTxdXS1ptQ69jHl9N1V4bC6K+fPEvIqVINPmZqRC45Hu1WgTDawu15k9YjIeQyQ16gy9dAAULCoqjCxXQnraE9JNuJaeMf6d8CV8FhrZhRotE9B8rsnJMUGFiQTpx822M2wLDgtxeAP5ZlPdCjbnpEDeigqwvicCs18WIje66no6Lgc2+OTIaH2gzQ8LIR76ZKw4c6nrXxsWOK7uylzY22l8ifrZ9FNt2Rz83R1zUsJ28nigkUVxEs06+3s30INWm9+0GqKSRs9UtiBJGB0W/Entq4qvfDUF3kuxw==
+v0n0.nic.directory.	172800	IN	A	65.22.28.11
+v0n0.nic.directory.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:11
+v0n1.nic.directory.	172800	IN	A	65.22.29.11
+v0n1.nic.directory.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:11
+v0n2.nic.directory.	172800	IN	A	65.22.30.11
+v0n2.nic.directory.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:11
+v0n3.nic.directory.	172800	IN	A	161.232.14.11
+v0n3.nic.directory.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:11
+v2n0.nic.directory.	172800	IN	A	65.22.31.11
+v2n0.nic.directory.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:11
+v2n1.nic.directory.	172800	IN	A	161.232.15.11
+v2n1.nic.directory.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:11
+discount.		172800	IN	NS	v0n0.nic.discount.
+discount.		172800	IN	NS	v0n1.nic.discount.
+discount.		172800	IN	NS	v0n2.nic.discount.
+discount.		172800	IN	NS	v0n3.nic.discount.
+discount.		172800	IN	NS	v2n0.nic.discount.
+discount.		172800	IN	NS	v2n1.nic.discount.
+discount.		86400	IN	DS	51140 8 2 FA79B01E16956FA153E17DF749592AB311AC88F7CCA89102145A31BF327E7C0D
+discount.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 08bn5C5WHjoJ1wl7WUrIzquQxmtFXbqxb4FM7Uypd+rOUmCOweaDzA1pDINI6m69OZQUYMqpSVf/2pO27WkNg70QtBXic2xKlj/xRAb8FC0b5pyUbxWdF9rFakLoiiz6cK7cA2K4/t31P1mdram3srB9JeDhhaI/6ho3F853ABciI1Wrnq0oLUQy+P+PU2tulJNZl273XKkg6MkKj801GZjleZJHHklrpTrtJ7+whkpFxkZe9BRKmXk1jHEKnvR4Ke8R7XsH9vjNMrEgs1pFr2ZPZsbK5n7Quw8FaX7v3Ar0/H0bx4Pi00WtculUCl9DxcS1AKoVm+aZ+JtrpXCacg==
+discount.		86400	IN	NSEC	discover. NS DS RRSIG NSEC
+discount.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RtfXBX++2V51R5B7T1RBA3sg3lHTHBh+MOyTlqm0x5rMx0pg6Lx4RkJgNlYZDxSeMVtYnhyatyiX70EQM0a/20xyK6/c41XrSvioEq0cPruFRBFHvR9cqdAVA6u+BxXJlXPbl6veGMXkGQByIrOIfZBlVawJ2va2lCfQTtgaYv7cgt5Usl7fpj+DjAcQI+wa/Si7FKXsdKkQwBrrazIj5RzLqCM9jt5WuaMyl2ds6b/7dU5o6bG7JNjUsgPBdiJxnjXci90diPLus5IzdLPacS9zHWmTKABiibV8H3Mv2QtuaDxhvT/iCRFzGbQb6kgxGrpIgb677QZziF1QZiymZQ==
+v0n0.nic.discount.	172800	IN	A	65.22.28.57
+v0n0.nic.discount.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:57
+v0n1.nic.discount.	172800	IN	A	65.22.29.57
+v0n1.nic.discount.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:57
+v0n2.nic.discount.	172800	IN	A	65.22.30.57
+v0n2.nic.discount.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:57
+v0n3.nic.discount.	172800	IN	A	161.232.14.57
+v0n3.nic.discount.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:57
+v2n0.nic.discount.	172800	IN	A	65.22.31.57
+v2n0.nic.discount.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:57
+v2n1.nic.discount.	172800	IN	A	161.232.15.57
+v2n1.nic.discount.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:57
+discover.		172800	IN	NS	a.nic.discover.
+discover.		172800	IN	NS	b.nic.discover.
+discover.		172800	IN	NS	c.nic.discover.
+discover.		172800	IN	NS	ns1.dns.nic.discover.
+discover.		172800	IN	NS	ns2.dns.nic.discover.
+discover.		172800	IN	NS	ns3.dns.nic.discover.
+discover.		86400	IN	DS	4225 8 2 D90804DC84C5E0542F8DA2011BABD12624318D1992483525EC125125CD576553
+discover.		86400	IN	DS	39040 8 2 324144794F4FC2951D3EF2F1A6D2B335CDD0BD059CAA3AC2EBA809250C47A694
+discover.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EpS/oO2t9LO965iwInsh9YNk2pyRqB1ktj+GB5mhWea9ZG7tnnQ0qCu6s0tQa7WY1js7AAbGKlShr4LJsDkpD5ESPjRe/QgKd+yRmos5J72a0Fn+vunZ7X/QwG3OebJMydKZ6cK8h8zVAqyGJvcksmnUBA52pvgc+tahMpCt/G3rr8mJwemcJ2QUeouYp15/I/BLkeJF/Zdl6vtiO4GAPg8DAoj0KNYRYkgGjbM5e/NWUiscvhpaSHtZz9AZUBOJMbeUJ15JbvvBOLczoLZprqc7vSe4xMoLiwIdjq8uHxJLkyfkIRWR8SshCqCXqLcwTxPy+eWfRFEQfC3MWZlqmg==
+discover.		86400	IN	NSEC	dish. NS DS RRSIG NSEC
+discover.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Kc0qNDpow146sbwGiy4IiEnZe0nEagPs+3qEr+yiiqRs5E7v+Sf2bLAJ+nGXQI7Kr1YANS4KEj3EgFW9Xga3I4v0LNiiAVB6N11V1Os49MwwoqicrIPOVWswFw5//X3TaSGjMNlATfFhKUPbQGU8fDG84sQqYVC2psnntzun693xvgTmufDKnG4XN4YJKyRMWxeCWa0a2+kGyEPDwzLiYEx9gQSy+Np1N4efFJKsiWT0R27y2cpLzo1HLc/jWCM51cwKN4DRheJMElUje0VskaNNoZBNEDnG1luylHe7o67tyCXKKcowJ1f86P34IHjBpEPYdaEHbP0bMkXwZjLUzA==
+a.nic.discover.		172800	IN	A	37.209.192.9
+a.nic.discover.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.discover.		172800	IN	A	37.209.194.9
+b.nic.discover.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.discover.		172800	IN	A	37.209.196.9
+c.nic.discover.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.discover.	172800	IN	A	156.154.144.48
+ns1.dns.nic.discover.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:30
+ns2.dns.nic.discover.	172800	IN	A	156.154.145.48
+ns2.dns.nic.discover.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:30
+ns3.dns.nic.discover.	172800	IN	A	156.154.159.48
+ns3.dns.nic.discover.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:30
+dish.			172800	IN	NS	a0.nic.dish.
+dish.			172800	IN	NS	a2.nic.dish.
+dish.			172800	IN	NS	b0.nic.dish.
+dish.			172800	IN	NS	c0.nic.dish.
+dish.			86400	IN	DS	24325 8 2 1D7C249775114E100DECB96C9E6CBA080BFFC5398498C6D3FE2EED6CBAA34663
+dish.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . efPhPeypcIMg00Y7axRsv90Gh1K3QVQDDP6N/uvtL/1BusnjOs1Co9xXkxWFBhTZRd+fIJDwjcr1gJPmKnrxKpqVC6EVjHaMrtNSbT2qqB1S36LJuhdsYFbzAiQuPmqyivWZKWUReSCgssiCFmZQYXFf6QlkVNKi1g2YcaJwU8icAicBT+At07fNfuL02NCJWziPGr0CZuBP/FHvd3QSaZZA6QdDUC7MsNAEcNKg0KKUf5ImHOTcav61lZ5IxefTVPx4VoHy+2pRQcXW8HgquaC9GMRJo0L2pHmDu2gN0OxYmjaEWIt5fQHhcpKGdZ4eCPB+Ozl5ComGaa10Sh8JLQ==
+dish.			86400	IN	NSEC	diy. NS DS RRSIG NSEC
+dish.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1WroBoPQAu2KqJt1PDniHZR2VgCjGq3MuMBJhFd2QXiZw6yKSNZugHui5Q69KH1jQA7kheYjK23YPxi76tm3PGatHEP4nL+v1fFJptvU6rFmmOtNcW0aO7um2O8TSXj2Q1SihKrpVuLqZ8emhnxI9LgvZLCQLkYWIFM0twSPAoHRW8+dYz9/udyhkfgsTbE8tGtZ16lQ1EOLWeoomFnDSE+54w+pbDFMo8wJD6jz64Ap6rXaTvXQFsYzKa0BMR5xQxV0SRGTu11VOs5KeowoN3l1d8w4uNLxOEl/ZH6QmyfkncnhhJd0/Toci8Dy9BVOPVNnsxvI7ATbuPi6114xJQ==
+a0.nic.dish.		172800	IN	A	65.22.88.33
+a0.nic.dish.		172800	IN	AAAA	2a01:8840:56:0:0:0:0:33
+a2.nic.dish.		172800	IN	A	65.22.91.33
+a2.nic.dish.		172800	IN	AAAA	2a01:8840:59:0:0:0:0:33
+b0.nic.dish.		172800	IN	A	65.22.89.33
+b0.nic.dish.		172800	IN	AAAA	2a01:8840:57:0:0:0:0:33
+c0.nic.dish.		172800	IN	A	65.22.90.33
+c0.nic.dish.		172800	IN	AAAA	2a01:8840:58:0:0:0:0:33
+diy.			172800	IN	NS	ns01.trs-dns.com.
+diy.			172800	IN	NS	ns01.trs-dns.net.
+diy.			172800	IN	NS	ns01.trs-dns.org.
+diy.			172800	IN	NS	ns01.trs-dns.info.
+diy.			86400	IN	DS	25674 8 2 06C661D544490AAF9C0EFA121F0FD66AE957CB1900309FDAE4A670AC4AF1D37D
+diy.			86400	IN	DS	41150 8 2 D206FA304919C1B109784EFE3704271919A8DA8AB5DFE8637C22E1AE7C8C46AB
+diy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . stGuq3mSJDR+LsM2TCyGJDifr78DybReX/pKAsRWDpbtntXmAx1ru+DbFSeWK7bUkLUpj7IjFHGpTecIip+VIA86tV6x/sNyZMMrSM6qfIeAbm8oHC3OJzye++y60Ph7VecujL1uEXaPGiXGVEb9p0SAPXQ47KpRf/rkkLq5yPKqYZzulCFMAy8ipapZ6zYSSan1sD4ZV09eSEdM+5LCL/D7Rs4QRwZZukSeGszBfggADz3aT8PHqYwfeHRFSfNgO4q9sUg1VWl6IJlNRm6q+1h4/Mk6hrSU7NHnwhnlQNY3aLctm8kw0w+A2cCGHzDoKAs4p2gWqbtKhivDLiBeSQ==
+diy.			86400	IN	NSEC	dj. NS DS RRSIG NSEC
+diy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vSMpl1wt5LzRuMcpEGmC5xwnEzLAbJJe2j+nw9DLGXmz5FTGnKhP7j8tH+/w9yNgfK0gVvfjW85s+4Te+ogTvb72XyqQFALaoLhQZWohIXDuGSRS036kJJyPsipSAA/NsV8s0MJYz27Pbzoe17dv74QAqvOyLZBytCYd0dGesbCFxA0vG1r7tlR5D9ZxAMd0iRQTQdg6rjBoS5HEeEC4Xl3Ff35KhPKgAbJWZhwKhRBLrnCTBdklFXz0hFhq1NdQjm2TWkUATJAfej5Ib2z6kZYakNmZsBK2cnGSBTqHdnY2loK9ycttudiMBZHlPOiIOVxwTCuSkVvq17Ap47N6LA==
+dj.			172800	IN	NS	bow1.intnet.dj.
+dj.			172800	IN	NS	bow5.intnet.dj.
+dj.			172800	IN	NS	vps443605.ovh.net.
+dj.			86400	IN	NSEC	dk. NS RRSIG NSEC
+dj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ys4dl0teNbpE3GqN/Zy/hzeTOCyuq00y34QdkerM05BYJT8Fvyd0PYeb/pCxzoeqFtZuSs3NyV07JgQ8oz8WShrdcjtA31p0Yf+AbycjZgD80iME+dMx4MXUilMIf24gjR82yUzpULLVrGsh15W+fDvMtHHwEMTdydTC+T9t91mrJyJz77VTtMFv0XORHNwkjhlM6h20irjpwq2oov5ZUrieOe8S33XRiYN9oc1aMfOcv/tJ4WZhB+5x/0nWqK8xB9tgAw6ejni+i3YYVp7UPu0x7yHf3yM2bzAr9110efNV4vrnHuuv22YfiLJABIXgK4V02sOQFlqLehVK9TNW/w==
+bow1.intnet.dj.		172800	IN	A	197.241.17.130
+bow5.intnet.dj.		172800	IN	A	196.201.196.41
+dk.			172800	IN	NS	a.nic.dk.
+dk.			172800	IN	NS	b.nic.dk.
+dk.			172800	IN	NS	c.nic.dk.
+dk.			172800	IN	NS	d.nic.dk.
+dk.			172800	IN	NS	l.nic.dk.
+dk.			172800	IN	NS	s.nic.dk.
+dk.			86400	IN	DS	21369 13 2 E6D0011E98ACD5C1D332C0CFB29EFFA5242824F30B8EE43829ACE1D789051CC1
+dk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EvrFuUEPM/a6ONJkkLh/OwYBl+gY5+RVt6nuzaSkNTmsVJ3fvgqq98GMdUjw3uhygPE2z7lUkvUyzMEvGBC0Gvcbv2NhApfn2qCboJ73JUz9ou1OccWdRI1R2KH5SVMoj79zIGF+3VJmZ69CBbNc96uJAwUPDw2SAr2qfC+YT11K4vOIiMq7NVBgHqfLQqahEfBvr9BqsfL6HjCwdTbaBNCM+JZCZbKEPGpFXZYNt1Cairf8wTTWnfp8Lb3gXxcxhZWTmKo7n+FmBB6EmUgguLRU+dFiqIvwE9YnyZ4/IQ3r2SdYiGwNg1CDz87pW6i4tB77aETpnq+MsgAFTp2gSA==
+dk.			86400	IN	NSEC	dm. NS DS RRSIG NSEC
+dk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OfanxCclVgRFpaV5DMhQ93UKXEzpahWmMAHF4acwlQ9X5NES0r6FjZYLMC9Ve0/T52vHYqJ0AsBvVT0M1IQ/YKfizjxbitpgAHr79KZ+8MlXHyKSEOL7im29BnJxBO0ZS8u+iLmGvPOnMvs43DCif6YlJC/I36uIkhi7cY42WTzrP1bsByeapg1spj7FTjUzw7mSBBQZMbMXJEVrdQ3gV9Ws+quTzjOjLWJUxCGpGJDbUQ9kzi5YnuMML8nphDa9kPIAuv7PeKYWs7hGPUr/rTZeGrlSS5jKSpOxH3Df2w64RIo11q+1yQcpvrpY2bKFx8vmAKit+ZHvJ8PdvvXuFQ==
+a.nic.dk.		172800	IN	A	212.88.78.122
+a.nic.dk.		172800	IN	AAAA	2001:1580:0:180d:0:0:0:122
+b.nic.dk.		172800	IN	A	193.163.102.222
+b.nic.dk.		172800	IN	AAAA	2a01:630:0:80:0:0:0:53
+c.nic.dk.		172800	IN	A	194.0.46.53
+c.nic.dk.		172800	IN	AAAA	2001:678:74:0:0:0:0:53
+d.nic.dk.		172800	IN	A	185.159.198.45
+d.nic.dk.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:45
+l.nic.dk.		172800	IN	A	130.226.213.138
+l.nic.dk.		172800	IN	AAAA	2001:878:0:e000:82:e2:d5:8a
+s.nic.dk.		172800	IN	A	193.176.144.15
+s.nic.dk.		172800	IN	AAAA	2a00:d78:0:102:193:176:144:15
+dm.			172800	IN	NS	ns.blacknightsolutions.com.
+dm.			172800	IN	NS	ns1.uniregistry.net.
+dm.			172800	IN	NS	ns2.nic.dm.
+dm.			172800	IN	NS	ns2.uniregistry.info.
+dm.			172800	IN	NS	ns2.blacknightsolutions.com.
+dm.			172800	IN	NS	ns3.uniregistry.net.
+dm.			172800	IN	NS	ns4.uniregistry.info.
+dm.			172800	IN	NS	ns34.cdns.net.
+dm.			86400	IN	DS	55698 13 2 AD4401344BEF3BD1F86737A2E2D008D5F5D138E101F4396A0461FF93A313C50E
+dm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . j3yLBhhiK7pmvoJOv+aEWmwMpm8NWbvAG56k/BQBXCMtwtsbMlgyv80an3dgvwFfZY/Ps5GdiVZKi0pQfs7iywcGZKYVbGAKXi65J/mE92boEdlRm96/dn8etWq6sR3SFH+M+O7T9cr1uEgBdrXF0xpEwu/FFM5CJ64rfIViXk//FS9txJhIu2Depqzfr4bzz3T1V05JS34+atBSHVoknX5lUtRPgIpKNon/J76pHfKxdmasUDkS6Q0S2gPwFzpcJAGD9C4hCchsu2tvEOsG+wQ97miFS3TzlpTEm7fhPEO0Yo50MBCAfZQHC6rFbMJALmAj7aVcZvDx/8sWj8AzFA==
+dm.			86400	IN	NSEC	dnp. NS DS RRSIG NSEC
+dm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UHkshZyVjUXMdVhIxXm2qSqPm2EkSnT3L3YbYW2K7gm1bBvWQXmIdZUseJdQE01/YfWmoHwKUZeYdK91MawBWIRCxY72f34WOFNSonr37N9bO+fis3TDBCVHX7NtEJVQBDGEn/NzXauEVY+ysw9Of8VumQ0fU5CMYaHoTiw0jakkwajn+qf7O9qKHNX+zmHMq8wJWdtZlnx3w2oPm2G4Q0OQw4c265U6uA2FRXtN1r4mAnR1MfpHforuKE2xol3J9bvGSYVlEbtu/cQ8brdJsuzqcEeKczFF4h9hnAeO98s+iNfZqHcVCmQZbSVWVzS6u+gEU+q9/PyBihxvdN6Fnw==
+ns2.nic.dm.		172800	IN	A	199.127.196.35
+dnp.			172800	IN	NS	a.gmoregistry.net.
+dnp.			172800	IN	NS	b.gmoregistry.net.
+dnp.			172800	IN	NS	k.gmoregistry.net.
+dnp.			172800	IN	NS	l.gmoregistry.net.
+dnp.			86400	IN	DS	45296 8 2 51C787A8914386558C84D6CC426E45E73445A0D91094D2A8FB8F4D0ECDB60293
+dnp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lO6gDpSG5lVJOnPzLmzbg3wvFWip7lVNEf5zjxgTfsewcyCFU5+/wgA90eDfYxqCwj4HRFmXbtNeM6YW81CGxHwYcczg7TJsp/b4zcLCFY0zizAsMnXG9+z0d/+Lq7KjuczSeUsEaoNaZghHZLkdIscsFwv1OS4W3y9zfSMUNxztwZ+bKaw2HzXntRFsdMe956DYRPhbZKCLlSNNVdMqAaqjot9KJDi1074BGR3ct58rirXyIGblagTxGeUxUfIoeegVEd4MWw/+MmHVWxxlFAF51MsQYXdxUy9ASiD8ePgps3JfqP+R/y+UzJjzo2SPTWptUc42s5sT1KI8g1sCKQ==
+dnp.			86400	IN	NSEC	do. NS DS RRSIG NSEC
+dnp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zrSZu5Z+UsoZyZt8rfoyKmtc1i5aX4QGyFnvEHYPqGW5xfjgqAGjDUIADTnEj6a06bealjr4fAL4vOjjAPHLX++7GJ8a66lquTgmd3Q66eAL+TMbpvgMY4JbaxyC0Q/x9x5YKgIfdMXzu+6jLRzdl/oGudOdej1dUjzGTqFsEAkfZOuV5tTBvxcWmhD2o8R1R9UjX3OPbB8sLy8/KOs3pBZ9CSzuYGSyzW+oyArXbQno3Ij9bSczqXkBXLqdhjYhamEAbYXLp0K3Dd82VQektyA5pjh1wGd0kBkODr7qGAnTghTMQ9ieKFONwL0GTuSdqL+Dx331QTYs4hI2y8tgCQ==
+do.			172800	IN	NS	a.lactld.org.
+do.			172800	IN	NS	ns.nic.do.
+do.			172800	IN	NS	ns1.nic.do.
+do.			172800	IN	NS	ns2.nic.do.
+do.			172800	IN	NS	ns4.nic.do.
+do.			172800	IN	NS	ns5.nic.do.
+do.			172800	IN	NS	phloem.uoregon.edu.
+do.			86400	IN	NSEC	docs. NS RRSIG NSEC
+do.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U1LDmuDhGq0Qli4p/S2s7MuogWrZq5NEjibpVpfaMWat2FfLDtPhyqew5dP/WIRKQsZD2H3CXNtGdC5f+VRXqjamsnj5l9Zm0vpoiaC6+BTSEatYBqUjk/sB73Oo5Z2NRZMoLQ2uAzvateQKj7Mfv8MziBaq3VbFsRariOzaBwXZfgSbV8GLp/8ef749fid5R9aOrRRBBtlq+zkB14U0mn+89bVGmcM9EFwjyAziPJff5OF7VNtT9ggj7ynEWg85mdgJ4CMNEhDsQZC4pVs7mOzvG6c4uFd+cIHO1XaZPKMYgMeXQltH+dO1AOLsZTJB3CsXmWp0WN8l2QdgqkhEvA==
+ns.nic.do.		172800	IN	A	190.113.72.177
+ns.nic.do.		172800	IN	AAAA	2001:13e0:85d0:106:0:0:0:177
+ns1.nic.do.		172800	IN	A	190.113.72.178
+ns1.nic.do.		172800	IN	AAAA	2001:13e0:85d0:106:0:0:0:178
+ns2.nic.do.		172800	IN	A	190.113.65.12
+ns2.nic.do.		172800	IN	AAAA	2001:13e0:0:1:0:0:0:12
+ns4.nic.do.		172800	IN	A	204.61.216.124
+ns4.nic.do.		172800	IN	AAAA	2001:500:14:6124:ad:0:0:1
+ns5.nic.do.		172800	IN	A	190.113.65.13
+ns5.nic.do.		172800	IN	AAAA	2001:13e0:0:1:0:0:0:13
+docs.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+docs.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+docs.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+docs.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+docs.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+docs.			86400	IN	DS	47287 8 2 7FADD5020F126BC3792E13F6190A956ABC040D7140FD0867AE9290F18CF5B960
+docs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rKgciZ/lz45Z1Yd9IBG4CjiYtq3phalnMU9F3oGdflnSS6X2zZPl7HSiBafXyf88BUhFOGN/L6OLTglqGVz4/7iSSxz2+M0KJMrU/V5tego2CAyqYvr6ewktlmzEoM1ZUZnJMH3RM/3xlzSbL4OuY+b6lvwc+hQfXlOOTchJXN9IdfBaR13pEbJ/8XmwG9s9s7FTacDi9GfXyaxSJ0pL6hTI/ElfwXpS8Dw0H8bNBrCdudXPdpiqJCnad6TXytm8BmuYkHTm/+Kpue8NYzsiYw+AVkbhqYCrOMgGd8eE9gHhhsp0go+eCZwBFNW306L+xW+jXD3XEJGE/dmJvUZfOQ==
+docs.			86400	IN	NSEC	doctor. NS DS RRSIG NSEC
+docs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aLLammTSzHUrobWcWV8DZIMWFu66lyAfqPl/sQIY1qIMnupALZJpo8MsAhZwasCT5DfntSN2AtzWUhir6ntu3ws5eryU/ZSDUHIcc4mPKb2ShBbz8LaHxNUuFIhIVPXFGVlxLUVZ6e1ER6S0a+yUBj/CEjG0YauAn03MmH1Ai++iobb53XdgmjAPXyBXlzttQHBggyzZ5f7NaDCTVTgf24OUe8V6cF1Qwn2vDXBnHQGZQ+bns37KvB8MZzLj6cnqnUCtUnqWg/fxSaN8PXqHl6o7Cdtv6IQn4ua/ZLcjCfMghEIzBpaRcRIlxfo+xpEitBzBF6csA0Iphlmo2VUvlg==
+doctor.			172800	IN	NS	v0n0.nic.doctor.
+doctor.			172800	IN	NS	v0n1.nic.doctor.
+doctor.			172800	IN	NS	v0n2.nic.doctor.
+doctor.			172800	IN	NS	v0n3.nic.doctor.
+doctor.			172800	IN	NS	v2n0.nic.doctor.
+doctor.			172800	IN	NS	v2n1.nic.doctor.
+doctor.			86400	IN	DS	24394 8 2 2A6B3BAD3ADAA076E2BD11BB0EF493EFFB17C7E32F041E30A8504C165F669652
+doctor.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . a5jkhpcToUpTapzUAMA522P6ZfK79AAOR8xK72jAaW818+ui8eUzvNi5cAvO0CXy/ecROomhzLavV2TzkRZk3CZ9SO5LjmMugrZ1CXJXz7g70XLPTBPYjKXQXbSm+yu0nRDlQC5RKvo9DaGEVgLHpWooryEdeHFahImj/nnUgRzkDV8XTgqPwg7q/OQlEJZzG17Rq5ipjDTpEZyLp/B9fpOka1+pETeogq6IiKaHcHPBJHmHNybDvPzXHoKtxCHBbTLGLRFpPSLoAuXYmykRWSSYpyi3cM42Z0om6+dkiwXDfd49YPZkOCcZCovwNU0NZstTYhGHx4todRfXLgYFrQ==
+doctor.			86400	IN	NSEC	dog. NS DS RRSIG NSEC
+doctor.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RyLcEN76/wAqMnIY2cc9KtwpOBQKJEqXFvfwkHgkSOA0s4DnUy9JMew5zLDgilFujpwN9pBriJmThlWKl3w8R5y1cMIClFROS7pRfxDhUkCXPpGtMT9kXtxnpq9oEIV6bymjlfFUhKg1Cjsa40LkrVMmlY7SH34kOFsVDFPMvKBDD2CGPexSLP9Iw5VC7l9G8H4aHJueGSlSc3/PFAKOENZ3iNoKK5PvFZT707n2faybB95rn1fJv+/0B7dxm1/cd2S4AixZ1j1r5bAneBcdDHJ527+5fXpWKDNvRdr92qoLWTZLaLO2OzR+Zb1v5jD8JYQ1wh1OXhIRZP1VSgrV/g==
+v0n0.nic.doctor.	172800	IN	A	65.22.24.21
+v0n0.nic.doctor.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:21
+v0n1.nic.doctor.	172800	IN	A	65.22.25.21
+v0n1.nic.doctor.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:21
+v0n2.nic.doctor.	172800	IN	A	65.22.26.21
+v0n2.nic.doctor.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:21
+v0n3.nic.doctor.	172800	IN	A	161.232.12.21
+v0n3.nic.doctor.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:21
+v2n0.nic.doctor.	172800	IN	A	65.22.27.21
+v2n0.nic.doctor.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:21
+v2n1.nic.doctor.	172800	IN	A	161.232.13.21
+v2n1.nic.doctor.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:21
+dog.			172800	IN	NS	v0n0.nic.dog.
+dog.			172800	IN	NS	v0n1.nic.dog.
+dog.			172800	IN	NS	v0n2.nic.dog.
+dog.			172800	IN	NS	v0n3.nic.dog.
+dog.			172800	IN	NS	v2n0.nic.dog.
+dog.			172800	IN	NS	v2n1.nic.dog.
+dog.			86400	IN	DS	48736 8 2 4AEDF3D3B5D11C33C5A39BADBE1708D3AFC6276582BF1EE80E73A667EBB543C0
+dog.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WF5xpVxVv9Dwdta0Zg79+SXQ9LcMJWMvDr1LTChXACB82h1gd2FSmuch37cRyrmlaWyIzatyZgVk3u8E1QisT/94jiaBAnDGmYhYHv98sdy1xfuhgyNUXP3qp4ZBuX/0ys1wAdP8ErgfdVGzxdAtsrH6iGxYIskgCkBU3siEX43EZH9z1tcbc0NvRVTBRvBlIrbT2rbvKdR7rfuzM+fiFKbJZqdNhFYkqkHuB+vw2o/81moXd1gAGWIin3FyD3V98ZmOwFI+4nAPGb/7O8ny/W79Zl1rUpG0mJEpX8/HUv18/D9/O4gQ2yUdlTnb24gAQJIA+vKMP6+cJGgY3KvFPA==
+dog.			86400	IN	NSEC	domains. NS DS RRSIG NSEC
+dog.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wc/dCtfq9OGQQNuaOFMPC2ZaNaQQYzfAm3XbPn5jXuog3fbNBcFvpzyS0NkqlRWi+ZYu5RBgNds2QqOwQpvp3Yv4n96OIOhmpaX6aNzSHF9cpADavYIDLGr4p0+B31tfHTDc7OVN6zNywHVj0HmpqJAXrxB8/4rG7kRWfiguIx9V21O+Qh/i1Acampb0j0kNObt1Kka6dqMjzQ1JQCTP1LbZLeOcwP4ABZV/gmtxEGe5O6Gd1bDwWvxqR/Isb7+n4bUwPTzj0bbhMn3SApt3YWvHw+B8gNaKuGvkpiZzmzHU4w3H4ZD8yqP9cooIY61fnk/hh9EIvPsGUB+kRht0hw==
+v0n0.nic.dog.		172800	IN	A	65.22.32.45
+v0n0.nic.dog.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:45
+v0n1.nic.dog.		172800	IN	A	65.22.33.45
+v0n1.nic.dog.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:45
+v0n2.nic.dog.		172800	IN	A	65.22.34.45
+v0n2.nic.dog.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:45
+v0n3.nic.dog.		172800	IN	A	161.232.16.45
+v0n3.nic.dog.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:45
+v2n0.nic.dog.		172800	IN	A	65.22.35.45
+v2n0.nic.dog.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:45
+v2n1.nic.dog.		172800	IN	A	161.232.17.45
+v2n1.nic.dog.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:45
+domains.		172800	IN	NS	v0n0.nic.domains.
+domains.		172800	IN	NS	v0n1.nic.domains.
+domains.		172800	IN	NS	v0n2.nic.domains.
+domains.		172800	IN	NS	v0n3.nic.domains.
+domains.		172800	IN	NS	v2n0.nic.domains.
+domains.		172800	IN	NS	v2n1.nic.domains.
+domains.		86400	IN	DS	39406 8 2 74ACE87D5605021DF3E619563249119E01D0975F30455DF1BCFB3DF54329F17B
+domains.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KQrpXzTtI1Ce69uo75Gjzg1VdE4GTurm5ywPcVpgA1a08KpbPx0XsC0KyB7ZV42v6dsWzrGo9RqNUmYAq8bropX/LHyBTFEJvP6G23Wm9APyuLjBnP0th0o9+/+On8bRaJcNK2amNcKtaeAvuQti5B5tlr0syMXl47NJ84RiJ+H4wR8xZueqFSQcv68TK9x3TXapPVn3iEvGEomWPZZSBe4AYsnxqhalH8EwqBF9rFlVW40CZTxhgnppubbYxyo91J/METljcHruBJMeQFqWUmruo2CjGOSAiiIsJQvPA0s5g4Qf3vuJVHHXGUQlwK4rMfFK6u0gCpaNNfmHd5rfVQ==
+domains.		86400	IN	NSEC	dot. NS DS RRSIG NSEC
+domains.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hULm9L4QJ5HLpqp8Gdqf8sIMS109T8sabABWyAK/2zkyS9rrJp8qbMp0C7OjQvXOdWBlZ+KuJn3rqQgY9Kbrlf1V6iggW5oyeEMEDrPhcrWuQF1I2TmCiR/MBHPEtJaDlIxxvsq6ljqftjayEqSLf0RK5e1+APHS3TcF+HTbOUr2MBS4scrntSdzku+IxeT/ALxriFFqfYwO2dEMxM2C3x4dQvqfw1x3/qXLS2cGwAFJI0iZgeO1uJRYeyVBf2QfNY3ch3GUHc/svVOuuR0wGq7LRNSXHQW8yiK6EkrEr+P2fMuRzFk+BQiLXaUFpEFzbCGMJ7DHNAphuQUosOkEBg==
+d.dns.flexireg.domains.	172800	IN	A	89.111.135.1
+d.dns.flexireg.domains.	172800	IN	AAAA	2a01:d8:8:0:0:0:0:1
+v0n0.nic.domains.	172800	IN	A	65.22.32.51
+v0n0.nic.domains.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:51
+v0n1.nic.domains.	172800	IN	A	65.22.33.51
+v0n1.nic.domains.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:51
+v0n2.nic.domains.	172800	IN	A	65.22.34.51
+v0n2.nic.domains.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:51
+v0n3.nic.domains.	172800	IN	A	161.232.16.51
+v0n3.nic.domains.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:51
+v2n0.nic.domains.	172800	IN	A	65.22.35.51
+v2n0.nic.domains.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:51
+v2n1.nic.domains.	172800	IN	A	161.232.17.51
+v2n1.nic.domains.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:51
+dot.			172800	IN	NS	a0.nic.dot.
+dot.			172800	IN	NS	a2.nic.dot.
+dot.			172800	IN	NS	b0.nic.dot.
+dot.			172800	IN	NS	c0.nic.dot.
+dot.			86400	IN	DS	52639 8 2 E2BC058F7515C31DFDD8ADED00BA870071AB84E0F32DB3003C533C9A6D4F6F84
+dot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vqhWCFYguBEHEuGlAWTeIlJNdSY/8ayOYyBEbMRDYaPeoUKYULyUqQMDUbCXmsjMrK1RgeaMRQ2gYmxfKiX/0pH33zlqz4wcmwlwc7g+ZcVby3fa+PMUIkgzJ7BMRqNjIFnaUMhgxIksRHZujDC9KoQXPmguMTpHwY0S8bFfHo8m4y5WmctVkzea5cYVoD7AziGwrFJfMfv0dpMligT/+/L6FLUp9J9cC0g5c3oYMB7tzYZU+m1+Wq7CqvmRQJWwc7PNJmyKW45P66xlCmb+Nk3cOIhvU5wQK35oOTjVGbZBbN1SKyZEwQEMQhfuJVesCq+YYdCVREY1wD5eBB3T1w==
+dot.			86400	IN	NSEC	download. NS DS RRSIG NSEC
+dot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jw5Y0bEx1fP+vbYrzMWkGMfQay4Ksj8vfrDv9+JH15J2VB/OHyo8BdhmyvPb8bsfLWXoFyHk/3+XuES42WmzymZl17xW+sFAB9t4xNrBcymIUTbJgYzrYrs/DPjC84TcDCr+h9kzxLMmWybVAdV4v9TQcWL1e220GxP7xA9CbCX+bgenrVxPIxaS7bCwoNZmzncjp2bpRreWVGjoDnCEV06fKkWSMaVvY4t/the99/5WiqiqWIW93/6HqU8vZwD30EW2dAksQuWtKtY3rS8hyNlO93wARGNrRG4xLC5y8vtE6tmCfUrsVDaFsyIlEwjlwMopLoNckccVLDra0mbVjg==
+a0.nic.dot.		172800	IN	A	65.22.92.1
+a0.nic.dot.		172800	IN	AAAA	2a01:8840:5a:0:0:0:0:1
+a2.nic.dot.		172800	IN	A	65.22.95.1
+a2.nic.dot.		172800	IN	AAAA	2a01:8840:5d:0:0:0:0:1
+b0.nic.dot.		172800	IN	A	65.22.93.1
+b0.nic.dot.		172800	IN	AAAA	2a01:8840:5b:0:0:0:0:1
+c0.nic.dot.		172800	IN	A	65.22.94.1
+c0.nic.dot.		172800	IN	AAAA	2a01:8840:5c:0:0:0:0:1
+download.		172800	IN	NS	a.nic.download.
+download.		172800	IN	NS	b.nic.download.
+download.		172800	IN	NS	c.nic.download.
+download.		172800	IN	NS	ns1.dns.nic.download.
+download.		172800	IN	NS	ns2.dns.nic.download.
+download.		172800	IN	NS	ns3.dns.nic.download.
+download.		86400	IN	DS	39961 8 2 7C47E4D56AFF8C707935139F703C219E376EABDA0461F1B224949610B0203CE8
+download.		86400	IN	DS	62131 8 2 0D4CDA13AEAEB337AAB9C14691E912C1C363068E308792CA8109590A4E2FB502
+download.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BD2dY1VzqyFCMK9jTr03EoAvnOAUDzVm1N/Zxi7ziUxn9h9EqR3rxmT9gAA9J95udt0mhI3cnyCogx4RBVmKQjSpANmATR6PORsWZ+xWEY3tYYeIx8kd7qS+KvtcxY8YXzdm/P6+h37hJ2oMY4lJO8VtGMDgawd2QMey3nG3ycLXYWPycGbtTN3UlBlnPE2HBdG3+EGVYf+IVfAGKB6IYBdPiwzqywJTOEtAVIottKrFrqCwOrb+J2KdXkFl13/+/8ug1oaX9Ox1rpkTcQPq6yFDjUyk6MwfMRYMvNDKpq//KJbCAqa0nf1adUJLbKFxiwBfXrWReRYgneAqRbe17g==
+download.		86400	IN	NSEC	drive. NS DS RRSIG NSEC
+download.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SO1AbVy/JWysqK+EETQnopelhmVo3047k2m1hyy7UK4kIKaVdrlpTKOwnpUfv3sySK+P71FYXhMDfur+Hb5KpDK8LJ5oGTS4iuqjau7aF6DQ9dD48ODi4e8fHME9sozLazzlHrAx6ynMQ/55CAi2pJ8jed3LwPY36rcu9SLJPaZJ+BFZMEZlgfzVODxvhIyPo/gNQesGEdlPC8pyYNKuLRc3bm7K6iEXq+WR67UbpjqBy/ftrmA64iyuOaulZkcotLouSebNJkq5y7As49WDrRUT88LXYDlqGWrqr7IeSB/AH4a4kq+MJIrPdgZh+uz7DXSHAzRuxG2uzSTXJHW9zw==
+a.nic.download.		172800	IN	A	37.209.192.10
+a.nic.download.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.download.		172800	IN	A	37.209.194.10
+b.nic.download.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.download.		172800	IN	A	37.209.196.10
+c.nic.download.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.download.	172800	IN	A	156.154.144.50
+ns1.dns.nic.download.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:32
+ns2.dns.nic.download.	172800	IN	A	156.154.145.50
+ns2.dns.nic.download.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:32
+ns3.dns.nic.download.	172800	IN	A	156.154.159.50
+ns3.dns.nic.download.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:32
+drive.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+drive.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+drive.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+drive.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+drive.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+drive.			86400	IN	DS	32974 8 2 BE68DE85AD9A87657CEB1F620FA37FEBFC725180E40117914886CCBB6947D619
+drive.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Uw4UUJxGdOdAMKFuUaJV3xCawpBuhLmbKXnIy1gEjQLywKj2ZEAhG0LbmNYpxrG8/wPDe8cj+31OYfj0XDol3X9afIshs5RmTAJaN52IGgfaCNci6aAr8Is/XfKWUoKhY1DoRsy8WOPuk18PGwaPdjdhbwU0DHJnGjS+g9CWGjg49re0qQnDJJBlQ4z+S++/4LUwshlSPiCTSGlDZTHnr+7xufeouHAlmvklrEFDIH0R8n0wmmTvK/1MDj8STUTcghMoFG8aZgQCF1swGbng8QgwmgSVvsNtd0WDqO7c+QbqN02QgFJjqJdwpRt+zTLBLO/o7sY0Wwv1p83sY1j+9g==
+drive.			86400	IN	NSEC	dtv. NS DS RRSIG NSEC
+drive.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L6RunoxuLn5MutJjnBVJLDJe6TUijkTLDYCacVt5VEejdDMO+tEpuEPPPTQqiXzkFH8map5XHkYTtohQvVVs0h1WwVh+vXWenfmJhY8gNij1AnlIPGvADzCxB6UP1KkVBGSHys4KFOHhVuFSdX1gOf/V9pTJrgVPnyNMZwmfRBUduElNI7zYoruPQzMpbiPlTTJjXU9bZq3fvQoqxW0Y7wIIzLUpbMA1Tw5VsfSXo7NTZ44loNTEq82t3eh9kv0Yud6CELpuFFDVCCw5BrX28hPL4dfT4kO8FNAv/lYQJUnXd1XxXBkQKuqrgIsPEYobuly+OFX3NRvXFCBsAA1vuA==
+dtv.			172800	IN	NS	a0.nic.dtv.
+dtv.			172800	IN	NS	a2.nic.dtv.
+dtv.			172800	IN	NS	b0.nic.dtv.
+dtv.			172800	IN	NS	c0.nic.dtv.
+dtv.			86400	IN	DS	51301 8 2 EB39CB7D7771F169881C4B9ECE63E510C949949741D56988D8BB9CCE24EB3479
+dtv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HVg7X7F0tVYAiZWTmlP0dxLf2nTrMqNKqqucfCMKZzUxPi8YKy8P4TsmJzxBhodggBzDL2EXRCznJsunT/tHa1QSIaDwJw86ql2kEqKV0DMczZsli87RP/KQm6S02sTplwX1QLwZZx2Hu4mZAlFqHPTGzgF6mSYB39n6lSWRFbJiCtMSHaHxi2ID+VAM/Q37coy+qByv4O6dMd6+bPhEVuQ09ur4TZXzWq6vNXkdyvrYp2cNMkyhajjVCjZjS5y0MAbDNomZ9Vz1eyV2YNfcMc89nt6gssUiH1lDmZb5SQJhuCPY3bC5ScO6buKI/K9fx9/A0ynJ7Z4PhpuJmb2wNQ==
+dtv.			86400	IN	NSEC	dubai. NS DS RRSIG NSEC
+dtv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cb2+5DNOaLpUsnfxLLP48CiwgDpquUuQTh1h3A94MBLXYdhe5XIqnFI2cHKuKSRctM4XKwAdrTdbkeRFT/i6w2QWgNWNHVdb5Mkrt5w+0dXLhegwffUCetg3tVw5/tJ76k4aDhXRIWhXtNRhQslEA9jxQ+4JahYVhCv8d2xNb7VKMceQZliBzkkKrC+cWpBHKfhMMTiti2PXKb0EsYmeLyvs5CJueAVBwtp3AD/zkS+id64SYmH5lKswcGKtryYKif6bzVdi0gR/DikRXFCBJLrab44AeL+Lt7r4oKw9npaUPof5ZdPwxDs58YDYt5bU9M30Rq7xGfw5cQoOd5pyzg==
+a0.nic.dtv.		172800	IN	A	65.22.228.1
+a0.nic.dtv.		172800	IN	AAAA	2a01:8840:de:0:0:0:0:1
+a2.nic.dtv.		172800	IN	A	65.22.231.1
+a2.nic.dtv.		172800	IN	AAAA	2a01:8840:e1:0:0:0:0:1
+b0.nic.dtv.		172800	IN	A	65.22.229.1
+b0.nic.dtv.		172800	IN	AAAA	2a01:8840:df:0:0:0:0:1
+c0.nic.dtv.		172800	IN	A	65.22.230.1
+c0.nic.dtv.		172800	IN	AAAA	2a01:8840:e0:0:0:0:0:1
+dubai.			172800	IN	NS	gtld.beta.aridns.net.au.
+dubai.			172800	IN	NS	gtld.alpha.aridns.net.au.
+dubai.			172800	IN	NS	gtld.delta.aridns.net.au.
+dubai.			172800	IN	NS	gtld.gamma.aridns.net.au.
+dubai.			86400	IN	DS	32134 8 1 096078E36E111A0773BF2546212B8BAD920528EF
+dubai.			86400	IN	DS	32134 8 2 3B001EA7FB42657CE51E6D30DBF91A71B10EC5264C2A01B14082C5E3BD9A6F9D
+dubai.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . chNAFvd4yRq6oOQ7+BIj+D7NH+70c7x+ORPWYWwHKisAm77gYN+bLS/Aa77PR5mnF9xGnwJo9evwzuY+fElaQ2+y7SsPRQkQBW87Oycn/WSSVuzk/cpPUkA+nGgm6zX314IXC+oP8EB205KPTO5x1gStOP8ollFevHO3cbviQ8nkhBvbyoaILVFiqwPg+wCQHYLn2OG2zV8iuBY8laZiWe/oEq1L3haMu9qoHj5D5vukzCGUyFsjByDT8155ZeHLLALb8fclcci5M++T/O/EHBmaenrOJs9002YMVPtuPMxOMzyN7G2eAiVLE3aFmNdd+pc9qe39CCInkXwkAoMVwg==
+dubai.			86400	IN	NSEC	dunlop. NS DS RRSIG NSEC
+dubai.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nqYH7sACYqBoMcz7QmIcR8PARia0Jp+IwxHEGDtIMKZuF2cS7hOmPMc+trk/h/kDeCgl4UEjsKzLvhrmjsT5U41+3BIXYm6WasEFyP7bV8yWVHSmck4rwv+7snaB3PH4tMulgNptOx962+ksZgbktJ+BsUbhMFsBixaaAj0Plrmuo0JZ8mqnfzc717LQ/1kfLXyN5FJVAgmvarHuZ/D2IxdYOEVAWk24KRIRTCyN/iWtz+dqZ0hqIvlxQ581agcE2H1rH3A6gRdNCd9D7sHhRUCUYKr/h87g/P6kFRZu9NSP8maTGsmZrE3SilX8KD25UU86Kfq8nXIATwGA6KpUIg==
+dunlop.			172800	IN	NS	a0.nic.dunlop.
+dunlop.			172800	IN	NS	a2.nic.dunlop.
+dunlop.			172800	IN	NS	b0.nic.dunlop.
+dunlop.			172800	IN	NS	c0.nic.dunlop.
+dunlop.			86400	IN	DS	22897 8 2 03CD996F132FFD32BC1BB4F08122D4A4F6570BB9C2AB647BE9B1AF174E79AFAA
+dunlop.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dIkKskqDlyftC1rWtMGL5BTHSpCSZqk55z6mNQQf3Bf4h5oXe49/tMk+exUS6uDEf07rt1RGo2V+l9tGZP0Nm20IObHf+hSalhwQHxpqEwG8Q7PKvRSzJeJR+mG/VnM6TT74PsUjtNsP25Daya//MNNzRcLwlLqBrlx/gvGz4GRkTV18jjtM8M5uW3bGIwKw50KEqJLyDIkU/remaJLh+zxkgD8/9WKEnF+bJfZsQX95b4C1X07PCoNjld/8JjDKcQtXV8vMXhjebAKJHbHzpYYuSbDs0OGuR5k+oNKQTaX27v8Zs+5oUUuA11jmLQwxReO39AFX9Aqo+feMYZwcbw==
+dunlop.			86400	IN	NSEC	dupont. NS DS RRSIG NSEC
+dunlop.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rORY/s0EqdBrFf5DCS1rApmGRqrByk5sqyzQDsUJ2063VIPbuYU5hCQbu5Famwv6ZfTwdmPyZf0Tg+34How2FOQvKbzzur2lwzcytkmQmyAtuplUQuvbOdz/c/FPMLXnUagdnQp1vQhMMjVrFfwaSXq3TndXe6QdXv9jK+yNcxkOKhfqJ01DqHjcoinohQPdeVfrrzMB+lIY/52MPfpHISsDQH2BxidENWgdnGfBSKo6x5Tg0Wc7xOeZ0kRcs5dTyyRK5y2QfZqdR9MEb51OTHC1EeNhyYPWoTyudMQ5E5OzE902YV+h/YGzNlCj2RgUtWQ5xLfhUw3/c4jFM66/WQ==
+a0.nic.dunlop.		172800	IN	A	65.22.120.33
+a0.nic.dunlop.		172800	IN	AAAA	2a01:8840:76:0:0:0:0:33
+a2.nic.dunlop.		172800	IN	A	65.22.123.33
+a2.nic.dunlop.		172800	IN	AAAA	2a01:8840:79:0:0:0:0:33
+b0.nic.dunlop.		172800	IN	A	65.22.121.33
+b0.nic.dunlop.		172800	IN	AAAA	2a01:8840:77:0:0:0:0:33
+c0.nic.dunlop.		172800	IN	A	65.22.122.33
+c0.nic.dunlop.		172800	IN	AAAA	2a01:8840:78:0:0:0:0:33
+dupont.			172800	IN	NS	a.nic.dupont.
+dupont.			172800	IN	NS	b.nic.dupont.
+dupont.			172800	IN	NS	c.nic.dupont.
+dupont.			172800	IN	NS	ns4.dns.nic.dupont.
+dupont.			172800	IN	NS	ns5.dns.nic.dupont.
+dupont.			172800	IN	NS	ns6.dns.nic.dupont.
+dupont.			86400	IN	DS	13507 8 2 2A1BBC71245A57110165649E9C31BB6CF87DBFCFC3CC3F45EC4C7845F5DEDBBA
+dupont.			86400	IN	DS	44914 8 2 F94EF24DE9794ACAF4920BFE73388A466179C339BD33DDEA11B1DECD2A45611B
+dupont.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l2FpeQsem1RDx9fNyApA4VG5LH20HTULqIHBCeBiP94/ppEb13l43NrddtcchIAT4w3ley0AXwbmnrgfJkivRGGXfKGWMXF7hdqjkSen6HhvZ7voKk0WjcQGRP0SWMTknPh7e7JmGWQAQGAXvK4gl3Lt+5xk0zY+gQW2eoO+F0J3RpstNLN3bCoeuXRphbkB7L20vC96bmh1yB9qPCbcDRKddJpZERqNgemeqrDJG/E8vfAsD0Ml7Bpj6PVuusBlD4nKXgRYDrevL9FK+ix28RlRT9gr1d63IJZsye328iTW2Q7LfzGrk3MHFqD3O7+imFBlHqs43Ol5sKoSzGjQog==
+dupont.			86400	IN	NSEC	durban. NS DS RRSIG NSEC
+dupont.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pCSCsVDzPD27N5oaqoGn+4Ms50WY2AU6mwKAb66q3fQvnW3aZRQrenvA8ZdOTLdkC9XItF0zt5adEcKZLeaFykTxod98N1tFVNo6/YJGsLBSPOJ94UAhNA/+SjvEYrhSdbS0ql7OdhhZA6U/FoLC5+x9QF7MUlLl8tKRlX67evKf1u503WI3wW64Nxtz3E63CP/6qdB5zQA4KJfoD7ktP/zL6xoSKHc2f0Kn/ZCgudeVQQNeIESCYkPinRE0lBCqCu+MBk/v0ctMcjHQovveglmfmDjrZ9+dzxbjDd5tyM4kQkNuqZJCtB0N2rOds/Di0QL7oMfXCvh7eyEKqwuetg==
+a.nic.dupont.		172800	IN	A	37.209.192.9
+a.nic.dupont.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.dupont.		172800	IN	A	37.209.194.9
+b.nic.dupont.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.dupont.		172800	IN	A	37.209.196.9
+c.nic.dupont.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.dupont.	172800	IN	A	156.154.156.52
+ns4.dns.nic.dupont.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:34
+ns5.dns.nic.dupont.	172800	IN	A	156.154.157.52
+ns5.dns.nic.dupont.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:34
+ns6.dns.nic.dupont.	172800	IN	A	156.154.158.52
+ns6.dns.nic.dupont.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:34
+durban.			172800	IN	NS	nsp.netnod.se.
+durban.			172800	IN	NS	coza1.dnsnode.net.
+durban.			86400	IN	DS	48265 8 2 57603308E8A6D14065F069A08C050CDE3AD0C769DD2BECE4DA5FCC9456BAFB32
+durban.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vssJAE6CiT1ojwcgNQO2qg9ecQJ54fxHWLMyXUOpb+k6ysK4RdoIuSRs1226rMDWVHbzjab1sk1hFsBRjugz0O4nh6OGwVs10WWW+2hMz56Ko+3oGR4eTfpWx9Ib3y91QRKe+nun4/jKgyIOom7znRPPDR8MNMXjjXOtCHuSqoSmXQsjPBecY4T7yBNGV97/Cz3Q1iDZ3dYyNCczz1Qn1x8vk+jG6Z1tjyNpIoG7a3flGvoMjHcR9fBQYQ/8jPqo4TcIazPmA61hqPc0UKXAfd+ID5ccQ5+d6SJkdWDPvKE5jB0RXQNk+66aTba2IO50+7ildWx4uD+9+hZEzJVrfg==
+durban.			86400	IN	NSEC	dvag. NS DS RRSIG NSEC
+durban.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MooQ5aHnz1rjQTBG0LTs/k8LmNodFWPzSGYRY97Yo1SsNxTMQpFcaT8nOer3VLwDLefPV/Ug63SNyR4QeNnkJI2yLsHNA9o6/AxOdfQrVEqc4RavZffO4pHME0qTgbYMkNdWf5b72diqPCfKkzEigVTf5cgpKNU3qLOkycTirPqrsX2y8QcBdEpEu6xGo0eYJk7u3mG15r7pZ1EA3tfMwbeu6h7sBHNz7HQDhh+u1e0fu8TdPsxVWG4fdbsjTkThM7Btt0y5XY84scBPapfLA7GWq5NbxTldmYF8hs8x3MByBPu4T6UHlkn2g2eXxpqRIcq77wlZctxiKlZO0Ydmxg==
+dvag.			172800	IN	NS	a.nic.dvag.
+dvag.			172800	IN	NS	b.nic.dvag.
+dvag.			172800	IN	NS	c.nic.dvag.
+dvag.			172800	IN	NS	d.nic.dvag.
+dvag.			86400	IN	DS	3200 8 2 4544410064854638C7273C4481902B0B3218F905E6DAE266A181DEC2AB700BD3
+dvag.			86400	IN	DS	26666 8 2 C94C9E4F38CC0283D1F3854A27F49C001E6D43689F35C0C9438E7D8731301662
+dvag.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Y5a1nqNWjmSkauocI0lUU5Vj1TkJJQISxv9mFkRtfj0X8CoM+DEdTSUhDHcoDiimI+zThcDrxsIzg/ebSeL+po1oHONtGmwp1AzFUId/Vd5LOQVtVwmZaMfUBtRrkWu++NIoTF2T3+h9x79UIudR5+pIdi8+9wZqqQKk0IQLvC+3bIhTY8bMdBiUYKLgz7rF7WFgLUN/uBJ9nxKewdbWcqs6cffPRepfDksolPn/JVt1GobW+VISEeW8AFPE7JRDh3Qs7ANjKVaLIQJfHpQdtRRnLRPVO1XUOi96/MmX2xM01GwvrZmcS4Pf5tkchmxIvRYq3kulEYIo0f0SUNTwNA==
+dvag.			86400	IN	NSEC	dvr. NS DS RRSIG NSEC
+dvag.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JnCeROLFQpZPIh8qZpxK+zib+W+5926mWNhoR0FIubCgSMU6dGCRo4n3VCbxtZBKTK6A4CtT5+gvTX745hPKeh+KvW8NaXHxY3fUT1h9fKfjLR6aNJv/1AEQ6PLiWXqM88ss7QbYJttFQRltEINbnxPYxQP6rRntgtPMgPzs42jKouG4Wx0Zooznne8b2Hb6BSeD91IiYvUcKIOXF5aKZiwhnp6mU1NMBLiXyAjKkIXsiiFmrFKdTIvVPCNsy7AX5ZbDDf/d1f0vM3py2jYMj2agpxDGmBijt8wlFqMrMKrzb0iv/b64QZVVpYNqqYC3pvyHqDsRFnEmFm2L5SRdDg==
+a.nic.dvag.		172800	IN	A	194.169.218.84
+a.nic.dvag.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:84
+b.nic.dvag.		172800	IN	A	185.24.64.84
+b.nic.dvag.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:84
+c.nic.dvag.		172800	IN	A	212.18.248.84
+c.nic.dvag.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:84
+d.nic.dvag.		172800	IN	A	212.18.249.84
+d.nic.dvag.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:84
+dvr.			172800	IN	NS	a0.nic.dvr.
+dvr.			172800	IN	NS	a2.nic.dvr.
+dvr.			172800	IN	NS	b0.nic.dvr.
+dvr.			172800	IN	NS	c0.nic.dvr.
+dvr.			86400	IN	DS	28879 8 2 FE84D723DC95EEEE237ED7452871DA942FC883F0154CDEAD6BCFA3A36EF52DC9
+dvr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Faa1bT2xNFncqN/hO5tEErP+22/ozyGhPMio3YTjxGMOsiGwwWkXDNJSQ/0Hikla7JUzlVhMmaBwvKmwHGXM9VIalBLC0spWotIxJ/mC8k6KiM5mUxahIg9KJlK+W4OoVBqkF07xg2UdbzjQhATwA3/EMrsYsPPV6hWXkmXqcYOqAg+0xxBGSwL2y/fIeQar++o968KNPigOtAB8cGGnLauH2Tq+RgG/rDP4mbW3daNMVaxtn5E4hP1izuvRYfNHUPB1913/ghPmiYEqTxgU2ZMQZaT+Do8+AN2ops8+eteuNkf4bEKcmB0usDrK9Sw5gE3FwJHue49R6dnhvZGBug==
+dvr.			86400	IN	NSEC	dz. NS DS RRSIG NSEC
+dvr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vPRH/655so7w9RgU2SuazXkZMcze8sTi4FoXtozaaKk019p8olmfvOqP6uCSZ5pct0MnFYTNc4s5lU8k04am1Vs3vritGF3KAuTbSCV9F/f66hEJhsd2gu46NhGaJmr0JqDtmS0ElQ/KvQL0cfSkaFq0/rgeOeAphy0HVLut78/XXBVPuj3Dwng3saPeKas8WJF3ZcNeFkoD1x9Orcz0x7Qmasc6aES6z2czXqWHQCovEaZuWPplGec3vfkv5qYZVarryc/FU5Gvx79yGPey1IdVtcFOURVrBSyXJtMIYAC3t3XPezmr9L51MoK4x6Zd6bM/KoSY6GuBzhAjHeP2qA==
+a0.nic.dvr.		172800	IN	A	65.22.108.17
+a0.nic.dvr.		172800	IN	AAAA	2a01:8840:6a:0:0:0:0:17
+a2.nic.dvr.		172800	IN	A	65.22.111.17
+a2.nic.dvr.		172800	IN	AAAA	2a01:8840:6d:0:0:0:0:17
+b0.nic.dvr.		172800	IN	A	65.22.109.17
+b0.nic.dvr.		172800	IN	AAAA	2a01:8840:6b:0:0:0:0:17
+c0.nic.dvr.		172800	IN	A	65.22.110.17
+c0.nic.dvr.		172800	IN	AAAA	2a01:8840:6c:0:0:0:0:17
+dz.			172800	IN	NS	ns1.nic.dz.
+dz.			172800	IN	NS	ns2.nic.dz.
+dz.			172800	IN	NS	ns3.nic.fr.
+dz.			172800	IN	NS	ns4.nic.dz.
+dz.			172800	IN	NS	ns5.nic.dz.
+dz.			172800	IN	NS	ns-dz.afrinic.net.
+dz.			86400	IN	DS	17380 8 1 E624A5121244D5706C2126AE7B48CE7546DB0E21
+dz.			86400	IN	DS	17380 8 2 71034E42FCAA30ABC99190C2B1D99D4D3D9C7CE005E020699A047D2B36E28AEF
+dz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ofC65WWSJWyqN4md5R5GuB+NAbUjBcM4rdHxmHxTjvnCAWNLJBVt2PQlS21esgbT2qZvOHcLFolyzH5z6fiyG9rmPiBU/KmPC/zWqacmN6BP7+H9HCt2drSfzazkbyTVfdwWjuxpgl7szYL/S0SzMySCIiokrrTsCnlEZV/NGKEtqanh+YxU9po0+y4UYfJq000N2yz1mP60nzW10Tka74nWcNSBwGP9HKHMCGNaMpum4W2iTPvJG3C6PZ0+dTWoNAe4eh4OibdKSARqcvVImWXYOxQbzJaDXRf2Tcgpur9fxYDqEX16zgyNfkGVJvyvLlaZNDluR+jywIiVsE+50A==
+dz.			86400	IN	NSEC	earth. NS DS RRSIG NSEC
+dz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TE2UOpXtXFQRAEECVb8lGqX+/lKBbsSpI1RIqkqEfAluuH5r4w6tBgOLcwfUjUfb0uhCq5Y9zUSczXSBwDOchISYXsB3Ysjd2x/IqpFND+aMUlQD66t6oPDTQW3rT/A6+4waNE/ZO1NZAjfY7v69nCjDGB59MAOHuK1V6eabWf3yRyFEflx9TLJ/fLcInVoSELwfgIa87UN1Nqka1+xBevaRzZOGcyYsJsMzhgAXQ26yh/AYDcDHYtDdxiGuI5lXPkAiWy85Ydi2jpnoJfru+w2nfKkYZEd8ecXnPRe3o5l8tBfQ7b1RAXNmVeVNPM1xg3NAJYSCyUCwgPprC9OVwQ==
+idn1.nic.dz.		172800	IN	A	193.194.64.243
+idn2.nic.dz.		172800	IN	A	213.179.160.68
+ns1.nic.dz.		172800	IN	A	193.194.64.242
+ns1.nic.dz.		172800	IN	AAAA	2001:4340:1030:2:0:0:0:2
+ns2.nic.dz.		172800	IN	A	213.179.160.66
+ns4.nic.dz.		172800	IN	A	204.61.216.103
+ns4.nic.dz.		172800	IN	AAAA	2001:500:14:6103:ad:0:0:1
+ns5.nic.dz.		172800	IN	A	193.0.9.71
+ns5.nic.dz.		172800	IN	AAAA	2001:67c:e0:0:0:0:0:71
+earth.			172800	IN	NS	a.nic.earth.
+earth.			172800	IN	NS	b.nic.earth.
+earth.			172800	IN	NS	c.nic.earth.
+earth.			172800	IN	NS	ns1.dns.nic.earth.
+earth.			172800	IN	NS	ns2.dns.nic.earth.
+earth.			172800	IN	NS	ns3.dns.nic.earth.
+earth.			86400	IN	DS	26449 8 2 F5CED94F4F7CD8BD7278CABD2D2E7BE2DB0FF7C89037B9066212D42883A525CF
+earth.			86400	IN	DS	38176 8 2 6BB59812C4FDD633997053989F89EE0E3B466B694C11B739C8F79995176B3920
+earth.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JZuiip2/dBUW9IR3c/jN9hToyBm55f5AdE+qRXGF5O92Kw/0qTScjNaiRKXe+mrcYM+Q8MweQFFgu3qpb9e7yy7mXRU1pnnb45Agprk2p7ZaOTuXU14jqw3ceMCNMn0yWL1cpMVUFI9NVLJujXpjw1Xisro1dgal0MqlGLRUHb+1Q43P5e4qHrs/NUX9WYiEZ/L12sXG3pl1l6CYpAwDfNF+wZFM+iBgF5aWxQSyOy/UYDuPF7HQnv8DF/TfrQoEyhCKjPUXt9e7Brk+WnICHA7DTdP/l1RaIwv+NFSaoK/6aC2KvAnsVzPQo4zKxd0RutVbl10UKowuSeMgIRGWcQ==
+earth.			86400	IN	NSEC	eat. NS DS RRSIG NSEC
+earth.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NW70PJ4DaSAZmMfykCVXdaXxED7V62ScVgtGZDkSQB2Al5ZKRV/kKfCj47ovrf90TSRMZKauEJZ9CrA6BtUeJ9/PqOHQ3HGDszF/aAeLB4NH+Xwr+v5ZZNHFkEuaNTqpucAj3F1g9zR9dLhMAQiQrCG9ik/E2vIHTevUyb/G9C42cEYNjO2FUokkqtaGnQQmLReSSVm+EKEEhr5v+gQRPoT42WIN/D3T+518zmIPqlgumQMrnTYBklsvc8OllcfV0WzSNvDrKcvOAgY6DA2daw8DMc65akmiZkT3SEpHoh79HrE9GcLTLjiAsj9YcxsvqTCwcCDAx5JBjSMvyy7f3g==
+a.nic.earth.		172800	IN	A	37.209.192.10
+a.nic.earth.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.earth.		172800	IN	A	37.209.194.10
+b.nic.earth.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.earth.		172800	IN	A	37.209.196.10
+c.nic.earth.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.earth.	172800	IN	A	156.154.144.230
+ns1.dns.nic.earth.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:e6
+ns2.dns.nic.earth.	172800	IN	A	156.154.145.230
+ns2.dns.nic.earth.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:e6
+ns3.dns.nic.earth.	172800	IN	A	156.154.159.230
+ns3.dns.nic.earth.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:e6
+eat.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+eat.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+eat.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+eat.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+eat.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+eat.			86400	IN	DS	36982 8 2 0162A0530F6AA0945BE047455CE29119BD4582EB2E4A08FEE5961BC427F9F518
+eat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . P6PAQsTEXvupepA+m+/2wAKrlN9wNC6F3GoaAYPZZBwbD3+W7/eCzrjvU/Piuonbn9jCz2wJZkRIrj/g9z9CwIr1h6p49TATBTW0cY13BedLlTMISR89wzY7QFAL+CUXNau+I5Xiheu+575k34bVk7tHlSsO1xA4uY247nGrVzKRSr7xgSWTMKxbMM9+TcsRaS/ANYMrhT1JIEaT8P0zdzty6dcBdRUd+cCbPdkUIO6D7yrKJZClxNouUvKWVky//R7sUKpZ9KgH3yPFWVXUEndiML+0NnbyxmCGtqMhN0bjuOmvF3oYpiyobeTBdjpU6wKx1XZrQ76JdgO615QPAw==
+eat.			86400	IN	NSEC	ec. NS DS RRSIG NSEC
+eat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BKpPyE2Q0dk1EFL/1cW3PgQ1WgQ9+u9NL06rcJiVjakQowHSMmhALttyu+q+M/Ql+rC1wwrK/KFMSGYpo2X8pwII+olp1gzfQuAcjcK9f/z3apgJwutUERZvaXfCvHdtLgA6DbxX59pXRQZng+n4EfJM2ujIGDAkoHQiHoG4QvcLPjbTlYW7CLxKPZ79sSB0GwtFsGzk9aupFjXd4CP0qAI6usExDZgfaJ9KxP4DM5dzrdaS/RsIL9PvqC1ER/p/1LzA2LrP3b5nPqr0qpPSd++XGA32IEhBCJiYYCamtPl5OIxivwtT0UwTGy2KB4QBB/+hBaKa07pbc3CKmZC0TQ==
+ec.			172800	IN	NS	a.lactld.org.
+ec.			172800	IN	NS	n2.nic.ec.
+ec.			172800	IN	NS	n3.dns.ec.
+ec.			172800	IN	NS	ns1.anycastdns.cz.
+ec.			172800	IN	NS	ns2.anycastdns.cz.
+ec.			86400	IN	DS	35138 13 2 2DE23508E6AC307FC11F86B8768025BFF14E2B585D555B020E218EC65C9A0223
+ec.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fLJLwcLFW4Km5rUcX3yavTwZnJgkDk96AuAFEuf4F3wnF+xzZur0xy6+xfO9M5HAGNnQX2tUtpt1/qZi6I78GkmoWPsbR7EK5doGJBUqXNfgeIJ7+0XDlMdX8D2rC3z8riRD5XnAqfghSy2gVFY5iwTHj684SjLdEQ8QSpkKkEVikK0v6QkzCqixpCmTbOpShTYuyF5NZjHY8aO579C5eyidenTMKNAFgAxNy0IZwaXtqLpK0pfPB4ZGT8ei/do+FyakDY4xHB9M/VAWN95VPM1/B+kdhWuJY/0r1Nb735ETE/aBE5jzQQYhZhmaP+xjsAfn0mDvyXWS4x6Q69ZmVw==
+ec.			86400	IN	NSEC	eco. NS DS RRSIG NSEC
+ec.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z1rUWood/zYZoJH+ZfWOrdvRIqZV6+BfKrREMOPJ5rnANrL+EKlhGpSfm11UcjD0IP9gCFQmrT4FxjvoZhoopmi1WMer5+EpQYw3zqEWA1ND1PTpn2PC0eMRZlSy1CSFxcsVtcZwEKxVV1sc2GaoTpQd2TF1XDJQk4ktpYl69hJxPcshF1sNu5kSrbtZYcV/4Wj7givkU1MStCI9iScySnZnNVgduWmxlTRWslzV1MtICUMqJBTT2UnSEXR56x6a+m5PXim4KL3i5NMK71xALdALEw1njzxggp0cAwVUvN93D9AzIwU1kHzeFShHMj8ILh4Vc0XzIs6q7VomgdUmjA==
+n3.dns.ec.		172800	IN	A	204.61.216.39
+n3.dns.ec.		172800	IN	AAAA	2001:500:14:6039:ad:0:0:1
+n2.nic.ec.		172800	IN	A	200.12.199.1
+n2.nic.ec.		172800	IN	AAAA	2801:0:60:0:0:0:0:1
+eco.			172800	IN	NS	a.ns.nic.eco.
+eco.			172800	IN	NS	b.ns.nic.eco.
+eco.			86400	IN	DS	34597 8 2 BCE820D516CFE81DF04C38FBCB7CF80C2ECCC473B57A295948FA50AC1AFF9800
+eco.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JlQg8QJ045e4C0nG5QJ+WyfBxihyUyixItKIRH7qEUHQGrQ8kmKbblMy0EqodI75NaIp5MV6Q/cxitAbw2htfSTwv7YRZqgWnKNp8BUvIHnlTtqvdfvoyOpt4+IjAUqpCzz2qyk7yucDs3YX3sw3bcpyCREbkdPoQfUF02u5mDYXPo+haYif9EV+JPvfcjvZ0h0llan9eJHbvkB08haPPiYspsIFMfUpYWwcsbT5Rcx0LuczaXr2ySudyRS5mH84gRPcyptsPjcIrWxB3qJIRxstBPWC4J8e1t27peSWUF1uoq0s+WRrtP/mk4leQAt+l53VsK2913blJm0RnmhHUw==
+eco.			86400	IN	NSEC	edeka. NS DS RRSIG NSEC
+eco.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kzm3QoB1rUTFoaWQ2JIa5W1/jkVGDM+03xj1Z04b6uK5sAeAPbSvVNw5WQdH+7g1QwJdZ+CKW0gf+buaOWizUW7e/1uYCp/ouiUcvj8tCPBY097A5c1MVip8q1nKPqY6BTHAPgv7AyBwcdcOvtTF6aNYpTBmBFpGxfzZnbytEqLmspcSGEeRvg9n4a82nuHptf5bBntF0GAFUK58kO96AEDg16hbr7PRysrDPeYj5F1Pp7lnqLNYfGIj6fwr0Ha+PjSXYLAyqeFVkTpdu1/GAjNQrXJ6TcSlRNbDcdLSeglhASOcse68b9Iu+wkJdGU4+kSWqUwAJKq3/mBGopKuDQ==
+a.ns.nic.eco.		172800	IN	A	185.159.197.4
+a.ns.nic.eco.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:4
+b.ns.nic.eco.		172800	IN	A	185.159.198.4
+b.ns.nic.eco.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:4
+edeka.			172800	IN	NS	a0.nic.edeka.
+edeka.			172800	IN	NS	a2.nic.edeka.
+edeka.			172800	IN	NS	b0.nic.edeka.
+edeka.			172800	IN	NS	c0.nic.edeka.
+edeka.			86400	IN	DS	5236 8 2 1423F0E6F60E7BA10535B7B7B88DEA2B02A8CE3309E68ED2E9698687CDB95065
+edeka.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WsTPh0DPcSN+VShhfkak3AfmLEql7/n5z7gjGwmAjGdoQYZNW3M70OvgJZ9ilv5VEDk0kQJ4yzS7s9g8k0eT7kuCxqn50ZbkRvt2zwBOnpRcqI1LwJjg7OyacNWAyQMXClM+czAYWGMSIj86CrefS3mjOMoTIVEfiBZgxPi1IE0ZrQ+w0trCLZ5JqQBXjRTTlFiOQ7il84iekFIQI2De2vr23LKn4HI8688GE2nz3jCoOeHJBC+p0xnJSFAZ911Tv1J1JS+BV4dTrtChhwQeZryTH5RQji6uaXPKojIkekE0zlnt+oFvxZ0HcEXO/JThGlO9KlbGj+lKMwtHi7B1Ug==
+edeka.			86400	IN	NSEC	edu. NS DS RRSIG NSEC
+edeka.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ijUZRp/pAzBOhO5CfAWw4eWA8V4su7Z2Jqg98JZg8/IpaP9m6gAUQpUu6o8xp3o2Cb9YgQAVwyo0EfRQ17Q+tYLXxxYs2Ki3NohYU+uZVF/GupEAMYqz+UxYTGgzH6m63PcCuyK6FmTdTNloEf1f6QM5/tomxq8c5+mwNH9AMXnkoo3c8iJRNse8s2NWzmIXJOzQ9JP5RZ5uK5QHmAFpoXWfl0alV2tFjn5Z+AUIbFipWRYdNRI9ubsGhKUkHIrBky1lpZ0tN2f1JMMmYjai3ts8b5yC/yIbQseojFcnDL2pSdvrmUnCoPwjGzZYEkMwXE2ZOfutZCVQH0FQIl68/Q==
+a0.nic.edeka.		172800	IN	A	65.22.16.25
+a0.nic.edeka.		172800	IN	AAAA	2a01:8840:12:0:0:0:0:25
+a2.nic.edeka.		172800	IN	A	65.22.19.25
+a2.nic.edeka.		172800	IN	AAAA	2a01:8840:15:0:0:0:0:25
+b0.nic.edeka.		172800	IN	A	65.22.17.25
+b0.nic.edeka.		172800	IN	AAAA	2a01:8840:13:0:0:0:0:25
+c0.nic.edeka.		172800	IN	A	65.22.18.25
+c0.nic.edeka.		172800	IN	AAAA	2a01:8840:14:0:0:0:0:25
+edu.			172800	IN	NS	a.edu-servers.net.
+edu.			172800	IN	NS	b.edu-servers.net.
+edu.			172800	IN	NS	c.edu-servers.net.
+edu.			172800	IN	NS	d.edu-servers.net.
+edu.			172800	IN	NS	e.edu-servers.net.
+edu.			172800	IN	NS	f.edu-servers.net.
+edu.			172800	IN	NS	g.edu-servers.net.
+edu.			172800	IN	NS	h.edu-servers.net.
+edu.			172800	IN	NS	i.edu-servers.net.
+edu.			172800	IN	NS	j.edu-servers.net.
+edu.			172800	IN	NS	k.edu-servers.net.
+edu.			172800	IN	NS	l.edu-servers.net.
+edu.			172800	IN	NS	m.edu-servers.net.
+edu.			86400	IN	DS	35663 13 2 A2E1614291831A4746B5AC52B4B345357687271E85353082741F1CF3D06A4C1D
+edu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fTc024dGSm3seoOVtwKng2Yt3K8wmUwJBJgvzGaZ7XJafA5FwZ8weQ/kXskvBaPzsFW8oyyMThUN04O03ThcnpIjLo8X72W+DnLjK7WVaWtaxPaPcl9yg6ynd7XfFpEo2ob5VvVEWYMnwzjRLwjhHP4Jue+/20nDJ+LQwyDuCx9FBoBwvvPJsk67y/WZNWkzJH3ztfRsFF7Zvw1C18JeYSfWCRFYJuwU9FFuO1iNu3W/CnLLfKU7idItGoERoHI4n+JpqeBNWBKlsB2qiMFrbgbjngoZ6SjHzr1Xpk3YSbnSgBO9xqLR9ZHwxbOzrpjWduN4NRer8eCkCrQn0+ITyw==
+edu.			86400	IN	NSEC	education. NS DS RRSIG NSEC
+edu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ye+GajD5S925FvMo0Ao2OiYbAc508brCncjqs45k1gHJWQxLRa6wD7zQAZqdWwTUI96djFXSK+EafS72XzJMW34O1CxSDii8uoh5LVOcOuDC3CCHSnqTliHTrdjUGk7Okfb2NwErZFb3475IQv/eKCz0ZbUPxaLLEXAhscafb3RJ3cEVslueuhWYfbamx1Jx++Vb8i0rak227qmSxJsW/Z+t75YH5hUIqgZbTA9S86yzezs54Jha+hPadmVHVbP64pDYiahqjIvuZ2OA3q4afAMPk4c7NkN/sjGthQP32wUB87j+TswwLVPr4YxMq46FYQPmY+p0zkgD15bbOvAwIQ==
+pendragon.cs.purdue.edu.	172800	IN	A	128.10.2.5
+gold.uog.edu.		172800	IN	A	168.123.250.66
+green.uog.edu.		172800	IN	A	168.123.250.56
+phloem.uoregon.edu.	172800	IN	A	128.223.32.35
+phloem.uoregon.edu.	172800	IN	AAAA	2001:468:d01:20:0:0:80df:2023
+education.		172800	IN	NS	v0n0.nic.education.
+education.		172800	IN	NS	v0n1.nic.education.
+education.		172800	IN	NS	v0n2.nic.education.
+education.		172800	IN	NS	v0n3.nic.education.
+education.		172800	IN	NS	v2n0.nic.education.
+education.		172800	IN	NS	v2n1.nic.education.
+education.		86400	IN	DS	26536 8 2 A81CD163F9E5927688CEC92921DF489DA53DFBDA0E116B78B02B97010814CAD0
+education.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WQe2jEm8rONPR86ak+oZPzrA7T5DUzSBj1W7GXwwoubrNkaIXKOmB3K194SQMTE3qat+Hgz8h2+QkJtNcaytN124T+7DCYgK0btiemLemStyNEtg0Kcal3/xhD0cBzWjfp9aeejWAd9/gw5Yb73UNMglgCR6Sycj/3Rnhx+2ShlX7bB7lGA7zaA/Ie8nKOEwyl85E7ds7dhW5QCYGV/dLaap86nn83XEqZ9FDUAaO7mdZY38V+60+24IJg4TeV8tlYAhPiJtSa2Zu6i3JyGXgXo39gQkP9ANaBEfY0UIejrsIGzCAC1lb3I6a+zg2gvUJgZsmCoAipmgdYjDbuSdlA==
+education.		86400	IN	NSEC	ee. NS DS RRSIG NSEC
+education.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r+Awb1Qe7QDF3gCNwVTlYZXH07VV2bX5tQg5iiEWniSNLvgj6pnLviiKdKAhwaPPOpj5leyKmA7eNA/qmS5K0dsJX8iNZQk+aLz+U0dPnXmgpJX/Y3ns35QkDrH1/h9noS9gYcjDG/NA+clmMNp2WMScXio53PNnXSnEH9N9E2oMa8X1rqPvyIjtDyMYsn4BW45pyylJvtX++1gutzqBFlp+5UYYRKRkdJaUVxSohfTvlDDD9aI4V0I+OcFntz16kjAm7OaTOCBfe9Pv45RX03bnxiutJnxZapk9EjsJL8KKuA+0ZkW9TdMxN6gdi7smzAdZBnxHfLe5bgh7yq9qCw==
+v0n0.nic.education.	172800	IN	A	65.22.28.38
+v0n0.nic.education.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:38
+v0n1.nic.education.	172800	IN	A	65.22.29.38
+v0n1.nic.education.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:38
+v0n2.nic.education.	172800	IN	A	65.22.30.38
+v0n2.nic.education.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:38
+v0n3.nic.education.	172800	IN	A	161.232.14.38
+v0n3.nic.education.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:38
+v2n0.nic.education.	172800	IN	A	65.22.31.38
+v2n0.nic.education.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:38
+v2n1.nic.education.	172800	IN	A	161.232.15.38
+v2n1.nic.education.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:38
+ee.			172800	IN	NS	b.tld.ee.
+ee.			172800	IN	NS	e.tld.ee.
+ee.			172800	IN	NS	ee.cert.ee.
+ee.			172800	IN	NS	ee.eenet.ee.
+ee.			172800	IN	NS	ns.tld.ee.
+ee.			86400	IN	DS	34382 8 2 000A3D89DC6CD4BA00EA8AFFEE3967D3A26DE7A545FBEFE16BA07518FC8D54F6
+ee.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IUjiItv2rUbUNDeEIqQgkJqITPAqSFfLou/VYJITwR+m/QxErrSawqqCGOP44o2h7FZy0+spJLSN3K4yg3Rsq3uhvxit0/NYFx1iF2O3ImoBr946dzzUM8B9+W6iuWI1uX63TlGJjKVXqIGY5Yy5HqKd95/2BRX4gF4+qvo5gHfEWfu+zyM3T8RjGvgmM+D0qH6j8tWw16U1cPH+mowojB9XUBTznfN3vT5IsvkVm3jB5GfeTFQLSXOfV0Jc1i33OzOwTdY0MyyvZ/dW/HrU4QeH56xqOeaG/jS/cDo9HChbOb1sFybSx3i1ZNOttKuSe5g36vH92RocXiEvXP1XSg==
+ee.			86400	IN	NSEC	eg. NS DS RRSIG NSEC
+ee.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ScQp0hTi4y7eQZHD5ymzpt2FGrrT0ghdUR1bIRY7swPzI8XrSeRhH5KVBHFvHr5gj+yh02Ovt/UPciUxL2AqUj1zvbsfpLQJPYns9s00gSn19jLpi9ERHVQWpvvzaT2lh9tguXClg7F+1+gl/xfA8cVCS+9MAWXcbKLk7FpVgp/3S0fpzB9tzHhhHVOOwqQBW+zPWUuKSq4joZWWY2FZSS9OuDBRQnwC1+Yhbj4RVEKy0I6uWfRwq1nFnvsAEZTlnou9WgguOwbsJCpoi6J/OJIp7iE+xp8hBl+kPanFWlcAzyKl2dLe9sOpk9qyYQrm41Mhsc3y7OoytamSCrXI4g==
+ee.cert.ee.		172800	IN	A	46.226.142.147
+ee.cert.ee.		172800	IN	AAAA	2a00:6a00:ad1:814:0:0:0:147
+ee.eenet.ee.		172800	IN	A	193.40.132.5
+ee.eenet.ee.		172800	IN	AAAA	2001:bb8:4001:0:0:0:0:53
+b.tld.ee.		172800	IN	A	194.146.106.110
+b.tld.ee.		172800	IN	AAAA	2001:67c:1010:28:0:0:0:53
+e.tld.ee.		172800	IN	A	204.61.216.36
+e.tld.ee.		172800	IN	AAAA	2001:678:94:53:0:0:0:53
+ns.tld.ee.		172800	IN	A	195.43.87.10
+eg.			172800	IN	NS	ns5.univie.ac.at.
+eg.			172800	IN	NS	rip.psg.com.
+eg.			172800	IN	NS	frcu.eun.eg.
+eg.			86400	IN	NSEC	email. NS RRSIG NSEC
+eg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BTgtQynb57Vpvi5r+Okrw/UFP19MZInudSz1ZUE2vT6qvuPvDbH2ukHrvKABV6MlWEHET4OXSbIfU0vtCzEQVJJAby0WkKaGxEteQMGu5uXklCuDeLf0ndKebuk4cQ3AS5NtkE87iLCLXBj09etmHYvRXay4uLTsHOlkG98+W4yDVPZCqkazwHEnNDuUe7UAASDiv8pDioOLDAt98Eg+coXmRu+O+eOPo1xDE858HtW1Ea45hFIZX7pLEyAE+KoQqacBikqwKeIvxatxtegIpo57nE1CB7pOg/hL1sjpP/a1rGdK5n25rUdJH/BIZ0ujunLMPcDStpIG53zhKi9yaA==
+ns1.dotmasr.eg.		172800	IN	A	81.21.97.155
+ns2.dotmasr.eg.		172800	IN	A	81.21.99.11
+ns3.dotmasr.eg.		172800	IN	A	81.10.38.11
+ns4.dotmasr.eg.		172800	IN	A	204.61.216.106
+frcu.eun.eg.		172800	IN	A	193.227.1.1
+email.			172800	IN	NS	v0n0.nic.email.
+email.			172800	IN	NS	v0n1.nic.email.
+email.			172800	IN	NS	v0n2.nic.email.
+email.			172800	IN	NS	v0n3.nic.email.
+email.			172800	IN	NS	v2n0.nic.email.
+email.			172800	IN	NS	v2n1.nic.email.
+email.			86400	IN	DS	62422 8 2 92A9DA686674B9BC30EE72224130A7C761D5B01902DA9A5A62038C796A16BD33
+email.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hOiiyRTscsQW4AYHH14tFqOOuSS445WYTRw3/CNnEGYjLRy7ES491uErkjUPnHX3sferRVpFHtwfHKitK9hFqHjcg6nyDgkMSazh7NUFlvAmFM1xgq5iQehUvIvTWCSXl+BTfKJhN7ch5lXAyp6wRKmejuW2jl36YPF0Ei9Qf1I1HDqiAxCAGrSlWdLT84ocxj1L4RX58ja/aCT4CORSAvsr0nDoaWh5uUNwSDcTxrrmr1CJ99JqZ3/ZE8J2SgLe2/FQAdKDVkhaPEtVAFZA1xoKJFpAWX+UOHFPAPHfOxVVhrxDmGhLfs02BUTGHONvk7s4+f435lcMx4mFbyRFOA==
+email.			86400	IN	NSEC	emerck. NS DS RRSIG NSEC
+email.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0ltpaKdFCnjdUNGl+z/Nkh9BV061YlIAWuWJbUrsy012oW9v0oNBezPt2zMBH/I39NMOcfcoSlpwpK8yDxyy1c3q0+3VuydZXlI5Kz+X2l94NdLWRTC/f6Cxlvlo7QBucCVmNQQWK3d5Z9HIqSh26Kk2dDkTeIbLslihpDTfslZsD9xQRYEijr5lHe/GlNAAp93Pi5rw12cHMbYt+U6EAjoVQnIJCsv/sBIKaB5ixRvcQ7iyY5CYB4FzAL6seMBxyNUBjCx6KONgDcEfhWZEMhs/D9LsuhrOv0up18oXGjqD8I3jCS1havxm41FQcbxXLORff7JoGJ+sjnE/f345Jw==
+v0n0.nic.email.		172800	IN	A	65.22.24.35
+v0n0.nic.email.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:35
+v0n1.nic.email.		172800	IN	A	65.22.25.35
+v0n1.nic.email.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:35
+v0n2.nic.email.		172800	IN	A	65.22.26.35
+v0n2.nic.email.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:35
+v0n3.nic.email.		172800	IN	A	161.232.12.35
+v0n3.nic.email.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:35
+v2n0.nic.email.		172800	IN	A	65.22.27.35
+v2n0.nic.email.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:35
+v2n1.nic.email.		172800	IN	A	161.232.13.35
+v2n1.nic.email.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:35
+emerck.			172800	IN	NS	a0.nic.emerck.
+emerck.			172800	IN	NS	a2.nic.emerck.
+emerck.			172800	IN	NS	b0.nic.emerck.
+emerck.			172800	IN	NS	c0.nic.emerck.
+emerck.			86400	IN	DS	58186 8 2 B19E38544F1C313575B683C8533ACF792A0373C18F270ED0A1EBD2C3F77A291B
+emerck.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z18Ss1Ledhvoh/coz7ZXKVC1mgVj32TWI3WDomsbTmXtPkDvUk0gfQSrkpeSzxuG/zA3Zm6o7I2XZWrMH+nWyD5awvAwfE05YmJPyYVw8wLBswPcewjmexCSqzWkhNqF7uPNFHBiKJiWK7C/NWx3mQQIBU8ApcSAPwuasaxITQf/MhqNPMASGbK6A2QQeb2WEYrRmfQMQHCKqmLEbXHcLlqvbwgHZr8T39BqINRX6HymfNBd4pRarHv0qCB2qxLbSSFohLIiLi1s0E1V1K4pcue/yCmvB/HTC6luWFM3KO3oR0f7ez6jC2RS5A7OOgBlPcLRbPhF2TRLqInl2ldjZw==
+emerck.			86400	IN	NSEC	energy. NS DS RRSIG NSEC
+emerck.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m9Ihmi/nvbDa/Yf7q2+e6CixFw8+m36JjTV/0bL9IkDDFc1bmVhUDGX8LchsPXYeiJiivzqWwJmZ34h4tf3XSVRcW+cEtW92/PrWbWHv8OypLzl/O0l6I/MDEvF9dyKrEfFCtUJxBpmJn4IXTTn5fW+X0ozqucYd6NlnO4q6IZHS75zMQaRfjHlsULfhtIY2xEXcrspi09CRtiGxyJPFnLs7zO6eQSJBbfNd1Jw4jdGr7M/06Cz0cdtnOKbb8HIgzvofOdFe6pWCL1LZTWGs1dfvg6bT2/5T3uO9cPxlsQrZVh4C+xijBdnStj+HM5so+pLgk7URLcfCS5raDCwOUA==
+a0.nic.emerck.		172800	IN	A	65.22.156.1
+a0.nic.emerck.		172800	IN	AAAA	2a01:8840:9a:0:0:0:0:1
+a2.nic.emerck.		172800	IN	A	65.22.159.1
+a2.nic.emerck.		172800	IN	AAAA	2a01:8840:9d:0:0:0:0:1
+b0.nic.emerck.		172800	IN	A	65.22.157.1
+b0.nic.emerck.		172800	IN	AAAA	2a01:8840:9b:0:0:0:0:1
+c0.nic.emerck.		172800	IN	A	65.22.158.1
+c0.nic.emerck.		172800	IN	AAAA	2a01:8840:9c:0:0:0:0:1
+energy.			172800	IN	NS	v0n0.nic.energy.
+energy.			172800	IN	NS	v0n1.nic.energy.
+energy.			172800	IN	NS	v0n2.nic.energy.
+energy.			172800	IN	NS	v0n3.nic.energy.
+energy.			172800	IN	NS	v2n0.nic.energy.
+energy.			172800	IN	NS	v2n1.nic.energy.
+energy.			86400	IN	DS	26965 8 2 59F95FA7794AA6A855ADF22154CEE74E7AE44FB25142DBF999174B599DF16771
+energy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eTrsUDlfJXegXpIPtGnMQxCBklf8T64xVqvJpogE5/1iX0FJpUfkgt3c9RHe//KqoXyZZQH4O0vdsEFiUeDqWY6ealsvli1vlQu2zAKy4mwf/UOLNFZmeu9qpFdyKzDv69UJtEnItsnTs4Ox+0GU5LSrIsZ4o8E+AmDp5tPF6cpbZZpTrPfcWDj9+EJrUmgzHp7EhscVl/7/97vEul3h3wQ5uYk4NMSjyUMhvauzwSV93kYLQiXnVih5r56dQ5iwSlxNXCoh236SeXt2eMt03OiYSUkZxXMly3V3WAhPAwkm6fuSdDQzN87lk/xtuUNlR/SMJiodbTOP+xOSfJ/qOA==
+energy.			86400	IN	NSEC	engineer. NS DS RRSIG NSEC
+energy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OeLrrC8c5NY3NAkaAyyWYJ85pQZw+joZ3dG1gzmsz99G+S95pw2z23z6OUfTpW4n19Vnw83/sNA48HUko6EEVLueU5UAL1ud2d67yDf9LM7sWlfAkHRFbl+54UfYKgIiD3QKpIVNYyphdrM/vEFW7iKfdGwcjjsUoSz3T0ee24iMtHwTTxR4czv3ZQYzS8Dgb3t/Te7NWBMtvhJyNvCYqEN3Bsbi5ySC2PUeqTOuJ2RDkPWsaPTpXTHNh16d2HsIfKSnJmF+XFCl9nIi07klsKzIWtfb981Lxc1zGzL91LiNyVAOMUvy8hI5Ozc2L8cy0B2xR5TKAgNFBOqFdtwVzA==
+v0n0.nic.energy.	172800	IN	A	65.22.24.45
+v0n0.nic.energy.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:45
+v0n1.nic.energy.	172800	IN	A	65.22.25.45
+v0n1.nic.energy.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:45
+v0n2.nic.energy.	172800	IN	A	65.22.26.45
+v0n2.nic.energy.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:45
+v0n3.nic.energy.	172800	IN	A	161.232.12.45
+v0n3.nic.energy.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:45
+v2n0.nic.energy.	172800	IN	A	65.22.27.45
+v2n0.nic.energy.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:45
+v2n1.nic.energy.	172800	IN	A	161.232.13.45
+v2n1.nic.energy.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:45
+engineer.		172800	IN	NS	v0n0.nic.engineer.
+engineer.		172800	IN	NS	v0n1.nic.engineer.
+engineer.		172800	IN	NS	v0n2.nic.engineer.
+engineer.		172800	IN	NS	v0n3.nic.engineer.
+engineer.		172800	IN	NS	v2n0.nic.engineer.
+engineer.		172800	IN	NS	v2n1.nic.engineer.
+engineer.		86400	IN	DS	14215 8 2 DF8C5C2C75ABF8EA572D1DFA8BA0A78D4F74CA7213521C1084154AA9684A5587
+engineer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FZCJtoA2fr3GAGTxxbIf5wBF7tMGuA7VP6gGlRSaPfdmiOXlZTTmR82/5qp9HbxNf0ymS8yqHfqjUFWGNFKgj+42xtJbe2Lu8oT4sN9UeVa0E3lxrIvr6GLnFxrxyDIOUAZU6/At9iCEJU3+67+dncR2tWy2RXay24qER0k+yqEVj9MSovkhlxjMm9sMAvAWUkcx7LozS9DOWWqLM/PlwNEllsXrsAO/HS56gZzWRB3SJDYMoLbFqqY5WM0A6e8/EwBfx5ydrttMWuoUKCnq8pquHdzkU9YoYuCbbBBmmSMiLInzXcnYtfNezsVxZKUUnNbFMc9PBL92gAy3f465Jg==
+engineer.		86400	IN	NSEC	engineering. NS DS RRSIG NSEC
+engineer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XQNoEbyhOKbpecZ4TEcEVkEFFIySxrAr57Y36ujrnbzIu1YDIJGEK+gz5jB/mgUb2Pc1dd0RncIP2XFb5KqEN64027w6oEc2nxTYuVkKdALYqjzqjnOIV3T1PxOOSLsCWccGYHAl4xnoX0HGL/ktOubwIVBy2G5bsriOdVOziwwrf5/SRbs/+IOoqzYk5zIQz785oFyG0l2fiOIahfwwMM5Ijwm8ERNW9U0C3JYecBXMAKdhyKtzXTDg2ajwpRhxVh+oiLLOi+0K7qqq2ofHtn8T4l6j6GqJv++ZjcFH6CzWyh71gYFRkBQ1o5WLiD+bJ20TKjLipB06uH/wGyK2aw==
+v0n0.nic.engineer.	172800	IN	A	65.22.24.22
+v0n0.nic.engineer.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:22
+v0n1.nic.engineer.	172800	IN	A	65.22.25.22
+v0n1.nic.engineer.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:22
+v0n2.nic.engineer.	172800	IN	A	65.22.26.22
+v0n2.nic.engineer.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:22
+v0n3.nic.engineer.	172800	IN	A	161.232.12.22
+v0n3.nic.engineer.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:22
+v2n0.nic.engineer.	172800	IN	A	65.22.27.22
+v2n0.nic.engineer.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:22
+v2n1.nic.engineer.	172800	IN	A	161.232.13.22
+v2n1.nic.engineer.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:22
+engineering.		172800	IN	NS	v0n0.nic.engineering.
+engineering.		172800	IN	NS	v0n1.nic.engineering.
+engineering.		172800	IN	NS	v0n2.nic.engineering.
+engineering.		172800	IN	NS	v0n3.nic.engineering.
+engineering.		172800	IN	NS	v2n0.nic.engineering.
+engineering.		172800	IN	NS	v2n1.nic.engineering.
+engineering.		86400	IN	DS	60949 8 2 255F04D5D9BD1E74B0CB27EA0A6330E6445FE33FF6DD0A87B5C8FD1FBA7E0439
+engineering.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WqwK6fsVLu9jpGdgVp4UiVOTPBrifc0wGH20WbRNhbm77neRqT7Dl0y5MViBj/vD0ltwmiTAPx4uaK/qh//6t1rKjViyAL0zq5DwI9UWYaegLnJbU4vcxn6yXggoPeAQTS2cDYCyGteEa3aiTfTJXj8AmwCQczkCDjXTHBpWK+iD9jxmmC93u68n+SljrjuzyNCV/Vnw/geX2Te3r9krsy6S94tIJBPd4HLD6x1olyAjGjyWaAfGJ7eZo9l6VfjGpeuiwoB65eEldKKcvaMqat0Dn9UyrvdTfSlNqeYCcZxl7XYQKVowVsMaTBQ1awXahafyisj3hxE/sJ1cR2xr7Q==
+engineering.		86400	IN	NSEC	enterprises. NS DS RRSIG NSEC
+engineering.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hhOF+JezSragAkjj6Y8+tLPfQOX0vnki5peex9RdOHJtJyfYoynOGsb7ZrqtGshGmC9B0XA2iCTi6WaheBdiAi2s5NVm/Ena8ftbkaQ+w4eSp9baMEkrbuTRyC1OtqZjpGEZxkSf/Gu9sHRMzqq+3jYURpeXbiiIbTebuS3rQn6PyMY7Z7w3NPeseZpM6iAaY9TpJ9mILGCMFDmbL8O0z2K5BS/7/jJGAPHipD7BfAjWIqM3hP9XLXNfzcUFdKN4NBoUTzur/Mvb1vUmlAc5HB5nN+Yx/DTIrH6XvhyBozGWh0x4HPHH0USeHAJSX5f9RgL6qySHWB+4MvHupAn5tQ==
+v0n0.nic.engineering.	172800	IN	A	65.22.24.18
+v0n0.nic.engineering.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:18
+v0n1.nic.engineering.	172800	IN	A	65.22.25.18
+v0n1.nic.engineering.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:18
+v0n2.nic.engineering.	172800	IN	A	65.22.26.18
+v0n2.nic.engineering.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:18
+v0n3.nic.engineering.	172800	IN	A	161.232.12.18
+v0n3.nic.engineering.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:18
+v2n0.nic.engineering.	172800	IN	A	65.22.27.18
+v2n0.nic.engineering.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:18
+v2n1.nic.engineering.	172800	IN	A	161.232.13.18
+v2n1.nic.engineering.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:18
+enterprises.		172800	IN	NS	v0n0.nic.enterprises.
+enterprises.		172800	IN	NS	v0n1.nic.enterprises.
+enterprises.		172800	IN	NS	v0n2.nic.enterprises.
+enterprises.		172800	IN	NS	v0n3.nic.enterprises.
+enterprises.		172800	IN	NS	v2n0.nic.enterprises.
+enterprises.		172800	IN	NS	v2n1.nic.enterprises.
+enterprises.		86400	IN	DS	18490 8 2 F9D5CD8A254B1C4E2F53C8FBD8AB2FAF9BA3AF8479DB07A23127EFD0E97F23DE
+enterprises.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . w2QVI4Vyes6sAgoX/kcjbZaAUQEn1bmhykyZcP8sttKwPHqqfGdc6ED7xiA11Ul5JkjOtoojUInQBANHSO3qitGxaJQAJU6QDNh79wa5T77WNAFmW9TS++stxbBBA+GuW7gyJq4rflQnq7eWra9Si9ZP7F9ftYbCgAx9PB9Ihk67s0FBqnS/BV4oIuHEScVbvf3LGu6A9dlGneLgv294zcaN0m60Yer5gI1YAqWgDdxqUxIy3913+eEym04mOH5dDeqOw6NZOrgaQTBhOQAY+T90yIU5FTfACPYlZUok/69fvfBH+c7zuKi0jLe1qY2uO74s4nuzGIh1afcBpzXclg==
+enterprises.		86400	IN	NSEC	epson. NS DS RRSIG NSEC
+enterprises.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1LB+Cr66km/p62XmKUcMb5rqR2ByGgmQTsEpFZRyXm5HEbui3QFACRmk1D8R0s4nSdfZnOZhibxi2hvpYRI9B8jl6c2w8+O5Zf3F411dcKgaL5AdExvzVISOdHHhWYIVHnGRTYoIEjgOE/LuvuJxqzR9on+W9j3JykaDfrRExaSu2MVT6rb8I/qs2IOwckYGJEa+nYaocR0iqOh7ZayplY/vHTQUdG48pzRW8k8Bj4T4uSVtFsBWgetrbbvcugzgu+twl8DZd5R5lBTWzg+PdXYKDpI29m8Tix/D8yHtclCSwIeu24TkscfXcBqxJJvwUhn2cKWuEPT+efYO9NhHwg==
+v0n0.nic.enterprises.	172800	IN	A	65.22.20.52
+v0n0.nic.enterprises.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:52
+v0n1.nic.enterprises.	172800	IN	A	65.22.21.52
+v0n1.nic.enterprises.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:52
+v0n2.nic.enterprises.	172800	IN	A	65.22.22.52
+v0n2.nic.enterprises.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:52
+v0n3.nic.enterprises.	172800	IN	A	161.232.10.52
+v0n3.nic.enterprises.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:52
+v2n0.nic.enterprises.	172800	IN	A	65.22.23.52
+v2n0.nic.enterprises.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:52
+v2n1.nic.enterprises.	172800	IN	A	161.232.11.52
+v2n1.nic.enterprises.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:52
+epson.			172800	IN	NS	a.gmoregistry.net.
+epson.			172800	IN	NS	b.gmoregistry.net.
+epson.			172800	IN	NS	k.gmoregistry.net.
+epson.			172800	IN	NS	l.gmoregistry.net.
+epson.			86400	IN	DS	61387 8 2 9183DE01E842231D1F1F951DE9B25C160DFDDBAB7411AADFC6FA69764B7D44E2
+epson.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U2S7iErfFw2jyOseT6z5VwwGlNrDr8r486kVLFgbdHq8rkqUWim0bVT171HLYJBcMrtU4LT/d/U+PVTFdQm6NdeF4eDv6u1Jr+69q/Gf295Z9lBCBcsuNtaBFfXFP2AZes8bTtjcTkqTUVqdh6x9F4e5vp9ZKO17xPW8WIFtVag8CWuPf8QRlrlHrcULyulomGrnJjTHcA+0j1zeCcOYmILdksVLnYluif1dFq5BsS+/XSpSO40zdxAPjKt5Hy02s0iAA4MUeQP8yPKOXQ2owQpjg0CUAjPPv13uMotIHZ6E3ybnLprWOTvoojtzU1LP5FSWVUNA6oQ8b0Ie7B32kg==
+epson.			86400	IN	NSEC	equipment. NS DS RRSIG NSEC
+epson.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bnpYKLvv7ftec71TShBHFpPjZgmr6kNxRQsB2uYN4pNxVnyJ/iZt1ls9rJEzsmHK9S36/9wlqgsN/UkrJ/2YZe65+HL5CbGADfKaC5509D/25pySGagFOwObHb7/1ec3meEuvb5gewdFvQWSLTZ5BLwG8Rb/hJubN4qktXC4/ejk0haWdpMuCn1pQ1+3E3nw8PrIq65p7aFCBxNLgQn52oQU690A1GTcgKsrUAEhkIIUaJbXF+IrevvXfA/EmIdMQeAeoiVw+4781OJ3FVnX6byTHK3FQ3ILP/6FCf75jREEApxbIT40cQO71Z0NNklDu+pqliaPbEoxxubJEkO2QQ==
+equipment.		172800	IN	NS	v0n0.nic.equipment.
+equipment.		172800	IN	NS	v0n1.nic.equipment.
+equipment.		172800	IN	NS	v0n2.nic.equipment.
+equipment.		172800	IN	NS	v0n3.nic.equipment.
+equipment.		172800	IN	NS	v2n0.nic.equipment.
+equipment.		172800	IN	NS	v2n1.nic.equipment.
+equipment.		86400	IN	DS	51544 8 2 602442F2E32F4A351C89C118CF22CD5F34C324D57EC1DF0616A7DED19BCCD5CA
+equipment.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uYyv8C06iJLKxuhXG+lX2UmZaUkqLkPedvrj2sZyUp4h8X0aN2snZgFovDd65GYHQ4V8BCaYoO30PapGkPrBFrc8TS3RZwNDUlaMCnXLA0gO1F0i9rug0CeFiFE+sh61Ca8HvjJZMMXo/htv+0nJAof6vkIfG4NeCJSO+4GXfZCb5V/fW2RHlOLxgZgC5Wy4Tqa8XUk8XyIaBvMdoo2Y24bGhiXMKRNY+Hu+SKuvks+qKAjLaL9V4dPiSa5c7ntDCXbSnxDRS9OlcvU2uEoTq47rdQurSHfDEyZV4n9CxS6RV1XIOF+GUGLFRolORlc2JooUF2GP7MwsO/dvzCUg7Q==
+equipment.		86400	IN	NSEC	er. NS DS RRSIG NSEC
+equipment.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A4T41Tubm/7rkwC558Zy/V+esepvpQnigZVXpVIgJ2NYrHA4M2bQXlIOOmWzU2EcFdYWQQ/vECQGlA79ruD7W1mQRDkQjKvmyibUHlA1WCEU6b05GtpLL84J4el8WTp66EzALs+VvuRCFfyLRDPJL+wYH+iIFYCtmaptlYhq5589zD9qelNDLkzlOHfL7UAxyP9KiVZOjIKBVTjHiG/Rg1XAhRXgdR0U7jA25FQ6eJiL/rNWX+DigoBZi62uq1WOD47LZfL2TNSQbkpcetCBiPs5MC0LCQwgpHKG/iZ3OypkpgXHwAhzDrbSMMZ+fytmlznbl1pMgyk4X4V0trdKHA==
+v0n0.nic.equipment.	172800	IN	A	65.22.32.21
+v0n0.nic.equipment.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:21
+v0n1.nic.equipment.	172800	IN	A	65.22.33.21
+v0n1.nic.equipment.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:21
+v0n2.nic.equipment.	172800	IN	A	65.22.34.21
+v0n2.nic.equipment.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:21
+v0n3.nic.equipment.	172800	IN	A	161.232.16.21
+v0n3.nic.equipment.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:21
+v2n0.nic.equipment.	172800	IN	A	65.22.35.21
+v2n0.nic.equipment.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:21
+v2n1.nic.equipment.	172800	IN	A	161.232.17.21
+v2n1.nic.equipment.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:21
+er.			172800	IN	NS	er.cctld.authdns.ripe.net.
+er.			172800	IN	NS	sawanew.noc.net.er.
+er.			172800	IN	NS	zaranew.noc.net.er.
+er.			86400	IN	DS	6518 13 2 A1FDBFA73B513E489341D7E82029C7645D0E5F52D8500A3D7380CDC1122F52A2
+er.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n3ZtqJhncgL2gpj4KpRrgwDu8wxm/prG7mxRKhIRxlqri84XX9miUGZBZsYDjEVvbsY1vH7Ma7dYr1hv8n4RJ2i04UNqKBJLHCipEUObaDCKi2TcGpNzDvcpvDllX+B0sgdpIwMVRRDh5r3Xf0s3MOomu8p8ELsYoD1T6+6jwB29xn2dPuRO1vMa64i64qaATrSMS3A1iH/jMrvkNMT+7ZaGJAkXpjVzH1MKzvTG5kO3VnLv8ZJI/cPg9NqjcCzYZlPc0M49h+Sc3NKnQNsPcQBAeuyeCl4SVQTncvGPatluYmJSozeu901cPc+tKIusitIeMBFJNBNg5auDT3LuWw==
+er.			86400	IN	NSEC	ericsson. NS DS RRSIG NSEC
+er.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qshZZSbF7IFXtkZDcrXKhs28r732iCGraWdKdbNABVqkS1sZIUdKBB+qnFcH3rATjAm08uCzgPLZifa3kVFiLF1xpw7H1rANc3SgN0fZlOlYjZP/etadX1mqmZE5mSUkjYOeuM4RvI/wiBzdbtxHEd/a+NkefuKY75GMMsL5iPbqVKhyW+SDWQOID0MlDRTiemj2yPCgEPcA2avdb767NN2Zb4+AW6QVJyrjTzKXl4FXLGUoTe2hzQhOyNHYQxtxPhy++VP0ErkvWx8A/L1W8G3/JYMw+XP3X4scuOMNqcmPprH5jmBIly6FL+A5M1DneHRuBsEDZ+20+TGxPJgQlA==
+sawanew.noc.net.er.	172800	IN	A	196.200.96.1
+zaranew.noc.net.er.	172800	IN	A	196.200.96.2
+ericsson.		172800	IN	NS	a0.nic.ericsson.
+ericsson.		172800	IN	NS	a2.nic.ericsson.
+ericsson.		172800	IN	NS	b0.nic.ericsson.
+ericsson.		172800	IN	NS	c0.nic.ericsson.
+ericsson.		86400	IN	DS	47419 8 2 936161632EA5611634BAD358155FA6B976A34BC812178605E9700890412EDA71
+ericsson.		86400	IN	DS	60888 8 2 1B2FCF0C2219910E8BCC22B8B982B9ADEA8074C3C20540D58312646469C1F0EF
+ericsson.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MY4xhq9mGtZAanY+XO3GjFJn+ujUH/eOJUS5GWdlK73vsYaNhVfqN1Nx5wBqK5/pFFchg6N7MoLUUd/8wXbh5EzLNgtY2ovK2hD30XDojxGbu76MOUjNClupHbHQSKLGlYJ1TbM7u84HGulsIXsD5DAkzqcM7SolhqLfsmxz3u+s6O8sNUgVUgTA5a79wDcmCkLaH7mkNi0HI3Azq8/rojz0q+z/aljMs39yKFlhLwOaf6OLpd3VVxl/jyKjOiRZCteN9JAhh3RstxwDQQ8p1Arzua57GO+We9WD41EUiXvFDNZjao1axY1ffYHnq9/t/hCj7JffA9dffDg3qeSGtw==
+ericsson.		86400	IN	NSEC	erni. NS DS RRSIG NSEC
+ericsson.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wMlU9CZrT7Cn09DPZXkVCtZbsDXe5cxniqy+//u+ZthJAZIHodLIUiO08F7hkTJtGAFvi71Lu7rb0mLDCQ8PNYYgmANsQnKgp+o5j5iLq76e8v9lFMXCthl4iebaqpbQrSo+ZRJghQTQWoBx//YVV/x5unhaaRXVu9z9M25fnjHG23SoKR3BuZtEC2AJf12IeO0a5SOwpWSt437wVuJ8j4Ig1RGX12dIafAwDsq05cjZM1YjoPitDNR0ZxwTIDxmrq+bm8daVWK+lWcW8Xq2V3Xyxvi4F9VhGWLH5VNHCxDz/TOQZCUe/mt2vX8ptReVPkPu9ncdAFElWAyIs9ZW2w==
+a0.nic.ericsson.	172800	IN	A	65.22.56.33
+a0.nic.ericsson.	172800	IN	AAAA	2a01:8840:36:0:0:0:0:33
+a2.nic.ericsson.	172800	IN	A	65.22.59.33
+a2.nic.ericsson.	172800	IN	AAAA	2a01:8840:39:0:0:0:0:33
+b0.nic.ericsson.	172800	IN	A	65.22.57.33
+b0.nic.ericsson.	172800	IN	AAAA	2a01:8840:37:0:0:0:0:33
+c0.nic.ericsson.	172800	IN	A	65.22.58.33
+c0.nic.ericsson.	172800	IN	AAAA	2a01:8840:38:0:0:0:0:33
+erni.			172800	IN	NS	anycast9.irondns.net.
+erni.			172800	IN	NS	anycast10.irondns.net.
+erni.			172800	IN	NS	anycast23.irondns.net.
+erni.			172800	IN	NS	anycast24.irondns.net.
+erni.			86400	IN	DS	51829 10 2 25888A431BFA4251BF4E4D8340B9EC411AC57F6C20DAB0FEEB9CA68A34B13AC7
+erni.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MMJv4S/Z0Phf0GGG6cujSzmyGpS0/K+lzuo6EKnxhtInu4FvRZygS671VrroHhXt5YCMIWfoTz5s3roWF6YXnFKngY5JyKyWc1vktT8CZ6dNJPHY2nLPmTQZNv4UKwbqs6b0OTncJbHhhr8qh8M6Rtw0uItFx50quzzliHMITNTA2WaWjDNM5Hgbo6YkOqP+6U+NvYvadcnNvBnydidMgNhVQAiHOM6OiQK+gp3UmO3aV8DVNekeBgg2Pmv1yg4UWWBuoGVfxxWm+uAgPxEJ/dLDZqwotu5FXtEtyjdk/NWV9fmbuCivP3OesEZpDzFXFNewcJzV8YfCKIjrodED4Q==
+erni.			86400	IN	NSEC	es. NS DS RRSIG NSEC
+erni.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0IJk2ixP2HMch8dRXp5VsW7ptL7y4HMqkyW5cI23kUJzyF1pifZ7rbUhz2BTyuwzqhhnLhCGBlilYZEFhMYUzyqAr4Xz3qnZbKmp1J5bTtSXBrlhifEI0X3omJeiJxgqEn2ClPc09Hy/INHPBNRyK/4g3W/wzONlUbRxztxe9vZghlemCpjzaso+nUXD22f6lDFFPPsy3tY1k37/nw2wfRYps5ldpkJyqxhjSYTzCXzQxuBBRr2ICdCAQg8CHQd+GbS8YIKpowYTCam9X8+WkQgvFVIHWmCFvR0A8n0CyzL/l2T89DL21/LP/ThoerYrds+/6hKKOlQwKb/Ry0FYJw==
+es.			172800	IN	NS	a.nic.es.
+es.			172800	IN	NS	c.nic.es.
+es.			172800	IN	NS	g.nic.es.
+es.			172800	IN	NS	h.nic.es.
+es.			86400	IN	DS	44375 8 2 9D9858AE981AA53DD1143D93844E3D69B0FB73A9B4FE5759DA39E036E754D402
+es.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GRdGXMAQsZK1xSguPKBgOeC2WInytxrejrOAQs3bAaigghEj8G6UsW0AE4ti/kUaFQ08/7aeDHiKoScWSb5L+IZh9tF4zrQohGl/kGN2IKhYjZBcktszmw2v1fg7pN92Y+Yn+c//fok7lT3wnFAQmKqeFSp2fJu1Lu0UltDmVWlqs4Uzol0KHX3zn1nwSwEgzzG8xKgrCjk6iKs4LaNxezuq8wQ4xn7+uyWw9w7sFX764dZerSzs5IeXr3CCvHt251kbdnA9u9MFzrws3DWQNp7tZGlcfKZYwmIUPzk67pjcRDbscMExEfol/Jn8DGqF+9cLGqsW0FrHtlzikXTK1w==
+es.			86400	IN	NSEC	esq. NS DS RRSIG NSEC
+es.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dbirLc/eUMdjsPGznJ/bXbBdt2CvIjJx2X96qRtTFIO0xLJ1QYUjgBAePqo799tsV6t8oKNFVQR5UPbe6fxeoVqTmEPFVaSZbYmVomWlQ20gN7ctVycuoz1Buuv09PUR7vapMjARk4hWecxxGj9fk1DmpwN0m42eO61VQtM+5/DaSABOy9uahen4h+JTGosQsE7He7VTVdVtHCcC2yTalGyleMyzlyYD8os+e1ud+U+xv2lhphOg7M5IJiUajc5tP0bKPEWlbZbCzSbLE7lwXHwZGNVfQP4Xv7eBTIQsBBppP/E+UYn324DKYXVkNK+CS08uXYcZh3FxBNqnH3ou8A==
+a.nic.es.		172800	IN	A	194.69.254.1
+a.nic.es.		172800	IN	AAAA	2001:67c:21cc:2000:0:0:64:41
+c.nic.es.		172800	IN	A	194.0.34.53
+c.nic.es.		172800	IN	AAAA	2001:678:44:0:0:0:0:53
+g.nic.es.		172800	IN	A	204.61.217.1
+g.nic.es.		172800	IN	AAAA	2001:500:14:7001:ad:0:0:1
+h.nic.es.		172800	IN	A	194.0.33.53
+h.nic.es.		172800	IN	AAAA	2001:678:40:0:0:0:0:53
+ad.ns.nic.es.		172800	IN	A	194.69.254.15
+ad.ns.nic.es.		172800	IN	AAAA	2001:67c:21cc:2000:0:0:64:47
+ns1.nic.es.		172800	IN	A	194.69.254.1
+ns1.nic.es.		172800	IN	AAAA	2001:67c:21cc:2000:0:0:64:41
+esq.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+esq.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+esq.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+esq.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+esq.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+esq.			86400	IN	DS	40564 8 2 9A963EAD34A5139ED1F5E24FB422202CB704038AE15B670287BB31A040055322
+esq.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WFurXStI+QEKF9fXM5GuuNnPrDbr4eNBkeqjSUNL1AuW+DW23wzXIEPK0e6Mhrwy681aWNlnx4iBo4yY1QHjjqVDHI8/vNtj3wB9wkixRcpIylIzKc81BKXA9I95fQcCbvrugsVWPrb51dFdyPMPnfXJfFIak4SHM3hai2OdQtRmkZcHyh60L/Ucgjx39P9AIztRxQh+WgOfvgeHPUenFEyUrdRZxyWljSwGkfaL1IPYyZKfRivdq4pnyntpTvORUtt2CPa+3wRWjDuL+xmAiV8bnAz5EFyDJQZ/ywxi6/ufRk2QVpLtz9DNCg51RXFI3drP5z/jel/kDFtr/FEaMw==
+esq.			86400	IN	NSEC	estate. NS DS RRSIG NSEC
+esq.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cpl2NtGc4MonSEds2LLSorRAsoqHqkOOoqiXoAzqt6tGNTpIxhSEdeyvAfL0TVH1NcUsVLJwhASqycJdlKwUBbgvdxJdJKDj2clW8LwxlRlhjEniEqLwLZc6ezls3LIAsl5NbDPY18wqKj84GIqrSrR/cljDD2tjrDepxhQrzTxMfw9mhvt9UB+PLIQayyCsm7a4e6MbpRCju8mUogH+BsfAcHOhKX6yOWe6mdS5Blu3B/nQ9BYg305J/zj/LN29WWhomJAkPmUo2eBctQZRFmDfYN7at6vugFU7kxSvTURipLSfo2l0QOpncuBkMDpuxeDu4LEXqfICRzH0dCvl0w==
+estate.			172800	IN	NS	v0n0.nic.estate.
+estate.			172800	IN	NS	v0n1.nic.estate.
+estate.			172800	IN	NS	v0n2.nic.estate.
+estate.			172800	IN	NS	v0n3.nic.estate.
+estate.			172800	IN	NS	v2n0.nic.estate.
+estate.			172800	IN	NS	v2n1.nic.estate.
+estate.			86400	IN	DS	9670 8 2 FBC7771A3F609853616F5B68203D1645DD9ED6D9D56BA3BBA93429CF43AF8562
+estate.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IZcpMvZbbY6NU32YCWEzQd/vQ6beunRGUTu8LR3BlZd7P8DoQdgRQQuV/jWZmYAqBcPWG63diPSfoLgiubmPUbhNVUIp5ZJuVHiIdl7lO5uVC26V4ZqEuobFV+CWGPpBX8OFWfksFqv8ElcxjM2nkdL6rIpmBGrSapt2mlqn7CQ+Qwp13buoy7J+A8HVWND9nPa6InzOwxHVmPth3fspVFkrCk6Z7qdYr5zcZY5o6d2Rq8zCkrSXVteVirPdWd9ZgOZ8KQpXUUS4IocdHgVGCsfRncI6DT4KbiaWVjI5wOj916OQDitsI6hwY39YQJQfdbX3KBd9M5eQO64JulyXGQ==
+estate.			86400	IN	NSEC	et. NS DS RRSIG NSEC
+estate.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eliDV+fnpwOCPpBSLB9ULHopUTVNf9s6skorjYAbl0agbKrSJCEiNHX37qzgBAijotssBqgDHaIUYbuF78bM4Pt1WhlpbxACJFEA7+Ul2cGukcbPRuBTbaFnZfPqYOWY7l5DPqYECH2OAWLNWXTTsR2B+KYRJ3ISOj9ovg2yky5Fa5vENQtE3jXYkkvoecHnyvPj+xqHd2rb1iYK2OsSl/MlaJo6UjRZ1Xa5JrdOWJBfhM+jgLmiCEXRpyELPDfr/OO4h/WYtE2TpoIcucpspNMtR2mzErrhEkT3XcWNgvUMJ8inDAGfQzmuxBjgn4EqSQowcDTdtbViiI+aKvtaHQ==
+v0n0.nic.estate.	172800	IN	A	65.22.28.47
+v0n0.nic.estate.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:47
+v0n1.nic.estate.	172800	IN	A	65.22.29.47
+v0n1.nic.estate.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:47
+v0n2.nic.estate.	172800	IN	A	65.22.30.47
+v0n2.nic.estate.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:47
+v0n3.nic.estate.	172800	IN	A	161.232.14.47
+v0n3.nic.estate.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:47
+v2n0.nic.estate.	172800	IN	A	65.22.31.47
+v2n0.nic.estate.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:47
+v2n1.nic.estate.	172800	IN	A	161.232.15.47
+v2n1.nic.estate.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:47
+et.			172800	IN	NS	a.nic.et.
+et.			172800	IN	NS	b.nic.et.
+et.			86400	IN	NSEC	etisalat. NS RRSIG NSEC
+et.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GWRd/xPwV2/WZOxg5w5QJPOLh9PdYtminaGrsvo/AWnChXGbKcSASaRxW65qngfhRk7V3YI6QU0f0xqyZDGhYKL4z2ypdtG92JcGUtbBiCN6h2Tjof7eL38gOF80DQ6o0Ywn2p3hxwhLNlZHMP5YVhdsPInoK720YFwvA3aQrlKKNm3cWlNISHNgDzsdrxe/+3EZ2vuFk+ACv3QCSoWvM5cFAKn+7i+wl73vRKl9ZwnVMg2LzvGfRKGskYIJ4PQVSZhdAP3gO9DwSOxmBBMadUlM5iRENa11ZhoiVL/AW2h9wTznVgbPYcR8sFEEzknSBWKF20kEeETyM27CRqNbYw==
+a.nic.et.		172800	IN	A	197.156.74.192
+b.nic.et.		172800	IN	A	197.156.74.193
+etisalat.		172800	IN	NS	a.nic.etisalat.
+etisalat.		172800	IN	NS	b.nic.etisalat.
+etisalat.		172800	IN	NS	c.nic.etisalat.
+etisalat.		172800	IN	NS	d.nic.etisalat.
+etisalat.		86400	IN	DS	3857 8 2 389B8D170BF2914ABE8CDD4BCCDF454BCA62523FAA83F6F5F30CB8E672A75803
+etisalat.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pMBtB8BnFhQqVeP5HHV+KlKxyBDfY25HtwHS1e7b5Lvw9XQ9Pi/2/I7hEO9ghh5uE6KuMBIs7vSg/wbVL+eIAMd18AqvRXhpsKEgPgWe8ZFpZSnEv+icRz1WgymH8sL7kVZ8P/7EyZn8Cxr69IGCxofvVvUUd2MYK00CUCk0WuOLq+kveCkaOGizxTQMQAm+8AqAmXQqCpJtDflm0ZOs1F53yyQFJ8BfHB+WKWfS5pTsrm7TRB7dNncjiu3buwqz5VcWpFOWcZLrDBq0VowcVyDPq5LLPxT6RB1isJxfXSKh2omZSanMC1tsPQYatXfQPnSDVWxFo6cHPY54IVE6Wg==
+etisalat.		86400	IN	NSEC	eu. NS DS RRSIG NSEC
+etisalat.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KJMcxn5cDTj6fO18Z4j2ec/tnG5HIm42CHVA6dSJMNd7NcX4aswbsxD1Nl//ZRVdDAD9rgf1tydLiGhdZycEuU3kqm3roTmJRVwwMaPfyq3vNs0ZjWparjVtZZxloQBJoT3L0xrtYXk00I6VlkEgpop3O2KaLTintUb/Ng8N7yZrl+m8gfs6bGVmSmLxMMc7JNIv9P2irw3dZ5ubM1mfJ+S2r1yteJ2qY8hQYGtgFjKghE9pU5uKqA7boUqcXWBbYjkFI9A1v6zDPgIe5Zrm3CSmmUWTnN1nnLoeYyDNqjQEkyw9Nsm+ZiiV0EyEGrlEz9Ug4vXZR+fUSuJMF9u+vw==
+a.nic.etisalat.		172800	IN	A	194.169.218.48
+a.nic.etisalat.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:48
+b.nic.etisalat.		172800	IN	A	185.24.64.48
+b.nic.etisalat.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:48
+c.nic.etisalat.		172800	IN	A	212.18.248.48
+c.nic.etisalat.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:48
+d.nic.etisalat.		172800	IN	A	212.18.249.48
+d.nic.etisalat.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:48
+eu.			172800	IN	NS	w.dns.eu.
+eu.			172800	IN	NS	x.dns.eu.
+eu.			172800	IN	NS	y.dns.eu.
+eu.			172800	IN	NS	be.dns.eu.
+eu.			172800	IN	NS	si.dns.eu.
+eu.			86400	IN	DS	35926 8 2 89B9EF0445904E7C6074B5BECE823C3E264FBD91C103D10BDE603412343CE70C
+eu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JfSSEDKhzIC06ZQ0EB6uh7O/WzVyOu3IscokmFOmdVYyTr/M8isVf00A2FgyXmRJR9wBogoLpBGywa2Vam2mSf9AVMZvCHf9WIFJ33UyYKyYvXelWDxZdtTbB1sU88hx6t5vipcDgOQ9w3oo7PGvQ/uDtmuNNlmAXqlMPY1L8AgQPZcqrNfKicPpKQq9EWZHE0n/6P9EifMWLjItIlTKLMHPq9Btig1FFkxMVHoy6njDt7tbIt07gNidRuBeeZtDfOON6dqcKHGXIkIj5dMEykGQJcvBh9AoByuHvZOaAX4OhHQkCdsiDtRCqHl+yMPfg4IY+iYfB3h283EBzU70zg==
+eu.			86400	IN	NSEC	eurovision. NS DS RRSIG NSEC
+eu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AqzXjCgeNw+kPotE3mQmaavo2+L9uw4CVBjMa2Fl2dE41SnV/3HZq85e2OUanZVQAzmWy2NO4fU/ffNow8RyccSUHiCzXATGauO1QQpBdLfh0EYOJ4XCRR8TJBdKNBYwJvPVH6CGXJekibm4Et5BXzIolLUcjBrnt/2CW0ytmXLJh3237/BG0d+7zHZMzz9tfL3GkSgiYyoipMBLyIRNqOzAetbaWSs4/6hZlFpDX+lBQgeaavi2twTCQI/+vSjlu2xETgsqGhIAtlGWegfyq84En/TFy14YTlfXVe9Qr/AeFdg13SgQtgmrmuQAFwj9gbl5rc8sSZ52nrSO0ThCEQ==
+be.dns.eu.		172800	IN	A	149.38.1.26
+be.dns.eu.		172800	IN	AAAA	2001:978:2:1:0:0:93:2
+si.dns.eu.		172800	IN	A	193.2.221.62
+si.dns.eu.		172800	IN	AAAA	2001:1470:8000:100:0:0:0:62
+w.dns.eu.		172800	IN	A	194.0.25.28
+w.dns.eu.		172800	IN	AAAA	2001:678:20:0:0:0:0:28
+x.dns.eu.		172800	IN	A	185.151.141.1
+x.dns.eu.		172800	IN	AAAA	2a02:568:fe00:0:0:0:0:6575
+y.dns.eu.		172800	IN	A	194.146.106.90
+y.dns.eu.		172800	IN	AAAA	2001:67c:1010:23:0:0:0:53
+eurovision.		172800	IN	NS	anycast9.irondns.net.
+eurovision.		172800	IN	NS	anycast10.irondns.net.
+eurovision.		172800	IN	NS	anycast23.irondns.net.
+eurovision.		172800	IN	NS	anycast24.irondns.net.
+eurovision.		86400	IN	DS	52357 10 2 FC1CA626451621109D8314D5BBBB3DA8C607E36FB0C5493BD6F237762C2C7BAC
+eurovision.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aX2wG4Hm2wgNpYTNBjT46yMQUc/gXMb/CgYAH5v1xNQQLd6jlOGftoSHQTg0RaXf6Ldwk/TAYULdEQz9clxFm6l/diwm8AqNM9MrUCcYIA5T8kSnCHz47iaTvnSAlbVlxv4ISdHYXHsFTCgeQbJm/mKatJ9e5RDwG8la7uzrsayzmn3Fpx0zKTr3h/mmU2B0gPp7kB0IQyENm2XmvEhRoLfnHg1hcIfEGD21YQzf62DfuauxCR+VbgDOPPct8uRV84s7d3jE7JC436qjWn0a0djS6f80d0YAOgIcGgyqnpN82KYdQ5GfPgvwmhl6iaF2Tj2QQfWuBH8YL3l+odAbuQ==
+eurovision.		86400	IN	NSEC	eus. NS DS RRSIG NSEC
+eurovision.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JbPd+bFUfLyof9zVrzlMmMkAYmX0WmsIja954xDP0U2lQUrUqMI95DNxmrlU/RL3di6oHBqXnju1DBoXL+YkN7uae6aHpN0t0KzngyyKEL9/Yu9qs6rJqgm7Gly6EIjzGog8xyXvuy+ewn1ldFMw/uiX2EbwJev4dsJvWRKUf4DtHQKo+hr6Fku3NfiBT1hLSjB+O0TTLGk7U3OjnQEO04oZ27G2vnY6dvOaIgoZc42Ppp7oLK8DGuF+eC6S5HPszxHdXjsD2sOwQTz/CZElr6UZpjo5YbNyzbkkhFX9JVOIH2Ik4XQvYwrL8rQuxLYqyL4+tuPHkhtyXgdhxmdDqw==
+eus.			172800	IN	NS	anycast9.irondns.net.
+eus.			172800	IN	NS	anycast10.irondns.net.
+eus.			172800	IN	NS	anycast23.irondns.net.
+eus.			172800	IN	NS	anycast24.irondns.net.
+eus.			86400	IN	DS	37627 10 2 04415714A6DF5F737093919D47FDA7FE0745D4A0AE9DFD4E8652D51D49BAC4DB
+eus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cPKI3VZadpJN2L/5kqZm+np7QNshvV5uxcwFNR+6MCY9RPZcnsv3Bz7e+2RcjQd4whuw54NAlt44alv/NLZMigKXzYEJyQB6OQBgD+l24dm2npXtvxT1wK3dA3HbYB27oBy+k33lwXSuYbDLIHoZ/v5yd6Mz3jsrvH+SaR4y8Hp+ByI/o5JpChXup2x2k7VPRh4iNORvCqjkpYjCVT//27bInNa2wRkG63JhXv1Jw9i8TLTmLgfeJA4NzD7pjjNvjqAgBoSBHqMseX1Lgmc6G7f/hpYrEQkGKpKuVR/5YvaX4PcsxWofdiruWuf9xe9LSBX15IifiWwCKBbXQEu4aw==
+eus.			86400	IN	NSEC	events. NS DS RRSIG NSEC
+eus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NCjdgmCabkpA7S89G7e6/R2JAdt5VJkL/LHvJIZFsygQmHPbixeWyiyJAmCQQGSvMIwnRdXA+uHT3nQoBLHxWjScF/9FvkZWHCb96ZNzEQ+7gHzLXgqYvCNu1V8ehc06tBPk07ZEwBKEasYRZUCAjJU35Dl0FyEUR/RY9rJ7DU8rAJIoNft1KHht6QHrP3EmTgOVS9T+gs/u1pARYBPW0xYI1Dah4iTAQ3tBzXZCHDsMLktH+mzGHU/m0qPAy97pOLWvNHMXvu4UmvVvkICnBCNL0Mz92Jc0oymn+/usPxKeqMCgO22h0QdTSPlWWkT0NP5S0hZX+9MjB3D2/4u93g==
+events.			172800	IN	NS	v0n0.nic.events.
+events.			172800	IN	NS	v0n1.nic.events.
+events.			172800	IN	NS	v0n2.nic.events.
+events.			172800	IN	NS	v0n3.nic.events.
+events.			172800	IN	NS	v2n0.nic.events.
+events.			172800	IN	NS	v2n1.nic.events.
+events.			86400	IN	DS	12487 8 2 51D1AB269AC995942F3AAA4BCCF1C7B47B625892D8F7AC24DC74ED305DF0D2C0
+events.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dApcTwU8pzu1o10jV8T6Br0nULLl8daMHe1L2h4MMbkSFi8TsZW/A+2L/US2BtSJpMNihiSD7366yVitZWFUh7a/buRb04qWqOFNa2hbZiR3MaTnL6llGfrKYV3C7fAnI8fqMEeEOxCfFxdn8w4m022k5qwM3XerrKDrcFHWloANMW0ckyVNKlf9Zcb4TYCsbjYJAW8awuMHHqEn68Lcztd6z+EibZE49IlDaSc4vGjmU8NQQrLUcxZp4M2Y2meyFSFVr1vqetjBQ46WlNyMFraTOV+Wk4DkK4AubWel1DlsusX+HRH6RKadHqMfX15VSLM1BfLlCGhpnrmRTxqjmQ==
+events.			86400	IN	NSEC	exchange. NS DS RRSIG NSEC
+events.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EHKGmW2ekscFWqiuapTwzKKeILMMU47+sApgxLB9oycQdKsSbKwE66tcTYOOp1KfPg+FtCiF1mOUIYNk/At0KbRZFGhz/6bmigoSHg4f4C7mAgS+1imknjAHXN1hFrNCA/f1BX1fpQiIC1vqYYclpvCTijeVvnPocV5ZeB+0zstmTsGPD+OyaKySpxDJROADLQimDb3YAZwKpfn9pUkKQxU/5Awil+cSaxj6fFCMjNLH8HNCBocQFsj1Nlg2iL48f/H3NdBF+bbyhInwnVxYQpzP5umiDnmwmmsREuaJ+6lY6dHllSBoP7PqcHcMKihYmM0e0+EoQ6giUfgmcwxvYA==
+v0n0.nic.events.	172800	IN	A	65.22.32.6
+v0n0.nic.events.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:6
+v0n1.nic.events.	172800	IN	A	65.22.33.6
+v0n1.nic.events.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:6
+v0n2.nic.events.	172800	IN	A	65.22.34.6
+v0n2.nic.events.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:6
+v0n3.nic.events.	172800	IN	A	161.232.16.6
+v0n3.nic.events.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:6
+v2n0.nic.events.	172800	IN	A	65.22.35.6
+v2n0.nic.events.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:6
+v2n1.nic.events.	172800	IN	A	161.232.17.6
+v2n1.nic.events.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:6
+exchange.		172800	IN	NS	v0n0.nic.exchange.
+exchange.		172800	IN	NS	v0n1.nic.exchange.
+exchange.		172800	IN	NS	v0n2.nic.exchange.
+exchange.		172800	IN	NS	v0n3.nic.exchange.
+exchange.		172800	IN	NS	v2n0.nic.exchange.
+exchange.		172800	IN	NS	v2n1.nic.exchange.
+exchange.		86400	IN	DS	46084 8 2 7AF19D7F0DA9372DC3CE58871F2A06EFEBDB7D44248EF60A7B0CA5A595192B4C
+exchange.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lS4dYZ/43+PwcmJGjjF2xkxJ/H3WavuvmUa+r+EHylYyMRPQgzk7Wcr/xJk3ZuOPfGbuncY3QC6wuc4uADLzoLUO67zDNlW5SBWUNa0ICZAYAm52hssPw2lkFj6jcxHEsymW4imoCiAmcI3TWH27Gi5LnaGZhOvhNH8QZ9XVF/fDK4APP3tMcnijUzo2HNK5stYnCHssmcIJCzVBC4KGmF0iMuyKFgFqsHRlwLJkI7QTS9N1g2IfK5/OnoFIO9DDWTkcmVArbpwkpbmo1xeVdMueclPma11R+Yp7Rp9qqHU6YuG0tEcebiNC5ESCmBLWpQv1DjfsNTRipyFf3NTonQ==
+exchange.		86400	IN	NSEC	expert. NS DS RRSIG NSEC
+exchange.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wPhFiNmSEi0tp7RZbCGa3DSL03XyPD/uy2NifL3XHnoWdSX+D51hKIN7b5KzpAUoBk3ram/eH7DFHR3sEw+xOFB8sfCHdyWxKN9IK+YS161myOdTL7JdtehhwZHlpJoGrivCPAnmJdUIuYzfHg/HQzILy0i1XIWcHB89uDUwZCxgpw+WcA04UrJkWigJXmo3f9S6EyoD59WFuwKdCuny+IUW5sADoIfSK0ubaioLdiNHzh7wUQ9uge5HM1Mr3A51ibuTimc2AWfs0Xr1ibzG1y9KOZcEnOuNKj2EnZar/0BR9E7Wgysv03tBNeGqy/SZl2Vi8wTSzUDYgtObqcAjXw==
+v0n0.nic.exchange.	172800	IN	A	65.22.28.14
+v0n0.nic.exchange.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:14
+v0n1.nic.exchange.	172800	IN	A	65.22.29.14
+v0n1.nic.exchange.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:14
+v0n2.nic.exchange.	172800	IN	A	65.22.30.14
+v0n2.nic.exchange.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:14
+v0n3.nic.exchange.	172800	IN	A	161.232.14.14
+v0n3.nic.exchange.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:14
+v2n0.nic.exchange.	172800	IN	A	65.22.31.14
+v2n0.nic.exchange.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:14
+v2n1.nic.exchange.	172800	IN	A	161.232.15.14
+v2n1.nic.exchange.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:14
+expert.			172800	IN	NS	v0n0.nic.expert.
+expert.			172800	IN	NS	v0n1.nic.expert.
+expert.			172800	IN	NS	v0n2.nic.expert.
+expert.			172800	IN	NS	v0n3.nic.expert.
+expert.			172800	IN	NS	v2n0.nic.expert.
+expert.			172800	IN	NS	v2n1.nic.expert.
+expert.			86400	IN	DS	35986 8 2 8BB05A08616E1D432C7118D31FCA1C48E3CFAA536DC81FAC428EB3A4D695153C
+expert.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AriL8r0SiOAGffaCNnc3Lrg/fKLdSsi2upV8MpGdVPsKcaWBcPOxJJbl9LKkJbq8gst9uIi1zl1iBxRCZsfWajnbgWEUpFWiJt1rMAbaIW4Jx4laZ5A0759oT8VavUvGEKKhFrDe35E/gTBYmrVJQQVeuI2Jih5vSE8nqkzYVbWIVBvpfAt7UFEkNyBkhkgLfsTHqBGFALxo/5RCWOl1JPVt9yWkqPAOGEB5r2D/A8Tk+gm/zIID0vB29CEY/sldjoy82kKeEvHU4+qV5iaY4Aolcu/pAtsxHRztPfAkW9AMASx/FiPaa64+yTAjT0OKrvTNNS5yBl1WdCGNCoQ1ug==
+expert.			86400	IN	NSEC	exposed. NS DS RRSIG NSEC
+expert.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oUlO50yinVmMmUo0MxsmBh0i/FaqaSvlZ1PH6yZHOldBKh47h+PQvhce1wTDSf5MWQHvzMPEDdSA2ITz5pX4Lrz/zR8deo5ZA9VIhKVJdneZOILIqN/LGDIlxJUEAHWpAzx7hcgC9MtKXg/5GVMyS/WvJiki3Xd0BpZ6LloyNIxeHokXPpPY+6AyBUcg1XOcui5CYx4ha9NZgkVM/s0Y+Zr89xIOHPLMiQx+F1LS46gXt+86Q+lmU4ZCbbehObzCxJQ2fKA5HpKnWFqFbp+MgWOePie+652QcM53teasfX7lXtfUlQ9QcrHgZgpCBLFU6oar/sh3XZrcAlkj5x06TA==
+v0n0.nic.expert.	172800	IN	A	65.22.32.4
+v0n0.nic.expert.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:4
+v0n1.nic.expert.	172800	IN	A	65.22.33.4
+v0n1.nic.expert.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:4
+v0n2.nic.expert.	172800	IN	A	65.22.34.4
+v0n2.nic.expert.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:4
+v0n3.nic.expert.	172800	IN	A	161.232.16.4
+v0n3.nic.expert.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:4
+v2n0.nic.expert.	172800	IN	A	65.22.35.4
+v2n0.nic.expert.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:4
+v2n1.nic.expert.	172800	IN	A	161.232.17.4
+v2n1.nic.expert.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:4
+exposed.		172800	IN	NS	v0n0.nic.exposed.
+exposed.		172800	IN	NS	v0n1.nic.exposed.
+exposed.		172800	IN	NS	v0n2.nic.exposed.
+exposed.		172800	IN	NS	v0n3.nic.exposed.
+exposed.		172800	IN	NS	v2n0.nic.exposed.
+exposed.		172800	IN	NS	v2n1.nic.exposed.
+exposed.		86400	IN	DS	43324 8 2 06DB817955E79F54D71E1D818B4F4C7EDBBAFF2AC602DB75FA95E5B4C9DBCE6C
+exposed.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0QEH8gfD0Rx9LSl1NHnLhxjLOEVx7WWKqQhNUbT/gtbK2ivxataljNvuotzVAdXlFJxDJtlwsTLzmVX5SXFhxiaKwrZfNlnNRiV9Zs6QZUzPhxeec0b+O6KB+0Id+BkIGnUyj+6OHQcnCg/Hlv+rx65HOncegdtNkusYuNcOHosiyesfeJX/nR1+1H9gJ7iIstM+kWv6+GQADV4TrBZbo2nA+71oi+yJZrpzO7ADX4fpbL+awFWSC7N/AYrO1VxZT0w/k/YlKqDv4TsrSabFG1aGtMuIO2rfXhshseSPomxjJx4ynljalp1HhYOii8CqkFp8wM1McDbtj5mZ00Tpvg==
+exposed.		86400	IN	NSEC	express. NS DS RRSIG NSEC
+exposed.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0a+2StrOqFwVfGyoyyCQj2xR/gSH25i6IlJKc7rWavdda9g1x8QYvO6CLDGFpFhYss4ZLZnrB0srsexorjA3H/zktl/uhNSy7FNw3GD+o1k/kfKkFVQ5W68bxjXqU39LpfgSFXloeF+UhX70SEeS/c8cAtRkK7guvQIdGfdO5Yf1Vc7izFfq8S4btwWEtLTlN9Ysfc3C6HjAEXBcKTRm5++NtH7gk1SfEJgIqcNgOr7oMr2Q3yPAGoHquIujpp7nEle8bUj96Ve0DEHad7GkVSQ1ammHD8zZ6A98/IkN7xDueuiSn4ikweH7fa/YeT2T1DggtmIXvKMSgZUJNxVW+A==
+v0n0.nic.exposed.	172800	IN	A	65.22.24.58
+v0n0.nic.exposed.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:58
+v0n1.nic.exposed.	172800	IN	A	65.22.25.58
+v0n1.nic.exposed.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:58
+v0n2.nic.exposed.	172800	IN	A	65.22.26.58
+v0n2.nic.exposed.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:58
+v0n3.nic.exposed.	172800	IN	A	161.232.12.58
+v0n3.nic.exposed.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:58
+v2n0.nic.exposed.	172800	IN	A	65.22.27.58
+v2n0.nic.exposed.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:58
+v2n1.nic.exposed.	172800	IN	A	161.232.13.58
+v2n1.nic.exposed.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:58
+express.		172800	IN	NS	v0n0.nic.express.
+express.		172800	IN	NS	v0n1.nic.express.
+express.		172800	IN	NS	v0n2.nic.express.
+express.		172800	IN	NS	v0n3.nic.express.
+express.		172800	IN	NS	v2n0.nic.express.
+express.		172800	IN	NS	v2n1.nic.express.
+express.		86400	IN	DS	63130 8 2 57D56C05AE39F31076A67FA9D97368908461D311DBD01F32174979A6E75921DA
+express.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1gnTU4Ga3FmNLOFkOwPPvKOR7gLV0hsvZo5IDSpWmbHzJ5QQuBghwSu7qaB2MY6RE7fKSU0DNeLlaEeahbaJgllVcgBei+U7nZdniZKyeilSIn0pBGf0nk2bMISPU1An2LfbiswInU5n+t1zBUCMqRFCY9btmZUqCLSwLGxssmVG+3ZJJBKCm2ZZhbwwXhpJtNtlfm5BGdHSituQgrgrUkAKB5ZZDs8ESNopSXHx/ROW++TUDQmCh51RJ8qsQzTZe+SDJ4DlFH3JJ9BTXgkkThEDN+Csah1a9grXgQM9at5SueglL7o2mN5irNWFEISz+8qJ0q5vQRV99lrsnpAKOw==
+express.		86400	IN	NSEC	extraspace. NS DS RRSIG NSEC
+express.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vPVLIwv7q4rVOc86iX3XZnoGu14g+5a95sflEFbYZyRM7bOEnplbCdhtHfMu4i3DEQqL4PGsLdRLpB7fPJ8zr1R+yim4GlUTzyr2UGjdkfv8LcMcsS7iq6oY7ADwr4/WMm3NMczlB3doK4cR0PSTFNQZCNrofwDCdfjyFOhd3qEEwEm9HS4QPsmj+eIfK1t5EFxoWsZw5gk/wQJwbZsNNZ0J8vnvmTgMlu+ZCavyZmUrXgm0g5r5BN4Y7evieL7oTCSE4nWwQXOsL58IGDccZdA3QbKks6lOy0AAHpLwiMVVJrDnjzskWXckXHExN39Lt9sGIQUoTrltEwvtmdgXPw==
+v0n0.nic.express.	172800	IN	A	65.22.32.16
+v0n0.nic.express.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:16
+v0n1.nic.express.	172800	IN	A	65.22.33.16
+v0n1.nic.express.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:16
+v0n2.nic.express.	172800	IN	A	65.22.34.16
+v0n2.nic.express.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:16
+v0n3.nic.express.	172800	IN	A	161.232.16.16
+v0n3.nic.express.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:16
+v2n0.nic.express.	172800	IN	A	65.22.35.16
+v2n0.nic.express.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:16
+v2n1.nic.express.	172800	IN	A	161.232.17.16
+v2n1.nic.express.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:16
+extraspace.		172800	IN	NS	a0.nic.extraspace.
+extraspace.		172800	IN	NS	a2.nic.extraspace.
+extraspace.		172800	IN	NS	b0.nic.extraspace.
+extraspace.		172800	IN	NS	c0.nic.extraspace.
+extraspace.		86400	IN	DS	64657 8 2 9697A3469E8E24F5B49FECC0D2F2573CB96D106F26781583E705111BEFD15571
+extraspace.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . s+LQpQh6iDyLgSoHZVC6ZNiT9RGc0vz2IO861KOn7h994iuKZrc66mWSgA/LQfSU3BPofm7me8s2Z7LT68H5QoXPzjspUWHv6chwrfTpk+txLcYYXofWsUD1q88dLYAz5PkaQGJxBjgXIcC9u4KWDMCSowwRvm27tk3lq1Gk//aILIZ3JWWooC+W89R6u6+dFRnFyizD86zD9vwWzDTNSTrXRFDfMgRwVO8yi0vGVs7oZiD+BkUTkQRUfe9ejsF69P1yregDJBfwktv7Yd6GuUSQFIvwJG2To+JdaK4RvfTzX1C+ECpr8qIqy45jRM2CjFeHa760X5abA3XuNGtISA==
+extraspace.		86400	IN	NSEC	fage. NS DS RRSIG NSEC
+extraspace.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . E6hVbqXX9P37DHfPCsamwDUDlLByl/KgA+AN4gSRTXu3tAoLXd0Pq0ur0uHqC0/iwxN0IkSZTMvey+fzEj/etWrTrunIWn5t4wNUdERq2deyRwn5Rs11oMooSN0HnSioUtvjWKm919T9GRT+68mjjKRYkqdKHQXowYqDUzKZnHigOyZr1mvmr1AopfJABaoyU5JVZaY34awj1W/Gn4T2LZHP8YMUyWsX6Pw8iDW5gb62mgrmjvMWZpkW7w68IwnN6jtUmHIS2oblpNE3HY6F8/2eDW/EOViHmSrTYib3bOD4ZjMQb1+B0P0R+EgrWt/jjPZzyfmZ/peVmARkBRktEQ==
+a0.nic.extraspace.	172800	IN	A	65.22.116.1
+a0.nic.extraspace.	172800	IN	AAAA	2a01:8840:72:0:0:0:0:1
+a2.nic.extraspace.	172800	IN	A	65.22.119.1
+a2.nic.extraspace.	172800	IN	AAAA	2a01:8840:75:0:0:0:0:1
+b0.nic.extraspace.	172800	IN	A	65.22.117.1
+b0.nic.extraspace.	172800	IN	AAAA	2a01:8840:73:0:0:0:0:1
+c0.nic.extraspace.	172800	IN	A	65.22.118.1
+c0.nic.extraspace.	172800	IN	AAAA	2a01:8840:74:0:0:0:0:1
+fage.			172800	IN	NS	a0.nic.fage.
+fage.			172800	IN	NS	a2.nic.fage.
+fage.			172800	IN	NS	b0.nic.fage.
+fage.			172800	IN	NS	c0.nic.fage.
+fage.			86400	IN	DS	17296 8 2 73F0339F6D64BE40A263E66BF730B0EF53A4372978561E0CC8F3CB754DF443FE
+fage.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . c2/FlQTvdLCpbI538oOzofJRbfd5jvkI053OMWiINVfC+qLvNfC3puxmrPamgAmwupnkeaU8pNedwVDF9tBTIVNtJ/PwK3AwCMixbQ9B0z8pRtxUibiJGCmbswQ4uWnzdph5W+SsWWaWmprfwNR7oTzDgmavU+4xxQsmZEg2NQq+vEvEVMcgDnWJGossy+jwCFsr0gmEvIR9WRVy7cnX+MBTRoUktCLt32BnA7sFmtVgOWBUhV7F0cZBx/B9v7X9K8KMot0lHt0hbMu/WjuhZhrKIhj9mbZQboA8iyCTSYJPt/Vtx3ZXRpKZUkllU2jn5EkVUppkms5WQxQ/lwSxrA==
+fage.			86400	IN	NSEC	fail. NS DS RRSIG NSEC
+fage.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aH+vpQShAe0aRyBv/v0oQIiCVrFZ3YTiyC3sm9ZES9Br/9EUOr8Z31qqEkkammBV29fsArHhhQOVcXKq1oe61R0pfa0IsNctw5fGa5ruvJTPejmkL89OitTg93y2r+I6bQlS9UHh2MPc8+Gn61cKYqAtqJLV2WXxuZ0Tf6clfhqcdjznjCCgL/ybhkELwrluWeqVp3t+c6j3S7eDiigGgtuk+wfRC3W4Vnum7U9hlsH8QN2HM3Di6/Jojl6cqTCt6EfADbEmtVfo5nmHaiJsetPa5I88U7j2m0PpqFH8nsr65o76YGL2+7QX0fe67623Ut7zSMOKEHqTKce2/OjkCA==
+a0.nic.fage.		172800	IN	A	65.22.156.33
+a0.nic.fage.		172800	IN	AAAA	2a01:8840:9a:0:0:0:0:33
+a2.nic.fage.		172800	IN	A	65.22.159.33
+a2.nic.fage.		172800	IN	AAAA	2a01:8840:9d:0:0:0:0:33
+b0.nic.fage.		172800	IN	A	65.22.157.33
+b0.nic.fage.		172800	IN	AAAA	2a01:8840:9b:0:0:0:0:33
+c0.nic.fage.		172800	IN	A	65.22.158.33
+c0.nic.fage.		172800	IN	AAAA	2a01:8840:9c:0:0:0:0:33
+fail.			172800	IN	NS	v0n0.nic.fail.
+fail.			172800	IN	NS	v0n1.nic.fail.
+fail.			172800	IN	NS	v0n2.nic.fail.
+fail.			172800	IN	NS	v0n3.nic.fail.
+fail.			172800	IN	NS	v2n0.nic.fail.
+fail.			172800	IN	NS	v2n1.nic.fail.
+fail.			86400	IN	DS	55696 8 2 23599FACBCF180CA8A276A70E5E407236CBFCC5C9B27CE00972CB83F99803577
+fail.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oDanZFV9aWac1Puimq1GWXxLuHSIVWSnlEv/SdORcJTiGfDvng5ixwLCT/OOC4BX+eQr6XsajFBGVILoewNP+yIFEdRtDYH+KG92ZGDwVBu02S/3OrA6iCcYJ3OCmxxpyvS/n8g5GZWmJM7pz9OGTBQAOsBSlWJ8hj+JDUT8WgmqoVvDO9TBPGQJgCECFRbMiRRqfbd3Epd+xXzTIPtp1QZYYpTwENXNCtRCl/qxyrQFstnW24UnGTU0M2yM2fVEEHM3o+6Vm25aJB0fHR8+oZew/N8Lb9DRykIbswRVlkYEEic8N02Kha+dsx6WUx1uzS1xcu4bYoBY+XzZRQ6M/Q==
+fail.			86400	IN	NSEC	fairwinds. NS DS RRSIG NSEC
+fail.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ENsotzJkF4YRmk0FZDImrb0kt7kLOVCmctqlrqx3kdaytCb0+UKY1EG/xly/QX/GGHfd+0UEljKTicwoOaji9PEz1rit1u5dXl5XP/V6YbqkyXSiSCIGqg6eem2cHcJsmd/EPaijxzRAjVnpwfVMGAz8qau6NaKt4yhDlF9hmqymS8zC504+dLRHFYVlyyp1153iDZouNSM9XIkmj5XJ/8aueAXsbw2SgfTUgz9J9WIw7yFI3TtObBGXtGfyIG93YCDtLqdE6gOJ6C6trUw4/LhCcx9tlspkyLPCNUuoZKicjVuZ4msThON8yLfN45yFi33yqRPMYuW1TwckqdTZ5A==
+v0n0.nic.fail.		172800	IN	A	65.22.20.56
+v0n0.nic.fail.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:56
+v0n1.nic.fail.		172800	IN	A	65.22.21.56
+v0n1.nic.fail.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:56
+v0n2.nic.fail.		172800	IN	A	65.22.22.56
+v0n2.nic.fail.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:56
+v0n3.nic.fail.		172800	IN	A	161.232.10.56
+v0n3.nic.fail.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:56
+v2n0.nic.fail.		172800	IN	A	65.22.23.56
+v2n0.nic.fail.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:56
+v2n1.nic.fail.		172800	IN	A	161.232.11.56
+v2n1.nic.fail.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:56
+fairwinds.		172800	IN	NS	ac1.nstld.com.
+fairwinds.		172800	IN	NS	ac2.nstld.com.
+fairwinds.		172800	IN	NS	ac3.nstld.com.
+fairwinds.		172800	IN	NS	ac4.nstld.com.
+fairwinds.		86400	IN	DS	8913 8 2 4B1C638C7FC58D11BF54B976CE4FBA1CDB935F993F6B50194093B2479BFF8504
+fairwinds.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vlFjo+HYO5wJzUI2v2mvFyAMVamDEfMp59tY/odppWMess6eIgE60Bmdv8bLBw5okznW16JLDprRCIY10rLtMsVzwGcT41gjIjRodTJiUL6pJa5Ya5vcSF8O47CkeTEI8QHFT4C7srhaJ/9IrkqaQ+ZfowTOgpDjkakMf09m5F4T+RVSerih5PcMVYhk9eueNyHPNacOQJBF3ihBqJ3V1V8MLy/1habzSi7AVR5bnMzZgqhf6wi54YcrgcYmyE4gnVJLlmNQZojNdJXATYVHtTi54eG4InYqJg8dhjU0J/gaR+w+EUz4B0fxlHbiDlmTojlIdcmgNczooAatlbQcHQ==
+fairwinds.		86400	IN	NSEC	faith. NS DS RRSIG NSEC
+fairwinds.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VBk6z9RzzN7F5P//hJYsLEWslgxAHqjTJ3AekZ8d9K+CzaCG0TKwUzQrg9vfUUvrYLtejNh0kkM15cy7vgOAVlw7a5nMWO5WlaygxQAMhT0OiM18Ur6UwPpyfDiTst/g14PvFjB11EXXCBHpFI1uAkE0mP4ZkmkFj1kg7qRmmtYKTz5WbiUC4IQY/z/0S7QAlb60KLY6rfh/koVpPTFvGc+4XhN9nuGzhqRUxFCXKrwwqXVxU+QrxL9VstLl2Lp8OIJXvaZOZ0f2Ke1ojR8wcOIgIEzNPlpAZNpC8KfaKH9giKUZ0UvH+HFMd9a3FPxoB5RQB48QuAI0OTaZ95JnYg==
+faith.			172800	IN	NS	a.nic.faith.
+faith.			172800	IN	NS	b.nic.faith.
+faith.			172800	IN	NS	c.nic.faith.
+faith.			172800	IN	NS	ns1.dns.nic.faith.
+faith.			172800	IN	NS	ns2.dns.nic.faith.
+faith.			172800	IN	NS	ns3.dns.nic.faith.
+faith.			86400	IN	DS	24400 8 2 272E92A109875AEBBA7CA98AC8B593C6A27059F58EA75D4B741A3452A63C97F4
+faith.			86400	IN	DS	54856 8 2 4018987B2E2691D14BD31C3BD7F9E286326452D485EFA1FE6330C64F35A32005
+faith.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FfLwSfkoFhCg0qhLPH/1ivuYl/R48FBE2UXKTzlAuKQ1AAskRkqz6vjjFbQlUIxzVeDksgbL8ZXnNqNSwwhjOWDCYxJhtTGeA9yDzvVWFNKcCAZ6LoIYXwsy0O3CUTSBzYd3B2oVKHR3hY280wtYfl7BCjmpjx1pOa9kwxkYwZtGdEryzHwgYAGEAQlg9oegJxSA89W0ZaY8disysazCWtA8VclblsY4CIL16+ylNIi9x17/Keou1mzMNQuACv21ploadb7KW1xuUorNGXcmSnnt+Vmvk05e4lSCn4A1i0SQp3oKCQRQ8X3jqQhBBpMwrtOCv6O8LfdyZMUUjitpmA==
+faith.			86400	IN	NSEC	family. NS DS RRSIG NSEC
+faith.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZnPmqvRjzVR5TR42x+Pho+0dHaGhgedt37dccKjRLPRb/YIaqkCLws9mr4bkDBMbxu1v8ej/sp18l++NKz2fuWyYt6MP02IJ+JlegffdgEsecQvUpif7kNO4otUVnCNOBDCmiBuGsuBxeIn5hvFHUfa9oG6ApWEyw3YZlXkhtJMzv0gGJ9bMoVhoVwDqvJFh95BADof1DrtrT6jweL6JESl1YkiBJ3iJz/OPBvOuABs2XXeOc9lYUQHVuXWU4be/VtoMhG4dQcICky8mRt7VFGxgKbNub9MMe1Unn3cd2g9ni+3ht3BbOTPILR71qrSoXBvrvLqMOCwhTgyKWEvH1Q==
+a.nic.faith.		172800	IN	A	37.209.192.10
+a.nic.faith.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.faith.		172800	IN	A	37.209.194.10
+b.nic.faith.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.faith.		172800	IN	A	37.209.196.10
+c.nic.faith.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.faith.	172800	IN	A	156.154.144.54
+ns1.dns.nic.faith.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:36
+ns2.dns.nic.faith.	172800	IN	A	156.154.145.54
+ns2.dns.nic.faith.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:36
+ns3.dns.nic.faith.	172800	IN	A	156.154.159.54
+ns3.dns.nic.faith.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:36
+family.			172800	IN	NS	v0n0.nic.family.
+family.			172800	IN	NS	v0n1.nic.family.
+family.			172800	IN	NS	v0n2.nic.family.
+family.			172800	IN	NS	v0n3.nic.family.
+family.			172800	IN	NS	v2n0.nic.family.
+family.			172800	IN	NS	v2n1.nic.family.
+family.			86400	IN	DS	30022 8 2 2AF2DB00CDBDF65666C9AFB59F4DC21CF8B8DC5B050A34FC594B1CBE6C858584
+family.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bfHJm+w1v9DIvE5ppXpMuqal9j9j8+WmnwFSRWE8KJH57IHTa54msiJcRJl7fO9wK84SqFfkWfR8rTToOgFaOmKE2++ssD9GlPsZ/oZAxPCv4AD7xjN18jNK3LuRo/PDD/tIT/EKCNLGmgCGI/1wK+Nts3G6Q6UCBYHekZiPot0M3AszDVE6/4IloGyAdX5Y+0WmcqjyAXEb030JDxHUVrgWlNw8F8njlbMDYkXPj3JAIDRLiU37DsNFI6VS13w1VnR69LITiqXuLVesucRQPtFC97LBGaawp6250jJlr7ymNZuOmln5qxoorzTZmPyHh5dE1xsIDoKH6EbYWZNWmQ==
+family.			86400	IN	NSEC	fan. NS DS RRSIG NSEC
+family.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m+wMO+j04KpJ5iYrcloDzuN+6tXy5l00MXoLm7RAcQ7e78epZU3nWl89L876DXs5j+JQCcYa6S9ADNFuA+m46Qc+Lcjq46omJUY4JuEZFGMTT08Pkkbyh4HDwQWhlfLz9XpTZ7EyM/dBBaPgq7c3RTwM7lot9sFreDB67rJ93MORv/zE26QsVHye1HDeZkbcZevPuxKrSTcTVz3gt0Kg3xbkgNwjogMjo1D/zhUeO5VJI5dEwEvGqXGf7x8EiiYu1bmx2RciEh20uKnZOzMVWw+z3XkLfdUdHKehATEMh59uyIk6CZ0CdwoGqF53659bd5V5sJjI8wiuhEg1m/XyJA==
+v0n0.nic.family.	172800	IN	A	65.22.28.39
+v0n0.nic.family.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:39
+v0n1.nic.family.	172800	IN	A	65.22.29.39
+v0n1.nic.family.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:39
+v0n2.nic.family.	172800	IN	A	65.22.30.39
+v0n2.nic.family.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:39
+v0n3.nic.family.	172800	IN	A	161.232.14.39
+v0n3.nic.family.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:39
+v2n0.nic.family.	172800	IN	A	65.22.31.39
+v2n0.nic.family.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:39
+v2n1.nic.family.	172800	IN	A	161.232.15.39
+v2n1.nic.family.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:39
+fan.			172800	IN	NS	v0n0.nic.fan.
+fan.			172800	IN	NS	v0n1.nic.fan.
+fan.			172800	IN	NS	v0n2.nic.fan.
+fan.			172800	IN	NS	v0n3.nic.fan.
+fan.			172800	IN	NS	v2n0.nic.fan.
+fan.			172800	IN	NS	v2n1.nic.fan.
+fan.			86400	IN	DS	57907 8 2 0877BCB676B4B8470A843B7A72560351ADEF09C067AC1445CAC5579DA6ACC11D
+fan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . h9cQ9juVtRzHBecmMRFmwc8N6xB36i3YtBpNmMj/hcxOgpXb22XNDokrQqDq6GBe9vqQoe6u9oqiPS2zK/MJEp67e/9fWl6ai1qQP2kaVp0sHmWPO/Czpt1dVek6+3uAfJ/RoYN9vHhqvxVM+y5kd7r1RWCR6p6v0MYnpG9HhObhlYyGkziIkGN308BKic7HGmTOaTUK/Z+GFB3Ein5htsudw9BOm9VdnzmCExw4CRL37FsJUk8KcnsOg4XjWb4hnzBurHgWPVdCItkQfJ/Ll1neN//9kFRa+1eVqmWUyJqTS2T8xMW+ItTf++AQyyITXsfiauYMxcqbh8SvX2xHTQ==
+fan.			86400	IN	NSEC	fans. NS DS RRSIG NSEC
+fan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vIxtRbu3GGHp6T3hD+7tlAoipPOVoi0IBlpN2fqb2RKICXFmsaZQyzH6fQvoTvaEuRB0iPc9nV0pUPszZUcnYP33Owx5qYzVIYhG5rt3f/EVZtSSl6Eb+rkKt8W4fJb69B/InJhD+kleliRAHEDAncNdEcFXyHGgT7B4sExA68ufV1bBpUIrCwNFNjKvbh5iX2TQaO+8vag2Puo74iGZXgesha1trAoN8do21bnYipSxOc1c81iYizKW7lNKYrDrQcGWBe13WpdNVaBtaDgkvTjSUGVsOi49UTyQnTeHNgXsrJCFdmskojQWkUpPCInwOfmMk/CIOgTjiBVDAdn6gg==
+v0n0.nic.fan.		172800	IN	A	65.22.20.57
+v0n0.nic.fan.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:57
+v0n1.nic.fan.		172800	IN	A	65.22.21.57
+v0n1.nic.fan.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:57
+v0n2.nic.fan.		172800	IN	A	65.22.22.57
+v0n2.nic.fan.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:57
+v0n3.nic.fan.		172800	IN	A	161.232.10.57
+v0n3.nic.fan.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:57
+v2n0.nic.fan.		172800	IN	A	65.22.23.57
+v2n0.nic.fan.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:57
+v2n1.nic.fan.		172800	IN	A	161.232.11.57
+v2n1.nic.fan.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:57
+fans.			172800	IN	NS	a.nic.fans.
+fans.			172800	IN	NS	b.nic.fans.
+fans.			172800	IN	NS	c.nic.fans.
+fans.			172800	IN	NS	d.nic.fans.
+fans.			86400	IN	DS	25466 8 2 7842246F760A21E694F1D8B64754F0D5BB27EF6A33F25E2F3F2DEE26B33B118B
+fans.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QhvRrOu/rzWD2EarBOrtVwdl76A3l9eGkCQIbq+zkx+wv2NhHV8Xc2P/kF/6Hc71UqkDPJX/i8LYVx44QUJ1p7ClckaxK/0dHoFkOKppTb6kz/mYq1hujy+hCX+emdTeKGJSDgLxDARxUypobfdt4ZyQljiLS0E59V3NUXqNVdwmNFQ97G0bsKuWvsPRVEzCtrVfpnNw22DgmD546LkLlV9g+YIUm+8oN9H9cHNx3SrHXBNt1E39WLLoxvdnKDFqd0q4SJtnwbQ4Sd68qHhEXm4t08rrfuGKdN927HytAcmG71KWCnzuW3TT57+H5Pk1oQaMTSvZqU5RXTW0zklTrA==
+fans.			86400	IN	NSEC	farm. NS DS RRSIG NSEC
+fans.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gWB2BoPNYIuhSts9okS8lawHO21t5PtHhzHR8d8Alg6XmqOdoavcIQp3vjHqDZidwJW/oVGWVVxaqIJ4AeVwFyp9u73QhFBwpqaVEc+ztxebbDTjtAMBNmddmXTV2kKRUSy3LtunyOHPdHzD4Jn5OcHlDXW91LHBK8sCu3b+AJkqegBahAjl6do2UlHUJN0s0CjSTmjut6Zr+igmY65hLTG5ejqPY4QeRNPnJqCtlYOdfnbt591qodBZYNhThCseYAkPBX0YP0l79Lff5gz5/UO0wAO7rN29nxfnRelaPwPD6lddS4M5A9sxbepHB2VzvB4pLE0huwQ2W6zCCzJFSQ==
+a.nic.fans.		172800	IN	A	194.169.218.39
+a.nic.fans.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:39
+b.nic.fans.		172800	IN	A	185.24.64.39
+b.nic.fans.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:39
+c.nic.fans.		172800	IN	A	212.18.248.39
+c.nic.fans.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:39
+d.nic.fans.		172800	IN	A	212.18.249.39
+d.nic.fans.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:39
+farm.			172800	IN	NS	v0n0.nic.farm.
+farm.			172800	IN	NS	v0n1.nic.farm.
+farm.			172800	IN	NS	v0n2.nic.farm.
+farm.			172800	IN	NS	v0n3.nic.farm.
+farm.			172800	IN	NS	v2n0.nic.farm.
+farm.			172800	IN	NS	v2n1.nic.farm.
+farm.			86400	IN	DS	63382 8 2 584397D0AABC1083C561C54DC4ACA32AEEC4B002C8A67FE09D4B1EA429DA8DC1
+farm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . X5gweaktFEMi0UA0krlN4Hvo/JtbljJpo2R8hKW7BO+l+w3ZnPqZRpB8YJykdnEnmsOToIfVUqHoISo7GrFDSLLHGXhJH6UzhOdGvjowqJSYVrGVCLGMuyYpfDb7kYk8zzeoM08EcVEc8WJKYMD+7wIsI9Suct4CjBNEC/JGZCYfWgyBqYX7kyo1aQiwc2hjNDIHNYP3h/bxtxXLz+Esr+CFIWMPoJ6m5GPqe8fUO18xS5+AjeMUseWTLPe3zShcJvjVQGtCHFQX+hHcM431yjTVozAUhoTQ7/hEBAriCRPWYqkrzFHBgPIOXssL/MGxR+kkuG8nHX5F6IrYw6ehcQ==
+farm.			86400	IN	NSEC	farmers. NS DS RRSIG NSEC
+farm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . df9y2TUPfBI5F1JnBj0lvJ4XP27EoFz+XQ63y0jkibdukRiqP+I3mjMfg6uzeEBPuQEAAMbjA/DH3VODZlWIi3lXMltbL2SnG4Cgg/d5LL+nR57QjBhB8PWd+JPmeiON08mAuQXvRrLpDtf+4TVAy4BmxemXNJSUM75hRHnnktT4QxymAJmoNcgMVK1lwTyiX8Or3HfCOwsxEcoY0z5ipH0gC8S+mY24RNf2pN7qyZMxVhLh5uzs+wWeRwuwzq8nsbwuMK7re9QJUQ7QT+MsixpE5uPUUjRumq3RXXYWnaBZsJSnpPu6eg/TenWX3kcpyIrSBDgK8hIQbSJzSamYKg==
+v0n0.nic.farm.		172800	IN	A	65.22.32.8
+v0n0.nic.farm.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:8
+v0n1.nic.farm.		172800	IN	A	65.22.33.8
+v0n1.nic.farm.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:8
+v0n2.nic.farm.		172800	IN	A	65.22.34.8
+v0n2.nic.farm.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:8
+v0n3.nic.farm.		172800	IN	A	161.232.16.8
+v0n3.nic.farm.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:8
+v2n0.nic.farm.		172800	IN	A	65.22.35.8
+v2n0.nic.farm.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:8
+v2n1.nic.farm.		172800	IN	A	161.232.17.8
+v2n1.nic.farm.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:8
+farmers.		172800	IN	NS	a.nic.farmers.
+farmers.		172800	IN	NS	b.nic.farmers.
+farmers.		172800	IN	NS	c.nic.farmers.
+farmers.		172800	IN	NS	ns1.dns.nic.farmers.
+farmers.		172800	IN	NS	ns2.dns.nic.farmers.
+farmers.		172800	IN	NS	ns3.dns.nic.farmers.
+farmers.		86400	IN	DS	11494 8 2 CD092DA4B2E46BAB4B5FEA2310C7C8007E8B5732F5BB3CB6E0A01A4CEF212C70
+farmers.		86400	IN	DS	22045 8 2 6BF128234CCA6C4FB7BA28F87C84C2488333439E8877BAB9E94BA8F65BA28123
+farmers.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gYyWiOZ1MViIG8JlYzqq4sJI0UhTapDp+dXrDxuQtbsz5YXbC/WXo1nIcq1LI9mdpTHsuQguQA5uH2JFeLpM6Ao+z50HAK9A35NGIlsIwmDpBbuqEf5IZ/M70mAwuI5WzJcSpIO0ph23wLvlHc943/b0HP0W/Q2K4SidzrGZvzClck/o8CBo4FakUPiyYNyj9L7fHaCELuce6koGH9RqD0NFk9c4WXAl6L3hIUY3JKxfYjEI555RQRr8yyrIsu5atU8klfrb1wQGxl5zJWlzFaBI0NXSYpsMx65/Is/Fc0cKLjKM0d9NhxtGvgxftCoFY9RiCYxIQDob/lp/vU8rGg==
+farmers.		86400	IN	NSEC	fashion. NS DS RRSIG NSEC
+farmers.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nO42eWrYe572QxJ/b0cXEGRisoH3aFiAaoB4f3+roAY2VAX3scLbQyDPOyTJYVjlJn/ZDNSZgaW6qSmnUpjwHls8SWg4NQPnr9xFk1zRdmdFSdpOTVMUDgebUVWIn1LKPJpEb+UbpPvnJPhXsdUlDgFrUo5/Bej5vyviq0pSwtDh6Z2OHN/AKJ0RawDQLhYFQ0+0gTy7KiD3le9MrbAixdpus1QiHRe1gbUommuTEQvrZy6ZqnG8f7+Jy14zhs1RIf1Mv8IAK1++DJV5P0BL85UeKHTf54beulrROY9yC+iKpBkowyAv/ZZa4foX7dvc/EJDgjpQuNJgxgWXYiFxtA==
+a.nic.farmers.		172800	IN	A	37.209.192.9
+a.nic.farmers.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.farmers.		172800	IN	A	37.209.194.9
+b.nic.farmers.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.farmers.		172800	IN	A	37.209.196.9
+c.nic.farmers.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.farmers.	172800	IN	A	156.154.144.55
+ns1.dns.nic.farmers.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:37
+ns2.dns.nic.farmers.	172800	IN	A	156.154.145.55
+ns2.dns.nic.farmers.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:37
+ns3.dns.nic.farmers.	172800	IN	A	156.154.159.55
+ns3.dns.nic.farmers.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:37
+fashion.		172800	IN	NS	a.nic.fashion.
+fashion.		172800	IN	NS	b.nic.fashion.
+fashion.		172800	IN	NS	c.nic.fashion.
+fashion.		172800	IN	NS	x.nic.fashion.
+fashion.		172800	IN	NS	y.nic.fashion.
+fashion.		172800	IN	NS	z.nic.fashion.
+fashion.		86400	IN	DS	36220 8 2 317F7BE09221A412B8DBE4D8AB6C620083D9A3BAAC4064EE4A7C2A1F5ECA6C7E
+fashion.		86400	IN	DS	50059 8 2 99BBDDD068EC695D622DC3A186FD015D9D47D2B26056CDAB45AB8E45FC99DD87
+fashion.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KbT8P/utB8JYCFXocqfXX+HPhfkisj2sYFhq1v8vo4/wOEqWwFtxZUODetw4KFfb3AzQFDJ41Veqm5qBNwrHJwjLV5Zeys5WYwp4+6SEZeSU7K3kBTDGszBRogXkQwGyGHsIushUQLbpe2z6piTbXpn96gQbfxmY56xWuhf/T+WH7SrTIw1OH1gfrzV9BQfOBn6vNn7nifJ2OCNzNax74C1nfEwsU1HKCQplyheQ3cxg6TTMb8w1/skcw/C//h62w2qIDbeH4OGtJ3jS9u9x1Y97Yfat3sfNs59FuGVHJFvOwPjsUBCo9KgiCrg9CZenF7ncVMQEvIAs2zKS5dbcQQ==
+fashion.		86400	IN	NSEC	fast. NS DS RRSIG NSEC
+fashion.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A3MLawSS35Bhk6v+zIMMOORKOOlplvtz47Intya82Y1OQfhUQ70B7yrUxamFkne8rDM8cxmbfzRKzz5VB3RTvfeF0dJi7pjqNN7HS5WEWYXzuHqLNskV7j+TrXqlHv+7glTLDUjNxWMj2clpLKODZbXNssi1yxaLqHlYRfKjBxpRpxGUCA83VY1kixNQyHSeH3wAbmhr6G3hiTb8jMosCWlvsjz9NhKnLFK25a3hkI9499KE7hDCAAEe6EdVVJQ4jsfDvTfNIMUMi9zqHDVhMKnDBgjS0W553eaxxqoM42vTl6x6LZTGI2E9PGgQXGnitpPsIwu62ZTZANdLF1HGGQ==
+a.nic.fashion.		172800	IN	A	37.209.192.10
+a.nic.fashion.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.fashion.		172800	IN	A	37.209.194.10
+b.nic.fashion.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.fashion.		172800	IN	A	37.209.196.10
+c.nic.fashion.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.fashion.		172800	IN	A	156.154.172.82
+x.nic.fashion.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.fashion.		172800	IN	A	156.154.173.82
+y.nic.fashion.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.fashion.		172800	IN	A	156.154.174.82
+z.nic.fashion.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+fast.			172800	IN	NS	dns1.nic.fast.
+fast.			172800	IN	NS	dns2.nic.fast.
+fast.			172800	IN	NS	dns3.nic.fast.
+fast.			172800	IN	NS	dns4.nic.fast.
+fast.			172800	IN	NS	dnsa.nic.fast.
+fast.			172800	IN	NS	dnsb.nic.fast.
+fast.			172800	IN	NS	dnsc.nic.fast.
+fast.			172800	IN	NS	dnsd.nic.fast.
+fast.			86400	IN	DS	50396 8 2 AE5D5376961980DDEFFC4E0DB6A516FFAA3EE0949387AFE48F8BFFE7CB0651BE
+fast.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CEqAQL4878Yn3qJTVTUHpJHg23/24JpUC0XDIwcTYJ2rlX/tTJ9q+XyxqRYAj/lCIMGlaG8E5776WwoyuVKzzLiqkMrFj9e1+rPQxLQnz//6Rh3gEVQvKsKj5JmID6pZiUkMorrZDjZsIQ/jKbFD4ewj5JlyZNQ+DHCiHuTBNPP09WXRjSoAz7+DffnDvyMjDrQ2Es4RSttJKlADd+Ks8fHj+unD7Gzmr5VsnYIYtV4+yi/3Im9hx5kLsJX4vh4RJOUKsGX1dJIAvfcveKqsLhxZO5KwZHElSgD6zULMmtY5kc9FoCBfOwNYqKl0Vnm6OsEl1LHuER4bdD9QXk6D6w==
+fast.			86400	IN	NSEC	fedex. NS DS RRSIG NSEC
+fast.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Owab2l9quCHrTOpNVHnFg2LEJmZuHBChRt8rzJdgO+iwCUzlP6Gju9LUO5Dfuge3c6ItBHe5gA3CM3Vk8xiboBzvVQjE1+yRwgw5hVGkIbd7yWwLv78yXhHFjYM6bn5ZoCFs9fU2PoX7Z1KNTot2PpLV+/lY+t/rZwyDatjgk80Kb1J42M1TVURz7z35TfkOyIs6mcs6jzOq3vlntqNgejqIGTn7AaJgeiBi+faIYRXWVNh2OBf2LR8OCZZrSzRCVCRzIayr52SWP+fvswc9nUD85cE168/3VR95pARxPNUUefypmyoaroSKUfxCkM/7IZiGZWDgpa0Ldcz7kjHVMw==
+dns1.nic.fast.		172800	IN	A	213.248.218.66
+dns1.nic.fast.		172800	IN	AAAA	2a01:618:402:0:0:0:0:66
+dns2.nic.fast.		172800	IN	A	103.49.82.66
+dns2.nic.fast.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:66
+dns3.nic.fast.		172800	IN	A	213.248.222.66
+dns3.nic.fast.		172800	IN	AAAA	2a01:618:406:0:0:0:0:66
+dns4.nic.fast.		172800	IN	A	43.230.50.66
+dns4.nic.fast.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:66
+dnsa.nic.fast.		172800	IN	A	156.154.100.3
+dnsa.nic.fast.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.fast.		172800	IN	A	156.154.101.3
+dnsb.nic.fast.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.fast.		172800	IN	A	156.154.102.3
+dnsc.nic.fast.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.fast.		172800	IN	A	156.154.103.3
+dnsd.nic.fast.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+fedex.			172800	IN	NS	a0.nic.fedex.
+fedex.			172800	IN	NS	a2.nic.fedex.
+fedex.			172800	IN	NS	b0.nic.fedex.
+fedex.			172800	IN	NS	c0.nic.fedex.
+fedex.			86400	IN	DS	57511 8 2 13B91145D3199C419B0B4BAFB3938F08388B7B52BF8983C24E068BF63075B68B
+fedex.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . thicER7FMUf1uoBJR0HUvr++H8IwtXLfywPxv60EPkTc/7BNxXdpgf/3K/3m2ys5t6SGI20pqp8UJY+4cd35Rw0c+vMISSqF5kANoIPsLYJ3rs20xpK5Qi7Uw/Jngfd2fCmOkWgzIZsl2h1YBpmdm86nz4OUM75KRL5axgZ6fBr94O6PbmkPttttNkhluIufQhklGS4hk6p0KeE9bWoQmpyZeqmuEiDfp71Mmm5ZtE9Mx7Qw1gTHCzlJYMwbfmMPEb+I3+QFx8i6pVHQ6mocS6zkEnpNjqDfcEFCIfEVXelhwkLDC0waq2H1a6q82eqpXxMrAupwI5uoUENarNg/pg==
+fedex.			86400	IN	NSEC	feedback. NS DS RRSIG NSEC
+fedex.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . naRgu7KPvt1QHQkmu6LXT89BpxlX5ObWjdrsnecmZOlLG1Ns2yN35WoDDXC4r6YeUAXdjDiLW0+Ed7QuhE7h7aJAK+HZNFozsVhmkDlV+zovi1KymECTYIw84Ym2UAtw0sePePAmbbvtIRxUwOOPdGN4bFywcgqWhvm4l8fSJKc0WT9beEcEGbtHfyCc8OdSZzkJ4dpyWo236Wd8eyFd01uTI4NQIbgfX3wyYkBFq5Pms4zzxZNQovmE72ou3MENh7rkv+totJw/uVM587TOkAULUgbDwdW7kZuG6RCkVShgRiZZepCS6/BArf1XJBNIVoemOMeJV0XQomwqFEqISw==
+a0.nic.fedex.		172800	IN	A	65.22.228.33
+a0.nic.fedex.		172800	IN	AAAA	2a01:8840:de:0:0:0:0:33
+a2.nic.fedex.		172800	IN	A	65.22.231.33
+a2.nic.fedex.		172800	IN	AAAA	2a01:8840:e1:0:0:0:0:33
+b0.nic.fedex.		172800	IN	A	65.22.229.33
+b0.nic.fedex.		172800	IN	AAAA	2a01:8840:df:0:0:0:0:33
+c0.nic.fedex.		172800	IN	A	65.22.230.33
+c0.nic.fedex.		172800	IN	AAAA	2a01:8840:e0:0:0:0:0:33
+feedback.		172800	IN	NS	a.nic.feedback.
+feedback.		172800	IN	NS	b.nic.feedback.
+feedback.		172800	IN	NS	c.nic.feedback.
+feedback.		172800	IN	NS	d.nic.feedback.
+feedback.		86400	IN	DS	16786 8 2 00F7F4B6DF67DC7B828C14829884908EE92E57FE312ED483C43DA299FA5DDAE5
+feedback.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . c5J3JUHKUhc9dqnXmMJEbR8tqDDc8nNou7jyD3tT1g05O4+7VeSQUpxpzsRb4dWX2ng83n3BTuEcHaXfMWUsEGRmA2hJqX8xGf5kl9aUs4RbQBTrY310GK+NCbRtavkHsn664NPu1qs1tgPQB5zF/MPLPy4SGnLssZxuQvmHGp1GTRfBOH+JdFBE/wKZAVFLn+gzst74v1Gjd9KEOXUU2JCsR/iBJxYP+jzLAAARvlnU46olsTqyw1X+OZ25frmnsrOQZ5p7Ve7R1oipkICpAC10YklYr7mplQsdpNbW/BaXyWWSqF6O/9AR5rG6EyUa2zKVxk3kUgil6JooPcTJXA==
+feedback.		86400	IN	NSEC	ferrari. NS DS RRSIG NSEC
+feedback.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . iDR9XROnRujzj5N9Yw4vjqgUmiIjcwBe7NAD0I9s0t9ckwD30mUKP7Mh2DDGJxSIO8jisSgXEmiGpRfuLOBNILJq+ct7THwMp7jIhTM/u9pMN1YsHqBByoDKd60nG7undX56iVe877KLDXyntJw6OmUz4yUJCLj+QUewUUWPGlvlfNqchjc/yCxBAPgyFPN2igfj6JYzWV2UHGVoue2FQl0r5T1UZNTjpUcui6+7D0IPZirQTNx7w2RTAEKTRsdq1QaSSdDXtfvkRe7co/O6acHUZ5ckIJAHzJ6YT9usA05yEVnsxeu4jJkYoPwA2Ias4p23gRPXFfIjENCWRk6oZg==
+a.nic.feedback.		172800	IN	A	194.169.218.50
+a.nic.feedback.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:50
+b.nic.feedback.		172800	IN	A	185.24.64.50
+b.nic.feedback.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:50
+c.nic.feedback.		172800	IN	A	212.18.248.50
+c.nic.feedback.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:50
+d.nic.feedback.		172800	IN	A	212.18.249.50
+d.nic.feedback.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:50
+ferrari.		172800	IN	NS	a0.nic.ferrari.
+ferrari.		172800	IN	NS	a2.nic.ferrari.
+ferrari.		172800	IN	NS	b0.nic.ferrari.
+ferrari.		172800	IN	NS	c0.nic.ferrari.
+ferrari.		86400	IN	DS	24796 8 2 33FCAB9B1F82F04CA4AD6685FAD6E660CFE968C2D0C97C08107DE4BA5C5735FA
+ferrari.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MUrx/PRg+rqTmj1MgpyyVbB/3N9N6AMpIK7s+st03YGO5AQN8uu/fVDQ9P2Fh6d3e2RyovCXxCfcqORJYWUftqXvGDy/QEOkeVGKGYhi1rzLKpkSNIkhp3f9J2c6YX3oti0CobV7H9KtpSbfupqv/zi/byajfz/Cp2epq67a2yFZXG9p+kducxaqhxvrgmJUTY5yNT0X+HdzRuitrmZnS44AaonjCHCudQxlHyLc+IXQ6o9fz3hzL/pxwetUsffSgQK6KBnCXARgL7FCuBsWnWpUm95uv7Obpr0QtrW0JI+e4wsULQ6WbYIuYHwFNVBc+mdTVcDB1ScLRueklKcl7w==
+ferrari.		86400	IN	NSEC	ferrero. NS DS RRSIG NSEC
+ferrari.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zFWINLyO09uPUZL5kAkcGoRF7/fT4yRj8An65k4usSwrM4UVjIcB9KKF/1v1iKF+lXHuDUwoojVtXhg4EKvVTa+c/Ti3whnJGVJxKB8iYnIDtvDlKFB3gM2corYu3vrKJEXrJiwUP+bGr7O+dJ5+hs3VDSBX84dToITWmAKhTCKQhOETwANjqyeO33FUXAZelUOx7G4JHHlOBBmmmoC/LGtKy782FDjgEZXggA4rA3IhuPdEiDRLkDX1aLjoSv6QAAjSLzVypGDs6nB+K7sf5YOIHCdxnL7FtNbmDxcOOy4WlgUqfHUJyUwkViQ517v4SZ5H+rmU6mvXA+En5tZjdw==
+a0.nic.ferrari.		172800	IN	A	65.22.124.25
+a0.nic.ferrari.		172800	IN	AAAA	2a01:8840:7a:0:0:0:0:25
+a2.nic.ferrari.		172800	IN	A	65.22.127.25
+a2.nic.ferrari.		172800	IN	AAAA	2a01:8840:7d:0:0:0:0:25
+b0.nic.ferrari.		172800	IN	A	65.22.125.25
+b0.nic.ferrari.		172800	IN	AAAA	2a01:8840:7b:0:0:0:0:25
+c0.nic.ferrari.		172800	IN	A	65.22.126.25
+c0.nic.ferrari.		172800	IN	AAAA	2a01:8840:7c:0:0:0:0:25
+ferrero.		172800	IN	NS	a.nic.ferrero.
+ferrero.		172800	IN	NS	b.nic.ferrero.
+ferrero.		172800	IN	NS	c.nic.ferrero.
+ferrero.		172800	IN	NS	ns1.dns.nic.ferrero.
+ferrero.		172800	IN	NS	ns2.dns.nic.ferrero.
+ferrero.		172800	IN	NS	ns3.dns.nic.ferrero.
+ferrero.		86400	IN	DS	37165 8 2 EAFC5FBD259481214624A636038BA784E8CD56869A1ADBFD1024B3358C59B114
+ferrero.		86400	IN	DS	45604 8 2 89BD8DEC1256F0CAE5EDC8F2618FB6AD4149EA9028AFD909632727EACA092B3C
+ferrero.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lCR+u1PBJZq0pdOnwWF02Q0bApntPwYoQ+xdIZGgGj97IZZUHuRxbfHqM//8G6TPUVF00DUeoLzx3OxHkVNDJLHNztUH5mpYzcRdIgICj8eK1NAFCJ+w4N8pjbsuMfVAy+dxY2pSmQ3fcOvhwh0h/2jLQ3ai5qIVmH3Q4efScUsN/lrVDhWAKIhZxbECTC+QGsoppLdxR4F4TDuFDbINoaKjK9aGKR5Z+IW4fSmd2qfb17+6JkSQhpBnxnze8ftnEpcUARSDw5338RFykheZcj0ajfX5DWSOP/aN7NWm/iFTst2t52Onctk4dtSzNsSpTUhpHSU//Oy5Rqvsz2OoBw==
+ferrero.		86400	IN	NSEC	fi. NS DS RRSIG NSEC
+ferrero.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m4kqqWlhKsqyDebEg+3ygrMPr9HEFIWMwdUkj/MMOB5qWO6NzXxdS4gCTW3QeGklvzWN/iCdm+B5rq2qjQqcYH1o0uMKCywfs91pmHO6d+LrBhhj8+LLxEl+LlfmJdr0Z6fhRqvxx7f0T3PyGb1zWYkbUBPPhgxBP30rgh+T7oGoGhlcmN9mCGb+wo6xc7KL51dr6rAugUTMBWYuzNaMPtWJ9dA1eVpxpdjgsk0BrcCsTqBSKGqUMFjoXaiuaSu1CPWN7KUsUew6W06N+7GVFt9XN0gbxSV6rBKSSMrr/y9WwxVQmkfx0BSbQGr8D8PCjiWI9rI+a2Tcf2zCN+lt1w==
+a.nic.ferrero.		172800	IN	A	37.209.192.9
+a.nic.ferrero.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ferrero.		172800	IN	A	37.209.194.9
+b.nic.ferrero.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ferrero.		172800	IN	A	37.209.196.9
+c.nic.ferrero.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.ferrero.	172800	IN	A	156.154.144.57
+ns1.dns.nic.ferrero.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:39
+ns2.dns.nic.ferrero.	172800	IN	A	156.154.145.57
+ns2.dns.nic.ferrero.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:39
+ns3.dns.nic.ferrero.	172800	IN	A	156.154.159.57
+ns3.dns.nic.ferrero.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:39
+fi.			172800	IN	NS	a.fi.
+fi.			172800	IN	NS	b.fi.
+fi.			172800	IN	NS	c.fi.
+fi.			172800	IN	NS	d.fi.
+fi.			172800	IN	NS	e.fi.
+fi.			172800	IN	NS	g.fi.
+fi.			172800	IN	NS	h.fi.
+fi.			172800	IN	NS	i.fi.
+fi.			172800	IN	NS	j.fi.
+fi.			172800	IN	NS	k.fi.
+fi.			86400	IN	DS	35221 8 2 D4A489017F68A6C02836D4F126A4B9F6AF34C371993BEE97ED759D83DB9CD38E
+fi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Zg41lwQKl6UIYgKB+yTLNGq+YgOniCmxRt2sDn5tbhmmkss8WN8ZFKYSpT2NLgmgQyKfKbguJzQlG2i/sl+Ql1dJbxh7BC6iU0oHI3L+fOIYJ+WmIWvCFzY3xJ16+Tc0wTfKyP3qHCgXKz+/PjC4Hzyn0xxDm7gpPFkaxVbutwDzU19Vn3Rmq5TUHMCHBx/krlX6Gn5jDdurGzmqqBgndwvUBS8+03BSvnp2C/pDAIfjjzL1OuMI7gED28k5b+qxGSck91wBgouz9YYGF8wPOAc5Pg4JnS5q1rVbGv0HVtkGkQE6qPgB4u3R0k7/5X9ABDWzaJfcLjKYMkmGYQCmnQ==
+fi.			86400	IN	NSEC	fidelity. NS DS RRSIG NSEC
+fi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ootgLR8b8bqeKcNhC3B6xXUukdyKwpPdidCdm4pmrglaChgbPjX14OU8DzNKLeYnRihEk4d82wSmAfODutaKf3AN0cEinFDPzMkw4ZoLfxmGdDhausMz24CKO1jWusbIG0Qg3jAmF/DKVJzfSH2e6sQLpjVQdLP5kMkcdO4zGQsL8Eto162k4kAETPJN8TmubRhS/O5grf2V4laN2mhGCRh5w9NRmOVIXj7tKtTt/QnZXp8bQh3HaQxIGq9LcWVEwtO0J5s1LH5NZvXwEBDq/bR0IgjOp1FB9ZPgtXOpeFuC10gwfLDNRu7SFfB0upG3QUEAjewEBp9WnxZ6OJHmVw==
+a.fi.			172800	IN	A	193.166.4.1
+a.fi.			172800	IN	AAAA	2001:708:10:53:0:0:0:53
+ns3.alcom.fi.		172800	IN	A	82.199.186.130
+ns3.alcom.fi.		172800	IN	AAAA	2a00:5500:1:6:0:0:0:130
+ns4.alcom.fi.		172800	IN	A	82.199.184.194
+ns4.alcom.fi.		172800	IN	AAAA	2a00:5500:1:7:0:0:0:194
+b.fi.			172800	IN	A	194.146.106.26
+b.fi.			172800	IN	AAAA	2001:67c:1010:6:0:0:0:53
+c.fi.			172800	IN	A	194.0.11.104
+c.fi.			172800	IN	AAAA	2001:678:e:104:0:0:0:53
+d.fi.			172800	IN	A	77.72.229.253
+d.fi.			172800	IN	AAAA	2a01:3f0:0:302:0:0:0:53
+e.fi.			172800	IN	A	194.0.1.14
+e.fi.			172800	IN	AAAA	2001:678:4:0:0:0:0:e
+g.fi.			172800	IN	A	204.61.216.98
+g.fi.			172800	IN	AAAA	2001:500:14:6098:ad:0:0:1
+h.fi.			172800	IN	A	87.239.120.11
+h.fi.			172800	IN	AAAA	2001:678:a0:0:0:0:0:aaaa
+i.fi.			172800	IN	A	194.0.25.30
+i.fi.			172800	IN	AAAA	2001:678:20:0:0:0:0:30
+j.fi.			172800	IN	A	185.159.199.190
+j.fi.			172800	IN	AAAA	2620:10a:80ac:0:0:0:0:190
+k.fi.			172800	IN	A	213.186.229.226
+k.fi.			172800	IN	AAAA	2001:14b8:188d:0:0:0:0:53
+fidelity.		172800	IN	NS	a0.nic.fidelity.
+fidelity.		172800	IN	NS	a2.nic.fidelity.
+fidelity.		172800	IN	NS	b0.nic.fidelity.
+fidelity.		172800	IN	NS	c0.nic.fidelity.
+fidelity.		86400	IN	DS	1792 8 2 8A77ACA7DA9CB3000D7DA7ABDF46182CAD3E20BD9B0FF7D685F70BC6DCF1D6F1
+fidelity.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mN6SvfhccIZKCEdcme6SOg8RLB9CnAgRmnBviPbIkztZshcqna+s22veR4TmC8ZbIkekLF40at44ct+O0d0GIE1ml8Lg+tYmYRWwh7NCe0X+5GBni8WvvEnOdokNFFwenSHIxj6acYOABX8/riaQiCDtDiHrXNsNCBKDMakirCWhxTrqv83DpIfUN9MklVDW3QvCcSQp/Ex7py9h4iZOJrLPM73pWTp0AcrEEzptt0y3ZIeNPNQRtILAh1HFHrPLEBGK0k2WktrKqk7Md1AkZl7DK24QAFWcW9rkP+naZS7NY97fIobhWs9c46aVk/09MREPjjug9FLpPRxg9b2vIQ==
+fidelity.		86400	IN	NSEC	fido. NS DS RRSIG NSEC
+fidelity.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . y1zPQRv036tUk27Rno+QgTPfWVNPv6DAtqWijdpYzw0rhugvcB3aKLzYwDfVn5J9Jvd8neO6SQTgCBph+zlI4/bK037sbh9T3eEG0bSUes45rPhmzREx+tj7DsBueGfIIeDAZO6hhRbcRqNWZ2CAVCYSR8J17XC/CGj7rhmkdMd4ULY84btaJq/6QM3+0QfpcwPwJZDIsxKcHTXiI6Ycf9INVFrXjNomu+PGVRL/4L3+zxtHzjfjw1ALKZzTVapY1+0bTZCpaZ/xAq3C43VDt19N8zw6YaWEwMQ+BhsQY2pjw4bSNErEAdUya7P6CYZCVgEwa8RtWiI9v1NeeX8jpA==
+a0.nic.fidelity.	172800	IN	A	65.22.112.48
+a0.nic.fidelity.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:48
+a2.nic.fidelity.	172800	IN	A	65.22.115.48
+a2.nic.fidelity.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:48
+b0.nic.fidelity.	172800	IN	A	65.22.113.48
+b0.nic.fidelity.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:48
+c0.nic.fidelity.	172800	IN	A	65.22.114.48
+c0.nic.fidelity.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:48
+fido.			172800	IN	NS	a0.nic.fido.
+fido.			172800	IN	NS	a2.nic.fido.
+fido.			172800	IN	NS	b0.nic.fido.
+fido.			172800	IN	NS	c0.nic.fido.
+fido.			86400	IN	DS	16402 8 2 F1FDB16B12B96A368D95FCC0F2A37BC54588DC9D0049F066AA21FB095E5EA7D7
+fido.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . usQLONoEAP7CCtTfvKp1Ww0wTwfC6610YgzaMKNY0/j1MDIZtkAdGu6mq9OlP6PMtbhT8NEwwMGdi7rzdll4jXERsa2ZxstfxClcp6q/APvDdvBxA6SOJguUsqhxQURO++KwMbZwf4gUuIJardCy9+a9WUpcjC66S2F1e1h2eRDwSAx+w602U/IgSpinlAwWAl+DBQ7JeRFQAgXxNELXTUv5rlS4XpuqaQUN4Utj+n/ByHt31K4BRk97rvo2UdIMp0jDbgCkVquNGutLjWIlKFpVp6Ix1yc8gownGJEQ9Wg5aURRTPujp4LbkbOxKEQY23QYcpTYgQhVq67g3t7OJg==
+fido.			86400	IN	NSEC	film. NS DS RRSIG NSEC
+fido.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VMXPWNBtGLBOjm2R/0uwsX3Y6IIlsRPobbPTn6LMtP6BKSRr9hv4a0cg1dM9+drpjAXgKuetjqobkeFJ37yvakksLpyxUEmK0UiZisKtP1lvFG6btywEg/AZw7l320Hpl5QmFEMp8KUMOmTFGKr3WMGcYqRzwlUHy1tKP4piA4jujrF8WxPbe4iPJmJHfOfJHfZmEPwYk2oem0ThwhQRct3yz2NL9xg8Zs4/VWiNgUWDllVTry+kRQNB48ZfXINDRKi/l5LM0n8J7yCjA383xgNhVt4pICgZ3++4+g8PWyTgnoc0G8H3yoWUfNgvB2xx4IaEIJHv87kxuF+N74LEJg==
+a0.nic.fido.		172800	IN	A	65.22.108.41
+a0.nic.fido.		172800	IN	AAAA	2a01:8840:6a:0:0:0:0:41
+a2.nic.fido.		172800	IN	A	65.22.111.41
+a2.nic.fido.		172800	IN	AAAA	2a01:8840:6d:0:0:0:0:41
+b0.nic.fido.		172800	IN	A	65.22.109.41
+b0.nic.fido.		172800	IN	AAAA	2a01:8840:6b:0:0:0:0:41
+c0.nic.fido.		172800	IN	A	65.22.110.41
+c0.nic.fido.		172800	IN	AAAA	2a01:8840:6c:0:0:0:0:41
+film.			172800	IN	NS	a.nic.film.
+film.			172800	IN	NS	b.nic.film.
+film.			172800	IN	NS	c.nic.film.
+film.			172800	IN	NS	x.nic.film.
+film.			172800	IN	NS	y.nic.film.
+film.			172800	IN	NS	z.nic.film.
+film.			86400	IN	DS	37210 8 2 713E96C6A83BF8E26D80DB818D4061793B4C10405C13E7D9CF7D471CEEFB6009
+film.			86400	IN	DS	40855 8 2 2C6B614B379DA71A9822BCE8094B4B42D14801C5368B07CB1F6F59AF7E750AE8
+film.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zkWPCWyPwocvQV5IO87fFJ+VoLPMofCxk5NZqXvQZ0qCato2oLQ+DkZx83nv+EiNKdlnz55UYneXD0xNOW/MzsjCxJU64wQaJSugR/l6XdeUd5GL+ccR9xpnwrtS8mu8bt1TJwP0QMQeVF1BnrRdNAv8GsuDyZPHEFkgD878L8H5ixIqyUSTEdaxQfVaeYEkjtNJ1nj2swoE/tZ8nQ0fJliLsj4KtzWW3+xbgn+7dOquQAB/uNhrG64K984ge7SFcwmjv6SDuFbOOnMTVOZIEsiNrCEADC7YBRxYzxUKwwJAMDz7vqGbdMfrv22olPzBYh06+rqE7WVe4n0pDXaZPg==
+film.			86400	IN	NSEC	final. NS DS RRSIG NSEC
+film.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . B8i5/NV2x8wgcljem1r493x5icH4vcoyGXhQu7/szK9vnYU8jfZNZQpGr9ymm2V93IgLgNj6/CX67GMkBiHvSRvLeLRViQOjYnMdrNdLFYUGt+MKy/DdsypCUkZndWQU3bYrIkgLyvHeltTFEnaF4p92wtWZgMUpQZBwsqC7a1MuQXptL6CTKV+DQfFJVS5f48ltUHgEBXjhN/JXu63VsAogC/AjXv/Zua1w9Lqt6cyUeA0dnG+lQDrtPjv1EP43zj1AzVU57UTzfv3wJPCRGKGTkiVM7W/9W4/iQTivZCy/D4YKvasqDsku66g9Uh3IC3nOnDG0siZuOoFinW4SOA==
+a.nic.film.		172800	IN	A	37.209.192.10
+a.nic.film.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.film.		172800	IN	A	37.209.194.10
+b.nic.film.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.film.		172800	IN	A	37.209.196.10
+c.nic.film.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.film.		172800	IN	A	156.154.172.82
+x.nic.film.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.film.		172800	IN	A	156.154.173.82
+y.nic.film.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.film.		172800	IN	A	156.154.174.82
+z.nic.film.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+final.			172800	IN	NS	a.dns.br.
+final.			172800	IN	NS	b.dns.br.
+final.			172800	IN	NS	c.dns.br.
+final.			172800	IN	NS	d.dns.br.
+final.			172800	IN	NS	e.dns.br.
+final.			172800	IN	NS	f.dns.br.
+final.			86400	IN	DS	2471 13 2 D2ECD166572437125F8D9B0157E59BB3D4201F5700C2749EB4B8DC1D30B2964B
+final.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dsZ+cnY1KuiiDDJFRFe5PQv1d99XUcJgXPIbJlDE434VV2j0cd5f2VwjcaEJBXrHqpUDUp4MDEZuQ49afETUEinpAiAQdLa9ooK3eliLraC7XD1n/gk4nJ9nOsAjRSulZCgb4ruaPchBhPtha3X46q+lvv2v32zs0qpbmVX1FmJK/ZgpyjkqO61syKqYG9GASJGEcqNv0yp4gKVcG/9MBqxJLoBXlZJ1BqNvgzMHYsLNRdgxwb30HCWpu1xarfG6fzw0DxEocUZuB/n58qNLHKt6nbGE5GFQw5Vh7/2jlIyFZqdnyf67TQAx8gnpQEPOq1FH61gBqoy75419FCmiNg==
+final.			86400	IN	NSEC	finance. NS DS RRSIG NSEC
+final.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V4wxkCRjERNwH5G9mADPWLoMk8CJjWmJcRH7e/1JYWlLVQzwEiB/vMtR2wWnmQRNZqakWgNEHgZuYR4XyEsheybUqeZhltagZkeJ6Ht7IsjmcJ51EXJIJ5Yl6h7VZG4Wxo3ZDxN3YaIMXmBS3iiEC06PaUWBbcIqY3DJL790m57yOP3eJd6509GQvi+6vKkmf566StqEt3D4rRI7Qq/FzG5y7m5/f4vc0Mjf0smkkz5txa0axAQLzsKcsI4rbxOxQ0pLYbePDhL7Nu2kJPDqyUDJoVF4qCuZeUw8dEEVYTnR1NFOH0Z/svWoT78w53KCgIUakwJqvENCurNZrHqFJw==
+finance.		172800	IN	NS	v0n0.nic.finance.
+finance.		172800	IN	NS	v0n1.nic.finance.
+finance.		172800	IN	NS	v0n2.nic.finance.
+finance.		172800	IN	NS	v0n3.nic.finance.
+finance.		172800	IN	NS	v2n0.nic.finance.
+finance.		172800	IN	NS	v2n1.nic.finance.
+finance.		86400	IN	DS	28624 8 2 860C6291C65E96464ECDB0F349A9F9F10B1F5872D8A39BA27DBFAFE38D85F07D
+finance.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hUtAP5eD3vRtPGCTyXTrNalXZD6l1esyFC0Fs0PWA9N9WPo36vxaScVuUQWS8CWXpM9eu2rpwmjp3e5ZZWANLcIsE1+eCEHw68AfvjLeKVvPVNTAY9saxwVOH6ZEOTEG0zdU4OAOJ9c9/9nbDnEIZfDNVLpIDEQPpBFGiXfnwIUbU1SA65pir1IvB4FrwyFyj7X21znKFByH/XcyaPR+1GxZqCPHfGnuw5263lzFrUud51vAHRP6IXtcdPQqAs/fw3OCHQflJV+yg40QeDk2OTnnOt1iyn9IL9sZ/0iYaUIvV5T6uRMwu6/zWpyEPfU3HuGw4zQ9HHSIunIPT11aNQ==
+finance.		86400	IN	NSEC	financial. NS DS RRSIG NSEC
+finance.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Vq2H81tLNGHzH9bmPVUDMPSUr7RNYen7zLzxFZAvzAq9b2tbWTMGwZ3qN3mcHVxOWN846NAqhaPMfHu5RCNPwiiLM1XSQC/ppHjqU3U9bUR3Lec/v9cUZIsa2QhvNcD38yEQ5JqYh1+oNUGYBknHMOXy1D1s5KdPcaryZj0D+Z9Bf3avGyP7Ox+I6aqG+1QlXy2VPjp3vOlEOPPKwiE+RbIfQJP1EXOfEuEBwC84hOKomJlc2Q/U+cxapyzk3LFqQds68MSE8UWvgq6m12P5a+5kSSmOKwxunwHNM5cWP9GoWNxl2ysqL0k5r1M+2VIkiBBgPxh1XgttoXDs5n6Pfw==
+v0n0.nic.finance.	172800	IN	A	65.22.20.10
+v0n0.nic.finance.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:10
+v0n1.nic.finance.	172800	IN	A	65.22.21.10
+v0n1.nic.finance.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:10
+v0n2.nic.finance.	172800	IN	A	65.22.22.10
+v0n2.nic.finance.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:10
+v0n3.nic.finance.	172800	IN	A	161.232.10.10
+v0n3.nic.finance.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:10
+v2n0.nic.finance.	172800	IN	A	65.22.23.10
+v2n0.nic.finance.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:10
+v2n1.nic.finance.	172800	IN	A	161.232.11.10
+v2n1.nic.finance.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:10
+financial.		172800	IN	NS	v0n0.nic.financial.
+financial.		172800	IN	NS	v0n1.nic.financial.
+financial.		172800	IN	NS	v0n2.nic.financial.
+financial.		172800	IN	NS	v0n3.nic.financial.
+financial.		172800	IN	NS	v2n0.nic.financial.
+financial.		172800	IN	NS	v2n1.nic.financial.
+financial.		86400	IN	DS	52537 8 2 A7F8E91C44E9425540A603D224D4D58FFA08754C19E6480C0E437D562E387FF4
+financial.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zIe8n3PbxMQnuHoX+IJ5xa9ar3pVPtPFKOLoUuFmBE83ZHi2Ga6740sAkma1CKnY/rZgnluyZTsxSXZcS27VD3EHwnE06EEafJBVYIwc5cfnn2miG8oMrfw+wEN06PKgahrRFlTZERwKg+CggULKO37o8ucOvSk6thC8NYbs/ggnpih35FP9HcIyA5o7er+9+hn0ilatPlFgTVTtLihVIyDxgtH5rXGMZS4dxhUEADhmmCeewj1eAsnMXPC7uZSfprktsNXIilpDluWPL8m4ftdbS5hjWrhmMX+w1MYom/2+cKuk1ynz7yH2rSHYRsLXBpwcgPQX/VcbYi6iTdHzfA==
+financial.		86400	IN	NSEC	fire. NS DS RRSIG NSEC
+financial.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1KNtJZNGgg/su+qonlNWv+YyBVsaQR1wudhjC+Ho/YVG16HDEiw7DGWWhWN0q7QVKa0gpF5rCiMQTnXP/1aqk8i0OTEH/uDLcWydMZH48TEE0et6aNQzQ2fKheWs8Uee3jYRUW1XIpCsvb6+4SBasDgS+NYJR/iObLSU6aT26jwmfyUpwaUI80BnahhuF9H10oOoLhgdP0w7G06baRfMVZh1RBviUVWTrDXaPpU6aw1Q8IrJY3pPBoiYKKBi38AtYTIL7C/wyDIkxdwpP9xreFUGRJex1EUu2PRyUmiUw+Gvk4oZt0uWyOxZyNYzeevBUfnhq9WyhS2ZuardlTrN5Q==
+v0n0.nic.financial.	172800	IN	A	65.22.20.54
+v0n0.nic.financial.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:54
+v0n1.nic.financial.	172800	IN	A	65.22.21.54
+v0n1.nic.financial.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:54
+v0n2.nic.financial.	172800	IN	A	65.22.22.54
+v0n2.nic.financial.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:54
+v0n3.nic.financial.	172800	IN	A	161.232.10.54
+v0n3.nic.financial.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:54
+v2n0.nic.financial.	172800	IN	A	65.22.23.54
+v2n0.nic.financial.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:54
+v2n1.nic.financial.	172800	IN	A	161.232.11.54
+v2n1.nic.financial.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:54
+fire.			172800	IN	NS	dns1.nic.fire.
+fire.			172800	IN	NS	dns2.nic.fire.
+fire.			172800	IN	NS	dns3.nic.fire.
+fire.			172800	IN	NS	dns4.nic.fire.
+fire.			172800	IN	NS	dnsa.nic.fire.
+fire.			172800	IN	NS	dnsb.nic.fire.
+fire.			172800	IN	NS	dnsc.nic.fire.
+fire.			172800	IN	NS	dnsd.nic.fire.
+fire.			86400	IN	DS	60362 8 2 DC39CBEBBF22E91A1BF4A4BA771010082509DBF8F3129B04199E8497AD8E71B6
+fire.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . m1rjROEJyz+SlDrfRc7lPUr1HaP3WpAFNQL1s6nMwloid0CCVkeCnPjS7g35RapaPZfhHuaXh2XTkF4k6UujJCtLaCtPSCLx2C08mS4f2zOKZTmJFovTKU91iMW3lcBSqX0JyCdgAqxhWpbRRC+1m0LdGGokl2JbJ81sLott7UHahuQ3PZMV95zV50cyF/tEQHHWEabv1XMb+f5WAvArphKnp2K3Ghx6KAKEVA8rpGcGhdYJfEU/XvfnhTV1VR07frZG8EodWfc8ecf4HxjJw8cnXuby4Pwkw6cYhIUcZ/tCQdidm3ouzPrUWkPgf1ySRkZBFCfykXHWiTpkhdtfbQ==
+fire.			86400	IN	NSEC	firestone. NS DS RRSIG NSEC
+fire.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kJSiNCLf0+FjwzzwCCyswOht9kuuwHDwpNmqQje9ruUyiB0tMSFTnyrWUy7TpJYCAvvbdUEER0HqEWTsxai1n9xZF6hwFq6lubLAI3C4HFG2A4a5XYzYZM6sx8IJs00emsZ7YdP6O8PKxYr2hYeig/1QY6qg5Qc0E7GQg4/QZRq91rAYXt3ftCGArVvLgokSev9Me6ptvpHpih4ViBvCoy1jikeFpA34xokPyYnEKmydfAsMap+lUZRIxgDaP8RdUagWR/2n65MhEKZ1yb8u4bdiDxHFERogxU6ygbQ1m+WeGds9HRPEBWxip4RRNUOTPgIQObLsnzhjPFfIPxrGHg==
+dns1.nic.fire.		172800	IN	A	213.248.218.57
+dns1.nic.fire.		172800	IN	AAAA	2a01:618:402:0:0:0:0:57
+dns2.nic.fire.		172800	IN	A	103.49.82.57
+dns2.nic.fire.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:57
+dns3.nic.fire.		172800	IN	A	213.248.222.57
+dns3.nic.fire.		172800	IN	AAAA	2a01:618:406:0:0:0:0:57
+dns4.nic.fire.		172800	IN	A	43.230.50.57
+dns4.nic.fire.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:57
+dnsa.nic.fire.		172800	IN	A	156.154.100.3
+dnsa.nic.fire.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.fire.		172800	IN	A	156.154.101.3
+dnsb.nic.fire.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.fire.		172800	IN	A	156.154.102.3
+dnsc.nic.fire.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.fire.		172800	IN	A	156.154.103.3
+dnsd.nic.fire.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+firestone.		172800	IN	NS	a.gmoregistry.net.
+firestone.		172800	IN	NS	b.gmoregistry.net.
+firestone.		172800	IN	NS	k.gmoregistry.net.
+firestone.		172800	IN	NS	l.gmoregistry.net.
+firestone.		86400	IN	DS	9944 8 2 4FFB2B67BAD9D7C6D0DEF9EC1DC4AC201EF4137364729662E19F329C10801634
+firestone.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . taU8GPdrc8/tJUrDLyC/xFjAAyG5nqri1uURvdxd9p2LVLkq9kQRxvbKxwrU8ExXOezMYv1byHzAwG7BFTfHOHfmw1fdib/mHTIebSPBuU02u/0Kd2EVrfbCI3Un/ZrG0sO4i+BWTh4vI/MZM6JGAhT1LSGq1gRF3yrkJFRAHHXAjdJQqNQLBwwYA47igaY4sPW/Qvbg23HNHab3jsCH9nNEOy6Uod8bguXBP1gxbZ+2JBxB6zKJ6LvPATiAQfe0q357MOJka2f+MFuNh9kSL9ZOF7YgqhByew4RViABypyJaLlqmSlH6iEKD94gQ3sNGDh68la3lHK0u0vP/OX2JQ==
+firestone.		86400	IN	NSEC	firmdale. NS DS RRSIG NSEC
+firestone.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . B9BUC/MQpnIAgpQxH0cP9Dfd+Eh2r6XMXmWmv/Wfkm6eoOtIToH8QXmrncoPQCQwnjUX+x+ch4WnbSdES5GT8vRawB/sCK9vvRm514PBjkR7qUajrCVc9LWuaWheYJyXeIDxk9by0P30/Ng/ZXy2xRCivin4PCDTXbVsmyk0BBntmQWUJnYMNWYoOozW1oM7aJDnLGfSuOhAn6SxAkZPEySqGeIVVqztCPDJmDVVuP1N3aU1qxw1llDzOdJBCWSGfl8UZYo5yOnQVq7j0v4anaaxlkQFoIvbooMor8xJ3EZ0G0/ZxU8htDsCKWaXFnY6Z1p0MjiVuacna+2JTx0CCQ==
+firmdale.		172800	IN	NS	ns1.nic.firmdale.
+firmdale.		172800	IN	NS	ns2.nic.firmdale.
+firmdale.		86400	IN	DS	46150 8 1 242C19944D9422F066F20D3686225C2370D150D0
+firmdale.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EOoa1xx1Y0l+1EpEMWG85Cgz1nrbVatcxhAwfGSwNWDOuBjT68VIaqeDhXO/hQRvZoCjMdwgRos4S5XJeX7xFnDsghep8B5Ey813wfbuv6gLeqLNoOXsSc5cyNJLCZQyPu3ipj5dOOP1XOlkDU7nchVibSxvTls23qPljhXFyVldalFWHnp58988tLYWKg9+UJ1pqHCii3hUvjvufn+AhMLuaCH41vzGndCIDmCeowD6OB2jh6Wn2r7iTf/Ug4oQM1z5oKs15YvvMFJflHCO2UceU4/5dnIwxWqNezRfeD0CvdnmDqKc12YoiWB8i1JiK0xMv9JUbTHcFtOaBCDCsw==
+firmdale.		86400	IN	NSEC	fish. NS DS RRSIG NSEC
+firmdale.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BbwyAWPQOBXktgZeAa4W977oS6GD1R7qt9EXjPDLasr/F+b3BICos4uluwDI95AZzwZT8TxOG0wVYKDwwMb6tlxVlZnMQoqdJ6cK5t8qBUQOL1/w7XNQhXN/G0qhdmJsi2nEOoB6UUCgv1IN5lHN+rsXyVHA7eXT3qLdNWjsJj+NMJWB9YHuk05xNCEnLo/zyUELGjX2pMZ+AvWMyLZc0MPBM6rJhB1xsIlIYdolAjkmA9fmiJLLuPd/LLV1y3pID+ABRMYzq2SgFhEla1fnvc3MLANkVPIz0HJTHD4YPMGhn9J3oTMjP5I2+iFH/hxt0yRJUGQ11TSwwTclH4wUig==
+ns1.nic.firmdale.	172800	IN	A	72.0.51.1
+ns1.nic.firmdale.	172800	IN	AAAA	2620:171:a03:ad:0:0:0:1
+ns2.nic.firmdale.	172800	IN	A	72.42.115.1
+ns2.nic.firmdale.	172800	IN	AAAA	2620:171:d03:dc:0:0:0:1
+fish.			172800	IN	NS	v0n0.nic.fish.
+fish.			172800	IN	NS	v0n1.nic.fish.
+fish.			172800	IN	NS	v0n2.nic.fish.
+fish.			172800	IN	NS	v0n3.nic.fish.
+fish.			172800	IN	NS	v2n0.nic.fish.
+fish.			172800	IN	NS	v2n1.nic.fish.
+fish.			86400	IN	DS	46519 8 2 4B82D075B2315DA06036FA1F9530B15E142FCE0FF748F3370CD36877B1C50AA2
+fish.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UQaN9GZd3OxdM1/0UZ21d9/nuO/KfzFDEQEVWD1E8ymL0uTmSfttuzL4wcDoZnuGmMNZohpZvPA6i2mE/zUhkeBrTIg/vYX18XVDocBpDEMCLd5pnvjeMcjlkQGv3b7vogct40YwdnTpK59yEfgG9x0OJlZVJt0TE+GbTWLD/3H8N5MIlKfrInuabWjqOYaC/V65WbCxZ2x+AR0X7SpCc4Sz5vTs2sofb6oKKqdgyvwPcpFtU3vNxi1hwLbSRE6hqxVU5cecaPm1t/7NDRTgQgFblMnf08OxycWGAtNEmoaCwQz1ta2KIG4Ge51iRZCNWRaD6Rj8QrNO3RoA4ftyxQ==
+fish.			86400	IN	NSEC	fishing. NS DS RRSIG NSEC
+fish.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Mv3L806d4W9r3XCn51a1NogLnTn8BhoQvVWlmYoTd06ywOF6MKiVg9BTTZxCrmSCm52YKqRFJi1FoO/lTgCUPSvXPa5kDOLajxUNRjroba8e8Yu6UuT4BrOgyrk/dHYXnMDFEHEkCTnfRuRle4000ml+goKMUDo9KynauiPsbX22bybJMr8MKv5W9B1Q6eHMgn6n1qITDUfEL1wA2+VPDTyHTfTK/6smiKbYZj8xIUJHCm64yEsrjdUYM/1pOf6GWbyXHYqNRiqhEgtwLZSjZQAElKCF3Eag6ipla0mTCO6BOzHzlNXkhOradqP947qjQpaxL64xYiCxL+WAGA4hXQ==
+v0n0.nic.fish.		172800	IN	A	65.22.28.23
+v0n0.nic.fish.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:23
+v0n1.nic.fish.		172800	IN	A	65.22.29.23
+v0n1.nic.fish.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:23
+v0n2.nic.fish.		172800	IN	A	65.22.30.23
+v0n2.nic.fish.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:23
+v0n3.nic.fish.		172800	IN	A	161.232.14.23
+v0n3.nic.fish.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:23
+v2n0.nic.fish.		172800	IN	A	65.22.31.23
+v2n0.nic.fish.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:23
+v2n1.nic.fish.		172800	IN	A	161.232.15.23
+v2n1.nic.fish.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:23
+fishing.		172800	IN	NS	a.nic.fishing.
+fishing.		172800	IN	NS	b.nic.fishing.
+fishing.		172800	IN	NS	c.nic.fishing.
+fishing.		172800	IN	NS	x.nic.fishing.
+fishing.		172800	IN	NS	y.nic.fishing.
+fishing.		172800	IN	NS	z.nic.fishing.
+fishing.		86400	IN	DS	24019 8 2 51A5CC521F83D8BEA6AFE905D7F24A758C72D9341B550FC4E7AC0F272ACEECA5
+fishing.		86400	IN	DS	63775 8 2 8137BF33700CFB755C53EFA2EB3B80AC9630B05BEFB7E8AF34DD079E131D2C01
+fishing.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dSelP57zWwJPmSti8VqB+GX7wlhyx7ZpGidgL7gGn26WWEj5JJLQYo1GVSNxFRqwgheCufVS4EitelLO7Birp3yX6qguRoPmGCxnE0hFV6TLWoJJu5fJW2jr+Q/15hNuBGvpHiXgBlP3PvZvXAluG1guCLZXlIwqqyTI1SB/DqqH0GIsuiQs25a9WqvES9FkAZy7EtJzkrZJ+33meb4CkZmTy9djj5deuGOmPH2/2A6v+Lx6Jj9hde2D2icEniXHInjyok/uf7v8Y1sEq8Vz9FV6hvnH5Kp5AkUmXKWNwReBS8gqUyequPOpJchRcZ6fjekm5CcaGNJHAINe1jww7Q==
+fishing.		86400	IN	NSEC	fit. NS DS RRSIG NSEC
+fishing.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dMT/xQn1T9yvgCAM0C0Qk9grrde3LzTTVIfRWg15Jcl9eNxCEVRQnC4dpsmScW2oEX3WilzRZHJlAykswJwJhKd5KNhrNHbLjTy0BtSoGHgkisK9tRRBczu8mb144TPDFcJbZjdFhwKN4SfEX8LJP/dJaVCC+EbttJWRB3dprktBlhZ1+HMs0s+DMaFQBF95Lv1eZP68V8yZfFHmniIpK587RfUDLSAba3mQSPaXMEAKep++HSsgS5ev5T/lugT2k1PWWDUx3xOVO3DPHbsE/49Civnt3N4SpYnrYCrTOynumHgEuQdQvaEP64ZHCcqLUMm29X37gF/ILuvCs2Wowg==
+a.nic.fishing.		172800	IN	A	37.209.192.10
+a.nic.fishing.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.fishing.		172800	IN	A	37.209.194.10
+b.nic.fishing.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.fishing.		172800	IN	A	37.209.196.10
+c.nic.fishing.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.fishing.		172800	IN	A	156.154.172.82
+x.nic.fishing.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.fishing.		172800	IN	A	156.154.173.82
+y.nic.fishing.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.fishing.		172800	IN	A	156.154.174.82
+z.nic.fishing.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+fit.			172800	IN	NS	a.nic.fit.
+fit.			172800	IN	NS	b.nic.fit.
+fit.			172800	IN	NS	c.nic.fit.
+fit.			172800	IN	NS	x.nic.fit.
+fit.			172800	IN	NS	y.nic.fit.
+fit.			172800	IN	NS	z.nic.fit.
+fit.			86400	IN	DS	52846 8 2 67AC0D6B4ABDB3E427BAA988FCE6DBB8F5420027AB25D219FEC06E2FF8BABF09
+fit.			86400	IN	DS	61939 8 2 964CF669D1EC486A61CD6BE09167B36D5FDA20B21FF3950F4E1A2373BEEA3E66
+fit.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . COLANIVBwzEf7OiaCWehfJ07qtd9mSFzfrshp1cs8vJyLmoKhvaO0qXoV7e/O1QiA3izvJgTs3o5V87A8SvdUKftqZDTULk7OWBHlc8xNACzikb2GnQQGcwk/s4b+e2hreWjI20AR2Goi2JGgAIWP5MpQKcZftng3vJic0jzYqr5oYOvwiiyZ+BbpQJPGMdxvBKIAMREM3b/bgC+fNbf7gU42GajcIOgKFdKlnKndgctDuUgpUmCSg9+6VqB7GyWuxAa+m3Tp4DPnHiTYJVM5GLGWahtUitAfOpTY1FNNdAqx52VZVq5mMT0BlhcPDTPYNvgCiFdQxgn8YhAgWoLSw==
+fit.			86400	IN	NSEC	fitness. NS DS RRSIG NSEC
+fit.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KeVcxz4j1pbv7e4DtQ7lk7RWi0b2Tex4f+bp8DRoJgqrSb6g9FF1wffolQvydr/cS7JdMqNLhhklZ/ufqksqdgJ40iN7tJiOKx8yKnXiys0O1J2vBXhbpwG4uVVxMEgfRgxiq2im0iih60U41RwCh4d+6SO1Nd2d9S7/V8afoA/r7kcAln/6yPWufgUmE4oDjXGj9I8HqRbXntqcDpg7D3qleWN132rBPBC7QWWi7rR4Mz7Ax/Ye1YmwBNJENsXRKe0q/KqP5fLmb1jR9XciWgVo3OV6zvVNTAPbFEKoYYmJ6V9v4yfNFuCun3nm+koAOEMuuej9CnUNy1/9ePznVg==
+a.nic.fit.		172800	IN	A	37.209.192.10
+a.nic.fit.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.fit.		172800	IN	A	37.209.194.10
+b.nic.fit.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.fit.		172800	IN	A	37.209.196.10
+c.nic.fit.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.fit.		172800	IN	A	156.154.172.82
+x.nic.fit.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.fit.		172800	IN	A	156.154.173.82
+y.nic.fit.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.fit.		172800	IN	A	156.154.174.82
+z.nic.fit.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+fitness.		172800	IN	NS	v0n0.nic.fitness.
+fitness.		172800	IN	NS	v0n1.nic.fitness.
+fitness.		172800	IN	NS	v0n2.nic.fitness.
+fitness.		172800	IN	NS	v0n3.nic.fitness.
+fitness.		172800	IN	NS	v2n0.nic.fitness.
+fitness.		172800	IN	NS	v2n1.nic.fitness.
+fitness.		86400	IN	DS	65515 8 2 637C29078214FD97DDC25208CD00FA607EAD761BCC5279AEEF00AE91AE8997F0
+fitness.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Yeavnik6uR/Jh3S4bOznnt3ueZriHevgza1RKbrvEyPkYUmsZx/vNmtKs+fYhWdVliVg1BbUdkTjV4I647xHhasE/1Lm3fsWMhUSH6hCASWnnjF9I/PD4vVCSVrlnpnDRvpr3yXCmjmNadDAGGroZwWup9V91MqT4qhbeLrx9OHA6QVLw44iDy8D3WpbIeC2wMNW807gR3axs/DAjVb4YLnZXUqnNqQz0ZinD/DjCEgLI8PmwH5Hw8U2Oj2nEVCAyM6ZZRKCVuWFlaXlNsk6+WiTKAAkr5zCIrOa/Qlz7esYJDuBH/jIoUJhp3T4e8Gcd60Vd1L7pNTDetet++9U+g==
+fitness.		86400	IN	NSEC	fj. NS DS RRSIG NSEC
+fitness.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pfoj8ieNpUIub3ECNv1t52R09YKbo8IxLmOI88yu2FZlv/GkAb2iv0P2LJPegU3pnnw5WAKb0FPuJY46hzGDZg2WUEtpauTa4XODuZtDNsZ3owFao3cZ/vojo7DJvA4FodR0UVV27D4fJUy5xHBzbWgbxh4lMfu0UrwEUjAA5FKqRsBQrjFdX70WrYDquFYY0rmYC1brFW3ZZDQWWZ9PZUdGujBxbYAbAamjpRznSdwxTtc/O0sGvbxnm+rRtm4+/Ma7Q4oLlv/CrXQF9bsxtBrVYTLtZvSmUEUZF09lTc3dVla7WNsjF8U150d+XlZgommZ5/ZHzRXIJnfG012mDA==
+v0n0.nic.fitness.	172800	IN	A	65.22.20.47
+v0n0.nic.fitness.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:47
+v0n1.nic.fitness.	172800	IN	A	65.22.21.47
+v0n1.nic.fitness.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:47
+v0n2.nic.fitness.	172800	IN	A	65.22.22.47
+v0n2.nic.fitness.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:47
+v0n3.nic.fitness.	172800	IN	A	161.232.10.47
+v0n3.nic.fitness.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:47
+v2n0.nic.fitness.	172800	IN	A	65.22.23.47
+v2n0.nic.fitness.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:47
+v2n1.nic.fitness.	172800	IN	A	161.232.11.47
+v2n1.nic.fitness.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:47
+fj.			172800	IN	NS	ns1.fj.
+fj.			172800	IN	NS	ns2.fj.
+fj.			172800	IN	NS	ns3.fj.
+fj.			172800	IN	NS	ns4.fj.
+fj.			172800	IN	NS	ns5.fj.
+fj.			86400	IN	DS	27739 8 2 D7FE923EED1E1194597CC5EBCB37D10F3BFA2E927159F5018CDDB86D30665ABB
+fj.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qkPlN3sivdbwlgmOwYLCa+Pk52DBbXjFMB1tUahAbesYAoJWbQAI3E4I1fk25fZHb3rtnf76Dfo6Q2mHa/enTm70wOxQCKww2vW3tiZ4zd24u+tFOGtWh641HFkJ6rSbzWN3AAP+EBJGjhMWKesNKxEEPCieuXceegxLTaRim9IVBdX0xycXvqkhxLK0285iEAH9SnaSjB3DkMMqS0RJ3HestoQKtUm10E9/pAkYV9u04AVbyqtKwbeNKBiaLWcc/od/pPDDOQlkVClMD6+6zNd7GrY7m+ldsbUBX5fn+4wd7FLzbPRwyOyy5Ot9WR+VYKGXwU1XV9SWbzVABbNK4g==
+fj.			86400	IN	NSEC	fk. NS DS RRSIG NSEC
+fj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vVB1bC11orNF53npEf7YH89YwUFtsa9xFfo2fiNH/0qz6i/Ka66Enq+wkg+PkmXw06ExLTHhArdXsSThftfUmqmLvZAlb7PHGN8zIFdx2874aVIDXevBn7/uFv2m5ISV8KxHzz9lJyf3LNCU2qnq8Ny9ggNMmaAD3rtOyn90LJUqd4igTYcCANc3EnmFMnBtwKhyK/pxsiS3QLmQ92WMNdrzdwfnAZGq4EbnOhEZO1mvKsVYTyAy1oCEf5wCTdaBFsW25X4i3m68qLGS7Touuxc1XJh4dPtPkg+Sv9pod/P38QaPgaX/c6Z02yaOXu2Dkm8nsKu4ZcMlM1OAjzMP8g==
+ns1.fj.			172800	IN	A	144.120.146.1
+ns1.fj.			172800	IN	AAAA	2402:2940:100:100c:0:0:0:1
+ns2.fj.			172800	IN	A	144.120.146.65
+ns2.fj.			172800	IN	AAAA	2402:2940:100:100d:0:0:0:1
+ns3.fj.			172800	IN	A	185.38.108.108
+ns4.fj.			172800	IN	A	185.28.194.194
+ns5.fj.			172800	IN	A	204.61.216.138
+ns5.fj.			172800	IN	AAAA	2001:500:14:6138:ad:0:0:1
+fk.			172800	IN	NS	ns1.horizon.net.fk.
+fk.			172800	IN	NS	ns2.horizon.net.fk.
+fk.			172800	IN	NS	ns3.horizon.net.fk.
+fk.			86400	IN	NSEC	flickr. NS RRSIG NSEC
+fk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lgdu6CZmodh2s8rzGFnVFBLzEhzdty+ELawZqze074UPm0lRAK9T5eKzgk7yMK6jNDK19+phu/aNd4PnX9anrvW+Bhc+4SVWhjyeaV2NaNnNL6ZKlZx0gg+HWUNdsSujY6D/EyywRF515QAJjz9UaDoeEO2vkBG+cNxgNuDDKB9Yp+ezCbL28o1xFambi3rgxff3S7Nc229H3v4042aLu0vDOwYcz1Umn23nq2XBZ1MPVlEMm/CP6Y8rRvDOdqaU7Jzu3AcTvFiH+mizJjUQvRTTZQ5/tP64rnmXIRR07tBJBDx5RYo40sTkuAq/tKBFQ6abZXiZ2RgYoCaR+LkPZg==
+ns1.horizon.net.fk.	172800	IN	A	80.73.216.250
+ns2.horizon.net.fk.	172800	IN	A	80.73.216.251
+ns3.horizon.net.fk.	172800	IN	A	93.187.151.42
+flickr.			172800	IN	NS	a.nic.flickr.
+flickr.			172800	IN	NS	b.nic.flickr.
+flickr.			172800	IN	NS	c.nic.flickr.
+flickr.			172800	IN	NS	ns1.dns.nic.flickr.
+flickr.			172800	IN	NS	ns2.dns.nic.flickr.
+flickr.			172800	IN	NS	ns3.dns.nic.flickr.
+flickr.			86400	IN	DS	5335 8 2 16642C254C1CE6557C42465FF0E2053F92952A38280642401DAE04A51DB01030
+flickr.			86400	IN	DS	54904 8 2 A0C9B5D4A5705BA6563443E9A93BE7202551583FD55054E2FFA1B210B17F3903
+flickr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QASL/PxNmwHynU0vsCH5tfF8ItRTfv+aCu+V2cL4Lt3Qi9Z2vAoBA1gydXUH92sA3SiH74rhJLy/pGQGdeVwEox1PJ2y46eqC8k8Iqj74+oHukAgPqGuGcZelq8sCkXBfZjKGjzrr0tuDu/UoMcQC+jSeIPylVtOYNDoYx2jMtjp223MeCrQ0qpIjLmMFKwdoUY1SoU/cvln/cmLM2T4wO6jll6878mAVohi6FlQ0xHIgiCKM/h62bKtEJ9iejJYRO7t49+ZP0uLNEA4oiB3FV1fZ+woyo+4mUMbkkZ5wUvFv0K87N9mUREn7B55OOKg26IaTPdTPWUvW84TZaz/+Q==
+flickr.			86400	IN	NSEC	flights. NS DS RRSIG NSEC
+flickr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WXQCG/MdCGq7IgFTIidaXiaMcDawAvEndaLbd/fwj7O4QBHdUo4uwMebEGeWMl9UdjvutslojPPzCdtY+ZduEPJNlpIFpObiOmsWnlHphpoxZPJ0b0TnrrIyG0RCmnAbcydJCPax8EEv9spVQ0G2hglmdoC0oISrkpcvo/32qKtvJc1YfS/+nO8rqH5gxiz9TMuAwq24LNKz/3nwXQ2Lwnemw09sc0+JgVg7VwatZJp6tqq+fDv0a0ej3HN/hkNC5ClnyRXRmcktEQLus+JXIZYIVzw6hBlBoPzs7hpQaE8Ghw8OqwDIW6GuHktpaa2Eqlv0dLWghxLpFKaotI8tXw==
+a.nic.flickr.		172800	IN	A	37.209.192.9
+a.nic.flickr.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.flickr.		172800	IN	A	37.209.194.9
+b.nic.flickr.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.flickr.		172800	IN	A	37.209.196.9
+c.nic.flickr.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.flickr.	172800	IN	A	156.154.144.60
+ns1.dns.nic.flickr.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:3c
+ns2.dns.nic.flickr.	172800	IN	A	156.154.145.60
+ns2.dns.nic.flickr.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:3c
+ns3.dns.nic.flickr.	172800	IN	A	156.154.159.60
+ns3.dns.nic.flickr.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:3c
+flights.		172800	IN	NS	v0n0.nic.flights.
+flights.		172800	IN	NS	v0n1.nic.flights.
+flights.		172800	IN	NS	v0n2.nic.flights.
+flights.		172800	IN	NS	v0n3.nic.flights.
+flights.		172800	IN	NS	v2n0.nic.flights.
+flights.		172800	IN	NS	v2n1.nic.flights.
+flights.		86400	IN	DS	2104 8 2 E78701C441507DED68434984E0842F491BB2BCEF7F0F06C9B4C964AAAAD7222F
+flights.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JUCrL4aBoyGhxsOR4zMRaXz1eXk0s5nD5M8gtAEy5tibFAqOcxr/Qqqgn98LSHwcK2hCn7UXWHh1UpFCHkij6EssBGKmfhVM+mX7fXBAUUG7VyNhtz1FZbM/pcX0RtrSe4vOPNwVIx5CifugJsGrlwbj1HFNr6VMSIKoD5DMTtSltRy/2FcTkAQsHc+aPfE0UoAHtJUht3qyUJRFp88FDSvmfQr9Q8NtdwSUJTkMOI3/7pgG/H7J5Vrf8nmzg2T3TKuaPHL7LLkPucvbrZ1kEJ1FSAHQzlrmVequ+LGG281IfFFpSTJFGb+5nLtsxmaK/m9pLiTvpZ0TpbHPVtW2Og==
+flights.		86400	IN	NSEC	flir. NS DS RRSIG NSEC
+flights.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ETJCwZaWfPdeda0VXbplee3Yh5Suhs1PSyghFiOVDSmBVErBmTFbxYCSykyoGcthJK92WUoDE9uwDvwjjM4iLFckgjDHJWvh5BHFMyIxDzGnjML0QCKtaQYFw4U55HhGOv+pA6a4hRq7tiUU9TokSbjxaqkmIC5T7st7Msbubb0/d5NEM824+kXhwn3LOkavIbyW/g3MDghGzHocc8+qPGDYFBjjrcKOco/hnnpNSEX4Rj/d+1Liq6+0uTbMWi4ZEK4tpvapMyZZmGctds3gyTMJtj+vq1z8sWYij5/k6TKta9ExmSsi19cAhGnTimfEpXQZ8UfysnFGyPsDo1nNnw==
+v0n0.nic.flights.	172800	IN	A	65.22.28.31
+v0n0.nic.flights.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:31
+v0n1.nic.flights.	172800	IN	A	65.22.29.31
+v0n1.nic.flights.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:31
+v0n2.nic.flights.	172800	IN	A	65.22.30.31
+v0n2.nic.flights.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:31
+v0n3.nic.flights.	172800	IN	A	161.232.14.31
+v0n3.nic.flights.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:31
+v2n0.nic.flights.	172800	IN	A	65.22.31.31
+v2n0.nic.flights.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:31
+v2n1.nic.flights.	172800	IN	A	161.232.15.31
+v2n1.nic.flights.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:31
+flir.			172800	IN	NS	a.nic.flir.
+flir.			172800	IN	NS	b.nic.flir.
+flir.			172800	IN	NS	c.nic.flir.
+flir.			172800	IN	NS	ns1.dns.nic.flir.
+flir.			172800	IN	NS	ns2.dns.nic.flir.
+flir.			172800	IN	NS	ns3.dns.nic.flir.
+flir.			86400	IN	DS	7306 8 2 5D9F70DE986FDD8F93A84AD0E5D458A99C8B04545A49F60A348B6A05C4540F4C
+flir.			86400	IN	DS	24484 8 2 3DD6835D42B1D12266D8FCB2FC29B0AECD5783CEDA9792A213F32FB67889C64D
+flir.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xJBzwontbhkRry0sTT0i2h6kVfA6SqByoPeQgVxlseD6Wvn4I9KQ3pRqiIdHnoXephP7A43sGXjCoBmnqDfabmekeNDVaGt+C2kjeREKSQAeL5TwxMFzxbyDIYcbAzXDI4zgMo546+PgulQTBdYpfnxkqRVPZC82Tj3aZsKipI6vix7scpeOkGwmWOaE13WgK+AQLmZMmkkAXtL5UPNJk1TAwwOnKJvrGRO3y7PNZ+9PXCIFrVXZCtAcx4+iwmHib1/8ndhy0dD0JUmpT+M+6EgLbuLog4vD5Sveh5sKxlzYJKaLuwuUJ/2kxMS4HYl0Yh41nmvSa+ZzaiMf98bgfw==
+flir.			86400	IN	NSEC	florist. NS DS RRSIG NSEC
+flir.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RD2jbAkS2sSZuBHSvVgHoBpL9Mf2bY2mXtE7nw+zmS63/rhMhFILNDEoP2a0ubc1N4GwD3XVktNQFkEv1p3vH8vKbRN1WCFIuP7saYFBudlv8k84Vk7RCPKDjqAqupaYVimDcY5gzDkAbxCwtszX2jAqLfCeQdNsUHnNPxBKUF5kRAhLvnmOAZg7BXJAbsV4i+MUYjy8WRDgvPQU3KInRUkhVQ/n4UK5DZR/8eYJ0BjxvtngfyMxLf1nhL5cc8VCK0/6ppwrZO9jWaiA7C0ucm+0KeluhQYdpZHVls57W/yhthpUIVFaIpLjYppZivuRDGVa5wbs+dlYDgl1HGBGUw==
+a.nic.flir.		172800	IN	A	37.209.192.9
+a.nic.flir.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.flir.		172800	IN	A	37.209.194.9
+b.nic.flir.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.flir.		172800	IN	A	37.209.196.9
+c.nic.flir.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.flir.	172800	IN	A	156.154.144.61
+ns1.dns.nic.flir.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:3d
+ns2.dns.nic.flir.	172800	IN	A	156.154.145.61
+ns2.dns.nic.flir.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:3d
+ns3.dns.nic.flir.	172800	IN	A	156.154.159.61
+ns3.dns.nic.flir.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:3d
+florist.		172800	IN	NS	v0n0.nic.florist.
+florist.		172800	IN	NS	v0n1.nic.florist.
+florist.		172800	IN	NS	v0n2.nic.florist.
+florist.		172800	IN	NS	v0n3.nic.florist.
+florist.		172800	IN	NS	v2n0.nic.florist.
+florist.		172800	IN	NS	v2n1.nic.florist.
+florist.		86400	IN	DS	48775 8 2 3FDFBF7D66854164BD6F7EE44CA6E92F8E7D23E577BDC213D34DFB62A0093E85
+florist.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F3Jd0WaJF/iZeuDWt6k4JlHG2Y1RYin6sHwUmS4t1ATXlIbmSG4tO0gH41B9678oTogQdaiV4KinTT40UZ+vgRdcI2fEVYo0jTgdttY69g0CDyDmL+o8msQV814KHCMNcktgdZx5HCQDvtoVLZXk0E+TKK4GswJa+T51s3niCyiD6Gb/RQND/spsZn30HRM/2KojN2zWybXekLx4oiZzxsTY0HKucPPa6PXkRy+4fww6Ff3t13Zxb2IMtelbQ8/sjKs4apaNvx26GnjcUdtKv0AsPadBp1vXqcw/9oK+TKsWG3mAI5UhPbAeAbsKd4kX7ksby9Is5JPVb7g2/PdkJA==
+florist.		86400	IN	NSEC	flowers. NS DS RRSIG NSEC
+florist.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mbpx9gNib5E4DU3DeNek7easXiXBullAcXd18XamJhbqUV8maZUKxs9a1JY2Wl9nwpCutGcAr1kFwHJTEq89vHK5xuPq6yf9Z2R/w2pw76doDwXVgxcHzFKxDWP5v1V624kXOBuRc5RAFtxDjzWyqmyGcVwSEDkzk3eVDCZJKmFfw9+jN5EDDB0Qv3rSpTusc1sggoKZKw/vVqV7D3wSj+O76XqqFer3ZUD3rSyKeh9J3DRuXR2QD1/kJK5B2qrM/N2t1Xub17EPL4gAgT68beiMLWN3Ya/Yj/PSZ1MuGS9qGSkB1KZmPla8ZkR6HS2AxtP7zGNd8tq5BIQFATNG8w==
+v0n0.nic.florist.	172800	IN	A	65.22.32.30
+v0n0.nic.florist.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:30
+v0n1.nic.florist.	172800	IN	A	65.22.33.30
+v0n1.nic.florist.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:30
+v0n2.nic.florist.	172800	IN	A	65.22.34.30
+v0n2.nic.florist.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:30
+v0n3.nic.florist.	172800	IN	A	161.232.16.30
+v0n3.nic.florist.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:30
+v2n0.nic.florist.	172800	IN	A	65.22.35.30
+v2n0.nic.florist.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:30
+v2n1.nic.florist.	172800	IN	A	161.232.17.30
+v2n1.nic.florist.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:30
+flowers.		172800	IN	NS	a.nic.flowers.
+flowers.		172800	IN	NS	b.nic.flowers.
+flowers.		172800	IN	NS	c.nic.flowers.
+flowers.		172800	IN	NS	d.nic.flowers.
+flowers.		86400	IN	DS	11746 5 1 48BDCF4CDDC2A930612A0D41E3DCBDFDEFD6B433
+flowers.		86400	IN	DS	11746 5 2 D3D6C0D4A9E2E40E92DA8203B7EE72A80CE3B9220FB51B212C6CB25A1B886D5E
+flowers.		86400	IN	DS	44614 5 1 16E65148CD02D28C72BE03EC2AD4F0B7B8EA156D
+flowers.		86400	IN	DS	44614 5 2 E504240FF007EAA0829D9CF47F27FDD2B8C4C03E113C9D163FA0766D6716609D
+flowers.		86400	IN	DS	53083 5 1 FF6D6BA7638E7D8010867C4334D20EED0D8F0D0D
+flowers.		86400	IN	DS	53083 5 2 9F8BF09B0D588D739D4F88D9E2AB870C3EE1368EC69089EA744353CA27B49C21
+flowers.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jy9kNBjaw9/XCsfGg75SpMSXN7HfIEgwYLqjz1IEF30MmkvkONDb2cBli6k6HWr01IBLMn9TA/dYezXIKkM+K52KwfwzXIYXfl+VYXETGi9oqvQBfXBI2z9v+1CO2gXQiWXNpkZt3Her4wjZAJYUgnjI5mnNKZetHb9aBpZzQTQnPNwsfutcyHitBvnthNtrwq5MvrAjdDjT3hMhsAieyz2msu/zi70l0JDnRYh4sLkSuP3rXon2OoHVz9q2Xtx9a89PrCaQx8s/Chll7bVzUVTM5EL8eK6h13toFxRiDiJLcwy7APW3ORU3BFofBRU8rAY+h8bz78yzeTTcsWu3ng==
+flowers.		86400	IN	NSEC	fly. NS DS RRSIG NSEC
+flowers.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uO1J1f9yOXxImz2hz8v4Vk+uCNJmUMJx8lPxtU5lPKmFZKIFTXkerM1JG1oLWcgKFZzI92uMOa+W7nRC0lcZcBFi25bdtSOYdft0JQM1SrO5RwX2Ew6F657hMX8jFt4wkuX/zkbNQwQbY1htH3oUv9mse9QkybIjQQ2/BoQRnU16o5uorXy0P118IUEiGt0VUwKibzg5ti7GnnK0DYLoBaXb1uGQWwXliQhM0k252xkdIDMmaP8fso9I500skvUEHTBpdu0LuLEpJInwuXPnWdT4HPuo9+gdEbzc2sFoHjpCDP4kenmPBH68JS6F4b1mp/ay1LSmCTijWA52D8z/JQ==
+a.nic.flowers.		172800	IN	A	194.169.218.154
+a.nic.flowers.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:154
+b.nic.flowers.		172800	IN	A	185.24.64.154
+b.nic.flowers.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:154
+c.nic.flowers.		172800	IN	A	212.18.248.154
+c.nic.flowers.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:154
+d.nic.flowers.		172800	IN	A	212.18.249.154
+d.nic.flowers.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:154
+fly.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+fly.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+fly.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+fly.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+fly.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+fly.			86400	IN	DS	65399 8 2 78E00A911E48A9109506338E1FB131C462333AA1E35C00E2F24971D28A97CBD0
+fly.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CdnJvR9mUpQrmAJl7GlLXrIGguGbCzglt/C1VS6tz2vJU6SEs4lNUM74NuTabs01kP5weNL6w8GQ6GHyQ/TXzuJ1ghyApeh8SR70LolLJvs1DkmGSDHYcR2LJgCJVzONzsPv7z45NYpyrlfPpj+HLfndEEMwnWxU7gI5ShBfvB5Qgrr1Hgq+e2UbX2yRD7/0I9fVl9ubvlVoDiemQYYiHLovfjfuwwYXy5Rb+oi3OTbz3f+/f79WeaYwFfDF4iRJaXoDPeudXj2QSGpD31aAOE41ukhJe1oWI8ar6BuMKHOZEwPsHS2cHF3o4Ap2mnSokcwQ2xqc/8rklHE/FWbyBw==
+fly.			86400	IN	NSEC	fm. NS DS RRSIG NSEC
+fly.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oMZxafP3Mcz0toUYG+DAD1Z+SIBFnjidf0K6fQ/sYkTRZHjMAq1kKvJi69PJY5GpWbT5DPLdnRRh/KxgJT1kGMWg9F+xttQFwkarjMt0hdjTjKrj2b//hyVtsSw7YXFiOcy1Z8x4ISiErUeqwF2viejfIpkZF7Mb2lLywjFMLVFGFqVAlRpuniCnWImR/l3qnJAe6n9i3Upbty4KwuURPgp/WaWSsxb6O2KgcdegEWg4hFshZTjPIatGbHrOLZr0N5asFxfBOGIBh2DPzsh1kUWISPKpsf1CrHjnceQQWWcm+m+qirymUx1cro8Dg9lhAXR2s9YOA8iLpf0yTiMdRw==
+fm.			172800	IN	NS	a.nic.fm.
+fm.			172800	IN	NS	b.nic.fm.
+fm.			172800	IN	NS	c.nic.fm.
+fm.			172800	IN	NS	d.nic.fm.
+fm.			172800	IN	NS	e.nic.fm.
+fm.			172800	IN	NS	f.nic.fm.
+fm.			86400	IN	DS	26186 8 2 DB3703697384A6F8B3A944A21C1A81FFD921000B23AA4241380B4BA3AA28DEA0
+fm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . K6YfOPBThzeeluLQzy9BvWCe/Nn2oMt4yuBZqa5m3ZHqxhoNCIJsOC4OYV8gxAlHlRPppSGSbhdxbbd1oGgnOL5UmlLW19gg1N3pl7glkkOoiI8eXLuB6oAXLjWCTCfQwlMACaL7x4sEZYbDyqGU99GPb6wi590V7oZ9epzciW5yrZMoGpm1u0Ijxbteu+vKj9urfH6ATJEcXV3IQ6vQyqhLeMQI5+8qFpB3Eaf+pNJyBV+iXNWJWbJy6r9qzABJIOP4oRzuy9S6TPfwEhIRWzjpNSxNNVJyveamQF2BTFVguE0HK0ZyFccfJ2YUlQWSQWcB1+K7PvtkCW2CNAU6Ag==
+fm.			86400	IN	NSEC	fo. NS DS RRSIG NSEC
+fm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mY0nEgPykbKB4LH7EOMrugQvK7KXLJYyAA56ni8Tr9h9bCb89++H6Rrl+VIW4n5WYn7t+YdEqO1LNKhbwvl26N+vtDjDOJa5M/IZa33z9KPHwUy6xZNjhC861aY89IoOyzGCx30ldwye2GK5hZz2D+mn5AiUwjNk+GvtRbFgRjDQnLX/oWUECseR0HP59/t+162jHPsphP1k3dRhh/wTtBJAQUJCWkUtBXWOIlfTH9wAI6VrLuKVJhGXLWRfdRGIB+vupuZkOJ+t6RAcFA0tJLOunAglQz+g3uX83HwsBXSgkdZSkW4Yj5wexOK6NUEfHquTsP1cDDdT27o+Id5G4g==
+a.nic.fm.		172800	IN	A	194.169.218.26
+a.nic.fm.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:26
+b.nic.fm.		172800	IN	A	185.24.64.26
+b.nic.fm.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:26
+c.nic.fm.		172800	IN	A	212.18.248.26
+c.nic.fm.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:26
+d.nic.fm.		172800	IN	A	212.18.249.26
+d.nic.fm.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:26
+e.nic.fm.		172800	IN	A	204.61.216.137
+e.nic.fm.		172800	IN	AAAA	2001:500:14:6137:ad:0:0:1
+f.nic.fm.		172800	IN	A	206.51.254.3
+f.nic.fm.		172800	IN	AAAA	2620:171:804:ad2:0:0:0:3
+fo.			172800	IN	NS	a.nic.fo.
+fo.			172800	IN	NS	b.nic.fo.
+fo.			172800	IN	NS	c.nic.fo.
+fo.			172800	IN	NS	d.nic.fo.
+fo.			86400	IN	DS	6691 8 2 A752CEAAE4E28B4232244E5486D55889F117A15B81D3128CE7E9359F1D47A445
+fo.			86400	IN	DS	41527 8 2 6E7925D8D6F243EF35381231B955528F25087DBF3E61CC5FCBCFE72948D0470B
+fo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vHPlXOXRWoqJZxPQ03W2Nn9n8kNz+DfqSMRvfFxBo6XJyiL6+WuNLx3QbWj9Uav29KJr5coLgR0Iq5NCFB6NIgMynLNM7KisoO2ytSOxhCR1fYmUksm0K3D3iY5cJWYtRwW7Vxd08PnZpbtetzItAoBMJ4bvWz8byWbRYDS8xZc69Rjq9eZZWrum3USXqe0rlyAvLRgPUubEIUemacdQ/ACv3N54iW7N6MtcHPcn2d5uMVnOpC7/nQ7MYb3rA+LrqGIMrI0V2UOSC7y6XwACIKSgiymwL3L0nwCep2gJHZQkclGojHAHuh/webYwOejPMmZOv586HTMufUUfw7UQgA==
+fo.			86400	IN	NSEC	foo. NS DS RRSIG NSEC
+fo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lwLI16/lkuRQVBKN6KUV3UK0FLp++YtefUhM77YB5htfYIg5VQiYcxq/iAbDXQGphWeOT+AO/e71De6M3MQ5kZbn4U7TlXIhnThgaEj5H0dJyk/HTE7cxdAlTqObBy1zeqc6UuuBxZJk7YyXQvgimyLSwvgrXleVACJ9jKDx61qyXBwWsuiXuVNezvh0z7M56CG2vhfow9nZWGYVRmQbyHm4zRZT4bO8Lq2yyrKTElgB9Ys/KsEQHZ3nVSgyLljKpeX1Kh2BFfB5G8FTRbqL1f0RSyTR8+AzEqZkMCgY5pkBiXR3whMuHBKWFU+vXUbpSRSroFeR3DNBVuF1HvfWFA==
+a.nic.fo.		172800	IN	A	194.169.218.27
+a.nic.fo.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:27
+b.nic.fo.		172800	IN	A	185.24.64.27
+b.nic.fo.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:27
+c.nic.fo.		172800	IN	A	212.18.248.27
+c.nic.fo.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:27
+d.nic.fo.		172800	IN	A	212.18.249.27
+d.nic.fo.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:27
+foo.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+foo.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+foo.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+foo.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+foo.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+foo.			86400	IN	DS	59840 8 2 CF97E293D4692C8085D5254B04C77780D1A217A692D5D0EEEFC7A8E282614F1C
+foo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sFMn1GU+qyZkM6eLKPktVFUr7zzTjgjiBpNPV82SSYk8W7SzOtG4F5QtoE08g4CKdRW2wAkLfv2xQ9hc/eNLJPskiR5n/k+HA3I+65afXotPqagYTGfa9lz2nwrxuEDxp07CgCUQhpIb7TM9pcD8QCFp6gkOQIfZ2AMJ1Ij7bPVz6QJDj2ZJHqTrPmR7c3r3h5sqj2rfVLgd5a7EeNmTMti3AlQWTWKcuWAmvIQHo1HgN3eeU393Xa3qctDAY0X5jY/ka1E9hODNPf00aVAW7QWc2FwRILbgxLszkYtaOTWG0K8vXhxP0PpR14olBUkH0Pj+XlIZ9nIGVvOaXAfFRg==
+foo.			86400	IN	NSEC	food. NS DS RRSIG NSEC
+foo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ghsOjsgJMbrlVNdUnzEP/Ey5gKNH/LhB0PdBajplvPPlpfSEBMNtEClLRYXRWuKDTJf8UakutxMHUDnpx4APx8U2wvb+CM80TZvVPM+bD12uerMfqeVJHgEBayEnndsFnIiULF8WOcSZiS3O2FrD84GI9ZFDjzmsHU38n5fnZsssIHqDj5RDtsjzKxqjiatvHCjLHUHoAeSxPn4k9vA+OySBfoCs7lRq0QlJn4zJjqh1T34gUAJ9XJ+I0KhoSxCnXa3brYNtSu3W9jeQwl3g6kwZBsEG0t73ixUiWMKGqvD5L0ePpH4Hmksw0/o2dVRGgCFARUszZ2ohyl0++byQlA==
+food.			172800	IN	NS	ns01.trs-dns.com.
+food.			172800	IN	NS	ns01.trs-dns.net.
+food.			172800	IN	NS	ns01.trs-dns.org.
+food.			172800	IN	NS	ns01.trs-dns.info.
+food.			86400	IN	DS	3415 8 2 CA071E56345C271F2097DEA2FD030A761869D20ACAF34540F56C26EB484A4EEA
+food.			86400	IN	DS	42180 8 2 4AA1F08B292B3835FD27B5692D0CD0C1CD0119BF1455A69506E50CDC6C47D761
+food.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XteDI6hhejsYfRtS7JCiSLD2ypP8j2uA3dKP+Pu1Z8CJ4gF4JdHR8N+MokSK0NoT7AcLimI3K07PlG9zf+Vazii6085sI9GJD4HzBoqmlKjGQj3z4s5UpAwJ3TjyIEePwfQU96zk9YNN4DkJ4hkOKfhiIf0/1/XtOeKHGKzxe1QZAk9z9b3/1bAsTcxb5iMy3bYGFb53NaxxmUVMgEW6gVt+SBC22tmw4lKyxe5vEN8PUlkeqr8GC/Qd5uZXGe1xrkg+dTrlfJtSaat46rRXHDVJ1j1hO2A40wYRAEAssijUmFEfoC19pS5FLyy312X0cABSECsQcOzy6Bci/pFO3w==
+food.			86400	IN	NSEC	football. NS DS RRSIG NSEC
+food.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ymM+TAlFqhSiGM8qkCvbFDXUhqLah9MVVqAcsNJaMDFITP4NawugMx9CYiLXlTRAwI7/apQM6rZQubA2tS1Rtb4R8nVW4suqYnWnuOYmAlxO3aU98r0TbvIWny2SzfX/P/uphFb11F9nr/9PtnoXtoi4vTBGUiICt7s+9NbH3NiDEDqP3XWr1TDYjwDeC+S+j1BPRRVo4EnkWTcjpN4AVtnpg0sFDGuKCITvOHf4a6VRo9hhhSC67LBHi0ShfteWHdZVcjHFlAlPekeRzdiwGPHl1GvJgnFGBHQhvNDK8qqf4VzBvBT0InRHn043v02fFVR9Ri1FOmgrMl7jdNmuSQ==
+football.		172800	IN	NS	v0n0.nic.football.
+football.		172800	IN	NS	v0n1.nic.football.
+football.		172800	IN	NS	v0n2.nic.football.
+football.		172800	IN	NS	v0n3.nic.football.
+football.		172800	IN	NS	v2n0.nic.football.
+football.		172800	IN	NS	v2n1.nic.football.
+football.		86400	IN	DS	55084 8 2 D9D70577CD1802B894946548997BBE9671ECF7AB3A6F67882064C575D19CFA50
+football.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lG8RLrjXNBw7xjDg1HXo+0lGzNpYukmM+imiNML6r6LT1uYFwPg4DQTXU2whCDWvrFHB4lcix+iMfo3r6NeQmAm2xuxLe7SNl95rUko8tXnoqpsIQnvaWW7pgktPnT30/f9pqQBfPAlFJpshYIubvs7kD0LjjUNOHGpgporIruP8zZy1A8qqoJllgKMubhSLz+xjb/14YwvrtQh0kLAVTtGrwCirm0A4FEQxhR/4ylUA/HfUGTyCmtsBXfa69sP0o5fo/41aHrS+OkVFgv39qfo+ZysDemwyfrnxyTOuIe6QoWYqyZpkdcOwuvWDt6aJmLg5xVFXwxNTSeM92XeC+g==
+football.		86400	IN	NSEC	ford. NS DS RRSIG NSEC
+football.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . baepbdpFKapYNUEsJnSMWN9MLMzvZrzg6gU0GR7/E55FutjYfNqJXM/W6e69Fp5SHRkY0ksLCXOls+/v5viJ+eLh1ijqLkZcwQbt70rVRSFqizYFH7GvL1z2po/774+jDA3o6tYY1226HkniQcWnlvIz02tLDzeIskAeM0kqytbVG7qhMmHddPURUHpTSs4lNhlKl1i/ZY+kCW0G16s83fC5C39TMUgQhz6sGHAxZ3FXDVeIskNz4RSz3NqX0KXSSiwFBHJRAxk1qcvveth8MTzv4+EeTc7gsHg6b8hHU4u3pArAhnNugg4o5TyIsQwzCEzHGDyKjjGE52A0PlqjFg==
+v0n0.nic.football.	172800	IN	A	65.22.20.22
+v0n0.nic.football.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:22
+v0n1.nic.football.	172800	IN	A	65.22.21.22
+v0n1.nic.football.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:22
+v0n2.nic.football.	172800	IN	A	65.22.22.22
+v0n2.nic.football.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:22
+v0n3.nic.football.	172800	IN	A	161.232.10.22
+v0n3.nic.football.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:22
+v2n0.nic.football.	172800	IN	A	65.22.23.22
+v2n0.nic.football.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:22
+v2n1.nic.football.	172800	IN	A	161.232.11.22
+v2n1.nic.football.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:22
+ford.			172800	IN	NS	a.nic.ford.
+ford.			172800	IN	NS	b.nic.ford.
+ford.			172800	IN	NS	c.nic.ford.
+ford.			172800	IN	NS	ns1.dns.nic.ford.
+ford.			172800	IN	NS	ns2.dns.nic.ford.
+ford.			172800	IN	NS	ns3.dns.nic.ford.
+ford.			86400	IN	DS	31459 8 2 13DFD0C4AC2B97B1294ADA48FB4A36E5732739AFC11818B4C46FCD17E3FC13DF
+ford.			86400	IN	DS	64471 8 2 200E32097C2E1D54428766BB9E5489316AEFEC25672D34B24778F71A50E947FB
+ford.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KlLkgShmFJafaOjpj5IHur3tlxXbsZoTqCGRcKx7d0/jodQTFPIPvV+fJZz4/W7NPcZvMVYCflbSkwtgJhaKQABUuU+up0CmQF+H9xJ0DTxMbq8eyjq+m3vlQMVGqJm/m8WCzIuKfzVgvAB2DN9ZnzOIZHs7+PUt/KD/gjct75AUsUu6L/yFLLx1qw274fwMfmHolk3ryoWgkPPMdLrnhVjybjcQLNryY7By5Xi+pv6cX5YHU1P8N9jfh/jE87ucvabCntcR+Uo81brJ/UaRSXI5iPg4q8HcJk85096J2ZZWWa7ycThUlGWHk9uhslbFBQaqLpeIWsGaz7CQoPV/sA==
+ford.			86400	IN	NSEC	forex. NS DS RRSIG NSEC
+ford.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qhLWwhwCxJjzdmXSlnZHoreNzlqNneDTEtQV05V6bN0VT4kD2dwLx6Inrna6XJKs1GNXnmR447KRy+yWqfMd1UlGzLMm30s21UoWlEF63B5zskRbA6QW154b/5sQos30QKcyHjxYSpDM9TVELG/rqYv2FMQPy7Wg4QvZQCIkJS5MYJRY0H49G44yGHOKK8l/MpVUcfcCNSGwYCrt4eC5M4eeABrstVCj/jLzivG6r+xQkrLoOHBkWKlg/6bg5q0ziTWiI7T70oonO+G7grRkic1/D/JGVf1/NDRwQfA8h3cACaqkf13UbOon1zIIMtLOmitWnevllIZrzS9TIkehWA==
+a.nic.ford.		172800	IN	A	37.209.192.9
+a.nic.ford.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ford.		172800	IN	A	37.209.194.9
+b.nic.ford.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ford.		172800	IN	A	37.209.196.9
+c.nic.ford.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.ford.	172800	IN	A	156.154.144.62
+ns1.dns.nic.ford.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:3e
+ns2.dns.nic.ford.	172800	IN	A	156.154.145.62
+ns2.dns.nic.ford.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:3e
+ns3.dns.nic.ford.	172800	IN	A	156.154.159.62
+ns3.dns.nic.ford.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:3e
+forex.			172800	IN	NS	v0n0.nic.forex.
+forex.			172800	IN	NS	v0n1.nic.forex.
+forex.			172800	IN	NS	v0n2.nic.forex.
+forex.			172800	IN	NS	v0n3.nic.forex.
+forex.			172800	IN	NS	v2n0.nic.forex.
+forex.			172800	IN	NS	v2n1.nic.forex.
+forex.			86400	IN	DS	37024 8 2 B76C4CB1E725CBAC7C8043A1EFE178802F19BBD47687EE2DD46BF30F626F1C08
+forex.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rglkHe1nhb1rryZ1F3nXrjbFUDUOiwTL6sVe3gTjdqIO2TuNNnkOS2+I9xnicqMMwAoMCgyOFQnhpbGZFoN9iUfYRNVOqAfb5gGxUKFNQ7YMicAsEFznBIZsZDcXRKMJuHiqMO6JsP3f1XHVOUEElwumzL/Dk6rIVSPsotfnVPfivLiGUJdezKE9e/lt6f0K7z4piwGd6bMKr3EwLP2b89Mj9+vKdqtmUR2ALujOwYB3YjaanjtXaXyVPZnvBXqzYUxjExqJWrNPkCuJEmB/k7xh2MH1UhAmztQ7pbwHSzQjhYKjBA0Xe13PaST+14IsJLOWqEbRSjf+/48l613EhA==
+forex.			86400	IN	NSEC	forsale. NS DS RRSIG NSEC
+forex.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eTQfQpWaV6SKNw1zwCW7B8oOgRk920pYBipbzeFs80rdXaTHeMTUalqT+X7/tqofO8nWUfelwuyAW3YCVxVPBMbS4/Do4dTN3Y1PouEI+oLck1GSS7pzb35zMTkLBQs/yCdVn8pSYmr4e5jz9GlW1SPMTaFavXKyrxoms3wvIZmkb14dzBddZaRwz2YNSmPdiLZcx1yPl1LaOalSyc0bGwXdPgf1I/9ku5DQg3tAyJMyGx3x9CCCdBfg2tYstkZWI9i0PqFY9DeXZKmhRcAli7SV2fuRLh/yBMhxa/PSQvSQ9MA3F64ZmNM/aNvj2iIfc5Rf2oEByNV54yQYbo9Qwg==
+v0n0.nic.forex.		172800	IN	A	65.22.28.65
+v0n0.nic.forex.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:65
+v0n1.nic.forex.		172800	IN	A	65.22.29.65
+v0n1.nic.forex.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:65
+v0n2.nic.forex.		172800	IN	A	65.22.30.65
+v0n2.nic.forex.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:65
+v0n3.nic.forex.		172800	IN	A	161.232.14.65
+v0n3.nic.forex.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:65
+v2n0.nic.forex.		172800	IN	A	65.22.31.65
+v2n0.nic.forex.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:65
+v2n1.nic.forex.		172800	IN	A	161.232.15.65
+v2n1.nic.forex.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:65
+forsale.		172800	IN	NS	v0n0.nic.forsale.
+forsale.		172800	IN	NS	v0n1.nic.forsale.
+forsale.		172800	IN	NS	v0n2.nic.forsale.
+forsale.		172800	IN	NS	v0n3.nic.forsale.
+forsale.		172800	IN	NS	v2n0.nic.forsale.
+forsale.		172800	IN	NS	v2n1.nic.forsale.
+forsale.		86400	IN	DS	57781 8 2 B782D732FE1E21301D1CF866096D3293925AB1E839FFC580591CB7FF8EF63983
+forsale.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WcdewR5lpqTEMZqxNeo34GZ79Ma6sVBg7Y5rE9/6PT97Yy3hhwO14/KSL3U7fkQN+o60kuj5ZU0D1RAr1X9BPDcu04nEUd+0emYemk5CFlzv3Pa4GqWkUxQk2cjXYY8GMsSwLrvjjA8ZAR4E2ZQI05dZ8puIvxw0ijC4vXLHp3DXGjX/svz6RPiclSg4Q1Q87ohkBSFWw9HDQqL9iuMPjg7Po331XE9w49nPTdc5Bs2kpdxX8+9nqBFxT1W9tJxyyveShpT2RFG1sib8kJxDkcPE9huh4MmmlOQLnVyNisxSZF1qNRdyzvLXoOUVz5+VBbiqNApdQeC9p2Ndvn2YQg==
+forsale.		86400	IN	NSEC	forum. NS DS RRSIG NSEC
+forsale.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ub8gvvUSKcRzSZgNjjLm/8r5WgpcdF4PfWR6X8Fb2kmqEFPfn3IHdrHtZAv3yz7B9Y6X9h3qjbAlloZndBkNqOyIP9BYTe6cVGDuDv65NvnnjJsEu4tGyeOuAvSBSKuaYdaMQF2+TwAlMADXWsYH/1yEk2VlWmmp/3v+t1GRY2sz2BIll+7l2VQr14feCR5urDd7yzSdYxboEMOCpJnq09uwCD/KYWJzOdjy6HmrWXUECl8phPe+yHv0C0iyEu6cu9yItb+PYo5PETziqwEHz2mvrsWUNfdfoJhKJbLTo+fWgTzENyBqp3xn7oDvJf9o3T0C5K8YrDsJBI9ZkemFdQ==
+v0n0.nic.forsale.	172800	IN	A	65.22.32.53
+v0n0.nic.forsale.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:53
+v0n1.nic.forsale.	172800	IN	A	65.22.33.53
+v0n1.nic.forsale.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:53
+v0n2.nic.forsale.	172800	IN	A	65.22.34.53
+v0n2.nic.forsale.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:53
+v0n3.nic.forsale.	172800	IN	A	161.232.16.53
+v0n3.nic.forsale.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:53
+v2n0.nic.forsale.	172800	IN	A	65.22.35.53
+v2n0.nic.forsale.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:53
+v2n1.nic.forsale.	172800	IN	A	161.232.17.53
+v2n1.nic.forsale.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:53
+forum.			172800	IN	NS	a.nic.forum.
+forum.			172800	IN	NS	b.nic.forum.
+forum.			172800	IN	NS	c.nic.forum.
+forum.			172800	IN	NS	d.nic.forum.
+forum.			86400	IN	DS	9475 8 2 A53A95D8AB4105B83918A104F8828B1E0DDDB48C290A8EFF1960918E01EAFAE6
+forum.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . m+xQXplIubff14IAUXvQIC7qCN++k1pMZWLyX+o8VQbBWA+sENsiIZ4sUuplyaiAAEnEphPM5xEWDx1vK/dqW+V7g+ITl/f85OVPx+PH8b7FDPseTs0IHZxricLulmCAUTLQIS7jyMsY5D3atAj0QknNEa4ARVoGmY13xAdEx3/PIHRQg/O5iA32H+y0L2ZE++MaxmIv97saWNxpQ20FGbsBRNdGxIeaSMscULmUvkcAjxYFyyuF6DNkIVkmet9zKFuPaoWH99C1j/lOjEb098/dFOYTrI/+YtRmv7yS0uiTn6yq6du9vWnypb1mkgR7Wn9MQpmv5kwMWevVUyX/Wg==
+forum.			86400	IN	NSEC	foundation. NS DS RRSIG NSEC
+forum.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mh360wDhXh/w7EvBvjt0bM4IWW/j3eEp35qaD9eQuLytMe1lJ3E33fqWNr7RdxBdgxJj3eXbq0/2a+rIQGkvZNxMbPwB1y6JfJ9NYyEKS0iab2bzPY+zcbtPcYqAbJkn/1/9FIraQ81AjYkr2VTVCtAQ7ImsNX1L4v3WTjCFm8JkacZx1r3OXaIym2T/6C6Uvyel+Y4Aby4bgGo1WgmmJqt5LKqXG/TJaK9ZB4yoJ5zZWqoJR2ytoEbneft0g3oe5835ZS4he3uG5fn/3GkRDbwJaDWEzVFyqjHVrC175VIgzWKXNmk0/liwUOhi6RnmkDDT4ksvNXnah9aK/hA6fw==
+a.nic.forum.		172800	IN	A	194.169.218.65
+a.nic.forum.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:65
+b.nic.forum.		172800	IN	A	185.24.64.65
+b.nic.forum.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:65
+c.nic.forum.		172800	IN	A	212.18.248.65
+c.nic.forum.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:65
+d.nic.forum.		172800	IN	A	212.18.249.65
+d.nic.forum.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:65
+foundation.		172800	IN	NS	v0n0.nic.foundation.
+foundation.		172800	IN	NS	v0n1.nic.foundation.
+foundation.		172800	IN	NS	v0n2.nic.foundation.
+foundation.		172800	IN	NS	v0n3.nic.foundation.
+foundation.		172800	IN	NS	v2n0.nic.foundation.
+foundation.		172800	IN	NS	v2n1.nic.foundation.
+foundation.		86400	IN	DS	50359 8 2 B440325C92CAB8D16072F62301B71032691FD4C5D46ED01278CF945B0F8E360B
+foundation.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NdrgDboHxI8vevs2w/GSwQO6ZFMsEKavhRvm+KDJUCd/Ou9fm6/3ER9B3d9uR+9i2U0iyQt/NGbWz1PFu7Svq9gZaKI4GlzDNzM/J/uSk0vk07AQoCzLLKHHkGypyn9P0WM+/gdI6br4oM/uToxC50MaZBjqFTjh3xIlvwEX3C4/k6Ceg0lHXwABuUX/R/L29dLLmPqdscNTs7LQHa9uljKaRK/Jgh3k2RbtP4mgmRiiUDxK+F75NAXn98U4xbkUaVvXeZyq/O0rBXTGOtR1n4g+WH+xVdkLHFnNHm9VWdFWq5Hnsk3Myc6BlxG9aMHJmgTeKoDgS1o/JCVRxkvzUw==
+foundation.		86400	IN	NSEC	fox. NS DS RRSIG NSEC
+foundation.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yEN/TWvMAgJIz0P1cEk6x0nvnUvxrmmUZ7CqF4GNVPXgHY8F0Xe7HIFuNuydn47Su5gyUgOIQpYkBH+i3bgLyGdCG/9ADyH7SNHkSw8NL/E3mMVe0uV0ikwyqS+YQR35oKHAcowobMpnYQF9p3suL0Rvwk88C/oRcaMmRgVV1WkuMDEvCYGR+kiOPLP0xdKYEHVRfToqRnkH6SNivhsU7eGOFwE58t3xiALM2bZL3GqOO7FIpa8p9W8KxhAYN5TVYpX3kzxKymQrQsFbV/t3TSAuXL7HisKtWYXjlQfjamdtnV6rkKLzlks5z5rZxwdfuCAOp86uWEZp0Qr2Ggq5Sw==
+v0n0.nic.foundation.	172800	IN	A	65.22.24.43
+v0n0.nic.foundation.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:43
+v0n1.nic.foundation.	172800	IN	A	65.22.25.43
+v0n1.nic.foundation.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:43
+v0n2.nic.foundation.	172800	IN	A	65.22.26.43
+v0n2.nic.foundation.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:43
+v0n3.nic.foundation.	172800	IN	A	161.232.12.43
+v0n3.nic.foundation.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:43
+v2n0.nic.foundation.	172800	IN	A	65.22.27.43
+v2n0.nic.foundation.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:43
+v2n1.nic.foundation.	172800	IN	A	161.232.13.43
+v2n1.nic.foundation.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:43
+fox.			172800	IN	NS	a.nic.fox.
+fox.			172800	IN	NS	b.nic.fox.
+fox.			172800	IN	NS	c.nic.fox.
+fox.			172800	IN	NS	ns1.dns.nic.fox.
+fox.			172800	IN	NS	ns2.dns.nic.fox.
+fox.			172800	IN	NS	ns3.dns.nic.fox.
+fox.			86400	IN	DS	17635 8 2 CE046FBC1B2DE0479BA9624F6344E0D6A22DA6BB2C776A4782BA144F36D05D33
+fox.			86400	IN	DS	31102 8 2 675C7B085143739B2C32F301858C5EE3751B58E3A9776EE2A6DDDC2C9C7A9E13
+fox.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . s2eTjHI6viCY7SH8O38FAYGxgjNR/ApOS5XkdMKZt61BwRibMbDY9G6Mhm9Pk6rNm30DwjpwYjOGROEA+jdrVhSij2xPoSF4luEpW/eKaSli+r9KK2yqXmZkCWsey/7C/Zo8l4FXIdZjChAKhugQAiODwgXKznl6hOyTXNT5qHK/mk4F9wtJ4+79BxVms3IGIVIrHXpTnPHTimrhAa51P7/9mRbCK0SL8eG3ZwX269oUU0wTnv8K611cYN8kLcQ5o6ppTauHwJ/wQKc9uvq4s5IEBNmUlsZBsxdo4/1ukKwI8kbUv9/3TwvuftUUdrB+E2V1cxDUctTIDgqjX4QBmQ==
+fox.			86400	IN	NSEC	fr. NS DS RRSIG NSEC
+fox.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A6Ocuhq7PbvrEx9PM4ehnnLniAg0VzaWAGihj3BkGvAyK/l62dgL0IUMgaTtPIFRYpc2epZbEc9hm9EzreUKIy4ohct7bCCQxiSBbtyRkaiFC+Xop8+HPPt1OV2WEmTh+POFgeVf8RsCqeRjkxcBncxaFMVxXDLEjx21Oek/CRqmX7lSs1eHbY9Pcj+CCp6kovERSqvvOOnztUFkBd34OPeFxtaIytOgeLuReRUgn3s7frZAQIT/+6RLFTZDdJvs2k6sbg3oBp/ksesa6Zmm8NJjsHhyylpXmwl2JiVpgvfRGW+uFF5DWB7a2NJtoc/9el4XVWuj+FY/ZW6uwNM6mg==
+a.nic.fox.		172800	IN	A	37.209.192.9
+a.nic.fox.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.fox.		172800	IN	A	37.209.194.9
+b.nic.fox.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.fox.		172800	IN	A	37.209.196.9
+c.nic.fox.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.fox.	172800	IN	A	156.154.144.63
+ns1.dns.nic.fox.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:3f
+ns2.dns.nic.fox.	172800	IN	A	156.154.145.63
+ns2.dns.nic.fox.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:3f
+ns3.dns.nic.fox.	172800	IN	A	156.154.159.63
+ns3.dns.nic.fox.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:3f
+fr.			172800	IN	NS	d.nic.fr.
+fr.			172800	IN	NS	e.ext.nic.fr.
+fr.			172800	IN	NS	f.ext.nic.fr.
+fr.			172800	IN	NS	g.ext.nic.fr.
+fr.			86400	IN	DS	29133 13 2 1303E8DA8FB60DB500D5BEA1EE5DC9A2BCC93DFE2FC43D346576658FECCF5749
+fr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Xbj94VLLISknnKFEGlGGoTZyRGIxFA0KvVS2U07j2vMBqNMh4iLfeGI0mg+Sis2531XLaBuzTDIHIB4WBxL3N7KD3LRClO/DLTnYE2pbfD2be1kjYTxFQKMhrAvIjXAH3xYf1O31aYmziYSTTnh1sWxIlaUHsBO9btqVqn+Hr+IKHyw4Iuglb7+hFiq3Ix0ABxzAS6WXr3rkWUD8p4GHeO3DrUWNqSlAIJ9ML6o5UBPVKSzETABq2BrNAfkLNYmOnca9PtKeHUaqVOD/N2cynjexYSXX69EIuulIXRIHk6b5fM+bloyJAAKPSEy/JHdLZKIcCmz1I/svvlrMePdhTw==
+fr.			86400	IN	NSEC	free. NS DS RRSIG NSEC
+fr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FZRMjqI6GLFNtyFys/w1sMd+qW+9A5JPUPbMdw7+yRIktid/SLCv9JNcYPHkvrp6wjqPtOHvT2FJuSjRk46uitAB7NjNEOGFuMkZKA71LRkrO4gIKXVjhRjZ7vSh+s7GnMd9RhE/Q360WNJP+6+o5F5WUD1q4iqsTXQi8hLauzE2ZfDez7i2WxfTnM98SDNgz0UFMQo91+dW5KgSGGFJ4zh/D69BA713E4syMYYxPE0UgD0xyPQhmm0UrSP92GxXc6hYPdvH0g4rLyGL+rLGYWmLilu7gHtQDd2xZigUkV1NnEA61us/p/zep5F0QYvPJ8xgE07A0u6ctbG7BPThfQ==
+ns.cocca.fr.		172800	IN	A	185.17.236.93
+ns.cocca.fr.		172800	IN	AAAA	2a03:dd40:3:0:0:0:0:93
+dns.inria.fr.		172800	IN	A	193.51.208.13
+dns-tld.ird.fr.		172800	IN	A	13.39.116.127
+d.nic.fr.		172800	IN	A	194.0.9.1
+d.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+e.ext.nic.fr.		172800	IN	A	193.176.144.22
+e.ext.nic.fr.		172800	IN	AAAA	2a00:d78:0:102:193:176:144:22
+f.ext.nic.fr.		172800	IN	A	194.146.106.46
+f.ext.nic.fr.		172800	IN	AAAA	2001:67c:1010:11:0:0:0:53
+g.ext.nic.fr.		172800	IN	A	194.0.36.1
+g.ext.nic.fr.		172800	IN	AAAA	2001:678:4c:0:0:0:0:1
+h.ext.nic.fr.		172800	IN	A	195.253.66.2
+h.ext.nic.fr.		172800	IN	AAAA	2a01:5b0:6:0:0:0:0:2
+ci.hosting.nic.fr.	172800	IN	A	192.134.0.49
+ci.hosting.nic.fr.	172800	IN	AAAA	2001:660:3006:1:0:0:1:1
+ns-bf.nic.fr.		172800	IN	A	194.0.9.1
+ns-bf.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-bj.nic.fr.		172800	IN	A	194.0.9.1
+ns-bj.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-gp.nic.fr.		172800	IN	A	194.0.9.1
+ns-gp.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-ht.nic.fr.		172800	IN	A	194.0.9.1
+ns-ht.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-ma.nic.fr.		172800	IN	A	194.0.9.1
+ns-ma.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-mr.nic.fr.		172800	IN	A	194.0.9.1
+ns-mr.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-sn.nic.fr.		172800	IN	A	194.0.9.1
+ns-sn.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns2.nic.fr.		172800	IN	A	192.93.0.4
+ns2.nic.fr.		172800	IN	AAAA	2001:660:3005:1:0:0:1:2
+ns3.nic.fr.		172800	IN	A	192.134.0.49
+ns3.nic.fr.		172800	IN	AAAA	2001:660:3006:1:0:0:1:1
+bow.rain.fr.		172800	IN	A	194.51.3.49
+free.			172800	IN	NS	dns1.nic.free.
+free.			172800	IN	NS	dns2.nic.free.
+free.			172800	IN	NS	dns3.nic.free.
+free.			172800	IN	NS	dns4.nic.free.
+free.			172800	IN	NS	dnsa.nic.free.
+free.			172800	IN	NS	dnsb.nic.free.
+free.			172800	IN	NS	dnsc.nic.free.
+free.			172800	IN	NS	dnsd.nic.free.
+free.			86400	IN	DS	24446 8 2 04DE92A2CCFBB31F3FE8B80A9E1C03B604062BB5726B1FE18D95C62F3CB8A26C
+free.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . olMpYoNgEmXUutdWaJH5n0HKGYnjTP4bim2NjEYjYLJ13l+EkpCh0FHpj51jHk3GE4HN2nvbkIZbMdK31mTN+aGFDymrHTf4Zyhs4x++LCCiNlTxOSCc5lJRdgdGllM2LuIX1Gvc13w/8NJZ59xLB/B7p6xADyvutcxdOtlFC6PqBF6vCm8dRI4omkm5D+ICuounas4lvs+N5WbTj5oOiQmNf6pAXdg2/JUYkLkYcRvJ0QIYzbcWVSemkOaBGujewajjWBWTTFBVn2Zl0oJ1Ar+Ovgpqoy9iyxP2qg5nLSDm428/RdxVcWNrWHWoeUMQ19nvmEZQ68B30vReigfxdQ==
+free.			86400	IN	NSEC	fresenius. NS DS RRSIG NSEC
+free.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LZVLWPi4whJAD8pRFrjknYt5rbUdfAhdrH6+Mr2iaVSvnnbhjW84oCW27Z9gykyWOelLvEb/RykJsKXyW8k945xFfEJ9+wQZQ4ENs/PZUYukPNOLLI0Dx7+pZz2ZpoY4iCh2dnBaekMEFiAoKH5Kwi5LCGPOqHaJRFjfiEpftr5Oy11rHL4dXjZp36CSgfnb1uBKQbXUkpKl668HYCFv01jfqGG+rbajMEAwI54bsXp1lRw3WmDJTE2CjRH9vWCUhoBTcP0tdGVEZptxfbvJK1ABTcJvIqbDXprf7bdq6nBCINYUJo0KD7uRJ7LN5Fvb4Ab+KHvxMnnE7YGgyjtEWg==
+dns1.nic.free.		172800	IN	A	213.248.218.67
+dns1.nic.free.		172800	IN	AAAA	2a01:618:402:0:0:0:0:67
+dns2.nic.free.		172800	IN	A	103.49.82.67
+dns2.nic.free.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:67
+dns3.nic.free.		172800	IN	A	213.248.222.67
+dns3.nic.free.		172800	IN	AAAA	2a01:618:406:0:0:0:0:67
+dns4.nic.free.		172800	IN	A	43.230.50.67
+dns4.nic.free.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:67
+dnsa.nic.free.		172800	IN	A	156.154.100.3
+dnsa.nic.free.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.free.		172800	IN	A	156.154.101.3
+dnsb.nic.free.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.free.		172800	IN	A	156.154.102.3
+dnsc.nic.free.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.free.		172800	IN	A	156.154.103.3
+dnsd.nic.free.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+fresenius.		172800	IN	NS	a.nic.fresenius.
+fresenius.		172800	IN	NS	b.nic.fresenius.
+fresenius.		172800	IN	NS	c.nic.fresenius.
+fresenius.		172800	IN	NS	d.nic.fresenius.
+fresenius.		86400	IN	DS	14099 8 2 3A1C09D9328367D2077AA1418DACAB1E9799C6E419409C35416ED57AD0D61DD2
+fresenius.		86400	IN	DS	43201 8 2 B8B450BA7043973A3F43E9E8A70FAC6A6B979838254E439553F17F403D24425E
+fresenius.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . P2PkQoywtlZBRjOuRClYW/WxJiA96ydP1wKltdCBtXQWIwNjbq1MGULE26KQ6KgoFFEfFAwGlWusg/ln+x3iEaxV6CxvUcbrWBQUl2oCYyZOr6x1EEvvGFBieJsRjiUSVY0rH3TepwX5C4QBGeAnltw4hcFdZnqbQ/DAQPY71L6X2vWVKgOSU7siBp2q7qihaNOgLQ/QByBweciqlxw4tRPEFWruqjFM0mdvNBGBTsAxR4sLbXHY9MJIxg4eeJagcg8PJAtI87uKoT7eJYYipTvd2Ow+3Z7EMyxdv5rPcT3AvhD5heaLKRd6gIYhva3jOTyyqqydQKa8LLHee+ceLw==
+fresenius.		86400	IN	NSEC	frl. NS DS RRSIG NSEC
+fresenius.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rtrG4rlEHtlkBZnZKnybPc4vSM24s8G1pWlnx3kv6F/15V96jsf4Ic6oztpobLMRyGJWYXU2BHtSNbVpwbADw31wutzb1NUBKDOZEautWSJ13uKjuqSYEUJvjUFUUp47pTDXrK4B612hEyvSW1IHSdJVgky1oyba5YGzzckMrzKqxsm61GKrjZdiMfB1IsA5tRSv8I/P6nE6L0QUMS0jKGza0yGzcKjVBLw5rvVYnB7uCIldYTH+ESORvR+oEj8q7R/j6G004YKfLG264wXdYjm09LT1RshhYig4YZv1GN2rUZohVUdvgLvVWUaYGsIuTq8aN+otDQ9afwB99S5LuA==
+a.nic.fresenius.	172800	IN	A	194.169.218.86
+a.nic.fresenius.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:86
+b.nic.fresenius.	172800	IN	A	185.24.64.86
+b.nic.fresenius.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:86
+c.nic.fresenius.	172800	IN	A	212.18.248.86
+c.nic.fresenius.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:86
+d.nic.fresenius.	172800	IN	A	212.18.249.86
+d.nic.fresenius.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:86
+frl.			172800	IN	NS	a.nic.frl.
+frl.			172800	IN	NS	b.nic.frl.
+frl.			172800	IN	NS	c.nic.frl.
+frl.			172800	IN	NS	d.nic.frl.
+frl.			86400	IN	DS	16639 13 2 D3CCC215301C0738FC3B1AA14DEB7602421FF42D3889BD15D018EE2212373D38
+frl.			86400	IN	DS	46635 13 2 7564B5A11E4AED3DCF92F5D40B75A3089D7EB5E0DC97C4B467218E6B6E9E95C0
+frl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Y4jWfEEBwdH+HmQN8AI25FuvHqWEiZbhJ6wfXptNejPyjBbCfagr7dWwrs2GWJwknXgocQooZ53l7BfiGwNXNi/9PmkC6aQjN8Cd8K1/4N/vJj8HOd8ZzPEnyOpFBtBo0a1UvKSyMPFhKdPe7+UOMJruYQxNQc+uVqDpKleMt9hllS+q9mDZHAqnWHWf68yo0Wrrsm4ATHzTp+Z+T/olgdQI5oJCOgJZjuXBDj7F8yUYx3Qm06r0PTJ4A/2iTHugDEia5XU7tFJRR7wEGsSMpErWuyUrvT3UVm5delnpXEJ+Y3v4zkxGEYcm0qc5rDxPXGXzvUGwQ97SLxVCmAQa+A==
+frl.			86400	IN	NSEC	frogans. NS DS RRSIG NSEC
+frl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HiDpAoKEp2IAZKCxlhxp9cmwXHnPf501ejsvOFyZHQXCIDWG12AEdtF0F21c31rsYW+fhOzi82P/yPCytbsiaEELM2JhocJ/399t7rfPxTSp08tn+uMOwjvV0MONxfynobDg7i5O4O+h8E0xZjHx3TmuROivHSbXPTSZ938lsf/tSR0tKqwduXCSFLYbgQqnmDkMV3S1kw22BJLZSDE96066f2NnyDzOSOwXA6MwZBpQtMPfm5XazphFZCGMdSljODgqhLJR3rkLy8QIrX4ehEwxk/zyMrR0VFjcRF2UW5zFq0mKlBGqMOV6qFJiI/7E1QzA7Yc+aH0AA7E5+3LMoA==
+a.nic.frl.		172800	IN	A	194.169.218.87
+a.nic.frl.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:87
+b.nic.frl.		172800	IN	A	185.24.64.87
+b.nic.frl.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:87
+c.nic.frl.		172800	IN	A	212.18.248.87
+c.nic.frl.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:87
+d.nic.frl.		172800	IN	A	212.18.249.87
+d.nic.frl.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:87
+frogans.		172800	IN	NS	a0.nic.frogans.
+frogans.		172800	IN	NS	a2.nic.frogans.
+frogans.		172800	IN	NS	b0.nic.frogans.
+frogans.		172800	IN	NS	c0.nic.frogans.
+frogans.		86400	IN	DS	44230 8 2 50F935219610318D526521F0E31C70705B462BDE2C9FDBA142969B27207B3B7F
+frogans.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sst+MegT2sj2u9zJ7BuErC65/7k3G2uSU2oHbZWKOjVoX3Zh1KozYTF32Dwim8YqWBYVMePWW3uIzUthvt0uH3Nqdr4E0LcWrTaxQ1slHFCQhbeyZVbQA58f3ZobVRRBQQInHTBOXFL9J7+U4LxG+/JAfhFrq4VnwLtI4Gf6jC2w+kytD2KnSmbHrABIF4h1+WpNNymWHARRvMHUZIRGzR0uKRETPpHaXqlhFy1OI7bAjTRBfByO+ULvnSB7WYfyYPWKCZZ98FW0Eao5Hk/Ma1PfJ5fTZ6FK/VyOo3BAifgGyhA5Z1jI9RRwYB9fHaWBnMEnnKgpz8Br4LsvbIHGWA==
+frogans.		86400	IN	NSEC	frontier. NS DS RRSIG NSEC
+frogans.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gdz8xS4KD7yUzQIQGU1W+EVutuXuyUA/UMkO/Zxhz9fpE3aP3+112HFXYE+liZp3ITbnqYVW/76snnnRubi6VrJpcGhJBQRFHNW6CiQDStULquJUfCcL48gjjH8hgJm5tNuAeQ1CmuXD0qyWtZ2nqFSx09tMRcGwBxCE58wNsF3x9fn1GfbpgPSpqDJxtUuG1+Q6xtfzPIVZ987JWrHaTDZlrWop6g+Y/EJD1wnGxAob5a7EmqzVXImCD0CwRMDmiIhsuaJ6PrvnBw89spyu85R6kyFKKs3/Vwthic/Xq9/mk1yQv1Uu9GNeDQZlCyQDscZmQlL59y3CxDXIePusTQ==
+a0.nic.frogans.		172800	IN	A	65.22.188.1
+a0.nic.frogans.		172800	IN	AAAA	2a01:8840:b6:0:0:0:0:1
+a2.nic.frogans.		172800	IN	A	65.22.191.1
+a2.nic.frogans.		172800	IN	AAAA	2a01:8840:b9:0:0:0:0:1
+b0.nic.frogans.		172800	IN	A	65.22.189.1
+b0.nic.frogans.		172800	IN	AAAA	2a01:8840:b7:0:0:0:0:1
+c0.nic.frogans.		172800	IN	A	65.22.190.1
+c0.nic.frogans.		172800	IN	AAAA	2a01:8840:b8:0:0:0:0:1
+frontier.		172800	IN	NS	a.nic.frontier.
+frontier.		172800	IN	NS	b.nic.frontier.
+frontier.		172800	IN	NS	c.nic.frontier.
+frontier.		172800	IN	NS	ns1.dns.nic.frontier.
+frontier.		172800	IN	NS	ns2.dns.nic.frontier.
+frontier.		172800	IN	NS	ns3.dns.nic.frontier.
+frontier.		86400	IN	DS	32674 8 2 43ABF7B723073B5ADB567BC9095EAFC64367D702C7818DFD97B7C293EAB0B4B1
+frontier.		86400	IN	DS	50689 8 2 B81514D86B0AE37D16A0676680B70B9C714036DE9993AFB8D38FDBC6879A0062
+frontier.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oQQzHR4VDrPABLj/zHhyIQOVrzbY2cywr/k/5djSX4YkM+3pLX5cKqysE9TZE1qdNjdlGxIwUgAOVt+Y4/MrvR/cSEk20Z4yR7CuNeYM5hRPjLaqPq9QQxvx8vDYfPTRqgKjlUcRxHlfqTTbdqFVP1lDYuL0/pBKvSMrYYDAfsSodreTafs6ee1qIZG9omgCaNKWUzebYmRmK6WgDlEZl2gz0QRUSJJk/mIGIq65uMwJudQfRpA9AR0YkYRkqSmdanK3oE22s/TQoUxHLt75fRlQsP5u3SX9DG2jPAMfqhUpD9J1GalXowq6a7Ehuur2fo1zTXMy+Q/KBRVLTBkI9w==
+frontier.		86400	IN	NSEC	ftr. NS DS RRSIG NSEC
+frontier.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RphKLlCSpurnKm0+vaMEglJV6QVP1jlVh4oLKo5KjUt+3WQKOerpeoiNVwAkuQg5goJZ4GabxfyQbxF2qGOBXdy9BFSTUTBmEF65ZYm7ZJcUmfLv9RqSfIDd2rPr+98jDHiZhscCG6akcJt2t5Vrd+XWIXWI8/ryf2f9F6YEZb/VSU7AzOqZP4lMNMNLHL1JcLlnJ7fBTxN6RSI8U9dk8GgpMiF7OpmjdtgF8K+/LZUWKL9MuY7QedHee+4zW7lW5VS9Tzj3ZMZ0DPZnJ6L0Lm1GZYrAxTO9q1cG2aIAiK8uzCSWOzkVAYCADPhmFw+W8nNOMJU8gUzrHUysBX9U0A==
+a.nic.frontier.		172800	IN	A	37.209.192.9
+a.nic.frontier.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.frontier.		172800	IN	A	37.209.194.9
+b.nic.frontier.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.frontier.		172800	IN	A	37.209.196.9
+c.nic.frontier.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.frontier.	172800	IN	A	156.154.144.64
+ns1.dns.nic.frontier.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:40
+ns2.dns.nic.frontier.	172800	IN	A	156.154.145.64
+ns2.dns.nic.frontier.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:40
+ns3.dns.nic.frontier.	172800	IN	A	156.154.159.64
+ns3.dns.nic.frontier.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:40
+ftr.			172800	IN	NS	a.nic.ftr.
+ftr.			172800	IN	NS	b.nic.ftr.
+ftr.			172800	IN	NS	c.nic.ftr.
+ftr.			172800	IN	NS	ns1.dns.nic.ftr.
+ftr.			172800	IN	NS	ns2.dns.nic.ftr.
+ftr.			172800	IN	NS	ns3.dns.nic.ftr.
+ftr.			86400	IN	DS	26692 8 2 BEA8F6F61998570B7DC8D85B43487908E8CF2FA560E7255953E7FCBE29A80209
+ftr.			86400	IN	DS	44104 8 2 42ECBFDD47BC85333FB13850757D18493116ECABDC33EB40CA70D7CB952D9D52
+ftr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . T6E4Qtq0YGZKY1ccyt5npUjRGnAglg+xkNLCl724qCndYj9MJaHzqmfK0zoT5iTe5hLJxGVuqaBjZCsgP5vz7GdBX+iyO9l9vpbGKMaaWWzPnyyzk2bNwe7iyyiTqcp+GZlzoa8GAbQcXKZv9eWynglC9UwNs82bVxHBjC+OT0ZScfbdq8Y7khEcKJGqCkncmUp4IgAnzJhcHapJW9gjdnC59BOx+DDeu6HgG8wtcT5+p9X5mIZNwmZ93cLexEovUTdrgZuWpfa4fdpetkn/fNo5pGmEJMFM7wU2Gg0E34pTmn5JtNaAk8tZKJHYaE6nKxzbGfEFjlNEQI+ikQ4LpQ==
+ftr.			86400	IN	NSEC	fujitsu. NS DS RRSIG NSEC
+ftr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . K3RBuiZh2032NILec7uTVqNuX0pLDeIq8UyhzeD7QzTabWOncoj6vtaWiU14OpvJN4YJDRKrqlqrCdRFl15TjEy0uCvR8oazQT5gOgPgAZPx3IoyuqD3bU8RoEIlctqHut9Cv5QxQFOCPdBKlsTrvAns0z7dIVQk8e/lmzPlEhnWQ1acECTEmxt3gCyJrgfhxy1HxPJhMC4jiHEbMJGEf9c0waW9He1AmFN8kMijH/35Ppwh+I53t7Rjr0CodmArh4RVxCHzLMbW3ymv+UNFVsxbHtgTigcYY+8xZvqOcM8VQK77riVAl39ACgv6aJJlGYXrX65BMhMvcAUZ3Q/CFw==
+a.nic.ftr.		172800	IN	A	37.209.192.9
+a.nic.ftr.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ftr.		172800	IN	A	37.209.194.9
+b.nic.ftr.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ftr.		172800	IN	A	37.209.196.9
+c.nic.ftr.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.ftr.	172800	IN	A	156.154.144.65
+ns1.dns.nic.ftr.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:41
+ns2.dns.nic.ftr.	172800	IN	A	156.154.145.65
+ns2.dns.nic.ftr.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:41
+ns3.dns.nic.ftr.	172800	IN	A	156.154.159.65
+ns3.dns.nic.ftr.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:41
+fujitsu.		172800	IN	NS	a.gmoregistry.net.
+fujitsu.		172800	IN	NS	b.gmoregistry.net.
+fujitsu.		172800	IN	NS	k.gmoregistry.net.
+fujitsu.		172800	IN	NS	l.gmoregistry.net.
+fujitsu.		86400	IN	DS	38612 8 2 B04465DAFDF63B8C89EF0BAEFD4C6E602C6AC778794F8F196941169BA669DB4B
+fujitsu.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Mcix5whDmWI+X9FtftruLnCSiYcgO+fm8N4Sd4sSOrii8fM15WqCGwFLFLW4Lr1Gf9ZDN944tJ4EPmKl9vtuRNqWcLrEqPKwQy3zBe9pxqNnGDIeDG4Uk0mHyXC0Lbg0AJw/HmYO2rDihSdoOCU8se0/YN8A0UD7Sqiv97Mh7Bs5IVVTvhe/DfOUevTggxzENX0GIqWltiPlWeIeq/z39zCA36brvlNIaJg73RlWRcdXvmqsHBcZrLx7le+sOURv6hrzHl+m+oOYinbmMfVHWCohnMdR57NEYrTOf9VQYVdVA+ST24a3L9nVgZUVWpl9kmPRUYOEc3Q8CpcB3bCmzQ==
+fujitsu.		86400	IN	NSEC	fun. NS DS RRSIG NSEC
+fujitsu.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UgV6bBOPgjatiaTC/WcecMMLlkfXA12G2pkmtuVuvsPBhFe95FIMXd5F++Ba7XP74LPvLDOTOP1Yn7E/oFn3heRyRyyzxLjWswqf+Vk7Kohgn4NAEGkFFh9oz0fW3ObxMIK91NEBGdZse6wZX49VOU9mKEhqQjQgP9d/QrT04Ebb+btJiY4dMaex5ppy7IZ2flszUil6iSgs05W2KIWle6Uz8N5vCdGozUNmvtoF7mUdbxrlI+97oTMMgsVbf+msUYj3+plmanGOMt9Nw+zKftiO8hPmiC9jtjEAq0WiPJyb1VT7oeA+EKg6szNiR9zj0QJF5+1FDxqSaO//xYvkpw==
+fun.			172800	IN	NS	a.nic.fun.
+fun.			172800	IN	NS	b.nic.fun.
+fun.			172800	IN	NS	e.nic.fun.
+fun.			172800	IN	NS	f.nic.fun.
+fun.			86400	IN	DS	4594 8 1 E256D68D24212DD3355F3AE897504E47F847579C
+fun.			86400	IN	DS	4594 8 2 58D070A391A5808DA071DE7234C293B2A4A32006F1FF152CCAC45E2EE66C3891
+fun.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JIpFePdx556o5CQPRdnu7Gr/dl+HOI40K2VJ1t4rHiwSenLL9rgRrTmIaNHiRhQKHn9KQJa5X7zXsPG7Pn4t0hpOuGV5hGPbHAtu+8fITmXRiJhESdirt/0Evtpf7v/gepMj4lLl08j5Ih9iR3DEUACrQG1C+jL3sqSUnj/UH5GLvMt2E6ebWzAZCik/4Gi8+BN6BoPg1Dw/pSt/7ZUMx3g3+D2JFpW24vOHqayQf3KnuqjOGhC1nn5OTH4EZvnwRtL0RLuW+Nw8PCe98MsGNDCiQVOHKgFn/EV6IaVDuJNKtAZHkDfj88DhxsGDWCOGHgGbsYW1AVoPMNihNqmaHQ==
+fun.			86400	IN	NSEC	fund. NS DS RRSIG NSEC
+fun.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fhc12RHgl9hzEeDlGWvEUEpnH6LJjkY1RN5eGhde3keI2JvM/3UI/JUV7HIU5ocT6FChhnqVE+Jk2uaSgGWYILdVgrtATEFq96fgNGlBFRPfYQjJnIXcKpo5anQ1R66o0QI2AEIWQsYxikAimw1GHytf3W3tFdEUVlXUEM9pLD1siubHl6yl/9nS/Ug88Dm+Z9XZAl1XmqArd/hbLTXKmNPrP2yE523nwQVyh5MNlcqPXrhrQc/tFqvzIPhGtIt5jk0NcdhoVPlBUogjlWxDjWlpn/BD2ewppSHsG/v6ZumRQZXLKs1D6GndxDRtY6zmZS+2Bd069SG9sx35wuZEWA==
+a.nic.fun.		172800	IN	A	194.169.218.72
+a.nic.fun.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:72
+b.nic.fun.		172800	IN	A	185.24.64.72
+b.nic.fun.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:72
+e.nic.fun.		172800	IN	A	212.18.248.72
+e.nic.fun.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:72
+f.nic.fun.		172800	IN	A	212.18.249.72
+f.nic.fun.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:72
+fund.			172800	IN	NS	v0n0.nic.fund.
+fund.			172800	IN	NS	v0n1.nic.fund.
+fund.			172800	IN	NS	v0n2.nic.fund.
+fund.			172800	IN	NS	v0n3.nic.fund.
+fund.			172800	IN	NS	v2n0.nic.fund.
+fund.			172800	IN	NS	v2n1.nic.fund.
+fund.			86400	IN	DS	58270 8 2 987CF39F13D83606711047D4D88B8283BD49BED69BA378B2106C7ED6B33D2527
+fund.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yOeWv4nKWvg3p3oTiw5oMis/k97RmkDuFUokzREt7ixZBQyENIZZ5Py0lzIhxPgRnNPj9F3XwocL0G3aO/OvKDaXA5D0u/Ez0xX5+VLJ9qxlWPHC2lX6HFc65Kdb2hEoXpEMJBerdLPmmdf1pNTkHqrKGetlrADK5leYfFWcq46n1sT7VUT2jy68WLEfsNNF2BLfBG2GNNGWbLkgmeOFVFx7vouZxA0EQ/mOZPUVVLEuFF1wJQcyRlJl4xD/Dy1Md3r3sE5kA+ANRGxJYF4NZ//l0r0oCE4SP7qDBlSAdpsk+wRe1H81BgT55Vsj+3ZxbpkLc3+9Ols+5KI/OcvN7w==
+fund.			86400	IN	NSEC	furniture. NS DS RRSIG NSEC
+fund.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m2dSsljFAJ+DqyS6i2vcxM8oTETaVYWB1stGirvpE3c7tRIaAl9cdXed3t+68/88z4UJnv/AACl06ru/m1ka0STZatJdVBX4T0QM44Ak5MtgLShoTtY7IKxX+SlzBivmjb8dMRrHcw6IJHojE6/6hyskwdvolzyeG/jSB6aRF+ZC1jP+tRAzuawBeTuUMetaCfYQglOUqb3IOECzPOTY3g60QCPOps31QfGX6I0zjLkPoeG0OLSKF1kyIMMvgcJdSmBR4rZlInauSEPuAoolBbxRuPf6Au33Ey+BCMyqzIpYc4rKtXJblpsWU4f7emLyXw5OraYtcIxnSgga5T/7ew==
+v0n0.nic.fund.		172800	IN	A	65.22.20.45
+v0n0.nic.fund.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:45
+v0n1.nic.fund.		172800	IN	A	65.22.21.45
+v0n1.nic.fund.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:45
+v0n2.nic.fund.		172800	IN	A	65.22.22.45
+v0n2.nic.fund.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:45
+v0n3.nic.fund.		172800	IN	A	161.232.10.45
+v0n3.nic.fund.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:45
+v2n0.nic.fund.		172800	IN	A	65.22.23.45
+v2n0.nic.fund.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:45
+v2n1.nic.fund.		172800	IN	A	161.232.11.45
+v2n1.nic.fund.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:45
+furniture.		172800	IN	NS	v0n0.nic.furniture.
+furniture.		172800	IN	NS	v0n1.nic.furniture.
+furniture.		172800	IN	NS	v0n2.nic.furniture.
+furniture.		172800	IN	NS	v0n3.nic.furniture.
+furniture.		172800	IN	NS	v2n0.nic.furniture.
+furniture.		172800	IN	NS	v2n1.nic.furniture.
+furniture.		86400	IN	DS	2821 8 2 F50E41782D45C0C945289178E73F62D5C2FCB56CBA05BDC5988EBB0D5D46F07B
+furniture.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f7228+bd2xloPVprKQML4M6bSiZkbHIEZJpc1A+mqYLnl6Y+C2fo6kFwbIWvI04leloRXOc1xOd333+FAmXxZG/E27I20AZAo5N4uwjlRnlZ4SJPJzPGHtRAX1M9FydCYjQh2KSWAHcEPSkkVcmf0FDYGF2Bj/mPaWVhUciIkXp3C91OBDaDW9FcNoOpYpJVF7XI8flEabGPHFtL8JQ9jY+l2i5lZ5W09vFYBlmbnG8NfNvXH5whzTHgCr26Dg5RBmGbz1tP56lzOk3e1FcfNO22GgJ7WHK9k/HPVsYCjwp2JcD2vxzEye17G5SwMH7iuaLHfxDq82psj5mhz1QJPA==
+furniture.		86400	IN	NSEC	futbol. NS DS RRSIG NSEC
+furniture.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nASnEEw1+rHnU6pd+Vx5GKKjoeM7k6N173LDPco1yx1NQLF5alSWE7Mgr+3siLDID3S/Eqqu7T2l2/Bk9hpFWiFJFjG1ve20RxXpKjpD+EXYelR4/HcQj92oRsj6AzpYguGbT5TovpcoU5B7KzbVLYuNYYzioxAbAXt42WRA5D+rX/AyUgMTP/mIk/yOegD6eQNZU/B2XSpNm6Exb8b95MSc7t8pFYGOIki+/DRkan6zXs9j0Up6ABIm+KRRfVWU8O9TrfCyiSn86ZGmX78JMduoRZhC/QCaJjuEzX9EmbjS7J/z9wLtIiT4RjdRHaJjoxbbzB5yNTiAipQsUII8ig==
+v0n0.nic.furniture.	172800	IN	A	65.22.32.59
+v0n0.nic.furniture.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:59
+v0n1.nic.furniture.	172800	IN	A	65.22.33.59
+v0n1.nic.furniture.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:59
+v0n2.nic.furniture.	172800	IN	A	65.22.34.59
+v0n2.nic.furniture.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:59
+v0n3.nic.furniture.	172800	IN	A	161.232.16.59
+v0n3.nic.furniture.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:59
+v2n0.nic.furniture.	172800	IN	A	65.22.35.59
+v2n0.nic.furniture.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:59
+v2n1.nic.furniture.	172800	IN	A	161.232.17.59
+v2n1.nic.furniture.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:59
+futbol.			172800	IN	NS	v0n0.nic.futbol.
+futbol.			172800	IN	NS	v0n1.nic.futbol.
+futbol.			172800	IN	NS	v0n2.nic.futbol.
+futbol.			172800	IN	NS	v0n3.nic.futbol.
+futbol.			172800	IN	NS	v2n0.nic.futbol.
+futbol.			172800	IN	NS	v2n1.nic.futbol.
+futbol.			86400	IN	DS	56971 8 2 BE9582AD283374F983057455CF2068505A0E6BD69DDD89EA2A3EA74F380E2AE1
+futbol.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A4DSy5lkQSu5ju7O2bei1+4I6zRBzetkSDJcYs4XjGiqBWUdc0TXs2gPsbiAsmjrNUNSCZAQynXBoaal6aKDFIWpt/5ZpUu3E5lMXIbj3Om+v39mdEUol8YxYr0zQLDBOuVqYtRal0CHYL/KKyI2htiEfAcalBoamOrdgUNm75T4yELx7DhoenJ9gUXD+FVAZ1ohHXmQ9lNi/EwqKferGA+bD/in/WsmrRL7P7VoULHGuVr5BqNEe6E6+f+QMO1/qFzgRZnjR23ygS6V0EMEG0cahdQ2LdqycW9FLWn5yNEJPWfo9ORB2hGjtPOM2RyIJWKlguSGeh0mnQSo5W9Ycg==
+futbol.			86400	IN	NSEC	fyi. NS DS RRSIG NSEC
+futbol.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Gaoxg3hPMpK9d/BE1Nu4/IyhQHNflA1OBvMdbaTLh7IWZU8R+V5+QmlKh+0bZWqt3tsleoOBIXqbTN1Lejlr4+YopyiQx4iS3PSiN1VzLmX/Q0Q+rctc/KFyk2sEPJyxxrczyJxbysCPsXJmn310mbdBfrTTiFNzj5subSaAVQ+FsKlep/0cznSMw1QpyIDvTT/qvDaYL1TWbVLyck5m0nT1aITtFoCcbX3Rm6Poh798//pPIcDnZkN/RDxWPuY7g7uk1Hw5dSynDk6GgYogUE6x7+h8Wbac7qtZP1u1JIDXvFEMQ/AoqVgDtTeXMNRPaNoCVRojUyoq7oPcfLqgFA==
+v0n0.nic.futbol.	172800	IN	A	65.22.28.60
+v0n0.nic.futbol.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:60
+v0n1.nic.futbol.	172800	IN	A	65.22.29.60
+v0n1.nic.futbol.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:60
+v0n2.nic.futbol.	172800	IN	A	65.22.30.60
+v0n2.nic.futbol.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:60
+v0n3.nic.futbol.	172800	IN	A	161.232.14.60
+v0n3.nic.futbol.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:60
+v2n0.nic.futbol.	172800	IN	A	65.22.31.60
+v2n0.nic.futbol.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:60
+v2n1.nic.futbol.	172800	IN	A	161.232.15.60
+v2n1.nic.futbol.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:60
+fyi.			172800	IN	NS	v0n0.nic.fyi.
+fyi.			172800	IN	NS	v0n1.nic.fyi.
+fyi.			172800	IN	NS	v0n2.nic.fyi.
+fyi.			172800	IN	NS	v0n3.nic.fyi.
+fyi.			172800	IN	NS	v2n0.nic.fyi.
+fyi.			172800	IN	NS	v2n1.nic.fyi.
+fyi.			86400	IN	DS	24340 8 2 853F208B5D528007D5B57BB498524364DA3A2C43AD48444AAE41D3AFDB5B5ABA
+fyi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BxM3mWYdRm2AbLIQiDEbEzsqPhBg2pYk50Zzp27vEx7X9h0OeNBolhTmmutxlkXvLI1t5QulAk7JsM8ryS3TArmB0b03tWG2siabDY2im/s9VUVoBFAVQ6hKl854H8LyRGqYlblUxxTChckM0Y6XaK2GpQh6zEA7hcqyWoeseMRMVMs/pndHE3dx3BwBRKuqAPa2CBJnlWCVa5+w/wnBIhwHhM6iAABUCn+SFWgGvP+Prz0hFIumhqktf6PJYc/MBcwqo9tG2OmojEUbUhCLcm60kCfWfA/MPSlC0asT02NgEeixYbgjB0/a5ck/rKkW0izsqbOZJ01DYQtGpqMQZw==
+fyi.			86400	IN	NSEC	ga. NS DS RRSIG NSEC
+fyi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . M249tgLE9GJIEPjiJvspoMzYLRdfcVjKkqfr5eh8VFV7JPVjuKPTFgttr5vWu9jGgVtu5eyzYKqwGnVCwhiXzq/QZiRpU0PKIvgMKCYCsX5yvW9dtkYLFxtdEVDKD5G+k7QmJwemRoMaehBIQfpu7dHrhd2E9GLRDm/jH0drLiCiWGpGx6j7lK76qPBHBc+QdFhI0nEC0Htm7jK74gnirIrSIrVcz2ABl9Zoh6b+Oaaow5ScEpvOpl8yYRx1GQ4LFinjQLAjoPmTSRyR29RX63AoZrlNL5ysfWhQFOiFKFfVpFUuRG27U8ODn5ihx7AAI2shpKiOogCjsFd5NTf5/Q==
+v0n0.nic.fyi.		172800	IN	A	65.22.20.42
+v0n0.nic.fyi.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:42
+v0n1.nic.fyi.		172800	IN	A	65.22.21.42
+v0n1.nic.fyi.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:42
+v0n2.nic.fyi.		172800	IN	A	65.22.22.42
+v0n2.nic.fyi.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:42
+v0n3.nic.fyi.		172800	IN	A	161.232.10.42
+v0n3.nic.fyi.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:42
+v2n0.nic.fyi.		172800	IN	A	65.22.23.42
+v2n0.nic.fyi.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:42
+v2n1.nic.fyi.		172800	IN	A	161.232.11.42
+v2n1.nic.fyi.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:42
+ga.			172800	IN	NS	d.nic.fr.
+ga.			172800	IN	NS	f.ext.nic.fr.
+ga.			172800	IN	NS	g.ext.nic.fr.
+ga.			86400	IN	NSEC	gal. NS RRSIG NSEC
+ga.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XJZNz75ZGA9X42APeQRSIn4ckM5ud7Gltzg/lgXEYFtV07b/KkUenhezjyP0ESLn1juPfWB1hhW0OOLthFjsN3YW8glHyrGFzi+ixCgLjBwaKZ8NmT5Hh8w5sEMZcwkdHecAQ3C9nStb42wJk5WeLksPBDvmjRn9Q7H6RjeNYRfzGrFanOGnblx7knuUFEq4eXvaff89PRHMhYHamie1ib6t4OkgRZZrcXO1b2G1V639SeqbPOSmnej4u6w6OpJEcgf7apX1BjaxV0zaRSlYzYS9KnmR4JcDXc+QP7d3iA0uLTJwxWltqqIqb4D1JdDPobPgV7oOr1Xm/obz7avRyA==
+gal.			172800	IN	NS	anycast9.irondns.net.
+gal.			172800	IN	NS	anycast10.irondns.net.
+gal.			172800	IN	NS	anycast23.irondns.net.
+gal.			172800	IN	NS	anycast24.irondns.net.
+gal.			86400	IN	DS	32469 10 2 31D40665954899244190D71E2365CF3623A825580B9BF277953ADEF2599B49AB
+gal.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YQeWFSzr2LVQ/eUBY3YYqeoZL+9DEO2gzHxxsUNnT3ZSlO2HOcZysVfXUbtG1rftc2ZkBqSBCLhS8qbxne3ETrUCJ3k962qWgsD3AiiePzlWU5xGbgjWVLgCbRYaP6T9wvoNpONeV6CP7Ev6frOPX3WeZJtc5zwUhACo8fbC79YlwbPxUYszdNjU5NwccERCOA4G2KqeY2kn7ldzRsW+xgq1fRii7sakXjhHDrE9PfxJ00J6tfCFPzUpE6FVYsgMSG2WJ8OSbjoePBwYfs8LVbUOmq7zuMd70w0JruSIJnkbnevDlOs2SXQqst3bM5ZYmrJn3kL0edizbqp4fe7d9Q==
+gal.			86400	IN	NSEC	gallery. NS DS RRSIG NSEC
+gal.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nOLKtF5y1aiMgJbVukPEBQmfqAm3G5EdOJENqxdLY4IYHxGKHPqu6qLBZQutSfVcpgsB9SEQFZvoRGq/Zz9u8Qzz2Wk2ucxIYc8ENBxC9PAH2RraSA8HIFgyFJkHgG6EDx/9ys5mQ/iB4poTXshzfcy0evnA8bMGOb2pvCHXP0V8+cmIChS4qbGxfNWBFWn1AG62TeSZvZlFPHHOe6M9BZR8e/qO/ouH2SC4XqfphxuE5dOCchfuIjWH8+VgR9CQMkzoFaB37YSE1Sx1ExAXrhF8HZECHr4BXA18uhsM+qzMJX2jbTweTaPBHJ+4pDjSqAazBD9R+XNeNtfC+WCYnw==
+gallery.		172800	IN	NS	v0n0.nic.gallery.
+gallery.		172800	IN	NS	v0n1.nic.gallery.
+gallery.		172800	IN	NS	v0n2.nic.gallery.
+gallery.		172800	IN	NS	v0n3.nic.gallery.
+gallery.		172800	IN	NS	v2n0.nic.gallery.
+gallery.		172800	IN	NS	v2n1.nic.gallery.
+gallery.		86400	IN	DS	11671 8 2 6D21A1E67D81B0C40C63C22650433BFBCA5EC66657BCA99C01849387563F7BFE
+gallery.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1PMFKAl1UTq/y4SLMsgBawfG0wAkcn2wzWfk9CpXJMIi+KRDJvZcbbSt5pf7+l3f1ElH6sHDvah2M2KwfOzGGRN0o8QTjmHJxkXalMUPQ8XpUrjcUzaYlrPo+Q6TBAHhV+BvvRuAYcz/7Eai/FjNM7JDTJl4YpymdNBjV3yQm0TuGNbVGIDAmOAgV9Ax4Aw2ZOKuwzuT7qHUYO+u/aIp7FVSvZylhoOlnjzdlRSaTKXnMPNxOdmPQHq0CIfS/JyQFWyswe5bdH1YS/Ygx7YhmJ3Xa709v+FYxPUaaX71fQWimzMyB6kkoBjVNEbs5WarlSNxap+K8NxS9BXsWKfCfw==
+gallery.		86400	IN	NSEC	gallo. NS DS RRSIG NSEC
+gallery.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QhrFKCLG1ohsX0o32mm2+Ri+q24QhdebnlDHxaZffssKuCEBsaEyNqMC8GaPTSzcOAeZ2sWKZUrtAJteTGqwhHlYaVXZR+OtWLl+qpNofhHEBFkQcTwheCMl9oVhSDBGe77ghpEN6Swn+A70dE7fLzkEwdHLM/gEGnvtU1elr0wXBHWQi5m+9mUSVsLH940VIO16f0kJ0b3XRbwTsLp+FX3uBVwAAEoRTZJu/WUrmMgv4wxhOSaZtS/rn/AEY65yR29n5svTqMhQ5jUAyvxreu6Irzxnur6UYM8gjWHF1YXh2jtHmAvvJOE0Y8zodCiQqhJq9xFbSm5X6/9B9EdS4Q==
+v0n0.nic.gallery.	172800	IN	A	65.22.24.8
+v0n0.nic.gallery.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:8
+v0n1.nic.gallery.	172800	IN	A	65.22.25.8
+v0n1.nic.gallery.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:8
+v0n2.nic.gallery.	172800	IN	A	65.22.26.8
+v0n2.nic.gallery.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:8
+v0n3.nic.gallery.	172800	IN	A	161.232.12.8
+v0n3.nic.gallery.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:8
+v2n0.nic.gallery.	172800	IN	A	65.22.27.8
+v2n0.nic.gallery.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:8
+v2n1.nic.gallery.	172800	IN	A	161.232.13.8
+v2n1.nic.gallery.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:8
+gallo.			172800	IN	NS	a0.nic.gallo.
+gallo.			172800	IN	NS	a2.nic.gallo.
+gallo.			172800	IN	NS	b0.nic.gallo.
+gallo.			172800	IN	NS	c0.nic.gallo.
+gallo.			86400	IN	DS	29001 8 2 4C475AD8273C49CCED3D8FBF45F02BA8E1A2759F816BF2020A544B49B9B04CF6
+gallo.			86400	IN	DS	49567 8 2 5B769DB94FCFCDD0ACD004B90DC7BA248DF09B3B7D7F29B40732B388A1EBF9C7
+gallo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dwVVdqYIiQWrsZusQ22mn90dj7d3gyJYj9futrd41ns5Ev3WiR/HTDt7cn8QotVvboLJXffOkYE/A9B6aD9qzbOPwYeUpr77FQWuYxesEN0JstdzF9QNnwz3AE/b5QmwIqp2GXD1/NeEY4ZsUQOCJ/odLrDdTEnaY09znk9N0pAqKcRcQHBjAa9aE2nr+C4V2zZuvHRvAU0NINsiCwLNx/52v+36ORqZ5MRuv00AoxB4/YLN0vOZs7coAqjAXzHvYNVjc/R04TgsGEL9f3x6Z2M7g7PCdpX9KeAoFFzk9fljw4l8jp/m2U3WXMo0GJiV9sOfnqxqQtrw7YLHPCvWJw==
+gallo.			86400	IN	NSEC	gallup. NS DS RRSIG NSEC
+gallo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . haStG7FBemiI9CLMf8fdcnJ2wEi72ckD3f5TmTsEvILqufuCqtIhfyJ+Ir+u2eg648Ss50j4C7e9Zl3miWqnD4fJTxi5vh7K8AhZuk7TI7Zi8n+R+Mf/iZOBtYjVDVwDXaJ2f2vHUtxqX9fRd+5XHsWHY6aAQNUVsgFrbno24mMgyZtHBZH/IW9eo4pDNfzVdgnUbmzyVIJ9mrIzAQGenFUN+87zn+CPG1JZ0QkNpFIRdAKYk30CnzufhofCAKlnDk5X3IZMifRkcVxvbWD2nPElx/eYJvBrn4irJ+QDKGtHxPzZYWk99O4mfa37MT9C8ToKAYLT6ozBzc0vgk3eIQ==
+a0.nic.gallo.		172800	IN	A	65.22.56.1
+a0.nic.gallo.		172800	IN	AAAA	2a01:8840:36:0:0:0:0:1
+a2.nic.gallo.		172800	IN	A	65.22.59.1
+a2.nic.gallo.		172800	IN	AAAA	2a01:8840:39:0:0:0:0:1
+b0.nic.gallo.		172800	IN	A	65.22.57.1
+b0.nic.gallo.		172800	IN	AAAA	2a01:8840:37:0:0:0:0:1
+c0.nic.gallo.		172800	IN	A	65.22.58.1
+c0.nic.gallo.		172800	IN	AAAA	2a01:8840:38:0:0:0:0:1
+gallup.			172800	IN	NS	a0.nic.gallup.
+gallup.			172800	IN	NS	a2.nic.gallup.
+gallup.			172800	IN	NS	b0.nic.gallup.
+gallup.			172800	IN	NS	c0.nic.gallup.
+gallup.			86400	IN	DS	34159 8 2 AE9BBA11562A260AAA062E2EB9881443044FDB8998B6A81C25D34D0D6BF49CB5
+gallup.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vsEUEdZiccw416skVW8yYMXThJvfAInwAatevddt1hC0/S/sjP8fkS2FM3BH07zv81ekhCfach5n3TjDBbQKniQ5DwNDzHx24/Aw8n4x7YJr2FJK7kypS3pgDM5kxIkX1rEX0XKtfMjlbkbvqDioi81PkbCeMIqB7MLQAgSfmg9NbBssxcsEYvXH8MK1bTBv7tnvnEAMrxGmERBwbXhJGSgeVJDPgI+ceDcGF2PXlxnE1Q0QJ/7yVVCXe4SbVKQQZYiSbY2/IEiSl686DIr7nuSoya+ktZnt++54znciW721DSfOfgSxcXNQ2b6snIB+ovj5McWEl+DbuwqgBHeKew==
+gallup.			86400	IN	NSEC	game. NS DS RRSIG NSEC
+gallup.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lsb7kH4ESbm5BSbnT2XQOxbInz9zsAygLlofKfLQ8cUpg2irW47g3gvbdX6magR7n35Ik7inNstpQ7/S7ApzvvFPHcPkJOv9BvpWpd11y9VNi5rQU+ngxJ7L2n7PRDpeZN42QxPRsTmBDI7lFu4ohOgcJnnwHMrTi05vB66MxPjcFCl7RiQkmcYFX0NCe7G7gM8dHCkeueAQzNmD1/Mprrd8KCo6QvhA/Jg6ZU3B9ODvZgBFTHHCd0aRvrjyWcWxaLADsgN1kWqYk0oUw7m8Rtj7tCDRp1qS0Vs9yUuXRGfswvbqvsZcRv2jBL0PrIOqQ06+1b1rXGhliLwSeZFKAg==
+a0.nic.gallup.		172800	IN	A	65.22.168.17
+a0.nic.gallup.		172800	IN	AAAA	2a01:8840:a2:0:0:0:0:17
+a2.nic.gallup.		172800	IN	A	65.22.171.17
+a2.nic.gallup.		172800	IN	AAAA	2a01:8840:a5:0:0:0:0:17
+b0.nic.gallup.		172800	IN	A	65.22.169.17
+b0.nic.gallup.		172800	IN	AAAA	2a01:8840:a3:0:0:0:0:17
+c0.nic.gallup.		172800	IN	A	65.22.170.17
+c0.nic.gallup.		172800	IN	AAAA	2a01:8840:a4:0:0:0:0:17
+game.			172800	IN	NS	a.nic.game.
+game.			172800	IN	NS	b.nic.game.
+game.			172800	IN	NS	c.nic.game.
+game.			172800	IN	NS	d.nic.game.
+game.			86400	IN	DS	4126 5 1 0BFD20235875E18EE7D8B0FAD0A9F566D296CB09
+game.			86400	IN	DS	4126 5 2 F69BE762D422754930EE00176F377AB6A7FF074A48B2076A6F0CEE711D97001D
+game.			86400	IN	DS	32929 5 1 AC35DD8C5C6E00427FCE4432F9F817D54C5DBB9F
+game.			86400	IN	DS	32929 5 2 C7602F661849EF5422CB5E5D7CCC91E7EA8344C7FD20F0E43A198CC699EC895C
+game.			86400	IN	DS	39133 5 1 FB1F7E5D4D62AA9F930B77A9494BB3B04D84340A
+game.			86400	IN	DS	39133 5 2 ECA12999E650C648FEABAB0AA1870D10D6E9F6316FA609B126C98477F964C6A4
+game.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . p8yvJr4BGND51/oMoTTaDLHTPf66T1275r4yOtMrA0bSFF9j1p7/yvpj4kpvzFEjxiQTM0672w81COaj8e6Si1KUC+QXcE/Zv+0hSZadYbT5awHpceg7eaVnRtNy4LgARxNGBGZKXd3zFGGQxTvWGNCPI5cm3c75L71m96V6pCR5nNSRyNaF7lc8PO7j4fogl0oVABvWFGs7xq5xYJCMMnI0bYFTXK0dTTxcQAX7xs5/KUf6MgMuBExYfzPykg3wGs2Vov5uYpxD2tOASHvG3T7Ib6Y3uB6OyZi6QC4IzN2ju2otSSeKFCqAGREg2M+4X+H5Pa7wfE40hs1kutDwIA==
+game.			86400	IN	NSEC	games. NS DS RRSIG NSEC
+game.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U43d+bf1e1Fs3waWybp24QupDmbTJIaMTWdNM6Snr4wux5u9v8C0G+55akDdnTlnnB22JTlLH2UXwEhl1UuqszS0A+gBFbYqf+Uox188XTpVydaATuVQbayC7eUXz2Fn8BFfr1fzkZq82dAUjFm+XLua8k0MvQPpEmeSvUKeb5BjkyokMLUDn6g5PNLivwdll4cdR+XX0JeBmnXOTZLcC8qCtUoflwUjT5GG+SAvkPrU18dymzqCGyAFQdS/MH1xkImCdA8xPmvGRbFtwUupmF+QAsZQvkZAKHNzCfcxiLNJ/tdZchaSGVvLjvEvxpRajiaxNB2zY+fp2whwh4UpBA==
+a.nic.game.		172800	IN	A	194.169.218.147
+a.nic.game.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:147
+b.nic.game.		172800	IN	A	185.24.64.147
+b.nic.game.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:147
+c.nic.game.		172800	IN	A	212.18.248.147
+c.nic.game.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:147
+d.nic.game.		172800	IN	A	212.18.249.147
+d.nic.game.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:147
+games.			172800	IN	NS	v0n0.nic.games.
+games.			172800	IN	NS	v0n1.nic.games.
+games.			172800	IN	NS	v0n2.nic.games.
+games.			172800	IN	NS	v0n3.nic.games.
+games.			172800	IN	NS	v2n0.nic.games.
+games.			172800	IN	NS	v2n1.nic.games.
+games.			86400	IN	DS	54412 8 2 A5CC38E38A2D92016AAAC71830FB380AFFFB9137BC360F97DD576BD73F9D39F6
+games.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jaLhzd4Jv4LD/zQSmPsuQy+BHb+968r61ikDdhlegsHvwn/o4QR7pKPTiKdNetdChadmdkvAUGIozZZuE1osfKZqt55WC3qiMxPcsdaz8x6ez/byvWk2IgqdC3o+QoIDhNDgYr7+fPz/xJ8bRePV0rADjUeuyO1MMcRkA+fCj/SIM72S185VTDywh1WzbrXPnvuNkamSCeABviiLTaQhi64v14FXZjP6TlF3DXlxabp4qTfL9DLJ5XlcLbqvAfNokqRKux5WHuheVuOofoM1wncwwA9AxfFWA81tP9euexFW8VpawzSRZNXDRDw/pYyFgvb7EZEIDlUguEwjoGgLMQ==
+games.			86400	IN	NSEC	gap. NS DS RRSIG NSEC
+games.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . M3vF+Op+l1dRy2tl2aZQm9aZndVEpFDcC/KbJkUVedItTOgg/hLfWYX7bez/w1p17cv5mxNbUBgH/XOllcNvmCB+Zrsi68vUCikBPDMny6U+s6kvQwlEV3hZKFDdaJRir0vEnrEklTytq+cGrnyPp+Oc97gvsA6NFNPtYpi8B0k+cP9PpjJWonydTzyy9SRHdfGx95+t4LrqF3itLS97lLFUIr9F5bbMF/ihNcMPcKDgLR4ydsQYfThxoxFvlzS4KTw/DE6rH1DrWBnEa99etqwwSFauuM22tCZqmN7vkOVfS/mdeW5xO6V5F1/H0/MEHIFp351ZRZTiaNpCCYDNOA==
+v0n0.nic.games.		172800	IN	A	65.22.20.39
+v0n0.nic.games.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:39
+v0n1.nic.games.		172800	IN	A	65.22.21.39
+v0n1.nic.games.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:39
+v0n2.nic.games.		172800	IN	A	65.22.22.39
+v0n2.nic.games.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:39
+v0n3.nic.games.		172800	IN	A	161.232.10.39
+v0n3.nic.games.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:39
+v2n0.nic.games.		172800	IN	A	65.22.23.39
+v2n0.nic.games.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:39
+v2n1.nic.games.		172800	IN	A	161.232.11.39
+v2n1.nic.games.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:39
+gap.			172800	IN	NS	a.nic.gap.
+gap.			172800	IN	NS	b.nic.gap.
+gap.			172800	IN	NS	c.nic.gap.
+gap.			172800	IN	NS	ns1.dns.nic.gap.
+gap.			172800	IN	NS	ns2.dns.nic.gap.
+gap.			172800	IN	NS	ns3.dns.nic.gap.
+gap.			86400	IN	DS	4462 8 2 59BE1D87D0D5D5FD371368FA00C3E73B9E3215ED06CBEC2459B8A25C49248B07
+gap.			86400	IN	DS	34711 8 2 E6B688299E2DFC3B96259647E8A564475401D4504729BF8B523A08B4359B4C9F
+gap.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n3zwpRYUK9achzmeLTENrD3oRCCWuxDGL50iTMqu0GzIZ7kbNNIetUWYbQYgCUC54ORLH4TeMzW63MjiZncQXTMlyMY3ySVODS1rejJv4e3NqvzxmnrQFMAqoWhjwfAtN6s5qKkMJq4v24BNZAdlsuPW1R6jCntcRp5LdW6EzbGmskfwwAa3fNrriWAr0GAppfvrg2kDgu+4tjRJV7GTR13GkFrAvxVLyK+VrsGD4PiZNUMW5dbRQ8fPm70BP1Hm25u5f+5WsMXCZUmhngatXZ85crI/G8N9AtPP+QlgVM48OtRPDBLbxVYVwXgIBw/UILeRWkhojudI9tRXvatVuw==
+gap.			86400	IN	NSEC	garden. NS DS RRSIG NSEC
+gap.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . li2vEcwYQH8NxPJ6HMjjNQ/FlKtEc3/L2Aq1QwBgmI8SzMs0N9r81NKCWy/Mdr73n1eh9BYBSbcRg7+l2OfAW8MJN6VnpWvJxvUHw3KkOQuFf0YKQdV1HkQMP2IF7HkYkBqLeDzDRq2yiZfz/6Q3jEYzKqt5l2HpmQpW5BFSxir75kah0kAdWN+b+ZB88l2Ww48gjgSqB4B24KrwBKyY0LBJj6PHSlIu6D0hQl0yJAoiwTYd/ZO1mPGJrEK5njfmPCJ4vGcV+9/0E6vO2N65Qa2AjlrvYezaGPmaBjk5iqJAHvFx99hwoe2Ks2GXqDobK4ldfmWBoM/UXLuzqGa4MQ==
+a.nic.gap.		172800	IN	A	37.209.192.9
+a.nic.gap.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.gap.		172800	IN	A	37.209.194.9
+b.nic.gap.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.gap.		172800	IN	A	37.209.196.9
+c.nic.gap.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.gap.	172800	IN	A	156.154.144.66
+ns1.dns.nic.gap.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:42
+ns2.dns.nic.gap.	172800	IN	A	156.154.145.66
+ns2.dns.nic.gap.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:42
+ns3.dns.nic.gap.	172800	IN	A	156.154.159.66
+ns3.dns.nic.gap.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:42
+garden.			172800	IN	NS	a.nic.garden.
+garden.			172800	IN	NS	b.nic.garden.
+garden.			172800	IN	NS	c.nic.garden.
+garden.			172800	IN	NS	x.nic.garden.
+garden.			172800	IN	NS	y.nic.garden.
+garden.			172800	IN	NS	z.nic.garden.
+garden.			86400	IN	DS	27637 8 2 2D10A23A8DFEB7B80721476D3DCC5A5D31A61BE1D7D3B5BF6F15F4A2747B347B
+garden.			86400	IN	DS	51400 8 2 A3F1A44A1D481D01241486E74820FC3634CB119C4772812DDF44E6D1CC5D2EBC
+garden.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QrkCJc1NLgfLUUcXc2KRFPNR8JrmNMFCWXvp4Kc6isstXSrYfuummAXvTYB2Z0oLmiyb7A2u2I2EMgF8SEqBNw+Oh9fXCcmlCLj7DJFoU42CBoFZG+NKD14Mzb/L7zehr59t3nwy/6iCTGJ8ZfDAW4hkns0imlLn3alP4+iTFc64kV2cURxKcPCFe3XVx5dsCUhux9PLH1EAdqzRaM7gzSPsyMPLrnXZ7kXiuxLKiIxkmIFkfjpKrCkxrr3ecGHoMK1VDOYFIwHeS5gVk6psj+o2LZJ4vq/He1cJJRt5J/0mys4oESgIjAugGvvUhytVp8cD/mfojmqpSlwk/2Etyg==
+garden.			86400	IN	NSEC	gay. NS DS RRSIG NSEC
+garden.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D4ih/tOsIkCJWkXMEyK5tMUadt5WPN3i0nmlF7x2Lj878tcEnz6tiidmK7xuQD7xOcdawO1+e0L+HFRPEg/q4gsVt1VIQ6I6USRBgdxpNYf12NGlkfsg7yelysqbFQr6ShP562/0mitiQODlyW0V+zKT2PwZGMmLtx4O8HMOLKZ6MVz/Y90Mytetoj8Vg7B9Q8/yvd9ZtHmzhI10lDpwLfwsQ/f7MTltpal17lk/MbRChyyby2cJOhT01Z5f7r+iUBxtn7o4/204F48tXvuPiVIz2gDBRGUCo8aOigW1e6dJ2O79JVdp3mWxDP4dc7btgAXplACHWY5GTCPeOdNAZg==
+a.nic.garden.		172800	IN	A	37.209.192.10
+a.nic.garden.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.garden.		172800	IN	A	37.209.194.10
+b.nic.garden.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.garden.		172800	IN	A	37.209.196.10
+c.nic.garden.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.garden.		172800	IN	A	156.154.172.82
+x.nic.garden.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.garden.		172800	IN	A	156.154.173.82
+y.nic.garden.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.garden.		172800	IN	A	156.154.174.82
+z.nic.garden.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+gay.			172800	IN	NS	a.nic.gay.
+gay.			172800	IN	NS	b.nic.gay.
+gay.			172800	IN	NS	c.nic.gay.
+gay.			172800	IN	NS	x.nic.gay.
+gay.			172800	IN	NS	y.nic.gay.
+gay.			172800	IN	NS	z.nic.gay.
+gay.			86400	IN	DS	4816 8 2 960F543D3EAD5C2E0FD6D1E792265F7C795170D793ACD073F84C52A2F72EEA85
+gay.			86400	IN	DS	32074 8 2 C725B3CBD9D404307D49D0969B57B8885FD69663ACA51662B05716C9ABD1361E
+gay.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Zw4Ga4diys1JkXRVjbYQXYzxg2iz3b+XHuPVbfnzsWNDkzVOQWwKcqk3x+FJmI8Fe54z6BJ/ItUxdDdzvcgHDtmqWusKcW97TAfE2NJl9oSr2x+nrCpYKD9mT1h096kn8W6Z1u922hXLykN72bI/KWJlLFBj/NDNGhkx4ts9biJmyDeorMinZ4x2hQFulWNZOGhebOBbWCgAHd23gBKlJS3evZ7toudTfnuILc07MOP0gnV7gyJdyWRVyyMPPhAUVgieThjSs7YlysZjnYMGjPbIB9GIhAcZ13WZtjvSdWblAuWJsEX2AokgzCBwKYMGSTiHoBHRo1g39Why1a0WSA==
+gay.			86400	IN	NSEC	gb. NS DS RRSIG NSEC
+gay.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lXOZwZR5s0QpronYlSyLIadhkaHgWgnsFoY5RtT2I80lNHVtkiDmrULToCuLj2trcdT+enMYUQZyG/+nCA20rdWQFl6CY0sBgJv98OFS0BpsxNokoHxKI89OXmkr2AISyXBkixhiK3kRER8sEHmgIvHOkg4fECLvSl5oBG5fd5drM1XSz/8IuTSeHQ73NpUunDpPPP8ODEkpsFy3fp2pqB/HHBeryJ95Zg8OcSKazbFspGA40g+3DvFWne5uBy7p08kElpwE+h88RFISOqeX78K62z/7hu0vbqv9pptOG/TBZXM4h7bamtgNdMC6LKKXzJS/cUHM+3R/D+cifFz9Tw==
+a.nic.gay.		172800	IN	A	37.209.192.10
+a.nic.gay.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.gay.		172800	IN	A	37.209.194.10
+b.nic.gay.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.gay.		172800	IN	A	37.209.196.10
+c.nic.gay.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.gay.		172800	IN	A	156.154.172.82
+x.nic.gay.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.gay.		172800	IN	A	156.154.173.82
+y.nic.gay.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.gay.		172800	IN	A	156.154.174.82
+z.nic.gay.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+gb.			172800	IN	NS	ns.uu.net.
+gb.			172800	IN	NS	ns0.ja.net.
+gb.			172800	IN	NS	ns4.ja.net.
+gb.			86400	IN	NSEC	gbiz. NS RRSIG NSEC
+gb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PE5CBMGUYrzxeas9dDzDXY/MpEnJ9S9z2X2y/Z9+wZrqXGYIssWJcaiLVQm3oh+kwWF8Cp6Jyw2dRGxex6ePDFCOM9ZoOtdznHojiJeGx5Na5f7Vkqj04YqpEXWlgivr4k/YJKVEHH3NgFZuGEcqyO6tgrxie5IEW1hd9SHsBGq6BOnFV52yrsnuKpLI7jbaHwJ2imEc4cK0g1136qkVcAFaTlUFU/ZLq6YyK2JuSbzB8jS/Ke5magIkYgVZS1PGrvDyIy5t77dteq40EYuRJiHuUv1N+uJP6Q2m/0NfkPD0YO0zMo+qij/3JAWXy/KACbJuUxZ/5M4KC6A8wp1qpA==
+gbiz.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+gbiz.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+gbiz.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+gbiz.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+gbiz.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+gbiz.			86400	IN	DS	17434 8 2 CEDDB0629DE967EECEAE6B9831DDCB0FD30ED800E46D6A69BF15759C2A239D90
+gbiz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rgU+GEzu38eyhyVmNs/eoKnQ37PlZJDKntTnIgCGG7HrUCpLHj4Lu9XqIOOvHL/P4+sF5OGLM7uEbcgQbAaAevpyqxAAJXfuf5W0ppVJhJXK6y35ijQ2tzYJDFk0TS0X/lM+eJQSKiHJ3rVCdep0BWWi4u/sevvCiDSsJXe83Uupy5Tvvr6oNlNdDPvhkXLqrzsY3JppYyEyHfz7YVTj1iSg7cC659ZyKHsyAscXxirremAC8/KV5DLe1K45W3MDVkIprWircpLK85vHj1X+YKLXPIPeI82o8jrj4VSEC18DJDb/sdiPLNWoy/z7a91AXAU6blrHTr6mrSYwmpbTXg==
+gbiz.			86400	IN	NSEC	gd. NS DS RRSIG NSEC
+gbiz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NgXD6PwOD054tAVMlCvkmqZIArKy7nbMjh/awNPUBT+gGdnzpoIcwkux8Q8/+TD9c3SMwn+cJTxdHT1uSY7fdQclPcdp3hrJ/lNNBCaBzJmxMz6o65qHxMg2GSb2+TAI3f3vW6Y70ZFWrsa6B6UUI4LdhSR4w93G2+zsgPgMDkhEbYQYgssfLeTl2rM294UtGQtp+xYpxjCvcUCjRByfW1uaf4zuDNxCQbYdf1IYK2hT3yZxU8fwziam6egaFPq4ZeohVW9yE1B1cf9F/J/JhGPPa+IAbeaCw4PMWmWJfJYFdasd2MGge/Kjac6M2h+jPvrcNJ6Mx67iZzp6u05LDA==
+gd.			172800	IN	NS	a.nic.gd.
+gd.			172800	IN	NS	b.nic.gd.
+gd.			172800	IN	NS	c.nic.gd.
+gd.			172800	IN	NS	d.nic.gd.
+gd.			86400	IN	DS	51039 7 2 BF36A1EC5D2998566123DE660BBD857D1D25231729873E5F5399A641C1CEC13F
+gd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vmALw3A32Ony5ldnzW1VXz2A1snCrdaRIW2nr6P4Z5xzzl48PnSNeru9KPoTIC210z4KW39qluP9O/sL3JmDf6EFEcH9fwMMzhVYXiJW4j1OLiPexuPej9+qswMwzk8+AVaKm+RJk4ShsCm43Th53d9BzGbMejwwW65KMdZYxi4eFT33AzlS2dcUBiqIvrANjy19FjgtTAEwawo1uXCNeh+IVtIebdmoP3MqqK1IRQgDdYDout4lN97gDOOEPUfKH8afn9Qcg5h6sfOBi6FJLsFqj+blcX8g7uIHwfq1vv1f2vUGRyyRiJYDe++wCbBPQgWSHQx3oSaJbednpPpY8w==
+gd.			86400	IN	NSEC	gdn. NS DS RRSIG NSEC
+gd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ijFoy6e9LGNi9TMNfAJ6IVbL1wt48O8RjxxJbJ3gDjtu/us6qhOIExgLRyacfcw6Zbivhm1PwSHx/riUauFKWmMgDNZFdG40O0DEogz1mCNUsMB2fFj+oZufCT3tcRgzSfXEqROYvOm079xhFzh65BXo8fznz+AwKBiqp9nhuWkFrfMlmEepXfNOLS5UdbUI2INcPSsmnn3a0/OCZoqdKHjOZCpN8xXpLQzzJQXr5u9rHLMU+Jd6+mhmdzGeAV3DO97t6JY+rdR+IlID4n4uzIyapTgeL6BxjNMnKvjEQKmHYk+Qbtb82VCLfJ9GQbC6+PTbVqbgxWrZCPupqtWMVQ==
+a.nic.gd.		172800	IN	A	194.169.218.88
+a.nic.gd.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:88
+b.nic.gd.		172800	IN	A	185.24.64.88
+b.nic.gd.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:88
+c.nic.gd.		172800	IN	A	212.18.248.88
+c.nic.gd.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:88
+d.nic.gd.		172800	IN	A	212.18.249.88
+d.nic.gd.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:88
+gdn.			172800	IN	NS	ns1.nic.gdn.
+gdn.			172800	IN	NS	ns3.nic.gdn.
+gdn.			172800	IN	NS	ns4.nic.gdn.
+gdn.			86400	IN	DS	28906 8 1 157427E9D56B06DE066A0BEE607C2F3314B85FEA
+gdn.			86400	IN	DS	30307 8 1 7A16BF5938B9FE7CF2AC5BE9C472E81443944686
+gdn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . it+IPDgmpecBCLPwHby01TgEqnv3gvU9vRL5ovU9qXTbZ0htRbRUn1/QzLcIyPU/ftfY8Aj0HXSUPA7EzBhwHkWL5lc59Ltvl5at0+1VidMgUCNIUEfq+RXq/vzs5wyPqatIrLDcj3ZnyAOW3h7x2UUSgYEZmvZsYKIvVCm5JIKifcgXRicBGwfGPtz1te8nEbT9B4eCIpyAESzzHa6M2y4Qc+p8kJqxIHZT948nZDtrHcMZ6DmYfQ1KbcLX6wjLx3cI9nurEMpK9NXDZbaXNr2hssLJhtXDdpyLO6u3xP6azX86oNPtqnZMr4IbLxVFSydrzV5j5UU0DRCjN5bTNQ==
+gdn.			86400	IN	NSEC	ge. NS DS RRSIG NSEC
+gdn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a8c9VyjSIia4Tcjl2gfohBdN/fvHtivHwcpl7hnuECKxF8KXAvQ0I6nBNVAM3lN0Fcr0OURtHDiXzDw7mvBpYCluUYiNVpGP+Hu7MaqAg7/t51faenvsqWB19wUISxqayBl43Bgk99NcBCyKXz0b281iO7cBoUOs6J8jwb44JwIDL0mfvDm8VOLL4AIpmr09qZzXHGWe/TR01PvXwZ627odW/W1erPFRwPG7quhIDDajoh14ww/I47/gR0ONUGvWw9nd8vWpybI+Aur79vL4MLrjxV3uKVxBnoWRHlwV156Hgx9NdgiVFU2kE9/1j/zk6pQS+FiLbuVf+ob33nfx5w==
+ns1.nic.gdn.		172800	IN	A	194.0.25.18
+ns1.nic.gdn.		172800	IN	AAAA	2001:678:20:0:0:0:0:18
+ns3.nic.gdn.		172800	IN	A	194.0.26.11
+ns3.nic.gdn.		172800	IN	AAAA	2001:67c:10e0:0:0:0:0:11
+ns4.nic.gdn.		172800	IN	A	194.0.24.11
+ns4.nic.gdn.		172800	IN	AAAA	2001:678:24:0:0:0:0:11
+ge.			172800	IN	NS	ns.nic.ge.
+ge.			172800	IN	NS	ns1.nic-ge.com.
+ge.			172800	IN	NS	ns2.nic.ge.
+ge.			172800	IN	NS	ns2.nic-ge.com.
+ge.			86400	IN	NSEC	gea. NS RRSIG NSEC
+ge.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DIlgh8ZZL2+naxMiF0LrW6bwfyv6D9fY/lk2nFRBk2kYrxZcqhvUKl5arZisxs9icmbIxq9Pc7p9srFCyYuk1FWxVUe1sU1QG/iXnA/n4sH2qik+ntFxKS5ElD3vgOb2zsy1bCtUpWS2jPbgTze7ZHVoM5+kcYYci1yKMnizdwGXiHCsM8vSwq4lXnwJGL+KAYCpQCBSYRUMB5DZWywCsoumr1gCdAETzgww3OqlyNSAL9R+CfHxkDNR4AqP0wdi3xXOxDDeGNJO5Lw5qkJjs/4wpmHfp4bd9xCs83pZpn/gsJ3O7qzJE9T37rYw60RCg+oC7B4U83SkV7WX+dMQxw==
+ns.nic.ge.		172800	IN	A	212.72.130.11
+ns2.nic.ge.		172800	IN	A	185.19.98.98
+gea.			172800	IN	NS	a.dns.nic.gea.
+gea.			172800	IN	NS	m.dns.nic.gea.
+gea.			172800	IN	NS	n.dns.nic.gea.
+gea.			86400	IN	DS	60191 8 2 62049B91E513B7230F960B356C6E70634AF960EFBFE5DDD4F33741A26B2583F0
+gea.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rNyKnyQxqp07rnlnz9ZYMEAEsFwYvCvFyAFb4buepMdd+nYXXeP2sLBvzHgxIduyADQVFgpX40TjKp8TFbHN6ytgBs0eQhSAie05y7/vMRLRUqyYG5/LU4yninvR4AphMi1ViD88qu8T0Oc125ktduzkzGlzE5uJ88lQyAv4CAJtg2aGES9STtwANwIa6TYz2dvHcnb81/H7wMsNu84QMtXcqwaWkDpl6L18EA+PkYny1eOoCVWJoAOJuh9W9FnZuTGwDevOmROQ6zUlg2eA3gXRWXH/7DwAa++/ml2CKVkqUxp/+K6Tvrk9GB5mkYP0QXeo1XrGR77oM/05Ht1L/w==
+gea.			86400	IN	NSEC	gent. NS DS RRSIG NSEC
+gea.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KU4+LlApG4EJoVvR2JLz/i3EwVec73wQL1nfayrhMwqQ9ah93JWYCp5mkX6adTnK5SbCjjnHRdNX3aCVLHb7+ATJuozW7ricX5ouyyCxbIa2kkNwB2KUneWYF/tVzZP+Duy1an9oFcqmqiVOk1KlyesjebhYeZ+kPCu1+H0UTTYkPMqNVqo2tGlblLnoLmesAsWnUIn4mODOs57xs9jAlvuFEIuhkQSzqPPHUInfSKrPq4RfylsoZtQjO75/M1dSX2aMsEYEg8RpuouB4649RZjevbqxeAtK5NVl0/AU1QSDfaS7m56Nx6lH7w/0BEM4rhLtJ/bq55dGWbx51avGvw==
+a.dns.nic.gea.		172800	IN	A	194.0.25.33
+a.dns.nic.gea.		172800	IN	AAAA	2001:678:20:0:0:0:0:33
+m.dns.nic.gea.		172800	IN	A	194.0.26.13
+m.dns.nic.gea.		172800	IN	AAAA	2001:67c:10e0:0:0:0:0:13
+n.dns.nic.gea.		172800	IN	A	194.0.24.13
+n.dns.nic.gea.		172800	IN	AAAA	2001:678:24:0:0:0:0:13
+gent.			172800	IN	NS	a.nic.gent.
+gent.			172800	IN	NS	b.nic.gent.
+gent.			172800	IN	NS	c.nic.gent.
+gent.			172800	IN	NS	d.nic.gent.
+gent.			86400	IN	DS	2640 13 2 E97C1F6F53E1284399D6DAAF670D8FCBDDB5618710ADE52C1219757C14C77D88
+gent.			86400	IN	DS	65113 13 2 FF773C6DFAAA57475219BA35030A346181A8737E02E2EA2566C452B5FFD5A69A
+gent.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eomPmAuK7knvaz4E+BuvPh9ADx2+nuheLgfdYp/7qPx92/+O3uXeRK3jO+FxpEXpX9xS3sO44x085TlyInBbej34KDSYGJQO1bJZ1XsKV8XR3qBc0ePl/RVvNbsguthesQoErKHLhkXixjv8Ws+mq8cQePueQRmro3TtTOk2eFnAGKaeYMyQ7+cRz7U+bGKdzBvMorMqN/Y1G1YRwRYKUhMNSY6CaU2afcLafglVZjRAhjhWgGycDIkKMhs1dwJP3EQYboGVLIko61bDOsf2K56RL8mV10o2CKk0px15thg44xqIzquf4fj4k+2bLJSMtX/XQ8zYEEfVZacGsXOk0Q==
+gent.			86400	IN	NSEC	genting. NS DS RRSIG NSEC
+gent.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EewETLRWYDbZWQPSUh79lIanEjDaFd1eB8EuTfBl73epJ/gTBOm7p3EnVeYP5x5X/53Wc0DFHTnu9uxsOPtn37z9wt/v6DDgxKClKu2YhYwUPXMnRhsM2z52/wtRD3VdeU3czmki45HW6w+JW59V9d83s7q3hwg0syloMqKqRRZRpau817go7fxJ0WTsG1ClSWZevSnDWCqqLr7YdAHhQ+JBAz7UuA9zkomLure2gvth8Qgs/YCttA4l75g/HeiVzfb+lnbMqwke5mH8Jfj79FV81duEBHRxUgz/sB5w57duH2KnSTq8xSvRcoJ3dCScpdkc4XpFbBshDjejL2npdg==
+a.nic.gent.		172800	IN	A	194.169.218.89
+a.nic.gent.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:89
+b.nic.gent.		172800	IN	A	185.24.64.89
+b.nic.gent.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:89
+c.nic.gent.		172800	IN	A	212.18.248.89
+c.nic.gent.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:89
+d.nic.gent.		172800	IN	A	212.18.249.89
+d.nic.gent.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:89
+genting.		172800	IN	NS	ac1.nstld.com.
+genting.		172800	IN	NS	ac2.nstld.com.
+genting.		172800	IN	NS	ac3.nstld.com.
+genting.		172800	IN	NS	ac4.nstld.com.
+genting.		86400	IN	DS	22539 8 2 983FDBFBBA09945A8DA7FEACB64460FA801F4A3481D83FA9E1257FC92ED206A3
+genting.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hi360Uz6b5O9smnvf9wLB/6jxjt3yjah2y28o3RGxRHurZoLpzUgw+eM2Jl7s6GJ0tfpKeCbdY1ok4NOxdVzXWuKS3Pkpqs3XgkCqsO3TyXi1vjfnu14LSr1KzFdIEWu0ccELFe1M+YTl9nvX0sp0c+XDeQjc7RTOtl/PLz0ouP8ze3WSqSFk77DvzxtXG0uo2ef0LLk8F+0ai1Tdf/IRIoy4M1J1Pt3viVDAo/vHp2Xej32il9InEsnHtJoLgfGUFU6Fo9LBRwIVD32gpTviMSJ0/t7rsDvlGjg/8zv87lERk4Ql6W012Ak8o4DJBP7nNdK0vW4yi+qF7y+/LzzMw==
+genting.		86400	IN	NSEC	george. NS DS RRSIG NSEC
+genting.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ttYBk4V2GfzQM5kB1udFhA0kb1ocCBquECQQVMX1IVQSbn4AgA/nLBCurW/PH2PDbIko2PiPg+QMUpqd9Jrb4KpgypjK79TMzWa2gs9sDwczwu+MPOnG+9yiNddHZkAe6cosPe44y4cOvGpU1hVZsDL9wkuaKdDcXMXnIQZhF2/hAGC/EXsEh9Im/VmKOHyndNCPE2yo4iITdzxKzyEuFRPC5VMAUaB77Ect565c25h6VLhKoaKY8aRZi4WhnjjzmEtzSEsFDEeFOx02I050iGVvUAE9HSe5YM5ag1Nt6FCX+fB62voMu4IQrmxfo18VOpTL0XK85hmnklME8ZtlbA==
+george.			172800	IN	NS	a0.nic.george.
+george.			172800	IN	NS	a2.nic.george.
+george.			172800	IN	NS	b0.nic.george.
+george.			172800	IN	NS	c0.nic.george.
+george.			86400	IN	DS	1759 8 2 0CAA1F5AE9C0E736030B351AB71BB351053798CE39B3B662CEEFDB956057D5FE
+george.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IpAj/QsgFB+uuHaUaDfOGVHm9zz8pU5nLFtsahYanu3Y6CMZKYq3pRE0tWXlApcuJYltD7yM7FQnz+2Px+Ezec7DIWAQDUrRDeL+7mjJChw221VW6ZKdyX3p4tdV0mXniOh2MGGei573Bb6mqmdWMWQdPqmuOmM6GkPwXu+gZ4pfrp+skORSdnPKs7Q96NGHaJfSb+QwQlKCecGaXhQ/8MEF1NbvwTXvGN2cPeECNLI79NaIvWaoeWEWzQHOQdoZgLwiE/8T2h6GjapH2g4WUfvZVJof6qn4NLI+kcR7WYdtMUirrson9i8KCw+Lpy4L85c2kI9FB7oUpxWuyrQ9DQ==
+george.			86400	IN	NSEC	gf. NS DS RRSIG NSEC
+george.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cqypvQ547eOrxkIZ5tFnN1ar1o8vqM0hmfkVPmAuZ4EpKoVuPySw88Q/eefswOIR5+VvaKpy0cv2yWV1mUto7CdyeBGUi/U3zUhGfE3DBJJBum47AUIWf6r93gOd7jLXVEjnTqJ/KbJlvKgedymNR1WBoSap7aD1MWt2bN4p+kdwKPvDvKitMFDGU+h19E5XiX3gQul+QbNlxn51cPE3rCPsqLTZUjSNWGbMgLZuJ0v/W6Jk/31C41e8ckZghEvnVhohMSJvlhpOb7YLdc3CLnp0mk924dbg61OcvnJbZ62K7/TMyngTgXE6WSdPlIziZWXcj/HaZkYtVOht/X9U7Q==
+a0.nic.george.		172800	IN	A	65.22.112.49
+a0.nic.george.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:49
+a2.nic.george.		172800	IN	A	65.22.115.49
+a2.nic.george.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:49
+b0.nic.george.		172800	IN	A	65.22.113.49
+b0.nic.george.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:49
+c0.nic.george.		172800	IN	A	65.22.114.49
+c0.nic.george.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:49
+gf.			172800	IN	NS	ns1-fr.mediaserv.net.
+gf.			172800	IN	NS	ns1-gp.mediaserv.net.
+gf.			172800	IN	NS	ns1-mq.mediaserv.net.
+gf.			86400	IN	NSEC	gg. NS RRSIG NSEC
+gf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ea2y5wDdzblW4puCGMkOlox4teahmJsit7+Byzvq5eZS2QjvdotSa51J6gyCdSzb2gACQpRTqv1kmAeC5CXRK63axcP4hMgKR4lnZ21i25Ei3w36NCGZrEq1uNyO8LLAQE5+50oj3nsfGGGBNKtds4TxuPhlOxPV7RcRRM4MbQZH2Q0TjH0sLTMopA+mr4N8Wcb/9jwl1hLvzMVVQFb8R00M1Qaw13fVA0igTWwqKIg7hlEvo1x2KCtFevVQ8oBgmIXejnI4BoQf4yF1CfhXGuhD0XJ5mD8ksqso3AKj2DG7RJx0PUXAn3xa/zv2akxnQebkoTaGqjdyejytQQR19Q==
+gg.			172800	IN	NS	c.ci-servers.org.
+gg.			172800	IN	NS	e.ci-servers.net.
+gg.			172800	IN	NS	dns1.nominetdns.uk.
+gg.			172800	IN	NS	dns2.nominetdns.uk.
+gg.			172800	IN	NS	dns3.nominetdns.uk.
+gg.			172800	IN	NS	dns4.nominetdns.uk.
+gg.			86400	IN	DS	4975 8 2 6B95DA44B57BF3BDFCE8E9CF6D28DF4B0FF999A374EFF7909E095AB1C7000630
+gg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Dbb9FFaS71wlY69qiNjdx4A6eWNs/jn/Nmm1x6Eu1Zm6jcBTbMKwTDOc6KQn3ZNcwc+OrjQAC3jdLjhz2H78klYw76F/XEdrFHzvA+HxjGt4Od6MpseI+0uAFCZCcy2qGkoyvUizhzFRZR5kIsC8ag5LGTG251rYg8K4QWF70EaT9isB+Fp7gxpxcfJKml97LVlgPQaTRbkWEcoPdoZXfgc3YgK8OZNuvA6P2SOSq0iS4+NN1Th3BtHLzANHm2J/Lo8KStocJ1mRkDkM4Op65tZ8i6SMxbu34o+mMBT/Z6gKUBd3qkY3MaG1Fp5WeCyaSyIDsUuRAliN6yPnI0S26g==
+gg.			86400	IN	NSEC	ggee. NS DS RRSIG NSEC
+gg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lKTuxp9Yqxx80QD6Qjz6aCW2GOK3L2tcrimyncssBPgGpS1S9wr9i3KxXtxYU+TDS2xI0eE2PCZ87QGjKSRFCKUhBvY8dr6zLB2LfgPvso/jl8NWMSj7bKbkgEtXi0/F+XGs44DdIISUnH+abaUHtD3pNd8bNFgHcg0ksRalACK+HTWqMRWjhRut41vEx604EJXXMAif4tO/gUHnftsl1xszf/EkeUe6fK9p09DWsfq4SAG7e90soHd+Th8zqmKuoMPwL35NXPXa9Msn0ZQ7HWEqPCKJ8RZVZz+I6m5rHUS1wmg1tzgvpJxVqYoCpeSYHe7vD+NJbOYX8a4aGHON8A==
+ggee.			172800	IN	NS	a.gmoregistry.net.
+ggee.			172800	IN	NS	b.gmoregistry.net.
+ggee.			172800	IN	NS	k.gmoregistry.net.
+ggee.			172800	IN	NS	l.gmoregistry.net.
+ggee.			86400	IN	DS	602 8 2 0D54D07BEBF1A6AFE76ECF6D55C48698D8F233B719009329E4465B75078479D5
+ggee.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KyTHf6AqwfJZeul7WldaLjRYqHtwoyLF1pRSJZQhupY6LAkd0Orehsno6E1XYX3LRpHHFKmf5yB0vUr1Rpm1d/3YVVtzGgaKqLkSeqiWK7Kzw1yzAhyXVfvEK8jLZ5WO+E54IVmuDwYNvDexapNedTG1VKwpNl65/Z42jqs8Wt8B1ACjVdL07uQpdP6LO8pwjDXhspAmCN6JaNuF8y4xJle4pAYHTsp0Uey/aAOSOS+F99GgS4ZpRyLCrBJrYAS7S6PVL8BDuzCsJnwaBEUL2Kz7BHcmf3O5Qe5KI38pH0puoAnX55XBc+FAml14c1f55Q537F4TJ0jpH3NXeG7wNQ==
+ggee.			86400	IN	NSEC	gh. NS DS RRSIG NSEC
+ggee.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AcXxK+DYz9jN1RKpnYtVQYm7ubb3Lqb+6b18QTM2yPnApBospIaYqEnwmrKIFMhB+p+JRv1iJVyDiKenBDshIkNh2ko08CEX5rnnZGLnVGOjEICMttCml3qVuPlP+j/7TnpYLm8A7imA7SzhYHXwSYTLNT0evndwY8AwTf0WyS/LGRaFk54J2OVLOrfOF74DSvIbzDWC8dbHXKpAP3XQiK6R+mWNDA0rTh9b7juwYp++lE8zqHzXYGwIltBvKqEoU0M2RpNcFVRbQeAQ/9fe2MLuYgAqR/fVnkoFOp6boAc6pypwL2WKWx7fNqKEuOTKTgs+dFNZGKcTPnQon7wYEA==
+gh.			172800	IN	NS	ns.dns.br.
+gh.			172800	IN	NS	ns1.nic.gh.
+gh.			172800	IN	NS	ns2.nic.gh.
+gh.			86400	IN	NSEC	gi. NS RRSIG NSEC
+gh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wTqmyl6jD71MvWLhomRMAPov0cCq5Ay4rmzEkc3pC7mk+7ZRnoYuhtuTuj41Z8XVwugOOnLypEuorRLyDZODKzjc8dajCBuMSiNU8cEwen9+Pm9eNevw6X1RwJxcq/KVeiILVzUJiFs1sK28BJ08//dOw6Od7NQ1mp5KJJucGWlbklnK8Gct7pv+GFUnuuteK6XX+uuZ+PBwCrHBGo8AbytiUY5QzSHzUtYL/dNuKuo+bIeJwaCcp18HzUtHO/XdU9G/NByJG9oqnE+/4lf6E9yGFJ0AOdKaF8SZqVxPva4lzVIA8JZFLE8zlhmdX7hp/4EOwLI0k03K+lIbhWs2oA==
+ns1.nic.gh.		172800	IN	A	197.253.95.251
+ns2.nic.gh.		172800	IN	A	197.253.127.251
+gi.			172800	IN	NS	a0.cctld.afilias-nst.info.
+gi.			172800	IN	NS	a2.cctld.afilias-nst.info.
+gi.			172800	IN	NS	b0.cctld.afilias-nst.org.
+gi.			172800	IN	NS	b2.cctld.afilias-nst.org.
+gi.			172800	IN	NS	c0.cctld.afilias-nst.info.
+gi.			172800	IN	NS	d0.cctld.afilias-nst.org.
+gi.			86400	IN	DS	33934 8 2 3DB5809DE2E1052B00E010F54B404BD59CB5CBA0C8306E1799623BDA45A1CFB7
+gi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . quMxjU3HIM1cfx1MZF1PoPhJeX9uBaLLWCWPxwkVr+bz/1p1wIBPhZAfbc/A8mVmJXgWQFXUG/1ZJ/INrQqalLKzd0IF3ljX5kpaPmIe5DA/3x0dFfcDI+8YGpbvztdQKTSHb1F7rkzQZV/DsmvLsAWbEkqtLF5V6ZxWXOPzKJu2wLr/zgpqtupP1Qt8/yClLSdUWN2l3qYDQ2uQ+IMG/OVj7Qlu4Nkon2cx04I4TtXj3HAlh8OjvK/KiLN8UMfNcU7SF/iGKZQDlYU4LdnbSm5oQrg8zaKrIVgjk4brtcPfADouMU2n2HiumPRq2K1t2H/NtZyQZiB6AIyeEmck/Q==
+gi.			86400	IN	NSEC	gift. NS DS RRSIG NSEC
+gi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . khnTSk4VGZPIjrB0z+fyWJwybIThbnSkPA+gF5196cO0tbEHLVmkdM4f52o5DVSHGPsrB3RR87lVfW6nmgefcmm07sxyFSO3JWbYeotUwYUDsBqsqGX5xflb1mbiDf0gQS0mQrTzobzrJWQguiBEMW4Ek9xmCwZnuAHU/rkdjx8rqDGBOOYvnpe499Qs/woJv6vKj8YHnFraJMLdxFyueG3AJAumEcs9hxP4CamFVKbJGJE+891nJZ5c3HpHX1vd9df37h0hc62hMQQlTTTa2qgrM6/agy/5cOweyDqnjTEQWXv5uKESnBMIldcc8K/F5G9TBpuVD+bfjvwlAKlbUA==
+gift.			172800	IN	NS	ns1.uniregistry.net.
+gift.			172800	IN	NS	ns2.uniregistry.info.
+gift.			172800	IN	NS	ns3.uniregistry.net.
+gift.			172800	IN	NS	ns4.uniregistry.info.
+gift.			86400	IN	DS	45508 13 2 EEA1DC9AE9E1BD91256962BFB0D639C8DF881E8C56981B667FFFC27DAF293A6B
+gift.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CWKcAbWdRyOorI7nd0supjA2EUUnuk+dff1Bx73dT0Aq2gtuKbrkrzODG1GIjzIRUUMgPuT8qXw+GQD68IkQWZ8hiU1pM12/3O2gaqKNDcbNGJ4jzJPPw1k7EXLmU8J1yp2IpVq7/7fHC54Ml87yB8Zz7+rYH6dZ/wOXxHnVGGdDb8FoMvff7zgt35cGdumLyLyIj/DCNKsGSjge0p12JMNqnif6v/XXR4mePqvxnPoe7W+AxVfKRiYFe0NAXO+u+6N3tFDePcuQa6xL7g2ZZOB7raIdQJOh+Td1rbzCsGmG7Os7L97mCJB5GAomN5jZ+mu6Z8wPHh73A+gyyFASTw==
+gift.			86400	IN	NSEC	gifts. NS DS RRSIG NSEC
+gift.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jimUtqcdEAUbq23vwfI0oQoCG7z2H2ZpEEP8xVwbmjr20ZX3faYwQhJDV+hgfStzR4o0AUpwgdSI8N26cybzinKmJ3HM/Ir9U13pyASDHZ1OEsKHmCE6pZu3d2obxBlEKRBt1+UUUYcDndXnJ5ijLPY1SKZ+QQaSWvt/ldS/IMhalPZOIdQiIW88IWwncSab+HgKOFyVC518a03aAG2u96mhwRelJJPbnV3Ekc7u6YFWvs9dyF7U7o/0WkYrHr1GFuvRuqF0hq0jtlisnuUTG5TiIHun/D9GGa37TNJUI34i15rnRAjgLakvT0jVGg5oMPyOBPYCttKpBMh3lsR40A==
+gifts.			172800	IN	NS	v0n0.nic.gifts.
+gifts.			172800	IN	NS	v0n1.nic.gifts.
+gifts.			172800	IN	NS	v0n2.nic.gifts.
+gifts.			172800	IN	NS	v0n3.nic.gifts.
+gifts.			172800	IN	NS	v2n0.nic.gifts.
+gifts.			172800	IN	NS	v2n1.nic.gifts.
+gifts.			86400	IN	DS	32917 8 2 49D3ABCFB00907EB5EDF64455814D09EC2EFA8D8959B1DAA949C71A1D47E3DE2
+gifts.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MK97/xXx/nWSHzCvmlnPK5W5a1K3r1Q8su7/X1N+XL1k1Le6KGIhZGevpExiijLjPmeAui+I1EeskYy3J4Th+lz7D/pZtDlBJGMgxtmFhUz8GtqvzU7sLrOm4vLRSqkJBXrKdoDS+xtnO5AHyK/ezNbCnteGzrb+5pP1+ZtfjIWXFCTZJ8+WTr57r1ZQytS6Z6yUd9Iq+d5BmyHG9jtKZn5J9fH5WG0DYH7nH7iFTOEBs46tKFC2/cC8EhBkBIenYYh2VLCdc+VbxMNAZ9mHSZvRW0g6wvSj51TLGl693Hn6UJyMtAHUivRx3PtAwN7EzS2R5R56WuGPauSdc1ofLQ==
+gifts.			86400	IN	NSEC	gives. NS DS RRSIG NSEC
+gifts.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . S4DN6/G+6YODwb+sYnNF94dFfsCWWnc7swVXGcBbZiFq1h+071IhoT/M/w92NT41NJZ5D9/SKk6ruMAuYPHOMLvI+XzhfrGWFeC4eI4zMifC1MxbIc0AYMbh8yRd0XqgLwJlfo9PChLOYJLnRhTJabIlZ/C2Yade1XCAvLpMxvEL7t1QWWJh5fZ2OTfaTmnS4HXSwqB+43RULpMu1FSaRzUJ1Gp2bnnH4cTijt5Ex79gj0zPake9ISDuNz2WrnXD+QSfeh1wDhoLlP7zpIwGFTYv1yD2LIYQHvGojYdInTDRFE2wb7IVkrYI77Rt3Mkvi0RSuS4HV6g/5ZDI2LzuBg==
+v0n0.nic.gifts.		172800	IN	A	65.22.32.23
+v0n0.nic.gifts.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:23
+v0n1.nic.gifts.		172800	IN	A	65.22.33.23
+v0n1.nic.gifts.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:23
+v0n2.nic.gifts.		172800	IN	A	65.22.34.23
+v0n2.nic.gifts.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:23
+v0n3.nic.gifts.		172800	IN	A	161.232.16.23
+v0n3.nic.gifts.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:23
+v2n0.nic.gifts.		172800	IN	A	65.22.35.23
+v2n0.nic.gifts.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:23
+v2n1.nic.gifts.		172800	IN	A	161.232.17.23
+v2n1.nic.gifts.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:23
+gives.			172800	IN	NS	v0n0.nic.gives.
+gives.			172800	IN	NS	v0n1.nic.gives.
+gives.			172800	IN	NS	v0n2.nic.gives.
+gives.			172800	IN	NS	v0n3.nic.gives.
+gives.			172800	IN	NS	v2n0.nic.gives.
+gives.			172800	IN	NS	v2n1.nic.gives.
+gives.			86400	IN	DS	51526 8 2 D1DD06D869102253FE38E8F665571B0F10A7F2C24AD4A92C10C47503919A6E1D
+gives.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WIvYAX6nrSGpKUZEk60EHC8BlT/ZatCt6OHVeBrxq5oPlIGhxj8871iK966ILSJPOgozeIRNJ3NLjfFCwXjuadoxn/2bg9v1jnCHA8wlHOZ5DYJAHACcDOjr/Z1pBP3fnwgSnUY77Zz0hr2yM51WDxAMQ7CCfv63nNWfqV5yDcH2CCHvmdQsp4tx62lV0+M4vszpjn+o68KSUXgFRoOxHINgvT9BuTMotapsd6Ie0EHvAStOxKQUuAJHhp2wTtnVgZA/luvH/bSqw0LxDaNFP5LISHjQwOxP37gqaOmubNTvGNIWKvF2lRSsmadF1QYXbZp7MiTBv421N+Q08siVgg==
+gives.			86400	IN	NSEC	giving. NS DS RRSIG NSEC
+gives.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . e0fgMtjHHj0NBRB3PRJ4i28ZIv8gbut7YICcQSme5Ojc5CFucUfNZP806Xax1ZDHSKDtZ5j+fHPADkOdhiLNi1F2L2gs+QX6xnKFbrfgTuLWAualWz1Mds3FZhKTijx3eirnc1M18q0zr69sEdrCWBnE3KWUPVta9DR6pYfApuT4BDUDv2Y8k3oZgSSmm1BWAhoQ0kuKhHHQGW5vX8L5aiADFYaGwPW/toKi+aWpkUT9ZsJnhy5nU7QDqYQWLiQJLmI9ZzZJPOSWLSsP+GTLQuj88QFwgeriilyYVAm6dpuNpMyKSn+IezSW8X4khQrxnvw+54vT1TYhcKgLjK63hA==
+v0n0.nic.gives.		172800	IN	A	65.22.32.61
+v0n0.nic.gives.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:61
+v0n1.nic.gives.		172800	IN	A	65.22.33.61
+v0n1.nic.gives.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:61
+v0n2.nic.gives.		172800	IN	A	65.22.34.61
+v0n2.nic.gives.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:61
+v0n3.nic.gives.		172800	IN	A	161.232.16.61
+v0n3.nic.gives.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:61
+v2n0.nic.gives.		172800	IN	A	65.22.35.61
+v2n0.nic.gives.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:61
+v2n1.nic.gives.		172800	IN	A	161.232.17.61
+v2n1.nic.gives.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:61
+giving.			172800	IN	NS	a0.nic.giving.
+giving.			172800	IN	NS	a2.nic.giving.
+giving.			172800	IN	NS	b0.nic.giving.
+giving.			172800	IN	NS	b2.nic.giving.
+giving.			172800	IN	NS	c0.nic.giving.
+giving.			172800	IN	NS	d0.nic.giving.
+giving.			86400	IN	DS	42049 8 2 51655C1EDBA06B3C2329578ADE539D446169F70F06ADFD536C0EF7B315506A1F
+giving.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L50oJDbBK33Ijj3qWu12yYCjClyI+Rh1I9JjxQsann+9dTcmfpM/OH7/fb9KptAe0xLekksHlgoidLrJx+QuivdrlmofHrfv3L5Oip6reJCFGsv3+apgD27VJlIg+SpQXFBhC76FWbTNeGh/VSpRvblMdla91zVouoUOLk7NM6vm216M4H90grsu4FNDv3cxxiw64L5a9K1dZrNm8W54YO/XEvfvN2/BYRJRVb8GtdhkFftAA7yudMrCssvqvUz4a731kHPj4JkexwU+mKupVayuE2K/8flsS/o9Xme+BcnmLxQN/c9ttvhxNPcc3yMn/cCJqipfYt0HeLABLO/VBg==
+giving.			86400	IN	NSEC	gl. NS DS RRSIG NSEC
+giving.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DJ13vUiUQkMz9zquO21yY+ZUh1fIb+AIruIRwMXeqzlBW7jtdY33KYTJFcCxFB4HYcSvbyzxsSeKXNmLCauC6eJCJlJwve0ru4bTRUX+QODQRNWD9xJ2irebcaD+6xvV6TrkakfQojg/ilz0Jkv3wJty3Q3hvq79EsoJMB31tG5hMD6HeKfnHFugZvr/9XqNCje60hjrUXb/+zLsTSyW9jU15HS7Q2SSBrqXhSY5s5y/8rx0Qp7a/IrYgdqR721PLWMlZDvkPcC0bXzAMdsIh8iYbC+v3kkfBNMcgygCwmpBAijMiwGBe9pLCFe1iHaO+wZqVvunUwr7s67wuYFNLg==
+a0.nic.giving.		172800	IN	A	199.19.56.1
+a0.nic.giving.		172800	IN	AAAA	2001:500:e:0:0:0:0:1
+a2.nic.giving.		172800	IN	A	199.249.112.1
+a2.nic.giving.		172800	IN	AAAA	2001:500:40:0:0:0:0:1
+b0.nic.giving.		172800	IN	A	199.19.54.1
+b0.nic.giving.		172800	IN	AAAA	2001:500:c:0:0:0:0:1
+b2.nic.giving.		172800	IN	A	199.249.120.1
+b2.nic.giving.		172800	IN	AAAA	2001:500:48:0:0:0:0:1
+c0.nic.giving.		172800	IN	A	199.19.53.1
+c0.nic.giving.		172800	IN	AAAA	2001:500:b:0:0:0:0:1
+d0.nic.giving.		172800	IN	A	199.19.57.1
+d0.nic.giving.		172800	IN	AAAA	2001:500:f:0:0:0:0:1
+gl.			172800	IN	NS	d.nic.gl.
+gl.			172800	IN	NS	ns1.anycastdns.cz.
+gl.			172800	IN	NS	ns2.anycastdns.cz.
+gl.			86400	IN	DS	11560 8 2 3D44DF84C78A82E0E9824440F3E82B402551341DBFF3BCE72CD786435D15F1AA
+gl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MsaqIM9CwHUSuauRJ8/jPPDz4VZe9WubT7DpYJ6L0FDMK9jVMGncIk3dzUltyHrxdWAmCaN+8clY8Wo3K9L1vbFcXw/3rX12HmdZjDlEuNvnFSHGDhe12RTO+7NtQ0bYPkBOiCYeFrEjE7O32iGFAH7rOpOHa2XaYCZ7b5n3xXrSk5Oop6WDxIrUlyMpNQre0bPVz7bchT2kaqBjkMDarThKM72SGlyz8bMOt4sT7hXVv8APhqI0MUMzCu2/5hwojxqqFOHahuPr2PfhjrYXNSgygAO5vWP9aanbDEl0Qu/Vtk9Q1JatWc27U//EMCEZHeEJw/lAEbmshR41mE3l+g==
+gl.			86400	IN	NSEC	glass. NS DS RRSIG NSEC
+gl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DYSHEtEFqcaE9MZiAWCARIoJTyOvOimue6N2YUjWUqCqD1cZC/jcZr/nHLpwM6rPsIJoE5ZuXxyxaob2YHsIxQaY6cjrOkACS3jOhWogGezOtTPL5h8ce4ctQCr9Dm1iWfj/fsj+Ln7kxqAcJAU9l4HZx6aYcOsk9iOd+AgfeMnYroWqPeKrA3GJFwvvstiMrqj5NTsluZDh4a/dKNOnZzXV29DRB+o24vf1igy4zMTCQicFpI/cu79Tj0xvcD+8A0s6ciWU/JOHVMjlTmWR/sBetTQs4bnDwJTBGvPvi/Mym9CMTNTzK9XdsSoUndQqk0a5k5Jdlp8pBPVojR/YEA==
+d.nic.gl.		172800	IN	A	204.61.216.49
+d.nic.gl.		172800	IN	AAAA	2001:500:14:6049:ad:0:0:1
+glass.			172800	IN	NS	v0n0.nic.glass.
+glass.			172800	IN	NS	v0n1.nic.glass.
+glass.			172800	IN	NS	v0n2.nic.glass.
+glass.			172800	IN	NS	v0n3.nic.glass.
+glass.			172800	IN	NS	v2n0.nic.glass.
+glass.			172800	IN	NS	v2n1.nic.glass.
+glass.			86400	IN	DS	47641 8 2 BA130708530E9F108ACA4B16217084E861F151B4069E567C6E85193A457B219E
+glass.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . c2cu+Xc2UCbEhg7SJCYXCDlIvyTy/hs5idp1LgwupzUlMH/ZJSwMLCwi91+sPsDN5sPtBtZm5Bj2k7DB3DcXcyB4Bk9vZlO8NxGWvejex0kdhAIW3IP8lSMUpwZjPsRT7BO7sH3+0N3kb1IIah0/q81nEi1S7V3PxlSMsSEp3fHLnLZeV4oOSpPeoKm4Dt+MF+FwSS6YAfqbVpWmVde8Trtveykja4AoQGZx1XRQW1w8llNE0QaMtgnVqMynsSouUbIyJyd1FCsKQ21wYc8nUUg62+o4meCnFiKsU1g3M533iR7wlTQ7TXkbQyG6g0GT63LXrI4tdXXL/8t8GL1XGw==
+glass.			86400	IN	NSEC	gle. NS DS RRSIG NSEC
+glass.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O8/gb/gGSlRLx0V/WLQU1zRU//BsVTWldrNXfqPQDxjxg4XYkc7bwf58bA9hz0TbodW3XdkRa0LNMHEZ4KyVbUmNXo08yXkKDVVqcYrSZsKEgYiykpjb4faSx8Ltm8TqdY6n6eVTn636QA+05y8ofQvVwkpDNF+ZhSCCCTj/RZqfDCkJGcqazDM3e1GVcigMmU0WayweBjpDzHpFVxZN647WiJz+XUBEZlP7UtCJXYt/B0wJ7QtBmBoYvdD5/Ddp3fdkQauxJ42xZNdQ1iz2dL3bkfZQgSZPYG8jh3r1i6iZ41HkhSYy6/G0ln52YJHKxJ1V8RHqrJyYkl713Z/ZWg==
+v0n0.nic.glass.		172800	IN	A	65.22.24.57
+v0n0.nic.glass.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:57
+v0n1.nic.glass.		172800	IN	A	65.22.25.57
+v0n1.nic.glass.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:57
+v0n2.nic.glass.		172800	IN	A	65.22.26.57
+v0n2.nic.glass.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:57
+v0n3.nic.glass.		172800	IN	A	161.232.12.57
+v0n3.nic.glass.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:57
+v2n0.nic.glass.		172800	IN	A	65.22.27.57
+v2n0.nic.glass.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:57
+v2n1.nic.glass.		172800	IN	A	161.232.13.57
+v2n1.nic.glass.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:57
+gle.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+gle.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+gle.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+gle.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+gle.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+gle.			86400	IN	DS	35609 8 2 254367C4FA9FAE6E0675EE721943C4CD97371553C9669E4BC424B00CFF86E6AA
+gle.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LNWJg4Kv0GI3zTJA7A/0mnn8zw6L9N3HEBbQ8c/LII3UAT6+WBD0DYb3srqSrK5a6gnS9D2AllQ9ry5aVQ7/TBP3foMWevokFj+2z1++DZBKngXDCb01eS51+SSoN3A7FBylmiIHUgkGSiSQSgonGzt7cWARne8YhINRpzPg918J6C4Zw0NaSlskn9DAaE3qJCokJKCaVMnDBXqraiSJaaU85PNRWYCcQMy5OFnz15ycGFDMilhj5yHHuS4edQuUria77cE1S/ajBRhxd98opR/hpnlPlW5roQGSIz/XlXDTlO1qKsG2sqqHXDpl2uc2l2e2LHWWGdRq+WTTXKLtFg==
+gle.			86400	IN	NSEC	global. NS DS RRSIG NSEC
+gle.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BjkzsmcxlRU303FTqwxZv43AyuXZwQ3Z670z0pzzMF46PULb1L+hfZf3r2oVqztCtWQE4RUTRnNJIeMIOGNhNHt5rZ5xFFEtzHB0D5oKlJQGcrs/jJr51T6bHzHGKphsVlYJL2nKgWZCKxqAFY6OLff94KjULSnrM1/jUTtJ4ITGrnXrN54ULCtHepM3gnuQK3WJTTsv3f2WwTWprpdaqQtE6Y+R+8dDMKsM3j+zaWNLypksh1OKCxRosTm9oXQSqW5+SBOZktAs4z8itcdh8REkwUVYWMncCKZlxdBeZ5Q9GInWnJM2rscxjZkdXL+CKUJGtXy2UMl8mPDgHvXHmQ==
+global.			172800	IN	NS	a0.nic.global.
+global.			172800	IN	NS	a2.nic.global.
+global.			172800	IN	NS	b0.nic.global.
+global.			172800	IN	NS	c0.nic.global.
+global.			86400	IN	DS	13060 8 2 5DD90E21BA23D0192E7F7148F56F7C20FE52B02074AC4BAF8E611F1E6C7B878B
+global.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NttPF1NBiwfU36/zS+eaNGuL4vo1HPDZiSLDopW6I0a0ek0PCc+WasIr+Pk+6u9wGjr6VLBPgQnIFx+wvkG3FRDQEvQWU1BOEekCZQB7ngxVhpNJDV1k7Lzx8WGDn29B7gifuSs06ucSgIldxmj0qtqMqQy2sq5DgrsmwDrxzrNkBJothih6cfkI39RRNWHQw6fnk7zrRPmDKEJNDbDZRpmLRnP7oXTrkgfSJpr0SvFxXuwzylkNSmNup3eRsNJtlTFdPkduIr81QuhzBnvOfSZJfAQnyxb8gT+oq/K6fPx0E+efz2nB9RoyqZIOkDI/RtLgfG01abeuFirVirH83w==
+global.			86400	IN	NSEC	globo. NS DS RRSIG NSEC
+global.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b1x5jvhiVPi8EjDrD8NRpOTbNIDLOkOhoVGvlm/UXP46/ZoLBDiwmDD3Jc/9KcPLY6Eu5iaXSmkUQFnDtBHXNvnvY/UWi4S1tTR1zWC1+tvgx1AVr/8Msr/JDEe1lIXR3uiLV12Gl/tNgPvC5meaRsPdApqdBznASCsJP4EylxKjEbc4/2sGHLuzo0Ss+WaKPiSmUJ3ZdvTMXdqsQqCuQ0dGGb1IA7/3y1O+NWaT/Q4fkShbkH5N+4mKiHtq+eEXFp0EY4p6bUDoTrmA1LH68SGyAlO7eppZ0m/wtqvnu3/3jfz8ZrkSkqf/VNwLs7RFBEkV5J/+v4YMog57XOSGLg==
+a0.nic.global.		172800	IN	A	65.22.80.1
+a0.nic.global.		172800	IN	AAAA	2a01:8840:4e:0:0:0:0:1
+a2.nic.global.		172800	IN	A	65.22.83.1
+a2.nic.global.		172800	IN	AAAA	2a01:8840:51:0:0:0:0:1
+b0.nic.global.		172800	IN	A	65.22.81.1
+b0.nic.global.		172800	IN	AAAA	2a01:8840:4f:0:0:0:0:1
+c0.nic.global.		172800	IN	A	65.22.82.1
+c0.nic.global.		172800	IN	AAAA	2a01:8840:50:0:0:0:0:1
+globo.			172800	IN	NS	a.dns.br.
+globo.			172800	IN	NS	b.dns.br.
+globo.			172800	IN	NS	c.dns.br.
+globo.			172800	IN	NS	d.dns.br.
+globo.			172800	IN	NS	e.dns.br.
+globo.			172800	IN	NS	f.dns.br.
+globo.			86400	IN	DS	2471 13 2 47016576766A31841F591B328D8EA0ED33C9F057740D1A625C57A746EB67CD98
+globo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BeErFAfk4xQowNJlxAx5Y0aUlmY7Y241+xL8AlERsjQHKFzsI4PilEIzm7hb5DKTZbDjbC8r4hsdVNHrOgzyMKWNa8zIc9kX+ePLhpV7RZN2okQ1hLFNEc3SNO6WXQZ6NxXmygh0c+wHnacK7/21vDWalqBlt3Hi4bDHyIwRCiZ8Pnkkr9x9cWq/qODmFkfy/9bLvix0v60zR8ppguqIS3e/YIjHeh82+6HcsdXz1/EW2p7+t5OFtOpSX03BfVBQdBxtvUUyxxbzYR7FM/GQuwyNMxu8zHdCZNKmMAzAcqrGG42GZBuP4+P3BinZw3TOBSwBSxAQbgg0e2j395dBlQ==
+globo.			86400	IN	NSEC	gm. NS DS RRSIG NSEC
+globo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hMCCHaCZXRzRKgpM9EOMin+zxAllDmYNyN9hNm4YNzjnt7otcSVshJGACMpQdHaAafsWO5l9xr/f3BujTe12Otd320Pzc3qQHHbgOrA/8zuQkvoSBVCynfPq5t+VMa/fT9uIkGAiHG1+gPm5HtC6rN7bch3E6wqUTJqLhc2F3t56vdQYAnimfMTNP+U0PM/JGZ4jdROUqe9fJfQ3W7Jg7es/xBHN2VmoaF9AQwjYsIBS5CcF/DPLdvbZwKub5APgcUwFMtf5hdfbGMBdeFt27ZSIehaxA/5em9raR2m/tcjiFTTm8hPUxxLervGB9Ok4WvBMVjZSFy34dSfWX7nf0w==
+gm.			172800	IN	NS	ns1.nic.gm.
+gm.			172800	IN	NS	ns2.nic.gm.
+gm.			172800	IN	NS	ns-gm.afrinic.net.
+gm.			86400	IN	NSEC	gmail. NS RRSIG NSEC
+gm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g90t35wF12kjp8jtHAPgDFTAdhcn4Z211hdTsjhUriizN7MiDWQc/YrvrVMUne7Qg6erBJBmwkcrqqeiMhwFsPSPJGxkSrgZNvufG8/S3xpTYt3gFLCJEc+W6HVO8cvLsMUJV9ISlVHy946cpQnUTtLFZvIX818cZxUPWKdaGewycE0+b8QpOh6aIi3YKNtfXB3GADNF/+WwDTZtygYBnegxV7XAsbmtEq6d4KX4sleSfyGASUPUQySXkT01LDu7rZbUV8A2yQNJSRh4om2Ia8n5i3dUuNS2XdUY2hKY+UfgwHESGys1RiTf0+gw+reRxhaqumlfZLU+4O6J/o/yRQ==
+ns1.nic.gm.		172800	IN	A	194.63.250.217
+ns2.nic.gm.		172800	IN	A	196.49.1.87
+gmail.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+gmail.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+gmail.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+gmail.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+gmail.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+gmail.			86400	IN	DS	39661 8 2 BFFD3D45856E1CB03607F334362CE795E0C8F9F75B7010357699C72FF2DCE648
+gmail.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Y16AxjIEakrL0gWfyZYhoqliMmYWrIlSAx95H0JO/z0QeLyPbek/eGHX/voVUx7iykQLOGhsPZbpV88LCv9sSzpjK2LIQ0Cr429G2CQkkMsN4ZJE0g+dD5BKbS2BnGx7Klt+ss9bgyjtbTyyMGJFQaiFakqD4qZ+ZKhg8Iv6uoXZzohN9yG1LIrg+ER/2rW1i46YA27bGaoT9HPzgjYrtxQzkuZ4BQaYoDKDG7pFYkHze+G2bvL3NnqSakcHWqUNW2I0MItYJHmxpz57qIhOTln6H8w4Pt1rBnjpkMm/PEt4JqiiwtLupNJ3nwvU/T+GYHz23PwGwbTXqxjVMMAv1g==
+gmail.			86400	IN	NSEC	gmbh. NS DS RRSIG NSEC
+gmail.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UiQoRrAikWhdfq1AQ4C5MIPyiUkDG5bP319G6XYTXJpS3cEy5CrbWi/PUJ6SV6oe8PHUq/p8kfmwOa2WcDpMf691lzG6FSpJgD8nzAqpBVWt8vUeRs6SFag6x+QnDcH5H9hEd2EjdNhmUhCpbVD6mIC+7aGgDqq8ydhsZs71JlmZ8cr/34g823V9/w3Ako+OHTRdsy8OR1LpLLAac76QVgpXzO+avIY2FtNiYKzzE7EucMW7Ydw8HJayvNVCDW5p/WVuZLTcWcAXDo/F3A9f9W8z6H1WaAlO2s1ywEBjfVjeB5l12ayj/GhtZBv5qUGmLqJ5jCB02Llnzpa1NEIlLQ==
+gmbh.			172800	IN	NS	v0n0.nic.gmbh.
+gmbh.			172800	IN	NS	v0n1.nic.gmbh.
+gmbh.			172800	IN	NS	v0n2.nic.gmbh.
+gmbh.			172800	IN	NS	v0n3.nic.gmbh.
+gmbh.			172800	IN	NS	v2n0.nic.gmbh.
+gmbh.			172800	IN	NS	v2n1.nic.gmbh.
+gmbh.			86400	IN	DS	50959 8 2 AED172F485DBDEF89FCCCA14B29463F53AFFC646105FE7C5FFCCFBB43DC116F4
+gmbh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . V6qaR9ZNNKa5sgTTs8ZSbMm823RGG6HWxRaKmOrcotrKQgTKjQMrvSRQ4C2Hs7rBBgEvKByBZU7bkJbDN6EJ842WaS+3E8GkgU6Pv2oyFBPdNCm33AeDbOWIqIGbjMshuSrXTcu+0gj0nEep41R6fmYHHd8aOtlAk2pf9kekeMfJL5e50DBUjZvlTiIOd3ixM8qc55tdpKhQTUpJK4TIXZUWfvPM2yMBpMiGqHDApiQsb0VZnjnLTzx08RbV+5d/FR/JNL3fYRKr9u6dM5erw23Y19T0jde5l/ij0ccCxwYXI32CPVzRzPcgC1FJ8Qfhdurz+pNtBi8yGMxaBxgCqQ==
+gmbh.			86400	IN	NSEC	gmo. NS DS RRSIG NSEC
+gmbh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WpxIUnXb3sU+uUBkqEdQyAxyP4uRyI3wWoBrzFSxWa7ht8CvCcH7LLDmtLMDOcchcrhkkxIaAxRnhuqP1Js9qZXBMDGwu6APSztWOc0hlCX83Hq7JF/i211A06cBa4UnkNFAasdNQR5WbxX40UwIAYbmmZqL842Dzt8GupqfmMN66jQvzO4JrSfPwC8w0MHXM8uo4HyzymPXSvlWmb0keyfD9HPOxebnMW2O0c+5M5Pzvt7xy4Rq9iUuxpspXwMKhGzMAS3GXldtuw0IbdEaVFN/64CD10Cb9t7SfX/7jejrmkegVD0doyEgxoxKjEKAD/bimylGUIgTvhXM58ntsg==
+v0n0.nic.gmbh.		172800	IN	A	65.22.32.7
+v0n0.nic.gmbh.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:7
+v0n1.nic.gmbh.		172800	IN	A	65.22.33.7
+v0n1.nic.gmbh.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:7
+v0n2.nic.gmbh.		172800	IN	A	65.22.34.7
+v0n2.nic.gmbh.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:7
+v0n3.nic.gmbh.		172800	IN	A	161.232.16.7
+v0n3.nic.gmbh.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:7
+v2n0.nic.gmbh.		172800	IN	A	65.22.35.7
+v2n0.nic.gmbh.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:7
+v2n1.nic.gmbh.		172800	IN	A	161.232.17.7
+v2n1.nic.gmbh.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:7
+gmo.			172800	IN	NS	a.gmoregistry.net.
+gmo.			172800	IN	NS	b.gmoregistry.net.
+gmo.			172800	IN	NS	k.gmoregistry.net.
+gmo.			172800	IN	NS	l.gmoregistry.net.
+gmo.			86400	IN	DS	44245 8 2 A4CD5D4FC4B18DC7162E94A9F9AC801AD4E67A5DB3048691BEE28E4F2CC7666B
+gmo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FmrRgyIFCqWgJQxbtZ6CqOm0/btdNP44x9EwWvrFrwyKE7kPZqlOf1dJ/OXFdto9vF8PceK282fcG4hiu6VRoPtyd2VBHO8e9k3aRVHnGR7ZnhebkoVIjyfoVrj/wo/lIvSQo5YOZ9d4tiwBflOjmaQJ6dSXAQLTf3l0/RI8eBnX5bj3hKeFh0nB8cnLzTiVKUWK4ivMWGwD8rHPzoI7uFtfLVaGKvo/RrlGxpLx04/T/Hfsq+Tr9vC8irEiyiuz5tT+pVD0eHrRMaY80cGQVpFSaQ5bOWScITC8CrYTRa6ie5uAXoSdfSrDzMRrLfjHW0dTw8InoCPIOi4oH6APvQ==
+gmo.			86400	IN	NSEC	gmx. NS DS RRSIG NSEC
+gmo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NTY75LSINP/pn+DDdAJ9/EtOl/ErA8fCI/MeFtCZBP+HMlafMWHdOlKoLmaVCmnrambJgWhEo+35HQ9db2sLkHIUpN5UMSf0RFbxdXZBU0HhE9lruX8DP/5rOnfoFA/nuI6z0MOjs//5ad6OZFrzEOQoQaa8/44VfuS/jkz222ed4unEIez7YmRQSXgGAsqI38Ukw7009mkczehTMXMeqmsrQDKwwvA41R/qt8AtWIUkGQH6dpEfsOJGQud9BF9DvfxvKu3+818Gt4phOqL9FrdMCJrga3NOzLSB3AoorMJhYyF8mc3ilBxMgLSmw0gw+vu8YW9JfiQfY4bwWXz11g==
+gmx.			172800	IN	NS	anycast9.irondns.net.
+gmx.			172800	IN	NS	anycast10.irondns.net.
+gmx.			172800	IN	NS	anycast23.irondns.net.
+gmx.			172800	IN	NS	anycast24.irondns.net.
+gmx.			86400	IN	DS	49537 10 2 EE15CF33C2E02F308291960DF44A5A87E16C0535E34178528780A9A4F28A736F
+gmx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YdxfVR7MdurcmewGsN4SsixNS4wzzQTrmgcgeb6d3sWyiPD/T7K47CluYFlQkl4zHwPWx8G6uRrJbkhwbbUyXy2lyddn5SbJg4BnyWJGnKd6Acc0crITDUkFVwb8M4hVhh/TD3VaZ51m0M7rvhUOA/4szhE67pFeOo+oVsxLzlgZBcgRSZjG3OY97VDv78cklanfbA3T9JC0JIsazZBLUYDoadNYhWrV9vCx9plp4zJACJ518bMMsDj/S1x00j9GbGhGdSxqlwOKmIt1r11GvghGhOLINjGOpUyUXM7dLWVb5Pxus4tdHAKGdPar1Q6Yi1/dcTc//GipMl41SV4zjQ==
+gmx.			86400	IN	NSEC	gn. NS DS RRSIG NSEC
+gmx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sd0TEisdGPLLyqmx8VSe1CV2RsbJmG7iLGcttUkiDueYP6UrLVMvTKxpIhGj93yBRcwHC9w6AK0fEnwkVUrqSaww51RwvWCNNWhUNz0nrcfJkBz6qfj/NISk0URAPhnV6V3/03ikBjxc14wbLS9u3gXPYfQG9zuHCUc/AnZGfXGFoJ/4j45/ux9CVJqztsbPxtdVWW6JZLc63Xk5F9FySMZsH5R4UTH3gK4CDMzyFMkuEGjzGiWu3iHjnqmrwys18LF5CFUeEGMMgXNxzaAHd5Wz0X1sPF1OyRvbv44zmTMksFYigMHo3yD6XRD44YEK/iv3y4mFOmHFG9aLNTJUlQ==
+gn.			172800	IN	NS	ns-gn.afrinic.net.
+gn.			172800	IN	NS	ns1-gn.pch.net.
+gn.			86400	IN	DS	9311 8 2 E471B517052703360CA1C48BE047E7C4316F507A07213AB25ECEB6A63BC64C09
+gn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Rno/oEJAHORVbN1oB7gTzvsGKBaBSyrzRu+BUvDLLs5pwW34T6NKcR/RbxnESGVYyv0Cfgy72PxoIA7L/Bey7+ehnGaWnobS4RqjteGTIg1VwO4AQOJFCQc/LdD4I51JGLuMS7f70qIRVY219samxGCOAsZTxnxaCqE5OYw9Lu6ybapJoMYsad8KT8TxEOwGKcYdDyQi9rRppSyUSTvG9Ec+UqGSFnykAmMZPRXxP9S4wmQZ+r+flNIx3IWjeaB2ipIvW3ZkW/XOiVdGwgRYcJzua0Ng5xyT1nKoCQg/qVX+gBaOyjzqxRc6VrRJ/odjy5QGxaiODUHqAVFrHdIdyQ==
+gn.			86400	IN	NSEC	godaddy. NS DS RRSIG NSEC
+gn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ehdbil9L2lZJtedkMiuKJTM7JMsTT92dafuCOM9r5gFa8jU+19moPw/TqPxcHlWrECO+BHYhuz6GJBl1kyoDhtq0AwOHcCmewSWGntUad20qpsJahm3A0MNhk1cmxuOP+Lrn6qkRuw8zxerN93ZtYtqPGd2dFvX4VML5LjVPUTkoT17EBepKpJ4AeCVy0MPEKRHG2xzbXIK+aZsKLzuv0hYaw2LLzcV7TAk7pB6BNgwTaxUsP4ANGlwLg7KYysFzeYULFbuEmJwfylm5GF559emWpTWdooYO+yTdv5KviEs5K5zbiicBGqt9dSeiDm55lmH6MM4C8nol/E5mMXh6GQ==
+godaddy.		172800	IN	NS	a.nic.godaddy.
+godaddy.		172800	IN	NS	b.nic.godaddy.
+godaddy.		172800	IN	NS	c.nic.godaddy.
+godaddy.		172800	IN	NS	x.nic.godaddy.
+godaddy.		172800	IN	NS	y.nic.godaddy.
+godaddy.		172800	IN	NS	z.nic.godaddy.
+godaddy.		86400	IN	DS	29332 8 2 2C52023CFFCCD5FB2D7C4567840E0A06E2360B2A5090BC0DDD9E7B30CB4803B5
+godaddy.		86400	IN	DS	31312 8 2 B9BFFDCD6A38A5A0E6C73CA45AE8F0B66799AE35A1B2CEA3C237F7F1910C9967
+godaddy.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fn4JEwrjAiWylblsGsWoPhdr32ab7D7CLhW7vQprsEfEkRj2OJDjMrbB4yx47Er4zH0Zx1BpEAYxEbHZbnZa/408gqQNB9tbe3yzhxto1pgzGDxhMVvj2KKJNDyEflrGWzR0FmVKRDGFzmG+VaOHNbO3/8o5hQQ0uPKl63I4SL3uwihlym2670ubjG1RNJzasJoVnwolidPZJwdA3MNkpAN9+5FUqq0w0ayJCPUaOljbRhz0XJUdF4ory8zf0hhVt1LSfTKcOiYK2XQ0+T6yMylm8p0iQ2qP2gVO8SRopTDUQJ+vM/565yXu4brUVJOOtxbO2MiE/qjwzvMk/CZ0sA==
+godaddy.		86400	IN	NSEC	gold. NS DS RRSIG NSEC
+godaddy.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . G5ANC0I1IEfR+3K9OvgqI7dKrQvpVyU3dCYo6fdQNaB7jG0897Mi7a1OYAe9lu7ap6/EQpAsJ/AvlPD7FPc8XudcT3mDap9tDPZLEb2a3oy8FYwKrhXt7XjgkA63QwZQ3ift6hCjjk5rJVI4LuRUX+bqdp/xMxLY2gTRcDmhpD2/xWVkGq8VFP5I3g+7mcClebQEkTQ2nZFnrBbLYIRA78s+wCS8gh0gYQ4m7k3YCCeAdtsj3OW3DsOxxiV8HLer6txSAbsTPqHa5beC4KPrrfpak0wiRYCxH7DlXs70c4VmpYSR6JrhgxrFaYGjtu1zGMCXGGSp4zOtqSpB5bnGiQ==
+a.nic.godaddy.		172800	IN	A	37.209.192.9
+a.nic.godaddy.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.godaddy.		172800	IN	A	37.209.194.9
+b.nic.godaddy.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.godaddy.		172800	IN	A	37.209.196.9
+c.nic.godaddy.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.godaddy.		172800	IN	A	156.154.172.82
+x.nic.godaddy.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.godaddy.		172800	IN	A	156.154.173.82
+y.nic.godaddy.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.godaddy.		172800	IN	A	156.154.174.82
+z.nic.godaddy.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+ari.alpha.tldns.godaddy.	172800	IN	A	37.209.192.2
+ari.alpha.tldns.godaddy.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:2
+ari.beta.tldns.godaddy.	172800	IN	A	37.209.194.2
+ari.beta.tldns.godaddy.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:2
+ari.delta.tldns.godaddy.	172800	IN	A	37.209.198.2
+ari.delta.tldns.godaddy.	172800	IN	AAAA	2001:dcd:4:0:0:0:0:2
+ari.gamma.tldns.godaddy.	172800	IN	A	37.209.196.2
+ari.gamma.tldns.godaddy.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:2
+gold.			172800	IN	NS	v0n0.nic.gold.
+gold.			172800	IN	NS	v0n1.nic.gold.
+gold.			172800	IN	NS	v0n2.nic.gold.
+gold.			172800	IN	NS	v0n3.nic.gold.
+gold.			172800	IN	NS	v2n0.nic.gold.
+gold.			172800	IN	NS	v2n1.nic.gold.
+gold.			86400	IN	DS	59041 8 2 525579C6CD38E9E537598CEC0953061FE404C9A7623EFD9A871F46AFA0E69E24
+gold.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bCFArqQ3UVLnmD2Qq5uSjgQ5S2pRP6ubBikO2P+F2clZIXjB5ihn7NU+nKVFstfOLXWxnXf9VTISCea1V6bdEe91jVhM/14EWLVNk/8SkJzUQbFqCaFMQ49/kNAR7MItfchcX0ajJWloTDHOyJleDHZQTG9D3AdZrPsj0AI/WLnMkn4A+tataUbFabPxHa5ykaEscNHHth41efzp3QA0k2HiquJxDdhRqaG09OV13jldtPcSbZQZ1SAqii6JD+xkluL4LL/WGdeNnz+VnzchtB6gGke+KwnEtsx38nbx8+9aa1OIAEXNEA47H5Soruh0GjJj88Xq24Hzh14bFs5Vxw==
+gold.			86400	IN	NSEC	goldpoint. NS DS RRSIG NSEC
+gold.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ke+OOkon2c+eNisbOGKGCgsezmqP8hjv94pYfzVlzSAWvntif4am177GuwUN7zV8h0rNvFgm2Ug1s4Q1fRAjoeEMeRmR7oGPM2d28743pRr2A0OYgGb9e7BcHbG2CkWnpkqh6ryGWbq0UDQg/3znB25mQBmLOmic+ffGfaYFE1i+1zo/ypLBVMJ7KDcIEU6CEs2YKqn7JjQ7c/eBs9tMhrnHt0w9PZWTxEYVrwL48agWQZ77ywYhQm/E5ReEs4NvImeqBx3U0fDxX2X+L2Bo83VatidGpwAWaXAWDAOilsw/xLlZi5PYWVCgjmatVTwVydXn/Z7IQyERlnAyzSdifA==
+v0n0.nic.gold.		172800	IN	A	65.22.20.13
+v0n0.nic.gold.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:13
+v0n1.nic.gold.		172800	IN	A	65.22.21.13
+v0n1.nic.gold.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:13
+v0n2.nic.gold.		172800	IN	A	65.22.22.13
+v0n2.nic.gold.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:13
+v0n3.nic.gold.		172800	IN	A	161.232.10.13
+v0n3.nic.gold.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:13
+v2n0.nic.gold.		172800	IN	A	65.22.23.13
+v2n0.nic.gold.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:13
+v2n1.nic.gold.		172800	IN	A	161.232.11.13
+v2n1.nic.gold.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:13
+goldpoint.		172800	IN	NS	a.gmoregistry.net.
+goldpoint.		172800	IN	NS	b.gmoregistry.net.
+goldpoint.		172800	IN	NS	k.gmoregistry.net.
+goldpoint.		172800	IN	NS	l.gmoregistry.net.
+goldpoint.		86400	IN	DS	44254 8 2 B83DB888A853C9309A732E6AE3FDBB3FFAEE325641B4F2F33EF6A4C468AC206C
+goldpoint.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uhPPyBljt/XpD1BE0M++Epq+rneJpH5Tl872Bmsda2SVkPuqDWNKZdy9zLtXT4bCffqdMIZ+t8jm+FQJN0z1ojbq0C/TZKIvv1WsnSLI28aelz4LOt1d5ziqHkpV+WLdK/8BP+ceS+A/vRO3qNrxc4HmwwBPITWXJlSAqrBmGmXMU0fLFBar2QI3XGs7I2OzY4UK1AGc4cn7w17j2u2ydpcAXLfpqTuc6QD4rd3+hmC9XVOGy1isuh2Ur5+XQBQ1aXIzVbKFWyLNnGW0N8hJN4HrMM6AHRkb91on2m7TKpv6IrWkbWB2sM94Fl19sks4O+u4rOuQbdWqZdABvyW7nA==
+goldpoint.		86400	IN	NSEC	golf. NS DS RRSIG NSEC
+goldpoint.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uxYoGK2dGP0yAyLTndtbsaLsVYxsi8sd+GaNknWNLhhFWAKJZiRZr+xK/hwxkpqIydOh92h/FDh69mBeHWrIa/oF30tSVG+hU8tUseWHf1kkQ4d8RrGf9pIJ4A9ooN/gJyDL0bDv9wwb5Ioy69o94TMSf/UdXJSdtChOfoBcfoJHiOxLHoNtYUzByKA0f6RJcSLL7tEBK/q3R+bq8jEGuWwkyoiiMXHG4xYYP3EFvW8o8GMs5gcrgeoysZnTYzSgEvHNGwBMY+7NjQPgbhqrwkFXzegoOLLM2VDEZWwuPSAvHXUy2uwxolV9wzCPnB6aEnCWLpMjRSI11OBrvNqldA==
+golf.			172800	IN	NS	v0n0.nic.golf.
+golf.			172800	IN	NS	v0n1.nic.golf.
+golf.			172800	IN	NS	v0n2.nic.golf.
+golf.			172800	IN	NS	v0n3.nic.golf.
+golf.			172800	IN	NS	v2n0.nic.golf.
+golf.			172800	IN	NS	v2n1.nic.golf.
+golf.			86400	IN	DS	10444 8 2 FFF548BEDE169FE52DE3106F856E5A31A0B349D1A54CBEC3C2FF0BB837B29108
+golf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fQ6QBaNz2dwmHKzeumQtC6VE0pQ1vrhB35K2AepXSAp9gQ1mY2Mxqk859WE1kh1mn4KL5Ti5kj3rSTwag9DesbiBvA04TB/ILEdnNoqogzkZLyTrGjGL0dnfz72+FaKuJZ0Aoc4QrbiyAgp1KjUDQt6UisKjZp8TIuVUQrr7b6Jog9tTOy4SFm3+fKfV+ki9N2hepfI74ToyVnvYfh1WCiWR1lOtKnrAcj22xxmdPinpYHZHouB2KEoLe24aARrlhBLZaSMeHo58QjUvfO0Z/mM9/Wy4EfW28UGrHihH45U4A101mNsfxoQH+QyQbrnUPa1jPKsByuHc+aZkPfPMhQ==
+golf.			86400	IN	NSEC	goo. NS DS RRSIG NSEC
+golf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uVf9cQYh5uFNjSG3WPyZculSfKnuauIHk3aGN+42yeybsdSotQVQBWqPq+C94uexSvXbVtOGOzQkjp7wBla7KRmHOacCzKrxdZlu7iZB6qdPdeWBiUH7yWyoPb2dSG0shSQnXAVMKt46uh5gey4PxfjgVE7pfHm0OwXIim5AV4RlT1IIhBV3b4ybQ+P9i6Ro6tcVNJY5CqPHnw8tnhvjgVviRnk194xAnEg5fubxSvnv0qYmkumw4wzIi1KJAJhxkQUAwVcwGJm3fVMQfhGIO7z9GHxSgFyVKaTAFRB/d5U+TNO0kSUF6hwU/sQnruhFIUhrGxpHxT7DA77ou7H3Pw==
+v0n0.nic.golf.		172800	IN	A	65.22.28.46
+v0n0.nic.golf.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:46
+v0n1.nic.golf.		172800	IN	A	65.22.29.46
+v0n1.nic.golf.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:46
+v0n2.nic.golf.		172800	IN	A	65.22.30.46
+v0n2.nic.golf.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:46
+v0n3.nic.golf.		172800	IN	A	161.232.14.46
+v0n3.nic.golf.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:46
+v2n0.nic.golf.		172800	IN	A	65.22.31.46
+v2n0.nic.golf.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:46
+v2n1.nic.golf.		172800	IN	A	161.232.15.46
+v2n1.nic.golf.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:46
+goo.			172800	IN	NS	a.gmoregistry.net.
+goo.			172800	IN	NS	b.gmoregistry.net.
+goo.			172800	IN	NS	k.gmoregistry.net.
+goo.			172800	IN	NS	l.gmoregistry.net.
+goo.			86400	IN	DS	6266 8 2 CDB2048D86D951BFC2320C25EC2211B19E22B00F8A1FBC6A6A7CBC9D5D9A9924
+goo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KosN2RVzK/A7iPvo8EZQwNQ6NaPBO5p23BfqNMjZWPiUWLT5xFfF8flBGGQRz6FkZl3cf46sDd+SibHgfg9OT3pPMTgxVbYThywJNmi9KqGujzB592nsk/dF9oIl9mFs2j2OhFBsweBTQDNX3zIxFoDyuDtTI5IhgXGSv28NzqDOiaf63aQzPSLy6UrSAHBP71hfUCNdDf+Wy2Mnofz8XjsLxSD9NHrIy+sGIFIjtY5qlnxUJn2uTp4yAse+KHbiRjR57hA7HMxeFCHzUb1dTu36g3yjHhWrJc5LbMqSJAIH7uU8dsZci3tKJnT3xqVHJZCj2xsAmAll9YLxeThmxg==
+goo.			86400	IN	NSEC	goodyear. NS DS RRSIG NSEC
+goo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wt1E2YdLzdfw9F56GZVytrbpSzTRBOscxJEnoRDaRFCrhsq5+3Cwk7zvNlprYjPPHXFmon5SGEzVejT1SOUKbYQdbOFal6FGx38IINIKRjRhVlrytFOc47Jlo1nvSUvyq2b3wZ/dlwHQFF3UICCrVCauGs6Nbd9ZAMKRpc3fd1G69dzK8jsRj4EyvCIao63twKZfOHo1UJ+OomGY5gXXcBV/azhEIFgtmmEd1DBy4YQrSwTi22kqw8sN19ZDPrG3MoJeDf9dMtFlLYZaFTviejNfpmlIbMWtWbmG64Ek987QENArZ7m/WBQpAbJbfNkxUhtOcWKC1rE0BVf+ddn9eA==
+goodyear.		172800	IN	NS	a0.nic.goodyear.
+goodyear.		172800	IN	NS	a2.nic.goodyear.
+goodyear.		172800	IN	NS	b0.nic.goodyear.
+goodyear.		172800	IN	NS	c0.nic.goodyear.
+goodyear.		86400	IN	DS	43276 8 2 31677E86241AF9FAC9000AE3681F1054BB94FADE26D91A92109547D4231A64BC
+goodyear.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A++UbMO3NlGWN/cSjjbntHXHR3ydj+QvimJWbf123EdMNjRyLRbP4d7/lXsnN1NsBJ3KasiDhA38Fn6Y9DFeSBQFCc635r3my6igiIS6FD93eeFNXskSrTClXTkanA7u34lnAUXEiD5x4rzvsOS/cKMU1oJtHsBhHPFXPYgxEfMaCLSUmw6qi/ALrXhT7amkpUQwVoqD9TgZzq5hVR1FgNnWGisSBpkor5++APcViVf3XdYskZaAO8+vb/dvnDgnIQG8rOwoYG02h1U4jDzzjPTh5xHOUvb9HuOXDmhdKv791lkB88019uNwY8moJ2snNvyT0OSZ1nnpJSS2sVzHvg==
+goodyear.		86400	IN	NSEC	goog. NS DS RRSIG NSEC
+goodyear.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . loT3XglTYSxqIKmXx34yHCbwUzqrIFBIyhJIVvbJzHUdxZfgRchSKIrYeybDuFKsPFIYXzrZUcfEOQtKQztboSDm7qoMUC1JyfGKCmbX62hZ0RjrH6I+zFgsfk13pNdigYN0d4Pljn3hpowDcBVy3fExIXXNiLzBGILokdCZEL1S5hpW/diX/vslXZcStwVQk5lkENt6AdNfy+V3PnaM87w8JELdXQ47G0FAxEQ2off921nBOxok93WhJjMYX1wlDnITk/0PS+NTIIzBGn+ucrrbbojJvO+ytBf0yEv/V5aBujS/FYXUs4nrycumNxVb1pje3NqmpxWBSB3piB/yzA==
+a0.nic.goodyear.	172800	IN	A	65.22.120.41
+a0.nic.goodyear.	172800	IN	AAAA	2a01:8840:76:0:0:0:0:41
+a2.nic.goodyear.	172800	IN	A	65.22.123.41
+a2.nic.goodyear.	172800	IN	AAAA	2a01:8840:79:0:0:0:0:41
+b0.nic.goodyear.	172800	IN	A	65.22.121.41
+b0.nic.goodyear.	172800	IN	AAAA	2a01:8840:77:0:0:0:0:41
+c0.nic.goodyear.	172800	IN	A	65.22.122.41
+c0.nic.goodyear.	172800	IN	AAAA	2a01:8840:78:0:0:0:0:41
+goog.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+goog.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+goog.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+goog.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+goog.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+goog.			86400	IN	DS	8029 8 2 01509DC8D2D79E32F9A9C7F9845FDF26E4C4B7B2D6040E0D9381EBABE5331801
+goog.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F39Pvd2s2y2f2Mx6N1nblP5I4Om3xUhKXXdgf0//hCf8m5jm6EH/6b6L5335+5UjNqo3/gpLyrej2ogLwAhoCH7lpFLvo/kuL+3DOKLofnL+y/awlBhKP4qUpGpzoS5bpmtygcNKwi0FLamxOwJSaWwstLdcm8QoGHdN+LHzJ+jxPYiC3Nr6lCaTSQIHzzxsGOEtduXDx1X8x/6Xzw3BU6MZ2UTagBsVcc56hceANaIroyc6DWZQ/D1t8QCR/dvmARg0KPFsM86L+ueWwaRlJzU0hIKQ/xz5Xzj0UCa+KY40u5xCWH/3tpbVmdIWGr7oLIokh8HAfwjJJYXSuULMNA==
+goog.			86400	IN	NSEC	google. NS DS RRSIG NSEC
+goog.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aCQKYdgxxeHhesD4kWp7TY2YlSHohLFYD/hR2sludZqiZ2Ff3m1zFCsaeuWdM2pmNH4CH6sFVTxbQ5TwufFRT5fDxBh/tJvw7fF7kPr1i0OxqKtz4xqSnSaC8KOR2L9TTGooL2FnvSHVXX+OCwG5aSuHk7D9QjYvWNGGrUad+yAR4L0OBk4TozNuPCCvIee2/3F4gf5GqFSPVq9GNI8DpBVa899gRqDsV2KPrC76pBOAnB3iFnarNbvmstdE4BGIiBdDC/OZ2rd1IElzLoYeUi3mXo8bXDftKuWokh06MEr6Qa0+RnJmRxaNihIIKEk4Tg8vUifqwjaQocitvOJ9zw==
+google.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+google.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+google.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+google.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+google.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+google.			86400	IN	DS	6125 8 2 80F8B78D23107153578BAD3800E9543500474E5C30C29698B40A3DB23ED9DA9F
+google.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . s/sUHkWBxfuQOLrFUjfTMaisXthObBCFsQ/mVfeKRqEYbCTewh0/9ctx+w7RjXtCa0HWk2xIYianzKw7l1ydJAKqEtZgpI1IYBwB9SmCP6GuZFc5GCS8Zf0AslBMOW/yVGsOdwY+J2E8KwsEu/27ZMqyy9h4cC0JUSSScLX38UUSPxGRPpU30jT5pwS4VIqq2RxBaMTeLR9u1f7WvLFp96sb5I9MfpH7DlJHinGfp3XzCxIhcFnTZhFkmv9a9licKzMrU+TfHx254uLnSEFjzVECZkZu68iY6EdTCnHq4ss0z02KYM5rFNwrW/FsRUEpkqNj5oc+IFqZkKyIpLG+8A==
+google.			86400	IN	NSEC	gop. NS DS RRSIG NSEC
+google.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UIW1f/chP9CPHhaPK7fCnfxtStSC+mwP3SyKM2QmYBe0ZPw3z/SnLX31/FrwUpPn6zhATzfh7qa9pIcT9+qt1GZNDk/CkhePPV/HG3Qqnv556/a18/Nzn0GBepXfSrPayPY2DIi50oJCMA/thAeAYNZCdbivK7aAJ9mkeX297h53cPN7vSxRvSGjwtCpkFfOAE0FblXFKCiJcaBiIN72h0qt5xKWcWC6sGtUoRxvdTtaj4hYCEfkSU05r5Tw+fSlFx6gA/iMjKShZAsJFYE8LTbDqP1poA/HjBMgEooa9G/vXrAA+hXKfM9sq0R7SemDVqnBltL5L8JLjsZA7+KBxw==
+gop.			172800	IN	NS	dns1.nic.gop.
+gop.			172800	IN	NS	dns2.nic.gop.
+gop.			172800	IN	NS	dns3.nic.gop.
+gop.			172800	IN	NS	dns4.nic.gop.
+gop.			172800	IN	NS	dnsa.nic.gop.
+gop.			172800	IN	NS	dnsb.nic.gop.
+gop.			172800	IN	NS	dnsc.nic.gop.
+gop.			172800	IN	NS	dnsd.nic.gop.
+gop.			86400	IN	DS	31562 8 2 13454BE0988354AE5CF482CC912C8D377E0D72ABADD4A7C55E6DFC923E26868F
+gop.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RpeQ+39MGliRlZL+7QsOOENtzKghHLrmIq8+Jo6IkpjjFXbmkoorSCTaJpcSuqjGSexwUZCpoBG8U1Lt4ii5QcIidxsTjrQkv4boPh8zm1W0iJbFLob3jndSLwqWu22RznbnMkXXmnjl00dYVMMhX+6LufycC3UYudHw02amTCsLWhq7Vifz87ymVmVqQ7ADBjkrdguLOa+7t0I7Hqh4CWZO/LO3j/CW6yBNxg6RXiXhiJDaVfnKzXjMH6WXfzq6dqjaYeGnuOh0L3NccAROAeajRsJOACaUrS8lADNErpv9R8VCYans2Tv7ko5EshURfiDk1mFK5Ngdqgs5KS0e5w==
+gop.			86400	IN	NSEC	got. NS DS RRSIG NSEC
+gop.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ohrhcrwzkoqiQNlLeAuIaVMWNsvFyq7vCI+r1mCVzENt5/1IH5yvzTsHK/OaJwS6OlRA7B1NgDhyl2qglXmiBI6oymGAbmqZhhMNjXo3K/lUAYdbCSAT6FG0C6ilgZdg6xgWMIca1xoXImsmTv4TuyP6sd68/lOjS7v41Zh/pooObyQGN/OeRjyvUuHONk/z9ewf7l/NmcMJ2NwORjBb5vdl4Zk0ySh5OonYxEDYbATxHjER5hW2SrzTUmeJ8rqpSr/hGfBdA2Swpe7bYmcsU136FmRlNC7wxMEDRIwYeC/HiqkWXnzeUFTZpvK09LXqJQJvPYERrYYQSNGqQoeVRQ==
+dns1.nic.gop.		172800	IN	A	213.248.217.39
+dns1.nic.gop.		172800	IN	AAAA	2a01:618:401:0:0:0:0:39
+dns2.nic.gop.		172800	IN	A	103.49.81.39
+dns2.nic.gop.		172800	IN	AAAA	2401:fd80:401:0:0:0:0:39
+dns3.nic.gop.		172800	IN	A	213.248.221.39
+dns3.nic.gop.		172800	IN	AAAA	2a01:618:405:0:0:0:0:39
+dns4.nic.gop.		172800	IN	A	43.230.49.39
+dns4.nic.gop.		172800	IN	AAAA	2401:fd80:405:0:0:0:0:39
+dnsa.nic.gop.		172800	IN	A	156.154.100.3
+dnsa.nic.gop.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.gop.		172800	IN	A	156.154.101.3
+dnsb.nic.gop.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.gop.		172800	IN	A	156.154.102.3
+dnsc.nic.gop.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.gop.		172800	IN	A	156.154.103.3
+dnsd.nic.gop.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+got.			172800	IN	NS	dns1.nic.got.
+got.			172800	IN	NS	dns2.nic.got.
+got.			172800	IN	NS	dns3.nic.got.
+got.			172800	IN	NS	dns4.nic.got.
+got.			172800	IN	NS	dnsa.nic.got.
+got.			172800	IN	NS	dnsb.nic.got.
+got.			172800	IN	NS	dnsc.nic.got.
+got.			172800	IN	NS	dnsd.nic.got.
+got.			86400	IN	DS	4355 8 2 8B11D5875A3202ED7FAAE05A5EAB67057ECA0D5BDB62875C5203B6CBB011C50A
+got.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gyFhzcQubsno5zeBqguaQtDSuD77Tx7+Fhs+Qiex57Uf+qrxz6FTJ9osmDdcBlk/x1C54x+lLHi64fFJ4PYmw1xUuzKgR0VAHHRorT0gBtg+ywtNANG30zuMKDYP5r7dlHRvpep7jCoGB9F6miFcV+qRgIg4bxkp+1FVvgUxUqoISsqkUEhvRLebwKLdsHwIdYODRfHmF8FfPlGVAgw+RgRYV31cYBLIzgCFtxJQ6pm+ac8PbP61poJRtwiCSRoiOMJdbfeC+UrQRots/0eFnqDiOqSNMIdv3KrG0YfbRUkIC6dx0rkDMDGzAO7p32biJ5GsGx5zeNYeN7/ozC9F0A==
+got.			86400	IN	NSEC	gov. NS DS RRSIG NSEC
+got.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UaV65ILgqoYKiBHEyDbN3JgSMVsRw+u4s8Y423Go7a6TzE2NvcezVu4koOjeixK2QI1/F7ozoEptbyX0HhWi9TDFcDKaqlAvqoLCzKs3wWsUTjZRzIxWfDz0bSVfbMeU6wQU4spUUF6iYkj3nA7vW3d+VRZGgVsssKigNxZQ4yNzT1hgxj3ea5RAfQKORqrSbRDXtuiOM5k3ruGQsiXhlP8Z8OD+iXnkQoDC29PGlsmfWBqiBJYhiks2+vWkG2Icf/dBhICgywDVPMebhdodYW849tHPB6KZW5HuyyY4QF0HolMbD9t7WoGOjaWurbJ+zEvNO6aVU2dxctzNShX48g==
+dns1.nic.got.		172800	IN	A	213.248.218.68
+dns1.nic.got.		172800	IN	AAAA	2a01:618:402:0:0:0:0:68
+dns2.nic.got.		172800	IN	A	103.49.82.68
+dns2.nic.got.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:68
+dns3.nic.got.		172800	IN	A	213.248.222.68
+dns3.nic.got.		172800	IN	AAAA	2a01:618:406:0:0:0:0:68
+dns4.nic.got.		172800	IN	A	43.230.50.68
+dns4.nic.got.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:68
+dnsa.nic.got.		172800	IN	A	156.154.100.3
+dnsa.nic.got.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.got.		172800	IN	A	156.154.101.3
+dnsb.nic.got.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.got.		172800	IN	A	156.154.102.3
+dnsc.nic.got.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.got.		172800	IN	A	156.154.103.3
+dnsd.nic.got.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+gov.			172800	IN	NS	a.ns.gov.
+gov.			172800	IN	NS	a.gov-servers.net.
+gov.			172800	IN	NS	b.ns.gov.
+gov.			172800	IN	NS	b.gov-servers.net.
+gov.			172800	IN	NS	c.ns.gov.
+gov.			172800	IN	NS	c.gov-servers.net.
+gov.			172800	IN	NS	d.ns.gov.
+gov.			172800	IN	NS	d.gov-servers.net.
+gov.			86400	IN	DS	7698 8 2 6BC949E638442EAD0BDAF0935763C8D003760384FF15EBBD5CE86BB5559561F0
+gov.			86400	IN	DS	64280 8 2 D66CDDA12234C22C5E6FD1C894DBD682FE7967E111793485A281972BFB164377
+gov.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WaE9gOm9g1T5y+wbMvDDNkoVJd6iGmiW+TpAAtnjphYDD4Fs8GXE9YoT3IPiXmkNzp+bJx74io8HbLsuR5rOydbGB/CNJx5U45GJVMQ5dWoMDiy8v/AS9CWNZjtMYSAepVQj4mYMs9gxTQ1LHHf9OScRthd5fO0KZB28W88x/8SEGWS21Y9Q0LFW9b2HfJZHYoSzoYyv2eBWe7OI7gLYQcSNEfGSt5Ygcqyn4z2ZcCPNv4Nhw+GhIDoKvYpY+43u7P9DS8wtjCtKCg+gEeiWWRvviu29k82SYhHrGA++7uUUq5ZWcfkgtSpy7fX9C2D4Y3Et3i5lp5HIcfCu4rQ7Dw==
+gov.			86400	IN	NSEC	gp. NS DS RRSIG NSEC
+gov.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . f8kr9YjbrgA7ILJrprN0dskzyLfad1n1a8JgOFwIs7Td9iCcS0deTX/mdyMhfQe4azLC7kUwSJXGBLFl5WIo50laxqjGXI0eZmdzxyB/KJWp3UBH93W1NgWDsq93J7Lb/e4CmIzQ6gsQGz+aLHXrndQhGOsXIP0Kiwddce7FP1fJCQVU7nkrB6HXF6uK7w8FIUBOeupO8IYCo6/f76atAPQTansLFTz7tFyzx7MqL8Jw+Zxu3ZZ8ygWRsVrG9Mwf3KtucMBYKKQgCXFFrsRwsPXFr2H7k6YIN82q+ZVJdxAvdlBvvB+O4cykCNgnaVijIj4zOiPxkQq9KVlojzTPZg==
+a.ns.gov.		172800	IN	A	199.33.230.1
+a.ns.gov.		172800	IN	AAAA	2001:503:ff40:0:0:0:0:1
+b.ns.gov.		172800	IN	A	199.33.231.1
+b.ns.gov.		172800	IN	AAAA	2001:503:ff41:0:0:0:0:1
+c.ns.gov.		172800	IN	A	199.33.232.1
+c.ns.gov.		172800	IN	AAAA	2001:503:ff42:0:0:0:0:1
+d.ns.gov.		172800	IN	A	199.33.233.1
+d.ns.gov.		172800	IN	AAAA	2001:503:ff43:0:0:0:0:1
+gp.			172800	IN	NS	a.lactld.org.
+gp.			172800	IN	NS	gp.cctld.authdns.ripe.net.
+gp.			172800	IN	NS	ns1.nic.gp.
+gp.			172800	IN	NS	ns2.nic.gp.
+gp.			172800	IN	NS	ns-gp.nic.fr.
+gp.			86400	IN	NSEC	gq. NS RRSIG NSEC
+gp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HF7yPK50aKC7OmOG3rRgVbrLHq1EHSZ1J0SoPuati7gJ/HcSibMAfU9v0CV9+6VypP1I9EWvYZqipDyV3rw0Hw2UDWyXhyWz4Jxxa/23LGhNwuJBo2UMxK3pQx3yudxxZ85JGdl1XNBZFl8zWoSLd/O4QVqi1LdaltWQr5istKyBupDppamLZHLw57WqwgaxuHpKOQ0+/Vb2XqumJ3lz0UTENARCBgHfHscKf8yKUFM7vsLS4eRhjNmNgonzR1xCGJIt/SoODNfcfIHQYXDqUrtuky+Eob+T74nhb3S6h2h/HPf1ZEPRUaGNMnrP7/1RMtsNmdSctwwOuXpCRqt3vQ==
+ns1.nic.gp.		172800	IN	A	193.218.114.2
+ns2.nic.gp.		172800	IN	A	193.218.114.34
+gq.			172800	IN	NS	a.ns.gq.
+gq.			172800	IN	NS	b.ns.gq.
+gq.			172800	IN	NS	c.ns.gq.
+gq.			172800	IN	NS	d.ns.gq.
+gq.			86400	IN	NSEC	gr. NS RRSIG NSEC
+gq.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . u76kaob5B9wejJXq6S7CsnRoOwoWMrj02Nzj2DlQzme5k83AiSDIIOgKyLxYhYF2Lsuu7XrkxeYH1RkM/Ph1tC0YGZagUk6s3shx5paMLR20+pQim469rFaiZ7r95ECExCq220uAlxipBaNjL+OIR85mcg1mCnpn/jCxDOoJI6UOFSYG8lGi5HOS5RdItrG//u542JwRSqqV9/WJuss/E261JQkkd3BQE1brNwc2GYHru6MakMlIc3Tf1yNWQ7/y7kAfylU/3r78p0EO6FBbblnk6xDUUiZF2FsA05k9Mv29YcPag7WwPTWjhAXwGSYj1kHlarl9ZkCZJtFlWSYJ5A==
+a.ns.gq.		172800	IN	A	185.21.168.65
+a.ns.gq.		172800	IN	AAAA	2a04:1b00:10:0:0:0:0:1
+b.ns.gq.		172800	IN	A	185.21.169.65
+b.ns.gq.		172800	IN	AAAA	2a04:1b00:11:0:0:0:0:1
+c.ns.gq.		172800	IN	A	185.21.170.65
+c.ns.gq.		172800	IN	AAAA	2a04:1b00:12:0:0:0:0:1
+d.ns.gq.		172800	IN	A	185.21.171.65
+d.ns.gq.		172800	IN	AAAA	2a04:1b00:13:0:0:0:0:1
+gr.			172800	IN	NS	gr-c.ics.forth.gr.
+gr.			172800	IN	NS	gr-d.ics.forth.gr.
+gr.			172800	IN	NS	gr-m.ics.forth.gr.
+gr.			172800	IN	NS	estia.ics.forth.gr.
+gr.			172800	IN	NS	gr-at.ics.forth.gr.
+gr.			172800	IN	NS	grdns.ics.forth.gr.
+gr.			86400	IN	DS	13987 8 2 FF87E9205F88E1D32C67A65BD61C68C56689C607D7684D12C867DC933D546EC8
+gr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ai8+bOaLjds1JtfJDgM524UMkS6HNj6KC2HvDp58INO947Ky4uWcuwf0QYSAvQalDn2zYMF+3mw7/xY7XS7Mfrvv1NyODMWk9ZK08U3fcE/lQIduHHtYS2lOcyzsDCcUGGdNHWBNmHKp/pQecI3Jkm30reDZVCfGhJ4bJGibjMGqcfKBDuYDMXW0rTKlHgfnzDC7JSxF1d5qZD9oYPC22CjRkQsfGs5MqIt5jRD84iPkSn/aS37/eJEdvL0hTcZzt5sYToWR5MhuVKRCo2DMqWGSiLOBhNCTmPTmwaCMsZEyVWnrVQUvDuHb/9ME2NLvbnPGXa3ab//Qys/BC0Fugg==
+gr.			86400	IN	NSEC	grainger. NS DS RRSIG NSEC
+gr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D4qw3D9yWghA4qKHVM6nf6HM5jR1Mh5hN+F+7pV26OhlNy2gLsg4BeGsal0zqX1TlCUnWyTlnz7qyJw3OMM2fVbc51lAMJV1RORavMhu7ZJLYA+ntIXfDVfQwfBfhPm9ImDGlerBHrXLiP01IC8l+RtHzIhNk6H39x0rqiHVUjv958w/gwnwTJ+Z9KUOUZ1PRhigAKX5YnI+zGccsOs/w31xj7OGa09sMhEbQivMRZmVgSJDWHeTzq6RO9+stciOxcavGfzSV/s1j8KW7u5ADfD72A6v6/1L8bu8M0HqM675+bZ037hnTDjfqM0siDFfSVoCQ/vMgBYxn3+3JH8nsg==
+estia.ics.forth.gr.	172800	IN	A	139.91.191.3
+estia.ics.forth.gr.	172800	IN	AAAA	2001:648:2c30:0:0:0:191:3
+gr-at.ics.forth.gr.	172800	IN	A	78.104.145.227
+gr-c.ics.forth.gr.	172800	IN	A	194.0.1.25
+gr-c.ics.forth.gr.	172800	IN	AAAA	2001:678:4:0:0:0:0:19
+gr-d.ics.forth.gr.	172800	IN	A	194.0.11.102
+gr-d.ics.forth.gr.	172800	IN	AAAA	2001:678:e:102:0:0:0:53
+gr-m.ics.forth.gr.	172800	IN	A	194.0.4.10
+gr-m.ics.forth.gr.	172800	IN	AAAA	2001:678:7:0:0:0:4:10
+grdns.ics.forth.gr.	172800	IN	A	139.91.1.1
+grainger.		172800	IN	NS	a.nic.grainger.
+grainger.		172800	IN	NS	b.nic.grainger.
+grainger.		172800	IN	NS	c.nic.grainger.
+grainger.		172800	IN	NS	ns1.dns.nic.grainger.
+grainger.		172800	IN	NS	ns2.dns.nic.grainger.
+grainger.		172800	IN	NS	ns3.dns.nic.grainger.
+grainger.		86400	IN	DS	19057 8 2 21ADFC98B30B8A046A117C926C36CE7D890ED1C98A7168049332AF0AFE19C08B
+grainger.		86400	IN	DS	63544 8 2 9D220E1EFFE75AEBEE784D7066BD378773A55462C2DA902458DE3F80A8BD069E
+grainger.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . k8VQq4yk7i0ysVb99U2N8yS2jLTIOlvdYo0CBm9UMyTUj8n3O4VqrXFehuSo3WPV/bBJ/ACVwcjSPFLC4yvLLLaP94L4UFNNlG1tLOW1J5JOZa3QvuG1W7JtxHsvIa0UBUYJutyZPujuz1ijnpy+4xvdZirTSQ89KaKDFiB4sf8mf6Eu98gqBkaYZpKyf02FuA8tlcfyY85uEWi25nViR2VcYw9Y6LmEygwg1ZPf/lHRlUqNqeeYkpUWcOAg0lrEx6+bfGEvBXvY62tbaqjqLCmQqHzEx8bJ4Dvyww4zc+qDL6F9c3f/YFn0IzAUF6e4ZIM4EmiQVMaWfGrMdyDaCQ==
+grainger.		86400	IN	NSEC	graphics. NS DS RRSIG NSEC
+grainger.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tGxTepVbr7VeWGc9SF4wjBazt8Bi2j7RsmyuS7DvShmyoPULi57l/4iBMgRSOb+aPsySJOkhL3X32YAYyKQLx96pwzWKdHK22oAs2nWNPaxFRTHQ+59DWsMt1tzUWtvtW7gQFuX9PpONLWqJCWzShgQj3nAnWKsWd8arCIMWBWGMcGXzUl0BRjKGj/mAlvM5kAsQxYIE/ccIrVfNVg12uceBCX0cu0rYhc0FKjeHih1Shr7VDagRRkdA1gcg4m1FcnL151STRwERXvK6INzFhXiWY2rhEKCpN8T0gVc3WyINxRKF9cK/p75OxOGwgfNMAGZCobMQ7ctYTwJsuAcZ2Q==
+a.nic.grainger.		172800	IN	A	37.209.192.9
+a.nic.grainger.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.grainger.		172800	IN	A	37.209.194.9
+b.nic.grainger.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.grainger.		172800	IN	A	37.209.196.9
+c.nic.grainger.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.grainger.	172800	IN	A	156.154.144.68
+ns1.dns.nic.grainger.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:44
+ns2.dns.nic.grainger.	172800	IN	A	156.154.145.68
+ns2.dns.nic.grainger.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:44
+ns3.dns.nic.grainger.	172800	IN	A	156.154.159.68
+ns3.dns.nic.grainger.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:44
+graphics.		172800	IN	NS	v0n0.nic.graphics.
+graphics.		172800	IN	NS	v0n1.nic.graphics.
+graphics.		172800	IN	NS	v0n2.nic.graphics.
+graphics.		172800	IN	NS	v0n3.nic.graphics.
+graphics.		172800	IN	NS	v2n0.nic.graphics.
+graphics.		172800	IN	NS	v2n1.nic.graphics.
+graphics.		86400	IN	DS	50656 8 2 72B3A23F71A09CDB43C5C5C1F9717DE3C722A1EFEF355B11789661B46891F3AF
+graphics.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . v2njINDwAAld/lw6ilJT2pRgHrVa1U3HaOhlFckfdOVk/GC1eHt5lDwLMSj5+EswnPQdRiOBNTYfFYJWfDRAOaHjxdmk0ubq6lCwu6cBV3Oq8h9dmVKf4odeQDlZQ0nBiB5uussF+2m1GKOzimcJV+wnsKYAzFBCJc5nxdzr8CgC/8YAWd2YhStWoaDwJI31mHh1TeLLs9xBfG6NECi70aGkrC0JOv2xQE2bHi49pp3h/3UEFhYsMX5WwPIZZdUacXxxhHibsDYND1iTVa4BdTmGvLl4Ur4U+1+ttfkCaJmHIeIyrL+MGzRTwvRk0qal4hUnWQozFNpyLXNY7mou6Q==
+graphics.		86400	IN	NSEC	gratis. NS DS RRSIG NSEC
+graphics.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SYfkkfBuqXexBBiGLvatV9ng2KYU+2lV+O9aSRwyHyNK3OhlnWhOoPNdW/p6ANsf2TxA9lfEyv4szfbe1XDf5rjK+rezvJey6F9Wo6O+5Ok3RBv3AJRCyR6J3v0Rs+KU930zGDw9sjOzo5aPICpx8GzyXtZ5K9JaPjbibFJa49zrDCyZqPwXiljuWhMBtcZ+RixLBcPf34RgnTnoJjlfeHJqazHNDTQ1OP7zAI+pLusax0x++LJh4Zhoy+EFe0V+/jFMNsWChMLuqIx4dGoIWcv8ARWsmsOAdTF/lsEpsHI00QBEhwtVgFope4T2Z0ePfI8sEKifqzfoyzN2tPlhNg==
+v0n0.nic.graphics.	172800	IN	A	65.22.28.20
+v0n0.nic.graphics.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:20
+v0n1.nic.graphics.	172800	IN	A	65.22.29.20
+v0n1.nic.graphics.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:20
+v0n2.nic.graphics.	172800	IN	A	65.22.30.20
+v0n2.nic.graphics.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:20
+v0n3.nic.graphics.	172800	IN	A	161.232.14.20
+v0n3.nic.graphics.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:20
+v2n0.nic.graphics.	172800	IN	A	65.22.31.20
+v2n0.nic.graphics.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:20
+v2n1.nic.graphics.	172800	IN	A	161.232.15.20
+v2n1.nic.graphics.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:20
+gratis.			172800	IN	NS	v0n0.nic.gratis.
+gratis.			172800	IN	NS	v0n1.nic.gratis.
+gratis.			172800	IN	NS	v0n2.nic.gratis.
+gratis.			172800	IN	NS	v0n3.nic.gratis.
+gratis.			172800	IN	NS	v2n0.nic.gratis.
+gratis.			172800	IN	NS	v2n1.nic.gratis.
+gratis.			86400	IN	DS	32626 8 2 C0E0491F4FCEBE153703E4ABEB895CD8706902717053B2BC2DD1E421E5508BFB
+gratis.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . B51dAug1kWeL6RfqQvqsD6ZvEAl4VNXpE/Kw0ay2v8WZdPztQISx6x7w0Wb7iMckGM+eU6HdxNgh7za/Qe6SdDPtmtj0sJICVGYzJV1sOV2ZrPHyj0BSOsNdoSxk3PbkDjUXb8jKqXoRCDmzuR2Noy+U6L4FEv+I3engZt1tzWh0L2/ldpetsq/YhoZEpPdqk8Rc/iw1+A+nKpkGwToL+WwPiel+NXAbvFgGagSBYVHvXpv7xGHtXZe4B5prVlh3dbTpwOctIHkYmOvzLg0ZyMpobQZCn/fzuPFrEVFZCcz49GHde7tWiflTICZzPtuR/2jqoLN2JV3Me8xOeSlLFA==
+gratis.			86400	IN	NSEC	green. NS DS RRSIG NSEC
+gratis.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SUigNPscgLGNneiIn6q0Xmkqy8zP8sOvke0+RNz5+sogGUk/PkkYWDBqoUoz2P+v7YF6BplVGlNFJ6fVgkcAnRqoDlnkrjdDSMMF+rbooayjv3LYVFADw2umFZEhzlKpDcEmwZniVGvK2ns66U+tv/radSX9NT55lgYwesupmPs5QXMWiH1owMPHBxF2seEIHXssTGDaiHclIeiogqfMWwMiW12ZFwt1tV/Uhu/nd0VznoCjbnxoAdYLoFuGZzCkzuOSNL1wQMQrGrMGhQyL3aCsPpKHYb8Aw920w1Dk3VLu1FLQrn+oqJsEOMYGdJ4dfXCt/4ncLOS25ULhvKGZhg==
+v0n0.nic.gratis.	172800	IN	A	65.22.20.24
+v0n0.nic.gratis.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:24
+v0n1.nic.gratis.	172800	IN	A	65.22.21.24
+v0n1.nic.gratis.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:24
+v0n2.nic.gratis.	172800	IN	A	65.22.22.24
+v0n2.nic.gratis.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:24
+v0n3.nic.gratis.	172800	IN	A	161.232.10.24
+v0n3.nic.gratis.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:24
+v2n0.nic.gratis.	172800	IN	A	65.22.23.24
+v2n0.nic.gratis.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:24
+v2n1.nic.gratis.	172800	IN	A	161.232.11.24
+v2n1.nic.gratis.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:24
+green.			172800	IN	NS	a0.nic.green.
+green.			172800	IN	NS	a2.nic.green.
+green.			172800	IN	NS	b0.nic.green.
+green.			172800	IN	NS	c0.nic.green.
+green.			86400	IN	DS	49042 8 2 B0A053BC2903459BD6DC6060A822285C492FBB5F20346821A48C5EF3E6B0D29A
+green.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hOc01LfCxvNuPxpBVXX5gaIK05/U96J8Era56ZNlTGr6bDumqAZIqwBJAaUfnynMHzQcE8BUnxESci42+oEVc/oiE+vtuyzcrZaAdqxVktArJzQgGzWgXHa3xZfG5SmzjAsWUM6leVojg2IPeaNmUD8TQV3NFU+AizXtXrxwwzObFGDHqXK0u+sgzkRsRc6ddQWcY2hwC0Yck+PAmEhNzX4GvHZkKIXMB1i1xuLypA6dUbrwsE3Svf2dzsdcZ9jCDNqtGqxjHeoJIpsyyVGmLRdH/CwHwqXlsbuhxyO8zTe2DXg0kV5Rz/InvRNBNECuHCoFkuC+ty8g8ToRLuToQg==
+green.			86400	IN	NSEC	gripe. NS DS RRSIG NSEC
+green.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cZgkPOO3+DUTzH+67fUbpFW/vlfNIeIgT8EYunAg0FFVMo4PxiKTTs3JJSSxCY/wMF6t7UmV807EhtJPVQwv3nlFlWzqMmNm/H3OJ6fQRa9CR1o7ipjE1bg6EpOCpPOZB5mwkWKoGq7r0VA2zcJQ7MPJVByYRa0VsFP+35Hjxax7ZELHlV/g9yH//uqMK2/2llrR5LOcqoxOLQOUSyOO7rlkf1F2I98AJ9Pql+nVT91O6Qg8cLsWE9pX2C7zIibttY5a6F07Qg9BYrMZUW/9zSOpBc9e0OC9YlSXm5vpRaubM93EuI5rajfi2dPDk7CN7jWGt8JU2GyP7Eb5iQ/L6g==
+a0.nic.green.		172800	IN	A	65.22.32.9
+a0.nic.green.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:9
+a2.nic.green.		172800	IN	A	65.22.35.9
+a2.nic.green.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:9
+b0.nic.green.		172800	IN	A	65.22.33.9
+b0.nic.green.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:9
+c0.nic.green.		172800	IN	A	65.22.34.9
+c0.nic.green.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:9
+gripe.			172800	IN	NS	v0n0.nic.gripe.
+gripe.			172800	IN	NS	v0n1.nic.gripe.
+gripe.			172800	IN	NS	v0n2.nic.gripe.
+gripe.			172800	IN	NS	v0n3.nic.gripe.
+gripe.			172800	IN	NS	v2n0.nic.gripe.
+gripe.			172800	IN	NS	v2n1.nic.gripe.
+gripe.			86400	IN	DS	45766 8 2 6816AE0472BB1EBB28D2F4434609AC9D178F7F82DBF92ECEB11C658B50169415
+gripe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UYwqX46jGeOxDSShDn2Pnw1aQjSXeO02xWfOtiX+J4oR+DDboTniexB+7c78xz0SNLnO0HUhFzumUkRH7ruXqYPHyVLIA3zpbBLP81IyXGX1CsDnmbePW9M+quHQlji0UKqkfOVnIMGE+inmdZsz6FQFxRMTQbojIwSny+4ilWT0FquLWDDTMpJ0+6N6hVra4EKuizTYLFgH9ynC9i3dBqt2GJciDBlZj3sHZrGKDDEVZw5fCN8+8ePK0Wc60z/TBpgUlh+9GbWB8//hCBufNCy7blQvP0ZSZyH138UWqSJKJ9DrQkrUJdW9BV4q0MiKdXXY7634mupveCjcNJfhVQ==
+gripe.			86400	IN	NSEC	grocery. NS DS RRSIG NSEC
+gripe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . I7Pk++MV3pd50C8cqqGmZnTnj8dvqYYjefs1p4SGUTtGKx2jiT8BKq85ve4NPVjBXbI8HTUA0AZqd8Q+G+zlwBqqyrA7XFrnN3vqngk9itrKGNhdGvRWxxDeyCMTxfN35b9wHniEQSOaXbZx+gYjHK0ulHs0y+Wu/VbdseM0juqwzO16SfEuIxKkifB8ceif1YYNrq0Zz+nLv6/vr9Fwrj2pjnfPwLOAHNal3q6OEracouH5+fyvJfDfNS1HqYcnkzwf+zgIaeRSF+JO2haf8ZTcPXi7WABA8ZdJY9O5ypUfzN3A1lvRnUuNFMpI5F7dgQKy8jf8DF/l4PAOOnMf8g==
+v0n0.nic.gripe.		172800	IN	A	65.22.24.33
+v0n0.nic.gripe.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:33
+v0n1.nic.gripe.		172800	IN	A	65.22.25.33
+v0n1.nic.gripe.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:33
+v0n2.nic.gripe.		172800	IN	A	65.22.26.33
+v0n2.nic.gripe.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:33
+v0n3.nic.gripe.		172800	IN	A	161.232.12.33
+v0n3.nic.gripe.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:33
+v2n0.nic.gripe.		172800	IN	A	65.22.27.33
+v2n0.nic.gripe.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:33
+v2n1.nic.gripe.		172800	IN	A	161.232.13.33
+v2n1.nic.gripe.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:33
+grocery.		172800	IN	NS	a0.nic.grocery.
+grocery.		172800	IN	NS	a2.nic.grocery.
+grocery.		172800	IN	NS	b0.nic.grocery.
+grocery.		172800	IN	NS	c0.nic.grocery.
+grocery.		86400	IN	DS	58537 8 2 3306B36E70FE436FC00B50ACD0D7C0DAB84DB02062907F3FF5CECE68F09CB68C
+grocery.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aDonwyxAAmEG7GlZBiB2gBKq7hioeCQWInuVlQAT6XXYzYXGER3rgB9LacBRTSztYttGK/Ib0ahXYxjnklOCw+Bh3W6XTgEgHdFlMm5mr2DMjD4Sv+uaYSCTMoA2OB1KT78naQAWBt9ji1YkZXONfx69KBKl3CKQ6tPOV6GZ4SGxN3tJTVAQfgSwdiW+ZGfUxDursuyUqDJuNubxIp6qLYTD1pxrgsYA0gYA6BwtRwLCmTJOwLE8GXr78WOMaV0Nv1fD0NB+ScerXtwwG2lSqxiwG18H1BXq0H9/XHyvQTGfERRT6LQwS0AVT8d+ShzSXTwXTFv9kflg9OtQ2dpdQg==
+grocery.		86400	IN	NSEC	group. NS DS RRSIG NSEC
+grocery.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b34auA83PBiJXbFXQ0t9lI+2J+S8+ha+o2HOA8LR6lMD33N3hEYzck7dlT4eFd7yqk/IVDdO9HjFkm0wtPIr++nORD7mbrc1Nv1Tbr3TzZ89zpPajjvJ/p7kW1nDczXZNz4nEyxtRADkVmoR+6Dgz5xDXfOZB6Q+uFLbTv8LF5K2sMDM5tXxd7k15CJPh/oIVGC4F7J8UigWi5FGf+Fv/QLitpVTk8ExgDSEhp7+9hJ96d2dRdRLMYZBPHjmWyPkCUUKtVvYTCZSO5yFZEvQZGV3rD6bfIRadThVwOnRFVbJ08XyoO6qXbYtQcj9Dr3+2dR9A0VLh2VPpGi6x/PKMg==
+a0.nic.grocery.		172800	IN	A	65.22.112.50
+a0.nic.grocery.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:50
+a2.nic.grocery.		172800	IN	A	65.22.115.50
+a2.nic.grocery.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:50
+b0.nic.grocery.		172800	IN	A	65.22.113.50
+b0.nic.grocery.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:50
+c0.nic.grocery.		172800	IN	A	65.22.114.50
+c0.nic.grocery.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:50
+group.			172800	IN	NS	v0n0.nic.group.
+group.			172800	IN	NS	v0n1.nic.group.
+group.			172800	IN	NS	v0n2.nic.group.
+group.			172800	IN	NS	v0n3.nic.group.
+group.			172800	IN	NS	v2n0.nic.group.
+group.			172800	IN	NS	v2n1.nic.group.
+group.			86400	IN	DS	63685 8 2 EFC04B30999B34C97394A6E337333B2C273A5CD765C6C83BE8858FEF57A5CCA8
+group.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HibE1lAfSG9iA90PyhG5P+6wsePdzZUbGSzbqe82xEm910EzYWix6M0Tu/65tASMlyiE9JOExoX13/NMoPeOqqL/+sQ1NgzPSYsXpT8vNt9c50WUU8z4bYUQnpr5A7lsjv4hZKcepFjARs3KZUGDsQ6uPCmaFRTlj23oTWp4VGw3Ql0JOwry3eYo7yKqahtyG62eDRZBeky7Eyo0prra04FllCZmfSYox71OCEsJTSWhwPjRfqVEmxwiL2jy3LgxvSfBwhG11ohgQjSSlomQbnYl8lkaYTX8f/S/xkMkMMSSI868PCwl6piiztNMtKaryad5RJEyKhrcZAcw55cNNA==
+group.			86400	IN	NSEC	gs. NS DS RRSIG NSEC
+group.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l00Bt09R7zBjWc2s5VVeyAwQmBC5yqfvPN9COZzwaqlLbTt/kNKBwhXGo830QYJYLjhRB9B1DjG+mTFBX6l8QSLb+eDFjClqvbCJ0FegBzK6EPT0o4EWbNTO12XakoGus+gVRdPyk/e2Vi1x8B8UXzGJiPGTUGwUTU1lZj+K/AtD/hw8S/4kqScnXsLjRGf5kt5Ku1/u6J2m67FmfaA+eEO6EPssDrN7c9HlcBUyxdNrgU4Z5nfMMLbFZC3vUwlwqcRO+ql4RJWsCdtIRmSbI1hIaa1gj0D0ggYqbud0B/RsViwwWqJxE6FkAKKFQUCXtXPmTwSFvJqPJKCGcvQR1w==
+v0n0.nic.group.		172800	IN	A	65.22.20.2
+v0n0.nic.group.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:2
+v0n1.nic.group.		172800	IN	A	65.22.21.2
+v0n1.nic.group.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:2
+v0n2.nic.group.		172800	IN	A	65.22.22.2
+v0n2.nic.group.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:2
+v0n3.nic.group.		172800	IN	A	161.232.10.2
+v0n3.nic.group.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:2
+v2n0.nic.group.		172800	IN	A	65.22.23.2
+v2n0.nic.group.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:2
+v2n1.nic.group.		172800	IN	A	161.232.11.2
+v2n1.nic.group.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:2
+gs.			172800	IN	NS	ns.anycast.nic.gs.
+gs.			172800	IN	NS	ns1.anycastdns.cz.
+gs.			172800	IN	NS	ns2.anycastdns.cz.
+gs.			86400	IN	DS	23990 8 2 2CBC82DA27FDB16662BF359F59DF1B63FA0AB720BFC2120F17BA369A3249FC5E
+gs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Rn3MEUxMoKf96xWiOtWXSxqzF2gnsjqKH9d4gITTrSYmcq1xba0XF0nEJNLUhCHYIq7rhSQ6zSVxBbBpy3X65f/0ffJySM+MyMnlJTkya2fgH+6zI8XixkCzINean/b/P2qaJJ8afz0++ikExNWNFt5I2j2nOeAqx+uFgNKbFWYvbrev14AHr4dxq+m725i37NDQitPpv79poThuDAtsdtiwM/4SlOqoRKj+iOQXfz4fAY45z7nyj6VZ5kBH/ZvVEKieOfHf+ar+Cn4Md92ZUBbtvqnCZtfDH8ayUo7TzL22PkfiYD+MHJB1ITujuybWTNkooF2pIl3laTCzkxALag==
+gs.			86400	IN	NSEC	gt. NS DS RRSIG NSEC
+gs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Mq5cQLwH0N1hv4NR247fy0QCZIco38dbikvOznQJgCY9Q00Aj9T7J1FcdN737qTCf2Gs8/XyKBfrFLvl0ZQvZFTySCxYoklunmgR5CxAu80ECjiETZ+rniKuxWD0gUSq9OnYn3SUaFvtNFrhGRFyp6JQ5HWesUygDNw2xKJqLy1xBS5DC1POXdm3LHjq1F3eyNRpfFgNk04ut6L4jxaZx1BbcNADsIGlIEMAPpB8IhV5mykw8ZYpIHsHWNQWUCm4FBcx1ONjcQGlTrJx5zEJVSIU1VzVbb6l7NQChXpspRn+K2v+6InvOEgG7yRpiwCw+9byzYPBlSrJBbOxfsEOXg==
+ns.anycast.nic.gs.	172800	IN	A	204.61.216.21
+ns.anycast.nic.gs.	172800	IN	AAAA	2001:500:14:6021:ad:0:0:1
+gt.			172800	IN	NS	a.lactld.org.
+gt.			172800	IN	NS	gt.anycastdns.cz.
+gt.			172800	IN	NS	ns.dns.br.
+gt.			172800	IN	NS	pch.gt.
+gt.			172800	IN	NS	ns-cz.gt.
+gt.			172800	IN	NS	ssdns-tld.nic.cl.
+gt.			86400	IN	NSEC	gu. NS RRSIG NSEC
+gt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CHI17AwDRwkF3aYC19ditWr7x1pX/5U7LYduFOyvPRXnErnz12fYN8SGri1UZjQhANBux5zULrjLcWVxKj81XUHjQXbr41/xac07QKcdV+YNCav1HKrUCNRWU2cKaZgrywO0pjLTffvcyMXmrxajFyihItwbznaEQUif6eHon5uJB0/Fps1uG1aEE9L4eYyicPDClAOAmLcVK7tE2fgN0/wc2slooDVDWjzW9Xr4Y87Ub44Peeff6ElepJRz5CuH9Qn8mbpw0lZaCqybBLY9Im/GU4MfmMnsvs2afOuAq7U5+KA7Ax8upNDCiIjri4x2NxA8WgBaT6nEFaioFbdzaQ==
+ns-cz.gt.		172800	IN	A	193.29.206.2
+ns-cz.gt.		172800	IN	AAAA	2001:678:1:0:0:0:0:2
+pch.gt.			172800	IN	A	204.61.216.95
+pch.gt.			172800	IN	AAAA	2001:500:14:6095:ad:0:0:1
+gu.			172800	IN	NS	gu.cctld.authdns.ripe.net.
+gu.			172800	IN	NS	gold.uog.edu.
+gu.			172800	IN	NS	green.uog.edu.
+gu.			172800	IN	NS	phloem.uoregon.edu.
+gu.			86400	IN	NSEC	guardian. NS RRSIG NSEC
+gu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . w2Hy1PHQ03SiWLp4xzCJlRdnRGn5xpUqGIaKL+H0/HP7CGrOTG+KDzsun4HVAcLYiNtHyUXJxkam5CBQB5yT4qsKhfwllrn/Lxzi178toDVcNtWwiFfexkbst1lOUb2mIBcp0xRKOvqVq22beBQTnrGyVMcCW2D6QkqFVaH0IGuVQUo0Wght6mOUEuONBNP+5TPiy/b/XRBI1y21W0rJrD4WfI4xQ24jgPyVlmEwNCsat5Xg/e0cfpbHAjqO36VjMdXtpTcnmKrJ00YyGW6xVUrzgujkaL4QWWTYbbsA+c38pJMlaibFihDdyhjdAOWG6cTzNgyjfso+yIwv7c05HQ==
+guardian.		172800	IN	NS	ac1.nstld.com.
+guardian.		172800	IN	NS	ac2.nstld.com.
+guardian.		172800	IN	NS	ac3.nstld.com.
+guardian.		172800	IN	NS	ac4.nstld.com.
+guardian.		86400	IN	DS	5751 8 2 11ECDF54B3E2E3E14CE6B189827EB40D28D743708B8D461D00074046BC4B552F
+guardian.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Cbr8xQikakhdSiRRH6YU0baW9CBY7L9nZE8GhGMu+3HN4vfJnAeDOUOYjFHbZNzo7jrmgJKJp98EgThfdT+0HpiJSc3fVPbwXpdqVclNqIpEv6As06Oym+ec3qI2/JjscZh78NdYxkzZM5H6JH0kI/sItVCHGw2EBcv0mdIAUFyWB3L1Xv2fR6SNFYr1aHcWMyzC4yqX4xzmUYvG5l+sdNi/nTuxGjxMR8J5GFvpR6Otlp7VhhscM8UQLwjbVwwyYRUqgndd84W0XZjgVZDYCv+Dlliep9yk9ut+PfQns6qpOxrOesB8TCuJ+V/7e3fzt/wvNPU1jLWuC9ZFs5Qffg==
+guardian.		86400	IN	NSEC	gucci. NS DS RRSIG NSEC
+guardian.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RDrI5uQlnUxHwOiaF827+hGwPjyb0C/J7pcNUf92Pq/bOqC4d5kw65lokZ+2WwxNB43MjkSzUjXpPIvnV4B8D9pNoA8debZUJ1j6HiPNhsXdOPRvS99yj80lXR3wbsHQxDRFvALGFDR+rHFntQPT2YpNmEV4xxsvYsVmzb3EkaM6N0s5nYOWBo4wRGFqxXJj3N2bRPVEMfuQZKXexwhbTRZAWNVOcXXTta3/LvFCajXb0eBg088em4b0JRNz32xnuflB+lvAGCbw0lqspnrRCPoHCHU00PEmkRqp6qDYYMjbr2Xjbx4tb55DaIZZSuVXwzLT+U214yKRvYv+xvPJCw==
+gucci.			172800	IN	NS	dns1.nic.gucci.
+gucci.			172800	IN	NS	dns2.nic.gucci.
+gucci.			172800	IN	NS	dns3.nic.gucci.
+gucci.			172800	IN	NS	dns4.nic.gucci.
+gucci.			172800	IN	NS	dnsa.nic.gucci.
+gucci.			172800	IN	NS	dnsb.nic.gucci.
+gucci.			172800	IN	NS	dnsc.nic.gucci.
+gucci.			172800	IN	NS	dnsd.nic.gucci.
+gucci.			86400	IN	DS	54892 8 2 E13F3A9ADA4C86B25C68F8258D9922E8201FAE2845D6300298555856A2E1C938
+gucci.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uIZzPLQcT1Zxw+aTPMcgs6sHUtAxHAESxhh4BigD5r8E3AGyIQ1nALtutCs+kQls333AgyIyUvOgHDUBVYdFxZrwtLVlF4auADySCLLYLrQHQ9BERQ/eyo8T2RWlJbFLMcADT9TH8XppJi+KwQrpFb46jKMpl3PY7e03XTTORFxve+wTXqRs6eVPEhLFTht8m9oGr48UzEihT//6iIlPU0G9kcekSXZznby7O+QJzKN+PuEIPrQDA79Glk5zkT87ZOtxEBBH+i62/fSe3kShzJSFMM2WfjQSsWPzQ+K+e48PuqpqNv+SMLSTX9xwT99FEKSmIzB2WdmVtWo2kzyqog==
+gucci.			86400	IN	NSEC	guge. NS DS RRSIG NSEC
+gucci.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XWhxo0cLrUfSf6lf/RTYqnt3SrBNC1fIFshCeezz0AFbFUAir6/d3GEPuWTihw+fRKMdJzKCDj5uYVnWDvkvccxV3ncn6wKSE9158RTFhbQ4tnGG8NqbQpF3mWYLJ0ihtw1ByLUGC0gqDgcqe1Y+clGMGbhAyM+ikDEx4jjMXUNMuHlg01TDuz1b3xseD0KNOytmx8ntepkXDjPsIxs/0AdX7SCxsSfNl1iqVvIa6ZybG36AVmHDQjlCOcgz/HKteR9G6aNbc7NHg7ZRGInkjIxNT/99/KC3S6vZnq4meZO1HcWiJvTX86HyKih6SBZOMA3IPWtDVZ8p7Ws7mysmxA==
+dns1.nic.gucci.		172800	IN	A	213.248.219.43
+dns1.nic.gucci.		172800	IN	AAAA	2a01:618:403:0:0:0:0:43
+dns2.nic.gucci.		172800	IN	A	103.49.83.43
+dns2.nic.gucci.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:43
+dns3.nic.gucci.		172800	IN	A	213.248.223.43
+dns3.nic.gucci.		172800	IN	AAAA	2a01:618:407:0:0:0:0:43
+dns4.nic.gucci.		172800	IN	A	43.230.51.43
+dns4.nic.gucci.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:43
+dnsa.nic.gucci.		172800	IN	A	156.154.100.3
+dnsa.nic.gucci.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.gucci.		172800	IN	A	156.154.101.3
+dnsb.nic.gucci.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.gucci.		172800	IN	A	156.154.102.3
+dnsc.nic.gucci.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.gucci.		172800	IN	A	156.154.103.3
+dnsd.nic.gucci.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+guge.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+guge.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+guge.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+guge.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+guge.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+guge.			86400	IN	DS	10625 8 2 10C4028323A5529518C24D007431E7878192CED09C8AB2B6657ADC624E8B8C16
+guge.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KwGMQEn36V5Ti9qAqUXNUPxBA1hHxY5mEA2hXzYi4fh6SYYmNDReMGsP9LMydKkWHlumK+PRMlrmXZTcf5kPKu7ttVv2RNitKA/Sz/kcvR/7+J4baWse/+TMXUHsZXEkE+tFtnu6cVXJWinfYEzAtqzZuZWZ6xW0GR4i/O3LW3XSJDX5QxLUovJKI3WXB2xJ5GaudFXgPwTk9JYiHfOKy04HisLldV4CkNU80rs3JE8ruIY8rEWIXNN5kpmzxPzXsEDJ1mDyKCZXWOrIJ8s+T3bBqiS6hfP+8ra3JRPzeXjA9d8zOyAmlDe/MDjv56CWte/Fs690SuS1KRskjNfPwg==
+guge.			86400	IN	NSEC	guide. NS DS RRSIG NSEC
+guge.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FmTUmBC126FImMdUQ9qDWJaQ1shU22OeDSXHoMihRALoFyXJrMLOqAoIe8YgNtxhPG9h+p36B39bnJQaMNSZY+NYcdHoZxa1YpQXd/WtWkYlJ/ur4N1JV2mgQyjfQwSyLXEaNGykhKokGzrfXYvPEPiukREaIWEm29n/OQ+90YxBAXha397E/DO/jeJvfq77W4mZXoBWOCuIw4idrH8moBULPDUWJ36pU2qf5kNAa9agZnCBvisSfmEd99uzMDpdCtNk4n7oO8RANBCO/XvBTs1aDvLUI9qvf+9HBSD5pmz6yxTrZcFUBd6pyiTpbPxaHqphHU5yOiTUJp+U/9BuTg==
+guide.			172800	IN	NS	v0n0.nic.guide.
+guide.			172800	IN	NS	v0n1.nic.guide.
+guide.			172800	IN	NS	v0n2.nic.guide.
+guide.			172800	IN	NS	v0n3.nic.guide.
+guide.			172800	IN	NS	v2n0.nic.guide.
+guide.			172800	IN	NS	v2n1.nic.guide.
+guide.			86400	IN	DS	49501 8 2 835F5372B348A923B10BB048B56758380A24320C66E5CB828C5978DC79AA2F08
+guide.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZG3vFz4HY49ZhRyv64bbDcpQM7jyg5SjgC2Ul812He2x3YK04EAvd86+xp69AB7faq8bmW990/LgnS4L81afUOZi0GH/nBkqseWOmIShuhDXtxGR2hOQXax7bg/ksoCRF2i1VxGKmjKsdm3hBpyFBSWVodKxEnQwuu9NfPcPZBLMaeoLYYbFbG327wWPohscARecSz4HVEOy/qPgUifnI4j/T/exvNqVjPVYJ01aqH5RLAyqZldXXL3rVMhkjhlRNXiNexy+FEoQabML+LPbZYKUFB/zjmXNFJryFoz1dgUxDnoakh6eQ+0fnOTXAPXVRPQloivx6ct8NtrRqjXcgQ==
+guide.			86400	IN	NSEC	guitars. NS DS RRSIG NSEC
+guide.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ROyZVTY0CJehnkNRJtpK+WzDZKaWOF6iyXYMyo55UJinbPOsK1jVETF+EocKXRVyQaW8h2+M9raohhG9Hj+zeqoIQAG4M3dr6+iuWdI1LZ4IPpE40goo3pVhbPKS5t4EbJs1WZFTgEToh3LC2Hc9riX9qSPhtxfzFngw2fS1/rKD08ikK29YuFOqq1aVFWys/YJ86daKUWbNH+r+SjNyp5U0EquSyDiLW6g34E4THSxMr7TO/i6UtXhyDH7KZ6NPLUW8sdik6z2HZJE4c/pb5aJcz6pNTXvbRHYq1edNpA34PZC9IZYw1HLEAIdbLUtizlOiTrtJSkV/lr1vNJom/A==
+v0n0.nic.guide.		172800	IN	A	65.22.28.12
+v0n0.nic.guide.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:12
+v0n1.nic.guide.		172800	IN	A	65.22.29.12
+v0n1.nic.guide.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:12
+v0n2.nic.guide.		172800	IN	A	65.22.30.12
+v0n2.nic.guide.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:12
+v0n3.nic.guide.		172800	IN	A	161.232.14.12
+v0n3.nic.guide.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:12
+v2n0.nic.guide.		172800	IN	A	65.22.31.12
+v2n0.nic.guide.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:12
+v2n1.nic.guide.		172800	IN	A	161.232.15.12
+v2n1.nic.guide.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:12
+guitars.		172800	IN	NS	a.nic.guitars.
+guitars.		172800	IN	NS	b.nic.guitars.
+guitars.		172800	IN	NS	c.nic.guitars.
+guitars.		172800	IN	NS	d.nic.guitars.
+guitars.		86400	IN	DS	892 5 1 E421D29A8D62E53665069DD9B99E04A86F4FE8E3
+guitars.		86400	IN	DS	892 5 2 AA980F135EB29C27887F8DFCDD0BAB90DCCF0740EF3F11FB3256B8A6A8C7FBF2
+guitars.		86400	IN	DS	17278 5 1 C127E898212738F4A0723A1D4FEB33B59B7EA719
+guitars.		86400	IN	DS	17278 5 2 E0AFCC946458DCF20874905A1ED2626CFCEA262016AE87BC53F8BADFB0D497BB
+guitars.		86400	IN	DS	39502 5 1 6186E2C33FB4719080BE060E131E9339BF9CFA39
+guitars.		86400	IN	DS	39502 5 2 742844EC01D87ECEEC0D34B7DE1D39E376C697C73D36D90C9D5FAD65625B624F
+guitars.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FhEJciwTvfATDp7mK7Y1JS4OIx0kL1Xj4bV85rnTpkImNaZdK8xkvtCcCE3j7fhkSm0T+E5rUUlK1UsRDAkOa4j/PMedgSlt0vjDXLT7TTw4OW7HaKxltnczniFS48HvG+JHRpLNBMUtbXkfzj369wqNGDrSqHwF2ZKX/oVvFP86IKV1k3Ap7cz34qgsY150lsA4LS+5LVih9DBOvKbTougDJkAThuWn5uILEpC/yS5U9qRGGFiATB4bG0TR/85oNaxNyDyT3d7E2CQP2tBLY6TRztoaZzHgM+OHz/dzhE6/ikqwJc+Gh77IWmWt3fLbRemZulybnwfaIQPPp2qWpg==
+guitars.		86400	IN	NSEC	guru. NS DS RRSIG NSEC
+guitars.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LP/wbL/z+0/pt0nSTO2VQ6gLkDZ+NqXCvkz8AO9EK/O/74kxag+5okDARd9KT2WFiF3TNGEOVnLgAfu2QjP4SyWIojSLi8G7yuDU7Y95vc2i/zRIvm+9riZ6/asJsm0CHvmLJJIHwNhAWFiSUkKdmC4PBkk3x4HagkQgiV/i3U3Kij9Ou7PfOTf2Fy+xj0F5Z/BQgVNbRxHlhoOwP9fv6d7o4s/E3//rVgVAsp80mEVdJSpULerrfdGrneu6a6Hik4gLOvJ2/0BxaVmbnlBLRs6+zF0EcTmWmOZBuw9oOmHakESsL0AhjmfJJT9QKijkSqOHEY3EO2KDkesk5LKsRw==
+a.nic.guitars.		172800	IN	A	194.169.218.149
+a.nic.guitars.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:149
+b.nic.guitars.		172800	IN	A	185.24.64.149
+b.nic.guitars.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:149
+c.nic.guitars.		172800	IN	A	212.18.248.149
+c.nic.guitars.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:149
+d.nic.guitars.		172800	IN	A	212.18.249.149
+d.nic.guitars.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:149
+guru.			172800	IN	NS	v0n0.nic.guru.
+guru.			172800	IN	NS	v0n1.nic.guru.
+guru.			172800	IN	NS	v0n2.nic.guru.
+guru.			172800	IN	NS	v0n3.nic.guru.
+guru.			172800	IN	NS	v2n0.nic.guru.
+guru.			172800	IN	NS	v2n1.nic.guru.
+guru.			86400	IN	DS	35665 8 2 3CC5E1CD14A0F2DED6856C1EC88785A7B9B36D6381263DABFA1AC1646848CE82
+guru.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L/8+eGxsOTxzwlo1T0+T0WxIJo/HP0Kay8o4GSUb0EQK4+cfUSH3Awgjlir2JQFKrfixFL2JKrfaFdvnM7iJd8ZAMkGk0gR21Djh8l2TYa2ISfmR6YdkfiKAg4QwTpy/SV8QRdCZsxIL/A4Odd/IZ7mRCrAT11xrD6+vilkf+4adIJsZBLJqmtOLi+CDruwGWUbKp1/mF1jI8Rfmq5PGK+6DUdfuQN2aARQzTdhhqSAxZkEFpt1YaHtoltoacXcLYgGYKksmS3BgMdPkl92hXsotFt2X1CsKOKpcNlWOvbcUefhekSj0IyLagN2QbCemgaF7pfAqADcBzvaMM899UQ==
+guru.			86400	IN	NSEC	gw. NS DS RRSIG NSEC
+guru.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y2KZE6fHTrfxfmzXz4NRSMj8/wYrvMZ64cll2oOQIrfL5pM6P2TQoqQFeAUO7z9dyQoJa/Mkg8nzc78vRKuJNFrymZrKA+Gm2vaslJ+Gljow8cgLG4/zOJue5cZmZlhIkPwqGBNGyzL/HH/s0BB335bZcCFyEPpgqiZz5XVfC8RNEA8Hh5A/uQTrTjqzjEyMJOtybGMMZvpSTSxTuldJ/hWQPMSGszrdZ+VWfdglUHWl6rFBHXGt9E0HeJKUZ+k4jJyKSamfbZ4FQXIBv5SA/hk1MdgR+7zPoQxHPhkWLyxzGP2DuJa3L8LsGJBTHztuxaZe4tlnPfOO+UodfHlt0w==
+v0n0.nic.guru.		172800	IN	A	65.22.28.36
+v0n0.nic.guru.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:36
+v0n1.nic.guru.		172800	IN	A	65.22.29.36
+v0n1.nic.guru.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:36
+v0n2.nic.guru.		172800	IN	A	65.22.30.36
+v0n2.nic.guru.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:36
+v0n3.nic.guru.		172800	IN	A	161.232.14.36
+v0n3.nic.guru.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:36
+v2n0.nic.guru.		172800	IN	A	65.22.31.36
+v2n0.nic.guru.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:36
+v2n1.nic.guru.		172800	IN	A	161.232.15.36
+v2n1.nic.guru.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:36
+gw.			172800	IN	NS	h.dns.pt.
+gw.			172800	IN	NS	gw01.dns.pt.
+gw.			172800	IN	NS	gw03.dns.pt.
+gw.			86400	IN	DS	31518 10 2 CAE77FE2299B3A08A4C78B400327C2A62BF65421D4BD98836228800C3B0722AA
+gw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PpH8adJSoFZQSUdUI2QH6VTXCAP1j8ngKy4CfYkogANWrCtYI6q4ypYVj5lej4jffpk9FjMeCJCbmWT35kqYaUbwnsq0PVyw+SbFaF7UbM2dt1gApdWY6KU+yz1yN+MphvnGh9MBq5NU4qmnhHV+f980m+dFLEfoeR7dcR/IQ7TLjjiXYvulZbWJzkZkXgveg9JMxuWjb9mP3RSsqXr3q5QrRrEPi0VNMn8RjkqoNKG6V/cNLOeZuX74YoJZMhoX10VTSBkIqMSSmmngo7hpK1RH4ZnOzV+/eHDNPVLYVe/lptKY5dZ1JBSqUbPPSZohAz92yKpYRKrjKlUoLCh5XA==
+gw.			86400	IN	NSEC	gy. NS DS RRSIG NSEC
+gw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lt5eScKBgN/IT/MhukgulzUM1SMKuK4VV7GtleZeAmE8J9vJoR3LeZDFVAlvQ9MMcQRwG0uwyMgpjRKTFFQY3FK/3wz62gqpv0PVT0HXneuSuAZG5sW+co1IkD4PiiwLzYgfYQSbaa+p1JhS2il7gFeGYqNmzknO+qw1fuD6w9z01m5nAYRH+T0gzz7GlTjRNSjdVW2yNlnI+46oJ39+fm27nXHkymubSyrRpPwLdiswfq72T5PLR/OB6+Ts3bVorrM5Ss1+mN4mdwsIDtrpqtY9CYgUZnJrqkTz5n35Y5uPNwQsF247/npEy6PrCfA2pQVgViuxgk3nikr7yOu6oQ==
+gy.			172800	IN	NS	a.lactld.org.
+gy.			172800	IN	NS	gy-ns.anycast.pch.net.
+gy.			86400	IN	DS	50885 8 2 6B06025ECCB7EFB21793E58AFD2CE16D5949884F4AC352047DACCD841627A3DF
+gy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eNu4eIn2IvfjsgoII50Z9+YnQ2DL2ZMPUYu6dbTQkWkg7+AienSP5whP375jWWRsUcqP3tSilvsiE7dlLphzXyOXAgUdGzKEQzfNa1NrIc2TOqZItF8Ru32lncl2ozcC8gy8npPno+jKr2c+DJu6rjpNvlc02rXGugK8JidoR7TB45nAjwIU0zbrsW81YHRQU5OR+n1kJZMAKxYna8JS3KgwgbuM/lz0wBBb2dqfJJkU6iSr3BTQMq9/5iJr9RCBNOZP3VTufLjQBDvVIdBCn4Khwl8ojdFAsiNAzUJstMyIYTENEceRQAvsNTFOEl5vNgpwmwE6Ma3CCJ2na31Bnw==
+gy.			86400	IN	NSEC	hair. NS DS RRSIG NSEC
+gy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jana32wImSiCRTT1Zb3jnsjHACbfuvGNUJSwtqRCOLmq/R0K7HASMUhQQ1cYGSEOr6OifGS5F9DkktmPNX15F781jdeysi2ZXochGY1HcOEDSFPrPSekLrzdXL6NfCHkudypGuXMPlcnSP4HD/25JWYE796AhlC6w8hVdsM47ciw3QugO03ZPPYxtE/fwqlle934PbCmiK8pj7i6R3zHPOJ7Neiv7pjVz5k/uLDHL/yqSi7FslhSaTiqXYUtesgSAcgZHg1UtHtBijw44p59obZw+MGBNqF8ztowVD0BXCJebH8FVhkw8KZAQqH58zDK1tUA9eyfQzvnzeDsQe3rmw==
+hair.			172800	IN	NS	a.nic.hair.
+hair.			172800	IN	NS	b.nic.hair.
+hair.			172800	IN	NS	c.nic.hair.
+hair.			172800	IN	NS	d.nic.hair.
+hair.			86400	IN	DS	30150 8 2 50CCA06C1ED8718A9398F347566C5FA6773222E7B3F152847292A5697CD8A7DD
+hair.			86400	IN	DS	39236 8 2 D8C88DAA478496C4F99A8CB5CACB0746CDDE2612E9668BEB6F7D683AC220313B
+hair.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lonD0uegxAxH4kCULaxtq+sDiNiA6/dDgYu7mnbHJH2qd34icNNdqwhQPKIpdEu/GabII/dt69DSEGjod5D6MXvsIT9EdrOiKg/7VxLdf2pZjnCkS7zoZgBv/Y53om8Dk3U+Lp4srfcGavxEf93vbvkgqZ1qcdDo4XiQWczpAuCs5/n1HbhGqaEKRSY37acL3Ts/k2bzhupzGabPO6q8TYQf+jyYbx2mhxearU83mubtYqEDyhZIypXpxZzVjndgqi1L3m0bG0YMpU/rZhot0KXHuIB8ZPZb3mQWOEsO+gSSpB3uu8dnSVMjyvw70lqWaiHN3dxSlfabvx+/3mHnRw==
+hair.			86400	IN	NSEC	hamburg. NS DS RRSIG NSEC
+hair.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tOKkPDtPwUIpv6+/qqxWVLV+kQLSTqjBOYtOyPhOTMi5wF239brAqiIrHmlmZTiaZWqhHMS6gj89e0sbKf1h60/MhqgCmuCJgVYmYdB5NgqmsE49aOWfbKQ8DKv9Jb+5pWaQ+mrnswUlDGNhd18nNHIZE8y0nK1KnlD8Zn0MsBLFOaKHS/HiFIH7wdJUDCBu/5Jc9ecNRAxX9C+xgQU99HM6gncKnao3gk++FsigaM2fctV+W5qZdMQV12NRewbsZb7qjAOsP56L0Sn+xrct5g2xpriqIrN+fNgp90SPaWCOnQ+c8oSAWQYjdF4dE3PQ0NsfHKX9dy6UnDFRa3vfzw==
+a.nic.hair.		172800	IN	A	194.169.218.117
+a.nic.hair.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:117
+b.nic.hair.		172800	IN	A	185.24.64.117
+b.nic.hair.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:117
+c.nic.hair.		172800	IN	A	212.18.248.117
+c.nic.hair.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:117
+d.nic.hair.		172800	IN	A	212.18.249.117
+d.nic.hair.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:117
+hamburg.		172800	IN	NS	a.dns.nic.hamburg.
+hamburg.		172800	IN	NS	m.dns.nic.hamburg.
+hamburg.		172800	IN	NS	n.dns.nic.hamburg.
+hamburg.		86400	IN	DS	12136 8 2 8BDC8642F1C0275904AEA61C126D9D5A5DB25881A564348AF218EB4165BEF7C5
+hamburg.		86400	IN	DS	39857 8 2 ACADFBAD24320A82CFAD9DC5DE24B5EF710FC0A9503F102596019B85ED1C74FA
+hamburg.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . i5irTZrXOY9TVunI2ku+1vlTxypPP9kGiJ5ar241e9USOkqQHsTxds/kFk7im4sqBMEbsO1DN4e2Z6by/pVpnpF5xsOky4viVG6rjTz6AaMTS2A8odnWx5fa1YZqejT4b0vh/QT7fFEbCHeGZGWnuGNrre0Oe1kt3L8Foy55SOAootwxNbqoeH4pz+aFyXYd164MAdWw8GIIzXqSIOshYvapp9UJGEKX+BNYAm292i+e2yK0HQvLMFKEJEnrOsEmZZogniy68+jVIteC4w+amc0DDTbhUvDhvSxPcQR3BnCMKG8cj0kTf4Irhk7CbYKaP2vOjvnCwPxkImCx4PtfWg==
+hamburg.		86400	IN	NSEC	hangout. NS DS RRSIG NSEC
+hamburg.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D2gdHsZqEfllFEd7BFxGaCtzB+3Ar03yrmROfnTmQusz2Twx6C8Zv4Lfv4NVcW5bFGI/RkV9tsUOJPBcdKAfCO9x58IOPXPkjajATHY1uiisksbGnxrP6QeK3Op4DNeydULEJyw5tv4UQrFEKT+CaBTFHOuxCqOpFdRnf/cqU2toIo3nBMb9SMq55+kRclLqRyJNrpBSNk0WPndvY5sS7tv9yioPrkbzPI3czIcSKWV6My+cXyT++bsCG+e137WZmH3oLBaD3GPX+JnFbknF1OWQV+7IPKyOqK7NEA+lLClMYm0TrkarEAyz6B5GwgIFjcqzfgDNXPstUXMO//z3XQ==
+a.dns.nic.hamburg.	172800	IN	A	194.0.25.21
+a.dns.nic.hamburg.	172800	IN	AAAA	2001:678:20:0:0:0:0:21
+m.dns.nic.hamburg.	172800	IN	A	194.0.26.10
+m.dns.nic.hamburg.	172800	IN	AAAA	2001:67c:10e0:0:0:0:0:10
+n.dns.nic.hamburg.	172800	IN	A	194.0.24.10
+n.dns.nic.hamburg.	172800	IN	AAAA	2001:678:24:0:0:0:0:10
+hangout.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+hangout.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+hangout.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+hangout.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+hangout.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+hangout.		86400	IN	DS	12985 8 2 007ECBFBF4E92E7FFAC278E5830D4FBF869C2EB5A1ABE1494463649A279FEF9B
+hangout.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . H7O0edbU1ikQGYsWb6vrr3WviH76GWzAbDcROjoULTDn9jm83qRLQCMTZVh144n3usKgU9TXNC5LudMvyjMUq9q6/KNOpcsSQB2H6obBjetYYrBZEdzBbUjWTEixUgmXTbx0QwisFhTXEYlwGqe1AR6oOivZ7vhK06LO7vrtkKmNHe0IoFkbTuWg6GHfmGkeBnF4+cBgnrsmIr+LLsif5SsqdFoX7Ke7obTZoWExaZQWbPhYrVYh6Nyj/6O2dnFR6+IDH5HQcD6gyf4xqM6lXkkq2r7yrIsAP51onmBL+T262ggWYiLM5FmM8N606lDCDjcdspofNXF8gOVJZacfYQ==
+hangout.		86400	IN	NSEC	haus. NS DS RRSIG NSEC
+hangout.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gOXRBO1Dwc6zbHRTa1Go47UXwWWxMHHkkUsYoT2dsoPwqNdB5qJ9l/m5/hzj72CyEXbqw9R0Yn+GwSGbSvFJMk32QwioEPy93wspxLYfDDhBuXVsEoi6gnX0evsfMQjrp2HqJxY+Ah8hfDGOAONzK3dU1gdF1sZtsmBqxboSh5qftFLeEdLUg2bTh2aFaHAOXt333Erjo5Q7LcWv1vWMvEwRkoFj62AOGD/jNwM+2fkGOHgjtotV3PnCZ9nLc0/iXDB1T8vvxhZ1CQqnojv5RvJTa9zqdUE5PJvhVNzx5deq2YMszAR0Sb2p47WRsKWjY8S3YkqtjIEKEx3XwoGZiA==
+haus.			172800	IN	NS	v0n0.nic.haus.
+haus.			172800	IN	NS	v0n1.nic.haus.
+haus.			172800	IN	NS	v0n2.nic.haus.
+haus.			172800	IN	NS	v0n3.nic.haus.
+haus.			172800	IN	NS	v2n0.nic.haus.
+haus.			172800	IN	NS	v2n1.nic.haus.
+haus.			86400	IN	DS	33031 8 2 685029345E53264730379B0E27C87DE10ED93B0075F543D5887126E3DBFB7B84
+haus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gpXkaCslxpc9+SLanDP/k6pERWHtZ1JnYUwlToGyzxnJq1FqzAnKctmK7bWQChOa8hGdJy43cTn++nf64KdWPb+B54iit1+PM5lcTuEQStHPVpORc5dgzTx5LGLj+lYPI3UyBKNx7tEPW9k6rI8yNypN+ZYFDU7z79NBpyYMsDyL2MaRlv6qMaxSHjNxKysnFKroYB1RuQfJwjozI51x4ygt9ONn5syv9urqhPp9C6cA5NXTlmrpKqlwgqOMgQOSnOTntTrqHcY3tsTd6FFXhinjxf7bGwJpxt7Xoqr/Kwndtx7lBx+BO+Uoh5FZ8MyErtmwn7e7drRi6sSqldHBPg==
+haus.			86400	IN	NSEC	hbo. NS DS RRSIG NSEC
+haus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KgSTTAxL6sSgQ3k2/mYxqgWt/QXMCEtEU8n6G5VOxobsgZIv5uEdcNgFW4teAc631WBFW9DqyDCImarkDLf5ewY0z5KETmL2rcalVrERlS6tkiiT/rCQArxfS3vM2MvghdjTKOjYJlO5alN5cdmLqEPZ8omxcjIOpNQZKFC/RLoy2iBkyuddocXVOS8NBbagsvmFLi5eObMsdAoF+06czGRbXkCq7eYGTyc4bLWC4VGCSkh5eVun9kI5cQWnEgPLpgBegUCghlBfVR4vCI2eLaqsXtVGlIfdpEkiXMcPEh1q3in+EHLVR2XpZ1/G3VlymdIOU9Qw7iD0mmO1st1INg==
+v0n0.nic.haus.		172800	IN	A	65.22.24.20
+v0n0.nic.haus.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:20
+v0n1.nic.haus.		172800	IN	A	65.22.25.20
+v0n1.nic.haus.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:20
+v0n2.nic.haus.		172800	IN	A	65.22.26.20
+v0n2.nic.haus.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:20
+v0n3.nic.haus.		172800	IN	A	161.232.12.20
+v0n3.nic.haus.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:20
+v2n0.nic.haus.		172800	IN	A	65.22.27.20
+v2n0.nic.haus.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:20
+v2n1.nic.haus.		172800	IN	A	161.232.13.20
+v2n1.nic.haus.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:20
+hbo.			172800	IN	NS	a.nic.hbo.
+hbo.			172800	IN	NS	b.nic.hbo.
+hbo.			172800	IN	NS	c.nic.hbo.
+hbo.			172800	IN	NS	ns1.dns.nic.hbo.
+hbo.			172800	IN	NS	ns2.dns.nic.hbo.
+hbo.			172800	IN	NS	ns3.dns.nic.hbo.
+hbo.			86400	IN	DS	22906 8 2 5989D419F8A7D34910C197B7D3701B97BA5505B53F505E885EC1E33C006FE8C2
+hbo.			86400	IN	DS	32689 8 2 1EF470B15BC605463552D25B4BEF46AE67A79DF01C3FC3EEFD9EF2EB296FD034
+hbo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y7A38Gka5rNQHIaMmpaMV0CZ5kylwkuKAi6n38KDxJI3hkG2c1dpsNskEbR0A0+DV062yxmi/VtiqT3YoNhETYRD0tLaKfIRLAbCgzwcUQhO8qm+mn1zHv0iwo31ciDpavfimwPjrXfZxiYDcyGjR2FJ81bnbjSMrVcsXy3CjI/zf6Wo+5jjb2Q9Ukhw3EB4v9HTt+h+R2aNQta0VTc5Dci4i7UDIjk0t8sbuimTKYistulOiMuHv6Up9j8FkgkDvsB8MHdcw0x2q9VhUfTNnj8Rgm+dOd2LVUVWckn6D+mW9u2JehvK8F4Fe3P5fJggb30YNfSezYX6VLnoagoGCw==
+hbo.			86400	IN	NSEC	hdfc. NS DS RRSIG NSEC
+hbo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . geuF5y+FURqNNdyQaJJS+VSmAZi8WzbxQ6fTtYuF2sveZXlFrleLpJLt13Vu6d902x7LOVIg/LxE1akbskGboPmwVHQJS8HcEFOAU59HX/H+UITpUXxJhSaeHMDEEySW1Bl0nCNtA4p3UJz+f+WWSbq2jrFjcct9liaqLdbRCGCDP9xu3L8N+x3mgQHKucNdRYcAYbLXGQT/Mb8ub8l6t5Pppq7L9hGCLYxkBdSuSREQ92TAL7XOK1vmC+jxNGywqLVLIBVbvqLtv5orlb4I/bqg0gT+kXp84wH12O2hjrdDMS7CAPietAi7emYTGHwzp3e5Kc0xqyCHsP7uJ0turA==
+a.nic.hbo.		172800	IN	A	37.209.192.9
+a.nic.hbo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.hbo.		172800	IN	A	37.209.194.9
+b.nic.hbo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.hbo.		172800	IN	A	37.209.196.9
+c.nic.hbo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.hbo.	172800	IN	A	156.154.144.70
+ns1.dns.nic.hbo.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:46
+ns2.dns.nic.hbo.	172800	IN	A	156.154.145.70
+ns2.dns.nic.hbo.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:46
+ns3.dns.nic.hbo.	172800	IN	A	156.154.159.70
+ns3.dns.nic.hbo.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:46
+hdfc.			172800	IN	NS	a0.nic.hdfc.
+hdfc.			172800	IN	NS	a2.nic.hdfc.
+hdfc.			172800	IN	NS	b0.nic.hdfc.
+hdfc.			172800	IN	NS	c0.nic.hdfc.
+hdfc.			86400	IN	DS	23122 8 2 F73544D186EF971C4E3172EDDD985D4579C4BB60B5D04396921D25FF9095DC6A
+hdfc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jX0WB2EAQRy34l/tnyQ5CqPq1QXnD8KOWBdWTryO8bR/dRVPTzuxjZ/ThoMOko9M3fzmLUuVaHD+QwhIjiSlcVvyNRUxlkQUaLim2dQVSToBSeaOMgej+u+mbobk+juuYb+znAdBlCzZ6CpTa3WQAKd9myeT4UqprQlilR/t3QBeSRPGP6fdhGWnFQBSqhqUxu3O2sjXoIWbGXHf0LcpTyQFavi8W1T0G4VnS5cV8ubse+xe28B8ZLi5iJQdkqLQroBAtlPfURo/xUa/1z9C9Pl/pf1Ut2pOtNk5bEOcvr/ZI373lmyLCA+Bwd+c3YtpBQ3vuEe5qOSBRVybjJMJ/w==
+hdfc.			86400	IN	NSEC	hdfcbank. NS DS RRSIG NSEC
+hdfc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L1FhAwB7IJAFYdZTPQ9exQPbMxHvWL7t8+k44PXm8TJeAVoWtkODwpXJ/Ju2ihr/C/L/7Q25lrh0a7moTMnAQSF+nBuHiK8vxzrozOzneEwZ0JMsjSaXBTqkZxpYZZwNvHCd2sCHoBT4rcwbuYDC81MJVxDS2aPii/ornODs5Wpy4wLNYCYUqeWs5zrnI28x5xIM5epg1aDRQ2SvpGm0HZTuggLNmBAnfQyZG7X4h138pcA+/6e3EgIi/kY5wgkrwNjXOiSzTH5DBtk6D6M13dKWwhCjUHKqJzOw1dVn+3OmqcLNYg/s8t3VzqHyFOwjti1qgwEsExX6nGo2qoWBbA==
+a0.nic.hdfc.		172800	IN	A	65.22.176.33
+a0.nic.hdfc.		172800	IN	AAAA	2a01:8840:aa:0:0:0:0:33
+a2.nic.hdfc.		172800	IN	A	65.22.179.33
+a2.nic.hdfc.		172800	IN	AAAA	2a01:8840:ad:0:0:0:0:33
+b0.nic.hdfc.		172800	IN	A	65.22.177.33
+b0.nic.hdfc.		172800	IN	AAAA	2a01:8840:ab:0:0:0:0:33
+c0.nic.hdfc.		172800	IN	A	65.22.178.33
+c0.nic.hdfc.		172800	IN	AAAA	2a01:8840:ac:0:0:0:0:33
+hdfcbank.		172800	IN	NS	a0.nic.hdfcbank.
+hdfcbank.		172800	IN	NS	a2.nic.hdfcbank.
+hdfcbank.		172800	IN	NS	b0.nic.hdfcbank.
+hdfcbank.		172800	IN	NS	c0.nic.hdfcbank.
+hdfcbank.		86400	IN	DS	63937 8 2 B8F2CA908CC4E3526A25AD74DA7F2D9962B4A1692805AE8F5C0CEF5542745029
+hdfcbank.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PXL19OCshZPL8LDUQKhApMovL7USahrRDPDJ36oRAwzIIlYbnEvKMULbdknxkhnROzYT34jlvHUvaV5yHCR/1U0KhqD+q83ADCMTdda5O16xzxkk2QSNSRSxzRJ5AUX1iHos1rdKFOU247Yjw9qCFLHgbTQ7w1+THQBuqMgac4dIsZeuZbtuhkuOCjH/jGN9oDWabWD6MUgJp/N/ACGNdFkEf3bXNpmsNq55pniCv43VoFwDE+Mk+tUn+rFt3URL+cApzL27vsYWLGdo4HYPYnOqFeSPT2L8o9Mc/SevmjLJEj9A5WehOAUDi1Wzl4cO7vNlaM35JYjvW7Swu3EQHw==
+hdfcbank.		86400	IN	NSEC	health. NS DS RRSIG NSEC
+hdfcbank.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lx2+GVPooxohc5Eik/ZDLUKJvngEqueq0JcKtnVk0PpEzdh4ZR5OugDFNy3Spm73tIv7Q9Y2vXNyo/nLLnzw/sBZTC4Jc+yMhx9xN9xgYoT2B5BPZ6xGm4CmCpSsGab4XV9M7gCjScy/DMBNaRrFfZEx2HJj+F/q7NhX9+ggoq9Z9m6ewDke0XYKRSl7+2MkUHWkWOPVG5cN9zCpoalcQLQsKYZPVO3RGs1WvLymPzq5Z9DrQQVXCBNmIWaW/WfgARmqhxzGebjnINsPYLXGzt+jQn/No/KGLRGNniQ6js5YOGEb9Kyuc/BkSF+hk67oA38AJxG4A7K1tNyXIA8uCg==
+a0.nic.hdfcbank.	172800	IN	A	65.22.180.33
+a0.nic.hdfcbank.	172800	IN	AAAA	2a01:8840:ae:0:0:0:0:33
+a2.nic.hdfcbank.	172800	IN	A	65.22.183.33
+a2.nic.hdfcbank.	172800	IN	AAAA	2a01:8840:b1:0:0:0:0:33
+b0.nic.hdfcbank.	172800	IN	A	65.22.181.33
+b0.nic.hdfcbank.	172800	IN	AAAA	2a01:8840:af:0:0:0:0:33
+c0.nic.hdfcbank.	172800	IN	A	65.22.182.33
+c0.nic.hdfcbank.	172800	IN	AAAA	2a01:8840:b0:0:0:0:0:33
+health.			172800	IN	NS	a.nic.health.
+health.			172800	IN	NS	b.nic.health.
+health.			172800	IN	NS	c.nic.health.
+health.			172800	IN	NS	ns1.dns.nic.health.
+health.			172800	IN	NS	ns2.dns.nic.health.
+health.			172800	IN	NS	ns3.dns.nic.health.
+health.			86400	IN	DS	6277 8 2 4A5ECB53AE18B611B3345C9549E55E35944FEE84F50BC150D8667CF1449DFD06
+health.			86400	IN	DS	47641 8 2 B1F415477AD6386ECEB54957A181EC70D0B3CCDBC09C5DF6DCDD063F69BF0631
+health.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uWaFrfZnFTns+ijbvVts+IijuhHYXCrSEEWV9BEtLyrwsOgV1T7G2R2HXcgJh8gjFy3P8uuNnaCTxXRG4BUT1oISHukhxsFUaOt/b+sn2hweRgjBF+Q7wZBpAPi9HDSh3EkkaVmup9jCpWgIsZ3Aom81+6dhWRBZhW1BQjZUn0ojXK63EPqHZY4lAFmnDR02FfqRTFqMXKXbFbmVmNpS+T3weAXkPAsFN6m1iTcbhIKnDjYDgSd1UC0TnxkVmsz4/C1JVdbXZqgkWe+hv8+613VCtE583EZAO4cNCTE5KuPhJ5VSUWC+9GzaExjNxvVIUnYVOBc8jBjbv9p3KTks9Q==
+health.			86400	IN	NSEC	healthcare. NS DS RRSIG NSEC
+health.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eWePgZN5PwCSuy5Lkq4Bh7B2EYFHtX4Luiww+yXI3ub2Sql/UaSWOsf/1Fc/4tbRvCFQ0usT5fTYBVZRACNIYKYeqGl167LOs3b5XMfqj/s0wjvZNXPXvetDO0VfJfQifXMKEIjQ48CZX9oEWPBayiwwFp+TvYFZorrhBQQrvqu8dOKd8FsMTl/r3QQLTbfbuhEMIrTFCnhZWZBxVUSjvilnQUrw+pmJCS94mvt5iSjCoBanoUjiDVF7iOJYXby8jWybH4CZpiePHv7A/FXevj39wxfFfFym71iYCDnkx+pni8+ZtpYAyKk13nNssLy2d1da9tb34b3cArQ2CEzIRw==
+a.nic.health.		172800	IN	A	37.209.192.10
+a.nic.health.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.health.		172800	IN	A	37.209.194.10
+b.nic.health.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.health.		172800	IN	A	37.209.196.10
+c.nic.health.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.health.	172800	IN	A	156.154.144.247
+ns1.dns.nic.health.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:f7
+ns2.dns.nic.health.	172800	IN	A	156.154.145.247
+ns2.dns.nic.health.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:f7
+ns3.dns.nic.health.	172800	IN	A	156.154.159.247
+ns3.dns.nic.health.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:f7
+healthcare.		172800	IN	NS	v0n0.nic.healthcare.
+healthcare.		172800	IN	NS	v0n1.nic.healthcare.
+healthcare.		172800	IN	NS	v0n2.nic.healthcare.
+healthcare.		172800	IN	NS	v0n3.nic.healthcare.
+healthcare.		172800	IN	NS	v2n0.nic.healthcare.
+healthcare.		172800	IN	NS	v2n1.nic.healthcare.
+healthcare.		86400	IN	DS	24502 8 2 DB68117556C537203B18D94BE79836F65ECCE06452C5658D16887BA2F0629C58
+healthcare.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XfUXD3eWkhGEOMkU3d5/IjBtRC5FNRDWsGkyG83/OZ6WT/A6jJ0Beejw7uJ5eZUhMXB610XqXZRMl0po5vXMb91jY9R2Q5HwCuf9OYOUrRAHhU6bBA8OhnO6jUAxGndfNbIecd2GTqmwqGR3e2gHInprZIIRawgxMCxLzXUC3TNMqiEOqXl4ZS/XLVTevb7uxK+ZEYdhtXw9L5OMHsTCgm+wbuiuWs9kXpONEN81L6kZxLM9Dl5fL3IiPn6eVPu4zaMSY74qen75iyWWhfb+LXiWFFz+8bS3ueH8zaaPaTfOTaRCebnDSR3mF8kxJfblA7PgsThn8WH7+z94VSnJlw==
+healthcare.		86400	IN	NSEC	help. NS DS RRSIG NSEC
+healthcare.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jHZ8TCJ628hcO3oKsJL/NjlF4JaMW01MQWcYjR4B1288qRJAq99aDX14eatUR6ihd+wYade0c28zQBoNcys+URYCjJz9U3figJrupQHvrc/dKD/syaQHH7rki/E+QLRA1Tj+dB4sdgpT0Y9aUWXbQmz/IjIj/Lt6TwoWsgdJPpoqNq493lYHbrLnAlu9S/w6tdOtSVnDBOSFonzWse9Ef4/HWWj5rEhGcwSZLNsaxMolPzUzxsR5MYqNFOhjDMJ11dA1RGVKxERPs48qKR0tZCxQrSmjZ++FPEtQ7VujUmv72so1XUoq+8X94QNsk7+n/Wys5H6ncMwy3XgBSi8/rg==
+v0n0.nic.healthcare.	172800	IN	A	65.22.28.15
+v0n0.nic.healthcare.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:15
+v0n1.nic.healthcare.	172800	IN	A	65.22.29.15
+v0n1.nic.healthcare.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:15
+v0n2.nic.healthcare.	172800	IN	A	65.22.30.15
+v0n2.nic.healthcare.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:15
+v0n3.nic.healthcare.	172800	IN	A	161.232.14.15
+v0n3.nic.healthcare.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:15
+v2n0.nic.healthcare.	172800	IN	A	65.22.31.15
+v2n0.nic.healthcare.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:15
+v2n1.nic.healthcare.	172800	IN	A	161.232.15.15
+v2n1.nic.healthcare.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:15
+help.			172800	IN	NS	a.nic.help.
+help.			172800	IN	NS	b.nic.help.
+help.			172800	IN	NS	c.nic.help.
+help.			172800	IN	NS	d.nic.help.
+help.			86400	IN	DS	10505 13 2 9F5FD17A8185397A597DC230DC457DCB5DB4AE9CD4A3285CC7CE8CAD823BFC9D
+help.			86400	IN	DS	58472 13 2 9313A5FF28806D26514B86F9A83A67B79692AB1FF3A4401CE49FC0488B607BEA
+help.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gujqoFqGZU/S3YhIj29o2LvvqzRSF4+ostXgpACvqUzaKhKziHa7mJXairLKY1nf4VtbFONT6dgE9TAQd5bpKW+7mSq7gqTr2lTWqHZuqiG6t4n2Tg+qgY7P9hn0dGcL3Hsn5ToIId9s53Mb/KLsdwc5PmaYdMexsQZsmnCex1LuUK8TgzLPJfBRFMtYOZh9ujaDb5hckBwgslTsVJOtmQUDqfP6dzV41Hc/PqSrlgLvnwOkTdbN4bOg4dZS76qUJjmUgzHOBb2L7xLNrIEFbFvtUVKcTUVGfVnKqWvR/9+05SnKcuxGxdtOnt+7xG9DOFU9jZdtqt07c1brmM0VZg==
+help.			86400	IN	NSEC	helsinki. NS DS RRSIG NSEC
+help.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gU+3YS5aQCgg7WY60RLkjtb/NbiTdPAW8DqKVzQuEEVZvWTqovucA/TOXCgOjVoPaq9t9G+8LuDtSEuW51g3RYXfhKAfbbyzCvS6Rir/55ogZ6kqZooa6LdhKKr9v4hwDs8l4t2fpF5G3G4Irdg/WSIrAZe6+AOhswWmo1DeMV6BTNGuyuc4DXwke3cRI+BquQZg5pp3YZclZj6nDiyxmFD8eQwijI8jG8OfIHQ+D7BjohwKMw9gzGNc2sS6ucxB6cvuOWN8l1x0WQQYP6cDGoqJ6ohAlPBhdaUwxs9ZEUdb+MgBCXLqYFq0kqlIPCMORN7VODqzOnNYp+hGhWz09A==
+a.nic.help.		172800	IN	A	194.169.218.158
+a.nic.help.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:158
+b.nic.help.		172800	IN	A	185.24.64.158
+b.nic.help.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:158
+c.nic.help.		172800	IN	A	212.18.248.158
+c.nic.help.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:158
+d.nic.help.		172800	IN	A	212.18.249.158
+d.nic.help.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:158
+helsinki.		172800	IN	NS	a0.nic.helsinki.
+helsinki.		172800	IN	NS	a2.nic.helsinki.
+helsinki.		172800	IN	NS	b0.nic.helsinki.
+helsinki.		172800	IN	NS	c0.nic.helsinki.
+helsinki.		86400	IN	DS	31639 8 2 069A71EF4B12265A44802FCF51B4531DC3835F8FBB68874FBF3565144A12770D
+helsinki.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Kihr01jMMPwVKTMLvkCf+LBraGOx3niDYdv/wW0E1RtOf0PscPTVM5Xant1co9NZMM856U3qbLhQXpg3CGEEa8cYx873M/LAbAplL8k/uP4ao5YKcRQEke0yUDNqcSx7xeZ9+FA0dpA/QrhobEkHeVjSAtCYP7CT6jygjpbuJIRtbIJFyMX2es/8kqPr5Nk1OyX3fIn7EiBgMPROj+rviB9SmwcSAdtfbR1vResSYyFknWN7S/k9EkupzJx3k1ajOCrHTBsR5gW1dvzpHp0zzz0xEdSR9aiyuHOdQGFP+VlcA6Xir/C4oEg8gUTkE2+oOrXzym3MzILnV438QG3fsQ==
+helsinki.		86400	IN	NSEC	here. NS DS RRSIG NSEC
+helsinki.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rBVpz+RyxUOo/4D3vjlvK1vA5aOgiZU9jR3m+F3qQNE8+q4wzmLn0g+ZVFwQVlix/uJRzT3njrK+G6BxLhPQHbWmpBcgxWXnjVj0wJBlO90yDqFNRUS1/6NlhJLh8N1OBhh/AG4SQ/cBh3AUSXRgpKSkpm97uz+kXp503CXeu+2NBf/DK6L4P0p1sypV/ek3lqBqQlUydPRyDMHXypZgBnjXwMjBfth4Dx7TSotlp3wsqEDnYAVdixDzRotrqKbvkoXFmSty8os2fJUPGSGF7Y62LzhpVDmFpGlbpPnMo80nhSALOqbP4h+WKOwyVp274PpVusx/ZFtLsmZ619N4KA==
+a0.nic.helsinki.	172800	IN	A	65.22.220.33
+a0.nic.helsinki.	172800	IN	AAAA	2a01:8840:d6:0:0:0:0:33
+a2.nic.helsinki.	172800	IN	A	65.22.223.33
+a2.nic.helsinki.	172800	IN	AAAA	2a01:8840:d9:0:0:0:0:33
+b0.nic.helsinki.	172800	IN	A	65.22.221.33
+b0.nic.helsinki.	172800	IN	AAAA	2a01:8840:d7:0:0:0:0:33
+c0.nic.helsinki.	172800	IN	A	65.22.222.33
+c0.nic.helsinki.	172800	IN	AAAA	2a01:8840:d8:0:0:0:0:33
+here.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+here.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+here.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+here.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+here.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+here.			86400	IN	DS	32584 8 2 DC704BA2007A9F1F254659A40FC55762434B742F3919B6F31FDC53B8301657BE
+here.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . q4UxeHIXgPrDrVsyntzd5AqQie1QzMuShRRggBCMDdw08+75EMmV/OhDlfKmQyexVTpf8gF3llQWCUddMmZMdpa0HqXaKKKiZ4pq8kYwQWKqBbXvDJl/X0n6zR6zYXy0EI+1dONjR0Do2AML+dPIlPGJWIfKROZrTVunFQRYjB0jPaIiRzWgJUgL2P15Bo++Ps/qcp1npwCvIG14tmpRZmGSv48mwu0XWt7lw6QwBUVg3mKdJAlvuunYjUdSuHLftYSMPaoudgcp9jWSBjux0spEghqKJbJz/SE1p7MZdOyatQoaoT4R+fZUyrKMpGNsCHKyWldEULXz/6ct9ZoK3g==
+here.			86400	IN	NSEC	hermes. NS DS RRSIG NSEC
+here.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j+uytu+p3I3ZfSTr8Nmr8pfEjDSZh2edTgBXNlujiiHQlWxXQinVURe/Lg7TUuXspwjsH6HzrCFW59CrJqJjkuQ+FJZvCTtjL5bIUnoUi41aww6d6PqTXtmYIGPb8smSFMDjsm5ePXRrYqsyhlelxJsCzOa10MB+D79axIYckH/TKSC6mVk3h5gor2Tb5DSjD01dPI6nHvbF8UIlfn+dCl85VWqYm3gjtMJ473ogNtKs/1oz5FIgPIpwNOle7jX5Yi0lkmFA/Rca5t10e24Oxesg62TeTIDnavtwXUKls4Xdg1F7ILJDRN8W038bZRCqYmd7i8PNevIXrORN4H1Btw==
+hermes.			172800	IN	NS	a0.nic.hermes.
+hermes.			172800	IN	NS	a2.nic.hermes.
+hermes.			172800	IN	NS	b0.nic.hermes.
+hermes.			172800	IN	NS	c0.nic.hermes.
+hermes.			86400	IN	DS	17194 8 2 F38AE5E161D402739020CC92A88DFA905A59972426EF42044C37EA6240BB9614
+hermes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . G5zqz7ApwENkKaGQK6S8330YlrIS+wqzX2IWMWES/XWfZ1NIGiphrTLGOP4PTdn/TLH4Qg6Y1WJuYD5Ict9CUzMCgk4s4EjZ34zi7P3nXhY5RhnjRAmc+I62/3Ptg9OaQB/ykpPNC5w7V/FDfwDip3+g7iBJKWlqpCDEZ0SJpSviCoagAiV1gvCI5BQrTBCgRBOwcApFp/OMjq+b2wrUwUXlT9txEAlr2j90w1w2T+z9+mvqtB6SRjcBJ58sESO9G7W36W4an2iv0Rq+v0uVegrFD9Nr00O1OhEEHJ4a32dKWuWikchDCAxzYj9aNqJSRAXMhbkcPVbmAjt63pk3/w==
+hermes.			86400	IN	NSEC	hiphop. NS DS RRSIG NSEC
+hermes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FAKZ+4WPu2cwwVd3bgOdh9RFnw4RT0Q0h4SN1Mg9PXRV61Gs8rOwRnDYNNKS+L4HPoUH1oAQ5/h7srSCzmE8GmWvXDYCqNDUxiqNFZDOA8XLNEiR8EbB4V330pWXJgKRofxLL3lnlnmpgaI9BU+THIOMzS9lcqSM/YpsOl5tqpUtqrJzVe0I4WdCOR4drkpQE9khTAIJSIh8ToTSkPKLo9B1Sz5kw5bjfpirOGCbllZBCd9zMN92xz4BkjRslMDA0SigkozfyUdCuE1yyH6BkKbXSbU/FOtXNUAuNnAAJnMRkvGt1J/EOTXzgL61l8md+kxoe8OcqAoWl9blr9IxVg==
+a0.nic.hermes.		172800	IN	A	65.22.232.25
+a0.nic.hermes.		172800	IN	AAAA	2a01:8840:e2:0:0:0:0:25
+a2.nic.hermes.		172800	IN	A	65.22.235.25
+a2.nic.hermes.		172800	IN	AAAA	2a01:8840:e5:0:0:0:0:25
+b0.nic.hermes.		172800	IN	A	65.22.233.25
+b0.nic.hermes.		172800	IN	AAAA	2a01:8840:e3:0:0:0:0:25
+c0.nic.hermes.		172800	IN	A	65.22.234.25
+c0.nic.hermes.		172800	IN	AAAA	2a01:8840:e4:0:0:0:0:25
+hiphop.			172800	IN	NS	ns1.uniregistry.net.
+hiphop.			172800	IN	NS	ns2.uniregistry.info.
+hiphop.			172800	IN	NS	ns3.uniregistry.net.
+hiphop.			172800	IN	NS	ns4.uniregistry.info.
+hiphop.			86400	IN	DS	7668 13 2 DE0BDE4365798B5080D31D7A5A8E7182D4924938761BFD506AF371EA5CB36AB0
+hiphop.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0krzMm8TO97QcDdSJg4W8iPBhiUsTModhJZnSPAxyw8xhb6fNLHNtvMT7KJlUhVZoSHW/4oJq9W9VLoFaEny+pKttIfJfZdie+hoiORpfbsNBIu1fQWJfuwSNLd1cNQFQSPTVUFaq0l9Rg00BcXKhX3ewEl/FTUM3H+wy0qhopBdfVKu1CvK/AwpWWu4mz0QZ1O9aM+6HiMWD/0jNqVkpiah8V1z14pW1AUVkk1IggjrqRDZy9yyuJB736nDaXNMWZ/yAQbDf2DzaqtVn+yRrkE3PgG4bQmiOYu0RJAiSfD/X5XFujSUdlm4RNztabaD/yMevoo0DPCyBsuPohtR+g==
+hiphop.			86400	IN	NSEC	hisamitsu. NS DS RRSIG NSEC
+hiphop.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BzOfsGyUC8Q7H17/T4Ij5/UoJL4Uhiqrbf9KwAvc2jeAKE3sA1uCu5oaprRYJPDt/sNAOW/Yl/PJRDboYH4weRMJUrzcnSM+iTIWnSMzl/Fn2B6kyD+HuA0PqQUJtLvo/u8xPYzKblHpQ2NXLvi+KK/TPi/lV9CHFG2n7LM01gzHlJ5//HMO2UVJbeqpChDq/23+fCJpKU8APgAqslbExoxYMetKO3hkxoyuPP3NBYudekre+Ql8C0LJWxb9g3SdEsZz7vX0Jj05mjm/GRNEVtbIo35PWxgK6eHjgfxT2DFlro5SGxd3In+2mAx5H/tMFCTlH1TTxQCrCsA7J0RXDg==
+hisamitsu.		172800	IN	NS	a.gmoregistry.net.
+hisamitsu.		172800	IN	NS	b.gmoregistry.net.
+hisamitsu.		172800	IN	NS	k.gmoregistry.net.
+hisamitsu.		172800	IN	NS	l.gmoregistry.net.
+hisamitsu.		86400	IN	DS	30364 8 2 02836F0E9FDB7E3CA5983577CCFED953698BD173D92A2E65650F73F14C39AC8D
+hisamitsu.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xM/GFj632kNup1FAJBJsjA4fxlUaQvg2WG/Sp65E2g9uP8EynkA+JU/sf+THWikThVIEy/WZ7eNvjuvCRcMnvhAAF7Nb+EaIyFibaWCdlbVdYYAQ9QuGt2QsUCzaAiAUuux6QnK1mDp9uUYbJizh4NJqE0z3WPhS/7LxceYyjXOmorKr1wQ6fNKP8dX8Qd7Y6Rzzoh52J3rXZBdEz1DExGiGu8niROfWn6A7K0RcKIpkms0skgplu0HYCS6/91qqRiPj1/tXz2mukXCUxA5sx1Z0/QMw4SvWUj55/eFVjmqU2XB+47Qa1smWvjBWJJsdWgP9SI3KqziAh0wung9PLA==
+hisamitsu.		86400	IN	NSEC	hitachi. NS DS RRSIG NSEC
+hisamitsu.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XEL0XZoUdpCYJHiQwdFxc79l0ZTAggtXUpgoC9fi/VA+cBI3TLDzjquoTESK04r1P295mtrd7hygzgwgVn8q0YqVtO/LqJnpHTH5jj8nFF8M80NJl7yHNEHshqY+mN74balLzeftfwyMjleLKzpIA9oHm8f73qZ8tyt7UDHjMY+SjxBGl6y3yg6J9SGFuVnatyUNiUvT4CkzGG158GibtTwDpFP1NO+bzUbnGMK6Z8/bJgylIMogu4pQB20law29S77By7SJQKdVnWa/GbgcOf1QCOlLpAu7Pse2ocw8vvGZ7Mv5HZa5dYIEBAZPL+uFka09AcJQnSrySeZUpu1FYA==
+hitachi.		172800	IN	NS	a.gmoregistry.net.
+hitachi.		172800	IN	NS	b.gmoregistry.net.
+hitachi.		172800	IN	NS	k.gmoregistry.net.
+hitachi.		172800	IN	NS	l.gmoregistry.net.
+hitachi.		86400	IN	DS	14525 8 2 03EA91AC19AEB9FFA37874A5F0F27F2A04C6EEAE162FD7D9C87F083447D31E5F
+hitachi.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GnQ/KOzMlGTrY8d3ATnomtxrP3NRjAx4M5mYsRlSiLE2j4DFbHKAxrK1XH7ojv1SMYCYaaMnlDHL9ANBtc82Kp1TBGyccxez4Z3R7CCGddiOlo/g35zunVEQqx7h/Hab0MRG9kcV4sAPa6pcs6Caafe811v8mjyn3CO3xi3tWkHGfkpSRYACi3dQXwWOn0ZvseXEYIlNRYG3a+sEWE0AnI+mKKttHUVo1WzNw7mORRda0hegVKvd/aWKLjZpHDJoU55+M/Q3iXVLc32eViDPKmjD0FP38/sgQcA7aWaQ3Rf9VUZCnXNdQduvcLfnsbQeo+uFV9yrozWxcWAic5s0Jw==
+hitachi.		86400	IN	NSEC	hiv. NS DS RRSIG NSEC
+hitachi.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L1k8gU1Fn/9dFmBxRODEthIlyYbYQuuCqwHFWntF9RKmbui9XQ8RICDcakRlwxMtHhVC9KYEIVHuEr6z5SJusUJfXJxg/l16Xuqq8R0RcpO/JOufCZfVIqivwLJfPsquvYW5CbM4HXE1oavT4EuOssMoWnO6UjgNFHqPUMODQS8JziBDlSZITyz3ob6zTxmS8lixpCvZxVOVsfDOxr65fM6Af5Bcpn4Bi7k8FrzXVhB5eEqcA5kIE/uWNSJm2aws9PBB/gFDG0f6Xmu74Zkt/hF8V7E2vTCBZPbS/J9q0D/VSezfN0aOuIB6Gdr4g6Glf+gfcfkth/XtjscXUHs1Kw==
+hiv.			172800	IN	NS	ns1.uniregistry.net.
+hiv.			172800	IN	NS	ns2.uniregistry.info.
+hiv.			172800	IN	NS	ns3.uniregistry.net.
+hiv.			172800	IN	NS	ns4.uniregistry.info.
+hiv.			86400	IN	DS	50937 13 2 139053A1DD36C05B171D5ADB695CEDCD3DB6EEA7B7A2B0700AADC4C8712B1344
+hiv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Dt9wPZ3BhLEhm0cJSi+IvMzTVHZXvMzQTjK/x3Dcw3yZAkA002xpHDzFKAIJn+iVFFYZb82oskZtfIsEg3M8OL3e+xv3Dw4KNoHfnWgtRc4WgLZRF284VDhRDKsOXPBgmdKingWriqT77KxYMVHirs7MvB+65ArLpoZFAdtfsPbp114btSTB2ps7r4cV6cpQMBTtaQ5wX9vvQufp8L6ZLUEDk7U8mXCb7eNfsWtvaR7TAQkQuIvriuYeQINhOWCxKKXFIF9kYHtFZecnLjRcItjVxZ4p+JaoUnWuIOKB70ZyZry48C44llMm8J2qXrU661EqAnAcHvfHtBIdR9OeYw==
+hiv.			86400	IN	NSEC	hk. NS DS RRSIG NSEC
+hiv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pnZVfNKbTtfnhjti06Pshz0+cvEBFte0F1v08NT5M+IIZW4M9WEOwrUClmMXPvvFaFj3ExDsw4QzK+Vhwatmbs+g08pcFADvCGDql7IApcBtWfO/7/cbhkYZ6mXLhFY0iJp3DptcIuYSDWfaBTTUD9MEO7lVBkYNWNnVN4wZaX9Ksv6pABhJegDIsPawxqxqSx/3cK8FrkPOFjSA04hVn6JN0adOmqv6U/QF97uXTehbU2/Y4Nuzr7JLQZEdB6xVPhF7tse/CgMcvNgclqL98PRYm1vDG7jMO/BnM9v4GLNN2ruPhiZRB5omuEu2tlE7vr7ySj8UFRhcJ7nK8Qju+w==
+hk.			172800	IN	NS	c.hkirc.net.hk.
+hk.			172800	IN	NS	d.hkirc.net.hk.
+hk.			172800	IN	NS	m.hkirc.net.hk.
+hk.			172800	IN	NS	t.hkirc.net.hk.
+hk.			172800	IN	NS	u.hkirc.net.hk.
+hk.			172800	IN	NS	v.hkirc.net.hk.
+hk.			172800	IN	NS	x.hkirc.net.hk.
+hk.			172800	IN	NS	y.hkirc.net.hk.
+hk.			172800	IN	NS	z.hkirc.net.hk.
+hk.			86400	IN	DS	859 8 2 47DC78A2F99D4702FCA38EFAFBF8ADE187B5CFDA762494D59C9D8C55C533C8FE
+hk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u4tGhX6xv21q/JZnARYlUpDzXNyZTJCZxNfr3VAedHKvzvvxs6AeoYLgHCBCF/ZYZtm0bt2390xWf2QdumRbpd63p2pkMRia57JxAYLM3cUH4FRex/8vcYjoN5ZU3ZOwJ0LLcbLATmgnGMCsb8qoRrnqs+TCZ6dVyU0jRDvIuXaSMwlu/IGz9jxnLf1pqhOChoEvtAmK4U80c4pLfCQJoA6cVags7a6PeRxAfIG1IlONryFXlinMb0Zp4Ln3ImKF1UIWZhHLvDLQmSr4sIyLGlbZ9XrrW/aG9FrLxpnywcYTOLb5+0vvwgGyXnfeJ1z2lFot0i69IHqAk2rOSyBe6w==
+hk.			86400	IN	NSEC	hkt. NS DS RRSIG NSEC
+hk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ou5+fnc6ztdCRRbv51YZYO6hz1kzhFxj5bQ4ULAfaK4NBB+LfZouKbImBVsCkk+5yGvOSgcigqGbh/lYw/0o0eTrD8MDDx4HAfGsnSpz+FZrsSm6cZesKsjF+hpV6/YrdM3V0Z1igK65J00WHZJdUHxkegGip6gdxOQiMCe51C1V5OMG1aAsboKg/WhCXpO3VLooRIMQ0rda4J2ih5z0RxxXE8pF5SJUpUdXksTbhuWFpVY9X26jDaqBfJbWOnvRxO9N1vNeb/4/lOJiWCRXf/2N4K3giV58WfYiIlZiJ8uhdDhm3Sg7CUf42krEzl461tk7MWC983k5yNXnXWsrfA==
+ns2.cuhk.edu.hk.	172800	IN	A	137.189.6.21
+ns2.cuhk.edu.hk.	172800	IN	AAAA	2405:3000:3:6:0:0:0:15
+c.hkirc.net.hk.		172800	IN	A	203.119.2.218
+c.hkirc.net.hk.		172800	IN	AAAA	2001:dca:4000:0:0:0:cb77:2da
+d.hkirc.net.hk.		172800	IN	A	203.119.87.218
+d.hkirc.net.hk.		172800	IN	AAAA	2001:dca:2000:0:0:0:cb77:57da
+m.hkirc.net.hk.		172800	IN	A	125.208.41.10
+m.hkirc.net.hk.		172800	IN	A	125.208.42.10
+m.hkirc.net.hk.		172800	IN	A	125.208.44.10
+m.hkirc.net.hk.		172800	IN	AAAA	2001:dc7:ffc1:0:0:0:0:10
+t.hkirc.net.hk.		172800	IN	A	202.12.31.53
+t.hkirc.net.hk.		172800	IN	AAAA	2001:dd8:12:0:0:0:0:53
+u.hkirc.net.hk.		172800	IN	A	210.201.138.58
+u.hkirc.net.hk.		172800	IN	AAAA	2404:0:10a0:0:0:0:0:58
+v.hkirc.net.hk.		172800	IN	A	204.61.216.46
+v.hkirc.net.hk.		172800	IN	AAAA	2001:500:14:6046:ad:0:0:1
+x.hkirc.net.hk.		172800	IN	A	202.45.188.39
+x.hkirc.net.hk.		172800	IN	AAAA	2405:3001:1:3a:0:0:0:27
+y.hkirc.net.hk.		172800	IN	A	137.189.6.21
+y.hkirc.net.hk.		172800	IN	AAAA	2405:3000:3:6:0:0:0:15
+z.hkirc.net.hk.		172800	IN	A	194.146.106.70
+z.hkirc.net.hk.		172800	IN	AAAA	2001:67c:1010:17:0:0:0:53
+hkt.			172800	IN	NS	a0.nic.hkt.
+hkt.			172800	IN	NS	a2.nic.hkt.
+hkt.			172800	IN	NS	b0.nic.hkt.
+hkt.			172800	IN	NS	c0.nic.hkt.
+hkt.			86400	IN	DS	2077 8 2 B467734F0F2A8287BA3A0EDDF252055D740F2FD0072F81095EB6A56BE2405EE0
+hkt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NjeJXWVmNo6uGr/E53nBvuGZuMWKQXsNqaZcIDoJ5RFZiwp7H+RgoHMsCmSLI517DbZ10nls5U2Ebex1UcGwMDnFCSl8OcpB99cVABH4p4U96al1gzrZJ+BH69DkrkhgUSVLV99e80WeLTCSSfb2Ak2fIx1FnjKlwoiYU4OmiwH6Mi2ur4JPQy7CTeNuHfcRsN9BpoA0ArpF2BfCFkf7VvkH5h5a2L8G43QgbVqLaF77/yfLwyYlcg7BgKlnEsSxl3VEaYgmGVGC2hOvwLXThNSNi/zWijuhb7J917U0qFP9bXUhofkbXaebu0vLKyh+pZvCgAUf5n/ZKudUl7+KNg==
+hkt.			86400	IN	NSEC	hm. NS DS RRSIG NSEC
+hkt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pG1OhkA9rLQbTwytyaNnkiyVTInVcB7B/fKIjKxZ3PXHM8/ptxZlQ5hoRpbyHIeNLJr9KJM+wAA6h78rG5CCiwCjURvweNIVHow2kfbuNmSRlSK415hO8sFEa+BSOBZpsCZLiC+TGw35gANPwUu8WcNQFGmWVxkmsmTGDt41DDuGhqJ/t+f/DNfUiK2gn2suoiRpCtuVoCW8PKIibyAggRNoyiivtmnmOTl0Hm82+fFZVud5DaMcYyZbVLME27P3ZzJU8RMV3EETugIDFQ5H7cvwD6kWjoTlPAZn5cGo/pSLehD1W9CIo4koSjWRr/3F1DXk3jzUBrFLwmYve5gqnw==
+a0.nic.hkt.		172800	IN	A	65.22.116.33
+a0.nic.hkt.		172800	IN	AAAA	2a01:8840:72:0:0:0:0:33
+a2.nic.hkt.		172800	IN	A	65.22.119.33
+a2.nic.hkt.		172800	IN	AAAA	2a01:8840:75:0:0:0:0:33
+b0.nic.hkt.		172800	IN	A	65.22.117.33
+b0.nic.hkt.		172800	IN	AAAA	2a01:8840:73:0:0:0:0:33
+c0.nic.hkt.		172800	IN	A	65.22.118.33
+c0.nic.hkt.		172800	IN	AAAA	2a01:8840:74:0:0:0:0:33
+hm.			172800	IN	NS	ns1.registry.hm.
+hm.			172800	IN	NS	ns2.registry.hm.
+hm.			172800	IN	NS	ns3.registry.hm.
+hm.			86400	IN	NSEC	hn. NS RRSIG NSEC
+hm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ptcmcAnTClklSFM/jHsFiUUCm1XOLgIcuRt5pYG5WLJrC21twqPg38LqqilVDRxf++jRRCoXAwCTLaN98U0mbJsFOkMpsPV+ilmn4ZvQNT24KKELiQlurn71U3MKrXXYf9JqQ0jNbN+EkgqlUqEATSLGra4P2MLGbnF/Xy4hzGpvh0rlxpAaEC5/VUbpstv54Na9VE6VyZHAuXrlH7glNOgI0Vey9NO2U1OEJi/pjnwfblUn1XrbrKjhM19M5DHwogxUiG9EUFhc6zKXQ+zQ48SS8MnsxZ+9wXfhcoAxv8diAXlg/+UZjGGX9r/bAzags1OJidCVEAjDLIMnxfLTjQ==
+ns1.registry.hm.	172800	IN	A	208.70.79.25
+ns2.registry.hm.	172800	IN	A	208.70.79.24
+ns3.registry.hm.	172800	IN	A	128.199.180.188
+hn.			172800	IN	NS	a.lactld.org.
+hn.			172800	IN	NS	ns1.anycastdns.cz.
+hn.			172800	IN	NS	ns2.anycastdns.cz.
+hn.			172800	IN	NS	pch-anycast.rds.org.hn.
+hn.			86400	IN	DS	20599 8 2 B7CA2A70DEA7188CB7319A8049164EF9D0E3496D8FE4E3C135CBA8452544BA72
+hn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . j/tA62rWDydAo29DnEDHICCWnt73eJ0kNhcHiqJdIIkElmnA95m8SBGkqtBzLi4p6wN0CdnUDseU3u43E02Bo/YJpjl1TvL/OIzLCwh1WkhftKIT9OFdnPbtp/MqzatJ1SUlcxmSJH9b94sEPEaFJUnHNL+JQ1nPAjjSW3x+GlpgoP3ys7KDepIK++lgofj3iQHIWuER+/HqDJ+x7nhpKD7TdDs/njYI9OMSurVgzbt483x0VM9Fpz2U84AXsQGXYFBOVD8aPVyOO6RzsFgRcuprHqix+rIKqvJIZucFNnacxbMVZxSJ4oxoomhelj5vVgFIMJXF69/R/ZXHihZRZw==
+hn.			86400	IN	NSEC	hockey. NS DS RRSIG NSEC
+hn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rZO34tVm/QEijqYkBBiwGnM1gAtTyRryeoKnkO+t643LIVUvJj9gKTxHQooKMIVuueYMg13FgLWvzlae7H6shU+P0O7c2zQpuZpqkpZgkjiC8CDf18K8EHAjzjsgZ/Chxiwkur2Ms3MHxNotVMPMhya3xAOKmnTcaR4A0tqXigrC2aDheFe5fCt7m3SBm2uoDu59UD65md6kpIEtxtMId1F5sqnV+krQHjE+mHdNoNBjxyoIqUMkaCNki9DLoqDNAyseA6wfzmGjq59OMIIzyJfc5CYyaHHCJFC3GJmFAsTt+SkZ0ApxCNlf48z8CPgwspz97+8ZNq9EKgVxMvoQhw==
+pch-anycast.rds.org.hn.	172800	IN	A	204.61.216.64
+pch-anycast.rds.org.hn.	172800	IN	AAAA	2001:500:14:6064:ad:0:0:1
+hockey.			172800	IN	NS	v0n0.nic.hockey.
+hockey.			172800	IN	NS	v0n1.nic.hockey.
+hockey.			172800	IN	NS	v0n2.nic.hockey.
+hockey.			172800	IN	NS	v0n3.nic.hockey.
+hockey.			172800	IN	NS	v2n0.nic.hockey.
+hockey.			172800	IN	NS	v2n1.nic.hockey.
+hockey.			86400	IN	DS	17029 8 2 8BCCB97086905AB56155084578E7873C77ABCE3210245D2503F59D42D94D8CE6
+hockey.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GSzriDCDDJN+0XeAzz3SF2n99soLCJIg1xnCknevG6Psw6ODVPY+IGEkUL9lmOGyLt7ZAA3QCRx9a5JHoTznndRkeynSL1PLJZ/deTVQH+HDeiq4u+bz6Gfd8PEHTuorRP77bKvh/7o/tYlkAQbk+37zQ+b8JhlU4ImiTI5UKgfV0kU709inY1K7oIoP9E80lae10VVUiH+ZUnAvNFeEZvj97pp9u6DIDkQSrxlBsAhoGL3paZw6Zra3BODVsyOdmIsbc+KB8npvP5xxPxOURzel7lKnomyoVIqcOA5t1Aq5JBE/YXEtFsxHgFOZ+TzLxEDcU5Im4v8l3zKNdYG9QQ==
+hockey.			86400	IN	NSEC	holdings. NS DS RRSIG NSEC
+hockey.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dhMUbv0wZ8kMw+ZTuF+30Azz5LUBKgij6XBMgebV8GE3gJnwqRf0azQFGU1Ml5psm4ncLvGjvTkvWGQeD5+SyNBXp1Mlsc1Uxfrfq06i3gDEFAtB3UO2Mqw30LPruhiPQCRwlc5RvQNrHQuxrWgtZaX7Xp/vSubRKNIk8jluMeOvW4lhTXP0MU8rPv8rWlkkxKgPY6quuxQXZCG/sj/2n3/rE21BJE19Qvj2s+uOCudBMom84ovMxFG2UG7WXSFXnhhxl9Tiy0ICRM9x/cSOKenakstIDtBzEiiOSq+CwZnbYAZP6KR3CIdJfvxWoYqOvZk7iF/rjLo4sVlNV8SewA==
+v0n0.nic.hockey.	172800	IN	A	65.22.20.31
+v0n0.nic.hockey.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:31
+v0n1.nic.hockey.	172800	IN	A	65.22.21.31
+v0n1.nic.hockey.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:31
+v0n2.nic.hockey.	172800	IN	A	65.22.22.31
+v0n2.nic.hockey.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:31
+v0n3.nic.hockey.	172800	IN	A	161.232.10.31
+v0n3.nic.hockey.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:31
+v2n0.nic.hockey.	172800	IN	A	65.22.23.31
+v2n0.nic.hockey.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:31
+v2n1.nic.hockey.	172800	IN	A	161.232.11.31
+v2n1.nic.hockey.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:31
+holdings.		172800	IN	NS	v0n0.nic.holdings.
+holdings.		172800	IN	NS	v0n1.nic.holdings.
+holdings.		172800	IN	NS	v0n2.nic.holdings.
+holdings.		172800	IN	NS	v0n3.nic.holdings.
+holdings.		172800	IN	NS	v2n0.nic.holdings.
+holdings.		172800	IN	NS	v2n1.nic.holdings.
+holdings.		86400	IN	DS	25396 8 2 BD7D00CFF174D8898DFD6B1174E027E8899B1AA029555D54574F6165135F45D4
+holdings.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DNx8dKj7WPjq1byxB3j5SUIN5vHduY8hh/YwlEKUdFoDBsUukD0BNCK09Lk5PIgqRN3I1ab1Zk8iI/u4PhU+NJRlkI0q0qMOXreMMbxwWh8PdZEhBaewOcT1mxCL9ed5znMAZZ6lIsniF35RYg/SkD0GG72djfO4pAVGjb/e+2p5d2Gws6puCzK+v7eJvtkD+6MKPfrlKHxGgn80SX+s/SGJDU4JfyQuiL1zkJiBIXwdP6WY+IvfVvXpwV2zck5jsPBINyruMpK1GrnS6uVIBmfXSLXvgCueIJm/MZxgqIXUwxg92vakbcZ5ZQVTqgOkXkUolJY97ZNSSv8RoJJHUA==
+holdings.		86400	IN	NSEC	holiday. NS DS RRSIG NSEC
+holdings.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ThDASDUYwXrfQ1MdlBBmBZb+Pfenk7RdFWnQ5xWETZbtXu6hHI9cIhWcau81igeMNqrfnQhe63kD8mBipIva3Z/Hg/Nd+7OCs+kWd7K5+XTAaNTgX1z3eXDiv1rlwVm+I9ovDaZ2hlFrWuWNd/2kU5u9bvDeVSGTBt2I31f5CzutaGoJCm4R1AxDU51IfTKtnrkDJduPWM6i8Sewsfp5pqxlvVeyl4k+Jen/AJeJGZiht8+GFvyvqQs53SjsJAMGExkREFoCTtvp5xzOoXpJjGooYI5W63LQTuCCTbc8nTdcRq0WpjpIv4N1sbylsI/wavvuFRTbWZ6/wrSiXBJh8w==
+v0n0.nic.holdings.	172800	IN	A	65.22.24.51
+v0n0.nic.holdings.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:51
+v0n1.nic.holdings.	172800	IN	A	65.22.25.51
+v0n1.nic.holdings.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:51
+v0n2.nic.holdings.	172800	IN	A	65.22.26.51
+v0n2.nic.holdings.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:51
+v0n3.nic.holdings.	172800	IN	A	161.232.12.51
+v0n3.nic.holdings.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:51
+v2n0.nic.holdings.	172800	IN	A	65.22.27.51
+v2n0.nic.holdings.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:51
+v2n1.nic.holdings.	172800	IN	A	161.232.13.51
+v2n1.nic.holdings.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:51
+holiday.		172800	IN	NS	v0n0.nic.holiday.
+holiday.		172800	IN	NS	v0n1.nic.holiday.
+holiday.		172800	IN	NS	v0n2.nic.holiday.
+holiday.		172800	IN	NS	v0n3.nic.holiday.
+holiday.		172800	IN	NS	v2n0.nic.holiday.
+holiday.		172800	IN	NS	v2n1.nic.holiday.
+holiday.		86400	IN	DS	61717 8 2 34267E711A8FC7A8BB25EE22E87508951CAFAD73F29D332CDDEB3190BB9982F9
+holiday.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YWXEnuhWz6pvkANm2Jjub3iFMHm6/dxr8C2hbKApJwRt7hLCyICdSPUmKVvmA9PAPOiDN2DeDgE9yPheuQ5Odf8l9c77KhufpFQ0M295209SbFWuISExJl61NRxRNS5uKKCvk7l98+WDekHtEq1GJpDJx2mxSKP7N+cDuGBRzhWkhbEirU/tGoogZlv4Bq8Nu2v1KDrc5spjoonfpXBEyR+5aBDcY/12j7Gu6LEGBX1E6vB/W0YTObpCLmmp08DwlezBkQ9Aby+bEsjFS7EjWci/LtEqN+0UVdu9+pQ37sO092c0iaBqWfRRuo/vAHKYGVxA5nv6433ctQTP/z4UrA==
+holiday.		86400	IN	NSEC	homedepot. NS DS RRSIG NSEC
+holiday.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r7IQtGQuKKvnKXXy/orjUbkpRHnOJKc2dh0MLspRqHohjfRHpbXo9xEd7ZlReghHYBQ2SVafRSk0hDUwC0RDC335nemNqmUtJbnUBBkJNc7rvC1JS9DIQRRr24P9TkhY3tIXRZ/s1JccfOik38feFI9nK34zQyGMOLa93jQPMVhzdyqawZSb/nMy6F1CJxI7L3uSWu4YwCgYUE7vaHnth2qYxNdDN2JewIblDdYjWe8uZJKB9vPlJP/KyBXUXj7ceuujAR32cvXzzD8OPveXO10REEjKDtqe/lrG8Qf+IhakQoutsNZJuMp2SepZ6wkTExyAwyAgRcq5hiNgdl3b/w==
+v0n0.nic.holiday.	172800	IN	A	65.22.24.24
+v0n0.nic.holiday.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:24
+v0n1.nic.holiday.	172800	IN	A	65.22.25.24
+v0n1.nic.holiday.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:24
+v0n2.nic.holiday.	172800	IN	A	65.22.26.24
+v0n2.nic.holiday.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:24
+v0n3.nic.holiday.	172800	IN	A	161.232.12.24
+v0n3.nic.holiday.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:24
+v2n0.nic.holiday.	172800	IN	A	65.22.27.24
+v2n0.nic.holiday.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:24
+v2n1.nic.holiday.	172800	IN	A	161.232.13.24
+v2n1.nic.holiday.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:24
+homedepot.		172800	IN	NS	a0.nic.homedepot.
+homedepot.		172800	IN	NS	a2.nic.homedepot.
+homedepot.		172800	IN	NS	b0.nic.homedepot.
+homedepot.		172800	IN	NS	c0.nic.homedepot.
+homedepot.		86400	IN	DS	41296 8 2 547D577CB0C59BC0FDCA6D4A26AB5FA73588F9F7BA554A6ADFFF6B31BA056E45
+homedepot.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RSzYdRVxCYYv8ZCpeOLdsQ3va0wxdOJ0Z7fzfw+u0vg3+hIXua0W4+D2n/zhtJE1q3aUnGFUZKZ1SZgyej28pBwD6QV3n4e3Dqy9/ffOH97/WLg34Ky8xHfdfn88U2sCQSkoAXkEfglE6lr/GtFye3PZJ5/Shf6iEI77BnLzMNYCoN/oMguIhvWjbYb1u3lwPH8AnfE3yASvm46nUiPy6tAyKXleIZBlAwj+2HzAKmrwMGng+TVO+ReLmOcofY7+W1D9S3YUVfVtKrHiEvssgsYlfLcBraByK9ETzd3G7c3aN8hYa51AwrEDm7O7mBqd2AObjcxPyFbTm9xVC+Kwjg==
+homedepot.		86400	IN	NSEC	homegoods. NS DS RRSIG NSEC
+homedepot.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a8t6RvP6XhNPLHGp2Lncdd5cnwaFiwPUK65dYUYI6pczUflaxGSrBhUsWqpiWKOrEOLMc3CAF0tsQ3STRye0phH6or4hyNk6fqIjIuQHJsdaIFMnTNHrV1l1O2plCEwtYWacvvuJsskQPQnPVeOEyNt1hPoEEDc1yWG68BcmR2kP/a4RnCfGXgHPK9Pnc/E5ZMnNB0B2VAOafxY/YiyVeZ4YIq0QExvXRmWWUjJM9KGgg0IqG2ZPrav6VEy82qV8efxBs/GC4FSG5gHB/+FMSL7dsmQfiUjCbu0Vi8c7Jkpn+LBDOBFCjKiwC0TgeIPyes6vswdo8p71KGX8kU8ybg==
+a0.nic.homedepot.	172800	IN	A	65.22.192.1
+a0.nic.homedepot.	172800	IN	AAAA	2a01:8840:ba:0:0:0:0:1
+a2.nic.homedepot.	172800	IN	A	65.22.195.1
+a2.nic.homedepot.	172800	IN	AAAA	2a01:8840:bd:0:0:0:0:1
+b0.nic.homedepot.	172800	IN	A	65.22.193.1
+b0.nic.homedepot.	172800	IN	AAAA	2a01:8840:bb:0:0:0:0:1
+c0.nic.homedepot.	172800	IN	A	65.22.194.1
+c0.nic.homedepot.	172800	IN	AAAA	2a01:8840:bc:0:0:0:0:1
+homegoods.		172800	IN	NS	a.nic.homegoods.
+homegoods.		172800	IN	NS	b.nic.homegoods.
+homegoods.		172800	IN	NS	c.nic.homegoods.
+homegoods.		172800	IN	NS	ns1.dns.nic.homegoods.
+homegoods.		172800	IN	NS	ns2.dns.nic.homegoods.
+homegoods.		172800	IN	NS	ns3.dns.nic.homegoods.
+homegoods.		86400	IN	DS	8509 8 2 FF29069BA0204E904C1BA9407D98664383C7C9D65F4D33008A13042B497C93DD
+homegoods.		86400	IN	DS	15460 8 2 F6BBD1FAFC2A7AC4B287FB2EC8BE0907D52B7A812AA437F4672EFE4088454CFB
+homegoods.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nOzozIMTLc/SWfJUlkL61u3sIkXbiIiNCclr2bX5tebB/yv6xQehlDH8NGNX3J0uOPKwHxJzIeK9grJWxadlk7OjA0KlBy7IhqhvkDAMiMe5UILWBcah/Yzp0zBu59Qf1An541lO2lmYlwfL3CT0OY3/7aZ2iK8q3dpBcMdPVa/QyDFXJxphPGVOJKs55Ja0CRfygoJEkJU5N/sob9YBeXQRQ2J+FrMr87KBgdtamD71LRTRfNXnHHum45BNvWTh95TSMRn+nUcI88/ETZudt3XLX5TYoFWJgys0R0RtuxcDZ76UolQBE8h4TnR9ed4eiWKA3rYNFkhP76pDx7kTog==
+homegoods.		86400	IN	NSEC	homes. NS DS RRSIG NSEC
+homegoods.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . c7+Y4iyGFwWX6cvEE4PRwVoGiYnHkhi8FEaT729QX1NTBw27AghRbcQUmNKT+E45oLKq2I//+ouva+Y/jh/xslS4S7ALeKqzi/ro2VNl9xu6q8TucWv1+8UHENOgyH/Z6NYiZ6+ao5C5GQAEOGqMWfCtTnGrGLm5n2NTzbJJ+RbElt92sBPjYip1yS445bajXhYTD5uCqRoeVu3cjhv7UM+BX6ZYL5xIYA2VgogNVXAdStXyJamjgfcZksq4aU697Nuq/NwNRLv2X6yjFQuh6w+HLSE5JFJhHKF5/hIMTI4L6yQihYYsQLu98Oh9nd2+T68ACQmH1/EN2u0osk8uMg==
+a.nic.homegoods.	172800	IN	A	37.209.192.9
+a.nic.homegoods.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.homegoods.	172800	IN	A	37.209.194.9
+b.nic.homegoods.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.homegoods.	172800	IN	A	37.209.196.9
+c.nic.homegoods.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.homegoods.	172800	IN	A	156.154.144.73
+ns1.dns.nic.homegoods.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:49
+ns2.dns.nic.homegoods.	172800	IN	A	156.154.145.73
+ns2.dns.nic.homegoods.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:49
+ns3.dns.nic.homegoods.	172800	IN	A	156.154.159.73
+ns3.dns.nic.homegoods.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:49
+homes.			172800	IN	NS	a.nic.homes.
+homes.			172800	IN	NS	b.nic.homes.
+homes.			172800	IN	NS	c.nic.homes.
+homes.			172800	IN	NS	d.nic.homes.
+homes.			86400	IN	DS	33262 8 2 D9F3C8D72738EBA7ED5002404C5E2748E1AA47C83E36D33D2D4EB72360E49D80
+homes.			86400	IN	DS	44875 8 2 DE0934D0C6C5221BA3533739B3147E327A87F8E97DB379136A9343AA9D330079
+homes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Me8rTZvnRnLWAAr5FAstXCfNM+7nwh+3NOw8Qid9ZKkNtGPGadHODlQ44MNTma3yd9zOHZhV3008fdXh8PGi/wDAd9D/nPSIfXl3hWqCSaoDGc4cnaGTxcZJypH1gTHhZxN+TJofEaOhH5FaS89eRtIgIQ6fxKE80HNhty/X4LBKpPPeLh2hjWbSsV68o6g2bUZ+3aRYZqD1A6RavMt6Uxc7AuVdk8z4f+janPNvMeS1/m0cxnn1/pFXtZ1ToiPcftXOxeyyl7HfRdEfvND784Hf+TQhVcPuUTdp0W5A0n0kRz11LtDXnRVu5ZuvcVPEl2WclCMI9i+D4GU6nc4JTw==
+homes.			86400	IN	NSEC	homesense. NS DS RRSIG NSEC
+homes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BDNjdgaXbRhz11joU1yquHljUO/vsjjtfZMZPtBKMqY42hztMH/rB6JoZcHxSVebzPnFAyoD7OYs+vFu4GJ57Akexj4TFPDY7GZ+hveu2vq6krlY2swHCzBaKj3e+yop8NIyP6a3ECoXgmtswYC/xlDjBJVw2BE15tTtlf05YxNzWbbo+lWBs2DmJfS9/t671G4/TXAw5pJbk5cT7OV64/grNlEacGoP0G3yFCWa3s/ILTHkzAoK07ftybdhzytfDKlxPjQcFu8/Y5gBTJQzOuM4Gz2PbHRS2AtciYUwZLgA2j6b6P8DAH2ZIJsdFvHSrnt1Cp383CBGeylBokFMzg==
+a.nic.homes.		172800	IN	A	194.169.218.132
+a.nic.homes.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:132
+b.nic.homes.		172800	IN	A	185.24.64.132
+b.nic.homes.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:132
+c.nic.homes.		172800	IN	A	212.18.248.132
+c.nic.homes.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:132
+d.nic.homes.		172800	IN	A	212.18.249.132
+d.nic.homes.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:132
+homesense.		172800	IN	NS	a.nic.homesense.
+homesense.		172800	IN	NS	b.nic.homesense.
+homesense.		172800	IN	NS	c.nic.homesense.
+homesense.		172800	IN	NS	ns1.dns.nic.homesense.
+homesense.		172800	IN	NS	ns2.dns.nic.homesense.
+homesense.		172800	IN	NS	ns3.dns.nic.homesense.
+homesense.		86400	IN	DS	4507 8 2 C5400C84FFDE26FD2A4ED6374057D876CC46C0B933484F74A352BB1EF953B9A7
+homesense.		86400	IN	DS	15379 8 2 78DDB12E13AA6279D368770B09FCACB19F09C88E369372E5B77A294CEE3B21E0
+homesense.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . a2JvJms9Y6goDdcgshFU3z0w070Cva3mmoNumDTj+lBV2XnCqRrFFxHJknPVaYAr8sSsLo2SFAWEYAPv6rbRtRY01JSKbjuVRsRoA67FPgDRGZLhoY+k3hgVuUpbac8tyY8Z3hMsnZkg/2c7eZezp3NeUo6xKQiaQieEsIMh7T3p0CAgKidg0kvuSteupaqheSDMb9pHlq0mlhNqFfabbd2blp5eBOTSwplvKDUAGVBdC7ux/4ZFTOqCIyEcUEC8cmCPH07vh5MBr14zuRSdJrLXI4oqWOpnSxuZNDlEPf0eHXrm12sLwbayk+JUiBfWNSnpudj7cYzi8vy0xMGhTA==
+homesense.		86400	IN	NSEC	honda. NS DS RRSIG NSEC
+homesense.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . P488kn7Raz02JL1KWaehsgbKeSh+t52hmHCVLrH5DxcgIn+LsqhpzKo+i7XoGXYjRyGj5aUadnxN+9j1iw5yqu4q5gwhiW+wc/nkjzQkdp+k5PIaWJn+0Tf80OtvxJbXZlaEOpUa2YHfLajyoxkv/zJkrPdlJn3D/+sb6Ca34qpA0eZwlhN3mobESGneHsRUW6kpDyZyeEPk+UHKeuuHbFhwH7eZDHaxrybZ7YvW4KphsPQERfofNhF7rnS+hETeEve6aJ1xdJVXTwu3PDOL9yS2WEMwk8p9+fI7rHXafGrXSsK3idrD83EieuRhNi+rWs97AFwuHnmCZKq47tk+oA==
+a.nic.homesense.	172800	IN	A	37.209.192.9
+a.nic.homesense.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.homesense.	172800	IN	A	37.209.194.9
+b.nic.homesense.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.homesense.	172800	IN	A	37.209.196.9
+c.nic.homesense.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.homesense.	172800	IN	A	156.154.144.74
+ns1.dns.nic.homesense.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:4a
+ns2.dns.nic.homesense.	172800	IN	A	156.154.145.74
+ns2.dns.nic.homesense.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:4a
+ns3.dns.nic.homesense.	172800	IN	A	156.154.159.74
+ns3.dns.nic.homesense.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:4a
+honda.			172800	IN	NS	a.gmoregistry.net.
+honda.			172800	IN	NS	b.gmoregistry.net.
+honda.			172800	IN	NS	k.gmoregistry.net.
+honda.			172800	IN	NS	l.gmoregistry.net.
+honda.			86400	IN	DS	25744 8 2 4214B1E2FFB881035440B32CB3C90675E1051A23AB5424FC07111EB917643338
+honda.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . G/NRIY3cz9HEbgMqJf2Ax81HSQtBbT5idA2TTalawSN2my+Hag9QdwgcSEiyDh5Pco+m4ub4SrmCcuqA5qMU8SS/cV0zEKvPp3GKRfQB+uVtJqyxJU4O5v2guMyFtwyJj7lIPzq2Bhpl0eOSH/WPObVt2u+WLozMIbB29+9mX/TbLxYqadW9NQeLpO90Ytb0Qg5vkvaTIl9SxFEKwrhUXs4AixxY2kA3l4qU2sPh+qErVh4MBUOLNzegyGpWPJbwbr18tOx4P6VtEX42vvpaM2FtIkeZYTKe//8aPNq5rEKAOYjVWyNeaeymhkbv/U5cDZ/aovu3cCRMCWAZHhvS3A==
+honda.			86400	IN	NSEC	horse. NS DS RRSIG NSEC
+honda.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fKwEm6kYqgWcYN6S0ryXRiTPtiZ5D6wUXT07qxk9U2zC9jqvTKlGnLpZJMWYtc2WWftGaSTQrSZpHVGld9rBr7O1lpNtDEFOqTs4IGLN1/R7oDBv0MY9j95e5u1Zb4Bo0/TlptnS36b+KKgZELs8IeAE2Lt+TjLJHzfIgnUa7HyfEvt0Fh0Da/kg/89fpUJwY4/t6Rm5zoWoT3IoBppt59KzVlGfpEEhZzBvaVEg7FKZrlx1fET5L97uZ/3XAKxg3GATzIOcFEtpA3V8ecqAv7zeVpADjr9XZr2aCOT9pTv/rOAjZYrIju9fk8DrJtFTVwSbgO1rba/Ugd25d/85WA==
+horse.			172800	IN	NS	a.nic.horse.
+horse.			172800	IN	NS	b.nic.horse.
+horse.			172800	IN	NS	c.nic.horse.
+horse.			172800	IN	NS	x.nic.horse.
+horse.			172800	IN	NS	y.nic.horse.
+horse.			172800	IN	NS	z.nic.horse.
+horse.			86400	IN	DS	25741 8 2 04C915E78C75DCB656AEF6CE2423935D826C60319A9EAE29AC71F9E745C38975
+horse.			86400	IN	DS	49330 8 2 6566EDC407480E5F0F3D1F31E436BB5321D557E5805704868FCA3A59E6042D38
+horse.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Hcf+9E5+awHYWsw/4EJoU8o/EFT5OgCS0kbZNu9ZFZDpvzE2jsniQOnXp4pmIHB/VFU43J0kwzIHgBaCbakaRZSfEIWpr+2Q4ES8NCyCDUbHR8qP9O/eCWfWrlSTpEJCsjKbRoHzxau/TWpCPwKXJr5nq63rf/SnFupF6+imYTMjLNZ5EWCvScLZBBYRlfEqViVSgEociGNU9D5rgMxKQhCOXi0Yti+dq85BeUtlSMniE7gxUo4to30LFVt+XZpyfzy/u9ZJ4w0NjdcuzGZj183ofDzffS6W/BOBfKrAIAx1F17sSrkGH1Wmgnb9LcDy5yrNqrKNwsB3STiF7P9qBw==
+horse.			86400	IN	NSEC	hospital. NS DS RRSIG NSEC
+horse.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mprOyE6eTMibLWwos/FL5q8wAd35AknY/otop2KaT8cqjcS+4U6fWJVKR8Um0kXnJU5XO9TpCYz7H2dljN4xq+gXLkIqljQwm7epgUCF3AQtygPk+zoLG6FIesfgzM1S0Bj+BcOGpsTw3tzY7FmImqbcBtW34J+cr7WVYBp2ahT4q2Mmp45y+y1NtanwdjMtlc0U1wihH504vxuYnt9HaGjP/EturrlDCPl4SKmsDkmMWB5hcmH9lA95iv68tvtA+6MA9XJCJlVaJGnXP38QyvvAx2ojwHYZwzYHsf4FA3Kqo2pb57xkaNmPxK7wX/OL76aZSexyrfmLfX3EaA/2xw==
+a.nic.horse.		172800	IN	A	37.209.192.10
+a.nic.horse.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.horse.		172800	IN	A	37.209.194.10
+b.nic.horse.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.horse.		172800	IN	A	37.209.196.10
+c.nic.horse.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.horse.		172800	IN	A	156.154.172.82
+x.nic.horse.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.horse.		172800	IN	A	156.154.173.82
+y.nic.horse.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.horse.		172800	IN	A	156.154.174.82
+z.nic.horse.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+hospital.		172800	IN	NS	v0n0.nic.hospital.
+hospital.		172800	IN	NS	v0n1.nic.hospital.
+hospital.		172800	IN	NS	v0n2.nic.hospital.
+hospital.		172800	IN	NS	v0n3.nic.hospital.
+hospital.		172800	IN	NS	v2n0.nic.hospital.
+hospital.		172800	IN	NS	v2n1.nic.hospital.
+hospital.		86400	IN	DS	53629 8 2 5CE9EA127A6A20BA0171A93B41716DC419367AFFE7B5D9445CEB1C4C3A8252BF
+hospital.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LnrkHEjWbY1rYUekd7C1kFN1dzftbD6wqMMJtxqPMOARoNCdLDBucN29FBWskVfois7U3sMX0r9/zWZGpW6BqhzgZLoNtLqKVYfTENsF8sCi38L4gX9YeQzyO6Uxa8i+O5H3jV6vsNF9fpDpHxF5Cub9ya6x9YiPsqouzAgIOkmlyRBhJISisdjbu+L+cB2BlfAH2JJOaEL1Q/aIpSa0aXtgquEe3Ipfa+0wbYcWc3flLMa3xggq/x4rb5AKnAemWUUEx0FclpXPbMv5t0G/qfx0JNmGMlcNdh3pCSCcukDrZsJuIQzXLQzh4dDoxe0bXq59wV1IHZqZ46IZuFcWTg==
+hospital.		86400	IN	NSEC	host. NS DS RRSIG NSEC
+hospital.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U1gjDXc55M9nXqMQ3iunE0n3nCY40Ef0ha9rQimDC4sdWGy1erK7ySvc8gxkOxtJRqgMQctAOKLog/o9Kd2I8UZKtIh+j6qny8FUGMomvAC5h+LDK53BzzZgEl+Cq7CmSvI9McvdUbc+nqf8G+TeVWhtT3l6Fg7XGwi3uiLbkv7fKslDhDIhIGeo82E+IBcJlfOer2gYmyTDLb9Cd0AFSXCKcANRm5E7EMrqGfQZ1iNkbmPyYF0kLqdPIn+2lVPDOzsdrj/lKFlVtsEJJhnnmxZiJEjwjKLb9Y4THH71gY1TpGmevs9bm/v+0VzDi1XI/0+Gt9qmEt+JnDH4crPF6g==
+v0n0.nic.hospital.	172800	IN	A	65.22.20.29
+v0n0.nic.hospital.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:29
+v0n1.nic.hospital.	172800	IN	A	65.22.21.29
+v0n1.nic.hospital.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:29
+v0n2.nic.hospital.	172800	IN	A	65.22.22.29
+v0n2.nic.hospital.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:29
+v0n3.nic.hospital.	172800	IN	A	161.232.10.29
+v0n3.nic.hospital.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:29
+v2n0.nic.hospital.	172800	IN	A	65.22.23.29
+v2n0.nic.hospital.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:29
+v2n1.nic.hospital.	172800	IN	A	161.232.11.29
+v2n1.nic.hospital.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:29
+host.			172800	IN	NS	a.nic.host.
+host.			172800	IN	NS	b.nic.host.
+host.			172800	IN	NS	e.nic.host.
+host.			172800	IN	NS	f.nic.host.
+host.			86400	IN	DS	61142 8 1 86B9716C2E5DAADC785ADA27D4E8BFB190947D14
+host.			86400	IN	DS	61142 8 2 D15742398F5291B0E2642BEE5DA6ED6EF3F4497C65BAC0F5A6C9C8FF495CF286
+host.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UjooCKPm8nH3HqD5YTTpWJW/chOb048OOnWTwd/z6lyRUxNFw+FzCK8dcCQqT6EYg32TxQ4b2faeba9kus60RYQrEdPT3w+RxOfPZq+BTWPskgeOj0pQYp5D2ah5Zl+TNyd/5iI2yaJ261Ltvo+HNoWJfygZxjZ0N4LrWImkVQGjnfq6A4FvKUNAabUCaDTKEak/j91BeAL8NNfWfuwWPGIqCjhah0PZhahvQ2a423zL0hgIfcufiRCLMswOTtmabF5pOCPiJcXaS0bqyw3wElI465FHwiFjnqi8tg1ThktPLKefk2TV8hsGjX8t40LBxWDVSvyLoKOD6QwxccOyFA==
+host.			86400	IN	NSEC	hosting. NS DS RRSIG NSEC
+host.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WJoz7yRXCqfW+NYiS6rkirMNyxnvxI6elyPuO9vsDhN7lbuzIHRah76g452Z6h1kmK4cpC4ihOMyzl95W+TmGKFtYgwnNf2+VfoZtKsX3Czff6Ykg6pbIjdjRpWSVPcmKX6s7SwhuNXWDdrrLUiQivvRBEbTpIdlJignFHz6dpk2ZLpfQ1Uo1WLPrTQQuCLVXGnZwxCyvHQnQZAcPvggMVHKiqlei450L6ABbJwMYWY52aJK4fd+O1IZT/VwAExTN3AM7H2+OeCKNLs80SfC1kiUj67vFClZgSz8d/szO8CEHQUIjrGY3hY3RZ2tIU6/ysmgnw1GJCAWe29HtbnXUQ==
+a.nic.host.		172800	IN	A	194.169.218.53
+a.nic.host.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:53
+b.nic.host.		172800	IN	A	185.24.64.53
+b.nic.host.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:53
+e.nic.host.		172800	IN	A	212.18.248.53
+e.nic.host.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:53
+f.nic.host.		172800	IN	A	212.18.249.53
+f.nic.host.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:53
+hosting.		172800	IN	NS	a.nic.hosting.
+hosting.		172800	IN	NS	b.nic.hosting.
+hosting.		172800	IN	NS	c.nic.hosting.
+hosting.		172800	IN	NS	d.nic.hosting.
+hosting.		86400	IN	DS	27751 5 1 9A72CAB4A4CD51469DFC9E1DAC8B1476D4B5C66C
+hosting.		86400	IN	DS	27751 5 2 CF9F7FA35F5DCE998A5757081F6E790DF501F8B8FB58D0F9D8C4C645761A39DB
+hosting.		86400	IN	DS	46927 5 1 017305D89EE86615E38B0ED31F5EED0A797E8156
+hosting.		86400	IN	DS	46927 5 2 74803C2BBEEBC8D188832C4054B3FD230F31F593E3F5432F7FBCD860E3CB7ED5
+hosting.		86400	IN	DS	51544 5 1 EB0E1F6128E4B7ED6C0C0560F9A3EBC8E5100C33
+hosting.		86400	IN	DS	51544 5 2 8FE6BF96895D8504F0989C4DBC3741DF17B7672D5AA64107BD624089B5D3D403
+hosting.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aT/KtU5KdBMgIopWwCf5kKJHoW7FbxRUfLhZtK/ieH1QUvuB3PW0KBgqiyeFrlWXm4FPgVNxIi3xABSRuwAT08fzrG73DTQb2tKT0JI4vOvuPMclVc5nXGCF26Y2HilXY64AMB4F4AnhPqmWvl9z04R9QV407LViZsix5E+FsYe7PC5gi4g2kr7exDpqHIXVGehb42jCX9M8pJhxknw5yWrETpzvFRAWpeT82Yeg1lFjxKumqKoLzDLk03kY0V/lrptSuXFtGuhiAzP3++J91Om/t2nNSTIdxgcDqiJxAWwkkYCfekwoEhq/rDJxElmI9khwdNt3zNisxqDQ4ErN7w==
+hosting.		86400	IN	NSEC	hot. NS DS RRSIG NSEC
+hosting.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . piZww4v+hX7LhS3KJExzklTfThVrg2IA27AjZiz0C9GLnATV7MfmILn5SONwJUTillJZSx4UGKoqVAOpZm8ytpKTh9ClI1XKnGOxsZEuNi8/ZIGHroaPaHNSRiFD2Qfgp/Rd2bXYY5a01Vk3UJQSw4UpTB1FTZbiA3E3MTYqJk5quepSLwnWfbRUHYgro8gpYFFhlq552kqSM3uyh35YTcX09AJ+2+sJZAMmUqiV2lWgMx09MVKaTRhW+fXdlY0PpslP7v1F+gWthh5O/aMawvhf3oQWg3waIA8HgVZQ/BfcAABsEOBvAZgzatudboAEuRYzMtnXVWaFOcQQ0PiyjQ==
+a.nic.hosting.		172800	IN	A	194.169.218.152
+a.nic.hosting.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:152
+b.nic.hosting.		172800	IN	A	185.24.64.152
+b.nic.hosting.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:152
+c.nic.hosting.		172800	IN	A	212.18.248.152
+c.nic.hosting.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:152
+d.nic.hosting.		172800	IN	A	212.18.249.152
+d.nic.hosting.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:152
+hot.			172800	IN	NS	dns1.nic.hot.
+hot.			172800	IN	NS	dns2.nic.hot.
+hot.			172800	IN	NS	dns3.nic.hot.
+hot.			172800	IN	NS	dns4.nic.hot.
+hot.			172800	IN	NS	dnsa.nic.hot.
+hot.			172800	IN	NS	dnsb.nic.hot.
+hot.			172800	IN	NS	dnsc.nic.hot.
+hot.			172800	IN	NS	dnsd.nic.hot.
+hot.			86400	IN	DS	48326 8 2 FD4F66692C3A0784DE4B089A4A2D499BD1366F63566860F6F80938D59E3A431B
+hot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LMcbkwRz52pJ48ZStmt11nlUll5hc5F3dfvAksiJGVQlTU7gBs8zT9ohFpu1uWYZ05tSpfnQtq+py42hIIf+7NggvCNdhhNVXV2XnulAoaYhLsyjc0YK56GffEn7ZLEfxQUDkXgY8M6hpSy9p2keAXnRM026GSS/64tMF31hldO0SEayU6340i5gHybn08Vgyg5ySmz0bGH9ujluuPushSUuiWVhohn8Rmp4Dn7177DfV4A98nS8eCvj0rIl9kJ0Kl0E/E9udvdiPA59xipQktZJNehCu7ox08aTJGPA8ljxlw7DUkgd/n/OYgbTIsDeC6wsRgZyBjVubn3oJwLMpA==
+hot.			86400	IN	NSEC	hotels. NS DS RRSIG NSEC
+hot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ny1VITFvXeTysD9v7/fTdVJ5px3DE3Ui5HyEUBodYHrfKaAav+boKjgJCtDI2jrjBCpT5912gOEMTPVca/2ATWBj35+8XTNGek5Yx2Vrr0TJgzAvJBvd2lL72fc3l2dkjS/XTiPuJIvK5OcCN19PPY9FPBlSeZkQA2GjNCcnN9O3GBtj0bXvYX++ibscZqsaFK07++hNOgN3kuOdEaHFwoRT6TM0N7N3wJsuVrjUSSSSgdRsZkAvvyUp50AZnfpVkcOY7gObIoAasxQgAYphXLEUAGde5qjrfwKwg6qT8eligezT8pAzf4UKHKRGuWoIkw5fG+wOFJIlu203X7c8cA==
+dns1.nic.hot.		172800	IN	A	213.248.218.69
+dns1.nic.hot.		172800	IN	AAAA	2a01:618:402:0:0:0:0:69
+dns2.nic.hot.		172800	IN	A	103.49.82.69
+dns2.nic.hot.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:69
+dns3.nic.hot.		172800	IN	A	213.248.222.69
+dns3.nic.hot.		172800	IN	AAAA	2a01:618:406:0:0:0:0:69
+dns4.nic.hot.		172800	IN	A	43.230.50.69
+dns4.nic.hot.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:69
+dnsa.nic.hot.		172800	IN	A	156.154.100.3
+dnsa.nic.hot.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.hot.		172800	IN	A	156.154.101.3
+dnsb.nic.hot.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.hot.		172800	IN	A	156.154.102.3
+dnsc.nic.hot.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.hot.		172800	IN	A	156.154.103.3
+dnsd.nic.hot.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+hotels.			172800	IN	NS	a.nic.hotels.
+hotels.			172800	IN	NS	b.nic.hotels.
+hotels.			172800	IN	NS	c.nic.hotels.
+hotels.			172800	IN	NS	ns1.dns.nic.hotels.
+hotels.			172800	IN	NS	ns2.dns.nic.hotels.
+hotels.			172800	IN	NS	ns3.dns.nic.hotels.
+hotels.			86400	IN	DS	27175 8 2 400F3DB76FF23FBE5FBD8FACA3695871C6FC5FFA6CF116DEA6FCCC9E4711EA65
+hotels.			86400	IN	DS	51700 8 2 844A568CAAB77E76130C1551AC820B3A41A3C39F6419BA2411F9E3D3A581765E
+hotels.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xNJqaOmdDMGlcRivwBMIBPfv1cmZKZp+juulCvENNEGy1NbXoSYBoB0/xZCIJY1wjin3in0GOiebixfxk8EzUa+YE8a8xS4UrIhR+RaMwRt0C/JLEEkGmQlu/2hC2XbqjA5EWZ2/BuirAkvrZNIuwQ5XLbhP69kVk8tFgnSLhAgBp79U9uCqYlSbsvEfxorgOj5EUYxSDnx4hTYVj4L5dktfrhEV7Zw8cptMfyMEM2pGlODpE1lCVP2ym+FQhNgJv190GaIai3djWt2kWB9hxLJ8ufvIf4OpweFqh4d5EZU/OhN3ZBZcC3Eu2aBOZo2I/8m+z5uK5a/9UbYfB/6EVg==
+hotels.			86400	IN	NSEC	hotmail. NS DS RRSIG NSEC
+hotels.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0yZTow68aw6Vi5Y0yYTOaC9AoFjBhrPWg93B8ntpWAaYZmYmBPoO9iwN9B/0Bv22o2TcM91fIDptcZAotvu2QTaKv4P+HxBZM1mB79Zua2aMTALhrrlQCPF40RzrtPWVNQbq7mkhPwYg6+b8njbkpA8RlhTfLLa8zbHdwWiIH1uHxdihyCzzfZ58fmZng4KCdmcSJULGHtM3sW6V7n0PJ6dczXtQ+CVmQ0Eboya8KIF7D0qBoKmSAj42hd/lPMQIHyrnF1H9dHs47S8OuoykkDxT41ufZbir62ongh08GtaCBzB+fsSWL+4SlZMBD42Bo2QDry9JZG7yFOiP5n19Cg==
+a.nic.hotels.		172800	IN	A	37.209.192.10
+a.nic.hotels.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.hotels.		172800	IN	A	37.209.194.10
+b.nic.hotels.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.hotels.		172800	IN	A	37.209.196.10
+c.nic.hotels.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.hotels.	172800	IN	A	156.154.169.3
+ns1.dns.nic.hotels.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:3
+ns2.dns.nic.hotels.	172800	IN	A	156.154.170.3
+ns2.dns.nic.hotels.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:3
+ns3.dns.nic.hotels.	172800	IN	A	156.154.171.3
+ns3.dns.nic.hotels.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:3
+hotmail.		172800	IN	NS	dns1.nominetdns.uk.
+hotmail.		172800	IN	NS	dns2.nominetdns.uk.
+hotmail.		172800	IN	NS	dns3.nominetdns.uk.
+hotmail.		172800	IN	NS	dns4.nominetdns.uk.
+hotmail.		172800	IN	NS	dnsa.nominetdns.uk.
+hotmail.		172800	IN	NS	dnsb.nominetdns.uk.
+hotmail.		172800	IN	NS	dnsc.nominetdns.uk.
+hotmail.		172800	IN	NS	dnsd.nominetdns.uk.
+hotmail.		86400	IN	DS	12876 8 2 5D35F9E8561CE9835FBDBCD44FD9F80C93D5412827694BD7B17BC1477A8E70AB
+hotmail.		86400	IN	DS	30586 8 2 C055D04AC9301BFF85AF9424F6D368D206D7E4786813A22FD3CCEAA6928F50CC
+hotmail.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dpUYhTx4P9p1UPwQh6XGpfWeREBwuqO2ceBDJahvVa9oYkaBT4EJX1ZEjUjQ3EtUDIBL8+pAOwcWVC12kWCE94A3eWFygcWw47uajSf0f/jEmFFkF8JfhHDYEnNkAIRgmgDuuiNvQwmCcem+XnKSq464iwCH9+0QjMM+Xkw58zQrgoddtXrj69CwmNNqu/9T/6jCKX7p9cNEVxsAZ/W5sMxkXmwH4XTh0mgjajvwIG54F5HnCDEyJak5Y+PCgBaQPQIsL5LewKbPA/VJ5vG+ql+ySCcb4YrryzUBKtXaRUroWW1SvZskyivla/+KKUGHzgSMh+0dxt/dI1Zkz/XOng==
+hotmail.		86400	IN	NSEC	house. NS DS RRSIG NSEC
+hotmail.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . djxpsNyx/Q5bPTM6wTzEN8zcui4zrwfRGXzBJ7NOfcPdyyrr6SjcaWxQvdUHJv1wB8KaLlQqS9KleI9iI9bvTJVigOFwIgdzqGH7hmJlf+hSgXCIYkj18J7ggv9DWYsIZe6dos69dWuXXAE9cSGfPdqbBm54LnhUMS8qwKbDgFbl1L7sy+olNT/VCF5cHc3Gv0tX1Xg/LqizA3DktEXNleFQnsj0TJsDewfdmjYWxTtdNLZtKdeXW88cJcqlRqSb45X/t4S0eYlWTgmL0mxdL6IqXVzw57OgTf4ZVy2PMr3k9Ravn+dMXzlmMO2g3TpcSMyKsuZ9RvELWYiOPWJjLg==
+house.			172800	IN	NS	v0n0.nic.house.
+house.			172800	IN	NS	v0n1.nic.house.
+house.			172800	IN	NS	v0n2.nic.house.
+house.			172800	IN	NS	v0n3.nic.house.
+house.			172800	IN	NS	v2n0.nic.house.
+house.			172800	IN	NS	v2n1.nic.house.
+house.			86400	IN	DS	12289 8 2 083BA725024957730C4C92111205FF8F4F0D0B8E92E16EE24E80BE98CEEC39EB
+house.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CDKHdc0zRkmvsFXDeaGpyf4rrf/JGJHm56vzf+E5O4GqSauMmTgg6Yz4t9kRDAmi+FD/Afp7tqWo6Gkmn16rID+9Gk5e5jP+v9jWvUy9r/sfijqp9EKQpobizF0LDA7W/j7qI3Yj27o19RZjVWSJuxFSeY6o3lqOD4DIMwf+O8nMbYInL1s6wMhinD5l4X7HPJp/JvlqnxzMt6BA9NCuAklVMot85HoJJbkDjzQnu568k4j3MEGlpsGLECCFeEXxpskLlp+ZiUZiZxy49CemUeZZSWZ8PQc7ODQDyO3Xlco1Jxw/5ukJPXGAXf2xkWK4IRksw/kXQnyFtdMrHmO86Q==
+house.			86400	IN	NSEC	how. NS DS RRSIG NSEC
+house.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lSXKTdUdBCJ4zt6BsmfQtX/2XPwEyIaa2RYOhB+mmCvpsrXOY+HMkyrvfEUrwg7hDbTJFL9alHhpJECM0rQqOlBw2I9ifTg2LaOBonBEKwswLy5WvNFUe3XxdX2mUaWW+irmXSXuLpXHEfwyHV5fu8UL030yZkOQ2N24wE6FlBlgRRxhiUH1j7uEy46IqofZYSY1jdmPw5Qu+fcBC7HuyDvc+2J2z6sGaaEHF89Uhkt8au5dkEvqAMSS32k/BRfu7VbPakRNX3iSXpCGo9VMBl85G7PkDTU/KtKgNiC3R3DyhWJ4KwxfdGb4+wgQ/aPSMeIcC+u1UgBmL9tjcHAO5Q==
+v0n0.nic.house.		172800	IN	A	65.22.24.7
+v0n0.nic.house.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:7
+v0n1.nic.house.		172800	IN	A	65.22.25.7
+v0n1.nic.house.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:7
+v0n2.nic.house.		172800	IN	A	65.22.26.7
+v0n2.nic.house.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:7
+v0n3.nic.house.		172800	IN	A	161.232.12.7
+v0n3.nic.house.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:7
+v2n0.nic.house.		172800	IN	A	65.22.27.7
+v2n0.nic.house.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:7
+v2n1.nic.house.		172800	IN	A	161.232.13.7
+v2n1.nic.house.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:7
+how.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+how.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+how.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+how.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+how.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+how.			86400	IN	DS	58609 8 2 CF18DC0907A9D2F0D260C7C4A958EF62312BC64B2832002330A35DBC9FF59075
+how.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mOoMXLA1ueK4hHeCW8cgudw+9rBl6zPHUXy1JpNDh2OmhiV8xJoLegFYcpiDV7hMRiB78U8yZ6+9ndWtnnmSyxgyENnw/m07OGyUA8vaPm7F5lowSmNQJbqAYOCJKamJq3jmq9e9BMwyURnMcPmQeCPKnBisrzlJEPK5eLlYlpJGGC7JpCDmUNFEo55nn3MdmvhTs3e/sTf3LBls5sKlMI4u225avroq2VV6zXcIrgdrFcZwtAiYBAvVQ7MOGK4CoGH6tDBz4M22rS7RMEDPaoVDvYKqzNNAkqNQVl64fyO20lpVPC/WfseSbxOewVukRWfbsSfXBTmZ46+4CkMaPg==
+how.			86400	IN	NSEC	hr. NS DS RRSIG NSEC
+how.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Mq9mFKYYlP1XdLkkF4JoVKdp3p4StqvkrY8RcgfvawpZx5pI+Pzx57g45bgVHC8uEThLYiPVdRi4CemOL1WnK92/fDWqc6qINcvA6dlJ5BLsReZ5V5jGjHTix/ltAKuLUKZYJq8G7U16DnINjY1pPdqPLtCCv4yZY2nEMeU/rZ6UtNds2li9NzWbHRBax6YpL4qsMn/XBvRwa0/rQrmGMosylTP0mBE8EHrydt6Luv85DXdBhrqC31+0zi81IdV5UHY1YB/hMMjRZPlwwPxLpUrcctP0MMz+znb8VItbGNu24KZx4LE80qcf38YnUR6lU6LI5zaYPelEv4SZnppdmg==
+hr.			172800	IN	NS	n.dns.hr.
+hr.			172800	IN	NS	pch.carnet.hr.
+hr.			172800	IN	NS	hr-ns-1.carnet.hr.
+hr.			86400	IN	DS	63025 8 1 D2E75CC74208F81B1EE50EFF524259BDA1F72AC1
+hr.			86400	IN	DS	63025 8 2 1493B6F67A78F844E72953B29B7FEE9F6301F41E998BED94427C79A5AB60BAE6
+hr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ytVvDCWDOUqGM457g5CIUWC3jhGeP3lHArLGuuv5CgGeZtLfimYbfXXVyU5pPAb5LwiI9tZqR8nGNpjCedbc7foyQ+ceq0tYuW5Kg59nyzsXcyq/+7Pj6MZ4Io57lzHaYEJu/Ljfzj56zSh1mmkFc0Ox2sDXLU/MDorX5ntIsgV1k2drYNCwlCS4WdLVqGxKHrXZz8V5SkZxthfSRm3B8Niv8MquneuNEjXFg23wpu/9R2KDCCHn1Cl4u3406D+sWzBpdDvJlsxJyDT06C8nm2+bHQF89uReqnZPv0/vHMuGO/ISJ96+AGeiv/2e/YOR6SRIcKbA6eGGBtbgnB/Miw==
+hr.			86400	IN	NSEC	hsbc. NS DS RRSIG NSEC
+hr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JcXekDhO9wpXtrvQnS2/s96ZOLetWMYzka5+yn5jdX93LvNAmePB7n2eV4sYthNYro/ITBN/zDi5JeIZuBaqBQkj6lS2i4JzBkEA5kLwWRmHLM9pOrY8CPIC1RiR72nnesEgc4EjuUZQpxNnpRL87ahmvoVw0l5ztOdTWDRfKJtKJDiDTj2xv45NMpNQN21qK0+iDpba7sC/cjHketrFKeaiHcIT3BdwI6bDEB0U9MPgxqjaIZtLrQkkn5LmWF3zL4li183wFJDOi0rWTZxjPIpBUp43OfBW4tu8v+dtGiWpoCa+KZnnod4w249aEdery+QQZYtzD5k4XhzWLqApoQ==
+hr-ns-1.carnet.hr.	172800	IN	A	161.53.160.100
+hr-ns-1.carnet.hr.	172800	IN	AAAA	2001:b68:ff:1:0:0:0:100
+pch.carnet.hr.		172800	IN	A	204.61.216.90
+pch.carnet.hr.		172800	IN	AAAA	2001:500:14:6090:ad:0:0:1
+n.dns.hr.		172800	IN	A	194.146.106.142
+n.dns.hr.		172800	IN	AAAA	2001:67c:1010:36:0:0:0:53
+hsbc.			172800	IN	NS	a.nic.hsbc.
+hsbc.			172800	IN	NS	b.nic.hsbc.
+hsbc.			172800	IN	NS	c.nic.hsbc.
+hsbc.			172800	IN	NS	ns1.dns.nic.hsbc.
+hsbc.			172800	IN	NS	ns2.dns.nic.hsbc.
+hsbc.			172800	IN	NS	ns3.dns.nic.hsbc.
+hsbc.			86400	IN	DS	16129 8 2 1E993A683FD63BA6FA436D235EDDBB949901975649B11C628DFEF8105264AE9D
+hsbc.			86400	IN	DS	44836 8 2 89F4241090C6C95E72420B8525E2F2472C6198937CAC4D5ED6D1C6D2F4F6DE27
+hsbc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . My204VQbkccHVqHNx/FZXYsSvYGi3RfGCAwKyypzKMsIeD5u5lKwsdtqoiT/QTfgl2+ydbBW8rxho2obBMc53G4+ABoUeEhndsuX1bmCa48g+LE9ForYuBmomJeqMJ0I7m/Nv4BFdbtYkCZSq602CZWJ0JZ1VUxl15GcuwgS49fEqDEHjC9osO8yovLK7idEc2iX2/MYbczaUyH2zxRgbqQP02xkkO0NNkaN7ygW8pzjAl5voaqY5hlhiM2rP10StavCj1QreYqLfOQ5CuKhQI/V+RDiXY++y3yFAFT1lPpX+lVXfBP53Y7xHpOlyXfXt1PB2dGfutwWHgZxfgUTrw==
+hsbc.			86400	IN	NSEC	ht. NS DS RRSIG NSEC
+hsbc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BMIffkAKK+V1Q4/2c/oOjvxQcIoANvXKdCzDoNDiBdWXZ5eKqvakiFSHH5xtIwTiDrCqCj8Fl5QtEZ72n0/3GF54tF5G34NPkq5uq87VtjtcJhKfGLggSH+QnFsyKR7kilLFv3ZU5gpbP12exQTAlmHgj0m/wEvj8t56J81E2zgcqU6p/WpIiB+xh6+vvxCqc3t/hOcN4UGjME7uC2W5wvzPpYja11VDUr/5iuZ2M5rH0zqOGIkh0mwIO2Lh5OW4MUKFP4iDbczUrHiZWWk4LCXTanM+2buBoLWd8J/0Hu/zBzHj8GWOCviIyBvAsVb+fI6/ujjcR6YCXDKcfqKfKw==
+a.nic.hsbc.		172800	IN	A	37.209.192.9
+a.nic.hsbc.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.hsbc.		172800	IN	A	37.209.194.9
+b.nic.hsbc.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.hsbc.		172800	IN	A	37.209.196.9
+c.nic.hsbc.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.hsbc.	172800	IN	A	156.154.144.76
+ns1.dns.nic.hsbc.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:4c
+ns2.dns.nic.hsbc.	172800	IN	A	156.154.145.76
+ns2.dns.nic.hsbc.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:4c
+ns3.dns.nic.hsbc.	172800	IN	A	156.154.159.76
+ns3.dns.nic.hsbc.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:4c
+ht.			172800	IN	NS	a.lactld.org.
+ht.			172800	IN	NS	pch.nic.ht.
+ht.			172800	IN	NS	ns-ht.nic.fr.
+ht.			86400	IN	DS	2176 8 2 7CA97FAAD5FD19728C3CEDFB2F647EADC144EE21D01DAFB7F821954B38BDDA78
+ht.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FyzMoPAObaPD0g8MF3Q+dWOpLAlJtMTH6OakKTqHHJafj467X7hy21wRMTo8l0SIBznXUfCGU6znlSj/SFIQ242fePpQ2hAfLmjxR44SQqgqm9TuLRocFzM0cd4yFlhpw3yL8lTlyciT2DiB14v+bH3kQWRuxdtX7sPoG2dmLLVryZv8MLClkOnN7qOnsCsTa916gx01fa5ew4VfM8TzS+PNIoRem79UZlROwsEqdvHMg3Sbl+kZXovpV98UT1k3nLTvK6ibzLAKPk2jftmC1oytzQsl9nwhgWQMEBbkg/zu+HRoFygFiAW+/9QLyzsMsCo+mD4ZEQn1JkcQNPhh1g==
+ht.			86400	IN	NSEC	hu. NS DS RRSIG NSEC
+ht.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oa9DtdwlJNC1Xw182BJL988yjGuoyHGFMJjWQAu86C5F1qUeYBMbxRsRLHtvQ+JmFcr2IDwcSXvinmzUFothTwLo07ef/1Y9d6c/APR8Uozzmskde6WvGuAcufrZ1khkFl0eY3xOwtVpxKwT0ya4bK5SxXy3Co933hhn1mynbv4B4OjH3qiF56fWG0jb6WZP3WtvW/5aTvd8580vs//BR01XAl7iWEBqD6hopKwIyy3TC5SoDOLw0dHULQAMOHOPd0OwPBDcGjeMOvm3gMexGkiFrlyilHKrPAht7SWvlPFZTejC00mGZSbRAAI3J9RpeiD/K1rL7zlcz+hsMUDtsQ==
+pch.nic.ht.		172800	IN	A	204.61.216.38
+pch.nic.ht.		172800	IN	AAAA	2001:500:14:6038:ad:0:0:1
+hu.			172800	IN	NS	a.hu.
+hu.			172800	IN	NS	b.hu.
+hu.			172800	IN	NS	c.hu.
+hu.			172800	IN	NS	d.hu.
+hu.			172800	IN	NS	e.hu.
+hu.			172800	IN	NS	f.hu.
+hu.			172800	IN	NS	ns-com.nic.hu.
+hu.			86400	IN	DS	2104 8 2 65F5D64B860F26FEAE0BDE3CA51B730B38381678C8C316F16B37E551105EBAC5
+hu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yiUK6tPtQf3pB7DtcRUHy469zQT90DHiFv2HXOtQw5zQnRfdBJMXgHNZSEYyxfTATfHrfhEVSF9+sUYhTOS3y54tE7R2W04KbOYzjGxUCxWXRSAJP5mrbBEt3vSDX1mV+NvkdLN0oLea7N5T6yxYEMZuVQoP8NdWhXnD43/zOW996K1DrflpG2wfllFQa7YGGrCOX/wP3rpKGS8QXWv7CRO7VpThJnKBKVCTLATgzfM7yIX7bdQ2JdHG/tlRkGuP+BblLXLPq78bCobiQu4+Gty32zCGyRsxdm+d7avf6tz38gkYZocatzCS8K/m2PpMSQCuyru/HtWnmrtndO5IcA==
+hu.			86400	IN	NSEC	hughes. NS DS RRSIG NSEC
+hu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XFBeiEVZzFjiUFhlcnVYWpvoLey6WtLfDIisxZtos7DLNrL3QciLcZcWEAgdNl98kC8Psy9k4jxVZ9+1NnqyunbTBG5BUtOwupUZxyBJb4utw3xzeqCyLjF0928NFuMlID9rvUFg/eJMTWfqHjUDxld88b/YcMLX/FtXEonEdtQooEQe6aMlNuve/gBEjeWDVDd8VKp3TgrZoh0as0rFVV+Pj5zx0VZkq5YUzYitBKSx4AaY6BTLyi2sGxLN/uc5r5JiJUDiDlGqVBG/FqLSOfkFJL1p/bI/DGwBiHIGifiXAxkEateHyBcDk99JOAfBxcPJ+M65hpjlIoAJkr3syw==
+a.hu.			172800	IN	A	5.28.0.97
+a.hu.			172800	IN	AAAA	2a00:e6a0:3:1014:0:0:0:97
+b.hu.			172800	IN	A	193.41.82.18
+b.hu.			172800	IN	AAAA	2a0f:7ec0:100:100:0:0:0:53
+c.hu.			172800	IN	A	195.111.1.92
+c.hu.			172800	IN	AAAA	2001:738:2:2:0:0:0:53
+d.hu.			172800	IN	A	5.28.0.99
+d.hu.			172800	IN	AAAA	2a00:e6a0:3:1014:0:0:53:99
+e.hu.			172800	IN	A	194.0.25.11
+e.hu.			172800	IN	AAAA	2001:678:20:0:0:0:0:11
+f.hu.			172800	IN	A	194.0.9.1
+f.hu.			172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-com.nic.hu.		172800	IN	A	194.0.1.12
+ns-com.nic.hu.		172800	IN	AAAA	2001:678:4:0:0:0:0:c
+hughes.			172800	IN	NS	a0.nic.hughes.
+hughes.			172800	IN	NS	a2.nic.hughes.
+hughes.			172800	IN	NS	b0.nic.hughes.
+hughes.			172800	IN	NS	c0.nic.hughes.
+hughes.			86400	IN	DS	64252 8 2 29A6AE50D287B301E6624077720BEA37AA9CD752183DD014E7F3028CBCB740F2
+hughes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tn8ueo7WvUm8efysTXTZ6BMpVsvfyBaeD/ElPDBF4Qesws2Ak3nyTJ3WgfvZO/dKIQyCUPEcyaRsCi5kTm5Xr0LkpXWV/oO5CwrS59tGovPVv24ogkUhRjVaMXruw2ZaCEbrV0V9K5RxIXVzQB7+kfDGHPBPqHSMpsAFRZtiu5bdGzDznDn4v7V6Mgwo/XnnWhHiXDDAJU28ZibBwmAA1IpW6gqP3PQVI6NhW4jHPmMuKNYVYZghRthxUt8QUNSbLKh6He/11Khsl//oCyFjCjCfxL9RWY+dFzamFGKknbOyeM2vWZko9Heb60LvBL3vCXLHVsEuR9Cah3DYJdxY2w==
+hughes.			86400	IN	NSEC	hyatt. NS DS RRSIG NSEC
+hughes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Lc6OC9SS9So/2PwFZLKnW2RdYE3WeIb/Zq8OMsbgxCIfpZyguBoCXfwd4DpGW3B6MONmJt4Fb4wtY/4cFt8e19ywKIDw1KC3G4PLTXhRYRA2qsdjP+QSkYnPUtV8M9MLECnbTALvVzvvXkMVkoBJ4P5PATJW7DE1JkMn/nEjS4o2c1rt4OG496dNpijtqg0FsToi1fSJE+ph8GS+MOgMRZKxw0TLv7Ig366N7sBjlWb7q1k4T18VV5m2dEt253zYI/4jv52Zk9cxRVOxxcvPfGCcNiSLgGAOdbRZFLd8ljk/0qT3u/n0SHLnHKKSCVLtY6SOuDKBt5SOaYFIFLSGEw==
+a0.nic.hughes.		172800	IN	A	65.22.108.1
+a0.nic.hughes.		172800	IN	AAAA	2a01:8840:6a:0:0:0:0:1
+a2.nic.hughes.		172800	IN	A	65.22.111.1
+a2.nic.hughes.		172800	IN	AAAA	2a01:8840:6d:0:0:0:0:1
+b0.nic.hughes.		172800	IN	A	65.22.109.1
+b0.nic.hughes.		172800	IN	AAAA	2a01:8840:6b:0:0:0:0:1
+c0.nic.hughes.		172800	IN	A	65.22.110.1
+c0.nic.hughes.		172800	IN	AAAA	2a01:8840:6c:0:0:0:0:1
+hyatt.			172800	IN	NS	a.nic.hyatt.
+hyatt.			172800	IN	NS	b.nic.hyatt.
+hyatt.			172800	IN	NS	c.nic.hyatt.
+hyatt.			172800	IN	NS	ns1.dns.nic.hyatt.
+hyatt.			172800	IN	NS	ns2.dns.nic.hyatt.
+hyatt.			172800	IN	NS	ns3.dns.nic.hyatt.
+hyatt.			86400	IN	DS	30616 8 2 DBB2CD74E3FD102DA5E467F6B4EDA7E3D1D110EC2329053F087EA8532C84B897
+hyatt.			86400	IN	DS	34852 8 2 B21957EBB857E894B0FC407AC189CBAB466804F560AD5815E9D1AF829A566424
+hyatt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IqWuWs8P23dN5W3gEGTHAAmHL84YONX+Yyzq7HIJndszbb+XAehrKciag1H/Ui5kl0RSDzSQxluQ7yVM2H7ekHvdFiYAJftgKVyvSXr3Mf7yMuukrYCsu91rPHoLvSGeQoPDQeu0YCxZSssP6qchKNyqN3Ws2L5+quRK/1ZDPj7wjlTXR8m921vprlhEH3jGzad/lztPPBIjf3nLPlYr3q7h/wpQb+ha2AcNBIvhonz+R2i5Lp9j1wA44RHBgb/Xc7FisvXpaeVzRd8yfVMBMFyQWW1E+UnWrQiI5OPCwU/jy5A6y+JOAwyjsJ3wYtTo6Ed7Mo8JgiNW3Tyb9u5MQw==
+hyatt.			86400	IN	NSEC	hyundai. NS DS RRSIG NSEC
+hyatt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YE89PSPXEy2GBVs6FSQ7yfIwHxS84c6vqyK3RYeJBHVjV/c8jtxING60h6ulSWvjUTqBF+PeuKoswWd1wKRvPvhjdOomCNulai7m1wBtuzFWBRxSda854YAPflMq2CrX498uDyVtdIuLk4e1JJm5O76ELZ5THQGjn3Saj32+fo3GRY1ti3+Swx020OKV94dpBfUBvtjjmggSM8yRs+04OWJHcR4EFU15E29q+s+h0Cv6711QBvyPj1g+NGodvpev13i9yAjE1duPYV2psUxeMZkdxGyzop7fYboL3l5ZQTC+reYVt/3Yp6uvbyXC+8HIa1Pmx1ioajp1kTIvziSC3g==
+a.nic.hyatt.		172800	IN	A	37.209.192.9
+a.nic.hyatt.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.hyatt.		172800	IN	A	37.209.194.9
+b.nic.hyatt.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.hyatt.		172800	IN	A	37.209.196.9
+c.nic.hyatt.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.hyatt.	172800	IN	A	156.154.144.78
+ns1.dns.nic.hyatt.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:4e
+ns2.dns.nic.hyatt.	172800	IN	A	156.154.145.78
+ns2.dns.nic.hyatt.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:4e
+ns3.dns.nic.hyatt.	172800	IN	A	156.154.159.78
+ns3.dns.nic.hyatt.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:4e
+hyundai.		172800	IN	NS	a.gmoregistry.net.
+hyundai.		172800	IN	NS	b.gmoregistry.net.
+hyundai.		172800	IN	NS	k.gmoregistry.net.
+hyundai.		172800	IN	NS	l.gmoregistry.net.
+hyundai.		86400	IN	DS	48091 8 2 D4178E0BD6EF00A383544DA7D1856CB37034C64A64CF70D1E08D67BB9EE2E3B2
+hyundai.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QkHI4q4hAXhO3uEfgtdHvXpj96J5sd15ket2U51mz0LtXf31dYMMk8ssIp2Vezk3oEa3s8sesYeJLHGYxmHgUcqeNxfIchirgOqUDa8UNgNuQ/kRwQPJ3wfwpZ1P79ZvvQHBLUiKeE94Gj1ylU0wA0dkNldgi76IgePBEb7yBZ+j/TCU304pfkLtS7c0wWogMjRomncm2TBFx0tiH2t6Fi9c0RM3+WtOS+C1pjvhB7h+tSM/2XYV/Z3PX/oyTHWrMiK5BIo2BBl4O8Mc9WJ23l8WdSl2bvfL0keaLgPL0OUKOlqKE0Hi79CNRRVBQMve2BBCX9Pcl8N54UU5xkjSlg==
+hyundai.		86400	IN	NSEC	ibm. NS DS RRSIG NSEC
+hyundai.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MQyiaqjsl/pDvYlhpMyUsWOhymv4AdxnlWU0AvwNdKAyaLZJm1gc18R0KLVdthmAMAE2ifiRfEV3gM6fnSx56bIGyJzKuAEvFGx5dGKPK7bSCi04n8G/113Xc1FK/W3ATUIQJXL+ycbtkzFyCh1pZJzizk0DKHVrutlp5hn4EkSrHUOQbfnX40U//pr4PqFcy9HQDaLmCiQcinZBvzRiyeyHUyPAgmEwJwMk2hx5BsguABNtD6sl4uaWLfu2zPRvy+w2hFooy+zLSXJHqsnB2LFXIXkCo+8M+HFDwA2JScCNv392/0+SDOfMKPHwtahyrid0c1WP3A19P9ZuaP1u1g==
+ibm.			172800	IN	NS	a.nic.ibm.
+ibm.			172800	IN	NS	b.nic.ibm.
+ibm.			172800	IN	NS	c.nic.ibm.
+ibm.			172800	IN	NS	x.nic.ibm.
+ibm.			172800	IN	NS	y.nic.ibm.
+ibm.			172800	IN	NS	z.nic.ibm.
+ibm.			86400	IN	DS	9955 8 2 8BD095C8717FC998D47CB36565C650CCADE45531991BC5956E121E803F8B5FC9
+ibm.			86400	IN	DS	31492 8 2 5E5CCD88746B4CDF018723A143EC14D9FB139F0009545AD21CA6AAB2E1E914E2
+ibm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OxtXQW3J+bubmlLeks2jF1woSS+i2yfe/OmwJ9/xc/UgVmKpAJ0c5cFdmmr1P5xiVocGyYzHYkrCO4ibcZI0k0BOM2O6Hsfe5x23lHpczOwMTH0iL7VrFqePVFkJgD/FasgzzSrzxNAieTHQoEIoAi8tQ12RyGW20BYFICRFg3946EBoIQYakFVdS5ZBPhafC4Kzc1EH4XfBcaMKMqkk/ww5yPVA2m3mUKIRkD3xYM1RL5xOALiatf0XSHHDQkDnklmNeOP/VDgIJqtwuvRWwa/x3nae67aFSeJ3SUw3O08ucR3/abYN+3Q80jfHUGE8qtiwv1BfPbw8H5RFH60zAA==
+ibm.			86400	IN	NSEC	icbc. NS DS RRSIG NSEC
+ibm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1jADsfpiJRJWpybXyXKEoUjox+bgN7ld//utCfyDPblXdO7N6wbaB+Ml2t3Gyd5WRROBi3H8M/mIKJAFZ/kdlE93nC7+GnB/y+fS6B746Up1ZuNQYL9czAIdHE51piZ6xQWEaL/1OnhMj11A0SbnK4Jin9eF7vjdfAmo4HNRYOByYT12ZCGvssXI5/2fCKlaL8W2Nj8I3AB4t9LgDJfs4TX0iSKLfW9Urd4xpuq+mwgBQ0zAUz84qM1lFllDWJITl/Zm14QVgzATT/nLLLKwfbJE5jSg/BJu4I3iiA5O5bgPn0BgzPwN2/dBzVnmZ4HMh7zNrE1cNiyYeImwQp6HrQ==
+a.nic.ibm.		172800	IN	A	37.209.192.9
+a.nic.ibm.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ibm.		172800	IN	A	37.209.194.9
+b.nic.ibm.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ibm.		172800	IN	A	37.209.196.9
+c.nic.ibm.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.ibm.		172800	IN	A	156.154.172.82
+x.nic.ibm.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.ibm.		172800	IN	A	156.154.173.82
+y.nic.ibm.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.ibm.		172800	IN	A	156.154.174.82
+z.nic.ibm.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+icbc.			172800	IN	NS	a.zdnscloud.com.
+icbc.			172800	IN	NS	b.zdnscloud.com.
+icbc.			172800	IN	NS	c.zdnscloud.com.
+icbc.			172800	IN	NS	d.zdnscloud.com.
+icbc.			172800	IN	NS	f.zdnscloud.com.
+icbc.			172800	IN	NS	g.zdnscloud.com.
+icbc.			172800	IN	NS	i.zdnscloud.com.
+icbc.			172800	IN	NS	j.zdnscloud.com.
+icbc.			86400	IN	DS	40582 8 2 7B808042C4C053D9AF8F39B7E784A66C00CE1D9EEF0BC1DC6E5D59A4451DA05A
+icbc.			86400	IN	DS	52120 8 2 36FD8ACB79ED5963ABD523BB73B5C9FA39F8D206ED2488436D1795B1228766EE
+icbc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WxTv86JrZJp0uPWrtXS+VDINFiE2dIpC1LZuwGYvs+glxsQnmOiHVfiFGoGZiVuje22Vokc3AerhAYcOZ/ZY5fsAmfGV20keV0OWDbotNtkbHwwMuDRfrk8XsWr4UkJIVLrpI3iSzIlNaMh913YyoZHGUGMCXu0t1DhegBLlVboz2sdRQsIOn3mcUCOs+kiIfwLfAZGR2LUrD+6T2Ksn/HtaWG4NLvCn7WBYEQahP7NR7/nvY3zi0E4AxM4UilGNEtJ/1kjtrcB5udHgjsIYtmFu1oxGPUyV83RPKr/QW8Mt2dyIlLuFo2cGSaCout+GrScR+w7N3Hd5VTnOZB3Eug==
+icbc.			86400	IN	NSEC	ice. NS DS RRSIG NSEC
+icbc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ht+wxrC+5jpRgibBgSTIv5nSl5IUMGU9eoILRVdpLNXPrYb//SIuV/UgbMJpAhXiRuMUPrGJkOFZF5PGEC3d/of4pjpMGWuecI1Jav81pH0vB98/rFGKcCgTIoUSMcdt7mknk7i9dCpx1Dwsj8aIpqMLDR9BhQ96rE6hxj3XiyUn4rgb7+kWH1pV7e3j2rr1qtRt/amIle4n8AJh6V/qZXLv5PnugHDnoeamY5lR0nVlZItkkstwTL1gjbeLkGObpAqDdRS8RHvRNBWiVKAEAve2U0rogw+5pxzxuV2+kvN8I/t64yEZQwCtt3Ub+MNCAhHq353tl69SfPcrWrIjnw==
+ice.			172800	IN	NS	a0.nic.ice.
+ice.			172800	IN	NS	a2.nic.ice.
+ice.			172800	IN	NS	b0.nic.ice.
+ice.			172800	IN	NS	c0.nic.ice.
+ice.			86400	IN	DS	18844 8 2 75D7ADC8FA12D9C26466924CCC80C4B3C4EB15CC616C8255C4F759EED437177D
+ice.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IzBcB3P8RSgS4FoNo5ErxsI/OVJvL2lPoMwRwcLds7HJXklAH797VJrs9Fqh3vhmMMUnSh2cMPF6i8zyu99iFbr4+LfqS1WcfMDz0JFrRHdvTsTmd7Evr/Sn5TwVUGEFACoU+Nc1x7GmtO2/Og/wqIbTdnb/CpNTVA5ykqNKGof6PEYqWgENhIak55LG33SSqPzzOTAT1OuXnA6ePVvaOQF3E50vfnPnsSkYs7cUVB2cmzTcLbV3uNYCIjtdrSW/2+Nb8zkEkemtRZ8iltK5dbRbBt113Mk2DJDUx/sjgG96vx+q+36EKg+pXA+9CUI+1G4gR8sOhkt1zF/MViL2/g==
+ice.			86400	IN	NSEC	icu. NS DS RRSIG NSEC
+ice.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V+7kQcOOrDCVwB5k/mzKIFG29vMr1aQlBlLKqdujkUJhrjyITgY0XfTVw+A6O3MaOMLKZy7Amcc+aHheYPJbaI5BGUznztOvYnDWLliuulRtQCADgcV4hO1vUPqUXJfbFmn1rh9REuMSIAl/TM/e2y8S+CTGSUPDadd3BzlrExoZfLCaQxqXBBANy+x5Do+LROBHGR6nDAH6s3vEUnpY/fsWf5ZWeg5jJR6eLQ+e0i1rAH93InnxVIgFHPG8ezSWui1VENOFeZr9hjhLpS1sFPdmj1gN/FXiTAJC9Zxe4lD4CfJbbf3TbvsV0BQ+HKjhGfUNm90vvLhBcdqrRMWWiw==
+a0.nic.ice.		172800	IN	A	65.22.112.9
+a0.nic.ice.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:9
+a2.nic.ice.		172800	IN	A	65.22.115.9
+a2.nic.ice.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:9
+b0.nic.ice.		172800	IN	A	65.22.113.9
+b0.nic.ice.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:9
+c0.nic.ice.		172800	IN	A	65.22.114.9
+c0.nic.ice.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:9
+icu.			172800	IN	NS	a.nic.icu.
+icu.			172800	IN	NS	b.nic.icu.
+icu.			172800	IN	NS	c.nic.icu.
+icu.			172800	IN	NS	d.nic.icu.
+icu.			86400	IN	DS	31762 8 1 DB42BC4B511C8F97E5A3C00666B76FB1F4C2E567
+icu.			86400	IN	DS	31762 8 2 CCC397A837F6491166129E1D99ED03CCA6635166B2F5B58C65B5CF516AE92B8F
+icu.			86400	IN	DS	62704 8 1 D834EE1ED0374E28C49BE9C12FE1B93AE0FE9CCB
+icu.			86400	IN	DS	62704 8 2 8C0442A126BA382CA5B05AE5B44744CDC5AB2845C83918E147083434F65790AA
+icu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C+1nGxeLqJhhNS6+1tka1OR9ZkF5HwCxPcI6ATKLU/5k5i5+klU3PeDW51bcWc+O4rl72wBrdvQuUMGnt4ke8j19afWZSb0U1KGSa5b0kdAdvgLX7iNwA7uL2tkog6Popr+gkmDBbEaNsDivhCk/OSBkjauhI3ZD7id+hmL6zZKuELL+7hRw6dSCLgv7rwwJgvnwKemlJSrAzDXCKjBCQs2TuO1BlvqbUdpuQ9K3DqSTFzLo343WL1RWNyF7fWOD3B5ovQ1QckBQPHwW0BNrf+mI9ln3Zf5mjJHjuuAx4lSUq59cq2jwX4sxBkYc/l+aS0B1Ba+EVoiDSdXIuaxHyA==
+icu.			86400	IN	NSEC	id. NS DS RRSIG NSEC
+icu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dRMfM8hocg6AuBEzDSyFgKmixiHQKzY9bxA+/yp2QGWI07BMt5OKiXTYY6nzHbJcrEYcMDO2zhSzPViqm96u1IsWosU/B820wr5YHxShqgXQrf6gFpfTyo1Au6kR+MSf2i12MRqwJEe6f2R9oeQz+Ttk8vkwpBf6fvUVZ7dWHL9f5Knsj5+lLtnAbJlIVBdMtCAxCvh6BITL3sC5UWVsVjdM0M5aqWWuJZHRbpwh/Atk53EdLWG8PTlfsIp4Usu+t4Q6lPaELTTZD78keYG1q4nciSCi0kvrl2/LlFeERWH4juWYAkHAP52xtUE/HG3o7RXWmxaJDsAaO+3+eLIoEg==
+a.nic.icu.		172800	IN	A	194.169.218.108
+a.nic.icu.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:108
+b.nic.icu.		172800	IN	A	185.24.64.108
+b.nic.icu.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:108
+c.nic.icu.		172800	IN	A	212.18.248.108
+c.nic.icu.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:108
+d.nic.icu.		172800	IN	A	212.18.249.108
+d.nic.icu.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:108
+id.			172800	IN	NS	b.dns.id.
+id.			172800	IN	NS	c.dns.id.
+id.			172800	IN	NS	d.dns.id.
+id.			172800	IN	NS	e.dns.id.
+id.			172800	IN	NS	ns4.apnic.net.
+id.			86400	IN	DS	26887 8 2 28BE22003A1AFB1ED9A7BB82482274E2DB5F09A6C50702C731E040D2257347EA
+id.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u+h9Jn8aMdKalpBUb+AvaFcNhytWJArQIyMBKZhc30pH12z3JwOccEQuFlHchNiraUN+4cAqCTMcaXMgEnGykBhtxdnUtc2uYLpmPidBOJAW5zm/PVMRH2kjrdHIRo6vkoKWCcBIFdz7FhLOXXsMwCBkCKEMfAgLq5Fv/mmPOUExW5h8sCMJSRhv79sVk4hMlP00odqYoCOxtqD2tGVZWKYuC0u44vmVVdWZDlq/JyDBb21x8gs+QCVrGMYQodIZu7YQwAIWMBAN1SlsHANmAD9A4/FkvFFzQk1qQeZ6jqbrZ4kKc9v5GiKdn13COpJclqUWOqEcQzcMYiCYCOnDdw==
+id.			86400	IN	NSEC	ie. NS DS RRSIG NSEC
+id.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kexY5NqjNM0AZ0UI61Sc/tL5FguoOgHUHWdgEg2QDHNKNkpeEQ6T9YS6aeIchA4d9PrvXWlK0fzrzp94oJ4g0xMF4yooN7CGZwUtmXSjfBZLKVEtEgcZgfVFhILev1oTqumzSF0JjMDfJi1TCQdJn1Up1tBgo9sm0TpWhJgbr7aLOUCgfDpiZGOKv/Re/L1erCG0E9htcjFFH37EKQqmV2Z/Wdhp1XfD9s1yNt2FOmtXXmaanIswhzF2KNsx7FYT+nL3+ZYHglnrKX+Uw0f09mErOOp/Tn97VHdzNEAHuivOm7g5GzlC3wVy8HPso5Fz3gBHh6hkbPJb4aCioEurLg==
+b.dns.id.		172800	IN	A	103.19.179.179
+b.dns.id.		172800	IN	AAAA	2402:ee80:b:0:0:0:0:b
+c.dns.id.		172800	IN	A	103.19.178.178
+c.dns.id.		172800	IN	AAAA	2402:ee80:c:0:0:0:0:c
+d.dns.id.		172800	IN	A	45.126.57.57
+d.dns.id.		172800	IN	AAAA	2402:ee80:d:0:0:0:0:d
+e.dns.id.		172800	IN	A	103.19.177.177
+e.dns.id.		172800	IN	AAAA	2001:df5:4000:4:0:0:0:4
+ie.			172800	IN	NS	a.ns.ie.
+ie.			172800	IN	NS	c.ns.ie.
+ie.			172800	IN	NS	d.ns.ie.
+ie.			172800	IN	NS	e.ns.ie.
+ie.			172800	IN	NS	g.ns.ie.
+ie.			172800	IN	NS	h.ns.ie.
+ie.			172800	IN	NS	i.ns.ie.
+ie.			86400	IN	DS	15040 13 2 966EC13E38AD71EB585FB1982308930D96CF88873A065188AC11C469435ABD39
+ie.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jKZIH4pgR5sq0FGGk46zBx2Og8FkvW7jauWmC9b/MAMG9HHKyf6CRuVutbr80ArLo3qvc6HzEDBubz2krGM8ABZmJWSwbV6SgIp5XKu3evQzTYIAw8oGgS2eI7IfG9qQ911fWIu+bH9VzHFs8QqH+Yk1od4Jgx9GY0VWbMxs/5vwFj4tvnxOV7lCDIv7nAamAs0xW1OvhfvH7GBvWuH+RSOpLJmJjW3t2CyjWgSssEE42FIO2jcpDfWjN9sGwfIbkL14Lqwll6BoOHQFR+vXSVKpud5agkpAv5wlct8ybQJtzQJa8NdE+C79J8tMtWBnEjab1ltCV7lAu9AZ/IQU7w==
+ie.			86400	IN	NSEC	ieee. NS DS RRSIG NSEC
+ie.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DDUiND5MOnIdixwSHcwCfVyVfLZAjvIASES6mmJEgYxFADVZ9qT9GxxjKwl1RnfXl8D2U2xf6Ko5Oee49t5kDDVJjr8bPX1JtUtj704H8be04N1NJjCsW8xve1i0D+ipqnzjZ05LOgCMM1rSC8xDeQOUvgLT8nHsPTNYlGz/vX4Qem+aumIr94L1zkSuIeZZd0EGHBVuSa2n9A6zOSgOKhjZIKxOKJVexmV9qzbpV2DKBICmuEbxusXrNSAfH77xk2X6H4JqbxbO2UdZ7QE6Z2ttlj/cHImxTDnQpPy2VYL0g9K/ce15SsHdIY/5+lWNdsqKZKyim4BXmi5vh9XKow==
+a.ns.ie.		172800	IN	A	77.72.72.40
+a.ns.ie.		172800	IN	AAAA	2a01:4b0:0:0:0:0:0:40
+c.ns.ie.		172800	IN	A	194.146.106.98
+c.ns.ie.		172800	IN	AAAA	2001:67c:1010:25:0:0:0:53
+d.ns.ie.		172800	IN	A	77.72.229.245
+d.ns.ie.		172800	IN	AAAA	2a01:3f0:0:309:0:0:0:53
+e.ns.ie.		172800	IN	A	185.159.199.210
+e.ns.ie.		172800	IN	AAAA	2620:10a:80ac:0:0:0:0:210
+g.ns.ie.		172800	IN	A	192.111.39.100
+g.ns.ie.		172800	IN	AAAA	2001:7c8:2:a:0:0:0:64
+h.ns.ie.		172800	IN	A	192.93.0.4
+h.ns.ie.		172800	IN	AAAA	2001:660:3005:1:0:0:1:2
+i.ns.ie.		172800	IN	A	194.0.25.35
+i.ns.ie.		172800	IN	AAAA	2001:678:20:0:0:0:0:35
+ieee.			172800	IN	NS	dns1.nic.ieee.
+ieee.			172800	IN	NS	dns2.nic.ieee.
+ieee.			172800	IN	NS	dns3.nic.ieee.
+ieee.			172800	IN	NS	dns4.nic.ieee.
+ieee.			172800	IN	NS	dnsa.nic.ieee.
+ieee.			172800	IN	NS	dnsb.nic.ieee.
+ieee.			172800	IN	NS	dnsc.nic.ieee.
+ieee.			172800	IN	NS	dnsd.nic.ieee.
+ieee.			86400	IN	DS	16667 8 2 BABDAA67D51EE0C44AB2A25B88427F9BDAC5BD271DCF6074684D0356DE2469B6
+ieee.			86400	IN	DS	39700 8 2 F12A037A0D1108BDF15C5A58CC488EFC19F3B9100C643C67181703E2747BE9AB
+ieee.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YWxyuYE91udpSXY1RFM6Va6DNY0dFAAwVhWPJoDv76p+yTkmVV6So1ssqj6Xf5YRzJYNdc/8bP5c6uIr1A1S0yA96ZIvY6oFS5W/QHZpgMa9Q3xl/MyaRuAUKLiGTdNsJRq1Rk3O5KWPj7cNvogPC6M4CG+WK5LDPnxgB99U8CPtqde20Q5R5v8Y/qaIO/DO0rQNDNz2lcyw+nw3R/otLha5PaYcjB9/YmXgwRaB3KgA/xrFBV54JOboRHorrKtbKO5TOTdW+BbokVnU8PjnmxZKJDQmNtiaaHcDOixn3BesZ8+zn2rxXEPxld6WH14x2tGP1WaNx2j5O0IvOAyc3Q==
+ieee.			86400	IN	NSEC	ifm. NS DS RRSIG NSEC
+ieee.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qwbALMCRcmpo3nEpfguKYtlL+XgoMxnb6c8SQh7J8ilF/jXRwdbeaRFuKFAABf2F6lKlgnhGu6GeRMv9Hqw+jxYcS620lQpTGMireeVpJYFdMwv4Z62t22lK437cbNp/Kherk0FjMkQ/62ATUDAScwFCwSHuRehGrpJ/b/CBI/d49RhLqxfrA2K7wie0YR+2fOxgjJ/Vcq7LbM1mf7P4xo/+zWiv27+WkrDLVV8SyH1qEIClpqTcMWW8EVzMti55tTgLVoOqszzdU01AokepxQByRGGt48Dw5EG7uG4F6zz13aZMKLsp7IDRsa9W1Xg+gD4TAogZXVyE/l/TIYhLMA==
+dns1.nic.ieee.		172800	IN	A	213.248.219.125
+dns1.nic.ieee.		172800	IN	AAAA	2a01:618:403:0:0:0:0:125
+dns2.nic.ieee.		172800	IN	A	103.49.83.125
+dns2.nic.ieee.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:125
+dns3.nic.ieee.		172800	IN	A	213.248.223.125
+dns3.nic.ieee.		172800	IN	AAAA	2a01:618:407:0:0:0:0:125
+dns4.nic.ieee.		172800	IN	A	43.230.51.125
+dns4.nic.ieee.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:125
+dnsa.nic.ieee.		172800	IN	A	156.154.100.3
+dnsa.nic.ieee.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.ieee.		172800	IN	A	156.154.101.3
+dnsb.nic.ieee.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.ieee.		172800	IN	A	156.154.102.3
+dnsc.nic.ieee.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.ieee.		172800	IN	A	156.154.103.3
+dnsd.nic.ieee.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+ifm.			172800	IN	NS	anycast9.irondns.net.
+ifm.			172800	IN	NS	anycast10.irondns.net.
+ifm.			172800	IN	NS	anycast23.irondns.net.
+ifm.			172800	IN	NS	anycast24.irondns.net.
+ifm.			86400	IN	DS	1062 10 2 9F27E38962FE2E8FEA42E4AD88F1F90A5A23F6BDB4C8949AF772C1430E073745
+ifm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ddDaFa9uCI+XdYAZeeNtOz8GcDxmou2uPcJSaH30WdlnDWzJb1fG+o+H1h3wHxD4bJLpLfRgOg5bXj+Uz5rw1FWp8BQ9kfY3tl/MISzQGcSt3sLhj3IdAPpk86WaWf2fwL5Lz3uq5DVK3jFdjZUdd4CvX0TuaiaNyVeJrCelKqmxRCmW6Byyvr+KfjLoX7+DRzH70X/eolZMmlBSkNFOQoo4kMmh6MsONCTSDpI4iyTx43LrxrGWgI70XgOtO20QgiTQU9IgwCFeIAzArHBQOnWQgogMP2cyKyRcp2ulQRUNlaktRJzICnr3lbZMpntGU8TyZPWxBeHSLiK4YryguA==
+ifm.			86400	IN	NSEC	ikano. NS DS RRSIG NSEC
+ifm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bFSoHXyxKFDLAbvXsYCty7giPNXxBvEflrdFno1eHItD/sgoL+Z/2KNMpAb4v81BLqS3syHLa8looRWGKBfYMirLq49Muor8/bjdtz7IR++A7O3p3MYi6wvI8Q3/fwniszwPakEW9bvi/p6K84txKVB94xqZZRIBqpV6i47se4NCuAmeiDYc0GzVnlFLdH7wR0UN5gE+q311elaVYAG0ZtoeGohdcHYUoGLOgw+LX+pVosPUiI8jaq/bv8Q+xQkCDPcI2rDSGpEEENq9C75hogJpYClcFUfgvX1HP+v0Gz3D69G8s0FEAIPjoySJaH7ZHZ9BRvMb5HgNvcxtQnpw1A==
+ikano.			172800	IN	NS	a.dns.nic.ikano.
+ikano.			172800	IN	NS	m.dns.nic.ikano.
+ikano.			172800	IN	NS	n.dns.nic.ikano.
+ikano.			86400	IN	DS	11692 8 2 E041CEBAF350D90D1D6235AD11B5F2091C89B0A0B6799C56262F60BC9CE02C68
+ikano.			86400	IN	DS	39817 8 2 859DD28A91F4D364FD7A0FEACB958A52BA6F211F4167D07ECF64E8BEAB9E49DB
+ikano.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0pj9PN1haUkN7xagTaLOFCdZo0xd1rwAcFLpnE0Pbq1BbT6Tn/kQ2ArIaRtNN36LqbyHlxOaeo/ArraeRUl8bYY65tWKZ+Zw5NlRncjBzaVH2kpoaSxwu/cUhcTktd2yKnO7ocXHa1ySzShZy5QaAZc874FBw1Y2dtr7u8/mHu3nn4HEOgwcZrK4BDnShg8upHO68LUYIg2JHhPOoQdiOdiQyIZkgke2sSKdVfKxen382wXuNxgvZFs5qN5jEDvV7hDlQJNpUD6izlynbvYoc5/5jyo1DKYdXkJ/SZvHet2KYEdh5BO+2uCBzaESOxc6qPbs5Z/u228NEmgUzlzt7Q==
+ikano.			86400	IN	NSEC	il. NS DS RRSIG NSEC
+ikano.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hG3dRmD4AXCP0J1r4G+AodGeVCG6M/PxO25BJXp90J42hkKz81AElux9GxZhYKOLKgbz2OZxCeI7pwAoltrO8DTUmi6zAQjEeRBzhf1GtrQLbU4OUgem23ajmFpj3dWDHLfbxNxng8uoaMjKoVZKZxyLpneGiXzcEaKUZYBKQZQXyjfPKtIuOjB4WbXtloc09NWZqlu+Wo0yRIMCNmd/nLv0qzpqQGs+YVa21elVxtewjBegW11/EB1esd1vcocWAS/G3DA1ZUukn+Go5cwFs4M2wde/LUPMHd5u2xaR1Nr9V3gzuOdV/n4V4frcADYaKioHFUOETeCePWEEOoAGiQ==
+a.dns.nic.ikano.	172800	IN	A	194.0.25.12
+a.dns.nic.ikano.	172800	IN	AAAA	2001:678:20:0:0:0:0:12
+m.dns.nic.ikano.	172800	IN	A	194.0.26.7
+m.dns.nic.ikano.	172800	IN	AAAA	2001:67c:10e0:0:0:0:0:7
+n.dns.nic.ikano.	172800	IN	A	194.0.24.7
+n.dns.nic.ikano.	172800	IN	AAAA	2001:678:24:0:0:0:0:7
+il.			172800	IN	NS	ns1.ns.il.
+il.			172800	IN	NS	ns3.ns.il.
+il.			172800	IN	NS	ns4.ns.il.
+il.			172800	IN	NS	nsa.ns.il.
+il.			172800	IN	NS	nsb.ns.il.
+il.			172800	IN	NS	nse.ns.il.
+il.			172800	IN	NS	ilns.ilan.net.il.
+il.			172800	IN	NS	lookup.iucc.ac.il.
+il.			86400	IN	DS	61239 13 2 728D9059778C0FADFF197F462ED5539DB1CF1F541E2AC7B0EF18735C8555645D
+il.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eITeCFz9VhhsnmzC/KVL9Nnl14vmcbV9Tafu9CBs2Im9aL5jf+Y9xlqHu1m0kGQ8g3S7R7SbF+4E2dpgt8O8tMs8oQ8lFiw/uxWFJowqxeQzS6QDLQbR5jZeLpxXvYXhT1ALudfobn9liGn4UcqRf+xbCj0Cgojgw9MBFpig49+zXtWfwxwT2K7VMClTpYHcNBnaysZM9gG1WS8fos06PLucEVDI/07Az5boiUbAwdsoiB6SoL2QUo+nkb0kH0LwYXx+Z+YRO2Sne9IOBrLsK9kAwHaUvoJkUqZO861/nE2/0yIBKT+Xan+MVoU3ZRy3JLRNUC3uWthwyhB8yxIaDw==
+il.			86400	IN	NSEC	im. NS DS RRSIG NSEC
+il.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vYQWTc5/lr/rEPuRmxK4e6pk3EOM1HbbKy15aIfHpGBqOiN0DiXUhWlPusjamyFVbkV4AhW+GiazBwBmzrqtuwiETJbCYhCQrxwrvSTByt13GnzufhEyrgLuKCAkB6AAR1CJkFoHxeNDKgtZ1MKekm9Q8NZA3mp6K94tAZ47Ai3XQP94oGjQyAEwW083Oo59USz3+NIaSAY+oFSy+pZUVjvm6vGdAjb+HaSkGEPjXmXTzfC4YqfkKayBvFRDYRPFlKcY3mv11n82LEgF4trT7Am5c72eFUwRUUGi/j3JfLSZee7EUdbgC93ANLBoEobpYFU6/RR04IxYI0ERL/UCJQ==
+lookup.iucc.ac.il.	172800	IN	A	128.139.34.240
+lookup.iucc.ac.il.	172800	IN	AAAA	2001:bf8:900:6:0:0:808b:22f0
+ilns.ilan.net.il.	172800	IN	A	128.139.35.5
+ns1.ns.il.		172800	IN	A	194.146.106.122
+ns1.ns.il.		172800	IN	AAAA	2001:67c:1010:31:0:0:0:53
+ns3.ns.il.		172800	IN	A	194.0.11.103
+ns3.ns.il.		172800	IN	AAAA	2001:678:e:103:0:0:0:53
+ns4.ns.il.		172800	IN	A	204.61.216.134
+ns4.ns.il.		172800	IN	AAAA	2001:500:14:6134:ad:0:0:1
+nsa.ns.il.		172800	IN	A	192.115.7.53
+nsa.ns.il.		172800	IN	AAAA	2a01:4280:2:70:0:0:0:53
+nsb.ns.il.		172800	IN	A	192.115.7.60
+nsb.ns.il.		172800	IN	AAAA	2a01:4280:2:70:0:0:0:60
+nse.ns.il.		172800	IN	A	192.115.4.235
+im.			172800	IN	NS	ns4.ja.net.
+im.			172800	IN	NS	hoppy.iom.com.
+im.			172800	IN	NS	barney.advsys.co.uk.
+im.			172800	IN	NS	pebbles.iom.com.
+im.			86400	IN	NSEC	imamat. NS RRSIG NSEC
+im.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SjUIsQS5TAeYM5fgNORVQCXSUZxMTrMamfQsQCql2DybLDxjtZ1q01U125YWksLadU+lZVmnlUWuCBelkEe5bn3U90lsDa4OvNsx9+S0sKT4Im7yhMuvYvKykR9GyLPPd6OnkK5JRMnqmZZgNMtgBAjTGZSazzR38NurEcKmwqwO9YgZij20aw3yxwTq60sir5j8Di9ztF88Xtx+uPhK2K1SaJ0ikEHOervaVaKqnSRCTdCCQlJABeuZRW5Ro01PXLG60mYnn+Id0Anq6/r09j+axPMrDs1Znd2UAJB6MXI7vZ02hgi2AbS2tJegm5vG9TSrrDvEfiwU1LAeImDhEQ==
+imamat.			172800	IN	NS	a0.nic.imamat.
+imamat.			172800	IN	NS	a2.nic.imamat.
+imamat.			172800	IN	NS	b0.nic.imamat.
+imamat.			172800	IN	NS	c0.nic.imamat.
+imamat.			86400	IN	DS	50965 8 2 A76C5431030FBEF036B5008BC289A1614207D3447E7D8D565065F50ED9543E6A
+imamat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tdl9UvC2UYmzaoKQyhApqCWTyR7a5zoC7J7167weo+jvBWalkTWWMDr3BFvWQkkTl4Vi+pMzqZi4Hby5X3g/sdyOvTVMC/1GAGNjyrzAqlFA1grqdcyurGgqiYrTTlrRblw1E1+MUU32NgxfNuonWm4INfKGVFHw1/GO/iivjlQHXMK4pFTfDm2oipHmNX4FxL7dzAAJ4AQOm4+VL+EIvCMo+CsKf3c/KNx8WVUvwwkpBqlDpcXc3DHsqa1jME+a5DYcE6+UCUg0TO/AIK0bO9X0OBdEsEyzjkzP0Q8d+ozzE6CVICYH32c05ZMgt7GvG71FFqWBwNLwOIL7B9IDgQ==
+imamat.			86400	IN	NSEC	imdb. NS DS RRSIG NSEC
+imamat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hlL8PVZRkP4Eg96jVAGQZ4+Tahea7ZxCIkm8qxZov/eXtr30od1m0Ss/lHHBUAaSzF6IYgpgnph+iENnUO3HFcm81bCL6mGJGaUQW0Zmr5K1aZV+Z+PFTgyC4EWJncSWgRP+KmYkUDfFUPctbwsMVWMNftyoUuPLihSqynFZfUaUpP4Bfn7V9q9LHz599gmvYhMIUDoffAfcd0hYjXR1MC2d9fuWfdEkp6VvQIU7Anw+SyrAm0QraY2+6KvplnDBodFnt8ZlL3On8HXWpPDSTsD03KVPizTTGSRu2ux8HjIL4TjlfZwbZYUgWMHZS63Wg2u4poIqKL4oY882Cidjdg==
+a0.nic.imamat.		172800	IN	A	65.22.44.9
+a0.nic.imamat.		172800	IN	AAAA	2a01:8840:2a:0:0:0:0:9
+a2.nic.imamat.		172800	IN	A	65.22.47.9
+a2.nic.imamat.		172800	IN	AAAA	2a01:8840:2d:0:0:0:0:9
+b0.nic.imamat.		172800	IN	A	65.22.45.9
+b0.nic.imamat.		172800	IN	AAAA	2a01:8840:2b:0:0:0:0:9
+c0.nic.imamat.		172800	IN	A	65.22.46.9
+c0.nic.imamat.		172800	IN	AAAA	2a01:8840:2c:0:0:0:0:9
+imdb.			172800	IN	NS	dns1.nic.imdb.
+imdb.			172800	IN	NS	dns2.nic.imdb.
+imdb.			172800	IN	NS	dns3.nic.imdb.
+imdb.			172800	IN	NS	dns4.nic.imdb.
+imdb.			172800	IN	NS	dnsa.nic.imdb.
+imdb.			172800	IN	NS	dnsb.nic.imdb.
+imdb.			172800	IN	NS	dnsc.nic.imdb.
+imdb.			172800	IN	NS	dnsd.nic.imdb.
+imdb.			86400	IN	DS	20815 8 2 E3CC51FE5A9A31AE6FAC92900038DCA9B523511B22158A08D8093220AF88E4D7
+imdb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rdVj//62ywENby40/JV3DyJORB9Lw/rbZYU8rqb2CyR9+5iFHM1R54ppQjAbPp3Nw+UFxpsuwKkrdQbn2hUw0LyExgfP2sDDodj5uADLyfWWHhOJX2YztvD0y5yzJLRM3TGQ1L2mCcnbplGsbscH2IKfVKQWUQI77Rc2i8CDL4QrAgZ9hn7BMIm7hbqJ4uIpwAj84Uz2sek/V1e75FIyBKlFm9Ml5udas2J1HJ2AoV+lttzQr0orEmzFHcjTL3XA0+RBWaHwc6sHSCgSABEszpnlZsksjUG9/bZdPa462jnyVJu8jPPJ5Xt5DWaDfrWswYpNyJr40IPwxZIUhRx07w==
+imdb.			86400	IN	NSEC	immo. NS DS RRSIG NSEC
+imdb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . s1LLWDyz+sTRRc4WOHz5lSTU6PbKLD+FJPrxOeEAZ2GYsOGtORhtHZ0LpNmz+wO3O9by+p196/OSC8x/L58iPDuZwUeFnqMmqi69SV9EtEsFQ03wFwjqq4LRUhiBKf3QwAU+vWyp7eXRMf0Ik4OKjDgprEe/b3LU0uu/ANYnnOOGNx6fLGmnQDygxmm8feK35SNO3DhSsVmoUj3pbC7BiKD+szO92xVcDujqwopEWSv1nPFst2qH2MCzMK0SfRU/Yz4lTNYTxlA1d1NOhLaVaZlq5jt/PXh+anYWHSMduQ6IonDqr+91yjJ+ANJ+wFyOGkvp2+1XZ5rBChzl0rtxtw==
+dns1.nic.imdb.		172800	IN	A	213.248.218.50
+dns1.nic.imdb.		172800	IN	AAAA	2a01:618:402:0:0:0:0:50
+dns2.nic.imdb.		172800	IN	A	103.49.82.50
+dns2.nic.imdb.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:50
+dns3.nic.imdb.		172800	IN	A	213.248.222.50
+dns3.nic.imdb.		172800	IN	AAAA	2a01:618:406:0:0:0:0:50
+dns4.nic.imdb.		172800	IN	A	43.230.50.50
+dns4.nic.imdb.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:50
+dnsa.nic.imdb.		172800	IN	A	156.154.100.3
+dnsa.nic.imdb.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.imdb.		172800	IN	A	156.154.101.3
+dnsb.nic.imdb.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.imdb.		172800	IN	A	156.154.102.3
+dnsc.nic.imdb.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.imdb.		172800	IN	A	156.154.103.3
+dnsd.nic.imdb.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+immo.			172800	IN	NS	v0n0.nic.immo.
+immo.			172800	IN	NS	v0n1.nic.immo.
+immo.			172800	IN	NS	v0n2.nic.immo.
+immo.			172800	IN	NS	v0n3.nic.immo.
+immo.			172800	IN	NS	v2n0.nic.immo.
+immo.			172800	IN	NS	v2n1.nic.immo.
+immo.			86400	IN	DS	32956 8 2 87B32E0AAC22FDD5BF233FACA5EDFD1307B914EFECEF3778D6644CAA8037F707
+immo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Zwo24sWgGCqS6auD1wdMh6CpdaVY/Tc0FWKmYJe5IFLK8DytrQXO50sYNaM4YKxgvms6XHuBlDStjwJq0aCZdnxoKGhNLaSoJOYBvUkVnBGr4szrnb8mS5YyzAYbIYfzTIUNKIguM7SqXNqz1Jy75d1Tyv9nGJa3HpejAigwF0LUF+eSWVjTk8k15w+dfQaVeahP9tU0HYi85tMtbE6betqBDGnLdX3KT5MIsA9B+fLHhri8c7IJkaWGJGZ0O4Bu+MWYmZuZNAR8i/2FSIxTSBctMkXr5wT7WKMfd3Hz5QfPH4h/JrK1kRTujsxVp7ReOl4jjC9UMk9vatMVSzQn2A==
+immo.			86400	IN	NSEC	immobilien. NS DS RRSIG NSEC
+immo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Lazgsj8YH395ri1/DGWmMTir9QmNEJrMVFVJiYh6s4FboYiUhkj+1vGRUhgYV0gawJaB4FJSpPu21HwAH3svTWjPR5LF/W4caCU6Oe/qzvRnvfRqa7XVlM3AqC/R9oX+pGxY45qMhwwNgqJQ2QRNOF9ozO4oRp3SveaHJXKWWmEClwJfM8xxQq5H8UPi+htN9c3AH+Bi3UMb1pGpnwiDrQd49N92KEIlIgPPcYUn7pcarmEW+U69zvyBgfmpyzZLj9U0RzORxM+KR0CjpRQAgPl+9UnOFHw0ZO7gnpItuunUSmnNi808ANcaNkJgEgXEYaAEZPz5RnXt3cgQ7atmiw==
+v0n0.nic.immo.		172800	IN	A	65.22.28.42
+v0n0.nic.immo.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:42
+v0n1.nic.immo.		172800	IN	A	65.22.29.42
+v0n1.nic.immo.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:42
+v0n2.nic.immo.		172800	IN	A	65.22.30.42
+v0n2.nic.immo.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:42
+v0n3.nic.immo.		172800	IN	A	161.232.14.42
+v0n3.nic.immo.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:42
+v2n0.nic.immo.		172800	IN	A	65.22.31.42
+v2n0.nic.immo.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:42
+v2n1.nic.immo.		172800	IN	A	161.232.15.42
+v2n1.nic.immo.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:42
+immobilien.		172800	IN	NS	v0n0.nic.immobilien.
+immobilien.		172800	IN	NS	v0n1.nic.immobilien.
+immobilien.		172800	IN	NS	v0n2.nic.immobilien.
+immobilien.		172800	IN	NS	v0n3.nic.immobilien.
+immobilien.		172800	IN	NS	v2n0.nic.immobilien.
+immobilien.		172800	IN	NS	v2n1.nic.immobilien.
+immobilien.		86400	IN	DS	11665 8 2 11C89F087B187155D5736C648887B4F34348268895910F202AA61E5C19C5F7E3
+immobilien.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QCwm4XhlZd6oyQTHcnz8PzHmHVCtnRkvStXgfJqQowJNFQBYDGCbC0VBeZ93zQHbL8JqLDoEDFlZSMwFfgft+yLxFdOaA2JLvJbLyA+YCj3YuIUcY2WJf95FS1K2xp5a6iwbNh4oNZOrSMqDuwCJbKagcPne37CwftpEmnUSz8uQB0MO44WQUrc0tMD4/l44oscvc1iNO3rdkIZJ4cAMrA6bO6FyJ11npTwkTKsGOYu/F2rIZ5kyee8C6blyeWcX/jxUpBjBk9/Esd7R0cINxHCN7eOdIDLp9derY1wmGIdJ37LEluRGqmf5KKdtmQaiPNKjnTytV1zHYfiHLhWcOA==
+immobilien.		86400	IN	NSEC	in. NS DS RRSIG NSEC
+immobilien.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mE8ope1ys3HWfPuR2w2AVHZZBwUsqpch4j8jXskPlM5+6RbFcQghMKdwYua/c6O3hbxnfGivzUSrGryBolB6CR8S96y4zB/hTTj8MtkSIdNcGsQKsZy+Zn9ePA2YlT+3Y4sNPh2kemORD5uwRwHHVVj/4tU8hkgKPmgYWO+sXskwOhbS1hIyBigmr99HszM0ImJShNfFUYBsw8BjXHWXLzD4ULXo6l1eOB4MmQ+bbcwNNif4JXpM/b8NQoD7sN5HOD1ZtTky7ZsEF0bSmxKoB2sFCzAVJg+Ytg+2XPe2wyi34Vgcn28LkFTQsVEpYJ+HlpMsR+1UecSxeXgUNBGceA==
+v0n0.nic.immobilien.	172800	IN	A	65.22.24.19
+v0n0.nic.immobilien.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:19
+v0n1.nic.immobilien.	172800	IN	A	65.22.25.19
+v0n1.nic.immobilien.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:19
+v0n2.nic.immobilien.	172800	IN	A	65.22.26.19
+v0n2.nic.immobilien.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:19
+v0n3.nic.immobilien.	172800	IN	A	161.232.12.19
+v0n3.nic.immobilien.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:19
+v2n0.nic.immobilien.	172800	IN	A	65.22.27.19
+v2n0.nic.immobilien.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:19
+v2n1.nic.immobilien.	172800	IN	A	161.232.13.19
+v2n1.nic.immobilien.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:19
+in.			172800	IN	NS	ns1.registry.in.
+in.			172800	IN	NS	ns2.registry.in.
+in.			172800	IN	NS	ns3.registry.in.
+in.			172800	IN	NS	ns4.registry.in.
+in.			172800	IN	NS	ns5.registry.in.
+in.			172800	IN	NS	ns6.registry.in.
+in.			86400	IN	DS	25291 8 2 2945B61339DFA7221AD82D5C6C7E3CE4E9C2523E7754ACC8131D0EF94617E2F2
+in.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VffWdUCKf6ii6PzlXUAubVuFgxg66bnhrVIj3IZHErqKNpRu2REnIY/SAFaCizVSpAL+fZCU75X9Zg/GyEYEbELqok0hSnD6raeSy7Fc+fDeTDc7g/AA8mVfjlu8onqopX2Seg8JVFSwTDxhwIi//0plkxzOLOQ0Dxl1tJHjD/i0OsP4yIF+c28kd6fRIfHTJitfucDQrIU9foalRxAKez73waWd7kJzBpRPqg+9udwwvF+uQoEPm4SMv32Rnqg4zm7Zw0EmXJh+xRQ9+VaAVFBY1I3ADR76f5MXiUQfr28TM/SG8PdeNW68CM3fEFD+eOvGXYMm6brRuijftitbAQ==
+in.			86400	IN	NSEC	inc. NS DS RRSIG NSEC
+in.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . H1rbRwFQYk2Nz0VNUjtjmRo7KCECg++JoblxiBHJTj2bbz27PXfeWUKxFUlYvRR9ElY2sSGDJabYTvu+wq1x1SBflYTgnuiItoGUwlmPxjT4M+5ZBfF5oWPwdgC1rarCpl95+9ZN5SK1gvvkpD0C1znlzzz22mbXRhtW2PUgu0Zzgmi0/Q8AN39dlZHDmeNpQttmCZodiBzDIkInkgiluOvKDnh9c0piy2iVBnWlg7WDF4jkiEZeNWDOZQ6OC/mGP/GybM4ekdrSydsk+aidxAc8Hb9qkg5IACEDJI7uV51DY7IGZGQuF+s30O8yK5o/pn8eGaMXSV48tiigWICwkg==
+ns1.registry.in.	172800	IN	A	37.209.192.12
+ns1.registry.in.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:12
+ns2.registry.in.	172800	IN	A	37.209.194.12
+ns2.registry.in.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:12
+ns3.registry.in.	172800	IN	A	37.209.196.12
+ns3.registry.in.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:12
+ns4.registry.in.	172800	IN	A	37.209.198.12
+ns4.registry.in.	172800	IN	AAAA	2001:dcd:4:0:0:0:0:12
+ns5.registry.in.	172800	IN	A	156.154.100.20
+ns5.registry.in.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:20
+ns6.registry.in.	172800	IN	A	156.154.101.20
+ns6.registry.in.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:20
+inc.			172800	IN	NS	a.nic.inc.
+inc.			172800	IN	NS	b.nic.inc.
+inc.			172800	IN	NS	c.nic.inc.
+inc.			172800	IN	NS	d.nic.inc.
+inc.			86400	IN	DS	13636 8 1 6EAEBC6DDC7E32668027D425FE37084D6CB2D13D
+inc.			86400	IN	DS	13636 8 2 1F6E64CBE2F9FF7A4D33195D8EE394E09E58CB89477523A1B5B1113B0CD6C3F5
+inc.			86400	IN	DS	18077 8 1 B1D522ED8FEEEAF6EAD2504C9460101CFB98A195
+inc.			86400	IN	DS	18077 8 2 42F81B888D9B44D561060B7DC32796807F2A99F2D151B3837019ABA31C8966A0
+inc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xsk1Ho1jZ4SNSe52IUI85qbJK87/tzwVLjZGX/7LF0h9iJezmwkPV5Kv83nrZ2SacvaqeVrVz5ykz2kRKDBF9rE5g037zl/Lp53oTpci+Tmle3ddhFAVIh7CT7SIM33n6GpIe1NM4CclH62CgcGByqT6VcKQOaeVJvTpHRHY15Uc9wH+v547viHuxAEp+idm+EeNMU6jegMyz3kXOOUZnt4JDSMolrBaSCOXHiH7TU/ngFbNavTJrIeCgNJGFZ3dOCG2PsLhXYK3dd4HyXpb/5yo4X6Sqdh3oh7KSewMdlicHEPP2E4wgsx3/8X8XfZwHoWngqneJBlA7KmvULQr+A==
+inc.			86400	IN	NSEC	industries. NS DS RRSIG NSEC
+inc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YH7lpgo5pGQjifIy9NEwbkz3cFkX+WHlEpttL3XDnY7yC9r5WGrrTEqCAhsC737iliz5SHzlgC/7JXAmYX0wseL0IBW0bZUhfr6ykaedjIpEuts5MOCx9GyScgWuPsP/VlkY4s+UKt7fW4vwYlBpZK/w8O40H284rJb0E2d7RiA7g74El1CeTfoqgfDWymIx/3Yb4gCAG1CL/vC7K5uleaePQc2bBg7fyiCWvD3RMCPGs/ftGZIpjDlmdrKLoB2doYS1jJoxWsC316gW3LiRtjvrJmpVuI5KRA1QvDIGZbAparxPoQIwtxi6Rqndm8yeOHaxXDjj66tASJiw5Zy0TQ==
+a.nic.inc.		172800	IN	A	194.169.218.137
+a.nic.inc.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:137
+b.nic.inc.		172800	IN	A	185.24.64.137
+b.nic.inc.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:137
+c.nic.inc.		172800	IN	A	212.18.248.137
+c.nic.inc.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:137
+d.nic.inc.		172800	IN	A	212.18.249.137
+d.nic.inc.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:137
+industries.		172800	IN	NS	v0n0.nic.industries.
+industries.		172800	IN	NS	v0n1.nic.industries.
+industries.		172800	IN	NS	v0n2.nic.industries.
+industries.		172800	IN	NS	v0n3.nic.industries.
+industries.		172800	IN	NS	v2n0.nic.industries.
+industries.		172800	IN	NS	v2n1.nic.industries.
+industries.		86400	IN	DS	9211 8 2 8AB45E54723F63CE648E7A3679C9518E476AFA4FD9A719C826378C5BC69F31E0
+industries.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Px+prpWKjFxfuVnXjEoU4P2TcjsnUcEY4IL5BP73rg40lnMMbr0soJA+q/VGMMYk6c3ZATywWsMuMWjDlEj0Da2MLrt27OBe+uh/9UshksWYH8Ido8dBbwWHsbCCMQaMCOBAXoPGofIxoCBEo4yUNPMebiwq8uI7ICp90G/vK50AECiuHPccoNCBYTAQqTGfs5zJaPg84RmCwCD8FSXOz10s1IAtpw28RyVMm4km+YX7ZpmJzsCTBcKhrEW/qwlbWNw7GFDwb/AimbtPbP8J3FOHP7KOdudA5Qa6VOjU0p/l6zV1mDRNXMzAjlk9uAWEDlB4I15P2fpAH05zKElJRQ==
+industries.		86400	IN	NSEC	infiniti. NS DS RRSIG NSEC
+industries.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aer+zqgHGrP9QtVvHN+DK+5fUz6NW2i8AwNqnSRHItYre8I/b3b8kJlJs9L2k91kcVYN6FmGKgGEswoVccy6PT6v6hd6OS6vU0QcavUtNDXWuXSIpXr5p7Vd+3MySZQY+Ui/Y4A1LHkmfJoIAr52XRsvKl8msx7ONjTwuuERBhfTEzGZSj0d91dVFWjF6Wyh6GiB8wIQigF+lx5z+sK6DoBfVQvWz1SLyc+nPe4hRxYsUdeXtl5T0Rq94fIno8vt6KfRpVL1mJJJNW23dWAJJ6qm027xS9ZFVxeU8Sh3oxz5sS/9QHfFwottsJK/S3urogYMuqA6mlLv3x4t1m72lQ==
+v0n0.nic.industries.	172800	IN	A	65.22.20.55
+v0n0.nic.industries.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:55
+v0n1.nic.industries.	172800	IN	A	65.22.21.55
+v0n1.nic.industries.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:55
+v0n2.nic.industries.	172800	IN	A	65.22.22.55
+v0n2.nic.industries.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:55
+v0n3.nic.industries.	172800	IN	A	161.232.10.55
+v0n3.nic.industries.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:55
+v2n0.nic.industries.	172800	IN	A	65.22.23.55
+v2n0.nic.industries.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:55
+v2n1.nic.industries.	172800	IN	A	161.232.11.55
+v2n1.nic.industries.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:55
+infiniti.		172800	IN	NS	a.gmoregistry.net.
+infiniti.		172800	IN	NS	b.gmoregistry.net.
+infiniti.		172800	IN	NS	k.gmoregistry.net.
+infiniti.		172800	IN	NS	l.gmoregistry.net.
+infiniti.		86400	IN	DS	54241 8 2 4BA4A2E65269A0D1E93C17C160C744302700307D21C67889B9ABAC72644C5227
+infiniti.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IdnM5VJQF5op35rpEepDVv+/2hQfQ5cB2QVnavs691wbsf9Ru2yMnK780vY7xiWiFzPvxDUOmdbx46WFExKX2lJSFxfHDFuweYdzXnzrXHt4zJnTRXwukzuOufnGXZmb3O1Gad2gcZ1ZLYRXk81QZdwoBgcagHe8D01DpqyL33QMWfu68uuMG8rzdCWTcqNbTces7abUKfgeIJE8momM5QHsAf/osOxmeDTejMpj/nzrgPozr8ux+Fw4LCJ29BR/QPSagfKuorp+K+bEvkz+NoE93TmLG+9VeigN/TDYVXwnyocRT8551IKaDMiMO1rX2bpWlykWZcnXir/aE3wn9A==
+infiniti.		86400	IN	NSEC	info. NS DS RRSIG NSEC
+infiniti.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rsVUCvPlOevrIbXNCUaT4a5QICLlxBuq7z26NScNRLoJjMAwIwn1diT8UImETF0XtWAvn+IDKLvki4KUZBWhmiv/z1meiR+KYLJOqg2Y4qL7gpCBgO2QA1DviriqDuU6n7NxIIzrMrBnQ/yiSk4x6Qm1jZSeh9vcpWtw9OsaCI3RtdCAYvP8mVBhZTOxZCq/tGN1z9NEq5jO+m8B77pI6yTO7ygZkyTJNB4keQos+UKZkTJ+UwNPR2/NKyUkffmyVLlyWt3t0ZfmWNJP0e6ieAEV3mrxlBTByCGHZS8ZrdkNaBJydxhphQYg13LFkMbYClRw0AYIDXUhxppEG0BSBg==
+info.			172800	IN	NS	a0.info.afilias-nst.info.
+info.			172800	IN	NS	a2.info.afilias-nst.info.
+info.			172800	IN	NS	b0.info.afilias-nst.org.
+info.			172800	IN	NS	b2.info.afilias-nst.org.
+info.			172800	IN	NS	c0.info.afilias-nst.info.
+info.			172800	IN	NS	d0.info.afilias-nst.org.
+info.			86400	IN	DS	5104 8 2 1AF7548A8D3E2950C20303757DF9390C26CFA39E26C8B6A8F6C8B1E72DD8F744
+info.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x+LjIlSThQrYPaCfR9LjHP2baVcOGeXYd7R5/nXqte4t5gDuUBX1gDhMt8BPx2IdFSfRro5O/8D304mc1Ix65tMRfLq22cwHavkTqioxG/PN29JpVPEs+D3SSPwHq96Yj3wm1tayo3YCOcH7S1uLYJtWWfO/b9ux/q1f9s3Xg798l381RhN4KNN3Ok9NFWsHoXncCQzokt9bkLsdm5XPME+ZCercmduTg9i2jzFYrxtUdn+z2l+mVyzXtLb7cR9Fmu2K11VOEquv87KWmU6aYrImHR3Cp6H3KPTVVOZIM72bjRF2KmuZf4HqHi0Mgjkl5Ijn8pgXiycS5SQk9Csw9Q==
+info.			86400	IN	NSEC	ing. NS DS RRSIG NSEC
+info.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Gz9u7kHZN4nN867l/kiXFEzJxZulpXnGoYb3NxETsw7DZngSQ4SKObwQiDQQsm09V3TSKVvCcz0mnLe6p69VfsW43WU1Gqp7tX+d6uaNcry2rBBTSGeNmQUtrrNXV0rZYs/JeoqqIWwD0ojca8mouvR18nIeDUJPepFDLNX4ow/GFGivbmmahh4hvdyq7AN1tdX37UJfwPkFWmUjfSs/fFnCdU71rr2cRPaWSCOi10dblrgwbCzY1QbkucZxukn59e4tXBWxLeV43v1Dxx/ZtdT0Tzfo+SDmMlXCl3dIFVnw7BzP08oJUcLIFyqOlFHICwUDYR0JniXxXYfJ8luqoA==
+a0.asia.afilias-nst.info.	172800	IN	A	199.19.55.1
+a0.asia.afilias-nst.info.	172800	IN	AAAA	2001:500:d:0:0:0:0:1
+a2.asia.afilias-nst.info.	172800	IN	A	199.249.114.1
+a2.asia.afilias-nst.info.	172800	IN	AAAA	2001:500:42:0:0:0:0:1
+c0.asia.afilias-nst.info.	172800	IN	A	199.254.29.1
+c0.asia.afilias-nst.info.	172800	IN	AAAA	2001:500:17:0:0:0:0:1
+a0.bm.afilias-nst.info.	172800	IN	A	199.254.59.9
+a0.bm.afilias-nst.info.	172800	IN	AAAA	2001:500:25:0:0:0:0:9
+a2.bm.afilias-nst.info.	172800	IN	A	199.249.116.9
+a2.bm.afilias-nst.info.	172800	IN	AAAA	2001:500:44:0:0:0:0:9
+c0.bm.afilias-nst.info.	172800	IN	A	199.254.61.9
+c0.bm.afilias-nst.info.	172800	IN	AAAA	2001:500:27:0:0:0:0:9
+a0.cctld.afilias-nst.info.	172800	IN	A	199.254.59.1
+a0.cctld.afilias-nst.info.	172800	IN	AAAA	2001:500:25:0:0:0:0:1
+a2.cctld.afilias-nst.info.	172800	IN	A	199.249.116.1
+a2.cctld.afilias-nst.info.	172800	IN	AAAA	2001:500:44:0:0:0:0:1
+c0.cctld.afilias-nst.info.	172800	IN	A	199.254.61.1
+c0.cctld.afilias-nst.info.	172800	IN	AAAA	2001:500:27:0:0:0:0:1
+a0.info.afilias-nst.info.	172800	IN	A	199.254.31.1
+a0.info.afilias-nst.info.	172800	IN	AAAA	2001:500:19:0:0:0:0:1
+a2.info.afilias-nst.info.	172800	IN	A	199.249.113.1
+a2.info.afilias-nst.info.	172800	IN	AAAA	2001:500:41:0:0:0:0:1
+c0.info.afilias-nst.info.	172800	IN	A	199.254.49.1
+c0.info.afilias-nst.info.	172800	IN	AAAA	2001:500:1b:0:0:0:0:1
+a0.mobi.afilias-nst.info.	172800	IN	A	199.254.55.1
+a0.mobi.afilias-nst.info.	172800	IN	AAAA	2001:500:21:0:0:0:0:1
+a2.mobi.afilias-nst.info.	172800	IN	A	199.249.118.1
+a2.mobi.afilias-nst.info.	172800	IN	AAAA	2001:500:46:0:0:0:0:1
+c0.mobi.afilias-nst.info.	172800	IN	A	199.254.57.1
+c0.mobi.afilias-nst.info.	172800	IN	AAAA	2001:500:23:0:0:0:0:1
+a0.org.afilias-nst.info.	172800	IN	A	199.19.56.1
+a0.org.afilias-nst.info.	172800	IN	AAAA	2001:500:e:0:0:0:0:1
+a2.org.afilias-nst.info.	172800	IN	A	199.249.112.1
+a2.org.afilias-nst.info.	172800	IN	AAAA	2001:500:40:0:0:0:0:1
+c0.org.afilias-nst.info.	172800	IN	A	199.19.53.1
+c0.org.afilias-nst.info.	172800	IN	AAAA	2001:500:b:0:0:0:0:1
+a0.post.afilias-nst.info.	172800	IN	A	65.22.0.1
+a0.post.afilias-nst.info.	172800	IN	AAAA	2a01:8840:0:0:0:0:0:1
+a2.post.afilias-nst.info.	172800	IN	A	65.22.4.1
+a2.post.afilias-nst.info.	172800	IN	AAAA	2a01:8840:4:0:0:0:0:1
+c0.post.afilias-nst.info.	172800	IN	A	65.22.2.1
+c0.post.afilias-nst.info.	172800	IN	AAAA	2a01:8840:2:0:0:0:0:1
+a0.pr.afilias-nst.info.	172800	IN	A	199.254.59.17
+a0.pr.afilias-nst.info.	172800	IN	AAAA	2001:500:25:0:0:0:0:17
+a2.pr.afilias-nst.info.	172800	IN	A	199.249.116.17
+a2.pr.afilias-nst.info.	172800	IN	AAAA	2001:500:44:0:0:0:0:17
+c0.pr.afilias-nst.info.	172800	IN	A	199.254.61.17
+c0.pr.afilias-nst.info.	172800	IN	AAAA	2001:500:27:0:0:0:0:17
+a0.pro.afilias-nst.info.	172800	IN	A	199.182.0.1
+a0.pro.afilias-nst.info.	172800	IN	AAAA	2001:500:c0:0:0:0:0:1
+a2.pro.afilias-nst.info.	172800	IN	A	199.182.32.1
+a2.pro.afilias-nst.info.	172800	IN	AAAA	2001:500:e0:0:0:0:0:1
+c0.pro.afilias-nst.info.	172800	IN	A	199.182.16.1
+c0.pro.afilias-nst.info.	172800	IN	AAAA	2001:500:d0:0:0:0:0:1
+ns2.asnic.info.		172800	IN	A	103.49.83.254
+ns2.asnic.info.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:254
+ns01.trs-dns.info.	172800	IN	A	185.159.198.3
+ns01.trs-dns.info.	172800	IN	AAAA	2620:10a:80ab:0:0:0:0:3
+ns2.uniregistry.info.	172800	IN	A	64.96.2.1
+ns4.uniregistry.info.	172800	IN	A	185.159.198.3
+ns4.uniregistry.info.	172800	IN	AAAA	2620:10a:80ab:0:0:0:0:3
+ns6.uniregistry.info.	172800	IN	A	206.51.254.2
+ns6.uniregistry.info.	172800	IN	AAAA	2620:171:804:ad2:0:0:0:2
+ing.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+ing.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+ing.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+ing.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+ing.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+ing.			86400	IN	DS	27256 8 2 F7B48A11530565EAD3CC6CCDCCE9841B6A65A707EA8CC20A4D81F9AEB7656A91
+ing.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . B391e3mly8FgP6OsOWMMjKPi88NlvptkFozzL3CeTE0c+qHxcRQEwylJWIvjFcnxjCHi2LjRG7t7/L/3frwx6rTOrmeXFXk2Kpjc7s75StmJAuISEdsNspzMhx8pw0UBCrnywIxfqkp5kej/+JgjziEmcR809X6iShKk6SKDmhJ11iv0bpU8urrJBhHqkaMm150rvlv4JYQafdRNHU1JMHvsduGsPIW6MJSip0KFkfkDePUmpR7+YW1F5AMdA1eRxfvjZKyUZaEPsXkNXVK3qjdmPThUnkcTo44Cxrnba/Ynaj6ElPqiPl2bfy2Z1sVYGuIfWqVeXF/PwRcOf3WUqA==
+ing.			86400	IN	NSEC	ink. NS DS RRSIG NSEC
+ing.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d3O5fmcltmQjTELJlULG9P4cKvbc0+i1eDaT8IUAUeR7fNy24l2eRGuV7uEFeS+K+FbNznntof53y7x89KRK5xoS5ESum23O0xUQMkyL9FmSNaeRFTL5Q/ajD2JtHrYPwE5dufBazLd/mvlkzDuwHTZDGJgS8vrbA4tdhvTuv4ta1Cy+9JAbIorE5r+WaKxDTVtGRZQBcbZbP1QQDJi6pdkf5QtLg2GrSP2zjGrQpQnk3zUPD+dwUy5G1WonGXZhwaoJBMlFoOwMGgvy7J56mjCh8cwd/oOd6qBi5eZMTz/KVKcHimxU5ClMfFnZUq6+WdRLh60Wom7hpx+87ZbF3Q==
+ink.			172800	IN	NS	a.nic.ink.
+ink.			172800	IN	NS	b.nic.ink.
+ink.			172800	IN	NS	c.nic.ink.
+ink.			172800	IN	NS	x.nic.ink.
+ink.			172800	IN	NS	y.nic.ink.
+ink.			172800	IN	NS	z.nic.ink.
+ink.			86400	IN	DS	44809 8 2 F3328D3A8A78E742E5D1E84C641F399E944D62A290651D21DFFEE632AB6AD01E
+ink.			86400	IN	DS	48370 8 2 9AE237CAC9D9160455E023B1097161F066C986F9821247DD279B1C84F5163716
+ink.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ITsq42OavfySUUNhTlUfXu/rb8Mq3XYAC8PHtXFuDTlMQEnxOnqZT4RZ98SZjAQ1C742wK4g1ARZ0Wk9ubAoyEPP24e9Zrwl4z3Uj10EoHNkBCKqpPdiloFc8k/KJnB5kalrczPQncRAZlaLkAUuHKI+VuJW2+P7ZuwMqqpU9Eq6XRacAiOWBuGE8Urst6aup/8c4ZkXjD/9cIHvPlLGAgcvyEBZmtBMLHCJ72ziy7KEo5BwuKFYHqabaFQsZ71LXVQiU+Kj6ZNHFTVUEaFVWDLBV7/4agpztOALiZcZTlV2a+u3FRwxb4opN9tXKBclgXCuw9vVmDYhYRqTJfwH2Q==
+ink.			86400	IN	NSEC	institute. NS DS RRSIG NSEC
+ink.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vWrQmvZ6u4dlM0pr9VvvbVLmtNiuiC/bbLkiDGhJTYUXBKGIfS+RcMAc2acweIe3cd64201sYLih2LPs8Icojy/I62kOYfkbawgrZVPsssN1oX/KYKe9OOksv9LcylfJzE1eTi5+OaSA7+wz6PYVsHTPav8ZopE27YzOekjwxCBHSXbOFUgIw+SYrOVjeCOhTS8ndznhVFtjzF88s1CIRMrtBk7iJhf9aJuUQYGlr2VRuuGxBhZUKM4z5VlcoJgc55AjkrdO3kHL4Tc9+x+s1a3J0mjf5wLv/cQ7/umzma2G5Fsgi58W3s7Z3dxMHvPM3y/QFi2AMXrpzP7rAYJzfg==
+a.nic.ink.		172800	IN	A	37.209.192.10
+a.nic.ink.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.ink.		172800	IN	A	37.209.194.10
+b.nic.ink.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.ink.		172800	IN	A	37.209.196.10
+c.nic.ink.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.ink.		172800	IN	A	156.154.172.82
+x.nic.ink.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.ink.		172800	IN	A	156.154.173.82
+y.nic.ink.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.ink.		172800	IN	A	156.154.174.82
+z.nic.ink.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+institute.		172800	IN	NS	v0n0.nic.institute.
+institute.		172800	IN	NS	v0n1.nic.institute.
+institute.		172800	IN	NS	v0n2.nic.institute.
+institute.		172800	IN	NS	v0n3.nic.institute.
+institute.		172800	IN	NS	v2n0.nic.institute.
+institute.		172800	IN	NS	v2n1.nic.institute.
+institute.		86400	IN	DS	46447 8 2 1068CBCEF5B14E4B888A50B79E38B75630C1DDA2067D1AA13640A6158E984C6C
+institute.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L7iLbKXnTWHqgyTQJ7Eur3jePF+3FaxRGUUP99f3w0lU6Bog32HjCraIaMJe3bsxw50TWmPhYvvhiJM40eYrB07GQQjRqJ/RwhFacVu4zWL/h9SWKRJvr+HD9SsVg3tOD5FuCzm2y4y3aGJZP1zILyhgBwIOQRCrWnRwxmxwjJRZc+RocNEVTspl91xG47fC8usAH1VmYmUmraDcQq8Weqj3dOX7WmDnOGsW5IdIYQQz2G1rPuxxPv6DvED2FMdbAFbPHgcWl1rEhJBDHPv7jXa7+Tlx8ddfpGwRo1keB8ADwtWep+555A3gqpVvttTom2KFeanKBxo6xVbf63PhQQ==
+institute.		86400	IN	NSEC	insurance. NS DS RRSIG NSEC
+institute.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gZr2HVISOgRXnMrp4mabkH/jnjNviix/Z9AN3nH1hnVP4P+fxvni908cHTTbh+KP6k/rIzCaeUtmAJPE3bK12/JCi0G82O6ZWvNqm2EUiK+rDY7mwTRQUHZiFn49n1ZSd9UjqAnK/wJDC5A1/ORYBt4IOEZNB0sQLKbSUAS5w+70VmHUpEgmynqbnAwGXkc3yfwhAu/NA+ipTNj0L5sUivpV6PtP3Mjknefa0zl9ttIJ3m9ZOVXVBwjYSsBqYIT+we3CvkUr0ZNAEhPZGMbYCy7c7PQ+R4JvnBw+6mPafLO5ndKzU2hC/lkAwWGAOvwJV1WNx9buy/5KkCadwmYSLg==
+v0n0.nic.institute.	172800	IN	A	65.22.32.13
+v0n0.nic.institute.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:13
+v0n1.nic.institute.	172800	IN	A	65.22.33.13
+v0n1.nic.institute.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:13
+v0n2.nic.institute.	172800	IN	A	65.22.34.13
+v0n2.nic.institute.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:13
+v0n3.nic.institute.	172800	IN	A	161.232.16.13
+v0n3.nic.institute.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:13
+v2n0.nic.institute.	172800	IN	A	65.22.35.13
+v2n0.nic.institute.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:13
+v2n1.nic.institute.	172800	IN	A	161.232.17.13
+v2n1.nic.institute.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:13
+insurance.		172800	IN	NS	d.nic.insurance.
+insurance.		172800	IN	NS	e.nic.insurance.
+insurance.		172800	IN	NS	f.nic.insurance.
+insurance.		172800	IN	NS	w.nic.insurance.
+insurance.		172800	IN	NS	x.nic.insurance.
+insurance.		172800	IN	NS	y.nic.insurance.
+insurance.		86400	IN	DS	13792 8 2 EA492E4CF1888E2861F9FFFAA38A66509C854DB6AA41C4DB1DFA611AE358B23F
+insurance.		86400	IN	DS	17830 8 2 B2969B333E64714F8EA3B5D1D691FE476194FF8C5B67AC78345ECE07B77FA20C
+insurance.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tX7W3ti05+l2NlB7jbmm7zWS07UcimwRrHptWA4gk5aeoCN00afbDKYzo0Ib6monVoIDsU20/r2yhASu6E3RCgYXVVOdyY8M5Oq9v/01Ya66awF564QgCuhPp1kWhUQJnfEp4eRAY6WgIjWiVuEusHQVRFKpAL/thRM7NsBM6HltcTB73+kI1Mj7jf4hzDjtjPSEwuHWfTbMJidlU3/AUJyM9Bi8mU/Rf75ppWVL3/zDg0jJP3HkhvPlwc+gAS2hC8wFBoDlr31hMww9rgf+6ZBdMVzsBl18yV62OfocloUOhO7L2H/4euwlPTZjmM3ngKZT+/T8/2rCpvc9Gd0ujw==
+insurance.		86400	IN	NSEC	insure. NS DS RRSIG NSEC
+insurance.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sdT83P8mvAVKd9cA8VrrducazHfvxQo6/pEwVdoRob6wrGx0hWDuZQluQzKGVoo+H2Yd5kMzxQisKaLdteSRjtja7PXC6GIHPk8se644IGwCfyO9SU+QdgXjyVqOV2QRwNeU+1xuS57DYsiDgli47hsVfrrdsWP6l/NX/nu5T9UFr3la+gPil7XJc3bDttAGjUpCb62DzVfkmMO2diru+Q8hHfaoV0/fOCFbS/22ViGihzysEH9ifczIIq7bpA5ehFxZtN19iaaXIrEVVhsOGuXsuhIKynbvCbqeBGENDgbcPzvLKtPvYO6x0qD+SKsza9Fjo7h2hosk8SjCKBmhJw==
+d.nic.insurance.	172800	IN	A	156.154.103.22
+d.nic.insurance.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:22
+e.nic.insurance.	172800	IN	A	156.154.104.22
+e.nic.insurance.	172800	IN	AAAA	2610:a1:1011:0:0:0:0:22
+f.nic.insurance.	172800	IN	A	156.154.105.22
+f.nic.insurance.	172800	IN	AAAA	2610:a1:1012:0:0:0:0:22
+w.nic.insurance.	172800	IN	A	37.209.192.10
+w.nic.insurance.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+x.nic.insurance.	172800	IN	A	37.209.194.10
+x.nic.insurance.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+y.nic.insurance.	172800	IN	A	37.209.196.10
+y.nic.insurance.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+insure.			172800	IN	NS	v0n0.nic.insure.
+insure.			172800	IN	NS	v0n1.nic.insure.
+insure.			172800	IN	NS	v0n2.nic.insure.
+insure.			172800	IN	NS	v0n3.nic.insure.
+insure.			172800	IN	NS	v2n0.nic.insure.
+insure.			172800	IN	NS	v2n1.nic.insure.
+insure.			86400	IN	DS	54472 8 2 FBE73379C21C9221115F502EAE725983064C91D82AF0C293A8C718CCBEE36529
+insure.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . v4gMWpwDQm+3ifsHJEUlfUh0kwkII7qlHRy8Ooidj2qvOZArYYcdCtLAEkN095KJ2PGH5wf0jC0ZEPDkzYIHQHq3ZL9MAG7j7yRxcRbM+FR3eXLPahQM5Jyr5HoSBs/XzB6rVcY2tUVh9Uvu7USCahJcYLKXb0vZ/1E6Av2I/hNjUPAgmUSmbP0xAwYlpaLUaibBPy0VTRbNaEM9FFd9W9loZMeket2SeEUKvtkqeNEMlyI/5x0rmzOcSdlp9uxlZwmwqkLr5orbPdzvcHLOuUqDnDogc76lAaHxXfRk4cppzJ6Gw7K6US7Xf7BZhk/o9DAMwws362YESxHGws3KYA==
+insure.			86400	IN	NSEC	int. NS DS RRSIG NSEC
+insure.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dRvB/lbb4mHflIQ8ipqjxzkQwiHSPo01bV6yca+IuZ6f2n3fzWVY3yFTrv9zlflLVYZzqb9q+zij3hivaOEoxhB2z54B3pdb3+G6DsJtJFF2RtHWIDvktMVs47CW+mPH8WMjnuBd5E3zsNMkXWRbIGPfwGkp3sqEBo2jSv9X/7bplUbfqBhuYkttYNT6+UbsD1xTgMGHSm6pOWiRnM/MWnT011lWOLWGHpn4kh0fz0ogRkiXf0lq2P2vWJjOnqYppvnC6/drlps2fTvMOSllZFTkrCmc7olsAdiHmgTYnhTa71fbvw60AOWdsxk5beixDBxSjXYScCSY8ldrFnLjVQ==
+v0n0.nic.insure.	172800	IN	A	65.22.24.53
+v0n0.nic.insure.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:53
+v0n1.nic.insure.	172800	IN	A	65.22.25.53
+v0n1.nic.insure.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:53
+v0n2.nic.insure.	172800	IN	A	65.22.26.53
+v0n2.nic.insure.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:53
+v0n3.nic.insure.	172800	IN	A	161.232.12.53
+v0n3.nic.insure.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:53
+v2n0.nic.insure.	172800	IN	A	65.22.27.53
+v2n0.nic.insure.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:53
+v2n1.nic.insure.	172800	IN	A	161.232.13.53
+v2n1.nic.insure.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:53
+int.			172800	IN	NS	x.iana-servers.net.
+int.			172800	IN	NS	y.iana-servers.net.
+int.			172800	IN	NS	z.iana-servers.net.
+int.			172800	IN	NS	ns.uu.net.
+int.			172800	IN	NS	ns0.ja.net.
+int.			172800	IN	NS	sec2.authdns.ripe.net.
+int.			86400	IN	DS	27433 7 2 5864812D4DF2A4A455D905AF311389F479AFCD96FD369060941C7E170B40CA4F
+int.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NH0+vK19IZiaOdpfxCN6pDJz9C1zaJR3zAACc9NwKDFnDhzHxHDJUaLyWLwgIapdTgELo/6U2hNzInALXxPR0B7bt1KRWXWAV/gzhT1D2n2NyapM224MtXM8Qb/syqnzwg4DtUQTtmaP2LcH+g+JmzvB0PlEG045jUpjK6ooZyteouj/MgExB55KjxKdZn0ovs8jl8aIrKP/vE6aCIzpWKVQBY0i9DutAQlKPovq6T46Kf5hKPkRkfqozgqoPo/nZqHsxvD/lUVGWTkkAxiRprwE3laWkwhUDRNgC17GyIrCBQEeVKa5E+AY85sPquIaE8pPyu/XScCIeQfqHhRtNg==
+int.			86400	IN	NSEC	international. NS DS RRSIG NSEC
+int.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . C/OSueQtpahzWUZtgiRsYNBfK2bK1yiBuuUW5wuz8b5VAld3f3hQg28BTbMftpAVsCthoHFtXQzFJq8WwVDxEUgC9EFv6ZEjXO3UbpNT0wjQNjwmxEHAmdPSUILQFLdVeDg5zZGtpkVd/5lbEo2cO7IxAsqivMi06xJFSQ5iQdXLB7A7bqiDf+r/Z/zyL7/bpUOm8DjHxRrMGWbA2hgMPHJQCOj2fxlIGZoeGn6gCLBc/lZRLdwHtwEXGgyHjEvF8vXTBF3VB7j1Qg/EwLwML1q1cY4yyAwHdmOASWEzJJ/dvr911UZiiYBboZeUB6LDhHOTjU9qrosixxi3faplGA==
+international.		172800	IN	NS	v0n0.nic.international.
+international.		172800	IN	NS	v0n1.nic.international.
+international.		172800	IN	NS	v0n2.nic.international.
+international.		172800	IN	NS	v0n3.nic.international.
+international.		172800	IN	NS	v2n0.nic.international.
+international.		172800	IN	NS	v2n1.nic.international.
+international.		86400	IN	DS	28987 8 2 947FD1DCD82105B572AFDC6F9BA5C8F17F6D3A755F2BE059CFC5C9044FA8BB10
+international.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FPEYk4tJdakYTsbllgI9m1CM/0bjo9NfCFxBp1na6rvfXVEaZuiI30CVWKIr9rOVwCWCAcEPT68wz0nZiVkxn5vlDpdp6i3qZruPFtRbh7zurhU69xtxcpVq4kg8JctEo/8P8kijbOeM7gfTO2cyhaZ5NNyhsLZfjF5+3YHRiRNT+kGFnZhwvt2IuJns6zPHcUu5va8F73j/4AMr297dc/W+C9duvFwn2ywXMGMoxFiMA7U5KBIo4IHwMjMTmiZHF0aoYX+Cb0UFyXmkAIT3QRAi3be+zwTKbw7bsBp3xCujO5LSqjvUx64sPE5kYHQNtJFiq1v7a3ZWtX1Dn7BURQ==
+international.		86400	IN	NSEC	intuit. NS DS RRSIG NSEC
+international.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . klaUOqrJlSGLC4mvvXwY/qJkjHY4i7jHDlp7+zjLM5gNqKwO+9y3/M4Eq+m3qpt3LRwfbPde6njaACTS8xLshR2E87PyDbRej59fODR4MtRHi8Mk3JCKWN/WRNITr7cPFWTXphkcXM8Xqg28kKipl9gRPZxoSePNaRDMz1h7YciWedQ/adJH36cbtGyUeiLRDybJtPRXmhbJK4FoO2pWFobk+JcEtGyrtEZJaqRiMh3QfuUyWf256M6V2HmAFLcdsAkBPYtZfwxnLFF/RoO4DsBkSEQWYbLkSwZiXYdXUGWQHWd5S+nFtABepAwprnLXCE/uDj/nhciMm1eXtRy+Tw==
+v0n0.nic.international.	172800	IN	A	65.22.28.6
+v0n0.nic.international.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:6
+v0n1.nic.international.	172800	IN	A	65.22.29.6
+v0n1.nic.international.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:6
+v0n2.nic.international.	172800	IN	A	65.22.30.6
+v0n2.nic.international.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:6
+v0n3.nic.international.	172800	IN	A	161.232.14.6
+v0n3.nic.international.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:6
+v2n0.nic.international.	172800	IN	A	65.22.31.6
+v2n0.nic.international.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:6
+v2n1.nic.international.	172800	IN	A	161.232.15.6
+v2n1.nic.international.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:6
+intuit.			172800	IN	NS	a.nic.intuit.
+intuit.			172800	IN	NS	b.nic.intuit.
+intuit.			172800	IN	NS	c.nic.intuit.
+intuit.			172800	IN	NS	ns4.dns.nic.intuit.
+intuit.			172800	IN	NS	ns5.dns.nic.intuit.
+intuit.			172800	IN	NS	ns6.dns.nic.intuit.
+intuit.			86400	IN	DS	8869 8 2 1A86450877BF7CDCAB1715F9B5206A668FD7E21C9D10119F3CE7E6D004287A5D
+intuit.			86400	IN	DS	9856 8 2 D826E3ABF318055E6E502772D495AF5FE336D811E8B841F780114D28479D6F3B
+intuit.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xSPv47HKGrBQXu/Me6wpdlqxtStCbOarBYpJH1auD0WbqXAnUDv7zDxL6+IqomdEmYUCz3S5JGz2TOwLIUpywt1g4uGJpDm/+TE71/nOeIi8tJmNDLSvCyRE84yRe9532/RaAT2oL4HaYxpDtU5iiabdcEJOgdc3eFYejfHO/1pFzwng4zlDbAlCzhJYX1dONmKJTwRC/XZS8D5QF37uPhVkh/NPlrnxm7U09wg1V/Kl+gauJd88P0r+yCyGzYJDHJbP6XyyfV2tKsyOeoGdXZRzBMGU2CJoN8N3YHgl1zYw7hP1lC5WoxkIqMsGx4K0KA4dOHosaINy3lvwjSVOKQ==
+intuit.			86400	IN	NSEC	investments. NS DS RRSIG NSEC
+intuit.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . os02b+d8VP+tydaQMRyiixxMTpeZqpNNpXqIatM9IliifhjD83DGldbxe3yY3o/3RKDyLGsWLYdkhVR5wiWb/KYccVH0LFxAnzwkvaNiirolXjxoNhOh8KY0NiFd51iYB254tAWFCWbCtxduY12Z44dlpt4HJsC8vkV9yOqLmZoAqV0cmhjpgnRDwgJ3tYkQ09oNbSinqKozV2vx7cBtLaKwzjudTbPG69SV28jMrXr+Bn4Ei3P2BEfVfBkQ3P66zMErrNZ+9DNIEtyuyqy4wyqulmnYXE/wxdolqIEnAwXMcGJNesn62bBj4ttSdcNawSWiLDHWz/uftpeG+poHSw==
+a.nic.intuit.		172800	IN	A	37.209.192.9
+a.nic.intuit.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.intuit.		172800	IN	A	37.209.194.9
+b.nic.intuit.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.intuit.		172800	IN	A	37.209.196.9
+c.nic.intuit.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.intuit.	172800	IN	A	156.154.156.82
+ns4.dns.nic.intuit.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:52
+ns5.dns.nic.intuit.	172800	IN	A	156.154.157.82
+ns5.dns.nic.intuit.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:52
+ns6.dns.nic.intuit.	172800	IN	A	156.154.158.82
+ns6.dns.nic.intuit.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:52
+investments.		172800	IN	NS	v0n0.nic.investments.
+investments.		172800	IN	NS	v0n1.nic.investments.
+investments.		172800	IN	NS	v0n2.nic.investments.
+investments.		172800	IN	NS	v0n3.nic.investments.
+investments.		172800	IN	NS	v2n0.nic.investments.
+investments.		172800	IN	NS	v2n1.nic.investments.
+investments.		86400	IN	DS	56107 8 2 9A6DF7804A869EECCB7D1C03F4ACC62FEE9C130250CF3479BE1E9F3904A9E0DC
+investments.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n3ADgbvTMztRFFSA+C5+qmvKo0OTdCR1BIR527FTkv/Ni6qjWecedW2DlnTewDGPTgMIFPJ8VhDEyelFdTP6ExTnUI5Y5Poi7WY5vu90y5to+E5CiPjq8NhQScYG+I/3m9xL75y/KhynUCN2an4W5QhSBd3dnPbzjBfkFf9beaBSN2BEQX1VvZrwwpv16tzWnZbTa7vufHVqa+TGBVqRb+8ATXP/t3mB7mEtBg0MDEbqXn3jg5lfXtepwCvL+UY4+OKjzj0Pprzukn+OSDRBL7U4MF7Ea7Poh46HR77oFxVIFx0hN0hSaSFPsag4NCpbnqSbG6H+ueygCgo9jbktKw==
+investments.		86400	IN	NSEC	io. NS DS RRSIG NSEC
+investments.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LjrnAbE12xPGOAvAcHZgTltnDRepA2zKPI5G+cydHqiuwuly2VOPXQp9q6mQjCkrQdSIYPXnUXrm1L39rSYzHDeotuAGRa8LCPnza5hVGH9w4vt0Ly+oKkDBsTr/0YZGGYJM3BI3k9RJPzmO/kdUoTjqZVsri6wfl5l3skS90QHF5eWA23nVA4QX1iLWhMQxVF804RKYd7F44Qb7l+Q0GRZGS/B4dlv3n58v/e9nFJpDMZHkK1P3X8dxaciZSQZgslri/mktwswNO+yUUZF/WDcYFtoxcFynVn0dbj8FsjDivOdLV4agHng13Q6Z4WJp6oKWXhqawJyNSa/r3FXZhw==
+v0n0.nic.investments.	172800	IN	A	65.22.28.53
+v0n0.nic.investments.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:53
+v0n1.nic.investments.	172800	IN	A	65.22.29.53
+v0n1.nic.investments.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:53
+v0n2.nic.investments.	172800	IN	A	65.22.30.53
+v0n2.nic.investments.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:53
+v0n3.nic.investments.	172800	IN	A	161.232.14.53
+v0n3.nic.investments.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:53
+v2n0.nic.investments.	172800	IN	A	65.22.31.53
+v2n0.nic.investments.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:53
+v2n1.nic.investments.	172800	IN	A	161.232.15.53
+v2n1.nic.investments.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:53
+io.			172800	IN	NS	a0.nic.io.
+io.			172800	IN	NS	a2.nic.io.
+io.			172800	IN	NS	b0.nic.io.
+io.			172800	IN	NS	c0.nic.io.
+io.			86400	IN	DS	57355 8 2 95A57C3BAB7849DBCDDF7C72ADA71A88146B141110318CA5BE672057E865C3E2
+io.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . P6nKYhBWBb98Fxo+BbDmE+OYmQKAPqjUoRo9oiIjl7LGZqtCa8NSDRYkRcEdpLJTUCTlkOWua2PUEqRNFusvnYCjtl35v1z5dghurozeE4iUpvpQbKtuHyxnLwDrJiDcrYbLPwsptdBVtN9fQlhILuof1HLgley7MdYLZsEhq9vvrOtpVpPWPD1WolQr9TMFBnOapLYkwjV1HRgool8cSRfMzdCEOwdFg2nuFJrhkmYAdALJzn3Rb1r1B7vN/mID04iTJOeKuQBpJebmKzoW2OHkK0GDmi4i8bEwTWMIex5HbXj157Iz/91uutQMPKlYTVktG1zl+UqMbVZS/hmx5w==
+io.			86400	IN	NSEC	ipiranga. NS DS RRSIG NSEC
+io.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FDWGpvJBh3zSqAuk2fWau/h+9YFnVXcnbl79O04sdxSVtqdTXIpO9yox5NEDltwGzuMpeSZVN/wEREj0WdBxqzlw2nWxEl7eRSXOtkAsJQPrLZfp48HHtpXACUszIl/rnQDTfcPA4m+W+TvmD3lkBBgSN9AbppE2wD6+AuBXV9ooyssIZYEzQPXWDQi5JxbUKui9RaVeLZyeFn2FNRMeigooOTWhPD8pCIwn02Wb7TXK+cepw3g7bRQftYV+6J0zAfTKNBqB0c1NX6qpKg/JCzPrgsL/4nwp0ZnAmCviKTDYKN6OHO8CK0mPTN1l9OgBmPCVdoju7lQDJ8KhRnnayA==
+a0.nic.io.		172800	IN	A	65.22.160.17
+a0.nic.io.		172800	IN	AAAA	2a01:8840:9e:0:0:0:0:17
+a2.nic.io.		172800	IN	A	65.22.163.17
+a2.nic.io.		172800	IN	AAAA	2a01:8840:a1:0:0:0:0:17
+b0.nic.io.		172800	IN	A	65.22.161.17
+b0.nic.io.		172800	IN	AAAA	2a01:8840:9f:0:0:0:0:17
+c0.nic.io.		172800	IN	A	65.22.162.17
+c0.nic.io.		172800	IN	AAAA	2a01:8840:a0:0:0:0:0:17
+ipiranga.		172800	IN	NS	a.nic.ipiranga.
+ipiranga.		172800	IN	NS	b.nic.ipiranga.
+ipiranga.		172800	IN	NS	c.nic.ipiranga.
+ipiranga.		172800	IN	NS	ns4.dns.nic.ipiranga.
+ipiranga.		172800	IN	NS	ns5.dns.nic.ipiranga.
+ipiranga.		172800	IN	NS	ns6.dns.nic.ipiranga.
+ipiranga.		86400	IN	DS	15469 8 2 07072C5F3D4A042E6E13050CA502DBBB6CFDFC20EC03C2407562BCC5E23FAA32
+ipiranga.		86400	IN	DS	64375 8 2 ACF8A18748A01A0DFEEA2A9078C2CA53721C508831B9C151DB77AE4342065538
+ipiranga.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ceh3J6OXuYNa8pjG7X5uZy//PxUM7NMsAJmEmhWDFMlO6QGWAKrHDXxmo7Q3DPrq+C5+mUMHzvrJJDQUzJ1MqixNXfhhfrAtl8AQeT1RGgDpbw9cREjDfPGb2KaffRkPfA3sUBQT2sOvKAOYU2elYZnPK5A7+YWFL1W0dNQpID6VVBUJB6LLW+rW+xPxlOC0EYQVBg36FjO6EdoZ89dPduvqC3uMAklH/ja5Z7QCtueWof9e4hg616OCdd0Ioqf3LcinHZ0xqXiKGLDR6Xj9OpXS5CC7bW05BbqxTYRlj5CsdD5QCA2/twmY7j4tBESHu19G/kvkiEJFlIl1MZsdEg==
+ipiranga.		86400	IN	NSEC	iq. NS DS RRSIG NSEC
+ipiranga.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . e5nJlfvnzviuB7W1e2uv3AOgoJO5imsF0gGO9a+OzQReNO5qUu11WN2YxmX6MWgNDw0ZTY9rK6VftQ49tOz/oD5zl18mvgRGv2MxPLLLsUIx3xUTkvYYox53Uxiiyy9DRyBPtbC15xuqd2aGngwfDqs3oInSJUdT+BQ/WyMeY7fSuSfoEbliKpe7nIYFIyWeldBg/X9ZEOI8vFVE/Fjuza1LOMm5XmJx0QofH71b4wGtcH5WrgFadHQlt8OLU0JssgUJUOT9Yl11lJqa0X33bxsFvFFGAEJjN4BnVKouTQPCIvvky1OH9g1ngQ5VusG15+TE1YEtXo0+544j3BjjyA==
+a.nic.ipiranga.		172800	IN	A	37.209.192.9
+a.nic.ipiranga.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ipiranga.		172800	IN	A	37.209.194.9
+b.nic.ipiranga.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ipiranga.		172800	IN	A	37.209.196.9
+c.nic.ipiranga.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.ipiranga.	172800	IN	A	156.154.156.83
+ns4.dns.nic.ipiranga.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:53
+ns5.dns.nic.ipiranga.	172800	IN	A	156.154.157.83
+ns5.dns.nic.ipiranga.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:53
+ns6.dns.nic.ipiranga.	172800	IN	A	156.154.158.83
+ns6.dns.nic.ipiranga.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:53
+iq.			172800	IN	NS	iq.cctld.authdns.ripe.net.
+iq.			172800	IN	NS	ns1.cmc.iq.
+iq.			172800	IN	NS	nsp-anycast.cmc.iq.
+iq.			86400	IN	NSEC	ir. NS RRSIG NSEC
+iq.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wMnhWloqNcjMBtkxK5uyNxkHbSQ994GbyVRvXuSgNQr9wbDSzpCg6QrhhwJiLl/2gZbIzBow6AK4SmJ+MEBaVTxvwnjSnhh5T59rAnq0pvu19U/44tqImBbSKaCYaArP1wFrUzSDKerKMnXDQmeCl1jVEMTnsMDPb7d0tbMNitHPwVUqUtgbG9Ar55OfXkCE4xhpBtojNTh700ORZQcmmTP7kMzOcH2LorVDCNbyyIjiC4TvisSV3DpyUaO73AmXB5A72iRtAnSM07fGiUaLoaItwpA23dQzzPNISounVfusKVnZd5Kv/X/mDZ6H3SMqYW5AAlu7MR3sWZ2hteuyPQ==
+dyn1.cmc.iq.		172800	IN	A	199.19.5.8
+dyn1.cmc.iq.		172800	IN	AAAA	2001:500:92:0:0:0:0:8
+dyn2.cmc.iq.		172800	IN	A	199.19.6.8
+dyn2.cmc.iq.		172800	IN	AAAA	2001:500:96:0:0:0:0:8
+ns1.cmc.iq.		172800	IN	A	194.117.57.100
+nsp-anycast.cmc.iq.	172800	IN	A	194.117.58.42
+nsp-anycast.cmc.iq.	172800	IN	AAAA	2001:500:14:8001:ad:0:0:42
+ir.			172800	IN	NS	a.nic.ir.
+ir.			172800	IN	NS	b.nic.ir.
+ir.			172800	IN	NS	c.nic.ir.
+ir.			172800	IN	NS	d.nic.ir.
+ir.			86400	IN	DS	47300 13 2 7AB287956A55ABD60DC8697C2049738FD5EEAB6F2070152B015D59929521DADA
+ir.			86400	IN	DS	47300 13 4 FE3A9BFD3AED31CBD1E2F6B45C88D81B5CCA68CDC9D46080C1C4AFBD491AE3A9F6DFBFC4320111144C375D648AE3CDF6
+ir.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nUIIbw5v3et5Cf+2ayinuDCzZNq2v7giF5FS6ZIOgLZrm8mCzKlBL420AacWDPicisUQF5pmwhCkrhFrSqwcHX+GiryCMdparoeEWTMV64KRycT7oAEF4MHxcQNsFn7vCdA2B3aqP9Gf2uniVbM0NunsjMUKYymsQWt56wlbbZUA3bNSwwzP01jj+zA7E1ho+45Q21BiFePHjzJXjuInK4wI1dOspQQkm9I8+vt9s/ul5sRwzCXKi73zwB7q5ShycqiRXsUmGGal9betNIvgFEn829d5S/YqVQz46GUyKTZ1/Xh9gc/0JjlTfoJTYQeH8FXNAUvu7DDIVxPtBxBbrQ==
+ir.			86400	IN	NSEC	irish. NS DS RRSIG NSEC
+ir.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y0ViEJiVi0oV7EwLyrCuvkgP/guHOxKR5FjpJI3i55+LdkL8nCBp9e61jD3XIrg+PSuEtqTDlghEPZgTFcoJT/MM2rFCZj4hykQ5wFmAenKMyM8qJl8/H5VVURpMdGqyxEFWpCOuO/kyt+DwyY/F+jd66CCP5pwoL5i3+AmhgeNhYpH9w/hyWfvR+FTiu2IyzbROrzVgKruvTNGbxwCX5nnjbeA+eLqQ9tvo6rmd8LNC+a6AkZfGEk/5YEz3568aw8oYpVw+iDcPdKP7W8snUC6/tANNdKTzIt7OqDatfEIwqFUvJkbcYFs4TJwEAnLKLQdaBvCyIkRGBK5EZw1XHg==
+a.nic.ir.		172800	IN	A	193.189.123.2
+a.nic.ir.		172800	IN	AAAA	2001:678:b0:0:193:189:123:2
+b.nic.ir.		172800	IN	A	193.189.122.83
+b.nic.ir.		172800	IN	AAAA	2001:678:b1:0:193:189:122:83
+c.nic.ir.		172800	IN	A	141.95.65.136
+c.nic.ir.		172800	IN	AAAA	2001:41d0:700:5d88:0:0:0:0
+d.nic.ir.		172800	IN	A	194.225.70.83
+d.nic.ir.		172800	IN	AAAA	2001:14e8:c:0:194:225:70:83
+irish.			172800	IN	NS	v0n0.nic.irish.
+irish.			172800	IN	NS	v0n1.nic.irish.
+irish.			172800	IN	NS	v0n2.nic.irish.
+irish.			172800	IN	NS	v0n3.nic.irish.
+irish.			172800	IN	NS	v2n0.nic.irish.
+irish.			172800	IN	NS	v2n1.nic.irish.
+irish.			86400	IN	DS	18289 8 2 E438257880733AD6E7EBD5E4721F73470C93C55D57798E19DEC38B9B1FE56813
+irish.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZhUodTWUUfqpj4VND0WEUVEHZvWf/PhBAFqDTdO/yWfeFrkyb6jfJT2UZ54JCGKjdt+ntuamb7GMrq0xKCJJ+eZCilNTpUOzmEIT2/Cu4I5JO+MS6u2ZEA55+hhJCmvwB557154M5fd/e8hTbjFUsqIn/wDano4Gi6fuCOMhj96aWcAYCmafBQDAVCAEOeFwaE+RgZvZMSrK/c1ocb7FdCIVZaOvsHPdNB5x4m5M4J3Bmd1KAFxoSJlOeo+B+iMO3E5ziqH0ys0D04VCor80oK+RTn9g6YhaUCoIZQExywpr8HK/tOUbAnGr584+I40yS3ca2oeldWrv5xYjh/Lp9Q==
+irish.			86400	IN	NSEC	is. NS DS RRSIG NSEC
+irish.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DMjoug/tcGDa68I2bv/uSEiJGWWzKDBEvrTRub9/AYu75OlAaV+WVHI+lcFytsxJFmLuHRirPdJkBGU9stxacetE43HQfadOft2U+6moAEJwzSRVLwm22i8GlIH+BXSZ6eDQrqOzcY1UTFiTDz9jJliLUxbqyagq1QRVL/rcAADd69kUGQoWq9zcRCfbSBACq7y7jh3+4OwrwuTZiB1SrrQ5g27M+wrnje5shFOUdycYBG2RgiPndK7RQiA41D29OQ8vTx155J472u7haquAq6vCaHyAN3LaWNILFf45Viqmc/IH5L+5hFrmk9AfbIou9hqmZDDzN+S9qsAhjjqkIQ==
+v0n0.nic.irish.		172800	IN	A	65.22.32.27
+v0n0.nic.irish.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:27
+v0n1.nic.irish.		172800	IN	A	65.22.33.27
+v0n1.nic.irish.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:27
+v0n2.nic.irish.		172800	IN	A	65.22.34.27
+v0n2.nic.irish.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:27
+v0n3.nic.irish.		172800	IN	A	161.232.16.27
+v0n3.nic.irish.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:27
+v2n0.nic.irish.		172800	IN	A	65.22.35.27
+v2n0.nic.irish.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:27
+v2n1.nic.irish.		172800	IN	A	161.232.17.27
+v2n1.nic.irish.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:27
+is.			172800	IN	NS	bes.isnic.is.
+is.			172800	IN	NS	sab.isnic.is.
+is.			172800	IN	NS	set.isnic.is.
+is.			172800	IN	NS	sunic.sunet.se.
+is.			172800	IN	NS	durinn.rhnet.is.
+is.			172800	IN	NS	ht-tldsecondary01.isnic.is.
+is.			172800	IN	NS	tg-tldsecondary01.isnic.is.
+is.			86400	IN	DS	50437 8 2 9F52F1F92F1559E26DFDD71DAD54DB41ACDD80F0150D974B08CAF910D45E8B6E
+is.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tmo+o8SrwD6LHxk2r0t78F1sU+8AXppcCqlhnN3o+gQHMvEB/U4IWRr0Lo+dXSR4zohdLbYYbvRPUjjDDiJUbjwiGw5sCY/37WBkLrR3ZTYr59OPVWHPgHPKl15R/sek7fdk2TI73qH/MqliAJO/PnnlERM/uafqYAJwpjuhWwcEtxjgTDyJV2uL103tiWdoIClHsR6P9NiZYJzn/ZSiI25gKNHtYNZVmPNy2W23Foj5G07ZMT1Z8Ky4kIdZM4NLTbtQbFMJnbCrmB6MoncyZo5ls6oXSAJhgBTgzpHxDkvcBdE6MayTZHCJVWV5+d+CnX2ixi+v3vXlBNVsnbGHXA==
+is.			86400	IN	NSEC	ismaili. NS DS RRSIG NSEC
+is.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VC8+PaC9hk3gG1wT2RlfMkrMYXtyMNxAn2ynaC/6qR/U6wqxTDWlGHC8LdM4mUDyqvVp8OKuZb7mxNHhHG1yZ51I2TR9r0hcPfh+B9LNKZ2a3PdMmTmEuzbayaEiuiAaoWU/AU7k8zP4dGH3bfz8LVD6Xcl+hWWTTkdTNCTpbtjybSJuwlzH9b2ZtD86eMknay1OKrOs1utGoZVH77XXsmo+m17EjILDvCMKgtBqz/MD94uTyM8JGOEsCDPjqmY5g7ZmTK1Q9j4yWGfUwOCfvN031A0rzKO3WAnhKPeGEtybMb8Sdlp19MswI79LfoEIFoZK8ly7ES8MlRqt2gFvNw==
+bes.isnic.is.		172800	IN	A	204.61.216.116
+bes.isnic.is.		172800	IN	AAAA	2001:500:14:6116:ad:0:0:1
+ht-tldsecondary01.isnic.is.	172800	IN	A	185.93.156.10
+ht-tldsecondary01.isnic.is.	172800	IN	AAAA	2001:67c:6c:56:0:0:0:10
+sab.isnic.is.		172800	IN	A	194.146.106.58
+sab.isnic.is.		172800	IN	AAAA	2001:67c:1010:14:0:0:0:53
+set.isnic.is.		172800	IN	A	194.0.25.41
+set.isnic.is.		172800	IN	AAAA	2001:678:20:0:0:0:0:41
+tg-tldsecondary01.isnic.is.	172800	IN	A	185.93.156.154
+tg-tldsecondary01.isnic.is.	172800	IN	AAAA	2001:67c:6c:f056:0:0:0:154
+durinn.rhnet.is.	172800	IN	A	130.208.16.20
+durinn.rhnet.is.	172800	IN	AAAA	2a00:c88:10:16:0:0:0:20
+ismaili.		172800	IN	NS	a0.nic.ismaili.
+ismaili.		172800	IN	NS	a2.nic.ismaili.
+ismaili.		172800	IN	NS	b0.nic.ismaili.
+ismaili.		172800	IN	NS	c0.nic.ismaili.
+ismaili.		86400	IN	DS	50875 8 2 99F076F1405B88AEC44062CD7B8E9BF55D82130E00F55C92F6BA79F944980DA8
+ismaili.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DXeX58hULWFjtByjVQWdeyhp190hs5wUC0BCXfeLYxRMfYVbqHfKWK7FJneFjsG6zHTbxaW7yFI/G9wPNzPM61WTBgkBaduyL/u/0xEy4IRJnio+PjBOgH5sES2dxzq2QRwR9w1iDYn6M8ahcZuUrbRPz7Uco+E2C1/lMrPLJzCQHRVvqzFYgjJBKcN2GjDdhIE4rE3KkGOMRZs+EU+mGaCkdMPdQi9ve7e2J9sdfoC5tbZk7UxuIkgey3xrb1jrKpncTTYPnlcuJMjZsU0NDFqisFKxbFV49ccUxcKT04a9/LgYll0IrrbNaMPMGLcGhXqAPQhRAwPoXGBmEgJ+iQ==
+ismaili.		86400	IN	NSEC	ist. NS DS RRSIG NSEC
+ismaili.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FwnAeFEsKIRxGbRI/W+L60mFS1geq0g9EryOS2CvPhIwVaKWhM7KgvRvaQlfI1hREaTUnMo9jl0OB2fyvJqZaVehqbdEFzjt90ud7QMmvp2myZoSsbZKIr3LBiCyoBrDJLwK9r/HvjjNLlrcZI5ofi+19RPy+UVsohmijlnW1ru5T00YKboQFTUbxMkXIT/hD7rIsS9+ggFeIoiTsq2aDwhCze7fYuVkiRcHTRfjqTGrksJwjQLhGbi7Te8W0h/w4aLYIH34EziFftMkb0Bc19qLk0JsOX6FxVVSvlbe++rSBfcjAjnfCJvzIycWQyutdDQfMw0HS7evux98q/mC2w==
+a0.nic.ismaili.		172800	IN	A	65.22.44.25
+a0.nic.ismaili.		172800	IN	AAAA	2a01:8840:2a:0:0:0:0:25
+a2.nic.ismaili.		172800	IN	A	65.22.47.25
+a2.nic.ismaili.		172800	IN	AAAA	2a01:8840:2d:0:0:0:0:25
+b0.nic.ismaili.		172800	IN	A	65.22.45.25
+b0.nic.ismaili.		172800	IN	AAAA	2a01:8840:2b:0:0:0:0:25
+c0.nic.ismaili.		172800	IN	A	65.22.46.25
+c0.nic.ismaili.		172800	IN	AAAA	2a01:8840:2c:0:0:0:0:25
+ist.			172800	IN	NS	a0.nic.ist.
+ist.			172800	IN	NS	a2.nic.ist.
+ist.			172800	IN	NS	b0.nic.ist.
+ist.			172800	IN	NS	c0.nic.ist.
+ist.			86400	IN	DS	2221 8 2 7F26778AFF98DAD019476832C62CE0399F247BA6F4F8E10BF26B8C80DB6E30D9
+ist.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AaEbcW+VtGZOFKJzkcp44ucRJkqRXxzSKy9Eu6Kt8jEc+y5MfY4DI38LFdlUmec1wCh0omURROoWkwjvWIHzptru01aYtAhuMlKYMjedzqVHLSFkIBk7sb+pN85vwzs/yOvxmb9TQeALyrvVGZSMqTKPGZkxcnSOZOMyKPFhc2Gwpbg5i4Yl4liCNXwtbY7Ax8xjbRvrOknnJHzA0Hcdb6rE1rhJ1ro/A3rzeN15pKAjlGA6WZbeGBohXb+FLwhq0GkgH6ZzR5CTJDxrCmgqkxjYNTTFpHASnK0D33w96eTkg4zCyv7y5hXM3H3WhX5DOdgmRWyHsNYZe0OJfHvChw==
+ist.			86400	IN	NSEC	istanbul. NS DS RRSIG NSEC
+ist.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sSysh3ZW6GV2160hhADNR/JLZ1zWiYOFBi+XAVJqwX9aNaB7dKNHltGVpts7zpPbjl0jooTrJqc4uypla4JPMjtWQ8RoO2+xCbTRXrh7yOu2BoPkoqv7AFmYtSvwKzmdBPIvzTbfqVaDrd92l4cF58FyeBvOsji5fkdLTm4lM/iJ+xu7qPYUWsgXl6+PptUv1HDfYbehujQccv2ZO2gciCHjFcabd6yjcbKuNCMdWMb3FlFyBhoXpvfICpMK7TR/kkU2E+9zCbvTl7rZOEtyKL1FWv/qj00C5rD9ne2NkKNKH0B4Ft0Zer+8azJjo1SspBytg0aHXPekdMfS9FAg/w==
+a0.nic.ist.		172800	IN	A	65.22.144.1
+a0.nic.ist.		172800	IN	AAAA	2a01:8840:8e:0:0:0:0:1
+a2.nic.ist.		172800	IN	A	65.22.147.1
+a2.nic.ist.		172800	IN	AAAA	2a01:8840:91:0:0:0:0:1
+b0.nic.ist.		172800	IN	A	65.22.145.1
+b0.nic.ist.		172800	IN	AAAA	2a01:8840:8f:0:0:0:0:1
+c0.nic.ist.		172800	IN	A	65.22.146.1
+c0.nic.ist.		172800	IN	AAAA	2a01:8840:90:0:0:0:0:1
+istanbul.		172800	IN	NS	a0.nic.istanbul.
+istanbul.		172800	IN	NS	a2.nic.istanbul.
+istanbul.		172800	IN	NS	b0.nic.istanbul.
+istanbul.		172800	IN	NS	c0.nic.istanbul.
+istanbul.		86400	IN	DS	61630 8 2 3EBB91801CF0D1A67A84B4F1E265B248A3E3B0459C30D3631955E98A31A430D8
+istanbul.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yPWrBzotHHRFnDb8mVL60DO/GktOEeHMu0PTYs1Top9ZikAM/QHH2T2a4Ah7aCslCLffIfNqxq0WuMVeDLP4qHGpg/mzThBgKgaH8hdJ+j8kImeUARwIQbyXbW5k34yRBBvrpYhIbjLaq3IlcHjDifXYNTLDl3RXiU9IQHNxzsyCNJOh51s6BWGm0YF7tntnfoZVTy0KAGS5u0QO+2jQUJvbl2RjgyZ32AQHdfli1FIW+EZSWZbQiL3F2Bv44ievLI+eM1GGOTnRU9Hqa7NSLTvXi9E12XFB+KmQDQgPI4rHWd+kEMbs/db1p2zIB5FIZ5YO6D7zsvBiyTUwkyos2w==
+istanbul.		86400	IN	NSEC	it. NS DS RRSIG NSEC
+istanbul.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SzDOkdbyhxaQf4CAYLNakcnms66S8uYh7mCF9+N5p6SbxCmftiHxDn/Y8c6xOh9XR2uXFHd6M8U112XzKB7z51qkeWVj0utBlvFPjmRfQ3RALLZKYWR4IJvcmOobllaDRS6R0U6Y8G6uOlx8lIrfxX8Cl+zEb19cYNU1k+MPUoEsQO323pbHFMyV/aW9Ef1EerqbpBXoPxYF/alY1+xz6QXEa2pOwB8yREHILFAYSHjjyae22/nYf0CKNY2vqXJ+i1/qUrtJbjvX4xTqJuofMR6pQHQAzyF0GY2iOAed18QWNCe3ocj61mT3IvGdikMd8K3GLJ/t7ZSOImpAZVZK6g==
+a0.nic.istanbul.	172800	IN	A	65.22.144.9
+a0.nic.istanbul.	172800	IN	AAAA	2a01:8840:8e:0:0:0:0:9
+a2.nic.istanbul.	172800	IN	A	65.22.147.9
+a2.nic.istanbul.	172800	IN	AAAA	2a01:8840:91:0:0:0:0:9
+b0.nic.istanbul.	172800	IN	A	65.22.145.9
+b0.nic.istanbul.	172800	IN	AAAA	2a01:8840:8f:0:0:0:0:9
+c0.nic.istanbul.	172800	IN	A	65.22.146.9
+c0.nic.istanbul.	172800	IN	AAAA	2a01:8840:90:0:0:0:0:9
+it.			172800	IN	NS	a.dns.it.
+it.			172800	IN	NS	d.dns.it.
+it.			172800	IN	NS	m.dns.it.
+it.			172800	IN	NS	r.dns.it.
+it.			172800	IN	NS	dns.nic.it.
+it.			172800	IN	NS	nameserver.cnr.it.
+it.			86400	IN	DS	41901 10 2 47F7F7BA21E48591F6172EED13E35B66B93AD9F2880FC9BADA64F68CE28EBB90
+it.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mRDJMq4kPplSPJBI/kDEn3VGViti9C7ncNXmo28DYGKO254mT2QVDdHykfypPg2HlvSeVOMwogC6QnjlX3Shz9NBzuKtArh+zBSnHiskJkZXQw3owxpcnsO3WVDdndEY4+Hwhvx7HpcE3SRRo6WLRNpeDkrFfATLW/YD6IA09/MoHlzrutPdyUE2LGhEv5ILDbcdRYW/gbtOtcCMZF5DVfaO6G4No9HTVDXe7Q7p6Q/8thwTaBcRpla52t6I/9IJ0LAxUbiMMP0d8sYKNpyy7Q71Ok3CGyQA+uomMC3WDHtUaOMHYfI6fJ3z9q78j1qGIln1guCBe0fpXQNS+4PWRA==
+it.			86400	IN	NSEC	itau. NS DS RRSIG NSEC
+it.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . utWKYndf5RKzMhpTAYes8O/bx+23jTWU7nQLaBowAOYCEijPpeltT7fAKV76k4W/PvbBgS9CdoqSAOsWZYNpSB8vcXQ0U7wWubTBNt94meMtv3j6g3eXBjluDa046ug9X6BcBQHcWr8XSOppSvAbMT7UHKTLLGrDZAhhoL99mzYu0E3/7jgXA/34G414UD3qMJD1stEnGfRdmIvXLZySFgFw6/jIWak3q2hkZ+TK/p0NIa7s7YsXk0GMahCeArbWs6sZFjL9ic6Qr4j+3SMi3c4DQrjaafyc1zWch67kaJpc9WrBcibwNWD+8Dn1ljuSFcpTpAAnUz5HsG64tAxaAA==
+nameserver.cnr.it.	172800	IN	A	194.119.192.34
+nameserver.cnr.it.	172800	IN	AAAA	2a00:1620:c0:220:194:119:192:34
+a.dns.it.		172800	IN	A	194.0.16.215
+a.dns.it.		172800	IN	AAAA	2001:678:12:0:194:0:16:215
+d.dns.it.		172800	IN	A	45.142.220.39
+d.dns.it.		172800	IN	AAAA	2a0e:dbc0:0:0:0:0:0:39
+m.dns.it.		172800	IN	A	217.29.76.4
+m.dns.it.		172800	IN	AAAA	2001:1ac0:0:200:0:a5d1:6004:2
+r.dns.it.		172800	IN	A	193.206.141.46
+r.dns.it.		172800	IN	AAAA	2001:760:ffff:ffff:0:0:0:ca
+osiris.namex.it.	172800	IN	A	193.201.40.6
+osiris.namex.it.	172800	IN	AAAA	2001:7f8:10:f00a:0:0:0:6
+seth.namex.it.		172800	IN	A	193.201.40.7
+seth.namex.it.		172800	IN	AAAA	2001:7f8:10:f00a:0:0:0:7
+dns.nic.it.		172800	IN	A	192.12.192.5
+dns.nic.it.		172800	IN	AAAA	2a00:d40:1:1:0:0:0:5
+itau.			172800	IN	NS	a.nic.itau.
+itau.			172800	IN	NS	b.nic.itau.
+itau.			172800	IN	NS	c.nic.itau.
+itau.			172800	IN	NS	ns4.dns.nic.itau.
+itau.			172800	IN	NS	ns5.dns.nic.itau.
+itau.			172800	IN	NS	ns6.dns.nic.itau.
+itau.			86400	IN	DS	20974 8 2 255E44D9C42D417AE07B1B92F8BBD5C856F1347B87948B58DC245DCD58FD59B4
+itau.			86400	IN	DS	32626 8 2 4ABE223F5AD4BDBD1C42DE183C76722AFEDA52267F4166F23483204AD0CE4AFB
+itau.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aD5nIojxSO0RY9L8eByuG9Dj77UV+xdlWoQyR5awq7OqBeBmitYadPpe8pHHLVz9IhiaJ1qyiYJ7TeXhWt7gNpiie7WsKrHffZfobHkzqlyHiSNIqkVUrzrhfUdkmzCm9zBXyVI3Z2RznHaodMulQc+OCSvRhXCM/0kr1A0kvQH27rVLwzpMMM4cviJSDWgvtJce1SC0qA+9la73Tmpxt02JGgnZ/e5pgXHQfR8SunjFintfdwao3+jjC1eU90apVKOoU3qcIuiB1ndldYnXaOuU0Y6uaoZ1JNUeOIA77jZ41LrBp7UmSIzcNAWuVHwFNAdVZtrYjPuC1CVDoRpQDw==
+itau.			86400	IN	NSEC	itv. NS DS RRSIG NSEC
+itau.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vgmG30YtOrIsZO2jZuXJwGMomPXfm9obhxTVo53DJ4B1WgH4PD50R2pFWgj0TwN0C1QXyNSxKrlQn7PP0IGxi+q2rxXMPzXGxc6SGW2OmmtKDxpKp8Sj0zwTRP+UpClPtLk2bX0DxOykZc5ohSgyGB/xdeT1ngtERU7atIrLZ3/XCtqVAqvc4DIoB2Meig38ow75Rh6CnZ6CJtBCvJ3gnKhNUo0Idx2qgIxbluawLH4JEOGZu5a67qPRZMdihQW6HDJu0mMr1Q+Aypuv1s8zk3iABEoVHEYdhr6tzuaogg8EBh2aY8xjEeCBBdtS63TZ/26jlZYSiptoOhucRR8LPg==
+a.nic.itau.		172800	IN	A	37.209.192.9
+a.nic.itau.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.itau.		172800	IN	A	37.209.194.9
+b.nic.itau.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.itau.		172800	IN	A	37.209.196.9
+c.nic.itau.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.itau.	172800	IN	A	156.154.156.84
+ns4.dns.nic.itau.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:54
+ns5.dns.nic.itau.	172800	IN	A	156.154.157.84
+ns5.dns.nic.itau.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:54
+ns6.dns.nic.itau.	172800	IN	A	156.154.158.84
+ns6.dns.nic.itau.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:54
+itv.			172800	IN	NS	a0.nic.itv.
+itv.			172800	IN	NS	a2.nic.itv.
+itv.			172800	IN	NS	b0.nic.itv.
+itv.			172800	IN	NS	c0.nic.itv.
+itv.			86400	IN	DS	47554 8 2 B40BD9C46F4EA1A9A496C57C37A91938AF59778971851D7D91C54DC203649C13
+itv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kiXe8dPLJp5v0WWiFCLu8NaSnnvHNj21gsQjYN2Z6lWjpLX3ddubdSWxEqchnjoTGJ2ghIl57KEpPeJXzX4V2wYMztctDZtTrHpbY+Sdy9bVeU90sisSh11EpLdLJzcJdlDBCr8l/7EFEnq8ARq+CNQK3QxQJT0G3CK7RsQsy29GC7KbmrP/hNyUIh+2j+6H2DQtc3n1njlmGPMhuscTDtcRMXfrcwyVtzoIU34gDBKFcnAtdWadVRcqryA4vDV+fkw+Jt4FKECrIk8twD9sierAJoIMzbKxwN9YECofzXD5mkTvjYd7ML701fdekHDidCzfi9rU8MGDadpojaLPUA==
+itv.			86400	IN	NSEC	jaguar. NS DS RRSIG NSEC
+itv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . N5yhvSNHuNSEZ+7RMA0XeBXMdZfvqXH4tjY9mQpRNesuYU8vf+lzp03WeRAGZMEEbq13EUvz8Qq12wT9t5d2+F+sXY5xoCq/DWjRGbhhpXz9d/6bNekFv7c2DQjo80jcRe9EUPOENPrHHe2iL9ehLqn0nOr0yQm/ZcY9ApcdX3O4rYW+lXhkxthh9qJKa3j4AtWnN1h/KhmVtCtMZErwcnw17P1vz/tcmJuSmNGRjB1yfqKyFVEq+A8ZW9MZICRthWN6JYb8n2jbJm2GumsGtoJPOUxlSXCB/i0Rz6z1ePzL73vBHv3Q/ue0eShtaZJSPotshURY2UUSSpzKr03xEA==
+a0.nic.itv.		172800	IN	A	65.22.88.25
+a0.nic.itv.		172800	IN	AAAA	2a01:8840:56:0:0:0:0:25
+a2.nic.itv.		172800	IN	A	65.22.91.25
+a2.nic.itv.		172800	IN	AAAA	2a01:8840:59:0:0:0:0:25
+b0.nic.itv.		172800	IN	A	65.22.89.25
+b0.nic.itv.		172800	IN	AAAA	2a01:8840:57:0:0:0:0:25
+c0.nic.itv.		172800	IN	A	65.22.90.25
+c0.nic.itv.		172800	IN	AAAA	2a01:8840:58:0:0:0:0:25
+jaguar.			172800	IN	NS	a0.nic.jaguar.
+jaguar.			172800	IN	NS	a2.nic.jaguar.
+jaguar.			172800	IN	NS	b0.nic.jaguar.
+jaguar.			172800	IN	NS	c0.nic.jaguar.
+jaguar.			86400	IN	DS	15829 8 2 D4BB4FD9F95EFA2BF1781B7A0C17388B42520CAB5F8C805E7DCA3105F33CD881
+jaguar.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . k/irjrsc8uwiCcT/YeCwnij+SmwiwW05BZh9Gm3qvYwPj7uwL47GszfAdJYNPCjjlSQUZv7jK0gpKl3GwOZDCMH0eG6Gw86XiRGOkLuTG0M5tfEobBEzHOD5VNz+VBCJh+4gS9eisBCenT4kGyhSoANoz3XxUSCkfUwQNZzA8CEg2Lb/mqmLD85JKz9ASDlGd2EDxkpdblSBjJmGaCFB5et+5XTEvW70gw3+QeaGIiwE7idtc5EN/UzT3s3x0rgbtE6Plj+hxKn0PzpwHkT1vAr8O1qa4bWuriNx32RP18oYa+wip+4mZ/jzcz/heCoUvOfnLlHkS2mfIOofd7OvYg==
+jaguar.			86400	IN	NSEC	java. NS DS RRSIG NSEC
+jaguar.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DShyhlmz3/FhUCviXc3Llsf5WtD6LMYjUC95Z0t9u5L6jpE01yt+lu7xSrl0V6Xkw6EA0xyAzS1pBSSdnJI606/yNzYgqMAxTebaJlvhDNHm37Bas08RNDmejQhTZ5cby7HRggHDd9rACBNY8V7TkBcjz8t+Q64dclKnV32VOF3NyF+g4h51woNEyAXihE0vOc1cuKidaLN3Q6fcoVTp5kWD49J+Fa+pkape9nJng2VcBQgdAe1+jE+7u1PiNudNEEbT0fw+gP85HpG/eBm+Pzh8bL2hvaOIuCzN6Nf+3Nx7ITmiXm07bLGCXPsjbytc0pb9A6qYpxGueyublDtvKA==
+a0.nic.jaguar.		172800	IN	A	65.22.112.51
+a0.nic.jaguar.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:51
+a2.nic.jaguar.		172800	IN	A	65.22.115.51
+a2.nic.jaguar.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:51
+b0.nic.jaguar.		172800	IN	A	65.22.113.51
+b0.nic.jaguar.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:51
+c0.nic.jaguar.		172800	IN	A	65.22.114.51
+c0.nic.jaguar.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:51
+java.			172800	IN	NS	a0.nic.java.
+java.			172800	IN	NS	a2.nic.java.
+java.			172800	IN	NS	b0.nic.java.
+java.			172800	IN	NS	c0.nic.java.
+java.			86400	IN	DS	35845 8 2 FE3EC07C5C98197923923416C9AF01B70379C0A8431064C8E74BF9B443877FD4
+java.			86400	IN	DS	45615 8 2 7F20B5E00C2324D253F209B3F386F7033DAE09CA9587524B3561F4CB4B3CD60D
+java.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1RrM/Zcy+N5qA8vym8q/fWQDo3RBTUvszV5A+/7BMXRFGRVexQNVGUyWk6ekW10L+lPuAQ2izFlI9smgeA9wjRBOwUaW2goQgrKXlGSZJ4ji3B56Q/KSxTc7FXzUMVgzNHR2J+cysZjOrt3GuJwO+wabrdAPsUn0BXnKNbhXnGuo87TpenLSRETpK28iAcYQkGwV/B6LVR32v0/Ma2utDhuU3DxsG7yo62flWQBAINqMoRQ8u+lynfQQ+S9Q56Vd2I2vZQb8cgil0DsBD/UFz9K3BhlF/5Zx1Mp/6Iqma9x9vjKy8mhtnYqSnxUVHobN1JvoHMxme0qEgSwqzQU7Wg==
+java.			86400	IN	NSEC	jcb. NS DS RRSIG NSEC
+java.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Isetd19FQSLD7LtV5XMJeVmoZ0Nr6XyStQ18Cc9rnqzrcuOhJisoRCNjgV0hDN2FejGwnzpP+ddXgxgrA34ZjUqzdZlLVop5iaBiyOHZoWPmjrQV+ZZmy/+spoMDs7Z8bO71qAflFbTOxuQh/8uwMWQu7nT3y+kw3MkCS7ibjTQRUOZJ9Rw65FIg45DT14rDHXLWkolu2N6LRNIdRzk1njaDS1rjQhwKAFlZqjKm25cAlStZ/KNCwnkdhp+1uSsEE7bX6Ojo5cBbTxdPnLBJKXR12UbBooOFxznyRaUjQafphmpSA9r0WJOC49Z1mi8OBFGZYO8ixDfuT9MC4Pxz+w==
+a0.nic.java.		172800	IN	A	65.22.84.33
+a0.nic.java.		172800	IN	AAAA	2a01:8840:52:0:0:0:0:33
+a2.nic.java.		172800	IN	A	65.22.87.33
+a2.nic.java.		172800	IN	AAAA	2a01:8840:55:0:0:0:0:33
+b0.nic.java.		172800	IN	A	65.22.85.33
+b0.nic.java.		172800	IN	AAAA	2a01:8840:53:0:0:0:0:33
+c0.nic.java.		172800	IN	A	65.22.86.33
+c0.nic.java.		172800	IN	AAAA	2a01:8840:54:0:0:0:0:33
+jcb.			172800	IN	NS	a.gmoregistry.net.
+jcb.			172800	IN	NS	b.gmoregistry.net.
+jcb.			172800	IN	NS	k.gmoregistry.net.
+jcb.			172800	IN	NS	l.gmoregistry.net.
+jcb.			86400	IN	DS	8039 8 2 A21F8529CE9B38A28A4B03251CA112BF0528655D5CD28901B8585389DE8261FD
+jcb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gDLZGbJK8IuVGdIlfDiBX9rzvA8MhbZq2SXL3l1PaVf7/WywEvD0z2BuZ1FGZpQal9elwFOIvARbl1eTjolhaopa74MIee+ysLn8uiu6E74J4yKQNkkL7Jmu1c0LAXP6irujsy2rw3HPkCu97/XkAumgw5ohda0R3yzm/hUxahbRCt8uqAg9LVqqfnBU6t3R5QakPdF49d0JauRyXMTBiK+/s9PE/m1bxmTa9cg65UKJBaRPx2/rOFpgzDn8ofMG1j0/Po4Y5dhvikBQa+2OTuD4oClkPcvP7BhDgOyptDVfX0wvAdFbUdWqT6BwEooPQxMCUcRbXEl/W4Z8JWUJxw==
+jcb.			86400	IN	NSEC	je. NS DS RRSIG NSEC
+jcb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XSi3yPRF6y+fgoZmWXbFHirzKRiB6e0duJd8f2a/h03AzDEc9CQ/y/thg5Z0kV71/QphA4s5D6e1eUEFCok92DBWF31yNwfuIBzdpZaPFPMQ19oZzepBYpOzVRPWqPYwMfpq5kqMjAf7o1LPYEio4pq57R+gFyu172hdOpKeR0qZx1er1ej8fcHOGnSP1K+vzCSbDo14aKW5qtoX97eP/w3aluyLYdJz0+mzjdQ3IQzIXJhnOYEtdwu7ePteTxdtsTkyBFGqZWkrz1sNopfZmHql11kqMROe6Ci+xhWKhcaS62I+eA8l8zYqBa3EfwUMKowFPTK+ee2lpe+Keqj6Ag==
+je.			172800	IN	NS	c.ci-servers.org.
+je.			172800	IN	NS	e.ci-servers.net.
+je.			172800	IN	NS	dns1.nominetdns.uk.
+je.			172800	IN	NS	dns2.nominetdns.uk.
+je.			172800	IN	NS	dns3.nominetdns.uk.
+je.			172800	IN	NS	dns4.nominetdns.uk.
+je.			86400	IN	DS	19054 8 2 051F21016E36C0DC46DA9437C9F5975A95BF6B0B85E9E8BF53F49930EB65E90D
+je.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fP8nZE0vU9b5pyEf6WH2vTzqZhqeBBqRJce3fqG6taQCzp7nxLC3DciDng4yL92sS1j0f1qACkEYKCp7pixb90SSzC7rjyWY2TrAJTwr6scceswc+Co0aCG85Lp4SolMg+KtO87KIYDCzRmNSvgX7WvtnrtT6r/3h90EGiGvjgwagAONWMlGnV82fIR/TNZFVMxGNpuI1zcm9RtMyQ+X8x6b/jVc3X99Z8/fcrXfJyStaJepNQvg4kI23B3aPZ9/2OSwa9ouWtiHnew1OPfg9wvyg46weYT8vQORrTN7FrUkq+2RxjySVOjmI2dDXh6F5Hm+0lT/HAw88WK+i3qxzA==
+je.			86400	IN	NSEC	jeep. NS DS RRSIG NSEC
+je.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZH+eKXc7qb4JRscbAcHSJtFpGSRqC3eJTlLZwNI/+zl+8pJGIdR1/Etwqlf1/+ltnQYh22/6mbzlWKoaUwPJ5I6aA5eaHLbXcQZNJRKKpovgq9D1wRqq7JAy+LjhXyXEM4HagwVeTthSm3wzmajlV5j67wEah/JPWZPXAjqzmyVP/JgCYkMBw626xcUye2tf6MkiBTJPW4HxiInESPWPeO7/Tvm2MD4c12MWQyHpIEa0gLeRQ9yrBuNVZi23+Z6U0w02rSL/4fiyu1hh+nN/mjfwWP8uE3lcNdmhN+B9fZGazlashZtUqkWDMlzMKsGh+XpkMmRzNwpioc4npkbudw==
+jeep.			172800	IN	NS	a0.nic.jeep.
+jeep.			172800	IN	NS	a2.nic.jeep.
+jeep.			172800	IN	NS	b0.nic.jeep.
+jeep.			172800	IN	NS	c0.nic.jeep.
+jeep.			86400	IN	DS	49999 8 2 F00A0B4B65ADAC570C2DBC81483367392EA9A86FFD17E4B3F042D446ACD1EA4B
+jeep.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Dtx0VOLv/5DKU1kTAt/FQdHJb4hdBeKFft8lPAFTXrMUM5WbShdbdsOdKkriikFVFt4GLD15AIHGw0VdWR5NbRjT9RobARJHftNPS9hYEFHNiNXKtkoNvnG3wQ/TH0UlfL65FXnLNQshmHbScy7lHcRqbe1hMru/RkMSzRyTz+Nnn50uSgz6wDch+tewgeoz9oruWdQWyjOECZ0B7K64+7t+U9l59HO+C+Qwk8LKuBVgcQo5DldfAFIFAOrkOTQyNV0bpjXnnMkvmS5w8DaQkgiwsciXX58JHiWibZri24YCwaBFGkvBwpyVuyGGJ3BBmpkISwUObwOf6Fc8J55fxA==
+jeep.			86400	IN	NSEC	jetzt. NS DS RRSIG NSEC
+jeep.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ydDl/mrLzvUR2Dce7Bzhnn01H+6YxM5ApYlV3wmbtsr4Qw8+xvPG+JofIF5KINZlusnifFcSTsSVVEWUvir/NEa4Jk0JDSow2jL9CX7x+hl/uGHAfdygOhHR64ZJ9xHmRx8M9JBSFTaOPQ6t3RHGcSZe09TQh6iOTPMKl2On9bQU74pQJs38vWtT373/0zR+OYOXLpP0uMhcZEggzcGWGpvNOkpoRR4am1uKljcy9FhqFgCjtegsMdwp++3okFAP7yh/3TAOfqNOhg2lWKKOQKrBvNeUzcjwNiJJtPyxkz7AqdC7mxCL14RlzUfxfF2r2Pwv6v0mRa7TR3HITr/qZw==
+a0.nic.jeep.		172800	IN	A	65.22.76.41
+a0.nic.jeep.		172800	IN	AAAA	2a01:8840:4a:0:0:0:0:41
+a2.nic.jeep.		172800	IN	A	65.22.79.41
+a2.nic.jeep.		172800	IN	AAAA	2a01:8840:4d:0:0:0:0:41
+b0.nic.jeep.		172800	IN	A	65.22.77.41
+b0.nic.jeep.		172800	IN	AAAA	2a01:8840:4b:0:0:0:0:41
+c0.nic.jeep.		172800	IN	A	65.22.78.41
+c0.nic.jeep.		172800	IN	AAAA	2a01:8840:4c:0:0:0:0:41
+jetzt.			172800	IN	NS	v0n0.nic.jetzt.
+jetzt.			172800	IN	NS	v0n1.nic.jetzt.
+jetzt.			172800	IN	NS	v0n2.nic.jetzt.
+jetzt.			172800	IN	NS	v0n3.nic.jetzt.
+jetzt.			172800	IN	NS	v2n0.nic.jetzt.
+jetzt.			172800	IN	NS	v2n1.nic.jetzt.
+jetzt.			86400	IN	DS	34480 8 2 BDF6C4604D479D93BF6B0308835406829CAB3DACD840365A854653F45336EA92
+jetzt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XwN75/fvGzYdL7a4HfO1OvSYba1iSVhQEsuRv8zy2couKJ4apidee1z8MWNCMbbJ9yGZz3Hsjfz/vdHUyK+DHW3MUpSnT8OvIBmLM14pZ/NEMJCGzBOFuYK0A8V+Htr80ygKYoXFD3V5GEvD+NGPRjOWkaTvoSfmUiX1jSQDTzUpcSAdo/5TjWYSieAA0MK1cJVt3LnZ9EE27jZ/TNCJeSpt6OnRQB1ipVqSFUcFAJ5KxZE2dFiGqbVbWXUGJFq+vt1s+ijdTvufJQW4rUg2Majey85wiMzbBQVKUig3JPOyVop16oic5REn6ZWSJ/PAx6zOiHevKOp6FF7JTasxzA==
+jetzt.			86400	IN	NSEC	jewelry. NS DS RRSIG NSEC
+jetzt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A6npiL2Hc01qfcNMs/1+9n+XMh0B+fAH+hHyIj/koPu2OMhtwZtHws/bYVYoMxlhp2w39pvaxclDevhjqa/05/i1TlcKZS9mqv9dGPKq29A1uN8SespKRRrk92TWR/xVQtYb+viaqbINhyWs4f9ki2bjMjYDaZtoDw9OMMoXgfWvZwUxOzXTFuB0U3FYOrYN4F32UVEzND6E+7vAbMJrfyC4nlw5QdL1JCAR/NtE4AlbzYdrPb2sxKfE6wZKbV2iN1aHxAMa5VYAKHu59vErtbnhzKEO9a2Eo8pFLxgm3CNUgMgg1E31Lf4bWsPuldlZcvFctTHWEXCnxqCACJr42Q==
+v0n0.nic.jetzt.		172800	IN	A	65.22.20.49
+v0n0.nic.jetzt.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:49
+v0n1.nic.jetzt.		172800	IN	A	65.22.21.49
+v0n1.nic.jetzt.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:49
+v0n2.nic.jetzt.		172800	IN	A	65.22.22.49
+v0n2.nic.jetzt.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:49
+v0n3.nic.jetzt.		172800	IN	A	161.232.10.49
+v0n3.nic.jetzt.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:49
+v2n0.nic.jetzt.		172800	IN	A	65.22.23.49
+v2n0.nic.jetzt.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:49
+v2n1.nic.jetzt.		172800	IN	A	161.232.11.49
+v2n1.nic.jetzt.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:49
+jewelry.		172800	IN	NS	v0n0.nic.jewelry.
+jewelry.		172800	IN	NS	v0n1.nic.jewelry.
+jewelry.		172800	IN	NS	v0n2.nic.jewelry.
+jewelry.		172800	IN	NS	v0n3.nic.jewelry.
+jewelry.		172800	IN	NS	v2n0.nic.jewelry.
+jewelry.		172800	IN	NS	v2n1.nic.jewelry.
+jewelry.		86400	IN	DS	55777 8 2 CF1E81D50A04C164391BC99065EC51D4E25AB77B740CC93F011DED2A151AD6D2
+jewelry.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . T1YbpvJUxdcqEjPh0+KSePkNPVm5b/pxjm9oWAfoJxbJhfeGm8228CJNce2KflH5+Hpaf4aUOik3arL//hWXHrD8MAQGbeXysN2R17SY+AUkTIh2kfi4ofeQYPJgjBZfq/ekh9h7hLlgBfGzUGYl4OEmVlJp5wioPoSvsb7xSPoStWn74kB9BG0LlnYCyefXsz+bf2n3fp7dRZs7c/5YippvqmIc0uytApH+wTfz4CMlNFacCrm2ygraPzPMYlK5WmX5CovzRh0g5HDlo4WExTMJ7dtlDohdvU2Cqap58ljdq0gtvlEldWbYllkqh2BS7t8+GJ8CtWKGLWEWB+OpSQ==
+jewelry.		86400	IN	NSEC	jio. NS DS RRSIG NSEC
+jewelry.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cg1Dxm/n2rpDWTmv4jzDTbfRLlosS61dqJOhsBjKusqvEPJZvinD4VAu2a2OQ4yOX7XyxHpGsmjU4MiLl5CcfIuKSlSaiYIcv/3Q49za6W0232yPk0ckgdCuHGGx3o5LuvWojmnRKJlPYdFHY/zQMDavaCW9/an4oakkylU4Eb/eAEysd1HxxA8gq+kfJux16EIWPj8pUZFYQ6x+O7BOoLBnvVorG6n5dxEiwLgJ7xXKYYa6pZ41q0YpxPaFl7xZUdV0zHV8/5dYxZjJIFp7FfYod+9iOosFdRdhOEXI3Rjr1LhxGCWUvhuRDWMhkoqnuKkkqn9UogDeup/KPm0Xrw==
+v0n0.nic.jewelry.	172800	IN	A	65.22.28.26
+v0n0.nic.jewelry.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:26
+v0n1.nic.jewelry.	172800	IN	A	65.22.29.26
+v0n1.nic.jewelry.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:26
+v0n2.nic.jewelry.	172800	IN	A	65.22.30.26
+v0n2.nic.jewelry.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:26
+v0n3.nic.jewelry.	172800	IN	A	161.232.14.26
+v0n3.nic.jewelry.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:26
+v2n0.nic.jewelry.	172800	IN	A	65.22.31.26
+v2n0.nic.jewelry.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:26
+v2n1.nic.jewelry.	172800	IN	A	161.232.15.26
+v2n1.nic.jewelry.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:26
+jio.			172800	IN	NS	a0.nic.jio.
+jio.			172800	IN	NS	a2.nic.jio.
+jio.			172800	IN	NS	b0.nic.jio.
+jio.			172800	IN	NS	c0.nic.jio.
+jio.			86400	IN	DS	5476 8 2 D03F2390954D50F114B39620E940A7DE9D1FB60661CDEB43757B5D4A76FA8180
+jio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kHB+5Nz0hJneufBlHsYofSlT7kdWwwlaJNJit5rv9tDN3CbZe5+YmAQi8EwjTeAF9UAGVe2cbMmLfXwpG5lfHr879+FxNeVQwqlhnmwKxuCT6PgXV/wOFCniA8CPdtOjPXkLMp83C4E5sdglcSiYFzNpAE0XnowCOe5VgzuAwNqz7XNyCz6XGraXoIDJryTPrg+GzeUJiVwu9RU+aYPCppG2gUZbQTecw7njrJ4sixzyDG6S8/icd5dk3F2tPjUnSXoeuDm0rqn1hsbiebXiXdCnBSCIrXQkiuCnnzxTHBGvD0fQB+7V5EXsgLxtpC6w6Q52N7wS/BzT4wDusiVRRA==
+jio.			86400	IN	NSEC	jll. NS DS RRSIG NSEC
+jio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hn9x/zAltY+pzW/35bOqkeYIHLckdMQ5Oh17OUAKaufipnK6jqU8gCP/nDXQPY4R6loqmFqAPs1uRcgQ/JcL62iUdMSCu1ZOEjGnp5yL43SanWPvy6v0hmGiqkv4HLN+IQiGCXaHO21aY5dRfoGup4cq5WPcbmfWqEuth96Rpr3Nqd9737uYeuXjIwXqWZMUqy6OxUGTaXIAO7+p2U9FAew04/Y5kfqcI5LDuhPsef4rMck7nCyZ9vmANA/8FaTMHXBtujjdIPdFy8AGiu2GxrMsB+5LmePgr5lb5Ju8e8FO6vxCtG2VvlI7lqcM91mmRsM+wjjXBcza4oVN+BvrnA==
+a0.nic.jio.		172800	IN	A	65.22.212.33
+a0.nic.jio.		172800	IN	AAAA	2a01:8840:ce:0:0:0:0:33
+a2.nic.jio.		172800	IN	A	65.22.215.33
+a2.nic.jio.		172800	IN	AAAA	2a01:8840:d1:0:0:0:0:33
+b0.nic.jio.		172800	IN	A	65.22.213.33
+b0.nic.jio.		172800	IN	AAAA	2a01:8840:cf:0:0:0:0:33
+c0.nic.jio.		172800	IN	A	65.22.214.33
+c0.nic.jio.		172800	IN	AAAA	2a01:8840:d0:0:0:0:0:33
+jll.			172800	IN	NS	a0.nic.jll.
+jll.			172800	IN	NS	a2.nic.jll.
+jll.			172800	IN	NS	b0.nic.jll.
+jll.			172800	IN	NS	c0.nic.jll.
+jll.			86400	IN	DS	34711 8 2 2684574B7AC4339237FA607C55C1244D45C6C7C86B143C9240A72C2F62A012E4
+jll.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A1pNskJ50MpUcMnDTSQD4CNrG1ga1BVLSdlX1UHxXGSDS7UfqagnyeADBp/SjWZvBz2BCrGGPmoh6tUB+5Up4zZIbnaVXmC/OecCFbDDxSZO+9xSvgmcOQsz6gFYJpTfWNvn5D2TKFhOpl8JIlQtKi7Yh8jwq/6kZxiUJzVnH0JXes+aGV8e6lpS+W2iC8NIi9rUV1F2H3qS7spuZJQEPDtY7/pH2/9mdoz0HRsfVogcjFuxwhJPxFQajlH38KL/JQdKWcF8G3/SyX3MldacaFlSejf7zAbCr58DrT6Qk+B0zLEHBN1xi2IsTj4v/wq/AJOljF+nkNeoiaNvEVZUhw==
+jll.			86400	IN	NSEC	jm. NS DS RRSIG NSEC
+jll.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Sm9bgAkP+UilGwgjxfBH0YPAQ4tvXZZ8zt/zpBV5spfog8QXR6Z2/KNP+NWdimhEMK6t/2qWvQu2ggsygFcB1kMEAQSIJ5qpiUI9124vZd5kBPTsvDxfrn1CrV2pJ/ufp1cmMRunWn+l7UoTFb8DbxgYCXLU1gjlY729Nb69ykSV1AhLoXNp5y86cw0eVHCJdF/r0jHSZOa707FGtsbBXJrU8Bg31umXQItyp7NdSdH9k7xefjZOM9b9cJnzzlRb728Vzm6gktne52ye5X2A8QiRht+pnpWFFr/Y8mV0y9qcnLFql4yoaXU6Ept9pVLXt1OcKD+QI6CO64s92tWe4Q==
+a0.nic.jll.		172800	IN	A	65.22.148.9
+a0.nic.jll.		172800	IN	AAAA	2a01:8840:92:0:0:0:0:9
+a2.nic.jll.		172800	IN	A	65.22.151.9
+a2.nic.jll.		172800	IN	AAAA	2a01:8840:95:0:0:0:0:9
+b0.nic.jll.		172800	IN	A	65.22.149.9
+b0.nic.jll.		172800	IN	AAAA	2a01:8840:93:0:0:0:0:9
+c0.nic.jll.		172800	IN	A	65.22.150.9
+c0.nic.jll.		172800	IN	AAAA	2a01:8840:94:0:0:0:0:9
+jm.			172800	IN	NS	jm.cctld.authdns.ripe.net.
+jm.			172800	IN	NS	ns.jm.
+jm.			172800	IN	NS	ns.utechjamaica.edu.jm.
+jm.			172800	IN	NS	ns3-jm.fsl.org.jm.
+jm.			172800	IN	NS	phloem.uoregon.edu.
+jm.			86400	IN	NSEC	jmp. NS RRSIG NSEC
+jm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HFTe/U8VvH3Ev89KJgSfC7Q7zrIEYzJWohux0lBwHSvXJH1cHwXBrwj9Yanwp/5G14/6/zEyTRpJEEb2ZI4Jrs2nM4VmGHA/MrziPHO59WSRpxp5Zhr/eriPBZe+ep66RTm0e4Dr6EhpEM9FMWPD4zSI3bTFeUY8roiuk9U07abn2sRgexcueOQbdHVxi/enYOsVCrcbParrDy3orIFjYhzAMxlU1qUeSkjg+PR1RxDhJWo7MLhz8pmKi7BHgAbrmFuCNxFNH6p5S+HSuCuMbGiVLTSNZBo0wnnWyZMe41Tbe8d23hrUnMRa5RmmswbCmpUhSr9iqcGDVBhTXEZN+A==
+ns.utechjamaica.edu.jm.	172800	IN	A	200.9.115.2
+ns.jm.			172800	IN	A	196.2.1.6
+ns3-jm.fsl.org.jm.	172800	IN	A	196.3.191.66
+jmp.			172800	IN	NS	a.nic.jmp.
+jmp.			172800	IN	NS	b.nic.jmp.
+jmp.			172800	IN	NS	c.nic.jmp.
+jmp.			172800	IN	NS	ns1.dns.nic.jmp.
+jmp.			172800	IN	NS	ns2.dns.nic.jmp.
+jmp.			172800	IN	NS	ns3.dns.nic.jmp.
+jmp.			86400	IN	DS	8866 8 2 30EDBD31093E1A261862822C85D745E0E803D7BA503AA4FBB79D4BB828FC5422
+jmp.			86400	IN	DS	30112 8 2 47FCD5889323F70E3346B144D204BA05F601D6B6C56C8C52AC7606F7D14AF60C
+jmp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rNCtQlkRak9zsj7/w8BY/cC6bk7b7QQG0esN/2PGKbns9kDr6wPOS6obC+VpJp8faY1dTGYX5nPR4gkQ3kgpaYQrVaG4fEZczTZ8KZKnt2XAm0rN3QXf1MvkobldWkPkZV9iVj3NlU3vpcZ2+cQg+pyGiYsdWbElDVCPfeck5DFE5CgMdxcrYjvuGE+iFxg/PBhJARi8T9woYb6qnGmPVZrqhQpiAEaIkq0Md8hw3OekQVZ3LnZHH8K0J3G+eosKLGhedLhsJ7wbmeNl2/FbqfrgEN1gm7+S+6I+unRL/DbNDDag1mGNRFHgYg6nLFmLwguHx0TkrtaLQ9654wFOjA==
+jmp.			86400	IN	NSEC	jnj. NS DS RRSIG NSEC
+jmp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bIhQttJZh/IG5+TFf5gTfpa4/mH+4HwEabr6kqveJMWc+y3NyTAps6o5fAfVX/GGUDK1mtDviPGyC2PkKv9P2omyqDl92CE6KSvONslkNd2OWmFtRYckQPY6z8bT3EOfPJDVzo+8sfClFZl3vMpHuTYQURrihChjMevPuJb5Y/+cOaejQulX89gqYIazJugicNR654HPwnftRyXILLpczn933lIMV5VRAZ3r6Ppld1smFi1RRU38pv8EuAp6pzpIP24+DUwXsNQZ3KaJKUdmxgjU8HwEQb2tIpcZD9hnRi248gAVWy4hyblkaQWCeiSFHYUmpyYHmm/g0/4OnOaibQ==
+a.nic.jmp.		172800	IN	A	37.209.192.9
+a.nic.jmp.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.jmp.		172800	IN	A	37.209.194.9
+b.nic.jmp.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.jmp.		172800	IN	A	37.209.196.9
+c.nic.jmp.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.jmp.	172800	IN	A	156.154.144.88
+ns1.dns.nic.jmp.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:58
+ns2.dns.nic.jmp.	172800	IN	A	156.154.145.88
+ns2.dns.nic.jmp.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:58
+ns3.dns.nic.jmp.	172800	IN	A	156.154.159.88
+ns3.dns.nic.jmp.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:58
+jnj.			172800	IN	NS	a.nic.jnj.
+jnj.			172800	IN	NS	b.nic.jnj.
+jnj.			172800	IN	NS	c.nic.jnj.
+jnj.			172800	IN	NS	ns1.dns.nic.jnj.
+jnj.			172800	IN	NS	ns2.dns.nic.jnj.
+jnj.			172800	IN	NS	ns3.dns.nic.jnj.
+jnj.			86400	IN	DS	8032 8 2 5CF2A2DFA2B3A5B5C8B3F42BD42290FE5632DC8720B48286573C4ACA21FD8C82
+jnj.			86400	IN	DS	16897 8 2 8E9740B903122D7DFED99CF66764BBB9B24EABE8B5A3C37BD0D876F47D69956F
+jnj.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kIjoG3cvqp+jx1U5/24ZLUdop8MsZtWRBWDKvtJypexT++P5oLa3x2CYQnMiAZyoa+gHAEk9IfF4WHYCPGf5phtHUkqXgVFZ55paoSmPF/uXxsho3z+HcOJUEmegBpz173CqmhkQVGwZMzcczs50d/CnsEbxvcOC9QVaEOUKmX/jDHfingW2CBSKiqXXL44tPWoK4ZmLI5pZkaLN3ERtFUkMGD18GY9caJ+Si+cnInsE6IXI5LTnZuZY+vXEXpwOUzv9tpkAJRY0gjShBo+XhinbgRV9D+QqCleCw1hIQ3zvnAOR1Fnu7vt3KkQFfSNc4B/mGVPLXJEb6oc4AZR95Q==
+jnj.			86400	IN	NSEC	jo. NS DS RRSIG NSEC
+jnj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yR9QTyq21sj4HzHMSJcqOnhYhKs+jcCHe3J+vqMld31KgcgaVuHqyP4g40NSYIN8k+hn209tpFqgd7+8IARJhBjc8zG5l0GRyOhEdRFhCI7g6toWW7urlQUZT+pSS245SyW9RF6SxelIAPIDNFAhjEu4icYS3ISCVT2To9Rxc8zZiRR6Q2yXl1y3bEfTvt0WpnyY+Jxh+qnPz4e2d+o2C/mtNiCegLh/uIg7FQyCHDGFixmyuGwoC+TGbFftIsVKoXbvPkb4GvkORzEVoGrUgseOxmtNSo6TrOlBJot2UnbBRT5qyR8n9jEOwUY1xwDeYrX3O9iz0NU2vdblT9yqtg==
+a.nic.jnj.		172800	IN	A	37.209.192.9
+a.nic.jnj.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.jnj.		172800	IN	A	37.209.194.9
+b.nic.jnj.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.jnj.		172800	IN	A	37.209.196.9
+c.nic.jnj.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.jnj.	172800	IN	A	156.154.144.89
+ns1.dns.nic.jnj.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:59
+ns2.dns.nic.jnj.	172800	IN	A	156.154.145.89
+ns2.dns.nic.jnj.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:59
+ns3.dns.nic.jnj.	172800	IN	A	156.154.159.89
+ns3.dns.nic.jnj.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:59
+jo.			172800	IN	NS	jo.cctld.authdns.ripe.net.
+jo.			172800	IN	NS	rip.psg.com.
+jo.			172800	IN	NS	amra.nic.gov.jo.
+jo.			172800	IN	NS	petra.nic.gov.jo.
+jo.			172800	IN	NS	jordan1st.nic.gov.jo.
+jo.			86400	IN	NSEC	jobs. NS RRSIG NSEC
+jo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z0tT+dw+2vzJIOjQiTIN4nWmR3fgL9roTC6t/Rf2/0ObZX/bcjresZ9CDb6z3LE8xxpKq6iXHVzJffzkCdvuUczP8Pky3JGFfw+LLYmhrBtukk6iyL5Msw51ZiXDIGGidwwatKgt0i52pEYwPHKuwLzGxv3ysZ8+HEm229KFbo0A4I3asXB3IeCW8bAVIN5XjcV3aav9Q5ijGEugn0Bp3SZmPhah9fFthbdbMsb/fxf3TV2/CC1FLYk8s9HXp5/TwLq1MKczLDu54LcldyiZBoKc9iB8J8KArT1M/TsRxTMP8BGRDX0mmFRwEyqLf8lIreQkSNaR4+QuQEMLGOo1Hw==
+amra.nic.gov.jo.	172800	IN	A	193.188.66.103
+jordan1st.nic.gov.jo.	172800	IN	A	193.188.69.19
+petra.nic.gov.jo.	172800	IN	A	193.188.66.2
+jobs.			172800	IN	NS	dns1.nic.jobs.
+jobs.			172800	IN	NS	dns2.nic.jobs.
+jobs.			172800	IN	NS	dns3.nic.jobs.
+jobs.			172800	IN	NS	dns4.nic.jobs.
+jobs.			172800	IN	NS	dnsa.nic.jobs.
+jobs.			172800	IN	NS	dnsb.nic.jobs.
+jobs.			172800	IN	NS	dnsc.nic.jobs.
+jobs.			172800	IN	NS	dnsd.nic.jobs.
+jobs.			86400	IN	DS	47990 8 2 813737ED8EA193EAE37C0C2F95758A0DE0B5069A20A9B0E8F4955908AC40C57A
+jobs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Eik+UpO7CWcnC7bzDGthW2nCr36xGFe0u6oSUnujSq+0B2EIsSEOEBFN9FxbhOUZXQDP6aITJ6fOM9jrO0/ik+E8MZLo3tRjfFfUMetpi7MhqV5ffOFJpxk0+PTYdoIZ9Vcgqh5217UquoEZsTx3iH9gaB+dhiBllTSsbZN9jBLKl9r9OAgfYjivIyOQtJDavpw/bGj6Qq8xVZDnTNaDjYs/g63oiy2QldkkLAomS+0YgQMFhKpxzc/Qpd9qVCGiuSxlAwd6WhXcWxyX6EGkmq19BNaBonXbRspbVO9UVi+yM+VzlO0dtn0uWV2vT3SxxI8bZ+Y/yp27sdyGI+SXkw==
+jobs.			86400	IN	NSEC	joburg. NS DS RRSIG NSEC
+jobs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ciFumu80z23/HhlEUPZBLgm2ei07vmhNP5pQLQ78C/P0lzh6NmgxdmWXTxS0/LZ6Z9ddhQH15PXEPN3FZXwJBjI+FV7D2QJdrDzZpfn7ebgItEYoFkbRMNmPZ7ur474QY++kCwlRsFTsUlB7YJBJw3JnSGtwypXSqymfELUju5tDLR5QDOWjUB0l8pyrt5bhtycbJm7OcKKhVFMb62v0QZ4KYAdv4pbfepFTeWdaY+GRqcOZlHTfjAVaTK/VsvM0+XQTlc5keQSdPKrC/VE/Ayrb0w6VjdL2r5EiHlDaotJJbKWJnAx15QYYeqi9+psnZOBucUk+WHbNu6cRKwz4/Q==
+dns1.nic.jobs.		172800	IN	A	213.248.219.120
+dns1.nic.jobs.		172800	IN	AAAA	2a01:618:403:0:0:0:0:120
+dns2.nic.jobs.		172800	IN	A	103.49.83.120
+dns2.nic.jobs.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:120
+dns3.nic.jobs.		172800	IN	A	213.248.223.120
+dns3.nic.jobs.		172800	IN	AAAA	2a01:618:407:0:0:0:0:120
+dns4.nic.jobs.		172800	IN	A	43.230.51.120
+dns4.nic.jobs.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:120
+dnsa.nic.jobs.		172800	IN	A	156.154.100.3
+dnsa.nic.jobs.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.jobs.		172800	IN	A	156.154.101.3
+dnsb.nic.jobs.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.jobs.		172800	IN	A	156.154.102.3
+dnsc.nic.jobs.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.jobs.		172800	IN	A	156.154.103.3
+dnsd.nic.jobs.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+joburg.			172800	IN	NS	nsp.netnod.se.
+joburg.			172800	IN	NS	coza1.dnsnode.net.
+joburg.			86400	IN	DS	65032 8 2 4ABF29A076FC19AC89283BED93457B56D2B0C8AD90DC24D70F70988A7D8BB574
+joburg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cMkfkZNoA/NWi84pKVT2esZOy5a2LHE4I0LtyXxEraZkZ/4JaJVNLXY4s0jFnW0zOkNRwbKM3YNf4he5R1t3eBKZujRSsnD6ApcfmT60MBNjoTfbe8ClCitcBrp96R0qy5Imqn52M8lYxmhixuSzSvGwP5ZQN0a3l1hEYhZr6XfylqW8QZj/1pZLtMoAWa9Dv1eyycCKYArAMULtPLRFQiFQg5buyUfyOqel2KrV9Hor/OFTEeqsjJ5MLb8OXmsYu0gyM/XhQGYHQJ2FbJBcOpjBXp4QDrqfcE6KjjTrbDKb6G9ZBRFvgyAfI++i4lIQK3FP28EFMKk9rYHLjs3qCQ==
+joburg.			86400	IN	NSEC	jot. NS DS RRSIG NSEC
+joburg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nhNAfHKjji/pp1nndnlf1H+jqYAZwNFpfjlgL60UxwoxvYWWe3BSYXIiahsVoX42lWcG7elodGGzjKDYaVEETRbxirixf0ram3uELufxCexOVzkSFS5xjCwP1AVKevXMWaL8imXKI3bLOZAwnRhjNWA/KdG2xUaF9X6VnJoVUMPqUb6kjCVohjXubEDGGyqMRK2iUJuiKsChI9NxuO4fOsFSr7Q0YBpy4DOQuGNWjiDTrzsJiZVUN2FtjZyjFSi9GVk06v2oKgifMFiQUI/EcQ4HDnEmdByjIyNBtOKWJ3cWCNBsW28J8vbR/jjKGQhEJP/g8BwcU5ILyfLtipAZrg==
+jot.			172800	IN	NS	dns1.nic.jot.
+jot.			172800	IN	NS	dns2.nic.jot.
+jot.			172800	IN	NS	dns3.nic.jot.
+jot.			172800	IN	NS	dns4.nic.jot.
+jot.			172800	IN	NS	dnsa.nic.jot.
+jot.			172800	IN	NS	dnsb.nic.jot.
+jot.			172800	IN	NS	dnsc.nic.jot.
+jot.			172800	IN	NS	dnsd.nic.jot.
+jot.			86400	IN	DS	60425 8 2 E6238D8E60F3D9967690F2D435F35503CA777FC828B7DEBA61A1E4CC7E97BFCC
+jot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oGCiyo5Pi8rjy2IHhCVsXqfw63bRbH+Ipie373re6ngEaLDbIp3WuV5+bCFHwftxf0EjlWuJvSdUl/RjBRe6kGL+4CzrSWvIuGBYFzg9z+rS63rUm0npRQeyhioDiDtCu+anSbS1G8c0Mt6C8s/4SnpTJazHFIYdcvcMQ0b/9k0dTx7fsOivvFbHQSdDGs5zMLfIriVKdWUNyVBwS/zZ95MMkp2qm/Ajse3CRBap/udkZhjafub2S2V44C1hydWWdbE3kfveLMJ1jqdh6NmxD8/8Wtlg1yY4/RtTOkVGJ8S4KHFMEriup/Po9Vek4VC0dMrx6kmktpLNRZpd+7rgrA==
+jot.			86400	IN	NSEC	joy. NS DS RRSIG NSEC
+jot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oNAUBfx0a4/jWVBL7ryoMjYNWyr0rQwgTMjPvOQmfv0bmKLw3F38Pd8rYTJErEXLjnGEwrE7VfjXLJd2Yo2GzZhgH/IzhX/agoz1hqhwpQQcDdR3agVjmAGHmCvKOu2ZcFWDb71/vYsluBgbKbKfVJw0Wsdj542I7lN/9NZYSeOhxQbVn5bEnk7+n19kES0FEvOaCJpn9JpHePSYDoofNxcE4iHb7VDgVNQ5cnHkdBcA7XglUR7/urhcExGlo0/1PiI0o63JDs0rabjWLaPFygKInth2xdZi9pGf6mw4X98DYfi4zQBqTzKmKR8Qhnk0XfkJ02Qq5jDlfsb50lZuog==
+dns1.nic.jot.		172800	IN	A	213.248.218.70
+dns1.nic.jot.		172800	IN	AAAA	2a01:618:402:0:0:0:0:70
+dns2.nic.jot.		172800	IN	A	103.49.82.70
+dns2.nic.jot.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:70
+dns3.nic.jot.		172800	IN	A	213.248.222.70
+dns3.nic.jot.		172800	IN	AAAA	2a01:618:406:0:0:0:0:70
+dns4.nic.jot.		172800	IN	A	43.230.50.70
+dns4.nic.jot.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:70
+dnsa.nic.jot.		172800	IN	A	156.154.100.3
+dnsa.nic.jot.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.jot.		172800	IN	A	156.154.101.3
+dnsb.nic.jot.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.jot.		172800	IN	A	156.154.102.3
+dnsc.nic.jot.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.jot.		172800	IN	A	156.154.103.3
+dnsd.nic.jot.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+joy.			172800	IN	NS	dns1.nic.joy.
+joy.			172800	IN	NS	dns2.nic.joy.
+joy.			172800	IN	NS	dns3.nic.joy.
+joy.			172800	IN	NS	dns4.nic.joy.
+joy.			172800	IN	NS	dnsa.nic.joy.
+joy.			172800	IN	NS	dnsb.nic.joy.
+joy.			172800	IN	NS	dnsc.nic.joy.
+joy.			172800	IN	NS	dnsd.nic.joy.
+joy.			86400	IN	DS	33604 8 2 7DBDD304C79FBC1BC471A74B57D8DD1E286976E6203512356146DF3AF37AC916
+joy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mjW7XRGGSdPcTQI8xE/WDR9LOwbPs5BxnZZxqCo06AVDkhSpHNQVWyuugaoE2Tj0i+Bcea1/+FhnLy4iEcaz0ntt/XwbG7s2CDtrbpuyliRjn3+mmb+maiTcCCoO51YWB2d14A4NaEWJLUrHZBJP73A5nxgGE47Nk+Z0j3HwTFZlqc2R8oDJ/loLVlOGC5OSOQhuQAmYTsKwhm9s09W1gQCCZVR0SFvI8GWXHbGp3pYrnYkXLcJZrqScQMlkGzhB/IBxYrOjTi25rtOBZ9AfnAD62DKzxlKaSXd2QGTfa9qCP13csTerZboEvCA1Q1z8NfjP42vHIqpEDzwfFa2xuw==
+joy.			86400	IN	NSEC	jp. NS DS RRSIG NSEC
+joy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VGC9RkMle9vvwMKIpW+kxDxRV02k3qDNbienIT0Lpz6aTQaeTSC6eD9Jd/Ehw03xaZBr5UnPOGyTXZ25N4alSYARwYQdeQ/Qa+aB319T4jTKYee7biadzv2sgCE9+IjjZI3AeMLkXYZt5eOfgEvm4au161ZONsLz7PH/uAg1Gtk7kGVNa3KAZLbTu8h+0QNF1SCzDud4UQ1A0Q9e/686ObjBDRhhjCsyG0VdHjDyXGq0wJTxB1ta+fTWSEq4IgVJsfzJ/EbRRJhRzL7I+29+k6RB3oMLww+dDVJr3ujLX53pjZ7IJrBz4YASz/z3T5MzMSmighJmfkTj8lLVySn32g==
+dns1.nic.joy.		172800	IN	A	213.248.218.71
+dns1.nic.joy.		172800	IN	AAAA	2a01:618:402:0:0:0:0:71
+dns2.nic.joy.		172800	IN	A	103.49.82.71
+dns2.nic.joy.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:71
+dns3.nic.joy.		172800	IN	A	213.248.222.71
+dns3.nic.joy.		172800	IN	AAAA	2a01:618:406:0:0:0:0:71
+dns4.nic.joy.		172800	IN	A	43.230.50.71
+dns4.nic.joy.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:71
+dnsa.nic.joy.		172800	IN	A	156.154.100.3
+dnsa.nic.joy.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.joy.		172800	IN	A	156.154.101.3
+dnsb.nic.joy.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.joy.		172800	IN	A	156.154.102.3
+dnsc.nic.joy.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.joy.		172800	IN	A	156.154.103.3
+dnsd.nic.joy.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+jp.			172800	IN	NS	a.dns.jp.
+jp.			172800	IN	NS	b.dns.jp.
+jp.			172800	IN	NS	c.dns.jp.
+jp.			172800	IN	NS	d.dns.jp.
+jp.			172800	IN	NS	e.dns.jp.
+jp.			172800	IN	NS	f.dns.jp.
+jp.			172800	IN	NS	g.dns.jp.
+jp.			172800	IN	NS	h.dns.jp.
+jp.			86400	IN	DS	39916 8 2 B36B524989BF0625EFD9B0877E74E77F052248FDE965B6E3C327D9C06AF1D080
+jp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1VHoarCBWWU3AndJcSoxxLvL1EBgTLaPDWDwJDovQTpIte+27TJjRJI/906V4SqEyAZqNPX+K0y+brc1ktQ06+sVrmOwGV+XudzhaCRoj6Vhv2aDnr4g11u1UomhN3VevorF/Km6nP8ovrfox0mF75akS6NVUWFtdbMWzcGXLQPaRe7WM5jJpGlYiyiKxI33plRAxB2+qwtuQqyi4weY1HUCXRMqucHPCLetzy8V+CvJSjQfNGOoGrH2NTSiPMBT9CP01kNfz2Yztbx1VdcFF6T0MhAWSMVYsHA232mKI86xLp0M60+YtNZ3ODGHq/1en0dZx87Wwcuu75ittR2IQg==
+jp.			86400	IN	NSEC	jpmorgan. NS DS RRSIG NSEC
+jp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r2qIhva9CxbpNO2lUHx1JqiEve8/Py4SOwnlUgye2wbsbzFwXG8ezTHwsMLrlcXNFbi5dxEQDBH3BdOsSExRfo2wCRej/+eRzlvYf+HOhADu+NDFpEZK4rsiJJD4sIqIT/GPjepom/rLhS1cFjDihyKW9egCEM9lsjvUScxLQCTpDkQHjV/OdphatCuqxOEju7+dcZoWF3HEDtHRkDhIzSUwmkfD18mbLTa49Vczb1tNWHk0P7+io86J8LWnGCG4fCrYXFfnqUP/2qE90IU/FVq9T37el3Me0b7AResb0XFPygFcBUk6a7mIfn8UhqavwA0/vhVAn1FgqNRB1cW34A==
+a.dns.jp.		172800	IN	A	203.119.1.1
+a.dns.jp.		172800	IN	AAAA	2001:dc4:0:0:0:0:0:1
+b.dns.jp.		172800	IN	A	202.12.30.131
+b.dns.jp.		172800	IN	AAAA	2001:dc2:0:0:0:0:0:1
+c.dns.jp.		172800	IN	A	156.154.100.5
+c.dns.jp.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:5
+d.dns.jp.		172800	IN	A	210.138.175.244
+d.dns.jp.		172800	IN	AAAA	2001:240:0:0:0:0:0:53
+e.dns.jp.		172800	IN	A	192.50.43.53
+e.dns.jp.		172800	IN	AAAA	2001:200:c000:0:0:0:0:35
+f.dns.jp.		172800	IN	A	150.100.6.8
+f.dns.jp.		172800	IN	AAAA	2001:2f8:0:100:0:0:0:153
+g.dns.jp.		172800	IN	A	203.119.40.1
+h.dns.jp.		172800	IN	A	161.232.72.25
+h.dns.jp.		172800	IN	AAAA	2a01:8840:1bc:0:0:0:0:25
+jpmorgan.		172800	IN	NS	a.nic.jpmorgan.
+jpmorgan.		172800	IN	NS	b.nic.jpmorgan.
+jpmorgan.		172800	IN	NS	c.nic.jpmorgan.
+jpmorgan.		172800	IN	NS	ns4.dns.nic.jpmorgan.
+jpmorgan.		172800	IN	NS	ns5.dns.nic.jpmorgan.
+jpmorgan.		172800	IN	NS	ns6.dns.nic.jpmorgan.
+jpmorgan.		86400	IN	DS	1816 8 2 E41C95D6A3C09199493BC8A48D9D348B0BBB1D4CC33E9333092A510806A35E88
+jpmorgan.		86400	IN	DS	3652 8 2 EE3004DFA6162785F6C80C697E79D43F8FE436189A5CD880C971D4CC2870B139
+jpmorgan.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . V4t9k9vUEpoLncw1l1g4Gd2gZHzk+Cd8SXKCM0LD5p1xM4uL8ZWzuXVrJ0TRB3PiUjn14wOG+QbyBfFYOqS1yxECfx/+GkqgZfe/xGM4iNsgwAC5GZchIwpUrdxEMcKieKKYmT0hocBK6oq46jbh0xwu6JyWxdDvsqKkHecYdvSuoIzF3cFZKfT/5iaGtit6rUvLZPA5k6ekME1gyOWxm/Esu1RhmqZ+HBg/HylVvMTdYPY6Detk0j9phP2Su+uj1GuIQgiTDcUlcuEJWrsbY0+lijOY+wAp7CINqmVlwwfWzfVlkcJ9nFODxssz63jRjSXdYCCs1Z2r5o8cmdv0Pw==
+jpmorgan.		86400	IN	NSEC	jprs. NS DS RRSIG NSEC
+jpmorgan.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dkZBm6ohg03q5WvOrU9wW2/GOzpEO3/cUI6uIqxyHEdxZlT5g5LILHMpKkxRXLJ6uys/euMqoHj6829Kf+ywQDqhWWZZcqr6fP4didygDL1SXybbpNuIi3FPOMjl4UYt+ov/dnjILhWiRpmboGof4/jaB9zYE+rkMBOrkFxE6HLNMl9WFbpVJAES06HtCM7FB4drBvAfoDzdF7rGlzYibS7xUmMcsJ023IAlaoE53t7cnJ7/f/74bbBsDPW/cpane5ldX2XozVqwkU55n4O00A+Dpo5xJZAznoiaaOvlli0p0Hf6ryk5v51MGznNCYtaWCiUmbwer+pTS9beza6l6w==
+a.nic.jpmorgan.		172800	IN	A	37.209.192.9
+a.nic.jpmorgan.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.jpmorgan.		172800	IN	A	37.209.194.9
+b.nic.jpmorgan.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.jpmorgan.		172800	IN	A	37.209.196.9
+c.nic.jpmorgan.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.jpmorgan.	172800	IN	A	156.154.156.92
+ns4.dns.nic.jpmorgan.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:5c
+ns5.dns.nic.jpmorgan.	172800	IN	A	156.154.157.92
+ns5.dns.nic.jpmorgan.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:5c
+ns6.dns.nic.jpmorgan.	172800	IN	A	156.154.158.92
+ns6.dns.nic.jpmorgan.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:5c
+jprs.			172800	IN	NS	tld1.nic.jprs.
+jprs.			172800	IN	NS	tld2.nic.jprs.
+jprs.			172800	IN	NS	tld3.nic.jprs.
+jprs.			172800	IN	NS	tld4.nic.jprs.
+jprs.			172800	IN	NS	tld5.nic.jprs.
+jprs.			86400	IN	DS	58219 8 2 978A76DB730F3EA33F8E68179624067461E501E870E2F7168C4C15EB3E1CEDB7
+jprs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jwLedQlsKBIfU9IfD/UxMURvqYE5Z6u70BpMqlHrYxz4WxSPL0rgh1rRR0V6JG5BVbQc53l5QJ8AIwnh3UtEVSEh5nj/7hezJJ19woRhDM+FqtwlIvREMk6w7sA+4fHpZk8DHmiPYGdkzwNLFP7dY4sE2ckQfHShHrKcSbvpq5Cr7An+2qtb3J5i0RXuRzQMlwTaHLrX171zDQIpdZm0jZ3uRF3sBT5OYCTCt5xyoRuS+YtaXnmoO7JtWBRRKy/VIA5Ph0qQM/EXW0Qn1I3TwccmdUsaXMB8O0Rh7gp3R5JnlkZz4we+CRD+h1crTlqV2KO4XcGAVIdXYSGVJvF0Zg==
+jprs.			86400	IN	NSEC	juegos. NS DS RRSIG NSEC
+jprs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . glPrbbQGgobW30/9bJqSffdPHobohky5I/x3KEvaMDgzNl7b65XTVLsAENTWzIB5VurUhhVLT88SubBBRUUusq0m253yi2+JZkEomysYb413y/Ral0hC+o+pbXdU15TLo4+XCnt0sKC5F4k1+zqRsXgbUlXzU4pqPKDh7i9OiWVffj+nYsm74lpsZ/O0vwFjQXOfxCYjZauqbvqtch+oZHx91oI/zla7dCaib3spxPDx+cGNTeeVTXZD64iuKdacjX9At5Yz/dO5dhj91EPGLnQfn403BTntjf2GgJ89LZuFW6dck2jEnuTkwgjc8SRipGpSoTq8LaXWhN8aWZnv7A==
+tld1.nic.jprs.		172800	IN	A	103.47.2.1
+tld1.nic.jprs.		172800	IN	AAAA	2001:dda:0:0:0:0:0:1
+tld2.nic.jprs.		172800	IN	A	117.104.133.16
+tld2.nic.jprs.		172800	IN	AAAA	2001:218:3001:0:0:0:0:1
+tld3.nic.jprs.		172800	IN	A	65.22.40.1
+tld3.nic.jprs.		172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:1
+tld4.nic.jprs.		172800	IN	A	103.198.210.1
+tld4.nic.jprs.		172800	IN	AAAA	2403:2880:0:0:0:0:0:1
+tld5.nic.jprs.		172800	IN	A	65.22.40.129
+tld5.nic.jprs.		172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:129
+juegos.			172800	IN	NS	ns1.uniregistry.net.
+juegos.			172800	IN	NS	ns2.uniregistry.info.
+juegos.			172800	IN	NS	ns3.uniregistry.net.
+juegos.			172800	IN	NS	ns4.uniregistry.info.
+juegos.			86400	IN	DS	29108 13 2 A05CE9AC7DD78B8C400AEE67A0F85D3AA82B99C07745748021A53BC35E9FC0F3
+juegos.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iy+C8LYQNdRlN70Ef9DWRDjHxU1Uu3vDJxfMe3zuNElIOFzpXFM99Uv3at2WdtjZ3kFzAtpA1M0SjJVHxCcQD61NtTJkb2QEn3p2WbBHrvUFNB8E9D1fi3J1eGUpNE9F74xsUJ5jpKgHoiUvhIcUPjUP4OmxkmpWNJwMHSERvc9zlR0KUmXiQ9dJtlotPHppWj+gVhxzSF8O4LOG2fiQ0GQhrxKvJ8a46XodYjYFIOov45tLHECut1y13NAM2CClDKVJVuRJ/1d96GmCma+m8KfxLeqDclBbfifpOLFyPlcx08JCOosYMALj0Kqs1bEkoZKQ7C2PvzoATjREAYYOlw==
+juegos.			86400	IN	NSEC	juniper. NS DS RRSIG NSEC
+juegos.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WSOT5PhInfxZLP7MMqETfxYs7XCTxIJfz7AJI/MZOX+L76Do8MXfsZyUN+DgutiQIkb2efoe6mHvoZ9VaFUzKjhfWm4FNS/2Mw1aN+MWcIdr8bdwQI6V5U5OASnaelcJNoxbDlLRK3hkYSSdJPlfR4NnI7G1ZWLRlEl4VaYN6yqWP2+1MW/d8sObBJyzGrrna6xwhJZmNLeutSHPy/sw61A2FRjTfEYGYG9rX337t5XjzLbGvBHRddVsJXJmURQ0QO4EgQLCFx5Wxk942/DLp2NMGd0vAfXGquP/dJdH25Y8bShpFNVrWdW4aPdF09on/m69b7M6TgCrgdGR+MSKWw==
+juniper.		172800	IN	NS	a0.nic.juniper.
+juniper.		172800	IN	NS	a2.nic.juniper.
+juniper.		172800	IN	NS	b0.nic.juniper.
+juniper.		172800	IN	NS	c0.nic.juniper.
+juniper.		86400	IN	DS	49897 8 2 AD81FDD4BF0E52FF057B63957A4EC39FAA26B560D26FFFD730A5B46C92B55610
+juniper.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1mp4FYCVBBYOS2PUc1nXSBeQEytAp3KCg4DFbBOi3dMmuKFieqmj4XLCw4//S4QYq9zJgactJBmqzlLhgS/Yzp8d2UTRYvK/TcLP+LkA7QGKaryns9J/0aJ7qj0B1JyYjTqweNd9xlXa2/UKkPxjFLVMDwkV+GqbnHGVppTtSUZlscX/wU+Pnp9VXd7TgrvcBOu3FqTev+JJM2c6heUVh4/6ZrWBkLW/t7YIrFjuqvH/V8fOKwgKjVN1xJBDOat+Zd0KZzPeTbE17hu19I26SuT5um6iZKSVpISMPPFziYsjaRXHxpm5FAN0Z0UnnilX6ZGP2+7i94qXjnZDQpikPw==
+juniper.		86400	IN	NSEC	kaufen. NS DS RRSIG NSEC
+juniper.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JAH3dr7Az+fhVAJlBERTN36psu8SaIiB/BhWHJ+EBGQJaJ81bR+6BZKG5wTBsP1QO5WA/X+rM1UI/sUbcI6/KLnqEeazX9NdDFyFd6ubZLyJ08ko+Sh3H8Oqb7YA/fcrWhTXftxVuUHD3GCILMe3ygfqvXrQ2sruynGducck/j3FMAJGiJHK9ETnTpB1P3pxBUm9yeDA6zrBQKmjKPOhg+DBcaGl0/WeBWwjY6InqonLkNEp9XKVfBx83U89QoUD0pbQe2iD2fh/bW/78iR3kH0/qwGNMee9dBC/I5dDCrxrt2sinnkbtqsa6i1BCNuWQUQ/ptX2z7lsU1M6f8pRDQ==
+a0.nic.juniper.		172800	IN	A	65.22.112.52
+a0.nic.juniper.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:52
+a2.nic.juniper.		172800	IN	A	65.22.115.52
+a2.nic.juniper.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:52
+b0.nic.juniper.		172800	IN	A	65.22.113.52
+b0.nic.juniper.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:52
+c0.nic.juniper.		172800	IN	A	65.22.114.52
+c0.nic.juniper.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:52
+kaufen.			172800	IN	NS	v0n0.nic.kaufen.
+kaufen.			172800	IN	NS	v0n1.nic.kaufen.
+kaufen.			172800	IN	NS	v0n2.nic.kaufen.
+kaufen.			172800	IN	NS	v0n3.nic.kaufen.
+kaufen.			172800	IN	NS	v2n0.nic.kaufen.
+kaufen.			172800	IN	NS	v2n1.nic.kaufen.
+kaufen.			86400	IN	DS	21757 8 2 08A94D2A8C54C7B7CDEF0B6EC1D550D04110D86B904ACA22327458AE8B2F0E86
+kaufen.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fAD0QHS1tFv1iHVny0+VU60E6rF1TNOJxV+jXtdFD/TslHwAGTtoyxVnb2/JEbK6vgJntDYNwGPCPL70Uksb9H4u5dLXNpHwQYKaOFjipUaUbZB8u5CM1na42PNFmq7nocHNydaIcOXjhrItR1Nr17afKMg15fHH1GVsyHEbdxGX+2HoctoaoWXf2cZSsD000dXtnN6HJMVddIpi6Ek2VcM0JRqbDAVuHH+dV/JpovfBuUoTZKXUD2Q8jo/sI9s99GDkl7KuAT5yxLSd6bqBCvR4G8A2YzyUk2G3UTxwMJKw1kv8DZI5nnJhJYRkFx/RyeXGTmnTsG42Ol0HuAbkRA==
+kaufen.			86400	IN	NSEC	kddi. NS DS RRSIG NSEC
+kaufen.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uJSU5b/hF+eXbGgonDPBSkkPN+vzr7A8f4b01ZvyKEqgWwNi9ogLpKXAxIgULS+QNSo9yPR9GKbfWkDovbQVVYOnv+9xKnzEw0sCvvWKp8Tky5XAHhz4JVBVMMLQdrxupIjvv4LhSyuImh0g9uwvcxOIuW0Xm+J6ljHQ8dU6v9vS4GrZawzsdVQMClHLersWFmcubR7WvxeMNsk6RTMu/4LAwEqKhR3CMeFha82KitbmwuTyxa6SOXJQkEJ8uUuxF3iMtOmGDb40TEzwW0eJCjNwity65rQnsXO+6wPKfOuqLp3pPEbJcMk/oPwWGNKj1Nf2Xb+zCW0kyPAwPLd+sw==
+v0n0.nic.kaufen.	172800	IN	A	65.22.32.20
+v0n0.nic.kaufen.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:20
+v0n1.nic.kaufen.	172800	IN	A	65.22.33.20
+v0n1.nic.kaufen.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:20
+v0n2.nic.kaufen.	172800	IN	A	65.22.34.20
+v0n2.nic.kaufen.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:20
+v0n3.nic.kaufen.	172800	IN	A	161.232.16.20
+v0n3.nic.kaufen.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:20
+v2n0.nic.kaufen.	172800	IN	A	65.22.35.20
+v2n0.nic.kaufen.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:20
+v2n1.nic.kaufen.	172800	IN	A	161.232.17.20
+v2n1.nic.kaufen.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:20
+kddi.			172800	IN	NS	a.gmoregistry.net.
+kddi.			172800	IN	NS	b.gmoregistry.net.
+kddi.			172800	IN	NS	k.gmoregistry.net.
+kddi.			172800	IN	NS	l.gmoregistry.net.
+kddi.			86400	IN	DS	2134 8 2 871A87191B82D082DF95647615DB803C3CF6E7B80578B018118C2DD27D7FA00B
+kddi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yQtUssTyLGf/0+w989FrlYNXjUdNOIhApREfJIY1zoUaUvCZeLKmY8LJ35rGEtfPu49DoCQTsFGHfSIeDcjkTI4w2PZL+r10pAh5+GQPzrGwP0xBRCItpJeJEjIIrMvdAmc4W9j7zgjWvrMcab1QyZ3XHrNIPAwvq1JzgJHS2abMYtK4By8urLan4dWF8rPMb+/DxcX5KkQ7XePHvCBEjiEJ8r8m102QGIAClNsi5+dEjLJvCA1gfrGQEmik+7CmKTn2pM2K+loIDwAC14ZwxRjHFBIy6Xti+cftPXE3oEkzj1l1+JJUo2tE914lnQsWWMknnes52vGvpACAE1qcew==
+kddi.			86400	IN	NSEC	ke. NS DS RRSIG NSEC
+kddi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 08n0lpzr1Eat6vvKB+n5RR5lN9K6DFNNaBpdqYt3TF4wX+m96j/K2nNVkJ0zY3LvxPceUyqUxgn8XYG1AQ99Exivjj9Q4WNPz9kGo4WWZzqWIGDAu2s8xSG5Pq9dCmFrRGG8LC56slf8dzY4OKwsfGjc6IiDcG3r2r+aPgOTeTLeQme2stgGOVU7F8JmH0bWoMKN0SiGETa7By0DjrpZpjTdemoU3ABjJrp/X+0xyGGHZvz3LKkXVtEf8/KxbePEwHLuyrGBGV180MHrhNBSz4O5r6E9dVApAYLxTXLkcE52qKnJii7vOti9ntdi3ldBVdwaNpI2o0VtiA0wzPjVsQ==
+ke.			172800	IN	NS	ns.anycast.kenic.or.ke.
+ke.			172800	IN	NS	kenic.anycastdns.cz.
+ke.			172800	IN	NS	mzizi.kenic.or.ke.
+ke.			172800	IN	NS	ns-ke.afrinic.net.
+ke.			172800	IN	NS	ns2ke.dns.business.
+ke.			86400	IN	DS	28886 8 2 19406C149DF3DB23A40A55194B87C7D78C9223427D4602B78B117EF20F072AFD
+ke.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aZOKhOusc6JYymmWGoZawPQ7qKKavMpQqGumQHFOfSxb5pqSEYQppec209ez1NE/crLFz6Rf6/BhRedLOJ/QSxKmk20Ba34n3vRKh7Q4NOCxgc2g/wb3xl/Ez1uW7dsC77c2fkXNY/ax1p+039+hrCC3ooJTEJh3YjJ6Vy9T2FPhdLZHu+pGIbo0LyMR5c6hkE12F7s887GIysA4jG5n35xaukRhx9RCpU1wpxBnV1Zy/TOIRCIb6tXigagNr0M9s/Utn47Pr9VuSAutDB/bluQw/Fm4mJHmd6voqL1evp6jh3/PVWHMtTGfKZcrtpGnm3x/fV/UPmLfYkwl7pI7Fw==
+ke.			86400	IN	NSEC	kerryhotels. NS DS RRSIG NSEC
+ke.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IFftmX6hPlNLx375sfZfYDNi3fBTNUxqIGY4sjpaM4PajJokXVS7fh2FrVVRH8MfCQL18A4vmXftvblW36HfQjyhZBd44mkZLZGuzxbiGP4EvwZzjY/V3LJ4WpHGBgHozWsPsbRo36vY2goJQ6HPs7SeaQOkYjT9/o5n9FqFHEMxu9N6SfwrQCDLEtHptJEh88JsUrehgfGnpL8YwaL0HBWDiWPdQzlXyv7vZ4PpPQ11xpzeerqwKfJLJfA9fiD5x8FymMVBp1zqYC0ysDsKow72UIjLWxylWt2iStoR3jOcUsmksG71SxQ+zQojoNBKEcfUw3NdHT/3t0HOd/Ku4w==
+ns.anycast.kenic.or.ke.	172800	IN	A	204.61.216.7
+ns.anycast.kenic.or.ke.	172800	IN	AAAA	2001:500:14:6007:ad:0:0:1
+mzizi.kenic.or.ke.	172800	IN	A	196.1.4.3
+mzizi.kenic.or.ke.	172800	IN	A	196.1.4.130
+mzizi.kenic.or.ke.	172800	IN	A	196.13.202.53
+mzizi.kenic.or.ke.	172800	IN	A	198.32.67.9
+mzizi.kenic.or.ke.	172800	IN	AAAA	2001:43f8:10:0:50c0:a8ff:feee:30
+kerryhotels.		172800	IN	NS	a0.nic.kerryhotels.
+kerryhotels.		172800	IN	NS	a2.nic.kerryhotels.
+kerryhotels.		172800	IN	NS	b0.nic.kerryhotels.
+kerryhotels.		172800	IN	NS	c0.nic.kerryhotels.
+kerryhotels.		86400	IN	DS	59119 8 2 CABC1873EC8BC994E11443766B2EB1E6AAAA0F01CA1472B7FF03C4C7B818838A
+kerryhotels.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KYiQCoG+op+nNFnS3nQaGu1eK7m1C7cqIo2cETXFRsstWHHKqyMP6w8YSJ50ZWNSrmaKtQrIdxKpiBzgUI+Ho0Dp7iDrZsIYusys1gRpntQSwWRRkppULSmA3InuHXb/oxRkPM1WvBDXVTGXpuMRiymhXWZnQsnXXBHGA18mgcIXVwBZ3EA+Bgpg3HLlqbGBXjZVC3C+Y1e0HPXPg6iqdjj27ooTbVMsentyU8CVoWjz6uqa78njE00AAy8kcKW2AOJU9w0rHlAkS8o4fzRlynM2Qt0PnzpOUHQFpDSB/b/AouIP/7mMAXavJlSSkblnKWdApVRzoaLwcaEtJGfE0Q==
+kerryhotels.		86400	IN	NSEC	kerrylogistics. NS DS RRSIG NSEC
+kerryhotels.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1XL/uIGgOYqouobdGQzz8+E4r1ABBsu2tdsDyecKynDVQup91vjWPBZw/hVyrZ8liq9R7v+TJTh11HZMEepRtgEued7gckb06O+ZbN3NgkiGohHPtLhy0DAOmJ3SROvRG2Yu5KV5nhZ0/T1uYBd/JZ7wW9eUfHkKYIozKyJKh6X05tlRNG5ypBlLo8wcVyVzEOcJiBng+sjn3lo4RPjZshfoA0ldvLbI4SIhE8P89zZaXDOaNRZ46slqndQdW2RxGM7T7Hjl6xUS02ZELej8usOLWE+eG2bPXwhKI9wWU0+p6MUS/ucxxgv5n+cTqZmKBOeXp57qqD7/kroAaAvzrA==
+a0.nic.kerryhotels.	172800	IN	A	65.22.112.53
+a0.nic.kerryhotels.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:53
+a2.nic.kerryhotels.	172800	IN	A	65.22.115.53
+a2.nic.kerryhotels.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:53
+b0.nic.kerryhotels.	172800	IN	A	65.22.113.53
+b0.nic.kerryhotels.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:53
+c0.nic.kerryhotels.	172800	IN	A	65.22.114.53
+c0.nic.kerryhotels.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:53
+kerrylogistics.		172800	IN	NS	a0.nic.kerrylogistics.
+kerrylogistics.		172800	IN	NS	a2.nic.kerrylogistics.
+kerrylogistics.		172800	IN	NS	b0.nic.kerrylogistics.
+kerrylogistics.		172800	IN	NS	c0.nic.kerrylogistics.
+kerrylogistics.		86400	IN	DS	3604 8 2 2AE824F545E34C607A660D6EEDBD7D2938EE47BCBCC39CF3D269370C533BBA51
+kerrylogistics.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Nh5lqvsblcc4S8Jgl0WgKJrOW9nb9IMYNm/+NSmVeXqMPIxMCv2L/gInQ7e2drhTBd0SMP5yoPslGpaJG8TRYmnxMZcxLvoYZK8qjzPWmdZ71GJV3/D0pTP8ycUWH1lbShr10iYKpFeWyVleXoNY5VnMUrePGI4sHYnsE+27ErbOYcWZNQyTyCJt8xdoUdwDiAdTOaebCAIVtg+U+mbKoUQCL2G9MsNXuUF5MW5J0hXw6PQFcTppANMSKFXME5UCTyGWxipcAqY6EYt3swpb/rCG//EpREiAsjIfx9I5FQxuxYWBK4Pc4w8ZRUeTCWbR+jYxg1WICiCfTDv/1HyjJQ==
+kerrylogistics.		86400	IN	NSEC	kerryproperties. NS DS RRSIG NSEC
+kerrylogistics.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . drtj9Z6f9SYBuH7Ptq1mR16DOIWV09xNKpkK/Waa1MIvcpxS1MbqbVLcOFTKqduVMG3I4j2GxbV1OO8TZERwrDaTPTkZ3NdYAaX8llHvk9acuhYAGAdroLCtZt1IPAdw2MYzq8Gwvq6b6slkoHBCd+O+ExKuno7pN3V+ooCRhljVd0wpNiTpgjehOVPMO7HuKQfxTa3wRSnhfYUc0kHuOWODOvhWc6L9H6jOzWHgZBJAQ1jPCqYHlcnKNUhVioJFVkAE2pKhE+XG+UUOOHws/Jvz2vkeqYds0tcha8uetZv2OXAlsna3QufUBkO6PxeKezf5WU3eba1BTP8T9hqG7Q==
+a0.nic.kerrylogistics.	172800	IN	A	65.22.112.54
+a0.nic.kerrylogistics.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:54
+a2.nic.kerrylogistics.	172800	IN	A	65.22.115.54
+a2.nic.kerrylogistics.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:54
+b0.nic.kerrylogistics.	172800	IN	A	65.22.113.54
+b0.nic.kerrylogistics.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:54
+c0.nic.kerrylogistics.	172800	IN	A	65.22.114.54
+c0.nic.kerrylogistics.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:54
+kerryproperties.	172800	IN	NS	a0.nic.kerryproperties.
+kerryproperties.	172800	IN	NS	a2.nic.kerryproperties.
+kerryproperties.	172800	IN	NS	b0.nic.kerryproperties.
+kerryproperties.	172800	IN	NS	c0.nic.kerryproperties.
+kerryproperties.	86400	IN	DS	48565 8 2 98E8C6905DF7915E05A6AF4CF38AD9E4BAD214DFEC3F14D2A62ACA1A1A8C53B2
+kerryproperties.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . P4oeu/C68IfZ9Ryjs9xrY9IayE2dncMAH5OPylloHm36q0Y/gGz/KqRw/lWJW4BNqioyccY7d9hmNxmjT3iyuiG0AzbRiKuKQaJfT34PjMixx7wbqVmLKMiGD13QpLTsb6UDjCZzis8Q0uI4sle+69/ymXIyXh/WoB9b+8zl6knAAZgInIiLMfMc4py0MGR5jXEXQM+cHwe+BsBqTPiExB2lVEKq8YZrkPH2lBi8Ktx46qKvH63EuqCjneHN+vIWMB+kvVmbBjK0ffsTMq4S4Y70LkgrLwtnx3ilMV8KHkJavSfzOxULWDK5sfozVSollVAvW5HiSG2dTebDYigyKg==
+kerryproperties.	86400	IN	NSEC	kfh. NS DS RRSIG NSEC
+kerryproperties.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . q+f++YtVQiTHVjOCVeHyN4PZd4FCdfNuTDLC956QqzsBtx6XH7f7wCbIKeR4HZy70NUTlCifWML6YEyW4dGa2/qC9FAU1NWgwVYYvwhcs783lzKe5+HY6Ns5e+vVEwL2pmquIAhzTrSHo9Uub80QGBe+secj2CIPX/xOH+mZ+/PbAgX4o4dVysFR0Qo1W3uDZQh4qsGEzAwp+OFyHSP9QairBGUVeamRnszJHN0HL9m5ZvR6mrwaLl9JXh4mGzVyNtwhbaH4QZo9ycN7Z5cP9CippPus6uTZn4NP189ecFCfShpcny20NcnUvoZypXcvyF3tRHdlO2IxvlB8yJbzjg==
+a0.nic.kerryproperties.	172800	IN	A	65.22.112.55
+a0.nic.kerryproperties.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:55
+a2.nic.kerryproperties.	172800	IN	A	65.22.115.55
+a2.nic.kerryproperties.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:55
+b0.nic.kerryproperties.	172800	IN	A	65.22.113.55
+b0.nic.kerryproperties.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:55
+c0.nic.kerryproperties.	172800	IN	A	65.22.114.55
+c0.nic.kerryproperties.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:55
+kfh.			172800	IN	NS	a.nic.kfh.
+kfh.			172800	IN	NS	b.nic.kfh.
+kfh.			172800	IN	NS	c.nic.kfh.
+kfh.			172800	IN	NS	d.nic.kfh.
+kfh.			86400	IN	DS	47020 8 1 2FF9A7948808D902D399E6119E3734C64078BA79
+kfh.			86400	IN	DS	47020 8 2 602EE5EB852A6581E8CBDABE8D6685A881CC2783B4DE8D8947393231243B80B2
+kfh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . g85r4pGEnV0zNPPKcmZVI7zZfMG/4HVHJj2e2RKwiQ8yKzg6KtKd8wrpF+2OU9KcOlEsBlqSw4oSdkXkD2CzzCXtOsoaltDx6y9IFvhIaMaL491e+za3nSfMUo0NzOm6mXeFQ6Z+vLeODfg5pciBwwwJ5qeaom1lI+iCI6zQiIR+iIFFA5v+AXg+uFPRdpQND1zOyt5+OREkBBGWPKF6CENayFraGkOU7zKtTAkmMABSjXa0yn7/UiOetU5QZjYewsA1zOK6eD+A1nmQ/va3gi6HBc4CmK7HPb0XhoqKLLuGWFy/H73qzWgVtdBiwaTGMA2fPWpCCBF/dC9II96Y3w==
+kfh.			86400	IN	NSEC	kg. NS DS RRSIG NSEC
+kfh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . n/a5bNdi5gl2qsQNrniYIUoxcwg33QgEmsfnlUBJx+nmJqspaxtaozNrIB4+rYxeeXopHwKHKainZ8ZtngvbqC5a5l2VXhPc+y9b8QmpdOrnATW/A7lPefAu1uTyjEeHlpoRy+pB4d1N59Jp9ut2amyVNJgNaM8PATsDKcWaSaZTERkzLBEAQtSBEKtBozM9E1agpl7Vs566Up8Bvzyn9kQEJXVaj8MjsZ9VJNQcbjofmboy6RSo7RqalOS4pYW3n/2jY12t/jloEERIDdQJYwhA8EyaU1rLYSFyEgbgWh6owCW6sg2xJIWiqsTslEUPdy3GPDc6TQImxSqH6tVyBg==
+a.nic.kfh.		172800	IN	A	194.169.218.43
+a.nic.kfh.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:43
+b.nic.kfh.		172800	IN	A	185.24.64.43
+b.nic.kfh.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:43
+c.nic.kfh.		172800	IN	A	212.18.248.43
+c.nic.kfh.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:43
+d.nic.kfh.		172800	IN	A	212.18.249.43
+d.nic.kfh.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:43
+kg.			172800	IN	NS	kg.cctld.authdns.ripe.net.
+kg.			172800	IN	NS	ns.kg.
+kg.			172800	IN	NS	ns2.kg.
+kg.			86400	IN	DS	45982 8 2 D642AF8C9BB761E035CE77A48750BBAA64B41CFA0799D8D94498CFA335FA1380
+kg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gLLk6CfnhfwbMyGwMf56+VvBrR8ikR/mD9fOGbRtNvPDANVUnwxCYQ9izbHy97+Agb+BcjbCgw54p5JwMmHNT8QAU+OsqezxTb9hrAcAsSK1U51sbWhJxAq7bfbDWdrLCoTMAmBtjRH1afj7+cgnx8XwlC1T2Zq2/f4VECP5znuvbG8IW9oFkPl6KGAXp+Zh2FA9tXT6gvqEGTCIqNo7IVzD2fiJqHI2qqyhLatd5siRJT12XIToCxbblyKOm/+ZVYWQqx81+Rs5KZIWu9RFunBkcaXKV4efD5DaYMJtjMZ4DoYGkqCOD9i3k1l9DTZkTITQZsUBWvYCCADLUpDzDA==
+kg.			86400	IN	NSEC	kh. NS DS RRSIG NSEC
+kg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NeVGMIvulkdxgK8b/yYoxjLUm9XketjDHjrcPV+szwFkeyYyoI664xyji5mZQC4MZVPCH7Y38H/N5XzU0FwdJFb4JoCKtVLhMlxj5DYgcOIVYqvW3mexPJpFTUwZ+KqJcjyFqTT8xWoeVf50dlesCMW2YZUa/8gef0QX6JP864P1P/YD/kE2rng1SsoQgYN/Rb0iin0u0OOJ46PxPh4oMkQKUq8WEYaZGk/Cl65dUlRQFT5rGLQv5YzuxpudcGneXSjfJaEVrbr0sgt9hJYDBCeU3V/YxNQHAw8599/s2mgQAjvpZ3onSNtOSkN5DFswvlFQXBrY0NK2pptuGRDUEg==
+ns.kg.			172800	IN	A	195.38.160.36
+ns.kg.			172800	IN	AAAA	2a11:a380:0:0:195:38:160:36
+ns2.kg.			172800	IN	A	195.38.160.38
+ns2.kg.			172800	IN	AAAA	2a11:a380:0:0:195:38:160:38
+kh.			172800	IN	NS	ns.camnet.com.kh.
+kh.			172800	IN	NS	ns1.dns.net.kh.
+kh.			172800	IN	NS	ns4.apnic.net.
+kh.			172800	IN	NS	dns1.online.com.kh.
+kh.			86400	IN	NSEC	ki. NS RRSIG NSEC
+kh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0FqsxgR1d+FoTT/UDvqHIaPklth9wMj10SVTCxXuCfUsybIc0nKuQFT/5TGYSp//uEWrqaDMWwNEI90OZnAl8kA8c0bV+f5YFgU87f5bn/7UlZoenTs5CW55j8TRB1vubormUjfmx1NHwLF67lv92d94qJTfC9zdYRZHcGW9cDbvbYAjvQg7g4Bzr4J/7cYx2iNRO/Cj+AXxE/BPWwQTrSw7LGGoP1UCHuC/zLlK8IW7/ywWMv8n0UVrbQHMX4+wqoZJWzj8SXKvLl+15ExfhNbXlGxPcB/qTYixf1p3nvJ9dGfxcEdoJ/viNXDlFa5vspN16lw4KVvNUWwawNEisQ==
+ns.camnet.com.kh.	172800	IN	A	203.223.32.3
+dns1.online.com.kh.	172800	IN	A	203.189.128.1
+ns1.dns.net.kh.		172800	IN	A	203.223.32.21
+ki.			172800	IN	NS	ns.cocca.fr.
+ki.			172800	IN	NS	pch.nic.ki.
+ki.			86400	IN	DS	59540 8 2 FD3B27E5C171B883FE2815DDE7FBBE7F2E5AF826BFF47C33B5970F53E2A855DE
+ki.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iVImuQGYC+V+SuiJYXC1cTiH3juBP2OmXhHiiyOA6GlevysQ2ItZS7p67hoxFpqeDIDh2taUk5qQ9deIu7AxyRxeMxtHWmB+A516P+KpMaxhNlrjMsV7dmALssHDmN/CxgTWhXYpmsSP5qYTvgUROh+W9VTSlytS0SoJeCekAnRYeLxqe1/KKXojFJo3ja4dR1yefrQbVlXd9kIG6BHeFxTLFT6JibTTi0K937rvXzk89Y3uz5QVm2fRwfCSHr+pLqzbkJonPk2B/R94zuWVnt6caFUAMeRCzOd4cCPB1DMOo54PCYeVGKPad8KxOKbQXDEMwdhIqwKyxwhyUa9rBQ==
+ki.			86400	IN	NSEC	kia. NS DS RRSIG NSEC
+ki.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nbI6X0+BHkNwXjjmBSo0uKm1Vt7QUAtv89+HbtqjGXUWbRfScDCo130FiK72l6EctTolq6XRy/0EbSa68bhqoRauexuBpGT6RU3HwTB7y1gxmdAJt5hxUq7lSNSNK7XW8KsgbkIXUGsbeg5C/jY+6b+woVOn++zzJnmaRCRk2nI0SqMfQeENQlNZzpeRE0bHJZmPH2Tt5MMbXXpXf97DX/AqEY+9ubouBiYx9sEK4fTGb6awLZsrTC6L2rj4wU4Kyo2D7WuV/IBzfqfFsGCqDwAI3ERrwzljWeoZq/SvonvMv6Aqu/EkIq9cZBdDAa44c/XVELOawWIo3IPrcCEQlA==
+pch.nic.ki.		172800	IN	A	204.61.216.26
+pch.nic.ki.		172800	IN	AAAA	2001:500:14:6026:ad:0:0:1
+kia.			172800	IN	NS	a.gmoregistry.net.
+kia.			172800	IN	NS	b.gmoregistry.net.
+kia.			172800	IN	NS	k.gmoregistry.net.
+kia.			172800	IN	NS	l.gmoregistry.net.
+kia.			86400	IN	DS	2195 8 2 F0E9A6AAF2B84CDD23A98EC5926F0D9F921351207278B1D02EF8067895466377
+kia.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0WNeI0A+Am2lppkoFTrfpUclwoTGb+joM7GsRPc1Yj+x5YvlcsuT5QSCFZGyax0VFz1lFjjtJxIjfHDb+JscxK4CDOl3B2Gtpo3ZvSYrX8tXWdYg1fjTLRgBo9wzrJr/KMf18QpGJyZGgx4jdry05exqcbFGg5GNVVT1nq1IUq99qgYvJNdyemZANoroQ2QVhuPvJO3wInXQXHCom6bDUVoeEIuR+Kle5xKETxLfuwq0ww7DV6f/L/g1QNKJ1BUQq9NarKYTmaiQYIyX+s8tOVSP2l8FQpsUtg5BPA5CIYWbAuo2HaTxevEyeyoUA/aEeFrtMcxNOrYt84OwDN6Mkw==
+kia.			86400	IN	NSEC	kids. NS DS RRSIG NSEC
+kia.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RqCQNXmCPfk+D2OgVsXvr5L0q6wuNXusB874xMLtCMTIAfBxb8Ymi0CJmc3c63XJr1dmTBGMYO8IXrSLQK+ia/GpOmgf2xGcVmmTBNLOnAZVJonTLALEq7LBCnouzjdC7s29nb1HMo+Eb+wKDD8lDqGW+8usMW5uteobeaH+lhMWik6lMCh9Y2aqmyLDuCxn2wnWO5TK5uKfZmuVS+5sjf7BsHBmUUQ/sTVDk1scktqQDoqObjKYvsF0cRWoGJReVuYVSnK8vRBi3BGs1bszbUlOZvLRa77kZ5B1I87H8/XAV/4S1WOwy2hgbWzgnGRhQuuWd1ZoFtTSWNOmYYV3bA==
+kids.			172800	IN	NS	a0.nic.kids.
+kids.			172800	IN	NS	a2.nic.kids.
+kids.			172800	IN	NS	b0.nic.kids.
+kids.			172800	IN	NS	c0.nic.kids.
+kids.			86400	IN	DS	11536 8 2 0ADE57B3836DA5E4CE75AED8A7CD64B58E7D68A813D10CD94453D11F60A3ECEE
+kids.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OIS0T9v9VneKVH6cphj9Y97roj7niMkfS6+RoVoNfg0huOstRVDhm2w3yKZZUgAYZjfxo/CUKy8GlmErU+hl2cq/3mlTlbty3ww0FaptMKVuh6/h4UHolXxX49t+VtLKoLH4KHAxf8GCEdw+D0Trlo/OVS2veQXNGC7EMDWE+QcsE4D34WS1Oan2XEkJQrTbwBixFBBEn0M2gUO7NZgw51Xsj++1vD2s0vvO/73BOiwfk4Eudxs58BKhq9KDkqgtoIL1cN9uHHG/UJ0/otXM9kASbY/Vnp3XwFfdXcXVmIFcySJ2YOHIKOxSu85hHL6ew2n2QVamR+qtYorIn/ADtw==
+kids.			86400	IN	NSEC	kim. NS DS RRSIG NSEC
+kids.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TvSQP05ixEgp5LAHvtCvoFIQfTrJiMNpzjEtLhmjkzJoMPFMc5gYo7Lo3qgwfJDDsvPU6FVd2PkFewmX+dMWgaGGR/3Ya6PETfV2SR4ybgYtDwi5yXZ+4a+2G0IwT1ngoWEjXWpKD+rUq5V8e/dZbLeSWxzijJdwHHhQsmUQCSyeOm+ZhF/jLOn1+uR6cKTy9a6FarsfQuEwImbaGl3T6izCZnDPPsmUYc2mYzB4+A6NAJfYTRam+cxRw0etV/IYPYl3CFjSeElMGufr97LXT0491xRlgz88eBOR7cv6jbbFzVpNTE+Vx58Fz2fOLFsLg+ClZ2Pc3PmRjbXASyj9lQ==
+a0.nic.kids.		172800	IN	A	65.22.172.17
+a0.nic.kids.		172800	IN	AAAA	2a01:8840:a6:0:0:0:0:17
+a2.nic.kids.		172800	IN	A	65.22.175.17
+a2.nic.kids.		172800	IN	AAAA	2a01:8840:a9:0:0:0:0:17
+b0.nic.kids.		172800	IN	A	65.22.173.17
+b0.nic.kids.		172800	IN	AAAA	2a01:8840:a7:0:0:0:0:17
+c0.nic.kids.		172800	IN	A	65.22.174.17
+c0.nic.kids.		172800	IN	AAAA	2a01:8840:a8:0:0:0:0:17
+kim.			172800	IN	NS	a0.nic.kim.
+kim.			172800	IN	NS	a2.nic.kim.
+kim.			172800	IN	NS	b0.nic.kim.
+kim.			172800	IN	NS	c0.nic.kim.
+kim.			86400	IN	DS	12277 8 2 BA18A744991A561AB09A464FF96864573DB04FD61A29E9D37F7551989E7E5535
+kim.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Me439Hen+b4hMpkNlYecFSIaHmStrqXBfXiePdZCq9nydV1SBG1Zxg2Ej8+0wkbHsAABSCTA4x/jgbDosmITBF/eNfkvvwBzi4WHovTLNAXo9D/W3u9eoFG2xrkJlAIfONRPEp8v8fsnSoALQ2NVdVFWQ2erGKkfcXQHc4OjutU+hWpmnqhiKzdtpFGgNYF3QUQ+UjioVWbisIbeS1H9XisQ8PQddZuSMDHiRJO7FNfNUWgSSDNrfvjDE16pqRFKi4oefVCWC0BQ/ZDUcLAArI8Ga1EpdeRSWcGC4CC4wr0iP98ln/Q4f4BhZezn4h5zMYXI7cgrEsNgPKh2c/Hd6Q==
+kim.			86400	IN	NSEC	kindle. NS DS RRSIG NSEC
+kim.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EY7DH/3VhFpX5Aq3Vm8hkHSi4XW6PP/qT8euZcLFDLKAvxDDS6ETnulESLSAtqQsr7rfa2iEXIi74pgLLunpIq1KuR/vqCLM3kTrZYDsWPgkIZ6wXVTIHg4Z0CuHXTIf6x0OspkSNlEjSkWPiOoqbXpkW5nt6+0bfFJMlu5GtGC8DhsjrndcWwDjAcbg+Kb4cXpTtiteNy8ayi+HQ/MQssIV2zOFnnFrt6sKIYEmTNFDcoPGCyG9B+ERWgOhotZ7ZI+PR36FgGjOhijpd7rDznlLsAv0Nmnqq+UzsWU1x3ZzY+ZmFnJAMCiVNx0rDU6VtHLBOGeGfWAZvU/tN2znCQ==
+a0.nic.kim.		172800	IN	A	65.22.28.1
+a0.nic.kim.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:1
+a2.nic.kim.		172800	IN	A	65.22.31.1
+a2.nic.kim.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:1
+b0.nic.kim.		172800	IN	A	65.22.29.1
+b0.nic.kim.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:1
+c0.nic.kim.		172800	IN	A	65.22.30.1
+c0.nic.kim.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:1
+kindle.			172800	IN	NS	dns1.nic.kindle.
+kindle.			172800	IN	NS	dns2.nic.kindle.
+kindle.			172800	IN	NS	dns3.nic.kindle.
+kindle.			172800	IN	NS	dns4.nic.kindle.
+kindle.			172800	IN	NS	dnsa.nic.kindle.
+kindle.			172800	IN	NS	dnsb.nic.kindle.
+kindle.			172800	IN	NS	dnsc.nic.kindle.
+kindle.			172800	IN	NS	dnsd.nic.kindle.
+kindle.			86400	IN	DS	29776 8 2 BFD30BF5A3A6DA5808BB6780E6CBEC1CC929445AF65E949B31A9E5BDC3003066
+kindle.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ItgiNKRKEd9pl6F//MNBmcuO0Bq7Iq7esiZ8dd1qJQxdU0rFM3g2Qqfux0r9Zf45fOvzlPJz1wPA8oBRqBBsK7qCTQPoq4QywoXuN1QHhZGCgbHk4tZK35xQaVtgh4R53N903IgCmNArsIUYjHaJlMGdD081tYl3Zk1tbCQ1LweAucwXKmKvg52ekVS08dJROr3EJlrQc+ksIAEAnBsrw7sQ7ChkOEGQgSzLd9AnfZBCFouU2CVCziqwCq10RhZWP5i9NccHRZ1ENBLQPJmbWn+rx9kKN3bys0kTI1Q17Lqqje2AvJFHUBCPR4SOFGdUPODnhjvIY2FrftSmcCRHLQ==
+kindle.			86400	IN	NSEC	kitchen. NS DS RRSIG NSEC
+kindle.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hIEpHE41ocZ82q6wn48v/S63iSS3L6a08Gl6Y2lH9Pc1bLDSOasp0E012JXtdjA9C68y+9XjmhZ7ds0YGKzkVjY29EcxAcIXUfNP7UScP4Os3KfmDL3JUnihPrOfFZSesJTYFG8NVGMLxApL0kAaAyNDUJpO6zbvwdB/f7arjAWhTJl3+v2yOH7CZVMFCYm7zjK0CqqcJdMbu5xXBD2csx4VAzXe+1NBUfI5RpPEeIBfEGMr0rG09R9zc2IvTkOO2S998/z+GVTI8rf2aMD63HVBMMOAQnyut/qYxopwMXH0Rr+ji6Ji0BcixuK9K1N0bM889GtFaYzSGXsLsI3r6A==
+dns1.nic.kindle.	172800	IN	A	213.248.218.58
+dns1.nic.kindle.	172800	IN	AAAA	2a01:618:402:0:0:0:0:58
+dns2.nic.kindle.	172800	IN	A	103.49.82.58
+dns2.nic.kindle.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:58
+dns3.nic.kindle.	172800	IN	A	213.248.222.58
+dns3.nic.kindle.	172800	IN	AAAA	2a01:618:406:0:0:0:0:58
+dns4.nic.kindle.	172800	IN	A	43.230.50.58
+dns4.nic.kindle.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:58
+dnsa.nic.kindle.	172800	IN	A	156.154.100.3
+dnsa.nic.kindle.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.kindle.	172800	IN	A	156.154.101.3
+dnsb.nic.kindle.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.kindle.	172800	IN	A	156.154.102.3
+dnsc.nic.kindle.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.kindle.	172800	IN	A	156.154.103.3
+dnsd.nic.kindle.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+kitchen.		172800	IN	NS	v0n0.nic.kitchen.
+kitchen.		172800	IN	NS	v0n1.nic.kitchen.
+kitchen.		172800	IN	NS	v0n2.nic.kitchen.
+kitchen.		172800	IN	NS	v0n3.nic.kitchen.
+kitchen.		172800	IN	NS	v2n0.nic.kitchen.
+kitchen.		172800	IN	NS	v2n1.nic.kitchen.
+kitchen.		86400	IN	DS	47935 8 2 7F36F037E4BD2B909479811F3B3AD76C00DB04F1F7F6476D00483D653B744CA4
+kitchen.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1sW9Z+uglndG4pWgoJHghsCkJlP9DEMLjsQKKaZDtIUMIah53J/XEBLLsACTDdYPL95MGOf5i6zLD0YoAbwuaS6kC6SGxYmTdMtY/XmvyfUYstDCqakAr5sO1XcHzr3bB3S0uwUH01HoQTSF8emsXroztlYmGVP1wocKFGQsLAc1ynyrZYr0/fn2Mg+WCdD3z8Jqb7xjCISDxqEJ51QjgKwZQcl5U0a64VjnFvEa3sQy/q5yELI0aG7i4mkNMFdG3bwCcsj0AtR7bLtuC/dtyaKVFoVpzX0hcu6rPcIAXAXKgmUxf+7LxZEyOs1C1DcERJq5dNw6c4jWBVbfTZcMjw==
+kitchen.		86400	IN	NSEC	kiwi. NS DS RRSIG NSEC
+kitchen.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hjKzGnvFaqtlwhB8w1RTbrR/+goQQaWU/pYlrI0AT/0nfK+UHKfVIKSKClyMG/dsydbbSa6ZCh2d40Vm5+uekbe90u8D6tTFqbCbQW9XPoaMl+T4YmA2EX/TEtGThJqwZhtlfT17TtOZ13vHQ3GJXoOCzcYNq2QrBbImaw9+j/+hrGfKO0egB3Yq+B2uwlcezdHg7aPndkuRIIF9BPYhdtPaVrSlzkMd85VpUieKDb49xA2phyaEss32/upfhFHMBcote/D83osctguB10WZVMpfrvS26Fala/fKbv0H3xv6TtBS5VcX1BPHoM0LK5HymS6+n4uOiG4JfBLOpGOWBw==
+v0n0.nic.kitchen.	172800	IN	A	65.22.32.17
+v0n0.nic.kitchen.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:17
+v0n1.nic.kitchen.	172800	IN	A	65.22.33.17
+v0n1.nic.kitchen.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:17
+v0n2.nic.kitchen.	172800	IN	A	65.22.34.17
+v0n2.nic.kitchen.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:17
+v0n3.nic.kitchen.	172800	IN	A	161.232.16.17
+v0n3.nic.kitchen.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:17
+v2n0.nic.kitchen.	172800	IN	A	65.22.35.17
+v2n0.nic.kitchen.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:17
+v2n1.nic.kitchen.	172800	IN	A	161.232.17.17
+v2n1.nic.kitchen.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:17
+kiwi.			172800	IN	NS	a.ns.nic.kiwi.
+kiwi.			172800	IN	NS	b.ns.nic.kiwi.
+kiwi.			86400	IN	DS	28462 8 2 A1C28EF63FE4B2CA5DE823951A0A0EDF27F73601ECA4371DA74B600190846F7D
+kiwi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bN2U0bxvl3QZzwPU/iwXKMsAtEoM97jc42+rtomZRER8zxcgzKJux3T+ZMd705MKrfZulbNCwpYhzL+1Xjr7hRViSrfigR+df+i/bM0NOjKA9EEnz5/IE3i5stE7OokSIIsiP0HRddbiKk21/1bRgVnP3uIDeGJ3VldwifIzU1ZgHKYF8KnR5UGRBZjX8tvXTzqIYSyCSLraUVeuR8EUaBlTIVD+rzMrniylwUrG6ANb1h0dKA/b+5Rz8Q8dZSppK7EJ8XEpIc5gaVlceuuLPF7pTlCNw5Mk+RxfzuarF/eoq90zB0iNSpOmgj3zX6sc+4NOgq8+mQXuySFmx+4cWw==
+kiwi.			86400	IN	NSEC	km. NS DS RRSIG NSEC
+kiwi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fSMyyEjd8qPZvGoi5946lmAipTgXJCc2mUZmmWEMtvtNv0vzfLygkSQEEsX9ZyJcA2NGB7FsLWfHq28gLs+YV/fSNzVS3xJR1qmKZjRZqsNClSP67HcIBEmaKbPpBdzKMAFakzLqXRn5Ix3RHtnMIAUI7yumZXbYGj8690O2Q2DatlzcBBaHnOmsEzV9Dqc6LCVW1XoUsnUNfE+x7h0EhzQq+ch69E44ZigiEPBJNkndKWXkbmhha8+ItKOp1x3XwUft30MdU3jThHJSFp/fhCwdCCm7SP8nd431k3sMBcvgcSbPQ0yy0Nb4caeOljF7ZzhliM++N8BFkB51ueI1Fg==
+a.ns.nic.kiwi.		172800	IN	A	185.159.197.1
+a.ns.nic.kiwi.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:1
+b.ns.nic.kiwi.		172800	IN	A	185.159.198.1
+b.ns.nic.kiwi.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:1
+km.			172800	IN	NS	dns1.nic.km.
+km.			172800	IN	NS	dns2.nic.km.
+km.			172800	IN	NS	ns-km.afrinic.net.
+km.			86400	IN	NSEC	kn. NS RRSIG NSEC
+km.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l9dzJEGE49xt5aVnT05aHjvw//vH/uol5GjQQ5QHHD8w0l9OhXbCLgn7nUaF60ixYDDpw5MoMO7RWDwjr32YHi30bx2ntWuW9pG5LbpVPju1WSjHpcsCGgwb2SJ4oRbHwPLB/vUBAOSG36Qni6+aPDr9V/D6rbxvPrqaqdobBtlFnY8mqG8E3oYSokXt1pubDSrUsMsxcFBJ/6YWvtepMnAY8lLrzFFRHjMaEfp3zjBjbM1IUM9ZeUFgbGkIwp+ia5oF3WNj8mOHsI2m+H0KgtSHAS+39d21yMKOxGcnBAj2kwl1/L8h0J8rXRy6kHmYfbDQlCc4Km6W3kfsOL6vWg==
+dns1.nic.km.		172800	IN	A	197.255.224.18
+dns2.nic.km.		172800	IN	A	197.255.224.66
+kn.			172800	IN	NS	ns1.anycastdns.cz.
+kn.			172800	IN	NS	ns2.anycastdns.cz.
+kn.			172800	IN	NS	pch.nic.kn.
+kn.			86400	IN	NSEC	koeln. NS RRSIG NSEC
+kn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oMgyBPhc+En28l9RCsq77qsM31hiVKDnei9+7pTG5Xj3439SIwkZ1lPSKUG19v689KzHDI2N7dWC2ovti94WTFaQM2f0qRO66zZyudMlPMQ8BXWmZ32vkH3Yu3wj0HNCfWiDiohRGHXdOXhwABeer7gChl1vhjzOO69xN65WFp+raa/bQFxs/gaJitGUFqDb6y6OXBaYIO1+kygBPoAmXI8K0W0ov5OGuHJbl1Nw6mUUG8Alyn/EVizYu8yj1rYCMGU2tuQQilHRPEyYZP0duWHyiHJFPcIWzF0FOJbpHDKUCIVsqG4GluCjKEntPuD/ssv0OFKokH4Uv8bYlxUJ9Q==
+pch.nic.kn.		172800	IN	A	204.61.216.109
+pch.nic.kn.		172800	IN	AAAA	2001:500:14:6109:ad:0:0:1
+koeln.			172800	IN	NS	dns.ryce-rsp.com.
+koeln.			172800	IN	NS	ns1.dns.business.
+koeln.			172800	IN	NS	ns1.ryce-rsp.com.
+koeln.			86400	IN	DS	48568 10 2 0D64B2D9B1A06897BB24383F1200BCA0E4F4307AA18A9DFAAC28163111F95B44
+koeln.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ce9U4i9yPoludsZjnD1LHdiq1cbcEQHBPTLKZlFNhDubLOnFxxgbVUpz6kSDGtcFPU85ndkFfnnAGRl/Gf7LMgxj+ePe1DudN0SWAFYKcHVbjXLw7KdZNqBmEptBj0APtoW+D7cTVAPgjSlsDwtWmA78hUy4ROLfw5Z9rszn/MfySAEfS/XActA8OoC5XwDIA1pND/a5gG1iHvUmBrfXT9Lfm0DblIlOCmfj+615gQpX1ob3cwDiR+aQN2dRhGzfhJjG8JQxvxU6g3R82Ny16DpWPvX4DrzYlCS2HIU62u8ZT8lNeR3lRX9SNIeXbS27c2zcPCxsjS3e0z/+sYinAA==
+koeln.			86400	IN	NSEC	komatsu. NS DS RRSIG NSEC
+koeln.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ebUjMEUpr8PJAlLOJrwKm4t/XmTL01DNAALJgkjp2IgpojL7keeUnvCHjZ7nskQ8vYys0euDpSYZnWQdLe/V8WrJvbpPuFE9So7EnsS7H7odCqV7a0aI9U8NnZePA3WUcItucj5KAlvFe0OOR765bpfzw+JQoqVpgK8mXkrDS4VpL8M9KfBVjpFOoTKcP+EheMBSidFU02mRX/cGtALxsM4dP9L7yeZ9fxWKcDc6FnhxAV9Ma7fPVctNkBxaDUJKhEDhTIVhpi4Wr4/o+n+5jTopfH19qnXbHPXkSV/dn1HgLtodD6swGgrZpv+Y8FXon3O2RhD91F27GgDMaeZr2Q==
+komatsu.		172800	IN	NS	a.gmoregistry.net.
+komatsu.		172800	IN	NS	b.gmoregistry.net.
+komatsu.		172800	IN	NS	k.gmoregistry.net.
+komatsu.		172800	IN	NS	l.gmoregistry.net.
+komatsu.		86400	IN	DS	11065 8 2 2BAD7D0A51246FEF1F7924DA2D095396B030D518F3E6FB791299B4618EF8B2FC
+komatsu.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UNvxOQSBgWwlAuGVoilSDTCjLOiRxj92R3j4yy+JHM2Jht00gAd34chwI8ZsNIR+Syu1QXFjpdzrW4mne7yuSX4SYHYzh2LM5yaGsR5kdvh6+Jz8XEqRcV0o64SzeqygW0/UAjfcgOU32/nFgBkEpxBBpTb+0QpMPG+xBSLa4BZ1MeMWoPbz8GbCmkI/mf91GP6jTl63XjQ2sHNgCkuwUtdYrIsYGgPtJd8er1fyAXwse+DNq23eTyuW8pQTWN0jTaIpmMWaixFpqD/6B3w+EH/ERwvK0kJiBkxeeXB9bYmJp9g3uQ54EgcyYUk4ec4+jWYS9pojQxxpOCR8/bSZJg==
+komatsu.		86400	IN	NSEC	kosher. NS DS RRSIG NSEC
+komatsu.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HvbX1o+lHtqa45XvGso562YOZ1U+ZwYoxVDiKLQPJSis1SkiuVf1cbXDUQ2s3iDmCPIc5HU2uwUECvjAQutX5O6sOEMeRMmivFU917YHMjj8xJ8I6vo8EsFRribyZru5fHhQS20kLTfwVFvz2r8kW4JATE4/Wsk4B5FiHZ4dlGbO1n30w+zsFSH5Ps036cBrPvwNhc1Y3ZlpkJg4AV/SswNUORR6L0bSRr+iU6/dgGwIfSta+y5+QWnEQEDNi8DBNmkqHr/sntSOUfbiFF0t4nVQqrr5xlrQEuNxNqe0MYvZCNxh+l7JjLFGAjbKi05w7HNnRI3lezqXMRS0hWR3pw==
+kosher.			172800	IN	NS	a0.nic.kosher.
+kosher.			172800	IN	NS	a2.nic.kosher.
+kosher.			172800	IN	NS	b0.nic.kosher.
+kosher.			172800	IN	NS	c0.nic.kosher.
+kosher.			86400	IN	DS	24490 8 2 C4A550145923C0F5EF17F8D247E1E1B1E11DE20B1CAF26605DB23D4E6A5010A4
+kosher.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XVquIvBqT0kJ0jwODxszZFf4dHzVnjkh+xlN15xVldwXYag0CmVZeFCF3JEasycsBZ/taa1bga2HGmKraK+S66e8v0YT3bYDAi//G5qnUqohrtY6pfBgE6KQY1jNc7JzdYfna4HV4tMWzCzi3VTrsA0KnVP67y1ONTxT0r+pzTMXqu2fGwp9LdxLlKfbyBF5VnUc5aRnxD9VMyZfpKdP+PLaICWepbtp/crt0gU9+BO5D+XUZ9hvYC7l+dxqh/GOVDCcptTNOquaAxc6iurfxUXL9uoxJHflj8KZ3IlpQAlt83XGuU9imFNYwUOGc2oa6QbzvLN2Mq9P1eImlgqZJA==
+kosher.			86400	IN	NSEC	kp. NS DS RRSIG NSEC
+kosher.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z0OcrlInaFqqOnU1oBB2+/XfvaNUexcfy4G87/KrmW5422h1VrG/tnVlNJ8UB9p4EE6YFgXEUejTFtZ4t3PIWNQ3WAR5509F8BqEnjaHdBaES6DoS/zXxIAtrjZ6wVZJy7y32OQh1L5Y9tPFZkXqj81mMDDhEfPH5O4Tw+A48Y6eeTP3SpMSdvYLSsr1pVyPz1MmImPpp4ZldXWkJE2luLjtdJNnKrulImS/hffihHz89peYN2WWVYh4hqc4bnzVNM7AgFOgmalHO5sLI1OPii9uWYiDIAU+PgrAR/lWgRD3VygMgaEEdYYq3Y4PmOtLpbHlGf7dXG/yzU1dWXqb6w==
+a0.nic.kosher.		172800	IN	A	65.22.220.1
+a0.nic.kosher.		172800	IN	AAAA	2a01:8840:d6:0:0:0:0:1
+a2.nic.kosher.		172800	IN	A	65.22.223.1
+a2.nic.kosher.		172800	IN	AAAA	2a01:8840:d9:0:0:0:0:1
+b0.nic.kosher.		172800	IN	A	65.22.221.1
+b0.nic.kosher.		172800	IN	AAAA	2a01:8840:d7:0:0:0:0:1
+c0.nic.kosher.		172800	IN	A	65.22.222.1
+c0.nic.kosher.		172800	IN	AAAA	2a01:8840:d8:0:0:0:0:1
+kp.			172800	IN	NS	ns1.kptc.kp.
+kp.			172800	IN	NS	ns2.kptc.kp.
+kp.			86400	IN	NSEC	kpmg. NS RRSIG NSEC
+kp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jNKFk8t1uIggE4/8hBNkvflYRKJS7pemUbhlI3QoUlpz+9mhtkOZdCQWXWE8Rb9sYay7eqHjFPEQEMNhopnZh5Pk7jcbS55WQSZ33UKSEF7uQzcGG9ufgTAE+E0LHJ4hrF62tqnq4q+E1bvyU4on5HzJkedIfZiJUJgFmoqms9LNBYWCYeUat7dBrWvHG5KShl/aOui43UEa7prJwFfgmz40CvZQYM2/Qx0T5ywZGC4NkzsRxclzFbpRnKm5nHjSSObP3V8keKYpQbPscJzOCUWZ4hzPlSxdHaFvoy0zvlG7XbfVcyVSfTf3eh7w1SUdtBNbiHuznVWdLL9es5HBKQ==
+ns1.kptc.kp.		172800	IN	A	175.45.176.15
+ns2.kptc.kp.		172800	IN	A	175.45.176.16
+kpmg.			172800	IN	NS	a.nic.kpmg.
+kpmg.			172800	IN	NS	b.nic.kpmg.
+kpmg.			172800	IN	NS	c.nic.kpmg.
+kpmg.			172800	IN	NS	ns1.dns.nic.kpmg.
+kpmg.			172800	IN	NS	ns2.dns.nic.kpmg.
+kpmg.			172800	IN	NS	ns3.dns.nic.kpmg.
+kpmg.			86400	IN	DS	35407 8 2 9FAA34C98DC55567CDB910E3D068D6E6ADC6646AE8E1085678D41498C0DF9D42
+kpmg.			86400	IN	DS	48439 8 2 EBA8341EF02C15F59E27E356E637D8DC8C50A0989F015809AD057410663A02D8
+kpmg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kPei5jxbWYMRh+MducAMw4o9huYeC40FTI4a+5AMJz6J+Bb8ayfM5QyhD4k9ivDOEeMBkJ56xGpeS/ld2SJtvWZjBcX8GLxBJfiYw4wy961ZpmkI1YWxQMtzsw9qt0ChiIBiqB9JrfEbt3wAY1hEFFv+xyk5wkq6me6J7H9JUyRc+eVF3jEJVTSGfgOEIiLVhlIifm1gY7WWqg5lY5psw/ZM9SeIogXShzSAXu+GpYRpPX+fnPw+YJ6HPs8SmZMLh4C1mTTdrsrF9tIWyOJbq4irPxx+MZXquQjmo72x8OEgb62ivQA/P/0hWH8tshuaujCeLDjPJN1oAliazWfe1Q==
+kpmg.			86400	IN	NSEC	kpn. NS DS RRSIG NSEC
+kpmg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HnugGh6BSQ/vTufAbDr3o4lRX0P8i794WVZnKvR6H055EHrj/HXKBTS++pRwr2DrZwbnxfaQ4vS3qkDYBPf6M8roxy2vsoGjtdJfLQjwUiYzq2mXAGtjQMWCK7q5T9E/CdZV1Gjfe0R6QnOS/1tdbyCT3YoMMwruIR0BF/Mnv3lDJefFdjtkFZ03MjGfgcy/dWrCMQKzmKrsDozKslZ12cOffPFbMt+tl71OLNlQSwVjWvt6v7bWYGNdEsA1R87UbUJsdSdexe9q432Bk/FXshNCOF1w8e0i2YKUO3W/QiuwBLSLchO+f7uQ06xKcgKQzbgrFmCdLz1eX4g/TRaX9w==
+a.nic.kpmg.		172800	IN	A	37.209.192.9
+a.nic.kpmg.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.kpmg.		172800	IN	A	37.209.194.9
+b.nic.kpmg.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.kpmg.		172800	IN	A	37.209.196.9
+c.nic.kpmg.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.kpmg.	172800	IN	A	156.154.144.98
+ns1.dns.nic.kpmg.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:62
+ns2.dns.nic.kpmg.	172800	IN	A	156.154.145.98
+ns2.dns.nic.kpmg.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:62
+ns3.dns.nic.kpmg.	172800	IN	A	156.154.159.98
+ns3.dns.nic.kpmg.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:62
+kpn.			172800	IN	NS	a.nic.kpn.
+kpn.			172800	IN	NS	b.nic.kpn.
+kpn.			172800	IN	NS	c.nic.kpn.
+kpn.			172800	IN	NS	d.nic.kpn.
+kpn.			86400	IN	DS	10051 7 2 F265871198C769849F8ACF952F01FCD412C9B3DC5DBF8FCA98911D5052C0A240
+kpn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GTY75Nxt9ORjgW2dAQmXtypz6mfR5ZaO83mYbjzH55aX6l19CnzrOai5dYnLqAezoKSel/VPOb27aOV9/tGqB+VB1jPMlQQvGnfiKfDcBoO7qMLzTAi6WYxXiH8L6x9boA0j/Le15MW1bel70NnSzn639a5EcFBOFOnO55ibodCamVJjljo1I35yug3FeVmPZp4ZKXeJra8zvQASNtajKvNjFgQTQIv7S2oMAx/KYbe8H6imqSVGGMfNJtn8NOJlf2T5we3mAE9/cfIj+ATBVW8splYni/ZytbgQEH2iqjAz5kDQyGBrDgWK9mkRotVsua8xi8kGyDm1kDC7f+z99g==
+kpn.			86400	IN	NSEC	kr. NS DS RRSIG NSEC
+kpn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gCTDYRdB7+gKhi3Q50wSDFZuDGLOIFnmGZwZlYDgM9FW3vybGrhcL3pFL8rfClQfGGPE1y3N/Ac0vzs4jE4Re7q7n0JnIVBchRFLdrTpMoOL3jYONREzQ7G3MmrAGZbDNG+UHjzoBYOyxiAzxy4/KscvmbVPtYele9qkkYDLYPhbuARv5P0sCIbUF3eWXAUV7JzaI4XuMawfPBfiVx2gXDlKVF2CIMTuH/kuzb40DXbh+SWPRzQMXD/U3TIHudBzSR+t3FuGtYkwaUqtJmEvBr3nnr79buTkKl4J/5a2FFcnU++GCRUyrxnbNJNRSqf8HHXh45z3B01cS/vy3E9a8Q==
+a.nic.kpn.		172800	IN	A	194.169.218.90
+a.nic.kpn.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:90
+b.nic.kpn.		172800	IN	A	185.24.64.90
+b.nic.kpn.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:90
+c.nic.kpn.		172800	IN	A	212.18.248.90
+c.nic.kpn.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:90
+d.nic.kpn.		172800	IN	A	212.18.249.90
+d.nic.kpn.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:90
+kr.			172800	IN	NS	b.dns.kr.
+kr.			172800	IN	NS	c.dns.kr.
+kr.			172800	IN	NS	d.dns.kr.
+kr.			172800	IN	NS	e.dns.kr.
+kr.			172800	IN	NS	f.dns.kr.
+kr.			172800	IN	NS	g.dns.kr.
+kr.			86400	IN	DS	61615 8 2 ED570AADC88713CE2775FB8AFFB2AD782D056EA21D0677E147F2FB7BF54404DA
+kr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SLx2OHO58NvDFPzBORERhqeSAP8NXioAIq/LZZnHLRGVW4RZUGZVCSm5RY0pHj9xvIwOYkRHjIL1sEsAJpjRE0CWGM+npxu4K82aST6nlo/kNCS57LPmjPtms6ettLarv2cmYogynyXCPQf4RNn1Nc/7w5V+o2dD7g3EVb/4i5tBwGsJWrGE+3mHZeaTuq+dM+JhWC1ryh9X/lJbDYL+OqXpyemNLQy/9rYIBD1e2tJ3+CbyLe/WppfOlGRvw4+N2AClTT52DNbKJWnsMZ0Vw2p1ZpXOKi+ZTLp4Ei/aTma/x3YJE9s/9v7eITmsXgaXZ26YZsYNU4izs1ZhRD+smQ==
+kr.			86400	IN	NSEC	krd. NS DS RRSIG NSEC
+kr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SNbmLZPY2HII7VJErbEwEmORqaLpfBqPU7N/DAgSG27gkq8eQTdMvjrRwNIFuzpN5fKcMqDgV78yRNnlISu9zatS5FWvodTFfJHJYePDHsUq2QlNSBSBG1nqTu4WedrfGpNE1oXztj5eDnFWcYo4njRsYqA0dFNQMyRx2EMARYjjpTNsMSh3bOHgBza6iLh8q0PzWM5JONHpTcFucZb8WQYPKYXc8iJxSRtecSGh1eCzf8s5CUa6DPAi6gVo5KbyKwZZczGUXx069Q/o6LeHqtddlv/PcADMKJKMv09pVG3ubyDTm/MmUBlw6YSg+Iu26KQXJEzlsAsuq7ODpOVveQ==
+b.dns.kr.		172800	IN	A	210.101.60.1
+c.dns.kr.		172800	IN	A	210.101.61.1
+d.dns.kr.		172800	IN	A	203.83.159.1
+d.dns.kr.		172800	IN	AAAA	2001:dcc:4:0:0:0:0:1
+e.dns.kr.		172800	IN	A	202.30.124.100
+e.dns.kr.		172800	IN	AAAA	2001:dcc:5:0:0:0:0:100
+f.dns.kr.		172800	IN	A	210.101.62.1
+f.dns.kr.		172800	IN	AAAA	2001:dcc:6:0:0:0:0:1
+g.dns.kr.		172800	IN	A	202.31.190.1
+g.dns.kr.		172800	IN	AAAA	2001:dc5:a:0:0:0:0:1
+krd.			172800	IN	NS	a.nic.krd.
+krd.			172800	IN	NS	b.nic.krd.
+krd.			172800	IN	NS	c.nic.krd.
+krd.			172800	IN	NS	x.nic.krd.
+krd.			172800	IN	NS	y.nic.krd.
+krd.			172800	IN	NS	z.nic.krd.
+krd.			86400	IN	DS	16384 8 2 C87C87E976D19AFD0CB934B7AAC7F85BB0E327D4D63931604F7FF495D0BB1E61
+krd.			86400	IN	DS	62344 8 2 5A1637513252BE2E160BAFA8E86C853914D8418598064DC8A9E23A6CA266BEDD
+krd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fKyBss+YgJw1OVLVYrM35ImuDnROczu1JUfr9USKqW8aNzYhnccqW7CfBVYRuE7xRkRmGj7lajORr5bgFKLQ4PxVYed5L2fuN2uEV+SVY/OjCVdfmzarnAG7JB1XQnnedbNUFqk15JlHPf5QFbk9SkTIfAkv+nTzYuk8fvaLsjI/PVYaBer9f/qBgQL1s7lRhYKjnp5oKAQ62FfWWotDtUhskFbmB68D1GVJtqixpw7kjeuar/QZlzjRz217xsun3dRnMuvt2h3SDBfHmaOLMUXjnDhkJUJ0E2+VLgJ0q2eAjEmA/GSDD5KGa+d6An026mt/+IssBr7GQamAsMsJIg==
+krd.			86400	IN	NSEC	kred. NS DS RRSIG NSEC
+krd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x0cQjzzTuhvZUGiyQaLUjh4SxDyxuxSD4YqHTyVuYBsCKYh3VyS5I6yw1JWyF/A28Azcsu4oln2rcYpB25MD1+33/rKni1Cs+lO/Jve9gHN8a2LNiaHkpe3jwLKtntf7OMfScKkoTyCKK17b3b3ZDgn5l6XdiFiPF3P5rTbnspzVe3jKTTXCVaaF9NRS/uUGWWwh9xBM/6cPsW4iWZY42UOh2ldRc+zOanIONej8aibMNA5Z/FgYfHGxnrlVeCmNu3J585uxBNt3FlVacl1iUivlqTzRrL0Chvl3pNxZcgKrshx7HfZycIkHYgonOh02Q8tv+pwFc2/wulZDIZc8MQ==
+a.nic.krd.		172800	IN	A	37.209.192.10
+a.nic.krd.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.krd.		172800	IN	A	37.209.194.10
+b.nic.krd.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.krd.		172800	IN	A	37.209.196.10
+c.nic.krd.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.krd.		172800	IN	A	156.154.172.82
+x.nic.krd.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.krd.		172800	IN	A	156.154.173.82
+y.nic.krd.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.krd.		172800	IN	A	156.154.174.82
+z.nic.krd.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+kred.			172800	IN	NS	a.nic.kred.
+kred.			172800	IN	NS	b.nic.kred.
+kred.			172800	IN	NS	c.nic.kred.
+kred.			172800	IN	NS	d.nic.kred.
+kred.			86400	IN	DS	7366 8 1 938E9EE09F411E400DD96657494C3FB5C90EE3B0
+kred.			86400	IN	DS	7366 8 2 46BB5D35906260D79F26C5639B8A1FE47061C329973204D07222808035CD11BF
+kred.			86400	IN	DS	11480 8 1 74E467BCA5017FCD4F9F52618BBA52BAAB535461
+kred.			86400	IN	DS	11480 8 2 A9C2AD21A0CAFA1DB04731EF4647140962C88A2DA406C53E8A9D4B3CC46F7F9F
+kred.			86400	IN	DS	56191 8 1 DDFF2DC997DDB6798552294536706D235395FE24
+kred.			86400	IN	DS	56191 8 2 E0ECE602138FF1452F8F8D504ECCAB90404B9F010486F09D461C49FDE6F3A30F
+kred.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lUXmbMS0jjN+cgFPFkmjXYeSgWrfzD/8FkeainHCs/dCDxB/uzoJzA6tQOghn9AgBHidverDLS0LeOB0aUK0A+Lnn968LfbBVHXWPfH2077kzWHoRVzZEq+1mFo7hBJ1KdXMph0/ke8rmybQStfjiyQpYcSCU/Nm5uVDfhuKyVKeZ4bwLqGgsUe7gR92882NWSj4LniuxtDvmjtWO2CyhwYbVBiUC6L0CYPZCFiU0GCZ+A1grcDZ7HSJ4i+qSq6MJJkQcT/AjSktYgXjNqaoDhcNHnoucnpvQf1V3j16b1qm83xlu3vb1b7FwRmSma7vnNH6ESRPcDTYTJaiFPih/Q==
+kred.			86400	IN	NSEC	kuokgroup. NS DS RRSIG NSEC
+kred.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AETFFqPeoEpOlmG+3fQJjFH5fAHR0s1usYZmZLM4kvHI4PO0+pSMKFtWsd2nBfZQfmNaTSg3OTvvpYAHlgIqrcAeFLW66KGKYMxxG0STSRthPcx2YfalUBMPwu0ojvPuC1IPM22TO3pH9TwQ6ThWMuBHMn6h4SmmquGCkRnlJr4hfkcLEK0b9h5M+rgs7fSOtF71JUyyDo0uuQLzhfqzneKFigKZ/bWYFvo1I1xbbMWqsf3qji8bGg/uiq3ZDE9fjT0PYMwsdlWzL+BnZPcD3oHe+tr75s7JA2aYTTlfi3cocwILKDxbP+GMM2nYuPUX4YPpmsVCB/FBgBhgZnuj3Q==
+a.nic.kred.		172800	IN	A	194.169.218.79
+a.nic.kred.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:79
+b.nic.kred.		172800	IN	A	185.24.64.79
+b.nic.kred.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:79
+c.nic.kred.		172800	IN	A	212.18.248.79
+c.nic.kred.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:79
+d.nic.kred.		172800	IN	A	212.18.249.79
+d.nic.kred.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:79
+kuokgroup.		172800	IN	NS	a0.nic.kuokgroup.
+kuokgroup.		172800	IN	NS	a2.nic.kuokgroup.
+kuokgroup.		172800	IN	NS	b0.nic.kuokgroup.
+kuokgroup.		172800	IN	NS	c0.nic.kuokgroup.
+kuokgroup.		86400	IN	DS	28711 8 2 19C2733EEB5AB3B49CE9D819206870D68B3BB15DD07F69F99175E27A984ED8D1
+kuokgroup.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GGNOw/nenH+2L8AA0B6xVGmb0zFHkburgFGcq70kKdlVpaZR5bHCWAXaSajU38pSCRICgjwy5qqWENMKoIYfwxCpWgPITVcfDJtQU0OP2kDjW/SIHhHtr3JfloWn53PAE7SIf8U7ykgjwcDlQiv8z32V6byvhgUYynh14VAa0j/bHdi2sjBpJjFEtE2aczjfWA+Xli12swZzhiNDpCZ9nPsyQPoWYKk/kd474u2MNxolswBoUgxNjrrKYTmlU8b4Nknz/FcySqKs72UqSHQcaHBxev84nsCsyVhgO1EXT/hipvRT153Z2L22dincwEZuIK0c3tw9HmNyEhXz8Y2O8g==
+kuokgroup.		86400	IN	NSEC	kw. NS DS RRSIG NSEC
+kuokgroup.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uY5GmCFx4kRCfkNOIJxGBQvUIXhj3nPSYkWdP5VZSQBDyG/2VZY5jBBnDZZWMF/17GuAdKYqrClt1Vo3GWJsD5Yf98wkUUpwH/15eFkaxVdhl5dA5IeoZdycvZPgVimWhbywNkLTyvRPqMc5Sx9WrGy5x4B0Z3Cc08VictW2saF+c7Sjg7GdrgBHiDYLs/MGLzvKDHXnqWUOqqXj/yUZrGjndfDBeqlJQySEuA7OXhfrh0+ax7CPi6r7vdAIif5bIM+BuUJNBlUsJioQa5sWgBkMLd8hFqDilzpBaCBOG4U6z2Mbh4tFQKUsiAUYfSAIsk1N1T5T5809fosHi4wbHA==
+a0.nic.kuokgroup.	172800	IN	A	65.22.112.56
+a0.nic.kuokgroup.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:56
+a2.nic.kuokgroup.	172800	IN	A	65.22.115.56
+a2.nic.kuokgroup.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:56
+b0.nic.kuokgroup.	172800	IN	A	65.22.113.56
+b0.nic.kuokgroup.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:56
+c0.nic.kuokgroup.	172800	IN	A	65.22.114.56
+c0.nic.kuokgroup.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:56
+kw.			172800	IN	NS	a.nic.kw.
+kw.			172800	IN	NS	b.nic.kw.
+kw.			172800	IN	NS	c.nic.kw.
+kw.			172800	IN	NS	d.nic.kw.
+kw.			172800	IN	NS	pch.nic.kw.
+kw.			86400	IN	DS	53599 8 2 C5646A4E1BEE8C2699D3CC3C4F597F8767B85A134FE5EE5DFE8B3D25B1534D3A
+kw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UhrIpyKGhZW+bOzsqbe8TJf0lE2FxZqZVWJJvc7jOCE9eHey3FvFKjg8ZrMAQ0OhTbl/pedGcrAfnNlUj3k2OBu3I9/zLlnZw4nzpwINQ4ZCeizH4K9p+JoSNTocGnLi/b6ajSoa7fRCRVdJ2Bf05i32nr/aoz5aIlpcc7HXfy9ArgQFqwOi+WSMyVap6+UEfFS7akUgn2m6Yqf6aIS8NRILLZxKMJXQOdDYQ0tvw9td1CXHkTzIr/SMR2LLFS8j8H+66LPuF7SfBWKcVvhRYnOuVcZfYmiggM7R0S7Xmi8cy1hQMD/KAgFRo2mb72YlbS65Ht50ztip5bAHJCOPSA==
+kw.			86400	IN	NSEC	ky. NS DS RRSIG NSEC
+kw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SsWXaPpGw87/rXkaytb0iAVTEpIgd8doc18NUEDr0b9/fHenGv0RGAUWTg5HSgxONdbzOyhTuB/KGnOaTWBbWaH6RXXYa1tK3JgTQBL7AFEMHn5FcG4GDvbYmtfAbd4odk94p2g8rBBUlHxUskKpX94FAJjAH63x0YM6b6LPFXMLU0Fnm6LfzT71AYKWU4R9XDt27jKOD/VlUviwBSSe8iMi/1tJKimztmVZZYhIKu2g8om638VdUNvB4yZIfx3TmsnuEUj2UElOIJnu7YewXFy7EcT1GAF8XcK4oCA6VhyDOpB+2/AIzq3485G2hIcEqkV4q4Ary4tOe8t76nfQ8w==
+a.nic.kw.		172800	IN	A	54.228.209.46
+b.nic.kw.		172800	IN	A	168.187.100.84
+c.nic.kw.		172800	IN	A	194.58.198.135
+c.nic.kw.		172800	IN	AAAA	2a01:3f1:3032:8001:0:0:0:135
+d.nic.kw.		172800	IN	A	185.42.137.135
+d.nic.kw.		172800	IN	AAAA	2a01:3f0:400:8001:0:0:0:135
+pch.nic.kw.		172800	IN	A	204.61.216.118
+pch.nic.kw.		172800	IN	AAAA	2001:500:14:6118:ad:0:0:1
+ky.			172800	IN	NS	ns1.uniregistry.net.
+ky.			172800	IN	NS	ns2.uniregistry.info.
+ky.			172800	IN	NS	ns3.uniregistry.net.
+ky.			172800	IN	NS	ns4.uniregistry.info.
+ky.			86400	IN	DS	38821 13 2 7FC55D2CABBA85A2CA6831ACA0565A64D7AD91E4861B114F317392B680DC6CBC
+ky.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EHlSknxiCt4YGjMr3EcrSlJRYRotj9Em24TEdkqYUWumC7iltHTUBiShUO5wvVObwJU8VWQLwmAf6IYMM8uTpAT5lI6BnqvTQ6tiP48OzGUDgF6kZAOGokdLAVWVUlFqUM0fhnnK+XRSLqK3aRa+qphLk3edluPETIwpnfrFNc13RRNclACnzeiHy53X+Rqjl9mtF+AQqsitWUWrkxtk1mLy40CG8Hc2+j2GkY6y92+Mutq+1hX2OLcfckpdxpPvN0gUImYgnAn0+e+vWZkWaSsfN7rWJ0Tf7tTK+8qW/W0c3fxBw3NHCNM5sJYdzvXiEB5NStNi2z3oVH7wc75PdA==
+ky.			86400	IN	NSEC	kyoto. NS DS RRSIG NSEC
+ky.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JBqmxDAmle5lQSO5d17wZDHSMcS3nMeuKIpfNiCHxn5eg4rVr8mJe7Of74YhM7sUZ95XdRW5KnReReoIElky4lujDK4XH4ZeIF+pyE8vDDQDShDrSrDYjcbF3Q0kpZYgBqM/h3A3mUXB6elxsurEkzTxqAydEtXygLE09aLg0Ii4pmY5kLUViHhg0P/paNtQkGgOz2Ak6SaJ/zuuwdo9HeSWzM4FTjx6vvnLNkqxIHdscZ/te3JIkH1WwSmM+7z/KOk5pLW48UFwZZKsnyso/SV5IrCDIw5vxy7ZlyLjEm+W3G7fmgtv8IeC8GhmjQsteLSVhrtoqzsvtSd9Be1tpA==
+kyoto.			172800	IN	NS	a.gmoregistry.net.
+kyoto.			172800	IN	NS	b.gmoregistry.net.
+kyoto.			172800	IN	NS	k.gmoregistry.net.
+kyoto.			172800	IN	NS	l.gmoregistry.net.
+kyoto.			86400	IN	DS	36767 8 2 E5237B981FA00A1F097E791E68F746F2596B7B111F07A2F824C265F98AE5D861
+kyoto.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ia8GJap38e0YPYZFcBgCz1UnuCP8z0xa7QBWjssSgM14coIv0riQ3U83Gc8DtiAz58Q3k3hyn35DM+7vKp/Bzn9+xyC8K0an+mPJCJgaTsyLjjk2CBIGwU61HvzEWClHrywGBgI59qJ13oW0AZKAfj3mEAOpG2HYajs48x6fqwdX8CPQEL8Jz7yWbaketjrJpNN6UHCSZgRqxD+jmAzN54wbeOTz8nWztA0h2zcOWLtBD3DEin0JxV1Di6dRT4Z85pUpMzRSUUZco4BP2hAXn4neWPeOuBMKjDfie3LMChHEoccGkGM4bLPGnr+2BIoxzLsJZ2fiHZ5JfPrODZX0Pw==
+kyoto.			86400	IN	NSEC	kz. NS DS RRSIG NSEC
+kyoto.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a8M8CQsVpVHXfU7Kqdyjc7nkQ3y+nGBEkVG3Xsx7t5jvGm1PuEgIYm3dzzDP14lsqgKLU7DecTQTFIaXnS8NITlhvNVgwVbMKQzn+Mlii+PsWAyl2358I/lTBoeBjpQL37HvwoPM7Ng1+9PQkYhKyMrw8iiO00iHN0LVZiU06HcMHKjXShhxp3d4oF9BmB6gwWFbo/WsTCJ+Eo6axcXUqDht/6DvHKAW3+8FTJc+LXBR5PeJ8JWazB08ng0Tu/14x/Uoyicp7aPCJMHfWzir9ivdv7GyOfPx5W60mYt7D7wqv1f6VUSr3cmAb2DwiZxxKoOBOb1Ww1mjFeP4IkosvQ==
+kz.			172800	IN	NS	ns.nic.kz.
+kz.			172800	IN	NS	ns1.nic.kz.
+kz.			172800	IN	NS	ns2.nic.kz.
+kz.			86400	IN	DS	10656 13 2 5CDF9266FD5B325975A21BF7AB865C3FB0B2A6A835196FB47B4F80035E8B094F
+kz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nv25Q1XeAj0caIAAJPj/2fSyUJK7MPLPMNa8agCtZ4N4tousQa9/nUPNIoXCYR4b/kPT03IEeFuy1wgSsYnZSi+dt1vjdUo0Z24D8VX2qAwoRvsY8EfZS+QKxR+TJP23LzjsPqbtS5vggQC0gC3IyN/kHnnhXaU9jc7tVUgQMycYCc1f+hgbeGkX4LeSd9q2p2PkntVP5f6x0/EoNEG5sa4zdRXDjvouaUA4SdAKLwnHzl1yZrqkFyle6+77+DLSnNAo054tIfqDePSnXsw5EPFcqxfdVds1Qso/ShLccDsG06IlsNpny2P0zRcwHprSZQSmbertZClteLpYSa4+Bw==
+kz.			86400	IN	NSEC	la. NS DS RRSIG NSEC
+kz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . t+3c9UnQmHOYcE/WGGn1xY7/OGROzPD/msVxrC4jQfOpCip3LaaIKHS3XX7+jWPgSMuFlsNyOvSqqIi6GKlIZGZkHeu4fWlDukL0bnZvGugs4rALUp3ZtD5FBpiwSA1hLy1h6G78yohljJ2BN3hfne+xVAP0n/0xkLojFHZFAaqxTxsVwjEZfqRYzXwJf6ZlhV3d9LyIsnI0DY1Cqqy4LFI460b+ZNjV4rWD4VJngAyI/ldcgdwlHL1q+kOj8Px/lPpVidcc4NoiNdqHkND0bT+ltqL8hkSIBJpX3HUim6FHk3qDhHoAI/X7Rg+qfB1NEbId+sosFtfRhMw4R2OSxA==
+ns.nic.kz.		172800	IN	A	194.0.21.5
+ns.nic.kz.		172800	IN	AAAA	2001:678:98:1:0:0:0:5
+ns1.nic.kz.		172800	IN	A	185.79.212.7
+ns1.nic.kz.		172800	IN	AAAA	2a01:7640:9000:0:0:0:0:7
+ns2.nic.kz.		172800	IN	A	204.61.216.143
+ns2.nic.kz.		172800	IN	AAAA	2001:500:14:6143:ad:0:0:1
+la.			172800	IN	NS	ns1.nic.la.
+la.			172800	IN	NS	ns2.nic.la.
+la.			172800	IN	NS	ns3.nic.la.
+la.			172800	IN	NS	ns4.nic.la.
+la.			86400	IN	DS	42973 7 1 1F0CEFA420E9101BB5791F3AB93E85917A72978B
+la.			86400	IN	DS	42973 7 2 E7D0C3BCDF60E8D842E882D90B4EC263C8889B760098492C798841C13B4EA13F
+la.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Vlg1Rr6Fcwaku+F0njuwUWt4NobU/aYR3Z+3mCKDE1uXbvrG7xXrzG5qozIR4w6uFjgfG8s5kkTMubEGOnGm9j4OIn1oBduLXlsvgBZZRMdanfoBtslf/Wj1/Lgp96VhNOFdPNSxrQoZIDLVUqwnEHwu+x2UfHkD2VbaXbX+B29YyLHz53lq9GhyaMvTHb1fsmXBu/u9NCNxoIP5ZJkFWjOSvm9XaUKnUc9FAs+NuFh2WOF2fhRimhYlNNw+wf+Y37onzkteO74x8dXYnQ+Ksoc9VBWWwweSHrMn2yk38xEq9Fm+ohy8yVGT9RndpoEBvEN67x7raZhzGPLha/t74g==
+la.			86400	IN	NSEC	lacaixa. NS DS RRSIG NSEC
+la.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . llIstS0Om/vpi3W9+2wHJIAxciFULNCEXgiI0WPrcXVbxAV72UXGs9I4IUbfP5FbH8QJzVs1pjgzOZC85Swgk7A9nWcvY3q6bpGGtsaewqkgA4aMEncYqQh4qZPDUOhIkjoOlnHsWaAza+OVzwpUTkhZxX/7MgQ8qcY3fJaoMxgqAAMZF/tqg9zzwEhbq8DgagFVN3h0TETXXiA12KNCuYMiWCjzXmopc3UlpR/Y7jF30OZtMhf+ELg2RJ8Ix/+4ikozvXKhTjsX+/ln80/creJwBCGhQcghjmmQL0Yjkpqo4qux2mX5EPyFAhlDoMjZgGWhsYSHpeLEJn1Gdq3jZQ==
+ns1.nic.la.		172800	IN	A	185.24.64.15
+ns1.nic.la.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:15
+ns2.nic.la.		172800	IN	A	194.169.218.14
+ns2.nic.la.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:14
+ns3.nic.la.		172800	IN	A	185.24.64.14
+ns3.nic.la.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:14
+ns4.nic.la.		172800	IN	A	194.169.218.15
+ns4.nic.la.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:15
+lacaixa.		172800	IN	NS	anycast9.irondns.net.
+lacaixa.		172800	IN	NS	anycast10.irondns.net.
+lacaixa.		172800	IN	NS	anycast23.irondns.net.
+lacaixa.		172800	IN	NS	anycast24.irondns.net.
+lacaixa.		86400	IN	DS	36309 10 2 1472BAB3DDF6CA893B478BB871E9C9A21C0E01D468C9A9117771E29BCC93D1B9
+lacaixa.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GRroItj4PPU2VdLNk8GtQpcvJebnFADwKos4a4nXMECOmpbnNYtptINkoIAH5EQKGCyxuWGDo/EHbjpXWWxZjE0kbJTm7KS9VWdLAJO74VvJPv+53F2WQ65vakWPPOxqymV8EJv1aHsBlrCeoelWs8L6YalAr1TJ//iy2rYo8yV3szFi5ahbLQiKHnJAcqgcvJ5M3kul5JuH3XrDQLyk4IwmXMWTUxvopJvKgletw4VblUjLg0+ub8FwR8TZ3nrh0SC5zYM9dNTVuS5ggCJMHZxzVtUihpYigP3zEdjY/nxQE0LDYLOMkpxklfqyydxvHrbaljxbo+mZLfqUoX986A==
+lacaixa.		86400	IN	NSEC	lamborghini. NS DS RRSIG NSEC
+lacaixa.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aYk/GUEI4VixvjCwq74uRAycPPva0JJVQoWxjRVWuDwOfLZKPWSNzyPIRHGxJNv0Oahy1MzM3+VavwpmTHxJp6Lc1jkqjNXegjgZsd8xjNoFSkX6y9w9May4SnC9vV4hXjtPDJVCABoxbNzQURnCa1jaN22DKLrjkAHf/iQwuzIn3vTyxKpaMDWwlRC7dopXfL26THM4Q9FxRc2cDMnT4H8VLtoGOsvJuaN33gntWcHZJ+Onigb2RjdpBBB8FZ9oa2wOAX/eZWE2kPldAXcsxpTThbJYij6fX9t+P+1gauqwG8Dj974mSh9lMBL4oVFCXbgEc+Ryd1xZmrH+r4eQIg==
+lamborghini.		172800	IN	NS	a0.nic.lamborghini.
+lamborghini.		172800	IN	NS	a2.nic.lamborghini.
+lamborghini.		172800	IN	NS	b0.nic.lamborghini.
+lamborghini.		172800	IN	NS	c0.nic.lamborghini.
+lamborghini.		86400	IN	DS	61360 8 2 A10D1EA44CB7FB0A404807548F2CABD4DEF69B874CE31632C870E108C673CB09
+lamborghini.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BOxgbutBbGhNaf/BpuEBEec78gc3Jag/iZAfdIo7REmVAjV9BsPNuiPVIkEVwsjNRsr23iZ8Uw/FJbwhKxOUML03dqQVBWpQIeJv8+U8BFY5xDtQziwaCN8lT/15pJ64aEyZiXhCXYX8F+J3L0K7pJG/MUg+OJj4ya3NPtKRMiNsoBwGPGYaoZe4NCICZREKAsosB1yEPYJzHZ1YDBschZNdBAR62uGfP0qCL1s1ZkgzPlqdwY8eKUGXX/qidSsXTBFxSjFFZ/7CXs5yY03PNG/0X1BzM2OnGSV7psiWAFl6qsv7nLCdgVQ9l6dwxt+Xd06JFJ9g5/EaNbJkuZFJOQ==
+lamborghini.		86400	IN	NSEC	lamer. NS DS RRSIG NSEC
+lamborghini.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fWGQzebo8zIU26fw+iyKsDDYvnv2rzsqmCyRkGdrgQYWV+E2R+QrLqp51x2GEsB8fQr+3EQ1Gp74gmXu8dNMs0mXnpE2G2omSe3kiFG1VbBLbN7p/Bi5ggR9Rgd/MXtRAb5M3tkLhNw6QIRB+Fieb55GR5GW+50tjKz9keC4YiYsatciZXQYwBfWGh/Z/j/vLdE63FYngEnTdAUhwbZKxcATr/FXzQAsUqZWjDZsEQs9YXl706Lhbtia5/GsZjb9g4OBETyrAW6UtSgnsGA0dTmgYJQeoic+l9qra5cocKc/myyv1AMZMUrEZlIBbxSO4eZZQIJ3Kx12o+zkhBnoKg==
+a0.nic.lamborghini.	172800	IN	A	65.22.208.33
+a0.nic.lamborghini.	172800	IN	AAAA	2a01:8840:ca:0:0:0:0:33
+a2.nic.lamborghini.	172800	IN	A	65.22.211.33
+a2.nic.lamborghini.	172800	IN	AAAA	2a01:8840:cd:0:0:0:0:33
+b0.nic.lamborghini.	172800	IN	A	65.22.209.33
+b0.nic.lamborghini.	172800	IN	AAAA	2a01:8840:cb:0:0:0:0:33
+c0.nic.lamborghini.	172800	IN	A	65.22.210.33
+c0.nic.lamborghini.	172800	IN	AAAA	2a01:8840:cc:0:0:0:0:33
+lamer.			172800	IN	NS	a0.nic.lamer.
+lamer.			172800	IN	NS	a2.nic.lamer.
+lamer.			172800	IN	NS	b0.nic.lamer.
+lamer.			172800	IN	NS	c0.nic.lamer.
+lamer.			86400	IN	DS	59092 8 2 F92E0E3F77B71FC4D1D69D18D013EEDCEF963C1C889B7DD1CFCE17A7E4E5B1C8
+lamer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MC+k0RgzM4+5vx+N9/q5zEUljtDXmOLl91YJSXaEEhNUvlUT1O3sMLjkLwFEoOXU0ZA/BD18t+p6vkm/m7ZjOs8FLCOngF0RyHOeR2eePgPChVhH2VzppbD0ks+aK+NoLMgdiao1minzVebPB3Kb3iiyOEQTydeSwYPwzAvf7nUOtwaxBc+OotwqMpMfuvklgZl3UT4VcFuJZN9sWw7nltRj+AaUZpw2XOHCMNpIAFZD/s7YuEtptmjqaauFkj/Cg+YFbgiipN9ynMdjzYr6wKhAr4NSVw6/CmnAZKArtGqXwG1t/u4TOguzLCmVG/aNtt0oWq32aTvb90WBTJLLPA==
+lamer.			86400	IN	NSEC	lancaster. NS DS RRSIG NSEC
+lamer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O1R86Ofhu8h3Mpc403hgqVUjLLozLT8IoywMVDmD2Pw88HzX5qDhKGT4vSVnUE5SoHkqTydBdkmpqBkW5+N9V5wegbmz5sx4TLuLeVTCvpeUluIse7bFxXXNLIclnCQRcr6ChswKrUp3ZPOdSocJSiBPbLAWergxifluvGmEsXousc4Uu+gwcj1/lq2mt7OkSxtNsJ4D4u21+BjOo1khVtP2LNMBjm7WZGosFF5BNvNMM0tXBlyHuik067khLVM5VdtMdxoOfEhcceXvtK76zHhouzsmncqHo6jsdCCECSzXzLUCmyLeBhMzWR1RWKbXBNXeOjwfdZOJUQdKquVsXg==
+a0.nic.lamer.		172800	IN	A	65.22.52.25
+a0.nic.lamer.		172800	IN	AAAA	2a01:8840:32:0:0:0:0:25
+a2.nic.lamer.		172800	IN	A	65.22.55.25
+a2.nic.lamer.		172800	IN	AAAA	2a01:8840:35:0:0:0:0:25
+b0.nic.lamer.		172800	IN	A	65.22.53.25
+b0.nic.lamer.		172800	IN	AAAA	2a01:8840:33:0:0:0:0:25
+c0.nic.lamer.		172800	IN	A	65.22.54.25
+c0.nic.lamer.		172800	IN	AAAA	2a01:8840:34:0:0:0:0:25
+lancaster.		172800	IN	NS	d.nic.fr.
+lancaster.		172800	IN	NS	f.ext.nic.fr.
+lancaster.		172800	IN	NS	g.ext.nic.fr.
+lancaster.		86400	IN	DS	63656 13 2 847B427327BF07FD61B821D3DC537401D3AF0371C0771BEBCAF2CDCF51AA108A
+lancaster.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DSO8mm/vxxCux+qMMO1brWH9uHJZlRUpNUDXugzV+R39dFaXWoZscipJ6hHpM0XHoHbYj1BzDrM//FP1FKvaBxzSP6xcPBK0CPk3TVrzebm7/nKBbScS4emETAwxoXidt5e0RA5J1M614IumrWWuZRZ940CTXG77V4JHyU0I/GIEud18wWIm5gLF1f3l9gWrGJK1LYRHcsbNcQP2Vyv6ddpeFhwhr70dF7BNI3aUxN5m/6UE80LahRPqB5BLYuyPs4HaSxTCDJS69D5lEVF5jGKaKB+WKfYhgmqkj3J/GlscN1n0R6bGE5yVLhDyWwSiLthbptjNkLWcNGRGU5NyQg==
+lancaster.		86400	IN	NSEC	land. NS DS RRSIG NSEC
+lancaster.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PIq93GlBkv1cmXtaNc7sI9FuzDap1FwzQDdPNxQlZHhIw4sY6oDVgsREeq2AxRtYzo6YH/FpSd46tMbl6BPSWz68C2XjMW3srzjrRcQhVsKSnbJgdhRFPlIx/6Akds+vFRx/FZn9rv895Mw1RbbrnhdfFXoEri5yiP4+6XVc1DWoZAOD8tzk4TEMFODJOzDVyVreBSP7PqcVVRPCOTyF5QuqW3VqMN/39FwXmiryJqOzQ598svdqee6afPXa2EajX0rBgjTcvexEioRRSLG5eYhrBIuFC28K+o4NhX5W7wWHAPecIMxbpEPTGtDS6xIWirGQlHvc6DqDcQcPojcu+Q==
+land.			172800	IN	NS	v0n0.nic.land.
+land.			172800	IN	NS	v0n1.nic.land.
+land.			172800	IN	NS	v0n2.nic.land.
+land.			172800	IN	NS	v0n3.nic.land.
+land.			172800	IN	NS	v2n0.nic.land.
+land.			172800	IN	NS	v2n1.nic.land.
+land.			86400	IN	DS	6595 8 2 7E0B97BA96C8437478BFB2DA2F47C51CD530A254D8F9FD7612C30D5CE7FA2FC3
+land.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GP7zUxOSX+jA+vl2IgSgx6JTh0DXsJ/oiGe4z+kz3Glq/mqxU0Yju27ksy9kuYtjriB02aQ77bJ8C1a5YIZxwRDhdsbFL4ZGMalXGJl9HBer46PbAsmZ9RI40ovio++KRmbgWLdZg0fLsK+v0zRZkOzYPgI/7qOsUkVNi1VHq3YmZorMPb+X9XULZnFJXwq7BrplTFkSLVTadGjb5Fmp2q4JFKQOi6GpFNgaGRPmNZzbqCgyMPgR4KLatpnygXDLmSRUC0P+5VqsYjGw1T7TJq9sFcOOJ8A0HCMHCeZBLOQdx4f50EaytzfoyJcMUCmGDivKiZXLMR/nacP9+QvTJA==
+land.			86400	IN	NSEC	landrover. NS DS RRSIG NSEC
+land.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F23mn090q2jstotJEYrGq1tr3IE+Np8YzXh8myczmfRhP/QSJT8eauSx3UCjNngZ3Jq5N9I/+cjyK6J9680tkCJZr5+qU7h/V8pQr3RGQBgvNaeFXAuPwJDTWzshGLmAMxv4tV8ONvPNFWiye/BxqV1smdxgRGiJC/xBaUoLaoq+hQNKmmrvVlEPraAtKxtnmh5SYFxfFDYhN0Swy9na+Zm3aN8YzbssJ1CHq55y8hTV5cD6O3hChVz/JAMwhy8/5zlNpBGNsBUBOrPrsIJ9+/EHYe9jfOGaACG8Epb7BYaq2rw7VG9fFz8uDdaDbR6/ruUivfKU/JfpCm+VuyaPzQ==
+v0n0.nic.land.		172800	IN	A	65.22.20.11
+v0n0.nic.land.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:11
+v0n1.nic.land.		172800	IN	A	65.22.21.11
+v0n1.nic.land.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:11
+v0n2.nic.land.		172800	IN	A	65.22.22.11
+v0n2.nic.land.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:11
+v0n3.nic.land.		172800	IN	A	161.232.10.11
+v0n3.nic.land.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:11
+v2n0.nic.land.		172800	IN	A	65.22.23.11
+v2n0.nic.land.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:11
+v2n1.nic.land.		172800	IN	A	161.232.11.11
+v2n1.nic.land.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:11
+landrover.		172800	IN	NS	a0.nic.landrover.
+landrover.		172800	IN	NS	a2.nic.landrover.
+landrover.		172800	IN	NS	b0.nic.landrover.
+landrover.		172800	IN	NS	c0.nic.landrover.
+landrover.		86400	IN	DS	9545 8 2 8228511299170DB94D53620E945E5EAD65BED2F247121A70CD9DFFB37674DB69
+landrover.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t2ZcpySodDT1/hCayQqZI52tTtzawPAtUG2vA1Nao5rPHjeZPqnKxxq4iijyOat2MbYc4qHpAZKRvNz9AkepAeCY8U8EFL/WKOGvhnUttzA96iUYL7CtIskeu5HNm02/15w7tFp4IEt6aq8jBhFAgTBP2QXttMPXt2vLMoSmsRDcQzSj7aJLBToVSS8LPwgwdXc9vGYoTFSgMVUMdz6JpeNzJoxS+i00hn9HQd73rjntW1Oddrum/qwUf8V51bX9YrEp/1vZjUw244E4JLFOkkYCiPXqGasweg7VVbzfqrf0PyeCBYTdrCRCQBrc8cfv4kR77LHs9wPY0N11fH/Big==
+landrover.		86400	IN	NSEC	lanxess. NS DS RRSIG NSEC
+landrover.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . As9xR/H1AnSQlbjdudXJNh7uRifthzPRyxI2RdQLWqqbrNl13PpHdhi0HAU29T9ssHVIPxwtmyiYeOauEC4i0FUats9oW2vVpVmrH4arWBP7H/8siVt4eaNSAkRq6nCi1NHejMJk+kR9Rkz7ZvQ622Rv+vfh9EkEz3N90A9fF6NcbNeLYkHaLPdVBbzB0FVcR62mIKxlYDujGpWjC09zm+Qs7Gfmy9vpjNAJZrogpU4zmAERC8cdVUfeju79clZA6rPiNCSKFucezbcmgW3iExwsNZCFXUWzkT+ppRCSzj8r5vKaJ8bH0FTchX26bFLQZdAl7dI5eyV5rsqgfZHqqA==
+a0.nic.landrover.	172800	IN	A	65.22.112.57
+a0.nic.landrover.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:57
+a2.nic.landrover.	172800	IN	A	65.22.115.57
+a2.nic.landrover.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:57
+b0.nic.landrover.	172800	IN	A	65.22.113.57
+b0.nic.landrover.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:57
+c0.nic.landrover.	172800	IN	A	65.22.114.57
+c0.nic.landrover.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:57
+lanxess.		172800	IN	NS	a.nic.lanxess.
+lanxess.		172800	IN	NS	b.nic.lanxess.
+lanxess.		172800	IN	NS	c.nic.lanxess.
+lanxess.		172800	IN	NS	ns1.dns.nic.lanxess.
+lanxess.		172800	IN	NS	ns2.dns.nic.lanxess.
+lanxess.		172800	IN	NS	ns3.dns.nic.lanxess.
+lanxess.		86400	IN	DS	27220 8 2 E7715A76B9EC7C6F1F6553100BC86F7C705078B27A8AEEF20A3CEE83A939069F
+lanxess.		86400	IN	DS	42049 8 2 8F36C334345A3308D0E6C36974EFFEB13B3B5C0297A0A76443311A5BF98E01C8
+lanxess.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . T+XfYYdbs/GR7TOunuZZ3+rDh/4xlqt9HHPMF4o7XMVCqN/FbMiCqpdacMR+J7gquGm/aDzZSCj6JugIYZ+RNPYdWS5GmWHT6osIB1VsNzs6MXT3SEo88Jv7S0pwfx6rj6DOqMGCXqUhpkgT+CyIfsX60G9wsGkOfozL2TvQuWzX/UqYiHwllgNyLnOT5y1nXL3hGIsr96DZiCNXBXrXMF6Dc0baAOTmZZrq9bR6RZWnH0yrB39tUozd6CCP8Xk9t6m2mQVm1gC5SP843bf7lLzxdPe8QXqXqha4NzEAmoitFieHVRMjLIAKKJWJesqIijQ3dXsmkqeczxNpbUvMYw==
+lanxess.		86400	IN	NSEC	lasalle. NS DS RRSIG NSEC
+lanxess.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ygi6f8n4O1/9TblShX/liuQb4vXstYTDvyRwVtLrIfXwhRYVC6cLn9s27tWsgsGjtgaYn4LtlEIEpISjLPkczWa0seEDxqvkxrsAjSxORMVcraRmfXlWXgUmsLLpsZeZHMvU+LOSk+d1PQZ6Q7IujfCcGjrxCniE2I+csx+ptvjJoRhTTAqZ8DIqfw77RqqGM10mk7DsAdL9f/Ezi35e0eyL3zQ6i1eUxTeBlss1V7DQKVZg5SOwNyT/mrdtDXRyZc14igJqDdwdLVgCLGtIa24+AzBHXVPpMhRhtSjJjOEc/Hx1djkcY9Cb873HsMDUGP98SDdyMx90RT8ww7W9Yg==
+a.nic.lanxess.		172800	IN	A	37.209.192.9
+a.nic.lanxess.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.lanxess.		172800	IN	A	37.209.194.9
+b.nic.lanxess.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.lanxess.		172800	IN	A	37.209.196.9
+c.nic.lanxess.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.lanxess.	172800	IN	A	156.154.144.101
+ns1.dns.nic.lanxess.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:65
+ns2.dns.nic.lanxess.	172800	IN	A	156.154.145.101
+ns2.dns.nic.lanxess.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:65
+ns3.dns.nic.lanxess.	172800	IN	A	156.154.159.101
+ns3.dns.nic.lanxess.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:65
+lasalle.		172800	IN	NS	a0.nic.lasalle.
+lasalle.		172800	IN	NS	a2.nic.lasalle.
+lasalle.		172800	IN	NS	b0.nic.lasalle.
+lasalle.		172800	IN	NS	c0.nic.lasalle.
+lasalle.		86400	IN	DS	6184 8 2 B7CEB81D5279786BE446C8D6981F911D3CB31DFC7E192DE510C6D489CA3BA370
+lasalle.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SKdGtwwAcjrMHa55upif4aCntFf5mhKizpw/CYe9ox086U5azJ9Ny+DrhbzqD+Bfi40RhzKLk+hwy+6yUxBB75s0erXyaY7lg3T7ou9nk4WnDufD1GrMoMhkS0DIx1uKoNwC4hoJh5sTS49H41Jf/1JJ/f/mc7hFBB3Yv+TyrPDJjjJNUwbnq04Mu/V5x2NYTVu9gTq4AwvkSQyjVfOLV9Ut1RKRjCino32wd33l1d5NijPv3Xj5wxmIzz4vracM3PIjzp3DY2HyheeuDkp6nweuTpStxlHCmQcUIJhw8zCcg/tZtlR/2CYdy0JVOtMrAhpLlefCRe218nLivAsdxw==
+lasalle.		86400	IN	NSEC	lat. NS DS RRSIG NSEC
+lasalle.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sQIT23t3BtegMZHtvrhdByh7j6UbgwRxsGIjeJCciPUSEkEPlBDEIKbkMWhVzBH1o2yhHRvaTZ9u1eMpGlj8kEMik1pO+ihrtPjIDugUnK9Prkb2q2aKMlrSrbkWJAt3uy028G9W8F+sVEg9JUh1z6GlgC16iqJ3ftn4y3FiDT+rOHiVWI0D9Ohq5Ty+y7ljFUYf0XtDR2IBwES3EoMCGH+/rKelVi/jSuBSuqKZVeRBBP3Gx98ksjWCo70POBsZIKbcvu8+Iss3sFis1P0SX8etIU/D3RBp2cpnEPr/lsww4yF5iD6rvjUDySEpiyU9lm/ArtP3uuCbMCsCfcf9pw==
+a0.nic.lasalle.		172800	IN	A	65.22.148.1
+a0.nic.lasalle.		172800	IN	AAAA	2a01:8840:92:0:0:0:0:1
+a2.nic.lasalle.		172800	IN	A	65.22.151.1
+a2.nic.lasalle.		172800	IN	AAAA	2a01:8840:95:0:0:0:0:1
+b0.nic.lasalle.		172800	IN	A	65.22.149.1
+b0.nic.lasalle.		172800	IN	AAAA	2a01:8840:93:0:0:0:0:1
+c0.nic.lasalle.		172800	IN	A	65.22.150.1
+c0.nic.lasalle.		172800	IN	AAAA	2a01:8840:94:0:0:0:0:1
+lat.			172800	IN	NS	a.nic.lat.
+lat.			172800	IN	NS	b.nic.lat.
+lat.			172800	IN	NS	c.nic.lat.
+lat.			172800	IN	NS	d.nic.lat.
+lat.			86400	IN	DS	961 8 2 D87E3EE5BABAA5DBF51C4AF462D2670BE2B702A2972903AE27BEE9BA64413973
+lat.			86400	IN	DS	42520 8 2 FAE20127B971E74D949E113CD4D738F82D6D53C5091B76CDA93A5877554DF1F4
+lat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Z7I0Dz04VnqEy36EdOyNUOEv3gOMdDv+iZqY4ZSSz60yeZhtaUEiKK6gDV/2wHvselkhufEA/63/2NIj+VraYiGk3XdJlRmgu6KYVN/jHhJfxoQy8HB0WPd2Pz4ln3lqChE9cMosnLu98+RRzb6AmEghTTV5KFNNRoPpA+D9bcgJKF0aZht0BDkWOxaMPM32TGjtpWAvKOP4ceEVMF+TwgH/smqxcpq9m0mvEeusf8J1UcQwO2jckOuaZg7mb2nuArBaIPXmBPauLOZfDH+eXJAHf6sOHkYe0wzeVnaXTLczQGXjfcrir2iek4UIaeoZ4LlVXAdcV1ht4sq5dmx4yw==
+lat.			86400	IN	NSEC	latino. NS DS RRSIG NSEC
+lat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OZ3l4kuggmmkk28olgBpCIuXxoR0GZPnmFvdNI0QQTSGKEF0Jvs+BcN8mw00kXLGamClExJOYSOPLlgk9tRtu1u0GaxnRsNz28ARafnHxTWI+WEvjoNMlZ9JTiyGqjqjA8tanwguT0H4Zhg3BgPFTDbIlHKbRNLZoA3tIa+5neKTdZmcRINoHwx2HuL79x0/qhwRkVS8qD6mcv5Gx/s8o1oeDw86PZZDSLHTcRBND0Mu3mVUn8OWnAC+ag94h7YdpbSwVeVOGuH8nrXR9zuDO1J1C5VVBQ82CO7sM9kKto1CQyLJ8CqowddQxU7q2JJE2wD8yInoe05LR+Jqq73bHw==
+a.nic.lat.		172800	IN	A	194.169.218.156
+a.nic.lat.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:156
+b.nic.lat.		172800	IN	A	185.24.64.156
+b.nic.lat.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:156
+c.nic.lat.		172800	IN	A	212.18.248.156
+c.nic.lat.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:156
+d.nic.lat.		172800	IN	A	212.18.249.156
+d.nic.lat.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:156
+latino.			172800	IN	NS	a0.nic.latino.
+latino.			172800	IN	NS	a2.nic.latino.
+latino.			172800	IN	NS	b0.nic.latino.
+latino.			172800	IN	NS	c0.nic.latino.
+latino.			86400	IN	DS	28831 8 2 38D9082C093D8C2E653B0C2BFA3EAA463FC401FE31ED28C62B0A2B506BCF9D24
+latino.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JTRe02V1mMN1dUm/Fb4xMrHoRPq4CQ2zggnxxt+Fj8K3XnJAFuWkDUNRiksEZcuDXTzBduEV94l1JmRzLg0xvGTXryeTsfp1p4zkAorbZjIOXpytnBTY5Hj/iA5tNVr7qHjGda0jZ5cI6umf9ZCouQeq3JG5IxSO0gXAU3AlF+5yiaj6kD2mVBA6iuiAYE0ulwHOlF01VFSqeC41adiJS3RpaohVtjJAL9GIvjIicUk6d26fKVzF4UO97nELsz7suov/1djATn2ndQ0zE/qaZBaCeo3C1dPyi+lug+vmfOfYZO7mUZHI3RbMLAKkPMb+Ex6pbN6olN4d8cRXcMdACA==
+latino.			86400	IN	NSEC	latrobe. NS DS RRSIG NSEC
+latino.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1TjlNYricQ9Pen4zyiuIglbTmm4o2eoLijN3s34Fvzn9daOMSphSUi050NWTsoTxRGaQ/kO4oPaEsBynb+ikujTHS2MzwYDPZ38Vxhp9ktzIIA/RaS6jGnTRPd7WbJ1byZQtDYH6Ak6ZAMm9ZOQW8qsoF0EtjvV9F6z/YfBwf20dTxTFaDTK+b/b6R/Jwh99UyAAxBtX+kWDgKNemusyhM3sZ2B7zXFX8mcfyvTMK6kl+56aoXeNYmfZ4NcdTzQaoq/G5NX1ybLHGLKFUCy3Sm3V2XjrMDNYwNU0Mqb0OOeqwwLthKP9Evyfx7ybxqz1B68HZvIaU5r8FKal7+rGLQ==
+a0.nic.latino.		172800	IN	A	65.22.92.17
+a0.nic.latino.		172800	IN	AAAA	2a01:8840:5a:0:0:0:0:17
+a2.nic.latino.		172800	IN	A	65.22.95.17
+a2.nic.latino.		172800	IN	AAAA	2a01:8840:5d:0:0:0:0:17
+b0.nic.latino.		172800	IN	A	65.22.93.17
+b0.nic.latino.		172800	IN	AAAA	2a01:8840:5b:0:0:0:0:17
+c0.nic.latino.		172800	IN	A	65.22.94.17
+c0.nic.latino.		172800	IN	AAAA	2a01:8840:5c:0:0:0:0:17
+latrobe.		172800	IN	NS	a.nic.latrobe.
+latrobe.		172800	IN	NS	b.nic.latrobe.
+latrobe.		172800	IN	NS	c.nic.latrobe.
+latrobe.		172800	IN	NS	x.nic.latrobe.
+latrobe.		172800	IN	NS	y.nic.latrobe.
+latrobe.		172800	IN	NS	z.nic.latrobe.
+latrobe.		86400	IN	DS	18520 8 2 80AD6C51ACEB853C834A7170B91F67C61A23751918E2FF96DAFA047F7FB7D57B
+latrobe.		86400	IN	DS	63574 8 2 E4568946895709133C39F850F8FA9A768B97993838EF69E35F2E3619F78AD08C
+latrobe.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dy0fhaFhyClZ/QbmfxxrSxiwaK4zseKbxi1hugwmJs2gda+QWNelANvfvZn8T0UZEzw/NP+0JMQF7b7OSnbVaYzZJl3aWhtcGReeVUrDUNrHpS8j2StmCBt+H84GDJFoUulzzcpgMjoXTfsFyg9Pi3I/xRBgdlrjZuGbWdWkgt10X86fLQ76dyDU/u5XncVZPjyb+rvoQ6AV/MszWzw3s1EAWJTddegwuOENEVjUgIi8CtV43HRrU7q7KTNCVngKDLl+7A2mugNQbefChjphO3j1fSTTDYdSgIhdvkL1hAyHhBcFysgrBkZgNvlOTMJQ02ksBXpU0ab1bIcp00oDuA==
+latrobe.		86400	IN	NSEC	law. NS DS RRSIG NSEC
+latrobe.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DrkrD3Mr5Ioba5OQyC7mrHv9tG3TDe1DIuzkWzMm/heyueDCSRsL7nQDraHxY+gcZRtE9EN2ZLXCEmEwpa6NrA1oB29oSMvq6ynL+fXDaucsbq1Fhs/kaCnVOpmlCO3BEH0U0Rabw7ofK/PNey1MUjLeJxNOv/I9Elep34l7F10YKHjWWYhpabc3P7raVAWXeyhdlzII1fQkD/5gNuTXWWZVZoK+rcawAVG1gmEzg6DxbgbG+c+AU9M7Eq9lLih48bX3h+yV1bpL04StRCJ/msaY2+X3G757AukPsrPcfwTct2BqPFFJpKpas3q2KWzp++8CPb5MdzvNJsIx1yVsVg==
+a.nic.latrobe.		172800	IN	A	37.209.192.9
+a.nic.latrobe.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.latrobe.		172800	IN	A	37.209.194.9
+b.nic.latrobe.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.latrobe.		172800	IN	A	37.209.196.9
+c.nic.latrobe.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.latrobe.		172800	IN	A	156.154.172.82
+x.nic.latrobe.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.latrobe.		172800	IN	A	156.154.173.82
+y.nic.latrobe.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.latrobe.		172800	IN	A	156.154.174.82
+z.nic.latrobe.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+law.			172800	IN	NS	a.nic.law.
+law.			172800	IN	NS	b.nic.law.
+law.			172800	IN	NS	c.nic.law.
+law.			172800	IN	NS	x.nic.law.
+law.			172800	IN	NS	y.nic.law.
+law.			172800	IN	NS	z.nic.law.
+law.			86400	IN	DS	16534 8 2 AE36939D5F3629784F63C7CC2E5F7643EFD9EF7533A5049420BD067F4EEAB51C
+law.			86400	IN	DS	42496 8 2 F6DAAB5F4FC2A7D48C9E97623C3F0D478586FA882732BA0F86C31B291AD2F3F6
+law.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . puOAgoIETuEdw7eL8cNIjKUFlIROhKajsWTPor/Gp+Azyzm1jgTzM06AbzjyGDlbK8Klg+QAW0bkhWh1tTf8tAXxHzcwyUVMjt78QxoTrR2siyCcl9RZVuSmnWFLayP02qT0T+v1LeFNbYl+JV6w7O0k/fKhJzkAqa9HptvGZ1D8sWpWoi0Fn0xD+4JgXx5QpJyny99MHKUJXugV9KmATUhlPz2bTX4QEk8gUJ+IZ1FjR+elOMBMU1xPTt5Nnxb63cjDLS0hBQv4s3r07sygIbath+fsKjjmi621zRyk3AAanDPcIHIIWruVjNgrXMWLMnbCtV9OXItR047GnySblA==
+law.			86400	IN	NSEC	lawyer. NS DS RRSIG NSEC
+law.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g6WnUwuTIwblDCBQI+qR/ZCFqtlxfscslkIbUXziSS3ld/oNLY9m5tv7Xf0xio4JS3OkPYDpzLDyXMJ0LCFEi8ed2B3qkoZD7vSDXsrhB0njc2GpF7ef+ZEM+fhiHnlZ5Ni/wHyb1cJPx4mAxPsll6oVSHUwn81qsJMHwiKOCMQcqNNpghou00noF++cUBHVhYft3dn7KoLihGSAIViHhwJ9prb9readBtcIQA/hfiHmjpfaw1RG8jRRpmGUgkUaCE2z0Xv9sSQtz3FQ4tgs1H7JuiJ3oFp/qhDTbfn7tOp+z/gOQlz+/vsnRD0PeZrffsZ31PZ4D7MRwX9G2J/83g==
+a.nic.law.		172800	IN	A	37.209.192.10
+a.nic.law.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.law.		172800	IN	A	37.209.194.10
+b.nic.law.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.law.		172800	IN	A	37.209.196.10
+c.nic.law.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.law.		172800	IN	A	156.154.172.82
+x.nic.law.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.law.		172800	IN	A	156.154.173.82
+y.nic.law.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.law.		172800	IN	A	156.154.174.82
+z.nic.law.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+lawyer.			172800	IN	NS	v0n0.nic.lawyer.
+lawyer.			172800	IN	NS	v0n1.nic.lawyer.
+lawyer.			172800	IN	NS	v0n2.nic.lawyer.
+lawyer.			172800	IN	NS	v0n3.nic.lawyer.
+lawyer.			172800	IN	NS	v2n0.nic.lawyer.
+lawyer.			172800	IN	NS	v2n1.nic.lawyer.
+lawyer.			86400	IN	DS	24952 8 2 07F6239A01F7CAB022DB3F5773EA1F03BCF6780E4F87DE8AFD4F93883D19EBF8
+lawyer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xFbepyb7DcBeAaKzatgjNT18yY5VhkhZNiHeCWrq3CCt5k/af2piu0etFLLFT4mQsRI7AYuXGusTevoFU9o6VF0jBhjYzeOOWYV3WJB4JcvkE0obhHjM/Rx39p5EnMyuH+Wthc84HdZ2Q4Le2wqxK0ybfwoPSQs/ceQNSkjboWn/yuTcoUylB+DDrM7EIFmwXUT0VdU45d2Mgg9CTolpJsPXfCys7M/5B27napkT1DFKB7tyOQpbTSSPQe3qxwS5KIPTDznj3FpK9K/npWpTqnXsF/2hu5UYeif2DvIVcgiMYa7ISldB2CHbe82hQSaObPewo5RG5i1Q/U6OTiFFRQ==
+lawyer.			86400	IN	NSEC	lb. NS DS RRSIG NSEC
+lawyer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aEZbmxfyXODlNsmE3JBsy6aj5wdd557/qr9lr0BqsaizKMwI3BeCLy94UjKgA9GFXsHpYR4PkcJZo7e/w7FHFGWMLB0DpAAtqeEbLO58f3ypmUkJYJX/XsEDdLbnwPE+48LobHioMNeOKZMMJDLbvVtaM0t9Wilx3ONQj4SFfKqNbcc7yU/VQXe4dhxgmitaI9wOMXN9tKhtmVTYH6sSDEm96r31AhJC6oxL23bZ6IJsIxcLn5WNmjOYPz5W45KDViqOrVuVX5bqRGlmNvDu5TtB5x6sXQLFUG/RCo9PRzXx+U1ZpL1FbslOnevUuCnd7OWHOkPYVs3J7fTLDPSLzA==
+v0n0.nic.lawyer.	172800	IN	A	65.22.24.14
+v0n0.nic.lawyer.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:14
+v0n1.nic.lawyer.	172800	IN	A	65.22.25.14
+v0n1.nic.lawyer.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:14
+v0n2.nic.lawyer.	172800	IN	A	65.22.26.14
+v0n2.nic.lawyer.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:14
+v0n3.nic.lawyer.	172800	IN	A	161.232.12.14
+v0n3.nic.lawyer.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:14
+v2n0.nic.lawyer.	172800	IN	A	65.22.27.14
+v2n0.nic.lawyer.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:14
+v2n1.nic.lawyer.	172800	IN	A	161.232.13.14
+v2n1.nic.lawyer.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:14
+lb.			172800	IN	NS	nn.uninett.no.
+lb.			172800	IN	NS	ns3.seacomnet.com.
+lb.			172800	IN	NS	ns4.seacomnet.com.
+lb.			172800	IN	NS	rip.psg.com.
+lb.			172800	IN	NS	fork.sth.dnsnode.net.
+lb.			172800	IN	NS	nabil.beirutix.net.
+lb.			172800	IN	NS	ns-jp.lbdr.org.lb.
+lb.			86400	IN	DS	3842 8 2 C838938C2127E3E10E15F92106EC565EF273B2EF7E3AEEBE5A2162862FD3B469
+lb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . b4FGmj4yrKOLqT2VY6SRy0B9kqlxy/t+P7AvOlUS0A+3NOhhz4RyCffTzUGfb20uIpQFPZwUJ55LzDvcFLQf/bJ/oNXR4tYtWAuT3aZaYpbS6nFBl5jtJupOmjcGHD2JR6uhvXt8bCXKS1zrg9alLZJkMuso4bXZ4zxL2fsk9N4qyAtEi+l5Cz9PeOPQ90nRtlDjaLgqcPdHqvcpQL/4bvp/d3audZODhsBq+0sHM1B+nHPavs657IZCzrIXYXgH9uOQdH8HIX8EajHB6AvfXCcoqqiYC315bPrYMU+WmGVZ8JRNjWkERyUew3BKruwVyP1kNI4+DTc60arGs34qrA==
+lb.			86400	IN	NSEC	lc. NS DS RRSIG NSEC
+lb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hnc1IXBkENAdITOOE0Bl3QAfoZwnNk0zw0YFV4T/CFq8NOZSy2z0rdLFeHeUrG2wS21709XYjrVWzdWRtJicFAXhZOgxTInB10KkvXbI4atVjLwOdAJO94KH1xLe1yuGmTYC5xEcidLEmPqVU0xS5/haTWJa7uvounYQToacTkx1e1OfIsxFrbgTJ4IMcfXPfRp6sb0x0J18l+mJCRbhUV3oOruNIXob8fQ3EwgRMKAO4I+mhotLEME1XtAVv0doOMxHN2hSdpoZES4EWyqQckQNWvUPu9POggLG+FE3xmxinco86YPmvjqwNvlQSIsaCuyQ1uKIqMcGcZfPAHxIgQ==
+ns-jp.lbdr.org.lb.	172800	IN	A	203.178.141.64
+ns-jp.lbdr.org.lb.	172800	IN	AAAA	2001:200:0:2:0:0:53:1
+lc.			172800	IN	NS	a0.cctld.afilias-nst.info.
+lc.			172800	IN	NS	a2.cctld.afilias-nst.info.
+lc.			172800	IN	NS	b0.cctld.afilias-nst.org.
+lc.			172800	IN	NS	b2.cctld.afilias-nst.org.
+lc.			172800	IN	NS	c0.cctld.afilias-nst.info.
+lc.			172800	IN	NS	d0.cctld.afilias-nst.org.
+lc.			86400	IN	DS	28069 8 2 A729B4E0D245D3CC81FC71893943DF13F55C26D8415AA042C5ADFF42C76D25DE
+lc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YoRaBpAK2a19WI18o/7iwiKMLEAo3oRazkTreLihB3UlEFRj8LYYqdF8XTzTw39FsvWoDC5LXgwpBwrq9Z4K1X38wlI4m75uVpSK7+DdTQgc+w1CuoulfGJiEKUqQvG1wiJMSqhYwgI2TmjWXR7TwD86gEByVPB3kxlhmXbhu+RISLtulSNpwyIPz9TCNtbRjQvbx1QHE/QoAn8zKKKsSFklq4/Hgh1H/C+om67br+QSI+I5LuwS7uXdzIk/LIZDA7654Ag4h9TsgwHdcL4VuJcxzDLwePm7hsFAXD8pMPtOawpIrJ7E0nNgC2msS/9IUJX6PnVFX6v2aw9kn44Z7w==
+lc.			86400	IN	NSEC	lds. NS DS RRSIG NSEC
+lc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b4i9UWC/2E7Nrd03HufjWzp6bJ+YqCW72R/XlAP+vRVxd63/gnB3UMFpn2SYB3WaNcUKPuwh09MDpkMNXPwV5u/N79u5a/Go7U5LgU1cBPbgMQXflVYyj9O4ZpoG+rG23jyaQRaJbtKJppwUfSta6IxzOR1zCn57hBkAJis1zLHutj6y9sa+M+/X0a7ZwXFcz5IkJRWY/8a4baJ/EQWj9iqFBjBa9v9qMdbF73fP75q0YQGWOqZNwMtoZOfQHxHwzGxm69lVcmza/xnbVOHrcCabs+3v7mKlkXWYBJdbADjYpOkHyWbrwexrORjNFnIVo7xsn4SkjZ8cMlIT4kBaQg==
+lds.			172800	IN	NS	a0.nic.lds.
+lds.			172800	IN	NS	a2.nic.lds.
+lds.			172800	IN	NS	b0.nic.lds.
+lds.			172800	IN	NS	c0.nic.lds.
+lds.			86400	IN	DS	36055 8 2 CD5AC0CB52D71DC6D369CC4CCA8AAD970690BCF3BC33F2202890668E47D34A5A
+lds.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xrmA6XGzLHGWaRKrJ439mhWk7g57IrgLBH8SL5mcC6WyEPdwCMzStBXNFSz2Gl8jwfYAvVoKq2JvFyZXtCDb5frP9WxHWQxk3jxWlWY+yMvR9k9jYWVmzqDma/Owene9tuyyATqXCQM2vK17xwHxF9hacVusjVK5mizkTNg7l/s1kdDaqnRe0jDNksjdVN3KRXBThFnaB5bU0Q+Rg62cuZelVShLlzHEKIy0635s0psdqvsOfwoS3bXjuKMjbO7l5WgDikdD99r9xWwHpaYNsz5iSvLcq2ANc/tE7QnmafOsLbgyYG0UiCxQZ54D0w823r4quW00yBO04yLDZHdC6g==
+lds.			86400	IN	NSEC	lease. NS DS RRSIG NSEC
+lds.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eUOYc9gYdRS8dWFCHiF44KCz9y0irl16SUOc38LdEeVWb8gwUY1F/B4gTTS8f+QSdJv+O5VK8C01xfNwDjsyjL98KHSrxghagBILpSU0aW23DdIjpWDcUOc3Sd4wj8h5XYJc9EHtQGNZq3hBeIZPC9S6PYPh3lebgzDi7a2HJF2NoWacDDzalzfJmM+ooBpHTVQ/Thb2rMbnXL9I8x3nZasetoKqhz17s6Z81mO/5Vpt0BIY00yhOLOFqbnAkPm9g+B8jlkBzmoPZvXskn4uPs6M+ChctIi77Nks1C2OLtBwTtLFD81HoFmmLm8jX9Ayy19T1b9nKMX27PyIdO8EhQ==
+a0.nic.lds.		172800	IN	A	65.22.152.9
+a0.nic.lds.		172800	IN	AAAA	2a01:8840:96:0:0:0:0:9
+a2.nic.lds.		172800	IN	A	65.22.155.9
+a2.nic.lds.		172800	IN	AAAA	2a01:8840:99:0:0:0:0:9
+b0.nic.lds.		172800	IN	A	65.22.153.9
+b0.nic.lds.		172800	IN	AAAA	2a01:8840:97:0:0:0:0:9
+c0.nic.lds.		172800	IN	A	65.22.154.9
+c0.nic.lds.		172800	IN	AAAA	2a01:8840:98:0:0:0:0:9
+lease.			172800	IN	NS	v0n0.nic.lease.
+lease.			172800	IN	NS	v0n1.nic.lease.
+lease.			172800	IN	NS	v0n2.nic.lease.
+lease.			172800	IN	NS	v0n3.nic.lease.
+lease.			172800	IN	NS	v2n0.nic.lease.
+lease.			172800	IN	NS	v2n1.nic.lease.
+lease.			86400	IN	DS	49669 8 2 1C84BA6CC51944ECEBD6A197DE418AF987C88A6EE0BDAC2D1120B47E1DA6BC9B
+lease.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MkcrjlHBIr7tNjhEuLE0YIOw9EYJkVPMqxWVowMuq9bKXUs3ib8KxiFwnsZmLpdhhhQLCzY7Ed+7GMkGnsiLSKWT3/d/xxQvV3gf1rNsBHBtAlEHD6cYjIFyO6dQka3PlpxGZSlVKy9X19pt4RhIQ2mIOEwyD5wLzwQpJwqAZMdyslUqqC8Gqirvw5ey/FCLVgto06VSjDifonWV2733og7FyyCPNY/3JUw++bPx+K8g1PnZTDjQQSWjfGzZzjdT2wYp0ke240XuMR4dZZJhC7od3snLe36/uVFZnKtOH6U3TbOwGCbOOMmHPxrOXghYFH3dFA2ZfzWhrCzJwuu/jw==
+lease.			86400	IN	NSEC	leclerc. NS DS RRSIG NSEC
+lease.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SDu9sVuv7a69KaNuiU4/lUrxnPRdCicUXqPLAzjvSfOvakYiV/MGYPLXc4ZrHP60wJxiZOISVlJxwa7Z0EenBK9RmD/Fgs+Zn+aWmo7I8q5UPKEDE67UxJLSH5quqSlB2TlZkhwO43NShEAwIaNlwV1uokpxQgxtDiM9AjvV+nWfpeZh9r0FXSrpvD8UsxxBKkHpXnl6zPT1ga89+0o9a4GknUboOza7Veis2PdiBYg7lHpf1YZcNr+2IsunrhVBTQnObJfqZYEq0lk0QCaw3+zVdtU+1cEyDW/7GATHhhotjMLxAxrPz60W5d+xMprUFk4r1gdSi0s2nc4kMa21/Q==
+v0n0.nic.lease.		172800	IN	A	65.22.24.62
+v0n0.nic.lease.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:62
+v0n1.nic.lease.		172800	IN	A	65.22.25.62
+v0n1.nic.lease.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:62
+v0n2.nic.lease.		172800	IN	A	65.22.26.62
+v0n2.nic.lease.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:62
+v0n3.nic.lease.		172800	IN	A	161.232.12.62
+v0n3.nic.lease.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:62
+v2n0.nic.lease.		172800	IN	A	65.22.27.62
+v2n0.nic.lease.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:62
+v2n1.nic.lease.		172800	IN	A	161.232.13.62
+v2n1.nic.lease.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:62
+leclerc.		172800	IN	NS	d.nic.fr.
+leclerc.		172800	IN	NS	f.ext.nic.fr.
+leclerc.		172800	IN	NS	g.ext.nic.fr.
+leclerc.		86400	IN	DS	60287 13 2 D64818B1CD557C6040E2F188D15748AFB29AC5FAC90E8403BD391776D34A9696
+leclerc.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pvAg68XQdCa0/pOyLEDL8Xjeq3YPIPSkDtzM23B5VLp1kHdIFPubqXG10RJAXriS8J5ur3jbbVcqjOMJ63sJsmE9H1PFX9JpRtH/saj6rtF08uEe5ll3yrPj1KFz1WtJBIockxrF/NGm6K2Pnrkmn14CX+v/NErhOnwdVbddK6U016tszBGPcd3yBClZoO8VyDY4NJe3/BNY0dGdROxfqtWRdiPK5haH5TD3Y8bRQwT3iDEehtC+923SPPOrZ1ZkUfqH5fsR0RsFLCnSPeI7iTGSCiWVo9N/NwFBDhMJgQ/5RvE0Oqc6COIdE3r3cKDiU/Kk0kShL8rokifMdbA2dQ==
+leclerc.		86400	IN	NSEC	lefrak. NS DS RRSIG NSEC
+leclerc.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m1SBsmTTlRR7893OJbtYa0QTzcJgZkurrux1XD1MaQoeU0g84TaeZPHj0hMBAsUMa/R1knzkVOo7/JNrFNKUwHLKelgh6kuuru2u/p4v4i1nvLoExbFSr8SYxX9nzL4RkeH2mtSoYpbuyDWpM7TtW+wZpef9MYi8ItkTYYGTTrf4hKf9Slgu9BCkxHy/itnf6ClpNcDgiNX54iNkV2np+jiEI8fwz+B4bhuJHmsk9639lF4LqtYIrXfZ9TD8W1m6suUo84/ZJxtZqqBQSyz0MIG0A8i8yCLpyPCe0ZFr2CBjhAe3IGPxtQ67/CZostZyF3CK5dSDxonsqVyJsGoApQ==
+lefrak.			172800	IN	NS	a0.nic.lefrak.
+lefrak.			172800	IN	NS	a2.nic.lefrak.
+lefrak.			172800	IN	NS	b0.nic.lefrak.
+lefrak.			172800	IN	NS	c0.nic.lefrak.
+lefrak.			86400	IN	DS	13552 8 2 DFE80636FC126C19C1AF2FF130E361CB22B4F33D97A48CA25FE7C81EE351796E
+lefrak.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . noRHdBFPa/xSb1+2b5vll28R30s3JiUQ6n9iOkHUn3QCszQLnYSOrxCJo5vyj++nuKDYkHhnpywOBdzFLXdgx5ktgItifERrDQKSN+SJcMeKYvxZq8/SsVci4/IToKlt6vvf923+I2gSL87cRQn3yo9yOdAgzKP6avxEYJFY4KOFY8biUQKkhgtwdetfHORFEBLL9v80j1zxE0/t4SXUHJagmY9WYiOFaGm6Zo1uLuJX6wY4mjXIErMgW2uBfpjCM5gLr0RPGuggoCvo9pUFKPVSZpguxlFA7Tyb+9Q7ytAoi7PNYd473t2tFZjCCbCpzCvhx0y3umwgygH4J+cbFQ==
+lefrak.			86400	IN	NSEC	legal. NS DS RRSIG NSEC
+lefrak.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vN0TYKVr3bMA4O3isu1lfCM62g0AxGEMOC+cy75PqZLjSNUdchTZvLqIuBx2lp/VZAAL/NAuVjYHBq49CRQKMXuGs95YHgG4sc09JrIFYMx36CpNRCwHyKPRQu/uq9qckre5iKohhNPMtct8DRf4RVxl82qQL0WfnEDIH0EEgJ6VcMzzC9EoubRt463KCc52WJE0I8nLcgrJPFvW1Pq86dNtSEncjus7oi+nwq7ZqDDohr4B117I6meXkrR+ZcuLu+z4nPW3wPgxAj9yT0qSX5JDykOqg2nGhn5cHC0uqChucIAkcMTH08jO4EOXFD6etsJ4v3Bhs41BeByeSl/ySw==
+a0.nic.lefrak.		172800	IN	A	65.22.112.58
+a0.nic.lefrak.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:58
+a2.nic.lefrak.		172800	IN	A	65.22.115.58
+a2.nic.lefrak.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:58
+b0.nic.lefrak.		172800	IN	A	65.22.113.58
+b0.nic.lefrak.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:58
+c0.nic.lefrak.		172800	IN	A	65.22.114.58
+c0.nic.lefrak.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:58
+legal.			172800	IN	NS	v0n0.nic.legal.
+legal.			172800	IN	NS	v0n1.nic.legal.
+legal.			172800	IN	NS	v0n2.nic.legal.
+legal.			172800	IN	NS	v0n3.nic.legal.
+legal.			172800	IN	NS	v2n0.nic.legal.
+legal.			172800	IN	NS	v2n1.nic.legal.
+legal.			86400	IN	DS	11869 8 2 C56D8A0808A1BA707334DAFE4D97506BF25DE7CE21885DD86C98C012E164F113
+legal.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1ip2UxaVTSyHs4j+lOQQOP0DomCwxKT4X0DLo8dBa00UghSublcRVH8o/OuA0CtnUjipPhHIsorIRjTOUmK6EXbuvni/IeAm7ECGTy85juinwB0NPfEl9W6iG/tHY+lJlObuFreSCeZ7Bg2boJUBSpF7TsKma6x+iffHyQQa6re+uB4+Qafrc04Ng9wyFNCzkmoSrPar8DsPK2HC6kfbM5byuto5qDTG6NE8I7aqnaf5V/RekHQpI58n68hzHswriBYZfkfAi/dSyJ84RXgwouJFI5Hvgt9ClFFOkRs6JfJcM7zmbE3xnxE8QQkzSnumapA1AZVBcRTeLovTFGriDg==
+legal.			86400	IN	NSEC	lego. NS DS RRSIG NSEC
+legal.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GyWiL1wQ1zjvV3I9liCs8GDqEc70SO2p0PBrh+JB4LIxdLW0a0PXHhAO24OEyW9oKB4tpiWvE10hj93nkj0DUfS6xJhsaxAm7AKv0qj1jEW5nJRhsuqgTp+99BLlue7+xu59SBB6T02qh9PIBYZjPWEoRmJ5VoHCdgJmerMwS6v/oQO1GrtRSf4VzZY0ktFVPYH+0qQTkM0WqxTB/Co+COmKUAsg1B8Cf5AKFxFwXaNcR/KWYK8O2QJSP31PxcBXDjpDsSzDJxvW3naBKkNleUoY0VmVh/9KDdQg6WMHeplO6W1z8StyfFLCKERxBtOSV+EsSqNvLUzn5i8sD41B4A==
+v0n0.nic.legal.		172800	IN	A	65.22.20.12
+v0n0.nic.legal.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:12
+v0n1.nic.legal.		172800	IN	A	65.22.21.12
+v0n1.nic.legal.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:12
+v0n2.nic.legal.		172800	IN	A	65.22.22.12
+v0n2.nic.legal.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:12
+v0n3.nic.legal.		172800	IN	A	161.232.10.12
+v0n3.nic.legal.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:12
+v2n0.nic.legal.		172800	IN	A	65.22.23.12
+v2n0.nic.legal.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:12
+v2n1.nic.legal.		172800	IN	A	161.232.11.12
+v2n1.nic.legal.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:12
+lego.			172800	IN	NS	ac1.nstld.com.
+lego.			172800	IN	NS	ac2.nstld.com.
+lego.			172800	IN	NS	ac3.nstld.com.
+lego.			172800	IN	NS	ac4.nstld.com.
+lego.			86400	IN	DS	28536 8 2 FDCDBD92D8A27F3A19BA30EF37E04FF21188973EE8648975E5B9A77DB48478D6
+lego.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mOD/oZtXuljtsRcwuEboFLfGsIhuF43PUWFRzngveSrkLALGiWMyU+niXqijgLOdPjCRIPBrrPO5hJ9WkZGfRkCH2+wGc0Q9NSU/7alFiOEXqx8/NcxldEAzqU624V2kygrjQTO3IL7PRBSAzaK52XHRqm0MqEV1fOH1j0AB4gqJj7P9QKov1GNbO4JIpy4fXUqQQP1u4wREiVPbQwh7FxtQEtOTEmmTQEhWgT3VYsuC1eB5tgpvrqiDUsCJQVO3mW5oscoz/fa7cU24JAp9jb1uk49y3+ALRpiG1TFUFp1jNtRuPvf917CmLIRCJaz/Mv+pu1+ieJxXo+rupqxjQg==
+lego.			86400	IN	NSEC	lexus. NS DS RRSIG NSEC
+lego.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NMgkdxP3SAFDOxaHU0HkC3ubH/f/ipdkwdH8AJBgqlK/hyI8POD/S0S1RSW3p8cPmX6Fr0Y3jSDO1bW/zuDIKe5iqn1/IpYRcMvxVfkpUeBwHM0tX2UNvHJzu3YnMLj+AA9kdawGx4Ld9QdBwoYfNqQsJ9QA0z9Uw+ll4AUppxWNmqJQag6iM8K4C/Op1XVUvrhPowsaaYFpaVdjgXyA2cyKesn5pyOTXd5eMq95HdAttHpkQRYofuFp5Hp312/D+tVg/IBiOaHJGrl3Ef6PZPvQttKdVZ8jTVkpizb94DNxB9baWEkQtyyHTZI0L1puS8c5JUnOyOp87dx099LfsQ==
+lexus.			172800	IN	NS	a.gmoregistry.net.
+lexus.			172800	IN	NS	b.gmoregistry.net.
+lexus.			172800	IN	NS	k.gmoregistry.net.
+lexus.			172800	IN	NS	l.gmoregistry.net.
+lexus.			86400	IN	DS	59681 8 2 5E836746A8E2E867C1EB27292293F5AF3E849C0B5F2462C86FFA9EE85668348D
+lexus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZoMUuVEduIyhKUVLJVwOpnsmwHvMqPc5vjq0kdywxnjqBuWG1eDvbgFPUGLr6QmdH5E9oMz32IZ5/hNnDwFIqIDnHcvJ33105uWfXLF7TfZ+f1raIgGAz1xZnMdxrlvrirkktzFgsIF1EODDOLKSXnAehxOaTZaGxPXmpzn2s9XfBS3l6bAiG2D6doeZ3T6zipmYcw9qwOSdrhjE3uNotxw2Lye/bMG0h5Q1DLA3C2BoAVURE8CLFt4FUl2AqK8+TcEelNRgakskSk9DfOceLJgE6ew1/Dnk095sXm4Yb2ITqu33+q1E2deOL+1ZKIhcDq0XFyD1NZXYZ5nNR//WkA==
+lexus.			86400	IN	NSEC	lgbt. NS DS RRSIG NSEC
+lexus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0ahsGQ0Y3pFyBu6UJIuDgu4M3+i/ggsNUUyToarD8beIYi290Im33qk6JdF+SxFFZI75GX417dfHVQwpHIq1fAE5sCJdVPwtgGv/XmGKL4Ye+Ly02t38EvDiCHnF5dHdbpgnMBpojvQCvNAi9G+Ucx/z9ugINkuXY5B3u27lFfQgz3oVpv8xBhfwRshSCLqIuzwOdJEGPW5OVuAg+xuet2dQn4YqbotK+yt57uCU2gref8TCb1zb9ThWh/fBVhhGYPwZTFxX6qfzcIKPZ6pbc5p0evimh/Hr/wp9tFQXhmh5C8fNeVyyFfNgjNGHnrD7Ff0Oyu4hJsb7K7uEzWUFqA==
+lgbt.			172800	IN	NS	a0.nic.lgbt.
+lgbt.			172800	IN	NS	a2.nic.lgbt.
+lgbt.			172800	IN	NS	b0.nic.lgbt.
+lgbt.			172800	IN	NS	c0.nic.lgbt.
+lgbt.			86400	IN	DS	16912 8 2 58FC6791DAA780F1B589FB72CE7F1E43F39DCD185DF0E57AE60178E81FA174B6
+lgbt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sUBcUOt74HodV2xIqwPHkmKqxTzYzovXzN+ik/0sODlxGgJ5YFjkbsXtP8whcVApelSGCs1rbfIyAxY9plJzAMepa0h5XAxYATPZUxUgIy/lfyepTSKX3gww095OZJ62F2jyjZHPbPq/N8fMO8g7Nj0KE3QRVdbi5Nf7VrOiMZ2uPFKcmrwP8BlFPxUHGbMOGGdlPGeUiWbVLjqINGhQF/iQUz4ucyI8UEW8h2S+W7CFBkeNvcn6tqKLiVLwwZM3ZE6LMVykJIh7bLDhvhKpfl6Zv6AWdF4Sw2njN6JwdTNVR9M4xbzW6RiQbCWwegrZZx4Lks4hVW3y4S7dFATP7w==
+lgbt.			86400	IN	NSEC	li. NS DS RRSIG NSEC
+lgbt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Vd4m9TzV2iB3wJUvgw69swr7S8y+6K0rYg4utYsXXTxYxguEqKzZBGnBnYnJKrXcVgWbD8lAv5O8TEuAceXosD8tCzbh4t7Qn0wwvVzRzHDWKU3z5b8E9aVg1vNhBeYaRQkZFRlsUlxnuGC04RGeoqmjPALuaOKrVmXlX5H6yiSFn4V4Rz8LcjT1aMOIQ65n4HTFblMQhI4uUWTgtlzkWSLH2xSgliUbaU3kCsn+Sh3gUV0FNUlZBnuj0zrs/LM+hK9ptYcLz92dISST3kR2reVRqHJ0JE+7s8kAO/Ec6OR+MgD2YQ2gCg2H/ooUgJKiXIqGpFUxnqq+WgnkaYpBcA==
+a0.nic.lgbt.		172800	IN	A	65.22.32.1
+a0.nic.lgbt.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:1
+a2.nic.lgbt.		172800	IN	A	65.22.35.1
+a2.nic.lgbt.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:1
+b0.nic.lgbt.		172800	IN	A	65.22.33.1
+b0.nic.lgbt.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:1
+c0.nic.lgbt.		172800	IN	A	65.22.34.1
+c0.nic.lgbt.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:1
+li.			172800	IN	NS	a.nic.li.
+li.			172800	IN	NS	b.nic.li.
+li.			172800	IN	NS	d.nic.li.
+li.			172800	IN	NS	e.nic.li.
+li.			172800	IN	NS	f.nic.li.
+li.			86400	IN	DS	43984 13 2 844E2B8C231F43692D319A33657A9A83C9F22BAF53F276EF23F8405E20A0F1FA
+li.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Phg7E9HC7x2cp9tCVpHZSKTbwWZtbulOTx8KlE+QubuEXh0smNCBoPsZwgvYmWGngBSb9p3PiIPFL++ct5Y9KEjQgJel1FhRKyXM6XbibOo8PDruv1Z5aGLaDo0KeHGcn2WVJxqrtkH/be4rGvuiI5aV9wb7SJrN9xmtta9wMCdOuBiZn0Ut9wYfWvILukRiYK9Ym2NS0ROnC070UnhIlGx67e8rKuzO4YstyhJiYzyb/2v86K+3+n5iAHevursB1NEaYp4mGpRS33HZxcYj8/zF9N9ETnnjwS9GebXQ5Hm9zRARWM7Gn56BULW+FneR7woFslL4v7pCVIr8IudN0w==
+li.			86400	IN	NSEC	lidl. NS DS RRSIG NSEC
+li.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GuSKJajJaFVvM7O7oPONXc7P/XCaMHqDiDQ20wzWXvhln21Ve6/9plc4ho4githOel4dpTl7rpNYZ9uOari76Zep9ihiexyfr9CVyAqRXkP/IKtlj6AR5sfbjijywbyecTbYsYa0fujrd28kpby6HtX0lSE7g+lz6VQxlpdOzD770yE2Xy7brIR6t1PlJCpIMBYUI9mpqxB2JcqSqId9jP5VdcyduwekSKvCNZgVbYaeHGQKqZ6mZc9H5TX7lZM2pHA7V8wvMBBQ+VdIwX2b7is6wFwKMSGEtFdXH0hLMsLl0Ql6e7BisJvs4eg+pzcaATxvdMsvqwC1juorzNrJaw==
+a.nic.li.		172800	IN	A	130.59.31.42
+a.nic.li.		172800	IN	AAAA	2001:620:0:ff:0:0:0:57
+b.nic.li.		172800	IN	A	130.59.31.44
+b.nic.li.		172800	IN	AAAA	2001:620:0:ff:0:0:0:59
+d.nic.li.		172800	IN	A	194.0.25.40
+d.nic.li.		172800	IN	AAAA	2001:678:20:0:0:0:0:40
+e.nic.li.		172800	IN	A	194.0.17.1
+e.nic.li.		172800	IN	AAAA	2001:678:3:0:0:0:0:1
+f.nic.li.		172800	IN	A	194.146.106.14
+f.nic.li.		172800	IN	AAAA	2001:67c:1010:3:0:0:0:53
+lidl.			172800	IN	NS	a.nic.lidl.
+lidl.			172800	IN	NS	b.nic.lidl.
+lidl.			172800	IN	NS	c.nic.lidl.
+lidl.			172800	IN	NS	d.nic.lidl.
+lidl.			86400	IN	DS	25851 13 2 1AA0941E7D1538497268EE853423361989C3B0D9A8F2D3DA4E3F3BA0521E24E9
+lidl.			86400	IN	DS	44022 13 2 031250E5D00E613D5044B944A8F5D9E88FA4F803EAE5F887C1670E0A8BCFFC97
+lidl.			86400	IN	DS	54241 7 2 12602BAA0FE5B77F6070A3E78C6BB5734BC8C415A7A74724D7060D8E23CB7A30
+lidl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WSqAVvmzUuOeoYd91c7+NoYhjDhfasz/YDpt2UaWtX7rPXcnwfaWh5nL3louAnJ1mv9zN5mrMr7h+y18dPtN1kbosPDMmpTpqYrzPFRrSaiCYZGLBrBQzgFqMWTtCkr89Gr3TRItz6HmLPbtdz2zZ6SPW14f6XJAYlqkqVd9u4elYeSE1yllwMtqTW4AK9BGJNDDynWWTBmX2kSxAP+IgK31ySNng37cM5n5GnevSLCUVbwa+dHX+PzRRnnzhZmmcIpcu9DLbv6yShfuIj9ra8V+cHYK9oEqI9LYZDz1mo7hMahLT1ksnBSUm6bysEcoYqoFJxNX/CXRJ44zBRwfOw==
+lidl.			86400	IN	NSEC	life. NS DS RRSIG NSEC
+lidl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . roeNH6w3XrHedP6d7UGCo+q3XFCmu8D8Wsm8B+i2Hohzy84eNJ7s0H8hmune3rbcQykoLZBnNsF8OuTGbCGvszOiJ99fpLbeTU6bzAz+aFJkfE7aawLU/HKnjMbDmk8wPwmd4lgGp2BKMh0GZiXPHFMhHwUJ/IwQqDW2XyNs+Ho+L/NUgwsr/8clMmn93Aew1EW+rK26eVRzzGg3FAlHwvfKlYScaFJokxG2Sm0yLt5DhW+Hj+dfeNN0KIgH8B3h8nqkR9PJlMclOPorIP5LRvB9aouwYoQsTPphYx6gnuXD8jZKSc0g2fQ9fhZd9Irw+pXUu1ByXfcinJV0WW883g==
+a.nic.lidl.		172800	IN	A	194.169.218.91
+a.nic.lidl.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:91
+b.nic.lidl.		172800	IN	A	185.24.64.91
+b.nic.lidl.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:91
+c.nic.lidl.		172800	IN	A	212.18.248.91
+c.nic.lidl.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:91
+d.nic.lidl.		172800	IN	A	212.18.249.91
+d.nic.lidl.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:91
+life.			172800	IN	NS	v0n0.nic.life.
+life.			172800	IN	NS	v0n1.nic.life.
+life.			172800	IN	NS	v0n2.nic.life.
+life.			172800	IN	NS	v0n3.nic.life.
+life.			172800	IN	NS	v2n0.nic.life.
+life.			172800	IN	NS	v2n1.nic.life.
+life.			86400	IN	DS	11164 8 2 AA2DBFF1C2F5E1C3C430E1BFC84208722612A39D3CA8E3974DDC5E0934564328
+life.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EQKlRyusWigRZonUHih7gxjBUTzd9QSEbUkitCsAadMnZFxF0XgkIy8DYh92C5Mho1glMOAI3jHdUAy1KJcSXVXaknD4MlzIWfk4+GBCyQfcIcYH5PlIL42QbHUEXGoMBH7Rm2FaYCybD+AzIQ+sBOopdhE6f5nzKk4ZIgF7LzygnrqSqvCoGTZqxCaB6gcPglAbBOb6rHqUtM6JVDDiMBdQLlHLskowvTehM4iNgdo36DEhzrLcsp+F5GRKaXbugWdBgsXhTj5bhp/MasdwOb1Wdp1KSGwLkHHyQXfPq15FHpNUYNlLSPMv1f4wiXv6DMr/xGoPM7KahYtw8I7adA==
+life.			86400	IN	NSEC	lifeinsurance. NS DS RRSIG NSEC
+life.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0yHqEJTuaRPOsLlx+4V8/w9m/AGc2bTLvLtSWUSrARmtkxWnrdCM0UMXAUvsMxKFLJ+xi3n8JgMYq2bImZ7HXkpV+mkNSF5+bDC9SizcceIPTTVrYcJjkG/N20p7BmhypVMzZJM+uNDKJtS48SDdXfq4BYL10t1XCXl+w0pGzvkRFql7iULEiffunxCeWlvlFHAxM73eHZWrgsdIYiqBbZ9m/2c37TQOWBVSbDy1/vDQ1HgvsEodpB4HBlD7wgjILEosZh1RIhzDWuMw/nTKZI2w31uFEUr63fzLexOUzYTFIrnsRNqj6ybrCcB6HNzinURH+6OcTeUFtbbppD2qSA==
+v0n0.nic.life.		172800	IN	A	65.22.20.35
+v0n0.nic.life.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:35
+v0n1.nic.life.		172800	IN	A	65.22.21.35
+v0n1.nic.life.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:35
+v0n2.nic.life.		172800	IN	A	65.22.22.35
+v0n2.nic.life.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:35
+v0n3.nic.life.		172800	IN	A	161.232.10.35
+v0n3.nic.life.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:35
+v2n0.nic.life.		172800	IN	A	65.22.23.35
+v2n0.nic.life.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:35
+v2n1.nic.life.		172800	IN	A	161.232.11.35
+v2n1.nic.life.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:35
+lifeinsurance.		172800	IN	NS	a.nic.lifeinsurance.
+lifeinsurance.		172800	IN	NS	b.nic.lifeinsurance.
+lifeinsurance.		172800	IN	NS	c.nic.lifeinsurance.
+lifeinsurance.		172800	IN	NS	ns1.dns.nic.lifeinsurance.
+lifeinsurance.		172800	IN	NS	ns2.dns.nic.lifeinsurance.
+lifeinsurance.		172800	IN	NS	ns3.dns.nic.lifeinsurance.
+lifeinsurance.		86400	IN	DS	38941 8 2 E0FB583D29DFE85B4D42CA9B0FC5EB8DACBA63A801AF5B8515921702D2C3FA29
+lifeinsurance.		86400	IN	DS	62002 8 2 478B46D62EB30D95009E07212B7110C1DC20483AFEEF1754831DC17A72112810
+lifeinsurance.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AHXQxY3zxrE61OFHcM5nnOD9hPK/YgprR3e8zOeImj26Ioz+arhaLpLiRGKzSG3N9iyJmGLrxQWxvoW7+RSr6w+rhHq7appE2naAfOqly7biGSiY615KsSn6hUNvP+myAG5cCMCsZBMPFzpVzN+IvP7VPC+EaCuXTf5LJzpcFSUqLd9KichY0DHAjqpmWC1XKpQAKcnQxZud0qDFKAFRM3KNSbDn5U0eSJ+Z2QsMZw3vlpX12Y96j8pimBlqlWxRGdCpEb1mMbtXIh5Yvhvybw3ZfUHqZ2E7U5snouEX2ZRtDrhj3od6L8U31yuHM8lnxFaR9rxesm+mvIsENs2nAg==
+lifeinsurance.		86400	IN	NSEC	lifestyle. NS DS RRSIG NSEC
+lifeinsurance.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uT8KNgJxRPkU5s072pABYoIrxDRfVmSXhuVRBChQbX3U0Zqm7/LIc75zOZuYS+j68a8YwGbfZJVO5irk1EeOl5di1Pi5oRvDNhr1IzX/lHNsnLJ/SBSFRmBgwyrXwUd2w3KST7ojIY2suNkoBh/oFaWUfViz2WbgxKMeNQhy4jGanRK77Q86f2xlpEdPDS3xIboy8KiDPq908e88tXlNvkAGtuggLtU54kzgqsKSbxZvrNeKHnhV/Iwscf3Qd5IsT1V/5i8Pfm6Z7QI0hWr6l9gIHb+r/jCfLIcHiKz3zmEk7FF8xBEUxP0EnZDffmn/wIeNRYKpAZAw1G2P+1q1Ow==
+a.nic.lifeinsurance.	172800	IN	A	37.209.192.9
+a.nic.lifeinsurance.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.lifeinsurance.	172800	IN	A	37.209.194.9
+b.nic.lifeinsurance.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.lifeinsurance.	172800	IN	A	37.209.196.9
+c.nic.lifeinsurance.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.lifeinsurance.	172800	IN	A	156.154.144.102
+ns1.dns.nic.lifeinsurance.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:66
+ns2.dns.nic.lifeinsurance.	172800	IN	A	156.154.145.102
+ns2.dns.nic.lifeinsurance.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:66
+ns3.dns.nic.lifeinsurance.	172800	IN	A	156.154.159.102
+ns3.dns.nic.lifeinsurance.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:66
+lifestyle.		172800	IN	NS	ns01.trs-dns.com.
+lifestyle.		172800	IN	NS	ns01.trs-dns.net.
+lifestyle.		172800	IN	NS	ns01.trs-dns.org.
+lifestyle.		172800	IN	NS	ns01.trs-dns.info.
+lifestyle.		86400	IN	DS	19435 8 2 4FAE9DA930DA43CA7D112ABEEB973FC22DE2A72B39F7570DBD1D7CF825AAE708
+lifestyle.		86400	IN	DS	43470 8 2 BC977BF20BAF75A4593E81D3E773F044543DE7C3DB7C8B0A7059E6F370A5C86C
+lifestyle.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . a9Pe8UaSfH9KgYAFiO8PARuEqrusxVHSebDLhuBuEog9UT512c1ELdrG+U7wB9qwtTIKN6keq/Pis3N/xtlStg93VjCXgUHyl6QS/M2FqoNggHiQ8/c+laqVgrg/jx+KYBb/bZgSHNlu/aAvv7hhJLaVWSvC9rOFu2BX5cnIq+ZcqHi864KqO3k44S1GH9jj40vMovjoM4pH6gWsI70HLyFUXPlJ+pDZ1pFG73SCmxWDDC13Sb9JgvI8Ze8pT8v8kIXVeNKWKClM8NOE8G3t79IPWorjhWea7UFpcgVJ0JndQgI6xyqDcPhQ0AF90TqLeOGsYd/I7yDcIsduo6upcA==
+lifestyle.		86400	IN	NSEC	lighting. NS DS RRSIG NSEC
+lifestyle.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AA8JPrqHjKoAHqKEwz+ICMZbQ9jjC0jgG3S7NfbOGzehGQZBBdUafIB/OSalG370FYO2eCFAxH4fpt+Cd0G1gYLMWxH7PnXGOMXLHDcDfKJj3bPRyMsjPP9N6mzRwxaIPZQLySKMMJazjygNQKSQ1wZd8HpGGRsvf0koVsoTqpO5HK05M5n+h8a2+6QvpWBoD1m9D5tFNTJ9aoeKCeWfOyMqNGPmXGePJaFY/bGL0hy3noEEWNpJvdi/rrTyoJhkxMcPYeNgtI32dJv5KcmrRZ/sbV1yOc8beImZsilMlxtPbvGecmfJH/dVUq09n1fLTG9sv4V4ZYNKkr/xL/snPw==
+lighting.		172800	IN	NS	v0n0.nic.lighting.
+lighting.		172800	IN	NS	v0n1.nic.lighting.
+lighting.		172800	IN	NS	v0n2.nic.lighting.
+lighting.		172800	IN	NS	v0n3.nic.lighting.
+lighting.		172800	IN	NS	v2n0.nic.lighting.
+lighting.		172800	IN	NS	v2n1.nic.lighting.
+lighting.		86400	IN	DS	55696 8 2 8ED67CCF601FCF46FF98B89154D21B8C5EF2D60F34A9A4D6D1968B5869BEEFAD
+lighting.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gG6zvR4fvrf1zK3Z9QfwlQpWmPbyYTAmEPkVh1pchJxYM1xuq3l5L86Qs7CEWsQwmSV/77vCRhwGxSChbYz7oAEM3p42z2ROJTZVRYyceVrSHTgbweKIe/SPkRiboFYqXwnkPIPdO5EIZQNMMRYIpz1lDpTdVugN8cYUpqfHs3Z3z+dU/Bv56nSKym/Oew5tVqrCEZtxrG6Lrunto+fk2bUNs6ckYQ8JUQbLoJG5AXnlHbdpc1Omb7O9MQBi0P/zNgyXjzQHlcEWAFTwsLKoYnPkxKJe627mPMUHjYQNQMxtsVD8mIDTus1S+LFM8yXMdoBV9h4yTs0rKq2Wdm7+nA==
+lighting.		86400	IN	NSEC	like. NS DS RRSIG NSEC
+lighting.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1Jp03CucgcxQMPA4Fxf8kaW6KCO86qjuJ8xojjfigENW+v04GC0ruoeZuvSZWqseIPKXgsafZFI+3Achs5MsOx36oVpPiaBdmczb+ProgclSPu2OwQH1HrbkrnGupJkA66K6LqchOWAPJ7GkcRGKOT0Q+MNOVOc3o3U2IKBhbgGv03KJ4+eXbWiBUVKx70JfQFxzu6S85MN1Fmznxb+TUpuwan9wRwMsBfUCYmxsvZ/GWP9beuddteiXFJRQqFRHGcC9u5DCCN0Xxdipa7FwtoL5Z8r5+tf7S7gTept0dF0jozmvCNPgSr7m1Dm7OALppCSd6VmTm0HgZnndmB6fYw==
+v0n0.nic.lighting.	172800	IN	A	65.22.32.52
+v0n0.nic.lighting.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:52
+v0n1.nic.lighting.	172800	IN	A	65.22.33.52
+v0n1.nic.lighting.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:52
+v0n2.nic.lighting.	172800	IN	A	65.22.34.52
+v0n2.nic.lighting.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:52
+v0n3.nic.lighting.	172800	IN	A	161.232.16.52
+v0n3.nic.lighting.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:52
+v2n0.nic.lighting.	172800	IN	A	65.22.35.52
+v2n0.nic.lighting.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:52
+v2n1.nic.lighting.	172800	IN	A	161.232.17.52
+v2n1.nic.lighting.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:52
+like.			172800	IN	NS	dns1.nic.like.
+like.			172800	IN	NS	dns2.nic.like.
+like.			172800	IN	NS	dns3.nic.like.
+like.			172800	IN	NS	dns4.nic.like.
+like.			172800	IN	NS	dnsa.nic.like.
+like.			172800	IN	NS	dnsb.nic.like.
+like.			172800	IN	NS	dnsc.nic.like.
+like.			172800	IN	NS	dnsd.nic.like.
+like.			86400	IN	DS	62675 8 2 373514C7EE449CBD1D66527FA947C567A8DAFEA0065D055D3226307C8C2E2874
+like.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NeLpLdhaWMFs5/sEc2AqZk8mnhg7qQP6mG5/n1N9Du8FaGC/vJ04ykRAYU2N3j0mNLH9WqosxhusgrPm6n6cpLO+HtR6U4RhSV8qewKM6QO5xlderEcUo0g9n2S0TUdyFd7XYahQZK3fHzt1uUBATN9liq9f0EqSOroNDmeom6qWvA34GRsZjXRkgtWz6o6t8ffK3cPuGVPsjlSWiixmFrWGC6G+rVw2LBR1Zz52aj+IcYhPgUsedeEV6fHi6Kf9ziWFI0TAXxwxd6fBREwvHshzGBO9HxRuCGnZI9IVSQ25XNtqy8FvKnd7oxdb6hS+hDcj5m1yPGFgajCCnw+C5Q==
+like.			86400	IN	NSEC	lilly. NS DS RRSIG NSEC
+like.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . E+j1GNwN6AxAK2KqZ3em0jQseSHGRcGNwON/g08k8kIwaxgYhNGNtyjF6rLWVvrQGDsnL3kGuziQFh45E+KUwwNXmmkFuUoADaYUQsFioFwnbEYE307eBa4471ekAwaE3ZPYC3NxOwY/jfGdcixNO8LspJsjMHYq6B7tPiGwsIli4xM97GG0/2r+gZJQE9ysIbVqRO/qrCkaPJ6naDk8P/8lerekAw75SLWh25vKugfAAlKDJgb/wRH6CHafUix0kwGtnhruE2sI1WTdrVcV38i41rPDkc3yIszTcuMEoG0mPI6/ntDmYw61a4xdDqRiI3dciHOjuoK6otN8HO/PQw==
+dns1.nic.like.		172800	IN	A	213.248.218.72
+dns1.nic.like.		172800	IN	AAAA	2a01:618:402:0:0:0:0:72
+dns2.nic.like.		172800	IN	A	103.49.82.72
+dns2.nic.like.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:72
+dns3.nic.like.		172800	IN	A	213.248.222.72
+dns3.nic.like.		172800	IN	AAAA	2a01:618:406:0:0:0:0:72
+dns4.nic.like.		172800	IN	A	43.230.50.72
+dns4.nic.like.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:72
+dnsa.nic.like.		172800	IN	A	156.154.100.3
+dnsa.nic.like.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.like.		172800	IN	A	156.154.101.3
+dnsb.nic.like.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.like.		172800	IN	A	156.154.102.3
+dnsc.nic.like.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.like.		172800	IN	A	156.154.103.3
+dnsd.nic.like.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+lilly.			172800	IN	NS	a.nic.lilly.
+lilly.			172800	IN	NS	b.nic.lilly.
+lilly.			172800	IN	NS	c.nic.lilly.
+lilly.			172800	IN	NS	ns1.dns.nic.lilly.
+lilly.			172800	IN	NS	ns2.dns.nic.lilly.
+lilly.			172800	IN	NS	ns3.dns.nic.lilly.
+lilly.			86400	IN	DS	8122 8 2 5DC5F4586F67FC78F4ECEC1E95A5E1A89423DEE30A27E5BB43C31AD6A874A556
+lilly.			86400	IN	DS	60970 8 2 967D4DF30E91FD6E0497C228C18DB4FE6C3EF1479CE5428338FE0E746BC412E0
+lilly.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UbdB6oR988OVHOoKd4MRjjBBXvGqgLGLScJSTbLDd4qNGFj1hgI27lwrlAp9TmcGapnUELLOkVH2iX8lCzneVyXtRYHQIHUuYqpquoubMk4ZAkimYvE14smD/SoQahWwIRwii+5gJboZEtQiBws1vIjTakJ7frwt92CNJUnTRDiy7p4IcrYc+ZRQIzTHlyPrtKWSO5EQMzXnKxsaXtvz91bqi3gCqbOx91VoD1xtT+5RnT9zdsm7IW27yKmWIOEmqNUwgGFM4dpLa4w1tBQY0RTesQdc2l7bsY1R31hN1k9QP43rV6hwrUv8s/dTIzlOL5NctUHRbRlM5KbTwfS0vw==
+lilly.			86400	IN	NSEC	limited. NS DS RRSIG NSEC
+lilly.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . H5DAYqu62/O0uYmSzJa1WbyYEjqHm0WXa2y4CygvXQsDX0eKwG04Y+8cjCsSXedYtaD8aafeq8TI7xVmCoiXvxQu61GJbkHcIQsC9PF+QWSbsF5uMiivtIdvAcl7mudmYLg4IZXBoNp5mAQIP1KnEgD8HBQS5O6xBP4wXfowHsmYUGKUh+1L5+4PeJF4f3XpGdXF8az/b1bO1f/1qEDr+XRF0bMAi4TaODOiwy0S/vhaW9CBbx57Dl+cVZZIvafmiX4o59FXg0N02AQiAgzqppz+xovSVsVe//Z4K/C38+d59Sj8+AX1IdFBv/hOIsUvyntS9oZtGwJ/RjlUlvFWbg==
+a.nic.lilly.		172800	IN	A	37.209.192.9
+a.nic.lilly.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.lilly.		172800	IN	A	37.209.194.9
+b.nic.lilly.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.lilly.		172800	IN	A	37.209.196.9
+c.nic.lilly.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.lilly.	172800	IN	A	156.154.144.104
+ns1.dns.nic.lilly.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:68
+ns2.dns.nic.lilly.	172800	IN	A	156.154.145.104
+ns2.dns.nic.lilly.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:68
+ns3.dns.nic.lilly.	172800	IN	A	156.154.159.104
+ns3.dns.nic.lilly.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:68
+limited.		172800	IN	NS	v0n0.nic.limited.
+limited.		172800	IN	NS	v0n1.nic.limited.
+limited.		172800	IN	NS	v0n2.nic.limited.
+limited.		172800	IN	NS	v0n3.nic.limited.
+limited.		172800	IN	NS	v2n0.nic.limited.
+limited.		172800	IN	NS	v2n1.nic.limited.
+limited.		86400	IN	DS	28252 8 2 A9350D48B0282A5BFE1F7311FE716DE96CB29700B11642B15848419091C3E27A
+limited.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xDIkHbwZKQiqAjPzaNql+eJR8Nu/R5Rvwhgy73v3vath+Yeq4OVflS/PpZ1PcEaJTf9o4FFaHEePHBS5OtoVs4PwhM4o5cKtCORdAwb5tISYDy4hlGNKODwIUAK4uz7139ieJB2tILK3zBW6Bjfv24sSXCUzB6M+uh3NBAecsT/Fs6aKGW0jo/vE7HajYf90TAMVYDIhsXjQW925L4+oQCq3c313L/3hQ/fWu1mmMB6CNJs+50qunN8bBV2KRRXc6TTlEZFjjzHc3FKMWwsznwPfbZ/ER1OFzIoq/mBfztvYWuMkcK7ykPI4ISzYIXktce57qEIs9/1K75tr70KjbA==
+limited.		86400	IN	NSEC	limo. NS DS RRSIG NSEC
+limited.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F3ryw+YG5qxQrDc98lkBw+ZIYQjSJej06c8oUP+mSuvL/YSvP1wQebJWbm8g75Y5fZ2KtmES3n59cyNXD6bdA4xrNZqKa6LyFGbb7O392TXvlgzq/phH0CeYRTTD9yrSX7G6im0s3RpkMHU/whQlJLXMR9AZxRlrt9PJLxAEiyXTgFLHwUkGLTGSyTboUJyCuGJKMOIao1pdlTYOwnkHuisNH19jDMqbalO+ZyKO1Y3AUh7WszElKS4WJDhKXeS+WSO8hRKC9OGgEnzLO9Vp81thi2DoCPhja3oWhoh2oaugJiz3CBEMFOH1/RhjNQOakqVMrDMfxa+lhUFg8TsCoA==
+v0n0.nic.limited.	172800	IN	A	65.22.28.52
+v0n0.nic.limited.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:52
+v0n1.nic.limited.	172800	IN	A	65.22.29.52
+v0n1.nic.limited.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:52
+v0n2.nic.limited.	172800	IN	A	65.22.30.52
+v0n2.nic.limited.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:52
+v0n3.nic.limited.	172800	IN	A	161.232.14.52
+v0n3.nic.limited.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:52
+v2n0.nic.limited.	172800	IN	A	65.22.31.52
+v2n0.nic.limited.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:52
+v2n1.nic.limited.	172800	IN	A	161.232.15.52
+v2n1.nic.limited.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:52
+limo.			172800	IN	NS	v0n0.nic.limo.
+limo.			172800	IN	NS	v0n1.nic.limo.
+limo.			172800	IN	NS	v0n2.nic.limo.
+limo.			172800	IN	NS	v0n3.nic.limo.
+limo.			172800	IN	NS	v2n0.nic.limo.
+limo.			172800	IN	NS	v2n1.nic.limo.
+limo.			86400	IN	DS	39862 8 2 9DE0702A0EEA28354D3DCA5EB0870D939F439CB14A879B583B35911CCD15019B
+limo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VQOPNd9XySjZ9WmzO6My46LSqtf+8YIjxed6oaydbDs2r4Sh/r3KBkPybREEsoITtyhpv6ow2IA6wBEoyIS6KQp6a8Jt7gjB8a1kjsNhhfaXjep5COZiMRwMVMTlr6FU/HHbrMMMkIIC7EMWC/S8LYy9r0/GW3maRxWD6hB/ss7sg1jE8IHwHcWvejQhlI4uof1HfJeO/dZRp0U3F5VGrr82KtzNAQhd+4htpdmjVcZ10MbmlU5r7209eNOas0ydKSNYltPztvonifKE/1Dkc8YHgGB/r0PXXCO7mtJ8R8hlxyG6YopTAX6cGRwY0y1zrD8UOSWNBQtQvdxIW4qMVg==
+limo.			86400	IN	NSEC	lincoln. NS DS RRSIG NSEC
+limo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NlIWshSVaTujxy5PAb3M7ihi2DyqmXALxUaGPCYySZMguSpm3+h6kaaWECvAyZwk6VHOk5RHRFKRpTwMB8buYr5ZwHhA5LfqruJ8+IFJVBNigZ23mooIsdElPX8KZkLnpDLHEdFl5evzqJbyQVS6chR1q4B0W+7mlGCfew+2l+mGTrL8nPAJGX12IsmlI+JEc/39b2oXtXb1s1HTK2AiM6wo76gjbZXJ/4GnYHiePrDqntJH4IJE843N5ohdvX63jS6SWPtbtQCRX1uqmS6ugCZvmH9dyPjWDXn4vQAplLPDrND0xlsH1OiOK0CdhigM/1Gz47lFJRpzjqkwCX/3qg==
+v0n0.nic.limo.		172800	IN	A	65.22.20.30
+v0n0.nic.limo.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:30
+v0n1.nic.limo.		172800	IN	A	65.22.21.30
+v0n1.nic.limo.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:30
+v0n2.nic.limo.		172800	IN	A	65.22.22.30
+v0n2.nic.limo.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:30
+v0n3.nic.limo.		172800	IN	A	161.232.10.30
+v0n3.nic.limo.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:30
+v2n0.nic.limo.		172800	IN	A	65.22.23.30
+v2n0.nic.limo.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:30
+v2n1.nic.limo.		172800	IN	A	161.232.11.30
+v2n1.nic.limo.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:30
+lincoln.		172800	IN	NS	a.nic.lincoln.
+lincoln.		172800	IN	NS	b.nic.lincoln.
+lincoln.		172800	IN	NS	c.nic.lincoln.
+lincoln.		172800	IN	NS	ns1.dns.nic.lincoln.
+lincoln.		172800	IN	NS	ns2.dns.nic.lincoln.
+lincoln.		172800	IN	NS	ns3.dns.nic.lincoln.
+lincoln.		86400	IN	DS	3661 8 2 D29F19155FE9E20AE5A9FA1E1DEA7DC1BADA5D04F1FF458E8C14FCDF088ACAB1
+lincoln.		86400	IN	DS	10597 8 2 54EEB8F5A01779190A418A0BAA75372C8B84FC313188B03DB43E2FAE379F133F
+lincoln.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NHheT1uTog9/YabN2AvscXbTq+5a3SQke8pUJYmIn+lLUhk03BAi2HQH9bG6jYy0PC3WqHfOaEMdQ47/ImKV0sGYvsEofhvrwNj+WsjDQw6lH2sTNKVfswo58TfrGLsKJYaZ4x97/1n2gfKeQSz9WyTVrrpqWnoEw7kNK7BH3lRIzzyEWCtaxDPRPDewwcRBfogmepkqneXTaZfTpG59VpvnneCWaIh3eaEfa1vNNFyhs6hbacSAINI0Nta8anI4wF74rPGUaNlTxbxq3JbsZwH3dTTE26VrTJVrLCVZoCDzIZr8RoPb1XJEhgt63GxHrZHvTIYwRCRoP87JX8PJGw==
+lincoln.		86400	IN	NSEC	link. NS DS RRSIG NSEC
+lincoln.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q2eUrk873/PalkOMJrfoU7VYfk0Axr4cPRKpWeU70zKBO57vfF3OyX0qXLl00NWRqEss5Yw612SojOXpUVU5slubiu0yRC46Cr26zmeNQR8mfJ0sat4K/j7SGNNpW1PlJ2Emo9b+F4Yp1mnPCU10frZKTKSmZCZcNqk7boIeJP8R84rGVcH29VrUvc5/VC+XzK4Fr3pZ+ITgSolNt11fKz6PV782d/PhADnclLy5+eCMDwLxDPjs43UGLr4leUtWN+M+43s+MlnvNMMkpoiQJQvHV/t/gtCY10XP7z8Bt5DAKrZztTMub8fSm5SxmA0SX2NEZRYiLiwyhM90pqBumg==
+a.nic.lincoln.		172800	IN	A	37.209.192.9
+a.nic.lincoln.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.lincoln.		172800	IN	A	37.209.194.9
+b.nic.lincoln.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.lincoln.		172800	IN	A	37.209.196.9
+c.nic.lincoln.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.lincoln.	172800	IN	A	156.154.144.105
+ns1.dns.nic.lincoln.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:69
+ns2.dns.nic.lincoln.	172800	IN	A	156.154.145.105
+ns2.dns.nic.lincoln.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:69
+ns3.dns.nic.lincoln.	172800	IN	A	156.154.159.105
+ns3.dns.nic.lincoln.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:69
+link.			172800	IN	NS	ns1.uniregistry.net.
+link.			172800	IN	NS	ns2.uniregistry.info.
+link.			172800	IN	NS	ns3.uniregistry.net.
+link.			172800	IN	NS	ns4.uniregistry.info.
+link.			86400	IN	DS	16766 13 2 40F1045035D7BA48D27A66442B2C71CA159D219756D3AD4D35CF1E80419228B5
+link.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . geHp9XLcJIZwk58srS5IHeyrRH+4fu4fWcIfrbgwpYOZWOv5yJwu6ZFbJT4LWkjynM/J3p7ZTBu0YNtJPwy2zahaKT5d7lbnCMUTt/0RMP6JsvZ7KBDYXJIGFicBkj70gKvENuPOlC/eQ6tGc1XywDJrsVM9f6DNhyHcWhxZBnAL5W9JTZnWbXUuZTXrm6hHAA3QQ8HSY0YBWJWdnH666BhTJiAQ6kid6Jpprs/607ky9mlU+xIqO0DNlTIAzf+wZyFk2DvPMADXc9AqoO58dJgYPLkpTm0Q234jWsLOLCVwdlTq7y42WWmkWDOOa0jdx7HF/1kOjWSRxaA4QowQQA==
+link.			86400	IN	NSEC	lipsy. NS DS RRSIG NSEC
+link.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Vpy/Qqw7Ffg4OQnC+fMEdXz42xBTF8GUMNw5u09vEvQg8SizgQ0JopzO8p4HshYmXXupE3qpRrV4Dfmjk2kYtHkKdiJpLG0x5oRmdWsOV2Jr0o0w2HD5LZaZKzaWv46y+Y3+zosCGw88BgHoPsR4FEkzX2Plv52l2tbenCXRF77pMyhavgUP+TNlJ5FlQzGGWh/mYROZqffKcPQP2tPrcZngl1gQPf/3nss+jFnLsj+1sUF53d5AzQpqY1W4AV2mRFMmpZlZgsim3H0Or16KzQ7ec7W2CclQBH48kP3jRLpFQ8owbl1QwDRfPJJOCr0eL6UXYaw293SBQzCBfwt6JA==
+lipsy.			172800	IN	NS	a0.nic.lipsy.
+lipsy.			172800	IN	NS	a2.nic.lipsy.
+lipsy.			172800	IN	NS	b0.nic.lipsy.
+lipsy.			172800	IN	NS	c0.nic.lipsy.
+lipsy.			86400	IN	DS	14890 8 2 AF1FCD22DC45F40EE44921A2CDB562F28F3412B8E9FD8648DD393282C29DD449
+lipsy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0BTekRMT6oQoL8meCjsgWjMPgq7cnddOHK9K27JPPkln9yp3OW0CZz7xGvE8y3XAmzPcwHhy0wHIrWL+KS5v9e8U678orklY3x6g+MVNEOrJ+smVbwmi13FICRNAm4p/juB0JWaCl+az5bLRVH2JITS5Huwx+SiUvUoveG3J2CiTDcJOIAhhrA+CkopvNXKjhd/1WAdAwzAPz7wkmDQfJAQpZl62Ry9FIglqqQ697fnCX2K9VDO1XLLiHhC0e6+Ige5DcypzXLxnc2K076tR3rBBbckw1ikoDsCIMFtnKghd5KxAdpRIDc2+tNz2pbfeZ89d1rblDSmeSpjm2PIsBA==
+lipsy.			86400	IN	NSEC	live. NS DS RRSIG NSEC
+lipsy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xAuyJaPjkPE5d86UYoCt8t6UTEgSn/LVGQGJ6kJOStH2/SucRezpVKPZhZhXsp1H6nKn6q1o7w1TalQ9sXGklotzp2FeYryNALH+S2efCJfc3TdP/HOlqBeC86rNAQobhw+DAPgLFM6/cMjipwycpjAdX9cThVbCnIf5iEhz7hKM36Aje+LyzydMJ1t3HX88VxJ9BlmO6wZjQ1a8temps35HYKs/sc6nsTldZ7x966I5P4jbI1BRTZc/aoKo7Hnv4MdaKLvhk4Mz7vZ+RUvuCtO6VACDXUH6nP8FyXL+LsolZNUgOcB6HMqtdqCMPw2KFQ2d6XLnZhJxA6mHtg57Sg==
+a0.nic.lipsy.		172800	IN	A	65.22.112.59
+a0.nic.lipsy.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:59
+a2.nic.lipsy.		172800	IN	A	65.22.115.59
+a2.nic.lipsy.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:59
+b0.nic.lipsy.		172800	IN	A	65.22.113.59
+b0.nic.lipsy.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:59
+c0.nic.lipsy.		172800	IN	A	65.22.114.59
+c0.nic.lipsy.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:59
+live.			172800	IN	NS	v0n0.nic.live.
+live.			172800	IN	NS	v0n1.nic.live.
+live.			172800	IN	NS	v0n2.nic.live.
+live.			172800	IN	NS	v0n3.nic.live.
+live.			172800	IN	NS	v2n0.nic.live.
+live.			172800	IN	NS	v2n1.nic.live.
+live.			86400	IN	DS	36322 8 2 201DF9A9AF6766D9CDBC8355756728F2DB40BA93F9724F93AEEB1BDDD7D564A0
+live.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aIsdbxNMjjWEsxaXXkDJekTTmuPDRsgjHRwNkXMu3rI7K7GuqL18fxsB1pCiyc5rLh6VzoDzk7oB1a3xmAW8bw6IH2UoABXOsdSfvTcZwtmCTsmyfziSjrN5p6lD46Bu5Zyzoc+Lb9GeZO5Txp4d8BX80CuVCLCXVpGO9GmZZ0igL/EMhxLc64elAND7vxB5OO4Van648JI9LHBSSQ5pu+ERn8p0VpWUSTDwefGhn5zqy1x221VtPuvPB2QZ3VX8ye/7m19P8Sh3oSe59M3/QqKloscJ+7LniPS6PDJ6UbRI7sb+li1nBRZimC3JcK+fou9nQ5He98FBHgQT4W6FEA==
+live.			86400	IN	NSEC	living. NS DS RRSIG NSEC
+live.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LFMzsvzjhVNgxmvb60zhbKhDWp2ig2rUMqjC5WpnMsweUkTI+AtWhNLJVAJRpfb/mjXdjMolIJCT3UF5RmFWnO/AudFWyahppJKs5usSGUCVu2uOnM54y9TrDsSyjl95vbTT2BqA5aCk3By+rjbZis1x/yyWI+J4Q8+4ELnNxCSsCcYKasNOguT0oTpudpa9sAED5M3LVkFtO2sbPbV72wTQEYdwBomeuUySA4d47147kY6sAI+kZcNJ8Lwe8KNgLKYM2pgJwIiv91YRt7NtawmYO4SWA+qiYKXI6zL/ArJlhNEKMtI80qAm1xXmmRG9bATjZRmimNXOvmjVrS83kg==
+v0n0.nic.live.		172800	IN	A	65.22.20.1
+v0n0.nic.live.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:1
+v0n1.nic.live.		172800	IN	A	65.22.21.1
+v0n1.nic.live.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:1
+v0n2.nic.live.		172800	IN	A	65.22.22.1
+v0n2.nic.live.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:1
+v0n3.nic.live.		172800	IN	A	161.232.10.1
+v0n3.nic.live.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:1
+v2n0.nic.live.		172800	IN	A	65.22.23.1
+v2n0.nic.live.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:1
+v2n1.nic.live.		172800	IN	A	161.232.11.1
+v2n1.nic.live.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:1
+living.			172800	IN	NS	ns01.trs-dns.com.
+living.			172800	IN	NS	ns01.trs-dns.net.
+living.			172800	IN	NS	ns01.trs-dns.org.
+living.			172800	IN	NS	ns01.trs-dns.info.
+living.			86400	IN	DS	9429 8 2 341CE294DED797DD426A6B6AFEAA0C85BA65BBC8EC3D5A7895D77DEE88435DF4
+living.			86400	IN	DS	59309 8 2 276C77D08EFE6388824F1726E7C6D754189F9EA1747718D4960C5EE66AE2837A
+living.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Q3/qWLWmWSNaR3kNeXaTbE6DdGvx7zKf5/nKBpQZJ6OqFs1SMVx8Y+yWBiTfTY18lwKJIsw4i0sydjPd0ZmpsOxqzfT4m64fCJZ28irrG8IvROXE3IVil+txvoTuGPjhRQQCO3GurWZw8Pv//H8asmq2U4bFggx8b+1GHZaL4gjcPt6+Xk9lMC6QM0LKLiHZXBLfozkYqDOTUs/53fSk5m6RzU4oHklfGIVs2LSneSIKVI56uVBSIcTAOYa+C1fpL49XN+LMOtAJ2livTGIpEH68YeU1D5YS/ZxHf2nOWwqLK7HksEdZzHX5+JSo64DfkTWJUZtTo5X1HxwPxvllXw==
+living.			86400	IN	NSEC	lk. NS DS RRSIG NSEC
+living.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PAggJMLewAy7iZ/fI2aD44AvbANyYvRLwqy2UUkJRBNRGlagPhW8Fp5BW2v2dCAJdIWL6diBZdDLP6akOtEBp38ptLRYtwDaKJAU+bEbfMtmwI4fsu5oh5JXYmZT0XpOSRxEhz8GWNRFXG0vgOcLT6ofwNTHEc31h2nio0R3tG/BQwMwzSNxDupoNZrSl0QoRF9/S/TEJ6C73n6Hq4F3I8u6G1Y3yTe6lZ93ET4VgV209DMqEjcClQ0gswipQvxX5E9GrN2umGCl089LQfstTusSyoYVGEi379oZTeznStOU/9DBUB6YEIAHQrRrfvVAMckspcks7RXwgg2R0+0qFA==
+lk.			172800	IN	NS	c.nic.lk.
+lk.			172800	IN	NS	d.nic.lk.
+lk.			172800	IN	NS	l.nic.lk.
+lk.			172800	IN	NS	m.nic.lk.
+lk.			172800	IN	NS	p.nic.lk.
+lk.			172800	IN	NS	t.nic.lk.
+lk.			172800	IN	NS	ns1.ac.lk.
+lk.			172800	IN	NS	pendragon.cs.purdue.edu.
+lk.			86400	IN	DS	181 5 1 A1907F85D49081239389C216912B8937D0ECEB3D
+lk.			86400	IN	DS	181 5 2 87516D56B697CB3F7A7C3EB594EE0E16AE509D16A503089F4FBD4F347B336F93
+lk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UVuDmcAWoBZKjRZet8mYiCKROW4bpNqEabQG0VI4gN3T6YIXLzvV2A2UJtkQD0ZcrpQWSTiI54L7YuTfckybFdlCHXGoB5p8UPRK4TBVq3s82X6EADxh40QAG68nOchfEIs+oXxb5kSJp7mwbpbRYtYsInXBmg1txUgByQVp1Ls+O2d6QcypIv1RI4ctyGHtxyLJGgFLCPQzIwcQiJovhiu9OVzsQ9A9S8gBLFpT7Cu11OXihRuKx59F3+RA9OB6mmFJrRWx9466z1u3I4LkQnVSoTBNKGHS1WWZdXbEQWWESURHo8EkgfqgdstLIz8Uwc5MbisbhuBVKj9adiA3OQ==
+lk.			86400	IN	NSEC	llc. NS DS RRSIG NSEC
+lk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KYZ7P17cBf/BviNXtmziO//ub+sL5Uv7nLpVOgEPH5xiiSPILpo7j+mVyNIyiZ19HqL6ZwFSCbtA1vOjmzIDS75942OCziYQ0xkJO4gzeMadlvgUT1AlRRfguHN9POXf5A8/vPYsefITnFSc6hTPoeHvBbl6gIz7kukxRoO7ggpPNAY0wY7ewGFroV1xzKUynB8wgYoK2vu7UUMHowSB6M4QzuzSIrzaYAPsRlXQyJFYnMXMIeSiugkar8VziKhl0rFPKnKz05Bb/ZlmIjH/SW2Ms0oU/vRu8pqdFPq6u5ADWeYpKqTy07t87WoZKbaikKoZ31d0bV2YC41yyojZ5w==
+ns1.ac.lk.		172800	IN	A	192.248.1.162
+ns1.ac.lk.		172800	IN	AAAA	2401:dd00:1:0:0:0:0:162
+ns3.ac.lk.		172800	IN	A	202.124.166.178
+c.nic.lk.		172800	IN	A	203.143.29.3
+c.nic.lk.		172800	IN	AAAA	2405:5400:3:1:203:143:29:3
+d.nic.lk.		172800	IN	A	123.231.6.18
+l.nic.lk.		172800	IN	A	192.248.8.17
+m.nic.lk.		172800	IN	A	202.129.235.229
+ns-c.nic.lk.		172800	IN	A	203.143.19.3
+ns-d.nic.lk.		172800	IN	A	123.231.6.18
+ns-l.nic.lk.		172800	IN	A	192.248.8.17
+ns-t.nic.lk.		172800	IN	A	203.94.66.129
+p.nic.lk.		172800	IN	A	204.61.216.27
+p.nic.lk.		172800	IN	AAAA	2001:500:14:6027:ad:0:0:1
+t.nic.lk.		172800	IN	A	203.94.66.129
+t.nic.lk.		172800	IN	AAAA	2402:d000:100c:0:0:0:0:129
+llc.			172800	IN	NS	a0.nic.llc.
+llc.			172800	IN	NS	a2.nic.llc.
+llc.			172800	IN	NS	b0.nic.llc.
+llc.			172800	IN	NS	c0.nic.llc.
+llc.			86400	IN	DS	25591 8 2 93C8B54BD9413A06DC25A32304B423342FD3273CA6785071C4BD18A2D8B04819
+llc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D9whS3zwfzKGObkTF+U3D/4GAF0yrL9IoAEdwpz0QBF5BS8xqqNDl/zXyhAzG8I1XBLroIxy5uUl2GuMP12uWBCPYme8XYp5bs++58gK/eSmeTPBn9Y/45+CxIq4HHx1ETpqd1iA9SGyHegoxYsU1jUNM3Q8BYf7sVU7SPyEu6SX2xfudbabNlsx4soBgkhlLkQbzGaaXsNN9jj/uqb7yMrQo4KH2fLs8Gl2pu/dEQufRl6BzEOL8QojrPalbZvwKP4kk+BJN7Ei31WJaPxdX2+ZD8vWS6dFgPjhQvKNqaqK1gC8Kf/qH3aR8jNfBu3olJXLLILQtdnSpZX/5VCOqA==
+llc.			86400	IN	NSEC	llp. NS DS RRSIG NSEC
+llc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DtZCN0PmTfmn0fQw71T88mIc+UsthJYlDBQDJyyjC3u+5ZzAVhnID57Vaknguptm53uBU5bUxPRVxo0mHg49i653kv+XMnHRR6zvN44Z8mN7jKYypMU4rs++3MuofLrZ2f4PGV2gHaaS4C0d5RqhbytnLUg8FGMrriAii3cc3XsiSmI8UqNfr/d8RN8VUnDovD3OxfIKmGULpRf6zncqSyNX3NXYDflB752bD2IgPc8fjWSyjrietlc8/a1ADzVdA07UuAYxLEUsX81htDHwOgR3TLFqrXVE8bWq+jBKtllg1m5xhTizLe3Xn87ER8NSgE+yF0bp5Mg+udZS9rmbnw==
+a0.nic.llc.		172800	IN	A	65.22.36.9
+a0.nic.llc.		172800	IN	AAAA	2a01:8840:26:0:0:0:0:9
+a2.nic.llc.		172800	IN	A	65.22.39.9
+a2.nic.llc.		172800	IN	AAAA	2a01:8840:29:0:0:0:0:9
+b0.nic.llc.		172800	IN	A	65.22.37.9
+b0.nic.llc.		172800	IN	AAAA	2a01:8840:27:0:0:0:0:9
+c0.nic.llc.		172800	IN	A	65.22.38.9
+c0.nic.llc.		172800	IN	AAAA	2a01:8840:28:0:0:0:0:9
+llp.			172800	IN	NS	a.nic.llp.
+llp.			172800	IN	NS	b.nic.llp.
+llp.			172800	IN	NS	c.nic.llp.
+llp.			172800	IN	NS	d.nic.llp.
+llp.			86400	IN	DS	16200 7 2 0D84D15BF51C1A1C7EAC512663C58BFFDDB5CB5E3AA960399D551754A471870E
+llp.			86400	IN	DS	27216 7 1 5DE35ECE1AE46BBA06281C8DA6FFDA34B167AC2E
+llp.			86400	IN	DS	27216 7 2 B95649568BD88F57C7500A9E21D1D181065170CADBB881E299FD82E3A9909C23
+llp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uz8PLqmRxpmDpCU+gR0+sISZxjE8X/+Qdmo7RCrs/9+VYcqdmZFF0hbLZ9IkUq0pep2lH+tBn4olwyRRlgAIhgxPszlisZgSeqUTpXP52j5zDYqwGC327ePeyAGWbpYDOjB1V0wflcmgxbrGdqnItHe83oZilz6C2BodUsO0gFC1GS/F0flBPcmHzu4N769vWu35nApXITCsapuWsU/KpaBEWvICcwQ+B+Pw13g+Wpu4lcl0PMniVAvxPhp4rhPgsdDPLjyKoXhuLRUqPXaDz7tDQN/S/hTHgmvPVk24EWB/AtzSEIrm/JTI2lbrhhAZGtEx05jlGfk0x9lYc25giQ==
+llp.			86400	IN	NSEC	loan. NS DS RRSIG NSEC
+llp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L88PwYv6SXyH9SsR6MfR6cDwUQBNytLjFzUaUn8zrQ1vMrO49dTpq/+F+2WbNSowOzKqcZEQYQvEEp4XD4rwOMTmjP2WUd5mzBqvYVj2Dy1JMSVUhO/UOZzSxANxBS2uYQP1A2NkMQKGq7Z17FoijRY+L2znmuoDa5hu+AbuRnQTJkbMAxRYX16A6TX/OYrHkQ4F8G9BbRiK2QASRFVVpnayqDfXLJgIv7Pj85nOL7F1eXCZZkBUjuFlwivEuCvqCA1oMN1v/BIYTU6rp+rvCuf8f45V7FLoEnFWBIXziKb4EHwtZEC6sdst/2eOvHOIWDXvQrXqtQSjurrpHSz+UQ==
+a.nic.llp.		172800	IN	A	194.169.218.157
+a.nic.llp.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:157
+b.nic.llp.		172800	IN	A	185.24.64.157
+b.nic.llp.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:157
+c.nic.llp.		172800	IN	A	212.18.248.157
+c.nic.llp.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:157
+d.nic.llp.		172800	IN	A	212.18.249.157
+d.nic.llp.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:157
+loan.			172800	IN	NS	a.nic.loan.
+loan.			172800	IN	NS	b.nic.loan.
+loan.			172800	IN	NS	c.nic.loan.
+loan.			172800	IN	NS	ns1.dns.nic.loan.
+loan.			172800	IN	NS	ns2.dns.nic.loan.
+loan.			172800	IN	NS	ns3.dns.nic.loan.
+loan.			86400	IN	DS	32044 8 2 4263DEF7BAD2257B9020E8887811109CB097FE253BDB6CDCFA2C1F95EE136979
+loan.			86400	IN	DS	61084 8 2 88742B97E99CEE43C1C901233A2A21779DC101EC43CF28C287CDD6509B3D7401
+loan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ihRAua1phs+ovibfZFQFNv79VnUlyeP7cqEITCs1A8DQygzhAg8xqezhnAsHiexR1oq/SZmG8WDDq/73/jXbV4LV/fATt7x/yOOOGkWtZ8uPxyI31zZJqO2ylMSffvoDayFL0aZY2gqYbo2YdxXYJ1X4soXfy5CpOVomrJD9hj2M80bWqw7SE15En7tR1sdPPfAnF0yjxmTrZgkGKpuXPMgpkZgtxEEPaciLegZV9E68KaWoP8nQu/pzF975ELwVMmYzHLkeXhZCVpvrYJhNb85Wj5h8K1rtp3I0Rne1sZr1bQUijgHa90mUKFy4LBBbrYXMkTAByLAnbrhL3iSXvQ==
+loan.			86400	IN	NSEC	loans. NS DS RRSIG NSEC
+loan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UQv6tD6W19rHqG8MJ8IrakkidLJUftlmtDLweopsXi1hH1WdS2MFZILVBYXf+KE7dYUgJnYZkqwLGeQFBc647eK7cUVFueDg8sYKnYFoFq/AZsujwNXmzzsGiY2VvQ6dQgLgLV5K/yt9pL4FApSY0C66R6PYDeKdglc6fPrB0J8rNYpg1Ok3/cU8uJYFN9O+Kis06Gxg3CjRoPRWlSRaBCmrlQOpfRVT3eXjpVNEBt/qYR4cj1CAJs+KxwKUOtY9GmxwTw2OjuatDa4Whv+x4A0pjV827bQ9zQ9ulTb58Vw0KbG6p6U31yL5SLyzrB+jZYdoI98YE5hdbe5iPJBo5A==
+a.nic.loan.		172800	IN	A	37.209.192.10
+a.nic.loan.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.loan.		172800	IN	A	37.209.194.10
+b.nic.loan.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.loan.		172800	IN	A	37.209.196.10
+c.nic.loan.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.loan.	172800	IN	A	156.154.144.106
+ns1.dns.nic.loan.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:6a
+ns2.dns.nic.loan.	172800	IN	A	156.154.145.106
+ns2.dns.nic.loan.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:6a
+ns3.dns.nic.loan.	172800	IN	A	156.154.159.106
+ns3.dns.nic.loan.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:6a
+loans.			172800	IN	NS	v0n0.nic.loans.
+loans.			172800	IN	NS	v0n1.nic.loans.
+loans.			172800	IN	NS	v0n2.nic.loans.
+loans.			172800	IN	NS	v0n3.nic.loans.
+loans.			172800	IN	NS	v2n0.nic.loans.
+loans.			172800	IN	NS	v2n1.nic.loans.
+loans.			86400	IN	DS	42307 8 2 1861E548A3F914C3B7F4DB8336E56041359D352B703D9E302193FC1A98D3AE1B
+loans.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NYiCoVaS488TbUmdMBOLc4kC9uS+XH0F9WEdRefyuebPTqijQPDrthBK+KkbFkejuP4HiNq9aPHtqsQrQ7i79DecPnruiETfERT/E/caMolYOyUrvWmpDFL9XqM/UX8TvjJQefvB0icBvzAj3a6TLpg2BdQa/gR9OdWi7rjJqSlwDHp7rNbuOgIv+Mkrz6kv0UZ3ZD/FTgKAikh5N8F72Nw0R0oa+QqRHgEJSYfO756pg9q5tiUZ1+TRVvR1IBCVCIBis0riRJPLRk18CN4Ly4IbKZVwsi97b++UFIWoIkPiQjmAOx4hJ3Fo3r/MIQXgQO9p+ahmeCe/oCFRN51RzA==
+loans.			86400	IN	NSEC	locker. NS DS RRSIG NSEC
+loans.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BcZaJOXACGBJFeiXD4CMeoWRFeNviFFvZWlMcDm5il9Y+6OuLMgZZcZFwEBMwy5JVb42w3xdg92Y4w8otrG3FuWakH033e/ZEQHUFIsEmjHZwthZ1txEWxcBCzAo5gICQp9yr+ltVmqs/QoZVnWcoQ0N2Xxc/v7+ZPE9oPF0/jXxZSJqnxJxqDV9aW9ZfY2BrzXw9NTS/z7E9DrTLl0TOaD0HMSHHLSkYEASuieLvcoqIKZBCBl0AuL3NgFOAdFKmbWZM+6GihG6g4kXuPwABmHumoesU5kbXtghAg3nsxYlNVaukkai6kyG+sv0RvjHnoN0dtSQgqkevpWpl/NQJA==
+v0n0.nic.loans.		172800	IN	A	65.22.24.55
+v0n0.nic.loans.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:55
+v0n1.nic.loans.		172800	IN	A	65.22.25.55
+v0n1.nic.loans.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:55
+v0n2.nic.loans.		172800	IN	A	65.22.26.55
+v0n2.nic.loans.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:55
+v0n3.nic.loans.		172800	IN	A	161.232.12.55
+v0n3.nic.loans.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:55
+v2n0.nic.loans.		172800	IN	A	65.22.27.55
+v2n0.nic.loans.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:55
+v2n1.nic.loans.		172800	IN	A	161.232.13.55
+v2n1.nic.loans.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:55
+locker.			172800	IN	NS	a0.nic.locker.
+locker.			172800	IN	NS	a2.nic.locker.
+locker.			172800	IN	NS	b0.nic.locker.
+locker.			172800	IN	NS	c0.nic.locker.
+locker.			86400	IN	DS	6301 8 2 2A62E4284AD1157A9994BE5022A76CF66C2C233CEEDE058C673D065FEE63B90E
+locker.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ojRXD5u8zix5+vSYKGIq+0t2u/hO7cGWQbGRuKdxAowovpFJFV6/7yUWPfaY5hPDyM7AWL17ZH43PNIc8BPkKz/kUJgDkYAmYjTarPJLm5NF2T2Q/7djJEemuf1EBH024RWxCil8Op8J4rfj416JZ+/zGYeVO0ajYntcpSMt5367AJcXN4+Nedyfi7eQDh1KTuC/cdHaj+1hbRhTuUlH7VGuGNaqnl6CXx/hGbWwXl9vnEyMVF9O9Dx8eAG9rfGgxl+2dYD2HyVhwto1XR6dyM0lGhp6xUcSWtK5pud+N9y9+UjPxWBZ42GULL9W3O4ADVCawFFHb0ur0+L29QtLGg==
+locker.			86400	IN	NSEC	locus. NS DS RRSIG NSEC
+locker.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cw7UPwLRf8hssAmJudaAg28Ufc49hv2SV2fIAydC+pQW0dvxXg6oq3ad8Li4WdYMYpK7iBFyzYnZbLyzY2HiKiY4UrIfWvQY744ykvE27jkP7KeioO1E3WICPMYPTlYHAkV8sF9trtsnSCyOlGry5RH2jAE78aReG5EVPRFM6HqhfVzEXr7CRmf+RX/T2IJLDcVaO8Gt/iKdEvF2Or8MIXDWL7RFueZ54InYx96y/pswSCD/Zr1/URTXE+fGdHM0Yw4Qn3DuBi3SJlZHU/KJ6Y1EIgTOyCkgxDPw3jZ0zokA46WtD7PKSGT6IijYP5OUTLC3UVP90wjr2DubeZiUqw==
+a0.nic.locker.		172800	IN	A	65.22.96.33
+a0.nic.locker.		172800	IN	AAAA	2a01:8840:5e:0:0:0:0:33
+a2.nic.locker.		172800	IN	A	65.22.99.33
+a2.nic.locker.		172800	IN	AAAA	2a01:8840:61:0:0:0:0:33
+b0.nic.locker.		172800	IN	A	65.22.97.33
+b0.nic.locker.		172800	IN	AAAA	2a01:8840:5f:0:0:0:0:33
+c0.nic.locker.		172800	IN	A	65.22.98.33
+c0.nic.locker.		172800	IN	AAAA	2a01:8840:60:0:0:0:0:33
+locus.			172800	IN	NS	dns1.nic.locus.
+locus.			172800	IN	NS	dns2.nic.locus.
+locus.			172800	IN	NS	dns3.nic.locus.
+locus.			172800	IN	NS	dns4.nic.locus.
+locus.			172800	IN	NS	dnsa.nic.locus.
+locus.			172800	IN	NS	dnsb.nic.locus.
+locus.			172800	IN	NS	dnsc.nic.locus.
+locus.			172800	IN	NS	dnsd.nic.locus.
+locus.			86400	IN	DS	23735 8 2 FB7C38BE258C83CB17367AB656FE05F6A8A2A616FEAC4115DCECFA7DA03A1214
+locus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jz/2i+dVDRn8+1+6ROX6ibj8BjCajgOGJEexdfYPHzc2ACdpIXhlXfVp8cXVYlKx8s57R7kkIeRJ48MyD2BVk9PbwtpYYzNBXWfZmduAVy8kt/67THZ0m47o0rdf2Ugn42cyk51y0H0yEvifI7h9eeh3X5wVF4adJNi3Hdwf5bs/urgxPfuKLeHj/POj/ovUn70iHDUEH3ubvYOJIuZ2NAyhM4V0/Nt5UIxcodGJFf5sreaHEEWX/L2KWdMh8JqlLcEH/PvqnHB8+joXG6DxXgW8qTNIdMvMemGeuNleX+9gEuzzrL0zfxFguibPZSHx44CzWZko+E7/flYbNPs6lg==
+locus.			86400	IN	NSEC	lol. NS DS RRSIG NSEC
+locus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ArNuhx1pPxVQ/h6LMumPAsK7IW5oJAZJyo72GUS0NUXuLMn5EbUSeVnk/z7rf4HtlQj/930fX52S8faNPOpWqcgunEzNLSJPVF02jMqpxO8wf2nWy30QlMj4HuVh+IFGl2Y2XmHQ/vD7SPOJNkBQE7O2dILd9KSQhj/3jJV0fgFw9qW08IWJCBKVLjXJNCFmcL8mDF3vSYLGfhxQ+UW2JsKIUCDfEP60dPPY8IWaUAnuKF+4jYxSsN7f0o60j5ZnmLdc4GoG51ki1zVqKAqgypE5LezF29A/vGOUMOmbmnhmKjevrqwx7Hb4h3AzNa1WZlHHLYNmXiGGNJRp/jU9+w==
+dns1.nic.locus.		172800	IN	A	213.248.219.11
+dns1.nic.locus.		172800	IN	AAAA	2a01:618:403:0:0:0:0:11
+dns2.nic.locus.		172800	IN	A	103.49.83.11
+dns2.nic.locus.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:11
+dns3.nic.locus.		172800	IN	A	213.248.223.11
+dns3.nic.locus.		172800	IN	AAAA	2a01:618:407:0:0:0:0:11
+dns4.nic.locus.		172800	IN	A	43.230.51.11
+dns4.nic.locus.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:11
+dnsa.nic.locus.		172800	IN	A	156.154.100.3
+dnsa.nic.locus.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.locus.		172800	IN	A	156.154.101.3
+dnsb.nic.locus.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.locus.		172800	IN	A	156.154.102.3
+dnsc.nic.locus.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.locus.		172800	IN	A	156.154.103.3
+dnsd.nic.locus.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+lol.			172800	IN	NS	a.nic.lol.
+lol.			172800	IN	NS	b.nic.lol.
+lol.			172800	IN	NS	c.nic.lol.
+lol.			172800	IN	NS	d.nic.lol.
+lol.			86400	IN	DS	14131 5 1 A80AA63C99464101BAD5A82079D748F602A4A79F
+lol.			86400	IN	DS	14131 5 2 4564B365617A6BCF1C53C04DD101339729F556C2837AD8AB095CFF78CFF1F97A
+lol.			86400	IN	DS	15019 5 1 4F3C98C4C13B1657CFA5D90D945EF26008FDFF32
+lol.			86400	IN	DS	15019 5 2 24CEA2AA8A26053D2DA0301850748F74E217A52A1B1941E86963A32C5991E9BB
+lol.			86400	IN	DS	54097 5 1 D96BD9FFFFDF0E0F85A1E2FD01306042D63B3919
+lol.			86400	IN	DS	54097 5 2 EFC57A65D9C270370A1DC1F6A3DE157C6F09032864E976AC5BBB1710C6BC6779
+lol.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0XnY3KO3t1hPmm4Htm6FeWnk6Q2H+iHulM8ea3mPS6F79c7JfddEyOGtw2ys54DSkT0p8jp07iYtpIkv3VMNTd5IXhnT24oW16bfBqh1amD7CVtaYVVNIGRWNv0wpjvBL3q0Hq2WmIsuDvIPKI3Of71OUo4rx+dc7ctoE0PaaoXOYqmxedAMWV4xahC9npXFs+PZMk3HqWGGsA6Ky3R29+Sy7rgHS8n4ay6vtfVGjxM9TtitfFWRrGT7YgjB1gZs/Yl6hNSelbipM8gpGSaAhnoa+0Dkztd2H+k550KKyUz+TGPNEoLeVjSJ3/HiaWE6xkJXc5y2wXqese5gKNgKOg==
+lol.			86400	IN	NSEC	london. NS DS RRSIG NSEC
+lol.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wcEM9BuAI0eCIRtFgXnX+4VzQ+ZttQ/u9QX99llYbueVDKQGdmtwB/3Gk4IgqEiwVYXRa02k6BYpDXVUDQCL/2q8tV6sUc5rT42IAPV13RJtZtX8K+UFnHQF5uuwBA/h1vmpHMwOFBA1xoxYDTprkQtRUSxKfTJldc9omExjwfVMG30FQMv5sOKOHKKNJ0BpaGaQHMu9KayQiTwhDDurGX3Hl4pkJC/xnJJAYZLqk41MrkajudSUcRArrRWGwiItbM+g662jNIdzErcrElGBYiGL+9dHypEp8+c8/V1pdMW+ZzX/TcZYIrgFZk3nR3NLuQyNAkIjIeNsgjdX3em7Ug==
+a.nic.lol.		172800	IN	A	194.169.218.146
+a.nic.lol.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:146
+b.nic.lol.		172800	IN	A	185.24.64.146
+b.nic.lol.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:146
+c.nic.lol.		172800	IN	A	212.18.248.146
+c.nic.lol.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:146
+d.nic.lol.		172800	IN	A	212.18.249.146
+d.nic.lol.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:146
+london.			172800	IN	NS	a.nic.london.
+london.			172800	IN	NS	b.nic.london.
+london.			172800	IN	NS	c.nic.london.
+london.			172800	IN	NS	d.nic.london.
+london.			86400	IN	DS	9956 8 2 DDED8BEE7362BBBF9F4186B413C901FF293F5897412FD92E5EF507765D0A6443
+london.			86400	IN	DS	11861 8 2 5083FACFD25EDC276C25D2D3DA986F370C82BF31A01821ABF462C35800548F77
+london.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eJhYrlrUR05rVnQhDE76PM35nCuj/qTeixKwqj3kloRxSnZvghiNJilrI+LAy27p6ttPdwo6Sefg3AcoVrzl/90c4sWqE9R/MiAnzv2ZQx+nppFdU6+RI2NsV/DTgAghPuAl5dx6UOvaQm1JDyNMNg5LDdyWgfFrxTj6n2OqDQbYx4K2iYxGmC6RrD3vZGW0TiL/VV87rA1AAqTXM4NyjCGK5wERFGQMIp6VHq2W9SG/apvc3tdW6TTdMpQMPJDHkRY9MH810UyZWX/sJtdZZX1nd9lALju/E/+5WHBDaibZHN1owUFjkvjRGZW8/1ta/gP5PkL9F/HIUg+zlRbGzA==
+london.			86400	IN	NSEC	lotte. NS DS RRSIG NSEC
+london.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . X4I6dl9umKgXJaQMNnzTdL4LIyfOoLid7LIm4mgvLbfY0KMkPXxzCYWtVOpLe7+5M7T1/tv9yV4JRJdIH7kjJIvUovJpeEsV5ubn83x+2oDie0YOubhjFZjXS1ATnU/Ehf1cgQEJ46AEhsFhxwhzamrQiGPc7btA/sPfvq/cdMNm/gdlPeYC/5a97v48GzS6ZAwmV9In6pawv247fNU9uc2LVQSol9Z4yaVabGm9IK7t+T9h2EPYTN1a2KJ8iAx/h9rDcCUcMoPmzOxq9PRj2RH7DC0syb7CvwmQl1MAJeufe8TalQLCtQZYkBhvt4EqtIFY36EIP4Xf6jp1EShe/g==
+a.nic.london.		172800	IN	A	194.169.218.141
+a.nic.london.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:141
+b.nic.london.		172800	IN	A	185.24.64.141
+b.nic.london.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:141
+c.nic.london.		172800	IN	A	212.18.248.141
+c.nic.london.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:141
+d.nic.london.		172800	IN	A	212.18.249.141
+d.nic.london.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:141
+lotte.			172800	IN	NS	a.gmoregistry.net.
+lotte.			172800	IN	NS	b.gmoregistry.net.
+lotte.			172800	IN	NS	k.gmoregistry.net.
+lotte.			172800	IN	NS	l.gmoregistry.net.
+lotte.			86400	IN	DS	34387 8 2 5D13945C642B308E7D91B7653614033529D3C6B95C38C0EDB47913EFC809D769
+lotte.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EjpwiRLCpvpyZd6aqS5tl4hMNhGdF4XE/7nTNeUve/Su0q/TjAgOahezOa+786mDpjmQwWdw8IdJQ2FFXbvtzaGhuxClfFVEG0z/6Pxmhvn+UZwjTChwOJ/opQ5G21PJFmQbzdPDjbAJn+im/DZOP9oI4js+kU43R+v9PkC2dLSMgavFvMHoapvuISvYWANrzZj89HWypzkTJz6xmohAW2cEjln4MpBhqVrSCQicY+g/SAmENoxLu9tmo55LBKKmTTpf8fC/4cL/9RIiG7Yv2xF+vl/7eozN1bPOCLGcdH2nXQcqWlcsOjzJgnJpWMM9G3LxoPIYnmp/6rtS7pqgTA==
+lotte.			86400	IN	NSEC	lotto. NS DS RRSIG NSEC
+lotte.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eiTabdvZVlYDCfu+xIJNyWR+gjGzFxfgiz14h1vlKd/gGIaHD4D1dXR1eQzvze5lLTufYcoAHN6LYD3MP9Nkf8nyb5/CYc+DEizdHzUt9uF0isNn/GNZ4fjV6Rv0htxmMXbhOMbFZx0EriXUjtFL3hUDXXM93HfrWtSj/E7YI21GVAXgMeRRIkLm3zjkWFb27VI8GQOZSfAwrpklV5VtVQftod6ZpndWyQN+GWQFfhfyAPPbiq9yi0/NBTnmKzH5/QQi98jxnbbG6dBIGffzqQ1tttn2GMUYyxTw3v7q0sAcvijayq9tA6ZD17s/Q96q7DakF9GeCDSSKfxqDUrGWg==
+lotto.			172800	IN	NS	a0.nic.lotto.
+lotto.			172800	IN	NS	a2.nic.lotto.
+lotto.			172800	IN	NS	b0.nic.lotto.
+lotto.			172800	IN	NS	c0.nic.lotto.
+lotto.			86400	IN	DS	45466 8 2 6FFE76934A3634A61F99FAD76FA0506A7682C5541452CF7B289F348FEDD124BF
+lotto.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nHaRCB64Jr/dU6x/PpxE77rdqYWr/kdrXP/j+X6IfEDExKLpsh7+eYwOpY8GB+Nj8lQVLWKY6fDSVHAxW4xkXBMGe7KPLE+AX+9RkIcYQDFJnVVQOV8EEQhNEtbpqrxigUjpZOErfcWUZmWjEvP+divfD/kL0mJK0pXTDJRXyF/HFkISSRePAApbIylG55iKATEaIG6rdomcAQj455TYJlcH5SPFGfAQAYiQGyR8kONyZcLbFVmLtmhCVxBUtwpQGx0FVlGT/+J26bn19NiD/2AwakReRsOxMIDL/bS0bRoZ7LRkCkSaE+MsMtMpz20Ip49bBmr+XhIyNpm+H6JJ7Q==
+lotto.			86400	IN	NSEC	love. NS DS RRSIG NSEC
+lotto.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L+9MtFTCpJGUVSLeAMDbGGwIFeA1xZbRNbW5Gvl/aH25fjZGPEO9llf+FGcTcNJTNUwr8N1YEVTY6rg8vaPh+EwD2rOvPPD1xbn7tzDkGLtn4kBVBEBheDv2GjdRTnUkXcQxbimbrz+3gp6iuQr6pSvpbdUOBtvrucbZCDQbKTMSKMOsPN/Z5vj+keKdZhemomfFb4wllne84XLMZTXMO8zcX7ybEKQNhpRzN5JVII3NKW6MmHpQLxb8Leu+9LOCMX8QHYAAA0ewXcDjtPyU3aJTypu23UhMDiWfqfDXrHhGTpbA+E5ZwcigeHuYNGrqy+9KgtxN75/XOk+A1vtI8w==
+a0.nic.lotto.		172800	IN	A	65.22.28.25
+a0.nic.lotto.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:25
+a2.nic.lotto.		172800	IN	A	65.22.31.25
+a2.nic.lotto.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:25
+b0.nic.lotto.		172800	IN	A	65.22.29.25
+b0.nic.lotto.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:25
+c0.nic.lotto.		172800	IN	A	65.22.30.25
+c0.nic.lotto.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:25
+love.			172800	IN	NS	ns1.uniregistry.net.
+love.			172800	IN	NS	ns2.uniregistry.info.
+love.			172800	IN	NS	ns3.uniregistry.net.
+love.			172800	IN	NS	ns4.uniregistry.info.
+love.			86400	IN	DS	27205 13 2 099BAACEF86A52379CDC0F6756D1EADAA7963FF5C3A16CFE32340B109580B84B
+love.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0HR8lhzzt3c4q8j2Z+SXUtOeVduQz4Gc/R3gAnZhd8Op1IO52mG6Px9vSnw1o1We/c/MMJHou2bp65z13+wKBNC6e5w86gQuGGjJhAczTstXoGxIkwaumykf/zV38njSm33OP0AfKI8+hUzNfA36CC09rWivGBvL441Eet73Pl7BHLDNKvSm4DfX1bmyYl2d5CzRO6BQ1hKaTkpx8Dq9X5HKws8GKcfPdeRHhLBXV8Do7YwmEzJhONw0K45hpKIkyr7AzedhmCw20vqyeBDFwJ5RgnH2hgrU0VOI/rD3UtGReUtkVei+DLT/qQM3rhf5RG+nwp9jGAvycYwttB6C+g==
+love.			86400	IN	NSEC	lpl. NS DS RRSIG NSEC
+love.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LXsRXaBzz+tOSaZFFS7I8kKvZsSIrFWxAKKqHYx+1wWU4NzS+fmOiURkbe1k6noTCT5m7UemiFasw5Ss+CM33m8mm+5a+0PIXtfvEedocmuWmdIBe9pS/irEvilxvQFQFmf6uGm8Ib7q9E1d6kjECqQel9jQCZleQkS6u0gdDzaitPt1Z6lrt+cwv4qlib/703Pr3wv+/KFK7ZyoXn03OpOaf3ijJ2S8Sb1WOzOh8Xt8BD6HLPtddRE3BlxTwmD169beY1wLy2ez5KeI4KnXaeEX5rZ0PBjnlitVJir3CKRKhmfW6w2ERinpsTTo/ugJKbBYw7VSQ8BAA9KqchIuYw==
+lpl.			172800	IN	NS	a.nic.lpl.
+lpl.			172800	IN	NS	b.nic.lpl.
+lpl.			172800	IN	NS	c.nic.lpl.
+lpl.			172800	IN	NS	d.nic.lpl.
+lpl.			86400	IN	DS	43324 13 2 1783403D052E9B382D00F3D78AB8DC40689AE032B7246D93A683761837F220DF
+lpl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XZx31hyxk/0grRhDPMWKoea31d25EPMqh5uCmkUcOe88sG/nk9nXXiqJtZgf5SIJ1u0J2+6phk2Yt1UwUUGpaju7iB+WTxCf4Igh9HCm2XW2DVrFjMFH5AFQzJqTSRg21XpdrjTydPJ5u2LQKxSRu7GywY+rPX8IDwggMjmjluRmR7E+op5M+JUPXBXADnbV8Rqevii7jNwf8ptNTlOVMrRgIOHjz65jAOZ3vicpG/FUYdDAgmVS3GQuLhs4BFoNJkpJ5fLq6E1GHkBxCZPXblb0qu9gzete40Bz/BDfTK4AteaJoFsp1KvZ/+QOA7Uvr1EHc0wEcZZABLvfV/1WWQ==
+lpl.			86400	IN	NSEC	lplfinancial. NS DS RRSIG NSEC
+lpl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DKokdrKAjDKw1KQvPg2qmjqHGgJfp3fenqpnSo53kUfUXqYHdZDstSr6oT1zY1LzExLNh/NRXrwEY+wnD3pJEgrLHS8sQe0byYyMDwliu/plJCcVDBBarB3bCuBpkYat80FFVcIeUKJuw2uRB/rcmDwOWoGrZKkV53gx1CP9EP8kQiR3B46pNKFgsaLBcR+pL1Nydvjx14x+YioBSQwC2XdsVPovs1StK/y6Q2lZKa5kCgP05Ft94oep1KYZnW8aIlNEV26A2PQTaGWQOBMC+uFay6349eKLuObcXMzmWlt+mtXqbmXns2hrjkOFFGOM2keD8fbQCA+QYhRVjSMd7A==
+a.nic.lpl.		172800	IN	A	194.169.218.92
+a.nic.lpl.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:92
+b.nic.lpl.		172800	IN	A	185.24.64.92
+b.nic.lpl.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:92
+c.nic.lpl.		172800	IN	A	212.18.248.92
+c.nic.lpl.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:92
+d.nic.lpl.		172800	IN	A	212.18.249.92
+d.nic.lpl.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:92
+lplfinancial.		172800	IN	NS	a.nic.lplfinancial.
+lplfinancial.		172800	IN	NS	b.nic.lplfinancial.
+lplfinancial.		172800	IN	NS	c.nic.lplfinancial.
+lplfinancial.		172800	IN	NS	d.nic.lplfinancial.
+lplfinancial.		86400	IN	DS	5735 13 2 2A05B6233FED896C1E37FBAC05045EA676F33E838F2177ACD4CBA897E128A0BC
+lplfinancial.		86400	IN	DS	59873 13 2 F4665676A01CDA5D5CD4EFD16BA5F3919EF741E788D27512015C84D8B0861DF1
+lplfinancial.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mruN++Wod8QLlXCTy53JHKZcZ8Q+hm0v2Shr2jrc3NAE/WKf+/gHBtSNQ3gfIs9Pv0ROJlX6IsmVAmpRyQzERfIk0+XbViKkWCLLyy6jttbUBlQW4vZlrQyDyb501sYTN+xL0m197BKpzGr5RtbrOzLKKYLoCOC6YjHIId5EcXBdEZE/elqbGFJsZFhnxc1+PdCUn9+Yba+pNIAcUjK/cOsTKETyN3+WBxGyjONJ+LuwWjpX7LT5ofbn/URzEEjxnWdczGdH9JWf6Ge7TSvEijzuwe39S5qGm4/QkW4gONGtiAfv9EOAk2wyQ7TQRAHyD9ZhXhw99kL37NYdHeEggA==
+lplfinancial.		86400	IN	NSEC	lr. NS DS RRSIG NSEC
+lplfinancial.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ry7VJbd6tp1jRTAm5pfLzvBg3YeX6t1qwFckFskUGS5r11sL/H8mZtiRffCRqWUJ4LsaSzgnMwNifjKd86E91gbYIPCL658bLi5O2F/vxACuMWzbOTg5siLzSWD+wD7j9KnqPSrqWrAzxBj92LQJVGcdkwZzinJ03CDMy8/75NtuaBITDUuN9KUas5Gg1DEm3+jRznXXWSfTJmufTedq7oxwvAAoxyDd/l5lxwmeyhz1HWzgSu4en8fZUpb4tPlCvnCozIfYWtFP77imuPhmk2f+2IC8qDxeX3KfAhePxtYrO7rxRzV2hiIiAXurd3BUBINRjZBxD2TG8dpOGPDSQA==
+a.nic.lplfinancial.	172800	IN	A	194.169.218.93
+a.nic.lplfinancial.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:93
+b.nic.lplfinancial.	172800	IN	A	185.24.64.93
+b.nic.lplfinancial.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:93
+c.nic.lplfinancial.	172800	IN	A	212.18.248.93
+c.nic.lplfinancial.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:93
+d.nic.lplfinancial.	172800	IN	A	212.18.249.93
+d.nic.lplfinancial.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:93
+lr.			172800	IN	NS	rip.psg.com.
+lr.			172800	IN	NS	fork.sth.dnsnode.net.
+lr.			172800	IN	NS	ns-lr.afrinic.net.
+lr.			86400	IN	DS	29984 8 1 A5E2025D5C3B1F4853BDDA21AA6A751E552DC715
+lr.			86400	IN	DS	29984 8 2 AA0EC78A15474B054759A26A2BE9D85A97F5FE9FE485A206E68B4F83B07789F8
+lr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WhKocr5Ki/T6rO4VgdNCSRdLu1VjLW3Q4Ro7uFQJQsgxBfPADXNQ85bABwEp4aNJjBqUITxmQA2nvjRwVRTHK85N4EpxiVmko6HXkplqisjyJcAjA7w/a3I6C56dv8k9H0qGQyAW8Hgh4Ft+wzjA0JAp1cnGCr38rGS8n8DhL7OmbR/6RNQgtaNkusMc1wcQj+k9W+TiVox7QXyEOTLfgLGlfCmJ/FhIru1m26uJjciNZXg4xXNzqNL+rbVbH27dU+JisZTTjCZ2xhjlD/HifRFYpFQfsA5WaBlCPDJjKrbxY+7Sgn0dqXI3VRac/aqsVarFiuPMW4KurTWZ1+T1vg==
+lr.			86400	IN	NSEC	ls. NS DS RRSIG NSEC
+lr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HFz5f1734M4hdnPeoH7NOHuAOdBI6jsrbm/ns67uzy2g58orJnFvHuvillHiwfYOdCXFtj768vcMPFTSLBji451sWZCwDVswe6COu5ja95jfGw44dN43wXrFWF78s3WfdE2PIji+YrKJz3+Jj8WTwkF2wV54boj1mP0P9RBtD+efIn/wIG3XxWmdS/TYTOITNXcchvDHFauBmSK+nk30eNsjaDy9mrA7YpbnzcA3Itbq7fpqY7mdmLgJ1nk4xSo3uuovJIVlmKflcULpMjnkw9Qy9OeM034n/wgvRe6oToN9Jhezy5KLl7ThvgaYSkAiWG+Q0kTc05/Gqn7m4nAlyw==
+ls.			172800	IN	NS	ns1.nic.ls.
+ls.			172800	IN	NS	ns2.nic.ls.
+ls.			172800	IN	NS	ls-ns.anycast.pch.net.
+ls.			172800	IN	NS	ns-ls.afrinic.net.
+ls.			86400	IN	NSEC	lt. NS RRSIG NSEC
+ls.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uZ4rbCjjcOL25SgggC3LYudYf4RRHpc57HeX6inAMVm6hnhPwldjES2oEBHNHv/dPljhxGuY3A9aejys5uY6VcdBcJWiCbw7eIDbRQzSGxycVLJfGcMZvkCjCQJm32t/fVyzgZHHdGaNo8kP2XTUo5/16Uw8ziUKQ5PeSklcAG4NMn8WJEwFAWBKHz9suYV7zcoO9NdpMgVzokrP00Z2NHJ6TMvqj6nC2dGxoMG9hQ0kGdEYS8qC9crLXIt5o0I2hbaMvl9SLU1MZ/0U39pjgaQG2oYmZbvAzr1+69KnZhMYxuD1xhEde/OhfktcBPMSfwWPXTVoSxwtfsj2pFfJTQ==
+ns1.nic.ls.		172800	IN	A	196.43.249.1
+ns2.nic.ls.		172800	IN	A	196.11.175.1
+lt.			172800	IN	NS	a.tld.lt.
+lt.			172800	IN	NS	b.tld.lt.
+lt.			172800	IN	NS	c.tld.lt.
+lt.			172800	IN	NS	d.tld.lt.
+lt.			172800	IN	NS	e.tld.lt.
+lt.			172800	IN	NS	f.tld.lt.
+lt.			86400	IN	DS	56197 8 2 DAEB03EBA817B22E5E0FA3BB3E1FCE483DF8EB309E9D350838A9659E609E15AA
+lt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qbJGNckB1QV46o8RuAWD/KASDdKlEBzO9rchvEvFGHsX9LPFfprRFtSCqCH9MX7Uh83MIv5NjzXLiI87rs1OwqfEeV8ug9gc1OUsBJlwKXiX9QHfDUrsqGOejAr3DQAFi36FM38bsytLEGqSxhHott1+4ABNu+Njw/8AhgahuONdqf9swY7/LlabbvPFbFXhiaNGj5LTx3KEdZOK48Pj3hctFgIt+DltZFqNAyEs/iihcxVgZk/M4tNym1gGp3LuFaanYcnn8u+vADPbeilhzhofi17SZuuApZ0Gb2g+e62iFSUg3toYOKZjmvXhlQxt+ynXF2TStbvZ7kP4Xe/T8Q==
+lt.			86400	IN	NSEC	ltd. NS DS RRSIG NSEC
+lt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gqjYH4bAuhSSmNlr2N9Iirf+lrUt1ddEVmV4vzw9N4h9FYVY5MKAXbC9qXuGmgIcnQkPQgUHFrNBUod9NHCcQInW6Rh0f+F1FNT5D8Vl5F6ucr7y1BkVbCVW0ViJPQ7L456grzyqUb5bgafLwyVR15dP5USeCiiOB/OFKYftdepfHpK+6paBqGCPSFcidgGE+ONaI3KP/CbP1naUiMqpZmLWvTGwlxvMIvpmh9auE5bmIxvWXRIwsWUJ9VNhG6qvMIPeeVYd5B2e/GhJXhdW0GKGukuPYiF5PJLaow+BehirEgEkA9DlPswUGovgTkrUdGOvkeRwQithC9GlkshHKA==
+a.tld.lt.		172800	IN	A	195.8.218.131
+b.tld.lt.		172800	IN	A	194.0.20.1
+b.tld.lt.		172800	IN	AAAA	2001:678:19:0:0:0:0:1
+c.tld.lt.		172800	IN	A	194.0.1.4
+c.tld.lt.		172800	IN	AAAA	2001:678:4:0:0:0:0:4
+d.tld.lt.		172800	IN	A	194.0.3.1
+d.tld.lt.		172800	IN	AAAA	2001:678:6:0:0:0:0:1
+e.tld.lt.		172800	IN	A	194.0.18.1
+f.tld.lt.		172800	IN	A	194.0.19.1
+f.tld.lt.		172800	IN	AAAA	2001:678:8c:0:0:0:0:1
+ltd.			172800	IN	NS	v0n0.nic.ltd.
+ltd.			172800	IN	NS	v0n1.nic.ltd.
+ltd.			172800	IN	NS	v0n2.nic.ltd.
+ltd.			172800	IN	NS	v0n3.nic.ltd.
+ltd.			172800	IN	NS	v2n0.nic.ltd.
+ltd.			172800	IN	NS	v2n1.nic.ltd.
+ltd.			86400	IN	DS	54 8 2 D0F5F5A210D27F70A8912BF81078BEEB34DBD370D7F0470D1140B749AC2F3A46
+ltd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TWoVPWK6PXY/88mMsJju4bhZVi6APdSWtxXKowZZqSIoK1reok3l+KcT6B2UShIg0gN95WSX55ckwyVSfiOas7Z52F/0nviPfHNIQxv7NlSZd5nRmJphBZyXzr/U3E/PTEGu0EH3d43e8CDMJioTWZWZWSIQzjsvL7HJfAoFojqASGOnxQHqICVUj8Cp0yruLpk0XKOl2KSjLKtjNSqjnSrYGuP01wxrLZoztj7bnaAOCX7OWDLy4MqpUdDgj7nFD1UhBfja3e+Ens4cwLQQq1ek/fSXt19+YB3ObHOBSxSWgIJbGFfJn/zbm/mQlQpId5TvokI67rUMAdT8p57hhw==
+ltd.			86400	IN	NSEC	ltda. NS DS RRSIG NSEC
+ltd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V7WJUnudBIwarhruH9rTiwyNpeMIWWtcyue4RhvU/vs9QWGNzA+GnjbJb3uVRXoClEPT8Sj5KTDSTnDi4G+jJPochqArFCzDbgsLInS60Kpj96pHCeLad2B74AgMxp/l18racwTgvMOWNfdKW/spS31vm3B+64/QT7SxSR05LCei8L7MIDXxBj3AEsM2iW/RkYy7VhcZM76EppB6p/3XsGBBxXfRUxcwsBJSxlXDxJYeh2aXsKc0L0tzWAnTjgAHWgOaHIqpOGbVAgJSKnryyUhKApsf1wLJfUfLdXMG+xnD1TXdYKCaZmWi5U8DoSu6nC9tXqmJmqKOvuG/6vZwYQ==
+v0n0.nic.ltd.		172800	IN	A	65.22.28.2
+v0n0.nic.ltd.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:2
+v0n1.nic.ltd.		172800	IN	A	65.22.29.2
+v0n1.nic.ltd.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:2
+v0n2.nic.ltd.		172800	IN	A	65.22.30.2
+v0n2.nic.ltd.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:2
+v0n3.nic.ltd.		172800	IN	A	161.232.14.2
+v0n3.nic.ltd.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:2
+v2n0.nic.ltd.		172800	IN	A	65.22.31.2
+v2n0.nic.ltd.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:2
+v2n1.nic.ltd.		172800	IN	A	161.232.15.2
+v2n1.nic.ltd.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:2
+ltda.			172800	IN	NS	a0.nic.ltda.
+ltda.			172800	IN	NS	a2.nic.ltda.
+ltda.			172800	IN	NS	b0.nic.ltda.
+ltda.			172800	IN	NS	c0.nic.ltda.
+ltda.			86400	IN	DS	28549 8 2 44371EB8133D637DE5A5F08B4465F9F92624D581808BB4547635815D455BD804
+ltda.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bQsGi/ym0Tgb+I73uwmt+t1BVNtd/T72z301d6ENJld5KGKgkhSBYu2G3oAGo6rVtuYyEvz8e+VLKBYx46+YhIGEjvMs/l//0xev7LRHy/DBi/RLjd4JFSbVlAWv9fv9+USpgMaiZZ2kQn5YkPN9/+x3enJkKBww4rJnWQX2+rTpCVTdssIUbIcEl5cMJssUfpEVb5eAlKAbcAK1PFXe7LGhTvEjlGzGxUywF78rhMK0t1RZrqR0bRrf6KWQEebIMcTZJqONJ5SvKx30t6F6oH1TIugK6zivo/YNIBtOQ7WUzMit26+purgDKDfSQDpOPCNkkezBAcwtq4Kt/BrBLQ==
+ltda.			86400	IN	NSEC	lu. NS DS RRSIG NSEC
+ltda.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZrKjx1FZ/iByccBg//XGfTVKXkGGOTkEskKSxPhiy2OiIyEgCU/X3gR6jNuDCb8Gx48KUsbUs96c9WLPIbNPdai4o6/JIliMoCZIKQMY+5QacdvMcOlzX0Ofx///7vpPdLizzwQCs0tbB937rQoAtRzgiFYlMZ0a+i9O5kKLQhfEwdBTEC90Tqt9/7+H+2dIfUxylny0ka/hpWNnRFGQ2+5bzDECYgBONx2p5JbXnHz8h+Vcm1SiMl2wMI4XbW72VgzXGVlr1/ZYjIrg6jXlby3KyKaRi8BY5vorQiNwxU/FlreADsUJRz8mIQ2zRUJb/Lx8h6ZIrvdHAapmI8krng==
+a0.nic.ltda.		172800	IN	A	65.22.116.17
+a0.nic.ltda.		172800	IN	AAAA	2a01:8840:72:0:0:0:0:17
+a2.nic.ltda.		172800	IN	A	65.22.119.17
+a2.nic.ltda.		172800	IN	AAAA	2a01:8840:75:0:0:0:0:17
+b0.nic.ltda.		172800	IN	A	65.22.117.17
+b0.nic.ltda.		172800	IN	AAAA	2a01:8840:73:0:0:0:0:17
+c0.nic.ltda.		172800	IN	A	65.22.118.17
+c0.nic.ltda.		172800	IN	AAAA	2a01:8840:74:0:0:0:0:17
+lu.			172800	IN	NS	g.dns.lu.
+lu.			172800	IN	NS	i.dns.lu.
+lu.			172800	IN	NS	j.dns.lu.
+lu.			172800	IN	NS	k.dns.lu.
+lu.			172800	IN	NS	p.dns.lu.
+lu.			172800	IN	NS	ns1.dns.lu.
+lu.			86400	IN	DS	20752 8 2 2BBE0B0C438F336CA96F655DCCB9A72D7359064225D9E38A0A09804F9BE20415
+lu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SvdOjc9WVRkxGWZQtuIzRcE9wj7WpwZODjUpvEujgi+9A5hOiGdUe+6FmR0v7WqLq4M5O+lrmdK+/oh8YgH5/g/wyg4JQGiLJvEXzZn4xFm4hU4XDuoshaN0/kQW1+82sfQywQHAHGKTgJawXD1K4aaobEz6QldBT/1+zpaNPUh1WIv5YFUjxOmpDaEv0qeLV+cgrB+GqtRHYJ7bVL5KAxAE1oQw+2tvUUi51ctH9R+YsjVhuf6dqatPRBnv3c+6iLWM//wusLEIfp1Ib218JMIl3pNHu3nzWX+hDx9/DjHzFiqk/CfSgb2fVm1RFYl1+2gCZUFw6+Fkfkf5XrPotg==
+lu.			86400	IN	NSEC	lundbeck. NS DS RRSIG NSEC
+lu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KGkkzerZjQXgAY11qjXFtvVvEPA+Pa7d5M7K+Pzhpr54iYD1LPQ+tDAdYs+867WadtnVDaApr1ItrIlA8+H0PyqTIJUFQ6tNUb/z9NcQjk+m5qQCqFtmsmQZuSxwAaNpHboLp5n24gbqq40mJIzxLe2NUsccG7J+XQXn1v7fLB5mJ2jbJYZnD81JTPHkfYbQgkhVLo8TklpKACxL/s96RucnelbQeMY/dUXwPt22lHtS7bGxVaysz3FQltvyNlSAcxUllkdD3kbbbghR1kwPteTGdvN5rJcsGXZAWJHHyjqqCzHBKwTXSLZaTMR7YEpmeIxZ5vqC2hAW59FjXBs4Lg==
+g.dns.lu.		172800	IN	A	194.0.23.5
+g.dns.lu.		172800	IN	AAAA	2001:678:1b:5:0:0:0:5
+i.dns.lu.		172800	IN	A	194.146.106.66
+i.dns.lu.		172800	IN	AAAA	2001:67c:1010:16:0:0:0:53
+j.dns.lu.		172800	IN	A	77.72.229.247
+j.dns.lu.		172800	IN	AAAA	2a01:3f0:0:307:0:0:0:53
+k.dns.lu.		172800	IN	A	194.0.1.13
+k.dns.lu.		172800	IN	AAAA	2001:678:4:0:0:0:0:d
+ns1.dns.lu.		172800	IN	A	158.64.229.18
+ns1.dns.lu.		172800	IN	AAAA	2001:a18:4:1:0:0:0:18
+p.dns.lu.		172800	IN	A	194.0.42.42
+p.dns.lu.		172800	IN	AAAA	2001:678:60:0:0:0:42:42
+lundbeck.		172800	IN	NS	a0.nic.lundbeck.
+lundbeck.		172800	IN	NS	a2.nic.lundbeck.
+lundbeck.		172800	IN	NS	b0.nic.lundbeck.
+lundbeck.		172800	IN	NS	c0.nic.lundbeck.
+lundbeck.		86400	IN	DS	10564 8 2 38580C9480C824DA9CB65A5FFACCDF2F6AEDC660B98C6166E0A843FF13FAB368
+lundbeck.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gUqj2OGoK5DEuMMyxl+V2snFO1PMbHBFkmhHfczudewvXPhX6E/E/gdA9F/V0ubv01Uo1Mj3V/rkWfg5/28hcMWMbhyAbg5Bf3mfrLrZiAWy+dnvuEvatwhyEOMr+M3aheTbEt7TbXhvFwFDYL8Trx08CV5QlAlucquDsuxrFYPxnJz2xO/UR9CpCXuzsLPwqFL4kXTJDk9olUU3sat1l6PrlgfDrSy8xuif2WJ4XEQCO2fUo+6K0KV0ndp0NPLcADS59QbFj9k5gvBd+Mn3om8t5vhpvLs8a9Vrd7X0Z6FfXiBzD0zHue0x8gZzfVZKxbW8BphO8Cq2Hq/hjvnrCQ==
+lundbeck.		86400	IN	NSEC	luxe. NS DS RRSIG NSEC
+lundbeck.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0k5s05UCHTZGtJ6Jdtg1E/OqoBq2MYWQuXD0cCa+IQnecfawfGjKT+QBrMkE+vQu4M/+NPdTw3Bv4zCD8bvFhgpYqV3JmyShvxLNZnBtET/7JVDfc2J5ihbjNCiBHx9EazHpBmFQV8zyAQYOuvIV0vqEYCkwRwdsA54/CRkdtFnWIlrKHeb0rJOEnlHrjORY3Nu+IbW/81atWP+MlQVkozI9+gD3nJ6PN1W2bErqvwBoSa5m5u96eggnSDIoVSUt8nd/U+A9AhOQxzL7Fkx1wGuY0048obl0F+RA9RzGbfRgOnaVVbgaeSmjL7GQdH8omO/NWgY49vMrPMmcaNJGBg==
+a0.nic.lundbeck.	172800	IN	A	65.22.112.60
+a0.nic.lundbeck.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:60
+a2.nic.lundbeck.	172800	IN	A	65.22.115.60
+a2.nic.lundbeck.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:60
+b0.nic.lundbeck.	172800	IN	A	65.22.113.60
+b0.nic.lundbeck.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:60
+c0.nic.lundbeck.	172800	IN	A	65.22.114.60
+c0.nic.lundbeck.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:60
+luxe.			172800	IN	NS	a.nic.luxe.
+luxe.			172800	IN	NS	b.nic.luxe.
+luxe.			172800	IN	NS	c.nic.luxe.
+luxe.			172800	IN	NS	x.nic.luxe.
+luxe.			172800	IN	NS	y.nic.luxe.
+luxe.			172800	IN	NS	z.nic.luxe.
+luxe.			86400	IN	DS	36439 8 2 5795A4998940987917475AE83F6F49B1FEA576CAC1203C449E9C8A3EDE316785
+luxe.			86400	IN	DS	39844 8 2 195B8FCF70C5028B4C75368EE18A455CAEB9330C8BB85141C4F071FB94833A40
+luxe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L1jZqitj/aoYNMmDYZiTj8oHJXOnmFl4wAblmUCt5n4//2+QeavsK4iK7g6pAPDPXjNX1Kculg86giWfenSOb6T6lIvPtdUJnCO5DM91HIOrm3PfjdJ41nfjf7PxXYPTueC+x8H3mkD/lEsujyzDabYH8iH5BiTcw+Aq43kFSLC+u6Icm4vW8aYU4KJkltaSP9NNmLPk4n+T0VgzVUh0V3wZw9+bpU2IlGpL/8U04P57tIQ0BsFyZ/6EdiOJh5uCwYo9Y8660TGbYXXC/bRnnv8XEJI1g/BsE0QOOPRfOvQdBb7ujq7EGQlrR+POJEQW/vJERcQPGhIywBYq9NxAWA==
+luxe.			86400	IN	NSEC	luxury. NS DS RRSIG NSEC
+luxe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qfhvJECiksexSS7TbbjT+VgsipapCI+I+ZQKN7P/JBcOwge1rbowaPBifh5aDSeDZWpFCVC2GkGS/pAPQf6Nb78AZxkJCRLm/uvYCGIwOX3exBr/nVYb5cdH4f876l+TKZyoqZg4MvP3Mv0K2WWvOdYXxRV8w3jCcT3pj3BFTz99qJXfE2nnLBZ1sK8yRYGN9f7jye0uqWoY0ZQFEmYhGZRXzzWnHoLjxzW7+NzJKN3fWLGtAgFtro04qZEc6KD00CzQQbhGxdIkFceZ1zrwDUdWIfBuwZzkTV9C2xcL/kdNNiRXHhcRzuRYj8Yl4M0tBG4C1ogcRjB7GCo1qfH5iw==
+a.nic.luxe.		172800	IN	A	37.209.192.10
+a.nic.luxe.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.luxe.		172800	IN	A	37.209.194.10
+b.nic.luxe.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.luxe.		172800	IN	A	37.209.196.10
+c.nic.luxe.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.luxe.		172800	IN	A	156.154.172.82
+x.nic.luxe.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.luxe.		172800	IN	A	156.154.173.82
+y.nic.luxe.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.luxe.		172800	IN	A	156.154.174.82
+z.nic.luxe.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+luxury.			172800	IN	NS	a.nic.luxury.
+luxury.			172800	IN	NS	b.nic.luxury.
+luxury.			172800	IN	NS	c.nic.luxury.
+luxury.			172800	IN	NS	d.nic.luxury.
+luxury.			86400	IN	DS	9355 8 2 0DA436D04A11933D6BAE25E2AECEF3CEFCB34E407FEB3BA999A7190964F3C3D0
+luxury.			86400	IN	DS	32039 8 2 DEB7FE904A2E04500ACC98F3F5B9D6DB275139FBC92EBB2938BCF9E842812935
+luxury.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QsiXZ7YmHC/FEcOkl39mPTe4pSvRFKvE1Yg0kWzN7JP4+awEqUIv6qMww1XWTUQGJZIFTBjKzBlB5roDDM5iLMVm78KP7axcYqH/JkUXEvacld0tcEzTuE5wNEzIPYIWWgxj7KwhMOQnU9VOg6jNRhA8icU93hQtF17ihOikrR5pd0bRKsEl67W8t6Pmt8NoEdgStg+hT0oo5G0KqRlNEHTE/eJFftS/EaliqNzhqi6gS7K7YgYK/854+MoL1FacemJ1Z0R1deOIa3XXnFfurhUv+LZJJc1DoDIcqn4WOMNhWIOM+ylZGy/wPY2u7HCidX4lgFb+g5qFhCbBpnO1Ww==
+luxury.			86400	IN	NSEC	lv. NS DS RRSIG NSEC
+luxury.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z7gVIjEFDapRnofPomIZ8+5sggCkzT7taPURRIJPAEsHyYC9LTZfNOdseX//iw2QNUNZNHgc7nrifcvEvZ1x0a9g+b/TnzxKsUkcslurBJC12IB1Z6nIWPFJU1OhYCoXJanUcoDUQDYMuTaxQjvRusbi6OU+1Rw7h06gMnS6qF4TOa5w7+dtoBaj0HE6IIcEfQ1rJYMdnpNujH3IvrFf4584VJRbaOspsPGlNlAs2Ep2iFeq8CadMS2qCHxWoPVes20pO1dI2SO9/zn6yqBAEqksI8+pr+rhI8eBV0mDV2T5SvQubEnbL4ACu+BDlV5WcX0qjVfhwOvriB3cj5RXpA==
+a.nic.luxury.		172800	IN	A	194.169.218.98
+a.nic.luxury.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:98
+b.nic.luxury.		172800	IN	A	185.24.64.98
+b.nic.luxury.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:98
+c.nic.luxury.		172800	IN	A	212.18.248.98
+c.nic.luxury.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:98
+d.nic.luxury.		172800	IN	A	212.18.249.98
+d.nic.luxury.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:98
+lv.			172800	IN	NS	a.nic.lv.
+lv.			172800	IN	NS	b.nic.lv.
+lv.			172800	IN	NS	d.nic.lv.
+lv.			172800	IN	NS	n.nic.lv.
+lv.			172800	IN	NS	nu.nic.lv.
+lv.			172800	IN	NS	sunic.sunet.se.
+lv.			86400	IN	DS	42018 8 2 7E932A4F9CF9B1CD047C277E3CD323A53D42347D47C7BF1DD6018FF4B344FC1C
+lv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tqc1aOsE5+ric02AxruLD8hj/Cd/RsZ61xLCamnxgBUqkcvvHfPKHAIcetCf4qxBtCNjAH/wLmu+bvV/ZOiMhzjsrVNswNPW+/reEUtDOABQg8SSrjofFULruNKPeT7vWt7OgS1biAZEXlqeuJlJUSUEQmJbC6uEMFsIwcKSpg/zTRENWa98ED24hVR5+ur9OKZ2ko0TilAzRurxjjHoka2f7iiTJQXaZJQrNt2vMi0Qqrem2GOYW13bepNJlKpX/eUu0kL4Oe8zTk8+YQ8+y2KxRA0yeZDwdUmWXeo/of1CrNaVcLi7cyaHF88+bUyhOSRcRuGx1+lmajLvEQLBcQ==
+lv.			86400	IN	NSEC	ly. NS DS RRSIG NSEC
+lv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vqWbcvisWaaj3K1TSrC7dGDVtqR93/ue1zhhR2AjhR5GRSwn2P9uacIjXOgt/X4AZi8NcldlqOXeX4biDpOUIkHKLAHV9MovXt72+hvF6FubkOFkfHvaEM6e6Czh3uINASxxHMT78RCVwK129SvD/pQuqRa5KYV67jzRV3Qc6dncsSRTTQh9fyZoHkFT5jL6OInxbDUOqlXEPAvUvPszwcxxd7K1Q1agsmm6DG9K3ZLwCZ6oN3P/1R19bCf4qaItFjvlvjjfVA02KBfynN5Be+DMPWH8LPrBq8mFqDeeT86VxffC53I0zaGvNaA1qccN+HmBIQiq1DfWWmM5Ymic7A==
+a.nic.lv.		172800	IN	A	194.0.48.1
+a.nic.lv.		172800	IN	AAAA	2001:678:7c:0:0:0:0:7c
+b.nic.lv.		172800	IN	A	92.240.70.1
+d.nic.lv.		172800	IN	A	194.0.8.1
+d.nic.lv.		172800	IN	AAAA	2001:678:b:1:0:0:0:1
+n.nic.lv.		172800	IN	A	194.146.106.150
+n.nic.lv.		172800	IN	AAAA	2001:67c:1010:38:0:0:0:53
+nu.nic.lv.		172800	IN	A	77.72.229.249
+nu.nic.lv.		172800	IN	AAAA	2a01:3f0:0:312:0:0:0:53
+ly.			172800	IN	NS	dns.lttnet.net.
+ly.			172800	IN	NS	pch.ltt.ly.
+ly.			172800	IN	NS	dns1.lttnet.net.
+ly.			172800	IN	NS	ns-ly.afrinic.net.
+ly.			172800	IN	NS	phloem.uoregon.edu.
+ly.			86400	IN	DS	62311 8 2 08E9AC56F605A728D048C803787AB044B0C81CAEA2031EAC9EDEA77150A1BDBE
+ly.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YS4/QE98AJfnv8eB4sFnvKpYUs7R/0+qvipq3sXxv3JaC/ZM3PfDMCLSy5VJgmZCFp9a5rlvBxSukpV5HqSxXIGUd38oQb3mHPfnbyEJUx9lricMxQHlpeBuXdXVNL9FATBZcZ1SMmG23qHueM8XphRQHJPq5Jy+PBW0xNlg84mo0IL2p2vCqM7xQ1MC0GX7OaTHQJr7yl9GGiohhDhVqhKDblXDw1mAqQPHn04x5Q4Rsk6ZogU+zGznKC5wdStHvqSRV97S0UEer6QOHZjSTKT/8O/h5GnSauNu3ntYnNlICQf2ZA7hHh5sjnYYXTCzx5QyBniMoLpa81nTn/CCEw==
+ly.			86400	IN	NSEC	ma. NS DS RRSIG NSEC
+ly.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V+87S0O01S6rLeBW/Dp2OS9Utle65+vfcGnRBGgJ5NizRnsoMq5H7/zQ8Ov44tj4VRlmWzYHemLDvwLZGZfLjmuRq3CIEOtiWbVn6uBqW50oXqFYG7DNt/sZF9cM7bPyrUerQpgc6xRxVooH46JP12ADTkpwGobk/3hzRdBGkyceALG/C/oUl4szQFnUgBRvCLHvCd/SXIR/WaSEaMifWMtodzZQ9QkUGNnFYWnVJ5nwJu2ZgmEi+z/SJv2gnn+ns4F1l6Fiq97N701JFIjJGa9FXJYaLXPc3vIvcpTDdQ8ZQacki3MTAVkqr5w5Rugs8NYpr9H/UxUiBByxe/vRKg==
+pch.ltt.ly.		172800	IN	A	204.61.216.67
+pch.ltt.ly.		172800	IN	AAAA	2001:500:14:6067:ad:0:0:1
+ma.			172800	IN	NS	a.tld.ma.
+ma.			172800	IN	NS	b.tld.ma.
+ma.			172800	IN	NS	c.tld.ma.
+ma.			172800	IN	NS	d.tld.ma.
+ma.			172800	IN	NS	e.tld.ma.
+ma.			172800	IN	NS	f.tld.ma.
+ma.			172800	IN	NS	dns.inria.fr.
+ma.			172800	IN	NS	ns-ma.nic.fr.
+ma.			86400	IN	DS	41102 8 2 EC91608875E8628E96FB65403D828E0782103EE815FD7E0B67ECCCAB4B44EF56
+ma.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . H+BpqTB7Mt6IZV2NAC2900+6cQ/ryWZc2RU45Nl2oqf/UxgVdn8IdCMrr6zKyRFHpE3bEqh7lCy4ozbDsklps073eg8LilBb+ChLWN1GIYOjREWFr3smBhs1iFGMzg9jvLqDpW5hIJWILyTsSK3uNXxHviEY3cq+b9jusvPVMEQQVZZmNtNDk+W6srfxNghqUOs4R2eI3uc9xNL9/csPvcKH7P47oGaNOfLt5D5T2oYnsRDVvvTAzn8rsEsW4I+gbWje0wVkfMZu3qtyDpHHsbo6yP39fFU/BaIUpWc4oGuQLsV7cHfPT84RwNdxMZ7/d5ppjRr7knME1YNy1x3ofw==
+ma.			86400	IN	NSEC	madrid. NS DS RRSIG NSEC
+ma.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 09TobpSgiLyPAB6k9H18J/05WLsxzW6qSMVDBsLVt2l73L28V/2ZMfl7Gcf1J9gjhEmRqVv/uHw064uPcFTM4gKdRjOMJf1shHw/mqJzZDCMW0uYfKTvekM1rMbu6d/FkCQCJ+I9Z4RbjXD4QUvAXcHoOZMxUKSCFg87dEKfrlR8zfSHS9CnmaKYX4jbWNnkEZiUnPm/QIDUgTs5BjnDT93KYfGplmmN9SLbZRtwNPv+V5aOgU0ct8eAlE2SHq1lxDca57JXmFqLpuRo7i0SuXSNce+RW4lY8oAxOj+pAkTbuCAnODC9GW4APRJQaP0+dTLx1oR0fhoTgkM2Dhjcjw==
+a.tld.ma.		172800	IN	A	81.192.171.83
+a.tld.ma.		172800	IN	A	81.192.171.131
+a.tld.ma.		172800	IN	AAAA	2001:4288:1800:186:0:0:0:3
+b.tld.ma.		172800	IN	A	81.192.171.84
+b.tld.ma.		172800	IN	A	81.192.171.132
+b.tld.ma.		172800	IN	AAAA	2001:4288:1800:186:0:0:0:4
+c.tld.ma.		172800	IN	A	81.192.171.115
+c.tld.ma.		172800	IN	A	81.192.171.139
+c.tld.ma.		172800	IN	AAAA	2001:4288:1800:386:0:0:0:3
+d.tld.ma.		172800	IN	A	81.192.171.116
+d.tld.ma.		172800	IN	A	81.192.171.140
+d.tld.ma.		172800	IN	AAAA	2001:4288:1800:386:0:0:0:4
+e.tld.ma.		172800	IN	A	105.73.80.236
+f.tld.ma.		172800	IN	A	41.214.240.4
+f.tld.ma.		172800	IN	AAAA	2c0f:fb20:100:fc:0:0:0:33
+madrid.			172800	IN	NS	anycast9.irondns.net.
+madrid.			172800	IN	NS	anycast10.irondns.net.
+madrid.			172800	IN	NS	anycast23.irondns.net.
+madrid.			172800	IN	NS	anycast24.irondns.net.
+madrid.			86400	IN	DS	54534 10 2 B04CBF4DF277FB7AB0799B9CCE1469E120DF69CAAAE1118DAC9C408A970E35CC
+madrid.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . r+pxKaQqK3ylGSK/DazMwfLHLszSuxSjLT0179NfjjDEnQZk2Wpao7HWDiCZ1nUqc08qd7MpFY1QlqzGtc9b2C52T0IC6JS0gOOwvs7nlmEV0oGPadvKGKHJIMuLjdsJ0KzxGlYz34rd3nLg5Xi+kwpKFeDqAm4c+yGNbh2F+r1kJSdsEi2rVLTcGkhiZoEE6e5xbRl167Tjmolbooja6s5H+UQgfsn3p7LfT+0C6Vf/UhvaqI2IhGe/GZiD2rDWhuOS40o4XJgrjcB2Z1lqxSRxo8YQNQFfU2HTUCndKwMaSlPBhyGrZxjuHsn+FRsY/JSs7xuauObDQCJuzd+4rA==
+madrid.			86400	IN	NSEC	maif. NS DS RRSIG NSEC
+madrid.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FsYVgHEKCj/PP45GWeRm6W+6nLHZeTQHqo15f5jrZQwJqqLkUBAAZ74K4g2BMnBRf9HN4Ns5vKHkjGZcfPQ2qRrnyTIK4pyuxuDwYyY2kxYGyGrUQS+kYsfFVzFNaEGxqwhTR/jYlyxAcwsScH/G/LwoO1Pu06YDX3siVqy29nbDHORT9xP6JE9q9prNrHeFdxS1wq5XuHM2AndV05qDbNqoEjcEaJ1rE4g8i/RgNGceDDCEEkcYs6DlX81zgcnQCte1QHTDh3Q8BS2Fb68GYvMvJ7g7o31p+kocnpZMWPxff36RyMVguhAfU5SBoFkkNER3uqIZrWtbTzrQDvPK5w==
+maif.			172800	IN	NS	ac1.nstld.com.
+maif.			172800	IN	NS	ac2.nstld.com.
+maif.			172800	IN	NS	ac3.nstld.com.
+maif.			172800	IN	NS	ac4.nstld.com.
+maif.			86400	IN	DS	48459 8 2 E44BC6E7CBA1624A5F16941F1D53FE470A3A7DA4B1C592878D1B32E8EBEF667C
+maif.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rMUc/raIKd0R95EemYXzJa1CaCHco1KNEk/OMMrAIpaST9LiJiiFCsdNakqfYtZRVjkSc0FtSJZNR8lMOgaim27tpNoYDWo/1Ny3XrSXmTzhzWwnmwqhpyNdsWWVJVNLCx7LK+zQWFyRTfHx63yaohu7dRAuqtanD1qfsLVPpY5x1nMnqp08FDq+JmSiN+f7pvwZhVgPGpo7Hly0zk6guiLha41TzWyo576keEh6s6bZqRZ+qr9Uj9/wzx7KY9ojEZ1M76joZVxczClv27cm8axl3Zs1VSOcUO8K2i9rVV9kRAkeNF4wkJWqDNMrE2VisjFVxvTq/xfMwjr5/rYj5w==
+maif.			86400	IN	NSEC	maison. NS DS RRSIG NSEC
+maif.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Rd4MpaNRZE0Q/4n7PT1QpB+Wyj4226P+zYpwy7dKw0byl6axjCas5DA6KF1Ek5VtrShnYFvTMRU3h4MFnZghKWRnZhmXT8gbeFgZsa5vQ8SiZVB/iCZU8N4uA9X9PXoo0gi9HAyKlVf94H5DG+FHYVT+6xd2OGKKw6jS7qK0/gsIVqNZrjVKEAEzI+w8cP2GYJmiJE1vB1DqghrutO1Sf/lvaQYRTvwP9ldo4UvBhTXLzYPO6SwpnKcH0cDC7JQpq/Nx6WbEYgrDSFQVD1jSQyCMjphMtcZ20I36sjPX80r1Sos4gkDgxvwalmRN2Iyk4TVtt+L93OdaYdoL8A/vWA==
+maison.			172800	IN	NS	v0n0.nic.maison.
+maison.			172800	IN	NS	v0n1.nic.maison.
+maison.			172800	IN	NS	v0n2.nic.maison.
+maison.			172800	IN	NS	v0n3.nic.maison.
+maison.			172800	IN	NS	v2n0.nic.maison.
+maison.			172800	IN	NS	v2n1.nic.maison.
+maison.			86400	IN	DS	47149 8 2 AE330295E4790375D3E98AC41830036AABB74D3D31B17C391B49D7FD2A4883BB
+maison.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sr7lL2z6dJKMs4KYMkQUZioui9raeNLvpXgO9na4MTcGVX9FEOyJEBrjFR5qOsMGd94P6/DwqwT9TjQVWbaAX6tiZqVm3D0bii+j4u1dEzW6fyZhqLdnotRjXpZ8XbRMa50zdh+6mkYjtaSj+/HcVBHK56Py47g7jYx9QCupt7lruW1ZpIKpzbr7lZZdlnYm1INYKBOMJEfHjOwK1od8X3uNzlDI4KUB6fPIsF0AecHUruAyCyV8umDCFgbZvArE+GYkY1j/x1H2NETLzEZ9qj/zaX2yUfLi6xCtPbmsvSal6L9Cjg5Y7bPy1IjtHVxVkk9q9aMKcNGomdYAvUZjlQ==
+maison.			86400	IN	NSEC	makeup. NS DS RRSIG NSEC
+maison.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Rp3gWeu0p6HJiyslJSf3cjO+5CZwsRByndkESQMhRW0yeEnf5gEbce81ogNr+n/z2tF1yiUeIq8G8jwHKVLGpX26GbR9gQ+94Js1y7rKZSm6m/P0wECNPHljgCQ4hVRhtWeLFk8LkKG8ArIWdtdnoA90MpAjSWwjX2ghG/iapNSVCOStXcPOEQ3WwgLi647ujvYP2I+2PiRvrbpFvmYVwPBVHs2JmUshrYMozYQTjiLGvl3N0Ch++gxmn562tuqtxKaRrY/uA3ErmxViWjFlTamraHGlnuVnbTmYBpC865Ozp+aYkWoLzBCNdZCigKB0nrSN4Ag5cFB4ZD7IR4R8xg==
+v0n0.nic.maison.	172800	IN	A	65.22.28.33
+v0n0.nic.maison.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:33
+v0n1.nic.maison.	172800	IN	A	65.22.29.33
+v0n1.nic.maison.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:33
+v0n2.nic.maison.	172800	IN	A	65.22.30.33
+v0n2.nic.maison.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:33
+v0n3.nic.maison.	172800	IN	A	161.232.14.33
+v0n3.nic.maison.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:33
+v2n0.nic.maison.	172800	IN	A	65.22.31.33
+v2n0.nic.maison.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:33
+v2n1.nic.maison.	172800	IN	A	161.232.15.33
+v2n1.nic.maison.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:33
+makeup.			172800	IN	NS	a.nic.makeup.
+makeup.			172800	IN	NS	b.nic.makeup.
+makeup.			172800	IN	NS	c.nic.makeup.
+makeup.			172800	IN	NS	d.nic.makeup.
+makeup.			86400	IN	DS	49310 8 2 335D21FA55D5E1E94AD51A0CD89E8BEF3F034C5F842C2AD0A305ABEDB2603257
+makeup.			86400	IN	DS	64251 8 2 D35BAFB6C94CCFFF2DD894B0B745C49C0717BCC5348CA5422B1A9405DB1CAFB8
+makeup.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sSKa8VW3AjcaL2/rjERzfjU0mwNjkCV5WbDRRP5t6kR/vRvr+fb+vSPU8jKvg+OBcZ9ga00wz5ySQ3FcC0b2mxrTSn9fheLRYY6MrzZULabW2eFMb+7g2mOgcPhuQxAb8LNNEZ1mKLw29U98VqdSehmZFfya0MWxQalAnORubtPy9GjMGGN9sMACR7LCsg/sU5DOVwQeBN/O5b0h14wMOcbYU/5uJ5JQ882JgoSMXF2l0XqH6XL+EUZ4KcYycy2Ith5tVSfQqYyzHE8ymqjHLr736hhx0wdZWQ1itfS+0d0H+6fY7vb/gKq4/2KSglEkqjZ+SZrItPPFQ2lw6FWq0Q==
+makeup.			86400	IN	NSEC	man. NS DS RRSIG NSEC
+makeup.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . W5kdUevFmrR8RLXBJnNqyN1nPbDKYZNteHFYe2oHeptAs0/fANpIixXoOVgEZgvlHC1oKSs3q3pCBTzDPtngdXjFIS81KtKXNM1yT7U/JLREqf47N57JW9dDN2GN9qkXtT41Wu7V1qGNXzX09l2SEb4PliN28MlTsmf9iQez15NKeD1kgHnKQTX/UMqqfq+G4DNWlpMC7al9h4d/PoNum8iYRYvgrqIoJi869oFKNjXd23leT7/i9XhFnIAEqGmm1T2fJUdect5DDM7kT/9LEqpcAZlP6RX5fuuXO11dzUnk6J5XjNBBZTbOy34wSpMu/swsFFjrGBlXtWUfeLq4Zw==
+a.nic.makeup.		172800	IN	A	194.169.218.116
+a.nic.makeup.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:116
+b.nic.makeup.		172800	IN	A	185.24.64.116
+b.nic.makeup.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:116
+c.nic.makeup.		172800	IN	A	212.18.248.116
+c.nic.makeup.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:116
+d.nic.makeup.		172800	IN	A	212.18.249.116
+d.nic.makeup.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:116
+man.			172800	IN	NS	anycast9.irondns.net.
+man.			172800	IN	NS	anycast10.irondns.net.
+man.			172800	IN	NS	anycast23.irondns.net.
+man.			172800	IN	NS	anycast24.irondns.net.
+man.			86400	IN	DS	1872 10 2 8E4B8FEF8F9E2D51C3B5B4189CFA8CD13D23D6B700516FC4AC632FC47EF7E7DE
+man.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FisvbIkeSbqEoYZcC6hVtohmVh2YjyYUetu0m9pBwyhFVEEM/jAuPjGjDmLfuS1ldCeLOc+yuRyT5RihXauQ0XYar920+pJbh5DTHd20m6kVc/6uyoKKbxuvAm31yo5DDT6sF32UgZTSv0FgRX8CJZRyIIfPplr02B22VuvlLuOti3oTZPcfQZceXSblxpE4NSKbDeeucaWY/kpcl7qgXCN3ik3WoGdqcsjmwOQpguRD9Yy0EFVzKQHyC/dWdPKdGw3Fa5yvEcYV5FoYLP5xilllc55JTGoWUMFBDW4hAcP8kvTIfEm9d0CUh+OwjXLO+zW3VK2sOzd808bDXcQULw==
+man.			86400	IN	NSEC	management. NS DS RRSIG NSEC
+man.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kXe3ck36eUTVgguL+PlCqn9It0NswqzUaOy4dzSrddINb2j6fO6iUdwDWjGZIb1XFfm9+KoL4vBma0R3J1SNlDIR14FHwqrrR+4j05cQiHicK1jAwk3xyUEbKIMjzXEJyK/u0YhlyC6ZMktu30h5fz6PXKlEkoiJ6wB6cynv+XS4saOmW3eeynba8jnf/p0IizJzVcik6sFhC9ZvsU3F2gWL1TdVDTSLIqsBjG4KUxTCYc3aQvQ5ij2MG+Urz38T8DWKi3kqi5eZYemTApfoJ1QTRm2aUmyQTWLVKRSHxhx1xzPoK0KEIQBtWF+TwGZ+UPltAcvW7vJSllvsJ42u3g==
+management.		172800	IN	NS	v0n0.nic.management.
+management.		172800	IN	NS	v0n1.nic.management.
+management.		172800	IN	NS	v0n2.nic.management.
+management.		172800	IN	NS	v0n3.nic.management.
+management.		172800	IN	NS	v2n0.nic.management.
+management.		172800	IN	NS	v2n1.nic.management.
+management.		86400	IN	DS	2944 8 2 3212DA6705ED0149EE2E13781D2708A6ADD9073DD6E680EDB3D76D9E45427590
+management.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RWzRZ168n660y90s/ODllJ2iwh+V+5EEK74O5qINKoPZeMQsSLeuqkZvcWutnDvpjgTgpGtnN3IpRrd96oNS2U8iuFa7mkqxqvAKv7slbR78AWSkG6nSR78W5FWhP1VYQUN98Bb05MCpa5riyIFNYQtSUyG6kO1dskIJKAmyONMi3mljK9PPgki9xygmjjMysa47LCflmMNBJo7jNlZLGy+aRqjNJ42my5aDN/R9BVODs86Hf5IUZeX0L0wjqXnW5ZeEM+xfUa7D+VDXzY2tCpLsgVIsx8uZ9VoyBlJshCxItAnu2TzuS5+vH7fBmASNsjnKoobIz7ZF3KhL7nrOrA==
+management.		86400	IN	NSEC	mango. NS DS RRSIG NSEC
+management.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fDzn2ysK8Ngv8LaQdVnYC9Ap0DWhQ2mP8wBeR6dC3Tm9f0reAbTokJ+pgGE2p6/zP971/1hKy7dgOhswAz2VJOo8ms80wadXVXEVhu3vZWRmWT/ToyOLTm4IY+Leu7QaA8DmOYc4r1mZ+Tv+BOxzOD08qWfplK3DXmdpZUyrfLt9bpK6OI9iNzKRPZdrNpwbsSQXH23IkwMGqI3uHi499IDNuHDrM0szBJRiz6v/j1csbdM1OosiMUH321IOFV9aDwZkTYDXUiXptwu/2RMtjCBJUCiQKrMvFdcZPbSr7zSnYeZOWpgTbdSya+Eh8IRGSpZYEevtPc/QepIzxM/mLg==
+v0n0.nic.management.	172800	IN	A	65.22.20.14
+v0n0.nic.management.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:14
+v0n1.nic.management.	172800	IN	A	65.22.21.14
+v0n1.nic.management.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:14
+v0n2.nic.management.	172800	IN	A	65.22.22.14
+v0n2.nic.management.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:14
+v0n3.nic.management.	172800	IN	A	161.232.10.14
+v0n3.nic.management.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:14
+v2n0.nic.management.	172800	IN	A	65.22.23.14
+v2n0.nic.management.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:14
+v2n1.nic.management.	172800	IN	A	161.232.11.14
+v2n1.nic.management.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:14
+mango.			172800	IN	NS	anycast9.irondns.net.
+mango.			172800	IN	NS	anycast10.irondns.net.
+mango.			172800	IN	NS	anycast23.irondns.net.
+mango.			172800	IN	NS	anycast24.irondns.net.
+mango.			86400	IN	DS	42309 10 2 3AFD388DCC7DE7AD4FA84EC0F897B59FAEF31877F80EF4D55E5ACBDFD8AB98DE
+mango.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iF/aFL2ZNFiJVjiM6oA3DayxT2/y12sY7DM94NAkXxwCRiSQ1vKxTIzDtj04hI5vlu4L+1yfQ0utPaGH+4syN44fTRAN0zjJKdELxLnbed/1HglLH3f5F03ALYM3qJMv1ImnfnwYZzEGl+jBBuwaIcvtBw+kP4RrEWG6GP7tNO3PJGRX/qehOg8jTHvhzizGj3wpvJNw277pyv8/zzNWH6fK+mulwDny/ol968L20JbMYHbe7TF3gn0VssAYaiTLi6vpjPS4SFDhJfzcg89oSwXJB65ACHJziSv2+nEO6xqjJaqsfnGqU0N5P1AV1VNq2SqvjsHG5AaK2VUs0+TAcQ==
+mango.			86400	IN	NSEC	map. NS DS RRSIG NSEC
+mango.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bTlbfK/RAdJkOT4hff6ChT8oVhOCj/P1oWOpTx08DiyT4RosX3PZvjj+NuwrUnzkdp2zcBz8kgDgfS80mX/CcM2/Zo/RpYKuZSazFmnvlKBJ2178Cro03XLqKtQ5eOQT9EqN/pjNcm76WKN52hL4Uoqz7pBp+e6G2CPwqYUjy6lwRmF81U1lI0as1trtqQiuu6hE1IqimkyP0kKgdqUF7r98Ec6m9pltDwYMXGbBMzfiagYF7VNo/II8ESDQ5JxSa5qlJrsvTndyz7MokdtUX9uGlMK9yYeUR5kDssiIO9kMY5AnHSAjed+Z6mCiU3zNNyM2ZQRpWwgTo8szw94nrw==
+map.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+map.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+map.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+map.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+map.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+map.			86400	IN	DS	16600 8 2 2B0DBAFC4EAFA98FBED02ADB2FF33C9AF7666F2F9910A141573F511397393A4B
+map.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IyfQDSk2xmOisdNYXOx/nz6VG0TBJYmLgtq68o85iiuEMqK8rJlf8QXoooIsvWQ3nwUVWbu5AMGYhnJgdQFaUaOTf8tcRG1GFpPldQ9nEaTXEuCCAH6gPsRusBgPDHKvPQKjPb6DwoCapiDSmEmSQ1VYg4FB7IxsL0+1hd1tINsc5JObjLEP215agKUwb53FqLkM2RLct/kAqmWSxxqTkLiS60/s82ROHlQCUg7q+MnDaSO4ycmOir8JrbXE8hjqKxUTQv2fVRhNx5bWSpROX9seEps1+6CFN1EeKjsQZyKtOzLqSHF0m5z9R7cspnuPAhkQ+sUxJvZYViY1LT5W6w==
+map.			86400	IN	NSEC	market. NS DS RRSIG NSEC
+map.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x5td7+mRvNQTLNRQCSRS6GP4JJatIAJ27FBq4xV9RM3U+xnEv1qQeLhX+DyyaDHRYHFqUkmD0fSrOk8fPd0mP8MMB5TzkU1g2dlaSweLqqHVJFbRp7Km6YrfUgMtlpY2mbOi0zf4kZTixRc5kQZRkQFrpuFBkCKzqS2MeIzYhdkKpBP7vXxVGrfcmQaQ+QOU49Q40ZhJpvFiKYFOw4w+JBUtbYjkWchG5zsYAtNua0+POu6qlHo1ysgmn4z4a5REO7J5T8oQ5PjmVfqzBCi5ZS2gYv35NOAJJcL2eeZV6ikveX+WLkwBPZRmqxlUoTN85WwwrVkC3E62F6Bxq0Rsvg==
+market.			172800	IN	NS	v0n0.nic.market.
+market.			172800	IN	NS	v0n1.nic.market.
+market.			172800	IN	NS	v0n2.nic.market.
+market.			172800	IN	NS	v0n3.nic.market.
+market.			172800	IN	NS	v2n0.nic.market.
+market.			172800	IN	NS	v2n1.nic.market.
+market.			86400	IN	DS	40531 8 2 A42ED3B928B90E5B821578D204BA0D108138BE438EEA0F9CEB91436085264C80
+market.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sw0sCGAu1clfVEMtkUdhXBOCJv7cXfpHa7DyWWh5j5bPRtwcpeGvDebKZ3QNSqkm0rgvderhd3J0Kka9oPmcFX7/kCtlZI/Rr2usU/97DdNoWVxr6PUSdIn5QabI7o7rdw9BE2p8PjWA7qhhbYTim0HoLF2ATu+nKHxkpZ0WwqfwNAkObbcM51oTeUf4Ic3WNtPQzqPxlT0B3+fPrVYFhyZDUghx7DGWdyomFIfBVQFNXDuunjAUeUAiznjuM+kBaP/0r5xV88HFAH5UC93p6Zci3d4QGg7gigHkxcjk/w9q8/T7SbWRqnZVsbW1wKRlwsezS0qp3fRifi4hHPsxKw==
+market.			86400	IN	NSEC	marketing. NS DS RRSIG NSEC
+market.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ydw4x3WpUV3gKRj9xjIe+pDfMSECPkRgODubFnC9x/ohi1QYJ7NAzskiD+a3VamNhPvH5Iwk2wZeI2FUnh0+wEeaNnAKi1rQmYvXjeoJFR/VkyTCLk6iPDyfV2LSxjLHaS0mnF1idPvCYM3fcfD65ZB55HpQYr3rxQCgRkfY0hNC+8rp37dzzCdy7/DDUEkLe2EIx50H0iN0dIC1oxhFtJHVsh1/Ia61ipvtSingnz2bGzB0Of5ocQUAhK3YvbmxgsCWWhRMSSVEL/lzrw6QUROplL0ecZojv3zb1zX+LaJ2pAtKEHIYxDfkxIcMdxWseNIxio5lS5z+TIprvT3Jtw==
+v0n0.nic.market.	172800	IN	A	65.22.20.8
+v0n0.nic.market.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:8
+v0n1.nic.market.	172800	IN	A	65.22.21.8
+v0n1.nic.market.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:8
+v0n2.nic.market.	172800	IN	A	65.22.22.8
+v0n2.nic.market.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:8
+v0n3.nic.market.	172800	IN	A	161.232.10.8
+v0n3.nic.market.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:8
+v2n0.nic.market.	172800	IN	A	65.22.23.8
+v2n0.nic.market.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:8
+v2n1.nic.market.	172800	IN	A	161.232.11.8
+v2n1.nic.market.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:8
+marketing.		172800	IN	NS	v0n0.nic.marketing.
+marketing.		172800	IN	NS	v0n1.nic.marketing.
+marketing.		172800	IN	NS	v0n2.nic.marketing.
+marketing.		172800	IN	NS	v0n3.nic.marketing.
+marketing.		172800	IN	NS	v2n0.nic.marketing.
+marketing.		172800	IN	NS	v2n1.nic.marketing.
+marketing.		86400	IN	DS	22285 8 2 F2FD61F041544A7A8DD1BF440C72020D08581190D697F3944886AD1FF08588E1
+marketing.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fJkyl/CKF5asV+LVRvT/rDPVjqWM7juPdYIIk0q22Uh90TK4X1xZkTNzGBbEIRWSy9h9pq3Jie3hZrKqrhb+73PEQ1+e/mP071Nb3OhVuktQXsPbXuQ8uhMRv63852RsRGZv+6XBrtMgQ7QzriFuv7CDY6H2pj4dhKFw8MkqEJlprQKuR9SbSV1SOzkhiqDUqmYKyGKT0NRsOiByYxFmQhvXBwzq48pWap2pVqSiwSw7NqnVRkE+EM/0AUBsyaEKYPCPwb4Yzfx3F4CIRN+Q68KK0F2DyarmaTinhwcYFLURQnzECJFRcDdjIwKEAeQaRvKIqsPXF9DYrYq0XF2zpg==
+marketing.		86400	IN	NSEC	markets. NS DS RRSIG NSEC
+marketing.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qYpX3DmSyPKfi3ZmGMD9A6G46FXJR7AQiTskwkMR6xru2tt7X8i1AISFJH84A78/jDMpzAN0wN5WNDTUTjsJLX6vnDbeY5c1zBS5UBrG7ZDMWbQjduk/m1132gu7VOkEglGWkNg7Y5oFuUVMp7RwMIQA9Z4YzfEOp6Fg1n1xQ7ZhkTBigSUvlZX4WKsOiWlDfDj99pJr0zjKToFFINXfiUjcgQngFIKYp8pxSPuRAi4XBfHzi22oKvOBxet3EU0HH1PrSb6XxfWxbdtiiysE5Tfwr77KUeLGu+dC4GIvkbi07QNhy8lwKjVPhZYvhnXvR0QhuIaf65Cb6lheToigwA==
+v0n0.nic.marketing.	172800	IN	A	65.22.20.6
+v0n0.nic.marketing.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:6
+v0n1.nic.marketing.	172800	IN	A	65.22.21.6
+v0n1.nic.marketing.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:6
+v0n2.nic.marketing.	172800	IN	A	65.22.22.6
+v0n2.nic.marketing.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:6
+v0n3.nic.marketing.	172800	IN	A	161.232.10.6
+v0n3.nic.marketing.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:6
+v2n0.nic.marketing.	172800	IN	A	65.22.23.6
+v2n0.nic.marketing.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:6
+v2n1.nic.marketing.	172800	IN	A	161.232.11.6
+v2n1.nic.marketing.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:6
+markets.		172800	IN	NS	v0n0.nic.markets.
+markets.		172800	IN	NS	v0n1.nic.markets.
+markets.		172800	IN	NS	v0n2.nic.markets.
+markets.		172800	IN	NS	v0n3.nic.markets.
+markets.		172800	IN	NS	v2n0.nic.markets.
+markets.		172800	IN	NS	v2n1.nic.markets.
+markets.		86400	IN	DS	58144 8 2 2C079F760779074E6CE68307C28F88F7B75D9FD6CFD65BEC5C95C38D3EBFC614
+markets.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n0VxvRIMDnNMSRKI4dN/QXs0weXS2SwdEhBDB3NPU2X4K+KVaR+txAvVcuj0eLpVT8d0cRduGE1H6QYJFtl5ZfsrhXMsr/lQfDzXQ9YS9IyYMFy0HB7yKwZ3qhB81T/KmiaWL5jmGABW8LkdsQAzvvEGS/HoB5QZ04HDRspaZogtSRhYlP3f15BFv4k2PgKAsq5KkqZ0AeiOivpDIkk15tdsvn29z4tExgP38ebNlNxMaXsFd719+KKdvcoM6ooU/LpnOLeb+vPFbu0B6ZaaYceHtDoi4408DyDq1jGVILqtHivJEPzpzDtQ93g7zn+hDyG0zq8D9zqA6p0ZMRGJcQ==
+markets.		86400	IN	NSEC	marriott. NS DS RRSIG NSEC
+markets.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0ptlgU99F2ZrMQKOFAsrkXnP15HOgNQG4b5E6rfVJyLwxF/Zt6dLZ5AByBNxuj+kFoiwiHrn+j8L9mrJfDNtqAxvMYXD4lz8umpr7LUDXcLf7ld3V/BecdzoYyDEyZUeEeNmIvv54SC2r1va+9Eng7trFoE78Zr3kjtyFlVd+Y63r1gzsA3t87nHA89y9KxXcN2QCKDel2/mNh4cH6ltDyaItGlnwq7WawHZ1dLACYdoWB9PyF5yeqDp0jCNzv2f+JvrTZBvDJKtxLi2ricj5b1bVmkbJFAlhjGxJaYxM/+E2CYC6Xe+2uIR7/MTC/eMfmI5XHnzy95HfSgYupgvsw==
+v0n0.nic.markets.	172800	IN	A	65.22.32.65
+v0n0.nic.markets.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:65
+v0n1.nic.markets.	172800	IN	A	65.22.33.65
+v0n1.nic.markets.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:65
+v0n2.nic.markets.	172800	IN	A	65.22.34.65
+v0n2.nic.markets.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:65
+v0n3.nic.markets.	172800	IN	A	161.232.16.65
+v0n3.nic.markets.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:65
+v2n0.nic.markets.	172800	IN	A	65.22.35.65
+v2n0.nic.markets.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:65
+v2n1.nic.markets.	172800	IN	A	161.232.17.65
+v2n1.nic.markets.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:65
+marriott.		172800	IN	NS	a0.nic.marriott.
+marriott.		172800	IN	NS	a2.nic.marriott.
+marriott.		172800	IN	NS	b0.nic.marriott.
+marriott.		172800	IN	NS	c0.nic.marriott.
+marriott.		86400	IN	DS	24409 8 2 8684C74574A7D00D562DCD780C7DEB8554F2DE761BC6BF4F59197D8D9B0656A6
+marriott.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gbaVBp1i0fLET+nktk0E1lGxeArl+so3fMpW1O1dT6JF7zikql36x69MYzTmTaNpz0N6RhTFC2EeqH0GYBGcL0uGoOlJJnu7kXBENbCQbtXS18xzNRONmxaOw7BVkqXwAwMU6MF1+e+zgsQpRFmmBgZTIKL1I4q0CcAUGZKKRVRyWMmuOgHR9GesGndz8QrGyeb0HkAMcEoGTApgnJw8zuGNzTOs5v/xqgOFXFv+ee5AcrHmtf87Lt5cFJ6eZM1cuMiZ3G74w/BAbAd+qMhP8rBsrPP0EYi1gvimK8N6EHvf4Y/ZkHeihGLjEmieefk/oqpSrDPfvKEB3M77zVYunw==
+marriott.		86400	IN	NSEC	marshalls. NS DS RRSIG NSEC
+marriott.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . S/HqqpujSfCOiQNn5SOSbRuZGhdAHhlVU0DGT+Kf//5sRF5Itqd0VpjExbQUZas5oBlIpNtFhpBPpaDNmGuOTFLd4+ePcIfsWsZXQHOGNzYEccq7q1UOx44UGYKKCCCki1bhyj7XpsCI7/c75Nk32jgeMNjXQh/PAl5vW9ZqfvvDREbhoE06WMgg5g1Zfhhnp14PyiUiaHt9zq7Bk8aKvWtIuCohPdXe/sn1XkFal+TVqgVlYPTRQdwTcKEKy+KWHNZEe+eiSB6KgLgmFOr2SUXitVYuuOVLpH+emr7z2oUdTikw63jBFUPra2ttSuM2YgVNLaV/HP8slZboVq76gg==
+a0.nic.marriott.	172800	IN	A	65.22.236.9
+a0.nic.marriott.	172800	IN	AAAA	2a01:8840:e6:0:0:0:0:9
+a2.nic.marriott.	172800	IN	A	65.22.239.9
+a2.nic.marriott.	172800	IN	AAAA	2a01:8840:e9:0:0:0:0:9
+b0.nic.marriott.	172800	IN	A	65.22.237.9
+b0.nic.marriott.	172800	IN	AAAA	2a01:8840:e7:0:0:0:0:9
+c0.nic.marriott.	172800	IN	A	65.22.238.9
+c0.nic.marriott.	172800	IN	AAAA	2a01:8840:e8:0:0:0:0:9
+marshalls.		172800	IN	NS	a.nic.marshalls.
+marshalls.		172800	IN	NS	b.nic.marshalls.
+marshalls.		172800	IN	NS	c.nic.marshalls.
+marshalls.		172800	IN	NS	ns1.dns.nic.marshalls.
+marshalls.		172800	IN	NS	ns2.dns.nic.marshalls.
+marshalls.		172800	IN	NS	ns3.dns.nic.marshalls.
+marshalls.		86400	IN	DS	33055 8 2 5202EA0F1ADF8FA9A0FDB1EBD7B3DA0AD6274731623EB7E6ED2012F47678E413
+marshalls.		86400	IN	DS	53986 8 2 C616816A6077BD3E6E38BC929C17E557DEDE9DB0E541CDF3A196D699EAAE729A
+marshalls.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NMye/F5xUVWD0p5YxeFrHPxL5KBETz0Pr7DM9Q0EekYDizi7KjurY+/teZIkmHQuOgmZglSXujC5t9+wXjusK4eSP5Wb3PfoooiuRjVRoN6q3Rl177EP+Ypc3zIsALtvDx7RQno/YD2pTLKyMvtJdQnAjVLw7As4Ch/tmJbqHiRpSZmIJaT+Z8F38BlhSeYGnYHjTiYN+xcf/wZj2x40m2j0/JcqxTrgK89ifK8LwR/MaqXujGQpsmztetcOBQXjBxahUs4N6j8oYeJ7g/VzWxYsK4e4YVTFsX4gD/MUUlPiwmxoFvV0KfGRAKignD/usnWB0O3P9vwvnl6DUZScUQ==
+marshalls.		86400	IN	NSEC	mattel. NS DS RRSIG NSEC
+marshalls.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BR27LQdc9su+iygwoDXCxQ8yZxVSRWvliCDS2Zyet16IEW5ss+zyGF5gwjW/5w8Ni4a8qZdhDcxpTD6GIDdarS3Z/GF63eNdQHPU68hAIniFffXW6uHABT61Vv28k6Xj10gDsCbL95gldEdnpN7krm4LCtBu6lqJjunSnwLf3JDb7yHcBDhgb6d0LgEzL+HiM5UAfLQHX4HE+EVtylNcEUo8YfpAvhHG1wOlVAVSENFwIYmYUsbGEQIXDNrtRAQVPhEqoGpJLD1OMHOAf/OMl0nYMpevy0zOupIdErYsPwbCdnFI88RxWkWDR5SAZfmuSKbgpaA3QIxDbz4eAByLjQ==
+a.nic.marshalls.	172800	IN	A	37.209.192.9
+a.nic.marshalls.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.marshalls.	172800	IN	A	37.209.194.9
+b.nic.marshalls.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.marshalls.	172800	IN	A	37.209.196.9
+c.nic.marshalls.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.marshalls.	172800	IN	A	156.154.144.108
+ns1.dns.nic.marshalls.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:6c
+ns2.dns.nic.marshalls.	172800	IN	A	156.154.145.108
+ns2.dns.nic.marshalls.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:6c
+ns3.dns.nic.marshalls.	172800	IN	A	156.154.159.108
+ns3.dns.nic.marshalls.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:6c
+mattel.			172800	IN	NS	a.nic.mattel.
+mattel.			172800	IN	NS	b.nic.mattel.
+mattel.			172800	IN	NS	c.nic.mattel.
+mattel.			172800	IN	NS	ns1.dns.nic.mattel.
+mattel.			172800	IN	NS	ns2.dns.nic.mattel.
+mattel.			172800	IN	NS	ns3.dns.nic.mattel.
+mattel.			86400	IN	DS	59044 8 2 66F510D9469E77AE174BEA4F42E1215AFD837C2A27C9F0095BBBC3A3E2BA4CA4
+mattel.			86400	IN	DS	64621 8 2 340D9CBB6A30CC146D7CDA72F89D3AE7B4F634ECA0FCF53D84586D13BE35FC14
+mattel.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1W/QLQjYs+nDHPRPiH5JM8mjzaHIZOiCF1mll0k+V7d28x6jyjxSNOd5OAIdmmY2CpIvMDTchmxQrluxJMFdgUvP53bzXsTSRcWLmUR4qxH+Iabno18qE6qaxrfJVeSg+CWKV0r+x+8gn3zRw0TUMPmXYwBmIVJeuvhpyTZBqBkMRP+swmYeLeAZffokRTy0K6/I7Yof+9G6LD1BrLhzVMN1Ft1qgl1RBR3Wd4qRF73RAklKcpwNUeeBd8yCXEPH/KEZ9JfJJ5AGKF/wO4i6H2A9PIZgocbPhBEcNpkDJktP6kOz9PefwVibmO0mbAZPx9hnC68IFfZi4XGmg24Uug==
+mattel.			86400	IN	NSEC	mba. NS DS RRSIG NSEC
+mattel.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Pd4sttcXS5w4NvpoMOOXczuJEcE+Vcaee75QGPYQBzbTPqvdHALeNSjlsQDzRUAm4yEPAHpN8gZt6VvOKTD/DDKtwYyMxMUYYxmrx2bbeiWz/qqh0aLH4lPIsY95oqjAQ3uOQPDXR2JQ0987bOv/IYoIBkbw7oDtDMUe+KT2P/zn6/BXmFNyPIFzRqwl294GmjKWc07Zpkj+eqw5KPhAgB3PuvJybPjDnNaJQ6nc7B7WLSHAeSe0/ykeUrTpzhs8bv0GuGqcHR/S2qZXuXZr7PAE2skdbnHnxYXQdgP49bl9k4GQHTrdtkQtpOSjVr91StPHPMoIw/zTFxI00HD2cw==
+a.nic.mattel.		172800	IN	A	37.209.192.9
+a.nic.mattel.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.mattel.		172800	IN	A	37.209.194.9
+b.nic.mattel.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.mattel.		172800	IN	A	37.209.196.9
+c.nic.mattel.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.mattel.	172800	IN	A	156.154.144.109
+ns1.dns.nic.mattel.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:6d
+ns2.dns.nic.mattel.	172800	IN	A	156.154.145.109
+ns2.dns.nic.mattel.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:6d
+ns3.dns.nic.mattel.	172800	IN	A	156.154.159.109
+ns3.dns.nic.mattel.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:6d
+mba.			172800	IN	NS	v0n0.nic.mba.
+mba.			172800	IN	NS	v0n1.nic.mba.
+mba.			172800	IN	NS	v0n2.nic.mba.
+mba.			172800	IN	NS	v0n3.nic.mba.
+mba.			172800	IN	NS	v2n0.nic.mba.
+mba.			172800	IN	NS	v2n1.nic.mba.
+mba.			86400	IN	DS	65197 8 2 4076FF89017430719753DF3C4C878F0114B1A6C14F79A9B8D7494F6F825AFDEC
+mba.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z/+hazQuhhkheRdfTx8XkYe+Ih0hfk58Nx+3WBzv6BCBGKTF7jGBXV/s3bYHk3FTz7iBW8lJjpu3VsNPKODyRytCXrBCtHskU5co+Xnhy1Nx0qD0Qx6JyRKCZwjCtnc0YyF9AqXxy6R0AM9B2BQO+xzPWUDJ8SVxss4dhH++xc7878AWEITULR5woHWeUO/JXnbiMJsIC4vyrWFZYkzirFFEO7JRoRGLLZGRskJ4VPFfVZdZROFvq5Hi4ujNrYVu0HICLfInkx+Gpc+I4NhILOsYyjWq3H5mWcwYwBz/fJEF461b/twkI8wVbvp3ors9jFV9Ac3unIDBpqQia7cD8A==
+mba.			86400	IN	NSEC	mc. NS DS RRSIG NSEC
+mba.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ODX/SKM8FYzQLEqxLJ18KvMG5rzjEHgIVt1ugws3Ph2TPB6gP5+ep4a6M79g4wiDGFeHH3ony6wTtnuyMEDeyyxKleaiIFcpxqDEaJOliilaQqgLyian3C5PJ/Hdt84IheB6HmoqZfT2zlWWS5/+h05Y1z+KeHYWtMgkzqd2fsikyKmt6r4tZ4hqdMz27nhWf+DsdElTINUGx+wgwbmX9geny6m/YunMr3Iyde0hkjxkKofveLWXJTUk3RSeHi/QeilWSkQA2iotovysDbFm2yefqUIUWxfCWxbiF21VHR/LYA9n6e0v17blAXKSID5na7aUpeYACKQXg3Fuw0jSdg==
+v0n0.nic.mba.		172800	IN	A	65.22.24.59
+v0n0.nic.mba.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:59
+v0n1.nic.mba.		172800	IN	A	65.22.25.59
+v0n1.nic.mba.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:59
+v0n2.nic.mba.		172800	IN	A	65.22.26.59
+v0n2.nic.mba.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:59
+v0n3.nic.mba.		172800	IN	A	161.232.12.59
+v0n3.nic.mba.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:59
+v2n0.nic.mba.		172800	IN	A	65.22.27.59
+v2n0.nic.mba.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:59
+v2n1.nic.mba.		172800	IN	A	161.232.13.59
+v2n1.nic.mba.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:59
+mc.			172800	IN	NS	mc.cctld.authdns.ripe.net.
+mc.			172800	IN	NS	ns1.nic.mc.
+mc.			172800	IN	NS	ns2.nic.mc.
+mc.			172800	IN	NS	ns3.nic.mc.
+mc.			86400	IN	DS	20677 8 2 81E94624EA1EDD7AC7A412F0E5311B7D4D9500FFDB005E98B2FC610239331A9B
+mc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iNwHvYv+iSZ8X0Df5QPcUvC2TdtM1ldEwhMTs75sm3gb/DD98GFY1uu4cHcAaZcchlbq12OKT0BXcGqZqG0fhs9oH0QiBsiWo2PvMbtXhB5z4IITqgVlQkzOTp9Plexbye7ptQ8Pedumr4lyLDRnWUQ1rKOICsBFNIeLFbKFFnMPw+VkPtJMz/ZS+ZeAFWQdgbzts669Nr5Ta80KT0amRBgHPJI2m9VSo8WJ2rgnHlfofRo03mPUaJt8dDrlRGFGth5vYT2hJSSB/ipZ3Z8qF1PYqL42VjOijJiVyRtPq/FFnhht9QYrHOCovQ10BMG4liHAa2k7yaBCdi2zhwqBtA==
+mc.			86400	IN	NSEC	mckinsey. NS DS RRSIG NSEC
+mc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nEtrBfZ7P2HauG8Hstvb2djBLbXXR/ScH2GvbxLW+fB7aCfd2liU24BuBOvVF5lt42cO2u8o4qnU2UeyI9bg1F4psJUeSjKSTclwi9jgF6fF7omxp5CgbnvTITsog/cOsgpan4MlHSiPfCtB+WxNMLIWawWNP3V6/OmUfty34XqYWq/id4e60zPxKrWs4iqJhBYwOgldUT2tDADoGYQNPF+nT2IZLF0eWehaisI4ZPhbJp68tQl+DcwCCZBsCyfz5S0AQ+wbPkYZu2gtXhn5yThoOfza3OseTpGsUPZ6O/XPQ/A2MiCeBvrXRCjDS7EqgdNFJ2S/wf9oOYYB5V9Nxw==
+ns1.nic.mc.		172800	IN	A	185.243.3.205
+ns2.nic.mc.		172800	IN	A	13.36.89.111
+ns3.nic.mc.		172800	IN	A	15.237.153.29
+mckinsey.		172800	IN	NS	a0.nic.mckinsey.
+mckinsey.		172800	IN	NS	a2.nic.mckinsey.
+mckinsey.		172800	IN	NS	b0.nic.mckinsey.
+mckinsey.		172800	IN	NS	c0.nic.mckinsey.
+mckinsey.		86400	IN	DS	27100 8 2 B9D92B7DBF31D3BD3AA6752BD38C50F6B637509E22C438A34677C843B9AFD238
+mckinsey.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oCtRSzLfNwG0rKj8UDCruyUxSB91E8mVswpjmDali6SDMGv/MEM+Lsa3qt566wIZruw+XZ4GZlgu6LVTix30LUafoQxbjbGzyw6LOyWOc2ub0t0UV4HZo5cneZcrvddbqoJEwBL9tQ2qVKWaCrQS2LGXtqzV9yBFeAlHaPPtbVEiLmgIi3DXVrAtJdd7dmtB1IpymIjmfarrsyMe8kQ1QG4IHlEf4MwqF4JmPAUni4+kiidqJMhJjWodDqkCFjRlrJ87IhYFDj4GWjY5ODhgSvFEzEtAjd7bXrj+PNkjkfS/OY8fsYlwTwCCFYFik+Zb97UlnCIiO4a0lFfvttVs2w==
+mckinsey.		86400	IN	NSEC	md. NS DS RRSIG NSEC
+mckinsey.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xQaZLPCJbRsxCsk673j6BIZqk0M9lu7eDNMobzwmCrcET2pxBpEvV9+OhLVRPYnpynCPqOlVXSnJj42TpB4DdTgUyfdS1sdMq9zIknQdr712sbppFQfwGSBTcCIOP5XxVoSNmDAKbAYc4VZVhL+j2T0t5J0YIczizTAOBXriMSoV1d+xfbg7c5FY6zT8ub0vw4CA22aDZLZrKU/a7J71Y0NzS6v5aX5qHYcqbv2BlQIVO9kJp48fdQ9wwXZmHgs0imzVZ13z3N8xUnk7cNMhp++t0hxDNUK9jEn2yUPBDqd6y3BsSdLyV5T+lggjkBiE6JbrW35s/yweLVXEVQy7gg==
+a0.nic.mckinsey.	172800	IN	A	65.22.236.25
+a0.nic.mckinsey.	172800	IN	AAAA	2a01:8840:e6:0:0:0:0:25
+a2.nic.mckinsey.	172800	IN	A	65.22.239.25
+a2.nic.mckinsey.	172800	IN	AAAA	2a01:8840:e9:0:0:0:0:25
+b0.nic.mckinsey.	172800	IN	A	65.22.237.25
+b0.nic.mckinsey.	172800	IN	AAAA	2a01:8840:e7:0:0:0:0:25
+c0.nic.mckinsey.	172800	IN	A	65.22.238.25
+c0.nic.mckinsey.	172800	IN	AAAA	2a01:8840:e8:0:0:0:0:25
+md.			172800	IN	NS	nsa.tld.md.
+md.			172800	IN	NS	nsb.tld.md.
+md.			172800	IN	NS	nsc.dns.md.
+md.			172800	IN	NS	nsf.dns.md.
+md.			172800	IN	NS	nsr.dns.md.
+md.			86400	IN	DS	127 14 2 CA674F4A54BE4629950ECDFD492B82C5DFC833006924D5F06F40749A543DD1D4
+md.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gtf8lCOuk8j/CrBz+zqma279ykiBDTi3nv1hZbZ4FQt6ZWJ5+2ZD1qMIyeRwORleM+Rqm3MSgfSiJg5opEaLfH2k2uUM9yBxEutgznD+h2ebKAq2u/jcdT4ybe1YsioQ1E8dYy9MuuVlCLnhaIz6ec0vldQyH0Qs4qM5vsW+U5CW1J1V0yyM/pfskkLNYJvoF0XKJi/cUu9MegJ2mWrxcuQKoTJ4HZcYyIixowZpATcw/4xp3qoxSJ4woKUzQ4/MwQEK0NCN4ow99/h1QhR/lBDU6MdlQ/oARu5iDPxOOtsAt0O6P+OUoYFKQYskwHYEaRb9wpDyNEDBfVO1C7kjpA==
+md.			86400	IN	NSEC	me. NS DS RRSIG NSEC
+md.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oj2BGuCKEZ15B8jIikcQodvh7VRpvbNOmX4GOTKR7LJMYy4mTI1sVakXU/FFjniFlOB4x2U6/AA7gstioaV89UWIog43WBatBE1W10DlKsWl+HA/olKieKtrfOW5w+mUYD+QWx7QZ3Yfmibbyn5VydUkCFhC75mCkJFmfZiYxMvlE6O1Nq9vGZvbRW2cfmacs+GGE2NNkHz+9qonnvlcWCaDWgLSjdz+eCAYFjb2kl7UkKtBgniyfzs7HdbHnYgOVxZ3JP6UV6oGlOcLSOKu9vYibd+TJ02V0wJ71JDPcdyUTi3pGUiY6pj+rp9lKrf7KVGIfW5XmeyoRbbtTOb6TQ==
+nsc.dns.md.		172800	IN	A	144.217.93.2
+nsc.dns.md.		172800	IN	AAAA	2607:5300:201:3100:0:0:0:2f69
+nsf.dns.md.		172800	IN	A	92.222.76.179
+nsf.dns.md.		172800	IN	AAAA	2001:41d0:401:3100:0:0:0:7162
+nsr.dns.md.		172800	IN	A	89.32.236.165
+nsr.dns.md.		172800	IN	AAAA	2a00:c5a0:0:aaaa:89:32:236:165
+nsa.tld.md.		172800	IN	A	185.108.181.191
+nsb.tld.md.		172800	IN	A	185.108.181.192
+me.			172800	IN	NS	a0.nic.me.
+me.			172800	IN	NS	a2.nic.me.
+me.			172800	IN	NS	b0.nic.me.
+me.			172800	IN	NS	b2.nic.me.
+me.			172800	IN	NS	c0.nic.me.
+me.			86400	IN	DS	45352 8 2 7708C8A6D5D72B63214BBFF50CB54553F7E07A1FA5E9074BD8D63C43102D8559
+me.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . enzINiTu4hr1MmA3BD0XrYx0HZm/uI/9IpsTQZhKL/v1lWV6grysUT7fE6Bl6k39vdHTBwEvlx11HM6dLzPHZ9kFifkm7j6/fQOiiWJ48LJYM4QJQPPsqSvAtwtA5gKJ0/ySuJcB6y4DK3H5JCUseHwnX+t27s9RPiq46K7tL786Qylr7b8HXNmJdnyx/vuDRJLGJ3tbpQ/RbqIDeiFcgSzsMHlazqux4qNnVx/fKpcZrHwaGB4SwEbDc7RJYHlFJ34S40bd1w566lfRnnWvTV4bA11OIZCa0zTDPnRWS5i4cFJD6fzNUgDovA+SlIhHIQfGDghyoCrHcs5f756Vpw==
+me.			86400	IN	NSEC	med. NS DS RRSIG NSEC
+me.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y830A8SRFPP/lAgnZY+B7QJsTMAOg67mizF5rhkPeTfu/oN2Sm3uj9eO5XSFXwEYvzFlu8olfz18NJsn/oykqdQwIXQv4QuZo7xgy0MAoPbxXz403ooRoXblt9LgEkFL1rnYdMgyWdP8heEeXLJTHb/eC2VNRcz0OkzYBPttY/O8B9nZNokgjRBWxzBoQWoUKJAqXmsFGQEyNMNhJxwiWj270x+WSnHuXtbPhTPJRAu35eIQE6/kBCXNTvWA/2oVQrcEC2kntm2QaJ+Ug1HE6pwrLp4kwmYaPyEot4/8YV3R4GPtwE4m7W3+5aNzeo4oqXB461zbzxyGiEkqepTdFQ==
+a0.nic.me.		172800	IN	A	199.253.59.1
+a0.nic.me.		172800	IN	AAAA	2001:500:53:0:0:0:0:1
+a2.nic.me.		172800	IN	A	199.249.119.1
+a2.nic.me.		172800	IN	AAAA	2001:500:47:0:0:0:0:1
+b0.nic.me.		172800	IN	A	199.253.60.1
+b0.nic.me.		172800	IN	AAAA	2001:500:54:0:0:0:0:1
+b2.nic.me.		172800	IN	A	199.249.127.1
+b2.nic.me.		172800	IN	AAAA	2001:500:4f:0:0:0:0:1
+c0.nic.me.		172800	IN	A	199.253.61.1
+c0.nic.me.		172800	IN	AAAA	2001:500:55:0:0:0:0:1
+med.			172800	IN	NS	dns1.nic.med.
+med.			172800	IN	NS	dns2.nic.med.
+med.			172800	IN	NS	dns3.nic.med.
+med.			172800	IN	NS	dns4.nic.med.
+med.			172800	IN	NS	dnsa.nic.med.
+med.			172800	IN	NS	dnsb.nic.med.
+med.			172800	IN	NS	dnsc.nic.med.
+med.			172800	IN	NS	dnsd.nic.med.
+med.			86400	IN	DS	36455 8 2 4B9CBEC710C3FB2EDDC07AE31E75FA59855FB5ABCB9CE68A61CB7E490B5831C4
+med.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . R3BGliDNvW7xMLDJmZTkWlZxCyxAnIg4vvJfqlNqm1HvEvEISPCM2xfzN4A7gBZ07DlD15yhfBi/g/E3AwHGIQmLpMHfBzp/wR61AsGRsVIuP9Zs2+dm7yzmod2oWYmpTEzt1f4pZyb6PcnVuLI+Pr737Kf7654Ls+RIaxXYke+FdmsSwEUJLfSIwRjYpwKNWl51No/EKHk+gq5n5ioJugTL2f5FlKv6hPeX6wQ5hfswqWpHly2CYmC5lyrpuQUdWx/5nf9j8iu4PiFp8F0ZMZyg09TLQPwME5NTtmfVnOHx1jf72qfZBA8eual6wCrl+lh68LtaCI6M6uUtIr44BA==
+med.			86400	IN	NSEC	media. NS DS RRSIG NSEC
+med.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VuqsEkjjjYmUt/AHhwLyl80MR/tRrYQhFf0lz5v98pHyYU6Z/yKy4bSZ0g5gDuLVutpP+J0+frNZskDDr9TQOqQSFyWsH6WSYPd1c/iCZEOystN0KHtXdPj7RHQqiXCDE9eLNc0U2X6J+KaOOVtlJMMpanQPvrH4s8RM8kYb3znxBpevQfX18UmGIeDGLeVD3O/XfgZzFHPbaG3NROk+1CNYBqvXICfaoiCqk6o7youTSIzCczI6o54vjjgg5inMCretVhLgU5Jrmd8/U1XkpcRuYswiQr6phh6rfR/Zf2sbnryAHkwVdx1NEyF++DquE1kSR9o3AD/F7pasEXFfUQ==
+dns1.nic.med.		172800	IN	A	213.248.219.124
+dns1.nic.med.		172800	IN	AAAA	2a01:618:403:0:0:0:0:124
+dns2.nic.med.		172800	IN	A	103.49.83.124
+dns2.nic.med.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:124
+dns3.nic.med.		172800	IN	A	213.248.223.124
+dns3.nic.med.		172800	IN	AAAA	2a01:618:407:0:0:0:0:124
+dns4.nic.med.		172800	IN	A	43.230.51.124
+dns4.nic.med.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:124
+dnsa.nic.med.		172800	IN	A	156.154.100.3
+dnsa.nic.med.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.med.		172800	IN	A	156.154.101.3
+dnsb.nic.med.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.med.		172800	IN	A	156.154.102.3
+dnsc.nic.med.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.med.		172800	IN	A	156.154.103.3
+dnsd.nic.med.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+media.			172800	IN	NS	v0n0.nic.media.
+media.			172800	IN	NS	v0n1.nic.media.
+media.			172800	IN	NS	v0n2.nic.media.
+media.			172800	IN	NS	v0n3.nic.media.
+media.			172800	IN	NS	v2n0.nic.media.
+media.			172800	IN	NS	v2n1.nic.media.
+media.			86400	IN	DS	54649 8 2 D73AD588629EAAC32749998639D85E8B383069CD7B85E4A5EDD131156EB15B97
+media.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xGcQXjR/CXTEaHEY6aeITPszYttuHpS04GMpbb/rZv/Ie5uqdpchDA8gWsszDFjEeD6HnPupqe4KApIq0QmrnebkUPK8V10725lqQ/+hmfvvx5tqE2NWTw0N/ZByhhynOCmtRX3Iqw2T63LJz4A6tOBOpqFbA8GMaJ+42wQ0ssYBUkQJzlhHN+IGg4/rgMBt7oIHeo8nBHDxUBmyYV+2DzhCF252dcKRGMsqc7Ti0ODr33jefL+NKDhmmAWvcVCTdCnEC93XnUIxH3j1KG134N5OTxhxxiNNzoDj6ZaB/1ZOjtCZCif0q1PGzqokGOaePKThUQDc356lCQ3rZiOEfQ==
+media.			86400	IN	NSEC	meet. NS DS RRSIG NSEC
+media.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jh4e4SPDcvSj1xhuTpINNv5XE/4gGg7/gn1CdPH6As3CD7lYP/4nkn6y+5kLokUU/Fuv1O2/1vRxXMIiXwHsCuypAuCjsVBuOs8uNRLCuM+zJDiDTDpzTQicrv4KCbftutXLM6O3MudeRbCatJvlIouGPRmacrgyZf4FLkbtEVSTzqq6NeENQPQwf71Q0FGLGvsDL4i3xc5PZPbKxWnB788pNSHmNRgLZ+HMGjSVcqtNSXOB03/wFKmO9mGN9V2QmAIaJ9E0HJIkbrOqfJNzHj03rdnKNt1kzyUD9doHKx7Mu4HqX6LyfPsfqMTEuuAGCUjCQ6shdTqlVi0mugQWDA==
+v0n0.nic.media.		172800	IN	A	65.22.20.3
+v0n0.nic.media.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:3
+v0n1.nic.media.		172800	IN	A	65.22.21.3
+v0n1.nic.media.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:3
+v0n2.nic.media.		172800	IN	A	65.22.22.3
+v0n2.nic.media.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:3
+v0n3.nic.media.		172800	IN	A	161.232.10.3
+v0n3.nic.media.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:3
+v2n0.nic.media.		172800	IN	A	65.22.23.3
+v2n0.nic.media.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:3
+v2n1.nic.media.		172800	IN	A	161.232.11.3
+v2n1.nic.media.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:3
+meet.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+meet.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+meet.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+meet.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+meet.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+meet.			86400	IN	DS	56669 8 2 92E856A377729B77CCFA92121FDFB3DC6E82C9ADABFEF4876765E4027D2D7AFB
+meet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DcfpODntW9lFhgsAD5/kZIDl6BUoIb4trx/MdycYKoqnmwHs4UOGPquP1TUZi5ITtb409fkJ3+15CGNj72sxnkxqIHfCgLiRT/KMBBOK/7qZK7s/EHVbVwjavdCOGeA53ZPRgExdRoQzTcXZ7YtQIy0PFvdRKjs+Yg2ban6k2IBCOfGTvZhDs2peAURy84ZQlDyr4GYmsu7qBQEYp1zsjM7FQT2Ue27tQtFUCe6CvtKtVlbmxCQ5R/hjtCfsHOPhImd+NcA6l5A/WL840UwQakUfMLKx+bIFsQiicYC8UTXMU8zMsCBYs2YGARMXSILF3VShhOhYn9iPkTzO1twBiQ==
+meet.			86400	IN	NSEC	melbourne. NS DS RRSIG NSEC
+meet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gO1jkXxrTNQac6nJWrcfblbO7/wvYlqB6u2JWFpPnU/FfvBvcoOxkmknzCpM5VteclLmqXgdzKOTEK+iDdP/FQw3DFFyHv4k1MX+z9TpNRDWvGzKjNIKbxzHXOs96scRqjjpBHY2kINuFaEcp45fl0gFks4a2R/B2DOMD6Mkx4xs7+jskqMwpkeqmzUec7qeCmE9jJPdED1ELNHBvDksoAMX4Ao0Z8R4azmlzkgmPzz2z0IG1qsnEy6hTUmkhA7JMqBFbCPGHOaX19l7ufuciJ4BBcn/vTM84bWx/pyXj/O1SykoKvx1nkTkkXrIDOq6S35rEtq1u4cETKlNIRhu/Q==
+melbourne.		172800	IN	NS	a.nic.melbourne.
+melbourne.		172800	IN	NS	b.nic.melbourne.
+melbourne.		172800	IN	NS	c.nic.melbourne.
+melbourne.		172800	IN	NS	x.nic.melbourne.
+melbourne.		172800	IN	NS	y.nic.melbourne.
+melbourne.		172800	IN	NS	z.nic.melbourne.
+melbourne.		86400	IN	DS	3487 8 2 A1B0B1CA0F068E57760B7A4183DE3620EB0BE059006F36D07FED827424F89589
+melbourne.		86400	IN	DS	17374 8 2 6D9AAF608C610BEA2A8CE99B8870E02E7EC8CD2A8C1A76D363CD813A682F5513
+melbourne.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZIMkk27I8UrtPXYw9aqv0tCjoTrJoRRQeRJkr+WH0F7pTB9s1gmW9Wqto7n5aigszECDEm3Y/GfUBQP7nWFf4uqmES0hskFbvEZn3LTDieFoY0UArLjQQHpfGaoALbr6TCguwao/gKa7y6PSZia1mVzG/tNI/L8N2ERHZxdo6qC8pfbiQbN2nDxY6ySA214VAAb3RxubvP0s+d4esb5rS5Oem/6gaICP7fAYv6Njn8y1nDJeglyePebZUhM8pW1rzc5FaMr0scBuKQ0FsIBokEZv7AwjGUi4Dyq7T0mCbF4IHffetkQikZAb1fBns2xsxk+v0vOgvx3dWsVi7LC6fA==
+melbourne.		86400	IN	NSEC	meme. NS DS RRSIG NSEC
+melbourne.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jqkYO1lYf2dmX63aB5QC5xJhe90xO1ukn/2TsjMMEQocXff9KCkfTlZeUppKBvOmVI1GIifOaDbgtg+3cnKb8n02/2a+EGP+eDYFgf7lowS8yRfuooZ6fanH5/hZj40A7lyq95who4VNd3o0hG5nLNJtagNJ5wQa3nB1FxEZEefYibA6Y18gQV3XYMHkAgcMz/t2du5VNlH+XMJLEjjHR+L1FIp5o90CzIVl0r32yTjRRO1OhcqeKcMz/pAOrXJDIZJBAXjQhwwqP6RDg6AS4L22ovfqFFfkshy9tPpRfU8qTZHca35WZcHznXY+F8xtslmkWcb+iiGiF8fzlD+jAQ==
+a.nic.melbourne.	172800	IN	A	37.209.192.10
+a.nic.melbourne.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.melbourne.	172800	IN	A	37.209.194.10
+b.nic.melbourne.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.melbourne.	172800	IN	A	37.209.196.10
+c.nic.melbourne.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.melbourne.	172800	IN	A	156.154.172.82
+x.nic.melbourne.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.melbourne.	172800	IN	A	156.154.173.82
+y.nic.melbourne.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.melbourne.	172800	IN	A	156.154.174.82
+z.nic.melbourne.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+meme.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+meme.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+meme.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+meme.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+meme.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+meme.			86400	IN	DS	12857 8 2 58B9E8925215859C971BD949C9DBD299900C9D017211FB30282A3BE9D8E7ABF8
+meme.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WCo/GDgWeWdnxXeGIfZinUfOwOclJgSiZQ1yarCWyTnXGiUxOcmumUeXqgVrCBVdWGKxhOOLkivXA7lk3ycqgNo5sz62U2lzCGWvHFLIky7dvtnsea2ZKfY5vucP+lOs8U8txyP1zclFOnTXKy82hywgJyE5Dv7yIL0iexMIUJT2nGDDFkQty81JnjTbErLFKSO08i7ivQQyaHXSm2jowhed5BbyAFct1QH+O/hykQPiVoElEMVGGLuwajRmYFvW04FEAuBT40az/DlLEtgY1s3/guTUJkF1FnUp/paarBh5Ux7lU288Cvw0vImm9Ihpss7+RQ3cFHwIAXqSMxugmw==
+meme.			86400	IN	NSEC	memorial. NS DS RRSIG NSEC
+meme.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . krUlSsKYL5Fx35Lgus9V56KR4SBbcQjYZmGsQdyl8PJw/fcRXWhQeDZYZ9pzBTVr8LceTqkmB5KnnFiWooi0ZUmzvNlNLp94+bejAMwoIPTowxBYPI513qPfBzaQN9fuzpBZAqlO2aoA92qpL8rKrT2INpKd7ea0B6QNWqxGstnKGXt5D+L5aNe/4KEhuf79D2CRMHrvNtKdMWBwRr76Ur9moQ5rpFPB/j95fB+xMnBkhq0Zcmc66x5skslVW2VyymaTfaXJ1N2FLPnPpIznsXSsF3h2Qwp+Zn798i094/98UQA/sUOAOSVvj6RNbia/Z9WuCxe7JRfiNaAzlTbR8g==
+memorial.		172800	IN	NS	v0n0.nic.memorial.
+memorial.		172800	IN	NS	v0n1.nic.memorial.
+memorial.		172800	IN	NS	v0n2.nic.memorial.
+memorial.		172800	IN	NS	v0n3.nic.memorial.
+memorial.		172800	IN	NS	v2n0.nic.memorial.
+memorial.		172800	IN	NS	v2n1.nic.memorial.
+memorial.		86400	IN	DS	17102 8 2 125500A7DFBEA41E4B90C1B086DB21277340DF1FBACE51AC8E9AAA0C773D1D23
+memorial.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JHp5Eh5HwMrgOcve/ow2ozSPPgnGup+OSptnPcFYa5NPmx9iigf8WC5cfHkrJCNupf5zXkSKSX+fE5Aj4al2DjiJMeYXkPdeWzM9QMHcjklvOfuRAIs22O2pZuwx3RlibFCrQICzovnBABoMVQ0EOi8Kt2xwLAz+4/nL0xL67+jWtvXSupV/NmV2O+zYPMtGUDthmSkc/p2P8PSGTCeiH/Zz5t2H6XyoNj+1iWYUipjGZOYqmvtequt4gH44CU5WKP5oPPIU039jR8eu6xl+2QTaLHZ3QI592+yyBQIXe1XWkuVU765GWrCCUdE/e3pqwFfViSp2OqDvLLrVLRaNtQ==
+memorial.		86400	IN	NSEC	men. NS DS RRSIG NSEC
+memorial.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QcdTZUTvfgd+91V7pdZ/9QvuyOQ5/qr/jpPUNARVY70888VRNCs1QLIDmzHVuTxPn0u3EoC1ES1BkiEHt367ANaPsUrnLNIHRF1dQm/sETi/W2jsbzewDJg00bGYPfi0Md19lU+ZUEUN6PxYQNSmsFAnZb5lZbBh5JcCNbuuFQQXSouUmyIjHJoi39OMK7VyEPFW0NBU469hR5lRDYzKClLb1RApU3LZZ163ZDc49s88m7pcwKyvEZT9Ug6vNcAuqV0ZWMapI5IKZUH+uXro7j3A2f4cpOnO0bGUufyJWyx1PQEX83sCf1ga5aHpb3UM8pmo3cD//UJV98eNFTqhLg==
+v0n0.nic.memorial.	172800	IN	A	65.22.32.64
+v0n0.nic.memorial.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:64
+v0n1.nic.memorial.	172800	IN	A	65.22.33.64
+v0n1.nic.memorial.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:64
+v0n2.nic.memorial.	172800	IN	A	65.22.34.64
+v0n2.nic.memorial.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:64
+v0n3.nic.memorial.	172800	IN	A	161.232.16.64
+v0n3.nic.memorial.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:64
+v2n0.nic.memorial.	172800	IN	A	65.22.35.64
+v2n0.nic.memorial.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:64
+v2n1.nic.memorial.	172800	IN	A	161.232.17.64
+v2n1.nic.memorial.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:64
+men.			172800	IN	NS	a.nic.men.
+men.			172800	IN	NS	b.nic.men.
+men.			172800	IN	NS	c.nic.men.
+men.			172800	IN	NS	x.nic.men.
+men.			172800	IN	NS	y.nic.men.
+men.			172800	IN	NS	z.nic.men.
+men.			86400	IN	DS	21250 8 2 6C3F496F5F6ADA95799145C17FB84C995554114A8E2A77D27C58D7F383C9407F
+men.			86400	IN	DS	43840 8 2 F2AB9162A3125EE62726C0782DA179D9A6EA14D948CCF416C2C6CB2E7122A70F
+men.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fuXkt8nzk4HALf+q24zmy+VeVOj8e0yriQ6zh9n8LPEZq2cfNY6S2nt54Uu2hhYWtl/xmUWtDx/dzWwV1rKtocOIKHmEpnCiUy+X/MiNykwEcaxXsBNyv7p5Y/6vAIumil274yXxmrlS+7PQPblNZQkOC0pAA39mSog7QQjNRK18hBZTv6GFHI7HsW0oLZXYohVJn1/VidamyGX1XYaqRKIdcNdHPp2tiiKmVhI5UYiBpRjwHlgDAvargNM46J8+Dy0xzmAkoB8COdjyWZmqCcdWGozhJsGAs7Oa5jFEWtNUaTnclZdPytcgY74XzEWrMCBfr7WgGIAYkKeDoOVKNQ==
+men.			86400	IN	NSEC	menu. NS DS RRSIG NSEC
+men.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vNgfFfQjmHIaopxch6r/r2jhcyrcjQTV1dSuqBFWrpby/NAdAmAXlMq+lYGHnbghu5ZyZJB6EgVsLPHvO0khPTuglpPfvwSnY8PVC/tkTCReWyHvZCu3PAVN8DJBA5BrMCc5G/NPDvPKS6DlCbJ8OOACn2SW9E5+p5vV/ahDOUF8eEoJO11YWGvtHPPB6k/J43nuLgV2VhebJDjr0uQ5Vah/CKlxdZxMUeHAFt7i/ZQPJurvOKr053k+dTjYoqTPvOWnVLJT+yQ7vNg/xytzs1tpqtEXN+sN1lF8bK0XlV1BtKHeVouBwcNzHH9bP/UasfTns+7xIhBCrYSRIAAdeA==
+a.nic.men.		172800	IN	A	37.209.192.10
+a.nic.men.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.men.		172800	IN	A	37.209.194.10
+b.nic.men.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.men.		172800	IN	A	37.209.196.10
+c.nic.men.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.men.		172800	IN	A	156.154.172.82
+x.nic.men.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.men.		172800	IN	A	156.154.173.82
+y.nic.men.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.men.		172800	IN	A	156.154.174.82
+z.nic.men.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+menu.			172800	IN	NS	a.nic.menu.
+menu.			172800	IN	NS	b.nic.menu.
+menu.			172800	IN	NS	c.nic.menu.
+menu.			172800	IN	NS	x.nic.menu.
+menu.			172800	IN	NS	y.nic.menu.
+menu.			172800	IN	NS	z.nic.menu.
+menu.			86400	IN	DS	31309 8 2 DEA786E2B9C069E2595D79B03F3A920B0342BFBC017EC606A0184340E9C9C88D
+menu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PDERNWQcC+B2nmoEgCRhVpSpF+Gos+1oMc6apLM/k+La2lrELjicXDDT7xrFBn82nJIUz6lB8rpgKXBc5VH5hAz8XUI8XpwM2EKZSCBlEBrf8XEuIilhC52ZZbNzoy/uuHQ/aYvtDIbNDlT6Nei0Om/p0KAW0Zx+j3D04Kak4iekdSWyRFbP8CRsTPw1/n0LrxTOkkZ/D2dbqPDc4owLayF5Lo17BpLIjifk1kg5Y1o5oYBMY053h2/BkAoW+i88wx5zjLrJkYpEPbaQI+Be95twqgcendyv+rPtYXMoTVFKLo+8la1VBbZvJ1YYg1r2dtquNsqHRXgtOWCv3IvxVQ==
+menu.			86400	IN	NSEC	merckmsd. NS DS RRSIG NSEC
+menu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . roy6qNip7WVyMwO/IaW7O5FqwBZRf3doHbEaChlvfSlPd6y4xrqsxeqVm2dzvYkUd6RwS3Ce7y9g2XgLfF8CDThOz2NweT1ZkcVe+IvIH/jaOuMrDH3WniCXFC92x2r8FGSrMe2az5L+O8K8ehXAYUsPS0smO4JmxSua+ezyTNebOnQxsbb7VJsdWz/n1tArfdgSJpHxIv/7UFEhaY9oLlVk5I56ek1B0JNCZqiCokq6q4C75LznvCBRFke72ruHY/W8B+LCB7FHXCQf1UKE7G0/2gAwAOCpdKNzo63pkWB74hV0MrnkIcfRV9p+aviMXV+k5KGWtpbwgGWf62KkOQ==
+a.nic.menu.		172800	IN	A	37.209.192.10
+a.nic.menu.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.menu.		172800	IN	A	37.209.194.10
+b.nic.menu.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.menu.		172800	IN	A	37.209.196.10
+c.nic.menu.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.menu.		172800	IN	A	156.154.172.82
+x.nic.menu.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.menu.		172800	IN	A	156.154.173.82
+y.nic.menu.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.menu.		172800	IN	A	156.154.174.82
+z.nic.menu.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+merckmsd.		172800	IN	NS	ac1.nstld.com.
+merckmsd.		172800	IN	NS	ac2.nstld.com.
+merckmsd.		172800	IN	NS	ac3.nstld.com.
+merckmsd.		172800	IN	NS	ac4.nstld.com.
+merckmsd.		86400	IN	DS	23340 8 2 F6643D8AE9760F8033A5A14B231851CEDFF97429EF22514CFCB1BA625EAC86A4
+merckmsd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hxCWyvjNIAgnbXbLpn8LP1Hm23AmV5xaqfsvp+nyZUySuXSujUD30ETLKf98fubH9y8/WbG48hEfPoVxk9Uf7psssaXRIPetN7OSnzF2ExMvld4GAzR9ft7QYLXnf3jiG1ewi2LDApeYKYn77ObAFY8NpKGLNRVojvKB5FwzVqPJgT8H9YlQAhmaNwPz5jIRRWD3VuvOlPyYfqxkad92zVs16HOlaL979EIpCntSTYG+5dnfI0pzCHXo1nZ4LWZ534yT9KMkIUpfmdhSLktEWcBbCYnpW/HZnDP+wBhl9+f5wN85CWrR809sT/Ou4P15TFe1H1KuEaOhZPalTWPukQ==
+merckmsd.		86400	IN	NSEC	mg. NS DS RRSIG NSEC
+merckmsd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . caQ1PrSTdm9fLcmWO5OipcIGoap7wEh3Q3MMsgISJIl3/ZJVfsJRqMLv9+0AE1IUKwcgZm7PE5rUhufXy0dzHX+6I9m1f5arVeGUpRbzZ6iGHqi4hRXoR1aSUSUBmjgYSY/GBZIiZAoLV+d8G2gluTk/hVZ2FN0tUCopOsz0eiQKN1JucIcoM9u6HLtVqAYo1sCt/EG2L1BSV3V0K22sur5RluOUPDGXlUC5XLJ0kT+4IUREKflMzrZFKRlB61IYRnEpR4XR4xphXSPWJYBPLa8tdGef55lzqWeUpOly+W0fYx+65/3YmaUEhpMazu+6yN9qkItjf2zQkrA2eG/F9Q==
+mg.			172800	IN	NS	ns.dts.mg.
+mg.			172800	IN	NS	ns.nic.mg.
+mg.			172800	IN	NS	pch.nic.mg.
+mg.			172800	IN	NS	ns-mg.afrinic.net.
+mg.			172800	IN	NS	ns-mg.malagasy.com.
+mg.			172800	IN	NS	dns-tld.ird.fr.
+mg.			86400	IN	DS	31916 8 2 61C4C85F931E44175E37E585D4ECF728FE63587742D7335836E1E686AD44950E
+mg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tfq43qz65rj64nEsAUo7uhemTxdxByjmZYiDGj6zReRsvbtqAFdEokOSaBX5HSxoCupHxZVdA3ALADKuess/bP2VjocWZk/umVbtPUBPz1JOYdRLbP9YLNz6g7TlcB+hliNDWFyWZ1jurJIGrFxlrU1jEp6YECWAOyZKEZzKs6AiKgeRqrK5ZJ6qjD7tgo91o1cRdf/irj/BBgdEX4XIhpzNPonbBJtG0dt76v5xV4cYntATnNtpmlVbM9vbcg2iKp7NtRZyL0QLh2HKzSkZBXbf7SHUropgnL12ah8TNN8AUAXXYEtR4kKe6OKHnewHXACPHbvt+O8KfCkfqxthhA==
+mg.			86400	IN	NSEC	mh. NS DS RRSIG NSEC
+mg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . v/GvFy+9vRHQsKYp6KIxBNkTDUpQ9TTzZqc87Q6kheHebsGpGDzb186FwZoPUKyzoNckN6kmdG+PQBud0VM+OYhBja/iBTKvsDi3J25Yd9v7jPTnk9VxdNl2ExwngSeAsGDGCaq5RBeHg4g80656ikC0+89pJGIaWedhaR1Ipx/ztzyv7nEA+g0I3Q3BcliWO1S4CC1h9bFtX3XjcHYP5BZ6n7/uyNXjT8JdWHtmbDj+16nq2xxkatXDsRDNDVjngRA8YJyuPFj+YbNMcAkE+WW5gJtKvW7xXHCIl2GqKAVZSWYma4Cp7QEhaNyCAgpr0IXQzBNddIwjJLujhUl2yw==
+ns.dts.mg.		172800	IN	A	196.192.32.2
+ns.nic.mg.		172800	IN	A	196.192.42.153
+pch.nic.mg.		172800	IN	A	204.61.216.121
+pch.nic.mg.		172800	IN	AAAA	2001:500:14:6121:ad:0:0:1
+mh.			172800	IN	NS	ns.ntamar.net.
+mh.			172800	IN	NS	ns.amarshallinc.com.
+mh.			86400	IN	NSEC	miami. NS RRSIG NSEC
+mh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AA4INpm0/n/PxXGVa5UD2PI67F9gm3jFv9jEksKOyqjkWhATJRNzGSJr4jvvUeG/Yyw4cwvVLvQsAGmjzFBxzREaE8+daeyrPhOSQU51U6piUg2E6IhCWcrzJBKcCKCWBclZKsWUe3rppa1CyCLeAtBzuGFZvKlnoh6EkrRcKeNGrAdP9wcDWAvBP65WSm4WcL9LIKP6MY96RrELJpKUeU2lmAAr1H+IMOfr5CFtyAvOuHApUaasc88L/NO1GhwR27mdpHzAcqLd7iHJaJGAdfLvE6ECYkB6HCMtx6PnEFh2GltjKB6bmsg8jkkH9AQLd/aEPMWM07CxZ+6MZ5QntQ==
+miami.			172800	IN	NS	a.nic.miami.
+miami.			172800	IN	NS	b.nic.miami.
+miami.			172800	IN	NS	c.nic.miami.
+miami.			172800	IN	NS	x.nic.miami.
+miami.			172800	IN	NS	y.nic.miami.
+miami.			172800	IN	NS	z.nic.miami.
+miami.			86400	IN	DS	12679 8 2 4B9F71133648B60BE8D6D6742A698E1E6CC62B84EC278F643824690735549056
+miami.			86400	IN	DS	19654 8 2 8F63985AD288D934E94263F9CEA1F58734EDA5B75B35BCB9CA39B3038BFC03AA
+miami.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1ENSG+4ccJ5YP88VZZZKKQ+rrL4P64ynC7IrW5rxfahMYAXbN4sdeb/kFpP74WXgMeILHK/cfXlguDklpNaIC3/1B5RnaVvhRMSsGGL1OWzVkrXaat/7OIPmYHq3XVolYH6NkFZ72PJtxnUqPuGa5eO86xKw9SUJ0rVd2U4mnS1qXlyrgyTtgwGiCYAEk8VwXG4yDw8bI5va1zRMC4FSh7bQE2nlq7jga6g0ZePv7IAEqYnKNoCHn7b2Y4NQhQBYFmqSfCUS8Ujbnc5KRyJO5XrBPgq8IDrpz3nszNgWNFis5eKbCwF1Tk7rDNKnQ1tMlTFWdAUD1pUzLO8H1At5OQ==
+miami.			86400	IN	NSEC	microsoft. NS DS RRSIG NSEC
+miami.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TUs5O7vxucwwVTh2XE/u5mbhNzmT7gdyYqOlAECKCVGJWzHP0xv9OnNGbYnr4pH7JM7V74BqRo1NWvIwf6HrnYpThJTJrqO9NcjK2mSlplLxm8JkmsFm51F1LK4It/eULeUr925FRA4Zc0m53GoVxUdh9cESkIfQdfo8lxT5kvBGkatNbx9OLWQi3/ZV2JWfugANbfvuTECtB0iV3yVT1n3HiE/mKI8LsE6/xPJe4/tTT8kq7tZHUkOlUM0JhqwrDuMDmfI+CSLlOegCHBbYHfxmaO4/APx8FCxvZMeP+ULahk51ilj3LgJNs8M5wkaO5IJQi9MWMxwxovLeSKVgmQ==
+a.nic.miami.		172800	IN	A	37.209.192.10
+a.nic.miami.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.miami.		172800	IN	A	37.209.194.10
+b.nic.miami.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.miami.		172800	IN	A	37.209.196.10
+c.nic.miami.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.miami.		172800	IN	A	156.154.172.82
+x.nic.miami.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.miami.		172800	IN	A	156.154.173.82
+y.nic.miami.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.miami.		172800	IN	A	156.154.174.82
+z.nic.miami.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+microsoft.		172800	IN	NS	dns1.nominetdns.uk.
+microsoft.		172800	IN	NS	dns2.nominetdns.uk.
+microsoft.		172800	IN	NS	dns3.nominetdns.uk.
+microsoft.		172800	IN	NS	dns4.nominetdns.uk.
+microsoft.		172800	IN	NS	dnsa.nominetdns.uk.
+microsoft.		172800	IN	NS	dnsb.nominetdns.uk.
+microsoft.		172800	IN	NS	dnsc.nominetdns.uk.
+microsoft.		172800	IN	NS	dnsd.nominetdns.uk.
+microsoft.		86400	IN	DS	35775 8 2 75B42B6862AC3B32FC471D044DE968DF0D3E9A2B6D4EAD5ADDBA4ED42FEF185A
+microsoft.		86400	IN	DS	55012 8 2 6124FC6575FD96E99E526B792F5637653C25DC4E1E2C034C7A23FE2E2DA94ACF
+microsoft.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0d5uhtKUppmTXbsKQq7/8cIsspFh3Wl7O5EBu2RwrQ8nPlBcRJTw/lSecNry9O042oEAF5CnlCGE3p2wuO/njFIcC/G+vbe8Tl+RWfslVBHfOgB342QcfXclCuJ3O3fgf9Hbn+P/S1AND+P22kMkReFWVyb8K8N2/2YbFh0CP6HPKK9ViPASfUXVe8Cz7TRqkc3GpDD1xD+g+D1uyVf7zsnnhWWy6YTzJMXK4lMK1V2SMBwT3szD2GshWRIbC65iLhDNUzWhL3nJjkheZiNb/zGgZzyQN8ZVzJbRHY/lxX4jhoM1S/NXmKE/m7dWumeUwOhl13zJGb8tG3EUTw5LIw==
+microsoft.		86400	IN	NSEC	mil. NS DS RRSIG NSEC
+microsoft.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . E3rfHlQBwH3J+ymrxmNGHNtFN9Z/bi26dX+3SNACf9txirlJxYiLGlYmWviZeejgl5SRj9Zd6LlctAWyCjT8ilynV2uzyew2BIvILzOy/jkqLctTS6XbZwjFHByUhMrW7zM7JUBReDPRx7FAGlZPXelcLslgehiu+DuNMK47YuASLqPLl0j0eMnM/HsGWeyiSoTKSWJXB9pmTvcYuL0mYk5CCJzhR7XBbmxhVEc+27npzL4fy556uEem7fA1xxff9yPVZP0HAm8lYN/nG1F7jmwr0sgDgg5ipe8N2uogRkZQXF2NBGDrpmCtX0IeKluy3rpx8KlG960zgVdSx4vcJw==
+mil.			172800	IN	NS	con1.nipr.mil.
+mil.			172800	IN	NS	con2.nipr.mil.
+mil.			172800	IN	NS	eur1.nipr.mil.
+mil.			172800	IN	NS	eur2.nipr.mil.
+mil.			172800	IN	NS	pac1.nipr.mil.
+mil.			172800	IN	NS	pac2.nipr.mil.
+mil.			86400	IN	DS	16801 8 2 49013E5D5ED406C25C5A3E7F67C756E34C925342A34BD64D7427536C366DF99A
+mil.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hMgDaiNQ4ZUpL6Aw2rmZvspfyfRghiU8u96trHNQOz0BT+UdRXJWGQty0XxguUmTypRDkqgb+g/4tdaf03Oh8YuQIQnBFXwfq6H3M24FwnAQNH4Lj/l6E7aCha1cVjHWXSq17g2FkDvZPS9vthyrd62rMMdkCtJH8Dq6i/6Os1U3x3zD7gafD/aWn8QYnfyLZGgAN1RyMaVgZ11ANvHSPiyVuCbuTtDgdW4dKqAUE1/C6sxKaa7CevHynJ+GBzBmBlrD4YDGoID2LfWjrYj4mGLU9jJnt5Yiwd2euF/zxYL0H0mTm8tWLNzJUb9wenTc74qPnLbsX9recMZNO2C3IQ==
+mil.			86400	IN	NSEC	mini. NS DS RRSIG NSEC
+mil.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RS32r/9u+Z67eIFWx6qZDtjGM8CRmUVXe1mNmD4e0y9OVNsf0TjFGj3K3lLdsG+E9zuPkb21ZlJhuI4m7zLqdkEBkUAbnBXRLFOYMtrppAXcZTANL2KFBwxBJJ6C+QlkYPlS9rh3+hTkrqK9I4LHMUHjNeeljOn6J+qF2nxXFmwjJNn+oZ5lWOx6qU2gaBcr2weUSserSpn676whlRGpmEXhS0nvs0ZVmjn6u6vX0ydNDJuZjBkCjCV1l3ZmF4X2cCfekPj70E7LrOHhHEdEVwrFJet5t95pMhwU4lNyHPSmwNH7hPfOk5FVlW0E8rHDDb36VVC5n7RRQPwz+HRiBw==
+con1.nipr.mil.		172800	IN	A	199.252.157.234
+con1.nipr.mil.		172800	IN	AAAA	2608:140:c:157:0:0:0:234
+con2.nipr.mil.		172800	IN	A	199.252.162.234
+con2.nipr.mil.		172800	IN	AAAA	2608:120:c:162:0:0:0:234
+eur1.nipr.mil.		172800	IN	A	199.252.154.234
+eur1.nipr.mil.		172800	IN	AAAA	2608:4122:2:154:0:0:0:234
+eur2.nipr.mil.		172800	IN	A	199.252.143.234
+eur2.nipr.mil.		172800	IN	AAAA	2608:4163:1:143:0:0:0:234
+pac1.nipr.mil.		172800	IN	A	199.252.180.234
+pac1.nipr.mil.		172800	IN	AAAA	2608:c184:1:180:0:0:0:234
+pac2.nipr.mil.		172800	IN	A	199.252.155.234
+pac2.nipr.mil.		172800	IN	AAAA	2608:c144:1:155:0:0:0:234
+mini.			172800	IN	NS	a.nic.mini.
+mini.			172800	IN	NS	b.nic.mini.
+mini.			172800	IN	NS	c.nic.mini.
+mini.			172800	IN	NS	d.nic.mini.
+mini.			86400	IN	DS	82 8 2 6F84E8B483F6FEFC9832A282EA80D4F30497393B5353CC6854431FA7FCB240F6
+mini.			86400	IN	DS	54260 8 2 0DA865B8E8A60553B90380AEC9DA84A2DE372A2A098EC5F2F6E3502414947F88
+mini.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tKLCWhaLoa+dzXIg4HZge2lTKUoGBhfbXyXbyvbQfehoVFvuyhInJw3o2g9Pd668vMiwXuHM+icsapPtqrf/Qk/4fZWGt287lSRqfFKYDsxOnoVYave787QHxHrrK1+Fj4F1lFHYyv5JdSRZu2/S8fLAof1LxCzrp34tMYellWvB5XyTL86E5flrshzN8yGWGmEdbkqHRjJUdR3lOegTIXxiWoiLf95rF/MX+6Oo9Gsjn6LAhkCWX2Xh/LRsY4VnI+bVUpHshtZrXmzv+IHxZDszDbcTMulLTCHditB3IIOd/hVH7g2BneZ5gRrmjVCsJUSskQWzkaknFDDYiPo60w==
+mini.			86400	IN	NSEC	mint. NS DS RRSIG NSEC
+mini.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ugop9PQRGhpGoFOEMJ+AATO2Q9JnJUjewLlaLKq2wyaZ3d3oh2wf87CaKLSn915Npvmz7WcP0juNBRlbAiR5xwkcz5TcCr81E1Kv2Zl6jgnUZzjZAJ16EYyQngLDxAtQqzm8ARMtI26+yAoJDN6FIUwdeXFfEPGWJXlftYBWr0RHa4K3k1HWEujA8vy6EcfigWAX+nO0t4gF2G8J8ed+/mpIN8HwV0L1Bs/kMRi94cMv9idREowIOU4xFAdZu59jDNOKcq6Dy6VDj3TJMIvRyA6W9FC/ETCwX3qhICA+9J+MXO1DUKRpDi1afwgF4mwGCbNzvGem/IaAPNyFrCz0bg==
+a.nic.mini.		172800	IN	A	194.169.218.95
+a.nic.mini.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:95
+b.nic.mini.		172800	IN	A	185.24.64.95
+b.nic.mini.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:95
+c.nic.mini.		172800	IN	A	212.18.248.95
+c.nic.mini.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:95
+d.nic.mini.		172800	IN	A	212.18.249.95
+d.nic.mini.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:95
+mint.			172800	IN	NS	a.nic.mint.
+mint.			172800	IN	NS	b.nic.mint.
+mint.			172800	IN	NS	c.nic.mint.
+mint.			172800	IN	NS	ns4.dns.nic.mint.
+mint.			172800	IN	NS	ns5.dns.nic.mint.
+mint.			172800	IN	NS	ns6.dns.nic.mint.
+mint.			86400	IN	DS	20665 8 2 61E6470C8593C69E908195DB6D54F96E47BBFD80E61FA706E4263AFC6AC810A6
+mint.			86400	IN	DS	24670 8 2 872536426335AC76542DD46851AE59FDBC13E1F33E8A5C49193FF5A70BDA6FDC
+mint.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bLw5XdePYya+ewHHqBmr5CN9CGcaUXbGXKN5niF8ZRauR6/rNsOKuKNd2hECIadD+O7P64/kBB4Fuj34jtTY+fmTb5fQYmI5msnLB37pu18OKRrb4JjixuYCLo+YwyGCCIdQNNVAgkpJTOkSmHKbuvVf4pLuzfI4ilccTZE4jEAaiD752bI4fbDLutTejvR2X3f+lSfJvXsyNLLLiG9A3FdzVhpm7FowO1da8RHIP5ymNRDeWljEKGbUZTI5nDK69v9aZws+KeuBuHZmTPKwotoTf3j+JQUucOcNFkD8n0rhJBytjNVoD3e9yb8dvb3F6m2UBErcgE0N+HceXtM7yA==
+mint.			86400	IN	NSEC	mit. NS DS RRSIG NSEC
+mint.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vyc35KWxWcJ8K9suhwWm1gesCaDXYY/7FFxSgHkAmjdfgpg66Zh628DSPEQ8GVV4SgLAEvSBOt12HhNLD6DfLrSuBuEXz5kjy2dAAtHjoTpPeTpIEt7O2jc/PmOg5tDJClcfYWF6QqR7orcEIoUVOmiW2l6lcqQkROr6w6trkvCvRQKRHM++Fl2ZFYSCcrfXSADafGs1KMaunTDXk3nOVs69NtLeoDXlJsd8Bv8aSzz0xwRH69I0+Xi51GTEUutyFXwKZzAfmTtbw/Z/QnCj4i/VpuxYt9XhHudBO9bpjRU8bxQ3V2J5SltL/6kk8/go0u9cBGd6PnJgKc+EYz0FCw==
+a.nic.mint.		172800	IN	A	37.209.192.9
+a.nic.mint.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.mint.		172800	IN	A	37.209.194.9
+b.nic.mint.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.mint.		172800	IN	A	37.209.196.9
+c.nic.mint.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.mint.	172800	IN	A	156.154.156.112
+ns4.dns.nic.mint.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:70
+ns5.dns.nic.mint.	172800	IN	A	156.154.157.112
+ns5.dns.nic.mint.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:70
+ns6.dns.nic.mint.	172800	IN	A	156.154.158.112
+ns6.dns.nic.mint.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:70
+mit.			172800	IN	NS	a0.nic.mit.
+mit.			172800	IN	NS	a2.nic.mit.
+mit.			172800	IN	NS	b0.nic.mit.
+mit.			172800	IN	NS	c0.nic.mit.
+mit.			86400	IN	DS	65212 8 2 321542533579CA11F6FC95AC23ABAE16A4DD112EB3785E98C51A47F5B25D2B9D
+mit.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x45OUzBWTIMpBetCZuJK8mn0nMAIaGNg9PGNEdciBfoUT/HwBSiUoWAOjwobZqhcZlRijoIQVjhIBRvQxYiVRY7bo99jRs2iavZZxCOcpH8X8wff7FeT5MYgPKblApXoTJ0xvQtyWFAop3lrIq/PE5x8Z54DAprZMB7cNISGe1SbwTFs3tkkt9fYuTxf/slBe3HNDf4JcUhUX/xUethNXb3RsuplVQutEJC0fAaepFv71XsndsF+2J+3jPsBVzUUby0X3tkBwj5uK6V7ZnP4qXJlUfUl9o1AQ5ymI3wZL4E9bnTXTNaxmdq2d7UNCcC+ntctzGdBugIaSiY7WPiDLQ==
+mit.			86400	IN	NSEC	mitsubishi. NS DS RRSIG NSEC
+mit.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o4h/gn3c472ikabd3c1DyNTlWmbWnuHJ0gDX4YwoXlA3KUaBeQemrAqdEbO22t3DRblQ8fie/aovKXZzhyhf9HNdDEVTZ2jUzC3OYr6DlQ18+2xW64GgRT1NVS6TS5FDFwRcQmKSZq4vAiWcweoVXoqVA88rhj9h1Kl0JSURCns/i+k8TaSdBN366HKhDk0417+3b6Z1tTofBbzIc+9CHtWtwJw2K8ThOgajJgk0ibE9ARH9jTsMhG9MeJT+X5e7UQmsIVdpAZewMg+SYLpXJJEkH4W9kpWtTpzZPo93LGsAlAIdU+7apUdRKc3s6EJvQ7OoJvgpM3iBD0AKTnV7+g==
+a0.nic.mit.		172800	IN	A	65.22.236.17
+a0.nic.mit.		172800	IN	AAAA	2a01:8840:e6:0:0:0:0:17
+a2.nic.mit.		172800	IN	A	65.22.239.17
+a2.nic.mit.		172800	IN	AAAA	2a01:8840:e9:0:0:0:0:17
+b0.nic.mit.		172800	IN	A	65.22.237.17
+b0.nic.mit.		172800	IN	AAAA	2a01:8840:e7:0:0:0:0:17
+c0.nic.mit.		172800	IN	A	65.22.238.17
+c0.nic.mit.		172800	IN	AAAA	2a01:8840:e8:0:0:0:0:17
+mitsubishi.		172800	IN	NS	a.gmoregistry.net.
+mitsubishi.		172800	IN	NS	b.gmoregistry.net.
+mitsubishi.		172800	IN	NS	k.gmoregistry.net.
+mitsubishi.		172800	IN	NS	l.gmoregistry.net.
+mitsubishi.		86400	IN	DS	45959 8 2 1E5BC196FD959FBEFB2CBD681475BE0FF1DE7FBD074B2CE338894EC2B011C0DC
+mitsubishi.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MMDtJpsoTZ/UOwmaeZZYYzP3N8diD+Vk6VDhj+c4bne9vpoesHop1O0RT7hxRqqqcM8L/rE+0CpHEu32DwoZrlRVOwbF2UoLotbQ+GyJDNDhWqH3F8Z7m5WdxnER+n5+2+ctku/z0WKCIlvwT7uYamt2a1xx7JgKvRTbzgJCwDvID832eY44YR0+MUyqegTkHXjBEj/hJC0WG65IHMZ8SnhxOKSN7JTReTcVC+ofAP9cHqkCfo2E08WM4dvq9578O66oez76iwEvNddP1QtjJeTKDnqNLZyjwWGd25MDxJ00QJC0syPd2udSkIoUYxY2drXxsXUs9so1zBvGeCoW1A==
+mitsubishi.		86400	IN	NSEC	mk. NS DS RRSIG NSEC
+mitsubishi.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x4IpE7SIEkTAzPV7v1Hw/BGg6nI6mMoqAOw25SIUU8dJ0sYu2ehnE9jg4DF/NS7At79CBJYIgH3pO0zrInM/xlhInB1Thice4O6PUz2i/u2cpxuh5aO8v/p68aBWuGGZwFDebzpWxjXTL8IPlww9pwUJ2EnIX/OoLJmVOqW6LvP0t7MyiSiVDOS3C7+mwfsTXZPHOhmRGaJf2KqYkFYFp7PJ0Bkhr5zTV9vEwoIookV5dBgqgrwfvV8AIe6YRJppPKynFjUcfImKuRFexMsxIC8jLj42Q2Lag/bD7aY6b5XRi9p+hG98frIE6CoW5rv+2jPGQ37qdx7APDB/Kss2AA==
+mk.			172800	IN	NS	d.ext.nic.cz.
+mk.			172800	IN	NS	ns2.arnes.si.
+mk.			172800	IN	NS	tld1.marnet.mk.
+mk.			172800	IN	NS	dns-mk.univie.ac.at.
+mk.			86400	IN	NSEC	ml. NS RRSIG NSEC
+mk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zA5SAr7QW4tn2Wy9lXMvQ6hqkZ0ZkJUuTK4jv6u76Dh3QjoADzCj+ce+Z6G9Q9dkcJ57HEmYCy6NmH1+7mJ/+LZ3cJt9GK5FFxg+rqa8e7ryiNLXu6FCEFoMYQFzZr+fcgpQ34256ndWkU+lSlBmSETBIVP0L9rQJadABsUb4F/n7858xxG7tvdUeIm8bApkDvUPjT6QVFX0J+blHjgyGeDjB7Mp6tXvJnstGHE9MWhUaoKRWuzzLMVEyIg6L8q0gI1Rd66NV+k94koljk8DDqxPtsyONKke3QzS81OhM9WDJPD8qZzPG+RMj3s9xd/gqiKtpbWsQVlAVQn+uOr70A==
+tld1.marnet.mk.		172800	IN	A	194.149.137.168
+ml.			172800	IN	NS	a.nic.ml.
+ml.			172800	IN	NS	b.nic.ml.
+ml.			172800	IN	NS	c.nic.ml.
+ml.			172800	IN	NS	d.nic.ml.
+ml.			86400	IN	NSEC	mlb. NS RRSIG NSEC
+ml.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OSMtmqVXM0FVw082Y0kvI0Hl5KbSH8QQzNKvvO1AB6Hdu45KGJNwQWh/P4pPulknvPMiQwhf4w/NqvDZRTzukeg88dP8ViD1hS/aJ3BAnUSGEI6a73eV1EHMZS4U6WF4RR0X9fmJz0BWBf1S/FbVWd8kXReoOgkwoNevBmTrGQV6QfYMga5aPskjCHtKCMGRUG9OzArKDv3ei2QtLJCr3zk1noI+HXjENhkul7FYffYk8EuCNv8nUUqDhEmMeIX2lAtkBU1KDGtFU6rpp5I+hnjFJOCYFd0Ef46HkMoUAA7UZMjM/kTDJaGcKDzb5tm4T/WnYxE+mm8at5HPIO/iow==
+a.nic.ml.		172800	IN	A	196.10.220.136
+b.nic.ml.		172800	IN	A	165.90.218.166
+b.nic.ml.		172800	IN	AAAA	2c0f:f900:2:3:0:0:0:2
+c.nic.ml.		172800	IN	A	204.61.216.144
+c.nic.ml.		172800	IN	AAAA	2001:500:14:6144:ad:0:0:1
+d.nic.ml.		172800	IN	A	196.216.168.37
+d.nic.ml.		172800	IN	AAAA	2001:43f8:120:0:0:0:0:37
+mlb.			172800	IN	NS	a.nic.mlb.
+mlb.			172800	IN	NS	b.nic.mlb.
+mlb.			172800	IN	NS	c.nic.mlb.
+mlb.			172800	IN	NS	ns1.dns.nic.mlb.
+mlb.			172800	IN	NS	ns2.dns.nic.mlb.
+mlb.			172800	IN	NS	ns3.dns.nic.mlb.
+mlb.			86400	IN	DS	4324 8 2 88B16B31916A70182F0809393AA481AF43C61350734E0D1E8107EA8CF2348B83
+mlb.			86400	IN	DS	8650 8 2 218D67DC41C6696C577288447524E3588673894AC178AB6EC2D0F3C1FDA09A9E
+mlb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XS7QADMtfIB5GDWShHimw7sjpffCB3kdU+yGZBgM5eywJzZJdUsN4koQ9R/D0eAOLw3WsMl/nI+esLysuuKrhpiKVuMcXkwPydmyaV35KsLjgOiI7PWnBv38J+JdD1k3r1FZBfd73NNo37HWg3w2qU9qnhBCm6nQEhxC7knCHjDTT6HR3D8o+xCR1QxVlT3AlySy8SX9lpXBu5xDah3uct+VNTywu8jXNe4y1F7Qty/D7IgCsGrAiXicSjbKncGhxdsy+kGOIoQOfG4gXO/0o5LAeExjk04GgvQBguKdWKhZ1QFzCnmgG7WeUqWP9ETuMuMxG0AyVHU4Mz5EDD81vg==
+mlb.			86400	IN	NSEC	mls. NS DS RRSIG NSEC
+mlb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x4cWF5wVMqQXcsAoTQKQbpsU0OBS5F51yPiS5P7tz77SVkpSJg4YQBpScUZ5d0DhV61n5hvcEAP57c5VFfaVswA3Utc/O78sRNAiHIRxjvSWOWNTPYW5ERft1jTHxwYUZIUqFAWQ1BOliym0iY2b1qhk6tekKx9kk0olwMOO5ET/UOGbzT0gHwmd8gTeUpQ2mZSXjjyi2UyX7Epz3jEsB/ww8CzenrgzBofWO2w14zH9HEb1POzQVAq5tUU1p4/BhFTE6Dy/70ocQxd+kZMKckEKx/5gYFWLMMHHq1AEMYYrtgh6UEOnHpriVKPMNqJL8U5TxV7ujcqeMqx6r79brQ==
+a.nic.mlb.		172800	IN	A	37.209.192.9
+a.nic.mlb.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.mlb.		172800	IN	A	37.209.194.9
+b.nic.mlb.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.mlb.		172800	IN	A	37.209.196.9
+c.nic.mlb.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.mlb.	172800	IN	A	156.154.144.113
+ns1.dns.nic.mlb.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:71
+ns2.dns.nic.mlb.	172800	IN	A	156.154.145.113
+ns2.dns.nic.mlb.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:71
+ns3.dns.nic.mlb.	172800	IN	A	156.154.159.113
+ns3.dns.nic.mlb.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:71
+mls.			172800	IN	NS	a.ns.nic.mls.
+mls.			172800	IN	NS	b.ns.nic.mls.
+mls.			86400	IN	DS	2629 8 2 1F831BF4F17CA7B3636EB20249ABE2BC58FE071B0F6E8869EC904C8DD8A48CB8
+mls.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . whL0L8QDV2CXrmMR0IAtEo0xhYo6XWlCj5CboxURkSaChZ8Mnw6V1SYN0gRNqizMR8wFYFkv8Rd1/0BnNbs/d78OWXQLJ0xoDMdTna5Cc5oCPUZsNxRr/Y8iLFGKdA7zqDaE30qfXsvYtITi6LX9mjWAHx4xtaMz9GYVfCdqCsvsktnOCoATOIPVTwQ6i8uatPdbqIUZ8QGiCuNqU9uFnx4CeKfWTOrkZFnwlQqAuiwPr+eUyRfWDd2AEivL6/sh9bmwV0ZpOcnZJHNacojhRnMRMfSohHt7D09bekWwfBcyg1lsO7ggbDTojnX1ScGimjx1+0Kxf8QXqzqGMh9pqQ==
+mls.			86400	IN	NSEC	mm. NS DS RRSIG NSEC
+mls.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XAYbm+rKE6YsKA84sYlClSFrKB95VtLNTSSI2I0mCIEVHcBEazVKDJX4hKHTu+GXdILrS2AkBZXiHEss0LJA2oMLQLSc5utVyUmPDJgcbBjFCnM0hwklF+9xEkTMnHIMjzPeA/FvABd0zSf+1yCUz8AYML0QcXT4VRku06efmwwrg4ymgOMSxHaikGj5jzScKmj/rg/P9pRzBxybRbyrGW/KWxcX/2CIsYbdBDlAbqCsABO8GaQ+xNOB2sWi5Ty++NANIexfMMsj+wgIhm10tADsH7gvaFz23QmK6Kn/bW/g+x9a6CJ3uRe8XX4b5D4VVKLwSuMsIzhX6MNSWL+7og==
+a.ns.nic.mls.		172800	IN	A	185.159.197.8
+a.ns.nic.mls.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:8
+b.ns.nic.mls.		172800	IN	A	185.159.198.8
+b.ns.nic.mls.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:8
+mm.			172800	IN	NS	a.nic.net.mm.
+mm.			172800	IN	NS	b.nic.net.mm.
+mm.			172800	IN	NS	c.nic.net.mm.
+mm.			172800	IN	NS	d.nic.net.mm.
+mm.			172800	IN	NS	ptd.net.mm.
+mm.			86400	IN	DS	18589 8 2 0A66403DA2CEB4C3960750739074D5CA799334B45C85E3FEDD7838E01A2435D8
+mm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rKT9OkBKiU74CASVdVIRFn3UaVcQ7xTRnYg046SSE72NCfG5WspfpWDqUwjAGR14eC9PCwXSHyAuqSRgAYprHI7PIWCAxtfJJEO859c+UBeTUWGraiEitifyjeCErVu0OEUs3TO1SU9tXxdMBXU8K91lQPotyOymvsPCMMuQCnKaqurpcNRjqAx23eB+Sxfj8jvos4WqtH3cYwQWfdvKZdhlXVkgQRerG48vahafxudjeQ6mDfxCNXzliijo4sDVchdUe1mY/VeUQYiJem1MlEzA/akPe49qt6yys17ElJ3MP3Zg5WRzN2NcJ1TZdR4l8FBGDus8nor5Rq2gG3UugA==
+mm.			86400	IN	NSEC	mma. NS DS RRSIG NSEC
+mm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Kbc8+6a81sn15tVViqkTSvMD2jf4cBvwZhhOH97andLkTuQG/u8GheoXRkzBjuFlTaHJc70LA3qyWMWvcICcw7hzMHeKgCY0kVJ6tu4Zy7jrBLDtyW1mAWwWKzcU+y3A6yJigRQaaSPUZvXb0u1BgTmlbgyZ4N8sqvbbXutElJyOvCSo7VKEycXo+nvmfBjj4jU84Wvolg/5td8pVrNtHArJjXVdBzNZqj+7bBiCaZ3Xb6inBhyvwu5IoHRjM87i/exePgVpI7xCWJvXfFs0CouS1ZtMZfexncvKT5422KSr+8slJh/HMTOg5Z7s9qjxqQkagrf39PtZKsbOGDbgtw==
+a.nic.net.mm.		172800	IN	A	37.209.192.4
+b.nic.net.mm.		172800	IN	A	37.209.194.4
+c.nic.net.mm.		172800	IN	A	37.209.196.4
+d.nic.net.mm.		172800	IN	A	37.209.198.4
+ptd.net.mm.		172800	IN	A	103.103.173.9
+mma.			172800	IN	NS	d.nic.fr.
+mma.			172800	IN	NS	f.ext.nic.fr.
+mma.			172800	IN	NS	g.ext.nic.fr.
+mma.			86400	IN	DS	59534 13 2 25455417C20C22D815E00232DEFB2FC78E7B728600C91AADB21F8703EA1C314B
+mma.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pODSQx4K2m2i1LCX2iNezKz73HMJNFjGm9BzCze+FWd+nEdy2Sa5x3f5DZ3ABBHRaUYiPnUft14t6nTRkUvdVNxrtV32jF1I8MyzewDIoroklUzm6XHMACirdyCw8OBWxKYbtphWpve69eK14/wpKiVVOabkp2hnmbRfj1P+LTR2A2Ku5EUbyBN38zQF7tcdIQ3oLKRD2REmcxNT3AGTl0JIJUdCNkN1rO1hiO3+Uevhw98gsMxiVFm7D9UQmYFZOiXcENkT/fVAPVax8ySTHS2VQMMvXO4cN24gYm8W8NQ4aaoqgodQx09OT83N+/gU3wqKqF0V76ch40LQz2zX3w==
+mma.			86400	IN	NSEC	mn. NS DS RRSIG NSEC
+mma.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RTX7gBIvYpGmtKF6BCT3VSUBQ2P4JLug3lek6eJER7Ka37SGZW2/qYNLW2xMc0YOY7csu4OdHW7wvz/EfSILYZGT+zYeyo1FvunAp8OIfheSmeuRCmha0KYSK9tMkFhXSS7a9dnxWmwyZmrlpwCL/lGPEPFTwOPT1zz16v2bDRh9ISXbWiYchsp2zMbDSManTNAKJ1qmTszgUCEaO11f079IB6Z9gXrY0l7QYSXD5jmaH3ce96yiPf8vWCl4YWtEmtTNGl+8CWBXe+RfqQRGF6xpqbdYlHSZ7gbf1C/LSMBF2pB1dqRtYP/vxbNv+akeHlHymmyegYaRB6UGuFlGZA==
+mn.			172800	IN	NS	a0.cctld.afilias-nst.info.
+mn.			172800	IN	NS	a2.cctld.afilias-nst.info.
+mn.			172800	IN	NS	b0.cctld.afilias-nst.org.
+mn.			172800	IN	NS	b2.cctld.afilias-nst.org.
+mn.			172800	IN	NS	c0.cctld.afilias-nst.info.
+mn.			172800	IN	NS	d0.cctld.afilias-nst.org.
+mn.			172800	IN	NS	ns1.magic.mn.
+mn.			172800	IN	NS	ns2.magic.mn.
+mn.			172800	IN	NS	ns3.magic.mn.
+mn.			172800	IN	NS	ns4.magic.mn.
+mn.			86400	IN	DS	22489 8 2 C069CD3E147E1F008FD2394A7112509C96D26094F876E48E56192779E1C47BA6
+mn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0p7+Sq4Z+gcNu0zDd5xC4i92d4nNDMiOGnpB1NAJKNFL6fGo0rtPEHBSF6OuZY0nYBieZhg5rX+dljuVTddYRX0otAd5TmHMCxWFXwn1W0/Fxr9wlw3vk3MSwKYC8K7/guoLYL6wj8jntnoM3gGhryiqK1bXg+k86nT1HyGDzHo6B5EyWAKMkUiOXnJBzf9ZKxu03foebZ4AV/t/ij47ZvjVKDdEpvxsmETuR30hYQDxAVVXwlkF6DiJY3CejNTaWsX6SZGaAcb4I0PZ4DtClMl2LhwnZl6G/R0Uf9uTg5Qto3DOm81ojHkAlTDdmzmYYAWYvM+HtdOVZ+eUToVeug==
+mn.			86400	IN	NSEC	mo. NS DS RRSIG NSEC
+mn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Jv0zugkobIBzhF1aIIc85v3xGf+FFfb8D/PR+2avxly/9c3TN4cEzGPLEB3PxzcrB9hpqSqULAWHSfhMmSD+n8H65lhGa7wOTSdK/nJbCVuadcr6eryA1Zc9Q59+hjOb7VKCVfV2vcNUlkr089nz47zXDQADygLJvEA4hiVVU0T3gqrb6/8X/sceQtKM+B29mDuikZuD0OFtDul4rqBcJnzms2fAvPARyjayLYgYypBEVVLOi+7cryRO78IzkxMVhy+4TgOkDzR/rSWp+LVqH2eK4wXE+pGIO2IR5VQCo6NrESnQtXHENgsGL1N7Wj71J53AfelVkda/+/MAV3aK+w==
+ns1.idn.mn.		172800	IN	A	218.100.84.27
+ns2.idn.mn.		172800	IN	A	202.170.80.40
+ns3.idn.mn.		172800	IN	A	180.149.98.78
+ns1.magic.mn.		172800	IN	A	202.131.0.10
+ns2.magic.mn.		172800	IN	A	202.72.241.5
+ns3.magic.mn.		172800	IN	A	202.131.224.80
+ns4.magic.mn.		172800	IN	A	218.100.84.26
+mo.			172800	IN	NS	a.monic.mo.
+mo.			172800	IN	NS	b.monic.mo.
+mo.			172800	IN	NS	c.monic.mo.
+mo.			172800	IN	NS	d.monic.mo.
+mo.			172800	IN	NS	e.monic.mo.
+mo.			172800	IN	NS	ns2.cuhk.edu.hk.
+mo.			172800	IN	NS	ns17.cdns.net.
+mo.			86400	IN	NSEC	mobi. NS RRSIG NSEC
+mo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gzwdOKiPWhfMmWeMIRnke57G7flDG3mOVQ41eq+EQ3J6WWEVyOm+2MwTLz5xNgq2/vA9uuYhUPWQSOAGEodW/h8FLxb3N1T8pabqjrXJtWrhZ/z7pVimLSjKXWLKsQZVYYkEIPyW6mqoqUxmDcPdLhD6jURpaAhJq6I2F1JZEHdgjOk+8vvLNSM4hNZQzhYMzM/gC6OkATU5/SOzjHKWuJqc/Lz8viR86hpJyybi6SfRFFazFA+O30z5Pb6b49PjDtO2jvzcqFBVOe7cxWjhQmzRnMSF8iWXdQet4ZY3xkWd7wKeqqlJQ78NymL11OaYkbU6w2YiJgqPiQHrJcc7IA==
+a.monic.mo.		172800	IN	A	202.175.87.47
+a.monic.mo.		172800	IN	AAAA	2001:f90:2:8:0:0:0:2
+b.monic.mo.		172800	IN	A	202.175.87.48
+b.monic.mo.		172800	IN	AAAA	2001:f90:2:8:0:0:0:3
+c.monic.mo.		172800	IN	A	202.175.87.49
+c.monic.mo.		172800	IN	AAAA	2001:f90:2:8:0:0:0:4
+d.monic.mo.		172800	IN	A	202.175.51.115
+d.monic.mo.		172800	IN	AAAA	2001:f90:8:0:0:0:0:2
+e.monic.mo.		172800	IN	A	202.175.51.116
+e.monic.mo.		172800	IN	AAAA	2001:f90:8:0:0:0:0:3
+mobi.			172800	IN	NS	a0.mobi.afilias-nst.info.
+mobi.			172800	IN	NS	a2.mobi.afilias-nst.info.
+mobi.			172800	IN	NS	b0.mobi.afilias-nst.org.
+mobi.			172800	IN	NS	b2.mobi.afilias-nst.org.
+mobi.			172800	IN	NS	c0.mobi.afilias-nst.info.
+mobi.			172800	IN	NS	d0.mobi.afilias-nst.org.
+mobi.			86400	IN	DS	56191 8 2 016C0D8022BEF2CABB827CE75DABD8FD24CD0160AC277A95ECD5E79B1A95592C
+mobi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MIBtVCXnyiEm3dBv5KdOsn/eZQQsjVuwdDc5ppEnz5HhHR3c2/tGG8WjciwzvlqBSAtQXeHRQrWuvirmUyY8grwjWk77PTOdJGfBmF5jI1+ytpThbJPUBYAeH/NZs+xxFEAOyGtlrQ/Q/7TaiPIhzuCDp8kvA3+iQ35p0/z3Np0vC4ytzM0//JGsrQC9vfVtlA871zNEvz7vKEzYVNGG1Hwj5cXrskhEuzkDnb7LcAh8ZQWNLnK9OGVmesHI13vMLkyUvoNzvveLWrzNEOtBEpFFqjix2eFbIqukQawt/SoRS/0mJlu6+DyHpSWtQ13sOky6pOGOjH69X8jh5TGpNw==
+mobi.			86400	IN	NSEC	mobile. NS DS RRSIG NSEC
+mobi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jwDsBLCDneoR2VvkcJs23ACk8DrVzLeTb52SAdW4Ymv3y4R+4XBRoYdYwLq1v2vafVCYwPp1PaVQW+6yki0wZwFXNOdWJv2wwDiKFks3Ta2c4jqAtPxyoOBrZsillu7tFSeZs/DcRep9G3UIMhrT09cAOTjCgHuYCsUi+aAzUKyJv0Z9fNiG3lC5Vd0KZ5cFKnMGQjwHwnmHPkK93MgTK5oGpU1pXly7V3gcajbhbheD2uhzuAGDoegzDekvqt05YuzY9pkQo2RlhCtR0h5OOdtnLpFhSR1VgaG65C4oM8S00zlSWqwpMGlMfzzTy+0bof14BoGH7mfDwmv/vw5OYQ==
+mobile.			172800	IN	NS	a0.nic.mobile.
+mobile.			172800	IN	NS	a2.nic.mobile.
+mobile.			172800	IN	NS	b0.nic.mobile.
+mobile.			172800	IN	NS	c0.nic.mobile.
+mobile.			86400	IN	DS	85 8 2 7E9719C718C3954D6F5D3C8967B1424F663AC3FF24D49BA6C26A52EBCD2C3B0F
+mobile.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QVr423m6Dj+rqT8hUW6L+wER7IMic358ieWxHy2JW47F6pCvUgVk2WycvOzXAv7AobCSKITqnNU2zSt1YI4OML/1bfC9vG+ubQW+qF0YuBe3ey+kWh/l7j/sVS9sjMFUQlY7HgVIq+zxr03b62u+WIF3x5WUb2vsIxxPRX8rDJmcW11FjDp4HWey3kW8ziH2FNSF0+EDwUIvg9YtJelEx+BFIupOr+jg+pPB7WsjvIEvHeHdZ2HpLDvy0dTxaMwDaks3vYlXMrDXlcuj7oo+BXZBQJ+xYcGkH04w9cMeiPVMBi2PVYmuJVSJBEr+rBsTydF+BIv8Gc3wvmKloqiY6A==
+mobile.			86400	IN	NSEC	moda. NS DS RRSIG NSEC
+mobile.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oIacmI0PEN3Y3dyIWASjoYBZ5eIfHhnd7j6+aiXL0Y0Mxsh3CrcahtfWDJVBK1dWokkUUDb2hbfKMTbBTcROCBxFFMPumab9VN3Kdt3dj3YBO4/Qozw8KC2q9BUBeLh2I6nwBhE9onPhH8MAd5sjdyC+BQIWueFS38OWP51z90ETMnfLF+sx2IsAvYFlekNaVstxo6J+R5+npjYSjXKPOfTrZ3nTVmABWlAZWckJV1mNf/EvtrLJvpLPLXdZOQVh+mFlbxrgFGB4pBWEtXL/Z/UEHXV4ACCU/czrOfaLdJEQHJjDXz3awoGto4uYwc030MekFAUs3IV5xginTi8cyA==
+a0.nic.mobile.		172800	IN	A	65.22.96.9
+a0.nic.mobile.		172800	IN	AAAA	2a01:8840:5e:0:0:0:0:9
+a2.nic.mobile.		172800	IN	A	65.22.99.9
+a2.nic.mobile.		172800	IN	AAAA	2a01:8840:61:0:0:0:0:9
+b0.nic.mobile.		172800	IN	A	65.22.97.9
+b0.nic.mobile.		172800	IN	AAAA	2a01:8840:5f:0:0:0:0:9
+c0.nic.mobile.		172800	IN	A	65.22.98.9
+c0.nic.mobile.		172800	IN	AAAA	2a01:8840:60:0:0:0:0:9
+moda.			172800	IN	NS	v0n0.nic.moda.
+moda.			172800	IN	NS	v0n1.nic.moda.
+moda.			172800	IN	NS	v0n2.nic.moda.
+moda.			172800	IN	NS	v0n3.nic.moda.
+moda.			172800	IN	NS	v2n0.nic.moda.
+moda.			172800	IN	NS	v2n1.nic.moda.
+moda.			86400	IN	DS	60925 8 2 D9124BBC4096E70B4AAB2A0328750836243BB8FF45FB0AA3000239E83D5DA1CD
+moda.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . p4Tdq+jOsiD5fNhbiWRIYQBZnQVX5q3fuXNFHdeX3Fo+mFlqjUV1pUKnbKyTNuYon+Yaq6C1n2/u2s7O+s85p+LGP3cKvbNOKZLNDQvSa60jyTutngZh14Tfh+VAULiBzgR+LSKBQtj+8wE7UBJfAW6wAZE39m0fYFrwSSG4FWITlLxmptsHTpkzN4jo2CkbgEyJIEvNNJvRYKCJ5JwNfz4H095GLH+2Jyfd2q4IyPkYH4eph7BEf+8g17/hJwQemyu/OMzKuPYIRhhOPmXUyVWxpQu280Lea14gnMC0Jp9RBJbuCotN5Vjgcst+YA7LR+xfLHB3jQP+HJ/6Vxvx5Q==
+moda.			86400	IN	NSEC	moe. NS DS RRSIG NSEC
+moda.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xkyuoqwHXD+r7d6RSymuZtf/DUzGd4yl0k8VpKEE3Q7QDKNgg/PgPyvHimZX+Zvku535uCzxUaqrqqwiQay7lc0Qel2//PdW5zCF2U/0dvMNt9vrkWWyk2f+PQlfpSTvOmOWOkgX1C7T2e7jBs/CKStpQZ2n60GfDtFQi02enIsdBehJNVR4rmQh51Nf3hHdDpChFQv4sUeIDJ3vrX/lMqnhgG0Ah15pN4FXjf6fp78pnDnZny5jPVYBusojGJP8Kcj8trSXOiB67rljQ0lRf2T/4EgjaZ8heNPd8CEqOI1u4D1Q0/RUpIQmcQc4COI9kUJnSWPNk82qZXExwkXyaw==
+v0n0.nic.moda.		172800	IN	A	65.22.20.28
+v0n0.nic.moda.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:28
+v0n1.nic.moda.		172800	IN	A	65.22.21.28
+v0n1.nic.moda.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:28
+v0n2.nic.moda.		172800	IN	A	65.22.22.28
+v0n2.nic.moda.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:28
+v0n3.nic.moda.		172800	IN	A	161.232.10.28
+v0n3.nic.moda.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:28
+v2n0.nic.moda.		172800	IN	A	65.22.23.28
+v2n0.nic.moda.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:28
+v2n1.nic.moda.		172800	IN	A	161.232.11.28
+v2n1.nic.moda.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:28
+moe.			172800	IN	NS	a.nic.moe.
+moe.			172800	IN	NS	b.nic.moe.
+moe.			172800	IN	NS	c.nic.moe.
+moe.			172800	IN	NS	ns1.dns.nic.moe.
+moe.			172800	IN	NS	ns2.dns.nic.moe.
+moe.			172800	IN	NS	ns3.dns.nic.moe.
+moe.			86400	IN	DS	8980 8 2 0107DD039F8BD0049A6803271A15D71793A5234EEF881013701E481774A8BA19
+moe.			86400	IN	DS	32761 8 2 EA6DE3F9A962AB77BB96DAF62BEC88D0F580FC31799EC36FF7DA697DE8535AF6
+moe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mkCaTbuKjBx3OSk9c+kcS8pBr2bRFmFmP0EhKmor9raFxkd9yTdAbBBJLXWJU2vPHUG2IRuVPvgq6c2MrcbdaPSk33+SgTK58dJbhCe4pcjAZ7resrCkyTkEfZZ2NkHnJ9DD0MQG5SzqyoSTbA6c7RgzZU4PZ+H/H2mj/Lrb1FVTbB6hBnv0Zr48f6Ch8EsEQ0w05rKVjmKAZV4jpahqtcKpbTHi/OBpnLIl7H7YYb1vjNryO5T5gs9kxGuE+S69IL/luEh5HvSnOFNUqHPMrHY4HknOalZnhW/PaiEr5Q6R5a5XFfT/5lvlDuqg5KWczy7UfTQWjWYr3ed6IV1Biw==
+moe.			86400	IN	NSEC	moi. NS DS RRSIG NSEC
+moe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WrsBevCFw/6SrJkP5XkMKkIppHCbCvqG0ZIqTI7PD/ctNJkjEXvqqpPgghrrMcbht2rhrJmH5N+77NZmxwyJcrq+hCIijrbJyfILUozs3+CwPVLcaed0SfVQIQiSZafEEuxM6dgsV888tmZlR91a2k+vV03wGsQNr+jxPFvWAANzDpT9TI957Gipg4BKZdW/Qezqt7TMrRQmx9szBTGpmP34RL/9fHXOe+yoQVzWVKWRu05bZVz9EhRJ7UOeHob/Z3yLbh2fqCdQThtnnA008DCdyS2yp9bGX3GrxvTD/jHCnqPzdP8WLae2/1GXgBmzLv4UaKGiCMd2+js1Zk7Qmg==
+a.nic.moe.		172800	IN	A	37.209.192.10
+a.nic.moe.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.moe.		172800	IN	A	37.209.194.10
+b.nic.moe.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.moe.		172800	IN	A	37.209.196.10
+c.nic.moe.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.moe.	172800	IN	A	156.154.144.114
+ns1.dns.nic.moe.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:72
+ns2.dns.nic.moe.	172800	IN	A	156.154.145.114
+ns2.dns.nic.moe.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:72
+ns3.dns.nic.moe.	172800	IN	A	156.154.159.114
+ns3.dns.nic.moe.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:72
+moi.			172800	IN	NS	dns1.nic.moi.
+moi.			172800	IN	NS	dns2.nic.moi.
+moi.			172800	IN	NS	dns3.nic.moi.
+moi.			172800	IN	NS	dns4.nic.moi.
+moi.			172800	IN	NS	dnsa.nic.moi.
+moi.			172800	IN	NS	dnsb.nic.moi.
+moi.			172800	IN	NS	dnsc.nic.moi.
+moi.			172800	IN	NS	dnsd.nic.moi.
+moi.			86400	IN	DS	50647 8 2 D3F69D4C3A87516B81285C3CC392CC7B1A27EAC534DD8A5DF41B6DFD323576B9
+moi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Cxzfg2GkoU9ygjlim2qsks6Awi6USoYdXe/WfwtuZVfK+tML7fyOdzcHXHchaU9WhxD3ygmIDGYaH7Jrqe/AqI/lDHLzc7IgVutz4x6mRaP6mHY8XlGYGjriBrRESv4UZa8uuGhCgCp5kBl7l5CJ2j8NmS0/0oOsboVTB5dzKpZiDvEwa8XAFtZqEerwp1FlyujGZRKNfGCoPCOXlOJve4iGF6wBlLJcn22hAsQYwXUzw9cGbkGOKgY0/50o+lag6wXekmSDeNYXJXhCIV+7DfDZJn4kMoOhPuwUCUNZClZAGOsyF8+KtA3w7ogBTOFEweRNL0f7MBQePKNcK1Y7wA==
+moi.			86400	IN	NSEC	mom. NS DS RRSIG NSEC
+moi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1yngP9ZYMeRfzQLu8KEmK/Rap25nVWR456tROxVO6AWMSiSefVu3CF3/KNjLff+NapqOGXbrolDjrGMNPlMw5dPuKCXL0lXD0hDXGbTdXhm0owD3gNWw8vCja0kXmJ1fGjq7hPXbTGJqb7WpN+vKsFx03IEqUpQBARFIctG7OisRVRs2NNwFKzgJAY2JbN57inVtbPskJosVag80H+9iL4hVnahtB4wKa/VufNSX+4oUZyRtLZi66s35SrHQYCrwGWo66bU9pgOKt/tcyFihnx8Xlw8L38Lzlio+Hwi62sUvk5fmnLp7tiafi4tFJnpDwuMVB0t4uwx7odYWEMWGIQ==
+dns1.nic.moi.		172800	IN	A	213.248.218.54
+dns1.nic.moi.		172800	IN	AAAA	2a01:618:402:0:0:0:0:54
+dns2.nic.moi.		172800	IN	A	103.49.82.54
+dns2.nic.moi.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:54
+dns3.nic.moi.		172800	IN	A	213.248.222.54
+dns3.nic.moi.		172800	IN	AAAA	2a01:618:406:0:0:0:0:54
+dns4.nic.moi.		172800	IN	A	43.230.50.54
+dns4.nic.moi.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:54
+dnsa.nic.moi.		172800	IN	A	156.154.100.3
+dnsa.nic.moi.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.moi.		172800	IN	A	156.154.101.3
+dnsb.nic.moi.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.moi.		172800	IN	A	156.154.102.3
+dnsc.nic.moi.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.moi.		172800	IN	A	156.154.103.3
+dnsd.nic.moi.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+mom.			172800	IN	NS	a.nic.mom.
+mom.			172800	IN	NS	b.nic.mom.
+mom.			172800	IN	NS	c.nic.mom.
+mom.			172800	IN	NS	d.nic.mom.
+mom.			86400	IN	DS	11348 5 1 6A1B7A558A82D6BBCDEF5DEA82AF070B832BC7E1
+mom.			86400	IN	DS	11348 5 2 97FFC26796C7B2A683048B7CF0BCECF3C54D00B0DE377B54D7C7EEEDEB2EA8B5
+mom.			86400	IN	DS	28162 5 1 2AB25D06F73E977EE5CED0FCF5EA4ED6EE50D269
+mom.			86400	IN	DS	28162 5 2 4B2B701367D0B74F52C9684E9B8921659045039452D135A55D128687C729FBF5
+mom.			86400	IN	DS	41626 5 1 2744D01EC89A56E70F5B6C3171C39739E46AFB3C
+mom.			86400	IN	DS	41626 5 2 7E3FD3D91571D30CEB82A33021657552E235F436D998A605611A0712B21AA1DC
+mom.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xQMd/3wLVIpZpz3uabGVMUET5+xRhdLk9wjkBilgqUeWwUxDuvb3jpr9H3wAPQ8y2NnX+Y51XLt+Fnx24WAxxK9QhUir+3SabCPsKorXccFRTaIDx/eWCfcrcGbTi+dkwUH68HEe9zMAlZIy5Dst4ii2RxaKCfnzs2ydweW/tOViqVzznZYWyQvxLpzHfvwdYERChqMPaaQSO1asiWjBKgiVH1EmnKTEylyXMHYN9NRRURd+Ht4WoZ01k3r9YTeBtiYQiia+VouOT5A5MhML73C7oz1JawLXPBI+4SwCyOJSyDys/WRCIaYBDnhLDE4XEmo1kZskQB1N3VEVqnuShg==
+mom.			86400	IN	NSEC	monash. NS DS RRSIG NSEC
+mom.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xWI/zVi3fOM90dMFjdcXyV3qfaS6ZjDc9Fgy9lJ6lAjvdvm0KApp12LPSH6jGE5xd6rx0nlRd7BjwmCf7m8DtcMsLhmMxSd5JBwTnZ63OrP9odQ2FnhIRLhQjxweUh4BZlMw5oV6w0US4btC5f7UN1i7SQyyRA3j5oRLTlSsiPhOehJk+szM+9xaJSHLdu3D6e6gZAO//aCSuG+QHBXboiZOw34c/IG49bWZRnCaOd2tQ+lDEkTcqK9VH0t4aeGusfNybmDkzh7mQPRSs5FlZTFHRrjawppG5qto0YLEBSoUkVP3ABHpfvO0V9NxmA1bXPRTKGSx6yDum0xScoYgrw==
+a.nic.mom.		172800	IN	A	194.169.218.148
+a.nic.mom.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:148
+b.nic.mom.		172800	IN	A	185.24.64.148
+b.nic.mom.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:148
+c.nic.mom.		172800	IN	A	212.18.248.148
+c.nic.mom.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:148
+d.nic.mom.		172800	IN	A	212.18.249.148
+d.nic.mom.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:148
+monash.			172800	IN	NS	a.nic.monash.
+monash.			172800	IN	NS	b.nic.monash.
+monash.			172800	IN	NS	c.nic.monash.
+monash.			172800	IN	NS	x.nic.monash.
+monash.			172800	IN	NS	y.nic.monash.
+monash.			172800	IN	NS	z.nic.monash.
+monash.			86400	IN	DS	58609 8 2 C0713DBC0879E96BACCE82A9E23928CF407DD5336121CA0931CC93D193050B42
+monash.			86400	IN	DS	59965 8 2 D344B67791659D1F21F6181494A347040694C757C57A8D76CBCCFD00CAA1348F
+monash.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rz7N2NOd5ZcawWl7AC+OyQMoFCQZN/qXO5/Vi8zJ3RFhxP4oghlPajskMarnPwiLsEEyRRpO3JX7/5KOOpru1aTYNgRJTcIYV0ZnE3pzLB+QRJUcwZA4ve6Jps+84wIRwkLa/rEdz7qdJyBQbGdfdPCvX40tv74eQgLUScs+jAwGn1kKLGl8/7iHKD/LpJJKQPxO++vkfMSutmDtwS2taXzpvPHImoO52AC/fNFkksY+1HmbNugDkiS7ZXzOahJZ8q0haeYVBM44tUvgNfSg2/Yp660VqTk8uz2fsw9Xzx0SnJ5iUW/iAbnlGgUGzeODL4+9eMRUfyin94Vyv4fexg==
+monash.			86400	IN	NSEC	money. NS DS RRSIG NSEC
+monash.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JAl9zx7aIBCYxVWTobojYUIWqnVDDaDLkGEL3mMI9g7mhaZopzFPSgxorHvvYKF8jcN8+7hav7huS/s4m1At/2DcfS+N6IMkveWwfbStiEkRR/uMdAwUJCAs7fad64fXvMzic9AFigDhmzfYhmqjgFUiBwQa0RtpsAMaXBoacdiAqN1/x0d2HaSDCvTFdZe3GRcmA1em3YYCyDYQcte6U45yl+K0fwQQTo3aHXyVtOMuOX5AsOA+A56ZNMob/6HJ+hJ7XYTBo1ElOhq4IRszqS+HfWVH89jALLBw1dVR62cmqpWRP9igmaqo+jXCWvy6U9FLggbqiTy4fzgFakqGpw==
+a.nic.monash.		172800	IN	A	37.209.192.9
+a.nic.monash.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.monash.		172800	IN	A	37.209.194.9
+b.nic.monash.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.monash.		172800	IN	A	37.209.196.9
+c.nic.monash.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.monash.		172800	IN	A	156.154.172.82
+x.nic.monash.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.monash.		172800	IN	A	156.154.173.82
+y.nic.monash.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.monash.		172800	IN	A	156.154.174.82
+z.nic.monash.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+money.			172800	IN	NS	v0n0.nic.money.
+money.			172800	IN	NS	v0n1.nic.money.
+money.			172800	IN	NS	v0n2.nic.money.
+money.			172800	IN	NS	v0n3.nic.money.
+money.			172800	IN	NS	v2n0.nic.money.
+money.			172800	IN	NS	v2n1.nic.money.
+money.			86400	IN	DS	4450 8 2 CCB7EBA3B169EDEFBF21F0DD89667AFA4920D4065D96C26F9A191B874BA25719
+money.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TKjPXy9i2bS3GJgF+n9Hbitxta9pfWkpQyiqjtHPqR7gjrlHZ/DyZ3xeelr1Bfqjk+ukavH7isCz8bHUdNpoQKvUad7EMXR/gLV8M3PU5CxMFNoUUdzUJ25BsFp1jxCF7M2LHiUaaeoSRfKhOBr0rrka1xUc/haBeJjz2o5+KcPl9smlilZEnKvQ0oVTsOfpRNuQUyIn8U049XnclhPWMuEnxCzf+5A2QYzsanEuaZYtlDE1hvf+Hl/Ubh5LmhU6UwYWxKbSset+VPA6lCDC/erUD11ECXReXo4+8KMkl/gsRVZ/8/rbWx/yoPp3Dy9cLjonR/kMzRNFK9IO0HAf1w==
+money.			86400	IN	NSEC	monster. NS DS RRSIG NSEC
+money.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . y8t8jWIsIZtOlnLSu0Nh0StyU0uvIDoHsaTL2AfmvBXbp3TMETE0SLQgUFExOUrpzH3q9Ir0uOOdrKq3yTPpikOKok5nGuOCIe7Ck/qXsoXy5Lh9+2H7rNIjKRgJedt/08WKvYPMGLPK0JdB9xX0qfjn+WDn/MEc3cMLGPesUiO/xpkAbBH4qncjmd0kUEBA1BZdPJni+A9aespIoREVY763XH1r0rguafib9r9SaW7Rg2DQ/Pt8sPpcPrkl2F6l9efMYzIV4vbET6updePz41RDqFhtUBCfIXz3lsAhsQG8z6ZC9fEfIcIwNkiRBtDWlRXDUnFjvmwgr/fF2ftE7A==
+v0n0.nic.money.		172800	IN	A	65.22.28.13
+v0n0.nic.money.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:13
+v0n1.nic.money.		172800	IN	A	65.22.29.13
+v0n1.nic.money.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:13
+v0n2.nic.money.		172800	IN	A	65.22.30.13
+v0n2.nic.money.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:13
+v0n3.nic.money.		172800	IN	A	161.232.14.13
+v0n3.nic.money.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:13
+v2n0.nic.money.		172800	IN	A	65.22.31.13
+v2n0.nic.money.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:13
+v2n1.nic.money.		172800	IN	A	161.232.15.13
+v2n1.nic.money.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:13
+monster.		172800	IN	NS	a.nic.monster.
+monster.		172800	IN	NS	b.nic.monster.
+monster.		172800	IN	NS	c.nic.monster.
+monster.		172800	IN	NS	d.nic.monster.
+monster.		86400	IN	DS	56230 7 1 9DD1CFCF93B8D7F4CBCAFFB882C6DD820C345B3E
+monster.		86400	IN	DS	56230 7 2 7DE5A740D6E45C95C348209C877CB97736350694E595608DA72A0645960937CE
+monster.		86400	IN	DS	65523 7 1 A0927D13FF8D54A355B158D01AF184962B0D9684
+monster.		86400	IN	DS	65523 7 2 5A5B5575F92A04519F4C492D13F0F5039DF17597DB256444CDA0BA6CA203A105
+monster.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kxsGIi7LQ7L2rawn6yG+c3lQmJ3r0H2ARgjfJ0QUOQP51mvdSQcOeFbJO6E1wfD27fpuL3xYefwWnrL79G2CaND6IdyOF53SRjyGdwNryqKQUtei6ScVGkqp18IaZaW6eAVxEDKk7Vnz1hUtdpnkRkEsazsQGLZ5PHSGvhtmeqc8dJiOsBa6eWyU14SEgWUabuRnZYvAc7U91iOBn/SGVEajwki86dG9n9Q4BckaC6d2dwdqRTgrBXKJ4Fr0RBahoMhXaZTCbWYpAQI8n2Ov3ggPCTBb7OqFoK3iQ39+rl0nps87uhQCW3B7nr1abP/hoXlmt09NQEVsBNa5b53rnQ==
+monster.		86400	IN	NSEC	mormon. NS DS RRSIG NSEC
+monster.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bmlII5QnYwXxfeIFspLSjq1FLvu8IhEB6VM7YBMN/jq1xDOEV1HY0yUoC13qGG9g9i8Q1hKUFzmZz3lOhtyLEnbbluZ8RckcA9kF6doZvYKhZTnZd56uesYgKpYvc1a/BdeNiUhcduAqzIiLQ3wBS1Jp7TyAu+TYiqOwFSwhkNRTJKa2Xg8RvDXL3FaOiIp8lCeMu6j8NkOYz6LO0NwxSIh5Iw3SdxfNNtIaiqAxgzMg5/xy+KHp8V+N2RE+jMJaKZbEaSFRILRheLhmGOPwIhCLcI7Gm/eLUvXqe1BLZRT2pPYyGf7N1wvaOjB3FUIBG2XJHLJcr18RS+cqoPRl7g==
+a.nic.monster.		172800	IN	A	194.169.218.83
+a.nic.monster.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:83
+b.nic.monster.		172800	IN	A	185.24.64.83
+b.nic.monster.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:83
+c.nic.monster.		172800	IN	A	212.18.248.83
+c.nic.monster.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:83
+d.nic.monster.		172800	IN	A	212.18.249.83
+d.nic.monster.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:83
+mormon.			172800	IN	NS	a0.nic.mormon.
+mormon.			172800	IN	NS	a2.nic.mormon.
+mormon.			172800	IN	NS	b0.nic.mormon.
+mormon.			172800	IN	NS	c0.nic.mormon.
+mormon.			86400	IN	DS	25606 8 2 32BC7847356B87EF6E35D7CA36F19E481361D235C1E4AB7593012DB12280425D
+mormon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oGgGuy39OaN5n6IskX76HPKtw1vMB/ljfT/jgJwq8e13W/J8QJ8MXLB1lgDSBKMpOHEKO8DZh9Kh3rdyiEJobIt9MyaGnIu2317Qn4DhCGiXZfnerJ16zrW7GROW7cOZU9GeoZrEv7JyWf/nwNg40iPXtbfgKxZ4e5qooHdQhhIEuziWCkT8/8fGaBmBLajox1vbMfjPR3BWRaEGLwY/tM5sRik3UxHGQ8AXyWHJmzWHQ3Mdd8ikEhhJpqL9R5iOYCSpeVEcAQzjUO3f5mV9tvuc3PgLGSpTS7wWpWGFf2tRWpFczO0Kgg0OQv4BAKEb9OpLjWVS+2tfNB9lzfIJKA==
+mormon.			86400	IN	NSEC	mortgage. NS DS RRSIG NSEC
+mormon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . t/aLK2U98tjO1ZTLqL+SrQ1NIKEOwEvJLA/VjsXzr9sxpdmrWz4StyLN3QU+N/PJmf+c5rXpj0r3aCHeSU2jo1BQwvhFcZ9ApdMmzisAUs68uipyELrzu/hvlGtmjk8Kx4pRxgS838guPjMTuIGh9avVmNYpRlODUEPQSY0SBrJkJs+do0JpfuWlnP1xSG188ny1Ar0paT0j5RLTGGQO3TrlThUZW7eBlAmiEwVfXDz7Tgh0JS+1lF+KOhLuUwiTTQx7rKWLuA9D/Vwv97U5sPPp226SFlyWOgBD9MzxRuahvax/FbOWDhxVuLdul31jTrMxA0+YTi+SlAunwO+uJw==
+a0.nic.mormon.		172800	IN	A	65.22.152.1
+a0.nic.mormon.		172800	IN	AAAA	2a01:8840:96:0:0:0:0:1
+a2.nic.mormon.		172800	IN	A	65.22.155.1
+a2.nic.mormon.		172800	IN	AAAA	2a01:8840:99:0:0:0:0:1
+b0.nic.mormon.		172800	IN	A	65.22.153.1
+b0.nic.mormon.		172800	IN	AAAA	2a01:8840:97:0:0:0:0:1
+c0.nic.mormon.		172800	IN	A	65.22.154.1
+c0.nic.mormon.		172800	IN	AAAA	2a01:8840:98:0:0:0:0:1
+mortgage.		172800	IN	NS	v0n0.nic.mortgage.
+mortgage.		172800	IN	NS	v0n1.nic.mortgage.
+mortgage.		172800	IN	NS	v0n2.nic.mortgage.
+mortgage.		172800	IN	NS	v0n3.nic.mortgage.
+mortgage.		172800	IN	NS	v2n0.nic.mortgage.
+mortgage.		172800	IN	NS	v2n1.nic.mortgage.
+mortgage.		86400	IN	DS	32380 8 2 5A2743723615F674DD2633997CFB7D2E89A0DB552BF7553B6EB80C449E998049
+mortgage.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qQZ4RpOunt+0D4J2MWCWXCMuGTw+yHPAzfGlyAuRQUOciVllXlTNYI7m8ohysTDddenqmmHJIAGLh5ikArKYceqUKp813oISuqD9zx1xG+9L1yFY7RrED6j0nBycMwS3/u0cTZsupt8SoF38xM0/3mHJcksiF86pJgU1duE9XRP4j7lOk/OYRyrAIyHJPzAXdeINrDrIQbIJyJkXB8wachRJ/daI2AVbTpiNoVWCgkyk3QHRCoJATbKj3WfRdFr0CS3TFpbDq49XxjI/XgWAoOTKFDrkOh2p2JJYrIKwEkMliQcppL1HW8Q9PgRW0okkVsooGhsLaab66Y5wiIFOww==
+mortgage.		86400	IN	NSEC	moscow. NS DS RRSIG NSEC
+mortgage.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mM9c6vm3PKcDXoZE1FMyAV2SWVsZBRJgD/aTtLl3Q861TgJR9dsJpv8/7fegjdJC6XdPIX55Kgsz+2Pz2ZjSmcjEp6IgQuPbPKC9ZnK8c2Qb/5ERfXl9y+UCirHQ3JM1noMS/CBenYdrCDAUoc9Hzc848+Zq5NAqJd9tl5yE7j8NHty8yI4d1LhuHlcRwI80FCjaXiCd6sQ396WaFfm8MkBIB22bSGR8qUpm/dDPXpIVL8SMZehXgGYhOKtrqSPxVYvlaAsyE7L9CWCOoKzEFrt0kQuh+jwBJCbmxbbkQBHj7WKh2p0etEJukEKxqThu12Q/5nRNAbFNVCCYBVl2fg==
+v0n0.nic.mortgage.	172800	IN	A	65.22.32.56
+v0n0.nic.mortgage.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:56
+v0n1.nic.mortgage.	172800	IN	A	65.22.33.56
+v0n1.nic.mortgage.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:56
+v0n2.nic.mortgage.	172800	IN	A	65.22.34.56
+v0n2.nic.mortgage.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:56
+v0n3.nic.mortgage.	172800	IN	A	161.232.16.56
+v0n3.nic.mortgage.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:56
+v2n0.nic.mortgage.	172800	IN	A	65.22.35.56
+v2n0.nic.mortgage.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:56
+v2n1.nic.mortgage.	172800	IN	A	161.232.17.56
+v2n1.nic.mortgage.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:56
+moscow.			172800	IN	NS	a.dns.flexireg.ru.
+moscow.			172800	IN	NS	b.dns.flexireg.net.
+moscow.			172800	IN	NS	c.dns.flexireg.org.
+moscow.			172800	IN	NS	d.dns.flexireg.domains.
+moscow.			86400	IN	DS	50770 8 2 63009CCCFB519B1EDFF8BEED4DF77F0EA9741CDDEB172207F622CCD913994E75
+moscow.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U0bv1ITGBGKpu2l+42yU81BxmjLeU6B6W8gS5XQRXO+X3HFj/GzQIjVnwnhfxz4eSjCbnoxjkmfDM3cUoWrtnMwjhQ1Ps85k5HD1r3wUReJ7dt0RlCwIQEQjn3KZUpoQrZ32yzS/djmZkn/jvBnikIWXOGd6uwWBp0Uuq1LQeSHsYzNFDFH+mEdQEnlgV3x/i88YrjJE7VGqTHZqCPjRrrYJqdYjePGyWrts9jhKb/pow/6H64qP8YcQZ161CiZrr/ZOYZry1weAYdak/kPj4ASyr+3trVlquWh+yfHHh5SF1jhKRtdlp25SgMP4wPMSZUZdYHWHE47wNsyOgpSfjQ==
+moscow.			86400	IN	NSEC	moto. NS DS RRSIG NSEC
+moscow.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hxmi3DisuBorReyc3DpotbV6Dd3zYitFp67uod2plKboGvwPLXbNRm9PS2uwR0MuOmeejA9p2DwFQw2HXK03b6Q0j3SeT4I7UcHzAsWBKJyVgaKqF8CNbzuOxxa0Whh/IEFYzqQTe7yOiN1KWTk7CoY4l+LGAplXvrFBkZ5G3+PMF9v39tbPbzzM3jcXSXMDmGyEiCl31LmQ2PKYh3f9ufFGRyrZYfU7CrRTbHhnP+PsF/hj4VScUVXPcjQDJvlw0VkNcvJFI5K1K6C0wq4IqgXfWhx9wkTnFarvFOIDK8sVIbviph8Pe8nZr5w3/sc9BAfA0NIuHGJxzKP6PP0q9g==
+moto.			172800	IN	NS	a.nic.moto.
+moto.			172800	IN	NS	b.nic.moto.
+moto.			172800	IN	NS	c.nic.moto.
+moto.			172800	IN	NS	ns4.dns.nic.moto.
+moto.			172800	IN	NS	ns5.dns.nic.moto.
+moto.			172800	IN	NS	ns6.dns.nic.moto.
+moto.			86400	IN	DS	5671 8 2 6C1C11FAAA1AFB7C6198F3CD2BAD469E9C0E5D1D714189A4992699093440D97C
+moto.			86400	IN	DS	10705 8 2 A039B06852099A6B4E7EAFE4F4187F6D3B5747953413CE454EAD9A4576301C5F
+moto.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A/msiqpvUmdwixl4jxldK1sRohIY1SVLJ562HAbI8v5VFFsjrybqFNP5o1MxCD83tLaoqQfwWDaGImQDWrQP75MW0BLZP+seEB8iansy9hJFdzTqnIj7/KDK9RdOW6a70Gi1T8+MJMo3TYsQ3v8wcr1+5OcZTYRxpNxvvjf605CM540iw6rDaDYoz0OOars5SMP3anYgr8YoJ9D/BTGD/abuTl/EDw+JeUIPFcND+k1jbEknwJfuT8TCpMU6V8PoRFgXwyzRjL6mIMbjcU0xepswuJfI/3BjGLwqGE/G0f4m/MRonhSx5DSg8dLoa8Zc11FzczENDIoRsYL7RnnpRg==
+moto.			86400	IN	NSEC	motorcycles. NS DS RRSIG NSEC
+moto.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bvfUe/dvLDb2BX2K5SuSicBDz0NpECqiHQOeV0ys4NgT3qNfBPsRoMDNe44iX7SQ1GM7ePgWUxlShHaDZ+CTaF3ZoRXJim7VCnn0XJCaTsp1rKxRKKcngI389e9OSxFfVNT0Jallfg4zaaNZQEF+YUj9hAZ7PNpFg3wEkNvoUQ7GY3/7geu5CsuzU73Wu2riY2jLQEthuDtbfYcoQuBsmFgA5rj7OeWjHkqj24OMR2xkfR0MI+UawYGZqL6Bc0SGf6zcnrbfD663GvV8PLsd5NquyYdxPlRvdXdchpjOrGmVCxeZm7OmjaBxJRx8v6SW5rTQd1SEDbBXWuxIY/auZQ==
+a.nic.moto.		172800	IN	A	37.209.192.9
+a.nic.moto.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.moto.		172800	IN	A	37.209.194.9
+b.nic.moto.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.moto.		172800	IN	A	37.209.196.9
+c.nic.moto.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.moto.	172800	IN	A	156.154.172.81
+ns4.dns.nic.moto.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:51
+ns5.dns.nic.moto.	172800	IN	A	156.154.173.81
+ns5.dns.nic.moto.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:51
+ns6.dns.nic.moto.	172800	IN	A	156.154.174.81
+ns6.dns.nic.moto.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:51
+motorcycles.		172800	IN	NS	a.nic.motorcycles.
+motorcycles.		172800	IN	NS	b.nic.motorcycles.
+motorcycles.		172800	IN	NS	c.nic.motorcycles.
+motorcycles.		172800	IN	NS	d.nic.motorcycles.
+motorcycles.		86400	IN	DS	4906 8 2 B200A2BE6FCDBE18E128FCBF7F0E60F646B58F1D6C8842A9243C17AAE03E74DB
+motorcycles.		86400	IN	DS	21907 8 2 6ACA9A367926ED9773D6FEEA4671EEDF7BF4DDC8C08B7CD8FEC415E9DBDFCC66
+motorcycles.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oh7zPoIhcfncKd0Ie9+M5wdadmKmPQXDVGb1mn2fj7nrv0Hs8JXd5U6nc3VK6LiZlHIvwA8GDixWR/j/ZFKHdhbwj4TJqm5rtLsrEKATAG/GCn1JQJd9+0W9B6ohJD7CgKEWSmZIxVwedGWjCScW0FbipISMyyAyMoZiZ+vu6tlieOOShmF1Ysz2cnH8S/KJTO87aFb8osbvBN0gXF75SueBGW/AIwLmzzROiKBMfpGnEDljYQUTFKAJNiWXdMaL/EF3bOB3CuaRDiQkD1py4vNAjREzBsvZcKBHn6ZhaYyxus2nosu+PW0WfU0zf+CdV77TSaOcekQ1wBDbX+VAsw==
+motorcycles.		86400	IN	NSEC	mov. NS DS RRSIG NSEC
+motorcycles.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BPyH8Y54yKuxU7uVKUrQ9K868r+Z3Bo1XH6DkgcatlLa4+D+mIxQaOMG5yvJb8rc2Of/sRGvKsOjSxkr8Xk91KjD4qg2kH1m1SYoPXNypWR2QvQ1s+At/m/waQuCvi3P4MRKjf20nwQdV+Ict0bo20b9OQrjWt8sg68p1/CwDtyTXg+wUTu2yaIQJREETTPvnyTDF1WYfF5hGDat2q1kEznziWEx3FJQc31T0Zdnl0vl28Y8ezZJjKBMHdhg/IZLvKio6/LtJnZtsZ1ZGt8dOe+robL1zF4bCoq6LmRE09ihbgglTYajZwmX5NWtNoJiuqY4O58LdUItmT5D0Ygtvg==
+a.nic.motorcycles.	172800	IN	A	194.169.218.135
+a.nic.motorcycles.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:135
+b.nic.motorcycles.	172800	IN	A	185.24.64.135
+b.nic.motorcycles.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:135
+c.nic.motorcycles.	172800	IN	A	212.18.248.135
+c.nic.motorcycles.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:135
+d.nic.motorcycles.	172800	IN	A	212.18.249.135
+d.nic.motorcycles.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:135
+mov.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+mov.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+mov.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+mov.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+mov.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+mov.			86400	IN	DS	38414 8 2 BBD1727DE09AE643C1348D9637A31192116DA5444852AF3C1C5541E8998FB78B
+mov.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U6qbf79zwnSfqu/VCpNXSfo0UO8KxyLHqHOsvY3OeuYyE0NFXJC6hBRA3WBQtX/2FumUcsqxiQ13J2U6PthonaNrJ578M1cVgUljC2Ia+i5i4U+ZoQHZJj4gCPW6MHSCfC9g3IQVrWlv6xe3hr8eDPChsWlZYzau4lb3YvcsTQAU9Cq5xgfPC8aYA1Hs5xBb79YJkfFYZ7e+/pWGvPimbDhtfHxbyqy6GIEt8BWoynjxwZSAJDR37Zf3hwPfkX84kIRxbE5aj2HDmef1xGsHZ9PMJNFK2mX2NIhdYjK3lVyjwNNav5p3XZipOtrNmePyGTSe2mUiAkpsZSgTKO6oZQ==
+mov.			86400	IN	NSEC	movie. NS DS RRSIG NSEC
+mov.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Lmk9Dj3YEprRa1HQDqbW9Cizu5rHAcF7sLTIwwsbm0JQpK5KOl9IjQybksoVshRA0UU6uN7ZVaH8Xc7zspwGRobIco1cCkMXLFcaIBKeHi+GNtXNYU/rELKrhJn+h7WgbFgUsb1uu0HtMtFia8i0zgzPvCL41auO86jqjPijoQSXer9H7NtqafaSVBhDxMd2T66oDJ/Ucs9ILqeHZsxXUXZjwtysu5zZUaeAKZ0X9OWkg0yJ+7ehjFPhEjP7ydAwwUgLnOEei7uouy7603GcI4oaWu35owKgXmv/6c7lm+8TuDmxachzLu6Xlng62QWmGARPWu2MT11QL/qb8rh85A==
+movie.			172800	IN	NS	v0n0.nic.movie.
+movie.			172800	IN	NS	v0n1.nic.movie.
+movie.			172800	IN	NS	v0n2.nic.movie.
+movie.			172800	IN	NS	v0n3.nic.movie.
+movie.			172800	IN	NS	v2n0.nic.movie.
+movie.			172800	IN	NS	v2n1.nic.movie.
+movie.			86400	IN	DS	391 8 2 0C93D08A6111D49129AC112076ADF54B8B8E8975EB6F334372C8CE498664C422
+movie.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x4OrZK97aU2pvoq3DqwsJIfDB+o9zs1bETmFAfP96g8wijmA8cDtOkhEsxP9UX480C13T74x9BcpMo1Mb3W3mavA9uJhNUjxs5ctdqAnSG3cEIP7jf/8m+Vwga6qahYWRP24S6CK7tJ6Ud4Yq0zFlx6s2SpYDi7TL4CBfuT1c3A6JYo+8ubuR5WEFiAdXGjRmLJDfIxQM6LFkjPhDqa1QWXNkRnMFpvzupfPJeXh1k79VYIdiWx3rDgDaO3qtXujXSmmrCN1mmchO8wnuSyuUnCYusObjjEiqKkn56Sy4d0jq31rGCeOadsHA752NsWt6cnNh6buULG5RpndpAQNPw==
+movie.			86400	IN	NSEC	mp. NS DS RRSIG NSEC
+movie.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . blh85S4dNrd8dSnegvuMNZ9/0F7N7Iz0VCbzlxbfvCqzoeokPDTjMmd3sscWMZeFl2u8DQP6S2UKCUxNGh0Gknu8z3leyo9cgzQiceU4rLDFFkLfBq+WRuuXqS0Xxz2cY5ktbrED08ctVTHo2D0CdiWzXQZobU2+j/H+3rBpeu2WEL98NeMOa5bWThE7XgndiCGjIkp3Aj5wkGfuDwafQ10+9GBxa3EnbYMueOij6JceZrjKlglHPK7Ahbju5iQcamGo7CD436l6iYAwJvOKyxu/Ah+vUq+x5XI5tugovCxcAsR3x6gbNm1yjtCQBjfAvgNetnTseNtINKefiN1eqQ==
+v0n0.nic.movie.		172800	IN	A	65.22.32.26
+v0n0.nic.movie.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:26
+v0n1.nic.movie.		172800	IN	A	65.22.33.26
+v0n1.nic.movie.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:26
+v0n2.nic.movie.		172800	IN	A	65.22.34.26
+v0n2.nic.movie.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:26
+v0n3.nic.movie.		172800	IN	A	161.232.16.26
+v0n3.nic.movie.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:26
+v2n0.nic.movie.		172800	IN	A	65.22.35.26
+v2n0.nic.movie.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:26
+v2n1.nic.movie.		172800	IN	A	161.232.17.26
+v2n1.nic.movie.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:26
+mp.			172800	IN	NS	ns1.nic.mp.
+mp.			172800	IN	NS	ns2.nic.mp.
+mp.			172800	IN	NS	ns3.nic.mp.
+mp.			172800	IN	NS	ns4.nic.mp.
+mp.			86400	IN	NSEC	mq. NS RRSIG NSEC
+mp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tXfoQW9x670DhAdqrKDkLSBOWctUrIrAVXEMnDWerlZVBqrYnscbrk4/6Km8aNYRl9JmEL/ybefcM1pGOiz9g8m1T5P6jxT/xI0+Vd3qBEUbLDTg0GALG9PdwYbRlv5nVjDhv0lN56SvlGwtMcD34FScp8LECZlqhbvthIOXfMtyB642fZu9P4Yj01r9TiOEkYC8w+ppObxBjWS8wcSxtlk1Xhs9Kjvjgi1+fbsHWP0UO+utcR7ITFof57W8oyi+pBUduS5NykM35foVE8qgkVJZxTFMdxZdCT1EUmIkdGD7vBHxWTPO5YrNw8vIyA+W5PfpX6u+oVi1GXyQL/7AtQ==
+ns1.nic.mp.		172800	IN	A	16.162.31.128
+ns2.nic.mp.		172800	IN	A	16.163.54.122
+ns3.nic.mp.		172800	IN	A	75.101.129.89
+ns4.nic.mp.		172800	IN	A	75.101.133.101
+mq.			172800	IN	NS	ns1-fr.mediaserv.net.
+mq.			172800	IN	NS	ns1-gp.mediaserv.net.
+mq.			172800	IN	NS	ns1-mq.mediaserv.net.
+mq.			86400	IN	NSEC	mr. NS RRSIG NSEC
+mq.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . imeTY0BYg18nruDX30T5mkdtymMiRsriBPlP2/GTVPXCayM+haekarRIpR4GWzEGTd2YQbooN+6DKcOZr8VxdGbzWwm6VKuDANrJfzx/RwP9RKiQrh2+egVHHesJUOcz9r+vabJ/nQynz+/U8orl1AFYAq5wgbqRtCXbJAuIM8Cx++STeOTcgZfrF9p0aA9VwQa/1dOJnUzaKUfaTxQg3fa1B3Yq1g7SzMRt0LwLRktVDOwJs5uGzTbhK2UN4Jv0wYk515S6+iyRln25Qll+jYDmsXoDmAJom3o6P5w51RpPE1B05hw8G47hXdVPP1opAMq4Kye/TIH8PWA3kkBjeg==
+mr.			172800	IN	NS	ns1.nic.mr.
+mr.			172800	IN	NS	ns2.nic.mr.
+mr.			172800	IN	NS	ns3.nic.mr.
+mr.			172800	IN	NS	ns-mr.nic.fr.
+mr.			172800	IN	NS	ns-mr.afrinic.net.
+mr.			86400	IN	DS	24775 8 2 949E0AAF97F494ED93976A84DCB1B2654A8C35E6208009C50D54A9AD8FE88FA3
+mr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DzDW+LDEkotj187jNoRW8vvpiQhHrXIE93tK+ZJrr0Lt6JoPkbRXSTh21+3NR6/yKYmivUW0MJb9YX5kM1lx2Vde570CEgdw7ysyjXRwPJng+NFbTd2ZKNbQ3OamdTNfyn5Bc6/OZnZjbWY9wX9twT8YLNwwfUa+kZJBAUpvyM0GEAgR+OW/lfOliWdJ/Um0+arMpDk5MmRKOyxg0VRdsHbjVCa9eOlartoZOefVI4yjTT7tJj4lWuUIQ6ayKMLThhb92huu+zz7SevBSEuSoCdlBad8+T6jWOFrkR3H22R0tJMpMNhBBJ8FDHYwXci4zF2gqUHlh9IQgGYmXt6SNA==
+mr.			86400	IN	NSEC	ms. NS DS RRSIG NSEC
+mr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RdZv+ZIuGF+pBmxoNpiCLlXrI2zOR+uC0BWHmLy6Y2AvbMe04BpLivWvJk90LwvasgHbwJv7IywJDefqqIU9johVtscKNQ5lyd1ptYWZDGFmLlQ2lTFtrPW69X4wWaqsA1Pn0hFn5jg3qguGeJDmz4GQO/M2nSOMa5eVKPGgWNZcjQ3tDmMv031I4BVAYjgwTZr43ZWmv0y5VULgZZNulzuJiGvJcKZpdyK/SxDLm0TmyrsEJ0BOLr5VuEv8sWSbGjqqPbg01x4x9mVimTP2xp034IO74c9fCYJcOdBwUxk0lxfRhZxraEFztNSZV2cBXi19u76GHrN5sPSMKj2jlw==
+ns1.nic.mr.		172800	IN	A	193.146.150.193
+ns2.nic.mr.		172800	IN	A	82.151.64.2
+ns3.nic.mr.		172800	IN	A	204.61.216.135
+ns3.nic.mr.		172800	IN	AAAA	2001:500:14:6135:ad:0:0:1
+ms.			172800	IN	NS	a.lactld.org.
+ms.			172800	IN	NS	ns1.anycastdns.cz.
+ms.			172800	IN	NS	ns2.anycastdns.cz.
+ms.			172800	IN	NS	ms-ns.anycast.pch.net.
+ms.			86400	IN	NSEC	msd. NS RRSIG NSEC
+ms.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cC8TTRMxvrqvnV8WKrjZlzQO9H6AME+/2RyKs0RJZMgzFO2D/JpyFtYkzp3vSNdnUvQZeuMbhAijZ+l5D2gLspN3S9Fiyf+i0C3YFIVAfZHqXYVXgScW+B3nRIX/LapeHDr855U3DBo398qmcQW2ZO56h1vLhZZVgnRXQV/iMsfNAFShTYuDEP2kx39BRIjUWBS0ym1kFx+Zg6k2kH0b/wzbiJ3qpmqlx3L3dbfL49jyBTwP4YyoSIAW3sY1OUH2Ri5fvIxf8Rm1HowXHsm+wjLky5p2t7/lyWWHNui0u+Ji151rOsKHQXmjr1RreA+XJgJCiyXTqWTQDVE0lSpT1Q==
+msd.			172800	IN	NS	ac1.nstld.com.
+msd.			172800	IN	NS	ac2.nstld.com.
+msd.			172800	IN	NS	ac3.nstld.com.
+msd.			172800	IN	NS	ac4.nstld.com.
+msd.			86400	IN	DS	30849 8 2 8560961FD5E191D49B2461180F7EDC509E10689F85ED595AD111956BC81FF9A2
+msd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qGzRsEKOn6M8mrRPCDinx6ImOb/x4yYsnXMdgiDayuLiwt7ne7GunKqkIh+ewsy0EYGcOlUdV912LeFxsWc/FSFQc4uPghs+8M+qfLg4ZiP8gdyYqu9kT8r21Di/33anmJWzsvrlD/NQvF+kCvAS627Tn3GRqhtjJTRU82sBR8nQoMmpSzbq76/9yavPwdYB1M5Fh5t+SGZX3W0pV2pO+kL5sTr6Sj8vGNqBcNUyHfEI2+j7hELIhyPKlqNh67/BAeh1yONIqTJZdxqpO/llsiJD0+GP694U6YdTBy2o7rYW9rQs2VBNyVqP/BG+x9JMPVLfwTeC9SQKDZh2oHLHsg==
+msd.			86400	IN	NSEC	mt. NS DS RRSIG NSEC
+msd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FR1HrBgB/RlUcoO1IU+LuOBCd5238GW0q3fXQW+Yt7vLSf2MaDdSvb5W9YSd8LDN6BtoPeQvHlOJWw/MOehbuA3BYdhShA+DXwUFl26Sx4kLfa/oGUz9NG9VzVBBpPQttw52s24y4rxpPY9l9aj49Of+ZvAFp2g0hP2uM+/eErbIMG7E+OQZFZUyP9EkCMqfxUprS2JRPBBYGwHI5Cwm2AI6+z6I8cG4+ApED6/aj/Rk8pFblK/xT5ITQTtXC1HMs4o1ipNPlaDmWMpqHK5HD73Mc48/8RPytplYLqej6OrnuhEpj/zZ/TCavGQ++AE/3SuzgBst+kSItjjW2CX5FQ==
+mt.			172800	IN	NS	a.ns.mt.
+mt.			172800	IN	NS	b.ns.mt.
+mt.			172800	IN	NS	f.ns.mt.
+mt.			172800	IN	NS	p.ns.mt.
+mt.			86400	IN	NSEC	mtn. NS RRSIG NSEC
+mt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WfUFF+rr8kUXnczbO43oyiRYadERJQFiCeFY75zm4cJAJJoPikhpGwR+Z4pGcAe3YmUpnqcnsHP1PtrxuwwHPU2vF8DhSQNXfk3QXwRbe8tYOAufXq3qr3qmeNukmY2Comh7rXw7I7H3z8d74TfMEGzoPrXeDP3hA+A5xDBGMuLIWMYF9YVHu2EvhVGtRUdIXjESXl2c3A/yQ0LZ+/XkBvqk3xx5uIrbQghXuANxGZ+fCAQdLB5tw7VTsm/lg2YRTzg5h4pW03o5y4KTnEJGVM9qub/mOCZKD6ry8NRtYig7NKpRN4r/C9AuYwSivRQgc/ra7E7+a1JVUPhlQJxvtA==
+a.ns.mt.		172800	IN	A	193.188.47.252
+b.ns.mt.		172800	IN	A	193.188.34.241
+f.ns.mt.		172800	IN	A	192.93.0.4
+f.ns.mt.		172800	IN	AAAA	2001:660:3005:1:0:0:1:2
+p.ns.mt.		172800	IN	A	204.61.216.45
+p.ns.mt.		172800	IN	AAAA	2001:500:14:6045:ad:0:0:1
+mtn.			172800	IN	NS	dns1.nic.mtn.
+mtn.			172800	IN	NS	dns2.nic.mtn.
+mtn.			172800	IN	NS	dns3.nic.mtn.
+mtn.			172800	IN	NS	dns4.nic.mtn.
+mtn.			172800	IN	NS	dnsa.nic.mtn.
+mtn.			172800	IN	NS	dnsb.nic.mtn.
+mtn.			172800	IN	NS	dnsc.nic.mtn.
+mtn.			172800	IN	NS	dnsd.nic.mtn.
+mtn.			86400	IN	DS	18374 8 2 58114B80A64F8617AF3EC29668C55519D8CCB44A203562D746E7F2CC8850A1EB
+mtn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eSQj070yLyKjuIo3KT/+In4boBB7PgKurepZHjRF+E0Rq1H6ls78UfJ3ZOm4iP2ee8iBEbLiG0HCuXZLJHSwkvk26C2W310RkLagWSrd/o53qmvA3y7qW93C46KYU4Cf499093jYrjdO+bW8XuGCCXle+oOzLOaPqrqCm1WojtQHDT6bfBplnClJ5xgA8gN2IVo5WT0h/A4QLjHtA1sZzrdw8ileP6OUJB8IMvXSZ41YCsSFdG0p3iVOHHSKSuCOjpqaGUGKPADzGHTtknCgPoRwJdIcHWy0lmpj1ycSgWd+3eNkx8nErDWaHQ/bVSQMFs+tl/b+McOjFWGfpa0Cug==
+mtn.			86400	IN	NSEC	mtr. NS DS RRSIG NSEC
+mtn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WQn2ppw1ahJ/zxzV//lkLQMjFr18H85+WO8GNyE+ZITsATs7cWKvZOJCnyHGW3i3u4Bepav4MCnjGtmS8R5g/Brklh+bbqe0xmqAD219aURzcjmPadcQS6tk2oZRmz2PR4duIAiMpnUFMuf1Cv7uwVBA4o73vzkJ8Qik1m8oDduJXTMHBSC6y0PLIcrEbypcRlRV3q/raBiBYPLSPdskNdHEYciDnRJNt4pa0rG6VL7ZJ6e1MPx70LjlL5v1pdr35RmZKZIFuIeAOFudBaHJETyxVjosIh+jmb3qnSgLRhQJ4XjdXv+pFfHIpchNgW9XOftlBpMbwPqZmbofjSQ86w==
+dns1.nic.mtn.		172800	IN	A	213.248.219.42
+dns1.nic.mtn.		172800	IN	AAAA	2a01:618:403:0:0:0:0:42
+dns2.nic.mtn.		172800	IN	A	103.49.83.42
+dns2.nic.mtn.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:42
+dns3.nic.mtn.		172800	IN	A	213.248.223.42
+dns3.nic.mtn.		172800	IN	AAAA	2a01:618:407:0:0:0:0:42
+dns4.nic.mtn.		172800	IN	A	43.230.51.42
+dns4.nic.mtn.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:42
+dnsa.nic.mtn.		172800	IN	A	156.154.100.3
+dnsa.nic.mtn.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.mtn.		172800	IN	A	156.154.101.3
+dnsb.nic.mtn.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.mtn.		172800	IN	A	156.154.102.3
+dnsc.nic.mtn.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.mtn.		172800	IN	A	156.154.103.3
+dnsd.nic.mtn.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+mtr.			172800	IN	NS	ns1.nic.mtr.
+mtr.			172800	IN	NS	ns2.nic.mtr.
+mtr.			172800	IN	NS	ns3.nic.mtr.
+mtr.			172800	IN	NS	ns4.nic.mtr.
+mtr.			86400	IN	DS	7114 8 2 CE2AE4BC0908188F044CE4B2AC931119311272D0FB3842A36F2ABBFA059E093A
+mtr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vtqGMejOsB/TfBQmE4cZ2MsU5attgRbIG/VqbsCYiMlxoyovfeNoZTu4Dyhl/XTeol3XFNMcjZGtz3zamuP51MfZQbKyuh5g7rA7kadawAh3ZwG+Th403Uy2a0orcVxKnWb0wmQ5klv4pR99F2lYh0Ncg/TnNkafW0wZuFv5szg6lAuh6ECEobB/WLJqUSxzuXlr6hlYJhpHqb2PyRoE7/CdurxyldfUG2+BOltF+ZECuvmQTjgR7jEI37JSVMS2razH/SY1opsEkZUmqG1Ky+gkb5Dp/tckGhqFW+XEgwiPCf3uoTx0oYjPvDRa8TaKs3RIln2Io7sielbKcH3xNg==
+mtr.			86400	IN	NSEC	mu. NS DS RRSIG NSEC
+mtr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WsvRptP8wKaFVRymxFUA83CXul8FR9qsD6HIq5elTQS6g7yYZjhwl/x5Zt5/wZ1vj0t9x2MjuA5ggua3a2snXac/Fj2MwBj/OsZsP24u1YE9hku2JEdTshH5fUfJy8gN/UqfjpI8rD4C5irblgARmJYFa+y6mfewsQ1BdO/FCMsBZAg1o4NkLmUL8p+nVRk1zEJV4GuQt0Bfg+/DuXTB/ys6OLYKLgL+mI1t9s2Xsn6XmHwTXYAJVP+qWvkim9mepqQQty4bkqSxMvWruTmfTQVg1q4Pmt9K1+oMl2X3EZFUaYCiUMDfpY+ujA8QaCJ/a0AnwMj06LhsREvHeCXR3A==
+ns1.nic.mtr.		172800	IN	A	203.119.2.164
+ns1.nic.mtr.		172800	IN	AAAA	2001:dca:4000:0:0:0:cb77:2a4
+ns2.nic.mtr.		172800	IN	A	203.119.87.164
+ns2.nic.mtr.		172800	IN	AAAA	2001:dca:2000:0:0:0:cb77:57a4
+ns3.nic.mtr.		172800	IN	A	169.54.247.173
+ns3.nic.mtr.		172800	IN	AAAA	2607:f0d0:1b02:b9:0:0:0:4
+ns4.nic.mtr.		172800	IN	A	135.90.90.24
+ns4.nic.mtr.		172800	IN	AAAA	2401:c900:2101:2a:0:0:0:b
+mu.			172800	IN	NS	fork.sth.dnsnode.net.
+mu.			172800	IN	NS	udns1.tld.mu.
+mu.			172800	IN	NS	udns2.tld.mu.
+mu.			172800	IN	NS	anycast1.irondns.net.
+mu.			86400	IN	NSEC	museum. NS RRSIG NSEC
+mu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JBhBxK63l9ZmXiQfIRTBtW1xdN80Siuan+GCU59cp6FUt8kGYCzn0xWpcSglqNQOGBOU54kI9bLkw7ZVwrEkUpvCsmCyXUhbaZHGiiehex1/dk/WGR4KQx1kSW2w/L7c+l/yspXdOeppVIdB8RE/j5/dRL47xewqBp+KRlaSYkZIiG33YeDBQrn6sJJkiUHVNseHQa6MK4T5n79KNpcbdaeSodhW3jCm5ys7z5IFNhk/t9UAuLGpPUx5ocWUkaj2Lt0Lls9yusSuSJtWfXPc7+JRJkXbV4AU+aMibbwrFTe+tfd+fpuW0CjdBME5eg4GlMrgZPiM3TqfP+hodx7eqA==
+udns1.tld.mu.		172800	IN	A	204.61.216.10
+udns1.tld.mu.		172800	IN	AAAA	2001:500:14:6010:ad:0:0:1
+udns2.tld.mu.		172800	IN	A	193.0.9.98
+udns2.tld.mu.		172800	IN	AAAA	2001:67c:e0:0:0:0:0:98
+museum.			172800	IN	NS	d.nic.fr.
+museum.			172800	IN	NS	f.ext.nic.fr.
+museum.			172800	IN	NS	g.ext.nic.fr.
+museum.			86400	IN	DS	21969 13 2 BDB65BCA27B34A0C9E296FB79EFC78615678F7CC46EAB5EF86FE59F259CC03C5
+museum.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JblPuTu0d+/pjsEnmLrUDsOOtKkmx2sRxuJfmEwrNd6QvztDNauoIfJh2NvG2ktzEYtDwGEWhTte045fQ/GWclQfRdSKQ1FGIr0FnxTwY2lWp+JTBNEFmD+vKJAxiK1byjCwGNl8/AjojEnZygrlJkFoCp2cj3zQq70Kh8gNc6K3bTFCHC3u7at9pOckd7TgN2ao0uD5yTnb2zxa4RHfubBv2iV8mK28GyN3ZsbkopdVemLrt8aHDUK08NjVdJSEukguKtA6EIhLjNd1cWVvE09Db4/DHWEHPHbcoaJ37pLuCH3SHxxr+xmcymZW+aRCUY5PvFG3D/QFkB9f39FRpg==
+museum.			86400	IN	NSEC	music. NS DS RRSIG NSEC
+museum.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mMaHoMlNtrfv36kmIhBH/bl0DlNGp1/5f6gSqcvEa6uDSBnwt0UEoIyUDAUafZ6LrIol8godwHvEx7DoiHnZpo+Jjcs811ajthfkF9WHifYT4nygMhoOC5TocJD2UtV4tuTlz7BtrasEmK/npV/terMIGeMu6js6yCFPTU8GNalnjJVu4o4QQMlhwP1sJjVyjr8Yrv0ZH1U6y0p3g8XpjBaDDp/F+sl2OeF5jXVqygiyqhoUZfSzPij1/t+v4LySioCXmwRRb33iAhYCwbVP08+xvjqrYMgB9edMdW5p1DSM4KhqjT9X65vcPWiEJHuyAg08vtZeVhirdrMLIjW8Bw==
+music.			172800	IN	NS	a.nic.music.
+music.			172800	IN	NS	b.nic.music.
+music.			172800	IN	NS	c.nic.music.
+music.			172800	IN	NS	d.nic.music.
+music.			86400	IN	DS	60004 8 1 EE80F198DA75C68C32A632E895502F3F2A32940E
+music.			86400	IN	DS	60004 8 2 F4025F7B5C848808861BD35868BAE0CFCF7A0FE3AA1F79BB222093687462F3FB
+music.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . K1ImWmTDJJ7L4BmGc6DkB+DTy2uMjfIOwJ1JAjIOwEshezOIsMIPmo0AJGhmu3ZPJnbQVQoOgZYRoS9gNA1nMiYn8xvok/oj+Z0HQ2b1cBWpDzlVCStq0FA+GG6UvUv7WuNnHEWJNBuj7FJhMrxZJXBCuwneKDtq3iC0iLz0pN4Zu96zez6pNDtuCM+42TkXCeT42pyfYAl9uCbtthtQ/JF4YXcDlKXKuizEuirmyr/4h9WzJQkVGmKvIosur0uC/m5xhztnV4k81lMfG0gW6yCNTcSVJ3wSnwQYIBBogX9lCqPyuqtd80k1N457gQgO0YVpyQpDOAMNVIz+6DHYXA==
+music.			86400	IN	NSEC	mv. NS DS RRSIG NSEC
+music.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PCPrc25g24uIZ5LvtBFHDvMXCNWPQfUFiU2lP+5rmgjTRlQS1ay6saTH2StjVWtpIZLcb+5JmPZj6Z3HvUp5FTv8owCXecuEyJ5V/7R3FbFPkG6fp/+S/AJ4LnxdwMmSgULS8+V2mq2f8Vr6HkTM1K63CC6MRSV/t60iewhXe8UHM8Oce/tJMmq0K5exzWi2HAzvi210yHzU4p5nLzTDsa+B8MacjrwPn30uJZv0O7+tx6t3nOuj6kO5YVe79yNZsrr6gVnmSRquH5HRdzX+QhWiIgMp99pbGlud2uH+A2JQknd1xx+sOyI/yu7Rz2j11Mc/Md+sK4E+hb6zyR8xoQ==
+a.nic.music.		172800	IN	A	194.169.218.142
+a.nic.music.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:142
+b.nic.music.		172800	IN	A	185.24.64.142
+b.nic.music.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:142
+c.nic.music.		172800	IN	A	212.18.248.142
+c.nic.music.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:142
+d.nic.music.		172800	IN	A	212.18.249.142
+d.nic.music.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:142
+mv.			172800	IN	NS	ns.dhivehinet.net.mv.
+mv.			172800	IN	NS	ns2.dhivehinet.net.mv.
+mv.			172800	IN	NS	mv-ns.anycast.pch.net.
+mv.			86400	IN	NSEC	mw. NS RRSIG NSEC
+mv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A51NLffc5ORaAgaIBEex6S0en30w4kMewxbCIFlSSCn+HC6KWr0/g3IxhLC7c/jqzwwhUJQNOOlbtfKetdQoSV5ZlNNW/WLZnIRBiX9wf8i66y+rZpIhsDQQHNdLxx3SkhdBieE8ZzkcfJLwKhzhvwRcbcFp89ktItLk9XDXBJHF6NVxPYb/aKM5ccOGvSE1tYmaAi84KaO3oZCyJ1bBPupMYxaGRwsDOUPzR3CMoPPub1OhUU08AdZGRaQFp6nFM703oIukkQHjD3AaI2ZjaaNG7pgXAR97ilucrVatJqhTt+AJet+a6YDg5HS/yuD+BVDQC2Oej6DroQCfgse1AQ==
+ns.dhivehinet.net.mv.	172800	IN	A	202.1.192.196
+ns2.dhivehinet.net.mv.	172800	IN	A	202.1.201.201
+mw.			172800	IN	NS	mw.cctld.authdns.ripe.net.
+mw.			172800	IN	NS	ns4.apnic.net.
+mw.			172800	IN	NS	rip.psg.com.
+mw.			172800	IN	NS	mw-e.ns.nic.cz.
+mw.			172800	IN	NS	pch1.nic.mw.
+mw.			172800	IN	NS	domwe.sdn.mw.
+mw.			172800	IN	NS	chambo.sdnp.org.mw.
+mw.			86400	IN	NSEC	mx. NS RRSIG NSEC
+mw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ENa+ShxxpMI5gq94L2oxG8DcSeetiO7eYAHB653NofBAJt2rRVSsXdr4suiAnNlAMXIYo4KNPMPkPtATIFBnOzd7DFGiRpm00GNbkEQ9qz/Ra2n6gvs7U2+lVFuAEmo1DVasU5P32zDovr5hGBfz3n3t+FqL3CLRCYTv6lw31Nqkd6ToJWw9ocB+ehbgytLbY2gwaLXKpCn2vE0j9W/gnH85xlrFxfCZw27kzWkBK35RPO3IARF/zlgUcYl6uHGnPUTwfsjRXf/HGt9TDPpDD4e0KGmYKrOCdkOuZmkAWUYRT6rkSk/+zU+80DPprsT+iMw/0kqp5z/EoiJP2JH4SA==
+pch1.nic.mw.		172800	IN	A	204.61.216.131
+pch1.nic.mw.		172800	IN	AAAA	2001:500:14:6131:ad:0:0:1
+chambo.sdnp.org.mw.	172800	IN	A	41.221.99.135
+chambo.sdnp.org.mw.	172800	IN	A	196.45.188.5
+domwe.sdn.mw.		172800	IN	A	41.87.5.162
+domwe.sdn.mw.		172800	IN	A	196.45.190.9
+mx.			172800	IN	NS	c.mx-ns.mx.
+mx.			172800	IN	NS	e.mx-ns.mx.
+mx.			172800	IN	NS	i.mx-ns.mx.
+mx.			172800	IN	NS	m.mx-ns.mx.
+mx.			172800	IN	NS	o.mx-ns.mx.
+mx.			172800	IN	NS	x.mx-ns.mx.
+mx.			86400	IN	DS	5714 8 2 F98C2F8FD23EE07AE29137FA6B2AC6BD44BE32D684FD06BB894EE307C56700E5
+mx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uz6KK1B3t13eSgoEUWZ9UeZ1EexidiB3rdlzGPcydrHIB7hXoQXspNW7QASRIzHz60I7Ta+NIhucacPCEaaTjPUl1Wd31xLlflq02462oHnq/45HB9h7OMrF3B0EN3neNxvHXk52Z9DENTlS5GE8mB19ETSatKtiuwDkWcC/XG7zFOhP6lS6g6VSZwlfaZ+yBRPDhwfneXJ2DaXcESamHJ5bcrQ2q4N+AgbO54+0AdRF6x3bE5EqDM53dKq1IngQ5qcvPx/EjHKlmMuDplP0AIbyDinM4XYnlJzW99DK9Hczs7m4hA3bmkqzFweOy2aIEqfdw8u5Jn0XRuY6tu9G1g==
+mx.			86400	IN	NSEC	my. NS DS RRSIG NSEC
+mx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D1ptDqAkIqHd0Ql3zprUud01XlXiR4kSHcnbwMSEl1HsuDzmWcosrP7KDTP99uhqOz4e8MK35xj3/5GYsABB34LXfbBdCP6H4T2BZwsOD+AE0Vguvd9vUHpl2AEKB+e1vfTyHgHUIv2/01OOyXWPuyv4rGIIp031uQlxTQ9qiwSYdcsjP5udloU/cCfB/0Hpncq82gbuoyQl2KS86MXmdjOoNa+ZB19nzlU2q/5GWsFLm/AGGTLDhS6W4gGarETvv97H5GamvJUmmlHg1VUmJHGsJNI5QYRb8VXCk1dbn103qE7Y4k2gMBqyxnP3d8jhhk/Y40ObysYwoq9nKCEnZQ==
+c.mx-ns.mx.		172800	IN	A	192.100.224.1
+c.mx-ns.mx.		172800	IN	AAAA	2001:1258:0:0:0:0:0:1
+e.mx-ns.mx.		172800	IN	A	189.201.244.1
+i.mx-ns.mx.		172800	IN	A	207.248.68.1
+m.mx-ns.mx.		172800	IN	A	200.94.176.1
+m.mx-ns.mx.		172800	IN	AAAA	2001:13c7:7000:0:0:0:0:1
+o.mx-ns.mx.		172800	IN	A	200.23.1.1
+x.mx-ns.mx.		172800	IN	A	201.131.252.1
+my.			172800	IN	NS	a.nic.my.
+my.			172800	IN	NS	a.mynic.centralnic-dns.com.
+my.			172800	IN	NS	b.mynic.centralnic-dns.com.
+my.			172800	IN	NS	c.mynic.centralnic-dns.com.
+my.			172800	IN	NS	d.mynic.centralnic-dns.com.
+my.			172800	IN	NS	a1.nic.my.
+my.			86400	IN	DS	174 8 2 FB9E2F10F50A09E3614A9E6A2C76C1AE7554711E5242B7F516A8078D86ED87B9
+my.			86400	IN	DS	35481 8 2 AE555A40F6BDB488EB025822A71C91C94E1F339FDD71E0386561C3C4B7D2B198
+my.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vWEpF2unf1o0I8tNmUJNZekuqAVyppQ9CvNWpLdaGlyjMNJYVLjHrE/E9V69i6mHi7gJfaQM8wTXPG2PkNxJuZBDf3AH2wMOOAgsreOCJsWVJKxP4qzI5FYLSHmO2tmNIkScGUTof3FMJWZrmEz7F986t/zpGSrm8Szq3kmSCVPcW/AnOUHdjIh34YvtiRd06pcQmZ9LiLe9elJK+EkCPd5J61FFVqSSaAbiU/x9FZrWBF4Mu+cyhgYP7yW+7hrqtfUdRBMNGp3ae/OuJNifZjdjZ3ao3CtoZxBlLyafbuvsJg9D293PITtQy2EWzeslWgqiGnFVbCv8c5zRwbcMvA==
+my.			86400	IN	NSEC	mz. NS DS RRSIG NSEC
+my.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r0dBIAR8Zoe5DLZ1gxNUea64T930RYRUhi6BECegPP66G8m3LlIes17TzBxw+v8O5s5Sku9dCw7Dxe2kVuWlIC17tcxUljWYit0wvigWl2lswdKY9TnzJd3hi73pHMnMs3J21iRzlZbvrOeZPa7/I+RcIsUer0PF71U9axwId+HOobj/YmRd0dIkxLWGacKLKY/tcNs+aRYVYAxryjGbxe3lhd+gGF/pn/MyrKTC4wPiKx1kuMYUPiT/EmQhPuK9kaHG2rvOgoyOBbeJgRSjjP4eTDnTw3f6lLhVBDZR53aJAz6oqsZ4iPdtht1/6w/cdCR4O7HltqT+8wpbYkCT7A==
+a.nic.my.		172800	IN	A	103.44.108.53
+a.nic.my.		172800	IN	AAAA	2001:ddc:0:53:0:0:0:53
+a1.nic.my.		172800	IN	A	202.171.47.204
+mz.			172800	IN	NS	anyns.uem.mz.
+mz.			172800	IN	NS	dzowo.uem.mz.
+mz.			172800	IN	NS	ns-mz.afrinic.net.
+mz.			172800	IN	NS	zebra.uem.mz.
+mz.			172800	IN	NS	oceano.uem.mz.
+mz.			172800	IN	NS	phloem.uoregon.edu.
+mz.			86400	IN	NSEC	na. NS RRSIG NSEC
+mz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g0gGK+nEgfktbcBcKOH9FxKIwBoQIRo9ugaegi2xyQIn4psiXdQg5TL2XQtHt1MJSEPD9mm8iwvSfKyItsMlUiAWVQtAaeD9EmVXLprjsC3GLNsXHwLdOCSsvZem5rCiaz6jQY7sb6BoFej6rf29wNK2paZd8xrh45h1oTyadpXLMe0u7C5br89XH32Re2yD1y9zi7T9mSc9PXFm6FgK3p7L0vBfduRBswPgKgvvaPiUUbB+UFZLAV5dL8bx6Q81Xu6n59x5rV3ByP2uT8o9cc0eHMhniUcSg9hheL2zIAfPOIoXsq6enk6uxmzQ0+GV+WRcuW6JVEKau5L3Ttq/0Q==
+anyns.uem.mz.		172800	IN	A	204.61.216.14
+dzowo.uem.mz.		172800	IN	A	196.3.96.66
+oceano.uem.mz.		172800	IN	A	196.3.96.69
+zebra.uem.mz.		172800	IN	A	196.3.96.67
+na.			172800	IN	NS	na.anycastdns.cz.
+na.			172800	IN	NS	anyc2.irondns.net.
+na.			172800	IN	NS	na-ns.anycast.pch.net.
+na.			172800	IN	NS	etld-1.anycast.net.
+na.			86400	IN	DS	25079 8 2 EAE8C2767C1C52C78B844247A31B0EF44988782CB5517D502983BA75DE98A627
+na.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Zn3n8U/wgy4MDCA6TrTD1wyClkr/jeA6kkuO2iDYHcfYFkDaitz7x8ETv/rGSCYo8LTRVncdt927N4e0+zgCEDoste+/Za/1kjldR39antlU2Bc7/tVgtZlsBVf27vPn7JFfXTh0U4ejKp9gNk4l7Gu+gYKF2MqhqWTz+DVlg9OKCSHlxdjGr8fA2/8FAxT+/Uzs/jCoLhvkgwS236dE2sCx2UtJo6GNOKtL9IYkHJ23mjyptlmYMTWonEOoZz7SkuXlhLetGSDMG0lcKTC/iB6QSt/MjYCx6PGJFy/qHacDrfKuH7PFjU0esC0Xm8H+WmaRV2bnume5rEAH+eNpoQ==
+na.			86400	IN	NSEC	nab. NS DS RRSIG NSEC
+na.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TbzoTj9uKMC5kIRlKN3Me840JO02X1YJEsLI29JNJggoMTaxUeZksbor0Vzt6IQPd5vktvtVFyKRoYk7Aqda3bj6dFIGfJhTOo4Vk7XCIzWIJD5MiPAKl36mY0zKGwS1ZjnCXonsPU17hKZFXcUxdj/mYzwyTplSAu3OMY4gKD7UahFk1FE1uJdo2V3cTutchuErFDt9Wciv5OGMjRZZG71yf9mceA5Ub27vP1OZtDhYGe3vJgGXlQlMb97zYqOo267qJsRxtOPgo77uCPPArNitF0C4k+0uPSU56CLH1LDimAGavlp37JyqAbujAJRd9kpFsXpuNAv3w9GJ5IC5/g==
+nab.			172800	IN	NS	a0.nic.nab.
+nab.			172800	IN	NS	a2.nic.nab.
+nab.			172800	IN	NS	b0.nic.nab.
+nab.			172800	IN	NS	c0.nic.nab.
+nab.			86400	IN	DS	3754 8 2 8DB2922BD318627EAF5907312A66433D3FC088510F37A4162B1911077B0CDFAC
+nab.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z9Tj1A8IGsT7O9MSP47nnLAdzz2WnBJW5NflJBM2tMCNDZdAMxzUeWPsWgpCW8he3m/qGcxXojFwoMeqgS5AN2qaV8zXRPLoXXbQr9iE0Ldf2J+5aQFkJ0rv1GUyCh0DUfO2en+JGTC1kTU+Qk2MiuLI5rzx9kieEfZ/ywQ7jla5zSwXNM56lYHWCG6otxB06rELItGGhRs+ehtezzzivscfUXooPXV/oxsDWtv46ua17NW33pxwjSO1nwFVXElGaXQpH36QWdQidZHVYAt/PkhTXnSc49bUAq7ov7lacr0wn2aVziTdJsnxL5dAzk7FyRUOJM/dTp6QMxoVt3dVpQ==
+nab.			86400	IN	NSEC	nagoya. NS DS RRSIG NSEC
+nab.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dV70iZ7cozMiCl2dyygUhHuX9uKLjzs2p1eR5OBpoioTW5M6yvj8ltve6fucke5cNfo5JpfZJix2qylEMsa9NhKprZxLfYMeMGXSuBPA8iHqio5wjx5Rx5aDpzNnsT4xDoWLBpBGbOcVM8CotWevxLqDSerxQ35FtvXzJP2Ew8ZXvx5JOVSdw+a4YaL3LAQf9i0G0/FuTMRYdzFn2QfVyy580CbkoezNi8n0e4C3YRRO4hP0DPlbAu83FMiL52tNtdiYt0wRL4YcSJidfbbjdTjTYKSbDG9bumltR/oyPi9M7KC1QQI00vinrnAtjxvgGf2DwdpV5zpAWP5IWN/qCQ==
+a0.nic.nab.		172800	IN	A	65.22.112.61
+a0.nic.nab.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:61
+a2.nic.nab.		172800	IN	A	65.22.115.61
+a2.nic.nab.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:61
+b0.nic.nab.		172800	IN	A	65.22.113.61
+b0.nic.nab.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:61
+c0.nic.nab.		172800	IN	A	65.22.114.61
+c0.nic.nab.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:61
+nagoya.			172800	IN	NS	a.gmoregistry.net.
+nagoya.			172800	IN	NS	b.gmoregistry.net.
+nagoya.			172800	IN	NS	k.gmoregistry.net.
+nagoya.			172800	IN	NS	l.gmoregistry.net.
+nagoya.			86400	IN	DS	44545 8 2 C856432F455A59B06C6964821F01A64FC0957DCB854EB10435E79CAEB6C2486D
+nagoya.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AvN2EFWXxIfjGCHugHQr0/NnpZMXQTJxOLw0ef7cNsoy3oz27pyxzYz+fOVC2jduiCFEN3Y92KX17jggGy5av16W4jieo0Tdj8kpVq0KI16danWERmywi1hVTss15kHkurN3GozzlNtk5MIw+Tdbt1j4PeDqOzk+Y7B3z1GqYvcGm7BqkOmlW5V29noZ8GQ2LJ/Ok4EwZvq8DPfvfiM2kWFQG3c8ZoAXB5pJ75/m8+Hcs9hH3sHdEMyF8M8DgRcYAomJQN7mvmkl2v2uA1jue+ndmuvuD9OpuBINkY7JWy31iPfePHtUquQJs+SsRmByCtFc7xvd1umYUciXo7at8A==
+nagoya.			86400	IN	NSEC	name. NS DS RRSIG NSEC
+nagoya.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sl/fuP114NdW1REzwwTE4XcTM3ryNrOKBzXM8Etvc6ipH1DzyBstImJ6v48YeJ0ayf9qsH2DCk3UemO67cZ7IybJyTgxjBIZqhvqNrzOnVObpMvk5GcFx/L2vQfAGRRM5rWUuTdR71K8IRZzDpb4E1PAkjc4PVHdLcW1DHxa3UerXU+nzN7ncksfkkx7pnGOesVucHs1D3psFqL+dofWVlTRfExz+GP0tACZbZT7UImi1eUruoxSeD+4fuqGUmpnnK4yZMVAe2Y4pbM6gvNtSl/3Aip1Xm7ET4ppcZ//PKZAR8X1GBbCBahXEgvMe2/WZWkcrc/H7vMpkdVXYSoxRw==
+name.			172800	IN	NS	ac1.nstld.com.
+name.			172800	IN	NS	ac2.nstld.com.
+name.			172800	IN	NS	ac3.nstld.com.
+name.			172800	IN	NS	ac4.nstld.com.
+name.			86400	IN	DS	52563 8 2 4E2671F0DBC3927D842053044C6A0CBF8B21E1E657DE8BBA99A4835031A85A41
+name.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rdpqwFMVnnYIXPlsExlCM5QFNQOteTDJt/b43LtBU74QoIrEjLyDg0EpaHMSwJz1i9nmGRuboZ/Sn3rJ3fycujsIIN2O+9lAauLdE/rd/4PPAC0HVWBteIWupiqnegidsKmvFSHWPXj4mhEL1sEAEzkCxNqGqCn+Z+tCJz+nd7RJ9RBj+iuNr1tsMHNmpghEiZY4uzXEXNpps6u3l7p0WBTOcmiY7+sBvcF97SEYRKeRvlG8UFcBRfyv4Feeoi4ABE3YzaSERZ779MVP+k78a0yL73aKhdNRSG8o2FmoyQ8kfUCvsoN6AjYRCqvhEaM1OsvRd4NgWtdvJYtH8bOFpw==
+name.			86400	IN	NSEC	natura. NS DS RRSIG NSEC
+name.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JNWRNK9g5AhdgGgdzG1u9THhpD6LC0uQx+UsoRTarBlHY0eAABH08vcaAkM3k2S+N1+kT3GdGZpdCHLhegmajEE7MMOSTpxzYOqnl1O59BEEkYIB+69f8An7fIpNDWtjHhlzD9oedDgKar0vsYROg4R5X37cfRcOcvAFfQo9P3Jme9Qpo7KNh8a38hnW1JU74MemQuLsj6PnbFgihg60L7WxiGxgc3QS9yYUHRu1y5ICQ1DcGq2dsHYdZ511Xr4JrMYELWWkzpdAUKlj4m8ipWepMFLTVuTpNpgt9JtMoC6SkcNvaXAQ7s4ltNp9VFEgZ92hVWOGKLCfgf+Fvlwt7Q==
+natura.			172800	IN	NS	a.dns.br.
+natura.			172800	IN	NS	b.dns.br.
+natura.			172800	IN	NS	c.dns.br.
+natura.			172800	IN	NS	d.dns.br.
+natura.			172800	IN	NS	e.dns.br.
+natura.			172800	IN	NS	f.dns.br.
+natura.			86400	IN	DS	2471 13 2 C42365FCDE0C1898AB38A492EA636E38437FC87C5EF161BDC3C27893BFAC9B6E
+natura.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PSNQWvzEs++11SlVqjLaYCDK9ZUXcHp/sXm4MLqf4C8ip0KMNX/hHJY6GKlQOcgiZAsLmb8mFYAE8wSGBxLuRWRkLCIaucm+IsAM7zZBm4xgRrh8JpfSMqdRLWkVNS4n71kx+vFgkzNUbb1Sz0q+HEJkvOru8gPoNreSIXVaghwMj+oMQUluMVX2vU8T2fy8lA1Dj/oYBmfm6tBRUb9oBWfcVkPgD2YKfcKEhqxQjxU2Ur3vDNu0DaMlAnQevxgeboA1WUEqac5LZVcj3RUbgBaALlodwGQiZV/ZtjQqOV4tbh1k28yn4stG3kvwXpuR2ifTjjVuuGsUIoUWW5D9VA==
+natura.			86400	IN	NSEC	navy. NS DS RRSIG NSEC
+natura.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . c4fXTNyyUQzoZji2t97WKWH9WKgozTYUOlxmvYwhI7DtGMjiAVlQcht1uUb8Spyjs3nImrZB0MiqktCDyiLNcVfzyk7YV9/kK9JfqN8TvuOw930RaKye68TGBqFqhsCm1ngMJ8x0abiHf/x7PIH4RmyAakwBZmogdHUpwFWEBbQoeZaqrvs6HAJ3eFJ+rd+I7O5xj6Y0xam9z8UVAhEIegTXlvGpjY2QhfXalMD0jrW6hdVCR1G7QqY7wQdhhboy4YHAsa550Ahw5oCe6DLGZR2VNBF53UiPPNkQTHdmrNGfSktNH2ggHmMR/PGFaYuvcziLeAfOYfITg4pbV5XSVw==
+navy.			172800	IN	NS	v0n0.nic.navy.
+navy.			172800	IN	NS	v0n1.nic.navy.
+navy.			172800	IN	NS	v0n2.nic.navy.
+navy.			172800	IN	NS	v0n3.nic.navy.
+navy.			172800	IN	NS	v2n0.nic.navy.
+navy.			172800	IN	NS	v2n1.nic.navy.
+navy.			86400	IN	DS	24535 8 2 6F05F1CC418BDC0C32058586CD7DE8CF28EC70AA9C978E2613389226053C53BF
+navy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DaC62bAg5cN56TYSpm+F2zu0xm+5wjdylQHdp9mNoVfQS9ol5HtK8HP0GZLv8ceazCYgvrT26WbhznKa4rkeN4IdQL8SKRIY7PWwjDsKMfh1ghkvzeo5hBHOlcKe+XiuF6bkB8GMMt3zX22heDybeMNjjOk8YcgeNVkx3dMQcldpv3yOWEh+ieXFv/fiQ7no1HE7SXyMIyx8QBo1XtqgKf69CsUgvYKywV6GXZH7snfch6UeFWsW/by8Bz94pDWr1jkDkvaQiL5ynEUR8BEnWpovP3FIFZhwk6GikYuQsq8LI7ElFQ/PmWnE4Y8H+jf8oKr7zjFVEaCgIvD2o7fpNg==
+navy.			86400	IN	NSEC	nba. NS DS RRSIG NSEC
+navy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SW4zw189manbcRMl4AHmG8uO/dchwGfygP4yHs5iepk2Ae3AsV5FeYirSxl1WTjUXG0pSFasXgCb0m7HyBkulyaSmf2qFrHQ7IVsENuiLgSkC8Xy0kH59YcOKQ5K0ZKCzLfw0wwZ6NknM9pJ0HArsh3hYZhNHtcfoqGTY5Swh9HqokzRXL3iPiuqGtp2QuXA1QCpiNLgzc7hEQcu9tkurEpn06AWPlWoJ3Hh6ZsXZuZsxE4Pz6XStgEbgRxKEyTQokc7RJZt+AdiZQbKKrj8pu6+N6/CfF6aVikf/PxHHIygyIC0hsVhzpbTEhC55oSp2Jhn2ms4vzMeEPgX4AclSQ==
+v0n0.nic.navy.		172800	IN	A	65.22.28.34
+v0n0.nic.navy.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:34
+v0n1.nic.navy.		172800	IN	A	65.22.29.34
+v0n1.nic.navy.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:34
+v0n2.nic.navy.		172800	IN	A	65.22.30.34
+v0n2.nic.navy.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:34
+v0n3.nic.navy.		172800	IN	A	161.232.14.34
+v0n3.nic.navy.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:34
+v2n0.nic.navy.		172800	IN	A	65.22.31.34
+v2n0.nic.navy.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:34
+v2n1.nic.navy.		172800	IN	A	161.232.15.34
+v2n1.nic.navy.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:34
+nba.			172800	IN	NS	a.nic.nba.
+nba.			172800	IN	NS	b.nic.nba.
+nba.			172800	IN	NS	c.nic.nba.
+nba.			172800	IN	NS	ns1.dns.nic.nba.
+nba.			172800	IN	NS	ns2.dns.nic.nba.
+nba.			172800	IN	NS	ns3.dns.nic.nba.
+nba.			86400	IN	DS	4090 8 2 3D0D5884F22C76C902BEE260C65C47057BBBF5544D83CE01681A756B3C220955
+nba.			86400	IN	DS	59911 8 2 734021820D7B1FDEB0567389BCB05A0F47DF5F2A0F156D6E9177A9EDCB6A8716
+nba.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1OfqO698nzhEheaC++LZzrUyDCi995Fb1lT8dZ/dkLvn2Rp9AF97derVeotlZhAkqYh9vTZ3hO2X/QlYmYPNoTzQriYmaaOCXPTF3PkIfoabcMCZfTXS9O0Ckf1+CqBtGZIjzTx6Qi/QkflYdq0g8cEdt8kgpDCDfh2AJSaUeRY2Ht/0MEJ1NtIsEC3MXPi89nBnWE7mn1zKw2XM0Jc4WR7HsX4MVnB8VFvBYgDGcWXGOCpgUy2gHahLv94XoqcerrqYueTm3UGbGZQNMQRQa/ZLUuwOisfUFeB4hOhm8DvxSacMDrqJYJqgjsl3ShcBg/oJD42QftouKgIb7MeA4w==
+nba.			86400	IN	NSEC	nc. NS DS RRSIG NSEC
+nba.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nqJ1Obc/bE+pKhlQjldZ4SoYDoZB38MUGkRKNWpJFuoYypPddGJcSuHVhAzwj8wMLVeegh/yYRmpewlCMwhc92tP7yWkIVti3FmMYtHBhZn1mL8mfeLNqcKfZonPRpRJHNSRRymIno4uu2ZbVRsdddnJ8LaTxGv4FgGvjEGy4mEVaz5xAxsCb+NZ7UAwM0sIemO4IhE6WSMM7IiSAFfaJTEUaFUBYXm6zVPgjaGYAbp+GJ4xG1emyUghxbhXNVkI5F+rJu6xRUnSo26NGc4sg6v+9vsLiRsUu/SDW09MlXqO3OESPnI1XWZ/CN8wc8KOUdBgRWWJcakoR0qVhG6apA==
+a.nic.nba.		172800	IN	A	37.209.192.9
+a.nic.nba.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.nba.		172800	IN	A	37.209.194.9
+b.nic.nba.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.nba.		172800	IN	A	37.209.196.9
+c.nic.nba.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.nba.	172800	IN	A	156.154.144.119
+ns1.dns.nic.nba.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:77
+ns2.dns.nic.nba.	172800	IN	A	156.154.145.119
+ns2.dns.nic.nba.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:77
+ns3.dns.nic.nba.	172800	IN	A	156.154.159.119
+ns3.dns.nic.nba.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:77
+nc.			172800	IN	NS	nc.cctld.authdns.ripe.net.
+nc.			172800	IN	NS	ns1.nc.
+nc.			172800	IN	NS	ns2.nc.
+nc.			172800	IN	NS	any-ns1.nc.
+nc.			86400	IN	DS	49057 8 2 5957AB66CF4871C8C39EDEBC78DFAB2B6DCBB3EA5E97278EA27190539410B753
+nc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hmmyzfk/qlsHaQ+x2tOE9vraIYOs33Pep/Giv5LjYPwXDSQKRLDgb4LmKiKhEnQTQ1ebr5Ilj9lpS/7IrQ4iHzGdOejsc18kKQoYBcc0GLu+5w6KbG5QYU3KZljKI8VZFzRXtyBAHbeXQEY3uGUq0kDwG/RV5CHgEzPn3FnH8o1yFYIfFrRAiXgDEGDhRDlWZAlBcfslR7NpMMUZqBAlGV77ixLeu45OEoHZ7SG2Pv1RqFp/P+y6l7VD641aFJenPQ32oriv7LEwfat/KyM5ZKdI1FvEwBP3NGFqHbvwg+3+KoCvHXw+z8bzbyd9xuHXq816lAZfz+FbEDr4Gx0pxA==
+nc.			86400	IN	NSEC	ne. NS DS RRSIG NSEC
+nc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lZLhFO03iojGq5rZVkDhJKmKQ6SrBhfyfx3/AV7DGoi14y4vif1lQNlg7FItANkYK8K4mhH2qzGDLHL6bp/ewqyG8Q4xzuHSFrhfEaJQVw8PiWExLSPUB/hLioUEPSjpqUQQ047zQseDeOKCNS4faNuf/28nDOL5zMx5vUf78ucBOPz2KN6sg4Yfg2Ej3nov6girol6vXVQmNFUbiPtIo0cTw+p4ZGmOt9WgMFaGGEYS2ROpH8Bw5O3FYV0Mwx6S1UJ3AFMS2jFEHRCfDhG+rsmXbjObZHVcJysIMADX9UIlPiUeVH7PSB+hV1r0LfmssVEDI4lHIQ4jdh8cAnCHYw==
+any-ns1.nc.		172800	IN	A	114.69.222.1
+any-ns1.nc.		172800	IN	AAAA	2001:500:14:8000:7245:de00:0:1
+ns1.nc.			172800	IN	A	202.87.129.16
+ns1.nc.			172800	IN	AAAA	2404:2200:10:1000:0:0:53:1
+ns2.nc.			172800	IN	A	202.87.129.17
+ns2.nc.			172800	IN	AAAA	2404:2200:10:1000:0:0:53:2
+ne.			172800	IN	NS	ne.cctld.authdns.ripe.net.
+ne.			172800	IN	NS	ns.intnet.ne.
+ne.			172800	IN	NS	bow.rain.fr.
+ne.			172800	IN	NS	ns-ne.afrinic.net.
+ne.			86400	IN	NSEC	nec. NS RRSIG NSEC
+ne.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tqSjfrxUabdeO5y5aiPxMVwyzefg98AQJQyUFZng3HlkPGO3fl/3Y/p9VDuN0FKU9NAvBcwvExfW9opHlhdVRxlwbwSDSXV8t9zIwZ6ZysdRwMJz9Jy5kO2tznoTDsh83m8Oy14dYe0ReWZZiuTnMYgJ0YHcFvYcHVgI4IEnUHhwKfsgbBSTaJZ2BcylP8IDeGMfoJitNhIZS6iJOHGHSGiy0/yz2D7hvpTkHvKO8/5GvHftHXw0yuyqXouFuRNCetcLhjrs/4h3c8n333Z0xci7A/e3jBdjj0CagdBJXLRxOZi9c3YnrhDh4TFMPN3uwZxYGwYFT9MhjWNkk839wQ==
+ns.intnet.ne.		172800	IN	A	41.138.54.10
+nec.			172800	IN	NS	a.gmoregistry.net.
+nec.			172800	IN	NS	b.gmoregistry.net.
+nec.			172800	IN	NS	k.gmoregistry.net.
+nec.			172800	IN	NS	l.gmoregistry.net.
+nec.			86400	IN	DS	3352 8 2 077C18D635DA43D7201764E89118F552F72428B12763F1BC258A5619B71458E7
+nec.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VkGeYblCMGufp4OkIZg5owTxzj4fIcU65HG7bNMD193YswvDu7OhD45CYusLjamQumTusWcxhMLluoGCqsmQh8nJJs9pUxsMov4yqUuW7DIrqPIa3S4gfHY9S0OPLhUniNHriYa4P/TCZCcLu0BQiAKLYpwVbNnQ3uI66TqEBUb7FTxWEaDCkJ1Dx640actW0xgvs0nHBDQ8jCXi1q8ohAbvAdW7KH7VjZPhixDcwItwOMhJwDs6lYHQZQf6+AC/WNJbSCSiiQC/0/0maE5HTZwVSaHQCKZzC2brVGqDAmClfxz4L73u6ue419401A2y2so+p+T6T0xFPMtnq5x9uw==
+nec.			86400	IN	NSEC	net. NS DS RRSIG NSEC
+nec.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YcVTRl0vzHO5orAhnZF0EExumqH7wXXSvZeix3veVutG3mEGQCDtY/P6feYWy+92Sh9jWw3oW6JaDXl2zSNL6Pn5t5VneVwRy349HxYGhiiRKg8JUnWDRz6ngkQGTM55EF/MPB+qA0wg2sXz/j31hPzNkab3AFq3G+rnhoWU5mGt+pf4cwrypOvUJXbIJKCMafPdNZNA/z08jafF9jXjUdH4ZBzCt/IZ5IMSMAMXj69zF89mf9yImS0bJEOJGqvrPljwaFIKgEYqmhyccX1dsdvEEhyHR9VE1tAZ8Nmrl+/bKnkParX0MG+CyAGo9C4gmy2E/7sK72PzwjGonx1TRw==
+net.			172800	IN	NS	a.gtld-servers.net.
+net.			172800	IN	NS	b.gtld-servers.net.
+net.			172800	IN	NS	c.gtld-servers.net.
+net.			172800	IN	NS	d.gtld-servers.net.
+net.			172800	IN	NS	e.gtld-servers.net.
+net.			172800	IN	NS	f.gtld-servers.net.
+net.			172800	IN	NS	g.gtld-servers.net.
+net.			172800	IN	NS	h.gtld-servers.net.
+net.			172800	IN	NS	i.gtld-servers.net.
+net.			172800	IN	NS	j.gtld-servers.net.
+net.			172800	IN	NS	k.gtld-servers.net.
+net.			172800	IN	NS	l.gtld-servers.net.
+net.			172800	IN	NS	m.gtld-servers.net.
+net.			86400	IN	DS	35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D8BD973EE
+net.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jnMvgNg2Zp42e6drDHaTskv2vxbBztIz2Nl24m8ghOH1Lwvjkk9Z0nxgM5XVBkNPjIDrlIojIf0BZ79RzPiklD6Cd6nTemwyL1hF6gWFtyJPyK95PcNUhbkj6uF5PHpaofcFek0LpgakaumBY7qqAd80mb8NSq/cU7jCTUg9OBEW3kMEozk5cLHrCES/+oGVInl7tOuhX9BLsjf72uJmKmUGJYWR5uTkZzVm4pG2CRoLnkZv+O2ndamF8m9bmrppkyAFleB3Y3mSYK80aBF18FB/BVG15QUqbQpRVXSllpVGR/k5dHQ9HG3yjTWSB77ubrmcFejWlbb6f5DY/R/x7w==
+net.			86400	IN	NSEC	netbank. NS DS RRSIG NSEC
+net.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xHSBDFrl77ByUfxltigS2THVzk7tqYJLk3Fg9ctt3znialLiWKcWZniz4vbllXunIsoqhbRoZHjykswDf2weX9l97H7A15ZVywJ3pCC9IeIUhSujCnfyC+oLReVHAd2bc2NgyrVwzi2PRURYOepufbVh3u0yyq3ywzVOOkoqiLDs92mGRLkHB2RtpPGIvNO1APLeLvAZl76YKgVFX7GRc+ObPvamBNH7ya30/EX0jmjv/oLYM0OWaFnRsu/KZ7pkeavkXypt+N/E5UECUNAGCjFVCd1mBtViiJ8f6FGNo/Tl4MJexrh/swgojM9KssV7rqlJTPD5P4wriGoLkh+3Eg==
+ns1.admin.net.		172800	IN	A	198.73.186.1
+ns2.admin.net.		172800	IN	A	108.61.25.122
+ns2.admin.net.		172800	IN	AAAA	2001:19f0:300:1007:0:0:0:cafe
+ns3.admin.net.		172800	IN	A	87.98.180.44
+ns3.admin.net.		172800	IN	AAAA	2001:41d0:2:8adf:0:0:0:2
+ns4.admin.net.		172800	IN	A	103.25.58.26
+ns4.admin.net.		172800	IN	AAAA	2406:d501:0:0:0:0:47e3:2a7c
+ns5.admin.net.		172800	IN	A	188.165.33.42
+ns5.admin.net.		172800	IN	AAAA	2001:41d0:8:5c79:0:0:0:3
+ns-bi.afrinic.net.	172800	IN	A	196.216.168.23
+ns-bi.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:23
+ns-bj.afrinic.net.	172800	IN	A	196.216.168.33
+ns-bj.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:33
+ns-bw.afrinic.net.	172800	IN	A	196.216.168.72
+ns-bw.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:72
+ns-ci.afrinic.net.	172800	IN	A	196.216.168.30
+ns-ci.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:30
+ns-dz.afrinic.net.	172800	IN	A	196.216.168.36
+ns-dz.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:36
+ns-gm.afrinic.net.	172800	IN	A	196.216.168.29
+ns-gm.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:29
+ns-gn.afrinic.net.	172800	IN	A	196.216.168.49
+ns-gn.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:49
+ns-ke.afrinic.net.	172800	IN	A	196.216.168.22
+ns-ke.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:22
+ns-km.afrinic.net.	172800	IN	A	196.216.168.46
+ns-km.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:46
+ns-lr.afrinic.net.	172800	IN	A	196.216.168.61
+ns-lr.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:61
+ns-ls.afrinic.net.	172800	IN	A	196.216.168.70
+ns-ls.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:70
+ns-ly.afrinic.net.	172800	IN	A	196.216.168.24
+ns-ly.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:24
+ns-mg.afrinic.net.	172800	IN	A	196.216.168.35
+ns-mg.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:35
+ns-mr.afrinic.net.	172800	IN	A	196.216.168.53
+ns-mr.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:53
+ns-mz.afrinic.net.	172800	IN	A	196.216.168.40
+ns-mz.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:40
+ns-ne.afrinic.net.	172800	IN	A	196.216.168.45
+ns-ne.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:45
+ns-rw.afrinic.net.	172800	IN	A	196.216.168.28
+ns-rw.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:28
+ns-sd.afrinic.net.	172800	IN	A	196.216.168.26
+ns-sd.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:26
+ns-ss.afrinic.net.	172800	IN	A	196.216.168.27
+ns-ss.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:27
+ns-td.afrinic.net.	172800	IN	A	196.216.168.31
+ns-td.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:31
+ns-tn.afrinic.net.	172800	IN	A	196.216.168.25
+ns-tn.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:25
+ns-ug.afrinic.net.	172800	IN	A	196.216.168.42
+ns-ug.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:42
+ns-zm.afrinic.net.	172800	IN	A	196.216.168.44
+ns-zm.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:44
+ns1.aland.net.		172800	IN	A	194.112.0.1
+ns2.aland.net.		172800	IN	A	194.112.0.5
+ns-cdn.amnic.net.	172800	IN	A	194.0.1.26
+ns-cdn.amnic.net.	172800	IN	AAAA	2001:678:4:0:0:0:0:1a
+ns-pch.amnic.net.	172800	IN	A	204.61.216.96
+ns-pch.amnic.net.	172800	IN	AAAA	2001:500:14:6096:ad:0:0:1
+etld-1.anycast.net.	172800	IN	A	45.54.45.54
+etld-1.anycast.net.	172800	IN	AAAA	2607:f740:45:0:0:0:0:54
+anytld.apnic.net.	172800	IN	A	202.12.31.53
+anytld.apnic.net.	172800	IN	AAAA	2001:dd8:12:0:0:0:0:53
+ns4.apnic.net.		172800	IN	A	202.12.31.53
+ns4.apnic.net.		172800	IN	AAAA	2001:dd8:12:0:0:0:0:53
+dns-st.bahnhof.net.	172800	IN	A	79.136.119.20
+dns-st.bahnhof.net.	172800	IN	AAAA	2001:9b0:1:601:250:56ff:feb7:46
+ns1.bahnhof.net.	172800	IN	A	195.178.160.2
+ns1.bahnhof.net.	172800	IN	AAAA	2001:9b0:1:104:250:56ff:feb7:5c51
+nabil.beirutix.net.	172800	IN	A	185.91.97.18
+nabil.beirutix.net.	172800	IN	AAAA	2a05:e380:2:4:0:0:0:2
+ns17.cdns.net.		172800	IN	A	194.0.1.17
+ns17.cdns.net.		172800	IN	AAAA	2001:678:4:0:0:0:0:11
+ns34.cdns.net.		172800	IN	A	194.0.1.34
+ns34.cdns.net.		172800	IN	AAAA	2001:678:4:0:0:0:0:22
+ns36.cdns.net.		172800	IN	A	194.0.1.36
+ns36.cdns.net.		172800	IN	AAAA	2001:678:4:0:0:0:0:24
+ns.cernet.net.		172800	IN	A	202.112.0.44
+e.ci-servers.net.	172800	IN	A	204.61.216.74
+e.ci-servers.net.	172800	IN	AAAA	2001:500:14:6074:ad:0:0:1
+lk.communitydns.net.	172800	IN	A	194.0.1.27
+ph.communitydns.net.	172800	IN	A	194.0.1.23
+ph.communitydns.net.	172800	IN	AAAA	2001:678:4:0:0:0:0:17
+l.de.net.		172800	IN	A	77.67.63.105
+l.de.net.		172800	IN	AAAA	2001:668:1f:11:0:0:0:105
+n.de.net.		172800	IN	A	194.146.107.6
+n.de.net.		172800	IN	AAAA	2001:67c:1011:1:0:0:0:53
+s.de.net.		172800	IN	A	195.243.137.26
+s.de.net.		172800	IN	AAAA	2003:8:14:0:0:0:0:53
+dns-fr.dnsafrica.net.	172800	IN	A	151.80.35.161
+dns-za.dnsafrica.net.	172800	IN	A	41.185.30.170
+anyc.dnsnode.net.	172800	IN	A	194.58.198.135
+anyc.dnsnode.net.	172800	IN	AAAA	2a01:3f1:3032:8001:0:0:0:135
+cl1.dnsnode.net.	172800	IN	A	194.146.106.34
+cl1.dnsnode.net.	172800	IN	AAAA	2001:67c:1010:8:0:0:0:53
+coza1.dnsnode.net.	172800	IN	A	194.146.106.74
+coza1.dnsnode.net.	172800	IN	AAAA	2001:67c:1010:18:0:0:0:53
+pe1.dnsnode.net.	172800	IN	A	194.146.106.82
+pe1.dnsnode.net.	172800	IN	AAAA	2001:67c:1010:20:0:0:0:53
+fork.sth.dnsnode.net.	172800	IN	A	77.72.229.254
+fork.sth.dnsnode.net.	172800	IN	AAAA	2a01:3f0:0:306:0:0:0:53
+za1.dnsnode.net.	172800	IN	A	194.146.106.78
+za1.dnsnode.net.	172800	IN	AAAA	2001:67c:1010:19:0:0:0:53
+a.edu-servers.net.	172800	IN	A	192.5.6.30
+a.edu-servers.net.	172800	IN	AAAA	2001:503:a83e:0:0:0:2:30
+b.edu-servers.net.	172800	IN	A	192.33.14.30
+b.edu-servers.net.	172800	IN	AAAA	2001:503:231d:0:0:0:2:30
+c.edu-servers.net.	172800	IN	A	192.26.92.30
+c.edu-servers.net.	172800	IN	AAAA	2001:503:83eb:0:0:0:0:30
+d.edu-servers.net.	172800	IN	A	192.31.80.30
+d.edu-servers.net.	172800	IN	AAAA	2001:500:856e:0:0:0:0:30
+e.edu-servers.net.	172800	IN	A	192.12.94.30
+e.edu-servers.net.	172800	IN	AAAA	2001:502:1ca1:0:0:0:0:30
+f.edu-servers.net.	172800	IN	A	192.35.51.30
+f.edu-servers.net.	172800	IN	AAAA	2001:503:d414:0:0:0:0:30
+g.edu-servers.net.	172800	IN	A	192.42.93.30
+g.edu-servers.net.	172800	IN	AAAA	2001:503:eea3:0:0:0:0:30
+h.edu-servers.net.	172800	IN	A	192.54.112.30
+h.edu-servers.net.	172800	IN	AAAA	2001:502:8cc:0:0:0:0:30
+i.edu-servers.net.	172800	IN	A	192.43.172.30
+i.edu-servers.net.	172800	IN	AAAA	2001:503:39c1:0:0:0:0:30
+j.edu-servers.net.	172800	IN	A	192.48.79.30
+j.edu-servers.net.	172800	IN	AAAA	2001:502:7094:0:0:0:0:30
+k.edu-servers.net.	172800	IN	A	192.52.178.30
+k.edu-servers.net.	172800	IN	AAAA	2001:503:d2d:0:0:0:0:30
+l.edu-servers.net.	172800	IN	A	192.41.162.30
+l.edu-servers.net.	172800	IN	AAAA	2001:500:d937:0:0:0:0:30
+m.edu-servers.net.	172800	IN	A	192.55.83.30
+m.edu-servers.net.	172800	IN	AAAA	2001:501:b1f9:0:0:0:0:30
+b.dns.flexireg.net.	172800	IN	A	195.253.64.6
+b.dns.flexireg.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:6
+a.xn--node.globalanycastcloud.freenom.net.	172800	IN	A	185.21.168.36
+a.xn--node.globalanycastcloud.freenom.net.	172800	IN	AAAA	2a04:1b00:8:0:0:0:0:4
+b.xn--node.globalanycastcloud.freenom.net.	172800	IN	A	185.21.169.36
+b.xn--node.globalanycastcloud.freenom.net.	172800	IN	AAAA	2a04:1b00:9:0:0:0:0:4
+c.xn--node.globalanycastcloud.freenom.net.	172800	IN	A	185.21.170.36
+c.xn--node.globalanycastcloud.freenom.net.	172800	IN	AAAA	2a04:1b00:a:0:0:0:0:4
+d.xn--node.globalanycastcloud.freenom.net.	172800	IN	A	185.21.171.36
+d.xn--node.globalanycastcloud.freenom.net.	172800	IN	AAAA	2a04:1b00:b:0:0:0:0:4
+ns2.gip.net.		172800	IN	A	204.59.1.222
+a.gmoregistry.net.	172800	IN	A	37.209.192.4
+a.gmoregistry.net.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:4
+b.gmoregistry.net.	172800	IN	A	37.209.194.4
+b.gmoregistry.net.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:4
+k.gmoregistry.net.	172800	IN	A	37.209.196.4
+l.gmoregistry.net.	172800	IN	A	37.209.198.4
+l.gmoregistry.net.	172800	IN	AAAA	2001:dcd:4:0:0:0:0:4
+a.gov-servers.net.	172800	IN	A	69.36.157.30
+a.gov-servers.net.	172800	IN	AAAA	2001:500:4431:0:0:0:2:30
+b.gov-servers.net.	172800	IN	A	209.112.123.30
+b.gov-servers.net.	172800	IN	AAAA	2620:74:27:0:0:0:2:30
+c.gov-servers.net.	172800	IN	A	69.36.153.30
+c.gov-servers.net.	172800	IN	AAAA	2620:74:28:0:0:0:2:30
+d.gov-servers.net.	172800	IN	A	81.19.194.30
+d.gov-servers.net.	172800	IN	AAAA	2620:74:29:0:0:0:2:30
+a.gtld-servers.net.	172800	IN	A	192.5.6.30
+a.gtld-servers.net.	172800	IN	AAAA	2001:503:a83e:0:0:0:2:30
+b.gtld-servers.net.	172800	IN	A	192.33.14.30
+b.gtld-servers.net.	172800	IN	AAAA	2001:503:231d:0:0:0:2:30
+c.gtld-servers.net.	172800	IN	A	192.26.92.30
+c.gtld-servers.net.	172800	IN	AAAA	2001:503:83eb:0:0:0:0:30
+d.gtld-servers.net.	172800	IN	A	192.31.80.30
+d.gtld-servers.net.	172800	IN	AAAA	2001:500:856e:0:0:0:0:30
+e.gtld-servers.net.	172800	IN	A	192.12.94.30
+e.gtld-servers.net.	172800	IN	AAAA	2001:502:1ca1:0:0:0:0:30
+f.gtld-servers.net.	172800	IN	A	192.35.51.30
+f.gtld-servers.net.	172800	IN	AAAA	2001:503:d414:0:0:0:0:30
+g.gtld-servers.net.	172800	IN	A	192.42.93.30
+g.gtld-servers.net.	172800	IN	AAAA	2001:503:eea3:0:0:0:0:30
+h.gtld-servers.net.	172800	IN	A	192.54.112.30
+h.gtld-servers.net.	172800	IN	AAAA	2001:502:8cc:0:0:0:0:30
+i.gtld-servers.net.	172800	IN	A	192.43.172.30
+i.gtld-servers.net.	172800	IN	AAAA	2001:503:39c1:0:0:0:0:30
+j.gtld-servers.net.	172800	IN	A	192.48.79.30
+j.gtld-servers.net.	172800	IN	AAAA	2001:502:7094:0:0:0:0:30
+k.gtld-servers.net.	172800	IN	A	192.52.178.30
+k.gtld-servers.net.	172800	IN	AAAA	2001:503:d2d:0:0:0:0:30
+l.gtld-servers.net.	172800	IN	A	192.41.162.30
+l.gtld-servers.net.	172800	IN	AAAA	2001:500:d937:0:0:0:0:30
+m.gtld-servers.net.	172800	IN	A	192.55.83.30
+m.gtld-servers.net.	172800	IN	AAAA	2001:501:b1f9:0:0:0:0:30
+x.iana-servers.net.	172800	IN	A	199.43.135.53
+x.iana-servers.net.	172800	IN	AAAA	2001:500:8f:0:0:0:0:53
+y.iana-servers.net.	172800	IN	A	199.43.133.53
+y.iana-servers.net.	172800	IN	AAAA	2001:500:8d:0:0:0:0:53
+z.iana-servers.net.	172800	IN	A	199.43.134.53
+z.iana-servers.net.	172800	IN	AAAA	2001:500:8e:0:0:0:0:53
+anyc1.irondns.net.	172800	IN	A	195.253.64.4
+anyc1.irondns.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:4
+anyc2.irondns.net.	172800	IN	A	195.253.64.7
+anyc2.irondns.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:7
+anycast1.irondns.net.	172800	IN	A	195.253.64.5
+anycast1.irondns.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:5
+anycast10.irondns.net.	172800	IN	A	195.253.64.12
+anycast10.irondns.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:c
+anycast23.irondns.net.	172800	IN	A	195.253.65.11
+anycast23.irondns.net.	172800	IN	AAAA	2a01:5b0:5:0:0:0:0:b
+anycast24.irondns.net.	172800	IN	A	195.253.65.12
+anycast24.irondns.net.	172800	IN	AAAA	2a01:5b0:5:0:0:0:0:c
+anycast9.irondns.net.	172800	IN	A	195.253.64.11
+anycast9.irondns.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:b
+ns0.ja.net.		172800	IN	A	128.86.1.20
+ns0.ja.net.		172800	IN	A	193.63.94.20
+ns0.ja.net.		172800	IN	AAAA	2001:630:0:8:0:0:0:14
+ns0.ja.net.		172800	IN	AAAA	2001:630:0:9:0:0:0:14
+ns4.ja.net.		172800	IN	A	193.62.157.66
+ns4.ja.net.		172800	IN	AAAA	2001:630:0:47:0:0:0:42
+ns1.liquidtelecom.net.	172800	IN	A	5.11.11.1
+ns1.liquidtelecom.net.	172800	IN	AAAA	2c0f:fe40:0:0:5:11:11:1
+ns2.liquidtelecom.net.	172800	IN	A	5.11.11.10
+ns2.liquidtelecom.net.	172800	IN	AAAA	2c0f:fe40:0:0:5:11:11:10
+dns.lttnet.net.		172800	IN	A	62.240.36.9
+dns1.lttnet.net.	172800	IN	A	62.68.42.9
+ns1-fr.mediaserv.net.	172800	IN	A	185.56.51.194
+ns1-gp.mediaserv.net.	172800	IN	A	213.188.172.1
+ns1-mq.mediaserv.net.	172800	IN	A	213.16.20.3
+server.nordu.net.	172800	IN	A	193.10.252.19
+server.nordu.net.	172800	IN	AAAA	2001:948:4:2:0:0:0:19
+ns.ntamar.net.		172800	IN	A	117.103.88.33
+vps443605.ovh.net.	172800	IN	A	37.59.106.21
+bd-ns.anycast.pch.net.	172800	IN	A	204.61.216.108
+bd-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6108:ad:0:0:1
+bn-ns.anycast.pch.net.	172800	IN	A	204.61.216.87
+bn-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6087:ad:0:0:1
+cl-ns.anycast.pch.net.	172800	IN	A	204.61.216.30
+cl-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6030:ad:0:0:1
+cy-ns.anycast.pch.net.	172800	IN	A	204.61.216.44
+cy-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6044:ad:0:0:1
+gy-ns.anycast.pch.net.	172800	IN	A	204.61.216.34
+gy-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6034:ad:0:0:1
+ls-ns.anycast.pch.net.	172800	IN	A	204.61.216.28
+ls-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6028:ad:0:0:1
+ms-ns.anycast.pch.net.	172800	IN	A	204.61.216.33
+ms-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6033:ad:0:0:1
+mv-ns.anycast.pch.net.	172800	IN	A	204.61.216.24
+na-ns.anycast.pch.net.	172800	IN	A	204.61.216.35
+na-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6035:ad:0:0:1
+xn--node.ns.anycast.pch.net.	172800	IN	A	204.61.216.88
+xn--node.ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6088:ad:0:0:1
+ps-ns.anycast.pch.net.	172800	IN	A	204.61.216.29
+ps-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6029:ad:0:0:1
+za-ns.anycast.pch.net.	172800	IN	A	204.61.216.55
+za-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6055:ad:0:0:1
+zw-ns.anycast.pch.net.	172800	IN	A	204.61.216.128
+zw-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6128:ad:0:0:1
+anyns.pch.net.		172800	IN	A	204.61.216.4
+anyns.pch.net.		172800	IN	AAAA	2001:500:14:6004:ad:0:0:1
+cat.pch.net.		172800	IN	A	204.61.216.20
+cat.pch.net.		172800	IN	AAAA	2001:500:14:6020:ad:0:0:1
+nic.lk-anycast.pch.net.	172800	IN	A	204.61.216.27
+ns1-gn.pch.net.		172800	IN	A	204.61.216.147
+ns1-gn.pch.net.		172800	IN	AAAA	2001:500:14:6147:ad:0:0:1
+ns15.rcode0.net.	172800	IN	A	194.0.25.15
+ns15.rcode0.net.	172800	IN	AAAA	2001:678:20:0:0:0:0:15
+ns31.rcode0.net.	172800	IN	A	194.0.25.31
+ns31.rcode0.net.	172800	IN	AAAA	2001:678:20:0:0:0:0:31
+ad.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.53
+ad.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:53
+ar.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.59
+ar.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:59
+bi.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.62
+bi.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:62
+cu.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.70
+cu.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:70
+cw.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.86
+cw.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:86
+er.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.72
+er.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:72
+gp.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.76
+gp.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:76
+gu.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.78
+gu.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:78
+iq.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.81
+iq.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:81
+jm.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.82
+jm.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:82
+jo.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.83
+jo.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:83
+kg.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.84
+kg.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:84
+mc.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.92
+mw.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.99
+mw.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:99
+nc.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.100
+nc.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:100
+ne.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.101
+ne.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:101
+np.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.102
+np.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:102
+ps.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.105
+ps.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:105
+sd.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.109
+sd.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:109
+sm.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.110
+sm.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:110
+sn.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.111
+sn.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:111
+sy.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.113
+sy.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:113
+sz.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.114
+sz.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:114
+tj.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.117
+tj.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:117
+ug.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.52
+ug.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:52
+va.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.123
+va.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:123
+sec2.authdns.ripe.net.	172800	IN	A	193.0.9.4
+sec2.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:4
+a.dns.ripn.net.		172800	IN	A	193.232.128.6
+a.dns.ripn.net.		172800	IN	AAAA	2001:678:17:0:193:232:128:6
+b.dns.ripn.net.		172800	IN	A	194.85.252.62
+b.dns.ripn.net.		172800	IN	AAAA	2001:678:16:0:194:85:252:62
+d.dns.ripn.net.		172800	IN	A	194.190.124.17
+d.dns.ripn.net.		172800	IN	AAAA	2001:678:18:0:194:190:124:17
+e.dns.ripn.net.		172800	IN	A	193.232.142.17
+e.dns.ripn.net.		172800	IN	AAAA	2001:678:15:0:193:232:142:17
+f.dns.ripn.net.		172800	IN	A	193.232.156.17
+f.dns.ripn.net.		172800	IN	AAAA	2001:678:14:0:193:232:156:17
+a.root-servers.net.	518400	IN	A	198.41.0.4
+a.root-servers.net.	518400	IN	AAAA	2001:503:ba3e:0:0:0:2:30
+b.root-servers.net.	518400	IN	A	199.9.14.201
+b.root-servers.net.	518400	IN	AAAA	2001:500:200:0:0:0:0:b
+c.root-servers.net.	518400	IN	A	192.33.4.12
+c.root-servers.net.	518400	IN	AAAA	2001:500:2:0:0:0:0:c
+d.root-servers.net.	518400	IN	A	199.7.91.13
+d.root-servers.net.	518400	IN	AAAA	2001:500:2d:0:0:0:0:d
+e.root-servers.net.	518400	IN	A	192.203.230.10
+e.root-servers.net.	518400	IN	AAAA	2001:500:a8:0:0:0:0:e
+f.root-servers.net.	518400	IN	A	192.5.5.241
+f.root-servers.net.	518400	IN	AAAA	2001:500:2f:0:0:0:0:f
+g.root-servers.net.	518400	IN	A	192.112.36.4
+g.root-servers.net.	518400	IN	AAAA	2001:500:12:0:0:0:0:d0d
+h.root-servers.net.	518400	IN	A	198.97.190.53
+h.root-servers.net.	518400	IN	AAAA	2001:500:1:0:0:0:0:53
+i.root-servers.net.	518400	IN	A	192.36.148.17
+i.root-servers.net.	518400	IN	AAAA	2001:7fe:0:0:0:0:0:53
+j.root-servers.net.	518400	IN	A	192.58.128.30
+j.root-servers.net.	518400	IN	AAAA	2001:503:c27:0:0:0:2:30
+k.root-servers.net.	518400	IN	A	193.0.14.129
+k.root-servers.net.	518400	IN	AAAA	2001:7fd:0:0:0:0:0:1
+l.root-servers.net.	518400	IN	A	199.7.83.42
+l.root-servers.net.	518400	IN	AAAA	2001:500:9f:0:0:0:0:42
+m.root-servers.net.	518400	IN	A	202.12.27.33
+m.root-servers.net.	518400	IN	AAAA	2001:dc3:0:0:0:0:0:35
+ns-root-21.scpt-network.net.	172800	IN	A	102.68.62.15
+ns-root-22.scpt-network.net.	172800	IN	A	102.68.60.15
+ns-root-23.scpt-network.net.	172800	IN	A	161.97.87.130
+ns1.sr.net.		172800	IN	A	200.1.159.148
+ns2.sr.net.		172800	IN	A	200.2.162.30
+ns.thnic.net.		172800	IN	A	202.28.0.1
+ns01.trs-dns.net.	172800	IN	A	64.96.2.1
+ns.twnic.net.		172800	IN	A	192.83.166.11
+ns.twnic.net.		172800	IN	AAAA	2001:288:1:1006:0:0:0:11
+dns2.u-registry.net.	172800	IN	A	195.123.1.7
+ns1.uniregistry.net.	172800	IN	A	64.96.1.1
+ns1.uniregistry.net.	172800	IN	AAAA	2620:57:4000:1:0:0:0:1
+ns3.uniregistry.net.	172800	IN	A	185.159.197.3
+ns3.uniregistry.net.	172800	IN	AAAA	2620:10a:80aa:0:0:0:0:3
+ns5.uniregistry.net.	172800	IN	A	204.61.217.2
+ns5.uniregistry.net.	172800	IN	AAAA	2001:500:14:7002:ad:0:0:1
+ns.uu.net.		172800	IN	A	137.39.1.3
+auth00.ns.uu.net.	172800	IN	A	198.6.1.65
+auth02.ns.uu.net.	172800	IN	A	198.6.1.82
+auth100.ns.uu.net.	172800	IN	A	198.6.1.202
+auth110.ns.uu.net.	172800	IN	A	198.6.1.114
+auth61.ns.uu.net.	172800	IN	A	198.6.1.182
+netbank.		172800	IN	NS	a.nic.netbank.
+netbank.		172800	IN	NS	b.nic.netbank.
+netbank.		172800	IN	NS	c.nic.netbank.
+netbank.		172800	IN	NS	d.nic.netbank.
+netbank.		86400	IN	DS	61447 8 2 2E300D5E09BDD071679488D325666AF89182213D8AF2BD2D026C57F3FAB5895E
+netbank.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Uk4DArjPK4nHq+yCcpKdw+kDdAhM9MI9zBRt8Hg4qcXWgvbqJSq9Bx1Xr8kEpjBjQxf1nc9mcrTXYeIOs5blotj32d2Qpi/BYFCgTtq/1OOlv2gQ9XBL27WIYJO979K9Kh2InnINAlAZPvxolJtwmXxwbcOrgeC54c+FuAYGKTXhKkkNE4PqJ7tnMvCWwsInKW19zTfS7xR9Bg9IsKUPCpQFiZkV0988ve/Bv255DTSZXuZj74uVUQcBdgXdtlH4UOpGnznrj/AVbUMJm+QA9xCk7dXXhINSOnAwwsWiDVwGSqPRF7kZFJSEmqQpKlJ3kAJ7fYCJL1NwUhgvG6swDg==
+netbank.		86400	IN	NSEC	netflix. NS DS RRSIG NSEC
+netbank.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YvpF2dRbOO9jM0r++sti9I+xK4cpLzeYHEoeCiyIgNOtkErSZLrSbXN7dfxsKp+7Cblk4GWSbap8pdYqakdAqJ8j/7H7cLopyztmoy0OmrK00OMYyFlUNdog6mqxiNjTQpbsPjKyf2bPF/4OY6Z/ft28V+16eCsTpOCmb8MkATKZW2dOaHkKMIS8lDFqqSlSQ7dnKTzvZfESV4hhzr+jxaY8/pCDPYFqncxPlXsf8gR0Jdsq6MV8kJVrfVjbOHSzqBbrrE574b/8cYSVFAspN4XqRFrnDNgzuTwjTRwWTUaXC1DbyR0UM1vBd+IO4Qk/dRqbn4K8pyarGP2Px0ReFA==
+a.nic.netbank.		172800	IN	A	37.209.192.9
+a.nic.netbank.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.netbank.		172800	IN	A	37.209.194.9
+b.nic.netbank.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.netbank.		172800	IN	A	37.209.196.9
+c.nic.netbank.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+d.nic.netbank.		172800	IN	A	37.209.198.9
+d.nic.netbank.		172800	IN	AAAA	2001:dcd:4:0:0:0:0:9
+netflix.		172800	IN	NS	a.nic.netflix.
+netflix.		172800	IN	NS	b.nic.netflix.
+netflix.		172800	IN	NS	c.nic.netflix.
+netflix.		172800	IN	NS	ns4.dns.nic.netflix.
+netflix.		172800	IN	NS	ns5.dns.nic.netflix.
+netflix.		172800	IN	NS	ns6.dns.nic.netflix.
+netflix.		86400	IN	DS	27637 8 2 7ABA17BD5B87AA5D31CB611E0DFD4C67D926B6CFC68B8AECA58C468B104CC2E6
+netflix.		86400	IN	DS	35611 8 2 37BD4F2E02F06306F0C4EB146EBD289CF83B91824B1320A6332AAB7B14F33462
+netflix.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iyKwxcUuK6u7jynwtkYt8zUfveZAWQpItq1HG5fg7houLKjgKvm4aODf2SHkD2PX1oN5qth9gnVEsbOApo1N5BU+ZL7QpoIuRw0gH15odm9S9XaPmRWRf7FNFAKRd8WoshAbLnzcKLfiqydql1cQZZLRKul7P+PTUMt3U2D9HEsLHeQxWsMphRxiNzt7cpRUNatE7OUgPW3Vu/sug9Eo0uqdxzvkvWG3dT42ac31eurjlPemY8Uhd0tVGLvuPZpRlfq5f5gE4Bt10zBt8oNeUOqlQf08oDsmNQzRPTOYGibUKByNv7XXkf9mrxzd2Wk55KO0fl5rQrOMCMjpfKdR4g==
+netflix.		86400	IN	NSEC	network. NS DS RRSIG NSEC
+netflix.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GC/HZ+Qt4aLuxapn6j7JoqIaAy7LLTqLI/D7GwaSCSfivxiwnOLdLU4N4+MkCdk6QCemc/VRWfStPPk4ErrEsunmcAWViVnI/xQtOKlo4C1OetwFuf34XIoXNDn3HJ6UIdyr6n00q+6FpEKk4CrcnMOWI3JX0Hc8nyFtVc5arQAsE2SzVk5tdh+zSVNafiNd146J9WK3jeHe5GmPTBcl3VD7hp9PK+/fLKh8fTrdMjkBMzoRIK8zyvbK88qRuG+z2F7RkarH6Tv30gr9jsebk7Nbf8tqplybRp9gtiLDxi2WlCaJsjHtW94xpMQAGXNHwbVmQNUOst+vaR+cjSgq9w==
+a.nic.netflix.		172800	IN	A	37.209.192.9
+a.nic.netflix.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.netflix.		172800	IN	A	37.209.194.9
+b.nic.netflix.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.netflix.		172800	IN	A	37.209.196.9
+c.nic.netflix.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.netflix.	172800	IN	A	156.154.156.121
+ns4.dns.nic.netflix.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:79
+ns5.dns.nic.netflix.	172800	IN	A	156.154.157.121
+ns5.dns.nic.netflix.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:79
+ns6.dns.nic.netflix.	172800	IN	A	156.154.158.121
+ns6.dns.nic.netflix.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:79
+network.		172800	IN	NS	v0n0.nic.network.
+network.		172800	IN	NS	v0n1.nic.network.
+network.		172800	IN	NS	v0n2.nic.network.
+network.		172800	IN	NS	v0n3.nic.network.
+network.		172800	IN	NS	v2n0.nic.network.
+network.		172800	IN	NS	v2n1.nic.network.
+network.		86400	IN	DS	40414 8 2 67BBAA0C822DACF7BAA5D8FAAC2591BDD7BF9A6A4189ECA26A61C25276744D2B
+network.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t/Q1Odhoa5ijftkuqbDWhH6lGEPa20h533HlC6imESZrZC0clyXmS88oJfLA6OSkdPDxe5gRNYn4tN21CuRkl2YaTg8dqTpCzVmapwZuiw/VektBjK/z/hlxPVo3/dWAOYaKewT5NclWPf2pWFzDpW+E4Ocuyu0/6y5xReeZVMiPlKL0qmS6Qg79ffP/4Xv0OYPZoDSnuDJ+ImEDFs+5hX/XxKwNILwd/ELFUtDN7skklAO6zCd/cOu5q8T0vE2QYlLTLqCmu0uJox7fU+ANqV0VT6Kn3hSjji0BjYzhHR+GFyTa41qkcS2BryIRs2N3zHmSrSAooZR1pgMUoYLp7w==
+network.		86400	IN	NSEC	neustar. NS DS RRSIG NSEC
+network.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KnHTZ0cz8Nc3XQgq6AJV2oJ9Q0OZ82lv+mMxaWDZeqGp/VdPcwq76DtF0gFlcMNs85hspiOX4kvYo7VTEQzU/6Kg1qd5YCPPE689MZukufZR8yjpOI+yFnH66IWzTzvJXf0P9u8mZYuJwn9q3m0BLp+6epso5d1QU15uU5DCHabsiS9MIHiIVs+zDtXmxXkTiLYu4SQZBXVbvIyufIOJua+YaeCLe2TDw4/k6huTTkgd0EJ9KiZ8qB2EauQsaYNr42cI5xJ7KLVrZnB/g7E78v8WGhbGupMEb+tWHsHD0xCEJ9eCEeS1DVg+91D585WH/F49Fgn1G3rHuA64yhcjDA==
+v0n0.nic.network.	172800	IN	A	65.22.32.36
+v0n0.nic.network.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:36
+v0n1.nic.network.	172800	IN	A	65.22.33.36
+v0n1.nic.network.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:36
+v0n2.nic.network.	172800	IN	A	65.22.34.36
+v0n2.nic.network.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:36
+v0n3.nic.network.	172800	IN	A	161.232.16.36
+v0n3.nic.network.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:36
+v2n0.nic.network.	172800	IN	A	65.22.35.36
+v2n0.nic.network.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:36
+v2n1.nic.network.	172800	IN	A	161.232.17.36
+v2n1.nic.network.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:36
+neustar.		172800	IN	NS	a.nic.neustar.
+neustar.		172800	IN	NS	b.nic.neustar.
+neustar.		172800	IN	NS	c.nic.neustar.
+neustar.		172800	IN	NS	ns4.dns.nic.neustar.
+neustar.		172800	IN	NS	ns5.dns.nic.neustar.
+neustar.		172800	IN	NS	ns6.dns.nic.neustar.
+neustar.		86400	IN	DS	32962 8 2 9BC1D8D086284962E03FA43AE37AC80F2D784218CEA1EF02B322220F5E15CAFE
+neustar.		86400	IN	DS	65215 8 2 AE5583BDFCF0307DF227FF8C2916527DA34D91C92D69835A87302B41D8284C7D
+neustar.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AgIIutjaCEoooo1NW60lrckp6lQFcrXfK/U7ak/sNinJiXj+gKIIV76zCHUFrBDpPoGqPHNDZRUf+TmVgD+QbG6xemxq2VJGq+xIBrIlCgN6bQAnZgkQHUi6XzpupQGJLtsBOzmcqxqtGi8ifz56EIpmnuwqL1x/M9Vb+Uu7Hh+8OoSj0MytV/EOyOUFDUaubb/m1R4cerMGgcTPAMLybybPo0F3qmH1SGBJj7KckgoVIs+GDIPjICfF+KSPjSd1ueunsnznRFxqi+z7sXUkc44Ig/3sXpMxMwef12s4DBg5EQKVbLc49IO/+DmRD9udawXra3uteQCzSiemf01pkQ==
+neustar.		86400	IN	NSEC	new. NS DS RRSIG NSEC
+neustar.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UMdF2ppZ4zNtLwlbagekEpZ5+eUi8w44yjHBn489J201O+ckK5H1n+WTwnEEYW0gg5GPBaQPUTi4YEMdgu5TV3W4igNy9JynbcsJNU1UAKGJW4FO3EsArDi5zae/HbpLjmMK5eY/GZQ6lWCVtZhoywUBkvczhoqOuERdOtb0AGt0YVuMCdSGWTjMFwaTf8/SRTyNS7oGW7OGjYTjVMl2F+fnInVMfA+GUZGmSvlWKKc803LG7l+cqKQuiPVhSTbTgNYA3q5Y5XCF/6XHTx51FOsZFtmizSr6kvVzn8Db5FcRq0s7QddQoxcYuwyscDy9Syko9U+qzIYfckIrNsFjwg==
+a.nic.neustar.		172800	IN	A	37.209.192.9
+a.nic.neustar.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.neustar.		172800	IN	A	37.209.194.9
+b.nic.neustar.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.neustar.		172800	IN	A	37.209.196.9
+c.nic.neustar.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.neustar.	172800	IN	A	199.7.67.250
+ns4.dns.nic.neustar.	172800	IN	AAAA	2001:502:100e:0:0:0:0:250
+ns5.dns.nic.neustar.	172800	IN	A	192.100.59.250
+ns5.dns.nic.neustar.	172800	IN	AAAA	2610:a1:1013:0:0:0:0:250
+ns6.dns.nic.neustar.	172800	IN	A	198.133.199.250
+ns6.dns.nic.neustar.	172800	IN	AAAA	2610:a1:1021:0:0:0:0:250
+new.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+new.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+new.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+new.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+new.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+new.			86400	IN	DS	25687 8 2 E03B5113926012D4D23705257017F61B0154976B32947AD983F3693B8477653F
+new.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VtJMyA9FKmxdrz+V8GSw0a8Ny7jQNeFr65yiFaCunqDD8EOsXAebpS1WkXdOPE3xIsZtHLr2KQ5JzCbbVom4J4hpS5rKRXZFhHCneGW1nZ9kH5Nur5dZsPlTrck5FSOTGwfoGpQV58C0Olqcz/vJfueKjq6Qd6zE7ZFvMICA07ZaflMkp0ng03qRcVGOSbRAsWB/sS47M0WRYmAsWiSgwXF36rspqwP+cHxp14s6q8VsDWB49bLFIYXcR4sZs47TuUM2sxLng4U+W+57Wv7/I4dvPq23Zq4FEMxtPCDchjrpJzsFTNxiVNU9ISXcY4kpgsoD4wpM7JENJ4A95gXKIQ==
+new.			86400	IN	NSEC	news. NS DS RRSIG NSEC
+new.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QcSdFvCQVoH2VbmeQGF1vGZrF6n4tAUTFTwMDItrLeXS2B4wMd5x7jVJ19DQnpTFi2uw4hy+YRnqaW1HKVTRmbL19eqEXvtH0PqjP5Jlmz+qco00+QHC31fXRWXcbct7Okn8kAFaD5Yb7opqsa2tDqUxmEl/ay7OiBJVK3cuV4CWeSgJ0xZ/oHUwByqfW53wYwwznUt5MnzhUPBMm4w/X9mIm61jGyUHVp3wu5lwJdUQnj1oHLk/bS6NLjXkMnplleF8T6Q2UIjyHwBxZ9gbisApt36C3D+zcDwV3pmRIz+SuoavEEy/BDC+FAclWVolJhzW2IJLmqFg+JlxhD0weQ==
+news.			172800	IN	NS	v0n0.nic.news.
+news.			172800	IN	NS	v0n1.nic.news.
+news.			172800	IN	NS	v0n2.nic.news.
+news.			172800	IN	NS	v0n3.nic.news.
+news.			172800	IN	NS	v2n0.nic.news.
+news.			172800	IN	NS	v2n1.nic.news.
+news.			86400	IN	DS	39979 8 2 40C36D4B7AFF71B956ABBFD5710BB34DBDAB3F020D58CB613DA94FC359E63C36
+news.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bvCuLX93iub5URc3BaiUjOvUIjrMIo06Rd2QbZ68seRFN8qTV2zIm/zq4MCS1HqFQZER66nFiVNTQkDQAUfaK64XzZGVv9jk/dCZtMfdL3eZlGdPMVlKO23ZlsLZjOaBN+n05AMoNkOwDjv91TRjqhmdmEY3uty+u/Fiy3OIplRbjXCPS4OfTQwQWbldAZXO1igE06On9LSIfcLyhqWm2TAJCX9ao/EOYs4bowfdpr0yzp7x0/MWZF6RsadOYETyengAFZeBpcrzFzATPnbsUW4E4UaRXP5w6SErQGkxsD0UnKMZjtni+UUCVkuIZd+Z0R6V/4TmSyKe5oHmc2udGQ==
+news.			86400	IN	NSEC	next. NS DS RRSIG NSEC
+news.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mKqHo0b3lK0cjIEtL3wNptnfcRFpppypO3rn4kGG9g55kZj486yWxOTUqui3TgojX3zXdhmGfgTkoYw2mc34aEpBudCIufoyKMr1Ky1Wn3u7sGiQ5QLdePjzNeiANr81y98BjDayanm4keIC/4H4x0VRqO7nAgWMBas279bYCIUA5iL49T975LlpAi0WwfG1irnp8R6mrRnF+SuNBJQBDDc3gacGcQTP0LuBHdTEco0kgOj3izVOp9nw7KCSq321Isushe7Z63wQApnxQXKEvpnUXzSK/WRd0x6mUtc1gJluX0DLwCutRRjOCWQpYz2abhqECw7r7FObYfGKWaRP+w==
+v0n0.nic.news.		172800	IN	A	65.22.32.3
+v0n0.nic.news.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:3
+v0n1.nic.news.		172800	IN	A	65.22.33.3
+v0n1.nic.news.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:3
+v0n2.nic.news.		172800	IN	A	65.22.34.3
+v0n2.nic.news.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:3
+v0n3.nic.news.		172800	IN	A	161.232.16.3
+v0n3.nic.news.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:3
+v2n0.nic.news.		172800	IN	A	65.22.35.3
+v2n0.nic.news.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:3
+v2n1.nic.news.		172800	IN	A	161.232.17.3
+v2n1.nic.news.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:3
+next.			172800	IN	NS	a0.nic.next.
+next.			172800	IN	NS	a2.nic.next.
+next.			172800	IN	NS	b0.nic.next.
+next.			172800	IN	NS	c0.nic.next.
+next.			86400	IN	DS	39380 8 2 FD76F1A70049CC1383D9DA8CBE33917B5877152F2D976E1A0806CA79C00F4658
+next.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XRfKPmeUhfFOuY0i1X6BFFb24onRJBfrf58a+IrDUKm/yklXbw6fmAIB3vfZUy16gZZlIYjBdVTDkVFKz+1cLXrKcZvAgVxm07JENlfSmRvaRozTEbsY7fOxJp1nI6lNST50yGxpyM1VmApUiCigPwScs2sgGGPDjEk9ITVasuc4ej+QAPF/UcL5xCiarBAHqHOSpx+F/vcLJponRLAjHy296ZmY5RES6tjFz8AyYBf3/5IDJ7t9DhkHFDSCgdVEp3q8aBvHL9AJFL5811viuYO2UcvD8X1AtujVl961ivIhftT27TCRdtMzkX5NJf9tg0gFxs8BJ7TY7xXVGh0JvQ==
+next.			86400	IN	NSEC	nextdirect. NS DS RRSIG NSEC
+next.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rFehR0M6uafi3dWJi/eGruKgKf5FE0GvOiOWSSRCE8oxSjM82TWcCs9RgQ0xwRVFXqSdmYVBlbCLKY88LYwp9TXc05ji0T3hemVQt537CO4u8BBE42gqL0EoxsKlYA5k9j0sn+SZhkT2nKBlV8X2J+pRCsvmtvEfk9vlLfa4lZAbjNJMEeogWqLV/eAXWJsAQKu0uUCYNoaVcaF7lRmPieLfY6RDYgXMMr8zLgUdQHw1GNCPB1jqvO3hceyJlB/4EKT6ek6uMJScEAOTiIfw84y3QzCeaPiwu5spUOWczouhD8wxOEFgX+R9ljP4GhZyLcobK2XL50NKlMU7SR091w==
+a0.nic.next.		172800	IN	A	65.22.112.62
+a0.nic.next.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:62
+a2.nic.next.		172800	IN	A	65.22.115.62
+a2.nic.next.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:62
+b0.nic.next.		172800	IN	A	65.22.113.62
+b0.nic.next.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:62
+c0.nic.next.		172800	IN	A	65.22.114.62
+c0.nic.next.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:62
+nextdirect.		172800	IN	NS	a0.nic.nextdirect.
+nextdirect.		172800	IN	NS	a2.nic.nextdirect.
+nextdirect.		172800	IN	NS	b0.nic.nextdirect.
+nextdirect.		172800	IN	NS	c0.nic.nextdirect.
+nextdirect.		86400	IN	DS	56221 8 2 345DF818DFD28C7973070C5F0FCB467D1143C1ED05CB9F9837A3262ECCED4538
+nextdirect.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wkyqquOthvblI7JGXJQuj3QIggfk2AaK91vjLbhFp02s7hOM++7CbciLf9UrhsPgNUcGRFTQGYMqpl8p29nrwLUEIekr7HDbt1mAJHvhezl5W46AK5yUE4bTwIs62oSxAQM6WCD+bVl/gEvWPE6mPieNAnhgqlgasNPqTaPsAd7sqeAoLCYMMGl8bq3Pe3Q3ZB744Fr9XxIqBR2wxme6QhnxdlAEl1NFrPolnraiU/V1MSHqCMmEY9RjPZ5Jk7eg7sxSoTub5WgyWXu2LeLrdBeS/S6LciQ8BtveGJl9z+seuDRH0Y6hJawsumNBUnIxsWlQeMzLBtBvE0Y/5HQ0kw==
+nextdirect.		86400	IN	NSEC	nexus. NS DS RRSIG NSEC
+nextdirect.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OGsLltVj+za5Z7ehbOH0EnO0VqdNNF0zgpsSEnTXazjdTZANDQbP12FddkVlwERpvcbXoRknVyJ4FskPYjKcDYTzXbziYcKc+zsBXuev1BVTBsa3IoRyRdcNWHAMx0HbPOjWWRPOGk8v2s3075vZNxqD6Tlr3Ulx2Ml9q1/dsDs2ivZQZSy9Prx4v25QvoLzLcsJ/Xrj83k4sgwBK10z5Yb4pq49fy1YWwqehkObqnHgaS/2L05Jt1gmpgLEN76i6api1WnMHmtMrlT+4tGiSG+eQ3BUu/praY0eJKduxjHWDlRWz4Owk4E2cY5W5TJBV/7BzKou07lN6O1tD+ltJw==
+a0.nic.nextdirect.	172800	IN	A	65.22.112.63
+a0.nic.nextdirect.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:63
+a2.nic.nextdirect.	172800	IN	A	65.22.115.63
+a2.nic.nextdirect.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:63
+b0.nic.nextdirect.	172800	IN	A	65.22.113.63
+b0.nic.nextdirect.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:63
+c0.nic.nextdirect.	172800	IN	A	65.22.114.63
+c0.nic.nextdirect.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:63
+nexus.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+nexus.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+nexus.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+nexus.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+nexus.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+nexus.			86400	IN	DS	30644 8 2 4FF9338887C833C3D51A1C002600A2E8799A8AF2DA1246A54E43EA25E574B9FF
+nexus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fCgnTi9WKfTBzQsjWut1x9eQ24Y2vTEHw9GuL6ozUAl72GoNgikgiISmPi9D+69TfIbYV6Qt82COEMCav8cYTCIiVDyQjd8DODCSP7xiDOqBhrWzFXsHBvhLSJ5ZRCVUBUMXZj+40c8cRfS08scinbqMD15UhKIdfmhiwcV6KAvhrClHeoWGw6QA7xWxzTd/ucnLepRmiv+SbHX+CjXSlxo/m0PLtg5527vobJFC+u+tNe8uL+NbgZ8Tyd5ikdD3QlmIwoz7pq6AWzOpfzFsmxXSiRDjFVjdNDNgv3cPysHNqqDXAIhlLFpsVfAo1HAC3HoOs/N9OnKZxiTyfa/qkw==
+nexus.			86400	IN	NSEC	nf. NS DS RRSIG NSEC
+nexus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PFclvWZ8PYWN89ggoLY/SKYBS03VzuCC/Taej518/8Rju7H4cL7I+LjGDPgkSY5zcEHdAuQTaQRx8pDExjgTBsPTPBmsO3tWCZ+uYV855qdQx3Z4+7sBvxIwCz7GOEKCQ+VW2DB2qf4fFWRZAQYBkzHUHgi+rZ4v/YOtJxp/7Mi1SEXpgV3y8pER9+yuDQNUhxyXwJgNUoaPr3gUB+hbF8JuitpMuBdObqn55kqB2Zf5yZ73EL9IggShXcRnfBQKXAxBlgKI33pkHB2LvV/ZqD3ibTfffvBdMl7LWlGZ1YmFul6JAwYbw9cnwRlWu85TUOQwONjMhqoAdzCNYrBfdw==
+nf.			172800	IN	NS	ns.anycast.nic.nf.
+nf.			172800	IN	NS	ns1.anycastdns.cz.
+nf.			172800	IN	NS	ns2.anycastdns.cz.
+nf.			86400	IN	DS	54236 8 2 DD87DD324E8360DEC8DAAF2DB771B8C52024D6CEFEB76F2B855E0FC3B8FDB7D7
+nf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dV9vlZnMVRY8pmPzqgfbbdeSmECHjbF2IrkrUZmULWZKiq9VSrt4ONVzQJKw4pkGstZMUQhC6iKqiPIKKYuKEHe166cQXQbi6AhErmkt396zqruuzGCMclLycb/V11FKKVWsVz8PaulcMhDhkKnoc2acpCrCxajmhpbhc4UMEo9R/SKydLMbnoCNO2X6RPX9cMQWVCdM2x/I5YSSAV0tV1PDAYataPkjUTO9GlZyYTZay6BOmLJ+WK6vl4lwZWyW4iiO8+edxWqSz3dL7wRap1pQGG0LTTT7gpjFJN+BVOBWtUmP1zU/MoQJOwAV1hpkSpcLjHQa27aJoaeswP6ysQ==
+nf.			86400	IN	NSEC	nfl. NS DS RRSIG NSEC
+nf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . I/mD+XQyG68iropUj/i+aQDQreEfD16qJhecNgG12l+R9KsShHcE56KBeHHNO6ZGuCnvqQS/sf/bPz8SNGaOsB3h+aEthCe5dgDGv0/25c8fw0GdctGh/G3Xfh0XvTnzWRHiJgHlK4gIfQPTXBdBM3CarWCO3ocs/McspKbY/I+ZejZ4Qwzn/sh9YbBQwR6eNRySgGuK/RYQ8T4rwZeZoA09ax150IOjhNtoIKI1UkAEsVfH5ek30JQPz7y0d2AYWTcsVnb1METcod3Ext8ZsI/zVUeJSCsXw0A7LpzJLJiZdpvUxAMLrUqBg04PR4lL9RkOYhbctynoH0iS70tEcA==
+ns.anycast.nic.nf.	172800	IN	A	204.61.216.51
+ns.anycast.nic.nf.	172800	IN	AAAA	2001:500:14:6051:ad:0:0:1
+nfl.			172800	IN	NS	a.nic.nfl.
+nfl.			172800	IN	NS	b.nic.nfl.
+nfl.			172800	IN	NS	c.nic.nfl.
+nfl.			172800	IN	NS	ns4.dns.nic.nfl.
+nfl.			172800	IN	NS	ns5.dns.nic.nfl.
+nfl.			172800	IN	NS	ns6.dns.nic.nfl.
+nfl.			86400	IN	DS	7234 8 2 EC15A3B4D86192561C46BC1EBB72AA65BF5BF9C9D07A32EE736157EBADD447BB
+nfl.			86400	IN	DS	52009 8 2 4F703D96F3EB2E4621C5176905407CEAC4AEF4CFA8409791AFC2B20BDF4EFB2A
+nfl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U/6TKj7amh2MjNjVzn/O3Gd6AmP0G8ZwFNKkKCYpEDvdlu9ngssnxXvCoKT4D4RZah4J2J18rOzAdpYlftm1dTDiRs+Ws1ilW/RrUsELDUsQD6pwtM16RINlfnKTpzm/nPWSLtSZcwVzGk2R4rFTI9ciFSiApza2E4kLuaf1rZ7mGzuAlfxnHCkX7lR/p2nC/5YKrV6jrhVQXY54yN3VlfvYHjU8wli/OYZyOZwwzFA+z0qaXkt6qprZorYEabTGiF9/6a0bvRnfBDnRdYvfkMZmCcTAEF3aWzNoucqS8ImrEDbl2Bj9MLbWLV5xRJ9OA5RxAscAVQXoomaInBW/ow==
+nfl.			86400	IN	NSEC	ng. NS DS RRSIG NSEC
+nfl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GXfa51CgfKyyi2gIPli1ntN6sy073kfs0M0djDVmSzonnLq9/aKzi4ZkjNlzLv6wJokrbDoKMf2XHV4acoaS77R7YL8/skasIZir+z3E45mm7dScitcxE1vuTYBLjL0ZlR+EtkeDfu0JahVAVN/InPvZJVvLibjj4+6YLcz+V2/mD2jfX/8pB2e+F/K9lFekScs/++8feKTmi+J5jbkjV/ExlO2q4Gh5gSEGAeT6hkNFPPrGctWHXZkmuCi6viI0yQ6A8FaxWkejh/N8GY91M0nwXKlADUj2x98r5tDc/1vFKL2rTSQQYFqpsajusote5J6wprXclmwWMQVNkqfKYA==
+a.nic.nfl.		172800	IN	A	37.209.192.9
+a.nic.nfl.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.nfl.		172800	IN	A	37.209.194.9
+b.nic.nfl.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.nfl.		172800	IN	A	37.209.196.9
+c.nic.nfl.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.nfl.	172800	IN	A	156.154.156.122
+ns4.dns.nic.nfl.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:7a
+ns5.dns.nic.nfl.	172800	IN	A	156.154.157.122
+ns5.dns.nic.nfl.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:7a
+ns6.dns.nic.nfl.	172800	IN	A	156.154.158.122
+ns6.dns.nic.nfl.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:7a
+ng.			172800	IN	NS	ns2.nic.net.ng.
+ng.			172800	IN	NS	ns3.nic.net.ng.
+ng.			172800	IN	NS	ns4.nic.net.ng.
+ng.			172800	IN	NS	ns5.nic.net.ng.
+ng.			172800	IN	NS	nsa.nic.net.ng.
+ng.			86400	IN	NSEC	ngo. NS RRSIG NSEC
+ng.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cMEKgDAjARQL7VXlEY4v/ZOaWIBd+G5PMjv8CPoVHlTfC1ddn8MK83vEg52ElyFkdRdEfkDWnXUNVl/R4bTNeSHJpZ6iSFW7P5eTa3vsFekWcRgs1h1W8mLurYAA0WRiQExP9DGAT2vgwGrgbbYN9ImXyCf+HrkjJgYxaHlFKHf2QqrPqoVVgahtqESOhiiclCvU9TbbFXvk/DcQtHTKhR6TBB5DSFkNJj6WicDAutEp4GDktmFN3RsxJvjp62/pWKv9J3HKN28AquKdObrZYnl8Y30WoBRo+Vrm6ssoQ2OZ/5h/l3HLdJ43CrcVayBmt0ivRku1p2v05QhP+IUYgw==
+ns2.nic.net.ng.		172800	IN	A	204.61.216.40
+ns2.nic.net.ng.		172800	IN	AAAA	2001:500:14:6040:ad:0:0:1
+ns3.nic.net.ng.		172800	IN	A	185.38.108.108
+ns3.nic.net.ng.		172800	IN	AAAA	2a00:fea0:dead:0:0:0:0:beef
+ns4.nic.net.ng.		172800	IN	A	185.28.194.194
+ns5.nic.net.ng.		172800	IN	A	196.216.168.41
+ns5.nic.net.ng.		172800	IN	AAAA	2001:43f8:120:0:0:0:0:41
+nsa.nic.net.ng.		172800	IN	A	41.222.79.3
+ngo.			172800	IN	NS	a0.nic.ngo.
+ngo.			172800	IN	NS	a2.nic.ngo.
+ngo.			172800	IN	NS	b0.nic.ngo.
+ngo.			172800	IN	NS	b2.nic.ngo.
+ngo.			172800	IN	NS	c0.nic.ngo.
+ngo.			172800	IN	NS	d0.nic.ngo.
+ngo.			86400	IN	DS	23944 8 2 DFEC23291372BA32BC2BDE96F88A383373BE1C4BA7BCDB65D5E34F1607400F63
+ngo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XSjsScMBMmRMvOBqibuSwQBoiG6Zhsz4SizfYEMEV5/xTOCZp5ZkjvFVu5cKhU5Fokj7pR2YmDfgsH+3X+A77DP3FYd5y5TBt4ojjEfMUJ38vWnmXDcHUxOinYKLTXuqJnRZ3i4nx16doMlXxoqgd1eGHnvvDRaDU4RNkLxNewM9dfrLeZmv6i1cqrcMk5+0DZ4WU+sOgA26OfD81q280yluGW6kurB0uybzVIGLED0CobFm9SYbfaDwH7jgJSA5jiRVqsQnar9yRQLDGO/KVcNDdJ2Sm1oDv0cksoyxQESjJfj+lbbDh7JM2TKIQbHTaIBFYOjqOKuHZ1pqWJ1WNA==
+ngo.			86400	IN	NSEC	nhk. NS DS RRSIG NSEC
+ngo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Bohtffw/M2MRbqTPp7+Uc26YcfO/ejh07nMhBPMzzyX9xk7PpGcHARBSoFOv8tq4Q3q+txf4XIqV/M70/MWQ84l9TyYMw2C1+xkrQlI4plNI/uGBNd7hB9HVEc8t5uJzOMKAdKfkivZaqWxXxSMA7i6hasbxvI6dr9Zy4Dq3+JRB+57/eXIp3Ctz9VqNc/N0Y64xmfUa3N+5bwBXYUGuitN9ejtprApCrCT7rPi8DVukV/97XT/EUw9Y0labC/yu2xEBkYReVGuw44EX0R5faj05uyZv/9BKTLeRF3UNsO/pDY/7w3xxluSOj4WigLzABndyfbbdFMTx1i4FPtRI4w==
+a0.nic.ngo.		172800	IN	A	199.19.56.1
+a0.nic.ngo.		172800	IN	AAAA	2001:500:e:0:0:0:0:1
+a2.nic.ngo.		172800	IN	A	199.249.112.1
+a2.nic.ngo.		172800	IN	AAAA	2001:500:40:0:0:0:0:1
+b0.nic.ngo.		172800	IN	A	199.19.54.1
+b0.nic.ngo.		172800	IN	AAAA	2001:500:c:0:0:0:0:1
+b2.nic.ngo.		172800	IN	A	199.249.120.1
+b2.nic.ngo.		172800	IN	AAAA	2001:500:48:0:0:0:0:1
+c0.nic.ngo.		172800	IN	A	199.19.53.1
+c0.nic.ngo.		172800	IN	AAAA	2001:500:b:0:0:0:0:1
+d0.nic.ngo.		172800	IN	A	199.19.57.1
+d0.nic.ngo.		172800	IN	AAAA	2001:500:f:0:0:0:0:1
+nhk.			172800	IN	NS	a.gmoregistry.net.
+nhk.			172800	IN	NS	b.gmoregistry.net.
+nhk.			172800	IN	NS	k.gmoregistry.net.
+nhk.			172800	IN	NS	l.gmoregistry.net.
+nhk.			86400	IN	DS	26765 8 2 6E9C65A3131229436D4C649A5B32377024F1A8D74AE38DFBADDE3A007D00C6AE
+nhk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eCWyTo0SIjHbRCa5Cr5OtLUKN6cic9lEM6Rosdpv6/VOE+tQlQ7xQRbMBi5CNuMRSJAXYWT2HBNkZpWoa6gpB9iGT1Rn0Qanv+N42JHr5IPgLJmymSuoNYZcNn9SVyKvbAWDoPxa6OsQcP6Vsz//Wdc7oGm5KWenuXGg1Ccyl4eoI+1wvBBWvtfz94WGmoGq3yYNqGjm+SFWAYgf7f9Hsh4rdgHr0Iz5Z5bd5J850JOXRtegkvslLDihLMohe6452iafTzezrAqXddPWcZdTzjYGA9USdm+uN0a+xfHrOgGW1dyWu5qLwCsdYB+uB3posPL0NAZ0ajztoEEYL9Qt0A==
+nhk.			86400	IN	NSEC	ni. NS DS RRSIG NSEC
+nhk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XfxKjsJCed6e/UIL+/l3hvAd64yVaUBhFZdkKrvm0wu3bzzFe6LgOAJogapP9OGihKL7A7e19KUmGlUOToHVLFYtfCw7B7uXaWBYmGE8SFvAf+RgAr6QalHUN6czZfPzEmUQgDemhgG1gIE1ZVIL1XWcANp5CqRTE421D91Tj9W1uxKlDfzJ9MF2ijxZHvcRjqWGqw8pqXY4SUfXP71WvdLdfkJeP1uY/1yqOVDPn3E9xeRqsfMARWZLC2UizOVj9IEiAbZQERD7ZtYH6C2JeDPbECV21nZ5yTzdbqRAuvKhaQaBRd+VbxRrgGaNjy502+G1BKsfI1pICwH7/L3/Zg==
+ni.			172800	IN	NS	ns.ni.
+ni.			172800	IN	NS	ns.uu.net.
+ni.			172800	IN	NS	ns.ideay.net.ni.
+ni.			172800	IN	NS	ns2.ni.
+ni.			172800	IN	NS	ns3.ni.
+ni.			172800	IN	NS	dns-ext.nic.cr.
+ni.			86400	IN	NSEC	nico. NS RRSIG NSEC
+ni.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ginRAbP7NWpbyjnYPKb00R0zjyfP88e5CNrpEBUzpc7PVDCYZEo5pHVLWOKjSVFSI+OxHXZWBw1wj0+shGNAjJ4ag+bDu/zY5nD0+SsPJ9w2krsoZ9edpHoUU3Pg8DHyEyzr0AKnmK7Gfos0Z6iu0FiSb5YA8cD0+Bi0VYJewxsbOskNmRKl9qzvbpV3gXc1PhPPePaJe74IxUuwgZwZmJCvW/bb8mFQlfmHS6Bm3pJCm8cez1oK1U5q2EaxNegHr5nuyqiQd8QfZ4tZ3NK7AtkkEVoKXxUCrzCsCj14iqR60PY2ZD3c4xOcuWs4oV2aL5Dy/1AJCwWIQ/TCYuQerA==
+ns.ideay.net.ni.	172800	IN	A	186.1.31.8
+ns.ni.			172800	IN	A	165.98.1.2
+ns2.ni.			172800	IN	A	200.9.187.2
+ns3.ni.			172800	IN	A	190.85.232.145
+nico.			172800	IN	NS	a.gmoregistry.net.
+nico.			172800	IN	NS	b.gmoregistry.net.
+nico.			172800	IN	NS	k.gmoregistry.net.
+nico.			172800	IN	NS	l.gmoregistry.net.
+nico.			86400	IN	DS	48460 8 2 3F35A47BF0B6846B18A619300C133843DE302C9606273A21A965F49DA2F23E0A
+nico.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dxnReVm/t+raRQEvFzL37BQHkGlOKGBG9SUb88kaaVW4wQ3Mk5JsgorwuCNEdUk1PnI3m9MIMlC7CycyY53fxhr7nsvSZ6/huXyTcuRDuQhCJLEgvJuvGVJ64bpI/gE9jJNJpf+NGOGOAg4WrOdAct98aPEbaiM3iI/ypjw4StREpW2imZJIzpD1w9YPilS8fYJhBhytWEqNy1IzzXJ9j98NS/nSAnQTuXg4BWJwroY3lYcUtIoRvsGYQr7xPCiTdHDiryZxvyit/5UdeGkYvj/jyyJkZ2Xl8JuBxNpYEpMkEYQE7OoM3uynDOReJVBsneCz6bfieoPKR6hOJ8I4Vw==
+nico.			86400	IN	NSEC	nike. NS DS RRSIG NSEC
+nico.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EpT0GsQdhs7/lhQoAEJpBgK6I1mkmj/ujuutEjsHYLUyFroxait5SE4l6fe6xrXsjJk93/fT8nV1pyKERXls8OnGTqMofLU0KEnXos5uai7kYbkiQmCVeXj1L2p5yx6E5OpZ3Nxh+rhs+zWRwzWU856bvMG1p7ZRjqBYag85n+iEWMcmZmUTeco8vjxbOO4YDwKbeAqCSfc6BUoLbe9osI3vbkL7YQHq2WPxieacvV6rigK7JbFdWfeJHZ8JXS5ZvQdvuTIwIkT7p8kFir/fzcQ7PA0ey5Ol2HcmDkXIuhVJUa+fsnATweDWTd3pvGGRfNxY3XCymRtX3wSHECcIgw==
+nike.			172800	IN	NS	a.nic.nike.
+nike.			172800	IN	NS	b.nic.nike.
+nike.			172800	IN	NS	c.nic.nike.
+nike.			172800	IN	NS	ns1.dns.nic.nike.
+nike.			172800	IN	NS	ns2.dns.nic.nike.
+nike.			172800	IN	NS	ns3.dns.nic.nike.
+nike.			86400	IN	DS	4354 8 2 FF4031CF9735B318FDBE43B2EE7465B3911499F59BB3B0C420AF4ED92A494276
+nike.			86400	IN	DS	37330 8 2 DA781B878EAAEDD5CB777C550671E970BE256F4681F2F8B7ACA6B823CEA32898
+nike.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MpwNSq+gdnZPO/6FEOjpG1zyRGRVyKVz+0UHSfYkDmtbTj0M6yoKSG2M0pQxEjfqipV4AWcixocd7c/P3DBSSpchYVWZOMrgR3Z0pOnQbTM/JaoQ+BeLlJsjQMCuIpxa1oNJjRrtYEWYG9j9yYSW2kyuucnOYfo6IqkMa/Ad2MTrCjhBIZIWD3CyRQ1J2cT6Q0BGB2TwrtLQNgqaZtIXzK+wQCm7tidHPvMcKIoq847zsCPW5WyS2rR8zWIzaIgkSQCtmfI+m60ETyor09OJlecj/OAgmvjx8eXSUqCXh7CVqK5J4pB7ryAvztZCAW8WXa2BrensnIcb/+OD2dHDSQ==
+nike.			86400	IN	NSEC	nikon. NS DS RRSIG NSEC
+nike.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JS7TtZ8nnnMveyVjOXXOZLN2m5FBcubnfEjj2YJx7pEdAPYJ/goSZIWsrKexsZvv9WVZ52NLvs31hmxcWt2Y9iUReKeKN0UkDXKGuZGRPvd1y2eZWaIZ1Av6UR7dLeksGv4QnBDTJnrlFk+84bCxpmYXiPBGXo7PJL3uFcLVXxXgERdvMcFBuEajSi59flUZMPfQfkPp48NdGNbWku3AsKCd561BqHzrYpSDXDvGCbSVtpxTTMH/yXXUScMcJP2tzEQFbB2qRNoFH9vmZsT62YyXOwyeBOBfonCLVoX+vVVl4x3S/ivVvKiIg80xThW0EaadK67nLZeUl3EtzImQBA==
+a.nic.nike.		172800	IN	A	37.209.192.9
+a.nic.nike.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.nike.		172800	IN	A	37.209.194.9
+b.nic.nike.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.nike.		172800	IN	A	37.209.196.9
+c.nic.nike.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.nike.	172800	IN	A	156.154.144.123
+ns1.dns.nic.nike.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:7b
+ns2.dns.nic.nike.	172800	IN	A	156.154.145.123
+ns2.dns.nic.nike.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:7b
+ns3.dns.nic.nike.	172800	IN	A	156.154.159.123
+ns3.dns.nic.nike.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:7b
+nikon.			172800	IN	NS	a0.nic.nikon.
+nikon.			172800	IN	NS	a2.nic.nikon.
+nikon.			172800	IN	NS	b0.nic.nikon.
+nikon.			172800	IN	NS	c0.nic.nikon.
+nikon.			86400	IN	DS	964 8 2 6FAA1F2BE2E7B7E40D1E6CFFFD831FE4D8A2C2D9B46429719F67EAC2CE582EB7
+nikon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1D7bAbIsbLIPAbOOoxcTf/Nayayn8U7Lt0raO4SY3SPyxSUlZ4r11xilsJcvMQfAOdYXIlvdeOqyvipbWGtQwUdZHEDQ4cFbddDicP4S8GEeslDWcQsQ/Ar7ySxvCWZXIRhsygaNhy7tIDck85btJyn9aGJHPuI43W2/8PYj6V+rTn4tdTSMVzpTsCqtYbbgKIG5w2HRPIS484QrHYI2ePrtzovTK66uT5zK2rd4ABToO4miHDWIP/7UDJWbHNCpRquh+JW6p4NlNipyDEOmqPbO6omgCRkSzjrpEFe1ihSjmZ2i7y9VDW26HdtFEKgnHsnlQx3dbxL38dfLvyUKGw==
+nikon.			86400	IN	NSEC	ninja. NS DS RRSIG NSEC
+nikon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ey4xA7aK8AxkY9WROjHQ5B6/KwpoqGbFC25ibkckANCdB5yYD3ZBccUEUx3PuaK66XE5ZDMolPBCCpxtWHolIKUz/gd/yb+nn6ccaHhh0MYaKgBESXvzHLhrqLZzC1go97dh44Vuvm8C0glGBjkmZ4vWAUEjGJs8JSluX/LtVnNwUneeWzxmZ++rBmlQ+PQUWomjrfgaJWnpL+0GCMv9D8oFqX6wkDKZATDvcuEz0fakCA4uho3jjQ+d26pC24N+7O1d5ZaEB1kM3hlRa5ZfH7VveLF1FK43JjcKFjwvePJcvNpPl0zv4FosukR0O2Wq4XacOPKqqV9cOb5Z15maFg==
+a0.nic.nikon.		172800	IN	A	65.22.112.64
+a0.nic.nikon.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:64
+a2.nic.nikon.		172800	IN	A	65.22.115.64
+a2.nic.nikon.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:64
+b0.nic.nikon.		172800	IN	A	65.22.113.64
+b0.nic.nikon.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:64
+c0.nic.nikon.		172800	IN	A	65.22.114.64
+c0.nic.nikon.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:64
+ninja.			172800	IN	NS	v0n0.nic.ninja.
+ninja.			172800	IN	NS	v0n1.nic.ninja.
+ninja.			172800	IN	NS	v0n2.nic.ninja.
+ninja.			172800	IN	NS	v0n3.nic.ninja.
+ninja.			172800	IN	NS	v2n0.nic.ninja.
+ninja.			172800	IN	NS	v2n1.nic.ninja.
+ninja.			86400	IN	DS	46082 8 2 C8F816A7A575BDB2F997F682AAB2653BA2CB5EDDB69B036A30742A33BEFAF141
+ninja.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F51klhIwz3KDJab/jdgDR2q8TIuD5KrfiAYVDBWLbkAjJ/hkLQysCud9IXhwjhyS9yRu8qYwDxBhXjd6gQc7ibFPnBEx1gN0U7WEN9aIrnYG+/DPEq4deWJtzUBzwLgGaipi7ieT7myQWXQQ8vdkRmNYVppBFazNRlq/2eKh1RsE3PWBFqPbfD8XaCwOmN/67RK/JOzrnMGY9eDNEh5IUe6KeAjWUDObwcAIermLDJPDmvoM8Tk1rq+Y4YBI0DAdHpIOvpd70WlMojhdaiY9y0/M4JVk4Sf8n4Qd8h4Z7YQdA+FGRqAwvIJlIHPnLM4fMntk5EW9FHb/PhqbFQxIKg==
+ninja.			86400	IN	NSEC	nissan. NS DS RRSIG NSEC
+ninja.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b8U19O6xFTBDV9jOX+NQ+e43mpfYyoVRlOEOLjXNqUEXQxJaaI5qmplIlrxAyj0o1+dFZ3Wmrc6sgwqDlD6popEQPCX+/ZyAfUFpZ+PZSlrlgyOxZpYICDeBi7aDFBI5jNUAP/N2GF/pzI6b5A46CrGf4vTOWKQoaCNVNWvhVWEAfd6BuM1mfVDJEQVzhFck0PYI5VW8c5y/SfJjnx1ySY8e96rmEHaq9h0qGLOOqIiJ5O5/2hinXxximJVdX+QuYItmaZLvOKFdVvIq5FbWyIEyLV4QPbiBQmrWMdugFqLqxh4fMCiebY2F+t/0hho0WB74f4HKXw4Eeuob9jojVw==
+v0n0.nic.ninja.		172800	IN	A	65.22.20.4
+v0n0.nic.ninja.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:4
+v0n1.nic.ninja.		172800	IN	A	65.22.21.4
+v0n1.nic.ninja.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:4
+v0n2.nic.ninja.		172800	IN	A	65.22.22.4
+v0n2.nic.ninja.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:4
+v0n3.nic.ninja.		172800	IN	A	161.232.10.4
+v0n3.nic.ninja.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:4
+v2n0.nic.ninja.		172800	IN	A	65.22.23.4
+v2n0.nic.ninja.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:4
+v2n1.nic.ninja.		172800	IN	A	161.232.11.4
+v2n1.nic.ninja.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:4
+nissan.			172800	IN	NS	a.gmoregistry.net.
+nissan.			172800	IN	NS	b.gmoregistry.net.
+nissan.			172800	IN	NS	k.gmoregistry.net.
+nissan.			172800	IN	NS	l.gmoregistry.net.
+nissan.			86400	IN	DS	37324 8 2 2F8EDB59D650BF63C13E67695E5254D4CEEEB25FFAF456727E367DA003182256
+nissan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ILwvUHUOez6dMHgKodItpq97aNrYi3wTCuoZhhLciSrtGmEe8VlhvjoWsjyxpcdOvytwZI53HA7JHrUDmNZmJPOqvfy8rWC9ljMAx77iOZfpoeY73GMNtS6ZSE9MsZMZ91TYvpdsX9r1pjTyadqIYhoFa2oC5sYAiUTmyXLyNWm64DznW5RfHFNuho/N5yfGbNxanAbnJBx6epyX/5RbyfRgv5NhikTcDwxqIHrR3xsjLfPCMCs2yzFq13Vp4n7WkuofBftq50Dy1dgRfGQJdgWAsN7XSwMNih+JdGIlfqPb6iXsLk1OAz1uiAQrNIvr49mL7w9CnOned+ZHNUBf5A==
+nissan.			86400	IN	NSEC	nissay. NS DS RRSIG NSEC
+nissan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . R7e4ANKvKs8IVTA40UQEytqYvWLkY6hBvagLoUCi0GxESv2ggeE6KDMB6y+Xt5mKe2EAfM0xYzmoE1e3OXqCSYXdO+301ZlHC47Qb+tRDvB2GD6/F7ZELicqHWqDnQB3IosYYA7V08yrVMMClr75aXdHApg3KpoKkUMqPhPGT3OAoEsECEQ/75kWSMbNuXZ5QL1yMNRMXRBqYKP9/mQFwMTcTUonE5oXK+yqt1ifz+VgGqQtzOWLLC5bi3ZcU8S13KXAGgJsVXGQm1oCjsYHIw6YUkNEkFyKV/eGYfk0UjEZKd5y3FHxX7wK3/UvQBG7yK9/QjEaRWE1xs5aBGyn2g==
+nissay.			172800	IN	NS	ac1.nstld.com.
+nissay.			172800	IN	NS	ac2.nstld.com.
+nissay.			172800	IN	NS	ac3.nstld.com.
+nissay.			172800	IN	NS	ac4.nstld.com.
+nissay.			86400	IN	DS	62124 8 2 B59D6BDA2C131F954A260174AAE128A43BA29580997FC822E4006148960ACFD4
+nissay.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LClaMdbtT44NGZL+7MEaeiEKLaj7JYZxXUCR3Pc/VVqBzEBSnV1dLcGd44x3t/G3XpN6MCrts55dllmrBvvw42c94Bh/uQeNqEjTRbGr3SlTCkWBb+NPMERUi3zPDAFosYGWxl9ig21/D9+Mcxb4iHS6xpTKjR9w4Jgc4xVTfcEZ+itMtqZKu5lXcobJ6pRi7UfYy5WyDbQEqrz9kkiSrXYuImjdxyjRSB7+nFSK0KVTkRGkGVO4ET52aQfHlvJUFZI2bdaloi3wbUzG4D+pGSkf+J3zgyXk7b3uu3mAEae+lPGRZHeELwLn7W6zA5H3FLikgpvXofx7RirzAEkB+Q==
+nissay.			86400	IN	NSEC	nl. NS DS RRSIG NSEC
+nissay.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L0E9uJqFghfNuuwkQ5re1Cc0zmbnP/91qxnfdfpnEJIsbSxafshKqBz2l+B07xDYpR968GV/3tG8i6AWohC/GtPuPkRKFQ7/PGC8+z8pPGHUl0mM+M+r9Uy5cJ3JD+JJ/xKo86Uqy70A3nf4J685H3GKRNw04T4duLGJI93I5uu4/ZEKysC3tExGR3IRxawBHGrLRLdqEfUA8GgEb6vr85uqbMkz9m7cifSh9gTJb2yY6TkXybPPzQ4L+sRgh5SzDFrTPlViHzAngWInhC/uWR7Nd21ALp1kIvQpXWZe1j089sjRNqpfVPPVqV1VpLiT7r3s3yeHHbppzDOrTaU60w==
+nl.			172800	IN	NS	ns1.dns.nl.
+nl.			172800	IN	NS	ns3.dns.nl.
+nl.			172800	IN	NS	ns4.dns.nl.
+nl.			86400	IN	DS	17153 13 2 C5DFDDC91E7532562A35F3C2CD30823894BE08F20101F1ABF45C8AB9739F3F49
+nl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uE4L0qVFYSBuSvyInW+9SvgxT9VT1wlIdmGosiUTCiFZxZCsrwMT1cGJVzcAqTGMTSghZuIsIXTjRS8kwYG9poPEBcOjF3t+nf1FNE5zblKGI55LXPkXtR5e++O5hUkhrrAtl+VU3EFBr1VwATPdEswn+KojgEXTt6XL4vUx60eorcHnLFpfxhW6EcsjUo2yqIPBVBYroKKLeSD1WBCEvBQBrI83AzwsANb9SYmJI9K9vUeGqjf4jEXWZGEWYW7/IS0sVbxBFDnGsyA+nVA4+2XNj6akma7Y+c7LNddNqVooJrVHURTtgyeLSpMP4T3PD8cpWpGpPvDr8USRG4gTqA==
+nl.			86400	IN	NSEC	no. NS DS RRSIG NSEC
+nl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tb9dn8CTgQm3tv+5wncgqyPqCt9Z/ZryACgupn7EH91v1ppyhQfAM0A4SrrHE0vUX9WuXCzU3TGKD4uUcNj1Mt+AxkpHYlFpVueA3CAPkIjp3fsmSWlp/bGL5mEicBQS8Rnh/b5TROSS53lrqfxfsNtwoRuHeVq+FofYiFTLlh+tEqKlEedhAJH4E5CwQqMEYtJhhj6HpmycKC5prA8BXKVeMgHYNpHoBgwUpr3dlMZNtD35we0Z24OG6GZ0xCn/dwx6L2mPFOCDatCQ9/ZDHuhJ6zW+j+aPTURulSymaJKTduc7MNsXEO9bvecXzUhJdRa9u4JtBBYuVqYG8Ypu8A==
+ns1.dns.nl.		172800	IN	A	194.0.28.53
+ns1.dns.nl.		172800	IN	AAAA	2001:678:2c:0:194:0:28:53
+ns3.dns.nl.		172800	IN	A	194.0.25.24
+ns3.dns.nl.		172800	IN	AAAA	2001:678:20:0:0:0:0:24
+ns4.dns.nl.		172800	IN	A	185.159.199.200
+ns4.dns.nl.		172800	IN	AAAA	2620:10a:80ac:0:0:0:0:200
+no.			172800	IN	NS	i.nic.no.
+no.			172800	IN	NS	x.nic.no.
+no.			172800	IN	NS	y.nic.no.
+no.			172800	IN	NS	z.nic.no.
+no.			172800	IN	NS	not.norid.no.
+no.			172800	IN	NS	njet.norid.no.
+no.			86400	IN	DS	38032 13 2 6D374D769D1E4388B1A549A6DA2F7D89371DB6ABAA53D20EEC70844DB4062E51
+no.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Q2JTtnIS+i8FFLMBRuY5ShpOMxD2sGHnmtZHDIMVN/Z/POO2W0A2ilTrVN50EipFPMsoLXmb/UrviNVQcN/d7t578eBAk8T+UNLS007hhepJmlY3WQ5tYufPsoI6EwdVezgQxkagLOh9q6JqNwIBE7vGSTMGfOLh/1MQ/NvTuhd7SLb+b+tliJcjflauZdd1KvzrwQleiwG6Q3vczSBCTq8Dr16ylP/N+md/D2st4Y/qlSrtaYPEuf8FC29sQ4oK/473iFnfM5JK0CzEgRCZg9U1l8olf2vMrLtYUNpYlnP50kA39HcjQlUlvYNp+cOVB2ddrG2zvlkV+l7HEdk66w==
+no.			86400	IN	NSEC	nokia. NS DS RRSIG NSEC
+no.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uqs+i7rhXrrzVBEsP/ktlOBCU+wveTXDkGctW1N62hnhGiMBFqnuNcjgfnbOaZv2ZysPzKU8etQSjAddUvcdgBELOE64C7NKMt9tMfEVkGm6K0pkLO3FQ0wzpDZaw4YevwhiZ+k3d/eOnmD/vZRJ3sTxQhjGU4/IHZ7S4Cc+dPOSLu0G2P9GWaN8K5KSdDQ01QrXKAeu5tNuQfEceakNafn/K+fHRJ1BBCXtUPTAVh1E6BFJ1vV6+gGJJxlqy9q6P1mbad2Ty7jLwWV7ho4ZPJv1V1G8QiBlslZqJoKanUDNa1JTpsl1kidgm8VOdZpOGRYMlUT/s7msxttRiphC3A==
+nac.no.			172800	IN	A	128.39.2.22
+nac.no.			172800	IN	AAAA	2001:700:0:102:0:0:0:aa53
+i.nic.no.		172800	IN	A	194.146.106.6
+i.nic.no.		172800	IN	AAAA	2001:67c:1010:1:0:0:0:53
+x.nic.no.		172800	IN	A	128.39.8.40
+x.nic.no.		172800	IN	AAAA	2001:700:0:412f:0:0:0:40
+y.nic.no.		172800	IN	A	193.75.4.22
+y.nic.no.		172800	IN	AAAA	2001:8c0:8200:1:0:0:0:2
+z.nic.no.		172800	IN	A	158.38.8.133
+z.nic.no.		172800	IN	AAAA	2001:700:0:52d:158:38:8:133
+njet.norid.no.		172800	IN	A	156.154.101.12
+not.norid.no.		172800	IN	A	156.154.100.12
+not.norid.no.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:12
+nn.uninett.no.		172800	IN	A	158.38.0.181
+nn.uninett.no.		172800	IN	AAAA	2001:700:0:503:0:0:aa:5302
+nokia.			172800	IN	NS	a0.nic.nokia.
+nokia.			172800	IN	NS	a2.nic.nokia.
+nokia.			172800	IN	NS	b0.nic.nokia.
+nokia.			172800	IN	NS	c0.nic.nokia.
+nokia.			86400	IN	DS	38794 8 2 5D3C0F0B92084EB734E6E06364681B3BB051087A15EBE6F468B2974C5F197AB1
+nokia.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y9DQuZSZimUxYou5QvebTJns6YVwa7mQBuHsVtovVAtK8LmmIfc7BEhaLgV6HWkcTdWUXTpvcCIX6OJdx70HPe0vbZue6N1oAhWWacVhEWGAWDm7gWuviYxsaj6HwhNUyZkDvVBfBq4v3wZEJP3Y5isg5m32LaaGu2Ji2r17P5nCfmLt+SspUbQmunTbV4VQB94Vjx1L67vsaROvKL7irIVcG0LFYd+pq997xYd1Z3BQUCnRtmNqEAVcqwaG7cn4g4XX6ZNjUOLk5z5cz1tA3scRHby1wCss60s/jzOnXKaO9yMj3+lvZ7pyBZzhRmMFjnUG4QbCve4eLyWcS7S9ow==
+nokia.			86400	IN	NSEC	norton. NS DS RRSIG NSEC
+nokia.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PZ1pYtOcBhhoJbY5sEBg3isBp+TfpXTVY04ttAlAG5RGZdXr2UDGaFwx6mtzy/Wsemq8Xgfx9o+34f6l62rsN0v9mDexAeSS/mA5cDJku5TsKvOKszqQ2Itx77hLcgFJWxoKsbTh0XYyAhqyW0Q2ZJDCXGnqwvMk9+TdhqNb8N4h4rNyJTPFbJvKHom4pX1MbWw2dIM0deRowJe1o+X/kgjwKND62MQMShvuIKy0RLj3DO4WmKRORTWcHbTLQ1Ylf1cs5msfFLyv0+2mbQu+MAnQAC98N8ZsUzLYu0rWHZL7Z+SiCshCnZJlPen47vgESG6y0pijc0wld/jdCo8KpQ==
+a0.nic.nokia.		172800	IN	A	65.22.148.17
+a0.nic.nokia.		172800	IN	AAAA	2a01:8840:92:0:0:0:0:17
+a2.nic.nokia.		172800	IN	A	65.22.151.17
+a2.nic.nokia.		172800	IN	AAAA	2a01:8840:95:0:0:0:0:17
+b0.nic.nokia.		172800	IN	A	65.22.149.17
+b0.nic.nokia.		172800	IN	AAAA	2a01:8840:93:0:0:0:0:17
+c0.nic.nokia.		172800	IN	A	65.22.150.17
+c0.nic.nokia.		172800	IN	AAAA	2a01:8840:94:0:0:0:0:17
+norton.			172800	IN	NS	ac1.nstld.com.
+norton.			172800	IN	NS	ac2.nstld.com.
+norton.			172800	IN	NS	ac3.nstld.com.
+norton.			172800	IN	NS	ac4.nstld.com.
+norton.			86400	IN	DS	13095 8 2 8A3E13067F0237E9F16D0C6D25C72B262AF2E49BBBA4345C70E1BA5FD19AC321
+norton.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DtUDWjtpgqHm98b75ovX+DvymwSPVd5yp52+kjmFvyhzD9gpcxXkthZ5MVb98tm3eA+ucMxKMs/yMrqJeBDpGv8vHb5xVbu0uu4y1bDXSDwLKTQ3zqU74RH612L2Au1zFYs6Ekw+Vncj23OVeomJjVumtAN4pp2mAZRg6sfmEeVfJYmk3cz+XI5bAgcnr99yd6Bx+w+mw5MD4SUsIz5D8Y3sq1/QoICLdONWMAhZAszbUrtjzNlf19h0RiBVTaqfUAMXymApCjKmFUROrH0eIMbYqPmRcX+OkytWD6x8m+eO0q5aOgckSAkNGIUB1SulstieHJEcGl7BysCS6m5EkA==
+norton.			86400	IN	NSEC	now. NS DS RRSIG NSEC
+norton.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L/rGK8rpSemyqR29WCyxbPJ7dKYvpUkGcizg+eiQVM+CUspUi9Vp9whpqGjL34HrFaDIa0Kp1KHMMcFuwARG4IMAfc45HwZBrX6NjJChW1POAFfX0vaCVu8dn04oBVZQJom1+F+wWZM1MXfOlBQmsSVwl8bXOUh+yL0p8ykIFDgFTcwy5iBVXTWE2kc+1jsXRuP7iAbOnDGtC5j1ycL1Gi87WKxI3w8THF5099/eCk0nPxv0Cbp9yenmn9hCmOKqOv+wlwiUO4b+x4ziUr4tCV5ouzI81T+GfiAmLPPWl3+KUHiZbEBOKHRfQQBP7blbgSg+ZUS5gBIU/lck+KPINQ==
+now.			172800	IN	NS	dns1.nic.now.
+now.			172800	IN	NS	dns2.nic.now.
+now.			172800	IN	NS	dns3.nic.now.
+now.			172800	IN	NS	dns4.nic.now.
+now.			172800	IN	NS	dnsa.nic.now.
+now.			172800	IN	NS	dnsb.nic.now.
+now.			172800	IN	NS	dnsc.nic.now.
+now.			172800	IN	NS	dnsd.nic.now.
+now.			86400	IN	DS	53572 8 2 530790FFB40A20CF7570A38B4F02E33E1B14E2EADE01CD99F15C9BBDF2E58112
+now.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . k+P4oHqWaaT6HhvQpoN4kMiLcCGN32AmVl6E0DX14iLcF078+rJAXdectnuJLuCtTWP+xpmjvoGDPf5fooQKrMRDjoL5cLiQLmXMDw36QnFPhvoRK4TuH3GsxpLk+Sj9RlQiOxPGBC9Ea7eZlFP8FUXXwcJR0YviZ2MjCJH4js5kF1DV7IH6lxe/9mT9k5kE01OJ/NRPW6hdypHNN3MHa9SjHBk1B4a6INggHJx+7K5AEv4XalFWusy/74qvitcJH/aqD0h5c6py04vReNWXDNPUOWqOaUPKh+111je4nRDWbiTH/Mjh3ZvB/jpjalzYgDzUYuzxBxwZIifPLTcg6g==
+now.			86400	IN	NSEC	nowruz. NS DS RRSIG NSEC
+now.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IK6obTea44eFDQEQx1tfEa3NSS/96JGssA4Q5zYL/zDDzsbWs2JKrdbrPaIz1GS2PElZidBaIfnbgqTAlfsruQwKqDJ/D6CZbJ6UqUtLP4a/Pz5ud4Z8/niGmu7/iwPy+4L4Pmk4p3L1P29YwPgwZYa+DSLfs+FSZ0qVfFXb6MLrt+MHnpqeCm+TgiflP/YbkMkFMUmTXoU3FdE37oqW5s8HHRKhE87Gge5zm2Ive7vArCZ8cBT3XfvQ1wKpTXM0glXamGpo0+mP0x2WJNJmYRs+EZp0Vq8v0KZoJSgXgu+H5iZ5ZAcLhUbadTAzQOEhPkqStun7OTyzokUbRK3wbg==
+dns1.nic.now.		172800	IN	A	213.248.218.73
+dns1.nic.now.		172800	IN	AAAA	2a01:618:402:0:0:0:0:73
+dns2.nic.now.		172800	IN	A	103.49.82.73
+dns2.nic.now.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:73
+dns3.nic.now.		172800	IN	A	213.248.222.73
+dns3.nic.now.		172800	IN	AAAA	2a01:618:406:0:0:0:0:73
+dns4.nic.now.		172800	IN	A	43.230.50.73
+dns4.nic.now.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:73
+dnsa.nic.now.		172800	IN	A	156.154.100.3
+dnsa.nic.now.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.now.		172800	IN	A	156.154.101.3
+dnsb.nic.now.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.now.		172800	IN	A	156.154.102.3
+dnsc.nic.now.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.now.		172800	IN	A	156.154.103.3
+dnsd.nic.now.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+nowruz.			172800	IN	NS	a.ns.nic.nowruz.
+nowruz.			172800	IN	NS	b.ns.nic.nowruz.
+nowruz.			172800	IN	NS	ns1.anycastdns.cz.
+nowruz.			172800	IN	NS	ns2.anycastdns.cz.
+nowruz.			86400	IN	DS	50845 8 2 F7691BFC344455BEE7376FCF659FCF623AD2FD081900F4FB32DB07C7BC6BDF57
+nowruz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RPe/Kdgwty5nhOBWiDO4OUpbvd2YwPrr4G3fIlQ3749fZfygG836Rq08FSkb1UQcnF8c7ZWaL4OI4Mw8Y3YaSZ0K4FDo/emDZ7Sblol8W24xfYDVWXLpHuQbRQnkxb45hNQIoLivSdH/TnEiak+ZTci5WkHjuNmGymnlMMyNKet2lP3xaqEP+Dv0Rjrhq35CQJm5Ug4yzzGVHjLEhYFyGbR2xdCWJPBOZ/iFc1UqqJKn6L9mht5XvnTXh5V8fI17yYyNYl6+gbowBGsfR/yEVzaD8vVNnNdT3GFF4VTetG8fCzM2sON30LglFYxZ8XD9n+XMrAybERcZlN16cRWOaw==
+nowruz.			86400	IN	NSEC	nowtv. NS DS RRSIG NSEC
+nowruz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KNbfn0E2dJe6CKo/1iPNlyRHn+AYoGSqYexv938Q3Y0855amK/DeJoK+XdUyZE0vZC8i5rtJX8XLPetMVRbAe7KTGostuxh8ZA0gTPf73hAWUZdPhJetI3dWMQSVFdTZu0w7VTAwJkZgoE2FX8BUVlnjol/4C8Hkw2mmnqnSdbOPcnZfnJyGqLnZzIMZsyrzSuKs9YFw+IHaL/b1AasqTzDXxZZNjzpLMycsXrkLD9puD66LPTKyS6Rx8AZq7+m/qlKZTjYqO95/eRgurLyn3DkB2Qs0v5MfiFdAxKkMp65yIynV+THkpNx563j3owHR1ME7NE2ThzGkFaTZGPoWww==
+a.ns.nic.nowruz.	172800	IN	A	72.0.49.10
+a.ns.nic.nowruz.	172800	IN	AAAA	2620:171:a01:ad:0:0:0:10
+b.ns.nic.nowruz.	172800	IN	A	72.42.113.10
+b.ns.nic.nowruz.	172800	IN	AAAA	2620:171:d01:dc:0:0:0:10
+nowtv.			172800	IN	NS	a0.nic.nowtv.
+nowtv.			172800	IN	NS	a2.nic.nowtv.
+nowtv.			172800	IN	NS	b0.nic.nowtv.
+nowtv.			172800	IN	NS	c0.nic.nowtv.
+nowtv.			86400	IN	DS	30316 8 2 06BCB6632FC4327BA1D5ABFF7CACA06F7D01FCADEFBA3AEA17DB0839C5C9CC4A
+nowtv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . onN+86EVGKZbKgj/lCd2/duCxu8sENJBc7HK417WQi4blUwnLfuiUUbLOuF4HcWUy5zt+xJrzAoJMHMbAdKGSAmB93iSWlhrC0fMfJWAbJKEHsA+4d+PqVOasaRabiQ8ZG/GvpoHo6dh+THk5sNkzPlFSN+lMuNJDOaQxG5pqKkFyLsadcs5dvPNstQmMW2hADAY3QBuHKrwDRFHN4QYQsKqLWim3HeqznWC2yUx5/9ouEN1AZWaBpxVS/r/jTSIMLOXU+HcMOg2TKd6gpyaIodGlhD+nsnKdROJf0CmkQGxskE+OdFh9rAwV2CoQ6UNjakMjYJw3FdgNfs2ILX6lg==
+nowtv.			86400	IN	NSEC	np. NS DS RRSIG NSEC
+nowtv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . iVNmfvG2wTnnfSE1cQz+8KwVgkgW/1KErCXMqduHEVxroZ70VhARCcGV6AYUz9oVkYFII54ekDQguLK+H4otRm3vXw2NhDLyYk8z1Qkx9qa6g5Xh1GvVAu/30MNlj3P8uzgTuuLZaPhOaQy7J8r6x1DXsnACGYjfqEy7B0k2omyLbOZL+FNNXxsMOr37MwvnhLtv5Qp4AxkbdBaPjlvCD7wsYtoo4W/1Kau2EnP4bq481PAlirXn1nD0PG0CIfcFOxk4VaKXoMxof61cpv87gDJkykhhq3i759yvdOwhI2irWJhLipIKtxSjXCEyHO1HbWIDSt7/NYjSIQuouaEubw==
+a0.nic.nowtv.		172800	IN	A	65.22.172.1
+a0.nic.nowtv.		172800	IN	AAAA	2a01:8840:a6:0:0:0:0:1
+a2.nic.nowtv.		172800	IN	A	65.22.175.1
+a2.nic.nowtv.		172800	IN	AAAA	2a01:8840:a9:0:0:0:0:1
+b0.nic.nowtv.		172800	IN	A	65.22.173.1
+b0.nic.nowtv.		172800	IN	AAAA	2a01:8840:a7:0:0:0:0:1
+c0.nic.nowtv.		172800	IN	A	65.22.174.1
+c0.nic.nowtv.		172800	IN	AAAA	2a01:8840:a8:0:0:0:0:1
+np.			172800	IN	NS	np.cctld.authdns.ripe.net.
+np.			172800	IN	NS	ns4.apnic.net.
+np.			172800	IN	NS	pch.nnic.np.
+np.			172800	IN	NS	np-ns.npix.net.np.
+np.			172800	IN	NS	shikhar.mos.com.np.
+np.			86400	IN	NSEC	nr. NS RRSIG NSEC
+np.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wUvrHptTvw1rarDITpVOWPNGkcigSnevBGbVn4d4OcZke2IuE5K+pztd7JQBeMhvy8X7oCfCzRpGQHNoPsoaxpNOajefdmtYHnfWFieeDgCGGjCEVOAoxxPbfiaX0g8L4RH4q94SloSqcX/GNakHKEdZtOCihGnWTMzqtjvSfJ2fCO5IaayKFurR5akmFft0XDnDanO/ZyFcM5a/rEi/0Cn82Y1v1e8LFCRlo0t9MyXf/Go5HkDsi5n3RIhkWwf/TP81LkmpML784wMtiucMc+gNN3iutx+Xbd+aZPVOFPov8RYyO7LSlsztLSDEWRej/j+WNxSDT2bKw+Kyb13UIw==
+shikhar.mos.com.np.	172800	IN	A	202.52.255.5
+np-ns.npix.net.np.	172800	IN	A	198.32.126.50
+pch.nnic.np.		172800	IN	A	204.61.216.11
+pch.nnic.np.		172800	IN	AAAA	2001:500:14:6011:ad:0:0:1
+nr.			172800	IN	NS	ns0.cenpac.net.nr.
+nr.			172800	IN	NS	ns1.cenpac.net.nr.
+nr.			172800	IN	NS	ns2.cenpac.net.nr.
+nr.			172800	IN	NS	phloem.uoregon.edu.
+nr.			86400	IN	NSEC	nra. NS RRSIG NSEC
+nr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . f2yoqFKZYZ1dpm8SME+WiUH2kjsgnoVKOYYZt6/8gHM1BFr7Ja4of3CXy7gTZ1z2/x2dj6K0LmPc8AVMCI18mie1JgsNHBChodqBu8a/hJIvPPht55z6J+IpnHjIVhf+vHjUX8xURvAI9iJPll11/eNVMh/yH+CMQVgssXREWZG0XKWW2WMdc04qkmooW9C3lPrvoj5aJxsRty3/bS9iiSB7xFZCsKE0v/qsfqyBlleotQ3bh1BfNqPvp7QEEO2cqmGJmsOVJ/m/zdFsISdBYcV0TBhB7l5gS2DNBlXOwQS4RR2bj6IByoR4G6/l0vKhyL4OtE89clzEnVwS2Zdilg==
+ns0.cenpac.net.nr.	172800	IN	A	203.98.224.66
+ns1.cenpac.net.nr.	172800	IN	A	203.98.225.9
+ns2.cenpac.net.nr.	172800	IN	A	202.144.128.200
+ns2.cenpac.net.nr.	172800	IN	AAAA	2405:d000:0:100:0:0:0:200
+nra.			172800	IN	NS	a0.nic.nra.
+nra.			172800	IN	NS	a2.nic.nra.
+nra.			172800	IN	NS	b0.nic.nra.
+nra.			172800	IN	NS	c0.nic.nra.
+nra.			86400	IN	DS	44089 8 2 C9CE8FB22E6E9EAA566D79696115FC26158BE3F19C520DE9490748BE01982F4D
+nra.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QM9Qu+YFDbC+gm8ZpMY5+q9dMtyDYeHngqT/dXRjsQA463YhsgysPC2iuUlNCtqzGNi9xygXi8NOgy1wNImT2P+zkbR2mVJvVKztTtfMch7je29oBzD+iOj/+olc3xfuHGlVNy9pppOJ2gMoJNl0mDB4UNKz8IKJMCxD8CM98LTC687ihzgP/7rVgGPuarRBiKpO+oUReEP4AQ3LFv0hf28ZmF3mk1MiGM8RGSRJ7dJioBEYaWgeCP6J8HGS0gWiwgkH6Nw4IWLeT4GkdMVu2+drjvGw6SfWI8W7kfiZFaCobSt48g86MgEfjJYrRVnua+s3azwVni/TcMuuIEF1Xg==
+nra.			86400	IN	NSEC	nrw. NS DS RRSIG NSEC
+nra.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cNECBx2Y+R8w4SAAvxY/LwDSqSZdEt+E1CIGkdMr26EOKM3gCsm6QtQOM9nVuhg5wlMc9kVgENJOsGyDmiyZ2VJA6q/wG/0fpyzVHAEkgQuLC7gvRicU4bhq0EHfzVpjMw8JGMVVFbZr1VcIo5Xki17xc/j3Jr22SozI/pWqMJ/wi2L5FGHvlHwzbQafAqZeHF1wSakZUNkm4sNdHAfW821kCa+Oan2kZc5FmImArSErheL5njh6IU2JY+vy4iYWNTJzzWXDxN/zQV8wS+NMioEK3py1zQLKCs/eSl9V0BlPWGX8HWDC85U+q5Uy36aVObVTbUh1NYtPqRUYKkLxNQ==
+a0.nic.nra.		172800	IN	A	65.22.240.25
+a0.nic.nra.		172800	IN	AAAA	2a01:8840:ea:0:0:0:0:25
+a2.nic.nra.		172800	IN	A	65.22.243.25
+a2.nic.nra.		172800	IN	AAAA	2a01:8840:ed:0:0:0:0:25
+b0.nic.nra.		172800	IN	A	65.22.241.25
+b0.nic.nra.		172800	IN	AAAA	2a01:8840:eb:0:0:0:0:25
+c0.nic.nra.		172800	IN	A	65.22.242.25
+c0.nic.nra.		172800	IN	AAAA	2a01:8840:ec:0:0:0:0:25
+nrw.			172800	IN	NS	ari.beta.tldns.godaddy.
+nrw.			172800	IN	NS	ari.alpha.tldns.godaddy.
+nrw.			172800	IN	NS	ari.delta.tldns.godaddy.
+nrw.			172800	IN	NS	ari.gamma.tldns.godaddy.
+nrw.			172800	IN	NS	anycast9.irondns.net.
+nrw.			172800	IN	NS	anycast10.irondns.net.
+nrw.			172800	IN	NS	anycast23.irondns.net.
+nrw.			172800	IN	NS	anycast24.irondns.net.
+nrw.			86400	IN	DS	61012 10 2 03B1A9B2F537EEB6E16872FEF7971D7FC55A71B270952BD1E7BE44301F1CC245
+nrw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . J1VhVv9y0XNDKklACjfqQ2piRAym+uz1kSJpbTOIZIDTWd+eMeDlQxgmacHe+lHMafYykQ9AtNGSHmDcbm5XQBrBCJ4kYoxTEEd1u78L0DxpeT2lz/0pKZO6PEtrcLJ5t+ArvBUgXJNZ1KTG1ddACo315tAYVeLIbh1n1dRR2CuKhzCuh5DMVa2o/7Tznt0R4QASz1nFvmdc0IZ3Lw5G129/Fcs6rFxmJdEenrFbEWytEcFbkse57m0r9iz/2vEqgGnQjhIRAmg5zCcgfYW/nkyzgXM5t+SXJEXM2lE81WsUA24ajLzKm3j0AtmU3k55tKQm87Ssep9JJQE/DeKLqA==
+nrw.			86400	IN	NSEC	ntt. NS DS RRSIG NSEC
+nrw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cejsPwEHOllg0ljCI7PllDhGz+JP4oy8vxT/Mfn1uNaE0OMlNG8vU8F20AwDA+KfnJBdtafC5zLfU/mmznLHGItszbYlP+wqmsRL98ZKMBtCoqxaHlpP8BAfO32BDeiuw4hSUq4MS1vtxNiFovG+o8jzHzW7Jlprx8Pg0/sj6l/Lg8ANzM+Fh3LqwkgaaP9BiDXG2vA72vbLzApG7++uct30uhPsSM+wNFVWq2Yg8B7Q74jMcy4YC2NNwvZQhvZkR11oA2mkTcacf2oxvPsOLpxB31/+F3prenqTPZEh4LnLuku5XGhaBGRPwPjDAbDchjhBZEymkUCZ0bzWE+ij1Q==
+ntt.			172800	IN	NS	tld1.nic.ntt.
+ntt.			172800	IN	NS	tld2.nic.ntt.
+ntt.			172800	IN	NS	tld3.nic.ntt.
+ntt.			172800	IN	NS	tld5.nic.ntt.
+ntt.			86400	IN	DS	42481 8 2 D21DF93A73F35F8C3428A42DB60DA7CCEBFC2A64A42B6F5E5024F358D5E18D44
+ntt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gRrfdHnxV2kB9GWybRTXknXAEHWedjh1V/yYUSyVwz3CGBdXHx3DUH0msSi11vQKzSez2HcNIgNhRnT0TqxoTM3+GfYmYOEiTAs1W73gjdjmFb8URVRhsUGYsJEkutSVZoIMrHhJ8tYoDh7PrVKkekH/mmmiWUWQl/p6HH/7swbX4OTR2nbQJM2gjyMiuBOtG28VVInfUHKZUZDE41y8j2v3xkzvqkdIsQ406PEgnMhlcO+FwWlnDJRdVbj0mODAoKoOIEXL1z7IX5wcdtroDNqWlfVL+2z6t113lK7cSreDXz3o8oA2T9hDgd8a0iRkYh9jTriIH1zwVz0iCNSlTw==
+ntt.			86400	IN	NSEC	nu. NS DS RRSIG NSEC
+ntt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KcUQUUebEGfuHDOy9i49SXOhgh2rmjw8kc6VKIoJVZVAjpsldUP8k6iS84KvA3gZD8r0a6DBEWtTvons3PEY7wIZh7m9uLw83qImzxDiLTfBqktsGwBPdi1W0ToWWEDaCrIQWohJzneXN1wCNSJ0qvmAQanJVh9iS5pwqEdxEc8RHylYb7CAo+IFrpTtM4SY4YrgmWZF/xpMeG16q/7u6BtoVrbzwoZI/SwtrhHDd/Ut5iheVd2Z4CXYquf82RCQrJSuCtbbFSibDwHqRG35UpNrBVeaVzgrQ8rf1VvNPPdGECrRlJuinXlPp19LlRrPi6jUv19ke1lJZWoF7s2oMA==
+tld1.nic.ntt.		172800	IN	A	103.47.2.2
+tld1.nic.ntt.		172800	IN	AAAA	2001:dda:0:0:0:0:0:2
+tld2.nic.ntt.		172800	IN	A	117.104.133.17
+tld2.nic.ntt.		172800	IN	AAAA	2001:218:3001:0:0:0:0:2
+tld3.nic.ntt.		172800	IN	A	65.22.40.17
+tld3.nic.ntt.		172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:17
+tld5.nic.ntt.		172800	IN	A	65.22.40.145
+tld5.nic.ntt.		172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:145
+nu.			172800	IN	NS	a.ns.nu.
+nu.			172800	IN	NS	c.ns.nu.
+nu.			172800	IN	NS	d.ns.nu.
+nu.			172800	IN	NS	m.ns.nu.
+nu.			172800	IN	NS	y.ns.nu.
+nu.			172800	IN	NS	z.ns.nu.
+nu.			86400	IN	DS	41209 13 2 46159142140BBF89ECB41E202F88DA8C7D8A51B584AA5EA4A28CEAAAF9091185
+nu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Egx8WZN30bvvj4pASzTc5xEWwxZ4XFDP3BiVeJjMAJvTaW5RlXqv/HdrlJ2wmVFgw/abVnoo3Ifym61rAF0TuxbMmhug8HWK2H26J2bvwzJVloNBuKFsdlA5LLgjrRULeMM8ScYhvdNyaRbYIl0n/NJaTuxiu6rt8rVgKiqyEDbMcYcea9LlafnZjmA9ZdQEnJpZKvT79Ya8kkb/PyzslHem8aX3H9daUhtQ5UzsLr3XZEVfxJL7b74RqldacgMM4Qhsey4eWADvVDVJhkDQRFKfRNHDJTfH3Z0h++X2FrqbA6cLgn61IrlrOHxaDDxksv7o62aTDYb/fncyIZxLXw==
+nu.			86400	IN	NSEC	nyc. NS DS RRSIG NSEC
+nu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LGexYsunV7R6KEEA5UEMX3BSiyEJJuFiLQgpfwbh+ExxWXn4RuaTDRFeA9hYSPelB2AWZrhGyfb3Bz9VUeE11AO5V4uN2CPjBlybvLhc7/l4RpKGpbNxhkXRaERFh/222BvIb12cdrBfZ7clshl7oA1os6RE6r9YrzruHpUiuqFGReZ6WMAjkNZ3+p9h4LNP4azf5E7EqZ/aVaOH5dj/Wt4T8glPc+yyQWHCc9GUOLOl7b4Br/0H+U+kmpx5bAOhSXHIs5o0h5IKihqWJBot+kFw1NgxdcqnK/+VYq+9XAKV8ul8vHDtEW3DF4E4kDq/7I0tEqbbFOyy+LktJs+iAA==
+a.ns.nu.		172800	IN	A	194.146.106.22
+a.ns.nu.		172800	IN	AAAA	2001:67c:1010:5:0:0:0:53
+c.ns.nu.		172800	IN	A	192.36.144.107
+c.ns.nu.		172800	IN	AAAA	2a01:3f0:0:301:0:0:0:53
+d.ns.nu.		172800	IN	A	213.108.25.4
+d.ns.nu.		172800	IN	AAAA	2001:67c:124c:e000:0:0:0:4
+m.ns.nu.		172800	IN	A	194.0.11.112
+m.ns.nu.		172800	IN	AAAA	2001:678:e:112:0:0:0:53
+y.ns.nu.		172800	IN	A	185.159.197.150
+y.ns.nu.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:150
+z.ns.nu.		172800	IN	A	185.159.198.150
+z.ns.nu.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:150
+nyc.			172800	IN	NS	a.nic.nyc.
+nyc.			172800	IN	NS	b.nic.nyc.
+nyc.			172800	IN	NS	c.nic.nyc.
+nyc.			172800	IN	NS	ns1.dns.nic.nyc.
+nyc.			172800	IN	NS	ns2.dns.nic.nyc.
+nyc.			172800	IN	NS	ns3.dns.nic.nyc.
+nyc.			86400	IN	DS	12721 8 2 37F945F2D915698DCDA12F80C7306150223270F78EC1D96FFFEB163A2B1EAC22
+nyc.			86400	IN	DS	12811 8 2 A5F2EC128186E5BA7F44AE789ED94F96E32811A68407D40E7073E2A58E8A1341
+nyc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yhBDqklu8XvKpXgXRblADSpU82oF5daAtC2Qg4KSp5kWvvoWgvG4oxyqRIZp7y5+DPyACAci8u29ILSU/LuifF5TFF4NFF6PpTK6j+UNRF+ZReWkYpNHQET8Z1jBTRxG8xNzpEAZtCp08R0YdQK0/ShRsus5DXfdX1UbXPJ7NZy7qwLFuS1YhIYR1w3EXjOgNEBdaqy24OdBmfyg4thWMGogC7xORgAuxrQQS7rZum8+79DiJgXX9cnV5mbWK3b5t8LO5LApJMCh1CJu207psznAZ0PVkeOZOXySZfy4z8Kr3vtZFymDEz1oR4QqIyxtVtdXm9c8GJ/4b3LtQfxlVg==
+nyc.			86400	IN	NSEC	nz. NS DS RRSIG NSEC
+nyc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FIeo3cEQ6/bpMi019Dzl1T1MCbYwg//cMGHcMdkCdxz7mnq0LjZzh33159Cdc8WXPFKfrLWDmHOEuNsIBtiJYmUK3QQ0wAS43wGP1fsRCHeInQSPNeE582e9XZhEN67WaZEELHQMVXYh6GDcGrGSm6bXUqFrTnYC71lr0sHYqc2yp9SYRCJzcOQJ8UQWYOK6eI0R4mlMSAjxxzEe6lnsgGkxtr3ay3e65/V0mlWe4kz24mPZpL0iwyWfjb9bmIVZXjIhSOaxs/xfQvU+McDERevZ59o7FdIHUzyJpk33VjMzhJuydIqbay+k5CCxSdm0Y+SzPT/v3r4k+fRkX20lHQ==
+a.nic.nyc.		172800	IN	A	37.209.192.10
+a.nic.nyc.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.nyc.		172800	IN	A	37.209.194.10
+b.nic.nyc.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.nyc.		172800	IN	A	37.209.196.10
+c.nic.nyc.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.nyc.	172800	IN	A	156.154.144.125
+ns1.dns.nic.nyc.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:7d
+ns2.dns.nic.nyc.	172800	IN	A	156.154.145.125
+ns2.dns.nic.nyc.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:7d
+ns3.dns.nic.nyc.	172800	IN	A	156.154.159.125
+ns3.dns.nic.nyc.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:7d
+nz.			172800	IN	NS	ns1.dns.net.nz.
+nz.			172800	IN	NS	ns2.dns.net.nz.
+nz.			172800	IN	NS	ns3.dns.net.nz.
+nz.			172800	IN	NS	ns4.dns.net.nz.
+nz.			172800	IN	NS	ns5.dns.net.nz.
+nz.			172800	IN	NS	ns6.dns.net.nz.
+nz.			172800	IN	NS	ns7.dns.net.nz.
+nz.			86400	IN	DS	13646 8 2 569B1BAE369FD18F03D088FBA91BD58A830E4E21D2C96155CED267544CAC14B1
+nz.			86400	IN	DS	49157 8 2 44628E9BF710B40D5A5B19087A119EAF2C0B5CED7E7BA4268F4FC35BEF14B1C0
+nz.			86400	IN	DS	63529 8 2 65C9663EACC1AD314058A5A7B127D409D144BBA9A58EC0B6A7F4F028574DF47B
+nz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UEjUgzU6+uy/Ov8vrAEqLTEJiZRraEhxzNQqcqF1AFTuflN/ZsfDnxH3OmPC4hoBnW8ZeQ/JvVQT6Fo6AXkq1bR2DNyPMBP9zhJeRsFb5kX+YHDpmaVFnE0qY+RCh1xl0ihJ1tsWOuB3u1Ht0l9YqHfkY3KKlfDerdQJISmkZG/R3dRYyOV3JT8jhnfB0k7o6sVJP1xgrSSexUUdVNfZOEQrCTsSNhoZThdyZJwgXDZ0BpovFBUJKWWiRQtgMaQuswbr0QmtJE+M4sdNkToxB6KAlgPQGdUTSl78A7pGncUidGSxSKh55fjCTCJ1csRFY4qJ05PVhJ90e979WCuD2A==
+nz.			86400	IN	NSEC	obi. NS DS RRSIG NSEC
+nz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z13ESScqnUfi2kr+1b/U6YS5+Ka9BbJoy72lXGAtbKon+9d77FlYeIYluMJTCKQ3sBeU9Z8Mh+K2ZcD8uyQRO81PkxCrePEei6C6c0+FNqybVUAI9vuGZjyIzzYZejD3WQmVwBmW13OcgyUnHU40Mw3SRekyaV0NtnAKM6VAdNu6pztlf5TLZxUpDxPMi6PDTNr9qzTMnaLevLuGD6RRh7034rPPG+BrMiFyhW4V2UVrDb72srYONyKMDQBLTpNID5S5Zc3tyPvCaqQuDfzWXJRCi0QlI9PhTiRFYDfDcouXe+ZjBhlQEe8EwYfByXZziuyyRXy7fGrosCSya9xI5A==
+circa.mcs.vuw.ac.nz.	172800	IN	A	130.195.5.12
+downstage.mcs.vuw.ac.nz.	172800	IN	A	130.195.6.10
+ns1.dns.net.nz.		172800	IN	A	202.46.190.130
+ns1.dns.net.nz.		172800	IN	AAAA	2001:dce:2000:2:0:0:0:130
+ns2.dns.net.nz.		172800	IN	A	202.46.187.130
+ns2.dns.net.nz.		172800	IN	AAAA	2001:dce:7000:2:0:0:0:130
+ns3.dns.net.nz.		172800	IN	A	202.46.188.130
+ns3.dns.net.nz.		172800	IN	AAAA	2001:dce:d453:0:0:0:0:53
+ns4.dns.net.nz.		172800	IN	A	202.46.189.130
+ns4.dns.net.nz.		172800	IN	AAAA	2001:dce:d454:0:0:0:0:53
+ns5.dns.net.nz.		172800	IN	A	185.159.197.130
+ns5.dns.net.nz.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:130
+ns6.dns.net.nz.		172800	IN	A	185.159.198.130
+ns6.dns.net.nz.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:130
+ns7.dns.net.nz.		172800	IN	A	194.146.106.54
+ns7.dns.net.nz.		172800	IN	AAAA	2001:67c:1010:13:0:0:0:53
+ns99.dns.net.nz.	172800	IN	A	202.46.190.131
+ns99.dns.net.nz.	172800	IN	AAAA	2001:dce:2000:2:0:0:0:131
+obi.			172800	IN	NS	a0.nic.obi.
+obi.			172800	IN	NS	a2.nic.obi.
+obi.			172800	IN	NS	b0.nic.obi.
+obi.			172800	IN	NS	c0.nic.obi.
+obi.			86400	IN	DS	26464 8 2 540D7E7CB6F111D9EA048E3801806A4814B6C1DD229F3A2414AAE8FACCE3CB13
+obi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . d+59oObTPW05EyjJHAnrY1wfMoXqIYMI05xR/GiQYR/gbsiT1m8267N6VuFtN+c/pzhB2TK+FXaApgLnx0dhVzkuafZM0SMe55SP8bW0T8xDF6yMBhwEq853dC1mayzcPG+BR61ye2fXLfseiFRs/azE6A9r28p2XvGHzP1FMzk6fWmK5bUiUobQvzVkR7Wf5rQgQxcdb0fp/Bc8hn8o8C5XKVeWea8SsHJOgC7SeirlAlFo163996krhYvtgDwUJz/M0Al/EDWvk7cK8bu01Oxi9dVx6EY8lp3HAJ2VzfQk3T3ApW2WvTZOEH76TUtkj/eMiFuf0jYvK94zv1AY5g==
+obi.			86400	IN	NSEC	observer. NS DS RRSIG NSEC
+obi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NEf2Xc6gRqja8Yb30V/thMUQnzt4JWtYCOe388N/tYj0F2efglDboxaYYMbxrL6+XZRL5h2woErutvlMcM4JhsJ9r00FASvzGM3MrBwMLKto5AQ/m1OC3RL3AK+jYGN2wrfQNowPBmz0WGZXhFOC3/cef7NZJEeHcAbBlSHHeXcVkCgIc8Lm0vdOb4vCD9sCh/qBwhKOiHffXpE/ov21tiDwO3baGipdy0CRcwjsp1GJk/MyVm5kgoGzzAj6l8nsCjFeS5qOuwe1bKz4FEiO0zmdgr5hEuuuB1MVprnjk6wAwFCsiK45S9U7BVjA5JGqKxxWJa7s1Dyq/R4lDeIaJg==
+a0.nic.obi.		172800	IN	A	65.22.112.17
+a0.nic.obi.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:17
+a2.nic.obi.		172800	IN	A	65.22.115.17
+a2.nic.obi.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:17
+b0.nic.obi.		172800	IN	A	65.22.113.17
+b0.nic.obi.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:17
+c0.nic.obi.		172800	IN	A	65.22.114.17
+c0.nic.obi.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:17
+observer.		172800	IN	NS	v0n0.nic.observer.
+observer.		172800	IN	NS	v0n1.nic.observer.
+observer.		172800	IN	NS	v0n2.nic.observer.
+observer.		172800	IN	NS	v0n3.nic.observer.
+observer.		172800	IN	NS	v2n0.nic.observer.
+observer.		172800	IN	NS	v2n1.nic.observer.
+observer.		86400	IN	DS	46084 8 2 366C4C042DBBAA5636C254A7AB2331102545DCA6F2C81C8CE6B42C6DD0CADEB4
+observer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eigpZuUt97BFdJNVryfQHzLUawvxI5lOkMP7dba++MUMhSPKPqS3/j+9CcBqreheXD8c8gErx8OutW7g+3pLSxuWEWU51WUQ70kCY1lB/42kKPlyX0Wvn/GbK+9lgg4GELuZL12lRwzd9JYPRnSMSKLQvxs/ZXZx3r0OsCrm1YYUOJcOMyrgREmQXtkzGH79P0Ur+F5iicH0XrgCyOLFa57OTJzGx3/Hc/mQrKqhQpTTJ1Gs1O1WblonkwXcO91Y055TrpGSx9n7+xD5h3bIA1OYQ6bI6sZfIH+PljFam0isoBv8nebftk4D+/J/VbV3hVP8e4SK1guNIA7rUyOjtA==
+observer.		86400	IN	NSEC	office. NS DS RRSIG NSEC
+observer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XKhNEcx0va9BRxTMDxXHQxvoUVdbj7C6KgWdOfy/vG1cOaArESwhzMyE0ZyTWQUgKbb1++TfwJNLaYWkJdo3InuIA4Uv5ygTWZGYAsc+TKLRKCzKSE3wNaRyF8AxVEYMPV/+bKfSAr/O+72XUaUlyuHY6vsewc8Ne8BknmkenmOz/NVZgiwwJ/9x9d0CL/uc7eKBajKJxqjtIP9xEJxkuu1uXtPhdjF1b/+E7YkQ39v/C0dpGAaRWp8GdT4IIQ9P/cfGEaTCF30xHQF0dwS+7Kj7rF3qzoOGjstRgmLrfcMitGQSyvC4XbB8RXJln6UXUOU2SOZoOjhVznK3jcASNA==
+v0n0.nic.observer.	172800	IN	A	65.22.24.63
+v0n0.nic.observer.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:63
+v0n1.nic.observer.	172800	IN	A	65.22.25.63
+v0n1.nic.observer.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:63
+v0n2.nic.observer.	172800	IN	A	65.22.26.63
+v0n2.nic.observer.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:63
+v0n3.nic.observer.	172800	IN	A	161.232.12.63
+v0n3.nic.observer.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:63
+v2n0.nic.observer.	172800	IN	A	65.22.27.63
+v2n0.nic.observer.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:63
+v2n1.nic.observer.	172800	IN	A	161.232.13.63
+v2n1.nic.observer.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:63
+office.			172800	IN	NS	a.nic.office.
+office.			172800	IN	NS	b.nic.office.
+office.			172800	IN	NS	c.nic.office.
+office.			172800	IN	NS	ns1.dns.nic.office.
+office.			172800	IN	NS	ns2.dns.nic.office.
+office.			172800	IN	NS	ns3.dns.nic.office.
+office.			86400	IN	DS	6562 8 2 DBFB7BBBF0BED181CF7797BEE3565A527B9D4746148AD3B2B835ECD1531BA925
+office.			86400	IN	DS	9475 8 2 8193E9E63984C0EEBAC5E602C134CA712C7843002BCDDEF3C08A199AC9D4308D
+office.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pv6pF3O8eR+pS8e39+QNPdrlByw24ApUs9Be9h/m6VuFvNBenIkQuJNRZSY7Bf5PqG0YC3dPmtZOO5W5ktYn19umNPT7gK7gmF1SyiPpIQ25zxd1ebbBBEoG2t/jB+HvPOrz/2roQf9puyHfYpQlwxHvapS9nBU8PAXB2raBEHHyC8yqJ6LAtBm5unoEA1+WQ2y/1XqW/pGeBCVb2loH9R4lfjaKc4kVwQO+/W2AM8Rj64H/VzPw2X2tztTDuB0oWdoMW/F/zgg/GzB1aS0zGEsy9/z8aJbpB/IM8OiOJ2ahTkH7KJ0Gzu3o0Q6+7o7c6+yu44EUANhFgxqrLhx83g==
+office.			86400	IN	NSEC	okinawa. NS DS RRSIG NSEC
+office.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ji1r/BQHzlGt4JzGZYjGTSkl8O1OhAYhFat8BuWcM8F6XnqmVhMzDbYINyQ9bZKRuB1E5Bslw/WqVQZ3Rpm2b69kKVuqZMsR2nUFwstG5M14/upA0vHJDf7LVtzBUzSCq4ZBCMSCKLHNw1kgWy8roiOpg2Vxmy7Gl8KpE/KH2mjVnhwY5QHhxEXHXZu3wcOgfWFUYniUISwn4R+bwk2m385Xf3PKRTqgmKxp0rU1olNn1aIcg/w6M4Hv4iMjnYOkUFaHqxuhKkRMsZ1jvrbl5BKrCWqn9dwy+gr+XtAomaFz8w/5iOYU/NeCTH04ka0hBNkhJXV6ZseMch6HgD5BFA==
+a.nic.office.		172800	IN	A	37.209.192.9
+a.nic.office.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.office.		172800	IN	A	37.209.194.9
+b.nic.office.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.office.		172800	IN	A	37.209.196.9
+c.nic.office.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.office.	172800	IN	A	156.154.144.126
+ns1.dns.nic.office.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:7e
+ns2.dns.nic.office.	172800	IN	A	156.154.145.126
+ns2.dns.nic.office.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:7e
+ns3.dns.nic.office.	172800	IN	A	156.154.159.126
+ns3.dns.nic.office.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:7e
+okinawa.		172800	IN	NS	a.gmoregistry.net.
+okinawa.		172800	IN	NS	b.gmoregistry.net.
+okinawa.		172800	IN	NS	k.gmoregistry.net.
+okinawa.		172800	IN	NS	l.gmoregistry.net.
+okinawa.		86400	IN	DS	33736 8 2 ED3CF17EF5286EE0AF90213FD802871A672213FECE32038557DD2A0375A2E6C2
+okinawa.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PKJHugHSdiQJm2f5v3HVqU8louevkzV/WXy/yPfydTrtlecKJb9Rk5dBCQpNnTFJF4lS8b80pd6QC5Yb5VCwRkY9Wkd3Lb48gyCjx8q2sXZvG6k71b6Q+x7CRiBzhpBvu+6ms+MnzKZ8oQJDxSZn4g532Era9m7G5wIY85EOsOVFMfYrC3FsKforDw4Ghu//JSAGes1kBYVRmh4ViVPt96j1GTQyK0kU41JfcjgVbIFPy4QQO6N3DeW/7yxGnc6/XvRH+3MCfoIF5+e88m2B5u1rBbhr2US+9TEdLMRGBfaDtimkQWxGSf7ViHhpoHDYhUZC4QtEl4kmPYhdVFt5Gw==
+okinawa.		86400	IN	NSEC	olayan. NS DS RRSIG NSEC
+okinawa.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ajpO3s01lbmeRl07WdSZCj8FHbJ6JnCprx7QRSKVj4cYNGxKVBk0uWdEIMArVRDnYgQLOtP6ea16L2O6uEBnWFvutHg0nsF4F0OsUW8VRuqGSwuT9RIFXxQr0nOcpGbtHm/bs9Q4F1Di+zeBUExMs4umtw15r4Jtm2uvlX2PE2PptNb4OazxtTZ4S1Y/cHufKuoQCZ8DnPvHXh7qihv7YY9f8CEKlusLnE9aLrSutgss3XVCHsNoAf5Uum+GtoAz4yVOxiO9A4gIjfDcvk+9avyXSLZIll/iNvQz9xEG9Sh+X4N1uEzbXa7qHF92EO7s5pILtIuOybcJ9s8HfPLvYg==
+olayan.			172800	IN	NS	a.nic.olayan.
+olayan.			172800	IN	NS	b.nic.olayan.
+olayan.			172800	IN	NS	c.nic.olayan.
+olayan.			172800	IN	NS	x.nic.olayan.
+olayan.			172800	IN	NS	y.nic.olayan.
+olayan.			172800	IN	NS	z.nic.olayan.
+olayan.			86400	IN	DS	24340 8 2 84F7ADE4991F5338FC9612349A62C456810E645B4AF49B77AB8DD029ED8E5CEA
+olayan.			86400	IN	DS	60061 8 2 930E37D43F6F58965863B8906ADADFDF0091EDEE90B6C8C0DD3A88ED5112D2C8
+olayan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mHd3zMSAy3KJmsnEFsKg2XbXBqb1m0XY2wd5NqsiGu8L6/vIbxkMFLm4DZtxMLSjzsulpMqGFe/8TXAIRybX3+DX4mGGAqhdLXabok2wW8U/haME/ZY2weIeFe2WDnW5t90D+dXDBeg0or5c8hrlpyozt21hp10lSI3wlIZS9btU4fTBTvgZriC2so86I3cdcm1pHoFr8ZEm3TPwfGOhZ8f/XoKg6CCG1j44Q35MZenkYPoz30fwC4OdoOW2EGqgjLueNs3FT68QF7k7OD6muIgcYChoaCmz7rf6/rebfDNFcIMiKbi2jvaZlc+IwutloGifpq9QClaZr/ciMbPIgA==
+olayan.			86400	IN	NSEC	olayangroup. NS DS RRSIG NSEC
+olayan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0BT8L3JrxrCSpvWiewjmKlzKfTM2GTQSeo4EkhCtP67dbblTczDB8agVlvGDD7GX3SXNRvQg7HtGGPdU/Lxv+bXV0u7OHdEwgkhNElve9SmKvUwbhR5Vvb9M3b8cYz0Z0W6E7wX8kfvqV/v8yqem46jHsQFOhw/yTkWBIkTS0tqfbK6ms9XuSdJSgXpYO22ystwKn/BqEyUyEnTv/mCmLbS+J2CBRQFSJADI/lcesKkInGWX5kJEELp64hAey7QRJ7l+5VOkwPkUfHd3gmqAZTV76NOLeKNs7qkhf41sBU64Bi6cNo44oMuRsIp1TUxxBT94q+oDblgQ99Ooe0zq0Q==
+a.nic.olayan.		172800	IN	A	37.209.192.9
+a.nic.olayan.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.olayan.		172800	IN	A	37.209.194.9
+b.nic.olayan.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.olayan.		172800	IN	A	37.209.196.9
+c.nic.olayan.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.olayan.		172800	IN	A	156.154.172.82
+x.nic.olayan.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.olayan.		172800	IN	A	156.154.173.82
+y.nic.olayan.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.olayan.		172800	IN	A	156.154.174.82
+z.nic.olayan.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+olayangroup.		172800	IN	NS	a.nic.olayangroup.
+olayangroup.		172800	IN	NS	b.nic.olayangroup.
+olayangroup.		172800	IN	NS	c.nic.olayangroup.
+olayangroup.		172800	IN	NS	x.nic.olayangroup.
+olayangroup.		172800	IN	NS	y.nic.olayangroup.
+olayangroup.		172800	IN	NS	z.nic.olayangroup.
+olayangroup.		86400	IN	DS	6919 8 2 44A731318AA7D54EA4F18178AC0EEE1DE541334C36F9917BB6249F41895D774C
+olayangroup.		86400	IN	DS	12544 8 2 B8A9FB54EAA15AD63B37CA39A06E8EC0052D61D51A8D26D5A825F81C2E1850D7
+olayangroup.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aBpCIWWmTu/l9v1TmEbX9RCI5eP+Wg5vepaKc1mFhMxQgFcz13wrwAcCGEljkuEDn7VGCPZsMvELVSfEGhaIWc/s0LEUQDHOcbU2Vs76zILOqBukdefVn0aTOGWR72R5GnJpEIdgmdaSspjkKHjlYGH63Acd74z94wGGjG4PJ68Or+bNwbL+aydLEgbb2iv53Tfm4jZzK8xue2RIhwz4VIU5i9GdzpEOp65pE6fG/MdgoR///oaZzPhY6WP1vFlaSOMaALjUxnVKvsgSo4hAf7D8bWPMgygc+KOHKCw0H0IZ0Q5c7gqM5BN+K72ZvQOWbImxCcL0T/P8+/XB/RAyzw==
+olayangroup.		86400	IN	NSEC	oldnavy. NS DS RRSIG NSEC
+olayangroup.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mQfp738P/sJZA8dzrLYyfzjaHw+d/eqaVMgj+1+O83KCc3RY0VSW+c7xiqvM68iZx6GGL0uTH1aimRPe4PkjG22f25ysrfZL5YJ5E9enPCaVz5C3wyVt7YACNohkjqB4FLe6m1uo64A5/epmtJG99rl/fQrDzlzumvbkfOBnC3yXzzNXaDBEURmS0D8oMdSwL5w77fl4WRyqLVDG9xgjix00H8v/XELSjW8R8caonakMgNAiK3FoaKiFug1iyH7vDg8ASxeE3Xk1OhLkAb9hxMy4f2a3yt/Nz4EscS7Gy3aGXMNDn8mOlhO4MhLJP0dinUQ1QxgsdB2FuMcNKv5JuQ==
+a.nic.olayangroup.	172800	IN	A	37.209.192.9
+a.nic.olayangroup.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.olayangroup.	172800	IN	A	37.209.194.9
+b.nic.olayangroup.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.olayangroup.	172800	IN	A	37.209.196.9
+c.nic.olayangroup.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.olayangroup.	172800	IN	A	156.154.172.82
+x.nic.olayangroup.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.olayangroup.	172800	IN	A	156.154.173.82
+y.nic.olayangroup.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.olayangroup.	172800	IN	A	156.154.174.82
+z.nic.olayangroup.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+oldnavy.		172800	IN	NS	a.nic.oldnavy.
+oldnavy.		172800	IN	NS	b.nic.oldnavy.
+oldnavy.		172800	IN	NS	c.nic.oldnavy.
+oldnavy.		172800	IN	NS	ns1.dns.nic.oldnavy.
+oldnavy.		172800	IN	NS	ns2.dns.nic.oldnavy.
+oldnavy.		172800	IN	NS	ns3.dns.nic.oldnavy.
+oldnavy.		86400	IN	DS	43291 8 2 C1B93F6A8AC42F2F15DBB3C74AF29E6F32E5A59D330F84E761A895ECA3371914
+oldnavy.		86400	IN	DS	61489 8 2 69B39A1FE5AD03F2A8494D74F48B0D7330E074C529F86CC1988456A8E2C83E2B
+oldnavy.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tz2b1jwKLDmG0r03SAogJF+ov4MnNg3zBb0Wc9SUrmMEtO0pcU0/DkUFazKZDpsZXEAxDyPwFc6GXDLPGTL25svnpfASoIZADmDmSqZJsGWNPBlcgO8Br7nb6lpmXt2jj+NL0/Uf5E+mY9NjKr9zskXnoUgG3W+j5knfsJDpodUhcrlfnxeQih783WAcCsdBTqgMZhLDba0Pqj+v8wf55oMXoGcRrui9XSqhFlpPuKv7U2pj4sm8x4iKiqMIWWq157oQ+h5GgKunF8qUe8vaqMu61Ri+7Zzfh77MHMjeHQbFNdgcG2G88H2+fG7tF4ekVljzeqMK/Kf5hSJG1KNjpg==
+oldnavy.		86400	IN	NSEC	ollo. NS DS RRSIG NSEC
+oldnavy.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q/Bz4JoOqzymilAGv0u5/1Q4Qy3Z9GdCt4i3/JxjOxia2g7QwTphCsbPIIJBBNSrvzUB2GbeDPxwZ5AxLClCAfCjQHlQ+EET+/lhz3PNq+CfcVsdN1lQxt6UPmuUXPZxRUFay/1+QcYX0lcKUPDqYXfotNWP/0mA7SjBiSVMp4t5sXtXwMVSUHNyjKh5xZNn2ZNbSKHaFsU+D7ZzyKu2zUjMwpgjpzE0eThq/HUV0L1TurTdhr0md1sRrajrlNacN8f8fDI0Ug+UIQAA9mbTqY7l06f1bjW/q0GBpqKdbq3zG6mdbElRfBmQB4kJYTBhwy+9JXLtF7tCP/xsNRrG2A==
+a.nic.oldnavy.		172800	IN	A	37.209.192.9
+a.nic.oldnavy.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.oldnavy.		172800	IN	A	37.209.194.9
+b.nic.oldnavy.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.oldnavy.		172800	IN	A	37.209.196.9
+c.nic.oldnavy.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.oldnavy.	172800	IN	A	156.154.144.127
+ns1.dns.nic.oldnavy.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:7f
+ns2.dns.nic.oldnavy.	172800	IN	A	156.154.145.127
+ns2.dns.nic.oldnavy.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:7f
+ns3.dns.nic.oldnavy.	172800	IN	A	156.154.159.127
+ns3.dns.nic.oldnavy.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:7f
+ollo.			172800	IN	NS	a0.nic.ollo.
+ollo.			172800	IN	NS	a2.nic.ollo.
+ollo.			172800	IN	NS	b0.nic.ollo.
+ollo.			172800	IN	NS	c0.nic.ollo.
+ollo.			86400	IN	DS	39565 8 2 63769A931A3EE95AFA940CC2D02CCDCC01BEF022B6445495AE8CB153E211B3F5
+ollo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . coSXH1mBPWEKbRcktdPptonnNt/mK/olm0CqvPJpymfr9X/oBrMd0nhfD6PVQSWAg5eRqycpMwvbJ9FYq7YTtWtp1Ohp0hU40aWOLNHfZLS1F6S3P1z0xWAkpteqrkgueWd8kNV3yskpInzuxqnisy2BGoGVKhF4Mu1jaC1R1O49a8Pq/nxw/fa/vxrpoUW0d5Of+44IbWyimtZi+5lCu10LTHaqU7K/1fqEyQdDId9IXNB7l9AJiJQz+yduDEtv863Wd9ogGzcQSW+BNlRGpKJwlRTqF9ByNMrBluJ1+0jUHPN3brStIZmeDhY7qOOEV+4fIpEBWpepDRMHzItEhg==
+ollo.			86400	IN	NSEC	om. NS DS RRSIG NSEC
+ollo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l5m9GUNRvo8R7xiXVreiL2FtOb+g+k0NGuyEYnNaWBrvQ4SIgVLPHzp4whq/RCb9tkf29TJhgme10CZERPHLZ9bqpAyWYvMv+JwmAprILQPeU/US819ES/JMPCmzOCE8E1mZfKxQePRzP9CtBReVvlt2k4DvSImznnkdoP4q23+7TT3A5YB4PSl26GaftuWhHOYhM3RAwnNNG35FVhInUPSvxW5gB84/F/7r57kcDOzqhw8rjbLNubFvYii0GFSKpLfaq/52MrrV5wJKMkxFpu+Kso/VKeoc2ENlcf+DTHkm/pH+L1B91jynKUwrj81IydtFj3fDpSmkRYESu/MSsw==
+a0.nic.ollo.		172800	IN	A	65.22.96.1
+a0.nic.ollo.		172800	IN	AAAA	2a01:8840:5e:0:0:0:0:1
+a2.nic.ollo.		172800	IN	A	65.22.99.1
+a2.nic.ollo.		172800	IN	AAAA	2a01:8840:61:0:0:0:0:1
+b0.nic.ollo.		172800	IN	A	65.22.97.1
+b0.nic.ollo.		172800	IN	AAAA	2a01:8840:5f:0:0:0:0:1
+c0.nic.ollo.		172800	IN	A	65.22.98.1
+c0.nic.ollo.		172800	IN	AAAA	2a01:8840:60:0:0:0:0:1
+om.			172800	IN	NS	ns1.registry.om.
+om.			172800	IN	NS	ns2.registry.om.
+om.			172800	IN	NS	cctld.beta.aridns.net.au.
+om.			172800	IN	NS	cctld.alpha.aridns.net.au.
+om.			172800	IN	NS	cctld.delta.aridns.net.au.
+om.			172800	IN	NS	cctld.gamma.aridns.net.au.
+om.			86400	IN	NSEC	omega. NS RRSIG NSEC
+om.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mvzmNMJYqKDSnjS32Cdkvaor/l3NfMZOYjKFz6SGPY4b5Alj8C0rJ7EPKfWrGtu8cCMSFF4PN9jaWFzrzuzP2QUypyCs9GaCBqPx1/raccZzVxAwY2RqBQoOomynoxLsULmUmnuESwvjtXi/j5wjH2VgCZlwA84FBkfLrlRDfzh6Tiq9Ec0ZGpjHE26B5IMLv+hDYXckcUHZa1+IFg21p1iDC6yX4W9mIXPbiyjyDVBVwIN3zRegDB9SIe6IIsIPXmhp6DWCODwtem7mezSX4ZhH2azH5vFykSkLh5ajZbKHpEeWlsKQT5ZZ/i6+OKb/vWrWQ/4AXDDHBtbIcgMfhQ==
+ns1.registry.om.	172800	IN	A	185.27.88.50
+ns1.registry.om.	172800	IN	AAAA	2a00:9120:1:0:0:0:0:50
+ns2.registry.om.	172800	IN	A	185.27.89.50
+ns2.registry.om.	172800	IN	AAAA	2a00:9120:2:0:0:0:0:50
+omega.			172800	IN	NS	ac1.nstld.com.
+omega.			172800	IN	NS	ac2.nstld.com.
+omega.			172800	IN	NS	ac3.nstld.com.
+omega.			172800	IN	NS	ac4.nstld.com.
+omega.			86400	IN	DS	4269 8 2 439D91ED221DE512CB04F3A7218DB1B019340B8D6228AB73DEAD0DF30AB5CF7B
+omega.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SwEeWESs6TdHDJj0eUGYoeO2Icv47O5raByW/EYF1Qe0x0unLZ394dG5EZmlkJhMnl0JqmpYqlGqzDiZ6/NmcKF5ok88i2D61nPBsi0UbjvvUDXlNbDX3flS8X+IM3WW7KOD2E3/LIkmzAqdtGzI1W8S4tc8/GSBbT6OYoUAhfymyTXe8I7D9zIA5rBrLfr5Lftsm//U6X26HLlk7cw6uhUyddY5ems6jsf1xWQhKGpdWSjqaJRbGk255uyOKvPmwplRcvMhJwAhgbsVn6pq2+OhL41H6W76dAzq4lrmHnptLZS05bXx73CKBGv4gv5aNivAzoy9d2NKX0btlMkF6A==
+omega.			86400	IN	NSEC	one. NS DS RRSIG NSEC
+omega.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uEUsBQp+OLiBN/WADJV4eDqOMCz1EgOVVkxRymS6tLaUncbSHL/24j0AZ/44bhfzZY01Te8YyUMWR+fjw7AZ6as8/aFN/6k2yU8ceern5yR8rEPshfFnNdFRxFSL2yy5ATQGoohi0Ds78VKOsogpluwGPr/HI0SDbzR9meDermqaf1C1K6yMf6BQaAcN7Ge9mO2c8r9gOEMh2fAKMcovoUXipR7g/CioG/PdW0t+RKN3+CMLRkzk9wnWCsVaw2nsq3CWmAUFFT00VAWP3AaKAzI+A+zs26E4L5XzJ7sD2cdAuUmIGQ4dqBd6FMa7h5hVXPg9NVRJxMEljp6+GXjJlA==
+one.			172800	IN	NS	a.nic.one.
+one.			172800	IN	NS	b.nic.one.
+one.			172800	IN	NS	c.nic.one.
+one.			172800	IN	NS	x.nic.one.
+one.			172800	IN	NS	y.nic.one.
+one.			172800	IN	NS	z.nic.one.
+one.			86400	IN	DS	56899 8 2 C28CDE2F5E88289C26584A4E6871B41E0F0C2D5F7F2DF2906E8FBB275AC4AA68
+one.			86400	IN	DS	64939 8 2 32961F5F8CBFC0A1714EB5589E9CB54E83E1340380B5D76EAD661D58EA55DE9D
+one.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nTHcwF0Q1cmAhpNvImTm3RjnbRdrRlHC5+h1wovaZ7xT4scufSKFPY5pXlPgXNc1bCQo4dOJD3vY3iYVXoZ1T8VXTf7k1rE7CPbPcMeT160/oyU1SD5dnt0msznF5BwiUk+QtBGgIB9vgPS60QFIDluRy0QhMlVPOJLHo3XWuKGSPdDF4avgx6lAlk079/wJlw5ivnAFdy+L4fh09Pu1KhHG6P1EtOWrYRp54lavAnKAJWiQUZ5XpXoFnoZmMpUs9aavjQrXRIR1vkcItBm1XCnkPgHopfWRO523DajMDaT4ek9qPll+GkYUl5l6o37jQTJoWZrao5jVIHqQZed8mA==
+one.			86400	IN	NSEC	ong. NS DS RRSIG NSEC
+one.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d0LGSE9yJE0i0fjl8gEN8qcR2iRKxFiEyaxexyAhUMaLyVRUYXFwiXMMNGlNfhAbIfVxh39odkLxKEt+6BJLSo7cZuVAHF7xDtgs2Bt4bVu+CRrCQScBVv6EG3fZrOtlwM6c7z7qYklhW5rMLpisN2OgCj4tZ8PmvR/dnHXcGOi4P7nU78Z3dahk7s3Xue+vFhJNfRwcLZbo0kz2f8io5L0rdZxnLy3V+Bgh5Rb1mJZ8R1hyriKZfxzEtJI3mOBJJOcl21YZwDvdJBLDS8gPswIOk0XUeegEKBeyX0+2wjTwsVyVQ8/HwJuHrf4TFnxRuM2b4JL8AWBLrC5a0TKX6Q==
+a.nic.one.		172800	IN	A	37.209.192.9
+a.nic.one.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.one.		172800	IN	A	37.209.194.9
+b.nic.one.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.one.		172800	IN	A	37.209.196.9
+c.nic.one.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.one.		172800	IN	A	156.154.172.82
+x.nic.one.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.one.		172800	IN	A	156.154.173.82
+y.nic.one.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.one.		172800	IN	A	156.154.174.82
+z.nic.one.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+ong.			172800	IN	NS	a0.nic.ong.
+ong.			172800	IN	NS	a2.nic.ong.
+ong.			172800	IN	NS	b0.nic.ong.
+ong.			172800	IN	NS	b2.nic.ong.
+ong.			172800	IN	NS	c0.nic.ong.
+ong.			172800	IN	NS	d0.nic.ong.
+ong.			86400	IN	DS	45685 8 2 535CBA6CFB082FFCCE6584C2958DCBDF706A21DE784096A2738B3ACD8D643032
+ong.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cRb+WPBhOdOX+sirvmVJX7PgeYHi1/w9J4Fnm+LRJeK4c2Td7f7dGpCD6TTzW5vqVMKa1E67B8PoIgmf6BYvzy3qRWdQRT2wJtszAT2jb1BnzKJLs5RHCzjQ/eJIR3kS+m7d0aAFn1tQTOF5S50UYCn+zb8o8Jrr6rJGCzQjHRLSD6SFTMcayAnwrz32VxyTcuSC6cyFSkomTET6GtYeG/gDbwrtCBZih/zPchZ7P9Ip2KGSmUFnYKZ9ZTQbS8vy81naoVBmG+k5q29qv7ivt17vRzLnuQ8lhejV3O8XVplYoZzxnRt0x28Y67sE6+/fLOtILFHN9I+o9sHKg9xpjw==
+ong.			86400	IN	NSEC	onl. NS DS RRSIG NSEC
+ong.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Gm3OSCvJD+trJF3LmSWOw5u+y/jglkV/hXQt0qzVkilwZhtBOLJVls7USyNUlOYqweuXutq3lRiMbDKTcK/Rw30sB+cKkxJdPE/xRtzfje3tWebxAaZ9UpTIuTqMt3VKPe44CMVCDvHHpkDc/8gdulIATMUA3YJz0ENlHWt+xv6k1Uy7pKOxioiB+n4yeUAkowLtIocQPPpm8qaWCeef23RuzhSYanCG/j4NSiwgRPVSoHMnsSbXr6rVYjvMtQZrAkE2txjxNBBlpRmDn+/3bCnHMQdh9Dkc0bgkwf1uC+V++sPyCfeB1raL9UjHfpc0FSmgnrHaapY4jvc83N1Rwg==
+a0.nic.ong.		172800	IN	A	199.19.56.1
+a0.nic.ong.		172800	IN	AAAA	2001:500:e:0:0:0:0:1
+a2.nic.ong.		172800	IN	A	199.249.112.1
+a2.nic.ong.		172800	IN	AAAA	2001:500:40:0:0:0:0:1
+b0.nic.ong.		172800	IN	A	199.19.54.1
+b0.nic.ong.		172800	IN	AAAA	2001:500:c:0:0:0:0:1
+b2.nic.ong.		172800	IN	A	199.249.120.1
+b2.nic.ong.		172800	IN	AAAA	2001:500:48:0:0:0:0:1
+c0.nic.ong.		172800	IN	A	199.19.53.1
+c0.nic.ong.		172800	IN	AAAA	2001:500:b:0:0:0:0:1
+d0.nic.ong.		172800	IN	A	199.19.57.1
+d0.nic.ong.		172800	IN	AAAA	2001:500:f:0:0:0:0:1
+onl.			172800	IN	NS	a0.nic.onl.
+onl.			172800	IN	NS	a2.nic.onl.
+onl.			172800	IN	NS	b0.nic.onl.
+onl.			172800	IN	NS	c0.nic.onl.
+onl.			86400	IN	DS	40711 8 2 2144E3A641835A0F4944A2BAB8DF4DD9EECC76A76C330690765966C1C81A2D78
+onl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . b22j+nguEbQfXswEFn3LbAxtNAxmUTAhx7jGmH7tc6eIUafkwxnTFyRcyuLdsGbA8RIeIumwymqPo8v3YTFmQL53z1XomwWnvx6eZ6/CvdrC9TY1aqjdUePxJcnzLo6wMEvJ0rU8AKAwg//3YQDNMkm5Cr6UXjIdIcSsBfBJ3tsTEJSlxXqyF0sdeWA9n2h2UGGkWi6ZTptH4u3+p2Y43kkb+lBSm1G2L96va2eZWA9WR7E/z00aASr1ODP9sigwYDeDF1hwm+cTP75h1k6AyrNoSgwuU86pX59NpTD/KSG7r4oc4weky2wBa7Ugd8CNT0+AhBj8UaWw14KfBCjLXw==
+onl.			86400	IN	NSEC	online. NS DS RRSIG NSEC
+onl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YRocBY1CNAWJyDM1xh1DMcep771VNHqLhqNZxxHs0fVvSpKwvAI99EgjcNlDtuu33x3WGVSRwi9rZOh73p14etxAEP+rfqzkXFIGCMFeEHber4sEA9SLx8mo0vsZMMS0QLmQB0G8KGpXAKCemU6REXkpOxaJhuP7lH4rQvWcdapdLGI/NTojtkVqr4amu3c+LspJPftDkAb+RG51tihOkF1oDuCUm3RYueTeAQEsuJqWSoODIwLIiwrQhu69ZAWOMKzXrapHVhBFSGvJK5hKmRZG1PFP/hvjhtMcJzd1RqvlYTt2jc5G7o9hatMipVJGy7BAPrjS/cM1czLjqBPvbg==
+a0.nic.onl.		172800	IN	A	65.22.136.1
+a0.nic.onl.		172800	IN	AAAA	2a01:8840:86:0:0:0:0:1
+a2.nic.onl.		172800	IN	A	65.22.139.1
+a2.nic.onl.		172800	IN	AAAA	2a01:8840:89:0:0:0:0:1
+b0.nic.onl.		172800	IN	A	65.22.137.1
+b0.nic.onl.		172800	IN	AAAA	2a01:8840:87:0:0:0:0:1
+c0.nic.onl.		172800	IN	A	65.22.138.1
+c0.nic.onl.		172800	IN	AAAA	2a01:8840:88:0:0:0:0:1
+online.			172800	IN	NS	a.nic.online.
+online.			172800	IN	NS	b.nic.online.
+online.			172800	IN	NS	e.nic.online.
+online.			172800	IN	NS	f.nic.online.
+online.			86400	IN	DS	4267 8 1 A038DA06A96AD8E9BFE2BA78C392FF7804B4CD2B
+online.			86400	IN	DS	4267 8 2 66D7010609CB19E99AD1DA2833DDAB8CA2E7ACC1CE870CC28D29E76EB53D39BA
+online.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ur0uNAveh2LpAZlklHM/0tkPfQchi6Lu53jnpzNs93XlzoM7JVPj0fnYoWhxJVM7f4YaqCDMhmAYDLvLPU06pG8DM183RVjD79TMzNGu2F9iiEVPMCmR2Lk1RUvmL6EsyqY5k4ArBKHqSv4Qp45lRMqjelj8Ue5gR7p/0ZchabtKo6I2hyLDr/QULdy8sBa8PazDgR09Xzu0vloqPIDrS33flzUQ3InJtWxDHt4Tkr98CF0jcIwOXWv/IqMI49bmgk2HE8nLFyS6FGzeVHygwjh5LNH9WwSAxAyOPqlv2aKRHL+toB2nxrHbkyssBahUg7gN+RJ1xYQ6fzP/KkEwAQ==
+online.			86400	IN	NSEC	ooo. NS DS RRSIG NSEC
+online.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nOYuEyfJaWvLCj5gX3vOg9OIZqwI3vp7EYgOOA3cWjJpGYcb9j9mo8HV+WpUE0K7qPcb4t8rY2OKrgimiTLkvTv/4i/Q9aG4DWX3vAexg7x2djjaMt9OoDl2dj28JBfwE2+G06NYZfIYEVpEtzEjCFDEwYeoh5SucAUp4jKV5eRaL257dmOOgwlBvZ/IY+P51Nomgp7QnCxW9POhPDsqKucNFzH9wDSBnEv7T+dH/ouwv05zegvsOIQfHLPW2+Q6XlN7uLt8fZC2FN/Vm1+sxzBobVzflxmME5H/3CROQQ1o7XGIPWE+BKhHk4aNY7s7UiTAWXjQEjm7pjPlPZm4mg==
+a.nic.online.		172800	IN	A	194.169.218.54
+a.nic.online.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:54
+b.nic.online.		172800	IN	A	185.24.64.54
+b.nic.online.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:54
+e.nic.online.		172800	IN	A	212.18.248.54
+e.nic.online.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:54
+f.nic.online.		172800	IN	A	212.18.249.54
+f.nic.online.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:54
+ooo.			172800	IN	NS	a.nic.ooo.
+ooo.			172800	IN	NS	b.nic.ooo.
+ooo.			172800	IN	NS	c.nic.ooo.
+ooo.			172800	IN	NS	d.nic.ooo.
+ooo.			86400	IN	DS	32919 8 2 2A406589BC010BBD09BB78E067DDE644946D1AF4389113341358CF135B6F4910
+ooo.			86400	IN	DS	41890 8 1 27DDE633B73DD1F2703C0A89695862B056A0D29F
+ooo.			86400	IN	DS	41890 8 2 F9807556257F226660B308490776B72FEBD70DFDE2ECD9E850FA1127B37C7799
+ooo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aIq3AAjbEtSWoQJxCPtjl0fNWef5PS6ch26+IAznt8klYH0PvNF+DZkmTEjyPz3pQzWh4SZr4Q/LMJZ6KlVPh322jJk2oq2N0LFB1HygjqVlhwj/F9vQYp0txyamlvME7U3+FpJxlgXE9RaD38qqxFSka/xkLCnT2TQFVvExwPZJWyd3YImPhQ+v+rSQlYFjwzWRR1mgv+jRq9D1l6Kc/Z3aqtGza5Z2xvjDlR3hd70PDknkJ8BMuygPj83tQMJFjAo/LqLJVIhSRTAmG6X5m4Z+PYG5aZqoKgtuHqTm2Mp416fGXJfE1T5RbhEH/hKUGmi6xB6NSVCOaakYAyOcaA==
+ooo.			86400	IN	NSEC	open. NS DS RRSIG NSEC
+ooo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KzzLhD+h8RlDS4RX6lYIeKbZv1RFXTynsPPKE2SWeoqi0pggDndfF5h9c7p0OVvVLtFGn37SDaGnVT46MSXlpwFo8HEAMaAL2iDm+XiMg5CuKTpKkyCdtOHcy+ZJ/zY/pqquG+NeHHoBsTwuaGg3qAF2pO5BiUjqSSMehwOSKr18ZwXwwRwrpsB7s34/HNbxzomHJBa9ZWjP88Kh7XQ3ya2OZOgnoTTWjIUGGF0zZLW8msiqvQflAZgE3s/Vnd44QIX/yVTNiJKQ89PzBlviN1QTVYLaElfbdnJGTTnDC+Ll1EKmHlPJDSBYgQuZusXDIrrcRTltrMQRSt8q8G3Mdg==
+a.nic.ooo.		172800	IN	A	194.169.218.33
+a.nic.ooo.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:33
+b.nic.ooo.		172800	IN	A	185.24.64.33
+b.nic.ooo.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:33
+c.nic.ooo.		172800	IN	A	212.18.248.33
+c.nic.ooo.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:33
+d.nic.ooo.		172800	IN	A	212.18.249.33
+d.nic.ooo.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:33
+open.			172800	IN	NS	a.nic.open.
+open.			172800	IN	NS	b.nic.open.
+open.			172800	IN	NS	c.nic.open.
+open.			172800	IN	NS	ns1.dns.nic.open.
+open.			172800	IN	NS	ns2.dns.nic.open.
+open.			172800	IN	NS	ns3.dns.nic.open.
+open.			86400	IN	DS	31069 8 2 62311A119E0F3920060A74F5347B9A7A3DDF121B060690AD92487970238D555B
+open.			86400	IN	DS	37351 8 2 A7C742AF4B9A5C8F40C652AB5438E4107599C7F5B052FBF6588FD1CD79C9CA78
+open.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F6gkZ4GAqg7FuGQYuCzzAvtj0xaEunQ6EIbAzlJ5T+Ijhd6+sxtZvVldAxq3y+r3BD4rgG7AI5F7WgSvPL88kixP9NCe20SYi8xbk1jwHto52pV6XtyIdXqhvn+IzWg8E9SA/dW3LQB4s8s6AOfbQHNJ0e75/l6mVbqMSV755qDQVaoyi3qiWyFk8F3pfZVjyyuz12t9IAefggy+nKZZ00aspwkjHjxD0fzGjxtCPuNa509Ac2Br4DmRx4Npf+rE6tAAJsQwN8LylM5XHSzjv1qDivDiH3l00HnFsxWh6H/vlNV0io2x7x7nRffdWJ2phqnIq8yAhmptfb1M0t320g==
+open.			86400	IN	NSEC	oracle. NS DS RRSIG NSEC
+open.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tjN1NUKLwJroveCIsgOaIjZTPH73fa/cBpMcrURpr8AWhCp5McNilwg11kGP6Cq6mT/5zrltAQUyw5WfTA3bo1sNUxBLMdJcDlCEeArMuSjad50pwzfgWjpBFC4UXS7P2B9y6e/sE4w6+lK3nZnuJXjR9XaqW7TfM9zNkr2DckFVO/DYTXzOAAYFpSF23nHNgEoR1Kthu9ukv5TOXH1bmGTvhzmUiHg6PTAEa3iFecZGYuo9zmHh+xxi1xCVCZEAeptzt3LWvHYvZ8yTx6gNXPTM11TlD1d/n86ju3bzb96lOjSqmtuKGOnt3p17w6JhQGBV8jLGKvOkppLpB1NMuw==
+a.nic.open.		172800	IN	A	37.209.192.9
+a.nic.open.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.open.		172800	IN	A	37.209.194.9
+b.nic.open.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.open.		172800	IN	A	37.209.196.9
+c.nic.open.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.open.	172800	IN	A	156.154.144.128
+ns1.dns.nic.open.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:80
+ns2.dns.nic.open.	172800	IN	A	156.154.145.128
+ns2.dns.nic.open.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:80
+ns3.dns.nic.open.	172800	IN	A	156.154.159.128
+ns3.dns.nic.open.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:80
+oracle.			172800	IN	NS	a0.nic.oracle.
+oracle.			172800	IN	NS	a2.nic.oracle.
+oracle.			172800	IN	NS	b0.nic.oracle.
+oracle.			172800	IN	NS	c0.nic.oracle.
+oracle.			86400	IN	DS	6291 8 2 9F74ECCB6080A089661309A8AE8F82146D0EE4CC7CA96F01F62AE47F76368F2A
+oracle.			86400	IN	DS	51169 8 2 43A2FD7B6DF137824C6EE5B145AD5FA8664600165EF0C9772B1D286BCDA63873
+oracle.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1K7wj20ofHWKbdKzDt1Mj6yRirnPKDglOG/XRrEj1bKnG2VjydHTLX3AH+wc9mGwMewvHr/ur78gVX2DnJXpUxKX9HfX6lkCAHh58FKUI2oq5GF6vjkHAN2h9g7WzHnLpG350JSfSciCYT21AoljAlvzBA//H0bk0RWlYPWXdKy1Thc1LjKEXjYkMeKiutV1/jI33JAcG6Bi09Kos84GZU3KB+jyvBGIybwV2yYLEc9AEfBC/shJqrvm+mY3+qswp6D8DP8gaswN/BDNEY7ljWSKNHdWr/6gs+LNIfLj7AMRKWGeVQNrdMzoJNkdxWzFMmPSHydzwbHM4zRjKZaY8A==
+oracle.			86400	IN	NSEC	orange. NS DS RRSIG NSEC
+oracle.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cliZDXjll+gWrgGqPz4KLBDkVstQk7VrLRIfEGlU2Jqw6PEr2w55gFoVJWKMMCOc7UqpYmWyHCmQdCColNNp3HfktHBxBv/9rw0V9eCVdkeVsxURYqzYNDX6G/YWWv+OdS3gBhN5Z6mo9vc2eWedKB1uMj5rybOx1x3xYXFUae2ID2fYi1/A4UZ4U/EFFrRXzxIJrvjKNPSkfkcD8wEd7m3KLHOgeP6zQ39br/AzqrvlBMK0qo0baBoMvraDuZlKJHtz1gr94DOyCk8bPhAaVxoDtAGxh/htX3KikyI0mA0mLlT8H5s+3XGsycS5GrFAzHr3i1CCqWWT9LDmFkk7Bg==
+a0.nic.oracle.		172800	IN	A	65.22.84.25
+a0.nic.oracle.		172800	IN	AAAA	2a01:8840:52:0:0:0:0:25
+a2.nic.oracle.		172800	IN	A	65.22.87.25
+a2.nic.oracle.		172800	IN	AAAA	2a01:8840:55:0:0:0:0:25
+b0.nic.oracle.		172800	IN	A	65.22.85.25
+b0.nic.oracle.		172800	IN	AAAA	2a01:8840:53:0:0:0:0:25
+c0.nic.oracle.		172800	IN	A	65.22.86.25
+c0.nic.oracle.		172800	IN	AAAA	2a01:8840:54:0:0:0:0:25
+orange.			172800	IN	NS	ac1.nstld.com.
+orange.			172800	IN	NS	ac2.nstld.com.
+orange.			172800	IN	NS	ac3.nstld.com.
+orange.			172800	IN	NS	ac4.nstld.com.
+orange.			86400	IN	DS	44385 8 2 54957BDF3921CA2D50BB340E042605F8D39EE91CA2A08A37424CE88882C4FE1A
+orange.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0M9qbxp4RcnAikJ13Kf0gcoJiSagMulg59Ck8wfPz2y5Cw4kIuYOOmKDTPXYVfmpkFMI5FZJZebv490j4L6J4muUxbr8RMlEuXClIZKJlNXE9en83leTLQr+WX31tV8NWy8LPODHqV2Ty3xAIR4TVvn3P44K6SSQi74wuhGnm+Ucfrkldg4fKxq6Frrz/NTY1tDWYgrPX6KOCI8xTLgtbVWBPcFtLvuPr092hv7goxOgCZCWSRSD2LEFhJhFeq3viqhwGpsyNi2RCpxFYabOBpd3q60ZGfiMrmI8+0M8dm5GTPX3Ygb22s5PFdBiFdn58nlRsSQ7s71qnHgo/fDwmQ==
+orange.			86400	IN	NSEC	org. NS DS RRSIG NSEC
+orange.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qFjMrhbCQ3/aWQpiaFsN+bUef3mqNFsI5WdaGtWp4ytszTvlZ3Wu1IviInFMpU7VIvpbOGmAJEtnk5W9I8LSFTsLK5UiF7XX2CgNHKVRJDUoMnUdpsUzkB+HkzGFzjY8cgIWJBeBynC5BkdnrRnBEKvWMq3ynLo1HSfDCwMdQ0rdCgcKY/iFfO0m2g5MxCC0zCPBN/P0Jt+U0AM/1NAWl3UequT0b6jQo0dhTpK4tTy0gSoEfCdMYdu/SfBlmNdBJ4fQ1gnHt0aPV1fYpU6XaG+AjTi9OUKerPLYoCXaMM8FWojsnXkCo4+yVyI8q90vnAoZwPrAc1ektPRc9rphOg==
+org.			172800	IN	NS	a0.org.afilias-nst.info.
+org.			172800	IN	NS	a2.org.afilias-nst.info.
+org.			172800	IN	NS	b0.org.afilias-nst.org.
+org.			172800	IN	NS	b2.org.afilias-nst.org.
+org.			172800	IN	NS	c0.org.afilias-nst.info.
+org.			172800	IN	NS	d0.org.afilias-nst.org.
+org.			86400	IN	DS	26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D16E1DE32
+org.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RMU0ubR6ZXNGyCOe0fq1wn6OC9jptsOR5WzLCBU4ur6QrzqNuG49jNTENEuks620T0nh2wumrcRMd9qe/eaJkGPzMl2IrN6ioQAC1fI9vyUDyvGQ3hXgeE+2ixlLX808dER8/FvshncUD+tR44Wb44YOfm/nYp7MYKEk+5Xwck9U+Dbk6ADLoTvq7qtbvLBmj52Iz5nAiyDjX7x2xTGzqsVoG5gQwOJNOOwYzwqgW2uPzOJ7D76fZYs47ei4kY6HLYa1OUc4eGdB4//6dPrVZnokKSuVvHyrLyNG9W0qYbxiCfp1oiIVlmAsYgGZIaROQt4Loj3dzyF5lIaB4M9g1A==
+org.			86400	IN	NSEC	organic. NS DS RRSIG NSEC
+org.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dIRbqEbrXs0ax1WLq1xaD242FZ2Uy4y4FH1ND95GxjWReJtL3c8q0qmsaI4Rx1QTtc7PmT7FffRBh8c4W975qP0mwz/iol+2OVWcjlN4VU/DteixuVtufxGqHfKwOEDQBlNuqF+ftD+CzprNntLFD1inIBGs8kePjNQ0kVXCC697V08o0vlkGO2npvV9oz8jlW3X/3LTwQFpzJUPkTFjYzA7rIn799L8Euk+kxnIjxFEUJ30XIENX/o+uRzxS3U8qnK3fFfIOJpyuvgOdtdfesqCFsXRzXqxg1n9BH4Mb3vWcyENvIBT2tPnQJvCWADZTt3pEAlmpXHvuge5zQj4XA==
+b2.asia.afilias-nst.org.	172800	IN	A	199.249.122.1
+b2.asia.afilias-nst.org.	172800	IN	AAAA	2001:500:4a:0:0:0:0:1
+b0.bm.afilias-nst.org.	172800	IN	A	199.254.60.9
+b0.bm.afilias-nst.org.	172800	IN	AAAA	2001:500:26:0:0:0:0:9
+b2.bm.afilias-nst.org.	172800	IN	A	199.249.124.9
+b2.bm.afilias-nst.org.	172800	IN	AAAA	2001:500:4c:0:0:0:0:9
+d0.bm.afilias-nst.org.	172800	IN	A	199.254.62.9
+d0.bm.afilias-nst.org.	172800	IN	AAAA	2001:500:28:0:0:0:0:9
+b0.cctld.afilias-nst.org.	172800	IN	A	199.254.60.1
+b0.cctld.afilias-nst.org.	172800	IN	AAAA	2001:500:26:0:0:0:0:1
+b2.cctld.afilias-nst.org.	172800	IN	A	199.249.124.1
+b2.cctld.afilias-nst.org.	172800	IN	AAAA	2001:500:4c:0:0:0:0:1
+d0.cctld.afilias-nst.org.	172800	IN	A	199.254.62.1
+d0.cctld.afilias-nst.org.	172800	IN	AAAA	2001:500:28:0:0:0:0:1
+b0.info.afilias-nst.org.	172800	IN	A	199.254.48.1
+b0.info.afilias-nst.org.	172800	IN	AAAA	2001:500:1a:0:0:0:0:1
+b2.info.afilias-nst.org.	172800	IN	A	199.249.121.1
+b2.info.afilias-nst.org.	172800	IN	AAAA	2001:500:49:0:0:0:0:1
+d0.info.afilias-nst.org.	172800	IN	A	199.254.50.1
+d0.info.afilias-nst.org.	172800	IN	AAAA	2001:500:1c:0:0:0:0:1
+b0.mobi.afilias-nst.org.	172800	IN	A	199.254.56.1
+b0.mobi.afilias-nst.org.	172800	IN	AAAA	2001:500:22:0:0:0:0:1
+b2.mobi.afilias-nst.org.	172800	IN	A	199.249.126.1
+b2.mobi.afilias-nst.org.	172800	IN	AAAA	2001:500:4e:0:0:0:0:1
+d0.mobi.afilias-nst.org.	172800	IN	A	199.254.58.1
+d0.mobi.afilias-nst.org.	172800	IN	AAAA	2001:500:24:0:0:0:0:1
+b0.org.afilias-nst.org.	172800	IN	A	199.19.54.1
+b0.org.afilias-nst.org.	172800	IN	AAAA	2001:500:c:0:0:0:0:1
+b2.org.afilias-nst.org.	172800	IN	A	199.249.120.1
+b2.org.afilias-nst.org.	172800	IN	AAAA	2001:500:48:0:0:0:0:1
+d0.org.afilias-nst.org.	172800	IN	A	199.19.57.1
+d0.org.afilias-nst.org.	172800	IN	AAAA	2001:500:f:0:0:0:0:1
+b0.post.afilias-nst.org.	172800	IN	A	65.22.1.1
+b0.post.afilias-nst.org.	172800	IN	AAAA	2a01:8840:1:0:0:0:0:1
+b2.post.afilias-nst.org.	172800	IN	A	65.22.5.1
+b2.post.afilias-nst.org.	172800	IN	AAAA	2a01:8840:5:0:0:0:0:1
+d0.post.afilias-nst.org.	172800	IN	A	65.22.3.1
+d0.post.afilias-nst.org.	172800	IN	AAAA	2a01:8840:3:0:0:0:0:1
+b0.pr.afilias-nst.org.	172800	IN	A	199.254.60.17
+b0.pr.afilias-nst.org.	172800	IN	AAAA	2001:500:26:0:0:0:0:17
+b2.pr.afilias-nst.org.	172800	IN	A	199.249.124.17
+b2.pr.afilias-nst.org.	172800	IN	AAAA	2001:500:4c:0:0:0:0:17
+d0.pr.afilias-nst.org.	172800	IN	A	199.254.62.17
+d0.pr.afilias-nst.org.	172800	IN	AAAA	2001:500:28:0:0:0:0:17
+b0.pro.afilias-nst.org.	172800	IN	A	199.182.1.1
+b0.pro.afilias-nst.org.	172800	IN	AAAA	2001:500:c1:0:0:0:0:1
+b2.pro.afilias-nst.org.	172800	IN	A	199.182.40.1
+b2.pro.afilias-nst.org.	172800	IN	AAAA	2001:500:e1:0:0:0:0:1
+d0.pro.afilias-nst.org.	172800	IN	A	199.182.17.1
+d0.pro.afilias-nst.org.	172800	IN	AAAA	2001:500:d1:0:0:0:0:1
+ns3.asnic.org.		172800	IN	A	213.248.223.254
+ns3.asnic.org.		172800	IN	AAAA	2a01:618:407:0:0:0:0:254
+c.ci-servers.org.	172800	IN	A	194.146.106.86
+c.ci-servers.org.	172800	IN	AAAA	2001:67c:1010:22:0:0:0:53
+c.dns.flexireg.org.	172800	IN	A	195.253.65.6
+c.dns.flexireg.org.	172800	IN	AAAA	2a01:5b0:5:0:0:0:0:6
+ns.icann.org.		172800	IN	A	199.4.138.53
+ns.icann.org.		172800	IN	AAAA	2001:500:89:0:0:0:0:53
+a.lactld.org.		172800	IN	A	200.0.68.10
+a.lactld.org.		172800	IN	AAAA	2801:14:a000:0:0:0:0:10
+ns01.trs-dns.org.	172800	IN	A	185.159.197.3
+ns01.trs-dns.org.	172800	IN	AAAA	2620:10a:80aa:0:0:0:0:3
+organic.		172800	IN	NS	a0.nic.organic.
+organic.		172800	IN	NS	a2.nic.organic.
+organic.		172800	IN	NS	b0.nic.organic.
+organic.		172800	IN	NS	c0.nic.organic.
+organic.		86400	IN	DS	22474 8 2 5803FBC9F1FC0D4AA172DC24F6B2B099F18DC13E04CEE7F605777D798A3A812F
+organic.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eLSiUXBB9j/KziEQl4GjXfQaDEcioUbyHaJkYjTC9dSg2bfNSP1aO1M4msR5dv9RSibtUhb2silGbpCSBLoq9Mk5GWmW7/dS8/6CFedAcHnHmKFhIrSlzZ2GHGXK8V8NhMrVsTVAJOK52/d9JYlg0CXceng8e6Tzggi+G4n9iHqbvWg7DNyvtxaWFPbgyH+AA191uTm94OK5WzFV6ifW+E9YsJ4Z1RABrdQQxP2qkaB9kfVxM0w9Uy3fmcrXCUxRcPHkucg/bNrTGM0vHzV+Ubfav3AXGMHeIjJzkmvagRYyoC8pUN1a0d9VK3oai/TaELufD9x5PN6rwY8HCLwU6w==
+organic.		86400	IN	NSEC	origins. NS DS RRSIG NSEC
+organic.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gBlmWIn4xpZqAU/8/saXXCtdGge25oMMhpPaHn3k8/A/oqVaMz13ODRsnGuWcg1GbHr5sNx6NbfBdflvFi7CM3NorWTHw46H0oMZzVzQ0xQGLvrtJExgsWPDSftIvkwhjle5eXoAkU+cptDaAr+ds85CPysYjuqNOAMK1NHMRsFjkKGtz6O1AaKqbd0D80JwD8yfJNpCoaqDdynVG1zLEZfiE9Rwuo92N20zq0CTjbXmKS/gW7a0SmSRRZZgH84ye6EKnlXRzaq1uNkjmsrL7TqIucVPwfs08vshpjzfeYFSzmzkcicsHzvqwzP65kA+jCbrSwEAsi1IniZlA/JWoA==
+a0.nic.organic.		172800	IN	A	65.22.20.40
+a0.nic.organic.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:40
+a2.nic.organic.		172800	IN	A	65.22.23.40
+a2.nic.organic.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:40
+b0.nic.organic.		172800	IN	A	65.22.21.40
+b0.nic.organic.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:40
+c0.nic.organic.		172800	IN	A	65.22.22.40
+c0.nic.organic.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:40
+origins.		172800	IN	NS	a0.nic.origins.
+origins.		172800	IN	NS	a2.nic.origins.
+origins.		172800	IN	NS	b0.nic.origins.
+origins.		172800	IN	NS	c0.nic.origins.
+origins.		86400	IN	DS	25234 8 2 5290155E291FBA766EB200F5E95AC883BABFBBFDA64F5AD243068C7C8DC6019B
+origins.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VWqSOcwdGGjwIlmxvfAZz/r1TegwCoQEEMCKTIYtbuEC1SilX/2VRNVC5ZAvVJalqORQW31kt4IqNDNHexdqGkYsyT9SQ7NLpn/MDfGTZd967uKBTz1vDnRdTXOG7XZsw7QPSjPXQSJK0WJVVJU+vIX1+xWK1nyivwFOq8i3HTzvmE6ZJ7elED1Pr/r8UpP7ZX5yxyHoaMd43g4LIioF7cBQ05fwnvxXuspibLVhPmI0PMyBoLyY+IAlETQ6pAW+SGoXdv3v4ZCrCYKkdK7beJkxljqsMwv1YppbkS+DtO23zBOm2c522ZylQlh/3DtQtWWuMrJddbxaEbC6DUdVLw==
+origins.		86400	IN	NSEC	osaka. NS DS RRSIG NSEC
+origins.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1IAqUbjtOcmVWe35buRVhEKCx0q0ja34TRl1vWMkX8PmoZ8mxhWFcLmdV+LFq9cJiOz3tW23uByqHYY3qe57h8bPTQ5AExNZm6Z2syDT1A6ymSFt/X0wQ5H6II1fJfwqI127djw1ux+eGB5QWJkyJC03VGobKrNNaZXbX1UoE7zf8UhekDiqMozWXN5Jt0oy+aCxDt8+/h9PTlwwyggIJNoDfsUvg+sQx3ctalpLHVuyghHmpzP6pVZ1J0FlJt5EErhW3T92Qn+aXmGVRDU30YAlcwGexQgJ5FEnU/JGvcRBC3eaM8FtmT3AClJEThQKvF31NCfoQKuqXoSpGwVD5w==
+a0.nic.origins.		172800	IN	A	65.22.52.33
+a0.nic.origins.		172800	IN	AAAA	2a01:8840:32:0:0:0:0:33
+a2.nic.origins.		172800	IN	A	65.22.55.33
+a2.nic.origins.		172800	IN	AAAA	2a01:8840:35:0:0:0:0:33
+b0.nic.origins.		172800	IN	A	65.22.53.33
+b0.nic.origins.		172800	IN	AAAA	2a01:8840:33:0:0:0:0:33
+c0.nic.origins.		172800	IN	A	65.22.54.33
+c0.nic.origins.		172800	IN	AAAA	2a01:8840:34:0:0:0:0:33
+osaka.			172800	IN	NS	a.nic.osaka.
+osaka.			172800	IN	NS	b.nic.osaka.
+osaka.			172800	IN	NS	c.nic.osaka.
+osaka.			172800	IN	NS	ns1.dns.nic.osaka.
+osaka.			172800	IN	NS	ns2.dns.nic.osaka.
+osaka.			172800	IN	NS	ns3.dns.nic.osaka.
+osaka.			86400	IN	DS	49957 8 2 7E2477A5BCB64B013BA654F6EFB43C6478DC172D05463CD8C43C2DD7187E9B2D
+osaka.			86400	IN	DS	50221 8 2 90146B6E89FB883144F08A93233F7265086D9E43728EE1C2739F5C3B6D00F9FC
+osaka.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t597VtcsUuC2qJeNLVi0j5CJkhl3VIPt1nQoxIZ4j/zqrbhREmUBVY8+FAgOh6tbECHX3eff7UQDfJLoPP5ThJMpx1qpC2rIT1lrS8HX6UsOVtaA7lffvGO4yBntn051nQ2wUL1jgh+59TQlyi25WZ6YJk6H9040lYgxO6nU9XCgWF1q7Eb5F5oDzLIWTCuppOiCklAaQ31Nc9zT4VXWU4AuyolLcpeFnR7NGAo54wCToPU8GzBMzqQmdlx0++yT4FNsBGweDh/S3Dknz4eDDYEDbOKXoNF0CfNS3xLRDWDDZtUGKXezOx0AeuPr2T/a9ksp8x+s3eiHsuMRf3MwwA==
+osaka.			86400	IN	NSEC	otsuka. NS DS RRSIG NSEC
+osaka.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Be332wRsxt5GSqe5mkCd7xQjxwstTroi1t3Wj5hg6mgsu2YoJPo2hq0VuRYBO3iMMvIeo3wCgQqA3rWyEved99DwjUgGQHMmRdlcdHVk1saY1VZ3cywqowEL/Z4JHeip8Hzb2XB2U4nNsFHJfhlvrc5G7pufNr1numRUMeNV+3+xzsbnemmqk2SJrdX8H5gqPmXx95AA3crINEbP8+vrrELeZ1lvyA3Mcw4jrJuTHi6v1ZpXSkM5n6vWrKAaqaRMfSbfafGgxMH7/PxM5bEKvv5RmIjZiQV1HGogHlzIwyTdnT6X3hipgwA0ncz1lg4Sbrc1hKCT97MC6Lf4oAlEoA==
+a.nic.osaka.		172800	IN	A	37.209.192.10
+a.nic.osaka.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.osaka.		172800	IN	A	37.209.194.10
+b.nic.osaka.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.osaka.		172800	IN	A	37.209.196.10
+c.nic.osaka.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.osaka.	172800	IN	A	156.154.144.130
+ns1.dns.nic.osaka.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:82
+ns2.dns.nic.osaka.	172800	IN	A	156.154.145.130
+ns2.dns.nic.osaka.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:82
+ns3.dns.nic.osaka.	172800	IN	A	156.154.159.130
+ns3.dns.nic.osaka.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:82
+otsuka.			172800	IN	NS	a.gmoregistry.net.
+otsuka.			172800	IN	NS	b.gmoregistry.net.
+otsuka.			172800	IN	NS	k.gmoregistry.net.
+otsuka.			172800	IN	NS	l.gmoregistry.net.
+otsuka.			86400	IN	DS	1147 8 2 99FA7BA5260C1C400FC5D65616FD3D796A6AB5AEA557314CAB10392DE8FC90B3
+otsuka.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wmJlBln+MGvn/2iWT5GLZ8ARhgdJajdYA1ti8438Uk2E3Xi/GwSJQhlT3WmfPmGm+mIwe/iSN3j1Q5vAfAH9QWozigiXi6Ak84M5f1KnTdxVqZCxYJswEiL9jDk28s4tcuNQko0+G1V5jyLRJ5j4QMkld8Lfcx2kIyKPzYCdCPR82mbH5GzNH244rkWSmH3m5IFyIgy9XZ5V3ygMAJ/Hu/g0RlgG7o9VEqUSOM6AzwbJQl2b6JmPVMda1KhoPR+jWu27Ee8Wt0SagYFDGoMPzFlqlhHe3GN5j67wdQzx8HG9xT4gquVy819qIjUXeCgQx5Dsk65ZrgBaj8k68lcsbw==
+otsuka.			86400	IN	NSEC	ott. NS DS RRSIG NSEC
+otsuka.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jMoayH6mKKIs6YNDWJeyQOAcOYnVnHbtTGvd+oGROyy6fISTJ9ckI1iv+15+oUGt+g5O3s1cOU7ajhkme3lU9xAQv8BMhNiTHDFLIkXLNMygakYYp9XIEZQMZIeM1XxW5xgHKc/565MKNPBkeYqu4NVSjtTxow3KoFb3iRU7DUUPeLeqW3i+1nkLaecWhXAAvsr76xpWPc3xCN8CEV8ZJ0xOGmo0GR17B80xgFnhi1VxGNUdms3efagjF93KLLX+tjxkpgHfqUZBfWJutI4KjiJ1yKznXp2EbipIuG3M6mRGUh77g1c9ZwfZCLUfW/+Q32+7GPSwhUpcaYUPykMang==
+ott.			172800	IN	NS	a0.nic.ott.
+ott.			172800	IN	NS	a2.nic.ott.
+ott.			172800	IN	NS	b0.nic.ott.
+ott.			172800	IN	NS	c0.nic.ott.
+ott.			86400	IN	DS	39925 8 2 EA35CB20303CA3E610C87E77947BF04693F3E14933C59A60BEFF384BD0CA0654
+ott.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vhslQvnn0Cc+WadpLgS4GmgSiyMstpwDAP5nBwZb5tA6yguGcmFLxy+onMTxq2xprbCYdARzPeK3n6FT2JDL3eJnafwVhPAGzU4GL8vyzGbwN5tdp2R0dBp4qITfZORkZ2eVBTzTwRWaWmA6Mywi2o3grdxp/V0Lwk/ADBA5vPaq8dSu5lKnwdtC/qQ7lDg0tl+RJclCocWrFoo62eIjgyOojcwveLz6l4/L5dFNalE8YRTmDnYn3KOIz4DhKk6oCTsocaozRUJ71zy8JrvygJg/Y0YTI8Z7155VYtQUOQcsLiBwfFtAHGB64M6ZBSZwzC6RbKFrwjYRxM7CifB7OQ==
+ott.			86400	IN	NSEC	ovh. NS DS RRSIG NSEC
+ott.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JnhpXIzyM/3QDkN9TpWJ0co07YFcFq/gstAghwE1whnvbPu/UkeI1AAVAH1h/LPAkarnOPvTAfVMWeU3kSS3KvAHu0TfEt4rxAUHSbY6+CTiN+9B5aFJRS73X3lJYz0ZPg7UkReNESjNIZ0pHqjbzrBzDbq8vBumBCuFjHrx0YpQI2zAt1451BnuYDHy4RkCImvtOesd9PxIHD0YnC2XrZ0qP/QX5IA0xWGGRP/5Jou/XaT7wo45lfZ2P4HDqBUIVhVNgo7DOKCnZGuZo0rbI5AKugHBWmoWXKaUuofIRRlCVLYRELMRN8Fi2S23FHkpI6D3NCV1wu1KMLLTLR/iqQ==
+a0.nic.ott.		172800	IN	A	65.22.92.9
+a0.nic.ott.		172800	IN	AAAA	2a01:8840:5a:0:0:0:0:9
+a2.nic.ott.		172800	IN	A	65.22.95.9
+a2.nic.ott.		172800	IN	AAAA	2a01:8840:5d:0:0:0:0:9
+b0.nic.ott.		172800	IN	A	65.22.93.9
+b0.nic.ott.		172800	IN	AAAA	2a01:8840:5b:0:0:0:0:9
+c0.nic.ott.		172800	IN	A	65.22.94.9
+c0.nic.ott.		172800	IN	AAAA	2a01:8840:5c:0:0:0:0:9
+ovh.			172800	IN	NS	d.nic.fr.
+ovh.			172800	IN	NS	f.ext.nic.fr.
+ovh.			172800	IN	NS	g.ext.nic.fr.
+ovh.			86400	IN	DS	24939 13 2 02A3F789B7D6C726513EEBADF7F64741FED1ACD57405339D9D50191C620CD914
+ovh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . e8jTt6CjNg7frr0z65phrnm+oeKm12MXycjHLGbpKtW3+VD4Txyxi+fPmBL922/x3kPjouvVMpd4slVsDQ542kW2GX6EokwSiO6rUP/9c7f4tKzt6keDBkYDMSlYOqI6m7runvVz4L3q2uBmWXlDh7/wQdpNe0JJ17/NbOqG0CDnLYyyIa/LXuyMUjIiByoKioZVCeJmkcrKnmfWJrDX/0rraL/q6K6/74bt59m9lTu4cpcIayFYvaoyaNXfBV1Fb6xkUDgN5lt+S+USvBjg3X74i+zDCGrJLidg+nWWprdqm6tYaXT+GiFMfAW+b2ioRZJ0ZJrraad3TSAOd56kBg==
+ovh.			86400	IN	NSEC	pa. NS DS RRSIG NSEC
+ovh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tG5wEfkIvm5g5MIHDvnl33nV2gYxHgIwg7GfUIr1SDz3tqq3oEyD8yje7AdQ6DZIgp0L08aUFRvi1KOeTXCgD5DWm0OqV+QM3CjseK1qzOUTImD1FM07x0292qDIWalW1AI7kgzbbifEEQSg440IViuKsw1qw5gAJ1i1vUG3bw5xUXekhap+r3LOEpfX+5MoJPxg01dFI+4J7kKQ+JfOGIEtVMZxbPc9G1N569H80Crccib877OaqcBtUlKqL1Hu5m2vT4NQmt7Vjw+DK9YiQEEEdtFMuKRmlCNUfsOzamMGUKvCvkuG2lYpuLdxyXO6Bhu+QMFo3ZlWEXibbx+p/Q==
+pa.			172800	IN	NS	a.lactld.org.
+pa.			172800	IN	NS	ns.pa.
+pa.			172800	IN	NS	ns.dns.br.
+pa.			172800	IN	NS	ns.nic.pa.
+pa.			172800	IN	NS	ns2.pa.
+pa.			172800	IN	NS	dns-ext.nic.cr.
+pa.			172800	IN	NS	ssdns-tld.nic.cl.
+pa.			86400	IN	NSEC	page. NS RRSIG NSEC
+pa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . or3wTMJ5+xMvB6Fo8uLNWYXvxGR4TcQ+yktupkLNLaG93rAwMyQGemIYZqMjjeHS2XJtPotk7ZXSD0vdgeFNkWOjEYnoCl0DMN+Ye7/ZwjqGHPIT5n9aqaontbbaojFpimJ7pGbXg/yGKUuetrtn8GKSTTxIQnO0E5vZ1bFO5rUBLXlucAp4Jh+OegMOlT2z6RSv002ZeMbF/EtG+h5L/ibGLeN1XRjFrDR3VfeU41IG2zmlHIBRYMHLYTWCkaYEo3w0rpnZ3A/H+vND4y8XajyHrcTyMrVZtY/IjX9Op/pPFfEcpu1Bf+nOLyODDPWZIVN+OZ22YGsYEs0UuPum0w==
+ns.nic.pa.		172800	IN	A	168.77.8.4
+ns.pa.			172800	IN	A	168.77.8.2
+ns2.pa.			172800	IN	A	168.77.8.7
+page.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+page.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+page.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+page.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+page.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+page.			86400	IN	DS	64712 8 2 9BE1303B86187DF7F8EBE1C51BC70C2BFA1BC12AB98383AC2A7D0E18914292F5
+page.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . c2GWf9pAfZ3NQXQMnh0fYXfKvhZL/WBktFT2/qTqljHRP/UA4kcEGCuw+Rbk92XkhbJqAwtN0n0xFee0xA9GOPMMQmouIGVNI2m/Lhck5FuCUv2o6unUit5aH4ySCOObEokq38V2uNh3/SywcAYzDErEyk+9DkTFdRqKyQTNAQGKwlgh7UaKyuYKjHfTKFY0p3DHpggaO+ehZcrDFOq8znFprg3Euhywtyk69zsm07YxjpCEBJnAtBdU+VWGbvjLeG2eZT5wQ1Ssf8zrzrfYircBia1PgXYqZ87FnPOTabKUBuEJ9m5kmY+aOnel24wWWeunoymWrEGBob04PPzyzg==
+page.			86400	IN	NSEC	panasonic. NS DS RRSIG NSEC
+page.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QQC96HIlUszE+TPY9nI8dHLCNyUqLirGgruQAO5dW2GTazJgsBJNsNTbHGkvlDg3myHWt3XrFmbynsOjwSVXQz4A7F/RZUHCppp4nC2GRCwYLnoYVlW4IezkHRw0Jkkfz79BPZUHH5M3T/g2bfY0P0jVsT3sdiLv2XE3bClc+5vCMLZYk2O4+lkaHqFUhhe8ErEI6+uYOD32Bp04hODEJDbqVPyJiIM5iqOwlfetr7TNSntoxr1E5jhOoY2Gv3YF6ONQ5vBUnCZJrDZXbU7gbqpUbx6r+DJu8svLvS8y4+GfSWB4xhFIp66HPzRNw1aeVCW+Z/e1h/MczvixzMrYtw==
+panasonic.		172800	IN	NS	a.gmoregistry.net.
+panasonic.		172800	IN	NS	b.gmoregistry.net.
+panasonic.		172800	IN	NS	k.gmoregistry.net.
+panasonic.		172800	IN	NS	l.gmoregistry.net.
+panasonic.		86400	IN	DS	45016 8 2 A4B88BFB2B883FDF8CA5630562061FD5D7979F203962D1F4C5A0C9D79C4D3AFF
+panasonic.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jEOarU6D+1aQer5vq8c3l2tQfi1z9gWSVU6iDuYdY8d2DFOP2Z6gYJk37uPZ1kTBhvJ7M4FInZPDQxKXEQ54xsYBl62f8kJvHKYSMiCFG3KcIZg8SvXTWnWm4lH/+M88KWJX9CBiOtRUkmlahbxL9eXlhkNAW88Dskx+z4mjajJkcp7SS1jUu/h1Oorm7ivq/smm30uWp3Ea87bZOoUTIdUXYxsXuUg/mN4XmZ/+9u9l/K9SLHHzu/d5VNn51q7Fen0MI7IN/LwIrvWiDWWU60cYQ0IRcAlmINp1vond2cSUPZv/9yB6eO5w7PhryYM9aPYxJ8GWo1lqxUiXWM7TKQ==
+panasonic.		86400	IN	NSEC	paris. NS DS RRSIG NSEC
+panasonic.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BLlYH/xBz9Iy1ymoXJvC5NR5MKWdipfphM/bVNDo6EwVJemm+BitOLi/kIxCNDYJRRgGg3MUO6iLFg5rzGkTgrFVYtZDeV7DdaPWP5wotCAxD/4lwCDXYoQXp1L+vcOl1shkNW/orXeazUFDpJBhqcXRRcz3jzvhFnJeMiWgm2aUD2PTWATJ6y92gP96uR4FU7Wgu7qIXnkBr+fs6Vr5+ATwAaL9Ex/vXkTSKKpfpjJP3wiylieBNDf++peR2F6nvVPwxMCoA1jgyWjt/3Yj9Vx/0ew0P8cDaI/b5GlFi9Aq+QF0SDa5m5r/yx8aAF89rE2EinuV95b6GY2DOHAcjg==
+paris.			172800	IN	NS	d.nic.fr.
+paris.			172800	IN	NS	f.ext.nic.fr.
+paris.			172800	IN	NS	g.ext.nic.fr.
+paris.			172800	IN	NS	h.ext.nic.fr.
+paris.			86400	IN	DS	36157 13 2 E9AA567B3FFAD9AA9F2C6A0BC0B7FED6D338C5150BD5627812A5F9957969C37D
+paris.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sy1qtHsIq/c1oBIszj4Oz546wvdQIrTScWZ/7lYZj5IcRXssmgppQYk7GoSFXsxSzSVAP5Q993FXZ9ROEEAlQiDxruhLEFnBG2sYSjaQMqcXAnyNgOicOM6A3ALwkLg4w1f5tSPVqBqWhYXcQdnHYY14pFYm/a1hVVJ9gOaajbz/ObTH6eZHXjADEIWMToe7OaTbo0ugv1E1b6Z/FUF+QNRhmx4Sclb5vIzIlSg+jYuHvkBUFs1RrU0A0Wo7Ii4GzGcvbr++pmzJnSPM1GTinJLVuATnsh7C/vz11ripNuVyVxg/kfO7rjaNCuWCyez7HdtLRpOIl7xuOjJjaCkfHA==
+paris.			86400	IN	NSEC	pars. NS DS RRSIG NSEC
+paris.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dtE0tyf0rHo/uycXbUA0siuysSvpPph0ACxliyYYDvWl63lXutdNEobFIr1USon5M7in/CXJQbNNHYvNMx4K1CqLKoQbfYcspJ98BfFSVkFK/6F5/YS/gaxoxN1NaXzYDdFTN9aOCrMxumpREsyrHZRfYrpA3ELU9nnK/E35jhUcNTXX9d2hE8D5Bi3hptd10y9F8sEEtT0wK1okmsCEf+bZXsdUsnqkFo1fIYKHBOhF8+P0u+boElzQbLE81ZP0N7Sd7NdS3ght1lcJ3wFtEeyni5iE37wRzAh239UVR7xxmM213dh1Lb2mz5prfOAV+dpY3SkldC2Qm1JsjTVUtg==
+pars.			172800	IN	NS	a.ns.nic.pars.
+pars.			172800	IN	NS	b.ns.nic.pars.
+pars.			172800	IN	NS	ns1.anycastdns.cz.
+pars.			172800	IN	NS	ns2.anycastdns.cz.
+pars.			86400	IN	DS	2911 8 2 BD1468967B866D21C106F1A2B92906604380E7787BE97AC2855219DDE2CD2285
+pars.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . G5q/wRxAqqA2JWHGw3nT44yf/BDwh0X99X61bdLpIAkNzTChYy/hqYrrEDF2G05i8oX9rkFlFGNWo/VXgDse0YWMv50muT9+6dgHjItYd3joRO9I9PUm+zC+6jr5mS16KFkD9sn1MdVT5dRBZp5uCJfO/zjl5wSQQbQ1mGkJUb0nkKEQ6WxZ5Fx6MkueZRPgEetuYzAaNo9bDugYIO5LAx+8iDDpsmNz7Nm8fq1JIq1Cwb2/b1HTKbI7+h/o58opxN/Vy7+VvyLrxFlheOhVGuQu213H3wLo36mfEwaA22i5YosSGizI+pwc/fZUnKoDOwuIjyz5J/je8MhdRLH+Ng==
+pars.			86400	IN	NSEC	partners. NS DS RRSIG NSEC
+pars.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uX/gbYHtLSwIre+tTt4iRNapCoQ39QEx102YcdyZZWxDR5vY+iEaTrFWqaXM9lve9lpnzz5xkvfYW418fv1Ov3cW/KuHDo4OqGTgNyBj2M7KYsBrK8j1LKHK77p6GyCugQ5UVzYAUXO3MJIfiFHQW35iR8e88fcp09e8DLlPVUbI1fUktsfn2+zV7lrr9KNuj9GXrYnBT0GshqjURxhIDSQ2Mwfv1FjvqXbaYM+glC6rYMDliXUo5q61/euHUUAYFdZr5x7nmAU+2UAAGs+FvIeWxTJus58yXrGrjjn3Dd/kZhjjQbFx85cBySlKY/rbtq1ytQbLQPiOnSvT4mRWbg==
+a.ns.nic.pars.		172800	IN	A	72.0.49.5
+a.ns.nic.pars.		172800	IN	AAAA	2620:171:a01:ad:0:0:0:5
+b.ns.nic.pars.		172800	IN	A	72.42.113.5
+b.ns.nic.pars.		172800	IN	AAAA	2620:171:d01:dc:0:0:0:5
+partners.		172800	IN	NS	v0n0.nic.partners.
+partners.		172800	IN	NS	v0n1.nic.partners.
+partners.		172800	IN	NS	v0n2.nic.partners.
+partners.		172800	IN	NS	v0n3.nic.partners.
+partners.		172800	IN	NS	v2n0.nic.partners.
+partners.		172800	IN	NS	v2n1.nic.partners.
+partners.		86400	IN	DS	27907 8 2 DED4DC046E9D9F9250F766BD987E6268D4C82333B9835A520AA311DF9D3C0948
+partners.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fIpurQ5UkB6b47+w/37vx022386hGj9g0kaig1USyZSpSbk5XxKLzM8bi51yrv4cWfRK1mrDvO3/VWqYFGpoDEyajTLNgn07es0OopVaQ6TnMdfLBAqpndVsafsvzQXlLz60QfEqhMi9o/8KiHtxK2oRX3YmMZ/JANn6id9B+gwACPGY7IgKzcwhuomcPCJKYPTVHNGVIfFomCjkusDPi5cCYllt2LrN4cQ7GZnnapWP4aaCCws2JHLE0h9S7KZ+7Oh+2rgrbTLvKUawTqW93lYx4ZK6EOtXSgQ3iClFtk7EExEccrNKU4mmAHQgeyPEe36kWnOW8KV0S0QCPTjDEQ==
+partners.		86400	IN	NSEC	parts. NS DS RRSIG NSEC
+partners.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Kxt4T2rqgLGhT6CVUdc0rcc53G0vBPio4zH3+FFJ9fthGjjNXA04ZTG0kuSg0+hOZz+ziinB9E2lxuDzuy1EwUAHhXoE0WyrgjhE1/LaRlRdV4bLy07pfVObGQIt8uc3F46vL5lhQJeGStjPoBjrJu39RkbEcwKDNuTCcbHCyKn4INdL4f8YgnsaTxCCCXBtukp/Rr+EAIRW6K8iPz3m7Z3gY/6sQPlIInb90bc3RvO76tfV12Ia0roc7jY9bvxbK6Ltrg+zwJ2xyqRkagZEmSnbv7uDuZBfOAnJzd4hqdwUnMzXfgTuviB+eGdpRiu/7vN4w0jEgi0JmYSvOhXrpQ==
+v0n0.nic.partners.	172800	IN	A	65.22.32.15
+v0n0.nic.partners.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:15
+v0n1.nic.partners.	172800	IN	A	65.22.33.15
+v0n1.nic.partners.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:15
+v0n2.nic.partners.	172800	IN	A	65.22.34.15
+v0n2.nic.partners.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:15
+v0n3.nic.partners.	172800	IN	A	161.232.16.15
+v0n3.nic.partners.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:15
+v2n0.nic.partners.	172800	IN	A	65.22.35.15
+v2n0.nic.partners.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:15
+v2n1.nic.partners.	172800	IN	A	161.232.17.15
+v2n1.nic.partners.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:15
+parts.			172800	IN	NS	v0n0.nic.parts.
+parts.			172800	IN	NS	v0n1.nic.parts.
+parts.			172800	IN	NS	v0n2.nic.parts.
+parts.			172800	IN	NS	v0n3.nic.parts.
+parts.			172800	IN	NS	v2n0.nic.parts.
+parts.			172800	IN	NS	v2n1.nic.parts.
+parts.			86400	IN	DS	24967 8 2 3FACB67C61427CAC01C712EA17C8D0E9EB74F5290A2D36311499C096578254BD
+parts.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . szfYSrbnulnqb+GRS0pIW8Y7wEq8VUFKo9F4jCoXtGYNU5zNWSpViWQZO5Zxc4NZ2wLx4P7bvOh7HucP+fuT+rskeYoZudCatg2ZBFiWMhPGHJHwruHa9sT8U65TKS8OU1wN+pZWpdNMhMdFEIhulvo8sJQt3vbFOe5Jt3vU7tae5EfJ4kAR++uFAthFM2ED/BfkgNQHmAxRTEvEfvx2WVQPjkIlFNKvwThzGv5DhZZxpJ/IpZvu496W8ax6vW0sDLZI3OvO81ozcNgeiaIhkX+jeADg4eHzrX80ASBrVfPKPkoBlzAbjjV5eIctABiSB8EX7T3F5SzOjpqT/DNgxg==
+parts.			86400	IN	NSEC	party. NS DS RRSIG NSEC
+parts.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JwEUjEkx9/ChAmmODF+RHI3OQ5gRhNIrb89slpku8JOY9ZcJOJ6CIgRPtlLIuTLr4iMNww1mbxSDgzHyQqVpPzwSat4UkqB6nDyB/201nADB1HzS/7jYyoFRs/hCCQFOsrqpDkkVMfjwKcUF1dbnM/pSWvvkkdWQXozuld1hfcFdc44klleC1tkDubQMIN6uhxDW6ZF/Uc83StMh/Go44whzbqBlNn/IMBO4oxFoglk/kDIAASIJMrixfG7Gznify1k/wx9i6SMp+EN6EqM54JMOyRSVKpN5JtdCXNLP1c7ZcK1hdvnwN75TvWJN/hApws6uLTAOBj5O4KrM387A6g==
+v0n0.nic.parts.		172800	IN	A	65.22.20.53
+v0n0.nic.parts.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:53
+v0n1.nic.parts.		172800	IN	A	65.22.21.53
+v0n1.nic.parts.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:53
+v0n2.nic.parts.		172800	IN	A	65.22.22.53
+v0n2.nic.parts.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:53
+v0n3.nic.parts.		172800	IN	A	161.232.10.53
+v0n3.nic.parts.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:53
+v2n0.nic.parts.		172800	IN	A	65.22.23.53
+v2n0.nic.parts.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:53
+v2n1.nic.parts.		172800	IN	A	161.232.11.53
+v2n1.nic.parts.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:53
+party.			172800	IN	NS	a.nic.party.
+party.			172800	IN	NS	b.nic.party.
+party.			172800	IN	NS	c.nic.party.
+party.			172800	IN	NS	ns1.dns.nic.party.
+party.			172800	IN	NS	ns2.dns.nic.party.
+party.			172800	IN	NS	ns3.dns.nic.party.
+party.			86400	IN	DS	55099 8 2 32AD9FD70AD1F66E62F19686F8DCEEED1B5EBFEA2CAF73B68D7903CF3321EE77
+party.			86400	IN	DS	64246 8 2 11A853AEE57EBCC64D5260DF6A693F26AA144D4777EBE306F83A886A48F6CDEC
+party.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . O27HTwd24lKZ2Nh8pOmfnA6SahdhEspKy1k2V0VoQX0qPgjRDNmTqMJM9vZWOGTgDnmb6FqT5jue05ydbJ85FO4ObbTGqhk5CLFYntNsEcUGHN98/NXvxkaPaQuxNQ/YMyoxSSp5PQlR+wWet1aisvnA0YLJRncD0uUS/j33bpmj+JY0DJE/po8S70jPPWaCjWjH8pW97qmWvkn6XrVV9S1YDs2wjjlkyARAnYKeQV4vRU7gggG0ruaHGi+SsnkkmUl7XCEf6Kj4YBjvJpUzElQYD+xE8rBp9A5i4ibsaPpSEawNicDH/uNgDmc+4uOSjNwjSNMJHHO+NwjiT34PqA==
+party.			86400	IN	NSEC	pay. NS DS RRSIG NSEC
+party.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gUJIDXMr9/Auh6rPKcu8Vo9/PTgvB0vgno/q2yGvO8FaeaAiBubssPg91g9YCtqiZ5rJDe0Y9vHdfAsSXADAF750S8O4JqS+7da1peL6eZTldcUne5HG65G8YM++d1XLOHBYHGya69rpF0xNsmHn3eUpVuJtb8Is63CBXvZJ9GXz9bwvRSk9XkACVhSTH5fYfABbGOQ7wrV2gybwIpHpmi/ubElKL+SD+zN37X05fB+APHhT9cHoZo3UWo+Nw/YadYCkO6HwfSOnLrCPcd4cHXXHUMNXAGhsbVY6PY8WbMrwgDsRKSI+qZm/iehYPzLNW3t4oPxd4g+y8Tcc9TsN2g==
+a.nic.party.		172800	IN	A	37.209.192.10
+a.nic.party.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.party.		172800	IN	A	37.209.194.10
+b.nic.party.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.party.		172800	IN	A	37.209.196.10
+c.nic.party.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.party.	172800	IN	A	156.154.169.24
+ns1.dns.nic.party.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:18
+ns2.dns.nic.party.	172800	IN	A	156.154.170.24
+ns2.dns.nic.party.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:18
+ns3.dns.nic.party.	172800	IN	A	156.154.171.24
+ns3.dns.nic.party.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:18
+pay.			172800	IN	NS	dns1.nic.pay.
+pay.			172800	IN	NS	dns2.nic.pay.
+pay.			172800	IN	NS	dns3.nic.pay.
+pay.			172800	IN	NS	dns4.nic.pay.
+pay.			172800	IN	NS	dnsa.nic.pay.
+pay.			172800	IN	NS	dnsb.nic.pay.
+pay.			172800	IN	NS	dnsc.nic.pay.
+pay.			172800	IN	NS	dnsd.nic.pay.
+pay.			86400	IN	DS	62576 8 2 DA12C17AE6EFE2AA5782C2C0CD41BA4A845AD04E2AEA30A826418B4490FFB264
+pay.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xG3hQxB/LPHmt+TG2W8MYoS5b1QP/8xzdtxt71xOr99DjYoj2O2CJhmCuLlhlSuzq3ie0ojlp8rSyOGzNEysVFql0g6EStuj1lVipaH0xsvPwwCtT7g61SBeQAWr59Wo3IXWCiV6UGJe87spnm2llYK4o+qtipLNAS1sdwSIyopLm9BeJ9d71oNmUuxwPe1Ax/FZCWmTIQR4YYeklZkRhIHyESL8XTU9g+yHK41zq8A/+Ko1C2yKx/1yTQu/eF+5b6jfMO9LYYcz2umhQMKGBHZ4TMTKdQxbUaDbb+xTi+rt1VzjT11w021u+pd+8eTF9UZAyWTXonr90MUEA7pPvA==
+pay.			86400	IN	NSEC	pccw. NS DS RRSIG NSEC
+pay.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Qc6P+PDFRDsvcfDl9j5d9CpA1VFkjw1nMeDmbKD/Qlc7BmrCDFRsZ+665XqrGEaeWO2Ly+6BLHUsF1QwutS5Wl1lGgbwNsqXS5usG4R6PF/qulkIlco7+miVQSu/k8DNTCMZp31U0gRHgLo7bVVDl4MFao0FzEvYE6f3uQDyWJTevin53MA/kMjR3eLbuB1zNZqzhOS3+7YYYJMursSTjOkxIfriJFyqCNcXF+TdJvHYCJoEAhV1TyZ5xbadeg+fh4nIutdcpIi+eOGR5thOIrL/44bMq6D0EuwrHGQs7qkV0RY/hcPUeriGY/3SKPmaDwRkydTpEQrviCjzD7UjBw==
+dns1.nic.pay.		172800	IN	A	213.248.218.74
+dns1.nic.pay.		172800	IN	AAAA	2a01:618:402:0:0:0:0:74
+dns2.nic.pay.		172800	IN	A	103.49.82.74
+dns2.nic.pay.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:74
+dns3.nic.pay.		172800	IN	A	213.248.222.74
+dns3.nic.pay.		172800	IN	AAAA	2a01:618:406:0:0:0:0:74
+dns4.nic.pay.		172800	IN	A	43.230.50.74
+dns4.nic.pay.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:74
+dnsa.nic.pay.		172800	IN	A	156.154.100.3
+dnsa.nic.pay.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.pay.		172800	IN	A	156.154.101.3
+dnsb.nic.pay.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.pay.		172800	IN	A	156.154.102.3
+dnsc.nic.pay.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.pay.		172800	IN	A	156.154.103.3
+dnsd.nic.pay.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+pccw.			172800	IN	NS	a0.nic.pccw.
+pccw.			172800	IN	NS	a2.nic.pccw.
+pccw.			172800	IN	NS	b0.nic.pccw.
+pccw.			172800	IN	NS	c0.nic.pccw.
+pccw.			86400	IN	DS	43702 8 2 59E6008039A16F566F18227380A702F8168707059629DA13CBFB9D1203E5EF93
+pccw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FU9EQhn6rYhRqi1i6lkNUHwA58qDUkQuMj3M3Srqe23C7d5PqUZFo5SqiX87X85lck3BiwtkMqlJNOBbiMPP87G/mstUeo5wyRMxUiLTBpz3cRqyJ0tblwK+hzzrtxmfrbF+ZeCPEyWftmgJYmRvZ/ZYAJ1BormVI9OuLM7OtMgI850FA3gBc+LwcXdHAJKXByIIugtZ2HG5HEgVmjmzCJUF7v1bN70Nfb4fyS87vVlM4GFiQOMwfnSBkw1Tvkih+oqwwr0eA2CdcEgu9kN8QPojEcjARkGOiPDeWEnPIOVpgoUwgVUnxIJZvUUDnAeGcfZSSr0grI0SiMmnK2LUhA==
+pccw.			86400	IN	NSEC	pe. NS DS RRSIG NSEC
+pccw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OGL5qmxdF1MVUuN7Fhbv2/Ie0ZEYCIs3Namc9ktqeYT8JrLjmDHGVOHfzBl/wP4KWpk01OThmCEQzbH/4Vl7G4bY9kKfG5c37Ku3bZi/A57ZCDTBi0wJf0ZvvkkduyeEuXw3oYxHJ/BJy7p4eI4+nJ8pTGr5wknyXnR38HmxZF/yPwvkZVg9/eixz/3WGF7H6a8gui9KR1kfC4uelShpEMF5hc3wE0598nUEydu6TIQt0lZu/yRcDQjzIcCZExBtm/NdUhJb6ahnbwceimW3EK3xIylVYgZNGoKWshvBAw+FgRhqjrFsuXMtuWVHcVX3o3ZE3q5nfuakQe0Sz2NknQ==
+a0.nic.pccw.		172800	IN	A	65.22.116.41
+a0.nic.pccw.		172800	IN	AAAA	2a01:8840:72:0:0:0:0:41
+a2.nic.pccw.		172800	IN	A	65.22.119.41
+a2.nic.pccw.		172800	IN	AAAA	2a01:8840:75:0:0:0:0:41
+b0.nic.pccw.		172800	IN	A	65.22.117.41
+b0.nic.pccw.		172800	IN	AAAA	2a01:8840:73:0:0:0:0:41
+c0.nic.pccw.		172800	IN	A	65.22.118.41
+c0.nic.pccw.		172800	IN	AAAA	2a01:8840:74:0:0:0:0:41
+pe.			172800	IN	NS	a.lactld.org.
+pe.			172800	IN	NS	pch.rcp.pe.
+pe.			172800	IN	NS	pe1.dnsnode.net.
+pe.			172800	IN	NS	quipu.rcp.net.pe.
+pe.			86400	IN	DS	7981 8 2 7C4B12C0D916694718131C7B7607561393FB86E2A3159CE7A74EA9E29AFB26F3
+pe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ngayBNt+CDoakAwkDyvU8I95ATbpn3DwfesSE4uvzww5UaOtYMQPIJJ/i5rHIabK5sNAQSP3aWyLdqP4cM1W8oYMHRbk+uBB4ub4EilKd/fw+NXFNk2mk7S6vg+lTJvDAR967Smc6i1oCiewypVfQp7Ge5hIaLkWQ8jSAg/JexzSh0ZwhKigsDp2qgUZ4QqjojHhl9CMnYZMZXAhgY780ZShUt4ecdqUD5Wf/ULgks6Mt9LyLCzsoKya2YL1Z/PXbZVixxuw1yYJpCKzRXFwYqFLQ7V1OFGVZJLS4VvmJuKpYye47U86QO2PgB0N7D+s11e7n4Xt6U7T2v8uiyzlPQ==
+pe.			86400	IN	NSEC	pet. NS DS RRSIG NSEC
+pe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tzstFgU1sLTiMi4Bcm0gtS4WVz6uQqEDSukVP9UYb4WYtmC9VUyO6w2Y26Al0z4Btv2p9THVVHzHm/EiVi/y6ftP8V7P2qMVm6u0SdHAhEUqo3kQ6T5OV4RflTXiKPotzUVG7lnKB1Np01Xh8+51P1oVIwJDUn1eZvZflqn+B9S4SXoBKWjlHicdbuPLvcQj7GfF9yPCmmrrLGyvpIc7Y4pJCoTl2vZv7dY0K4GQHn/GNPL4mC27KxGgA2j+8ayD+Rc6n4P1yW9opyvLr3TQRqCFvZQpQRkdV7LqZIeB3dc1A8fYMeC3AO0aEfOlugDefEvMTsYwX3kdqOyGdbwRHQ==
+quipu.rcp.net.pe.	172800	IN	A	200.1.176.4
+pch.rcp.pe.		172800	IN	A	204.61.216.85
+pch.rcp.pe.		172800	IN	AAAA	2001:500:14:6085:ad:0:0:1
+pet.			172800	IN	NS	a0.nic.pet.
+pet.			172800	IN	NS	a2.nic.pet.
+pet.			172800	IN	NS	b0.nic.pet.
+pet.			172800	IN	NS	c0.nic.pet.
+pet.			86400	IN	DS	42856 8 2 EE6C6C84EFF7B00EB70D9BD8A29CEE8A04D29D4D006CC1F61A95FFF873FDE974
+pet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EdC8E/DKjd5eJGxh6szOsgJ50Oi4pQJwWWJQqhxUfRy8js5BJcE7/clEkaSmTYm4XIDO3+TiyeJ9liZEomE8q4ZCjHwQGhrFiQuWqhUSShV8dH2NhhwduB5hPNeHMaBB0FPkeDZG6bkOLVWOanYMoHEiwoJta4PoAA+PBue2NRlKfskimP+dl7SHvYzpFp1ZU92/BUn8czuNqLRMgb5MNefRQD1uasrIS4ejLSXfOFuNhGLAyg5VjdRKPC4UtcxtzYPp+j4hpOYFetIQH/eUKlOEtBlRERK4lvoJF1yyxco+ynFlxvU+wTDsC4rGOv/4+dMgyU9UWFjD1C9elDqRuQ==
+pet.			86400	IN	NSEC	pf. NS DS RRSIG NSEC
+pet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Nm7phq9AkPVMBoX5DIC30oBt4p8KDe191JaVFGRb2dsKvo/rPzcYl76Cf3ltxwwLyqzUVLm+1Ti8tftFz/7ugzht/UxPa3tcBbS2sOF4iOu7iCXFNNuH3fzXgWdlpwwddwpfHy1VJCKThcwZjP7LcO1dN5gaywQeyp33ocnYshIRp1IMrY6iVsKNIlcW6ApIy/b7T8ejpeqb5P6sPVyatMf5xlZKNhK/i9rsmCbzJULN722PTuOiTasXYzWs/PWcKKOLekbj4RQgIzH74IOtrOjevZZOkH1nrW/fNgJtn71gQT237DKeelql7J/LmLrqPDyDgqeZLSUlPPfT31Fo3A==
+a0.nic.pet.		172800	IN	A	65.22.16.17
+a0.nic.pet.		172800	IN	AAAA	2a01:8840:12:0:0:0:0:17
+a2.nic.pet.		172800	IN	A	65.22.19.17
+a2.nic.pet.		172800	IN	AAAA	2a01:8840:15:0:0:0:0:17
+b0.nic.pet.		172800	IN	A	65.22.17.17
+b0.nic.pet.		172800	IN	AAAA	2a01:8840:13:0:0:0:0:17
+c0.nic.pet.		172800	IN	A	65.22.18.17
+c0.nic.pet.		172800	IN	AAAA	2a01:8840:14:0:0:0:0:17
+pf.			172800	IN	NS	ns1.mana.pf.
+pf.			172800	IN	NS	ns2.mana.pf.
+pf.			86400	IN	NSEC	pfizer. NS RRSIG NSEC
+pf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . y7iU50IpNfOvgbQULg20BRdvmW9VH1CvYcQbne+wYDdKmf2lX8nsXO6GeRdHTW+pN0aBAAbNIlGi/KeF+SsdejS12om2llktr+bOftuFnjwYEQZrLoptgI34xhtK6eZ25QGC5KDaq6fDomeGPbtP+8B2qkacOEtS1c6Igkj9lt4uxACWw094K377BaKhzd5TAUJ2Bks3siddaWLrTDmbpbVXsp7fPdHnVfoA63+CWLJlheQj92cMm53FivS9O/jLn/E9SmLm/2giMSPr6wRe982SlHBzafcN2s44eb5egHhRaB9RuY2zMZmOy+sdOo4T4ktr3Ebj2nUiLJtF05slPg==
+ns1.mana.pf.		172800	IN	A	202.3.225.10
+ns2.mana.pf.		172800	IN	A	202.3.225.20
+pfizer.			172800	IN	NS	a.nic.pfizer.
+pfizer.			172800	IN	NS	b.nic.pfizer.
+pfizer.			172800	IN	NS	c.nic.pfizer.
+pfizer.			172800	IN	NS	ns1.dns.nic.pfizer.
+pfizer.			172800	IN	NS	ns2.dns.nic.pfizer.
+pfizer.			172800	IN	NS	ns3.dns.nic.pfizer.
+pfizer.			86400	IN	DS	46210 8 2 9166664240F37692A3886B0566E05220D43A364B2FEF2581A905EF5833414BCB
+pfizer.			86400	IN	DS	56779 8 2 1DE9B797AB28F75B9C00723C2308ABCAEA91BCEE49EB2A4470EFC123613802C6
+pfizer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BURa8fysmH7t1advphtCWW2ShnVmtoAFdBdxQkGpkedMgUhuqHOOTh0OaDNb3wzEtKGuoE8bVybxTRbCg3sozy24GquB1f/77F6wG5eKsaO6XdU4I7FwwzzmOb4KDgGvoaoMRz5UXoYiWaeH3qKevq2d6cvXY+eoPzkon11soFPDgsZguJXsEEGfGS7kZrW90fkRTRTLiQnik9OWA+2KChsk7vw+dMxMODw7HcjEJH119akhyV9rhQ1aVZqKUdDLCxK4cFbBNoi37YHOuHMGVuCJM5qU1yRP9kK+D9g4q5eY6WxE23Xl7tnCoDoFPg1QIeF/LDaG6nsgKkpPniBEkg==
+pfizer.			86400	IN	NSEC	pg. NS DS RRSIG NSEC
+pfizer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dGv43+KR9e0OsUAs8JDIMPGizEonVDQJUOXH5R87W6RlwewJTCMC8zAbuJ15Pzz9tEP3BdgL6R+46Mz1KDFRayI4WCrGraiwq5SBMzfkwxHEgxX/tQ6ttHri7zAhXK0KMMhy/+sBFDUIIcSRqUqMyPNiKi1Q0UknsZ5VOhWmJEQRmnrNmxIzr2RL5MUXEEZbgXh1cVPKME2GGf25hu3YAwQjiQktlNJMLCgSzVmwxzKxITbQRolRoiyseYyBHhT925XSfXucifLu0R6+KHxAYLZsV2wGID4+1NeneQE/IMykoZQbyCWe44+gdbuFsJGC1u3Srfohf7Joa7ytQzlhVg==
+a.nic.pfizer.		172800	IN	A	37.209.192.9
+a.nic.pfizer.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.pfizer.		172800	IN	A	37.209.194.9
+b.nic.pfizer.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.pfizer.		172800	IN	A	37.209.196.9
+c.nic.pfizer.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.pfizer.	172800	IN	A	156.154.144.134
+ns1.dns.nic.pfizer.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:86
+ns2.dns.nic.pfizer.	172800	IN	A	156.154.145.134
+ns2.dns.nic.pfizer.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:86
+ns3.dns.nic.pfizer.	172800	IN	A	156.154.159.134
+ns3.dns.nic.pfizer.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:86
+pg.			172800	IN	NS	ns.uu.net.
+pg.			172800	IN	NS	ns1.tiare.net.pg.
+pg.			172800	IN	NS	ns1.unitech.ac.pg.
+pg.			172800	IN	NS	ns2.tiare.net.pg.
+pg.			172800	IN	NS	munnari.oz.au.
+pg.			86400	IN	NSEC	ph. NS RRSIG NSEC
+pg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V7/fvwsMdmXVtER61bW1NXJN8ZpPa+3H+2p8wZxQMNPwOHwXDkDqYYekcaeQIJMwiNeabkqbxKevfdFxdWvQxu6sS8dX4tTpVTZslgi82HCB8hOmXRtojt0WXb5rjHpXzx1Svgb3IYjhXzasxTdcgPVzOaj3x0+GiOzn4ALKZi0EI9AQhp3ZepiSApf40ZNP4Bvn9wcFcd1O3G0e+zB2ljYZzTycjNqX/N8IIUobRzJpJGZsONrMtU7kVzFXJXNHVhjzms+Mu812stu2amuTPbm50XHcTJVZBGfmYdaqWfLMXpsqFPAS6X+PXv4FBMg4LFy/aSn1NvNF3uSYMdn4qw==
+ns1.unitech.ac.pg.	172800	IN	A	202.1.32.49
+ns1.tiare.net.pg.	172800	IN	A	202.165.192.23
+ns2.tiare.net.pg.	172800	IN	A	202.165.192.24
+ph.			172800	IN	NS	ph.communitydns.net.
+ph.			172800	IN	NS	ns2.cuhk.edu.hk.
+ph.			172800	IN	NS	ns4.apnic.net.
+ph.			86400	IN	DS	29122 13 2 0ED5C93074522F903DBB7FBAD2866CBE7CB67F15F0E5B54013340B57C1BCD509
+ph.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UCtmy/3IaeCqiYPzl/Oj9X4ZIp75gUFmfzAMje4dICkfHRHeKb+I0jKfPAYxuXAB24lbXy3kNULK/6EMxF5gmTDTzAN65jEsf2VDSkkbqOIyWCNUSBh7qTdNyKT6BHCZpHUKn6aDwVxf98Xj7jmGa3kZByDKPGO/aXsK19JKZJE/RcilMbQTY0vjkYqGk/ZDZcHbL0piQkgBiV1ckDqaUeBfXofPykmVjRePZgyvW+cXHcn+/SJjt1oc6MTUMZKopJchHapswlJlhGN/Bil7jZR3d9argbnR+0Aj8XPGSpszQzYcoefcIUlbmTqokSNDN31UHd2BN6IRWbppl7I2dA==
+ph.			86400	IN	NSEC	pharmacy. NS DS RRSIG NSEC
+ph.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LvoMPntok1q8gOw0TBfjgdGSCt3t4djRwVNYudJgetZO3xvF+UwAC2ja6P3TQFZMMJHvZ/JgLF+09zuTyh858nOOur/cWXioaJ/he533cn4Xmy0RKKTWsXvlRkF2v1M9okk5ECiBZwTf9m0nJfgDqSnKFIWVUdhMhm3vlrHI/bdxoupua28T9wpdeu0Erw1UT6j7m/Pn1G1vFOzIVT6ZlvPpQnRGxiONV0UAxXSBBoJthWPV/iPCn2hkxc0ny6KJGXg7MYFYCVPCpWPWbga/uHxTaxSlohbAxr5x219XnDvFyjy0diZGHH8I2WY68JsU7gaGnEfG+LHPFjtTwssJBw==
+pharmacy.		172800	IN	NS	dns1.nic.pharmacy.
+pharmacy.		172800	IN	NS	dns2.nic.pharmacy.
+pharmacy.		172800	IN	NS	dns3.nic.pharmacy.
+pharmacy.		172800	IN	NS	dns4.nic.pharmacy.
+pharmacy.		172800	IN	NS	dnsa.nic.pharmacy.
+pharmacy.		172800	IN	NS	dnsb.nic.pharmacy.
+pharmacy.		172800	IN	NS	dnsc.nic.pharmacy.
+pharmacy.		172800	IN	NS	dnsd.nic.pharmacy.
+pharmacy.		86400	IN	DS	13921 8 2 D24B9704B0642E8D9EA7CF6418C9212883ECD172C5651E89501C04724DA8AC00
+pharmacy.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lEcEuQ4Hvhxj18zn3+L/pAmtGUbaS3jliz0YCYHmCwtQbm12RZ+50poD8NIGELF9c4HXGjobZr36Wd+5FKY17m+p3GTUimZnrLF+m2LtC+GssVWBnftkn9hh9dzgaeZF/fK2oL0Jc/4zJovCE/hzfmyeP/V6l+yzw6rp9jLZveJ9g1lnh/66GlVa5HMf8R3UWnenww4WEtGERXPpjBLK1+STpgcBwlfYMPBW5Yg8J5DPNoGiinpSdZ+jvpWtHj9Y5km1DcmIzlw6UwrqOCezbSAh3DvjI4tM5XfpzWU7U5JfFskAD6GEe/O9SAYYBbSWIGLkeVovtHdj6nvURlAZEw==
+pharmacy.		86400	IN	NSEC	phd. NS DS RRSIG NSEC
+pharmacy.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wCWR5xk7phxz8pUHJXYwMLbb2YdlXGMWDgmAHfpiD9v7CxiL51Zjxdbut0Nfu1zlQVLrVVmIRkVnGKt6q1gpoD7nIHmv6uOhiySn2WTPvc+CLP0ClvkB0NKxzBs2cKLab18nJ8dpiS8Ne+gim0e3SC9N7y8NWh6hwW6MXYjy1gFkyPV9aitX8NRKimycf62g7LUottse+GBMsGs45GPRxcuKbvWIAkm48a/sstDfV59AydR+FjJ++jqRgfY8C6OClv6VH9c9DoB0KtMIWKbeibODAs+dpzglZp08Nd1ycRERKzzA1R2e9YTTKlWEyxMFv+xa8fgxtPGVc7h5Hkm+zA==
+dns1.nic.pharmacy.	172800	IN	A	213.248.219.45
+dns1.nic.pharmacy.	172800	IN	AAAA	2a01:618:403:0:0:0:0:45
+dns2.nic.pharmacy.	172800	IN	A	103.49.83.45
+dns2.nic.pharmacy.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:45
+dns3.nic.pharmacy.	172800	IN	A	213.248.223.45
+dns3.nic.pharmacy.	172800	IN	AAAA	2a01:618:407:0:0:0:0:45
+dns4.nic.pharmacy.	172800	IN	A	43.230.51.45
+dns4.nic.pharmacy.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:45
+dnsa.nic.pharmacy.	172800	IN	A	156.154.100.3
+dnsa.nic.pharmacy.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.pharmacy.	172800	IN	A	156.154.101.3
+dnsb.nic.pharmacy.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.pharmacy.	172800	IN	A	156.154.102.3
+dnsc.nic.pharmacy.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.pharmacy.	172800	IN	A	156.154.103.3
+dnsd.nic.pharmacy.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+phd.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+phd.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+phd.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+phd.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+phd.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+phd.			86400	IN	DS	38734 8 2 DE93541823CD232C5934AC0A420C0D90949C04020B6211D4C94D588CDC9FB8D8
+phd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VMP1BvrbiOIElHWUuODbxmakn2K2DP0sPTL8JhOMtmOT7mH7dITzNJUwag2p/Cnl9nfWoJQ9zrWuyVktVI8sq2o3QycvfvB90XHKgT6hPwCkrMfKd8u4fAB2bYDIi4L6bCNLd3r2bM9rSeq1QuPZcq8poUdBWgxC/BP6epDIXjbAEKF5Wx6sjsj02THw3lF+9CPT2QGxrQiy40fhwZAW696jKJ6FG1ixeoEeXj6B1ztxMIgjjrWSfKM5v9RlMMHmtn2mZ7/LJVj3bgIPgZ/Cp91Sz5yhzt1xjxwV54CdSwOhlFlC6CrZ8dJJYGPsdOASYCwA4Fn55+ieWIO7w/WZvA==
+phd.			86400	IN	NSEC	philips. NS DS RRSIG NSEC
+phd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j9OVU9jNjZF98CWWy34nv6dwu46HAEbotPBkzMqbfhMuFFF1O2/h0CM0s/6N/Q3jTG/EW+fPmSFCEgHjBGLNn0MP4Hn6W2y8dVoym0je7Zh35yNOey49qKARiegSTxwk+XvYKaJtAG4Q+CBtvm183Fh/ioTwfy8EX5meKeNgQudiVOAM2mxwMTqBm1M4h2JMXAlbJAAdzlWeEEOjkNrlxIh7sEGsvtj5te1B5O7JY8aZoTIeHf5PkoJ0fGe5ViyQNE55upQZw8oxbTju67Pf2d5WwBZ4WP22J8EeeB17hkbh7DLI5dyyz7N98MtGjgrjEjj2vAKwOA/k+6ZOYNBzog==
+philips.		172800	IN	NS	a.nic.philips.
+philips.		172800	IN	NS	b.nic.philips.
+philips.		172800	IN	NS	c.nic.philips.
+philips.		172800	IN	NS	x.nic.philips.
+philips.		172800	IN	NS	y.nic.philips.
+philips.		172800	IN	NS	z.nic.philips.
+philips.		86400	IN	DS	3100 8 2 FA65D969B695C8E73DDC89724CAE9D83E352B23B57CF5571FD711E2627026638
+philips.		86400	IN	DS	40792 8 2 C71972943A57973E364EAF29F7562F99CF426F5786E2BE3F28F7DA685CD47059
+philips.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NZ4lEhOLpIlnKQWe71Q2RXo66FqRqfDlgWlHmaibGk65KpcawgOwiWFl6LDUIntc/viPUPTYw6c9uhkooQarrzdzJCGHk6T0E/rrq46dRJkyBxOPKDYAihGd3dobRB/TVP7jKojfpht0ycWBXTTPRbmcoJ88pcLOQBzXcy9WOuHa6dbn2FaSIgWJF/LMRiC4s6pOYrrjPBBwvzF7nqV2FCa7jxjakWrh5rIqCxdzmOBnJuCPNDrd9moP4LqsiVAtz4TtPtf079Ii5ajBGiEr7cb7j/6ameLWkgVW4C44dKAEv7/DXUPicdTxvbAqFY/sdcszTLfKki8LBDAtzwNYUQ==
+philips.		86400	IN	NSEC	phone. NS DS RRSIG NSEC
+philips.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aWIDJENZxTjDAL5siwn7DwkQ+ndrBaxB2s65Daa9W19iWCxseH2ENGVRyQ+cKuVLfb8R0TNoVKKqhQbCtJKvxUOQzkZJoStsM2oU5upsV9tGydc0zdnF/MPhE9ALXfBqOre2kA5kD4JXQe496TzYEKgP65WA9MAwq1wty8yG/GmWJoKtVmdMCDRbt5xEEPBaXGeV/yBukWXmyhHPcFqnHAYfE6ychdF6EZRxudxh4/d1C3hK5NAsstFPfB5dZoJt9Q/5aZQ5vZ2yznuo/qCXEFmwqNmBG+8zwJwrMcJFj1k/O+wjsG6JxWBFOLKtX06tU0G+mrNmdlId6uGhncxcdg==
+a.nic.philips.		172800	IN	A	37.209.192.9
+a.nic.philips.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.philips.		172800	IN	A	37.209.194.9
+b.nic.philips.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.philips.		172800	IN	A	37.209.196.9
+c.nic.philips.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.philips.		172800	IN	A	156.154.172.82
+x.nic.philips.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.philips.		172800	IN	A	156.154.173.82
+y.nic.philips.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.philips.		172800	IN	A	156.154.174.82
+z.nic.philips.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+phone.			172800	IN	NS	a0.nic.phone.
+phone.			172800	IN	NS	a2.nic.phone.
+phone.			172800	IN	NS	b0.nic.phone.
+phone.			172800	IN	NS	c0.nic.phone.
+phone.			86400	IN	DS	18829 8 2 B7809834406510FCBEA1AAFA42F0BD2E7F4096BEE97D8B7FD5964CDB39C607B4
+phone.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D5LufswREKhUNlop9F5z4EJxMsXpO5kL+5x3IOtrj7+zgDX6OlQgYw+ZYfL9LmtASKnHfskIH6SAwMe+l1K2WjlnbeNksL3prCJTf/Kk+VCl4aJA13+2c7RAB6SZeVxAanShaCjCCWT+aff4+NMj6WmebbZKloPGDhzXF0OdTw6WJUHuvHKhwRqOogUgE2RHNYqTDA9d0C5HscEykUB/5KmNkJLYgCwohJ6ocjgFN41xhAM/yab7KfOlOzM686eL9CLrU+K75gGyF6QCaWEEe5k4Rv5LOVJ8kFms1i3t73rpcNAhFF+TLZMo8B4/vd3zrMexff7zqAzxPM37PefD9A==
+phone.			86400	IN	NSEC	photo. NS DS RRSIG NSEC
+phone.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Eq2D7nWg3BKapDOesvJDMNV8F8jLwOXQhnKUpHzrjY5/+Y0LpW0kgeUfAK8j+546Q0WHEaIl6U3hZeqjQ4UxKDg54KLocn3UOu1Ac4gcD2HuKDqK8GGeeMU/pH1nnuPebFMCzseFaXn+/AFCRySeMutaBVtaCNg3U95ItwdRNYWMLsFyYqaDrEC7p674ZaFWEneBm1jZmtRkfBsrFDqdF5Yevur1GDMQ/I6yTL8WfKw0LiIauJFvrshz1Cqr19kbOdWlQOuaw7pVYzji72S6kzLN/z4LbDkpI6ljYL72mOvaujLM32hjEW9TpUWKCUi/tFhqNZLNLlpbcQnOrmdmpQ==
+a0.nic.phone.		172800	IN	A	65.22.96.17
+a0.nic.phone.		172800	IN	AAAA	2a01:8840:5e:0:0:0:0:17
+a2.nic.phone.		172800	IN	A	65.22.99.17
+a2.nic.phone.		172800	IN	AAAA	2a01:8840:61:0:0:0:0:17
+b0.nic.phone.		172800	IN	A	65.22.97.17
+b0.nic.phone.		172800	IN	AAAA	2a01:8840:5f:0:0:0:0:17
+c0.nic.phone.		172800	IN	A	65.22.98.17
+c0.nic.phone.		172800	IN	AAAA	2a01:8840:60:0:0:0:0:17
+photo.			172800	IN	NS	a.nic.photo.
+photo.			172800	IN	NS	b.nic.photo.
+photo.			172800	IN	NS	c.nic.photo.
+photo.			172800	IN	NS	x.nic.photo.
+photo.			172800	IN	NS	y.nic.photo.
+photo.			172800	IN	NS	z.nic.photo.
+photo.			86400	IN	DS	8311 13 2 7F11B4D8E82F14ACE5ADCFA2C5CB6701D6E40D87C4F92B129AA62118A7890BEB
+photo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o2/Y7RPmkweZNpjwcnSMLEDsfDNAKlO+rwDKDPG50BgdWZdRn9q6rlNQ/hIYllSLfh2RKn72Kcra7LWy1coOjYrSKqEFSvMxUiaD58rOYhcEJwJOyVPsTnBEICgwc4OmTVmaiuhHqf5Eof+Eg7A7IOy8Mv4CoUqRrbuykd4EaQ+2cPbsONDa563iA7VURjcjI7pm89K3aIEGdf6dbKPIcHzVDcKmakPIwWOV5Ygqp5cNHQQZsrD+96FwY9Ct/9AdTZJ6Oq9WsZ1Utyc+ntpE1vbh/E33NNcl33KkjAkPzPdnzO+mKKtUibqrexRGKTziFDPlgDkMogPglqQRNDUD2A==
+photo.			86400	IN	NSEC	photography. NS DS RRSIG NSEC
+photo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dZPvUeIlG9zC7Zafj6gf9/E2ZXl1IoiNqpkWPzKusJdsi0nUxvoktCzjdLc/L9+cKTlzY4LgGsjLRsNGq4vN9VFhDsKsfk90muuebMjt7HzlwkXz9ZzNenwjwQZj651rjqIkIUHte1tqJk6l1ihQymhPiU7kMlg95LH6ycAe2px7ffCzTriTR0/xwjsyMhuilsAHnV9lp5YMx8UadHmU74ZEqPaiDXIdZy/VyJhRXGE+5aFQq1m2tx+Xwa1+IKKdFKU4cuy/RkMI1yOYmMyPcbOm2t0LlKrzY+3kGzQJP6hEer0HcKIf0hx+MIOBlODcnFoe2Zn/x2Sssdw+mnKbrQ==
+a.nic.photo.		172800	IN	A	37.209.192.10
+a.nic.photo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.photo.		172800	IN	A	37.209.194.10
+b.nic.photo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.photo.		172800	IN	A	37.209.196.10
+c.nic.photo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.photo.		172800	IN	A	156.154.172.82
+x.nic.photo.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.photo.		172800	IN	A	156.154.173.82
+y.nic.photo.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.photo.		172800	IN	A	156.154.174.82
+z.nic.photo.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+photography.		172800	IN	NS	v0n0.nic.photography.
+photography.		172800	IN	NS	v0n1.nic.photography.
+photography.		172800	IN	NS	v0n2.nic.photography.
+photography.		172800	IN	NS	v0n3.nic.photography.
+photography.		172800	IN	NS	v2n0.nic.photography.
+photography.		172800	IN	NS	v2n1.nic.photography.
+photography.		86400	IN	DS	30361 8 2 11AB70B24654E6225068852309A763D43AF4958B7C670407842C40F655BEE3AA
+photography.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dvD0PFf9E/4RfOkoGFTS9Gq1vI0mU3lYZgOrN1EJj0v+8ZL1wDoaIYlNGLcOo2X0PPaetY27zqNoE3B1iR6IhFM0B8bVkHq8IiXqtfUUBFHYZ7QoPJkFXIiVnjcAQ0yNNd/B4CPcWKZZz2Hvzc7SwsyUWam1cBMbfLFSnmKlFZtThmQAvwaAHofA6FTY2MRF/kK0YlVwxF6M1JsKYf/H7H3XgH3eubs5GBFeAkToAdA/hP+SS2PDI37Ac2slg2w1FbHH3MZTV3AlPxqtrl8QPXKDcs8cP/HG7LMrmU6MT0lMLfVmQFKaT2Qqlve8hpEuF0Zis6Tm7NElVrOSEEfgjg==
+photography.		86400	IN	NSEC	photos. NS DS RRSIG NSEC
+photography.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DGTHcXFAyzdaXeEA8huSBwjYMS6q5abSL+hNO2FjA2sso16ZwiO6/8KfrbjRP4MSjL4GHG75VC3PPLR6UhyORNLocbgP4+ArLHBnkAuR2eJ+AWWfwAHvzhRygQEtIG2Hw/ycXqPbfgvFbB4wtOvN9CXtHeUZeOawpPpRWKnsZtFsJocZAnptKVdqHnU6VxnlTXtx8VaEEamcFEAPqRbSFAKOIiliSdxQ17jjBdJzxg6fV+TRGZslvsZA0wsOYDOYdNoFi6itaD+RTGuCl0BlJIeaLcl29GhufFzEfoGkPId4ZHfelCnFffJhee+oX8EWjNwXtekXn3QTcAr0Hh/okg==
+v0n0.nic.photography.	172800	IN	A	65.22.24.3
+v0n0.nic.photography.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:3
+v0n1.nic.photography.	172800	IN	A	65.22.25.3
+v0n1.nic.photography.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:3
+v0n2.nic.photography.	172800	IN	A	65.22.26.3
+v0n2.nic.photography.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:3
+v0n3.nic.photography.	172800	IN	A	161.232.12.3
+v0n3.nic.photography.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:3
+v2n0.nic.photography.	172800	IN	A	65.22.27.3
+v2n0.nic.photography.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:3
+v2n1.nic.photography.	172800	IN	A	161.232.13.3
+v2n1.nic.photography.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:3
+photos.			172800	IN	NS	v0n0.nic.photos.
+photos.			172800	IN	NS	v0n1.nic.photos.
+photos.			172800	IN	NS	v0n2.nic.photos.
+photos.			172800	IN	NS	v0n3.nic.photos.
+photos.			172800	IN	NS	v2n0.nic.photos.
+photos.			172800	IN	NS	v2n1.nic.photos.
+photos.			86400	IN	DS	41914 8 2 B6A00EEEB4864E5152CF32CB1DC5AE4528AB2CF82C46A4DE0A2D77921B51C979
+photos.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OaYUXXPpyPugyTjBFXbwUogwf+3EnK+J0s2JEy46mhlG0Nk+Kucfr/RVoJ8ObXuO3P51A/c3S6zi6lWnhbOPHweUU6a66HR+DXiNuoaOxpsqKx2qeRGIAdrNSvahhNOW+u7TdCueF5CpaqJp4UznKIbt+gaWr9BHp6uG1USjeHlzBDvyVsFBWUxwgMIk4TL0N70MqCMoKa8ZOZfQyBlvSYpHZ9blrctlnIin6pY15wqDlchey4C26UEOb9BBisVVw252mqvMb72OMIhtMBXpThxhUFmFtjjHi7j+QoKi27gip7S3GCPhxMxioFvNcwUG0VmECdUvyakcHbMFqPG3xg==
+photos.			86400	IN	NSEC	physio. NS DS RRSIG NSEC
+photos.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O/Vl5tToPUvgr1GA5N7t5hpFJsnHgnQU5Eto7yrglZaaCvevSz2k3qwbME093rUaU6q0s3DHdfZGNjytWPmAkhp2qqauKmmH6ROmXz1UCK0KSebMDN402g49cM/FxVoM5OFzpqP/L29uUZscPQj5uTUpVJ9sfPNFiltvEIkzpttYeTFVZdNXbL86CufR7Z2ohu5rIFdr7PfZXnJRKVABY6674a6U11TDC8p0ExEaDYkoJqn79r534H+2m5wF5d5MQFFH0fw+2JJBkxizsWGf8Nn8Q76RNo88oMdiuT22WFjho2ET/wlth3Mz/2ALSFXvF0OQYP9f1LWFfT51LPa4zw==
+v0n0.nic.photos.	172800	IN	A	65.22.28.40
+v0n0.nic.photos.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:40
+v0n1.nic.photos.	172800	IN	A	65.22.29.40
+v0n1.nic.photos.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:40
+v0n2.nic.photos.	172800	IN	A	65.22.30.40
+v0n2.nic.photos.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:40
+v0n3.nic.photos.	172800	IN	A	161.232.14.40
+v0n3.nic.photos.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:40
+v2n0.nic.photos.	172800	IN	A	65.22.31.40
+v2n0.nic.photos.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:40
+v2n1.nic.photos.	172800	IN	A	161.232.15.40
+v2n1.nic.photos.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:40
+physio.			172800	IN	NS	a.nic.physio.
+physio.			172800	IN	NS	b.nic.physio.
+physio.			172800	IN	NS	c.nic.physio.
+physio.			172800	IN	NS	x.nic.physio.
+physio.			172800	IN	NS	y.nic.physio.
+physio.			172800	IN	NS	z.nic.physio.
+physio.			86400	IN	DS	41164 8 2 600CCBC6A1E1CFDD09650CF095D2A15AF68AD3574A849028654D2593367D90A5
+physio.			86400	IN	DS	49021 8 2 AE268396DD64C1FCCE4FD3EA3A3F6C427E4DAAD035AA4DE961B6B8380A800153
+physio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ExWhleFeRUsXB4r9JSUtcGnFhaWbLIz4nJQW5N4e0BNdMkn7eD+bVK0aCjYbzFq8EiWTu8yT5HSJDAvmbjIx3KfRnAbnZ8yH2qBUW7fwWdST5trWot42kCwXQUXQbBzgJguehawVNGGgNP2Ms1jF1WOKNm1qncywkY4BWpjp+NOBZW6Ti4mKlNcCDmXtj57wYwzUx3aYT9dS89fn0W5rv4lJyKsLsSAL7oFy2VnD4880e2Wm6j6ueLRCdgZsc1g4Dgf3uwPjN8dRvcqToJQdG+FqX03WShz6fxWnKZnmQUVINqxfs/NQ0ZSHrIh8xjLFheB36+nQBL1iN0wsRoCLdA==
+physio.			86400	IN	NSEC	pics. NS DS RRSIG NSEC
+physio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CBZuBr0Kt/s0c+XNq2FkWLXy86RSibV8xZsb6y9VsN89SQjB+qjulzPjabgFRMnvGpVR0pWA2IkQtboKdjItbr8o0sj2zVJIZl6Guzr7vW6NSSgOHp8XKXIwKWs6SZ+cmz3N1KMs0ghFkszekcS3MSvCL8IlHYol70vxrVVWm4eWoDlaDgHDIdnmqXjS1ykEW8g3bOtnbYTSs4owXDP+NWgDUHQTYTah7ehe4DC0ZCjrqLu3hx5NHKHA5sC/988vBKJqLyLrQnKA1h6mzNKzS+3Bn6rHTU0NXSkdriwkTDm/KOb74spWcEFJpvXzLZz32SLrAExjkYiaLhp9gjVgDA==
+a.nic.physio.		172800	IN	A	37.209.192.10
+a.nic.physio.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.physio.		172800	IN	A	37.209.194.10
+b.nic.physio.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.physio.		172800	IN	A	37.209.196.10
+c.nic.physio.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.physio.		172800	IN	A	156.154.172.82
+x.nic.physio.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.physio.		172800	IN	A	156.154.173.82
+y.nic.physio.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.physio.		172800	IN	A	156.154.174.82
+z.nic.physio.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+pics.			172800	IN	NS	a.nic.pics.
+pics.			172800	IN	NS	b.nic.pics.
+pics.			172800	IN	NS	c.nic.pics.
+pics.			172800	IN	NS	d.nic.pics.
+pics.			86400	IN	DS	3458 5 1 356A302C72ADD225E8DBF542FD8851BFA458B1AE
+pics.			86400	IN	DS	3458 5 2 A32C380766B5205F998872B8187A99AC5027872DA54B0DDEC2EDFBEFC6279B89
+pics.			86400	IN	DS	7408 5 1 79F063399B4C13CA29EA8F68FF98D9D4EFF59B59
+pics.			86400	IN	DS	7408 5 2 02F6C4FF7037230837665A072A51779019771C19626E233465A9CAB5EB69CEE1
+pics.			86400	IN	DS	46651 5 1 5A09C2C9B674B46AE6A49255DE9FECB7D999467B
+pics.			86400	IN	DS	46651 5 2 5DDC0142062A06775E6DF86A868A0262C740A484FF29FC22AEC48116D6FD5860
+pics.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hwb91f/lDJN3c2uO4E+WrNlkNRoYQJ6LyHoW92SDdFROxzFSQ2qwmQKVbb3ARU/B6gXay+35RF7W5UlsevGC/zHH5o/gf1OTZ5f4VYUS5fGh1nGiasqNxFBeyPVV5omNFcQVHxMohbctuCF/QJ81t4ye6HucV/o5VzS+nATfrQtDfIgbQ5qyZukZoqf4nuxuIg4wRZi3bOPeuDk0GURPH/vVQpiz80WLfMEay79ext8Hd1DGGzKugj4/39GX7g+E5Un1qe1LhePuVyNKfjB5goGi7pVucAuBvXjMn3cXI4G4rPbeBn8V3ie6U4tSZdBuOJBHnzB3La8VaXN/LEsJeA==
+pics.			86400	IN	NSEC	pictet. NS DS RRSIG NSEC
+pics.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . u6Q61jYP6oxfhXHeafgjmLjJf/UzNQADOj84HLsFlaIDksxCkUeNne0viyeCTiDAFxG2jgAB/pAubdu11O0VYcDune3tR1EFE1stmnre4923JvRECHzQnIDuBTmOmAKTXcB7nFVEgbKWmr+RjGBocAFEcd76xjy5VUM/TUrpFi221mvY4AAD9fMhPfx4q7w/7ODevmHo9WJYkbCClg4sbDKJlhPLFqBbYMqYlvLAO9QY4B+sIq8zp5qFAkL0qGVNi9bTQ2HUd6q9Mtc9cVYyX+XrQPKFQqCCDTyZspetA1/qyO1J8SDYKpzPbLwBq0M18RlZLJ8iG6hxL+jl6/VmAg==
+a.nic.pics.		172800	IN	A	194.169.218.151
+a.nic.pics.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:151
+b.nic.pics.		172800	IN	A	185.24.64.151
+b.nic.pics.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:151
+c.nic.pics.		172800	IN	A	212.18.248.151
+c.nic.pics.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:151
+d.nic.pics.		172800	IN	A	212.18.249.151
+d.nic.pics.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:151
+pictet.			172800	IN	NS	ac1.nstld.com.
+pictet.			172800	IN	NS	ac2.nstld.com.
+pictet.			172800	IN	NS	ac3.nstld.com.
+pictet.			172800	IN	NS	ac4.nstld.com.
+pictet.			86400	IN	DS	216 8 2 DE41FD4B1C1CEDAB4D83F1BACC75DB5012E269BD46A56B4C03D43380FBA665E6
+pictet.			86400	IN	DS	6694 8 2 61DB4E4AE88A08E546AF5490AC950221659B53669A6D54BBE6FF662568C5E6D7
+pictet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fKJ6PBG3iAmLfzMoB0j/GQ41CVjPDqGjQdQDxOdIAOyMaBIB44IxroqAxpukkAkZNgdnqp3f8O7fVT0nSh2AT/L3JNyVSSqs7JAu2PU9UAlZJKjg8zUITetEIhKHSlUWxLMVp6bPNmbF8Oa2nwJOSX407sXyqzYbVIKUManBg+x6fogF98oSQdh81s7KXHsZZCc6cy0mMuE1f+xVSt2vjHw7lCGDtgShBEqfC+wPWo+IsYl+xvp19/JoE5Bl5FHORtEksXUhQyGf1AyYLaalNMaXPbepFwl/ah06zIlhxpfzK99TwxE4D5mWQE6WnSaYE16KimEvcsvd5GooFeCu2w==
+pictet.			86400	IN	NSEC	pictures. NS DS RRSIG NSEC
+pictet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WA/bGGrX6WMgmXWawZapdO2nI6ik/iX+hJfccO5VzmXp+am4/WuHyhy4IfBcltZicr+OqI100ORa73ouGTPtIqCPpAWtS8inzajukRApS9SiU/XQKqZCTBHkuMUVxESpTJoF2ECXwXD2+mGhi1lhXy2oyyZ4XrR1H2e2/AueWFOmcb/VJYcEpTU0Kj9XEQdsCRE/CiDzeREsPffTvslu7AYZXB6pvdZOXYu0CJS5pB2tfh5hUkrpBpUAdvfheQFC1b3qFEZOkb2Cd5D1MThwUaOW2MK6Uv6oBQjq9aAjK0PLmqo1U32B7A835Hbnzg/bJeQLDlEkZ4Kuay6EX6Mw5g==
+pictures.		172800	IN	NS	v0n0.nic.pictures.
+pictures.		172800	IN	NS	v0n1.nic.pictures.
+pictures.		172800	IN	NS	v0n2.nic.pictures.
+pictures.		172800	IN	NS	v0n3.nic.pictures.
+pictures.		172800	IN	NS	v2n0.nic.pictures.
+pictures.		172800	IN	NS	v2n1.nic.pictures.
+pictures.		86400	IN	DS	6637 8 2 550EA36A773C9DC5A81E39BB942120F5B00AA3EAEFDEADC785C8FC7265D41012
+pictures.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eR4iXRlpZlT6Aa5ojhnOYUJ+LjLQD2KfzE+INOWXnde9EqxCI/GxC445NDhm0uqhgXjLaChxNMUqo7NuJvcW0p8xqFv8cU1cghNR8wnkGh3dspoZBZJgfXEAF1Px1rUJQywBxIH5LGDsO77sR97qfn/1smLu7x9N55NVsIyfUkM9HiSDKYxpLDH4f9xU731TvELXUtVnnAeo4ml1dxkNXZa98TXoQCMkllwpHbQSn3qag4FvM3uStEyE4gUZqpOIkf86k8yY0yk7MStBpAHLckOgMDJroKGETW/1MhnOLicn/nWIhAwBUkRI3kZ3lkZNIxrN/hbArOYm68YDvt+JcQ==
+pictures.		86400	IN	NSEC	pid. NS DS RRSIG NSEC
+pictures.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . G1i9PBmvfp7GVdvxvHTtGKQvZPmCB2fn8F/NDAqbMyUmpUc2Zvl0d0yO/CJWSsLf52w7ucBLf333C9P59JIC4RHdp74W/L+UzdTcPWEbU2hsZALgqMcLTnkPz1FDOdlLqTPdY4/e+/Dq4Zd2SP+WK6+wAhOTKcKq1c2A3RrO/IUWvtPNFaWZOX/LU0Bg2lqD1tMOmKvpM/uBrvWL+Yxx7JxQBjHyrXI8xXpX1NFVL6JCB3uW6+J5262sCiCi7HhkyTbrezuiwNkMsUkdN0Rok/Mmm3RMZjolKFYjioSTWMfIxtGX53auVKCIHNmiKp0q4QYpV4ALp49WYuNYkKnXQw==
+v0n0.nic.pictures.	172800	IN	A	65.22.20.16
+v0n0.nic.pictures.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:16
+v0n1.nic.pictures.	172800	IN	A	65.22.21.16
+v0n1.nic.pictures.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:16
+v0n2.nic.pictures.	172800	IN	A	65.22.22.16
+v0n2.nic.pictures.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:16
+v0n3.nic.pictures.	172800	IN	A	161.232.10.16
+v0n3.nic.pictures.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:16
+v2n0.nic.pictures.	172800	IN	A	65.22.23.16
+v2n0.nic.pictures.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:16
+v2n1.nic.pictures.	172800	IN	A	161.232.11.16
+v2n1.nic.pictures.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:16
+pid.			172800	IN	NS	a.nic.pid.
+pid.			172800	IN	NS	b.nic.pid.
+pid.			172800	IN	NS	c.nic.pid.
+pid.			172800	IN	NS	d.nic.pid.
+pid.			86400	IN	DS	35396 8 2 E8653B5C02C27CC66FD56D529656C23DA9DC0231F060D527E231659F9EF27964
+pid.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UhGxLWkLUMOOzpCuwVzaOw22A0tkl0veZd2+tLqnE3DI44lUJmVjAnmXR3BywTdyLnA3xs/POlRQR/gWMllbWyxROlt3qn/rg334tUTNp0jUlP9U/xXndZIQU2J+BoJoEiop2vqR8nKbyUpHwavTbw23QdgKV1U6yiSOSNdRIJa0ovmjiDxgdlSdHBhHDhVAXGEHhUJ48w0E1Sto52hZMANm8su0TECNkjOUMdrdkn+tCCJyrJBafsU+lfXfp/N1hVecvUyOv6zEwDWMj8rGZCuFZvzt+6iehhbieDtj/5z1YoNkvcWzWrPXKMlRYMK6Su4jo8hSYmUms8iHpsxNmA==
+pid.			86400	IN	NSEC	pin. NS DS RRSIG NSEC
+pid.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mXVFGBADwXbm3opcmNKc/8++x1XYddtAvhPvaCYhQQFwTd63CGAARoole26F/7zaDiFHSZwM0T3yKqFkkkPMKdAr1Hokloj3GhJTzTB4qfplN+WRqfpV4f2gYkyegbmmkp8nSAl58VeFLNcEy87zohMTHqe+orLoJwgYSHuSAppW+y4dYZFWGl4kCKxWvQzGcGzgu1XdxiyT4UqaX8efcfrqlPsUyrCVdDcqbOkE7kEoDokIai2sH53rNolH3LnP9hEsegGG8kIAZ12rGhThkLkhBCqGZZao5aEn5jshcMRfVuHOfC1QQEA7LVMSltltG3gbzaZc7YkUoZq/QVgp0w==
+a.nic.pid.		172800	IN	A	194.169.218.47
+a.nic.pid.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:47
+b.nic.pid.		172800	IN	A	185.24.64.47
+b.nic.pid.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:47
+c.nic.pid.		172800	IN	A	212.18.248.47
+c.nic.pid.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:47
+d.nic.pid.		172800	IN	A	212.18.249.47
+d.nic.pid.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:47
+pin.			172800	IN	NS	dns1.nic.pin.
+pin.			172800	IN	NS	dns2.nic.pin.
+pin.			172800	IN	NS	dns3.nic.pin.
+pin.			172800	IN	NS	dns4.nic.pin.
+pin.			172800	IN	NS	dnsa.nic.pin.
+pin.			172800	IN	NS	dnsb.nic.pin.
+pin.			172800	IN	NS	dnsc.nic.pin.
+pin.			172800	IN	NS	dnsd.nic.pin.
+pin.			86400	IN	DS	63869 8 2 B1E2D98D05C72ADEBB4876FD43CD7B3F1ED02856EEAE8547B34769633E056B92
+pin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . emtrsKW4IW/FM6QAz9XK8Mp5l8bL3EDntcP/ZhMVZ5KljpXys7G3a8YoWQpUCCvBI20E3kTaJAijv3EG/DmYtehzeXRx7f1HIEePhIYI8bbB5GQQereC35iXjScfGpaiF+B0qD5kMBLWOf8mDxDHsCr6EZ+/fOTv2RWoKTXoOq/NpgVteZx8XbralUB/zSxg8WfNId9n73fqsTCCG3RGlM5T1G3O9xXCzziaLIIXmwoBSeKY203gmFacxemQsXsZ4PIEOJvexHevs0+4byiCD+KmBvzzSkvZkPdI9VbHleBJFjofcOrwcMgVr9WoG6rFjjTDKOU/G15tWjE1fCK4Uw==
+pin.			86400	IN	NSEC	ping. NS DS RRSIG NSEC
+pin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pKH9syw2Z3xe4ucN+JlZVjE/MIxkvmAmQ3UusCj4H52eK9h3MHmtZGDzIeTNyitKCYrHgZZpvxebobOURKNTd7qMhtm4AKIYVucifyOAtuxshVYimOHBjZbZpbYhUnZaVFg+5mlgIftll8y8P4UEh5Wvs5bHWNRIrQj2fSViKK6QCTHwKj1GAeZiCbaqD/G7M7HMQPMS7IFaCpzyT8QInLn02nwhlO4R79J+rEM7Rh/svekk3WFqwYECkoImXRS6uqRGmp0dc0R3WFSudRQ3wrgrp9O5NZWkzEx34CkrPriHwvR4CzbNzTjF87rK9RYeFzRE9USFkMOncN8iiUquqg==
+dns1.nic.pin.		172800	IN	A	213.248.218.75
+dns1.nic.pin.		172800	IN	AAAA	2a01:618:402:0:0:0:0:75
+dns2.nic.pin.		172800	IN	A	103.49.82.75
+dns2.nic.pin.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:75
+dns3.nic.pin.		172800	IN	A	213.248.222.75
+dns3.nic.pin.		172800	IN	AAAA	2a01:618:406:0:0:0:0:75
+dns4.nic.pin.		172800	IN	A	43.230.50.75
+dns4.nic.pin.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:75
+dnsa.nic.pin.		172800	IN	A	156.154.100.3
+dnsa.nic.pin.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.pin.		172800	IN	A	156.154.101.3
+dnsb.nic.pin.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.pin.		172800	IN	A	156.154.102.3
+dnsc.nic.pin.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.pin.		172800	IN	A	156.154.103.3
+dnsd.nic.pin.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+ping.			172800	IN	NS	a.nic.ping.
+ping.			172800	IN	NS	b.nic.ping.
+ping.			172800	IN	NS	c.nic.ping.
+ping.			172800	IN	NS	ns1.dns.nic.ping.
+ping.			172800	IN	NS	ns2.dns.nic.ping.
+ping.			172800	IN	NS	ns3.dns.nic.ping.
+ping.			86400	IN	DS	17914 8 2 128D6BF21796BCDB0997673C07CA67CBDEC3A09339034F311B1FECAB03391A6D
+ping.			86400	IN	DS	46066 8 2 CB8F8034EE1D5B500BEE462544A6A5211CC96B42833E17EA568345937A07E7D8
+ping.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lZDzDCbkmJ5rkQiuAzBOmffo+Ek7eJS2D1crr7jT6n+CSqHUMSq88ez36M2w1+Y92fiPH4NA1c5mUvYBN+xUqXhJLi3qQfUhxHYtALxcTUODsI8QV9uEZzlFdky5MaKHQPsrHYfwSToln72lHzaM9t7UBu7OTF691yyVNcF5xrOJ55xTo+R0/u25bzFA/oitI5WNMUajycRUG0dmViVB351hosB1T3gbUhrmkek8R6AQZbNavk5JvEdlc3T/F7FaqhF9KdSAojO64Bj+K9gs3Qvp0bbgFj18lv03e1mjNnlesK5xVdQzSo4byeyPHOlaiTQeIflxpr+0dxn5isFhug==
+ping.			86400	IN	NSEC	pink. NS DS RRSIG NSEC
+ping.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DEQgJFf0/WYiKjvwahdve+FHM3imJMdXVoEHZMjysKTr7qIJzzkajOXg8t5Wn8CLlF/5Lb/eaEE4dpzEt7MM74tMtboUNnxWsT7lRUlCCigaoNTDNb7hJda3E4e+/R7OUNavh320GXuSrRUP/+u6e5UfCZSLmjcLcMP/eWu5JPlO+MvXDNz8mnRUo/e4EWVWBYKcRb4lUBalVJf46x3kcBM7aupA9NpSiFCvfJDD9WVpB8BNkoWaDtZZ3P981diPdfnAukhdB4l8xZuiu/hGQFbVE32InCVX3YSq0gL+Xm85lln81N3EDubgcsTcSfeM6dTidKGkLLmH1cIl6RAjuQ==
+a.nic.ping.		172800	IN	A	37.209.192.9
+a.nic.ping.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ping.		172800	IN	A	37.209.194.9
+b.nic.ping.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ping.		172800	IN	A	37.209.196.9
+c.nic.ping.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.ping.	172800	IN	A	156.154.169.29
+ns1.dns.nic.ping.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:1d
+ns2.dns.nic.ping.	172800	IN	A	156.154.170.29
+ns2.dns.nic.ping.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:1d
+ns3.dns.nic.ping.	172800	IN	A	156.154.171.29
+ns3.dns.nic.ping.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:1d
+pink.			172800	IN	NS	a0.nic.pink.
+pink.			172800	IN	NS	a2.nic.pink.
+pink.			172800	IN	NS	b0.nic.pink.
+pink.			172800	IN	NS	b2.nic.pink.
+pink.			172800	IN	NS	c0.nic.pink.
+pink.			86400	IN	DS	53032 8 2 54475C411977FB9C94C01453633EB43B8DC64B154462DE278A0644C6B83A79D1
+pink.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Cdp43GhK+pLi5oqYehZudPVJ0Wr4lDAVBriOI0LZGsqCZtzBtnjvAiceTrCZTgNFqks23NB1jyHiOLk453Blvp6Mf+cjDpoG/31kBCCONSdMzNjxh2lX+HPsjyS37txJKrfs0RNwdJmEPsD2OlQxdttP6ZUvjd5sQSn6Ktc7qkjqKtu6SX1G4aNkYrDirxahtUjU5vY4sEH4Getl8t37Dl0dFE0JwRtvm85niiPg5B1G8FIqrMO7Xs+2NIHhZdPJj3xumSsJGeQzAjIV3vVJbfplRri3D3FtQGPmhpEzRWS0gOIQiepouLkRFEu1i2RR4u5ltgNOKWJbrRbT/TSkrg==
+pink.			86400	IN	NSEC	pioneer. NS DS RRSIG NSEC
+pink.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BODtBXkxwfV4qu+z11VLPIvi+92dhknTJXY2No7GnnjMWx/dzimYulf3LPKLhjL/X+a7hR9GvwJYAqQ3JOJ8QRJRbgswId2IZw2f6YMikr0MKP0RxHoe62Nu6+Xqm6OFI1WRsl2dDBuIdgFtk/YaOIcJCm0b3B5m17ioW0VPoz8314QZynXPu5dPMYr5uvKc4P2izmcXy0T7tIGdD4BSrjjcX1dJvuk9v9KHJ3pPXlMTqF8am7QoUCDmpdU3D9adeAOahSf9/luKGt2oZnl6z9SM1gIfq+LINAdVB07aqOR5vOBVWVmpRU0G4sA1xOdrhltEChDAnNWOUwvdLN6wyQ==
+a0.nic.pink.		172800	IN	A	65.22.28.17
+a0.nic.pink.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:17
+a2.nic.pink.		172800	IN	A	65.22.31.17
+a2.nic.pink.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:17
+b0.nic.pink.		172800	IN	A	65.22.29.17
+b0.nic.pink.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:17
+b2.nic.pink.		172800	IN	A	65.22.31.21
+b2.nic.pink.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:21
+c0.nic.pink.		172800	IN	A	65.22.30.17
+c0.nic.pink.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:17
+pioneer.		172800	IN	NS	dns1.nic.pioneer.
+pioneer.		172800	IN	NS	dns2.nic.pioneer.
+pioneer.		172800	IN	NS	dns3.nic.pioneer.
+pioneer.		172800	IN	NS	dns4.nic.pioneer.
+pioneer.		172800	IN	NS	dnsa.nic.pioneer.
+pioneer.		172800	IN	NS	dnsb.nic.pioneer.
+pioneer.		172800	IN	NS	dnsc.nic.pioneer.
+pioneer.		172800	IN	NS	dnsd.nic.pioneer.
+pioneer.		86400	IN	DS	52502 8 2 4C7837526065FAD0933B836EFBF1694B16E9C38115A1AD0317BCC4BA599FB367
+pioneer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oJmkoASqZP69IrFsbkAm2TiElPCM7EGYM1IexJPCtly6IHW8k9RD9n1lvSckVn+dw7UKcD/SW7RPTpJSOwSOgDjc3RUbPFvWL8ijcAEFM7/w4dLakgd5Pndkvy3wJuwt6p4LrpXe/5bIOVaVD8GBqdUdqbEPq2WjkTHWIZO6zJLVIcVBiQjmYuzOidmQK6RQVpyTdbTdLKJxtCeuYzDL3b1wNL+qYgYrIMw52sBTaCAoKhL+sK6yTFD/6TdGjP4P4ZKc581bxYjSfetjS+go1EVgOS981L/8n41Tplg6sBTkUV7TZdGWWBLWZH0ucs8MX7CsDidxv5UWfQX0F0joZQ==
+pioneer.		86400	IN	NSEC	pizza. NS DS RRSIG NSEC
+pioneer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oiml01k6aUs+xGFzX6oQ/4nHGmjtwSg8hbTfsQTrU16OgLpNUO2BQLpw80RJrf6w0o0fIn5Y85SCjDWU8OWF06R/hgyp8Omq/Z2g7Q79hS/FHfRVhJpz8d3awPbvD4TRxp4JG0WoPZbvksRSOEy44GbLZ86ldZ+ZybeQjZ/Ml+3KoZrcfVdiTuLUachJELMuu/DupJ2EMmgbxrjx4Nguoo8a1xQ04884Wm06nfe17y1UC78+D53Lj0F1WwqyWehe842nC/QitXpeq0H50SKIymeE/U3fm8WCkKV7mRSD4zH5iuOALPw9uIFT6Cn4Sjkyq/hNjprUL7xaeHW5Dkf8KA==
+dns1.nic.pioneer.	172800	IN	A	213.248.219.126
+dns1.nic.pioneer.	172800	IN	AAAA	2a01:618:403:0:0:0:0:126
+dns2.nic.pioneer.	172800	IN	A	103.49.83.126
+dns2.nic.pioneer.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:126
+dns3.nic.pioneer.	172800	IN	A	213.248.223.126
+dns3.nic.pioneer.	172800	IN	AAAA	2a01:618:407:0:0:0:0:126
+dns4.nic.pioneer.	172800	IN	A	43.230.51.126
+dns4.nic.pioneer.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:126
+dnsa.nic.pioneer.	172800	IN	A	156.154.100.3
+dnsa.nic.pioneer.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.pioneer.	172800	IN	A	156.154.101.3
+dnsb.nic.pioneer.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.pioneer.	172800	IN	A	156.154.102.3
+dnsc.nic.pioneer.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.pioneer.	172800	IN	A	156.154.103.3
+dnsd.nic.pioneer.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+pizza.			172800	IN	NS	v0n0.nic.pizza.
+pizza.			172800	IN	NS	v0n1.nic.pizza.
+pizza.			172800	IN	NS	v0n2.nic.pizza.
+pizza.			172800	IN	NS	v0n3.nic.pizza.
+pizza.			172800	IN	NS	v2n0.nic.pizza.
+pizza.			172800	IN	NS	v2n1.nic.pizza.
+pizza.			86400	IN	DS	55750 8 2 9271CD9FB2CA456900EF1E26877EB45D968D8DDF80281B6C6E05621F4067207F
+pizza.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cD6yPwoJ8y9hjIfx06i3uDgR61PNP4M/9Tpg/uYmAnIVGjyAtexPdmbf6he0lTAlVTlVDSM0Ztd7uTfCeMNqr3xPqkBy2zWA3Jb2lFn0nyC/ys3R/FwbdJ7XY7hQtRh0R6oxStXsAAu9e+xE59HPRavvGJZRfegu9iNAK2L9c67aDw/UxosgQTVyoBcS+OIViLq6s9uwa9H5Q3b45huOjiMNLdTLlGr/OmRThKKAPTCzaiNGQAoTMPzMmVUCdKE/yEgvQzUqAteEBr5+oshl8ntfniX+FaNMPEnXJ2Xs7zdTj5IacuYHyEIFFS3t8dgBLv9Q0xmVXzwmqcxrp/8t/g==
+pizza.			86400	IN	NSEC	pk. NS DS RRSIG NSEC
+pizza.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rGtElYtFTr4xwqtAVRW/40LR/GYEjCTyRpZVZCGxCUCLeLRm4NhgJbm4KBkX/RQ3uffdLWWNxW701IcsQYiTiS5zMnxMS/ptGgYSIyR/s99JA9qjR7LnlbpZSbRy/NMJsySfwtEZgnCh1ZPtJzKplQYxJ1Vy1DBm+eRBOjESvoruk3xdYsjKUimRm8I8iNkI6FnsafrbCK/83kV4rqcLMkdRoUy9KxoGEV86Ewrul8GKhwZOs28fy6jl3A8UoDLk6UfZfZgAAmTi3G5AHiDu9N3m8jdIx+Mof14WOIlEQjvb0onY4JXjbZvnX8dRzwfXsA5M4pHvyNEyBRLLKIsW2g==
+v0n0.nic.pizza.		172800	IN	A	65.22.28.50
+v0n0.nic.pizza.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:50
+v0n1.nic.pizza.		172800	IN	A	65.22.29.50
+v0n1.nic.pizza.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:50
+v0n2.nic.pizza.		172800	IN	A	65.22.30.50
+v0n2.nic.pizza.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:50
+v0n3.nic.pizza.		172800	IN	A	161.232.14.50
+v0n3.nic.pizza.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:50
+v2n0.nic.pizza.		172800	IN	A	65.22.31.50
+v2n0.nic.pizza.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:50
+v2n1.nic.pizza.		172800	IN	A	161.232.15.50
+v2n1.nic.pizza.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:50
+pk.			172800	IN	NS	root-e.pknic.pk.
+pk.			172800	IN	NS	root-s.pknic.pk.
+pk.			172800	IN	NS	root-c1.pknic.pk.
+pk.			172800	IN	NS	root-c2.pknic.pk.
+pk.			86400	IN	NSEC	pl. NS RRSIG NSEC
+pk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . y/3wXEfvlVPLNkgM8+Vf4ERPlyqDn8PTG/+ZbLQJPZ5xfssVLG9sp61KOPUr/sKFFqFwQsD1E521+SIm3ANVHvRgYK3nUeaOGrUwR38bhV6x14pBgGfRIsdjogeFAC8VhyP3sqm82moijfyZFVaYtSBnNo0T8xUeMF4K+VyA5ZQgxRnQhyj7zAlqIbvq8PLUSsKBpirzRbAhhqb0LQNkCQEHDoA8YfpSX6lKSbbSeh+YKb9kXouuzKwbZ1FKA4JqEvxiQZ6fZNmmECu+h/77aG+HGJ2jsj8eiwuMKzmi41reNdhYe8bwBOaa5RWcDjqVI7uOtf9PSoEOIRVhcerLUA==
+ns.ntc.net.pk.		172800	IN	A	202.83.164.166
+ns1.ntc.net.pk.		172800	IN	A	202.83.164.167
+ns2.ntc.net.pk.		172800	IN	A	175.107.198.150
+root-c1.pknic.pk.	172800	IN	A	185.159.197.160
+root-c1.pknic.pk.	172800	IN	AAAA	2620:10a:80aa:0:0:0:0:160
+root-c2.pknic.pk.	172800	IN	A	185.159.198.160
+root-c2.pknic.pk.	172800	IN	AAAA	2620:10a:80ab:0:0:0:0:160
+root-e.pknic.pk.	172800	IN	A	107.6.178.178
+root-s.pknic.pk.	172800	IN	A	119.81.34.90
+pl.			172800	IN	NS	a-dns.pl.
+pl.			172800	IN	NS	b-dns.pl.
+pl.			172800	IN	NS	d-dns.pl.
+pl.			172800	IN	NS	f-dns.pl.
+pl.			172800	IN	NS	h-dns.pl.
+pl.			172800	IN	NS	j-dns.pl.
+pl.			86400	IN	DS	59899 8 2 914B8A9BDAE8EFA6B0323FF7F7EB90DA985FE63EAE0E1CB614CF6D5B116F9C80
+pl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o3XstVzoZmoHgqTx76iRkQyu8xTxEGieR6W0c2tlrrqiXHAVXjQcnMkU60z+qvSomUTMFpSJg0TOczBE2Jb+j2BuQW0vO2+4UdYYFsMVC29LnR0wugObM0AdmM91GvsD2XjoO4YK8gcrXxhB+W/rVbuLpB05OrvKnXqDEwfE6NfsulP1m2JG9ryHOJtBdEfVYtjEi0ukjvHqsGYt0hRT1h8+aaCM/VwQj7Xj/Lh55OOOmU7I/edwoO2t3RlUBgrgAjg2qqTYdDyIOD9Df8qLlFCMpBifpsTcqKl73+dLHuy+7ji+2+daUGmHfeRGOfEE+CVwBk3Bs9NWep/HOWtATA==
+pl.			86400	IN	NSEC	place. NS DS RRSIG NSEC
+pl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WfBr0d5b15Yf1spM71vkNOk19ZiceDRoS3lJwze1DR0bThabtNfn02y9MrgCmN3BvKi70R+483CLnFZW+7PMiJkq0KdNyZDANF/VKesi06YM3LGey7fYddn6tkbtpMZ5NdBqX/IeZ+cEZXCXioGFRw8Q77rpHhYmsEDG1/THJ/46pqxPHVbKe0/caF0Ba3kC/YEFQB0PfCpP6pYxENzQ7zniCPoD0R53A3hSBvA/ZNLyFyMFDSLCEjB4AL3TxBXChh64LxsVzRdKoXJfKbbCX5PQ/gbodtPs+P5KzxMyvF8TE/Uu2rdDzRGwilvPNixYTa6vX8td6Rw8pJtJvkeCPw==
+a-dns.pl.		172800	IN	A	192.102.225.53
+a-dns.pl.		172800	IN	AAAA	2001:7f9:0:0:0:0:0:53
+b-dns.pl.		172800	IN	A	192.195.72.53
+b-dns.pl.		172800	IN	AAAA	2001:7f9:c:0:0:0:0:53
+d-dns.pl.		172800	IN	A	185.159.197.48
+d-dns.pl.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:48
+f-dns.pl.		172800	IN	A	194.0.25.29
+f-dns.pl.		172800	IN	AAAA	2001:678:20:0:0:0:0:29
+h-dns.pl.		172800	IN	A	185.159.198.48
+h-dns.pl.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:48
+j-dns.pl.		172800	IN	A	204.61.217.4
+j-dns.pl.		172800	IN	AAAA	2001:500:14:7004:ad:0:0:1
+place.			172800	IN	NS	v0n0.nic.place.
+place.			172800	IN	NS	v0n1.nic.place.
+place.			172800	IN	NS	v0n2.nic.place.
+place.			172800	IN	NS	v0n3.nic.place.
+place.			172800	IN	NS	v2n0.nic.place.
+place.			172800	IN	NS	v2n1.nic.place.
+place.			86400	IN	DS	436 8 2 2EE9EF69FB398B0D80A926994666CC9405231A042F31752D00295CCFC2DDBAF4
+place.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . R1AXWFsF239NeNLcZ5ePuJs329n5sVEVgGa/TDwTEG9Ee4S+RetVfQkIpXRfHQg/rCX05uPpXg/IgiaXUpuo8HihSDryp0NUDCUqvR1Qh1EmBPSum4QMULSC6UtY1ixZIhNYXsRIDhOQDOnhnkm8e8RS1vW/sFmz7ZwC96CK+LQaoCWqCs33RjoZlO7F1I98TBwLTQQu6h3jikzPGI4BAYzfvvO+KcfEEwkpqfKQsXosYWSKLka4T4aMFO8/azNSJGwikGP/lbmwlBFJeNvplifUZZixgJi6Df5LfhMAvMIjP50+It22Hk8cEMc/DL4BCZOtgOiOLRoSnk5Lp6rKng==
+place.			86400	IN	NSEC	play. NS DS RRSIG NSEC
+place.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z3LBnE4wxFp/eBuUUF0EL/mDaUY3PHkWv9YIKpkEYJ+Zq4k5MHpI1KfZVKzg+WPWzlQE4yDXU7mJ+uaSuMS9etHUxE2Pv4RZS1NNCRZtCiAeo4PcrbqINImPOoHYxcKa+9704knZmmN1RLbgXGq1cLOBseUsQhnHibQHVangAY3pWP6mx3vwi/F2j1HIWPVn/etp7Ad+Q8fH2l5hckPzIqIon5IVSS7XXXWlAujWk6GVWH6Efo4XtKkplDZVW+HuV5EKuABif2cANs/qKPZcVkFNUj/Z51uJkXW/GXWkgAzgPi5IDdF1+iGSgB8KKhHGzzokZ6+/6RlPBBy3qdIJAA==
+v0n0.nic.place.		172800	IN	A	65.22.28.22
+v0n0.nic.place.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:22
+v0n1.nic.place.		172800	IN	A	65.22.29.22
+v0n1.nic.place.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:22
+v0n2.nic.place.		172800	IN	A	65.22.30.22
+v0n2.nic.place.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:22
+v0n3.nic.place.		172800	IN	A	161.232.14.22
+v0n3.nic.place.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:22
+v2n0.nic.place.		172800	IN	A	65.22.31.22
+v2n0.nic.place.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:22
+v2n1.nic.place.		172800	IN	A	161.232.15.22
+v2n1.nic.place.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:22
+play.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+play.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+play.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+play.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+play.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+play.			86400	IN	DS	25081 8 2 0E823D1AA376C001A94C9EFA4197F6E86C8088AA294AA26306093C3CF0908EFA
+play.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . O1CAMc61H3GhMinfcsc5KZpfgj4SkCwcZ/cxt6Zl5IMIQv18wGSJB/6c29jKR0O1BpCFh0fFlL5zjApBXMhkDByzTwHdK08ZIhjHH/YYBuqZMP69LNvVlWyXqwIpHjnnzllut77MsmFj2hM7+7kkn02Bbl/4Ees3u0DLYB3/njm++ZDaymvhGgweckibchdUb2AAN3npcSkrX+bjt/IHCAlMnj5f6wd6fxGKdCGd7gQgSLg18+h1iBs/gxUIS/7RXV0xjLiYJMDpZp/Vy+MwS4VLYg7k7995qCiTNj4P0QFo3OQfRTNTl56ol+FMxc0MTJAeZ5D/ARnZvE7LvGpqCQ==
+play.			86400	IN	NSEC	playstation. NS DS RRSIG NSEC
+play.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uMcgBPkj6Io21/pCo+kZLlUqyp88QyZYFNxbsB7mr0lwLbSnojx0gWAufRYhQ62OERjwLEBMgMIGrqNiff9g67QPgG4nNqRUYF7pH1vFlYiaTcIs2KNbG7tLIOCSKMhy5RekSEj89kTwWq7kystQFHwOJ0JvBJARCaF1ZbJx4CAm0kUImcWCWOtIDi+DFmVRFWVbdCyw5tuNmwbuEH0fITMr2n1XOxMSEcDgt1F7d51nMU4tsbCUbQpNdaPLy7JTfWjugMTJi5ajCvTBATV+oetHcySaAtdwJOOYl5uYjzWDFcit507NWm6o9qCBZB3ly7UOxk1My0mF88UFTYfbQA==
+playstation.		172800	IN	NS	a.gmoregistry.net.
+playstation.		172800	IN	NS	b.gmoregistry.net.
+playstation.		172800	IN	NS	k.gmoregistry.net.
+playstation.		172800	IN	NS	l.gmoregistry.net.
+playstation.		86400	IN	DS	32839 8 2 A730646C6D6A5E9AD966881EEA96E688600D163A409AE2BFE3A33BDBC780211A
+playstation.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rlQrHkVfPiWSLXCId2dvOUhg6Ai4YvZajiVqgEGwSRx8ODuVvckQra8VY5f+kP8kjC3By6OQ+lPxg7oZpoEf3dfm75iKQ/6ohZ0gnDKeaU9cvXVmGMXpjNU1tuJ6/BswPZ/8mkZVboji0weqcB4SFAQGIyblu+fk+PNKL7gHlgQUKj8GsUG0bdRQNPWcEZHfFD6jKh+77jmq+8cid7wqHzR2R5kgHImG4ksLStHv0zhtIr6B4YoLmAGxjbtBYV32Jzn1G5FeM927m0viJIRM81Is1yFyeW/6HkJSJ11izM3IdpY9oIDqQPiSViWFAUfW+FG3u+ocJXYr6kHPSn7pFA==
+playstation.		86400	IN	NSEC	plumbing. NS DS RRSIG NSEC
+playstation.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EtJrfpQXAzdhncIljCC+C8opYGK1f2sn1hToQHh8eVm9pCqGL6goxegZFYrYUpGzAOLDeJItdG68F5Awk4DolUdWvUEvc5ttOfeJCjzPkDbOV08zxK/0suvBpsYb8SVsY+Cx69CU6vhT1jdkKY2Y4Sp5bjYoxePb78RJnaC1tNoexLQ2YBwGwWtprEpzVSEpn6myodjarz76W32eZTPvuWcWMEQUQQPIm1Uk2+iG2Btc6kxADoE9sQJN0SbAUTh2tgpP6Zm+1HzWMRNm+P0LxteYsG1/ZANdHNUYdRKfqqqcxDqjPux89Ju9jQDwR27xP01L6t2y80U6h7ZVNXjd4Q==
+plumbing.		172800	IN	NS	v0n0.nic.plumbing.
+plumbing.		172800	IN	NS	v0n1.nic.plumbing.
+plumbing.		172800	IN	NS	v0n2.nic.plumbing.
+plumbing.		172800	IN	NS	v0n3.nic.plumbing.
+plumbing.		172800	IN	NS	v2n0.nic.plumbing.
+plumbing.		172800	IN	NS	v2n1.nic.plumbing.
+plumbing.		86400	IN	DS	48722 8 2 D0024BF8BC37E85179A92E3B16F602AA566E63DF0EB315324BE040FF2D35BDB4
+plumbing.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l2M5BvWQirfAMVMIm1zAaCX7vSWjgGm6NZ0gcd9G/4Dbgl4HSV3Ba8kmtKyjVrAtw5ywrmHARAgRiAuhAcgqyO4haNPXvbh9PHvsH9nTlBIFLz1/jH/cW8qYE7dBsg7hvWSIi2qJwuFmnWhK8sjRJvtDjdq8JrYYsKhZluCW7S5sj6lQB7wVhvm1fnqXIRFnvggEZnCvSrhDb2R/fkGdih/CeMxsZduydjZiGW2y5JYKLCCjXxy2MHG96r3zrLwpauJlz5YxJIMrUFxJMKxTfeogura/U6oOk8I8sA8w1F75sMVfWgVBl7Y26OhPhCWmJxqYeCPGzgPvErvpl4zTLg==
+plumbing.		86400	IN	NSEC	plus. NS DS RRSIG NSEC
+plumbing.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bSWKDJ0JQGM/EP5nSyyDm0xs+xylzMOzlHlsMZedIAFUhcPZzjPHjorFlCEU0PXCAxs5FMcBiqJaVV6NshqhlWQrI1Bp75sSnGbpjiE2NCtFaJEdXTtgtteZlRSQ08EcXAtpyALOsXQS342SfKuTSj7VJGUFQXcdcOVROUO5zzwHR1AaSeZ5cuso0xjclP+1KQXmJpVzRqHI1TSwp9u0O3oCscno3/JglczossfOxz3ECa75s8bq0t5Mg58l3WoxTqNqQ7rJJyCTUwTQio4dpUCYmH85zqyOsLc1aLgthK2waKsTEWPE65amd/xtAerjKmx8daLwnio0oZtCk+B8AQ==
+v0n0.nic.plumbing.	172800	IN	A	65.22.24.28
+v0n0.nic.plumbing.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:28
+v0n1.nic.plumbing.	172800	IN	A	65.22.25.28
+v0n1.nic.plumbing.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:28
+v0n2.nic.plumbing.	172800	IN	A	65.22.26.28
+v0n2.nic.plumbing.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:28
+v0n3.nic.plumbing.	172800	IN	A	161.232.12.28
+v0n3.nic.plumbing.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:28
+v2n0.nic.plumbing.	172800	IN	A	65.22.27.28
+v2n0.nic.plumbing.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:28
+v2n1.nic.plumbing.	172800	IN	A	161.232.13.28
+v2n1.nic.plumbing.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:28
+plus.			172800	IN	NS	v0n0.nic.plus.
+plus.			172800	IN	NS	v0n1.nic.plus.
+plus.			172800	IN	NS	v0n2.nic.plus.
+plus.			172800	IN	NS	v0n3.nic.plus.
+plus.			172800	IN	NS	v2n0.nic.plus.
+plus.			172800	IN	NS	v2n1.nic.plus.
+plus.			86400	IN	DS	5074 8 2 EAE08E76FC529973567F9EDE81DCAD8090F91800AB271B798006AE563A538B2F
+plus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Xch2B/9qCjIE3VJ/XI/fQEc5avVQcSngX/bog1hhBt/DrxD6cuG2n+uwFCg8vEzIY4YFgDw5VozR8rllZdNLScrtVVp7BudfUd6rKXMvBn4myp5fCA+NrMheejRxGP5HbrgaqthS2W+AB36YQT+zm5v0QuKCq4fVB+3TXowgbsFde/gGWvTqY4OWpbt7HKYyimpOu9cyyeoP4t9lPVFfWpSrv/xiL+jQTem73ZSyi2bdWez5kC0eiNIFAF4JoEri1D/pBOFBud2U5svLWB7l290NFHObgRYmexxIaaYDdxPuustsHpaar861fzGwBQEDlUIy2xQOuBh+BoeEFqEXUA==
+plus.			86400	IN	NSEC	pm. NS DS RRSIG NSEC
+plus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bSz/B4QZ4RuXHpeJuZ5+sk1mmuMBGfx9EWN62YVE0IC8rZzptZzZb6/WCAiVLz1LlOZ1sQBdKUJ+zHH6SRifg3/YsT2mPRx+cgapwfthHe1SGDecxAgAcJepRGntS7P4ax48bW03TwZxd6DABjVygpAAczu0Hhs3R3MIceV0n5qtdUlw2lKnOOLYPXsU9py6uIFlvA4AiutHT5kJ0TCmYv+tj4xRzH2oTjPdbWWZAcc37tj67MtRyX9h4gVbu2bYI+nOKqqalKOsLvGzpDRSboXlyBGl71rEmbxbzjIjnDhRor78cDpcSgukdcAdMrvz+3H7eiI9OdJLebSgrVHDrQ==
+v0n0.nic.plus.		172800	IN	A	65.22.32.39
+v0n0.nic.plus.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:39
+v0n1.nic.plus.		172800	IN	A	65.22.33.39
+v0n1.nic.plus.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:39
+v0n2.nic.plus.		172800	IN	A	65.22.34.39
+v0n2.nic.plus.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:39
+v0n3.nic.plus.		172800	IN	A	161.232.16.39
+v0n3.nic.plus.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:39
+v2n0.nic.plus.		172800	IN	A	65.22.35.39
+v2n0.nic.plus.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:39
+v2n1.nic.plus.		172800	IN	A	161.232.17.39
+v2n1.nic.plus.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:39
+pm.			172800	IN	NS	d.nic.fr.
+pm.			172800	IN	NS	e.ext.nic.fr.
+pm.			172800	IN	NS	f.ext.nic.fr.
+pm.			172800	IN	NS	g.ext.nic.fr.
+pm.			86400	IN	DS	17970 13 2 7D82CCD8DD0674CA01CCF836C21240A504C85597EED5E511131C3E17C323B503
+pm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oah5/Gd0qowW9pchKtKuJO2LytXPSqBxJ9qeh7axj71Szfk9GPVuuRl+FgGH40PTAOchIoI+TUmqTsxDrsp5UAEBrcCxLXkBlv0pQnrqhNOy2yvTBjds0KQT6iyxQ8a4+YAk/d6BMZFzlqput7jAjuHetfI3JXQ9m1Y9OKJSgd4zMKCnT+3k7BD8Z3tx4FIZb+SJYPxp2pBqJMp9BdH+8wk1yC2h9uIzrxuIsknnjrAoplRd1UCLhs1Ljv1l8F1hxLqAJqjs7E/2vFU72bwcSepXYvrMIE9WAxcdDjD9WGj/ymj8pbtc6gevgG5cQAnd/5/NT5OaWGV/a+lqgwvO2g==
+pm.			86400	IN	NSEC	pn. NS DS RRSIG NSEC
+pm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CW4sdV3piZWUNAFoV257wBZ/ZtclDIt0nLL403Ty1IcrpRF5y3TJ51BAPvpaGrbHNL3pxHGsm9MVGJx+hRBJqTAdTmMmuQnr7Yd6OyCjJwslnWwx/2WkEyuWbIjJUJUbu7wNeC4YwMVGtZ5bybdeHbciECvizaO4IdCb+LhgrkObG0HML0EEAKBsNzDgpB6bqQnvocuRod3WCR2J4DE056XcjZMGrnE1FcmnWN2kyPdgI8rAzeO2fTniJSBgB6dppga73r5MI+FHjQm0ThD7vluKARXDdbFIpjnsWfExUvFza8k2Yt5i1eWh9OuSnPWHVaRzl3MZtZLvdYKE8VI6sw==
+pn.			172800	IN	NS	dns1.nominetdns.uk.
+pn.			172800	IN	NS	dns2.nominetdns.uk.
+pn.			172800	IN	NS	dns3.nominetdns.uk.
+pn.			172800	IN	NS	dns4.nominetdns.uk.
+pn.			172800	IN	NS	dnsa.nominetdns.uk.
+pn.			172800	IN	NS	dnsb.nominetdns.uk.
+pn.			172800	IN	NS	dnsc.nominetdns.uk.
+pn.			172800	IN	NS	dnsd.nominetdns.uk.
+pn.			86400	IN	NSEC	pnc. NS RRSIG NSEC
+pn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LlMKQ6uneCtyJrEqTZtSpKUBqEUa0PAWAyPJjEEl64d8Oz0blDYeXN/n1LVL4Cfi2+jchSUbrEXcdM3OMJiM0Vx5jngf0cDmE8mK9ryE6bbuTnvP3YPERcbw7/p6xSiG7gmj43HGTMFPOevEfUNaDOrZ82Dz5dalQDeIYW8PQu6uDT6NTPhUCugB3NQm2AQYJoFanM6EWqzC2i66Df6aEjS6AFQJVIip/kxHG1/95NrqoRy4xTParIknUUJbaTtAEZ54dIIXr/eLPXVjF+4CnOnd5iaBstTkDVGg9DpcrJKQ7XtH9r5PB+epH8EfzeJu/QUuz+BzyX+PX897DshRTg==
+pnc.			172800	IN	NS	a0.nic.pnc.
+pnc.			172800	IN	NS	a2.nic.pnc.
+pnc.			172800	IN	NS	b0.nic.pnc.
+pnc.			172800	IN	NS	c0.nic.pnc.
+pnc.			86400	IN	DS	40264 8 2 137C7B7B6BE3D79FF1C7F5DDB9525CD8BF14B821DCEC08FF5A3A7B128E58660B
+pnc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yxPfIwAtUSxS4X8KXTJZzW+5UNDHdA4JBtYBlFMI7prQkFFRU4IxWnGWCaHnCpy0WIuIbV0LPH2EQPXfOVpSXuWdAAm3Em6DZwXQ2srGuX5mVCEwCzut2WGf3iIK5ienyIn66BaIPGojtsrtUz1/qs+EUTFYWriQOvU1Ey++MrBcQe/yke0lc7w1t6fuenJyjGjR78VMhDVbckf80lePSQxqlyHYEkkYzQ+fg+kVJqqFRIVFudMXaVn70jqWszISgY1ymgKhBmCTD7/SRIPByqyBLo6FE1xXyLRe8ikRnKM4Dd6vDrj+vJK0fhJkxR4gknymfKKWH96+NwMdSvgTTw==
+pnc.			86400	IN	NSEC	pohl. NS DS RRSIG NSEC
+pnc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . olniEZUMKt+wROWdBMJJtjgPuf1k/Qr5CiyW4aKjd1BQBJCATQY6j+CZZWd9xoWdqftL263aPhuUpmJPpi4u5vLeMhPgtIpwod5F76oDjzxjqZpR+vT4AJAzWfRr4YlrjwBeb0F6ex4wk2r/IbEha3TanI7IqkVa+9Y6YZ6jHDOtr6d/Ie9P4n+Ib7oSytbsSCFRU/3O98ZEso+UcHxE9RkhdFA8nTkWABIrJ6UHDpq8O/NIuOzNTP+9kxaCFAYSjmuy4zES5XyNINRnVwM5tRNc1p/ILCBtq2PxTgFwZqoHyQ0neF+a2i2myLd0IvR1ylsqaRQWWZpof7yYJGItzQ==
+a0.nic.pnc.		172800	IN	A	65.22.64.25
+a0.nic.pnc.		172800	IN	AAAA	2a01:8840:3e:0:0:0:0:25
+a2.nic.pnc.		172800	IN	A	65.22.67.25
+a2.nic.pnc.		172800	IN	AAAA	2a01:8840:41:0:0:0:0:25
+b0.nic.pnc.		172800	IN	A	65.22.65.25
+b0.nic.pnc.		172800	IN	AAAA	2a01:8840:3f:0:0:0:0:25
+c0.nic.pnc.		172800	IN	A	65.22.66.25
+c0.nic.pnc.		172800	IN	AAAA	2a01:8840:40:0:0:0:0:25
+pohl.			172800	IN	NS	a.nic.pohl.
+pohl.			172800	IN	NS	b.nic.pohl.
+pohl.			172800	IN	NS	c.nic.pohl.
+pohl.			172800	IN	NS	d.nic.pohl.
+pohl.			86400	IN	DS	41627 8 2 D31963884932152AC788383ABA38B83F187291AFB59092A43185734EC561F506
+pohl.			86400	IN	DS	52324 8 2 F733939F77FE6A3F4FC63546CF69C4A86CF432BD6F41147B287818BFC87661C5
+pohl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Kr1rQKAMLegZ2iG018E0ddJ4Lt5kChpaaLM5EGXaFEMdiNdUcRcTSPrwz5lqyxoUq8WRmKPNsYQwMI8BZIPKxYof3z8rn1RFwDexxX3FEmRTenZgDZqm8nsLa6lENENNbp51JPc72VkBZYYpOq6EUEtnn6PhOKsjUUc0z+uoIwuKWoMRyKoHF7m6t6lnCfzvYI13PP44EfTAo1NvHD+p/eBG12gaPLUwVyPm9Ko5NyZUckEk4VcjyT02s+mDvgs1CRrTAzZQ//+RfGlZ8HlDHA1IdmdcGfLEa3SakVzUGijZAdwMtKoDTiIbtR7HHYbNeLkfztfKWGbvYR/cQIqcUg==
+pohl.			86400	IN	NSEC	poker. NS DS RRSIG NSEC
+pohl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . no8pyOt+KEJErxrwJyFLLkHTehmthOJSTOhalGZyaTw5fRAJP5lkImrDSlufMdiPfFVSSOnqd9QDM6i1ZuI1kcNgsPMOv/LH5fxej00U/ZpGMqK2oBDlT464xCtvoDJ1mj/Kb0ut4WAOEoNRljz2Hcu3v5srSz78vZubjFWHj3LuxFPx9VGTVWpTxlOAsGMQ9IFUov4mbUg0Hp084+33YWxrixZ6nrOUsm5xSkN0DLRQbOo7XpIUdD0i5QsO9hSzVjXCKff8dBNNOrhoNG1VuOrmOJTHNiDbpjxpQtnlU4fey9KaAeMKlyttrCVjR9WwV3UA1rNWjEriRcGYc/ydvQ==
+a.nic.pohl.		172800	IN	A	194.169.218.96
+a.nic.pohl.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:96
+b.nic.pohl.		172800	IN	A	185.24.64.96
+b.nic.pohl.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:96
+c.nic.pohl.		172800	IN	A	212.18.248.96
+c.nic.pohl.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:96
+d.nic.pohl.		172800	IN	A	212.18.249.96
+d.nic.pohl.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:96
+poker.			172800	IN	NS	a0.nic.poker.
+poker.			172800	IN	NS	a2.nic.poker.
+poker.			172800	IN	NS	b0.nic.poker.
+poker.			172800	IN	NS	c0.nic.poker.
+poker.			86400	IN	DS	12856 8 2 571EFC932D4C25E2F41DF9E216B66732F8D17BB7EFD2F6230AF3127948BA167C
+poker.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DsnmVeJcBOE3tcComhS3gbpjKfEK917vjIu0/qpylJyAMTdWBLtj3PMi2Tp0XW+iT8vxGM/wjjeaHaM7jikabHorkiiuvRpHZbEd5igARNqTi/GKSYCGx+ERO6VRkcqh6lED4uHLE2mWOaV1bXtoDY+YvNDBf0HgBVh+ZJWzSrb2cmWcXlsHExpDTfB9Nrb77xqQc9EP4UjPjZAiruYmIjAME3fUUuGXmhHwI9djgDRWiP9aPNX8xwZlAEDHGh3U7lV4Sc2tRXatfCnVTH5Vtr7n/WXj5ZxE4fJ61oz6c2/2JjHMF9Jw9XQTkREg99k+GjtiVSJdQJc0D1RnV5pbPA==
+poker.			86400	IN	NSEC	politie. NS DS RRSIG NSEC
+poker.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MQLYNb/rm6WzMCMv0so95D2ok+m49/o829MCooffVAT6GkCR24QaazaWaEcFlfrdO7KFoUaYOvZrcA8R96SR5ca7Ijuqr8parZbWxgk5wMBJjwTo7/qFqUAmr7NgsT+Y81+q5R3e+mDXMtrIa4+roFBLnS4VWrNfYafxKh/2Y3oBc5M6JdcEyOHXHOGMnmdug4lR2Sm+b5BtS3RuW+VaPjSGOQkHudMdEyhuJ+DSRmAf2ZPiTILAnVbNgr+BntrHV+EZdkaazQCOteI4c+j6lDEN2jOcV/VAaAvhVD8iksXeF3WZz7hES5lvpdIeleKtfMOPELR90+Cqhe5BvZ6b2A==
+a0.nic.poker.		172800	IN	A	65.22.20.33
+a0.nic.poker.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:33
+a2.nic.poker.		172800	IN	A	65.22.23.33
+a2.nic.poker.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:33
+b0.nic.poker.		172800	IN	A	65.22.21.33
+b0.nic.poker.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:33
+c0.nic.poker.		172800	IN	A	65.22.22.33
+c0.nic.poker.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:33
+politie.		172800	IN	NS	ns1.dns.politie.
+politie.		172800	IN	NS	ns3.dns.politie.
+politie.		172800	IN	NS	ns4.dns.politie.
+politie.		86400	IN	DS	9518 13 2 7CD0F19183C87D685057BF63640434B80BF32608EB2E014854E398B437B543CE
+politie.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GdPEb67W7lijUHatXHOEh9jG+hTe5WEjRTywgQJAbE16FNgZzI418zDnsYZrDO+Crr8qaULEARKaJXHjNdWKKA+L3x1ClcQDNYYJ82XAC38ROEZ1k+c5LByHS8xZvBaeEY2g6IscOdFsTzjl3oGjZHJwElWV7tFSpmDhJISUbSxi2UkDvpB8UFeX4uu+gxDf2YPYXnaRRUZvBXlOgQ17hAO9wCjXcEo6uweNS7PLtXCuA4/Nghg5yD4wWgkdF35MPBNs4hVJmTYGeorGiaTGAhXuw/l9JE8vInM2aOHTnUDkEFKrY9bL8icMAno6RLPc+dXts6vsV18H/oy8UvWn+w==
+politie.		86400	IN	NSEC	porn. NS DS RRSIG NSEC
+politie.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fKjTK3aymvM9CpP0hetZdezOwof8wIA72UGd9S7v8n7kNagflTlog8Ezhgg92AVUiUPU3+0JCi32BfWjabxvKc+FRNfQgaKfc5jdwMV43PPOFpidOVoKrsUVM6FB/Xjjnj3qPeQG7oVLhhwFbsGj9k3Wmh0bxQHLQvwOsT1LlMnaz0Em5xk50NcivG+OIS23pfemgBZNSef9kq0VX4mXFj0o/iG8/TjWTvFfqLJYGEW5rUYu8FgvE8gMl3lU0yJxUljwfsJ/cQa7oIFx2uCWbv6safuC3uAqnW8lapEYqasgB05/NEF+vBRyZqT0O5XuG5J3/f1tVjX42W3ZlW65fg==
+ns1.dns.politie.	172800	IN	A	194.0.28.5
+ns1.dns.politie.	172800	IN	AAAA	2001:678:2c:0:194:0:28:5
+ns3.dns.politie.	172800	IN	A	194.0.25.27
+ns3.dns.politie.	172800	IN	AAAA	2001:678:20:0:0:0:0:27
+ns4.dns.politie.	172800	IN	A	185.159.199.203
+ns4.dns.politie.	172800	IN	AAAA	2620:10a:80ac:0:0:0:0:203
+porn.			172800	IN	NS	a.nic.porn.
+porn.			172800	IN	NS	b.nic.porn.
+porn.			172800	IN	NS	c.nic.porn.
+porn.			172800	IN	NS	x.nic.porn.
+porn.			172800	IN	NS	y.nic.porn.
+porn.			172800	IN	NS	z.nic.porn.
+porn.			86400	IN	DS	3196 8 2 6B2D8FEEA5A23845E6934F5639D4055639D7B8D1FAC4B5C19C7E5CD45745344D
+porn.			86400	IN	DS	53866 8 2 6FC2A5CC5949B5300AA6BDFDD041D34BA5AB08604F22F7B3E34654FB22F89B68
+porn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . i8FaZXHUjnYcUAkKifUyHRbQv+U68Ma5QzDP38Ne7q8trcKowSQ0d1JMu+fVWkfU3sjs0uAlDBS7sH1OvsVzYsxCiz7SUCXySYuQoRX914pR7/w/oqzP5N8nyCqpkjjibvocU3WfmTUaBkzXuUxi8YK+dWerDGo2/NV/teCcxpbThiU1TdTGEOsAhFv0/4xucY/yCpNrbC+6ybpkM25ZfRIxE7FIiTShvPJUYdr88uQtAFvaNeVRZuDtSe0P7/Nl02fMKFm5bDa4S3pmVUaOzXBujlrqrkAyKZNne82TvhbF1AnRG7QnvA2QAJgiyo5d6vVkHKOCh6Acc6EwoOUGJw==
+porn.			86400	IN	NSEC	post. NS DS RRSIG NSEC
+porn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KaDAj0Jbxk6w0o9NmdFlSodUBGUyw5xrnnrwWa5L3hcoMHHg474wm1PV0HLaM6sFg+PhYT/Bbm3CCUIREHQD1kayTxMvLYTrfgdQTvJmSMNRAvFz/vfkwDLUiXeQyEvphNPyTucdqP5zTYBbHkzqU6w65HA0c4fXZH8+ZeXCkzARunq2c5eV5FQVYWEvceLnc0l3A6sffDy4iNoqBzqMgHUSmpA1xFzALn3jX3U32/oV2GI/ispRzqRRe9eGpbO/lQ9qEIEVOPhXeZ8UmzTNilAXnWSbGa3gCizHUaZV5u+MuaYnj4zV81ze90gSYyeWiEJeT2Eds8eJ1CSNPkHx8A==
+a.nic.porn.		172800	IN	A	37.209.192.10
+a.nic.porn.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.porn.		172800	IN	A	37.209.194.10
+b.nic.porn.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.porn.		172800	IN	A	37.209.196.10
+c.nic.porn.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.porn.		172800	IN	A	156.154.172.82
+x.nic.porn.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.porn.		172800	IN	A	156.154.173.82
+y.nic.porn.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.porn.		172800	IN	A	156.154.174.82
+z.nic.porn.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+post.			172800	IN	NS	a0.post.afilias-nst.info.
+post.			172800	IN	NS	a2.post.afilias-nst.info.
+post.			172800	IN	NS	b0.post.afilias-nst.org.
+post.			172800	IN	NS	b2.post.afilias-nst.org.
+post.			172800	IN	NS	c0.post.afilias-nst.info.
+post.			172800	IN	NS	d0.post.afilias-nst.org.
+post.			86400	IN	DS	35725 8 2 5B8265DC3F1952980AB5369253C4A4ED9D674D91B8C39360B22A7DEAEF168FE0
+post.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yFRSZID3dPFhUC1ZARbzA7qkE7Ue7QrvlaeRbitDX1suZX02LLeCvPHloFlfOjD0Rdd4Qbs3vteiyQzUMkXDSDPtF4V7VqXH/leg/zxd6aG7zOY4k46lE4lcFR7MMXdtdl1HeiQwLKTIS/qc/3guka4Sz+b3c4OwTs0+LVLKTCrW8M+ZKjML4yJUOVzsrCuxtX1Q6R2UoppLLFv4l+d99qEVEgkysFEK7kKmFrSq1a9l3e5cBz84tBW0busNln8KMVw/C+EjIGQ6DugDcRXLIM3Ia539wxGJg6A3AEfEEY+cd4uHufgK6uUdI2WChYs1rzvex8SnG8/4wtOh1GIxWg==
+post.			86400	IN	NSEC	pr. NS DS RRSIG NSEC
+post.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WPyZjebHT8tqY3OQonmYVn+GbkzrlmX+v9RSC12EKks4fgR/K7BssyVPCnWSscjl/HTGOLulubrtUub/raR6iDixAI/xMtcUWFoIwt9Ls5V4X02cgajS04cUyqVAiKAiWqlykGPO6dJCgKtfJafRTRWibmv4/7y6C78N8/SezYOn7cR0Hb8XdR1FxdpfUZAq4VDOiiTWkkU420KIRm/Ufwmr1pqGZzsB31tgFBTcmHOtTNZ0tkCIFoEvT/Bf4WrXGiIPrir8EX+M1yJ3Z9uOpSqJHFCH/iA/rm3KHv5Hfww3Z1rEawUeyTzxERPczbK3yBHpd4/XykPO78gcjifneg==
+pr.			172800	IN	NS	a.lactld.org.
+pr.			172800	IN	NS	a0.pr.afilias-nst.info.
+pr.			172800	IN	NS	a2.pr.afilias-nst.info.
+pr.			172800	IN	NS	b0.pr.afilias-nst.org.
+pr.			172800	IN	NS	b2.pr.afilias-nst.org.
+pr.			172800	IN	NS	c0.pr.afilias-nst.info.
+pr.			172800	IN	NS	d0.pr.afilias-nst.org.
+pr.			172800	IN	NS	pr-dns.denic.de.
+pr.			86400	IN	DS	5134 8 2 2E7F12833596203DBEF32DBCEBC2CFD2F6D3AA4432A9BB39927394C6CF1A844A
+pr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . R2v0sCdLAQrEt04BwgXSOH6Sr+/ifygqEop17naxe+EOSl4fnQX5dW7ZvQxDZyTwQvqs5u6wxliNQJv5K2ASShFQVsvh7P5ALvf3dZQ2HaXi0Gl3OMLzeC1bat4/uCVc1+8RErDBaYPmc9Q0Dtd3U6f4lMkrMqbdl43Zm57fCWYoUq+6gSaI+tUoYBYbfWw1Iq4PoMaa1eMpXe2uA7LlHLqWM5wHxTcU/Kb+uaipg/qIZzPvHstPZNSubVflKM8mFysPwSUrcYhAA7DKjQmMtKIDyITBPJamDXFCNEV+aZbUUEXaTB7yYue6yDlBLn7gJ3l2QVOmYfnWvmbogVDssA==
+pr.			86400	IN	NSEC	pramerica. NS DS RRSIG NSEC
+pr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pm/8SB2y9jtBNC9B9McnZ6SsfoXNWL0Ymmd9Rtx5dSKHopc8frLMwWaBmK0l37KUxs+ISDEU9Z5j6DljbC8d7Y9mb4UV1aPa9fREhblnQAEpSs6pkx9WDilQsQAGJ0AcZL5TFbhoBD0qBWMuKVvmkQbj5PkaxR3Aof9/a9m4aoPdbHz61NuPIaZ7yVpdkiGUM9eKGNfWSkkq5iaCklu9DSbVyQ9lBsEX7ePe6i6rmYNqLjNpeCzEBvcVA2UYLIKkE5cI8pKvkRsA0C/C52rT7t/Nvon3YF9NafDgyZe1Ypji//68v6D8NKwuAo3FJ52fYfQkb8fz+mmgouLo11SWnA==
+pramerica.		172800	IN	NS	a.nic.pramerica.
+pramerica.		172800	IN	NS	b.nic.pramerica.
+pramerica.		172800	IN	NS	c.nic.pramerica.
+pramerica.		172800	IN	NS	ns1.dns.nic.pramerica.
+pramerica.		172800	IN	NS	ns2.dns.nic.pramerica.
+pramerica.		172800	IN	NS	ns3.dns.nic.pramerica.
+pramerica.		86400	IN	DS	22411 8 2 55E42F1140C47CA9A71E1306D0487E31DCA919961409E9121765627E563FDB3C
+pramerica.		86400	IN	DS	42634 8 2 34C29E72AFDE2F27194A21E6D5C9E91AC44B5C04328D7FADE36C026C18C118EA
+pramerica.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QpC0BDBHqlKfty0adJYun+jo0RTmxpPw6bDgo2tT3enF2WzPp23InYHrlAn6oDhGuqA+slqchxohqKE9aAFeVTdwEh3PIZCSYej4Y36cXfNY0YEqpzZNwpOPbaDzVD20//EI7KWU0DMX3s5oRtTamZmgPNqjawnKpXlFtTu9uzBf8naiTzEnnjUufCqSN81BBp1Orepf7GJePkrFR2HGbr3IiAhlVsDm0eZPPFu+d9RgzookQUZlb4Sb991XNoQOdcnE06FhVUwgmrERATX26eSw7Tgxb6fo7FGPidJgW/oi82PLO6dqOe0tnpbh0BtV4MtrXQEUBlCvwKGTc7Vfow==
+pramerica.		86400	IN	NSEC	praxi. NS DS RRSIG NSEC
+pramerica.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gdtWL7DIuvxsp6FdAEOwHv+FCgjJTZvQHGwOqobZ1+YHpTbRn9GXGt9VK8ZwHLCKZDg25lpqBFHlQgEWXuyRWdpWupQStifoBrtLjMKU24zKhD+QwYQynQRPIkMFHc818CbWvbXGIrhv0XuNkTDBsUei7A8mfGqeVVIhueIT+uGLPLZ5g+OVeVZk1t8cpGQJ0Lpz3hheWV7maudw5YiYp7uA7Q/6/dCr1Ul2e/4h3h6NbqxY3tdipWKQ/+runThVAm9MsyhNm0gBFxQLLUnZj1Sr0YpbzorctUrnfpNeg/8d+Rp7gxEKbjTfOcL2XogV4ckThT5WBJm/X7G8Xk3wYg==
+a.nic.pramerica.	172800	IN	A	37.209.192.9
+a.nic.pramerica.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.pramerica.	172800	IN	A	37.209.194.9
+b.nic.pramerica.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.pramerica.	172800	IN	A	37.209.196.9
+c.nic.pramerica.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.pramerica.	172800	IN	A	156.154.144.138
+ns1.dns.nic.pramerica.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:8a
+ns2.dns.nic.pramerica.	172800	IN	A	156.154.145.138
+ns2.dns.nic.pramerica.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:8a
+ns3.dns.nic.pramerica.	172800	IN	A	156.154.159.138
+ns3.dns.nic.pramerica.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:8a
+praxi.			172800	IN	NS	a.nic.praxi.
+praxi.			172800	IN	NS	b.nic.praxi.
+praxi.			172800	IN	NS	c.nic.praxi.
+praxi.			172800	IN	NS	ns1.dns.nic.praxi.
+praxi.			172800	IN	NS	ns2.dns.nic.praxi.
+praxi.			172800	IN	NS	ns3.dns.nic.praxi.
+praxi.			86400	IN	DS	19099 8 2 3E39236609363BA83713BBABFF24B95FC7774A6532D68B3F8D7766BE5C7054F3
+praxi.			86400	IN	DS	56446 8 2 B6EB17A0657C338C939960A1B134AF133254BB756D7211CB3D9AA4DCD2495656
+praxi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ce+uJAnySILtm/a8iy31TwnjKzakxCz02O3sgbYjycYcEGJkdqzHRv0Jt7l3wf7q72zjhmw3c/Oi+LsY8JScChoPrGPQMiIop210MzuspETdUnlsX2qHi2ar4PWpzTlirpzBJuvTkpPutQJ1pGKPJEhotgpPhhsgxcfsbDr3vSbOntkyQo64jyZ1n+ru+7Jk0tWebkr4hUTJ280ALhmW0K9N7chivcbtxrF6+tFinruPfXNwxJHHRaMqcTB7FFaJT9bStlOGbtvXw4j8guoSbP1mxrbOCYrL/GzmEHZpwu14bHl2h8QZdqu1MPVDMhOBM1CoTLlz9V8Ms6mYZx1k/A==
+praxi.			86400	IN	NSEC	press. NS DS RRSIG NSEC
+praxi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hmt3wMfZJSGKg5oUGMjaWGr5NnX9JN3CTivI20RDbwWJsfiGLGegC3Yg/6ZBtjKFr6VQssFF+DQNY2rlKTBHnV/czTXzSw1O2eSedGR+HG+k6FfmQV3GHaHbKUgzqay4PxOjARMziyAcH+KIPH4MhR2eGW1/PkB7wQOsc5nObrD8GjSmkh2a6LCh5NdeRyTCnPuoV39sjhlBuqImv1pu1EoVce0M5yN0enGDedtUEDPZBLK3iq2Zw7t9W5qxzQ7z7o8aMu8Bfr1qXu4ovRDY3n2wa9opnGFOJBo3OGpK8Rg/UeW+Gj2SOizafA9lRXrIiZ5JI3IYjU+wCGcOpO0hwg==
+a.nic.praxi.		172800	IN	A	37.209.192.9
+a.nic.praxi.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.praxi.		172800	IN	A	37.209.194.9
+b.nic.praxi.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.praxi.		172800	IN	A	37.209.196.9
+c.nic.praxi.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.praxi.	172800	IN	A	156.154.144.139
+ns1.dns.nic.praxi.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:8b
+ns2.dns.nic.praxi.	172800	IN	A	156.154.145.139
+ns2.dns.nic.praxi.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:8b
+ns3.dns.nic.praxi.	172800	IN	A	156.154.159.139
+ns3.dns.nic.praxi.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:8b
+press.			172800	IN	NS	a.nic.press.
+press.			172800	IN	NS	b.nic.press.
+press.			172800	IN	NS	e.nic.press.
+press.			172800	IN	NS	f.nic.press.
+press.			86400	IN	DS	4289 8 1 2EFC540D13139B56FC1041247B275BC5CC6DE009
+press.			86400	IN	DS	4289 8 2 03A4602F454DD05E3EF2B7A9507F7E4EEB78BA9259E35DA7C3B20FD8DA43341A
+press.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gSiZpnI8PPy3Cs73pe1f5ckHlgrycacpyTPlO8ByV/3J1TEImgAW916q1Z4Fe1TgMqd18ja1hzTDupGeIvmpVQhF/wEjRq+BOJtbaUdoxgT/Z4pntfEkwYAHUfYF7EH/ArGmWm66EYvRkwEkGky7grrlgNNLcGjuN11ZFgQgIjZ7WBFzCs2RsCx4gMcBu6U7RGR5mLM0rNMs7gMBCef9LVGhNatvxopICjyd2nAhDF8rIN6RdqwMYq6erMOhuXJ8yOtrEvl0RNrziYZDYAgiF3se2i/OM1ALRljWzJV4n8QbXgzuTqZyVXo73EDf3Opl071jfeVV5JlyDUV1qqnjVA==
+press.			86400	IN	NSEC	prime. NS DS RRSIG NSEC
+press.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ywz/c5E08CTA2dYLoosfsmk20pE0jp4SwJItxZHcjsJCk9tUQ0yhTdNI2bC84HYTb7fuC9upjQPuIABhj1Tqjdyud/GDSK6TqREGHVeQZc2p39IMjPMSFUmpX7249Ous0yqWaSWFGIkNM0anXoQSwylN6eX3XetyKxEYjDtH7HKayWk6q23Xd5t/YLZMymnu5zl3z5qb5CN8hm3fwPK0LihPgZNjYyYUUtrSo1Ey/7VX9gi8HkZW5h96U5kvDT0v0Hk/n40Y7rE60evWV3ormGSRSAFqu52ai7t09vOdeJAGoOcsp9kXaypXONWGhmK1WJJ63VJgxgVbsURKt9AMDw==
+a.nic.press.		172800	IN	A	194.169.218.34
+a.nic.press.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:34
+b.nic.press.		172800	IN	A	185.24.64.34
+b.nic.press.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:34
+e.nic.press.		172800	IN	A	212.18.248.34
+e.nic.press.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:34
+f.nic.press.		172800	IN	A	212.18.249.34
+f.nic.press.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:34
+prime.			172800	IN	NS	dns1.nic.prime.
+prime.			172800	IN	NS	dns2.nic.prime.
+prime.			172800	IN	NS	dns3.nic.prime.
+prime.			172800	IN	NS	dns4.nic.prime.
+prime.			172800	IN	NS	dnsa.nic.prime.
+prime.			172800	IN	NS	dnsb.nic.prime.
+prime.			172800	IN	NS	dnsc.nic.prime.
+prime.			172800	IN	NS	dnsd.nic.prime.
+prime.			86400	IN	DS	48080 8 2 B29003C3E5F60CE38190106F221D85B335972C9DEC6EA671C1536F63E081D214
+prime.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pA6XobkNA0EqiAedDO/TdpQ73Lphi1lyLG0ZLZ2GOMKJgSDwMiB1jc35KVif4BXfBBXZ2+zJ1IGyvbOcxXEqd0YY985gUbPhos4btbOjwZnbFIW0C7u8j1EoMN+7TY/XCBffSWcIxEJuB+pu3Q9oAxIZnf19xiO8GhxhlDpzQ/7ExLky7XuUAqfnafE+eSIig1ZhbhcxO/MDsfmcd9dD7H6FhAv2TpDmOZBp+3mLG0kaOu22Flkm568VR7nI+Vs9DJULEezvfFGOGF84HraMg3HbnThzb6FgkrhrqtsZTfQHBkILqd3UOM9eXQWVsIM/+1cGHmdTStFqv/IvfugVcw==
+prime.			86400	IN	NSEC	pro. NS DS RRSIG NSEC
+prime.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KJEQjKt08XLmj3PcikcOk2L7YIc7foMB7zmV0eDb6ayPMkXymmipNc5lOc7KikH6vJB5ixvhhvqtr0H2syrtYHJGnj1UbjFSlQNKs1CcQlvX3a1BKFso19OqqS6gNXQA8p2+p3xU+UR3Nax8hzEf0zsfwI8OEG0rRSNFCJEB3PyW6yg7Ai0A3tne41NtogNMQRXx3pdYDTtCvayFqDWiQHWJ2rxAsu1yElOhXpHarYZPwIk7Ak04RUqprTA0JUvEy6i3OfKppKletzx/keAKt2gNTh6tWI4O5+syY5qjdh3lDJogHpGuHtpFqhOdJTSdtrKwtuRbxOX411lSMd45cA==
+dns1.nic.prime.		172800	IN	A	213.248.218.51
+dns1.nic.prime.		172800	IN	AAAA	2a01:618:402:0:0:0:0:51
+dns2.nic.prime.		172800	IN	A	103.49.82.51
+dns2.nic.prime.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:51
+dns3.nic.prime.		172800	IN	A	213.248.222.51
+dns3.nic.prime.		172800	IN	AAAA	2a01:618:406:0:0:0:0:51
+dns4.nic.prime.		172800	IN	A	43.230.50.51
+dns4.nic.prime.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:51
+dnsa.nic.prime.		172800	IN	A	156.154.100.3
+dnsa.nic.prime.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.prime.		172800	IN	A	156.154.101.3
+dnsb.nic.prime.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.prime.		172800	IN	A	156.154.102.3
+dnsc.nic.prime.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.prime.		172800	IN	A	156.154.103.3
+dnsd.nic.prime.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+pro.			172800	IN	NS	a0.pro.afilias-nst.info.
+pro.			172800	IN	NS	a2.pro.afilias-nst.info.
+pro.			172800	IN	NS	b0.pro.afilias-nst.org.
+pro.			172800	IN	NS	b2.pro.afilias-nst.org.
+pro.			172800	IN	NS	c0.pro.afilias-nst.info.
+pro.			172800	IN	NS	d0.pro.afilias-nst.org.
+pro.			86400	IN	DS	42154 8 2 5A8A58F4E30CDE44A47091488870D109108FF45D42FDFDD30B448D78DFFD5566
+pro.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ooce92uNkiMiKfM4ROgXPf3htKaO/O4KPk2ZlQO8H4NtTHdaVqehvmPAZNlt1dkyypJ8/cz7s/bElK9WT2YTMGyXQbIECyMptVwM4QfBVUs/cP/Z3tIfYRh80owN5IhukHI8pyZhxWfiXk+WwzboFd5sw2LwpEvtR04Ppf99Cyn6B3n2uv5K1uaq69B174CW99TFEq7RnwTX/9yAtYF4Jsn9pIJ3c3XQvrZFIyM0xCodSGW5hOC+6YA9+Sngp1LRU/7cp3qYyimn3h4/GZR6eJVjIBiScgONdLNp9qEeYQsYLF6dQxZDhU81vu9FK55FUfWhTE08iBPEU7BVoPIrKQ==
+pro.			86400	IN	NSEC	prod. NS DS RRSIG NSEC
+pro.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AQX/oxE954piT/HrYexdXwq5O7X8Awl+XPTWbuzGBhPKIeU8FcOehQrBQstcNvZpi1rdeAlgaxoOrKLXrOdZBNDBPPsUIjeMgttwCVzoV1a34N/ZTTQcY3ZC9ikZfHoCxYKH+Bq1799Kv+OroYevuAYt0MtF/ypGjZNDCkX2bd/totwkxby2n6pVNtlHqYaZp5tLxKsCSNV0BgFUavMOlplM/Eu8TGuTkvn5WJHDyMIW6iEaJb5LXD97BZJFKtWQUV9Y3VbYkIIEtWecW6E1NfUZcyg5cmwtT4Nu4P0xyGMdPqMFVnPGb+3zYwFVAxzL9c3TBC+cLhnLQnreDm5XpA==
+prod.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+prod.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+prod.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+prod.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+prod.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+prod.			86400	IN	DS	21494 8 2 0A30297175BC29B23297D15887E6D884C63AFAFD110D7A7212AEAD473925E56E
+prod.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HWwsEuGm8la+nepEyqPsyzJygO+mZeguJjUukAd97j6apVDQCHNCjeICRyLgTBLr08cijPtYonn1uPrn6khE+Yx5A9Rgh9krgIqMK0yqeXYdoS1CphRWbVNJIt31a/gx/2YtHJr6o1jCYFwRJe9v7LnkM8zRC2GcXsWOOyjmxeu3SdvLTVNqonyhYABFFFAWhMcaqLS+6JLuXLPmhW4BiBc40ndnPh7gNhJ6pVQ88gqtxd7WK6c1n9Q2ne2AD9JrEOx7hCwxTPka87yAx0vWl4s8JJw/bHYM7g/BITYscU6ZThh1WexOMZhH+uIf6v/5V3A8X+Y9SFFgkzExk9H7zA==
+prod.			86400	IN	NSEC	productions. NS DS RRSIG NSEC
+prod.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CqUg2k377ekfvWEROU7F2S4lmVmMfBOHmv5J+S4i0rbyyFo98r3kQ0+nI0peR9EoOv7sf5C8Irho3Fz5brHPdON8GxR16rRaxJbalNRYHr6aM+8h+BjYZtzLPx+pK1uLR1rNzrJyU8cMmA7mi+TnfL1WXusRFIUWOxrFpBytxJBMEVBGVuEGYQXJhuYw0lLdXhwbNU+JqAZjqV6ICgzJzqqkaNXfzeSmWHmH/sksoUKK3SWBybSlnBJy22UrPLiwym4J/0w0A9moqzdme3n8JLDRsAIbWrQreyIkNaP6V72C+g8CJiLAlZowZ3KSUdfEpJc2TynjaHBk9SBE1n1T1w==
+productions.		172800	IN	NS	v0n0.nic.productions.
+productions.		172800	IN	NS	v0n1.nic.productions.
+productions.		172800	IN	NS	v0n2.nic.productions.
+productions.		172800	IN	NS	v0n3.nic.productions.
+productions.		172800	IN	NS	v2n0.nic.productions.
+productions.		172800	IN	NS	v2n1.nic.productions.
+productions.		86400	IN	DS	55354 8 2 61296764506D9B3EA454B8CF49FEA13CBB8662804F0A02948139FFBB0E0CBC8F
+productions.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VFo2IFrCZNT7yevTU9wZTa4EspEuurdeG1p65oPdvEha0iXs93fNgvCYoJEfSwYddEq2MVRL/D8h2FMoe4DFmvYQh0DvsuKAtpHsVZz9m8wRDRcZeAA5L82T73fj+M7tLlP1Q6gOJluDKcub5gzTza3uWuJZXHvKIRSiFoN+eMmjlLp4v3CgOdlDXGK64h5l/kZzptky0BScHOEBUNrovarPJFV44yrLyu8MnQycMKST+YZr22J5aWODCP0AR5tfDLFyLDKSr3lnBHBlLi7iXZGsPbeNzkEVFWapDwcoFM342KM9E8bCbxS8JiOZWKnZfOh2niagRAC0UgonE/dbwQ==
+productions.		86400	IN	NSEC	prof. NS DS RRSIG NSEC
+productions.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hwo/op9qabG2Q4O/1m4Mba00hXfeTpb/kqmEepMuTBzIKYPZBNKKOyKVuwZ99YPBW62ivUC5ew2KpbY5M0jM1lpoKgPWKZXfPKHf/RuiUqBIHYzUERBpgWpgQb8bSGhYBqKWaHT3eR0M6aCzLRrccdpLlG1d/H01tjr1v2I5j2es78MhMsL2c49uE6wfBUz2cnkcKfGgTAZ1kWgUPoqn6BC3T53M8L2uwERHeR3lcgYi4C6JKlqBs5eF5/74fLDZUzAiFIFyXcNqkD7bQBssk3iBg8UYvdmUZAVbn64Tst2jnfdZt6YJWguV8S46GK41HeFXMnZ32cpriT14WPPZSw==
+v0n0.nic.productions.	172800	IN	A	65.22.28.16
+v0n0.nic.productions.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:16
+v0n1.nic.productions.	172800	IN	A	65.22.29.16
+v0n1.nic.productions.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:16
+v0n2.nic.productions.	172800	IN	A	65.22.30.16
+v0n2.nic.productions.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:16
+v0n3.nic.productions.	172800	IN	A	161.232.14.16
+v0n3.nic.productions.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:16
+v2n0.nic.productions.	172800	IN	A	65.22.31.16
+v2n0.nic.productions.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:16
+v2n1.nic.productions.	172800	IN	A	161.232.15.16
+v2n1.nic.productions.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:16
+prof.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+prof.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+prof.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+prof.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+prof.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+prof.			86400	IN	DS	23977 8 2 A0F1AA6C62A81B21AE5F3CCB1369DA38E79352431378EFE10556A85A3E067590
+prof.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YkSLLgbsfb6yOlLZd8KGAU87c8zs0PDx4Tgq4w9J3cbCurEl7L2LBVIOqaN292XPTOn3a2undMmQ8WmCO0Vg0pNd2x6tcNdZCjizut6mdxLEoAOwGrzK3AaGZ1/Fupqu7OpuukAPiEpGQHES1tFtFGy11Ac76s42Lqo04Sn8R1YNHwHTLLTD+syrOW7nadimeLtiDJa3DgV8LAxzoGcg1GUqXfQFgvpqhg8K8O+mkT1yjlslHuGSvqIilXxOzh9a3yS7mLi1S/6qAL01FSjARciX+ADxSOcYWUuN9Be10DHqBfQFJPpCC4yL+FSeGnew7V1lAhLA1Dheos/w5FOkfw==
+prof.			86400	IN	NSEC	progressive. NS DS RRSIG NSEC
+prof.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UBNG2wu226xy5tV7TNu/GQqF0hPNIGl0e/IT7b3hNb6BBQplnrFwS70NyiHvzG6aecXpbz4+uu0+VoOfhX1ahcfs4PsLBQlcvg7zmUx4uXOVsKNuRJhY0PdWq2NwzlDRoaNgDuGEqLd6MyvkgZl9Wifvs2jhPMwU7w6X1v4Gtn/Vb25tNfwVJ/COPQbkKQBOVwyQ27MoJJsFMMYWN6xrDoI5Af8XkNQJD4P1y5u+/kZ+/fkL6B9DwpnoRzsE4ZIVxxGMrtz4ZFaxYnqu26uvtr8qLKrhJoYhqphrvX/FoURYQRybrKf7GYodTU8DpLKV9qW/cqjXcIyWu3YyyTSl2w==
+progressive.		172800	IN	NS	a0.nic.progressive.
+progressive.		172800	IN	NS	a2.nic.progressive.
+progressive.		172800	IN	NS	b0.nic.progressive.
+progressive.		172800	IN	NS	c0.nic.progressive.
+progressive.		86400	IN	DS	17329 8 2 F6623EFA3C197E122F7037A659F8E7FB2CEC4D91AF518653D04B44F15A72ABC9
+progressive.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vRMhImDyarDfUU3FzB4M9UnfIEgpmPI7h+N+Hve4qGAHB62XSTk5j1vnI1g85zasCGhZ2MFtsy79lziU7dYDrnErwV/cR7RtDNiKF7R3HnY/DLw7bQJQ9lWJly/1C1Fh9HicLnLDn2zirSueiFMW3OebsfnBPU2SWmT8VENhDaXHsKZcmL0SV/Unfq1nNS25jlex9/qdPMS3kQdF3XzOBKiy7hEyVthU0De1JIGnSbyIuFvX6t9E6XHOX6e7I3UyLKyr0me9WkwuWBHCaWrwTtLAmXJ6/89kS73uzhwFNuCbJPgeXaf8fGZTFRImqyWOBrsc2ux1hpVT0FO9pVirTw==
+progressive.		86400	IN	NSEC	promo. NS DS RRSIG NSEC
+progressive.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b3Y6QNf0GcU9nJYMTZp+ecnX6J/p7AgcuMDbbLUwGualfx/jKXaeZTE594+1tcgWTDM1kF2RT97pfGq+5x7uEJBmBHbnYNddFGwzgJutVgIMa+hKaPgXWXySLsomU8T+gycvbcszFMrKBo/vvZFjGPq76ldv27qa77+cFT2lwf3od6/55/48wKeXySZtemr+ZUVKGrznEPF04YoGN5mDafUm2HZIIC7b/rgr8GMPJ9b63L/ljY7DjAGhFJT4qLgUQEXIx+Y10SObvsmkhtbfCx61zA67cktrOVnrCElPJ3vzllJSSjUAaBwrgtpQoJFoJY+jclh+u24yF1rC5e2suQ==
+a0.nic.progressive.	172800	IN	A	65.22.200.33
+a0.nic.progressive.	172800	IN	AAAA	2a01:8840:c2:0:0:0:0:33
+a2.nic.progressive.	172800	IN	A	65.22.203.33
+a2.nic.progressive.	172800	IN	AAAA	2a01:8840:c5:0:0:0:0:33
+b0.nic.progressive.	172800	IN	A	65.22.201.33
+b0.nic.progressive.	172800	IN	AAAA	2a01:8840:c3:0:0:0:0:33
+c0.nic.progressive.	172800	IN	A	65.22.202.33
+c0.nic.progressive.	172800	IN	AAAA	2a01:8840:c4:0:0:0:0:33
+promo.			172800	IN	NS	a0.nic.promo.
+promo.			172800	IN	NS	a2.nic.promo.
+promo.			172800	IN	NS	b0.nic.promo.
+promo.			172800	IN	NS	c0.nic.promo.
+promo.			86400	IN	DS	61459 8 2 583DCFFEACF0CF25F52E5F4D356DB7E3D3E4145992EDC4E8B1FEA3B5AD1868CA
+promo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VaueKapa1XlzzR8SVLEwRSCgYWGD+UHKQP+sXeN954O8Sc29PCJjRIwgTcw1Y0xlI+FlTlXosSAx04//cA0Fo1gM/nXWIy+ATx+xxc90jp+ddjSeZa6W4l3pcvspLoOLoeoTS9D8MGxiZ9JwHo4oUrB7Efzcz+TuJwIu3p0s94fSN2yF1TqmJXpTm0jCJnkvfSE9i9WtRGO3rnROv8dZBCWZfNjwhYn5uXGw7sAEYp8jmVfTYw8vOfFy2eERZD6sChdAHcyp55CpYUIO2QWRwrmgGMZfMCu+frSggKutVu76lWYkPAEOElQT1nn9R5bfMmrBKhJNHpT0kbfLDO/4xw==
+promo.			86400	IN	NSEC	properties. NS DS RRSIG NSEC
+promo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b8ksEan+C5i72wP5HRmqk+iqLt6SnvP6zIJTqs81lMCeKoXbBqMPnPaD338mG7VHHiQZhbKVHUiKWaXX/bYgzJ0n1apASENWlyuY9J2WfDB2K/WLfofSv/yFcI+IpAyDkBfJ/MIbf/u7d3LCTBJxias9LQg+Dj2bupn9F6s93UZGpCurGE2F01J1fznAgaLirOiRQlNipJ2whq3dLlyqEXOi8OnLbjuJhXtOvUqBmJoVJjwEX0YwxbijRgM1/U1YaminpfZZMXmLazldCocTDe5GX+TjbXl6hcMllh4esTMKBGda+QtZL5jsW+BtavceFsYljB92svDVao3ovUstBw==
+a0.nic.promo.		172800	IN	A	65.22.244.9
+a0.nic.promo.		172800	IN	AAAA	2a01:8840:ee:0:0:0:0:9
+a2.nic.promo.		172800	IN	A	65.22.247.9
+a2.nic.promo.		172800	IN	AAAA	2a01:8840:f1:0:0:0:0:9
+b0.nic.promo.		172800	IN	A	65.22.245.9
+b0.nic.promo.		172800	IN	AAAA	2a01:8840:ef:0:0:0:0:9
+c0.nic.promo.		172800	IN	A	65.22.246.9
+c0.nic.promo.		172800	IN	AAAA	2a01:8840:f0:0:0:0:0:9
+properties.		172800	IN	NS	v0n0.nic.properties.
+properties.		172800	IN	NS	v0n1.nic.properties.
+properties.		172800	IN	NS	v0n2.nic.properties.
+properties.		172800	IN	NS	v0n3.nic.properties.
+properties.		172800	IN	NS	v2n0.nic.properties.
+properties.		172800	IN	NS	v2n1.nic.properties.
+properties.		86400	IN	DS	24565 8 2 519C0CAE03F6F4A6679F85ED1376F04A6702406F0731734618F608895306E4F5
+properties.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Jsruwem/6KNzteNr3IiSSu0l6v/WaIk7McuLRBSB/T8UIwrQGDQf3VmbpXxcHAkuaCa3PGUD3oDa1waS/sN1oHzCPTcbWbGEcmTZr2FyI5YNU4ISq26I2Mo8MRz72LT9ZsaIpGW2OiF3kixyT5ewpQzu+LwN1MRdIZF2rtGUsYRjD5Oy4H0EtnbtsdDWbOpo1/karI8969Y7JBimEh8ZAg+xkiaDZYTEo17E+gwXZNZj7kGw9Q/qnkLRXRSaJtqUOcxS7qJycFfcAz+DAUwFI7Yjdi7JChpnPcWo5UoOwCenFRfEkJNbqt5fw6GDFY4+HzXfZxLFKNKQ1SkZK1mcWQ==
+properties.		86400	IN	NSEC	property. NS DS RRSIG NSEC
+properties.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bRCdPaUL1uGwjI+W1HXpoLYQzFhZSy+aeGCTvpxyKQlpb3qthP4mdBsqWq2vywc8qrAXdcpi1+5t/omx5qaLQf8qdOQDk9XJYMv5sxZXUDGt19Gg4wroHdft93AH3QW3QYSWneLFFcczFcR8kGHZIP2KMZN1+bIDhY0DROx8gH0g9AaGuR66OcVAZc/gx+9R6eLdLTag0BUFwTi6ioYGUWcs31sN4D5FEf/T0BzyzTVsUdob7C40ld0yzoAltvODSao8Xs8WaRIXyrPqvyez7SfCN0ZHnEfSagZAu7c1hN8F76ySDAgom8m8duAQpPipAZ+bVlOFOZrzeEchcWHRwA==
+v0n0.nic.properties.	172800	IN	A	65.22.20.46
+v0n0.nic.properties.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:46
+v0n1.nic.properties.	172800	IN	A	65.22.21.46
+v0n1.nic.properties.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:46
+v0n2.nic.properties.	172800	IN	A	65.22.22.46
+v0n2.nic.properties.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:46
+v0n3.nic.properties.	172800	IN	A	161.232.10.46
+v0n3.nic.properties.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:46
+v2n0.nic.properties.	172800	IN	A	65.22.23.46
+v2n0.nic.properties.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:46
+v2n1.nic.properties.	172800	IN	A	161.232.11.46
+v2n1.nic.properties.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:46
+property.		172800	IN	NS	ns1.uniregistry.net.
+property.		172800	IN	NS	ns2.uniregistry.info.
+property.		172800	IN	NS	ns3.uniregistry.net.
+property.		172800	IN	NS	ns4.uniregistry.info.
+property.		86400	IN	DS	33049 13 2 6DFF521D658293FD458E615DEBB6CA0C76341775F72F340BCD3960851B4C536F
+property.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GSdxnIs0ovIRc4ytMu88Uh+UzjZoUPHymAt4fPyOnBN0nEFTodLXIAZtcywHMX0YZ+Fayn9Bgr/uPIESvjH/riGr30H/einlkw6PZEYGlnCr3O3p50x1Dl/U0fYGkZ5wWWwtJfxBcTzO68CV4HW2MTRuiPMO5/KcA2e+tNTfgt8jqIrxGF/8eHKsSYtLNkzWf6f5KX8WjoG8wr2TtvayPu9DGaCwRSH3aNjWWroqx7S/EIxMsWXAkcwzRuy3tvQB2XGCZWxhLHd4LdY0HB3R0SggScipA0uxmDgjSRT/sIhE1QYrLLiI8XSVnqlNj7nP8wnPJ0nlFg6X9wGz4szgFQ==
+property.		86400	IN	NSEC	protection. NS DS RRSIG NSEC
+property.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Iy7X/wJA18jdWF2GfAR75m7rIyPHOkExbv6O7S0q+eynilTHGYbsrVg0i16+WEinD3NlDxneCWlzHMff2QniL8TAm5FJQePBEe+vHFj+ulrDuRHbgsrRVe2Ua9hxZap6VDnkPnu5oPy12YAV4B4y2FQJRIA1ZYt8P1D6B30iQ5OF2EUZzEc+ApkFlot4F7vuolJpWverx69/NF8jYWfRF1QsH7DslRIW+eDvHjDQts37w7OqDGCFTlG7esRi7fY1nWsT/A2lOasauD+AGGJ/5agoMHsLdAkIZBy9L6hGYtbOvjGyelYgv6732jIobjp7McMpBxIpHWV40XOiVRJD+Q==
+protection.		172800	IN	NS	a.nic.protection.
+protection.		172800	IN	NS	b.nic.protection.
+protection.		172800	IN	NS	e.nic.protection.
+protection.		172800	IN	NS	f.nic.protection.
+protection.		86400	IN	DS	46846 8 1 44911D0CB6AE4931C66C83C2881085E48866B075
+protection.		86400	IN	DS	46846 8 2 3E780717CC500405E3E7869AEBBE9F3D49AC770B338E216FCA3F096EFE92F2CF
+protection.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . p/TIJRzr0gJo9gK1bwwX7DYxclFRcPjBDLqU0VLSSvqNwInWMUEefDfuLtYgy4E9rr2pLKyo/nTc3gZS+T+dCsbZavpTpTEPzecy+4ysgvykCscVjYocQNGKIrHuLhqyVpUAYl2O5k4nBSNKmdSh0Yw7cnTJ1mBxB7bzq+OHbzpEc+AfOEdzaFxPYOIsonkAEZsXmg1B8cCQy5anLwngJnefPLlkI+vFTc3yOrlObbfs7sUOji/i+eJVvqDoPP+Ybphl1hJJvUlr6UWeE7mHHBZmDqMU5txaV4aaG9WKTKk9sOWrJP6dbPeim6pm3hV3yxkcDg+aOs+LU0+asWpZ6A==
+protection.		86400	IN	NSEC	pru. NS DS RRSIG NSEC
+protection.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . THBiUuQ8nKPSPF3jTeenCkyFRxhO6WxPF/F3ThMOgeT76B88vE9fUR6CpqhQHKvzqxYJSGpqLunIVQZkR1OcFz9HfmI9TT1RZfY2Cso3LnJMjSEUYMoIN7r8lZ85DTh+XT3pp3CQNVE4Um5jhqqDOWXC2Aw6/VMygz61yVNR/KUffVIYs2uhE/l/TOqhBY/NkxcAC/5MTS67VaSTRHN1rxR7mb6fYSzTkMwxG/M/L7nocGo6FzluR7dDUyz+Xg/uZQE68N6GDlVVGWKVGRq59tmiWcSiLZ6Pm+NFaMstOyLMHUfTl1w0ciTP7Azj89AmhbhcmdObdQxNYv6tIgH0Lw==
+a.nic.protection.	172800	IN	A	194.169.218.67
+a.nic.protection.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:67
+b.nic.protection.	172800	IN	A	185.24.64.67
+b.nic.protection.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:67
+e.nic.protection.	172800	IN	A	212.18.248.67
+e.nic.protection.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:67
+f.nic.protection.	172800	IN	A	212.18.249.67
+f.nic.protection.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:67
+pru.			172800	IN	NS	a.nic.pru.
+pru.			172800	IN	NS	b.nic.pru.
+pru.			172800	IN	NS	c.nic.pru.
+pru.			172800	IN	NS	ns1.dns.nic.pru.
+pru.			172800	IN	NS	ns2.dns.nic.pru.
+pru.			172800	IN	NS	ns3.dns.nic.pru.
+pru.			86400	IN	DS	54559 8 2 E38AAF4292647D64678F4E3819B5658570E058ABBF7F60BAE7A57C5369ADCF73
+pru.			86400	IN	DS	60964 8 2 97A2DE7C9E4880F5F4528C07D2446E93ECF03289B85A8B79AC9355914B18E957
+pru.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Gu2urNLFl7dFVncIr+ZWsuXXpB6Qgy51CpbU3x2YKcMtbC5KNad+oJITDfjL907/oQOpRXpkziyR5rtx/MTAfXR5CDLpc1YU8KNO2zxrJzNBUE0P2fUEa44gz7rgH5wrs2LnkXIesc8bCi3BD+tSuko+VFYdYYPE5yyNfMXLdHhwvWITEAInwfajcY8BcQzxTciqPUXPstdyiY8km1MAPvXJaSwCP2/LHXwqEPsU+iwfnTL57CuZ1qYrOQnFxdD5m+FMcEarflu2FxmW6CA4QxzdDgg54QdX6Os1u156fB056Znt14UpnewC14z0woKYi/ES2T2sanljAROhYC3d0Q==
+pru.			86400	IN	NSEC	prudential. NS DS RRSIG NSEC
+pru.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hC//QVPPmDnQg46qjrWT394UdTzB0SK+hlM2wKLScl8l3WhBJyxpQgcqWWx/UInMrk25qNgduSDP3HDtRpqzjwUeG1sSqTxQHQp8MUxSEXgcAxc0STpNiL4e1Ti6Tj96YuTlMC/3pvyOB17Sxh0rioNU21VkO/7f8DuXiqq6k73oqMobJ0eZd8Jf4UdugAk55alEfiGavOUFtys5I917H5f6u0Zka7QFYx7ss+R9LZMgDvc2nbQ4NPmb4XkG/fI5LQUg/uPaNwVnryXSWb/sHcvhKdQaxa1OqsUYdhAw4bp1DUq2ynnbuGbtcLIDiBxJH2rtTJtmW6iqwxVYsIuI2A==
+a.nic.pru.		172800	IN	A	37.209.192.9
+a.nic.pru.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.pru.		172800	IN	A	37.209.194.9
+b.nic.pru.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.pru.		172800	IN	A	37.209.196.9
+c.nic.pru.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.pru.	172800	IN	A	156.154.144.141
+ns1.dns.nic.pru.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:8d
+ns2.dns.nic.pru.	172800	IN	A	156.154.145.141
+ns2.dns.nic.pru.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:8d
+ns3.dns.nic.pru.	172800	IN	A	156.154.159.141
+ns3.dns.nic.pru.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:8d
+prudential.		172800	IN	NS	a.nic.prudential.
+prudential.		172800	IN	NS	b.nic.prudential.
+prudential.		172800	IN	NS	c.nic.prudential.
+prudential.		172800	IN	NS	ns1.dns.nic.prudential.
+prudential.		172800	IN	NS	ns2.dns.nic.prudential.
+prudential.		172800	IN	NS	ns3.dns.nic.prudential.
+prudential.		86400	IN	DS	3886 8 2 09ED8DDD91AD3B14C9A4EA598B9A0A94E8D3F7FD1EFC789F92002AD74372FDF8
+prudential.		86400	IN	DS	60835 8 2 C69DABD2CF3D79D968533BFC2CDB13A20ED9792260F42DE04BDAA6925AE9A4A1
+prudential.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qFK791gw9x7AwTCarbKJFvqBpUVC9T0O5RVQJTSfKnCnoE+nvtbhmzOzISvLD3N0FikM7CSqw5zuvbps+8Gc1aZBWcBHJwygfLMycXjEHoD2fTB7b/Nh2h3JLQPxSxmjricHYcSwNPZTZKgPNwu4XjnNadJyKdXOdpIs75NTQVNHZzfJdJ5oSoS0n5WOO7tAvBSf1ghNFhOrY9I/H68d/4uWchtEer5DQLx3C9d8tYFMT7TiAlAH5Cmy8n9+CP/GIMDMYpVU5szUoc47PFycj3SH/vjLfCIgp1O6qUQNgRCU/mSHOLY1z2JF3UoXQSAVuhMXZaiROYdXms8ittmg1g==
+prudential.		86400	IN	NSEC	ps. NS DS RRSIG NSEC
+prudential.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WHiaqGDMkTOZRQlI8nP5cbRSH0ScfWKhXdtFQ1ZAOOUy3Vdjm/ptkSV3kKe4iyZuUtbyUo69iI5nK38YqgzjhSgEAIUXYCaAbxFZBnptpq1MbGjfpL5blcWHYU5l6PKInjBWk6T33byTI+gA1RzYUzTC7ZiikZ4IV2otHLKKAI22+MRibiMT68suhQz2WqAgE2riZyAsXLCjC4JReZdaGW7G0IK9g6BiBK4clITAdPMpa5Op1L6K9GSv+idYIDWF0urdSQ1RSoQlivl8xRKBuADNuPG5HMN9jUs0MLUFc6GoboVLwxbv8A1g3Nmc8kygrU458wPJWTTZn4Bo/yGwbg==
+a.nic.prudential.	172800	IN	A	37.209.192.9
+a.nic.prudential.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.prudential.	172800	IN	A	37.209.194.9
+b.nic.prudential.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.prudential.	172800	IN	A	37.209.196.9
+c.nic.prudential.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.prudential.	172800	IN	A	156.154.144.142
+ns1.dns.nic.prudential.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:8e
+ns2.dns.nic.prudential.	172800	IN	A	156.154.145.142
+ns2.dns.nic.prudential.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:8e
+ns3.dns.nic.prudential.	172800	IN	A	156.154.159.142
+ns3.dns.nic.prudential.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:8e
+ps.			172800	IN	NS	ps.cctld.authdns.ripe.net.
+ps.			172800	IN	NS	ns1.pnina.ps.
+ps.			172800	IN	NS	rip.psg.com.
+ps.			172800	IN	NS	dns1.gov.ps.
+ps.			172800	IN	NS	fork.sth.dnsnode.net.
+ps.			172800	IN	NS	ps-ns.anycast.pch.net.
+ps.			86400	IN	NSEC	pt. NS RRSIG NSEC
+ps.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tu7LcDYe0GursB5JHZ7AzQNf57A1cz56jjcd3gKj/qLACxLTtG+UqQXCicEzQjjEx5pEQYOv3V0F8vzpsBh//uMWJ54ib0xdUCk8nReaMy8i0KYcM0MMD7KGNYLPC/39F4mrKGTGK4WeleQ9YUiX8EY0uyudwJQ205pBFdLOe9GKT1Bvn0lIscKItaoVUn0q22jOuXuvnkl8CTSqwbEfoVKzUtkaFbj9wIkoYpVCgbQxDlMOn4GzqKJ1v8p8Uxed3pskvVHIrN9wlWrZEaQYmF/MOv4Z1IVEcqSkVHICAIFMWbbFGwlFpC6wRTyFbv+WPB7BFSppMxab4Q8+bwqZ9A==
+dns1.gov.ps.		172800	IN	A	213.244.82.147
+dns3.gov.ps.		172800	IN	A	212.14.253.242
+idn.pnina.ps.		172800	IN	A	208.64.68.4
+ns1.pnina.ps.		172800	IN	A	194.6.225.20
+pt.			172800	IN	NS	a.dns.pt.
+pt.			172800	IN	NS	b.dns.pt.
+pt.			172800	IN	NS	c.dns.pt.
+pt.			172800	IN	NS	d.dns.pt.
+pt.			172800	IN	NS	e.dns.pt.
+pt.			172800	IN	NS	g.dns.pt.
+pt.			172800	IN	NS	h.dns.pt.
+pt.			172800	IN	NS	ns.dns.br.
+pt.			172800	IN	NS	ns2.nic.fr.
+pt.			86400	IN	DS	40155 13 2 B0ED28B7255E9880E7CE4665B75AE7271F7837899057F0D4B897ECE2EB1EB494
+pt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uC/CLdbzpEP3z6quUBbTbTIic6h4NXgZrSxLyu+4U7yTOE2YOxAlfU35BKRB3rQfAyEYG7OY8jwTpvSZ1ma04xVjjXfVI5Fkhj5/mngPcBwSCC/2IZfvoUPC1AyEHAbtsNkiSQ5+15Iwug1qrWG/vsyh0WH6SIumvq/FrXEPmJAwf4u7iQg3FSrTJicK5gaoihMAAX/bguu/mzhRDmgakYpuF0kqy2td9u/wZDecbfDEDF4wKq1aPYNMzQBcBOJ8Q/zhiMdIVXm+12/5FKBSGTDEnl9JHNXtSLoHOKCng2Pu+EaL2vL88Hb24YgY2CRuMxoXbK2+pWRMr0krFLuhqA==
+pt.			86400	IN	NSEC	pub. NS DS RRSIG NSEC
+pt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b84AwzNGiNUAUPr/BjW0ciBd9jqbKciYsPF6WMZMf6Iy8yC9qu8a4EZ3kfz7cq70Vc81d5/I5UAdQvX68J4p/gLVRuFI7yWRI4EJklU+RHHrkRBB68spSFgSvhoAmomNiWR+uhWSrXI1uH8D+h+pCogvSpdQWc00w4nNfjZRhIZ1mp25Hok/Q2l31qpEaECKbHztho+EiD1XgDaYcE7ONW7//pC186YmFDjXtpNE+Luyo3tGABS5XwTGZrw7p8oG7uLWaixZyHVMt5cEc1LkCaWRDG3ZpnGfpfqlZDt7N78JWu57lFJ97Z1aAXTfR3Pq8qZRYYEgOTm7EhP3psz/QQ==
+a.dns.pt.		172800	IN	A	185.39.208.1
+a.dns.pt.		172800	IN	AAAA	2a04:6d80:0:0:0:0:0:1
+ao01.dns.pt.		172800	IN	A	185.39.208.17
+ao01.dns.pt.		172800	IN	AAAA	2a04:6d80:0:0:0:0:0:17
+ao03.dns.pt.		172800	IN	A	204.61.216.113
+ao03.dns.pt.		172800	IN	AAAA	2001:500:14:6113:ad:0:0:1
+b.dns.pt.		172800	IN	A	194.0.25.23
+b.dns.pt.		172800	IN	AAAA	2001:678:20:0:0:0:0:23
+c.dns.pt.		172800	IN	A	204.61.216.105
+c.dns.pt.		172800	IN	AAAA	2001:500:14:6105:ad:0:0:1
+cv01.dns.pt.		172800	IN	A	185.39.208.18
+cv01.dns.pt.		172800	IN	AAAA	2a04:6d80:0:0:0:0:0:18
+d.dns.pt.		172800	IN	A	185.39.210.1
+d.dns.pt.		172800	IN	AAAA	2a04:6d82:0:0:0:0:0:1
+e.dns.pt.		172800	IN	A	193.136.192.64
+e.dns.pt.		172800	IN	AAAA	2001:690:a00:4001:0:0:0:64
+g.dns.pt.		172800	IN	A	193.136.2.226
+g.dns.pt.		172800	IN	AAAA	2001:690:a80:4001:0:0:0:100
+gw01.dns.pt.		172800	IN	A	185.39.208.19
+gw01.dns.pt.		172800	IN	AAAA	2a04:6d80:0:0:0:0:0:19
+gw03.dns.pt.		172800	IN	A	204.61.216.114
+gw03.dns.pt.		172800	IN	AAAA	2001:500:14:6114:ad:0:0:1
+h.dns.pt.		172800	IN	A	194.146.106.138
+h.dns.pt.		172800	IN	AAAA	2001:67c:1010:35:0:0:0:53
+pub.			172800	IN	NS	v0n0.nic.pub.
+pub.			172800	IN	NS	v0n1.nic.pub.
+pub.			172800	IN	NS	v0n2.nic.pub.
+pub.			172800	IN	NS	v0n3.nic.pub.
+pub.			172800	IN	NS	v2n0.nic.pub.
+pub.			172800	IN	NS	v2n1.nic.pub.
+pub.			86400	IN	DS	53776 8 2 3766469C89AF5ECA8E8C5852E359396294057677C5AE8CA9C641422D7237BB4F
+pub.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XZV6zUul5GLTpTAVqvIz3N+3u17jcfMqvherzeSteQJ/ktnlbpEGFMCUeBzcYjEAWMQaSHjBo05yemtoii8TFfRqlnyMKDfg59//d7VdWp2477QWPK5fNQqV4T5ZA/Yl9ZbRpbXcnv4sgLCUgOFUyZ2U1rGMEKXYFsJ3SPdKuY7KhDjBlNXW3IKI17w8e13wkxtPNmnJU4JPoMRRXwJXAcT1JByEhBfPBrlqVJ6zNPo3NmoAW0SqLEi5sscZBx8GLS6GPYxJi7Zwjr+p+yO2pxg9pgss+HqaZjeqQbf2dKMGJx/Sujv9DZmoTHlnD+mERfLnSKmejRLSV01R2VDt6Q==
+pub.			86400	IN	NSEC	pw. NS DS RRSIG NSEC
+pub.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ijENbgrvdw2V8i9TpOd0xiJuNFicWzG5Tk55x/CpQxsNnYCdsNQCkWnXXEy0muKez7963LpBSj2mOPBoFVRj+6Dfn01sXJ2+camid6yckSng0nNF3YkOoLEvLI4Bar+hb5Vly0jyfVfT14pFPlVs2GaLL1wX6Yp5ErPGmpN09B0CFZYaRHKPmGKrz9f8BnEuQtb+uXOpyY3NcxmQD0UOUP1GmJrXv5hu4OdYEUuT3d80LlqwUKXJZ09C5x+fKeRnHEl75HXcgxo1KxsSGHIoHLHpJFnf49qXkv6h8a5nlCvCQ2dUfD7Ny5d5L06dCRh7ZxZUXahg1Hk7OZN3kyZg8g==
+v0n0.nic.pub.		172800	IN	A	65.22.28.7
+v0n0.nic.pub.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:7
+v0n1.nic.pub.		172800	IN	A	65.22.29.7
+v0n1.nic.pub.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:7
+v0n2.nic.pub.		172800	IN	A	65.22.30.7
+v0n2.nic.pub.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:7
+v0n3.nic.pub.		172800	IN	A	161.232.14.7
+v0n3.nic.pub.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:7
+v2n0.nic.pub.		172800	IN	A	65.22.31.7
+v2n0.nic.pub.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:7
+v2n1.nic.pub.		172800	IN	A	161.232.15.7
+v2n1.nic.pub.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:7
+pw.			172800	IN	NS	ns1.nic.pw.
+pw.			172800	IN	NS	ns2.nic.pw.
+pw.			172800	IN	NS	ns5.nic.pw.
+pw.			172800	IN	NS	ns6.nic.pw.
+pw.			86400	IN	DS	44440 13 2 362CD4EB8C8FD51674622639F860F906EA08A7C977400547A9F0AC7DB92E14C6
+pw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ov+32ODk74C7XWIhMRtrhFOKy7XECQHX5MXWRBraCX/h6V1l0B4yk1ot8sa/rVBq70hi/nShiHlQTJjnGotXblKAO+0OS7DYmGt1jLSP7vcJ+Lrl/wYq6+2yeFJqdLpRrOUbj1+FUo2SgFAAn1vBSWqURx4P+v8ZYmvuOzsDdvKHm0B3AKaQwyNBO8jlZgVsjZkPTcafAbLgjy2Nes5tcaf0TKpRdUg3Y45B2jilmLcRsBc/8h5OIjdv7X8oUrV4ptY0AHe2OunAMx0n/HAYxxuc+wSvR3lR+aaxi3+wQNHOy2Y6tApfM4hoBepJJbzR+v3FnSwo3abUfLGknuCKgA==
+pw.			86400	IN	NSEC	pwc. NS DS RRSIG NSEC
+pw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gSwEo0Wmcp/Lg546oKdRNJW1+bw+cRhJN6v5RLUAsIsyeI7OzhSBDFhhHsQalHxLPLmSStfOrQmx10PXxqlu8PlGXSuII6K6zbB8S/weKkbskqCzNXVAw3LyLb1brxzpGdE6RGTlfR3qX2dktIc0ui770sCrP+NtRR9tDvj6MAmOgvRTQFlLVCoxphCVdv9F3ie4k89+C7fikb7P0pdaM2Fena5p85MRZdz4kg1SKSWFv+s8QxsMw/mb+7uYXos//nfRezjJ8xfyQts0EEfmpNBEZEeTCDMn6xnaIF8Hl5UTOG4g11DJFyMeLTKkTQDKT8RANBqxv4dIAfpw7jHecg==
+ns1.nic.pw.		172800	IN	A	194.169.218.12
+ns1.nic.pw.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:12
+ns2.nic.pw.		172800	IN	A	185.24.64.12
+ns2.nic.pw.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:12
+ns5.nic.pw.		172800	IN	A	212.18.248.12
+ns5.nic.pw.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:12
+ns6.nic.pw.		172800	IN	A	212.18.249.12
+ns6.nic.pw.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:12
+pwc.			172800	IN	NS	a0.nic.pwc.
+pwc.			172800	IN	NS	a2.nic.pwc.
+pwc.			172800	IN	NS	b0.nic.pwc.
+pwc.			172800	IN	NS	c0.nic.pwc.
+pwc.			86400	IN	DS	50191 8 2 53A702C1BC2E7246D8027839BC8C43ECB48A28139D2ECBC0350E4C6CA3BC623A
+pwc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gV00M7eTeIhm79nEI/IYSt64pPPomS5jpMofQuD56IqYrHXa8dQ0yOmHTVTZdIxQNjzxcM7Me4LKaEm7hRelFarKV6DZlVLcfDNnAuOMsavlCg1GQBCFrU86c84985rLBChUmkT5rglgstUHMiCaaAVSJDnPy/03fYi+D8+C5HYl/5UZiT3rEj0dPIuL78Lb5MW+C9VgPzbfIoF15Y8jK3so8aMnEPlAkDi3q9fevRQiGMAb3I1pyXmjBgf2bcCKpbeGv6cDWLi9g0cagr5dfA1Vw+yJCOz0Hk2UOeGwGRP2WrlV7ScjIcrWLnl21McKNNk3vy3S6/T5bxJUurILog==
+pwc.			86400	IN	NSEC	py. NS DS RRSIG NSEC
+pwc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Tt5/KWeVkFBN5+FBxBbOmukLKJEb9frrZSY4d1wBHMp+6P5Z5KsCZQTrD7l87vM7oMtt+gUCazxlvv6OlBj4mcDsntU0fVsKbOKgYVEQtvjlc6MyXCvAXT+6jdWstPaFCvI8fVL6MRpM7UH9jUrIjBwRegGb6XtdkGnUymKOcVhDkdj4OFjD1F1WHLR7ne9400FwYX9nUgbNsfVgwOQMrbAjzs+iiWWs7TgEVPc+y/bk85h/SSoeGkczXW+eH5L3evwXwF/EytnFLdo0cRyHoaP4EDHyGrvvYXi9Q1EUqyxbwbSccX9FRHtmK1iKpD5MsVN/eYWSTQV1rMGY7VkxLA==
+a0.nic.pwc.		172800	IN	A	65.22.80.9
+a0.nic.pwc.		172800	IN	AAAA	2a01:8840:4e:0:0:0:0:9
+a2.nic.pwc.		172800	IN	A	65.22.83.9
+a2.nic.pwc.		172800	IN	AAAA	2a01:8840:51:0:0:0:0:9
+b0.nic.pwc.		172800	IN	A	65.22.81.9
+b0.nic.pwc.		172800	IN	AAAA	2a01:8840:4f:0:0:0:0:9
+c0.nic.pwc.		172800	IN	A	65.22.82.9
+c0.nic.pwc.		172800	IN	AAAA	2a01:8840:50:0:0:0:0:9
+py.			172800	IN	NS	b.dns.py.
+py.			172800	IN	NS	c.dns.py.
+py.			172800	IN	NS	l.dns.py.
+py.			172800	IN	NS	p.dns.py.
+py.			172800	IN	NS	u.dns.py.
+py.			86400	IN	DS	61306 13 2 5FBA6A98277300D23512184AE3FC238C367F731D519F6EC9A63AF9D4FBC9A435
+py.			86400	IN	DS	61306 13 4 609AA5B81513378F093FF57BB91296E85366D815E24680D1894E490CDAFAE188D7214DB1B0E453BCE2D5340DD921B1BA
+py.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YnYUVDFD/paaPGbjT0MWirRC5/rlr0g1ym/M/GjrmH8LyVFokip7UJcUASRmS+Nq5QbaxKohBr4PkYuQFgbRe4W42mczWjKtSH/QDg3UUrV3GT9TUotazjtrm9f2LnC626QrUQpeChQ9wUwh7fjfwDMaVOMSKm7OoTDau96/RdllAo4dggBeOnDqqrzaAudapxS0zbXVZ8RfO24vfFl60I0a4ir9hAcvov4e+nrtLn/kfcR9G4CnfymM/mcdNWUdrDihQZCTY4RyDNBRP5uV0RYlmuEfL6yTNJPhhoavbJmufQrx0ld61YSCfgohTycx6BRHIHywQCsQG1fuzSJjgw==
+py.			86400	IN	NSEC	qa. NS DS RRSIG NSEC
+py.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cnr/9uAWjJNlqe8luzah8Cv74mLVgiyFaVxUgdXhyyma2Swka3EjR3BpvwmzyY5nxiGfQNEbIQFUVHyrBAKj/ZIyS5QyQC5vrotL2++Ii1TxEyZD/gWSPs8/D3lCHMzm+CCvHYjAAUuDyX1yni1z4ZSLX4E80EVu/oJXgXLXURIm5qZTiM0gDvpl8lCXl518rXi84wYonFVUI5hkUtcduClUe3HytPthV03I9JEOJ2qBBM+qLJc0NeerMgA8u6uWbYL/2ewmyBToBNjq9R7keCIKQy7ewA2r0ZjF7vUEgx96CsEjhEhSICkjooz+5v4m0kVPQPoAaAHkjG3Smkg41A==
+b.dns.py.		172800	IN	A	200.160.0.5
+b.dns.py.		172800	IN	AAAA	2001:12ff:0:a20:0:0:0:5
+c.dns.py.		172800	IN	A	130.59.31.30
+c.dns.py.		172800	IN	AAAA	2001:620:0:ff:0:0:0:30
+l.dns.py.		172800	IN	A	200.0.68.10
+l.dns.py.		172800	IN	AAAA	2801:14:a000:0:0:0:0:10
+p.dns.py.		172800	IN	A	204.61.216.107
+p.dns.py.		172800	IN	AAAA	2001:500:14:6107:ad:0:0:1
+u.dns.py.		172800	IN	A	198.6.1.65
+qa.			172800	IN	NS	a.registry.qa.
+qa.			172800	IN	NS	b.registry.qa.
+qa.			172800	IN	NS	c.registry.qa.
+qa.			172800	IN	NS	d.registry.qa.
+qa.			172800	IN	NS	e.registry.qa.
+qa.			172800	IN	NS	f.registry.qa.
+qa.			172800	IN	NS	g.registry.qa.
+qa.			172800	IN	NS	h.registry.qa.
+qa.			172800	IN	NS	i.registry.qa.
+qa.			86400	IN	NSEC	qpon. NS RRSIG NSEC
+qa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GBv1ZFsPsQh/S8WK3owv3kM8Tmf5BGiJBwuToGtGIu9EDYxpQgmYAoek8r19cFWkwhKUaPd07gSfGyhOV3TTZv+W72hmkl6WzmmqhQNgLM0o8pXMpMi0dCCrr+oyHYgnHivEruTGwajc2LKXDOECwU9NEKBQtzFIyUYrsYG9gqWXKzia+ITzdDdE5uXvdCCfotM6qIgsLFTPFmqIGzX9ijsfKQttWW//mH03iLXDdU571WIN693raazchA2fqaGudHa/mtyookCY+L11FtnXCDCtqK0PspVegC5v6QlgWnHe/++ADP5LRxOGtyfX66CaslItbihQF5oE9JowtAb/bg==
+a.registry.qa.		172800	IN	A	178.23.16.104
+b.registry.qa.		172800	IN	A	178.23.17.104
+c.registry.qa.		172800	IN	A	212.77.192.10
+d.registry.qa.		172800	IN	A	212.77.192.13
+e.registry.qa.		172800	IN	A	178.23.20.60
+f.registry.qa.		172800	IN	A	37.209.192.6
+f.registry.qa.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:6
+g.registry.qa.		172800	IN	A	37.209.194.6
+g.registry.qa.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:6
+h.registry.qa.		172800	IN	A	178.23.22.60
+h.registry.qa.		172800	IN	AAAA	2a0c:a640:1:22:0:0:0:60
+i.registry.qa.		172800	IN	A	204.61.216.62
+i.registry.qa.		172800	IN	AAAA	2001:500:14:6062:ad:0:0:1
+qpon.			172800	IN	NS	a.nic.qpon.
+qpon.			172800	IN	NS	b.nic.qpon.
+qpon.			172800	IN	NS	c.nic.qpon.
+qpon.			172800	IN	NS	d.nic.qpon.
+qpon.			86400	IN	DS	2327 8 1 C3A7DB5BB487A23BA948A762681A1899980DEDC0
+qpon.			86400	IN	DS	2327 8 2 3862EBE8922407508C2915D29ADA122BFDC2385E90E14F0B98145665D794E347
+qpon.			86400	IN	DS	29890 8 1 44C89222BC6F471572A2D95AF068D70D82D99D65
+qpon.			86400	IN	DS	29890 8 2 7467925EA4AFC0A3A7E0E36A640721385FFC85B26B7002B492EA8CF45F4C9A90
+qpon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . O40PLCK9KQ4H4kB+6GSEdxLMCM1bSyRBUWr3MnDl/tVVLveYw7D7Ajw5zHENEl1RxNT/LmZMSRFXKnIPpzjv00hCshFECvN5UWXfJDEWTxLbzz9aZfMdFf1GVzhQUPdXFnmpK58GO1ZnLmNUCh9l4CxD9/APi+WuHhaIu6cEE3PcXW9EpWyW94hzJ1rvibMsO652d5yYNnm+Veq5FHgJQxIX5ZBdc2VBni4MHxSVyFMP5C0wlWoXSaFSW/fFYqKXv7CHWTdUiS/+njAPpMrdZ4yoeWSPz7TSwdwbeYzXtsPLuu7+x050sx9l5V8SVW8O2PTlwLTi0cNfHQd3gOv9qw==
+qpon.			86400	IN	NSEC	quebec. NS DS RRSIG NSEC
+qpon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HpeRUV+HjVjo51xbauuuTy0chZqf+5wtqzd8Y4dV8p/r3e65IkCaobMV7LQIHApTfrSoqoRNikiG2pGPgcbROaSx6vkx2tjvvv0UTqfz8bYy6T6pM2E4imFj++v7ZTStRd2F6bW/GArAM3aU070xq6RkrHX0xkuPsaiAoMNEfkoxE3nwykW/hdEZyJmDnG1w38XZnqIZ373YJ9FzJP4hu3YYrv1RaFo58vChfqQs37dOT2ZFTrvdKNXOKlB7LrX3R4qbuN5/Xd6jDLCMzmO9o5aKfYL5aZHjwIltH5TV25lGKm8rX3DmsKtPVeVpJ5+f908jUYtRG0o8Dj0MwTY7dA==
+a.nic.qpon.		172800	IN	A	194.169.218.128
+a.nic.qpon.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:128
+b.nic.qpon.		172800	IN	A	185.24.64.128
+b.nic.qpon.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:128
+c.nic.qpon.		172800	IN	A	212.18.248.128
+c.nic.qpon.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:128
+d.nic.qpon.		172800	IN	A	212.18.249.128
+d.nic.qpon.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:128
+quebec.			172800	IN	NS	anycast9.irondns.net.
+quebec.			172800	IN	NS	anycast10.irondns.net.
+quebec.			172800	IN	NS	anycast23.irondns.net.
+quebec.			172800	IN	NS	anycast24.irondns.net.
+quebec.			86400	IN	DS	46012 10 2 5916001FFF3DC261A7F1B5D81BDC63312697F8B672AE1C8AC7677F6E68977F48
+quebec.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OaxC6Rmb5i0UPBdf502eVQ90THy8RaXWg9vz+jM+IcqZdUqAxoXExssB0AONeYVf4bqCkG4cNndEHA+FpfGUXo6hRCi3ios2DMC2IFxbYN5/NJs7XAnLSltjle0RTOojmFafZYnhoTuD6VCYVo4yJS2kbvD27Y+tlerykPPAERDZuLiP+TKRyMUV76Nu77o3vP1j45xqvHQ33gPa8aEJUFbt5CWx8PZlX0C+m6E2k00qyJ4lv1qYAw9sCEj/3+FteQVvsmhcsvhtPoJmQORns38vR2Eylzi+t2oABaq/ZxbsHla9k5WYNDwKelSUKmGxtUNWo96qXNU2Pn1LmXPxXQ==
+quebec.			86400	IN	NSEC	quest. NS DS RRSIG NSEC
+quebec.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b0DS2d39LrkGrbn7IWzUU/p/KGS0RAghoD4rdQbhQb88l9TYkza60BPn30HedH+vsqjR47lcd4dNLrPKVkycxLQhTknqhDSckqG/iB2XZSzQEZPQB9V99b1vrkDvutzjUVELGxVEIwuwtQnWjILwrUvghKVqPpRnOh6iZEKZp9N8rRYt4CDrqss4Y7j+hyxDpblLpHOOgkptoOKQxhc2wKZvsSCJckHbFr8Mw5A4v4A3g/fwHE7OpRLTK6bbYS9sC9YGf0Keo7F5SfXgqVJfhYur9hxoJXKp74/DI3i7RMElh78R5n/FG0btHCJ9EylmSFH4LlWvNAwboM+yDN+DNg==
+quest.			172800	IN	NS	a-cnic.nic.quest.
+quest.			172800	IN	NS	b-cnic.nic.quest.
+quest.			172800	IN	NS	c-cnic.nic.quest.
+quest.			172800	IN	NS	d-cnic.nic.quest.
+quest.			86400	IN	DS	21334 8 1 D99396EFCD9B8F4A3B269CD1E9620572FB04F0D0
+quest.			86400	IN	DS	21334 8 2 8472C2FDF0A9D2BE4A2C1BC4C601C987118E6A815B1242B6985110B7C390E80E
+quest.			86400	IN	DS	50071 8 1 118C9E561B08FC2C993CA75545FF688ECFF4FFCB
+quest.			86400	IN	DS	50071 8 2 A0A1FA69FA59661AD0501D87885426B7B879C84B19891309DB11EA15A92EF2AB
+quest.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pNQvYHdZeJDXbld1viLR+QIbr+o7YfX7m1Cf1LR29i9DAf1ir4De+HvlwjMibUtuhiFYlDXItWx9tzvvfDBVF8JnsI0Tu2vkhR0N3jjQ5IkPyw9TryRq8MlT0MaMw3gUdid5s0kKrZekc540d+5P5HlejdpTqzxyQSMb+I+2yH82zIdWlOzJJxWek/4ai6YsIcq5vkmUPaFp62A/UwzyntGzcTcqCj5klJDvERwZhlXaZE0SHHQSYdSUuypdFy4skkS8D4BqCW8KZzoEOXqGm6riQNFczRMSmFmXGZGO9iNVdmXF80lGiDJvXwcE56jGHf6eTxKazLFVa2UwV765OQ==
+quest.			86400	IN	NSEC	racing. NS DS RRSIG NSEC
+quest.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cdDkqQs0haLtm0VwC+4bXxvP2Ij5DLDuf0jjc/6wwHM6uamKga9cHghkDodzyZIUIqyHM2GAS0V5ewtEQa9mSyoCMfc9xJzsTU20LrOGfmMUEuEkMqQBS0nBt7UQWtv4OlqA1wq584wFP+1MesmmpoXdwsAsazmzgnlg/aWkB7W85ljWhlDu7lzNP8yUypCcwYBd0n4cekJIfDmeT2yMD8M3yP17y6holvCdwVGVMLoDu1HGZ9HuxB2kaJbOli14UElaxG8oTA1rFEKZXFiLnZySEKD4TdeizaWKeVc+MQ2VWeDRgiJS6bdRsn9SxI48ndpRRhF3ok5sJqsLzN8pmg==
+a-cnic.nic.quest.	172800	IN	A	194.169.218.19
+a-cnic.nic.quest.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:19
+b-cnic.nic.quest.	172800	IN	A	185.24.64.19
+b-cnic.nic.quest.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:19
+c-cnic.nic.quest.	172800	IN	A	212.18.248.19
+c-cnic.nic.quest.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:19
+d-cnic.nic.quest.	172800	IN	A	212.18.249.19
+d-cnic.nic.quest.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:19
+racing.			172800	IN	NS	a.nic.racing.
+racing.			172800	IN	NS	b.nic.racing.
+racing.			172800	IN	NS	c.nic.racing.
+racing.			172800	IN	NS	ns1.dns.nic.racing.
+racing.			172800	IN	NS	ns2.dns.nic.racing.
+racing.			172800	IN	NS	ns3.dns.nic.racing.
+racing.			86400	IN	DS	20812 8 2 D4E4DDB66CB7CD6A1A4FACA0007E3735421EDCA637C767BEEF02D01A15D928D5
+racing.			86400	IN	DS	57100 8 2 048874AFA57AE916C96B9B8F92CA789E5750512CDFD1F153C1F71ED26053E7B4
+racing.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ldh118hvZmEECkjq9yZT8C+3NdMbzD3taOLAsrluqvGrin5zOp8weoosmxrz4ffLIvcBIp7D5Zf/ga+onuQIiARdXxZzpFDd13IpxZbqzckD6QaO4kZChvaVWDJRB247OoCf/+wG42+ducpMP8Zp9IKj2BnZwTe2/8rAbzym328peu5KwqKRx4yW8Qdx2WEOutiq8+GF1dh4qGt84MU0rOOMtpI7seQWtQtUwbErMy6yG+scb9oU31od1AeQoUOsFKlB2EQVkha3/EPmgJipVMl59/XPX0+B1RenhgJ8vBOwengugSU+fseEAO28wjy6VadEzgmHChQ8yjEJ9PEoZg==
+racing.			86400	IN	NSEC	radio. NS DS RRSIG NSEC
+racing.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . M5rgaff1dNQh7OjmTN89txZ/oum0TZzgf1zPbChzNTbIPaV5bc8LObK73nk7QjfRZPW461pswtA2py4sHK27YG+wQ9CtPTGlqCtWrmznQmtwhmusDfriCgKUdjqeoN/qARcD2WBWSO9+E3Ej/6eTEWx+EkwaUMt7zeOihCIMuIgdE0A3HQrNIgiXlZznW6oSKJp/2n0PO+Rdd6kXvkS5sfUVs/Vz7WLGioOAl3H6MOqAbwE8NPa+r3n1KmaN8I+xD82HXDw++eSt5lHvcmS9djnnyYmYDEe65KwTXjYA+leqyoG+eXb9nndbYQbRfj7kK5aA07IyQx5drh93rBb9JQ==
+a.nic.racing.		172800	IN	A	37.209.192.10
+a.nic.racing.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.racing.		172800	IN	A	37.209.194.10
+b.nic.racing.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.racing.		172800	IN	A	37.209.196.10
+c.nic.racing.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.racing.	172800	IN	A	156.154.169.33
+ns1.dns.nic.racing.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:21
+ns2.dns.nic.racing.	172800	IN	A	156.154.170.33
+ns2.dns.nic.racing.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:21
+ns3.dns.nic.racing.	172800	IN	A	156.154.171.33
+ns3.dns.nic.racing.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:21
+radio.			172800	IN	NS	anycast9.irondns.net.
+radio.			172800	IN	NS	anycast10.irondns.net.
+radio.			172800	IN	NS	anycast23.irondns.net.
+radio.			172800	IN	NS	anycast24.irondns.net.
+radio.			86400	IN	DS	62727 10 2 3863E4A0C36A262785C1703B5CFF54CDBD56CD40BB414B45599848CE972E26B9
+radio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Q2bGRrQoNg4YK523G4TsEs/4twnkYlCRwDJu3dPRgpZdJMA6WObq8GpZaShy4YaXlBCrLu0pA8RkBHTjS8gjhCOiLi+RC92SKO3syITl5upvpIGlbRON+F4bEvfXKy9wNpDinlPtCJOvTwxaX6SGzc+0en2r7emb62h4OYEb6UEFcyULpf/98k6THLOqwwwQq0CsxMT7rjKfMgENrobZ2kSPqzZ+0+qI8A5d60lPzkUjJYtXEsC5JfCayghTbJamVhil18AtEGmpsXvkXw815TUvrSoIx1528e4EgdyPZn+0mgVDMVI/0uZ9xe30AeGfaNtlfsu+umzLKyHR89+01A==
+radio.			86400	IN	NSEC	re. NS DS RRSIG NSEC
+radio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Dh7vXM+g/sFk9p+7NOPKJGepyMn8Ya6kFpbUEHxOElfqk8kQAhCdY/Hb5KKrWVrWtnoyQuakCOjht2BmEGa7ORTCyxG6MtvQkikybWFFn7fDRVry3WfA1bRZNa4ly/VM9SrJwByuel+fzQujAb8wHmnN5zEYGPpBWke2qcwvbhlO0yDfPIcKwUHSeD06ncgN2r4F+6z0wXfwY1hgbrSZhn1l/H6yHm4n8xjkvgaP2LysoEbmf6oS2yzD0c1mNtkBqlIGoWIFp13cfwj5aWv7AaIIswYUDsthS7ytDDlFkZFW7QEl/+oqX7LUXotyowEA6XlA1lrqJndjLsBqBe+huA==
+re.			172800	IN	NS	d.nic.fr.
+re.			172800	IN	NS	e.ext.nic.fr.
+re.			172800	IN	NS	f.ext.nic.fr.
+re.			172800	IN	NS	g.ext.nic.fr.
+re.			86400	IN	DS	49754 13 2 CE6C40407ED006C7A2D34B04F01EA0D825A64FA2418D6E994192AD05AD24FF68
+re.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Yp1yNRpadV20F7Jm0GToPqJ2Q8XSEkvOI7i79mhuHTWbrWqva7hFszZoT01XeKvdKU4bTq3QUprTf2lVXdQblWkELXeU+HVNrY/aorHpdpTPaiSCbrsVPazwId1BvONynO5De7oGdL/M7w0L7775pAxxn/U0C6qTf+Sg1B3R159uaFvGitNvaIDWfaG6lAIY2VNjgGP/vOflyBbrBpc5emBVZX7FgNGe1pr0JZccQTx0htDSBKD37cnT86vS3Bdq/GV+qBvVSEbRpwhqDR0nNDO3CYnyU7ObI+agiMMR1MOkpa1eF8FA5sE8k2tusLScHpvxnaW4YM4UW7Coj+qKdg==
+re.			86400	IN	NSEC	read. NS DS RRSIG NSEC
+re.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GX/0NFAvHwIbiHvimTms5FMA8EKxQDnDbAFljt3AHg3p+LbMavjxbNvspSLZUYtQ5DG8cmL0w/sKOqb3v5IrqaY/axZy52WmuC4stFn3O1V9L7TuGinhjVQ2zG8p58AqTVhrPoZAB14e/8UhOjcqnY2qL3yDaqNEzSyFCZjp2rH5e64MzXi4qntkl9FE31AFYWW5EEyXqAha/6H/IuvRAr1fG6mCLx33y5n7JZNNFMWIFFfnrvaesQ/SNlpyOqrJ/sWdmbEGmDnfO1ZeRIa6SarRJxI6vdJu/PGwkAgnkTUFrTCq8dz1sr9qx15KhSexcqrUp0SiCOBOLcgHreFJ9A==
+read.			172800	IN	NS	dns1.nic.read.
+read.			172800	IN	NS	dns2.nic.read.
+read.			172800	IN	NS	dns3.nic.read.
+read.			172800	IN	NS	dns4.nic.read.
+read.			172800	IN	NS	dnsa.nic.read.
+read.			172800	IN	NS	dnsb.nic.read.
+read.			172800	IN	NS	dnsc.nic.read.
+read.			172800	IN	NS	dnsd.nic.read.
+read.			86400	IN	DS	15481 8 2 688BA91CA7DC1405423B597EF47BECDE3188530011815FBB5C55B484EECD9F31
+read.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uym3KKY1UvRUYxEBoSl9IXmMzYOdzItHKbhSWvz9YyKgwBo/QeBA63woiDsoWf/HHOQ4aq7oCmBITl4N4fabutB9AfHMtpkrkONmWF++WsiFBGNmBctzv92eL/JudAOkL6oDJEnUAee3/dwU/f3tKO9rjD1k0LnDE/l5f2f0jQn4mE94COm4Rgs9PZWS7J4MslwAwhD6OeqR+OEjCI+woGsTCCEFn6d64lyIdc8YOHYN/zhqFQIBxYHzqFaJrpFueenhtBvnQUy32D3jF0tWnxTQc/bDGY/tbxuBHb4elVSIepT7f8Q6q4dn8NXfjgIIG6+UrA8gYrfnSxkh2bt83A==
+read.			86400	IN	NSEC	realestate. NS DS RRSIG NSEC
+read.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0JK4/sEp8m9Ca0fBhzrHYT95x8FQQOF0BPFH5IF8+4SBMooookeNmBOgoNxwSOZMuDDxz9emxzBgo1YMW9ZCEFrngpK7DNWY+jqSkWbrXYzgo5ogjX2YQHtabtVm4JAEHd8xEPAaRMTxeJCwILsaw7dZnmjBfMkRBg+3FCJGkrw55SxBn6xht4fIOatia6cyrKFCzrGm/AIsbxu7K+3WzcSFd/Ny3X0qJ169IVOJRIWyuCDx3rFMTRFvReBdvw6EmiwL0+xKnduIk6/guX+rPJUAk7xM3aSqtnPfNcpMpUnocDoq6k8mx10UCoJMbGy3mFIl02fZv8xtmwx/vYLXOQ==
+dns1.nic.read.		172800	IN	A	213.248.218.76
+dns1.nic.read.		172800	IN	AAAA	2a01:618:402:0:0:0:0:76
+dns2.nic.read.		172800	IN	A	103.49.82.76
+dns2.nic.read.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:76
+dns3.nic.read.		172800	IN	A	213.248.222.76
+dns3.nic.read.		172800	IN	AAAA	2a01:618:406:0:0:0:0:76
+dns4.nic.read.		172800	IN	A	43.230.50.76
+dns4.nic.read.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:76
+dnsa.nic.read.		172800	IN	A	156.154.100.3
+dnsa.nic.read.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.read.		172800	IN	A	156.154.101.3
+dnsb.nic.read.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.read.		172800	IN	A	156.154.102.3
+dnsc.nic.read.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.read.		172800	IN	A	156.154.103.3
+dnsd.nic.read.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+realestate.		172800	IN	NS	dns1.nic.realestate.
+realestate.		172800	IN	NS	dns2.nic.realestate.
+realestate.		172800	IN	NS	dns3.nic.realestate.
+realestate.		172800	IN	NS	dns4.nic.realestate.
+realestate.		172800	IN	NS	dnsa.nic.realestate.
+realestate.		172800	IN	NS	dnsb.nic.realestate.
+realestate.		172800	IN	NS	dnsc.nic.realestate.
+realestate.		172800	IN	NS	dnsd.nic.realestate.
+realestate.		86400	IN	DS	60815 8 2 9EFE92191E0F3F5C0462D0F4FD5283A6227A240D56793ADDA2A9C654C4840131
+realestate.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WGAI0WwMVS5oJu544/6ZYNArigr7gQUYQHaBmR233aM3EvMHb6ncpyVhvkUONs69zVsXrH05SNBr7tCpav7ew6hawrT/MjPgXKmvur5JNEr9f4eOaZGSnqKHIs1a43QoKsUeGfEfEgMoUp3EpCMlyoDU58reBqfozKis00qZdntaCLo6zr2f7w6KYrb2A1rZhwyaxJvngrQvbUo1R5XdH/G5SzHvlUJHWYkk513tF/LlZ7Ph6s46U+wwGJe8rBl6kxzLcuTzZIJ9N4No1FnXFWIEEjx1i2FmVml1ChVd3ozcbsnrdcgnQD3CCp1Bfb9lgKWaUklYNQUjGjV7iI+u/Q==
+realestate.		86400	IN	NSEC	realtor. NS DS RRSIG NSEC
+realestate.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0M+Dgl5xa9VWEga6We8Uflw0ZC/JNZ7jhbDPhtZlVtdmgWmryOq5Bm+RtrapW7I5F7d/x+ViRpUE5Y1I2qfup0sYh6L4c+PZsjbMNOjFOdioXnFkPsZ+cnp87uUXUOrXdZ4MKwvy/MUsSvfowiwNqD3UFUvgHYVStOkbbeeMWTU+Av/5GE92+40FPff3fXZAi/lDFI6m68oY3JFWm/nQlfP3KirdjQN5X1F1LfsZ5W69Gpx7ALTaMnKxD2zpNWNPD8eNoiTclOuYX+xmuY3NTWcQU9HWPmEjNzyWyurJuIOjnLKIKQWBnwSaPmmgb80GFzuYXCJjBJ4f2JzpMl3RuA==
+dns1.nic.realestate.	172800	IN	A	213.248.219.123
+dns1.nic.realestate.	172800	IN	AAAA	2a01:618:403:0:0:0:0:123
+dns2.nic.realestate.	172800	IN	A	103.49.83.123
+dns2.nic.realestate.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:123
+dns3.nic.realestate.	172800	IN	A	213.248.223.123
+dns3.nic.realestate.	172800	IN	AAAA	2a01:618:407:0:0:0:0:123
+dns4.nic.realestate.	172800	IN	A	43.230.51.123
+dns4.nic.realestate.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:123
+dnsa.nic.realestate.	172800	IN	A	156.154.100.3
+dnsa.nic.realestate.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.realestate.	172800	IN	A	156.154.101.3
+dnsb.nic.realestate.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.realestate.	172800	IN	A	156.154.102.3
+dnsc.nic.realestate.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.realestate.	172800	IN	A	156.154.103.3
+dnsd.nic.realestate.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+realtor.		172800	IN	NS	dns1.nic.realtor.
+realtor.		172800	IN	NS	dns2.nic.realtor.
+realtor.		172800	IN	NS	dns3.nic.realtor.
+realtor.		172800	IN	NS	dns4.nic.realtor.
+realtor.		172800	IN	NS	dnsa.nic.realtor.
+realtor.		172800	IN	NS	dnsb.nic.realtor.
+realtor.		172800	IN	NS	dnsc.nic.realtor.
+realtor.		172800	IN	NS	dnsd.nic.realtor.
+realtor.		86400	IN	DS	15827 8 2 577657BD827B1E23EDD28113992899460B5E0DD5138D49E6978740D303F41059
+realtor.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QVEqhhKZYDMHOomD6f5eA5bM9hmlkSGiaBnHEpJAsZXTb3VBkIwcguKY9LGT6+rDTr5cyTTtcYZfNDYUIMprn/wRZqsTA7v511NQtg+1NZAhprFZQQyXy27nOQj6bghTInLPUWKWAF1OUt9wOPY967TLvoeRZ+BfmnAiDLDvqRnIWUmcbYNNRDTS2YT80RFUSBotvegy7I/mL9duW11WIK2c8bVsw2FbyrrNrwH4JTOBKsmrN3oKeD/DlCq4GNDWcG1G9Kn/Vh7Cbp7SK+Jj+NPZISeBLV1zMndwj5+zAn/AT36vHpJXfCRdhb0kgxlyqD6V/nv0QTSYf6MEO1mA8w==
+realtor.		86400	IN	NSEC	realty. NS DS RRSIG NSEC
+realtor.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . R50qgkF2fS3k6TOHvlLFcUAcAoRBthyPlJvxv4DPLGFs6V6V/qS1KKBuxZYrNOlZC3ZKMDVVMpcoSUTaKWNvwF3igaVup+aD8KJ+imYbmJwTMwHg6WekD50z9uX603TtWL+5BtJwzxcdLAzXqHCxjwOLD1kbuUke7dpbO8eE45wUv56LE5h18EEpSYw0ydgBJ7xxEtijnfyEgsFe4FPPNNJGpk7vwxvQT7VAZCuAHFJT6eQ8FJM9IvdM4dF1EQ/aJ+dm1Yum0DATb3E6xSqcUdciJ5gp5wjfA+1FymXCpN3hdSUEYulPCTSX8yMhXUJ12LlZiebX9qA+kdgT8DAosA==
+dns1.nic.realtor.	172800	IN	A	213.248.219.122
+dns1.nic.realtor.	172800	IN	AAAA	2a01:618:403:0:0:0:0:122
+dns2.nic.realtor.	172800	IN	A	103.49.83.122
+dns2.nic.realtor.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:122
+dns3.nic.realtor.	172800	IN	A	213.248.223.122
+dns3.nic.realtor.	172800	IN	AAAA	2a01:618:407:0:0:0:0:122
+dns4.nic.realtor.	172800	IN	A	43.230.51.122
+dns4.nic.realtor.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:122
+dnsa.nic.realtor.	172800	IN	A	156.154.100.3
+dnsa.nic.realtor.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.realtor.	172800	IN	A	156.154.101.3
+dnsb.nic.realtor.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.realtor.	172800	IN	A	156.154.102.3
+dnsc.nic.realtor.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.realtor.	172800	IN	A	156.154.103.3
+dnsd.nic.realtor.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+realty.			172800	IN	NS	v0n0.nic.realty.
+realty.			172800	IN	NS	v0n1.nic.realty.
+realty.			172800	IN	NS	v0n2.nic.realty.
+realty.			172800	IN	NS	v0n3.nic.realty.
+realty.			172800	IN	NS	v2n0.nic.realty.
+realty.			172800	IN	NS	v2n1.nic.realty.
+realty.			86400	IN	DS	5506 8 2 20E276179F6EF711CD63C5E4851C2C3B4917FCFF813C708AA902C305B8960484
+realty.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cvD+CETLcyS7wCWyz97jHaxNiyaxBvOahUO1OHeD3B4SaYvIZ9WjDOY+js38lDeiYN693EqaTJhZO/FRf36JwrmnUaIr1QzeZ5Vi16ZkmFc5qz9YI7Tm4/n5suSMbka6BMk5yHZwZdoyRk5PsLWsKtp/mM6sGT/k91mKN6ofG/Ko39lrJCtAlNeCXZj/WawQjSyAbeONQsFEw1szWYn7V0UC9F3mTCiKuv1gObZapwha/bisXc0JNjg4lo54N24aIoJ6jMtr/UFja6cm2txw/YLh0iiWXheQyBJg52Zvh+zPmtfLQGgu4+VFPUXf7ezDG9cyUDjF8eNoct8oLOB2Og==
+realty.			86400	IN	NSEC	recipes. NS DS RRSIG NSEC
+realty.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XS3+gS1M9452b8kVcPHSs/OfahJSUSE4mLUXSGnytk8L0Spk3jVZy8nu2RYAlOhuD2QlSIR8izGx3dek8JutHAD1yVVlpUP3bM91p52frB9qY0a6Y6K7a5jwjTZeYdX4HQeyS7XV8PlIAneNumKzR5aLa22GvAQAWfLgWnzSxAHm+48wqlckyClXvcmAuhTmA8bgPAAUnbLbzy3dx+CDoRQkGj3FvKxFfelpGE7Z7y2C47Ol9+fsd0IYZhPwfdZryenldyf8iIrzr42S2NAdZQzzAYx7uVltwEwSz8I9c57t+/L/3SFFlWOHN5XGRCcRldql2CMlnH17BdpaPkWGSg==
+v0n0.nic.realty.	172800	IN	A	65.22.24.42
+v0n0.nic.realty.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:42
+v0n1.nic.realty.	172800	IN	A	65.22.25.42
+v0n1.nic.realty.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:42
+v0n2.nic.realty.	172800	IN	A	65.22.26.42
+v0n2.nic.realty.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:42
+v0n3.nic.realty.	172800	IN	A	161.232.12.42
+v0n3.nic.realty.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:42
+v2n0.nic.realty.	172800	IN	A	65.22.27.42
+v2n0.nic.realty.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:42
+v2n1.nic.realty.	172800	IN	A	161.232.13.42
+v2n1.nic.realty.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:42
+recipes.		172800	IN	NS	v0n0.nic.recipes.
+recipes.		172800	IN	NS	v0n1.nic.recipes.
+recipes.		172800	IN	NS	v0n2.nic.recipes.
+recipes.		172800	IN	NS	v0n3.nic.recipes.
+recipes.		172800	IN	NS	v2n0.nic.recipes.
+recipes.		172800	IN	NS	v2n1.nic.recipes.
+recipes.		86400	IN	DS	50824 8 2 4740FA6AEFAC02132E2EDEA2F54DCD7FA2140F06DE024524215B7EAC2968A225
+recipes.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o2x+RWk+uOh0Mz+2xPTuFQLFMO2dCrrHDWCbKJkeJNgVkk1PBru9uGFNm2gVVkOFcrHzNbUp1PKnxvV8MJip5ez55QW8d/LaMgIFLKwIsqd5WrfSiOuUFkPUx6hy3S/VclKBfkLAR9ynTdk134biT+TlF3DNBFOMEmjPHsghOeX6tuRYbBsbOGLjuD6GbTJakUdODdUkbwUfQeE0fLoee3Ea0+czsAVjbl0r/s9rKO6xk653ILoxs0GlD/BzTjPyUxj9ylGSssNq16sGbRoizs2RYODOyEWBo+wzMUHwDgSws3qgq53L3LhitHQ7J6C6/p/CzJTUfCcNEK14e0NNeA==
+recipes.		86400	IN	NSEC	red. NS DS RRSIG NSEC
+recipes.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . X4ldK0oXl+elBsfbK7YWo9+sVcOJh/Wc1O5pzu6+teSn/7kmyUSOccCIJ317xNI45AVC4r2gUFWxQSQqzRwC8T4pr/QqPPRD+g3AQNXLXdMqzAmiZgTQfYJ4V13pMPLsBtUe/IkKGIdoG8wOrMoJTXA9G6mFqpH4s2NF1QWgyB+Al3lI8ZbkUmx+DSHbJNtzt6ap4tzoChPxF3CA66NpL0+wR4/+dCNfvDBBHyHYWe5DVKnGQKKD+L9q2eojOLagnHOjp81Nv48tqRUiZDSVB3yQ0xcDXFaQMS5N+g+SZrMMN82McDE3eRqbJaay0c7FEv9OGFNhV4A8wT48ke+Gng==
+v0n0.nic.recipes.	172800	IN	A	65.22.24.54
+v0n0.nic.recipes.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:54
+v0n1.nic.recipes.	172800	IN	A	65.22.25.54
+v0n1.nic.recipes.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:54
+v0n2.nic.recipes.	172800	IN	A	65.22.26.54
+v0n2.nic.recipes.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:54
+v0n3.nic.recipes.	172800	IN	A	161.232.12.54
+v0n3.nic.recipes.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:54
+v2n0.nic.recipes.	172800	IN	A	65.22.27.54
+v2n0.nic.recipes.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:54
+v2n1.nic.recipes.	172800	IN	A	161.232.13.54
+v2n1.nic.recipes.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:54
+red.			172800	IN	NS	a0.nic.red.
+red.			172800	IN	NS	a2.nic.red.
+red.			172800	IN	NS	b0.nic.red.
+red.			172800	IN	NS	c0.nic.red.
+red.			86400	IN	DS	20191 8 2 A838978F76DAB8C9A0057B3FDDDBD9883E760764E5AE1CEA04F0961D61A4BB28
+red.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JBOMtfgGQKLF3OheUQu2QcBrfpvMKnJyBOc9RZtVm6i5JZVoZjTlYrXbd/sNRL7tJ2mkKFEH9oy24Hklw3S2Hr55Ftd7gYyV+wOAGEPi0/1Dv8Oce+Q0QRa+tP/oRSkMh4cHwUJveaEukHvMombv3riUsy0qhh9tPSvZXHE/lP+xAGIhZQ+0/fptjOmrm2a+Giho0QJezPvhwAyRF+CA1kSkxtJi7Xg3nXx4OS9knxRIcKxevCPIFN52+o0UaTzLzbg2+Yfes8IS/N/8z34rzbIwb7TesxlHX/+wXoY9LVdaK897LnnmIie8HFU/Z/hmaKI3EfT6vcy9c22VN2Aikw==
+red.			86400	IN	NSEC	redstone. NS DS RRSIG NSEC
+red.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VKP4TCZUb1B66eG3JaExRB3nYCOroHfV+4srdzW+xvfEup8uhDDOEYEzKag9SRwbTj4roAnZKzL9kWLrT/MlI5fLgA8l2lZnB/d58NwhYYmRPM7Xbny5/vkuePlH91c/es97nhhlkQbIWlTSrNhxrYO5n9fyNFDl3GY2PQrFqW9LJEOMu4cGtFQ+1Y5FVD4ym0geCB1bVaJzRGRerykGq+L6owdwpNbDh1MXzr9qyuSh0+Tqt6v9cm2viM+pWvQ7bWghtGJAqoLXb6OMcNf+C01e1EIfPkpwZ2S5ehSoCCrfZRc5IdfgdCXjHeVsafuAYEkS1/kXql4OV74RZvaG+Q==
+a0.nic.red.		172800	IN	A	65.22.36.25
+a0.nic.red.		172800	IN	AAAA	2a01:8840:26:0:0:0:0:25
+a2.nic.red.		172800	IN	A	65.22.39.25
+a2.nic.red.		172800	IN	AAAA	2a01:8840:29:0:0:0:0:25
+b0.nic.red.		172800	IN	A	65.22.37.25
+b0.nic.red.		172800	IN	AAAA	2a01:8840:27:0:0:0:0:25
+c0.nic.red.		172800	IN	A	65.22.38.25
+c0.nic.red.		172800	IN	AAAA	2a01:8840:28:0:0:0:0:25
+redstone.		172800	IN	NS	a0.nic.redstone.
+redstone.		172800	IN	NS	a2.nic.redstone.
+redstone.		172800	IN	NS	b0.nic.redstone.
+redstone.		172800	IN	NS	c0.nic.redstone.
+redstone.		86400	IN	DS	55555 8 2 425CC5BC7ADD435160D3C70CBA9D545BE2FF5466ECC27FB46E520BE2EC1F9D0D
+redstone.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . K3MDIpws4hBI0YSZapaHBct2R46qskm5X+yNmMjfSkxu8B8uU3RV0OYDvrYBtvCtRp6AACCsSapDZk+8hZ+ak75RiuWRaluYPKvaL+usAbXbfIL8v/lxmxRj9xOBgjXIoBybMmGYKUYl7+EWp7WAumtAP1jd5CnZl3noxLz4qYG/d2R7hJPD2Y9KIOUqJQgnTAhZjarx+da/Jw7WB37njwGiTSbxNpmCHCoWmHBVqhJivuoK6c+sygrrowJnX5IRHeTd3VTlcBxGvyxupOp4JYC/Mxu1jGN90E/7hPLFGExCQNhojWLIHXmXxztSwP5qHhLkyquDNg4mQ/W2lVLNFg==
+redstone.		86400	IN	NSEC	redumbrella. NS DS RRSIG NSEC
+redstone.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jIIL7xtSaj9ILlxLOGQhaTo9PE9ea/oZo3+sOAnAv/BRw3FgbBgtGvdt2Hgkw/wHoD4sxfGJp9adkGsbgDbSQUZZFQv3ri0C2yYEhNl3vTtjuh/FOy4YE6pqGZPH3FFv1fXSL4HXFnpy7GWTezMBh75mVvQ3nQoSPg2UsCSaBDqspXD3TJkLkksmeAicvyzU4tB8XA+BICYeoIqEsnIP+3Zp52UAxtHtMktntBtHmLw6EKQAOiJOdBQaym8LMgyYhxmg6qx1fQZHPQqrwCv/SQsAeDPWkBWz+tIQIpHjdEQa/eZ60D9HVhED3/JVY2eImMfEpNFCKe3r6FOvJlI2rQ==
+a0.nic.redstone.	172800	IN	A	65.22.132.17
+a0.nic.redstone.	172800	IN	AAAA	2a01:8840:82:0:0:0:0:17
+a2.nic.redstone.	172800	IN	A	65.22.135.17
+a2.nic.redstone.	172800	IN	AAAA	2a01:8840:85:0:0:0:0:17
+b0.nic.redstone.	172800	IN	A	65.22.133.17
+b0.nic.redstone.	172800	IN	AAAA	2a01:8840:83:0:0:0:0:17
+c0.nic.redstone.	172800	IN	A	65.22.134.17
+c0.nic.redstone.	172800	IN	AAAA	2a01:8840:84:0:0:0:0:17
+redumbrella.		172800	IN	NS	a0.nic.redumbrella.
+redumbrella.		172800	IN	NS	a2.nic.redumbrella.
+redumbrella.		172800	IN	NS	b0.nic.redumbrella.
+redumbrella.		172800	IN	NS	c0.nic.redumbrella.
+redumbrella.		86400	IN	DS	44047 8 2 1A8A582FF781CCFA13C4928D373E2F29E7DB7E4027174C68BD7B3E5772EF76C7
+redumbrella.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t+G759mL3AvONinU75309vwSyLP3eIL69dYeBhazuSW1JtItufZDRm9gju9miUhR4KCZVG3nAaevUKcT1OZAZ46Cu1Nw0DTmMCUx8iHXZzqyCO9q3Fk7Gh4xg7gLqSa2pDM/lEP0Jjk09k/xqRXCR4rracBIzBLGubF9nK59p/5N7Z6L4u7VddQr3RwN41KmJ9ROGRivXH1xaA8BKAhwr2En8SpvoaS6lZYUTHVHtlMR/EcL8reUdi5D0XOARaTsraS4zYLaSv42UGiHZqhFfc0OT4Mi9Bpug95PG7350w8ozxbImEEgl858zc8aTs10TayGRw0iGBhc9dn71jq1dA==
+redumbrella.		86400	IN	NSEC	rehab. NS DS RRSIG NSEC
+redumbrella.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qfqBf5ei31SlmXP294lMdsB3ccKstVE2HHshL/fLgZfxUyZaV2qb4lMeMrkVpYK3WR3v+/i0grPAPT4oRgRJMRDpCDMGyclOD+xxQYVI2+BGX5N5y43pzl1Q8ztAh0LQQVNeDDgx+zWAGID3kA5Zy3/Jx9J9saGyDorZ9XlAmJbhOLKTTa6/Rkwi7XauEZ3K6rZ59Mb+WAIJoaxALApwra1BSWydleu1ARA9jPr3Uh8ASSXTsHYG2wSeV+RKxL3nv2l0w5ambczc/cfFwumncgD7v/0awt3nTmaGD0XJ7c8yA62aFsl91LkTF3Lljrd6BeodXgxKNYYIwiBw6NiX7w==
+a0.nic.redumbrella.	172800	IN	A	65.22.200.1
+a0.nic.redumbrella.	172800	IN	AAAA	2a01:8840:c2:0:0:0:0:1
+a2.nic.redumbrella.	172800	IN	A	65.22.203.1
+a2.nic.redumbrella.	172800	IN	AAAA	2a01:8840:c5:0:0:0:0:1
+b0.nic.redumbrella.	172800	IN	A	65.22.201.1
+b0.nic.redumbrella.	172800	IN	AAAA	2a01:8840:c3:0:0:0:0:1
+c0.nic.redumbrella.	172800	IN	A	65.22.202.1
+c0.nic.redumbrella.	172800	IN	AAAA	2a01:8840:c4:0:0:0:0:1
+rehab.			172800	IN	NS	v0n0.nic.rehab.
+rehab.			172800	IN	NS	v0n1.nic.rehab.
+rehab.			172800	IN	NS	v0n2.nic.rehab.
+rehab.			172800	IN	NS	v0n3.nic.rehab.
+rehab.			172800	IN	NS	v2n0.nic.rehab.
+rehab.			172800	IN	NS	v2n1.nic.rehab.
+rehab.			86400	IN	DS	5731 8 2 D3BA72F70047888FAAE7F22DEAD5112C540FA6AAC533DCC55D9EE4920DE4CCA9
+rehab.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . O0THLNeyV1ElzG9PwVUwH37+FgJUid0rWe+vRrOxZCoahyRyWJILVAyTQfo951SV9OGU+rdAm1rfUzrY/z/CtVvWayE+M+2MG1zP70Q5w87lSK6brq1KJr9blL81iwj15w8ru/evjsGwcmqhM2ROzbxQYG9Ua17zvKc37Hy2PdDRcf4nrWqRX2JaRNH+7boOcNxkQzQUtvRPsk6h2ev6KEvqPerR2TYynUGKP0wr+bnQAyJCFJRz4V9Df0zs0r07n08Lwsx+TAS87wt7bK5EcDp/D/DWqpwyxWCZilY72j0LA+c4r9ABHt93gbXTlThzDVtPJsRmkjYAMk4i0neTsA==
+rehab.			86400	IN	NSEC	reise. NS DS RRSIG NSEC
+rehab.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tGub82DR/2G42EKSukmg84qNrfD7BxLJvF6EGOyl37nhiiOhjNotShYHAZOP/5A3uv99IFC8piv/lqnvyYlf8gTl+fpRK/uhxFO7ieu+Aq8KYOcFWdrP+ymZqnkpxJvMo5vc1GBlapFfodqEHuj1t/GNupAFuqPWAmIJ768HXRGVHUWSC+dVK9VlZAx5YuhcPpRnKup/pXBGSoH0G4D5dHIc/boNeCxOw2HG8IBg/K7E1EshAtJZDfTT/6NGgVD/50mq+PxXJLn0fRYd1Q5EhOThZG3SNwPMpYc+1FXwWMsePPVu+y+zDBAZ+v0DisAd7SAHd3CeIHeA9b95s9UjXQ==
+v0n0.nic.rehab.		172800	IN	A	65.22.28.61
+v0n0.nic.rehab.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:61
+v0n1.nic.rehab.		172800	IN	A	65.22.29.61
+v0n1.nic.rehab.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:61
+v0n2.nic.rehab.		172800	IN	A	65.22.30.61
+v0n2.nic.rehab.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:61
+v0n3.nic.rehab.		172800	IN	A	161.232.14.61
+v0n3.nic.rehab.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:61
+v2n0.nic.rehab.		172800	IN	A	65.22.31.61
+v2n0.nic.rehab.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:61
+v2n1.nic.rehab.		172800	IN	A	161.232.15.61
+v2n1.nic.rehab.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:61
+reise.			172800	IN	NS	v0n0.nic.reise.
+reise.			172800	IN	NS	v0n1.nic.reise.
+reise.			172800	IN	NS	v0n2.nic.reise.
+reise.			172800	IN	NS	v0n3.nic.reise.
+reise.			172800	IN	NS	v2n0.nic.reise.
+reise.			172800	IN	NS	v2n1.nic.reise.
+reise.			86400	IN	DS	25897 8 2 4D05B8CDD95E0502923689DFEB01DB93185455E252ACAB2556AF477BAAF4865D
+reise.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zHZnVOt8Z9fG2vtGEv2jE8B7aBNc6fm608xnv/EhkfNiR7BME9hTSnXHe+Wm05G7F0uIUFIDtnf1Mr7i+fctm84Ef3I4H76N5M8aO958WWYZ3F0gLwonUGmyBbJdA2HMovNX5uLzXORMXLtT3oSxZUIrifaZCG5CCc1KR/pJqwGmLCNjyalE8ZupgkorJuJ2K25B9mTBKCk6akjX7x19mJf2qWJuImkG9vF+anhVro5QVrqz0Kc77d2q2lQ7yXsUhuVsIadmqXc079mbzB4JTR6Tz305dLSxbpjXDZos8prgHn+Vt6Ye7MFq87zdqZ8J1/4o4FyKGGAlLOjksQe2IQ==
+reise.			86400	IN	NSEC	reisen. NS DS RRSIG NSEC
+reise.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g04GErNtBl7FzE0ZLinGtUz6tSDJBPwuKXYUOa0QIuKUqXU3LclIrbjpYR5Xz8fvA8Jsaj8Oq8QQSyToX10KvhWJizZaxTi8CcFjQXpXWDLltAmG9u9DBmONYayed+iT/C7Pcpmg3+IS8JxLuPEKstJdC9OL3UC6LdRrnaY0Qj7DsoMGkx2kYzXVZRww9Xa/i6aSDakfli/QPceUhsZO3Z76N/kC6tLAqoqEUI1SKxjAjAABTwk5XNXPedsh6wPmdsWbkpoIJ+HRylaNAyuKPxx3CuKu1VUaodOLpUCnj3xEhMxONswAQ+cEw8gLwS6+dijnkKqYWIeemB91bwu06A==
+v0n0.nic.reise.		172800	IN	A	65.22.28.63
+v0n0.nic.reise.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:63
+v0n1.nic.reise.		172800	IN	A	65.22.29.63
+v0n1.nic.reise.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:63
+v0n2.nic.reise.		172800	IN	A	65.22.30.63
+v0n2.nic.reise.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:63
+v0n3.nic.reise.		172800	IN	A	161.232.14.63
+v0n3.nic.reise.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:63
+v2n0.nic.reise.		172800	IN	A	65.22.31.63
+v2n0.nic.reise.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:63
+v2n1.nic.reise.		172800	IN	A	161.232.15.63
+v2n1.nic.reise.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:63
+reisen.			172800	IN	NS	v0n0.nic.reisen.
+reisen.			172800	IN	NS	v0n1.nic.reisen.
+reisen.			172800	IN	NS	v0n2.nic.reisen.
+reisen.			172800	IN	NS	v0n3.nic.reisen.
+reisen.			172800	IN	NS	v2n0.nic.reisen.
+reisen.			172800	IN	NS	v2n1.nic.reisen.
+reisen.			86400	IN	DS	16819 8 2 2FE6F73A7337D0492BA6ACC3C38AC175E81D13B593136551AD1E95641DD396CD
+reisen.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CKk+IXqRg8OiUTHg3WRgYeKCqpq8FiOQe8igfEMA87DnNwe5iK04ihCOebyI1HuHkBWRl4SaHyKRDqpzbWVTuwaIDKbrOZyMun/WdOqyfjhJ8kTy7/bRrvqLJ7CQzkySJwEHyMLO/xrzvgmdCQ+x0BIu5O+F3N8AO8BY4Jz61VTJEL7b43Ny6b9joH1UjV/eMokG78n+53MRlutoFI6ehRTETMIQ4iM3lU8Scp9KGJY+rGXS5fDGBQi7oTyfRTw/0yMDU/2UMNhlO9cJt9hl7o7qMRDzRKcN3GsO4oqhJijpQKsTvOrOqEyCTIC5zUZK6ZQDS9S/7y7Wl9MAadDoHQ==
+reisen.			86400	IN	NSEC	reit. NS DS RRSIG NSEC
+reisen.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EtTr0ExxHwGuTn+1GgREuM9k9oAGuRawxz7L3Tg5jqaQnUVPjyCj1PV84U85McoIDiHmAadMuQttb7y70NxmVSyDb70W5otpnvKWYEqPSlKuxwc+8UKD6HVU1NAqQkKNlSKMS5s1Pg4qxYTDA+upX8MG+1O98UTd+qAC8k3HKV8eNj3uSqZ/BOjqFjPEvEAGhclrUQP3BhZU45qMk48vJ2SYbsu7keT2GXX8num6tQhxhM/idoH3Wjqw/Hlj3mA39GzERk2YWJprFtLdtpHolTI10Rs7+radgVOUHK3b29nQrgUjUNEs4G+KSKy0iaEkNhurPOyO0NkzHKAQqfIAQg==
+v0n0.nic.reisen.	172800	IN	A	65.22.28.54
+v0n0.nic.reisen.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:54
+v0n1.nic.reisen.	172800	IN	A	65.22.29.54
+v0n1.nic.reisen.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:54
+v0n2.nic.reisen.	172800	IN	A	65.22.30.54
+v0n2.nic.reisen.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:54
+v0n3.nic.reisen.	172800	IN	A	161.232.14.54
+v0n3.nic.reisen.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:54
+v2n0.nic.reisen.	172800	IN	A	65.22.31.54
+v2n0.nic.reisen.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:54
+v2n1.nic.reisen.	172800	IN	A	161.232.15.54
+v2n1.nic.reisen.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:54
+reit.			172800	IN	NS	a.nic.reit.
+reit.			172800	IN	NS	b.nic.reit.
+reit.			172800	IN	NS	c.nic.reit.
+reit.			172800	IN	NS	d.nic.reit.
+reit.			86400	IN	DS	44512 8 2 661FBDE636973834F5D417D3897DDF8590461DA6F020CFAA4274718DD926C523
+reit.			86400	IN	DS	51490 8 2 4DD84EE5EAF91CBBD8FDDC5AB21382C030860E1FA9BF9D6412D8B4FE5DC9E353
+reit.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n7tGLjXM/8dWe2dC/gl9CbLu037J7VEBssYjAxAa3p76Lt3AbSGa/Cbfz2fOlsnP3XMYzinRcuJ4JXRZhmMx6oYTbPXKyeofDL4vl2qa+bqmNxHgfAtz5l7bgGqK98kngUYHqxVp6Hp9Ov5EV2p+WemqCgkJTLiB3+b/cAgIGhsZydsxt9vuRqjO4KKZps/APJqQ6Q2vzCkGu7TMUmJdZgua0X58FuHBzVh792MlYm71PUk9vScS3KOWLnVBFSjjAhTV1Q1in/4cEJTKhNQTgUdCDugVci7w+4y/5xfovZGJD8Ge8RcpqQopiL//dLwPrActDQi/KVY+AuQ0NKkvcA==
+reit.			86400	IN	NSEC	reliance. NS DS RRSIG NSEC
+reit.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ENT+ZkXIMcrJXTWDUpSmOuTncPP46NMmRSMXyZYsQpoCiK3lFn0Gl5Smk8k6A78EDfThUNAahUWJ3R4l2Xvz/0O5PsBHm6kcwAZ7ghrcBUPQueD5XFH0JQtkMqYfoN6Spb6TnymHeZ99KVZIkA4NDF3CNt7HII7JPs/EQThRXjtspURvBnvyJDY8nkacdy/6cr9+5irRYVGkRcELr6FTu60XTgVCqtSpYUx9ouw/xnzyIEbF/60NaEFRvflakRs+sCEb+5q76Ffpgx2J+QZiP4W0AAXoyAo2MTM6FmJuUnCsa/0Q4Ir6Yf0AzDhUwAURWf46NPxPkHOtlXhXllN9YQ==
+a.nic.reit.		172800	IN	A	194.169.218.38
+a.nic.reit.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:38
+b.nic.reit.		172800	IN	A	185.24.64.38
+b.nic.reit.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:38
+c.nic.reit.		172800	IN	A	212.18.248.38
+c.nic.reit.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:38
+d.nic.reit.		172800	IN	A	212.18.249.38
+d.nic.reit.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:38
+reliance.		172800	IN	NS	a0.nic.reliance.
+reliance.		172800	IN	NS	a2.nic.reliance.
+reliance.		172800	IN	NS	b0.nic.reliance.
+reliance.		172800	IN	NS	c0.nic.reliance.
+reliance.		86400	IN	DS	19927 8 2 DB9D2DCF05506FCB1F593CE8F9B5A0155E68706CB9BDFE7A945074312BC8F896
+reliance.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lyw2ODEn3+kAMOJK1CZsspCM0b4UqMu332WwTtS3BUCVMmoueB2xFyu8fKv1wk1LSh5m1WZMAUjiiCnV7m3VpP7vCViZQZxmYuCju/Bl7r+hZH6OfOuyB1U+0fFC5CuNRFO51oJY66ozwXKgcISY6/0uvCFRBa7jlEC6FhVb5qqX+jN4179C/rp43eAywmNgQP0D3W1Ci3Dw9UUBYzJ2RLIyiogtz14Sbtw3bPcXeo4g5JiNUypp1P8Yr9Sp7+mloXE3kUKsDRlVtvzmPgk5SruR/3UKN4hCvBhMqpiiTmzT62lN1VscuK2elX7Jm26O75eH51v4J6bk+OItncgwHQ==
+reliance.		86400	IN	NSEC	ren. NS DS RRSIG NSEC
+reliance.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wyGOhr4efB2pG7AyJFdYiu0ITRt3yTRrtW7qn+kfthj7jVXLZpKWnaMNg8o+PlDAfi8N8D2rFXZCmGfLr7wwB4Y+GFWy+DCS/xORZhDvcA+1oUa8Te60oyQ9NbYxfu/DKtxOw/OWgT6AOYqCoCGC2/t6I83SUyYLmK/+Vy0yKIvcsxHMwjY3g2e1JigpGxrOn77Ofqh0WT7NVoGceN/H6ShBBEOm/1UnbcyPhLp/z2bl6nqsUYyA/PHxA1e5YaIGBnKno/enZvZf7tuqujNYSNgHTO7QQBWb/n0Z/qWZn9PtLUJ9gdtnJzvxyCK7+d8cSDzbSnuLGUkAZqnj49BjPg==
+a0.nic.reliance.	172800	IN	A	65.22.108.25
+a0.nic.reliance.	172800	IN	AAAA	2a01:8840:6a:0:0:0:0:25
+a2.nic.reliance.	172800	IN	A	65.22.111.25
+a2.nic.reliance.	172800	IN	AAAA	2a01:8840:6d:0:0:0:0:25
+b0.nic.reliance.	172800	IN	A	65.22.109.25
+b0.nic.reliance.	172800	IN	AAAA	2a01:8840:6b:0:0:0:0:25
+c0.nic.reliance.	172800	IN	A	65.22.110.25
+c0.nic.reliance.	172800	IN	AAAA	2a01:8840:6c:0:0:0:0:25
+ren.			172800	IN	NS	a.zdnscloud.com.
+ren.			172800	IN	NS	b.zdnscloud.com.
+ren.			172800	IN	NS	c.zdnscloud.com.
+ren.			172800	IN	NS	d.zdnscloud.com.
+ren.			172800	IN	NS	f.zdnscloud.com.
+ren.			172800	IN	NS	g.zdnscloud.com.
+ren.			172800	IN	NS	i.zdnscloud.com.
+ren.			172800	IN	NS	j.zdnscloud.com.
+ren.			86400	IN	DS	770 8 2 897EA15932FA4407809D32CA7C7DA4B0C0E455316A897970F152109F18CE6CD9
+ren.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ifOYueOvtFymzYYdbqTO47lSGv/4BRP+vQd8If8OzfiNZoEtzm3hQVmzPqz5HIYQWhrqIZ8rPX2EABniM9AvqkCHVkd33YIUCXL+RGhufsprbtOivIhyAa9w5U58zg78zdeQHybWjHZtp7GcKgjRFePraDBeI3e8660it657B28ArKffxBLJ5k5cZUJcJfUxBqkRv74SJKrzhGd/xK8PkoiJ5A1AAaS1inHpPg+FiCSmnK7iQ6HCfCV4Fe9SCr5TpwiZSic1sTpGWM4148Cdpm/wQ7dyLVwIsPI/73KBdEmBvSbvjSO/aRzsoglwaQoMy9fCbZJp9pMVM+H0b9Ca4A==
+ren.			86400	IN	NSEC	rent. NS DS RRSIG NSEC
+ren.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y1PETEBE20cqvZhvbJbLhNCp0eieRZlmoFvF9aWOSIv8KRn5qYP4dS1rtBPDWVGn6wJ8O0DMm6MZTvazD3Rys+0rCKQBc10CLTPKMpWXe7z9QuSWSuPRwj1syuPG1DbRB/FHi4arGGtVyHZNMPrzXxt1U0tbmtMBWa48OaL9CYvZCZsipDve1bpdPvWQCjGDWOpP6EsHfUxq23DmcLOcuDLQG8rvDxDzpjL/rtkbRJXxdERpOIzV56RenbHQ3+ckD4R5PKdEaWjLv8UTrNZUaBV/pntpiVZwNOJCj+EYepGhHW2Of7Z4YBE3l3lVan33rIFl0O+TWX2+TzSZyVfU5w==
+rent.			172800	IN	NS	a.nic.rent.
+rent.			172800	IN	NS	b.nic.rent.
+rent.			172800	IN	NS	c.nic.rent.
+rent.			172800	IN	NS	d.nic.rent.
+rent.			86400	IN	DS	56632 8 1 5A37261D09F9158D95C49030C66337F40E66B6A1
+rent.			86400	IN	DS	56632 8 2 D49A86CDF8411AB763FC46430370A6432392B06E1A6C7F6ABABAD8E1E85B558B
+rent.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XWFexaP+UfebBxvt8LuVdIkr7T0HfJXHHA+pIbNBlPMIG6MJys8UwJnG/FcyNU4DhNUURBkFW9hujTNVAFPGXRBdpoUpvpViMCIiZaKbYk9B0pMPf8r+63ny6ZmrRJpeyj6uW/XVcwranOJZGTLhpMNYS3Z73jdJ5p5IBmoS4dBBQF4N88x3HedBDw5Hudnn49DTjT8YJyFG9rHVX3lDRZWKUN/nvlOJ3peF4COp3b+noBFYZbb7ynonC++QFEOxxvmYpfmCYDLSZbKwwFzXPiQ0rZ7REzSKFuNYNX4jK1TRVkWHAxpTehPJtWHpKaP2qYzc/hwTJbOsIRmktmywag==
+rent.			86400	IN	NSEC	rentals. NS DS RRSIG NSEC
+rent.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cgqDhZs9+r1CEwbroKB8PbCXf/W0i32HBnGudryD5fwlp/6+z/cPW/oTHlXQJNOPdTcADbEe0Npzv5ocKnvpapD2htn9wKBbiit5phAqn4c/FkqR5HZT23m8Sf2lx/jXeNCPRzFCNPaDgPetNpYJwkOuKJILLtXtyP+ofjF0hlV2FItc58z+WLYSo2sSC4dYwTw0c9qkmHZysvK4dbq7esFwPUMhcINxlyf1XfzUnG6dwIV04oGhQyR6aRL6No3ocP00tQ4RchwWWFMT9xR638cOzxnvsAafrXJIr34Uv1A5rxwwwZrKqdqB7YZ3n0esPY5i4k33ypcYjk5rohkCSA==
+a.nic.rent.		172800	IN	A	194.169.218.63
+a.nic.rent.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:63
+b.nic.rent.		172800	IN	A	185.24.64.63
+b.nic.rent.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:63
+c.nic.rent.		172800	IN	A	212.18.248.63
+c.nic.rent.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:63
+d.nic.rent.		172800	IN	A	212.18.249.63
+d.nic.rent.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:63
+rentals.		172800	IN	NS	v0n0.nic.rentals.
+rentals.		172800	IN	NS	v0n1.nic.rentals.
+rentals.		172800	IN	NS	v0n2.nic.rentals.
+rentals.		172800	IN	NS	v0n3.nic.rentals.
+rentals.		172800	IN	NS	v2n0.nic.rentals.
+rentals.		172800	IN	NS	v2n1.nic.rentals.
+rentals.		86400	IN	DS	33616 8 2 348CCA06B6EAA7F81247D1B92C72A18CAB732C243954080D773507739433202E
+rentals.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ded79nctbGuxhYP+gMNwPqrxWZTLYP2V5iYX70p59kQJKVD0pKokXwi3kBfw3fzeUi+qURlkyOEKlcOtt/W5BSPQEQYQzHBgbodvX0EyNKeq76JqUBBQHYMHJiyCdmehI5cq9nJ4v/bdnQZ3ME9DBtG96iXuqAhi7sKN8ckSMsnq9bolWAtRO/i1t5KGitUtROxdT4Yf4i6Ewdql4mX2hvZAw9qFnyIwfqmgFmBupyyK79e3lSYufm/oSC3VyZpAuViLY617fKTpjA5e9HA7tpW8pF6fvEe8fWtBsay8yO1GdXhsGXK2wCEHkzL2Mp2y+qi0UvnPKoeqPCJ/17fRKw==
+rentals.		86400	IN	NSEC	repair. NS DS RRSIG NSEC
+rentals.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sKhQOTARy9Xmv7EB3iHPXByP1fDjAv7tGHA3zO5TuaznUHfnZHLlqXD/wfkvy8axWKUX590iJsgGmFv4P9JKpBDR+CeAUwlTuZ+PUpmPRFm4LY8XNBNUz25dqlKk7di6JPBQFg/iYeH6uHEmwi/L8aA77GiZoInS7YV9zYDoak68nEh/n82xeFATF/Kw+Gj77T2dqmJOwGYibca7PEsNlDnlf6bjKAOlicMx6SzX4jpNKQbNHjWyCLC1AEQ3yPUXGFqn26vr3qKFRz4P5GT5gbQ1gi4vWuzGSIWSNuhOujLNBtqL5jVTGuGpKCdZShsL2B6E4AHvcK7Q4RkzV0V1ow==
+v0n0.nic.rentals.	172800	IN	A	65.22.32.14
+v0n0.nic.rentals.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:14
+v0n1.nic.rentals.	172800	IN	A	65.22.33.14
+v0n1.nic.rentals.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:14
+v0n2.nic.rentals.	172800	IN	A	65.22.34.14
+v0n2.nic.rentals.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:14
+v0n3.nic.rentals.	172800	IN	A	161.232.16.14
+v0n3.nic.rentals.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:14
+v2n0.nic.rentals.	172800	IN	A	65.22.35.14
+v2n0.nic.rentals.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:14
+v2n1.nic.rentals.	172800	IN	A	161.232.17.14
+v2n1.nic.rentals.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:14
+repair.			172800	IN	NS	v0n0.nic.repair.
+repair.			172800	IN	NS	v0n1.nic.repair.
+repair.			172800	IN	NS	v0n2.nic.repair.
+repair.			172800	IN	NS	v0n3.nic.repair.
+repair.			172800	IN	NS	v2n0.nic.repair.
+repair.			172800	IN	NS	v2n1.nic.repair.
+repair.			86400	IN	DS	39172 8 2 C1D26541B3CCA74A53DB2B5EABA4AD0A17D7F5D06C824B9A658AD2580FA40B28
+repair.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ULZouGyilZKk/fnPUd97OqsIR0F4bwy8kI0G7ckWNpNbtEq9DuZeQe9qbry9ZgxmcJ16WM06OzpeP4eCw0axjAaOrSxEBR+HRd6FTDO8lNhro2tlpKMhd3jSPUZUKJ9pQLcsS6m4aCNwDZO+AVusBCkFwwvsEjzipVBUKHLNiS8+c0vyfhn+luAtrY0FtO7DwX3/RNZiWqe7cdit9nZRcs8ePxuCvD4U0rgMGan6x/hknlo3AvPYqA/xtChU6nZ20HzQtI7HPtV7Upag3FFhd/eEXD8BG00jccl54k/mh1qBvzGUvxZeZJ+pdG+GU7s9FtF7JXgFn3TeWdLz8mLevA==
+repair.			86400	IN	NSEC	report. NS DS RRSIG NSEC
+repair.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . S/fv0eZ9pyHXopjBM3cKUo08T2R7RVrf5Y48uFJozFEj8Xw27OIVoDitqXcY7o6+mBzBJjNcF1x5V62zhCbmOr54zncOicUmi+GSPqMqhwWgyaV4uIFv+g5a/P4gxJdG+Q0nbs8neGTtguqDVEFm9oMkdBNTqkGc+z7z+XWjHctBgVy0SBh2DAIoyUoU33X+d82t6g2w02GFRNE6xldchaOS9Zrqh44JTLIcscupi9GXaC8+YbHmGvmqls3XJ3rcQM5g1z8jYKlly8GSpdxe5eeE96+UJASMFi8dfELzFonlD2+IcScXcOmRt4cqaJQb2qLSWoBdbSFQeHkXmP8K8A==
+v0n0.nic.repair.	172800	IN	A	65.22.32.18
+v0n0.nic.repair.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:18
+v0n1.nic.repair.	172800	IN	A	65.22.33.18
+v0n1.nic.repair.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:18
+v0n2.nic.repair.	172800	IN	A	65.22.34.18
+v0n2.nic.repair.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:18
+v0n3.nic.repair.	172800	IN	A	161.232.16.18
+v0n3.nic.repair.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:18
+v2n0.nic.repair.	172800	IN	A	65.22.35.18
+v2n0.nic.repair.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:18
+v2n1.nic.repair.	172800	IN	A	161.232.17.18
+v2n1.nic.repair.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:18
+report.			172800	IN	NS	v0n0.nic.report.
+report.			172800	IN	NS	v0n1.nic.report.
+report.			172800	IN	NS	v0n2.nic.report.
+report.			172800	IN	NS	v0n3.nic.report.
+report.			172800	IN	NS	v2n0.nic.report.
+report.			172800	IN	NS	v2n1.nic.report.
+report.			86400	IN	DS	23221 8 2 4FF9DE3B32F0735045D53641DEEB17597DE3638B7EF3AA33616D4F52C6AA6B51
+report.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jdzB4TIwVGoLHxvTziDbpvzgdyOB9zvGDxxhkLxW1qV6R5OHP2GnHKQVrw2Z5D33fCP89mXkoRfFjeLFu2rnVrbDPaN/EZl4eSQOTemP+FnNkuhgXita0y1GGBRkFXJA3a71quH7SCkxN1XP4AVUQDLH7lvMBT8zwgZBJt2zsDu+ch6f1Rj/+8YCNzjeZCwTpfsYn9w73Y86FtXu0L1xajx6TS/npUsdrbTIrNmIb5rxyOJTPJRczRrO0AeAbL24UtAlGKJVfJdtm7A9UFLsoq6GK1xUc8hV0UhZr5YppsbihMw5R7Zo3WRmod/ZB/rqk6M31e3TCYp01D+NQUOgTg==
+report.			86400	IN	NSEC	republican. NS DS RRSIG NSEC
+report.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wt55TzRF0y/ncad8CJ+bNGeq3GvyNvSxVkkUq0mwSlQiqAE6mzpPQzMS7ypP90QC1JA1LJgnSVKv0KfV1mwpazJHQi5BLOGqjXcg71jci06I2rCGi+9gSG9cNJJ4QMZbh4bheYkH/UL7zIEXRf+KUU4lhljWM7Tsf809TesakVYvYdmVz3amsLDqATFjE7oDvVFoUJuctoPV8G/QcNkQAT/5x3nFoEAwDzZeJtPjbDnftWAduclyLqmoOdECWxiSfFG+PZ3GKRIz5lWMzD0FirO0OqNFW14l6ElT/SEs79tqINAm9HnGOSk7So26UZ0pKu58rApRSFJzI504NASrZg==
+v0n0.nic.report.	172800	IN	A	65.22.28.18
+v0n0.nic.report.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:18
+v0n1.nic.report.	172800	IN	A	65.22.29.18
+v0n1.nic.report.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:18
+v0n2.nic.report.	172800	IN	A	65.22.30.18
+v0n2.nic.report.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:18
+v0n3.nic.report.	172800	IN	A	161.232.14.18
+v0n3.nic.report.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:18
+v2n0.nic.report.	172800	IN	A	65.22.31.18
+v2n0.nic.report.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:18
+v2n1.nic.report.	172800	IN	A	161.232.15.18
+v2n1.nic.report.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:18
+republican.		172800	IN	NS	v0n0.nic.republican.
+republican.		172800	IN	NS	v0n1.nic.republican.
+republican.		172800	IN	NS	v0n2.nic.republican.
+republican.		172800	IN	NS	v0n3.nic.republican.
+republican.		172800	IN	NS	v2n0.nic.republican.
+republican.		172800	IN	NS	v2n1.nic.republican.
+republican.		86400	IN	DS	53482 8 2 9F97CC9C78C5D96051F4689120777EAAB356675883B2573D4D2EF769B33DFE34
+republican.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U4uBZLLvSiaEBpLBqc0SMNGJ5sMY5Uvc1SzQOzyEjAfV+vmhzu0cl6zGLhmnf/UhdOJ+25Pa64xBknmTBjSbHwkFXSAuQ9Xq5sad1DyddpCzGZo7s7UkoZH4PK6MCSMwLaXa7SSHwvipJpTUJuc/m5FSYLQv61LPx+PyeE6uNf4V0cVQ8xbYcyufs/R0Ja5rOGWN73FjsFHDQ4W3X/+R3cTajZDFg5TErOl0v8z1JUceL4/278NwjynCU2ci9Kg0x9/DZKSYfCyqZIcoqOgCsYgs2nZJ0mMaHNC20pTdFpeOOJVfpb64IUScOSfSwKRDbBGcrLRTx9CyKCDE41Cr+w==
+republican.		86400	IN	NSEC	rest. NS DS RRSIG NSEC
+republican.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1AjBUAzbw3C9nBNSq/Viy3ANXoxo9dxXPu5ObJl+hl1n5CJg4EJXFVarCk6haqJ3Oe9dsiqgYpHzcO98PgZBnd0/fACkMu7tniipkoOrDuLQtQ8/swnZpOtl4ySYZ0lSggIXULqnBO4GNrNwCJMWSFON7yU0ExxrbXT/NSTURK89H4ET/kbNTR3VmTB0N/eK8dWm0wmbTs3UVihWkF8ON0gYf5+zaBho5aXmVknXHIEynVIAnEWzRBiWoQz1SuH3rbDYU19AezxJbHHppGSOlQiG2sDFhFpIzhjPOzMCD4F8kLKSWu/Z2CKKGduQhTvSYv+lOvlK7LzGxfMf3nxYww==
+v0n0.nic.republican.	172800	IN	A	65.22.20.32
+v0n0.nic.republican.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:32
+v0n1.nic.republican.	172800	IN	A	65.22.21.32
+v0n1.nic.republican.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:32
+v0n2.nic.republican.	172800	IN	A	65.22.22.32
+v0n2.nic.republican.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:32
+v0n3.nic.republican.	172800	IN	A	161.232.10.32
+v0n3.nic.republican.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:32
+v2n0.nic.republican.	172800	IN	A	65.22.23.32
+v2n0.nic.republican.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:32
+v2n1.nic.republican.	172800	IN	A	161.232.11.32
+v2n1.nic.republican.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:32
+rest.			172800	IN	NS	a.nic.rest.
+rest.			172800	IN	NS	b.nic.rest.
+rest.			172800	IN	NS	c.nic.rest.
+rest.			172800	IN	NS	d.nic.rest.
+rest.			86400	IN	DS	25199 8 1 C43AF7DEC8B165D6C8B832BCB984C2407EF5ED8D
+rest.			86400	IN	DS	25199 8 2 8F477474F47C387D246B6849202CA0C54C4D5A50D322C79718A98100314D08B7
+rest.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l4a3/AcXT+64mcktBf2sq8qS4r2LSlqrw312Xj6w/0caCtP09o/NDTUT/zxueB2OvBXVxX2d+RjGj/mgn6mYciAVNsIbyLm9c2BwcL4yTSFmF2lpUSK8VOI78zLlcY8h+bK6Z8OMgKznN0T1iYvTfeg0ghnTBXS+RZN9Q6KjSR576uVPhRZz9PErrI2y9Lq1LwgxnvVq2BSvZxSFirFNFbU3AlfXlNhjWNcycfWskvTEMAJ3lEKsVfXXuMfBow6zlNifn5XO0m6ewwTqjDzWUnszVLWZR0yLXsgOsX3wQx8nZLrXDKCPcgqeFhHT5KBGQqzdeMLsvYnzNK+/H9l2Qg==
+rest.			86400	IN	NSEC	restaurant. NS DS RRSIG NSEC
+rest.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GkcmAJnzzwOTkT9I+OBQ2DxGO4Va1db5veLoilADXcFhxq5l8JkKbmI0UbXsE4miFHxAtFG1k8Pe5XmEyYXO1YQgz93tjFIKHZrZzRNiuj4872K/fe+fSbu87QpvwwmK6eJnkGrFe0wblWKux6TFR9YqGeT17ORc/8GNX6icaciiqGPpv4+bmUnJuLjv7wYspoOjtsiZBi2sRVhex4DFbDOAzyjoJgq/bSIzKUBhU4lAdaS0mYj4zi0127SMEXqgKmNCf9+dCdkXTNkSBCL/rqdwzK5Ji92GeKsjp9O4nnWgv7GGqbGJzawDtxtIwyBPawRd4ZwqqMzk+/su53eB1g==
+a.nic.rest.		172800	IN	A	194.169.218.35
+a.nic.rest.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:35
+b.nic.rest.		172800	IN	A	185.24.64.35
+b.nic.rest.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:35
+c.nic.rest.		172800	IN	A	212.18.248.35
+c.nic.rest.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:35
+d.nic.rest.		172800	IN	A	212.18.249.35
+d.nic.rest.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:35
+restaurant.		172800	IN	NS	v0n0.nic.restaurant.
+restaurant.		172800	IN	NS	v0n1.nic.restaurant.
+restaurant.		172800	IN	NS	v0n2.nic.restaurant.
+restaurant.		172800	IN	NS	v0n3.nic.restaurant.
+restaurant.		172800	IN	NS	v2n0.nic.restaurant.
+restaurant.		172800	IN	NS	v2n1.nic.restaurant.
+restaurant.		86400	IN	DS	62200 8 2 A9093436978DB7D5EE302879F0BF8D7A84E0A2C0AA132784F92D97D0D4E15992
+restaurant.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oGUHHIU1g/Gtl4/c4ZRzbnxtU4T71RXkeu7JE57fbipqWfYxAtDCE3WI4/GbJF3xxGc70gUlGvx9lltfug4WpOcmtvTobz/BDhPda0xygQdQyxJ8R2Xgoj/+B2mCuz618cDOs99BZ9nTWU7F8+zjuuouIRyAw3OgS4zYBvC6fQmDiIj0CMMl9i73RooTy0iuuy42Y+y8O8n04GQS//GU8/91HqBhgV0wUmm0TRIumA/gatmtP9Eqmyy4baY9o832PhD2WNlmKIm0SnQfmOJsq3V/TkAw3oEdMMQ055ovpu8dZk7cDri3rHduaDYlXIdi/QbrY/aKX6mSD1Bugl+iBQ==
+restaurant.		86400	IN	NSEC	review. NS DS RRSIG NSEC
+restaurant.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A5lb+q3KTB0QXdaBBQEr9zxSHfTZGikzLq5RGwiRM44Z0jmVUOZUh4n5MsHJ2o1N8NNx7QNzRjAydj0ixvTlpGzk3glO1fsLKAfiMotGbFEN6ZBeziMCwjSVYgy2el3plRGyLtwlVYJUKHPFM2TtoEfFI7aj0bybBmyi1HrR+LQilddius06jDv2eSPWqVXUIRI8n63dhK6W4QKRR3MP5CEClFTQIZMsrqMNmpEKKeaQC0/5iRZTWksDDUVwyyZeUqj8q4+139uii+AFWQUt7QaiQe3qKCr45XblsPtGxcYhT6OjRi1mixcewjxbynkkBLQ0pNtytBG81gClf5Q2GA==
+v0n0.nic.restaurant.	172800	IN	A	65.22.28.49
+v0n0.nic.restaurant.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:49
+v0n1.nic.restaurant.	172800	IN	A	65.22.29.49
+v0n1.nic.restaurant.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:49
+v0n2.nic.restaurant.	172800	IN	A	65.22.30.49
+v0n2.nic.restaurant.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:49
+v0n3.nic.restaurant.	172800	IN	A	161.232.14.49
+v0n3.nic.restaurant.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:49
+v2n0.nic.restaurant.	172800	IN	A	65.22.31.49
+v2n0.nic.restaurant.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:49
+v2n1.nic.restaurant.	172800	IN	A	161.232.15.49
+v2n1.nic.restaurant.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:49
+review.			172800	IN	NS	a.nic.review.
+review.			172800	IN	NS	b.nic.review.
+review.			172800	IN	NS	c.nic.review.
+review.			172800	IN	NS	ns1.dns.nic.review.
+review.			172800	IN	NS	ns2.dns.nic.review.
+review.			172800	IN	NS	ns3.dns.nic.review.
+review.			86400	IN	DS	27040 8 2 3A9D7B6CF7A12550C281A6FFC5B376B7C93972D8B7607D2C726BBD351D4803D5
+review.			86400	IN	DS	55054 8 2 93642D0425C1357DBB5F42BE8CFEF153324B22D81EE82CEF8034541D360EBB52
+review.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FLfgY6VhV8hFcG9YBGKDeRwMIyYQC2uAAwfXrz4Xp3YhNuc1GEZBmdJKTTfJD9gsS7U4X75P/PDc9vvXQP9mxCnrgcECLGRVmfuKWSQ7ie5LoICQKJFtDKUz8caXk5JkXmHGWAnzu6Nxz5zOp3a+1gY5I9iNddXcj9lImJroPFhD0L4xNXBe24i5WreysHhLaIUCsLYqHaOC5aL0OVq45z6IUJL2ebCA1C11kLdwuofmVSO7HNkHtB1doolDONUey9Fkt3nJBtPpjjoPxnmSAwyQQNUK97TdODm6tZtruMZPRrVSaoscApnpQ024eXOJ08pVO4GPs0uvDsSu0aS79Q==
+review.			86400	IN	NSEC	reviews. NS DS RRSIG NSEC
+review.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KXpnyfkzIDyWEP0e7oPiP4BpzIL2b9OjYvb4jMnsjEIgJUnbDjgTX5v6tvPK7wi71Waq6Duz7m2MsrdfyQs6MTqmAswn8ntJZB063eMenRNV4A952FdNX56BlgE4r9EM3h+sOVER6JhgYKoeE/A4n4rtpO6vY9L0LIVvjYVUdypjM842iMoI4Sm1KUUz40DhGaH1e/o3eHnwR36sI11kDN2FW2Nj6ZoH8ccchvUNHzHpyuc2t0VflsI278la59zj12w3xnNQS/LFKy/4bm1m8pYQGPCkMN8XDB59vB9u4y4fFyNHAIKGWWkdRu9vwNUbyoDt00/D1xOUiEsBMPgcRg==
+a.nic.review.		172800	IN	A	37.209.192.10
+a.nic.review.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.review.		172800	IN	A	37.209.194.10
+b.nic.review.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.review.		172800	IN	A	37.209.196.10
+c.nic.review.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.review.	172800	IN	A	156.154.169.35
+ns1.dns.nic.review.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:23
+ns2.dns.nic.review.	172800	IN	A	156.154.170.35
+ns2.dns.nic.review.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:23
+ns3.dns.nic.review.	172800	IN	A	156.154.171.35
+ns3.dns.nic.review.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:23
+reviews.		172800	IN	NS	v0n0.nic.reviews.
+reviews.		172800	IN	NS	v0n1.nic.reviews.
+reviews.		172800	IN	NS	v0n2.nic.reviews.
+reviews.		172800	IN	NS	v0n3.nic.reviews.
+reviews.		172800	IN	NS	v2n0.nic.reviews.
+reviews.		172800	IN	NS	v2n1.nic.reviews.
+reviews.		86400	IN	DS	38191 8 2 5DAFA6AA4E5BB71394FF2F91B4423EF5A1C7BA598E359F7AFCC8DF8C6F68957C
+reviews.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Bkib9quksAKzyi7tuB5NR95tdcgLiRA61JG/D/KrDLlsrTMqmYIlTB+odFdWjN0dDDI/dZuftFNQuSR0deLTAAiyhWve0vM+imlkCwXuTDIiQPQXo0ofcVfADWhNybIM5yhnRhdyPkKXqBpxD2X2c35P/lZMRsr8fAQiRQI5iuXJbc22uw+wODZWavYq+B14qGr2kwQTjxNe5QRdjNY2q8NruWDRZ/0RcEtAW7GjKfxLz51ZJN0AEBs6qt1tkN28LMm87ycKc1z1ogb6vZfIKyZit5Q7n0s0qbYrYL5IXmAZqAeJ7fDOYFNkJGhFgexqWsSbZFXtBL3n/7t6nXMe8A==
+reviews.		86400	IN	NSEC	rexroth. NS DS RRSIG NSEC
+reviews.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jfHdnX6FeF5oUdMzIBwDQf41b4EV/VMytxSLgAkwgCXei3lz6sz5uQsYOQtjWaHQU4UOwB8RgvOxZ1rb66zKJttd1dzkI7X1883J92OH7Hsp+OvEloNJ+f/qmHnpZWa6PyuOiP7sJxgyi7XbeTmiZB0t1vbccr+1kFpqqN+EwohYa9JB4ZmQ+cI8ZpMlp7lcooBuKjY/GkvA7n+LhWCSYkIfcRPiRZm4wNQLkgNuRXawjEYNMGTLJvTWYTSSawZAioFRDZm7dLTiTEzbL70yBfat2uLMg1cih+ypIjdOkSz30/I7mI7YHFLs1DrR5ULL7Uy7LGZhtGbduL2TwNTfhg==
+v0n0.nic.reviews.	172800	IN	A	65.22.32.12
+v0n0.nic.reviews.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:12
+v0n1.nic.reviews.	172800	IN	A	65.22.33.12
+v0n1.nic.reviews.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:12
+v0n2.nic.reviews.	172800	IN	A	65.22.34.12
+v0n2.nic.reviews.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:12
+v0n3.nic.reviews.	172800	IN	A	161.232.16.12
+v0n3.nic.reviews.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:12
+v2n0.nic.reviews.	172800	IN	A	65.22.35.12
+v2n0.nic.reviews.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:12
+v2n1.nic.reviews.	172800	IN	A	161.232.17.12
+v2n1.nic.reviews.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:12
+rexroth.		172800	IN	NS	a0.nic.rexroth.
+rexroth.		172800	IN	NS	a2.nic.rexroth.
+rexroth.		172800	IN	NS	b0.nic.rexroth.
+rexroth.		172800	IN	NS	c0.nic.rexroth.
+rexroth.		86400	IN	DS	13240 8 2 3FDB1D716CC4D502C89094EB8B0F44056E6BDEBEFDFDBA79632C5DC606238E70
+rexroth.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aUWQqHjLyYYOSLBEpHNFoa9QAgGDRBYeI70u4YrY+aHF830V0Lw+NH5N3hPzo1F+Y1zk50vE4rKarJWSWaoGyb7z1fcz+okid4e2TIWlO5Fq8qb1Hoab//ggBc0KUPtytPqvEaabvabkri4xp2qvBNQe/BNeg/KCaczbj3VU2hof9QYMpcV5Dr8CZilSN8QlQi79ST7Hd4u3kDuhl+dRnv91NNcLoMb/Ic7Wc4ihHTKIgt4hO/XrRgOLAMYEh/qaO+i0Os1A07igC0EHiEmoZm4TSiF//nvtWxAgBZrR9/LI/Nsze5d3bJmAcUMUCnAXIZipBrZ/PML8+2EzmCQCIA==
+rexroth.		86400	IN	NSEC	rich. NS DS RRSIG NSEC
+rexroth.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sNoMahb0nU3Wh2zRAk05DUpmQp/yIaKRLfMBAODLFU3BtsZ8VvLFomTIvMe/m6I9h6ujHL14MCIIgc2inPxSQiNiFiAejnI+RwM+W/7ybKU4Iza366KoNg633ZAHp1t5yzYO3fNYknXlHdi6cslJPjcelIxCDvaa9NYM2tYvsMuWilhKpXNE1ZVh/w1LJugHTlju2dGh7fS+IOLwGtV2Y1j9506CEZ6+c9obb/cnGGVo0E2brRA+QD6SY4FRSFsB642pndc2Lj+mi0Mkcke8Z8YOpYwA1/5WO1Bgwnn/HSE/J6FcHCu5gZaJLf3tt79R+r26j0jFXAr/x+k6grbkTg==
+a0.nic.rexroth.		172800	IN	A	65.22.112.65
+a0.nic.rexroth.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:65
+a2.nic.rexroth.		172800	IN	A	65.22.115.65
+a2.nic.rexroth.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:65
+b0.nic.rexroth.		172800	IN	A	65.22.113.65
+b0.nic.rexroth.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:65
+c0.nic.rexroth.		172800	IN	A	65.22.114.65
+c0.nic.rexroth.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:65
+rich.			172800	IN	NS	a0.nic.rich.
+rich.			172800	IN	NS	a2.nic.rich.
+rich.			172800	IN	NS	b0.nic.rich.
+rich.			172800	IN	NS	c0.nic.rich.
+rich.			86400	IN	DS	12391 8 2 AA344ED8E0615FF242EC66EDEA4160269D0EC1D36437965A8D1D1ABA6A4D97D8
+rich.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QzseeGFNWpLIFKPCV5JXUcKFgkEB9OFh+9E0U14A8OGqKbCgBTlZ1ykYqjp2b9LsSTWVAKd1q5caAyffHTXJEU4csjs39Yh/3xLCgTtjLAvdUZOxZrCh0RHV6cERe/saljyymntax88y+XavtGaH2tpPQ43jQN8yg79rbIQOvZXyfzBGy902kUEQGe3JvTJyfiGUlqMxKGetvr5jyy8P47l43yAHtv5ueGTwmYtfAWKIzekZ9/ADdIJYk0HjNXTGjogn6bDJSmEcCpLcqOnIRf/Dwjh6OIlJ6WTpakHJkShOkFKunm1Q1yzc8YNpBqrWrKa2MRQu+mZwHHVQDs2R7A==
+rich.			86400	IN	NSEC	richardli. NS DS RRSIG NSEC
+rich.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VsKNpyuPX4hq/08nebjN3PFwEQESBZn1Vl63iq15Ls46JtHAQMdmLQROlSMZMRAb9UGczXrAuWtShJs9fUKj0Fmq4hO4lMRKWPbdFPk0t49RNeMS2lRmy8c9mJy3VvZgxMaDhIdA0d7oIWhDkBvJ3LUcxu0Wzp6TgrDig3O4MUz7rUmCPYbfE/5Nppu7a/3GOs4XATbu3ZbOz+hUXEINZyHGgi4qN6DHVBhC2Awy+3S061ZPI6wzbNdzTC8sJdhsy3yM9gzuzV3tOsUWNFsCjyCoWDSIAX/WyRoQZhhiNDIkw20YPeNKAK4C4yQiWPeE6idg/KLxOW53SyIT4/ZcqQ==
+a0.nic.rich.		172800	IN	A	65.22.136.17
+a0.nic.rich.		172800	IN	AAAA	2a01:8840:86:0:0:0:0:17
+a2.nic.rich.		172800	IN	A	65.22.139.17
+a2.nic.rich.		172800	IN	AAAA	2a01:8840:89:0:0:0:0:17
+b0.nic.rich.		172800	IN	A	65.22.137.17
+b0.nic.rich.		172800	IN	AAAA	2a01:8840:87:0:0:0:0:17
+c0.nic.rich.		172800	IN	A	65.22.138.17
+c0.nic.rich.		172800	IN	AAAA	2a01:8840:88:0:0:0:0:17
+richardli.		172800	IN	NS	a0.nic.richardli.
+richardli.		172800	IN	NS	a2.nic.richardli.
+richardli.		172800	IN	NS	b0.nic.richardli.
+richardli.		172800	IN	NS	c0.nic.richardli.
+richardli.		86400	IN	DS	41074 8 2 FF2E8B0F81588F0266003EB8AC2D8617607069C425DDE1BB7734FCC4F93C8D88
+richardli.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UYKTQubFHpOGD6zkEsDJ1+d0oDeIeLGekJVnxWHdMG3eZo7wM4EhEQRFilyupIscmcw4cENndTrh7ljzZucawZX3Lxi4EzgujsWoh3nlUpFT4ywRfj2PAi+ic+UUGXnDgN1MLKE0D3lR2mwgf3/mqR39QP0QkWmyrHxwxjrrmdEJ39blLJNSeczQXPEEEsIeT4jME9lxwBRWw7yHgJ8HDZPKQICnaesIm5X1NBcpvlYCbCvJD2f+YEfo4LMblAwHPB9dUjG9/l2wwz/XKED593s0s09St57VdtXJXtZgUs6GpvoDq2l7FTGiz/2yHlCRpi7CcA6iOxyj38lZllmi5Q==
+richardli.		86400	IN	NSEC	ricoh. NS DS RRSIG NSEC
+richardli.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yxGVWorxpMIew4kcU4xye76c5ZcmUbwKGT02zLjyXQavQRey/IuWgf0h9eFc+3C4as0YuHsxbhxXwico22rffsRmE6Bkyg7OkHyejgH59o+oNS32q4ytExl1CqlR73uUXEqznKoDpujETMf2ga1ScAwT+vRkVyqcnm0gCSEkfFcNOUvvUrNigw2IOFxuLZXP+F9mzf/q0pBXPmFEpSw1RmgRtU2EKinjI1uv/LmyIH+uzUAlIBPmFjsMZWs0SboYdW9qUurHvxPNXAObrdOcz/xGF48yphnCbcsym7lI8zViN/Hsqq76wK6xuMQxo2RO4Qb5Mq5J8dkEGQdM8hlU1Q==
+a0.nic.richardli.	172800	IN	A	65.22.136.33
+a0.nic.richardli.	172800	IN	AAAA	2a01:8840:86:0:0:0:0:33
+a2.nic.richardli.	172800	IN	A	65.22.139.33
+a2.nic.richardli.	172800	IN	AAAA	2a01:8840:89:0:0:0:0:33
+b0.nic.richardli.	172800	IN	A	65.22.137.33
+b0.nic.richardli.	172800	IN	AAAA	2a01:8840:87:0:0:0:0:33
+c0.nic.richardli.	172800	IN	A	65.22.138.33
+c0.nic.richardli.	172800	IN	AAAA	2a01:8840:88:0:0:0:0:33
+ricoh.			172800	IN	NS	a.gmoregistry.net.
+ricoh.			172800	IN	NS	b.gmoregistry.net.
+ricoh.			172800	IN	NS	k.gmoregistry.net.
+ricoh.			172800	IN	NS	l.gmoregistry.net.
+ricoh.			86400	IN	DS	7006 8 2 60FF4CE45E722BC253D21348E4B285A44C77C60F75BFE704B033685BDDD4F63D
+ricoh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tIgm0qdq2AlOI3YDJ0v1vRHwily+n04fmTwUg5ehuQK62BkCDjb5ujeAsXMH3Y4xasDQcv3zVeQM1p1+gtWw3zhCDWGk5i6yFP81cYRJZKTPNzHE2/U38Fo957hUFq2C4cDYLPHU8lxNnsrfCv8723I8zTmOUb8nSXSrjP446kKHao0PE9123Z+vNlY2eQi2M4XyWO6cR1b1jbtqjfKDbvpHH741+QSTb5xgIP1Vnhs8XQBz5zEmD/zE7htsFGUyjzsjNWj03MXIPAtEQiNlk82O8rxdspeBiRc1qmdfv16Qme3aMWQ9iATAfX2Ueuy4y43UsRpdac4qyxUuOoY6qw==
+ricoh.			86400	IN	NSEC	ril. NS DS RRSIG NSEC
+ricoh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gNyllL0gbPCetzsX2TuLR7uAw48SXAgg0xXMbYuK+Ms1RLVSTYwUCVjlvwAxv8kH5nzQ21bhP94WkOHJXZM7U0o17rcDK6ggDHoKJ2J7XEGKRFiASbDzLc5/lO8A2+ZQMU8VRdsAavIf1sbY3aceVoMrYTc/5cY+t2621s1lGz3bUCGd+xqx/B7LY/z3G4ZOFsgGdY5y1i634vKK5MMCHbbmE058RQx2WjkRAgqBvbQav2KoK4HoqJR3UFNzsuMkn2yWGMX0xbBa3Pn2zAg5VwPBY3K7R7LIgoTizXv6G9EUi7gZzKJQMXzzC8ZfwGMv0q8MKvI/pEu8osILKwce/Q==
+ril.			172800	IN	NS	a0.nic.ril.
+ril.			172800	IN	NS	a2.nic.ril.
+ril.			172800	IN	NS	b0.nic.ril.
+ril.			172800	IN	NS	c0.nic.ril.
+ril.			86400	IN	DS	19549 8 2 AEBD50284035552652975D96493C1394E8C652C43AC366F019B0FED4CE3B5ABF
+ril.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vsx+w2K9GBH3AO25Q/zHjBRCmYhfeqV4mVHYfD4g/8gobxAKzW+YAROprVZ+OjsSE9FlbssWLLD/g/+vQzsjscTmJQK8LQQ0zgQMgYUfLlmB6TvGflq5QDerpm9vHOxUlO/ONYHrgA+AU5jsAfPmJKPqK/oWLEt5BxLyoSbw0LoMM4defbGjigHwzXK5b22k5OLs2pV9+TqSICCb030eLKgllaclx2+c8ZQRQUt5ObeCJmj9ZB23zItTUTlmwjHc3Bzt2Bi5L3onnjNl5NLiC19jGOPHNtMGU2hVxQkyukO0RXsad2qCrrV0b0ILEMrRXc8tk2yZQ5RmKBsbh9Gubw==
+ril.			86400	IN	NSEC	rio. NS DS RRSIG NSEC
+ril.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sVO3dnA5kwxVtP6K8PPaGFKV6ynuCIw9NS6up8Hvxgyn026ZwZ1AJFe3nGWo2xKnmM8UVQ+nInMRrQtF3+bClKsdXUEN3u5NwW0IJyR3CqcsOdfca1DJ6rsWOQnu0FYUQwVScq0XLAPy0uNgfKrq08+njUUTHfy+6PX6u87u9MuPp8Uk3DyZAPU1lVfI8LMzm+V3jOXAdJp528sP01YFz2VPoODq7XkhxUEmFywkg301ZuvAsTYSz6C7qifLYMSCSoEkb8lLkcDMyrUnu0NEhsbnv2U+h5tQbvkO9cSITvWqwGQoEH3CM43RlA8G5uLT/ZjIxiNB3IIFklWGxJC5jw==
+a0.nic.ril.		172800	IN	A	65.22.180.17
+a0.nic.ril.		172800	IN	AAAA	2a01:8840:ae:0:0:0:0:17
+a2.nic.ril.		172800	IN	A	65.22.183.17
+a2.nic.ril.		172800	IN	AAAA	2a01:8840:b1:0:0:0:0:17
+b0.nic.ril.		172800	IN	A	65.22.181.17
+b0.nic.ril.		172800	IN	AAAA	2a01:8840:af:0:0:0:0:17
+c0.nic.ril.		172800	IN	A	65.22.182.17
+c0.nic.ril.		172800	IN	AAAA	2a01:8840:b0:0:0:0:0:17
+rio.			172800	IN	NS	a.dns.br.
+rio.			172800	IN	NS	b.dns.br.
+rio.			172800	IN	NS	c.dns.br.
+rio.			172800	IN	NS	d.dns.br.
+rio.			172800	IN	NS	e.dns.br.
+rio.			172800	IN	NS	f.dns.br.
+rio.			86400	IN	DS	2471 13 2 452F6BD5CB271080AAD2425FB762A32D0880D6C706F16ED4D0C8797342A91A80
+rio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . R/DXIHJBKS5zoKSINTdKk6iHXPnmH95e5jurSetG1N2tffDvekD3xs5kGLXlIxDFFk8oi8Tm5IFogY3utlRHWFqAErcb7N3Peo02nbPZJT0eltmTYWVCYaUMZlFA/tZXNDxJT3ew7Y+7Gpskb39GZidLDuqWu8JQvcmVXpSiMgHJPRhDfSjRi+V0CYPuaC4Ar3MBy4n4xgCjasYOJD/Zg8wwzEkZoiwRx425YXyiZ+UUOp+qZGzIUlYMIZoK6AKp/hT2Mj+krbP8Uhs/xRiBkeb6t0nJ0+48BOoi3mihmKEk8wvabD/3pEenNR5hoZOrqtI3quJBVNIZ8FtMBOZDLg==
+rio.			86400	IN	NSEC	rip. NS DS RRSIG NSEC
+rio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TjuEZuETdkhx2uI4yA3BBUS0pUSLRuuOuXgsXmWEiS+D2p2/EQlJU6hSaQPtkybp/8uDS4+gBfz3crxpzfSv1E1En2j0Lu+FQbE72wgKFpdCfJYW9OjrFMKpQ8F8fAO8bFTeFCmOIEU2AYs1HmFo6uqaPlHZnGilV2HE6dMQnevMf30ga2Tuc1BdgJW4nxpnN9FHXVpetVj3c6+XP0pJCrQlO6UAhB2GBAcikhwzY7wlzq6KdcqjoNBEC/IzdBicyXvI7PxTht/dCsX9ym6t9WcHzuDRBdw++4YU7UvdoL2P+qFQzHaK1SJ6VxO/3R/xR2UGTE4Ty1RMnPDK5H7qeA==
+rip.			172800	IN	NS	v0n0.nic.rip.
+rip.			172800	IN	NS	v0n1.nic.rip.
+rip.			172800	IN	NS	v0n2.nic.rip.
+rip.			172800	IN	NS	v0n3.nic.rip.
+rip.			172800	IN	NS	v2n0.nic.rip.
+rip.			172800	IN	NS	v2n1.nic.rip.
+rip.			86400	IN	DS	64594 8 2 E5771475FCAB4C6DF4608BE0EDE2EFD5CFBCFA1405CA0B121C57557B959A40BD
+rip.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AJROYacsrkeOJm4jkQW5v5gkwZZ2ugUatC041gOH0v0jWI3gGI/JXzIWkNxK0ecSqVd9GHDbHSW/WliCldKMX9cYGkaJXZzvw0Fl6qsJETIqp9l1WZvHwU5FMRjOXFLZB2NhRhzGCZDTCg0HCLZwXTAGZvX1YOvRtE5u9+6sfkbJcIZCrWL6fg8/NTrKna+qX//uXJG7w9gewymMA2X/b+VWUwXkUdSo86yFMmXV7dJuVuAWaU0b39hAjMrnI6DoQrdULDiBIqA+EZim6GIZ5YiFD2HFu9gZPERbHsyOSOsQ/gtGXADpjr0FfbOK++mQe4ZOJ3L6jZZGmKWAhPbToQ==
+rip.			86400	IN	NSEC	ro. NS DS RRSIG NSEC
+rip.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ispQA77uAVRefCGwTlFLR7kwOL6rJzaa8FPJEV+u/BICChTFN922jgpDuPB3Oc42aOeB8qyFpWGou37ZbQQTJaauRn+mktz5kgPaNGRgjNlKFicGYfv32AqjVfoDs8ohs2hWWgYoSzcZpagbdcDSr5vWjhguub9RCQEc5XZ4wt6WuI2uIfUMyN3+yfEO3tBrHpoDMS6DiVxHx4ezAAEAjIJm4j/tdbKep+S+oc4EauhwSp/NyJMihFxz3RDuOIPNB3pZk6Tww1Qoi8mOMn6+qT8m3tgnrKRd1kObDvI5nEQSjc0WneH3+0PuA9rqkeE5KsC0itciOK+A8kFRQqL03w==
+v0n0.nic.rip.		172800	IN	A	65.22.32.22
+v0n0.nic.rip.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:22
+v0n1.nic.rip.		172800	IN	A	65.22.33.22
+v0n1.nic.rip.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:22
+v0n2.nic.rip.		172800	IN	A	65.22.34.22
+v0n2.nic.rip.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:22
+v0n3.nic.rip.		172800	IN	A	161.232.16.22
+v0n3.nic.rip.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:22
+v2n0.nic.rip.		172800	IN	A	65.22.35.22
+v2n0.nic.rip.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:22
+v2n1.nic.rip.		172800	IN	A	161.232.17.22
+v2n1.nic.rip.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:22
+ro.			172800	IN	NS	dns-c.rotld.ro.
+ro.			172800	IN	NS	dns-at.rotld.ro.
+ro.			172800	IN	NS	dns-ro.denic.de.
+ro.			172800	IN	NS	primary.rotld.ro.
+ro.			172800	IN	NS	sec-dns-a.rotld.ro.
+ro.			172800	IN	NS	sec-dns-b.rotld.ro.
+ro.			86400	IN	DS	9784 8 2 0A8ED773F6BBF8C5D2F687C26A9A904C76DE41DB74F329501E23F206C9C3B078
+ro.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . W+7imBwab8JzlDThig+khj57Npn2U7P1B3yt83ebuhUejRxShNnck/q1sDUV8osEF2Pv/ZcFoVy3+fq2/Q2neQ2ofctCKUTX6sRfBIEk0fvjqz+ai68W3nvCKJrm+h8RTi+F5VYTGTEkVVEkTHuOlX/kdyQl3ghHfXjO82A20D7D14NQafnnIUCk/ickj8cX6S+q7Vp60VcO/URM63+q0Jk554yFSxtZC7ElbbGFnG8mOKCmHvlSJWQpV4Hw63LbTGKBG7UqXCSjaNKt3I3LJWWhNa6L/LSUANpfqfhMQrYMgwmLTaZ2up7KVRR34xSwwoqRk1otEF0KRGUb4afCeQ==
+ro.			86400	IN	NSEC	rocks. NS DS RRSIG NSEC
+ro.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LDx6X7vo/F20yUH7SdenVe8hoqXzU9tOcWY+qdKTcrByDAHzDuKeM7Krin3VyVh2u8cl2VkqrbonmLvZBLdpyYNCvfRHJf0E93oP8OqIfwXm1LvvLC7fdQfBEwdv+tl/GmCo1SPNnCaNyVfDoDqPDDr2WZ7q4qp4D+E979YTd/RWs1dRBiyt6LmXeoUVDqsw2YKlyPDDcgaWn8vElJ8CrpJwCjPB3cAahPk4aYmrgjaIqYsKGsqRW4tXMpdM9Vy/p8+1Di7xRIRrpts5a3jsT2hmxInyGDBSfd85gQOXO1xU7J0kquyYtWF2xgfJakyt1GPPhlbk6soYvQBAMjl3MQ==
+dns-at.rotld.ro.	172800	IN	A	78.104.145.6
+dns-at.rotld.ro.	172800	IN	AAAA	2001:628:453:bb:0:0:0:6
+dns-c.rotld.ro.		172800	IN	A	194.0.11.113
+dns-c.rotld.ro.		172800	IN	AAAA	2001:678:e:113:0:0:0:53
+primary.rotld.ro.	172800	IN	A	192.162.16.18
+primary.rotld.ro.	172800	IN	AAAA	2a03:5e80:0:4:192:162:16:18
+sec-dns-a.rotld.ro.	172800	IN	A	192.162.16.20
+sec-dns-a.rotld.ro.	172800	IN	AAAA	2a03:5e80:0:4:192:162:16:20
+sec-dns-b.rotld.ro.	172800	IN	A	193.230.31.230
+sec-dns-b.rotld.ro.	172800	IN	AAAA	2a03:5e80:0:5:193:230:31:230
+rocks.			172800	IN	NS	v0n0.nic.rocks.
+rocks.			172800	IN	NS	v0n1.nic.rocks.
+rocks.			172800	IN	NS	v0n2.nic.rocks.
+rocks.			172800	IN	NS	v0n3.nic.rocks.
+rocks.			172800	IN	NS	v2n0.nic.rocks.
+rocks.			172800	IN	NS	v2n1.nic.rocks.
+rocks.			86400	IN	DS	55882 8 2 BDA2ED5E9099D2E358529C190D03290D396B85FC2A41259C734FB816BC7D5ED6
+rocks.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ND3vQ4TwnWYJpdSauW1sWMqK/STr2qyXyIAg5SmPXb6lytR4shFT9Sr8UwUQml1uw8ZdI0g47oA1DeKw65Y5qGPGOvO8AAa37PgmUNsRnXh2ge1PkNDRPOvR2hP9cSArfiDEtrepZ3XshAKm64iQaoDVotBlndlxz2sy5hrQ2YSqc1hHr8eYx38P80K7wNiKwEH02OSU9ZLFUwZGdogTiUouuSYnNhZRMIcyEePkWeCtdSCSJIzZPXM9FlqTt4lrelx4d2VqFXPdWH8DNw8d4aanau1LQCAuxGUYkeAyP6V+leHtxye52tvoL88UaEjipNpnJXB+CAZxhJJgnOP5Pw==
+rocks.			86400	IN	NSEC	rodeo. NS DS RRSIG NSEC
+rocks.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Fyd75fboD+9SAeq5DfW8QM4pDPpIgPv/joQYqRdcORtdeyNX+halF3QL51JHMGYG5RjxnV+yOh9GeWsFCPdin/EkEGpjiAp2w3EsJtqy5j5hlcLk6kFf7UtG90Jv2LGJ8RCcSXA7kZ1ZhcEnEyBmj5OCyp0ZoWpPmvfuGJqlsq8T6TVwWNyRRQfacuF+ccOwdIKSBlgNoUf+3pnBV+8boQWYCHHnHnVk9XkhCZXC5ZRzr+tBb6eNvmD4iXlPdNp/E2xcSoV8lTQ3rkkeL9Dv+sqf/RgvG4YkXouJlYuyLygLoeu5w9XSnIM14EIz7ialPdQ+l9V5gda6tApGaB9shA==
+v0n0.nic.rocks.		172800	IN	A	65.22.32.35
+v0n0.nic.rocks.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:35
+v0n1.nic.rocks.		172800	IN	A	65.22.33.35
+v0n1.nic.rocks.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:35
+v0n2.nic.rocks.		172800	IN	A	65.22.34.35
+v0n2.nic.rocks.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:35
+v0n3.nic.rocks.		172800	IN	A	161.232.16.35
+v0n3.nic.rocks.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:35
+v2n0.nic.rocks.		172800	IN	A	65.22.35.35
+v2n0.nic.rocks.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:35
+v2n1.nic.rocks.		172800	IN	A	161.232.17.35
+v2n1.nic.rocks.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:35
+rodeo.			172800	IN	NS	a.nic.rodeo.
+rodeo.			172800	IN	NS	b.nic.rodeo.
+rodeo.			172800	IN	NS	c.nic.rodeo.
+rodeo.			172800	IN	NS	x.nic.rodeo.
+rodeo.			172800	IN	NS	y.nic.rodeo.
+rodeo.			172800	IN	NS	z.nic.rodeo.
+rodeo.			86400	IN	DS	16639 8 2 75B8726A0F8B07D958FF6E8EF2EB31AD19650920865EBA6382171422B3BFCDC0
+rodeo.			86400	IN	DS	28669 8 2 BEEFB4208ACEE98D66CF5BF93DD9841AC55EFA98B003CFE13FF4201E3F8EC300
+rodeo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BD8Tc68ILRVmRdQdl1yTOodTQaPvk2LcXHF5aN9ElI12+aiPplBpH8iuhePyvXL8lXF0IG3i8Pwg55qzQFTK/QCeYkp2I9OPgAI12xxH0FQ9D/TWJtr/lufRZYBuG/jpN2RNfodoKAZ1ZpHnzJDH12FdoU5MzXYnya2WyjOV6C0Aj2AG39H5fCkLcGmaReJ6GRPfe1b6AI6J+JhgUTultMiorQ2geVFbHV1FFfqlMM6nc5bcOBuum1N3O2LqwchVANRe8lobCXHhG6brmRPwOEeLrbo1IejVeLJNy3mfJfKOzA3fydU3nRKoxEu6Ne3RW6nsMKLzmeocWMUa95vwGw==
+rodeo.			86400	IN	NSEC	rogers. NS DS RRSIG NSEC
+rodeo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j2gm3KYF9WFM+BmouYKub4hgvW4enJz+tQCOh8M9c/E1JsJPg4hLR52URGLf3ttWjqbcPo10JL/dN++AhVFNkK3FYStdiBdE0n56MY+8AfMjzp5o9DeEB69kxec24Bx9Rre9SGezWBX63DGtH0p7Nnccv2YXeaWaRK+NzQyDvTjC9l0VXW5Z2SpqbrR/PbeSrx1ldaZvyDclWyLxjHb2YHKdhgtBg36euyWWyVSIuWcW7ooU6WGzu0UbaYZAGFu+zIaNrZko5tbfnl6zGiKGP2bQB+pR/TqbTMFff5muRQkmUzeBfNVenV88378jRuShfh6fcD59o42/Gj7QUd/siQ==
+a.nic.rodeo.		172800	IN	A	37.209.192.10
+a.nic.rodeo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.rodeo.		172800	IN	A	37.209.194.10
+b.nic.rodeo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.rodeo.		172800	IN	A	37.209.196.10
+c.nic.rodeo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.rodeo.		172800	IN	A	156.154.172.82
+x.nic.rodeo.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.rodeo.		172800	IN	A	156.154.173.82
+y.nic.rodeo.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.rodeo.		172800	IN	A	156.154.174.82
+z.nic.rodeo.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+rogers.			172800	IN	NS	a0.nic.rogers.
+rogers.			172800	IN	NS	a2.nic.rogers.
+rogers.			172800	IN	NS	b0.nic.rogers.
+rogers.			172800	IN	NS	c0.nic.rogers.
+rogers.			86400	IN	DS	46654 8 2 36DCB391639DBEF1612BFFC2103E2CE37D3167BBA29AA713FAE7CEB540F6EB71
+rogers.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iCCRZ2Szv3KwTTxof4pO9Snj4rj733WAv7O0VAha9UKW/tLg3I22bLxxxkCBvj/exNp9DS/kvmxKfuEvI7LkHvIEpxfmEig1R7EXm7DljBjW4+sZWUVvmAVM7tsDwHjB4dOrY0yTs2UoZIjhmQlKCyHKfGYQXIR9DxCG2hQFUoix5xR020K3bvPCdUyRTjp8ZSBFOwUMyBszItDVpYnB7xtqu+JgkqBcJo3Ynjfy0skbn2CvaVI8f/q+IShxFa4MDGl0Lc3CPQSW4rfjZl25wd3Wj+CNoC6NMzYTtVgkZAtww68I6Mb/MO3OHTDDd0QvTfsSpaxjUIYazX9dVTb4Sg==
+rogers.			86400	IN	NSEC	room. NS DS RRSIG NSEC
+rogers.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gQKFEd/LK7jCVz2xRbvQxcn+LLWkm3y6MiRFC6NoQyoKGWMZx17XrBE6LxjDCIHZtVKMO/oCU8TDDXah30GE8W9rPKItGA2Orzj2s6aJ8YYEps46uNRQnC2+eaExshD/uEwVekJFMB4ZjKjcRY7dpIiYGRXuiBtEMzS9JpdawRI65ZrLAhGbVeNLByxVC5H0A4sqkH9B2bPeW6RRm+HLiTXRGje1yG7a037b79dWEYPIwUqQlswqrOQMPd+wtfh/nuPpM3l9EvFVq6Dr7qnp5eZBuUVxo9cq1dgm/DA+S5Pt2rYdDr79A3XCigpF5nd/+TV3zOTkdTLFWSUpYVFOLQ==
+a0.nic.rogers.		172800	IN	A	65.22.108.33
+a0.nic.rogers.		172800	IN	AAAA	2a01:8840:6a:0:0:0:0:33
+a2.nic.rogers.		172800	IN	A	65.22.111.33
+a2.nic.rogers.		172800	IN	AAAA	2a01:8840:6d:0:0:0:0:33
+b0.nic.rogers.		172800	IN	A	65.22.109.33
+b0.nic.rogers.		172800	IN	AAAA	2a01:8840:6b:0:0:0:0:33
+c0.nic.rogers.		172800	IN	A	65.22.110.33
+c0.nic.rogers.		172800	IN	AAAA	2a01:8840:6c:0:0:0:0:33
+room.			172800	IN	NS	dns1.nic.room.
+room.			172800	IN	NS	dns2.nic.room.
+room.			172800	IN	NS	dns3.nic.room.
+room.			172800	IN	NS	dns4.nic.room.
+room.			172800	IN	NS	dnsa.nic.room.
+room.			172800	IN	NS	dnsb.nic.room.
+room.			172800	IN	NS	dnsc.nic.room.
+room.			172800	IN	NS	dnsd.nic.room.
+room.			86400	IN	DS	3599 8 2 060634B06ADEFFA11A3A1A3E0A24F1D94EA80D6D5E47E96A7C80466DE361DD7C
+room.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qTYpvxjMhcn/Yb5SdCmWwDK7yy7MF9aWo+abCUulQFraUsnqHSvP3LA2ks23lFkAsyNTYivoiyA53zNCGjbKL5RFwUXO5PFzPNXxehLe6e+Ri8uPCmAl24PmWGO0xXQlTmWBTwOITQqGMolMD29WDLPwFEBUOeeJ0BajP7R8g++LiNtz1dPOdNdvkmg4IpO01kVKQwoWkqzmve85xunbGQ75M5Gc0ik2fDh6UVt/wYE+H+zaST7g2JmRSmLXlorKrRKAiA7AKiKOUTSl6CfXWvud6/c5MooJYXRmqbta/FHdmanmNiGZhYtjIsfQlWfprFUQTawhc2xwUUvLMTlxxA==
+room.			86400	IN	NSEC	rs. NS DS RRSIG NSEC
+room.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . odIlk7AUZ3Z3EI/37FnbPWALH7OGAKFEdKXbXlHpP/FsIypVV5H4XvvCqzKN/bLbXNqrMVyYFxcAzeEdwvETEAF3fg4DkLMlrOlGj9NDsqypKO0beP2VbrodJEI4+nR8fUQ9wTYB2YMHeNla1of9QJj+BtyCGQzP0Rw0bk3jU+iEMwRrVsf9h69S0lu7gSkuwYYn5NG+yUH4cCplMfHIWSilCi0fhcfDAfUrHrW4e3R1e2FQE1S3JxEuH47g94hqw6oi9pc8MSULlKFJAFiA37n5DGwpag4pxeKHxo7kuNswKbHNHeR5MtcPEUMZcIsBYCUa1sIQeX9iWZwA/z1/NA==
+dns1.nic.room.		172800	IN	A	213.248.218.77
+dns1.nic.room.		172800	IN	AAAA	2a01:618:402:0:0:0:0:77
+dns2.nic.room.		172800	IN	A	103.49.82.77
+dns2.nic.room.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:77
+dns3.nic.room.		172800	IN	A	213.248.222.77
+dns3.nic.room.		172800	IN	AAAA	2a01:618:406:0:0:0:0:77
+dns4.nic.room.		172800	IN	A	43.230.50.77
+dns4.nic.room.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:77
+dnsa.nic.room.		172800	IN	A	156.154.100.3
+dnsa.nic.room.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.room.		172800	IN	A	156.154.101.3
+dnsb.nic.room.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.room.		172800	IN	A	156.154.102.3
+dnsc.nic.room.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.room.		172800	IN	A	156.154.103.3
+dnsd.nic.room.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+rs.			172800	IN	NS	a.nic.rs.
+rs.			172800	IN	NS	b.nic.rs.
+rs.			172800	IN	NS	f.nic.rs.
+rs.			172800	IN	NS	g.nic.rs.
+rs.			172800	IN	NS	h.nic.rs.
+rs.			172800	IN	NS	l.nic.rs.
+rs.			86400	IN	DS	57382 13 2 9ACA8316C4CE272097297CF5700E8A66E00AD0C83C4165BFCC90659438DC1794
+rs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . d5kUT9aZdmNmy0StR75yqnniSer680pNNHPYYobSSfzgkwNY1LDITYnESmOeMQsEglNoe4iC1zCagkGfVZiN6iPIj+ND9yST+GE6lkip69JsiuVDwxfGU63bXKsOH01pVtHkTaUNeqgRnHG8qMtmu6jql+Whz0XZIFuex89Mc5Ca/aFaLUIjpcCDmhUbi92j4hPChDb+/+2ZRJmEFrTU/8M90lSCz+RcSIZtBA5kIWE4K5v2Uiy1o6Lc/XVt27Jr3TQNDLM4AqKef7MnoGvIte+znfcWGr+903Qphm9l9EoMWfmBOO6KGhPnmX2i6hbHokp2CZp0sib7D1UnF+saZA==
+rs.			86400	IN	NSEC	rsvp. NS DS RRSIG NSEC
+rs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PHzU68fRI0gwqojzolk0dSSTuMZMg08O5s+9OzC2OMU2X0+K41ptsV3zQBNepEEbq4TrmiM8mDmHs0No6KOB9iNjBaHE39GqaDbwdH06pdowtqgAm5FYlvKqZTGKeFgexJ0cXMV9ilNpMLJbp4eFMiiJBUKXCvaP/E0Gm21VL4lvWfg2vaA0OEVzRBdMpTQmvAahTsydgZUm2jPh0gPMKqASLHikiEKUwpd298R/62GfVvXjGyJQNFUThF4/N6CZKudHOZ1sY0ZYbcXf91+xQZIFTAdKRQwM224E6UIj4wKj7nbgqpZebomDcHsNMiWrMYOms9XRl67D0WParnS7Ew==
+a.nic.rs.		172800	IN	A	91.199.17.59
+a.nic.rs.		172800	IN	AAAA	2001:67c:69c:0:0:0:0:59
+b.nic.rs.		172800	IN	A	195.178.32.2
+b.nic.rs.		172800	IN	AAAA	2a00:e90:0:3:0:0:0:3
+f.nic.rs.		172800	IN	A	204.61.216.32
+f.nic.rs.		172800	IN	AAAA	2001:500:14:6032:ad:0:0:1
+g.nic.rs.		172800	IN	A	147.91.8.6
+h.nic.rs.		172800	IN	A	91.199.17.60
+h.nic.rs.		172800	IN	AAAA	2001:67c:69c:0:0:0:0:60
+l.nic.rs.		172800	IN	A	194.146.106.114
+l.nic.rs.		172800	IN	AAAA	2001:67c:1010:29:0:0:0:53
+rsvp.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+rsvp.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+rsvp.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+rsvp.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+rsvp.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+rsvp.			86400	IN	DS	7067 8 2 A34484076595033B18742005866B79F5C56FECEC5A667494E3B179621B44EE4A
+rsvp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cVB/CG9+/Ks3szigR5GiMyu/MW2Sdqv8t1UKIETZjiAxx2Fm/GKV15Esl9UsFyjBOhvHJYZmOgXxbpHlw0R5njVAVCSs1ECBMK/lncwCO3A5YIXD9hf+mKaqRbQ6ST4MOEIkSrRqPKY/kkY5ZyOyrMoiTa/0pW8WiJXbZnQVfYsetKpnY228+LkOwx+r1Q5Jn1kc5RUQGDgE7ZcZen54FSEQhFjzrd1biU/mcqA9hR7Tir5JhSmaVrMBdHfPIOmPhMRMh25rYAUBFrswEyxtkKGPXyPQDofy7ZiEcyBqnfLroylJGkWBE3RVJqaIwq48D4jo5ZO2ses0MrXlI+5MlA==
+rsvp.			86400	IN	NSEC	ru. NS DS RRSIG NSEC
+rsvp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AvxFk9somhUbB8uhfsyxfKisRlAI4Nzhtir/i3St006IUmMhuK79WE1jSSLIsARIRxFvCpHYVtuTCOiHsPMaP3Ne8WumEdy545OWDVFOurNHpMxbsGKoSOCcRpxENLmDms7VzmCfbhb7XL6xKze8/CYzTGoLCVaVikdZAPua9hZwPceBJyRHqhEyk8oYdMkQVY7S9u4Az9FqLuWTmo1fu+hKoDRURayQ4T3cplNyG99xPAqlabVM9P897PyHIrlhV1zEcednRKofPlYtJerFVUEBSaCSzee7A6zx29zUXevN/+m18GUD+Pc3lN55QIJ+zbV/jiSLYVSAgmLWugGP5A==
+ru.			172800	IN	NS	a.dns.ripn.net.
+ru.			172800	IN	NS	b.dns.ripn.net.
+ru.			172800	IN	NS	d.dns.ripn.net.
+ru.			172800	IN	NS	e.dns.ripn.net.
+ru.			172800	IN	NS	f.dns.ripn.net.
+ru.			86400	IN	DS	18274 8 2 AB35D17D3F39EB42CEE14C6273247938D33EEEAA9F5CAA70B3858DBF4BD3E87B
+ru.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yFukzL4in7MR4F5y1FK+fOpgSd2zYlExUDIJRlaNUOVHwESQ9hGsRU3ERe4vHN48OFW6bqzPMf6vqZ8wlcRzzD6vThy2Mae1bnUIBLTSHpLtwUFFWbHwoP9a+0unMTkmje+2K/BEMA0/E9YXxdc7Maa79vElgDcEq9HezxKdJgGv4VBg6kn210GGfxFiuYFovuUUOevD/XxxT6mY7RDhpE8SIDlccobYBX3kQs1ruIwdC4TfCzdjPGdc9hWxczMc0weRwY7olAcvTcPEgq23AK4+3+WmWHeh6SS/hAbiO3HV1z5xIuqQNd+Lc+zP4LuxN1iedOHIUdNSyAkt7aEhhg==
+ru.			86400	IN	NSEC	rugby. NS DS RRSIG NSEC
+ru.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m+AVwNc+d/B9OfXFd5KrAmpy27Yvr/lTUHNoLwcuoUhF8pygzb9UmF+NhFu8xII9PIV6XGSE1RaKPLdKg5uUvMQ0/u/eS7KFE2KEhl+sn4dEBCw1mOLZJwceBx2DKXiV9HPruqNF2938XM/mxNz82mo9GZudipOmMecQkhOjXZvCyst6ksgXGx8Z6DlsvqEAPOqjzPXALXKUQz5sRcJsqO6vZVWvVWmyypGhqXes6gEox6jSCXYKbk5u6oYvmFLvo8zm1pxW8QXGMaVD1RA3MLGDWOmVeQBdqJsXIqUUr4eAWRcCWnHtjM+WeaIo7yddridNeKbLUg4Oe4khstZl+g==
+a.dns.flexireg.ru.	172800	IN	A	31.177.70.1
+a.dns.flexireg.ru.	172800	IN	AAAA	2a02:2090:6800:0:0:0:0:1
+rugby.			172800	IN	NS	a.nic.rugby.
+rugby.			172800	IN	NS	b.nic.rugby.
+rugby.			172800	IN	NS	c.nic.rugby.
+rugby.			172800	IN	NS	x.nic.rugby.
+rugby.			172800	IN	NS	y.nic.rugby.
+rugby.			172800	IN	NS	z.nic.rugby.
+rugby.			86400	IN	DS	30334 8 2 AB547A2F87369F8141BC75216586A4BA1E1D9ED416660AA5D46A8C243061E53D
+rugby.			86400	IN	DS	62356 8 2 DF8506247C16FF7EE32EB239208B60960639AF729379A13C135C52D606E8520D
+rugby.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gQpA2iThQEje8GgVP0bu4IY/kntLQjhg4fhsD45TkrN3zPj7Z6+4zIyXcDLYlTwYLlaC+U67W1Lo2NZcbdKTbW7l4xmGR8nUihxj6LjyfUM+1RcquNwxqVO3O9gZXMCOdkVwJ7516XCW0KcPAUP4vhj0jooRGjE/1WSNsVqw+wQCFtcLsmxA/xSa5tn77shA1B+8bkcXoVg1j8f9Nad+A76AU/RHqWUO+LnHxyDa02+GaRHdXXcuaIdbgIk0mBxhapathojCOGO5S1C7Ft+zjfe7DC/G+Hp0L6pk1qvRr3PY3/EwQWM/zGJ8xq1R00fkkGaUMKfcbFag1c6p1G1gHQ==
+rugby.			86400	IN	NSEC	ruhr. NS DS RRSIG NSEC
+rugby.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AyxRVg/Qsl+sgURiC+S0iUFj5pIv+5cdgVFe+R+L/QbNygNV0isO0N0n0eRuI4xQ8UDX8rLghqCkkkiKexiBkSE3D9hV4P53Zev92Z1y6KcZVJwXKl0sIWd1SY9uHZ7oqz4NH6OhMPN0euSIbjEXEvUOUFXVT+Gt41APhFdhyly6xuNVK8pNkdPWvVxitZ5tezWRlOufl3w2vEHApzFepRNQ2sDB2YBlsMmRMSEeuVkAEy9U8iukKpP0o9OZV+fqdfM3bduMA187yTrl2cVeOkafcBIE8E8ubZpssnCWkkOCzFbK+qKFsf5wGVPiMjeiLYoZI6yDulUC6gwNpljVKw==
+a.nic.rugby.		172800	IN	A	37.209.192.10
+a.nic.rugby.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.rugby.		172800	IN	A	37.209.194.10
+b.nic.rugby.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.rugby.		172800	IN	A	37.209.196.10
+c.nic.rugby.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.rugby.		172800	IN	A	156.154.172.82
+x.nic.rugby.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.rugby.		172800	IN	A	156.154.173.82
+y.nic.rugby.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.rugby.		172800	IN	A	156.154.174.82
+z.nic.rugby.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+ruhr.			172800	IN	NS	a.nic.ruhr.
+ruhr.			172800	IN	NS	b.nic.ruhr.
+ruhr.			172800	IN	NS	c.nic.ruhr.
+ruhr.			172800	IN	NS	d.nic.ruhr.
+ruhr.			86400	IN	DS	40422 10 2 74FB0B871ADF46AAB5D49A1EB3B8B0B7DDA42C023DD045EC0282B6187B3B4CF7
+ruhr.			86400	IN	DS	46252 10 2 3DB9DB25D3B8E13FBCB4EBA53F61C7CE156831DCE66D4A19747D17F8AB278FDB
+ruhr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . P3ypCFdzwpLPOMvZ82FTZvh+y22Vi4J8VffaAq/yva3xKdQywuyCJdcyVHWxHxuq59/Fncl8+WyibZXEYqHanE5xyiR9ZNOKpYKu2XxcfuYQk/2OlulXiv4VPm15JyVHZJcufSbu6v90axueq2JQQLSOhm8XdT4Pr1XPN29C/PVqCrSMv0CB/tR4Ehvv2UPhQATLnzl+Th0v7bKmWaJyJPDzJcpGmqasQoajwiO9I4bA/cO3mkZ/5M+l+i5tRc9XX3HSLf1FaWxSJ0lmWObn6OaqYF12OvXyoqE+QQsCPm5MgryNlTZJxyf3isaICzw2rsGOuC5yjzsnrvz4YxrTKQ==
+ruhr.			86400	IN	NSEC	run. NS DS RRSIG NSEC
+ruhr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cJmdIx3lAB0ctBlnMbCubRf943zlbg6ADPXnGbL8F5GQ6V1qzGKFdyWXKUKvDkm0RImbwdu8a53luLBCYQ4NJoIMvhPrU4w7MX4H41ljCaa3RASoetmh5bfTOeRh6DIdrTzX86qm2nYjUjJsZv5V0qX/NJlcJWnNXxrzVSTfen1VUDJSEuKRd002wRNk32u+JzH936SzDSXWAkiqxu6QDQ38vVXDzd4JW/vCKu8VMD5O9wujb4rqPkoWCLpGkSUWUC+S5sfgTq5d2H4PdRnDE53ZAVY+2QmtM1H7SX8cFCc9flY3lT+QiL1/S8x6D083pr6w0UDjVLsdK8WK2yasCA==
+a.nic.ruhr.		172800	IN	A	194.169.218.155
+a.nic.ruhr.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:155
+b.nic.ruhr.		172800	IN	A	185.24.64.155
+b.nic.ruhr.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:155
+c.nic.ruhr.		172800	IN	A	212.18.248.155
+c.nic.ruhr.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:155
+d.nic.ruhr.		172800	IN	A	212.18.249.155
+d.nic.ruhr.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:155
+run.			172800	IN	NS	v0n0.nic.run.
+run.			172800	IN	NS	v0n1.nic.run.
+run.			172800	IN	NS	v0n2.nic.run.
+run.			172800	IN	NS	v0n3.nic.run.
+run.			172800	IN	NS	v2n0.nic.run.
+run.			172800	IN	NS	v2n1.nic.run.
+run.			86400	IN	DS	37315 8 2 FB85B407411A748F93E2393FDC4123C2FD6F15D2B8841091D83DFF1364726A37
+run.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Z+zNEuFEykdJ9+T7GKW8HXB6wsoV0FQLG9UQ0bhjsB7FZIQijtvJOsonULTkmHHz7DmLCaNfEE0oY0Ve4RBHQWnAoUQKCPZcXnClldFTkN9IjrNH2dZGBGGFNfS3mzSKy+7TSjDBopFfy3g6XL6u2o4Jb+9XJcDMGnJR9FQ8IW7STRk6jYCWj4k4OcWMX1c1LCiftDmU2cDqN9JVREk5AmN/P9eXVIxOkpTh8hSN5ZcbHclaEuJtbVe7xGcl4kg8WUDQvmvFS2jEGo8kGrxKHpVkxf2H1U/8LhWWguQBzWjC6a7r4a/PVJUAqgirXlXmmSNMHNOLHOCELS1o8SaU5Q==
+run.			86400	IN	NSEC	rw. NS DS RRSIG NSEC
+run.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BRHC70CiZn7qI8fK/SBrhAG3rOodlfO7bNlmEi+PwbkzPuP9PBf7x898G9Vnq2EtXfmDaVqNfM9/Ax06LN5zIS6p7rR2aTe4DH9rxa3m6zhUruPXjy2DfMFyZZnRW2DrGu1kBG2vLNUA4RK1KBiJcYX7pRQJ4dUWr8A/Hbbc/7ZUYnj4EhnZpFOtDc94oqpXgOG7mEl2Joy21ixYLVvOP19bZkaAQjfBhaZQxLp5QTCoExFNbndAzN3gzcFyjVpCIxmWK4XNXL1NAg4ed64rPIdPu9bENZAzM+Puky+y6iJLNl/IiUb2mTBp5AfYmqfhjMWdnqEQHIGID7vy2Cqrgg==
+v0n0.nic.run.		172800	IN	A	65.22.32.40
+v0n0.nic.run.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:40
+v0n1.nic.run.		172800	IN	A	65.22.33.40
+v0n1.nic.run.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:40
+v0n2.nic.run.		172800	IN	A	65.22.34.40
+v0n2.nic.run.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:40
+v0n3.nic.run.		172800	IN	A	161.232.16.40
+v0n3.nic.run.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:40
+v2n0.nic.run.		172800	IN	A	65.22.35.40
+v2n0.nic.run.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:40
+v2n1.nic.run.		172800	IN	A	161.232.17.40
+v2n1.nic.run.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:40
+rw.			172800	IN	NS	ns1.ricta.org.rw.
+rw.			172800	IN	NS	ns2.ricta.org.rw.
+rw.			172800	IN	NS	ns3.ricta.org.rw.
+rw.			172800	IN	NS	pch.ricta.org.rw.
+rw.			172800	IN	NS	fork.sth.dnsnode.net.
+rw.			172800	IN	NS	ns-rw.afrinic.net.
+rw.			86400	IN	DS	39755 8 1 F5FE9C8F6290EED632676687F03D986F17F27799
+rw.			86400	IN	DS	39755 8 2 005F7A73F0609A69CA7736158490764E1A8DC0652AB1D0E327941AF0FE673111
+rw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HBXA3Bpj+aD6pWw0FcH/rrZcyGKqNKZa65HfKcZOUQcAH8n/0p+BSNmw8yBWKiwY9pzMTlUUdG0Ct+ex9ilM9pXMmW4fdX3SxDy9hBSqmL5WroBoVRc5FkIPF9DCUQfTUCNm5OazG1yBLCv6AmJPpYUL+UKBl4D+BPL3KV2Hzue31KcYekLL8aNiyQGruMdDSdR89onf/WxI2/qwu7nyt1HbPUpy1Wvj7LDjiMu5Bv264XPwqMrCOB6M98ztJx/gnjrEwujz+nQZw7IxKH07BJZ4yChizdL68jlKJiP4PzlMQXcejpx2CyTpRyKTqLWooLsDYPabY+jy7TI398ii0A==
+rw.			86400	IN	NSEC	rwe. NS DS RRSIG NSEC
+rw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DAhHsgWj7AerU9BytgTTLYbreHk8BDF3uvJKf/oVbivSUc/EvUkjQtSwtVVTwZ/aEb3SqerKHixH/XuL2yxsWrQAc8p0SGGOtL7XLf487Q5AqYvHumGXd7ighvB4TCjl1UmiLuJ+dWFBSCHlDQSedY/HMsGKwdp25yRQapfj6sf7VFwOi6zdc67RsJDpxbcRHE4KVEgDVqhVVbh8kzk3UdN8Tzfah28G8lGBXqEgrkhq/kVEMDZsgsorKHoL/WMu7csJ700PIg1yw1gG5/8vCAVEoYm5oXxsidH/TtMouhwaTjidZb21n7ReXIz4I/KQuo0zrzoeQRg/TVtbCVhQNg==
+ns1.ricta.org.rw.	172800	IN	A	196.49.7.188
+ns2.ricta.org.rw.	172800	IN	A	196.49.7.186
+ns3.ricta.org.rw.	172800	IN	A	41.138.85.98
+pch.ricta.org.rw.	172800	IN	A	204.61.216.91
+pch.ricta.org.rw.	172800	IN	AAAA	2001:500:14:6091:ad:0:0:1
+rwe.			172800	IN	NS	ac1.nstld.com.
+rwe.			172800	IN	NS	ac2.nstld.com.
+rwe.			172800	IN	NS	ac3.nstld.com.
+rwe.			172800	IN	NS	ac4.nstld.com.
+rwe.			86400	IN	DS	3075 8 2 542F19DF30F2C69F686E697CFBAFD7DA2AFA039CB9D6620169895888188AC174
+rwe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JTktleEDVdW5ZIhsvpoTYVuZ76Q6ucKQaR/TqsA0y+fXw28xCSxhI080R9P5/BxvdgtZXCaMlMQ0bR6OE0PEA0LCaoovav1Q9FIqhPMwSghYSI0y2mYyTz7enrxT0vN9h/g8u1yKYmzpmx84DR0g8/moSQtrjnXxBkHVM9OuRahIQseNErUIoMK62o+nWKj2PcLNRcpwbO+gTLoiHHwP4mYaIYdBwUd0Y54yK9iyp1XTOdYmF9Fup1rTI9vKFufgTcr1yVg6kRbRVkW3E+X6Cb0emAUvrPClmOYaMrk0/2DZAjCU/6vch+G7aKvi36L0oi+4bF7xvd7Pw1qLKScgQw==
+rwe.			86400	IN	NSEC	ryukyu. NS DS RRSIG NSEC
+rwe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SlluZvAwRWxAyOF51+WoqxAWM88zO1tfWI7LwwwEe0w74OTJDAWlZgbVqDDOeuAbvH2IP0+vMdmWAFAVWQTpuaMCy0szOib0Hxa0aakg4zU7/RgJw7a4o63vZZeaURCj4hJRWaqL2v1gqBCCBODmZlfZwFx5DCKDynHl1t9kn6WCJa9oufI5ewpvs0S0e20aavZxCRxNMYGvZDOwl1+pDoGte1ZcappCcIqRfNLCnYrvgaMoBHnMDopDYi6zCmMN+ef4dy1fEPSozf1F2YKmE62OEoenyNliHb6fU/TuIRBKzF1F4Bfu+nT7Xypd3iDx/rqez5Bg539vL9rb2rQG4g==
+ryukyu.			172800	IN	NS	a.gmoregistry.net.
+ryukyu.			172800	IN	NS	b.gmoregistry.net.
+ryukyu.			172800	IN	NS	k.gmoregistry.net.
+ryukyu.			172800	IN	NS	l.gmoregistry.net.
+ryukyu.			86400	IN	DS	52505 8 2 A19F9645F1832C3A1550F695DBA8F68E26DAA32BE47967F71B29A4A865D834B8
+ryukyu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . v+Qd22bRcI60gOSSwvD8pQS0lGkiZzo9jMDVtRKM0rsZQ7EHaixO3ybsgNYUUCMa+3J212mu2g+3GZcoteqi9/P0EJY+R25QHs9tXKSo5mf0T7ZV6FwxXs/7kwO8sags7fuzWTcZNbrDoGFVY21V1mJ7Dn6V8WOa/AKp4RjhLO3gtRDNSqX9p+nAdwxGX7hrBnRL7TpoY3cjph+Jg+PhnbDslHzLYOXrVfDhwaVS2m/s/a2RWe9keWcWPlHPj57xQA80Gamd4i0onwVyCaZB6vla0VKviLSjCs41+C4fCMVrXBkbNxqWnHXE2QK+6/3vjTXLcfeGXMTUkkfi78xOXw==
+ryukyu.			86400	IN	NSEC	sa. NS DS RRSIG NSEC
+ryukyu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zW9U4waHJNmmQqacOCowzvUJ7FDpUHPH2o0ye3kLLYL/6L90xqWfx0WkliR0tiBbqgDw99JenxGNvGCHpA+Izd5cF6g9p4P99d3JgKiV0jZDNOsIY2HZylGJub1Y2m6hxI/cddlhOT+NnxzgwHn/ZP2q63fpwvvl5OqeV+YCooqYfw+eht9x+tC6OLXeSdZX8QUpzKDqG7QnGsJ6K+qBbwR+KjkQ5csSVnYVMLiH8mgH+28BAA9TVjcz2NAO5OOCs12FnpFX270QIgJpyQBbc8yOeKp1h5aslGsO7mjTt0jKtCvpB7JlAFOHjx7hj/F4HUdxYxaNL4YGR11qguiEEA==
+sa.			172800	IN	NS	c1.dns.sa.
+sa.			172800	IN	NS	c2.dns.sa.
+sa.			172800	IN	NS	i1.dns.sa.
+sa.			172800	IN	NS	m1.dns.sa.
+sa.			172800	IN	NS	m2.dns.sa.
+sa.			172800	IN	NS	n1.dns.sa.
+sa.			172800	IN	NS	p1.dns.sa.
+sa.			172800	IN	NS	s1.dns.sa.
+sa.			172800	IN	NS	s2.dns.sa.
+sa.			172800	IN	NS	sh1.dns.sa.
+sa.			86400	IN	DS	65380 8 2 0C3E281D035FD68A9BD2BBFE46348B7E000237385CD3A31C58A88CD652DC8785
+sa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . B9SLZuGZiPRMzX6RlhC5iwgMYUEPsW0zzisG7MOM+KKTXyad9kl5qxVoNTwFRiHSaGizrYQMCL1iup/2wO1PWnMW0GWbX3xwOxKzys4OTej5gD3qxwWbt2SQm5TIoneW6HnpM78BR7CBd6pOpfDmRdEROlRIOGd5WeFaWkqNNF3TZTvToeohreO9eP+lbHwVhLCuwwHA708+GJGpuk2wGdcMYd2UclaK+CutkynI0H0TYtj7ZUM1kcc6a4CPvDT8822wW6LDwfGa/VNCr+3eej3yUoN5xn4dUeEULyzVOVfIR9pbuqLFcfK7fb5GIecWfNKixoYe9ZDTcbGMAnnoVQ==
+sa.			86400	IN	NSEC	saarland. NS DS RRSIG NSEC
+sa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D40kYZpPd6wOBWY2zg3nKbfp7UBAeHuzRJFggORFu+YCfH85U9oEoEfvFT96Hh62cyk2L7NvjCzvn7UvDbHh91zPrQjNBmmujIpzvvCw5eEJuhs6CZu9vFdPFApPM5fm9oMB2ALRi7uExLJDnZxDr7+i7rk6arzcBu3/YHH+M5jKPb4UeqPwYKUBTmlz4Q7m6ZQRfqa7w5OKGPiybmRgdIlgTVRF17zGjvwD8sNkNooFpreG0Fwn/QM7zYfT+yRezLaL5x6NAtonAvK3cnZG7aWaA6lfG4R24oZ6mNB7/228PZ6bXNpl40YJKPQDzMYP+cGJR5cPn/dmMGrd4ckkDA==
+c1.dns.sa.		172800	IN	A	86.111.192.9
+c1.dns.sa.		172800	IN	AAAA	2001:67c:18c8:c0:0:0:0:c1
+c2.dns.sa.		172800	IN	A	86.111.196.9
+i1.dns.sa.		172800	IN	A	212.138.118.118
+i1.dns.sa.		172800	IN	AAAA	2001:1490:0:800:0:0:0:118
+m1.dns.sa.		172800	IN	A	86.51.77.213
+m1.dns.sa.		172800	IN	AAAA	2a02:ce0:1:30:0:0:0:5
+m2.dns.sa.		172800	IN	A	86.51.28.37
+m2.dns.sa.		172800	IN	AAAA	2a02:ce0:1:91:0:0:0:5
+n1.dns.sa.		172800	IN	A	194.146.106.102
+n1.dns.sa.		172800	IN	AAAA	2001:67c:1010:26:0:0:0:53
+p1.dns.sa.		172800	IN	A	204.61.216.41
+p1.dns.sa.		172800	IN	AAAA	2001:500:14:6041:ad:0:0:1
+s1.dns.sa.		172800	IN	A	37.107.223.170
+s1.dns.sa.		172800	IN	AAAA	2001:16a0:1:3002:0:0:0:2
+s2.dns.sa.		172800	IN	A	37.107.255.170
+s2.dns.sa.		172800	IN	AAAA	2001:16a0:2:3002:0:0:0:2
+sh1.dns.sa.		172800	IN	A	213.236.36.92
+sh1.dns.sa.		172800	IN	AAAA	2a02:d70:64:68:0:0:0:2
+saarland.		172800	IN	NS	a.nic.saarland.
+saarland.		172800	IN	NS	b.nic.saarland.
+saarland.		172800	IN	NS	c.nic.saarland.
+saarland.		172800	IN	NS	d.nic.saarland.
+saarland.		86400	IN	DS	46559 8 2 AD4F2AC407E370565DF690B65CC4DB568A2F4396403FAB61D2DCF21CF7D2D823
+saarland.		86400	IN	DS	48752 8 2 4CA46968A784B92804D8B08D61FFA40A44C037863C90D8318FAA32DD7D6F6A24
+saarland.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AjrGJSxuwb5NEt+c5A5CRYBAa0KywC1lxCR/o1JUieMhvpppqUOPsan3SHFK+/ZBryHkHQK3A75f1ns9B4aMS4Y5zsEOt6zOHOcVCB4sUBAgYu900ZpFg4R1B7LTuJ6GbV+Fnp22rxz4i+SgMTs0LyRn52cV9W9bUNYIxuT0fPTGieSdysVHcITkroy4GzcAVdEh/qp5VfC/5LqwbNdPyRtfgnMMSgPTGP04jVfjs7a5iONzutin3beInI04Eo2LYUTioUPHvAmzy+P3JCMeDji4eifSwV+dmkzSjWICprq4QVziNwbYK0enRBxpCLC/bKIpVEiKOtgTn7exs2wW2w==
+saarland.		86400	IN	NSEC	safe. NS DS RRSIG NSEC
+saarland.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UaDV9C5tar67NX1Rg2g4/j4/LBJ+AHXG8Zbb18adeM5xNbJf2WDjAWmLwwP6zA9IKHaGSfIhf9QxJ+rZWT5Ai1I6A1Y3tYLpTQGvRar1jioDzcynRyTEHw4tRBxXL62bb9jzUPeAkhxRokJvED7fVRWgpUMFlzbuXRJKS8jzZ8XsFJN3ngKDrKaLxFkxVWHbURupWUgI2Fd7+kAc0EwgIANbTY3XIsaHYSRdkM8OUcD2IPIF2uHdRRL3QJFR3GPp5cGcNyK0SkNjvYlNJHEw06IOGImtnBp4CSfDSVbiD6a87RmcAM5XJLVycSxetElJFnBDYvc4naK8xmBSHiZNTg==
+a.nic.saarland.		172800	IN	A	194.169.218.97
+a.nic.saarland.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:97
+b.nic.saarland.		172800	IN	A	185.24.64.97
+b.nic.saarland.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:97
+c.nic.saarland.		172800	IN	A	212.18.248.97
+c.nic.saarland.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:97
+d.nic.saarland.		172800	IN	A	212.18.249.97
+d.nic.saarland.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:97
+safe.			172800	IN	NS	dns1.nic.safe.
+safe.			172800	IN	NS	dns2.nic.safe.
+safe.			172800	IN	NS	dns3.nic.safe.
+safe.			172800	IN	NS	dns4.nic.safe.
+safe.			172800	IN	NS	dnsa.nic.safe.
+safe.			172800	IN	NS	dnsb.nic.safe.
+safe.			172800	IN	NS	dnsc.nic.safe.
+safe.			172800	IN	NS	dnsd.nic.safe.
+safe.			86400	IN	DS	25204 8 2 E7D00D17F0781FE00111CDA8875099BB36432F10C3DFEFA6E0521AD2090690D1
+safe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y6/3zyhFSn+VIH4vYJmPx9+7SZGwCzldyzC5eqXhO2B/uXIBm3aYtGcgQUM+agWPKIueFIvD3VCefKuBuJD6btIp/KcbcpU/73TH/hlzMrh2MpaFVE5kVrGcSgv2yislzQqHPWY/KqAzweJL2gCJZCQwMhttU9eB+RFJ18V30giQ/9L20+FxmqqUCOVyxfWa//VJ2nYmhYRQsxwnzihZYZzP6UZiMOhXSoLzRtdIL5JFPcN/VvuepwAGxks8v8iY+7kkwDNIBC6WOAuZJBddfPbF5u/dwj4aAnj/gF5YvGLMq05ZaO7yfC8xDIukIgnweopp2qXjk3xl67V1LJdEgw==
+safe.			86400	IN	NSEC	safety. NS DS RRSIG NSEC
+safe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LQikU1uEbZ0hgXEOqiwDHXPkDe3QsC8O9NIOZBD4Vr0k7Cj++mYsYAex5xrAz9zaubG1PXVyrR2h16Q0i1ONVYaqlgcpg3T1hXHUzZqHWaUEpnEeu2KXwC4g9xpWJS89hAwlL5GpG/ISXpgarg1j6QogqNMA2o+OeL+a2bmsMOb5EZV1N3wcYasjSb2sj3yoMfCkwMeDXBWhDBu3Obd+ZYPb0m5ro/mFvFFUF4PRRaZq/wrpoetD515PYJ0sRshBtXY5v4EanSKvfEW2OLyGr/mUW60hszZJ1yluvRWRt+niEC9o64x0Ce2B2/aCuNUfD9aiCOY1E4gfb6nunX1XKA==
+dns1.nic.safe.		172800	IN	A	213.248.218.78
+dns1.nic.safe.		172800	IN	AAAA	2a01:618:402:0:0:0:0:78
+dns2.nic.safe.		172800	IN	A	103.49.82.78
+dns2.nic.safe.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:78
+dns3.nic.safe.		172800	IN	A	213.248.222.78
+dns3.nic.safe.		172800	IN	AAAA	2a01:618:406:0:0:0:0:78
+dns4.nic.safe.		172800	IN	A	43.230.50.78
+dns4.nic.safe.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:78
+dnsa.nic.safe.		172800	IN	A	156.154.100.3
+dnsa.nic.safe.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.safe.		172800	IN	A	156.154.101.3
+dnsb.nic.safe.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.safe.		172800	IN	A	156.154.102.3
+dnsc.nic.safe.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.safe.		172800	IN	A	156.154.103.3
+dnsd.nic.safe.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+safety.			172800	IN	NS	a.nic.safety.
+safety.			172800	IN	NS	b.nic.safety.
+safety.			172800	IN	NS	c.nic.safety.
+safety.			172800	IN	NS	ns1.dns.nic.safety.
+safety.			172800	IN	NS	ns2.dns.nic.safety.
+safety.			172800	IN	NS	ns3.dns.nic.safety.
+safety.			86400	IN	DS	17254 8 2 F76C51279BBD1C4525D952E5D1DF46DAAC5CF3ADBC56D772FC1E85983E05E273
+safety.			86400	IN	DS	43762 8 2 BF2D17C54E9DDE52EB37F0D242A1C4C1051E15C18A2C2661C7A6CA58EE6C0407
+safety.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eIp5KC0Yd2VaoSU3Puq8Y/W7T60vb61Yvnh8H8QgwAxggY1gYPm1dQvqj1ZFgoT72Cu8ELQmUVlYuTY1Z1acWP7HBFM4FkgOiL9r60dpsW7VFzhbnSlXAZYS/w6bNme+8x9Y4txWpY/ka/UgAxdOxFfnrXfelt1M85ru5f+IHTEGr3jDgAsx2/K3hrP0LesxeQhXVz2ROAsvGEzpGZm6d3uaVQKbg/M9/HBL6HMzwYmRHFP0b7g4cmbTXgjRW9/4K+obpEU4D4M6vrwL/kRaRJJyPUHLJoFAlkNkTiRlQtVSv9hFSAISurAnhJLpjhgh9dIIYX3lYi200nNWkVEq3w==
+safety.			86400	IN	NSEC	sakura. NS DS RRSIG NSEC
+safety.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Wn9Rk9Vzjm/sM5O4eBG41Rrz5hEKq/Pmzkl1Vi0JIAm/qrXU8pYpUoekUvOrY9e+SvXG2GjdnXQU/UDxWootZ451NB5AnEZS1vhnx5Zu1AP1fwyZ9YliJyQE53QZaRv69Frmj+NkpV7sytaqLOZ7ZepijP1KipEBb+Ju27bd1jGhyFpcNB5VydUob3fkyss/iptkKXzLJTEFBh/UaedIwp9EOIzLtFuLAnwjzNWS7DnUO5RRJV93vdCPT2uiz6bMFb9R4gEWJ/DEuwCnN3EQKTR2bWr4eBupNDT0vH9IWyycsFnABAWUQtgCLnjH1JObseKQlS/IZ2VRVMFH/lPWUA==
+a.nic.safety.		172800	IN	A	37.209.192.10
+a.nic.safety.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.safety.		172800	IN	A	37.209.194.10
+b.nic.safety.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.safety.		172800	IN	A	37.209.196.10
+c.nic.safety.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.safety.	172800	IN	A	156.154.144.148
+ns1.dns.nic.safety.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:94
+ns2.dns.nic.safety.	172800	IN	A	156.154.145.148
+ns2.dns.nic.safety.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:94
+ns3.dns.nic.safety.	172800	IN	A	156.154.159.148
+ns3.dns.nic.safety.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:94
+sakura.			172800	IN	NS	tld1.nic.sakura.
+sakura.			172800	IN	NS	tld2.nic.sakura.
+sakura.			172800	IN	NS	tld3.nic.sakura.
+sakura.			172800	IN	NS	tld5.nic.sakura.
+sakura.			86400	IN	DS	52222 8 2 FB0B3A130E7587E2AAB1F675F289D87AD4105A64A14E346E9D18F359E3B0F741
+sakura.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aGZFaeuHOH45ls+mTZ2RQG3RSmJ6w4w/qRUvDWABxPquBFncOzkcH/a6JCUjYmxGYSBWCK7QmVcaqH/ISwIyuPFO4r4CZKlfw7QUMvQX2bJIeTL1SPNzCwzRWwMW3+LKv8kT1LGOWcf7MB/ve4qKacqEHvpC6pKEHHnNGrzQbP273RT6cWlFCxfmJYfYcsIchrthrXQPRjRZUiHbAoZkYM2/MO5cBliZUng5R2yYYp0Bu+99zQUDaxW0WgglEIiMHvWhEcfhoax68bE6DnYXZDqcgfX0H1gKkEHrVSmsMgIw1d+nMAq4qN0XUzqxlcl6smtepUd8rkoq4CSwTMczMA==
+sakura.			86400	IN	NSEC	sale. NS DS RRSIG NSEC
+sakura.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . W6OEeJlG8T3PRSiZQieXPYAUPGfg7pl8r05Z5srvFAOUAAejYSIoWTSpof1oLnEjDWrbM7zjbv48yJvXru0hNcn250ZdtojZrFnPb+Z6CFqfjBggz6tFM7blIWSS7aM07rGp2W1IrPYrC/wyNryZAMJbzdAsycq7RIOAqXn8kfXHqkIDfEeq84kAoiKCaXF1occXcCvgqgMkmFk3dbEyRNwcMW57DKSrXfJvbeFbnzNNlsAROkRRHKt9mErurXvpip4eIihx9IN00XV0lBgwVh9jWeh0td2VaQs1/DtvCHfK1F7KIpvNkhe+Lp9lQ+AOSgJHefWHjjt7ciDJoYo9FQ==
+tld1.nic.sakura.	172800	IN	A	103.47.2.3
+tld1.nic.sakura.	172800	IN	AAAA	2001:dda:0:0:0:0:0:3
+tld2.nic.sakura.	172800	IN	A	117.104.133.18
+tld2.nic.sakura.	172800	IN	AAAA	2001:218:3001:0:0:0:0:3
+tld3.nic.sakura.	172800	IN	A	65.22.40.9
+tld3.nic.sakura.	172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:9
+tld5.nic.sakura.	172800	IN	A	65.22.40.137
+tld5.nic.sakura.	172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:137
+sale.			172800	IN	NS	v0n0.nic.sale.
+sale.			172800	IN	NS	v0n1.nic.sale.
+sale.			172800	IN	NS	v0n2.nic.sale.
+sale.			172800	IN	NS	v0n3.nic.sale.
+sale.			172800	IN	NS	v2n0.nic.sale.
+sale.			172800	IN	NS	v2n1.nic.sale.
+sale.			86400	IN	DS	58006 8 2 3AAFEA8A5F3796FF0E2A4754C784AA2DD72F34853AFCDB1DBD7571C7673C88CF
+sale.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gyAyvDTIdg8QTb6CrnqKVIb2cxDIPCSKf8gtXpysSNjb8DuN6fUcO9PSA4ZkmO0AsTV1BTQorDA2EDzCWIjOmdDqiaKROCS9BrQc4ecifz0JmJe14ltn/SVB179JrEhAeV2dk+DyjiKAaYjyrxTW2mzzru3NHAOfOSn2hv35CqiR0fQMUG08bCyWr4B8xo7ydzInPtLFGDPuByjb1Xo6f1hkIojwkDOrr1eSTXazFEDODP3tf2qv9yYD1pmvt/m+mLALE2Kkci7NthTGgAtovf3kxJNNYNa2VhwvCD9HtCwdJKIpW2FWspnfVSJaktdqz97oRqI6UQ5/kJwDOjFUvA==
+sale.			86400	IN	NSEC	salon. NS DS RRSIG NSEC
+sale.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ylP7QBqERH+JAfjjjVtGD7O3crmdkmJR2mxPCD7foYawNcCz494RlYtnBcUnin9DiJw1uyzZzjQf/ryAF3qJjNOgHvyCoRo2beW1E7TMy4lCh/8V7A78N/li4+44HE1yi3FSm9zhinuacRkoyOCbVHLlNZ1QbhT9xmOH2L69XEBUzIynUt6dC+SS1kUG+kNXinH7dQ5gsbmx2g5ji88Yu2Q9GJUxZGRw5SSzBVnwB2xtrECY4eeKJq6xfBYtqwvJWiV3r11SjTSMwNWfsfRC4rw0CiF37Ezooa8Qj2x0bBGHQjYogGutB4ft0TqTkuYu6hnTuxzDBaeTXY5PQvPs4A==
+v0n0.nic.sale.		172800	IN	A	65.22.20.48
+v0n0.nic.sale.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:48
+v0n1.nic.sale.		172800	IN	A	65.22.21.48
+v0n1.nic.sale.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:48
+v0n2.nic.sale.		172800	IN	A	65.22.22.48
+v0n2.nic.sale.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:48
+v0n3.nic.sale.		172800	IN	A	161.232.10.48
+v0n3.nic.sale.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:48
+v2n0.nic.sale.		172800	IN	A	65.22.23.48
+v2n0.nic.sale.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:48
+v2n1.nic.sale.		172800	IN	A	161.232.11.48
+v2n1.nic.sale.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:48
+salon.			172800	IN	NS	v0n0.nic.salon.
+salon.			172800	IN	NS	v0n1.nic.salon.
+salon.			172800	IN	NS	v0n2.nic.salon.
+salon.			172800	IN	NS	v0n3.nic.salon.
+salon.			172800	IN	NS	v2n0.nic.salon.
+salon.			172800	IN	NS	v2n1.nic.salon.
+salon.			86400	IN	DS	20629 8 2 15BEEE88CB2059844ADC8B06944FC2424A7618726B390A08FC21FDE2EF6DAA07
+salon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u+PsK3nCrOmHfs+9yJFjzbocBgI/bZl23SwG5+A2rZET1a7xrJc1qWudDlhLlfqSx7FDfBg3ZMDs8lWeaekJR+Sz3Y2mBjX0bpg+8tkz2hA1XRscmnBUbAiQHiC0yBSExjyfemp9YWIH2c5i1ZRnM0kKdoE37K8LF1y9+oZ1Talf4+fYD/x1Sas231u526fwrCbFdb8KPMSjmr3Oo4hYwsyHH8ffuernpmOdcYJJoslEhIiH6AYh7/Fs2nYxtn/nHtYW0MnZ/uSm2+DKu7bANh5ohHczkeyQMBAPllmsHNi9bhHQonFOd1EsURRKVmDHsiyxcoYj9RcYmnCB5YEzlg==
+salon.			86400	IN	NSEC	samsclub. NS DS RRSIG NSEC
+salon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AZ6rSE6Ury/jmacfUrXNDDxL05VwDLPLJ3L97xe7kGeumnrI3rKQfao/D3XFt1ihKRRkz631bzqUEWsJeI/+OU99AWbo38GxnOjnw3c3XwVozGTy5K5nKW7u4tUb7T6+3fd5G58JEEbuJZC/7+FWL66dGI7/moyEBCZqkh0fr92jsfaA1BCBh3DC8NcE7XurzoYjDbxqdJF/sUxpBNTrjXE/wzySAx+62Ai0hDXyQG0b2TOpF2fZ9yE9+0nY1iUebaSEWk4D4XjsWbmLf7XadA+1oVvW3IQdZ97XuuOg7O2HbMOzNhROMcuOfiAZ3WttneqgcRoUraHfqGQNiacx6w==
+v0n0.nic.salon.		172800	IN	A	65.22.28.58
+v0n0.nic.salon.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:58
+v0n1.nic.salon.		172800	IN	A	65.22.29.58
+v0n1.nic.salon.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:58
+v0n2.nic.salon.		172800	IN	A	65.22.30.58
+v0n2.nic.salon.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:58
+v0n3.nic.salon.		172800	IN	A	161.232.14.58
+v0n3.nic.salon.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:58
+v2n0.nic.salon.		172800	IN	A	65.22.31.58
+v2n0.nic.salon.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:58
+v2n1.nic.salon.		172800	IN	A	161.232.15.58
+v2n1.nic.salon.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:58
+samsclub.		172800	IN	NS	a0.nic.samsclub.
+samsclub.		172800	IN	NS	a2.nic.samsclub.
+samsclub.		172800	IN	NS	b0.nic.samsclub.
+samsclub.		172800	IN	NS	c0.nic.samsclub.
+samsclub.		86400	IN	DS	60532 8 2 3D5123DE8729F24800C0715726142C8317B27134AF028DC67F541DE50903643B
+samsclub.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KYp4zX/8AoQ606QVxh/wpbVYhoBiGOAXK5UdREQFkhAb9qfyT61hF2Tbx62G33naFrAbXgTii5qKagy9hbdCGMtVhMDyiNTrpNrBdgPGTkJz1hthB8jrwzr8m8vhzN0BkVtS5urlg6PxfVuv/Vrd+SDw4ZY7weOR1ZsdtFyHnL11EvDEb+Y+0Tin5GKx3GOQH0GacbkCxqG14NpWj4Yj3OFdnRkObhaQZFsqj8M2b/VJqO2NSHSinZoaAgyK+GQsvnj4SgslWokewWXHiogkXJQcMF0qJc01YWqcAf6xH2mfJAIMUaOYA5Ng0NnrcHwDD7nRfhLZ7b4huK0Ar1fWoQ==
+samsclub.		86400	IN	NSEC	samsung. NS DS RRSIG NSEC
+samsclub.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . N9forgeCdWgFp4Rv2Dj9WJQ2ikrwJB7RhERwdipVvtlO/ZIv4MnJBf0qMI2VFfa0v8OmiKBGeYVq4XhISEJ0ysSaydrvhN5YwMRRbS6FX4ug9XHNoP50vM5ESRPAru+VUPL6blqTGBNAw2yjO7aDDbDC/Fjl5yPzH5LVaesTG4WQID65CmhK3+UFcIDPuaBTPlTVpWkb1Gn5cQmKvSXhPArM7KHh4MXcbrhQ84dGaUPKvxGup5I1qQEcOgfmDLziCpAYuXwhhFOABjBfmaDMjCCNvJ3hjz0T62lUAcM0UGzdLdhySdWhsGpU8mVyBsO8/JSd0oLDhOQXd1wIP3uirQ==
+a0.nic.samsclub.	172800	IN	A	65.22.112.66
+a0.nic.samsclub.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:66
+a2.nic.samsclub.	172800	IN	A	65.22.115.66
+a2.nic.samsclub.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:66
+b0.nic.samsclub.	172800	IN	A	65.22.113.66
+b0.nic.samsclub.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:66
+c0.nic.samsclub.	172800	IN	A	65.22.114.66
+c0.nic.samsclub.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:66
+samsung.		172800	IN	NS	ns1.samsung.centralnic-dns.com.
+samsung.		172800	IN	NS	ns2.samsung.centralnic-dns.com.
+samsung.		172800	IN	NS	ns3.samsung.centralnic-dns.com.
+samsung.		172800	IN	NS	ns4.samsung.centralnic-dns.com.
+samsung.		86400	IN	DS	19194 7 2 144B461CB8AD9212307C53173EF72139A418EAB09997FC366484335D0AAE91FE
+samsung.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lK9E1O5T2axoydmH+nWfmCrOw83G22oV5u7rTwcJZNDam9f2QaLamRVtoPYu2dGoiD/9vze4cYPt+IfLDKVvrTzpW9ISCIMtDvG2eeZ7QWtnqHIZQZgtXvTH9nYHkZvKMf/0h/SunTQGjXEY6aWjUbQrlDh9TY3uiex3EUx5jt/uctLh3WRxS3n0pM7WRba1QivRyu9xcPbBhmidxZkBgggV00IQHp9LI2eUA9cQFBFNjaAJKKtVS5obrIMpSjNFcYeKgX0YNeGUgqepOGPYGFyFbBl/1Wey0014LDP16wcwHc2UaUeXjf8sf6tzEAPp3f+xIjp7i/K43MY1ofzedg==
+samsung.		86400	IN	NSEC	sandvik. NS DS RRSIG NSEC
+samsung.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . iovFARb/vzJgYxfgjnjTOephMopygnaBw4esV4BIfEvJdts5Po7YFRYE2k0dG4OjYvqupnpvkrZXKInd4ArVu2o01HLoNCpklZHDdZFV/i0dWMyq9/Y3JU5Z8Uhv9b4MJKYY85psFsSgyMdyDjQa7T7yAHEjat2seFDB1GF+2dBO2l4ZHMkkQSL0o2v/Y96E+dbDB0WKtO2fBMtLaKYPOMT303gLdeLUDn0/hvUI/Prbj2tWxaWeT0G8nIONDmxPUMsMwYIP+ojAD8F4himhzw3xLCWXkDj732mUH3xTY7paB0l+jyjDv50+RIv2ZG4nNiP0e1ld94JDwEW7nGclEg==
+sandvik.		172800	IN	NS	a.nic.sandvik.
+sandvik.		172800	IN	NS	b.nic.sandvik.
+sandvik.		172800	IN	NS	c.nic.sandvik.
+sandvik.		172800	IN	NS	x.nic.sandvik.
+sandvik.		172800	IN	NS	y.nic.sandvik.
+sandvik.		172800	IN	NS	z.nic.sandvik.
+sandvik.		86400	IN	DS	16237 8 2 8703222CAF60E541964F6804D51EB5D3C1748E095978350689324CF8C45F9F0E
+sandvik.		86400	IN	DS	23647 8 2 01ED10D00E4FDF8BB9BF3338BFE2EF3AD80BAB54270CE9A42941B6E3DD87781D
+sandvik.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ka0YJ/D3ernNksT+J/09/Ax4cJv3NQ22ox57UZG9WaaGgbnXDuRY0qn0tCvOKAJjsD7KsWYsfhHrm0ZxcNHltntHJA6zSVz+fALijJns9duiGLGvfOnHKfvOQ679t8whtDGjGrqs8JSksb9NieMcyyty0xgujcc5KKbgXR1EFblkB1ic2r5qN4af0kFXhyL9u+YG53A6j0dVAM8uxAhLE51WXDYYzlOCaEsN55Wgwv62PbFNEtc32frpL2RT05iaqkjBhhEPk/OWosbQCbTEMumHPZdQpJ3zJF73j01B327PZh3ApdE0nFLxaTuvp7tDmR+V7JVyZxBmGnwqO5a6cw==
+sandvik.		86400	IN	NSEC	sandvikcoromant. NS DS RRSIG NSEC
+sandvik.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qw/kg+N76pPEfvZGcBGdRgLegj/pk1lloVp64hsP87Qyk1f86XZIO7q3FN0YPflYqQOg79dn6b12G+ZEFuYx6o3bllYEJ0HNQfHYXrzgRm9Ks7LL7RTPQrIUJrikVKpK/dSlbYZqICnDkRRreZQzGAFZ4VT6U84ck4gRyS7+3AzGlRN8rMizLmCpYYZ/ReOCTd7fBQdgOyuO6HQZrLGek46BgYgLZ+0U0LEwicTM3AyjKtU34T76AxMA8sHSzF8H4Sb3NOM8+xDTBGPkEKdi7iaEE8NyBrVhnRGI+wbWkWjU0t2OlMcZmyqXSBA0S8IB8yB4XlotFxzSNqbo/ZnxBw==
+a.nic.sandvik.		172800	IN	A	37.209.192.9
+a.nic.sandvik.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.sandvik.		172800	IN	A	37.209.194.9
+b.nic.sandvik.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.sandvik.		172800	IN	A	37.209.196.9
+c.nic.sandvik.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.sandvik.		172800	IN	A	156.154.172.82
+x.nic.sandvik.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.sandvik.		172800	IN	A	156.154.173.82
+y.nic.sandvik.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.sandvik.		172800	IN	A	156.154.174.82
+z.nic.sandvik.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sandvikcoromant.	172800	IN	NS	a.nic.sandvikcoromant.
+sandvikcoromant.	172800	IN	NS	b.nic.sandvikcoromant.
+sandvikcoromant.	172800	IN	NS	c.nic.sandvikcoromant.
+sandvikcoromant.	172800	IN	NS	x.nic.sandvikcoromant.
+sandvikcoromant.	172800	IN	NS	y.nic.sandvikcoromant.
+sandvikcoromant.	172800	IN	NS	z.nic.sandvikcoromant.
+sandvikcoromant.	86400	IN	DS	19999 8 2 AC19FB9AA365946AA64F8872782E80AF68F6BF988F9DE2E31901434849FA8D5E
+sandvikcoromant.	86400	IN	DS	44284 8 2 BF58F3D66C43E835B092A138295C40E293AA5C358C79888A543F9E6538048FC8
+sandvikcoromant.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . liU0EtH2Q8BERHYlwK8mxLVUWg8d/FgVXBW5IMJx/G0riJajrC5Am0Q7M/y8UKOpmOpd1h67qMez7IsUa21UnclHtXrWzSAT7VPYhLWOLbqot7BFn86fcxzl4jqnD2grt5K+x9MWVf/L5kydjom8Kr3sBWTeHsqiRzOt/FT6NIJLp+YHE4ohFZDDYo4Ph7Dgwjg3t5XYxz/2p/jtzK8t2mPilR9msd/njCOoMpeLmoUqIeLiDrJbEOgpKiZKaSGNvkXmLH5XOQygOTemaY/GH6ndvruHIyq0cgzQfxLeAyoGhwiCFySIRtsQBuqNarpmE291Kj9whxVzJGQZ2wvPuQ==
+sandvikcoromant.	86400	IN	NSEC	sanofi. NS DS RRSIG NSEC
+sandvikcoromant.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wpDhM3A9XrKYD1tqmvVb2s+XtTbs2GE8m43pg0kq9O1yRpaZtfdTrzsfPrF/qpnELPmtG7aOSpmLLhm6DYsXpnQ7cME/4BPK3ilhr6ptH5w/6m+cvnKNjjMcOcBTdLPpBMEhF8jEaPVV8QmZfC1P3sSpsn3i2RRlTdR0PPvYJ4wwBR3D6ZmMknZVimReq5Scwng4ZwA6DYUmKKTjIOcs8+aBtOC4l3ld9ZMU8MkZy30dfoIahWMskq6EoCTa/bUHWjlc2CIERMu1tYe4ze/6/VGotWgydbjnoSqXrN6cR/YGuSr739dE9GoEnuLP6XDirlJdIsPyKRH6XOTwSoY8Eg==
+a.nic.sandvikcoromant.	172800	IN	A	37.209.192.9
+a.nic.sandvikcoromant.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.sandvikcoromant.	172800	IN	A	37.209.194.9
+b.nic.sandvikcoromant.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.sandvikcoromant.	172800	IN	A	37.209.196.9
+c.nic.sandvikcoromant.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.sandvikcoromant.	172800	IN	A	156.154.172.82
+x.nic.sandvikcoromant.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.sandvikcoromant.	172800	IN	A	156.154.173.82
+y.nic.sandvikcoromant.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.sandvikcoromant.	172800	IN	A	156.154.174.82
+z.nic.sandvikcoromant.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sanofi.			172800	IN	NS	a0.nic.sanofi.
+sanofi.			172800	IN	NS	a2.nic.sanofi.
+sanofi.			172800	IN	NS	b0.nic.sanofi.
+sanofi.			172800	IN	NS	c0.nic.sanofi.
+sanofi.			86400	IN	DS	41599 8 2 02843FF5975A697552B6331207523EED81A6FBE7A7F6AA90F9A2513BB3648092
+sanofi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . S2RHvTpp0qW9B3EZxHJuRVtz4EjXjjgRKos6H/bnRLIygiLmxDLakjEWT6RW0JETp3fjPz+x5SN3Q2hlhDIgQ1cBiiSC+RHwKId02y48kTfi73ZsA822NwXxxrgEGrm/d6I6d60Wcbx3Vet03aNG01D0U4spbygH6ECTFJZQwmsrGsA3439+D+Zffg/P9V60y6kdPD8MBNpCSzFNEtqwMa6dgugu2KTy4iXAzhFBmaoH2Ya2hEh0D4nHg53lJv32+D8XFSei8EDvLtS+kVEC5FU6m/sxegxpXhvfDQgNNfd9z0UyqBPTn+R6iDJIasXZq4f85QVuBMRbWRTaORdlZw==
+sanofi.			86400	IN	NSEC	sap. NS DS RRSIG NSEC
+sanofi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Fw63u23/bD4zZ+Flh2p2DT/3KHzO6r1vAsSQe406yEfkMfgfUlzna2Pgqhu+pg4wcbQUZKoN10Z+tVW8Ug9w9EcdXqKA1u6vVl7j6sMBPkoOonXsoIr/cMcek6AHQLVW4DUAPj6G5LQd8eBuGCjF23Zu+IW3S9FnyvIH0EKkRYjnBNtVqi9ugVNriU2OoSpYnLrds8YLJZBtDUJSAzEWql9DlbrrbhRzKUrp7B6XfsrDZeCfltwO546bo1cBKnZoNIkM14Zzk1vdGzBNKarwXlDTtLcc2lqUog3ASqxpFCi2A95Ud/UM6ZaqU/RAv5jlQccuOyMSPiYUALfwDY0gXw==
+a0.nic.sanofi.		172800	IN	A	65.22.112.67
+a0.nic.sanofi.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:67
+a2.nic.sanofi.		172800	IN	A	65.22.115.67
+a2.nic.sanofi.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:67
+b0.nic.sanofi.		172800	IN	A	65.22.113.67
+b0.nic.sanofi.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:67
+c0.nic.sanofi.		172800	IN	A	65.22.114.67
+c0.nic.sanofi.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:67
+sap.			172800	IN	NS	anycast9.irondns.net.
+sap.			172800	IN	NS	anycast10.irondns.net.
+sap.			172800	IN	NS	anycast23.irondns.net.
+sap.			172800	IN	NS	anycast24.irondns.net.
+sap.			86400	IN	DS	58162 10 2 C54138AF7A4E7BEDE0D15FFD010BA47792DED7D0729728C814821BD4C06495B6
+sap.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . V5CZByOIhxbUyR+g8X1BSs1Q3mhbRdE8AZj0CVM6ACfkcYSAPVLI+gDOg+yVG7Z3vMz2X2k4U6N+wq2m7Y+rhM1ictkFhTh/kaEygoPqClPKMvXYh25KDYjqm8AvqjK5cgTbUk4jnqOtDJD6rT9Rxlwl92NtIz9t+i+Sly2HLGOcNj+UOhTzYFrOkCOyHY58pfQtHg03BEJ953d3IcbZfSY/UkwtcfFzWKixsSHXLf8bS1TFTYEplupjVJxTAWyRqUpuyqr649rBvdohfZLxRhZ2OY+IwoatPv53eqtcVx8xoZqrX9oKy2iSITuIy7Z4ICPCwO6nyc4ja4lXJgwi/A==
+sap.			86400	IN	NSEC	sarl. NS DS RRSIG NSEC
+sap.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZVV5SW6ll7UxLYGn4B6mF5zMMmSd+76TWLwx/AsrNxlstN8nITZzYhoZkYduwo3sy+eWZ+3mSGPkLsdN9rXizJ9kgaEXryMDBBQNghRGzwZZLW1Vo3/sFNQTEjiiubKS3Uemha1NO7AzQLwGJGW+SFVqQyBeBVjNhOEprEqiZNhnh1SorpD1UN4cThVabAFYmM7RyEikqFctbhxwVZckhnXjX99AOO+HhoAMo4TiZGwa4uNgD0Sy6HLf2iUrCpQd3Fjgzg7IA3wn/CQx5thqD6SbC3pJwQ9gVsUQTPGzckWMBT87oXSNP5Nwv/60dS25GNPbH3DxXpDzRRj7VRFY3Q==
+sarl.			172800	IN	NS	v0n0.nic.sarl.
+sarl.			172800	IN	NS	v0n1.nic.sarl.
+sarl.			172800	IN	NS	v0n2.nic.sarl.
+sarl.			172800	IN	NS	v0n3.nic.sarl.
+sarl.			172800	IN	NS	v2n0.nic.sarl.
+sarl.			172800	IN	NS	v2n1.nic.sarl.
+sarl.			86400	IN	DS	30877 8 2 24DB28DE74191D33588C628D306BE3457278F59CECA8104D2A81CFA7FCD8D6E6
+sarl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Yoeq8vvFgOa541F3SOsWcJeBuaZo1QasgbMsSWD5d3ou0PRMsSB9hijuHP3BQ+pR8IdhPM1w2wGwE6TaCVQ3XOR/hvN41aasn/UCQfi2rMIC62b4Q7Trrx9hsVDc8g+wWhUe4dwZPqMJGWIRqd8vA5gBTBXDslAH2XHACRhdpqTqYarV/igcCEC2/fcAGfocGIa9/t6uTsT2EH6BnFSihBeZkDZ5HgyhRc5vDZSvISdovrsH8aDJMI6SeKFqiqWyYk+NWr186wAW0HjnbRo2VWZE5yfVELgwylJxrdrfNRWJslKFhJJLgaYiBuVqyblxeFRjlKzsRuKUaaTozn/DPA==
+sarl.			86400	IN	NSEC	sas. NS DS RRSIG NSEC
+sarl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GNg1258zj6f2e4gB2Ks7ydGSjzJtpjpicqFKGZaahvJgektn1sxza1t3lRb7i9Slmn5czhVygTFosO82/cf/Ubz6j/qe286ro9Pj/GMCNUwJdCB2KVtUY8Z1opJ0JkjCzTWqZznzkyVvbVpDr9DowKoqHANLCNweRZ5RJfYQhqcjt26Loh9uiI0WPKQ0RNpEkec+pAL7T8r2QZIw+rmcfZSFoag3WYIoruxPz1jMbwd7OqclZpiQt2jeBX8Zpj4hIyMuMw6ULZaozIVHZJltrxKivTuZSJTktiNnuCx8cpSZ/UGA9tR1TZkGOCyJq855XhF/1d7pw3GOg1tmNfnm8w==
+v0n0.nic.sarl.		172800	IN	A	65.22.32.63
+v0n0.nic.sarl.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:63
+v0n1.nic.sarl.		172800	IN	A	65.22.33.63
+v0n1.nic.sarl.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:63
+v0n2.nic.sarl.		172800	IN	A	65.22.34.63
+v0n2.nic.sarl.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:63
+v0n3.nic.sarl.		172800	IN	A	161.232.16.63
+v0n3.nic.sarl.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:63
+v2n0.nic.sarl.		172800	IN	A	65.22.35.63
+v2n0.nic.sarl.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:63
+v2n1.nic.sarl.		172800	IN	A	161.232.17.63
+v2n1.nic.sarl.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:63
+sas.			172800	IN	NS	a.nic.sas.
+sas.			172800	IN	NS	b.nic.sas.
+sas.			172800	IN	NS	c.nic.sas.
+sas.			172800	IN	NS	ns1.dns.nic.sas.
+sas.			172800	IN	NS	ns2.dns.nic.sas.
+sas.			172800	IN	NS	ns3.dns.nic.sas.
+sas.			86400	IN	DS	20119 8 2 245081F2A99002CFBA295D87B98465B3B4A2DF0023364E577292C15103FCC0A4
+sas.			86400	IN	DS	55987 8 2 75E65D4917A0980AA1CCCC56B99C58C86A5A2D62EFEE4D1DE37F672AC7AE8E7B
+sas.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YSGYfRxd1QjOeVSSswYKIeoxgv3GPHVZi/uiyrGH07TUjzCxxeGLNUPogpQsvwEyNvM0ZXFwcwHke3wHCo5YyrznQFZBGnvjzqjiPuFEE4v9jB7aptYcH6S1JIwJCSFGSDWeJ9xG1jmS2KacslWi/5uOzLbwBQJEswrfejKe8q65E4NE/MgB6ZmRTtecpLFcrTmsTh324qyRFI72+c1XVv6z4PyrYQo6efDGGIROxDWhjY/4+AuZxzgNHvWwf5iY6CDwJ4ViL1skb26nASktjOAv14G55obmW9Vx4hFi3LFDA0GDctxsp/cCt/xteZEInsYd/yU/FN16+HSw8YvIYA==
+sas.			86400	IN	NSEC	save. NS DS RRSIG NSEC
+sas.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bmZcC3RbKNK5DPDOrHsh+81SWiFRRj/hN/Z/4QJrxrRSPA65CBMC7RP2evZaAXju5FvaNC+JtfAZgwZlp83BOk96ApxrRk6vVPmlDdogE+Lh+GR/46z+h3Cw7eKHa1cRoESCp0p76bunDJ46VI4tCZxW+nQVoxMK8n56Yt5r+I5wzO1pY2luY2CiLyEhYxYkktBjRTSNNDbEiTlXIJjSRAhur7dK8JujPR/gTvPsC2bxEervGjp/QUZRu5C+WrsKPeQaLRXV2iBV0PYv/dhgh/Qu+oWXSytCwj3IUeDWG97wqjmD6BZ/XzfHuEA6f0zlqtjj8qvsOKMubu+jc7IOWA==
+a.nic.sas.		172800	IN	A	37.209.192.9
+a.nic.sas.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.sas.		172800	IN	A	37.209.194.9
+b.nic.sas.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.sas.		172800	IN	A	37.209.196.9
+c.nic.sas.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.sas.	172800	IN	A	156.154.169.39
+ns1.dns.nic.sas.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:27
+ns2.dns.nic.sas.	172800	IN	A	156.154.170.39
+ns2.dns.nic.sas.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:27
+ns3.dns.nic.sas.	172800	IN	A	156.154.171.39
+ns3.dns.nic.sas.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:27
+save.			172800	IN	NS	dns1.nic.save.
+save.			172800	IN	NS	dns2.nic.save.
+save.			172800	IN	NS	dns3.nic.save.
+save.			172800	IN	NS	dns4.nic.save.
+save.			172800	IN	NS	dnsa.nic.save.
+save.			172800	IN	NS	dnsb.nic.save.
+save.			172800	IN	NS	dnsc.nic.save.
+save.			172800	IN	NS	dnsd.nic.save.
+save.			86400	IN	DS	6611 8 2 E81FA1AF4EA9F0EF852F21B1D175FA87B6758A90D293B77D4326EDBFF8BF79A5
+save.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iUAX38PAoY0ktyCTyUB00+ZXnfB6sVKViiYRpQ5Se802SSj3ZtdDKca/+N3IfzkD6F9FNcJadqnX0GfI2e9pMIyZiNhBl2ImCc7zfAXK9rlyzJYy+F3w96AXrTPM+u8LQHzmqHxo2n3YlUHeWGL8zuSDapuC2k+/Evu17RHZHkJ4qZP+uU697ZJ54Te3CoS4oICazwxliHvwGkjrR/Fj5z2zbAyQSRkYuRzFUn5tWY0UfK65uuOAWRSILJOP9w7QC3LBBduZkkxpYtNV8+urEv9PJ6Rlva4ABr1k3sQW0LRORfD+k0BFtxmbBsbS8nPCoX7JXuu6jExzE1xdcccgIQ==
+save.			86400	IN	NSEC	saxo. NS DS RRSIG NSEC
+save.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tKnyAznUxH7mDbVbpwMZgLSohmh5ZHWSE7Icll3bzlqxKIXPqj17A8IK7Tr6qPHHb0oEtP+DMw1I2Tprh4fB+JP7VOZrPSKaF96jg/t3eLtaVzR9+xZp6glqKM7DlSM3q3xvI/CWGQA09iBfAvhYoWQQzb7soAC1UR3GCxTM1ESmpe9iVX5y5GmGj3+/6bv0u00iFcG1HIYhxU334hFzLgnJjfjiG4OFHujEhESn2VdJwqCciRCqs7ClLbN0X6Xgoa6QOlRchctsEA0GWrUT8ruOWKjHRPhSXeHzj6b5kAiAL9Zxp/ZpTgZ4SZEZF7biKEpjQhTbNQw/t2pdYRvWvQ==
+dns1.nic.save.		172800	IN	A	213.248.218.79
+dns1.nic.save.		172800	IN	AAAA	2a01:618:402:0:0:0:0:79
+dns2.nic.save.		172800	IN	A	103.49.82.79
+dns2.nic.save.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:79
+dns3.nic.save.		172800	IN	A	213.248.222.79
+dns3.nic.save.		172800	IN	AAAA	2a01:618:406:0:0:0:0:79
+dns4.nic.save.		172800	IN	A	43.230.50.79
+dns4.nic.save.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:79
+dnsa.nic.save.		172800	IN	A	156.154.100.3
+dnsa.nic.save.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.save.		172800	IN	A	156.154.101.3
+dnsb.nic.save.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.save.		172800	IN	A	156.154.102.3
+dnsc.nic.save.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.save.		172800	IN	A	156.154.103.3
+dnsd.nic.save.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+saxo.			172800	IN	NS	a.nic.saxo.
+saxo.			172800	IN	NS	b.nic.saxo.
+saxo.			172800	IN	NS	c.nic.saxo.
+saxo.			172800	IN	NS	x.nic.saxo.
+saxo.			172800	IN	NS	y.nic.saxo.
+saxo.			172800	IN	NS	z.nic.saxo.
+saxo.			86400	IN	DS	8887 8 2 117F2B38851F01FD3B94FF49ED5A41B04425F8926AA9D569C301CF46F05202C3
+saxo.			86400	IN	DS	33499 8 2 3DACA03D08EF7CFDEA7E7F42231F411F3B56B9C8CA2CBB2D6D6A70B63652FA79
+saxo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . M7OypTxROv063s/JwpzfEXDeLxaAK3L/XLPYyme1Abb5LfT6jhmbS2orWQV2RMmJ7OrcLliWomh5XNmw+B+hH7vKMF37P50dkgdEoMQRQ1qJcZ+yl4sdnN1LAie2hAv5qkPUyghCxgWrZZGEF0YSXnfOHP/ue0kSXW8SKs1gAidmR7yW2TNhSEMSQuubOp9aZnhL+6kebMTyzxHozM8aDAXIw6Ee9jKBtTGcE+kWm6IYRx8tULFeXKvYLCjeAJFsZyXBNCEL6IrVkjSiJOVXiGCZ2JWm8ktZtcPv2vM8+Pg1CKOV2d380YJsl04h+fWDiH0HegOxpTUpAVqheE0DJw==
+saxo.			86400	IN	NSEC	sb. NS DS RRSIG NSEC
+saxo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lVVMKyazhH8CoglrMIDhOy7YgrEZTqn5rFdj4oMoGBrPqUPDyODSuEPx36yGKEoiIpXz8fxasGyaYWjzni9NMI7SNzmNCBPasVvYP3cPnf0AT+u/hGhGDz72tBqa9n911MZCmYRdDcgFG2EeHbEJm9F92PtumtcCDNpNwha7KtcJQrOmgeizyFjf4T0M8yx8eSBozZ2BDqz80TVr1y6QIpa18mySrqh37yktsSdSWsNQOqu288/gwn7baSLm1aP7yiZtlS3vmn9LogKTK+6pNWomX9xuui5Z0r92liIxslJ4Ww/H6GWVXzf8IJORHzPY796B9Q1kwQHXATj8YfA5Qw==
+a.nic.saxo.		172800	IN	A	37.209.192.9
+a.nic.saxo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.saxo.		172800	IN	A	37.209.194.9
+b.nic.saxo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.saxo.		172800	IN	A	37.209.196.9
+c.nic.saxo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.saxo.		172800	IN	A	156.154.172.82
+x.nic.saxo.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.saxo.		172800	IN	A	156.154.173.82
+y.nic.saxo.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.saxo.		172800	IN	A	156.154.174.82
+z.nic.saxo.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sb.			172800	IN	NS	ns1.anycastdns.cz.
+sb.			172800	IN	NS	ns2.anycastdns.cz.
+sb.			172800	IN	NS	pch.nic.sb.
+sb.			86400	IN	DS	17635 8 2 27F59686A15B09DC8293FAC9C31E5BE51ABF214E1E9CD5B21CBE50F0F311C780
+sb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ut+gZba3J1DKXBAqn/1XL3XUFdG2ETQuS0Fr6y9L78yD5i/HUJu80hpqWGEzJIUhic29KjZ5Ii2YcX3BoiH8b8dcguTp45hJIIlflKOKSUJtpwOMzqetc6hT48vRczO0zfJ2nuL9viIhTUKBhvrGycpcg/0QhMYeZfeWoJMF+T/qR0oCIpULRMupHWTbckWy3TPHm2R6IJNX9yTAHx/IaE6rfD5rAIremcchFUjFsT9GXT49/tI2Md8uvux94C9M5RV0MQchGPdSp9VX+QyPQw6smcZ0MCE7hpdDTj9QsihRArbnkIW8MgNGwFhv3as3nNpBvLhaT7ENoSnwKHF2Wg==
+sb.			86400	IN	NSEC	sbi. NS DS RRSIG NSEC
+sb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ePN1sEKXwKzVSL4BAeFy/GKx3BhHtjVl5uHkstZxeMkEvrMpsH3EwyYJ/1tm++7GnwBmguEbqrgvnho4xsijR4i2M/OJi3uLKJGFsaIr+DM1hgOdJVKUEjG5P6E/iCwRUqYFjd8mqMiI7l0/3RT99X+dQzg9mUxu1kqI2gCX+P89UO9SVzP5cr0v/rwlou60S3uiEjlBtgaD6V97R+1GkZy4MwyVcLuWDWN+wGpyzOuwXRuvfk3y/ZEUgGz0IkRvVYC+KtKdNzP589COg0eD0X+gvoCiXyRyqvuX2rZEiYN22YDQO44R2StwnDxJLzXzCnwBz4cXwpuD71bpHsTPQg==
+pch.nic.sb.		172800	IN	A	204.61.216.31
+pch.nic.sb.		172800	IN	AAAA	2001:500:14:6031:ad:0:0:1
+sbi.			172800	IN	NS	a0.nic.sbi.
+sbi.			172800	IN	NS	a2.nic.sbi.
+sbi.			172800	IN	NS	b0.nic.sbi.
+sbi.			172800	IN	NS	c0.nic.sbi.
+sbi.			86400	IN	DS	31606 8 2 70193B642AEFE13270D7FF55A3FD26BCB1C6CDF4D43B04F694509DE430381F4B
+sbi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . azoElux0huV1esXTKhfk14Xt3wmXOY3ecd7Q3gQlyYpYSUCxHW04/9yB6HV3qtbSNbiGaalNvtI1fgYurKIe6qIcGjpWWR/GEbXZzWJnoRmop04S9hCQ5WTQIVqPedqgilVC63emNnyP8l8udfBlqa5tzf1KQ7p1U6sWErrDqYlG5bKAkdWFzJ2C/FHUHL6KzYKKWTWs2SbRuodwbkHpxgNqj3MH8izxcTAk7fH2YMLqra+vMI7sGFBPLueRfFEaH+k2qE3EDehRYfZ6VmW5tOSrXOpEqAbnKucUkiofoFzHC6MXRlxONo5xB7VCzj1pEvnOQez20k+GQ6HD98VVsQ==
+sbi.			86400	IN	NSEC	sbs. NS DS RRSIG NSEC
+sbi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . h1VGWK7XU5Qvg+qW4WL6edGALVRK/D2V52AtauIgizhdhM3iYYArgEvg22AT3Ru00cmgVydDeRWMYnHm85NWWY0RJOFr2huRqmRa3lHaRrTH7LMtMG6aNEVqNhrwyUbh0m2Mx6VWwxPTlYX6Bl12yUf5F6b/Xfx7S4o2SzzRxwFqDCRcT1QF0QcfgIZi7FtoYc3+Mb8qPqn3ZD3dn6hsuvnEs6oCjMcT6fVoQ2QhsG9/EiNif+kgfaSu2IOus5tNfchy4ZCeZfnBp/h7THcM3xGvJr8DgVUYBIleVtUM/nOnRt7Lt7arTeOXq4pRYV74klwGNA5FRLfpR7VDW75/vg==
+a0.nic.sbi.		172800	IN	A	65.22.176.9
+a0.nic.sbi.		172800	IN	AAAA	2a01:8840:aa:0:0:0:0:9
+a2.nic.sbi.		172800	IN	A	65.22.179.9
+a2.nic.sbi.		172800	IN	AAAA	2a01:8840:ad:0:0:0:0:9
+b0.nic.sbi.		172800	IN	A	65.22.177.9
+b0.nic.sbi.		172800	IN	AAAA	2a01:8840:ab:0:0:0:0:9
+c0.nic.sbi.		172800	IN	A	65.22.178.9
+c0.nic.sbi.		172800	IN	AAAA	2a01:8840:ac:0:0:0:0:9
+sbs.			172800	IN	NS	a.nic.sbs.
+sbs.			172800	IN	NS	b.nic.sbs.
+sbs.			172800	IN	NS	c.nic.sbs.
+sbs.			172800	IN	NS	d.nic.sbs.
+sbs.			86400	IN	DS	49074 8 2 DBDB6A00E2AAC5F3C8EE371B1E46F69DA8BF7B985F837CDB9FAC21BEEE2F7FCF
+sbs.			86400	IN	DS	56056 8 2 EF6D326E9513EA4C07F99A08AFCDC5F3D9E3F6EB73000AF57D6FC3DECA1CA31C
+sbs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qbUJhZhqCEkuH1WQ36WsYFeJK8WZYxPZjY5xhd4vhGy8S7nRLOkPaImmxprKzgf/YMyFhzK2t+YdtsCw+8bD95nEyQeP7KcF07TvVyi5VuJjdqaNZLEPRWABs0aqRmf/DcEkcgXTqZfOUCW3TQ7E5yFqvfownU4Xpj72nDYfMS/XWivaVzgDQWRf9/63pvZsRvs3Wai4DBzV542k7IwR6UcmJmc6xRnoWG9vFYh+a0Ufa1vo+pD+S/dOpzljuSUwxe4cVHMCso0sYH8JsNmEqSW4wr323i/Uvi5t3eNNfX+cSG8J6TE3rUxCUzNsehGhOMBa8hA2Px51rDZMx8xZqg==
+sbs.			86400	IN	NSEC	sc. NS DS RRSIG NSEC
+sbs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ewKaQs+Rw6SrrUNEGideS1qiuXevxJizT1/rweDRT1s8x2Any6b//5mCLQyCDFrgHNvRwDF+eldhbP5AjmmQQU3Vc5LEaBQ071PAVPpEcjX9Yl8U8qZ7pUoForvaY+rSm98JM2PMj7Shcu1WRlHkNCEJwvfKDFndehU5u0OT0a/P8TEfSxF5XvJai34FlhK2nuJHyzrpyCR81XmIlUYeQfRWdZqIgyO9dlPYk+7TlEMOuk8EE3EzLDJP3iOnS+/4CMG3jBK7yO5Ry/hhaagR3Ce5d5v9onKwX2P83g6Sbl7do2Hv1fyvbBKbJQiEShtYGfMQsZG/U6KvQAzU9Px8Gg==
+a.nic.sbs.		172800	IN	A	194.169.218.127
+a.nic.sbs.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:127
+b.nic.sbs.		172800	IN	A	185.24.64.127
+b.nic.sbs.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:127
+c.nic.sbs.		172800	IN	A	212.18.248.127
+c.nic.sbs.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:127
+d.nic.sbs.		172800	IN	A	212.18.249.127
+d.nic.sbs.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:127
+sc.			172800	IN	NS	a0.cctld.afilias-nst.info.
+sc.			172800	IN	NS	a2.cctld.afilias-nst.info.
+sc.			172800	IN	NS	b0.cctld.afilias-nst.org.
+sc.			172800	IN	NS	b2.cctld.afilias-nst.org.
+sc.			172800	IN	NS	c0.cctld.afilias-nst.info.
+sc.			172800	IN	NS	d0.cctld.afilias-nst.org.
+sc.			172800	IN	NS	ns1.nic.sc.
+sc.			86400	IN	DS	2539 8 2 8293FA3AC08BE770A400DDE4F250DC6BF1046F34430BE12E65C15BF2F482B26C
+sc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bD/4pX8goaFk41PHK/xtI3HQvJuArRItVdHFXQyQziDeOSLLFG5yqAHU1WE293vMR+r730noqmn7xxrtSjroSXOlTo2hg5F4IpmhClBMjOeNKy24Jv4ZAfm8v2tNMDo6xzZpaGjqOstMxaMGZgpMfa27ouqskiIHcHNjzNfYubdhIMdmfe7moc0CQjwlxcPV1aekucOmEcfttk3wmMaPpjMrV6JWJl/84s9OhopWA2V0FqBMNxxAInas0m/NuBotIM6WnrSahxT+0vhYpmh1kduulVsEgXjRVrYwaj0reCTXxIJ3k+SIC9OYfg0O2peK7IqYBY7C71XRVUAteZBYNg==
+sc.			86400	IN	NSEC	sca. NS DS RRSIG NSEC
+sc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CtianIxV4mKNsAa6l+Jab6WTbhxKOhqDjQxX3n78Jl0Zqqrm1a/Td39Yz+ZwQFJXozrx2c9fgAohldYzs4ZC0KMet57DI7Blf+TberNsJziPf1NIA85ACgUkw6GZUOlD0DjyVAS3rDetW/tLv5DX8TEZWFfsJvXkd3MnlNHwa/ay4WLFo8hgW5bWEAXt78eTA94CqFjt8opXcSedH/iASBX5TSbiKszfWS6VuUUYS88nKy8tYAy92rn9DtPdq9GZdPxoLrArKkEHTmvbrU8qHCSxNrGMYmkMb/vB9+VulMT+ykMEEpDiZyPvLpCinpO/a0JDqDI4yE9IvYUo9Ehh1A==
+ns1.nic.sc.		172800	IN	A	41.86.57.54
+sca.			172800	IN	NS	ac1.nstld.com.
+sca.			172800	IN	NS	ac2.nstld.com.
+sca.			172800	IN	NS	ac3.nstld.com.
+sca.			172800	IN	NS	ac4.nstld.com.
+sca.			86400	IN	DS	11691 8 2 2433227153341429FD6DC9CC654844E9614C0BF4D408C39BBE0149E1716438DE
+sca.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o8eoAYAo7qeSc3tv0otnrxJ5BRU4bcKvWs/VS1Ha0YSKrv77vT9XqB6z9MrKNztvmmp1D758HcbKga4qkKR/C0psvN4SQPHCogGr2otQoHQzxVL3TYRXvhv72E/Gy3R2bLZ1tvVSIgoWSjYSBtojuEotsmXV4Ntbe1m1yn0ENlaMt3M7fev7mfXwI2gfp9VYS53PSX1P6ixEmMamFbeJu2TJmVGjUK+Ilo9FwHZIbM9XtOKU4rUqg4LNw0noM3Q6g0/h+8eSRMRAj9ArtBYGU58AfNvtyPZmV/B2Q1f1HBCD/ijhZWzeMhaKDLFCvwDU4QfF4N0SkUvFN/6d/F+edw==
+sca.			86400	IN	NSEC	scb. NS DS RRSIG NSEC
+sca.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yBtqEKDmbtx9EN08sXVNR/fHmhTjdwRAhPZZQ6rPju2S+tRFXyaBtrI+CLdeweTaBcVxcbsj8Qn/KImwa54W+V4Ixx+pHYd3dvY0kE51P+kLNMSS4ML/rDdPoICQMoixbhwn/K8YTo9fP95f7WiSTSKYhTXWw3q8dtelEqdsgYcQ0rNZnkV0Mdd8jKZG+PO4AMhx3Ga9kkMttmkpfJQ84H15meCECUTfpFhl8iWPqcVO6QrVfiT9padLky/EUGsSpwW8dmIy2m2ZZ5Lbp5hAzeZxj1b27uosI+r8E04k5MVDSKli0/R1RkomC/9gGRUV0YEBnrOuUyDyjJwwDkaVDg==
+scb.			172800	IN	NS	a.nic.scb.
+scb.			172800	IN	NS	c.nic.scb.
+scb.			172800	IN	NS	rz.nic.scb.
+scb.			86400	IN	DS	20801 8 2 16BFF89DD2FAF9AC06221F6DE0E206ED57FEC2E29316779E30789D7E00A5BD2F
+scb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WBt4s31vpTqiKvdPlyhOTzgA4paGkCSYCSxvj4Fem1+vWtnj6/+T701dZR1xF/SIRw+JSlXJKVhdBLepNZI7y680PUxaJccmFE2iXQqeIt1OJjaPes0xqYHz1xclOhUvR6+A0nx5bo2T0F8PUtQacrSS4HILOkGull62lJ+7hB7j7Ie3iAkx3K35vIAZHzz1y+xVMOAbB9Lxf+zjL/hOhOmeE4dQ1qQVHDdP0CBQ+9QxoK6MNQzo0mWvDUnwwNdTzMKwNwyVHQ7r24zJ1cQOyiXrgUNv9Ld0lQBIzKy5Lr4hIdo3mwr0uKUyu05UqOw95uXehS6xzaBlOo+ILVoI2Q==
+scb.			86400	IN	NSEC	schaeffler. NS DS RRSIG NSEC
+scb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QAf16fvP9zApd6hhBnAdh+t+WVQ3iWT2oQV6CI0lMdfkwKLL5vvRUlFTRo9DOLDS+fGBf3LsI81pk1P6ydofNcd00XuxTDi23y3is6bXgQAlwMQFf3MSR3BHDjQhJGKWguYJ63zbnWhLNHkuCMyfdTp0UQqYaKNZtTPfFWKHPxKyex6ecJ8f5EyoMj9Tx7OEXty/URS5tLRD+bcbCOivoU1rIbycyddzExdNq36uSI2i/53Oc61VQLrvVnFubVb2SqNwN1xCBwQYw6RhUK3abnLpxKVcNXg4oXo44Bkf78bYK41ReQo8p27bBtSTcffClVErGTgljFLbCBC2esTLKg==
+a.nic.scb.		172800	IN	A	122.155.23.51
+a.nic.scb.		172800	IN	AAAA	2001:c38:2000:183:0:0:0:17
+c.nic.scb.		172800	IN	A	194.0.1.35
+c.nic.scb.		172800	IN	AAAA	2001:678:4:0:0:0:0:23
+rz.nic.scb.		172800	IN	A	194.0.25.42
+rz.nic.scb.		172800	IN	AAAA	2001:678:20:0:0:0:0:42
+schaeffler.		172800	IN	NS	a.dns.nic.schaeffler.
+schaeffler.		172800	IN	NS	m.dns.nic.schaeffler.
+schaeffler.		172800	IN	NS	n.dns.nic.schaeffler.
+schaeffler.		86400	IN	DS	5269 8 2 7CB20720C71B7DE03C050C85D6A41EC795F90912F8918C4FA5F2AB37C45CDBB7
+schaeffler.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IuqzBEqctKjQL9VqgcHrUbzWwNzLe/ZvbtDTCLFKF+AIE10U35RMtHro5F8MAxw/gaGq8E1HgKBSFCk/NVqtvixWWPWrl+CcFFwA7vkNMugMMNNZYNztJq4lze3aIjmg+oczgCiiPQBf+BGcEFOYEYaCB7ahjn+xtmn6DptBpTgA4teXwyht2MI4fVjMnOfOOa1iIYFQ99PqCEDoJlc/YbHuaZ5uVnee3avpE4og018jTX5YqCLm7e0wJp3Jl1ADlE4Dh9dfQrwkb3Go7oOJ/1Wtmazz06VHu82NhIGaHKZJW41pXLD+Agpthm5eZ7VIfgBB6Hi/zPxnt4AJ0BDmzg==
+schaeffler.		86400	IN	NSEC	schmidt. NS DS RRSIG NSEC
+schaeffler.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qD5BFLaPC3K80lzxRfeUuduA93ovsyTcyi5jiMALc1CFOTELz2F6zlOvU6ibq9cYCDNjWqcXHNWyCd3DKdvFYJxEztllC9n4m677cZv2eyUctqFbjgpU1V9sDWZ6Zztvsxe5nCEjs9lJWuXIN2aXzoGH3GI0SDjjwGvNf015Qb7zXVtAMs+mpKnoXJUPsPjiQCr+FMG8eiyKzZxxBiQTKuXdnUNwwIYW97p2lawdr5i+YS7q2omf3q5wYTID2DADi7EJ/ILBTOCe+bvF22+j/Ge3P/ROqw5MtTJWRJrx5VXOvH6dyLHSud4JmAzcTuDsaumhfE1dXz9Pcptjl+Opaw==
+a.dns.nic.schaeffler.	172800	IN	A	194.0.25.34
+a.dns.nic.schaeffler.	172800	IN	AAAA	2001:678:20:0:0:0:0:34
+m.dns.nic.schaeffler.	172800	IN	A	194.0.26.14
+m.dns.nic.schaeffler.	172800	IN	AAAA	2001:67c:10e0:0:0:0:0:14
+n.dns.nic.schaeffler.	172800	IN	A	194.0.24.14
+n.dns.nic.schaeffler.	172800	IN	AAAA	2001:678:24:0:0:0:0:14
+schmidt.		172800	IN	NS	a.nic.schmidt.
+schmidt.		172800	IN	NS	b.nic.schmidt.
+schmidt.		172800	IN	NS	c.nic.schmidt.
+schmidt.		172800	IN	NS	x.nic.schmidt.
+schmidt.		172800	IN	NS	y.nic.schmidt.
+schmidt.		172800	IN	NS	z.nic.schmidt.
+schmidt.		86400	IN	DS	26932 8 2 B073B6B0636B7081AAEC30D496A1D18B380031886748277E8EA437C07D9C9A61
+schmidt.		86400	IN	DS	44854 8 2 D1351C74070E9E2B0DCE546B4814DF0ADFF4E289B1F5F3C6FDDDDD6A8CA1E33B
+schmidt.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x71UOqCxd5vfR7y+AIbKJFG0eMwvg+AWyAVnX0bAXEt7j0ZK36MaG9yT2QQ90xZf8u2u/QLC/rqj3GmnR932s3Ync6CS2BD+VeCtwsRh7Ec25YT5v0+BM/3kQA7ToHgZoccI5AwP2/QP1m4+s0W5PSI09Ss3Q9LAyF5V8igGMtKU6dvSjNRlGfvb9yDmhXUFsXiXU0wvuKBKqOfARBX2minPkRH1bcYdVzsIg6DXoav3mwnIvmr0evTEW6jfdu+39AQW280hUWQDqnSHduxw3h5y4YHL08++AUR0TohOgvPc9vkaLUqrOHmXGkYWBs/AI/AWlh9H3eXuwT66p/uTJg==
+schmidt.		86400	IN	NSEC	scholarships. NS DS RRSIG NSEC
+schmidt.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Qztt3FWOLrtxV62pTaJQE8ai+yQcDUALVGc91iiWsRztzkB6MJfOR2xnyUCdGNR0PpdF2/Mi9ukYjQ8HGGSr34VUxz5foU5IZ1/QzYHouJK3MMHDBm+IaR2vDnNutms4qSsrCigb2j4/HUicL2gy36uB88SDHlisXp02VZoavC1dcn7v530TyAUeH/Jr5i8zm3dtsW5dXkpTOW+c4io1yYM4A4sVe5Ne6+BDLD46Dvv2fALTA5pZZJ9hiEdZhKbYjUEorlyZVh1iEzQnEldJgOlTrvwCqdcy8WaU4flGWAJBHG3enKghb6bGf7BVigd12Dumm4HYWSRC5LSvc93ZRw==
+a.nic.schmidt.		172800	IN	A	37.209.192.9
+a.nic.schmidt.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.schmidt.		172800	IN	A	37.209.194.9
+b.nic.schmidt.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.schmidt.		172800	IN	A	37.209.196.9
+c.nic.schmidt.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.schmidt.		172800	IN	A	156.154.172.82
+x.nic.schmidt.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.schmidt.		172800	IN	A	156.154.173.82
+y.nic.schmidt.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.schmidt.		172800	IN	A	156.154.174.82
+z.nic.schmidt.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+scholarships.		172800	IN	NS	a0.nic.scholarships.
+scholarships.		172800	IN	NS	a2.nic.scholarships.
+scholarships.		172800	IN	NS	b0.nic.scholarships.
+scholarships.		172800	IN	NS	c0.nic.scholarships.
+scholarships.		86400	IN	DS	57649 8 2 24261732A51A4D33ADC9A823EE1E38139BCABBDA2F4C2EB7F6C8CEB3480B64B6
+scholarships.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dRjdhgeYRXRAMACA4d4UdzcxHqN6IwvPvYW4+TBkqLqSJ0TGmMmKu94XsoMnAXYJN8zIacdPcu3faNrtIwrNDcI6hSKbFk9JABAjD55eA7z4CBEWjGsKsobp96N03v5olQh0+m29XAU+z1CpwV2b2U2GgFqOqETc9rukeoQAmt0ENJRnYzgfe3kWCP+uXIfOFjk2czMwRGWFbmg76n4cxNea2IyXS8iRfRB5X/JSgAPId3e+MpurFsMV+eDT1vAO6XdgaiOFpg1B5JTxqskyS0ZsYch09tXBad38vaBHcfrwUPwIkkRr/f51ooDapFZ07LZZ1swouOCXoMXPpeLzmA==
+scholarships.		86400	IN	NSEC	school. NS DS RRSIG NSEC
+scholarships.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PiUib0zKaOI3sMznBoOh+nJA8HPT5e073/DsEjiOJSkq9Gk7M2QMvX1nvoNMCTlLtEVAi1ncjwNAULyqb2CKg+YaxuBUfEcuEfSK14k8tKFAOR4Ts9loHMGZ6DZGq6RlIXCjyXwWKCDiSuuaNlgLF4MnbCODM7zJJhzYvIZFrbChdBroxs3X/LWmFYEbARtTr+YEirOjiuoODaZjzE6RSbTcHCrh3yTapB+QxShHi9uQi1gVILQ7qsUzpKz/Sbxd6v7KHe2msRJSrEzT+VlJAOi3qXCEl3GVKNoE7ajjemQ+9rHlJEHtJipD5AwALHz9M/UHym6kEpai5KXEdjKwew==
+a0.nic.scholarships.	172800	IN	A	65.22.140.17
+a0.nic.scholarships.	172800	IN	AAAA	2a01:8840:8a:0:0:0:0:17
+a2.nic.scholarships.	172800	IN	A	65.22.143.17
+a2.nic.scholarships.	172800	IN	AAAA	2a01:8840:8d:0:0:0:0:17
+b0.nic.scholarships.	172800	IN	A	65.22.141.17
+b0.nic.scholarships.	172800	IN	AAAA	2a01:8840:8b:0:0:0:0:17
+c0.nic.scholarships.	172800	IN	A	65.22.142.17
+c0.nic.scholarships.	172800	IN	AAAA	2a01:8840:8c:0:0:0:0:17
+school.			172800	IN	NS	v0n0.nic.school.
+school.			172800	IN	NS	v0n1.nic.school.
+school.			172800	IN	NS	v0n2.nic.school.
+school.			172800	IN	NS	v0n3.nic.school.
+school.			172800	IN	NS	v2n0.nic.school.
+school.			172800	IN	NS	v2n1.nic.school.
+school.			86400	IN	DS	34030 8 2 30E847D55BBC147F8706CF9EE2B50478F41A143E2CBB738F7214DDD59CFB31AE
+school.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mnCSHVzRoo/+i4TlTLvBRs3vocI+QR8wDMxo3emEfyLnYKhsQWt6XSN+j6lj+yz8hoyR9AWwy9Ly6PBn1qosTz23tIGo0FwsF6ucxK4UdD5zPr+kpwtf3GWB9PXXk0vXG3Wg6RzDIu+YmkVT16vB5R3xdq28P3Sj2AwTeldT8zS5MzoO759WVyU0Wqlxm5tJIWoh55fBECknNIoxs7EoDOWHcsQe5EQa8ZD4chAn0czbKSsXpXrkFoB3JmpJp/1D5op6cVDgQY/NqUb/Eql/e9bKlkqux7lFoaAzv6VFMoYbl506FjzWG9dRQEKpt9WcdZQutigdSJmIk2MePLx10w==
+school.			86400	IN	NSEC	schule. NS DS RRSIG NSEC
+school.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0TITPbNSZvzafoopNof3mCmLK0R4DNN6M4EjEiB44sacPeMcbgxxEe8JJtbZM6E9QZ5RqBejJ7YksZe5ige3NXGhC0AGUtSzS7VGOIBrpkhstW8COekOGQo+Y/40CS+cXxHAUEOndGqJKmd0+6pmDvJfm3nvAGuByDE/1uXZPtXTpKW1dUYK6iHwnxC+7wePWiCFxMdU03/D4EzuyBtcE3aIJSzaJj+9oOyh2vqGNCKbraDI3UkFSw/bF/HEKplTan9g+fS4tYMoLZOmXYMRyxLHILPQpiEym+1T2/E45bECcMTPMQvbqiZ7myIRRvgrJ7KVY0F/X2QYV2VH3f0LwQ==
+v0n0.nic.school.	172800	IN	A	65.22.20.43
+v0n0.nic.school.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:43
+v0n1.nic.school.	172800	IN	A	65.22.21.43
+v0n1.nic.school.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:43
+v0n2.nic.school.	172800	IN	A	65.22.22.43
+v0n2.nic.school.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:43
+v0n3.nic.school.	172800	IN	A	161.232.10.43
+v0n3.nic.school.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:43
+v2n0.nic.school.	172800	IN	A	65.22.23.43
+v2n0.nic.school.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:43
+v2n1.nic.school.	172800	IN	A	161.232.11.43
+v2n1.nic.school.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:43
+schule.			172800	IN	NS	v0n0.nic.schule.
+schule.			172800	IN	NS	v0n1.nic.schule.
+schule.			172800	IN	NS	v0n2.nic.schule.
+schule.			172800	IN	NS	v0n3.nic.schule.
+schule.			172800	IN	NS	v2n0.nic.schule.
+schule.			172800	IN	NS	v2n1.nic.schule.
+schule.			86400	IN	DS	32869 8 2 76B7D6A448A72D947CF0B045429535113822FAD4DAD7B120910EA0D4F5E835AA
+schule.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MRI4EUt8PHIXcbMw+DVOL3qRQTmJIkZGgkI0b1hNrrBgf4or+2ZGf50v8sNjsPX6sT5Eisfi/o6GkYREyS+szqB2z4KsS6iFZ7yNPtdxzr2t/8OqANQfBN733pAHNbQaCp/LuDav5cP3G2EUYvGGEaWFMQPt5/ccFstnA1nbx9d/HjBLqNr5R27fSjdxJMZhxXcTMsa/f9uRpLcCOnW8OuLCqmoaz3USAUB8G57eaDeWcocYDWd9jxS3Todw2hQ0Vq7GIp7I+t+82YVvYcOMvU5ovBYM4fQRWFHN2XrlHEHVXlH49xBjuX7fGamaensbVXkcVPrHr86Y8o8oEX1QMg==
+schule.			86400	IN	NSEC	schwarz. NS DS RRSIG NSEC
+schule.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FekUfvLbPx1EO5ZlYWCGw43E0LqHLcUbR1ZmgaeqlcvZgkP5zzeMftQ/QtRnEGk7X6PGBS9qwLqeWrtzmb2dssj7kdCrL1KWD9mTAJDNBjp22FfWbj2VVvBC6vJFZAKDZx/vUNvnUs8J4DNYqK01ClsqaLNG5IHOuW+4XRwa0pjswkuzqD6g3hUDHILCexl53NF3y5RVlmOhXSq2j04dTE4b8y19QlxIBuHqmNhBLbLzOM9CXic67yCWGRznEdK+lJsxlC0GEsY7mG7AcopOomnpaLKP/8NHF/LiM0CcTj9zFo5/5mocs8dGmatGJrlUzEZIkyrqhiOtYV0vu3Z2WQ==
+v0n0.nic.schule.	172800	IN	A	65.22.20.68
+v0n0.nic.schule.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:68
+v0n1.nic.schule.	172800	IN	A	65.22.21.68
+v0n1.nic.schule.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:68
+v0n2.nic.schule.	172800	IN	A	65.22.22.68
+v0n2.nic.schule.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:68
+v0n3.nic.schule.	172800	IN	A	161.232.10.68
+v0n3.nic.schule.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:68
+v2n0.nic.schule.	172800	IN	A	65.22.23.68
+v2n0.nic.schule.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:68
+v2n1.nic.schule.	172800	IN	A	161.232.11.68
+v2n1.nic.schule.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:68
+schwarz.		172800	IN	NS	a.nic.schwarz.
+schwarz.		172800	IN	NS	b.nic.schwarz.
+schwarz.		172800	IN	NS	c.nic.schwarz.
+schwarz.		172800	IN	NS	d.nic.schwarz.
+schwarz.		86400	IN	DS	19729 13 2 776AE387424072C0216E5EC2A5D726F289D74E1BD1527400E490982C28789F5B
+schwarz.		86400	IN	DS	21945 13 2 65795AC97BB20D4D18CDA59E8CB0BCA258156F4A2AD3E3D2495259EFD1708357
+schwarz.		86400	IN	DS	51361 7 2 39D5A41F51DC9478526A8ECEB14C11095D7EEE368191936EF8519B15D2F0AAB7
+schwarz.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aLx/vqdUgPXt2P46n2VNslnHZDJ3O5fRK131KCeZy0sRaBEcWMAb2y2f4X8j0f6nQbb2dciFQbaVvkkkN11O1CroXnwQpXeeKeHjszCR6nXqCTA9qUdONGPOYNhcMTr68XMTsXisGDQYsyJOH2PWEy4VwQg2C7H57wC8vYRhzE1v6gXmxnS1hDVpITbHUJm8rs/Xdkfd+JIELY69iH+l6HxwIFlK0sQWfn2s5ZT2Tg8nTP163nlx8fm4iDomKxHBXx7n/bGYgsmUOi63QmXi+hrSOl+8fwlxgzGfawxVOXxACT2PPGaqQG7v4XUDYpkJjEURQLPIdNrk8Da5QPa0MA==
+schwarz.		86400	IN	NSEC	science. NS DS RRSIG NSEC
+schwarz.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sxoWJTiB/i2aFkVcrvtDuncWOzliTGY8o/xvh2HN3e6XHBErrBrawEvTtOWc9hMoH/y2w/fjM61nA6M7k43XWqIRRVIYehpIVld3ExiLDOsgogLwwivVFis9oRP5CZT7A6MLX5VS+KAJELYVJ3KIgkCnLc8AtniInJ/0s7zwy/QIN9dAqW/WRyL4UEIyW8F7ArrVeMvsqADVccl/+cfyJQWuipnfqxtWWDTDga23kuXPfPhcTawDe6I6YBp5hXEtsYPjrrfmWN0rz2CVxs4sbH6NJdaVEee3JBrtkuOkh01tnNpgY0yRD90Z5RDLtrQ8FZQL7l83N0XPj1xo4l+rlg==
+a.nic.schwarz.		172800	IN	A	194.169.218.99
+a.nic.schwarz.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:99
+b.nic.schwarz.		172800	IN	A	185.24.64.99
+b.nic.schwarz.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:99
+c.nic.schwarz.		172800	IN	A	212.18.248.99
+c.nic.schwarz.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:99
+d.nic.schwarz.		172800	IN	A	212.18.249.99
+d.nic.schwarz.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:99
+science.		172800	IN	NS	a.nic.science.
+science.		172800	IN	NS	b.nic.science.
+science.		172800	IN	NS	c.nic.science.
+science.		172800	IN	NS	ns1.dns.nic.science.
+science.		172800	IN	NS	ns2.dns.nic.science.
+science.		172800	IN	NS	ns3.dns.nic.science.
+science.		86400	IN	DS	10030 8 2 0E676DABA7FA8C847F77C358DB1F7FE17B6A1423B4C48E3952190446B9AFFB07
+science.		86400	IN	DS	49186 8 2 6712663D49AA8EFCB6C832B978FEB020F0EBBB05B16058C64EF387F4C24DE401
+science.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jFe2i2I42ONMW9I/OVJtJPWD2iivppcbXoRKl037cOaACTzg86VcYoy90t2OzyvH8oO4zo+Bq37VU1bVRsr7JWmhupMFgx4OJGduRDwewYN6rlJwVw7/ljlchP2ZsV2d87RDn07Zv5E02IoXDsDWYpcGBcVrwR9m7fhpwO+MGcKRgG2OCLAnC6KGmfR61dALX8IiOJe3Yx3rEBXOPhArGHcFqW44kOzgEUtu488E2nY4Gr4h2ilVGfn1j5LsrswhCD83GPshCoZQcMWeCQv73CEplu4yrObev3KifTmyOz2Es7wRmkQrlZEfYiV6XyC1ejF+aVDne2Vnchkf7tlDow==
+science.		86400	IN	NSEC	scot. NS DS RRSIG NSEC
+science.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZXi+jzpzleRpRmjtxgQlzC+Vygo+a/5Mdb+khz5GI7BsaYWMluL/ebdTAPz321B6ky/CEhoCq+BW4P38ftpWmORKFe2k1JOEWMqA99rCP42d3obha/6FfzRyIqWtwHjm0EXvruhzIVl+DxK5/PBNguVPKPLnjEd/mZjxjiNB4cseqDrC8iIw4VdsSX/VL0ADLb7uOi74L/zFtztYBq6iXOPNdNR6t2gEPIuRcvQsQXQoTQWlZFb8HWtp6qhS8LNPecRTjTNwywxeVwJkH5E5VWvCEGyHGGkS9cld4+D5FbXYYpGcVVuWILlSEc+62YIZ8f9Mei/4RqOf4u0Jn4b/6w==
+a.nic.science.		172800	IN	A	37.209.192.10
+a.nic.science.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.science.		172800	IN	A	37.209.194.10
+b.nic.science.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.science.		172800	IN	A	37.209.196.10
+c.nic.science.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.science.	172800	IN	A	156.154.169.41
+ns1.dns.nic.science.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:29
+ns2.dns.nic.science.	172800	IN	A	156.154.170.41
+ns2.dns.nic.science.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:29
+ns3.dns.nic.science.	172800	IN	A	156.154.171.41
+ns3.dns.nic.science.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:29
+scot.			172800	IN	NS	anycast9.irondns.net.
+scot.			172800	IN	NS	anycast10.irondns.net.
+scot.			172800	IN	NS	anycast23.irondns.net.
+scot.			172800	IN	NS	anycast24.irondns.net.
+scot.			86400	IN	DS	28873 10 2 A99FB1213FC07299A57251F57238BC0F796D7AA311624CF49DDCACAC08C1DC3D
+scot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QPXtpJyo2N9tqLlC78BDhkmCR5qt/m42mMg5c0xjgF1/Paj6p2Vl1ilMPAQM39qyAj9ttF5iKGmRb/XX+IfrgpHxiEKRG54RjC42oK1JSOOluKQwcGYJqO9SJOFqkpgBIrFJCx1vx0V/J8plbMACNGlPrixOh+vnQenfXw58IbuNhBtylmZ9i3IGr3SpqN3OZTxGKcK4E5Xtm/piDU7NAF5CGzYpy6SICAxuzlMDHM13V/Yf5pqd8v4m7h5xefuiEDSVS4JzjHgd8MCYz0HeuWzvrEgYIT5hwmbP0oopOKOgduoUFZy+5SyfdRKmLA9lwy9oimRLQ/NSawC+wq7GgQ==
+scot.			86400	IN	NSEC	sd. NS DS RRSIG NSEC
+scot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a5pipyOvMKXzwSRE9koRTOu+3OQh6Bd/imIL2zTqtGENcknpKm3lTs+9N0SkzoMJIXLypbCTHYHAJPVG6vPbIDkeUEyClULo938+WaOIIM/Y/v35QE+nUV9zug1Us+FMnVvjsTwzpkbZLKurp/E7A06HgBZxn8q2gGfiJwZ6ugDzxeSHSF/Q2ZXXgeis1Z6BSWRM+qpYhe34l+N6Bjwb08iNusmC043/qOptAeYOFJACgG44lYp7xtd0t3eQEFmg8KbceYbYAXwxRZ9PDNpwCqQeFXB2RMnmcyBDsOVnbhGzRRMCezlcETqx86FMyWeY9x11P5urDw8vc1DuT+OR6g==
+sd.			172800	IN	NS	sd.cctld.authdns.ripe.net.
+sd.			172800	IN	NS	pch.sis.sd.
+sd.			172800	IN	NS	ans1.sis.sd.
+sd.			172800	IN	NS	ans1.canar.sd.
+sd.			172800	IN	NS	ans2.sis.sd.
+sd.			172800	IN	NS	ans2.canar.sd.
+sd.			172800	IN	NS	ns-sd.afrinic.net.
+sd.			86400	IN	NSEC	se. NS RRSIG NSEC
+sd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MzVPRoS+yHa1LHT6hqo5pcX2NK7A2QSNfcnkKshbuZP8mF8u9X9AL4qg9n20QQ03ZAciLb+QpSr99KRK4LJfTrOQaSwJ/lfy2Zd8eUnWMF2fSpigmz9X0SUfO/TRvK+9oETiNlUuOxYfLFIdYfIKnfn+aIlRzWYz+F43jR7IYxSaV34aMn9Pe7fN/TZx5G6OpI1jBBDzLCNlgkoZXZVG80W21GEilED8QXLeuJ108yWvO1UzTTG0By6JBB/2FM+3owY0ep0jwKw5jiXJA4SlP71SgHWfmjvsWgfbw3w28WWeztAYWLyT5toYxmV9T/Uxn7caz37DxMKqK9ldN3LLGQ==
+ans1.canar.sd.		172800	IN	A	196.29.180.14
+ans2.canar.sd.		172800	IN	A	196.29.164.14
+ans1.sis.sd.		172800	IN	A	196.29.166.134
+ans2.sis.sd.		172800	IN	A	102.130.251.10
+pch.sis.sd.		172800	IN	A	204.61.216.97
+pch.sis.sd.		172800	IN	AAAA	2001:500:14:6097:ad:0:0:1
+se.			172800	IN	NS	a.ns.se.
+se.			172800	IN	NS	b.ns.se.
+se.			172800	IN	NS	c.ns.se.
+se.			172800	IN	NS	f.ns.se.
+se.			172800	IN	NS	g.ns.se.
+se.			172800	IN	NS	i.ns.se.
+se.			172800	IN	NS	m.ns.se.
+se.			172800	IN	NS	x.ns.se.
+se.			172800	IN	NS	y.ns.se.
+se.			172800	IN	NS	z.ns.se.
+se.			86400	IN	DS	59407 8 2 67A8E06FCEFDD9397F77F26C41ADE4EC142F299BCFA1827F0EF8FD87F2F63022
+se.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . c3UrZTrSO2U4o0hpxAwy2gfoj4Zc7Hw0AC5j67CqojCsywsPQCDBnTwWenv+PQXGFw4v7tnYQFbitdjD1zGy3y23dTy+u/2LmoWVGmg12StOOOr34inqpZigqjVXc1PUXFmQWVBvy6LLWPpeF7a+DWj83Tj84VKaeaXes1GMcqG9YOgHVWrAXfNDaWqP2ImBW7FVg9W8sZBS61274+LPKf0D9GHdhm1acOQPSgwz2Ugc/6HAvSs6iW0P53a69+Oi8iP8Wd4Tl1do4h+vnXPQQSwDk0Q09a4DtyTkw/s0gIpU4t+4L7AYLjKp9Cx7CvD/5jkDGQ0/b9q/nx1h/yggaw==
+se.			86400	IN	NSEC	search. NS DS RRSIG NSEC
+se.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Wx7ePhSVdGwpq+Rx1mz9bL+ec43hTFLPQwzxbvTT3AcnV+IyQCWnu55TRdeTRX9+KUI+tN+sKSgQk03CGYpi80dIW+Z/Wzs9nszvOsWeXIvZUgUzC+tuWn9ZivuqZ59gAu+G3Y843dlkCAA9uzYUx0fuZSP8B0K/bySg2jM/aCNIUrmICKe4847JBfjAqO8raAlr9wTrqhBxhOgvNa3ndafWv0ZQigVKph6bKiHtSx3dUdLNTwpEHmhZmHFQ4T9CFIFMH/siIlyrLlR8Qkh+PMNI79yOFkVqcpmgqBJMT4gen3MGEsvk3NXOBVhyi1c9f/4xSK6fCXOt5+egZQN/QA==
+nsp.netnod.se.		172800	IN	A	194.58.198.33
+nsp.netnod.se.		172800	IN	AAAA	2a01:3f1:3033:0:0:0:0:53
+a.ns.se.		172800	IN	A	192.36.144.107
+a.ns.se.		172800	IN	AAAA	2a01:3f0:0:301:0:0:0:53
+b.ns.se.		172800	IN	A	192.36.133.107
+b.ns.se.		172800	IN	AAAA	2001:67c:254c:301:0:0:0:53
+c.ns.se.		172800	IN	A	192.36.135.107
+c.ns.se.		172800	IN	AAAA	2001:67c:2554:301:0:0:0:53
+f.ns.se.		172800	IN	A	192.71.53.53
+f.ns.se.		172800	IN	AAAA	2a01:3f0:0:305:0:0:0:53
+g.ns.se.		172800	IN	A	130.239.5.114
+g.ns.se.		172800	IN	AAAA	2001:6b0:e:3:0:0:0:1
+i.ns.se.		172800	IN	A	194.146.106.22
+i.ns.se.		172800	IN	AAAA	2001:67c:1010:5:0:0:0:53
+m.ns.se.		172800	IN	A	194.0.11.112
+m.ns.se.		172800	IN	AAAA	2001:678:e:112:0:0:0:53
+x.ns.se.		172800	IN	A	213.108.25.4
+x.ns.se.		172800	IN	AAAA	2001:67c:124c:e000:0:0:0:4
+y.ns.se.		172800	IN	A	185.159.197.150
+y.ns.se.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:150
+z.ns.se.		172800	IN	A	185.159.198.150
+z.ns.se.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:150
+sunic.sunet.se.		172800	IN	A	192.36.125.2
+sunic.sunet.se.		172800	IN	AAAA	2001:6b0:7:0:0:0:0:2
+search.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+search.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+search.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+search.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+search.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+search.			86400	IN	DS	36497 8 2 AFAEC406996DF5555FC4365C07C7C74DE82FE7CF5264FC5FAD9D1AB948F3DA28
+search.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A7VW1tu2hg2JDTR/E3YamnPbmAbd+qAViQI8W8SsIUCQfYhvn2IArj5jmiL24y+9RGaQDa7ilICWjUXu7AodFTeTy/E7OvDbLgzR7kZRlVLj7/K63W7KGVxYRb7fjqyWbZSXX9NHZS1lgzhsXtDw76yBqL7mL2r5g02at9jruf1KLPD9G66EnXrcywxFT1256AhXOKvmHqvSn7GRjZk0B48EB+lUKYBdrPMim68NqgJnb0pMYHFx2OhqwrUHe/iofAzJNNqT7D4qKw9syIVUaNg4/4BvGwlYzbaLn5lE3G4hJGr36ihTosFpSWaInFxCpSO2lcSh3cxMhT4BinJsWg==
+search.			86400	IN	NSEC	seat. NS DS RRSIG NSEC
+search.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lKUjySrkVSsaI78onwPpiG2HAB15j70pwKEZoN1MbYocStjlaWNjzFok/oQqxWBi5a6LejDYpdFtC+D5y3H3QEA6mPKzcJ3CHeZsm7phIiihacaLB6ZQbnpznTxQKifq0mtjoz98+CPRq5aMt7kR/zxRQaABQFTWolhyJ/IIhxVgbkPvTnrb2gygjSf4ttfXFq3PXrHsb2GP2VmIsVKMcGuZ49JLaIcwFXpzCSuBGseUqje7I9+MKoU6ZC+GN2qLiJX/8eJEKSMsi49A6cI8Ofx5QBAO/fJ9TzbXELpSdZz/kUk8EEvAwBJbabGlxsj23zUFnUQDlcfR2Uqx+LmlWA==
+seat.			172800	IN	NS	anycast9.irondns.net.
+seat.			172800	IN	NS	anycast10.irondns.net.
+seat.			172800	IN	NS	anycast23.irondns.net.
+seat.			172800	IN	NS	anycast24.irondns.net.
+seat.			86400	IN	DS	40138 10 2 8531B10A28C981D28F0F412DBE6A7985EFFE40BF0EFC8F2F80D45F85770C1A8A
+seat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . woVf1Owmh8zk3mKa6EvVbVUDnFz6kJh2t+mMLFwTKNFqyQ/I7DmpxuIyC4s46iR4U71CE+OcczmBGQvZMKRiTxgjsGj24kie3CO9+ILQatguHj8JP99sSz6fH5x5obIKrJPXpB5j5ApNOYlXlEm7qVWH4XfZYs048LbJ/Etv0XwNImMhJIVEGPqsJIsSXbf6hkTOU8xgkHeqLqkeaea4pBtsFl5VcjZ/VLGxzdqyzhe0ZWqYyidl+kiZEyu1zTUc7bWcPvgLm6W6IWnLVe/JDCtS9yB6kNB2OhMomWWzJEUYdb6lzeXMt2IKWOmfjrxgTUGb1HbCsL+Gtx+9gEfpqw==
+seat.			86400	IN	NSEC	secure. NS DS RRSIG NSEC
+seat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0uPJ6Nl6wZT5QgoBuPqW9FgzQokn1cAwEd5Ty+E7iFxaFovW5qnzuXSizE8wT7k/hMSv5Ow66GGQT76kYu4qEX/7/JhdWBCvLa5E3NrHEWYOtsLQItAZXd25i9rx2I5gAHsyc0hTQIXCLa0RsNb8YBXynAyLqjmxUokOBXx1FdrcHSfilF3M5LSRJE1Sbmx8xpg0JIKeUaCxjlD/Wjcn2ozLdaUmYFQHYSc67ChOvRoKDk08+06lormPJD7whXu5u4iYjnWb6/IBNqIAb8Ey6lqrG3ZXCPCU/yOgsNLKbrZ3L4ugpiCodvpAER0kkL6IEsyJIg1i8vVuJfPSf/WLCg==
+secure.			172800	IN	NS	dns1.nic.secure.
+secure.			172800	IN	NS	dns2.nic.secure.
+secure.			172800	IN	NS	dns3.nic.secure.
+secure.			172800	IN	NS	dns4.nic.secure.
+secure.			172800	IN	NS	dnsa.nic.secure.
+secure.			172800	IN	NS	dnsb.nic.secure.
+secure.			172800	IN	NS	dnsc.nic.secure.
+secure.			172800	IN	NS	dnsd.nic.secure.
+secure.			86400	IN	DS	30610 8 2 E15C59F280C66D3582C2A0B218728143E1C6DB5ACF0A4A17DC8858DBCB0C1CD7
+secure.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Lhyf/Al6PZQhY60W+fix1SF02cCd+ypVV22eBdWsIqQSPoPgMBrFlnEv07awPOs0BxFpVt+LFmB6wMX/V6HbzIgCUu+HNKmgc4u/lvysmWzG+u9gw8ePrYyQls02Z0OullWr6rkkAj94FTr8rQ/7ULBmt+YHsSzdA5MBhxOJBFA5PJFstJCqKpftuNfXMxAzpXdMd6pi433DGbE3MrODsHHTWvvE+cFxlg38JpBtRGwKN8KuyL7WqClg/MhJ40fBuWxhXrpIeWx3waCmxzFaZGwl7pu3w/VjwW4xW3SFYa8BhNIB2YxMEK33pCYxQUOsl77Vv4rl1NMUSq0EZqNbLw==
+secure.			86400	IN	NSEC	security. NS DS RRSIG NSEC
+secure.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sjhvrzFiZBFbJF6Pcmknd/r8AjyMCGhCsOSQcPdFj8vLD8/tF2LwX7mbSlTzgcEPeoD+/bj1ITrwprr/dsiscl6XJymodpPVCmAtf/VUzFowRbazz0yw+TekbDio0R11GyxEwDTCa2FBw4VXDvCnRQzk6Sz+RjpNZuG9JSSLMABYm5a0M/YLgVr+sM6RexPZGqUvjcMuluBbU0uZxC4FJrhXDAlX7DXsDCQSftL3mv3NQ/KkqzPwRtT/TXoHzJQ38RbFxWu6LNps7REOSwPGARByGIYiZsqJVeJeu0PbTmKh+4JEH4HwuHn0cOQwIulkML6KZwoAzNG1uTkDfXdw3g==
+dns1.nic.secure.	172800	IN	A	213.248.218.80
+dns1.nic.secure.	172800	IN	AAAA	2a01:618:402:0:0:0:0:80
+dns2.nic.secure.	172800	IN	A	103.49.82.80
+dns2.nic.secure.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:80
+dns3.nic.secure.	172800	IN	A	213.248.222.80
+dns3.nic.secure.	172800	IN	AAAA	2a01:618:406:0:0:0:0:80
+dns4.nic.secure.	172800	IN	A	43.230.50.80
+dns4.nic.secure.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:80
+dnsa.nic.secure.	172800	IN	A	156.154.100.3
+dnsa.nic.secure.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.secure.	172800	IN	A	156.154.101.3
+dnsb.nic.secure.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.secure.	172800	IN	A	156.154.102.3
+dnsc.nic.secure.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.secure.	172800	IN	A	156.154.103.3
+dnsd.nic.secure.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+security.		172800	IN	NS	a.nic.security.
+security.		172800	IN	NS	b.nic.security.
+security.		172800	IN	NS	e.nic.security.
+security.		172800	IN	NS	f.nic.security.
+security.		86400	IN	DS	14150 8 2 2859485C57B2B929084427B8C2B444200FA44011015AA6BF005146582947A257
+security.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kQskCxPJZeu9eIll5FRKcnZCZyJ+gtWBMbct3F3hW21lNEMHmeYCwA41rXkDKqDs1B+o+KTU86dyFzZIVBgGtJVZ4RXqf7qEHCOAhcF0ZBFtDhAFy9F1HomCugeXtjA6BfgY9s9s5RkaZWrmcqLvi7xzcTrYwwyCyO4ZQ+eVwDg1+I2iUeI1Qg9WJEkHOv+HXuxc1vWL6A2aTUswIeYzLEb8C3dub39SnnUaCq22EoeWGPrYbyfyqeIjy6Z1FSO4fsNl5DJT5m5n/FSYy9hlHk/lvS02KiDeFaojOYWYqhh0mb0NriIELm6WaI4k+h7ijIBeFZmbm0UwTOnzGSyWCw==
+security.		86400	IN	NSEC	seek. NS DS RRSIG NSEC
+security.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F1IcrCr8oKUpUALGVx5vdAv20xA1CcXef5STh8um5CAVctHJBhEUG6SFNa8RtyZk1Tu4W08sVoO2EFkM5OTTArsHgIgyJ7sjHDF/qPIPe+uHqK23EblajsBfqC7dNCUnFXv6WanLODajNy5QKLYr7GjczRWVaQ7J/Vn/A4fiC5xbMLX7tjhlLbwCnZwXH75cUIlG3f0NPKWe80aNoXIXZOIFp3uphyCxRCawYos7p7aqoFiPg1h9DDBOJ0LyI+GUD06n27AwhuhxJZXYAftVMcms8cWemxd35u/ZsdISgk3uPFpq6I5lWRlcJNlqK528hS/7ugcDeeCQgWaAihlqlg==
+a.nic.security.		172800	IN	A	194.169.218.68
+a.nic.security.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:68
+b.nic.security.		172800	IN	A	185.24.64.68
+b.nic.security.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:68
+e.nic.security.		172800	IN	A	212.18.248.68
+e.nic.security.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:68
+f.nic.security.		172800	IN	A	212.18.249.68
+f.nic.security.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:68
+seek.			172800	IN	NS	a.nic.seek.
+seek.			172800	IN	NS	b.nic.seek.
+seek.			172800	IN	NS	c.nic.seek.
+seek.			172800	IN	NS	x.nic.seek.
+seek.			172800	IN	NS	y.nic.seek.
+seek.			172800	IN	NS	z.nic.seek.
+seek.			86400	IN	DS	30781 8 2 91DA9A67E40BA21908471A192586DE34FE04433FB046A0519708ACD7EEB7B9B2
+seek.			86400	IN	DS	63859 8 2 E3C3A590CDFCC251B77CD4ADF685FE3CCE8706A0AAECD5421294B9FF2DDF8B48
+seek.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZQL+S0OI6FYCatE/lOo+l+pPZMYxmyRopcioL+TuBtCDaBBNbAJcG7dnXg/TPCp4nnoaVqRkxquGbaFMXcXfbvsGLmzOVqa0cS/XZ/NFBNXgd9f1HAcmZMnk6uOhcqR4A66j8orukIMX26v63aM907VV0KdXMqGps6c/MM4YP/7lS0+keqJ0uO17Igi+s9ArpbrPTRzKj3w0W56qJJqkyoIPrnhyiGTTmnbAqazWyKQhaKdjFQZwhcPW+K0fI37gC8mtmomO3lu8lxi5nd6WCdyh+MUkxtQXKRT5To5o4mYBQWCqpZcMx6Q99jUkkUohZVd+mIz2URuVIRD91nmB4A==
+seek.			86400	IN	NSEC	select. NS DS RRSIG NSEC
+seek.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bxc1VQY+SPTFGKr8p+r32rQzY6SY2XfItvC4b3x+QBqh7jRzX+DpvaeWqZCRGPv9THRZH+yN5C+Re3rouIRFJbSBq+kgEThNcyW9niXrlyPjo6Yat3F+91adU4hlCSs6ReGC3g/t0CLP8MunHb4YcLFdt23c0Qb1UL28mshK5gRnLOdLjB1BzdOWkN1eCSH0ymnjvaOO2gfafZmWr+3WanKD+7p71aFqf4Pnz5vt7t6pwRX69Em3wLiPOX5qnGOoAtLOJdYtOTTjEehnuZn9XLWawbUa1bYzbVNj8okrPLSl2rT22luKPEbrmo+fUJzj1pVGxardQ1GBzp86ilX5Fw==
+a.nic.seek.		172800	IN	A	37.209.192.9
+a.nic.seek.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.seek.		172800	IN	A	37.209.194.9
+b.nic.seek.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.seek.		172800	IN	A	37.209.196.9
+c.nic.seek.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.seek.		172800	IN	A	156.154.172.82
+x.nic.seek.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.seek.		172800	IN	A	156.154.173.82
+y.nic.seek.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.seek.		172800	IN	A	156.154.174.82
+z.nic.seek.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+select.			172800	IN	NS	a.nic.select.
+select.			172800	IN	NS	b.nic.select.
+select.			172800	IN	NS	c.nic.select.
+select.			172800	IN	NS	x.nic.select.
+select.			172800	IN	NS	y.nic.select.
+select.			172800	IN	NS	z.nic.select.
+select.			86400	IN	DS	44725 8 2 5EE0DCF207475272E3D80571D3454D3EEE5753F3D71A102B58D38D14937EACC2
+select.			86400	IN	DS	63907 8 2 67FFD642D56C519C3A3F78F2396DCC30D237A0CD5F5A32DDFF33834128698472
+select.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UDwX1u7J6NxjT/VC2Cml/HfD0zXclc56wT23g02Bva4FWL+aQqjFZa7Gfs76hLk8Zv1t3B//k37OXxZoHLAsiOem9Mbm0EKQ+p2ZYrJ3V3YrPdA/HXJM9d4G+N8pBlzHObKA/d9YoMdnEZGilJcIFLc8T8mkF1r6y0XgqidDoF1Y2vXIjeUdN7DA4A6tbS41mpMiLKMn3BPsqdRQdgP+g4/92IMd9K1kktK+LFDqc0Za6ul17yycMX45eOuBw+dMVNLfkYDlxE/VPaGNusYsVMDfHqCSpbGbB+5VIvrXW+/xP1/Hb+Mvm2fN+piCIpcKgAnbyaaIbWoITda5ZYxVnA==
+select.			86400	IN	NSEC	sener. NS DS RRSIG NSEC
+select.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QlzpPP5Ffog8ytQlldCuGlZ8C9jeHgHoQS+P/GQJu9zQwuFdpH3v4xr1IGZEcFjbxDyzcFv2DSQvvgG3wOQCfHUidc5JtZMYsHDL5678/vzQ7DWIbMxgFmuVkIojGezNWYb/RByhu+SzyBbr11zKyBlVo7bI612EnuHUra8dRQkbpOEyX59SIVuAqR+a3w2wQwCcgAM0YLaaKIydhWb1xWHzN7USvk8TVoQh3wWBaXqECtkMsvIOD0aBW2DM5o8ubiCPkshhjsHOVjV4P9FyBeZZbVWALSQ/Fv/OhTerPWkb8sw6q7W+P5YMpRsa9iBVib8feMEdzsXYFLjfgqPOsg==
+a.nic.select.		172800	IN	A	37.209.192.9
+a.nic.select.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.select.		172800	IN	A	37.209.194.9
+b.nic.select.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.select.		172800	IN	A	37.209.196.9
+c.nic.select.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.select.		172800	IN	A	156.154.172.82
+x.nic.select.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.select.		172800	IN	A	156.154.173.82
+y.nic.select.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.select.		172800	IN	A	156.154.174.82
+z.nic.select.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sener.			172800	IN	NS	ac1.nstld.com.
+sener.			172800	IN	NS	ac2.nstld.com.
+sener.			172800	IN	NS	ac3.nstld.com.
+sener.			172800	IN	NS	ac4.nstld.com.
+sener.			86400	IN	DS	40020 8 2 F580B1E1F989E14EB37DA8CD7201254150E4C28F95CA0D1DB7822A78C93EAF17
+sener.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qJmc916vERR4CZUt7uThhAUeAhF+fceKfxKBSK2oOeqIgQbhxzICkLon6QSUsaW/EFRoPrLBslUS041NqmuAsukRil34HgzMQQ459VG7FgZbc9P7dLJLZfKDs5y4nVilhtTXmSJyjgm5ZWrYFpPhTXiJLAxiX8PL8e8psqsiQtjdWiPY2lfuZUHxotozX4pgiE0ybLEstY/25/AG7dIepgKVa03pEo090PhB5m0eOIM1OqKAwVsygYRVW9DhP14ud0J8f4loSFd5bz2BdqSaSjw4HgCpVpFEoYwV1vurdjaqEmRNpkoRZcXidUKLoU17bc/5C5HFLVq0QI66GJzk1A==
+sener.			86400	IN	NSEC	services. NS DS RRSIG NSEC
+sener.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zf9q198uWeWysCwh64PoDAEmKqV+x+hgGVkn6f3ZmWWuWultErwIn58rslIY1C+CfvRLHAqx/ppcgpEM4Dq+Vgim6tlsL34/yIMyITAxj/X01jbq57Jj/aD3jbn4XCVYAqud17kl+Cn23N8dkkqY1rQ5z+Jbv1qaYK8p+MxnExybUfqj80VOv1a6hVgBx5G4537wNUFxh/c8Uds22toV3WFTYsy88h8QXUImNm/Wr0FlDUVsw+D310IxTzEuxt1GkmQWjENoQUT9X9TaE51zBzuzcXJkkz4Yv54/PElWyvupn5Imk+TdfBb6qxdg/QsguVbmlocrobprm0ijKz8pBA==
+services.		172800	IN	NS	v0n0.nic.services.
+services.		172800	IN	NS	v0n1.nic.services.
+services.		172800	IN	NS	v0n2.nic.services.
+services.		172800	IN	NS	v0n3.nic.services.
+services.		172800	IN	NS	v2n0.nic.services.
+services.		172800	IN	NS	v2n1.nic.services.
+services.		86400	IN	DS	36727 8 2 46F51F49699733C685B1A338969594396BA5E24D76F6011149C20BE7A3B757FC
+services.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . de0keo47HQjptE/CJdtRq1BhwblxQoCHrztLRRIVpnlw5bTx9ww0/42txavw5M8DIbxDtwit6Ne8zrOD06+uYm5tmtyYbYOATHK/pEPxeB8R0N8N6xCBtLKnaG58YZJ9b5tND2PV5atKaO+q7pQKrK9+86fiL8vnxNJottUIhDEZiG+BphIVlbpKje/aBdm3+WaFyyVUQlSaTYq9wsWw+R9VLMwAeHDBnGba1tUIusBCPVLfLXov4u60eZqh4W6mL5xu8QxWKTkQXVPc4uUyvlwBCaZgjWkA3EoC1Vq5uua/sH1BYAdym4CIICYxUyHYAuRFCo7wMrJcSWWZGYJ79w==
+services.		86400	IN	NSEC	seven. NS DS RRSIG NSEC
+services.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O0nhp4V3GQhB9nMMkfKxSlr962JlQ5jvNDlpKvS0Rpkg2QDPIp2j0YIjafOpxgnIbQe82G09X/v3I/KbQZLMnAMZvfRfM3Tx7RhUGojh58JkL0Ub9Y/SioR/YtY3JcNkQlovacCZfjiE5hU6d9r2zT6qBLA9KcjGMpM5oex/tuZZM2jVgbPVP5uzHBCF7B6uZ+HlRmQNeSLyGdyFhHM1EKwAbv6ODcZg7Yqd5yN/n+5+58eaTBDhWXwpmHkoYLDslDqfL7SmDq6HHz6zkMnKEm/tUJXdyEASZO3gUHdL2wqpoyK1CNTVD7ZRdvp9S+AVyVUQSOCenuV/NB6vdv0gZg==
+v0n0.nic.services.	172800	IN	A	65.22.20.37
+v0n0.nic.services.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:37
+v0n1.nic.services.	172800	IN	A	65.22.21.37
+v0n1.nic.services.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:37
+v0n2.nic.services.	172800	IN	A	65.22.22.37
+v0n2.nic.services.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:37
+v0n3.nic.services.	172800	IN	A	161.232.10.37
+v0n3.nic.services.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:37
+v2n0.nic.services.	172800	IN	A	65.22.23.37
+v2n0.nic.services.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:37
+v2n1.nic.services.	172800	IN	A	161.232.11.37
+v2n1.nic.services.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:37
+seven.			172800	IN	NS	a.nic.seven.
+seven.			172800	IN	NS	b.nic.seven.
+seven.			172800	IN	NS	c.nic.seven.
+seven.			172800	IN	NS	x.nic.seven.
+seven.			172800	IN	NS	y.nic.seven.
+seven.			172800	IN	NS	z.nic.seven.
+seven.			86400	IN	DS	18001 8 2 D8F64C5DEC80B8F15B747575C020A3E5249C703D05009D88D091E0D28B1168F7
+seven.			86400	IN	DS	65404 8 2 4C4105485919CC132CEA83E201B0678F71CC7DB260E8BE86DE560A8A1864951D
+seven.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mFKe8OprfkOMRxFtVZTu5hXssQynFUZ/uHNwd10ga3AEAOPQ343JtWTyOxixEqRQ55eHi/BLS68RHdvdi8n33LimSaxIvOH87t+22D16VjvKWFZxyrXqhxVKDdcsLEMbBwIPtQ4KtzbslfzL52TG/YXT7/7RTjdcVhYB3Ab3cP3nkgqQkmxjNF1KnaWBikU7Ups2XSSDvYw9uLlROdnS7utAGy8AqAmnvhjPqw8ZfcP6gLS9Qn1WRMgABzuymI0WOHPfOeZrGuCSrahrlNTWiOwH0+g5UcvYXg7TMtCj6knrOdguTlvKgXTwKcF48YvJhkYwEz8fzWGEAoWj2432Lw==
+seven.			86400	IN	NSEC	sew. NS DS RRSIG NSEC
+seven.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yip/VZviVEkIMCChVQI3fz6+pCRQG6TFg61NlUbd15Ajnb6mRZr9OHIrSjMSeL6Sy7VtNRzOjf72lWjQ1KaXdn3m2ZwLZfOmE4o86zyMn4CuUTc9ypiRvum7lPeAUJ0jCuDkyVV0yNlY9YAGp2L4Gj1h9hVtFVKkKvs9JDDE7KsnnrEyk0xnDIeo9AiKTDbIsLsxBdBzvkjooT8ReOHZMnIb/qcvpldtspXlWja1QoMxmfecDdG3uBRBtH8Vx97BQWJFuXD+Gmq/64c1GmrXMDv7Fv77ossL0SdQ6glelUIoC0YQ3bgVRyuHGPcMKZWdCISsnDC7BtCRrawrBtxmqA==
+a.nic.seven.		172800	IN	A	37.209.192.9
+a.nic.seven.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.seven.		172800	IN	A	37.209.194.9
+b.nic.seven.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.seven.		172800	IN	A	37.209.196.9
+c.nic.seven.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.seven.		172800	IN	A	156.154.172.82
+x.nic.seven.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.seven.		172800	IN	A	156.154.173.82
+y.nic.seven.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.seven.		172800	IN	A	156.154.174.82
+z.nic.seven.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sew.			172800	IN	NS	a0.nic.sew.
+sew.			172800	IN	NS	a2.nic.sew.
+sew.			172800	IN	NS	b0.nic.sew.
+sew.			172800	IN	NS	c0.nic.sew.
+sew.			86400	IN	DS	24562 8 2 F058B69DC4842232E352DBE1485DFC257AD1627AEE9F4BF4DECD967307E30B1D
+sew.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . d+sexZuyVrNkJha2N6X2wFlmf7Ka02W9PHN47zw0rnDAZhdSEBggthNke/aOw0txtsXrh7m3Hd3CFlKGN3/gCI9cR+NgREoeAF65AAHmo5Pa/g+BPeX5Il407JibnCeo8rZ4vOZkE9X18ZDY2P1Flce/QD7TbCz89pIu1+C252trTlNvE6fi+UENT4NkbKdvT/ZMIy3/D+w9VYW89EGgpF6yBwxxFjWJtn6mviOgnUBLr793TxCEioOVt7O/9utS8lK5AJWJ6DaNVGluuDYwX7Y4Gay8H/2BCr4K8fDD5W2UBY6Xt++RaWTRca3PBP+8/DKzzL171iQ5HNnuZC19vQ==
+sew.			86400	IN	NSEC	sex. NS DS RRSIG NSEC
+sew.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . abF+5k3B+dezwgFt9J0ywB9buKWXwcWwp3soNmfDW809nm/ax9XNQSaV+E6uEPJNnK/z9qmvG6xQ0FJS+m31WYOtKI3FVEtnBsEcDeoFPioJ5/N2cUcEIDbt6ZTuWRgkIxJld9Vqoz0dOejmrdsMDvBln3+ktcGJvzZPJ4T9Uede1f3sN9i4T3+eRAPM5hnyYObsR8iITKkXyYsgUPLuOX7J9uNMu48/LkC2eDtoOSJ7t66Vq9C+cr8bdYzmF1NKKsfPLNBxymHMIk0JMuqVr0cbmrNoh5wGO5zMWV5E7D0QSzHOd2GWZdbFC7Aj5uuAqJw1ZQ1+jpdud2jPj8dZvw==
+a0.nic.sew.		172800	IN	A	65.22.188.25
+a0.nic.sew.		172800	IN	AAAA	2a01:8840:b6:0:0:0:0:25
+a2.nic.sew.		172800	IN	A	65.22.191.25
+a2.nic.sew.		172800	IN	AAAA	2a01:8840:b9:0:0:0:0:25
+b0.nic.sew.		172800	IN	A	65.22.189.25
+b0.nic.sew.		172800	IN	AAAA	2a01:8840:b7:0:0:0:0:25
+c0.nic.sew.		172800	IN	A	65.22.190.25
+c0.nic.sew.		172800	IN	AAAA	2a01:8840:b8:0:0:0:0:25
+sex.			172800	IN	NS	a.nic.sex.
+sex.			172800	IN	NS	b.nic.sex.
+sex.			172800	IN	NS	c.nic.sex.
+sex.			172800	IN	NS	x.nic.sex.
+sex.			172800	IN	NS	y.nic.sex.
+sex.			172800	IN	NS	z.nic.sex.
+sex.			86400	IN	DS	27487 8 2 E7625E71A6BC32BF10D612BA2D17E02E62641A5293100A82F389CA415CC71BFC
+sex.			86400	IN	DS	53905 8 2 1BC21CFA8CE05AF75007AE4E83667DC97EB6939B9253CBAA0D124C18D49F09D6
+sex.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L77R/anhIesDYQ70yKtSv666uStk7H11tcHZ/kwFFQt5Ou2eCTYi9JjGpu47vPpgGsph80pTtRS54snH88+RpCOAH3vQvwwvBq56ZhjqEPTWtvVgeJI/vsT7xh/eHhnJxB7D/B7tUc75ztCCna1lDDw66U1FKz/E0wtRaAAU7nAg/QYpFcV1IV6k+Q2J5n6o7rR5+zTYYqejzYJZWWg9Pr+7zuT9uRnge1LKxCE+jS3nk7+epwYTviChPha3M8hltOKRsCthVIUnneSYHRg4qEYQIK1rdELbSiNBwkGpZfrK2+RFW+Z4vX4zqB9XSFRpIKb3nuhrI2FNjnzA6F8YiA==
+sex.			86400	IN	NSEC	sexy. NS DS RRSIG NSEC
+sex.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . poIk40jsPsgLE4TVAd0LtaJfHllU710dwrz5yEVDxflqPj5mD3y6bOf4eyM/k/ClmKBOV9NI6l7twWO622hT0Lh67RC8AkZ2RxF9Q6z+B7EwMjkl69Cq7nsjmZZJZrcbCwIYm8N2NhzW0P3+wQUBMdkxr0tsUe0ESea89CJAouLBcWSZsfcbYgbhgXff05u7Lvr5M2F7iuG3q1eF6szGlgWtosFJ0jlgZO+gzEEJ76aTn+KyiiCZqZ81uAr6voR7GM56GM4ytw2SpaLwyE+PUcF8rMs7joxVd3sk+9mScnty3kGL/MVBU0v5senfWrp7JIUwio5b2iT5R1WBztrOPA==
+a.nic.sex.		172800	IN	A	37.209.192.10
+a.nic.sex.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.sex.		172800	IN	A	37.209.194.10
+b.nic.sex.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.sex.		172800	IN	A	37.209.196.10
+c.nic.sex.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.sex.		172800	IN	A	156.154.172.82
+x.nic.sex.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.sex.		172800	IN	A	156.154.173.82
+y.nic.sex.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.sex.		172800	IN	A	156.154.174.82
+z.nic.sex.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sexy.			172800	IN	NS	ns1.uniregistry.net.
+sexy.			172800	IN	NS	ns2.uniregistry.info.
+sexy.			172800	IN	NS	ns3.uniregistry.net.
+sexy.			172800	IN	NS	ns4.uniregistry.info.
+sexy.			86400	IN	DS	42010 13 2 A0E135AC7E6FFB2CAD1574C08C837BB5D5A4E34C60356498389E69B55943D58C
+sexy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oWetIxu7W82kX69tuSjVMuObMMC9MSkqouCHlQmSWaXT/GQC1GpoRVsB9gNU1V+F8mOyMUtt+tNLhgz06GUrXiy/0UXF93bnp+wazvLlVn8sqJz13EPuvnJg9pF7wynEOn6fNYyQ4EpOqfZNea/gtCxG0rXE9rpJrETnC85KkaOCDzBswAktwxI3KbNhv6FfZXRL3sx5FqhaYD5ktuxt14yoNFl983DCuwTKQZwfapeYP70fZZ9+UsdckHa28TBAgFrI9i56euSzt+pQ1hIneNH1g60auxWo5dGUEtFbR6VrHU4LNWMyZTnBScIzMyFSbWQBl7t5iRTf1258PI7Yww==
+sexy.			86400	IN	NSEC	sfr. NS DS RRSIG NSEC
+sexy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kiC2n5laT4FFDgNH1866aelVYj/H+QjvxKH3i2kiohAs3EwDLDn61iO8FlqmHHuyh+31iy8bi6prX1QFpZnl61FEEgz5QV7d/PIbHA7r1ZgJNsuXmclv1OxbOgHa8EL61sFZaeGdomznKzIjcbJBDYWXEImlvCAXJc586luVHM10I/VpWhISQ8GVqiMx3MY/s+5oalQdAhLoWeOHA2lbxJQbAm9HLalwTXbWWtF6pOfwrs6tqv8WDyTBn7VNq/FZZa8Nbb8qBw5XDeU01Qu2fO9aFI43zgkmR9B72HAYh0pDIiTj2eHFk025hzmS5vAYPphf7DbjCmNIOKHTkqoyBQ==
+sfr.			172800	IN	NS	a.nic.sfr.
+sfr.			172800	IN	NS	b.nic.sfr.
+sfr.			172800	IN	NS	c.nic.sfr.
+sfr.			172800	IN	NS	d.nic.sfr.
+sfr.			86400	IN	DS	7923 7 1 E348A086A9BC4C214C16FC529E64BBEE506739C4
+sfr.			86400	IN	DS	7923 7 2 E3B4E6B0B3447C29949813283B4308546B1BB895FA1E2A39364F918BE581BF01
+sfr.			86400	IN	DS	51274 7 1 BF4509A051E4CB1206784FB08211043BE36A495B
+sfr.			86400	IN	DS	51274 7 2 4BE38A9FC56F65E77125940E4FFDACCFFC39380F3E74BCA025B0206EB8E8628D
+sfr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RXehnencW7IJ43dRnRhPEJ6KnmF3LZQa9YDsb3E0upABKR9/mGa6teHgqjwlx1jeM4h/PQR97fjd+MS9+H+cBDcnbcUEUHMcfAp/G1ZytYdU3VPiHhqE3g5stxDLoK53DPQNF9BwIg7MeYbkbYp7mE05rxbYQq08AjaWBhx3m1DuGSFgR6BDxg0iDSxME0ZTqB1PBt0LmNQM4KdBBv1Evb5KW6qAIaP5nXi81feGvT2oxe9OfjSInTPJZdwUbs+ToKsVgiiuszFtZr1qSGR5mDI2UAAQ2BFsl7G7XXNDY6rX6gmCSF0lLDswZ5eA24G0ul9Ga7JxXGjiUosjYIyVxQ==
+sfr.			86400	IN	NSEC	sg. NS DS RRSIG NSEC
+sfr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EdoV1e2CIsnqdBmjc4kfoP//n9ATTlyrRIwzyVWoeaJCxCz9WKYswPd3AJ+l24vgEWZKdL/6vncFhynkvAuRoZWUlODrPpdenFdAE8qsi4+5bWYqqo3Lre7KRRIj2m8r8SgaQUTwfXVYXlsXc2nU51h5rwecd3x+aZl2mWGz89JbKYvcnyq7d5nS+m6i2rxxjeBHxpjcCyUXugxOk8LkVZDv0exOLFgBTxd1iSu83NOSF7hlO63BweOrQgbR4lKzIGw1nT350zGri/FnwgOoBDi7ym5NK8EGoFjEiNZUyz/6GWF7g/nJ+k5uGbGKQsDnmr+VZ2v1pagjGN86GnEgiA==
+a.nic.sfr.		172800	IN	A	194.169.218.100
+a.nic.sfr.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:100
+b.nic.sfr.		172800	IN	A	185.24.64.100
+b.nic.sfr.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:100
+c.nic.sfr.		172800	IN	A	212.18.248.100
+c.nic.sfr.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:100
+d.nic.sfr.		172800	IN	A	212.18.249.100
+d.nic.sfr.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:100
+sg.			172800	IN	NS	ns4.apnic.net.
+sg.			172800	IN	NS	pch.sgzones.sg.
+sg.			172800	IN	NS	dsany.sgnic.sg.
+sg.			172800	IN	NS	dsany2.sgnic.sg.
+sg.			172800	IN	NS	dsany3.sgnic.sg.
+sg.			86400	IN	DS	46664 8 2 B9E9522B9E345FD54E73E8EBF3D3CFFF9A09189FED03F5106D8EE3E345FB80B5
+sg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AABPOZFyNA2TvCv+rLwxV9aKehtutgKAyvXXoJxMUj10KgckRxZyU8Thb2SnZY9s+teWGw8ZBPuBv0/+Hr1dkpQDjLSbCf4/58kuiLdk4CDQPjpA87jtWRDonsIe20WSLu2kcKZ/1JiOuvGfUtp/DrGt+t6i36ix1j7iUx7woYrmBieDrE1sRP/ZP1ZomXiEpAkMjwWxIKyu3UmY9SFyypzPMVzmmmfy2sr9rN2oXDzgg7HxJ1naIxTSqeYI6MPRpyFRqrfBPs775t1WeUSbty3xldswYb6BbkS0eSScnTkS/V1mRjavl8MgZeDtX5+opnd5BkycwL3Re/t/eBw/4Q==
+sg.			86400	IN	NSEC	sh. NS DS RRSIG NSEC
+sg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . saikgAeILbdXl+ucqDFVAqxAiGz3DhCSKwrP8DPXlUcIlfz2QFdKgeydut8M1bEfq2PNvmZetZ7CMZdi/rngYH46AyhbYPeumnwht+G0CmbCu62sav+dvloTRwfMgGmuVD9+ob9XqWnSvZvBjI0wuHlW9zL79YOkvJA88gN4WDs1mPmDhSW+wbN05r5eeWap7pVqOe1M8eleUDs9WF5Hm/dhVBr9ad6qULELErD/WNmHffGHxglkYg/X+BU5SFxorjtwwYBRb9IXPGRXZJuuKCaL+CNg1LZoq/EuXavVg6+YJ8s8RECZ42H4UgLNxYnMvt6IUojcuEvQCuT2YSxhKg==
+dsany.sgnic.sg.		172800	IN	A	120.29.253.11
+dsany.sgnic.sg.		172800	IN	AAAA	2001:dcd:7:0:0:0:0:11
+dsany2.sgnic.sg.	172800	IN	A	185.159.197.170
+dsany2.sgnic.sg.	172800	IN	AAAA	2620:10a:80aa:0:0:0:0:170
+dsany3.sgnic.sg.	172800	IN	A	185.159.198.170
+dsany3.sgnic.sg.	172800	IN	AAAA	2620:10a:80ab:0:0:0:0:170
+pch.sgzones.sg.		172800	IN	A	204.61.216.57
+pch.sgzones.sg.		172800	IN	AAAA	2001:500:14:6057:ad:0:0:1
+sh.			172800	IN	NS	a0.nic.sh.
+sh.			172800	IN	NS	a2.nic.sh.
+sh.			172800	IN	NS	b0.nic.sh.
+sh.			172800	IN	NS	c0.nic.sh.
+sh.			86400	IN	DS	55297 8 2 BA339AD6E081DAD292A3F473CBDD5ADC53A0222769A7C6125F506DD6A813787F
+sh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MpzW8blHL8xsFPkE4SQdYyswtV11iFlfJdKt8Qp7HlGXFi+J7TMoN/qm8EGj1GPEFltLpRI5nLVJR0hZGVnvJOAs3APuf4Mna3TG63urS64I1tafh1RXEM3A1CdX65bhtgpqBy3ZpMNbtLFHc7BqMe7FtbfiFXQKPdQ1Za75R6jMSRq9WgLi8uVOTf/kF3+VIr2e81YsrSgwHY+kBPpRoxRFjf9QQs3afaZ2cfDzgt3y1vHI04nzy9ewXbnFKdfv2p2Cik0WSWXKvr6BL/NyiR6ZUtw5lmjdAwBWttKBIRJViAH4teEYFl6vZ3fDdoHa8IxLk67TD6koKI7287u/oA==
+sh.			86400	IN	NSEC	shangrila. NS DS RRSIG NSEC
+sh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Zatc7zrT8bxF9V4VrwZ93t+trIQdEriktQlOyJ50Cxi9gNdEAXr7rIvN9xB9vD6SpXWf7mJkykVRqysWimrMUDkpEP4TxPDKGM9Rt2JrcHGvUm4Tx8uFy4K7Bt4hYob1wbGSwWT4+00YTV7YIaHcqRYsozg6JaPgYNwH7Z8xOvMiu02zz2EBXM0tCLzwFD5utJSelAbvn+gy063EqnrA7DMd3fMXmStAynp0UZwxtv2EbllgBIAHzhR3cGNGx7CEAxtYuHp/zKQYXfM0Xvyn3vompQmARko/BjCMMDoYC8cLvuIOzPTZQzW17NMF7FvsWhbieowlhEitUOvVtnqbBw==
+a0.nic.sh.		172800	IN	A	65.22.160.9
+a0.nic.sh.		172800	IN	AAAA	2a01:8840:9e:0:0:0:0:9
+a2.nic.sh.		172800	IN	A	65.22.163.9
+a2.nic.sh.		172800	IN	AAAA	2a01:8840:a1:0:0:0:0:9
+b0.nic.sh.		172800	IN	A	65.22.161.9
+b0.nic.sh.		172800	IN	AAAA	2a01:8840:9f:0:0:0:0:9
+c0.nic.sh.		172800	IN	A	65.22.162.9
+c0.nic.sh.		172800	IN	AAAA	2a01:8840:a0:0:0:0:0:9
+shangrila.		172800	IN	NS	a0.nic.shangrila.
+shangrila.		172800	IN	NS	a2.nic.shangrila.
+shangrila.		172800	IN	NS	b0.nic.shangrila.
+shangrila.		172800	IN	NS	c0.nic.shangrila.
+shangrila.		86400	IN	DS	62932 8 2 FE4A231C54B837A4CB8EDF50861AD9739F580B1AAB76AD8230BE6ED655D57A59
+shangrila.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mlaI17oXtD+yeYKn7Fhc+6uj7dPAmSm3gtHZn6bjB/JBv9Zttzya37PC1SmMtjAAxmlWePKHPsNzQSvTq64uk9SUMHHQ6tU8ePLNuIr1BQiOZJw+LZVhaDmtzOM8hAU/2oQW9ZDYx1xBT8xAYyR92Tjwff427IPwjDj+OQcwjACF/hi/QwgPFUza8K/Uw1BZzjSGbH82+3q8WKLPPUjtqIGPfhpPAc99wZjkTPVSkNiFOPcQ9s7bIcCgkMEF9openyr/8h7q1gpCzIdnzJpdeTehvrdhR6cvZ6JRuJmnNxh99Zg4t+i2VsVXL2bsSAHXCp9aRefEA45cDvKd9nJDYg==
+shangrila.		86400	IN	NSEC	sharp. NS DS RRSIG NSEC
+shangrila.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a+CWU9GM3thGoSQr5royk6OWGjtQJOT9niny+3ZbHyIc1ArRndAJiRq3HzMF5VQ4inqQ9j3z+8kfPECbETXzHNReikC9prxdHyp/HBHCxuSAGCDTwkDc3ec9rrlurVS26b+DmLQt2MR0DM3Cpep9gkWn8AEGyDaBZVeG1xwlIERjUrVvfPewJuJk43wm0VkA0gqJ0oaScAVPxNR4Q+8GvclY9dugL1tNa5Hj7sxwbiKhPsYZ1Xsa/4c8wdR7IAMCKJZ/cRvGT/Eszj1WGge2EOHgQLezlHrHGjmgAvEaFVmsspL0qkRz5lPCmY7qvSGi/zR8YxKPjyIKF6mEjVSRCA==
+a0.nic.shangrila.	172800	IN	A	65.22.112.68
+a0.nic.shangrila.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:68
+a2.nic.shangrila.	172800	IN	A	65.22.115.68
+a2.nic.shangrila.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:68
+b0.nic.shangrila.	172800	IN	A	65.22.113.68
+b0.nic.shangrila.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:68
+c0.nic.shangrila.	172800	IN	A	65.22.114.68
+c0.nic.shangrila.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:68
+sharp.			172800	IN	NS	a.gmoregistry.net.
+sharp.			172800	IN	NS	b.gmoregistry.net.
+sharp.			172800	IN	NS	k.gmoregistry.net.
+sharp.			172800	IN	NS	l.gmoregistry.net.
+sharp.			86400	IN	DS	3872 8 2 9FBCF0AFCB45E677CB42680FF35DEFD79F8ACCACAAA47DF92CFD08E73A8AFCB6
+sharp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TsB2sQYYIOYe5k6pe3XcrfbFGEEV0Ac1YgeSFlGkE+gMIeKfMM8P2hURg97uMSuPY+NC3Kl+vzmlxJloMb3i7Wzq7ue4zsZ8WOh+9ue3mbrfPLKFKA2TvikgkCN31IecA1Vu05aF2Lr3uHjoP0c4/wH1ZlVTY1rjVOWRkpGOBauQMsEfPsw338kDiRBSZxNcHcBRB2f4yxik2XKAsvLLGwqeMc4+G56wVgBpoKsbOde0CzOD1605Mj13Fx6ytb5qKBZCHXLszDcd9rhtmvbUUmaY8hwPLHH07+FZ7aAyKdamJPwBUErXsrXdB3tQOlpzzXPfDZTHZ6QPHX0xrcNbtg==
+sharp.			86400	IN	NSEC	shaw. NS DS RRSIG NSEC
+sharp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nnQeYUFK9sYFVxfgJjC6yq/LOr+oyb1oNK4jJmQb7ZmdfjJFYVlPSI66ull6tWrmlw4oaB7S6vm2hqWlkXMpsH5rFla91fhslXzGO9pe4b5/Np9JkugB8WaUX1NygLKqSZWcLsu9IyerGp3BKFD0EHFfLCGOsD7Z6iHn+cCGf+oyToRqUA2JhLD+nFGpnbFSiv74jPPLp14dq6POAV+DJ/LhZ52W3osaKoy+igHxwcu880VQOep+Y3XCQe82xdmQqelvH5KxDhIOm8QgZVkT/IqljLC4CKwL7qqnWSTOjQa4bujwyABpdZIK9PrRzbnppNNb4miu/sL21EprMcbVoQ==
+shaw.			172800	IN	NS	a0.nic.shaw.
+shaw.			172800	IN	NS	a2.nic.shaw.
+shaw.			172800	IN	NS	b0.nic.shaw.
+shaw.			172800	IN	NS	c0.nic.shaw.
+shaw.			86400	IN	DS	29284 8 2 A5D4CF180AE979A32069CFC69304AD40F0BD7E0B6CFBD0B5611E49D1540EDBA4
+shaw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rrPpJ7pWj351kxpkM6houzIaiIsoUJV6p1TMj2xAFGfajE2V0MRpYkgrxSPkS4OJSrIiONAdLig7yG6wHylSan4rDLP6jBnJheQxNRz65h9VWz9MBLGIEuEjY68SlowGtD2KKDMJc6wkQ/fX+B/ZpUExJXqxisIIZp4V4kg65ljHykHz9UdM1QHqBO0yV+XklOsO/hwu+T+0uXJsSRBRWgZ/vbG/JLKc4zzT2Fy1IX+9MvkvmRuiGntv38ybM1ievybl4J+2BphXIt/JM/Vp4r90AksCzjegM4uAEK8MxoKaco16jVdyPTUWp0aAGMKOKuYbxrJFXH7SsvgPTJ3xEw==
+shaw.			86400	IN	NSEC	shell. NS DS RRSIG NSEC
+shaw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 11K69Evn1K3W3YH3G+tQCjYa6ZsELjquHCWQV28xgjfct7JmAdVRwruuFnUx13Jnd4qJwvIh6Xh3fqU7Em5vTuqwoC/7wmh8jMawT936A7GyFywXbTp2N/PqaMOkw2XpARlnVGbxPPTDWmKqGvObjLOw9GTqLEYIiSCtkPF+PGJeqs2Se8BYznWRe6gly7w1fH8TQi+noNCX5xDNl2A4gx7zWtxczsD+IVDEUugF9HDgm0mJELQJqiH69sFAXrMKtyz3OWKJ/0JVxQ+gP8LUhZenbQrFc2O3ewdMPwxZljx5V2TFcXMGjPFYKRnFj62S39BEPBTJjOteosN7kXaIvg==
+a0.nic.shaw.		172800	IN	A	65.22.88.17
+a0.nic.shaw.		172800	IN	AAAA	2a01:8840:56:0:0:0:0:17
+a2.nic.shaw.		172800	IN	A	65.22.91.17
+a2.nic.shaw.		172800	IN	AAAA	2a01:8840:59:0:0:0:0:17
+b0.nic.shaw.		172800	IN	A	65.22.89.17
+b0.nic.shaw.		172800	IN	AAAA	2a01:8840:57:0:0:0:0:17
+c0.nic.shaw.		172800	IN	A	65.22.90.17
+c0.nic.shaw.		172800	IN	AAAA	2a01:8840:58:0:0:0:0:17
+shell.			172800	IN	NS	ac1.nstld.com.
+shell.			172800	IN	NS	ac2.nstld.com.
+shell.			172800	IN	NS	ac3.nstld.com.
+shell.			172800	IN	NS	ac4.nstld.com.
+shell.			86400	IN	DS	55158 8 2 BE8C4AB62CE5F9AC998C8C1383340F7800A43A6A903F061791B19AF6F6DBB9D5
+shell.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YzN/MQp7Vnb8UsT+QUu0jg3Tj4FVfe4uNjeVpu3iWSDr/X2FNvH/FhOp1Ou6h3kf2/8fJCm+3HRwJXC83JdLvD1jHYA/OZke6iSZ7jCveF2WKI2W6nMGVny6D/U7ERcg+RrSZ3cSfa35GIVvj9lAu75jxJM9YzXmDxn+ssAH1BNkGEOvCEL0/5A+W/GgyfxeWRR2Exs9wmjmuse2oJVSva2hKSwun6U6iy6O3iI/Fg1UJccfpJYqlJ4oSh4nzU1gcdavIwxaRS1rLh+dTtERmVofz6ZfWzz50ECZ92xsCtSDovSRRDiv1VoInPBAqy+/6gQYAKAJVSwuRhhho2zryQ==
+shell.			86400	IN	NSEC	shia. NS DS RRSIG NSEC
+shell.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z4TvdiVxs5Rg/yslBbrWm+CL7ZLTS39cX2rHsRmdCeNhLx29F3Ut7k8irBEQ6wuKR7z8vSEeRtJoSTka75YKqL9zQERIWGjqJoXoi/Ybi6Q1wOFEFXkAUUnXazxqVnbhHRQdEP3kruDLTH2vRJ3qLOOYlZtbV5kqu25MCe8c7Zvk9SVIbay3+VngwwmHCEV6sKS70Tu5kyJjcLxD5cATnYRV8/UKwWlgc9AG4z6Y3/ES7wWajM8KO/W7P6hHLeuyFxK3eJC8fi/GU1e7qd+3k6o5gAwO29IEM5k1u6i2fgK1hQaVMaIqPjH5X2469TWR+gzQXrgBuCs70+2M2fYopg==
+shia.			172800	IN	NS	a.ns.nic.shia.
+shia.			172800	IN	NS	b.ns.nic.shia.
+shia.			172800	IN	NS	ns1.anycastdns.cz.
+shia.			172800	IN	NS	ns2.anycastdns.cz.
+shia.			86400	IN	DS	60644 8 2 DD38466778B19A58A550B69E4C5B0ACEFC7AAB903B766A805DEAB97F282C913E
+shia.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LnlZNsqMNNJ1UocsGOF+64o0DPPBtFuwxWYgSLLRRqfHMIXxckLK5vRrZA4OJ4F7NEW7MqbPMgnZ3UqazYzmLbf5PBGSMQev01hBE02sRhwZYCBcNU2bVr6kULvvv8YThl07WktZipSeZ6PrLPx397GEWPQu6oeGYU9d8DwaUqv71xawOlKwfon1k/MaqAtnb+9mM6fvX6hmYTsfamn0Z1xv9pGs8KECfBb5fUJNuR6MFdZnzki5vguUjhN/on1NBDJGsc9UbwzTEkqwd1GI0A9a8Y9jdH2BTtWVkcHFGlQ//SJFl5Nutl3SQI+PJw4qX8r+jrmYVRghKvamRwUIvQ==
+shia.			86400	IN	NSEC	shiksha. NS DS RRSIG NSEC
+shia.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JhCUwNElx6/Tog6PqYUUd8/eDhJv69BGbEkIteRfNJPIgfvHR/Lv3iFExNXAvkPrZmzE2XoOJbzopyX7hPodtq0g/p1FVcnPGq3hHxCgzgK/c2riDWDTgiNIEn1K59VU1zlVzTwaHlPF4r5y4ssQANExpkv5cN0It0XvboSUucfUlZKSViVckEoNIkk+q6ClZWc8UHQY+jlTSQXn5CmREuWdbPRuOnG09awgOfdL8uT1fkSmjSfsDfApOqbuS483+aVp9RnfJvIO7TGO5xHSP8lzuKPqV1toQpGwDWWAWndTGjPWTenI3vh4rn7g2Ua2lhdAiBNiJMmGlWiaYpy4eg==
+a.ns.nic.shia.		172800	IN	A	72.0.49.7
+a.ns.nic.shia.		172800	IN	AAAA	2620:171:a01:ad:0:0:0:7
+b.ns.nic.shia.		172800	IN	A	72.42.113.7
+b.ns.nic.shia.		172800	IN	AAAA	2620:171:d01:dc:0:0:0:7
+shiksha.		172800	IN	NS	a0.nic.shiksha.
+shiksha.		172800	IN	NS	a2.nic.shiksha.
+shiksha.		172800	IN	NS	b0.nic.shiksha.
+shiksha.		172800	IN	NS	c0.nic.shiksha.
+shiksha.		86400	IN	DS	54049 8 2 B4DD9094C19C5A3BE8D6921D695F16CD6412258FA8302E5D7879405E2C0EF7DC
+shiksha.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jOgnVVvsWgj7HmrbrM78/68jxd3ConiOJZTCuWn1xWRCg7Kj7fJcMk3OG5MHLsTP470Wz7KZgS1/Vnu5TeDPYBqKSJCJERIK/Q+A+9G8eUobuj1CBegY5UN1OtaobjdMXix6eOXGS2Tobp76qi4PjYhxQoAhHvEY462N2qQTRhs9qal6DsqJUIsUikFujWQeiHNAQx0zzih/9P/WEqrDGv39jMJciZsSnTDu2a3hW6xwmC0ldOd8OFPv9mNfN9QrlamwSZ9+wC0xfWwAL5thYtnw2E2fUeLrSYQzfj1RtG84coBBuPpCCORmSUo2Npg2tq1e4pNragXtrBz/NiqJEA==
+shiksha.		86400	IN	NSEC	shoes. NS DS RRSIG NSEC
+shiksha.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BzUbr0G3eyGbV6YYqgnFryjESmCxSHq4hZipu+OCCVU1S0+1lZDJ9SfMqLQJJx1PzGmpC0iMRdy8bVtF6ak8jYNPwz/+DgxbQYULnoU54H/nyzCp89lbbT64SEvAhSfmlNRLIkryyzTWJFhiiU8XBR3LVdCwUCskg8JRBwA7cSm7Dm73+OqZpze2OFdio5OHi/kT7R/1SQeLacr69qvweUAWqVoMkg4N16X/buQnJPGmMirYbFekp2MXtRfLwiGdKtKdIkD6YQfuTX2pbkFa/nac+EDQOvQzX8aaJ2/bz444kozFbPu2CqVhV3o6CprVKuF9CFiiLtIqV46lWIJ4GQ==
+a0.nic.shiksha.		172800	IN	A	65.22.32.33
+a0.nic.shiksha.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:33
+a2.nic.shiksha.		172800	IN	A	65.22.35.33
+a2.nic.shiksha.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:33
+b0.nic.shiksha.		172800	IN	A	65.22.33.33
+b0.nic.shiksha.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:33
+c0.nic.shiksha.		172800	IN	A	65.22.34.33
+c0.nic.shiksha.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:33
+shoes.			172800	IN	NS	v0n0.nic.shoes.
+shoes.			172800	IN	NS	v0n1.nic.shoes.
+shoes.			172800	IN	NS	v0n2.nic.shoes.
+shoes.			172800	IN	NS	v0n3.nic.shoes.
+shoes.			172800	IN	NS	v2n0.nic.shoes.
+shoes.			172800	IN	NS	v2n1.nic.shoes.
+shoes.			86400	IN	DS	59242 8 2 E6883EE7853289AFF66B9090429F6573077638BAC3B5A6595B0C16108ABFBE9C
+shoes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SmVkdddYDU2E8FHp3dPdbeKnhtheEXsVfoyUD0D85+8GuvVS5oNxrVTBKfVmBCrKvzXytspS4mNAZ3UPeTLgE9rWiXOOG5X0/ezO10ZH17by7gP5SqqEmvOHwQjgJAQuSm0j9CSiVVCV/r9UtqynqeqJUkmAX7G4K2eJ8Qu6w89VQqdm+wZSZCY+nT+7MGc1ih74r6J+nTNfUzgwIUZNQwmQUwkf+4ONWQGUb/nYnCM5vSx7wjLnmOxDgDLb1pZk0swbF6cp2IVzSkB27YEWQ+3YshJAqDsocf6l6CUeC5kSv3M2+npm+LWa6PgOo8fZ3SMcEeqguCgY6oxEAWCNYg==
+shoes.			86400	IN	NSEC	shop. NS DS RRSIG NSEC
+shoes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HNNvin00jPy0Z9WjeEpU9HtmkEYmi8t99yvV1hZPFtZ12W+yNr7WczvSxCWgazNjmaY+3LT4dvCvacxpE9Ezk0ylkaPVy84qO1d6p/WzzWLZMLzKbrPhDVLmhD6IVANj9bGuQ8pII1nJSviCJGrOzg2ctx6Iv778StJEIwOZrtLCmlfIFCpdDQuvRVN2f+TxurioEfYgtkisP/wXjb1xH6DHcqXT2BqY6XnRrMopxn7VhcveF2AwmK5XvuC5Ilu1e7N65WFgZRrpDYo/Y04rWbvpElHD1jAyNLVAy89CsnRxp8ZProBgS3xcd5IGC8njmXkdxiOh/XAdnETWAzTVIA==
+v0n0.nic.shoes.		172800	IN	A	65.22.24.23
+v0n0.nic.shoes.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:23
+v0n1.nic.shoes.		172800	IN	A	65.22.25.23
+v0n1.nic.shoes.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:23
+v0n2.nic.shoes.		172800	IN	A	65.22.26.23
+v0n2.nic.shoes.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:23
+v0n3.nic.shoes.		172800	IN	A	161.232.12.23
+v0n3.nic.shoes.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:23
+v2n0.nic.shoes.		172800	IN	A	65.22.27.23
+v2n0.nic.shoes.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:23
+v2n1.nic.shoes.		172800	IN	A	161.232.13.23
+v2n1.nic.shoes.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:23
+shop.			172800	IN	NS	a.gmoregistry.net.
+shop.			172800	IN	NS	b.gmoregistry.net.
+shop.			172800	IN	NS	k.gmoregistry.net.
+shop.			172800	IN	NS	l.gmoregistry.net.
+shop.			86400	IN	DS	50701 8 2 30F44F9E79F1119AEBED349D3EC34F7AEDD83A58F1E706D8303C3BBFE83BC7EC
+shop.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F8YWtQ06YxiWVT7OJxr3WRcChFKxt+nXUd1xWcPzjLEUvspq/fyMlIGzmY2o58fj2oVn6k2HFQEPrWz7BgR8Yw0Fuy1FKIsKAitepHAeF8ICwy5dGIDT7z08fpRubJGXRM1026aaT2zr0O0iXT2hduertnw9rhGxWOZLhS2axgxyCNfrLZLETfxtihImNjYiF8yZ2xG3F6YHJUKE/DMWD1krMZbYaI7su5Aqckm6g41ojYKn1XMN7Rz+lfNRtPMld1az2p6cR/MbVWeFc3MzHILRQ0b7b+zXXl8LHph5VBzLjVwqC0+fx94ll/nyES55A1dAlzb80bdXBdiMNyqGFQ==
+shop.			86400	IN	NSEC	shopping. NS DS RRSIG NSEC
+shop.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wF44JSop8nZAXOfTlQk9u0JqmasNFlPTOfjbNXvd5kTqiz82hmPW12vf72WTjPrv2h3EjnKHGplex3STdPCj/Dma7rrYF5NpzIKsi+Lln+8p5TEZC0UhA2faAzdhD7Oe3ot4Ne1rcpkrhIWrdOaFelsUWSx6J40R+vx1xxRovBQsRTwyP/x2dR7KaN2p1Y8WTI9BWRSYWXCff4504piSfvpoFDkGApkKKY0kAuBs8h1UmVZS+pwboGkUpAXR5ZZlzpPHkZFF4GC3PuArgI2taf/BqTTKX8J2i2WeyXjg22HJa8ysp67U+xJT1olYShz3NAj8uCagDrOJYDwUXRqyqg==
+shopping.		172800	IN	NS	v0n0.nic.shopping.
+shopping.		172800	IN	NS	v0n1.nic.shopping.
+shopping.		172800	IN	NS	v0n2.nic.shopping.
+shopping.		172800	IN	NS	v0n3.nic.shopping.
+shopping.		172800	IN	NS	v2n0.nic.shopping.
+shopping.		172800	IN	NS	v2n1.nic.shopping.
+shopping.		86400	IN	DS	31984 8 2 372B561BD71AAD22ECF3C93491046FB1B6D5D23A25B899BAEDECB89A4C038C91
+shopping.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GPicD3XwoOkPT4XgCwWG7Ey9Si4afOPemAz8ra0knJxVboJojwPha3mMnd1neWgjdFeSl5OUdLBdGujUURTs5CIZPqtCO3hMsBFtTVyhzUIsDtdb9ayTQ7DsYszk9U0F7WtgTTB2P4KH6XXvrfr0vFYrzdQW6N952eL5y8G3cQ+g2xX4I1e4SwBAummvD8ViX/ltjJ7yNrmGcBdKAQjlbI/CG1lbgnQj6IGCKtxFRsskLhzQ6bjKsA9I63x5WsMS4JdSgEPJzxlHaLU30eZYTN2OGKOMEvkAd4u/JNxO++mF5wlgBNtwZV0RueoPrzhSp2yiOPV9+4eCJvRg+/4hdQ==
+shopping.		86400	IN	NSEC	shouji. NS DS RRSIG NSEC
+shopping.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zlf20h7mKC7kqpL0aA49+j7WJyJFY1N1KrWKnkmsQIZGi0Bx/1g27xY79R35swtTN1NAug9Ayn8U4gIchooGSypDDWrKLCapSmQAYVBRaqREUbyQBOEQcJewzrNbnGDAjPUWwffXrYC7qMuUSpbasGiV4FnOK5baqUJUgm+jBQxCqfm2wtpt1srpkMTqUQWrZ2exm+r8ZCPCkrY0SLsNl6BrTAMYqhQWlvVBUo1/9sA8Yy1bJPLqiWbqzoqeI3Hg8h3DReC3hVE96fn6ogyqolH1WRasFkgM/jJrOHPMwMNcobF6XrFbM1S55uPLWKxAH++Nu5dF8ykbIJ/rQbOXIA==
+v0n0.nic.shopping.	172800	IN	A	65.22.32.19
+v0n0.nic.shopping.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:19
+v0n1.nic.shopping.	172800	IN	A	65.22.33.19
+v0n1.nic.shopping.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:19
+v0n2.nic.shopping.	172800	IN	A	65.22.34.19
+v0n2.nic.shopping.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:19
+v0n3.nic.shopping.	172800	IN	A	161.232.16.19
+v0n3.nic.shopping.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:19
+v2n0.nic.shopping.	172800	IN	A	65.22.35.19
+v2n0.nic.shopping.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:19
+v2n1.nic.shopping.	172800	IN	A	161.232.17.19
+v2n1.nic.shopping.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:19
+shouji.			172800	IN	NS	ns1.teleinfo.cn.
+shouji.			172800	IN	NS	ns2.teleinfoo.com.
+shouji.			172800	IN	NS	ns3.teleinfo.cn.
+shouji.			172800	IN	NS	ns4.teleinfoo.com.
+shouji.			86400	IN	DS	27565 8 2 E9706714550CF565AFCB114FDA3DD0A4F105DB670E12074A1A26B71C34F69125
+shouji.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kiVRj6vhu3euenOI8a+ircTvFJBmE8/yld0Omqz830xrMdfkM7nG2Sw/3H9pJJz4psx+RiecWxGUx0ZpoIWX71uSjLzCTUd4cLKh/6ijVTCUSxRQYvSEW4dV/V3RmbhGXMaS6zgCcKc0XKjb8CLmskUKUj2+3kEzwedUGCP0DVWFfKywL61IKYrx2D7HMuf6zX3bWhTrHXw1ypoMmORAG98s7ojlrL1HJVr4o8Iu6zwtuP/7/gpT4WVSsz6s6+DMr9KMMXmUJH/A83UFORGx7ckRw0XD9vuEz/lej5BLqSuc7rpOBvUq5FPV7F1z2KFLyv9RVb4M9d2oBe/AZQtqCw==
+shouji.			86400	IN	NSEC	show. NS DS RRSIG NSEC
+shouji.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Utcp7HGN8mUppGptiwSXu6s3XjI0erVMU4KzUKH1aYvzauK8bPp8nQba1xQJQ/1JqDOPpGxTRpTH3TKoe+TzppQWYnzMKTZdyzamWEPs3bUkiEU4zcYQ2LdxmQyUXtJDw/1gk91+tMkBeZcVk7fLGWVdv3qlIkRgjqpsfeN0djAaYGpTpVBdKFj+brWnRsOTwoLrPcjWiWUfjPy5zNT/eSTY1Y5Vy5zSQcahVR4cppPef6QRAVJADBkFbcbDZjoNniB/7PXnuH468lYzkcaAA6EsAB0NYrGXouhNxkZhPtdSPyszGBRKB+sAg/aNBa92eC1R97ubTe2sIPBb4PMzmw==
+show.			172800	IN	NS	v0n0.nic.show.
+show.			172800	IN	NS	v0n1.nic.show.
+show.			172800	IN	NS	v0n2.nic.show.
+show.			172800	IN	NS	v0n3.nic.show.
+show.			172800	IN	NS	v2n0.nic.show.
+show.			172800	IN	NS	v2n1.nic.show.
+show.			86400	IN	DS	43876 8 2 7B05D715B0B79A0A0844D3283F0115D1DCBAE5C3D98EEC45F17DF09BC5963904
+show.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UzSKIldu9Nru2GsNSiXl64Q8BFKQGOLTeiN2nboyipfkZoLE22PIS8p9Kp1APbDEaGY8hUZAixugCJlUMMS01Bodz92fcUqTfNiTTOBWggq4EKfgIvoEsPpql/oFdX45n+WpUk1Z5za5McgeaWPK/5BAGcnqJJabfz6wyEWyXb3hCaxkCm9O2+IXgT5uqCx+NkIbCRB71jBMKtKaB71qqu66CVC1J+tx4/0WRBudTwmre7HVlXlbwj+tcCz9duEIVKIEolsDLAhURyB06YqLQwA64Z51J0IBdKxV3Dflp00Rtre25FBAMqL1+NNb9hDJlHvufC3LmP13uaMiT4BdwQ==
+show.			86400	IN	NSEC	si. NS DS RRSIG NSEC
+show.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ha0hnHKAJIeV+vTskv3SER0FBeif8KrZOu5qjJ7zd3x58M0eG1pRGC4HX6zl4mDkbP032cM2zjTDxYEc1VcA64xnxBRH3U0RBYjw5brL0dpwr8BtvskrwZrHSol8T2h6cWRaEB++WFMvyEqGaz7BeaZzB4vOa8RT/UMCFH1iZPp5a2rv/7MiKOzE6ugv7u6HcAHX9A1OaRtkai2KLLj6WmxRAfq42eNcuYThxKCYYgYFqg5TuEVqH8T9SmUSJaMD61iN9sAllENXNn873biP3J7SB5u4dfiiFfJa8V3MkR/dRY7ZIn81rulP5GYClv0UD1/7xKGXt4zymgU2Hcq7Vw==
+v0n0.nic.show.		172800	IN	A	65.22.28.43
+v0n0.nic.show.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:43
+v0n1.nic.show.		172800	IN	A	65.22.29.43
+v0n1.nic.show.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:43
+v0n2.nic.show.		172800	IN	A	65.22.30.43
+v0n2.nic.show.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:43
+v0n3.nic.show.		172800	IN	A	161.232.14.43
+v0n3.nic.show.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:43
+v2n0.nic.show.		172800	IN	A	65.22.31.43
+v2n0.nic.show.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:43
+v2n1.nic.show.		172800	IN	A	161.232.15.43
+v2n1.nic.show.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:43
+si.			172800	IN	NS	b.dns.si.
+si.			172800	IN	NS	f.dns.si.
+si.			172800	IN	NS	h.dns.si.
+si.			172800	IN	NS	i.dns.si.
+si.			172800	IN	NS	k.dns.si.
+si.			172800	IN	NS	l.dns.si.
+si.			86400	IN	DS	53074 8 2 D3BBE46AF529561A317922DF27D89686E06B87343F22BAC2569D38A549D996EB
+si.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yFMoqY5+8C+k8drMcUeQ3zxsYVYiUFReReFJP/puLDrPUd4MdEpBuwfuNsY/DrwrdWQBnsls9dvPj0X3vT8Jx0vlblbhyuso73myXh4Zf+bwhZAOR4o5LV2UFAiMnoQUY08UXJNoZh+wWKqZZgiJjCQkjSGJL8JKs/urRE+xnShaRFA4w9oHxUAoOoN9FGFN+7JAWWxgsry3aHN2GRb5W0ZMEMbXaZTf1Hj1CwPhVYU6pL8CnqMTCSEt3pD+LtfrapS6ecAJxcDXSaQeQtBDiPKTtMcq9tbrpg9jMv8x+DhcliXA2FL4wZcbTk0sbCcSZS5/Zz8NPiKjAqIddF/8Uw==
+si.			86400	IN	NSEC	silk. NS DS RRSIG NSEC
+si.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jtZ3tjm6YaJSv0PstwY12FeqYZo70tE3PKLXUzpLgODQRhal0pRaXfIbe4v0EPxmGzAg6ZIjIjawSy0IjoysYuAsVYD5jhQoiqTP4HK9BP2VAJ+IQnUQuIn/1k0zgb8s1248CxUh6YC9pDvxpwz767Bni/zaNyREdu9sBZ6C+A5IuB6JhGTWPQSyywVo8B0D7mUe0bLPvpuWNrWtJXmlDlII9UCIynvoGYwQnb2HabpPvhY0zjMrltIs/cs36DJy92ZoqmbcQ1vD2ds6Z4EOTuIelDw5ZojHHkCMSEndE73yrsyakXtyKSkUdmtFRfZWmAA2W0n2fskBbWgrGkilFQ==
+ns2.arnes.si.		172800	IN	A	194.249.4.44
+ns2.arnes.si.		172800	IN	AAAA	2001:1470:8000:53:0:0:0:44
+b.dns.si.		172800	IN	A	153.5.81.140
+b.dns.si.		172800	IN	AAAA	2001:1470:8000:53:0:0:0:44
+f.dns.si.		172800	IN	A	194.146.106.62
+f.dns.si.		172800	IN	AAAA	2001:67c:1010:15:0:0:0:53
+h.dns.si.		172800	IN	A	204.61.216.54
+h.dns.si.		172800	IN	AAAA	2001:500:14:6054:ad:0:0:1
+i.dns.si.		172800	IN	A	194.0.25.22
+i.dns.si.		172800	IN	AAAA	2001:678:20:0:0:0:0:22
+k.dns.si.		172800	IN	A	185.159.197.11
+k.dns.si.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:11
+l.dns.si.		172800	IN	A	185.159.198.11
+l.dns.si.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:11
+silk.			172800	IN	NS	dns1.nic.silk.
+silk.			172800	IN	NS	dns2.nic.silk.
+silk.			172800	IN	NS	dns3.nic.silk.
+silk.			172800	IN	NS	dns4.nic.silk.
+silk.			172800	IN	NS	dnsa.nic.silk.
+silk.			172800	IN	NS	dnsb.nic.silk.
+silk.			172800	IN	NS	dnsc.nic.silk.
+silk.			172800	IN	NS	dnsd.nic.silk.
+silk.			86400	IN	DS	23695 8 2 04017EC2E893A546BD7D73575404015A5C904B9C4DBB33B2995AE37B4DF0903B
+silk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YtMYHPNEqvMgjOn4Xnx5iG7cn9lRNvED9smLwIWq6ceNKFw8uipYt4HVZ2FHUOWqfC7bdKXvoAZs/H+IY93hXYgxmjNMVDEPc8dskzrfkt55vFb5hWyUZo8MLovuDE3+AAwizaYw0bVrf2zsvNJ6UVUI81MaYEkjTcy+NsN6UbXciugmYRyI1K21ruEpYZR9F1q0EAMR7pV7m5r6qqh3ohoRqRr4OKWlnXhy8dOFzxmY0yU/9cBj9ptSsA4V2TZIue14gm9xuIywnRHAxQO8KjQonvFTaJkBLOIwBOjw53yxniuMjus+fmtcy+YU27gJYLeXFqWpOzrm63RU2PUOYg==
+silk.			86400	IN	NSEC	sina. NS DS RRSIG NSEC
+silk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cp9WUGc8GaYByPx7QZzgBOq0OeqFVweX2krCDGNtGlmfCuIawmiDMnZ5mko+Y2y7Xgf5mgtc1Zop5ZxHaeLzfog8iqQMFIecEy1JLuP9AKUq+7gRov3VNnQaXDhbUMaUnyWadAYDRcJb4TShE9/NkhmNwEeFrSsP/3o6ybr8+TKtQuezdCERYMJGgJaAHWp8wwWgIzV0IerjeYsduBqCbT5+pY5QbNzKGBXLJhPke3NIi4FjPFN/w1XxY79Y4FlmfHl8bYYgHB+9pgp3zAAhQNgyGsd2iafyWHEnvFzoVEpP5xdoLDt2OhAs9Y98B+RJ5EE4BYlFDntLbOBbNyoN2Q==
+dns1.nic.silk.		172800	IN	A	213.248.218.59
+dns1.nic.silk.		172800	IN	AAAA	2a01:618:402:0:0:0:0:59
+dns2.nic.silk.		172800	IN	A	103.49.82.59
+dns2.nic.silk.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:59
+dns3.nic.silk.		172800	IN	A	213.248.222.59
+dns3.nic.silk.		172800	IN	AAAA	2a01:618:406:0:0:0:0:59
+dns4.nic.silk.		172800	IN	A	43.230.50.59
+dns4.nic.silk.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:59
+dnsa.nic.silk.		172800	IN	A	156.154.100.3
+dnsa.nic.silk.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.silk.		172800	IN	A	156.154.101.3
+dnsb.nic.silk.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.silk.		172800	IN	A	156.154.102.3
+dnsc.nic.silk.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.silk.		172800	IN	A	156.154.103.3
+dnsd.nic.silk.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+sina.			172800	IN	NS	a0.nic.sina.
+sina.			172800	IN	NS	a2.nic.sina.
+sina.			172800	IN	NS	b0.nic.sina.
+sina.			172800	IN	NS	c0.nic.sina.
+sina.			86400	IN	DS	39217 8 2 B177DAEF81C0EBD0C85DBA9092550EB8D14333806E1DB4C2C44AC9ECE76432A5
+sina.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PKPK4Rcdx7MIBrIdv8gQq+jaJ3F1sRyGyMzDI+MbxzSsLsuzsf4bFP2vC/7mXovUtJms9MPJrFh6MYaOg9TOx/5YwFaRnAwGvDniXqhpej8rUPZo51UOGUr0BZ9BMSBC9cS+hhloB4FZZAP0NWEcFglwwnh+SpyPO024Zm0y1oRjydD8qUOlthWKGdQRTBSct1s4Wnh7t3B8qmfUtIQoXX5poQdt19pwYCDvKEZnMVwNPdGsKPeF1kGwtWDTiVP0HnEMNdG6TvOwj8ulIFC7a3PuhWN1e7n+Qt/h4U2Smq49ockUjBYjWDd1akcb8KGO1DZ+DzbVD6TEX/m0dTYJ1A==
+sina.			86400	IN	NSEC	singles. NS DS RRSIG NSEC
+sina.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RYIXqqw2UeHmo41YhZ0nzhwIizCPauv/pPdxsKNUdbmPJ+DbQFqA0W/PvtY81ss67CtbMW89KIR69T2+mD2Gnnc9qTXyLbY20N5BuCXkYHv4oVAp3N4Om9Gu2V5I92YpB9ws2chTYiqSQ9Wdqa/4GZyxXDBTWG9HW6yHtlZUZXkEGeh4oFS3nzspSM+mgF4nC9GTMwBzLt3q6WmEX/BfeVjNd8M+fBSeLdvQMwsLpfyLaftf4IApjwMvLOqxmReK2UPLBkj4nKZpwzSrva2IDFL8VBp85dFviKMbPQg/2hPa3LGcMrnnYRRUNZFT4ACnM+IRkki7wpubondqbO2vIg==
+a0.nic.sina.		172800	IN	A	65.22.140.33
+a0.nic.sina.		172800	IN	AAAA	2a01:8840:8a:0:0:0:0:33
+a2.nic.sina.		172800	IN	A	65.22.143.33
+a2.nic.sina.		172800	IN	AAAA	2a01:8840:8d:0:0:0:0:33
+b0.nic.sina.		172800	IN	A	65.22.141.33
+b0.nic.sina.		172800	IN	AAAA	2a01:8840:8b:0:0:0:0:33
+c0.nic.sina.		172800	IN	A	65.22.142.33
+c0.nic.sina.		172800	IN	AAAA	2a01:8840:8c:0:0:0:0:33
+singles.		172800	IN	NS	v0n0.nic.singles.
+singles.		172800	IN	NS	v0n1.nic.singles.
+singles.		172800	IN	NS	v0n2.nic.singles.
+singles.		172800	IN	NS	v0n3.nic.singles.
+singles.		172800	IN	NS	v2n0.nic.singles.
+singles.		172800	IN	NS	v2n1.nic.singles.
+singles.		86400	IN	DS	11041 8 2 28F8FD0B9B11A1947D4DD5A1190ABA72A1A1F30B7FD3752E8261DEFBFE17B84B
+singles.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GMOCiP62oyNLeS9lK64gflymTnb6zQpZjHoiJzjOZfHRuUur7OHSKtudhkZ1pyQBA2VIkGHJlMSjcr0jLLTq4xckTavDrmcS3vD1/myAW3L/bi3j7knATAL8En4V32CupnIWJgVzWTanp4MMFUQazy6vdnTxm5m/GYTZ3FYxLJlnvhSmIHC1lqj26/v18FCzSslIEpHdngi1ailcaJ0LAbpzYkfL8hJ6CGKwV/YH5BKsx9xKHktK50kN06/YM5fc9D30+Rc1gR8WjS49Ms6nArZEXYu01s85aYGT1+pLN/zm10ofrrkrXHBzG6clcy94B56G5AkHvQ/HqV87+qwWsw==
+singles.		86400	IN	NSEC	site. NS DS RRSIG NSEC
+singles.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IcQhxan9zQgJSM6QRCqCLqrIt2yASD7QMn9JqLlNhgDiUxGgoLdXfMG9S1ek910/CjVMFuak3Um8rDPS1JG/UsooupN9WuvUDme/r0f7vz/wEc/DZfbgxTvpQwVusPh0nmZeX99zsWBck1F8q8RMExnhIrE/gDEXFJZuK2BGrR9B2tl0J24ycq/5yO+VNckKrcG7nn+PTUMxAC6Qe6EnTJxiJUJX3fao/tm91BvLROdGnDAMsU1xi3R8vBCVI6tqKeMxEHJWKCaK5eOQIp6jLJvHWM9f2P/78CtC+b4q+E6YDls8ORXXoaPjbWS2gHokjkBFhbLqf0+P385unJ4gVw==
+v0n0.nic.singles.	172800	IN	A	65.22.32.57
+v0n0.nic.singles.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:57
+v0n1.nic.singles.	172800	IN	A	65.22.33.57
+v0n1.nic.singles.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:57
+v0n2.nic.singles.	172800	IN	A	65.22.34.57
+v0n2.nic.singles.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:57
+v0n3.nic.singles.	172800	IN	A	161.232.16.57
+v0n3.nic.singles.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:57
+v2n0.nic.singles.	172800	IN	A	65.22.35.57
+v2n0.nic.singles.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:57
+v2n1.nic.singles.	172800	IN	A	161.232.17.57
+v2n1.nic.singles.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:57
+site.			172800	IN	NS	a.nic.site.
+site.			172800	IN	NS	b.nic.site.
+site.			172800	IN	NS	e.nic.site.
+site.			172800	IN	NS	f.nic.site.
+site.			86400	IN	DS	51676 8 1 90DDBEEEB973B0F8719ED763FB6EEDE97C73ABF5
+site.			86400	IN	DS	51676 8 2 883175F6F5C68EA81563B62D1B2B79B6A997D60DC6E20CC70AFD0CD6B7E82F62
+site.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zAoysX23l2cz7mTCkvDAUKuzU4362b5dyZJ12SFm5mpTgNAwcYvj5ikgN6SMfFro6KJOSbBoUJqDMq1gzdSRCNoUJe1CNwH+ekBvtKpRj/3qmIxnTHql/Ig4+fkN5GQAMeoa5aLnbOeSB1H4eDoo9MwoHJqnzgsjOKgWKeEdKslpo1pnDmXiacgZlM3hznahQDgZHjAZxaUP2I945a/uvBxJZYfxdy9DVA7AZiXxxIm+6NTUqfMSefbZt3aBhrNKvtiPRvwPtxPivLNdtr61zbgb/tfDIcwU1ccuTZT/ZlbzVOl8sfUepgsyJhu8cJ9cFI2l9Fon82xPpECE91YCKw==
+site.			86400	IN	NSEC	sj. NS DS RRSIG NSEC
+site.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hwLdyyF780Hfv+hVjV/fywU0jPuvlDVcFomosQ10/TrxAKN10Ct0Qsh3TgZiNlbY8o9eN6qnw0ntEzbMWDdvmgubfvHFY1dI2nQ1ruxDLQBWohQo1mZp8RT9BGu7rWrVMvgKpPSPWf0UZPs74Nt6K6UJwJXT7Y4zKPLW5TXtIJ5YoD1OsnxmoxkxeCG7HjvDcauwFs1/TivXHn0pH5HgYyazHHlRbS5aY8qY0g+jHHZMBanPdUXQuvT7DFeWsdJhOuVKwLNkj4uJVD4ltCHSZdcveHUZl+Kxj2NzXPEHq9/xfNgewtai0S3kvdPZg0QEBTbSbbjeiBtA7kQd13J48g==
+a.nic.site.		172800	IN	A	194.169.218.61
+a.nic.site.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:61
+b.nic.site.		172800	IN	A	185.24.64.61
+b.nic.site.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:61
+e.nic.site.		172800	IN	A	212.18.248.61
+e.nic.site.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:61
+f.nic.site.		172800	IN	A	212.18.249.61
+f.nic.site.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:61
+sj.			172800	IN	NS	x.nic.no.
+sj.			172800	IN	NS	y.nic.no.
+sj.			172800	IN	NS	z.nic.no.
+sj.			172800	IN	NS	nn.uninett.no.
+sj.			172800	IN	NS	nac.no.
+sj.			172800	IN	NS	server.nordu.net.
+sj.			86400	IN	DS	16935 13 2 CCEF4DFBDDB2886951A928B83F52BE462ED1F63553DCADDD433935FC41A218AF
+sj.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JLY1hbq+fMt2eSld0bpTMQ8CBw22JWUMmgWL8PX8+B8ccIu+pAKClMKgoXA9YE7r65Dd7X5vgzsZhsIGzOUtSXLZSei1baUL7OFl8y1PYvilmYngmHUuMGLMU69NSNU/uYKS6lQb92nyuP1JKc6IR8Tph0yp6w1nCHbrnCIQk8AY5wViEDjoptR0r1X3ut5U6cuwTjmgi1hiDh3QmFo1kYkxk/VoNSHGoe/kZbfgPAxf62nfxKthoPeG7MdoRXj/9elcgacG4fZxY33JETODqnNxw/Iz3DdaLSNviX0iPshArn5Z/8Z9YN18+bElxE4rSO3sHUeV/0QDlX/f0PAHjg==
+sj.			86400	IN	NSEC	sk. NS DS RRSIG NSEC
+sj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ynsRC4cENSX1Il0xTV9UfkSw/bLiXyaxMWPEDD/gA1BXDG+RZ5BkCf8c25qRLIBPVDRnV4rX20rBK4bXfZzv/gBw9OgKWgMZMTbXuECM09lI2etRV4zaIE/7cavt3SWMLyvsMRnL8gXYAw98cPcfDoXY81TgI27x8+EsgjIbRO2ZuDgzfNOVPZLb2vcAw5lGEn3BtCVqRG52hbD9Ajh/7V/cvBiqPR7fKMG+tTHQRFITxEdbC+WToCxHRKcsKQTZ8RlU8ykZYiM4jyKkEbd1JlZygq2GGZ452sT7HXw8Bjvxr/2T5KxNq8Bon4KR/PMzwMJNZsmsEwEf3bomtidC9g==
+sk.			172800	IN	NS	a.tld.sk.
+sk.			172800	IN	NS	b.tld.sk.
+sk.			172800	IN	NS	c.tld.sk.
+sk.			172800	IN	NS	e.tld.sk.
+sk.			172800	IN	NS	f.tld.sk.
+sk.			172800	IN	NS	g.tld.sk.
+sk.			172800	IN	NS	h.tld.sk.
+sk.			86400	IN	DS	2324 13 2 3E7E4F60ECCC4AD8F96C654563265C9A4E56B9F1AC998E88E1CF8150FF1A5205
+sk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SClUDU85S9ctFx3O96qal0qw8fca7LUszjlhSYiXibhdd4JTWvYhP+Oq1i/6L2Of3i+39z5Hz/yd72qVT8kq3Kb1l0C3VgDCdTP/hJPHJU2HAdSRx/WYmnecb7CF9Yp+W48JzVbWtxK8lxpy9V8Cwc4EAhPfWJEiUKpbyZ51WQ2NUPfNoK3HKgkFvycroB2pyEj3XHMx4MSMAPH6b8PRNth0oW8rK3QJU9/7U0Es68aR+rNWerRo1U4YkKtTbLG6xEPXdzjh/YYohXf9RwFHHncMAGCICjRoqwIWZ25+Q+542eYJKKy62JpIUMemkHPt0qfMhY3i01quiEDlK/dBig==
+sk.			86400	IN	NSEC	ski. NS DS RRSIG NSEC
+sk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LYhswdNqB64tVtvrY9fKoady2vIa3UnPwT8/zPwt5poxXFvVTgXG0Q/qvRJXcV/dOnr0gPN5g9u+6MtzBnSbDctu0eqgGtPAuHXm9HsiEZ+idMfaVJzywDEYYjGo/MZYzMR1YYc+n65NGm8Q79hHrjT8RReGKFxzKm6xg1vxEsv0v9P5eeQLtQiZ/PDUVfPiqw6PMrg3h0bjlxpuTBtAzngEYrIdoDO9S0tq8vgZFXSKqvtlePp1SvxUeubdnWUHng40leUQfVpWpEIeaYzKUXaJsuvpEVCtrJ/JQmNiBONeEjCtjDfI9xgk09gQRJ4kEWZdEHLFZnknxQc4VLfHLQ==
+a.tld.sk.		172800	IN	A	194.0.45.1
+a.tld.sk.		172800	IN	AAAA	2001:678:70:0:0:0:0:1
+b.tld.sk.		172800	IN	A	84.245.96.1
+b.tld.sk.		172800	IN	AAAA	2001:678:90:0:0:0:0:1
+c.tld.sk.		172800	IN	A	195.12.159.1
+c.tld.sk.		172800	IN	AAAA	2001:678:9c:0:0:0:0:1
+e.tld.sk.		172800	IN	A	194.169.218.16
+e.tld.sk.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:16
+f.tld.sk.		172800	IN	A	185.24.64.16
+f.tld.sk.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:16
+g.tld.sk.		172800	IN	A	212.18.248.16
+g.tld.sk.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:16
+h.tld.sk.		172800	IN	A	212.18.249.16
+h.tld.sk.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:16
+ski.			172800	IN	NS	a0.nic.ski.
+ski.			172800	IN	NS	a2.nic.ski.
+ski.			172800	IN	NS	b0.nic.ski.
+ski.			172800	IN	NS	c0.nic.ski.
+ski.			86400	IN	DS	62489 8 2 D421064A672F86A83A4C7FE005CE8CD164FFFDFAB3E64415498C3413BA46FE10
+ski.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gL+cE1zoQFINW+fiiFPeTYtMtQ44fxxOaQT+DeMNyJADrsa08BNwV+NVG0U4ZAdwE0qoECmH0H0SMMbPnCLmLCauAA6ZvZ19U0/xjxr7j/Y+gY5vfnWZRkv7ywxbumYQsJTkMwbLzxyd9Q/5G72A42RivozRIbnbBx9AtuWQPWLIK27ZSSvh32EP2gMc4sEFMoIFAqOr6NhLrO03L25Pcd/udLmtE2JPr/gd87qu30EVOakjZttaMecZbFyKVv0oAvCpVqbT/gATs9U3in7MJc0qG/p2ZpTa8SOLWSmbhIAOTDE8PkfiZ8ee/uCqOSQie7O8pd7vwMRc7utFDheyIQ==
+ski.			86400	IN	NSEC	skin. NS DS RRSIG NSEC
+ski.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . viIt4Z7FFg8+krqv93gGnFRbv2I60Tv26D7jY/EmXaZZZn0zSWgE5wSf2tbsb703119JTCRDEXdzdj3WupxakScuAfSbZnNO4AeA8v4OKIdU9fLqEHKsttZzGAzcesZhqCff6TP7P/V/theif8xFDYCJYS/wXh6WHI5PWspVocJU4bxF26Bgx4cChHv+lK8mytI3M+FD5iUxWWV40cYhZYah1pXa3pQrgt6MUsRNCzfUkB52sT9yT39/QdqnlBwgSMbAmi5FyEKKIw8joZigQpTbfUNEUkI0cQ+KRBAh0PZVkj5mQVqAil9R1mDKWQfNjYbEsCHj4SvBzxuCdp21zg==
+a0.nic.ski.		172800	IN	A	65.22.84.17
+a0.nic.ski.		172800	IN	AAAA	2a01:8840:52:0:0:0:0:17
+a2.nic.ski.		172800	IN	A	65.22.87.17
+a2.nic.ski.		172800	IN	AAAA	2a01:8840:55:0:0:0:0:17
+b0.nic.ski.		172800	IN	A	65.22.85.17
+b0.nic.ski.		172800	IN	AAAA	2a01:8840:53:0:0:0:0:17
+c0.nic.ski.		172800	IN	A	65.22.86.17
+c0.nic.ski.		172800	IN	AAAA	2a01:8840:54:0:0:0:0:17
+skin.			172800	IN	NS	a.nic.skin.
+skin.			172800	IN	NS	b.nic.skin.
+skin.			172800	IN	NS	c.nic.skin.
+skin.			172800	IN	NS	d.nic.skin.
+skin.			86400	IN	DS	8175 8 2 5B2D4845730F45F86F38D3FD6271B5E212BDE653A75FE7A3BCA1267E0429D386
+skin.			86400	IN	DS	24104 8 2 3EAEBED2323950252487A9E9F953157A1BBE8B0B7D82906FCD2816C623778B0A
+skin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Mps4jDLKP1knVuznunHhOQqknEoIqtoiy1VHSIooqNIAhwWq26tCMP8pSp5AX5A2AMcyWs9WgGPBp8Tnlg7z1ckb1l0Bk37Y/1kmSH+jTv4BHr/JqEWYU639my17iHqdWEHPhLhKSP2FjD50l6TJUF6JJpwRjK+jeFXHEmoyjg48SvPRTKS61lv+FkX/aJUF2+iAx4fd4Xodo7wxwEzzPQwCbwMlNuqbOJXCl8jMn4RWZmH4yh6LA7qvCLOrC5BRgbnQcIlHNoMkR/UaQRISwTtKgEQ7lOyAuUHiHUfN7QKeABOOQGtotgwdR995rv1a18LNfae51fKnIgltj/RpUg==
+skin.			86400	IN	NSEC	sky. NS DS RRSIG NSEC
+skin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EsFN59s2+EUD6/deBP68nlU3C4lFmb1a8gxOzlCw7H5cmMHkApUFkKLzVSYeqJqi64xwWDxncrV/0I2C90kQ8NDolHkiaFyEBsSTHVLlfQaGDaHWty0JPgBMZvSmuc7kI9jdN8nrNI53UE6cg8wtTLDyiXF9FWc7isuG9gEkga1dWjeeEwQ/G6VH1BOKlB2Hs9U9waRoET0ZMV+vhWL4zdbUBqRlvMl9XlPRwavUmmqlPYUWiOTI7el57o9g4m+Utn0Zjt/H69TAmVp4IJdSzDIUFI5D0CKFTT3TqVqt83gP03dsMb5Mb8KhuJVd2JU0gk+hAelP96YEbkzknnUkFQ==
+a.nic.skin.		172800	IN	A	194.169.218.118
+a.nic.skin.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:118
+b.nic.skin.		172800	IN	A	185.24.64.118
+b.nic.skin.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:118
+c.nic.skin.		172800	IN	A	212.18.248.118
+c.nic.skin.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:118
+d.nic.skin.		172800	IN	A	212.18.249.118
+d.nic.skin.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:118
+sky.			172800	IN	NS	dns1.nic.sky.
+sky.			172800	IN	NS	dns2.nic.sky.
+sky.			172800	IN	NS	dns3.nic.sky.
+sky.			172800	IN	NS	dns4.nic.sky.
+sky.			172800	IN	NS	dnsa.nic.sky.
+sky.			172800	IN	NS	dnsb.nic.sky.
+sky.			172800	IN	NS	dnsc.nic.sky.
+sky.			172800	IN	NS	dnsd.nic.sky.
+sky.			86400	IN	DS	27464 8 2 2C593B75DECD94E47A5DBC8E20400DAFA9F6ADC46F5EE033DE4F07BFD9A83904
+sky.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . heXWLYM8nmQSmgt6VTmhjBMJ5wyjdkdz7TsaLEnIJMBPhbheLquXNkS53qBta86PDQyCAgxZc1xcOWqEjcY1RzZUVW2+PSvQqUijsO02arvHHK2fA2GhXTxwRfULs8QMokzGyjlxcycvWA1C+bKeXOFcBjzfzlFFvLOw/ogEpA/ZHrWF0lLKkZ1zgE3T+rZzxODBJe2DrI+TtdLA90pnBvB0G62CsZcVwAcaxNCkih+aky/GWqwc+CK4jrWcNYzYu92PxdvbF4RLTwY/cECv/R6JHdH4zRphjZGWaiWBwEODqeFXf63XNBzOF/HoXilOkW6pEYfRGam+qZM5Ue5apA==
+sky.			86400	IN	NSEC	skype. NS DS RRSIG NSEC
+sky.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0qeyXO0GC+4/L8Z48Qw6rO6udJM7Bx2V8NI2PrS94YZlo8YcFnd19GpdDrNr1PBaIzzdouNpddgfB1hPB8X7eUDqKKiikL+JPxdmvOtbKxvClQO5NBYIM6BejTcGkpJ/SqBQTZ6Z7Ou31SgxgWgqC0GyMyoQ0dgMEbF1F1QZWm8dNUzsMC2tTCDFNs0PdKInjJE+WanjOqKmAPUSeklL5CNO5Mg3Rg8Zqdf9EkFkwFlffE4TVXuZROiEEcaTK6fjV6PvJPdly5r/wLFlFFjJ3voFHUcm1QL8sT3/EJZawdNx0X9VinuJ+iJ6YfvjkqbpCAxSf81yNcVoKL6+V/rNkQ==
+dns1.nic.sky.		172800	IN	A	213.248.219.127
+dns1.nic.sky.		172800	IN	AAAA	2a01:618:403:0:0:0:0:127
+dns2.nic.sky.		172800	IN	A	103.49.83.127
+dns2.nic.sky.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:127
+dns3.nic.sky.		172800	IN	A	213.248.223.127
+dns3.nic.sky.		172800	IN	AAAA	2a01:618:407:0:0:0:0:127
+dns4.nic.sky.		172800	IN	A	43.230.51.127
+dns4.nic.sky.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:127
+dnsa.nic.sky.		172800	IN	A	156.154.100.3
+dnsa.nic.sky.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.sky.		172800	IN	A	156.154.101.3
+dnsb.nic.sky.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.sky.		172800	IN	A	156.154.102.3
+dnsc.nic.sky.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.sky.		172800	IN	A	156.154.103.3
+dnsd.nic.sky.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+skype.			172800	IN	NS	a.nic.skype.
+skype.			172800	IN	NS	b.nic.skype.
+skype.			172800	IN	NS	c.nic.skype.
+skype.			172800	IN	NS	ns1.dns.nic.skype.
+skype.			172800	IN	NS	ns2.dns.nic.skype.
+skype.			172800	IN	NS	ns3.dns.nic.skype.
+skype.			86400	IN	DS	4519 8 2 FD50ADCD586D68B58AD4081BFA7566E3E438F0CBE991CEED726AD4485B62D97B
+skype.			86400	IN	DS	56554 8 2 FFA94DC331D59FBE4B7B2E51871B8CEEEC8CE9BAA00EFB2A9553F09F84804E6A
+skype.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ra1ugp67PVbjcUEFtE77oesEpxKpeCWqEmF1Yg/spW2HZhXUK24u4/ZUQWWNPvW9g0jH0OvBkgrPPF4KpJqYuj7oRbWBYPQ7yEqqGRmJgt0EqFxffogmlr7lx99IwybCNZyTg9V4PD3PMQvl0pRFs9TkSDy6SCnub7tXEjcQqj2QioOLUQRzkZQxqIeNjtBVJ6g9jxQnSYSv46sIEn/jsI6MYT2dmC7+/MHDxI3CJ3mqV6IMJ76RCJwJh70PINZ376pfcw3jzStGG9hl8AfLGKaSP+xmv5zbDgCu9XPEpimiFjaWM2RDyq5pldjh1ilbHo032z2JY0KmXqxGe7ojbQ==
+skype.			86400	IN	NSEC	sl. NS DS RRSIG NSEC
+skype.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZjHXcApRinlA3ufTnlWMPJBUwG0ORrYXkIW5nEDrhpzInu2A2bj2Q0bhlWTOKdZfjqeAWqbbJf3RJC8CrgFgcbwlI2QT6uFI9vFNnsyx3ONqilA2QBYK1lr0MqTvCT1v/8tXaPIPwFXSDI+teJvV5PQoh1SlA/4LTfqCoN/tYOmGpHP2HFxFBgfzLrKV+/tIVUufbuzdRuISDSJAq7WSJHyIoeELJ7UTDhNuDqPBZrybkKT+q9Lx43EBEe4y4XwHIp8Ufk88i7RN1MNxl7bGbeJTFGqV4WQG8s5zACeoFlo5SBzS8Ta6LBE30X3myNC4elTqRbxGikFKP3dDSWVHWQ==
+a.nic.skype.		172800	IN	A	37.209.192.9
+a.nic.skype.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.skype.		172800	IN	A	37.209.194.9
+b.nic.skype.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.skype.		172800	IN	A	37.209.196.9
+c.nic.skype.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.skype.	172800	IN	A	156.154.144.151
+ns1.dns.nic.skype.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:97
+ns2.dns.nic.skype.	172800	IN	A	156.154.145.151
+ns2.dns.nic.skype.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:97
+ns3.dns.nic.skype.	172800	IN	A	156.154.159.151
+ns3.dns.nic.skype.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:97
+sl.			172800	IN	NS	ns1.neoip.com.
+sl.			172800	IN	NS	ns2.neoip.com.
+sl.			86400	IN	NSEC	sling. NS RRSIG NSEC
+sl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nUdTVw0ZsikXKlN5vnPANGVU+UbGsFqUPOBvS2O3wgLeauqc/g2Mez05P8LGld+Rp6tYKqcs5tYrw2Rn4bUsKmZT/XEGXAy3GQgmqasjD2bRL4qCQ58/z/gupDNVVTKk0UVTAN6G+LBRqZ/027oDiJBJdLn1P/d/y9q86xKyNy1htdxfhn/nMQKMbU1zvExeYyKg4qV3L/kVM5jD+re6wnD1tp9pbfya22RMaThvI6UBeWULbwtZXBvkiW6rAEn9jGGt4ZABFvXX7s1dUbQWWIX3XURpdl6T9KI9xiJSWMAcUcpBiKZ93SaaJ38awW87q9Y8am4Pex1RAqtIqgjN/A==
+sling.			172800	IN	NS	a0.nic.sling.
+sling.			172800	IN	NS	a2.nic.sling.
+sling.			172800	IN	NS	b0.nic.sling.
+sling.			172800	IN	NS	c0.nic.sling.
+sling.			86400	IN	DS	46550 8 2 FC817BC7BCC7EDCC930CF73483FDE9A88386E85674D7CF438E36ED5D00CDF74F
+sling.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t6DFwVap/4z4O79FF6rM/VtVrGMo+iGWfz2MKOLQ9MWa96C9juCN/JEoDaSLdRs88+99Tx3A9beKWqu9RtEhe1CFJHXIWGvixpwkYO6+8+eWEXOB7PSZl7GwOIK2veW8Ju5GO/ex2qEl3DiWmYhK0Hccv1Fq0rgSa8QEh/+vHQ76F4780per0sHhgtQp6qKq8whbBNYjYCUm5kHY3Z1fxRJzjuiUDRagIoX+aF3t0NyQsq/Q2AKCRGlJLThGQyyJawdbC8PpR9dytv42nnQ7CA6fZWwXZbKDOQShxCYLIDtK0GBG3W2EA1XUT7cG9cr2sf9Z6ydtzISeOb84qNs14w==
+sling.			86400	IN	NSEC	sm. NS DS RRSIG NSEC
+sling.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OF6KCh1rVKBW7FxReWMt6CKo5xWuGEhI0QeIprWvXCyDRtQtAx3ofJ3Sm6j8RhY8i3d7UgPCcrhrtjs7QyRA8OYxF7kLz8T35iumsrpiJVQlEc9mWBEomqlEvE1e1anJxN9VWse2hRmFzefubykrmsG0c7Vf+SbnZeun9QLcROw/ajwFiSqXnOUJQufm7PGTWNg/JltF6AeIs1f5F58hOWMKxNRhjfdlSLziYvkLPrjvdGU16rBhgI2sTIVZ4oxnCxXozmWbYzmtrqrR0wwnieOAzFWZws5d1jlv+qzM6UWNfig4f3DVLVy1MJhEMAifQTbt4tuR0kaHRw1cU5pMbg==
+a0.nic.sling.		172800	IN	A	65.22.108.9
+a0.nic.sling.		172800	IN	AAAA	2a01:8840:6a:0:0:0:0:9
+a2.nic.sling.		172800	IN	A	65.22.111.9
+a2.nic.sling.		172800	IN	AAAA	2a01:8840:6d:0:0:0:0:9
+b0.nic.sling.		172800	IN	A	65.22.109.9
+b0.nic.sling.		172800	IN	AAAA	2a01:8840:6b:0:0:0:0:9
+c0.nic.sling.		172800	IN	A	65.22.110.9
+c0.nic.sling.		172800	IN	AAAA	2a01:8840:6c:0:0:0:0:9
+sm.			172800	IN	NS	sm.cctld.authdns.ripe.net.
+sm.			172800	IN	NS	dns.omniway.sm.
+sm.			172800	IN	NS	dns.intelcom.sm.
+sm.			172800	IN	NS	ns3.telecomitalia.sm.
+sm.			86400	IN	NSEC	smart. NS RRSIG NSEC
+sm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ef3c6fRBUK8oGJtRoL3afM2L8omDtkDogDBEIN4Azq7rVYoRdad00VfEzziuIIbxVDxkbI15sYnlNOHlcCUCTDwx30KQ+vmYNLxGegntU9HSEQFfJi4yjKgoxixHIAp6kHCyNdRHLYqnO+w8O30GzIT9xMFWPGBDRDqZkV97wGCs0MutO8vemD7wjjBDupJaYq8/X0wlBMgAVnEU/W14VFLuRACYMIOisEGLTQTwWF0zxfWnjSHH9mkwmn3eZwQ5u0AStl9kHPcLhOsj42CNFVpQb/DdjPgoB0E3xgCwsYnDKCVQpmUUne70+UjphNkYp7+lgzPcxRbbImuINeCUkQ==
+dns.intelcom.sm.	172800	IN	A	194.183.64.11
+dns.omniway.sm.		172800	IN	A	194.183.64.10
+ns3.telecomitalia.sm.	172800	IN	A	194.0.27.12
+ns3.telecomitalia.sm.	172800	IN	AAAA	2001:678:28:0:c2:b7:40:12
+smart.			172800	IN	NS	a.nic.smart.
+smart.			172800	IN	NS	b.nic.smart.
+smart.			172800	IN	NS	c.nic.smart.
+smart.			172800	IN	NS	d.nic.smart.
+smart.			86400	IN	DS	10241 8 2 1FC272FD0BB0D9AE922348C5C63F401A9E1FBA71C8CB452AF5DF5E4E005237CF
+smart.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . im5h7z7mE1HIWdFntcpVB77i+dt03ryS0MwPXtda8m1sHzvBlWPWRfTOCoCLGc/Dk0dMW0LGqQfULPidb8Gw5IVaag4yg5y/KP4okp2VxeDLav7y1O80NkhkogHSCJMR50fJlINMut6w9vBcinCf5O+RUW+DxJO/TfSRmCXXuq9Xurw4t7meJ+KWiEAXNwnlFFATuJGBV0dh5GGLvLO1e+VCL0KwwDAv7m8sUAl2jaw9J+L7YaudqJTxaRvBhRFJmuumtV9ld2XKCMGWrOn/nplPyZAcgjwSVs3UHCznMFxla4CS0fAakHJCGtXEKzZ7x6grLsqn5w/eLjqNgUB0HA==
+smart.			86400	IN	NSEC	smile. NS DS RRSIG NSEC
+smart.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NBuOZ2KnA+tgRiv2AA+GuMAJTPzaVNg/dMjLZxH6qtvmc/Q/cpaNA74sGINrm5dfX4EzLx+d2iK4ub4YU8tIMZHTkjZTTelRAd51qHSZ9qFwZFEB+t7zyYqjBoksTSvdo9yJCpI5+qIpI4AZXnS77UU5kzBxFOdLY49jolcOcFRtiPG2b5l7c7KnLIzb4k6v4BPyUjK1gPC/qRC+Ln3j9AImVhp+o6p3j/jFiewID6kenNdbm1CYEj8ZEmhd0PIzQ8mK1pWU875jnEWKGj8R2FaK/GATkUgAagC9PGQlfIss7VTeUN6jaxQv63fOBwu+fEvs+FaMTnC56Vc2oH4puQ==
+a.nic.smart.		172800	IN	A	194.169.218.70
+a.nic.smart.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:70
+b.nic.smart.		172800	IN	A	185.24.64.70
+b.nic.smart.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:70
+c.nic.smart.		172800	IN	A	212.18.248.70
+c.nic.smart.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:70
+d.nic.smart.		172800	IN	A	212.18.249.70
+d.nic.smart.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:70
+smile.			172800	IN	NS	dns1.nic.smile.
+smile.			172800	IN	NS	dns2.nic.smile.
+smile.			172800	IN	NS	dns3.nic.smile.
+smile.			172800	IN	NS	dns4.nic.smile.
+smile.			172800	IN	NS	dnsa.nic.smile.
+smile.			172800	IN	NS	dnsb.nic.smile.
+smile.			172800	IN	NS	dnsc.nic.smile.
+smile.			172800	IN	NS	dnsd.nic.smile.
+smile.			86400	IN	DS	34961 8 2 BE86EE1B42B863C89283BF8EB0B013D6C16DB2B0702A3C28299EB318540FBEAA
+smile.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HQXCKd5BXNQPmsSTJJeUTskkYPsPUA+2EEcruGReq+aFh+UaSQlssn3ocNAjqluAEZ6GG1bb4N+xMql08D+7f59xpvr4uFgGk/qK5SOyY8oQtN8L950JJpo9+OfNuV90aMVdkPjbTG0zimZ8WmTCQeCOolbdsXU20OsrGdtL/jJgf7bfHzThnX8dp/8sZLhOO674QQ8HtQSuGEIZq0a9JQcgkB9CD6lCWgn3Yfw3Ap2Bb53O6IbnusTFUKptQsp4X3zg4iNs9/GSYPVJbZLfewWk1BU2NNhbba+r35MimbmR3IQHm821rj4lQVK+zQeSbywCbeseRsm2zV7f5Q+NcQ==
+smile.			86400	IN	NSEC	sn. NS DS RRSIG NSEC
+smile.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EfKSmKsox2s4hHJV6PswCaebI7A36tz9omNXQlOzpaXfA4VyQUjgK4iuMpXz+0ZNjSOSrS/Epk0s6LGjEET3za9H1kQEgVxUr3ZzxPgcEeq7T7yku0iKrmUEWXmUv4xgK836rpDyHBB9xt1Fd4uXDCKIMYDKR8VdQLY+Sxq/MjmAPK8YA0f87lIfNkGZVsq1Q7X5yHYHGz+9CRGiqX0PWdWuERxgJNXnQ77KUNC2vaBTtgp1++thoJAqrMpcunGht9mnkvgfMxzzt11YLBfpuK9b4LMca0MKf7pOxX7qRd3y9KsAbwX9/VmDD7cozVG1foqHCY75LEsodrFunH+kmw==
+dns1.nic.smile.		172800	IN	A	213.248.218.81
+dns1.nic.smile.		172800	IN	AAAA	2a01:618:402:0:0:0:0:81
+dns2.nic.smile.		172800	IN	A	103.49.82.81
+dns2.nic.smile.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:81
+dns3.nic.smile.		172800	IN	A	213.248.222.81
+dns3.nic.smile.		172800	IN	AAAA	2a01:618:406:0:0:0:0:81
+dns4.nic.smile.		172800	IN	A	43.230.50.81
+dns4.nic.smile.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:81
+dnsa.nic.smile.		172800	IN	A	156.154.100.3
+dnsa.nic.smile.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.smile.		172800	IN	A	156.154.101.3
+dnsb.nic.smile.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.smile.		172800	IN	A	156.154.102.3
+dnsc.nic.smile.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.smile.		172800	IN	A	156.154.103.3
+dnsd.nic.smile.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+sn.			172800	IN	NS	ns.ucad.sn.
+sn.			172800	IN	NS	sn.cctld.authdns.ripe.net.
+sn.			172800	IN	NS	ns1.sonatel.sn.
+sn.			172800	IN	NS	ns-sn.nic.fr.
+sn.			172800	IN	NS	dns-tld.ird.fr.
+sn.			86400	IN	DS	36827 13 2 992ED3A8CD111420E26FD9A8B8885C3BEAFA13507EB0606449AEA1DADC21B25F
+sn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DjbyVA/ErZYTXGuk58j6Zg3eJtHmRpTFsBGkqeET9RMmG5EYFSmk0Wz90gAuocHsFu/efec2VS8GMSCjmBNH9HJ6jLhJuZoA0HG07xDSDyUxetoDNqQpLXUsqrHeSeGgrfsMBrYQNSYmC8QtmkQUxIneHmnUTi6OCB4G1Z3HL+/iGQwnwCMqLF3MK4bZ3b6cnWT/BWDRUGxoxlw4Q5dpWMvYF8nDnG7S1aZC9/bgchwlVXx+ir8ATDI6BOY35LuhsHmhCI1Lk/E5b/Zi4H2YmGksM6DL3NxhlDFqfmeP32BgEAhzRCgydALIYS/lUKMI7EdufWVt3JDDOGXjeAKVFA==
+sn.			86400	IN	NSEC	sncf. NS DS RRSIG NSEC
+sn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lXkuaq8WYQgVdSQLzekLfIjLjWEdWYOUl4w3Nmsd5IMQ+idXpCe4SICaHNLLSSXfm2zgUHyRKHDLA+Xbvd4eSgjlfaIBYo+ePPD2qkDvhtChDOdmSRaYp48LXtMbSm0aIchasz+f9nc7cjhtX4SlvY4ROqID+X1nhhMpSxcahLW613MfRXJuZdMhbHN1eIvoagoq75hkCFfRS3WF4/imrr4ZS2cEx5mKzuLA/UWZ65/vkj7yfQEUx8Z7Ze9Q+m+ogOPSpbnV1HiH6D0ff5U5xpdLajx/kOSMokPhTVPCEH45lZcwvA8YafRyHA+sHja7GFfcKVAq9/lqYTJfk0wn+A==
+ns1.sonatel.sn.		172800	IN	A	213.154.64.11
+ns.ucad.sn.		172800	IN	A	196.1.95.1
+sncf.			172800	IN	NS	d.nic.fr.
+sncf.			172800	IN	NS	f.ext.nic.fr.
+sncf.			172800	IN	NS	g.ext.nic.fr.
+sncf.			86400	IN	DS	42021 13 2 76868912D2C9AC062CC7B403AD3F32DAFFEB37CF4C220BF74E196FB75F7C861C
+sncf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . a55L2mjOMETjhQvNQ74p2HdQNB6dB4F5/gsVgJFqUtGY6tQBRparD7330r175RU0ECtcXO8szADPwDJz0yDFM9b5ef9phAT+yHkomWS9H8Mgb7nX5e/H2T4BmbmU1EixHBrFb4h9snDXp0fxDn3zCUMv/eaSzJzQllxa62Q4SfK6aVICL+5KNOTHU2jPaKzOV/chRiaYPCC4UJmkjcrsqod6WTUxRmRAv0JvV4OE++yHAZAGLBXBsUNa1pXMXMvHnNwj830e4FNMp7GMUEHiYpvklvarpk+D2E+rZ5KtTVjyeLyee98EbbaFawdswC+qI55qfikd/RvonJGllaORug==
+sncf.			86400	IN	NSEC	so. NS DS RRSIG NSEC
+sncf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qbV+EgYZn6H1Cd10mQ0lOMU3x3CG2KZkomFefjLaH7dvhmvjLUPJVmBRIAH4HlLbXA4BodLor1fR/BogkmFsxZs91RyXWYBeA9OEQdzqANe1PtstR1TJwsmmKj8S4SnupiJIr4RivZa6eTEBSotcJOHzRNBuZUANDPfnni9drXXL5cWqdb/0LEgqnohBTQofnHGqIzmsXIKCycQn6QoEbRx52SWFcA6zai6iLTM9F9AhvVqx6oGR2SzRpeTa/jPkpd0THEvyeOybyEZSzcgRc9qRK1x5DVzP60Jp2CJhIY1tK1NfFG0wypVitezzdVDJKmEYlmSH46BwE9G6oOG7DA==
+so.			172800	IN	NS	d.nic.so.
+so.			172800	IN	NS	e.nic.so.
+so.			86400	IN	NSEC	soccer. NS RRSIG NSEC
+so.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TeBmQJtLfCMYLvK72yIszAjFyZ2B3tF9SeSXEjPBFuBq0K9hLVXWWDdbffEc0u63LpQzhupPcC+2yO3FBkW2WRbkVKBJREmJzCwAeUYf1c/Gbz/5dPndZ0XI4xUhCmZM4MhLo/t3uREfx3s/3sw9J8hisji02PkTvoorGJTOQIeDLLX7GLDGOn+XGGKgYFVP/U17aQ84w/eRwQ6mklXelDhV83xz0C7bWV2VJCUeq3D5nNK5VMaywHfrCIWwun6eM9NawJldYrRcCXMLR+LfZL9Wu5ByWIv2VwV7Fky7hT9BS8oxCPCqwjV6wqBU5oZs/KFrpjhEqa+5Kt7I4BrF3A==
+d.nic.so.		172800	IN	A	196.216.168.54
+d.nic.so.		172800	IN	AAAA	2001:43f8:120:0:0:0:0:54
+e.nic.so.		172800	IN	A	204.61.216.101
+e.nic.so.		172800	IN	AAAA	2001:500:14:6101:ad:0:0:1
+soccer.			172800	IN	NS	v0n0.nic.soccer.
+soccer.			172800	IN	NS	v0n1.nic.soccer.
+soccer.			172800	IN	NS	v0n2.nic.soccer.
+soccer.			172800	IN	NS	v0n3.nic.soccer.
+soccer.			172800	IN	NS	v2n0.nic.soccer.
+soccer.			172800	IN	NS	v2n1.nic.soccer.
+soccer.			86400	IN	DS	28159 8 2 88EF6E5B2AAE60CCCF9F9585D03F0F2BFF9A57C613CF3EDCF01E34734886F0D3
+soccer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cMQaECuJUL0hEC59JJzDJwzU/sXduIxnJ4SU08OrYdxh2A0zB93SkYGO05E5Cp7THxTe5PYr7vor2ogFXVnYTOsfatTiEpsEqQvg2kff8cHPbk3/vXT+ArUptGNw644abEyZFNtLbvKOPa1rxJYIl5F8559iSw0fQ60me8wcFKprHOdmUqEeuNp6TsWOTt+XgCDrabesxgSaiPx59v436epBtJyuvV3ffoiSnPx4opg8VFzRKS+zM1uXmvMaoIH2KQN+YYY+GG9Tqv7sxHpOSsU5OF/pp4/AkGO5FwTauDiV0NNviGpJ/OB+J5DjSxKKWEZJYUW8lQOreCksfubu9Q==
+soccer.			86400	IN	NSEC	social. NS DS RRSIG NSEC
+soccer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rNjh3cRU6JxZPT7ctdH2DF+3hsRH2ygqQscN1RKpDPEPPe6pPzXZz5+AA7fhLEjV9HY71F1qFHb09Oxojyl9h41NRwVJ50AL3R7UVCr+N3d1iaFDXNHfmV4LnpVcGW1aTliEDtbwsRVTQj2dpS7nm5EaBCR9sfLcKc5uGsEH5TI3UiRSUocxSKIldYXq+U8TWMh4zHSjTcV9Q0ZDli0uznnAs8mhLTJ/7bV+3ttcEC8wZsC0e8S4vPzrb8gF2GLQyNTOumJbJdiHHzh2zAKQMiX9zr+WwiK5IOtbCgsZNxfbaAaCjkj0zlYbV2Br5SA9kSXlW7Ygh7VecWEgfH08bw==
+v0n0.nic.soccer.	172800	IN	A	65.22.32.58
+v0n0.nic.soccer.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:58
+v0n1.nic.soccer.	172800	IN	A	65.22.33.58
+v0n1.nic.soccer.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:58
+v0n2.nic.soccer.	172800	IN	A	65.22.34.58
+v0n2.nic.soccer.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:58
+v0n3.nic.soccer.	172800	IN	A	161.232.16.58
+v0n3.nic.soccer.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:58
+v2n0.nic.soccer.	172800	IN	A	65.22.35.58
+v2n0.nic.soccer.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:58
+v2n1.nic.soccer.	172800	IN	A	161.232.17.58
+v2n1.nic.soccer.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:58
+social.			172800	IN	NS	v0n0.nic.social.
+social.			172800	IN	NS	v0n1.nic.social.
+social.			172800	IN	NS	v0n2.nic.social.
+social.			172800	IN	NS	v0n3.nic.social.
+social.			172800	IN	NS	v2n0.nic.social.
+social.			172800	IN	NS	v2n1.nic.social.
+social.			86400	IN	DS	40816 8 2 683895EDF086360B6BC8F2E6674BFE94735DF6F88A6EFEFF850B905595383AF8
+social.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JaLpniG0V9PiC/x4/4J6MITbi86sgW75OkL4zAX5PqELb5rl0TbzEizxzosCNdBQswMrFVodA6YlmBWwfjNRKd3iF/XIoUUTWgIzNXtIks5UdxoltlTyTsyKg4wLPPle7WaLFCok5lsQa8a1FyL0Qxe7sUnSETG7Wp/0hxckDIXb7jdp8cqXUfa+iP941cxaQ9B0TUaJ/AXeptS6P/lbTsEuvjkrKsDUcWhMoZnvc2ODZzrfJRP7qpTxPPs/pBjM7Z+nuL+M5l7NP8M0x8T3P+BQLxQJC3f5UA7oqKes2tQfdgEhxi5wPrsw18Nrn4IavdPp8cDXRqlJwXQTQIrutg==
+social.			86400	IN	NSEC	softbank. NS DS RRSIG NSEC
+social.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LgrQhI+5uziw7N5H+BdzzeAKi3IL1uEIF4ufKVpmY1SLgGSkuUWcMyLBxtrXmT0M0SveUk0zWjOcwe2Ts1pCFoLOmdfOqVTwJabQuUdrTV+iFqj1fWdeRNEk1NBxLDJVWESLXU1na+5ejhyFNvXw7b4P9EXEiq2wJEzRhUixKTUeBDTPZHWiNOUwXwX9BQuyAsJjMFjlBBWqQkVg7sOtdv8kUwKySzf31HqcswLir82+Xfxi5wiMEreT7Tkl5TzmbkjYuvlMAJ5YbZdryyBF+n3ZWyZ5j9g/vy+lr4giUDO3h7v1s69GpLtb/B2jJPjHw4O8URqcAi6+5WOyDqDyZA==
+v0n0.nic.social.	172800	IN	A	65.22.20.41
+v0n0.nic.social.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:41
+v0n1.nic.social.	172800	IN	A	65.22.21.41
+v0n1.nic.social.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:41
+v0n2.nic.social.	172800	IN	A	65.22.22.41
+v0n2.nic.social.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:41
+v0n3.nic.social.	172800	IN	A	161.232.10.41
+v0n3.nic.social.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:41
+v2n0.nic.social.	172800	IN	A	65.22.23.41
+v2n0.nic.social.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:41
+v2n1.nic.social.	172800	IN	A	161.232.11.41
+v2n1.nic.social.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:41
+softbank.		172800	IN	NS	a.gmoregistry.net.
+softbank.		172800	IN	NS	b.gmoregistry.net.
+softbank.		172800	IN	NS	k.gmoregistry.net.
+softbank.		172800	IN	NS	l.gmoregistry.net.
+softbank.		86400	IN	DS	34384 8 2 7A7CDE44C2C68CE4D0440E7F9F01A1A0358EDE57A9E007AE01FF94CB0506513A
+softbank.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ST8VNAyzajhVivIMQvPEFiDY2/Xvv9NKhUhJ/LWERRKMsDyZEkKSMqwEfSPo9QQWboqhXIfovEZzMvRhAO5k+ZMJK21OLJC8GnaFwH4+jqKED/rxWKjJXpuMHUhLdURrHgpdXjao+p6HIdXjy+b3rLHjyb5+vp0utOgcJQfneRd87taT9S728R1DqF7zYPSw9r+MDOSAl0Ps210H0sw9PuLTCIa+WnmmSfcl+11I/46qvmKIhHgCBRKqY4TQPDyVSfJnP7WIlspd2Y3PocDF4BTExr6aeygocg8KG6Xzp5Mf5qlRL9y2jRt4j88CRIM3z/YFyABAD/m/ouGYJlquOQ==
+softbank.		86400	IN	NSEC	software. NS DS RRSIG NSEC
+softbank.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dV16tcNnliLA18E5NEOWjs7t8HTiKL60OgkJtCRCcpk2pjaFzunRW/kAqfqXT55faAHGYruA9/PMX4jz4lb3PgIwzAkN1C5iePOF6ERDil9zb4G4s1s8lXXdPXUbzJL00sL4K/ORN/BF2yJOCixvXdTwDpIUgcmCFM26W5Yz0Y6xjNXq4jdU6Ec/GeOcNbRX4y+mkw+YpyHYSk1xdDVEM0A8AgUPiUQSYPLonUgMmjpQ5gJI33QDhM8bPB+edp+bzUN5owGYrI91/3IMviYyxKw8VxWBgoFJEhHLTI5z+ncyxkwuNJLU6D93G4I1oPqUSYwoSPpNiBjtn1SbzlcSdA==
+software.		172800	IN	NS	v0n0.nic.software.
+software.		172800	IN	NS	v0n1.nic.software.
+software.		172800	IN	NS	v0n2.nic.software.
+software.		172800	IN	NS	v0n3.nic.software.
+software.		172800	IN	NS	v2n0.nic.software.
+software.		172800	IN	NS	v2n1.nic.software.
+software.		86400	IN	DS	13531 8 2 ADBC7A3C20E6F0B685C47BFA610899B783DC463921F47BC231A6E29147E80902
+software.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yGmSiyyffuDsKt48xtRti45Ocb5CIJNfgauCJ4kvQTGMe9FR39a3+3Q6MAkb9D25qmMBWeBUyzw8cd/lW3SFJz9TZeZkJak+1qvtFwe+ISKjCA2bXrcRwBFNoQ+/YFVQ1vaoitCWhMr15ghukzwKJH4GBlvgFer4Fs0YvZI/nmU6Cjci36sEdZ/4tcHcShs1mrnTmT7bRo/h2yn9GHD+cdilc3Qs2RLs/LekIsaL/ForhOUn1oKz/dacTzgfq7DJWCMFNf9Q6gaypJWq+9Z4TLXc0pvmK8IHsPeyYl+vNCWcn50xXB4QnHUFWMa/bjliN7i37lBe5e12xYr5wmdnqg==
+software.		86400	IN	NSEC	sohu. NS DS RRSIG NSEC
+software.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . I6uDOaUtCVCKO0W5Yts7f7CZkRkUkn5+L1nydUFqrC3gGD6si0lbLKXpmISHut2ir9PWAY5wTLjscmQSlWXFOHRzqwev5YJYWemHPEeZF1xON0VV+GrJ9HkJEiRjlaVa2vWr1cOAntSYB9kFRAr1Sog7m6TDVpSVnZJ9q6pyqYZY45HdUkC1mldlkwX2i8o0LZWFd0KzsngEJ9yKurEFr8DWmYXc6AZl1hsKt5TG4d5sUtG+CB0rIV4xc4VjflR6WhAz6tACKJ7hB6fyjtgj5Oqfg35ToE++DHuPdwVCeYgyfpu/nlCymmuvkba/lLlOVnvbxsNy94l1679QIcJSwA==
+v0n0.nic.software.	172800	IN	A	65.22.32.10
+v0n0.nic.software.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:10
+v0n1.nic.software.	172800	IN	A	65.22.33.10
+v0n1.nic.software.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:10
+v0n2.nic.software.	172800	IN	A	65.22.34.10
+v0n2.nic.software.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:10
+v0n3.nic.software.	172800	IN	A	161.232.16.10
+v0n3.nic.software.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:10
+v2n0.nic.software.	172800	IN	A	65.22.35.10
+v2n0.nic.software.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:10
+v2n1.nic.software.	172800	IN	A	161.232.17.10
+v2n1.nic.software.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:10
+sohu.			172800	IN	NS	a.zdnscloud.com.
+sohu.			172800	IN	NS	b.zdnscloud.com.
+sohu.			172800	IN	NS	c.zdnscloud.com.
+sohu.			172800	IN	NS	d.zdnscloud.com.
+sohu.			172800	IN	NS	f.zdnscloud.com.
+sohu.			172800	IN	NS	g.zdnscloud.com.
+sohu.			172800	IN	NS	i.zdnscloud.com.
+sohu.			172800	IN	NS	j.zdnscloud.com.
+sohu.			86400	IN	DS	25066 8 2 CE87E0735A424D4601FDB8D7691FF1B916C54C6CE367A9A66CCE7F88EC8A9E97
+sohu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . au4P7X6CQajbEAecSBoocGV0oRDzQpiW3D+dQEXolzAmZImtsvtwmKQ+JW35U2dEQ9digs7uk6UdaWQvP3A1D0L2d2ltJ/oh55io7DwxB2JkBcfCf9qV9F3B9xI1ywHG/y2rDiKcpsd5hUhQip4XnarTtW1RwoFqrLkJPq91wOjo66+r5c/Qyq2odbk2n1LeuKPQ0h6l72FsilmO1oG7o6vCKoYUh2YmKfaPUJOuZpsNaDQrCH66xCzKqRf20ukFnma3+n+QHRLqlORnaQ8WJZ+qypqNbUWHgtdOFQRFczw3bT24f1C+9D2gIZL1xjBK3efFBUYs9YzUeqd/ZjI0tQ==
+sohu.			86400	IN	NSEC	solar. NS DS RRSIG NSEC
+sohu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . quv2rghggfAtqJ0XGTLU6zkNYGD0maBHklGG1HUGqLL/g7J6yzuDn2/ItED5di3R3lnWX2WM70lUtUk6F+0rG+JrTMcbP/LAs/ny5401xkjr8YH2pqrSDz363LkMweQFnAM718LnmciDOMwzm+OSP4+7Jt7rKGtOlBYe9HQ5sByvUn48/wl4J2kOtARONuYuVzU+Izw8duYbqjqNRT1Ufki0rkTiRruz9j81ryelvoyU4DqStFwKOw+h9xbHTSiF4RTeSSPsDxLb+o6L8frE/LxaHAt6VNYwKORofeL0S6RlTF0tIUsPup3XtZHO4ig+Bynvq1J99wz4Ec/AFr6mzQ==
+solar.			172800	IN	NS	v0n0.nic.solar.
+solar.			172800	IN	NS	v0n1.nic.solar.
+solar.			172800	IN	NS	v0n2.nic.solar.
+solar.			172800	IN	NS	v0n3.nic.solar.
+solar.			172800	IN	NS	v2n0.nic.solar.
+solar.			172800	IN	NS	v2n1.nic.solar.
+solar.			86400	IN	DS	55894 8 2 9FE65D323FA0CEF5B7C9180DF5E5EB8CB03D9E8253FE0089E85E4BB58A57AA5D
+solar.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zj8kNznOkYM/qwOB6rBf/gNe1n5qdfKkkD+IUwn4GEz44D65aRSTd4ynhAYMi6ZP008s8CN2QVv7bTaHNNpKBB4eiOMkGHBdJsCITYW2q4glF2xF6v5+gNdwqUhr+G8i4JLpTcgE/ata6WlwxOnTt+Y5wFsnVQvGuLHEiRhwbhH6XzyxCaFjBKGzDo0Ar0EmRdHlUXwjsYC2KY5+AhIoJQMfahZRvVY8cz+6jWIfFhDjYq8uIFgekfK7Ly5rwAuPgC6ViufsS0xtvaRonOtZuxBPJCH5O1Ody07HPc569UXuppoC/2ZtqCiQVgid2Jb6y86dV3dWARXYPvH0JrUAXA==
+solar.			86400	IN	NSEC	solutions. NS DS RRSIG NSEC
+solar.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FZXxplz28i5gp7446uB/Nrr2wgQHIPaUNRLRtzEZvJuOL8Q7bZ91xqRs7axpSfxKZbKVRl+7sBbuLCYp1DY3WEFUfMd9HqMe9RZABa2yARnJ8/SAih6t4dwYuPgLN67TdvWso5nTRAt5friV8Pt6sYN7vLN+70vX5GEi5mOiEbaAsahCf695aaaTrNMj/qYu8MlGbMYJDJ+KjjEJ56BJtgO7GTCCczIkDVgU4Z7kOTL1TvO6MwbfSPpu99UICx7q0pYj1yGWP5Y9meh7nw658JILvtgqZsz83D/iG0uziyCQPCrCkYL37YrYLz3DJiB5AfQ8CQV7HrSB+lxckITnIA==
+v0n0.nic.solar.		172800	IN	A	65.22.20.51
+v0n0.nic.solar.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:51
+v0n1.nic.solar.		172800	IN	A	65.22.21.51
+v0n1.nic.solar.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:51
+v0n2.nic.solar.		172800	IN	A	65.22.22.51
+v0n2.nic.solar.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:51
+v0n3.nic.solar.		172800	IN	A	161.232.10.51
+v0n3.nic.solar.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:51
+v2n0.nic.solar.		172800	IN	A	65.22.23.51
+v2n0.nic.solar.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:51
+v2n1.nic.solar.		172800	IN	A	161.232.11.51
+v2n1.nic.solar.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:51
+solutions.		172800	IN	NS	v0n0.nic.solutions.
+solutions.		172800	IN	NS	v0n1.nic.solutions.
+solutions.		172800	IN	NS	v0n2.nic.solutions.
+solutions.		172800	IN	NS	v0n3.nic.solutions.
+solutions.		172800	IN	NS	v2n0.nic.solutions.
+solutions.		172800	IN	NS	v2n1.nic.solutions.
+solutions.		86400	IN	DS	23131 8 2 1E10218CD63AB2AAA5A7C6FD02CCB36A543EAC55A4185E24E9ED4E15A866E2B0
+solutions.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oWaHDmRgUGPhJ67i0a8dmjce7nCb57CIraS9FCAXwT3Kx2uRHFqIu0BJxAO1fBGNyRG4bJfR643O33b6uuN2uVgf9hgTT1n1Y3/43F07T3Wwzqf4Dd8Ql0ddGkEBXIoBbkWJlD4zq/OSFX0Jdg4ntVSkbf3RlQYdS8M5b6nZoaJvZ8vbTgyjPdlQWNi0hTkhyhZjGJ2FjfLzlAcahF2aYYSPBk8dm5RsIKcNcc9uQvq20KJfF16vOzDZgIFniAvUznRC6/5/r8EFFGQUmSYJtNHcY0cgaWjKX/qlbe73NLneqi4ZfTxLtTWVBzn3pjGJ+oHMZmUD10ApdCjy3Rr8+g==
+solutions.		86400	IN	NSEC	song. NS DS RRSIG NSEC
+solutions.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . y5A/ZlvOEfa4bED4s3Ub/YkpVI4QuHZelG+yAFsSxbImIG4q6PcqpGdYUxK8/03B52B/2tDYTKkEoZtenI4VzNak6IU15tXQ7DOb+21S1f5aBhWCDk4pHLbq3hZsHmgDPxVIrDR8flOut5+ky0AiUVjoz8PDZxRh+M381DDEjCyhs02htMPIE8UJGcF4J6al2vG1wweg4B3rJrTMIBkXCI7KfuYyGo/mNkbYlGcNZ9yPn6VWIJqnxBW4GQgkzTGTZD8liw5TyblPyPSaQNe4VdTxNWtrK2KNcJDZhgUJQtfQ4N0TuqWd4iIRw6SazQf3gRJlqfAyKWfwWG6wBe2InQ==
+v0n0.nic.solutions.	172800	IN	A	65.22.32.2
+v0n0.nic.solutions.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:2
+v0n1.nic.solutions.	172800	IN	A	65.22.33.2
+v0n1.nic.solutions.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:2
+v0n2.nic.solutions.	172800	IN	A	65.22.34.2
+v0n2.nic.solutions.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:2
+v0n3.nic.solutions.	172800	IN	A	161.232.16.2
+v0n3.nic.solutions.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:2
+v2n0.nic.solutions.	172800	IN	A	65.22.35.2
+v2n0.nic.solutions.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:2
+v2n1.nic.solutions.	172800	IN	A	161.232.17.2
+v2n1.nic.solutions.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:2
+song.			172800	IN	NS	a.nic.song.
+song.			172800	IN	NS	b.nic.song.
+song.			172800	IN	NS	c.nic.song.
+song.			172800	IN	NS	ns1.dns.nic.song.
+song.			172800	IN	NS	ns2.dns.nic.song.
+song.			172800	IN	NS	ns3.dns.nic.song.
+song.			86400	IN	DS	40012 8 2 9490B716F1DC3BF325E846595C3511F0DC8B3F5149A7664E53671256FDA4C6FB
+song.			86400	IN	DS	64366 8 2 68D1D29041B564B8582F81D7409D912122AC68E2E23BF9167F3135621790FB71
+song.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Yh0EmXZj2MsNWN21dT9sHz3wwMd4rph8EeeL8S4amN2j7aIUoRyTwmncQrZQopq73eJ1UZrzSGXpdoPvnqo1zkcvTm0wLD6m8E2yaHft6QfZRy40Ioy67RhAVQ4coM4PStGneWf8WfN3P/4wDLnfWtwehE1CHS+qPXT14V9b3uRPTX+3HRU0o7cmlgY/mvu8TY1K+2+Nytg+gFQs78KytD9dROMHki5uqW30kH1LCJdOvJMHm77u37CXhH4WGl/Eq8URV9XZKmeViJg3JRQwz8HsdQ1sqG846ZNjuxc97pNiM72mq00tjr/p5Y4tNzPJibV9U5Kou2KuixXUlWO7aA==
+song.			86400	IN	NSEC	sony. NS DS RRSIG NSEC
+song.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vGQ18nwRDI0bfUcmullOC7JZLvNXkC7ztcFk+D0HWIjcs/RuGmilW+hPKYd9x3qdiBZdK8V+Q8tHm9ushdLTIQE+QV40W+RboC1Y+yAMOe0sKQk0BRktXmZnsRrU2wbNunAmE/uHwFvRNqWbclnxJlrsfeazFbhGKAx/AaXhFq8PuK9hj1t3R7TVRAepZVEk8/dKjK37Mf92ugD8y5PKk36Yv51u/6kaKJme5txvjYCNiBT0f+959gC4zo4WSFNvOXyM1WJ0EUdKGWDz1c+kHT3c5KiJlR2rvmSbKob8jq0Jb3pF4GAAHZJTumNxOZkaH2BwjTqiXREskj+0Axv/9g==
+a.nic.song.		172800	IN	A	37.209.192.10
+a.nic.song.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.song.		172800	IN	A	37.209.194.10
+b.nic.song.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.song.		172800	IN	A	37.209.196.10
+c.nic.song.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.song.	172800	IN	A	156.154.144.153
+ns1.dns.nic.song.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:99
+ns2.dns.nic.song.	172800	IN	A	156.154.145.153
+ns2.dns.nic.song.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:99
+ns3.dns.nic.song.	172800	IN	A	156.154.159.153
+ns3.dns.nic.song.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:99
+sony.			172800	IN	NS	a.gmoregistry.net.
+sony.			172800	IN	NS	b.gmoregistry.net.
+sony.			172800	IN	NS	k.gmoregistry.net.
+sony.			172800	IN	NS	l.gmoregistry.net.
+sony.			86400	IN	DS	31580 8 2 F783850C3C82680A57C926B79098EE5DE999772DCF6745A56FCAB20CE9330DE5
+sony.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Jl+6BkkI2plLh15F9v6JO3LrAX+oE2Wue3gvFxC+/PMNGrwFqoGt0H/39YIyegFn7aoUF6VyRFg9DcyE3acDO6SHS5nvLeEQ9qLACwcS5kmCLumuiA2L7Z6oKlHrAkBoUcCASVg60p4ZuMiSyJQXIk4E3z2MHWfvDJwrynAVDIU9hmkD/Vg134gkUVoAASFSLU5rwiqS++x87jwg6kPoRSNn6adT/hZ5kaFNRw3lvyRSxq0byREQ5+6TOI3LSuhJfnQRvIuOldO5fk1sHMv//NVo/MSiragUnH2WqWbubhDE5nw9ncrzKFr/M2HZN/xZ/86d2uWxouzSagCgzB0GLw==
+sony.			86400	IN	NSEC	soy. NS DS RRSIG NSEC
+sony.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . n/9SFp3Oo8OjsGkIonTsH66sX0q8uqf3AOopGVjB3oQY3SAFdQgqVNCvNGYfgIGpJckNsLAZHW9rt5noCNGXn9IeYDFC2SaUOcQcfkVSYB5WpNuMYWk65xVvidjndABiwzBC10/Cvjduen1cR1qPce3UIy2WT9SFhLW0Haf1e8Kn4rg1R0XxvbNst6Mky6d2Eg4jUze5o6MlnQFTbC3AQ62McpnsJT2HWkPjm4ktjilJueqIgYbI0psLka4ZFnJZZDpAClVnghK7was8v0Y8EEDt6sbZZvOZkCETjTZ2GioALxdYseholHnlUpIzmL+w46pSgtRyhmqvU8H+5tEEUA==
+soy.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+soy.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+soy.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+soy.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+soy.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+soy.			86400	IN	DS	37831 8 2 2C8FD7C33B59F39069AAE096B65ED29B10BBE11DE874833FE20FC54A64815D2F
+soy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tNeCPSsF4uA78O+zNSq1QPEQD7A4qdpsQacyesqLMp2SVz9YyTV9ZTSBzKmjKwy4+s+tNok2Gh5OG2oFGdFgew9UL4+MTyZKtHqh1Ia8vsTgadV17gGoBdghERm8ddknOMD2jtGKQh8HZVhJDZ63FiBqMn6i3vJrOFBmOzTb9htcTLDpGqYEQVeeCiHckxCjb2wWOXlEJskzCuG7+YkK38GHJZ/s5WJFCrINTQNd7Q1zakmESQSFVs+S2qPjajllEGyNFXfFDNL+jdxU7DCE8OnvU2RcyrS7XvEDNSPIrKVAKTwem5VB/NnKXj34SB5X2FRq2XQlFMfMINoDPsUJ8Q==
+soy.			86400	IN	NSEC	spa. NS DS RRSIG NSEC
+soy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fovPSMAp70m0G7g6YfIEyMXUhXTAPPDeu5q8wo4tRNXOYhMcn0cM3rQ0u+oscSs07fZvCAwdrld9eZbmCYmK137HBDRm3D0NN6Ny6tcKbQl1ZjGzA9k9qTnEkC2HO3WL4kwYR+Ftw/2kB3FhXxMD1AQYUyDC2SHbDT18C2IVUdMJsXOZXjADmsvNjTqgzbOc7SeidlovRHbMupJKRYU1WyMvut8k3nd4FFR0yMBni0m2gGJzS7FFPQ5P/btwsnckWD7+Oi+DkCnHeWkqF8V6khrgXXlyZsedHIuNg1j1LACEfJAzfLZls2FtW+4fZgVGwNRnJFcl8WWP56braQ/0Yg==
+spa.			172800	IN	NS	a0.nic.spa.
+spa.			172800	IN	NS	a2.nic.spa.
+spa.			172800	IN	NS	b0.nic.spa.
+spa.			172800	IN	NS	c0.nic.spa.
+spa.			86400	IN	DS	11881 8 2 5F494F6958801E119D309BF6CD627C42D1FD04055703AEAAC2C2D1B98DB00B97
+spa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JV83N8k2o5xSGgyOJoX9pbkl1tkZSj7Aex3k/DiRGGCLGsQXcm26aI9jhO+w5NXefmYudB8mymXUNzOCaEOnwM7GiHyd63IeFMfc2MG3oworHsceQlL9Az7/ueoW45TL76lq2/7LkCwqvw/kv8+/hmH+sKzj7D89glQjwIuywWqG2Fja3S4YqJPVjTAeJPk7ZAbS7jq5VQBpGS0PzeNrUQIELPHc3A3lcMiJDzVPg/3kncp+o+ZI/UsIrLhYJr0PKoJ0yOSGQnBgypRlgtAYH6EoVAP7/T4BZue1S3rjIDzOcaJc5Bb5w6rsJhcku7YGf8xEa0/txhWwNeP8Dhxb6g==
+spa.			86400	IN	NSEC	space. NS DS RRSIG NSEC
+spa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ly1L05jgr/hYIDQ0FN1692WEI4LdaIk90w/ajLQkojHxTGVxh79cF6MYRwNdiU4S6VwleSdWDJHb8tvC36Z/p7XXVqfn4dbKRcnuzhc5JrIFcZrM4QZbRqPAqACRtcarrREbE1dHWMEg2bQ4TRKBu9JUWOfvRoZybMI6dK76cvuGoudR+NiLFVerE6sNCe/tfWWeIjwXcivvbhBFRa8++hf1hhgU/0Z4nuKua5kh961bazxEb+64lQOrXKFVOHa3j193hpS3LPHmFfRalurkqJA6bHC1N21pBCZxPJ3BmB4RgwgmzE7E6LgmF94EAJqppLtjhXbRqDcCPqiwGXn95Q==
+a0.nic.spa.		172800	IN	A	65.22.48.17
+a0.nic.spa.		172800	IN	AAAA	2a01:8840:2e:0:0:0:0:17
+a2.nic.spa.		172800	IN	A	65.22.51.17
+a2.nic.spa.		172800	IN	AAAA	2a01:8840:31:0:0:0:0:17
+b0.nic.spa.		172800	IN	A	65.22.49.17
+b0.nic.spa.		172800	IN	AAAA	2a01:8840:2f:0:0:0:0:17
+c0.nic.spa.		172800	IN	A	65.22.50.17
+c0.nic.spa.		172800	IN	AAAA	2a01:8840:30:0:0:0:0:17
+space.			172800	IN	NS	a.nic.space.
+space.			172800	IN	NS	b.nic.space.
+space.			172800	IN	NS	e.nic.space.
+space.			172800	IN	NS	f.nic.space.
+space.			86400	IN	DS	44251 8 1 36ACB68B734DFE465CC1112F9DAC08B8B66627CC
+space.			86400	IN	DS	44251 8 2 A82D8ED2B07D66D6E7AF375E0E44B22A82F4479AD45F5D8E1859DF6FC170E67C
+space.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ocsXH9mCjMzKJjjlBAgqIrM3GHd0032Fvgzdy6azF9wQvrGS2JI7SC54kWfPHXBR1Jl6RixyyaWbf/0frnLf8RSTnKJec3X7q7OXNHqauKJvncNcDN3PZhz9mdHmrECVbWSyV/92tQ1GSCekUcj5YyU7Oh7C08iFNQBfs9PRQxtqKWpsTwGptk43QRO1S/53AnfH2oa1241fLZMW/cJwvgAdUAymBpyO36g/r07P5iP5GNJwWY0VDLgFfhM6WOOrdjeYwZ5EHSM1TczWDfGfdzYQCrkQiB6BHngbPhl1p3DKMxi0aNVjH7ZOL1p+iS/AAS4UOATT+47xPcUoy+b8+Q==
+space.			86400	IN	NSEC	sport. NS DS RRSIG NSEC
+space.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Xw3txiSESHQUlqnHLHPhcCba5aEy/7P4+aR3igw/CvSWx/nfRA8zFf4pWCsLMo3qOEjkhMl5KNFs+rv+jCf3ZuLFf2U8+jPSlXTvFoNKguLJC913DN68tdAeHA3tpLwkHetbIXSKCS7CGirBWUDgRgfiP2xg26WpiL9xwr1slrLp9X7zzDZmuIuOfDL09OL7gDNQrmxSZrzhlFtW3COvXcaHlxoKhue5ocydpDb+CJ5flMvhU0zkWo0ZhwPS8TGTFSkSjL1yOEhrJ7ZWmKefn5InSEh/xmGvR9HqdUofeFi/PQCMDUOFCgV1EFI/GkYF7Y2JBFjvLuXephqvI7aRTw==
+a.nic.space.		172800	IN	A	194.169.218.51
+a.nic.space.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:51
+b.nic.space.		172800	IN	A	185.24.64.51
+b.nic.space.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:51
+e.nic.space.		172800	IN	A	212.18.248.51
+e.nic.space.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:51
+f.nic.space.		172800	IN	A	212.18.249.51
+f.nic.space.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:51
+sport.			172800	IN	NS	anycast9.irondns.net.
+sport.			172800	IN	NS	anycast10.irondns.net.
+sport.			172800	IN	NS	anycast23.irondns.net.
+sport.			172800	IN	NS	anycast24.irondns.net.
+sport.			86400	IN	DS	32491 10 2 3B39ADB8057A67441E2B11FDD23417E52F7F5B17E134F12027B3C382535972DA
+sport.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kgaGvIW/iQQalXdJClddGYaWARTgyPgMQMOoXhUuD7gBpZGusu+JjNJLx3CaNTWeVkCf739/J0nAKauAuiSlRVgKD8uVAghbxHyz8LoOUMIfT3NAMOC8ptocI30v1WOPYBgZFr9KMXbJW+O0MuvpjgGx6fYmOtwzUbnSgKh5fU2KRNcKUMKTPRPYxm3oGIttCSPWzv1r32FcYqS/TQuGrEAl5oFjbJ3iELRmXhD5axPoBUc+uN5PvQ0FAc+6xPQEOZs5ARcxmwoP6U5Q18pxXWRKZ8SwuJnqKcQ2f0kuOq6embDnMQzkzBPssHw1Hpwmi/JPuHjWP03+tofdJHlZ8g==
+sport.			86400	IN	NSEC	spot. NS DS RRSIG NSEC
+sport.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yFIEzQV7EPjTyqzhy1p/mmLNv8sP9UzD0drQ8oqLUd39t/oHaBGXEXmoFZU8X6cp9K7cH9jrKY+CyIiIWkunQm8XvbZZP5K2icQUwtNezTBpN04+nY0VvNWdS9h3w1PkuJdN3RCClex2IjYI9fzjb2F1hGEcXCkcFsuC9dyjV5uZ1OuVfisct1zEHt8MtgcBS7MwCs4XHccHml0y+5y5UFV7RD9/Enepfq+CTw9bPesmaAtjz1VMQMVKWBEFI5uDa0jxim6NzPX283cwxv1gFjgI2zcSsqqLwIKC/ZqlvskiR3Z7DT11vSF3w82qraEe2mVGFCvuq4cxnn82HAKC3A==
+spot.			172800	IN	NS	dns1.nic.spot.
+spot.			172800	IN	NS	dns2.nic.spot.
+spot.			172800	IN	NS	dns3.nic.spot.
+spot.			172800	IN	NS	dns4.nic.spot.
+spot.			172800	IN	NS	dnsa.nic.spot.
+spot.			172800	IN	NS	dnsb.nic.spot.
+spot.			172800	IN	NS	dnsc.nic.spot.
+spot.			172800	IN	NS	dnsd.nic.spot.
+spot.			86400	IN	DS	59827 8 2 116C15183E96A172850B479253520C519CFC0D28BE0F3154DF01298E1BFC1CC2
+spot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dzwVqLs+ggm24dLI9ILxHRRI51Se9GKekFVx8PrkR2zoa9x3ikWGG350vh9Vq+Yo6ThASF6ZdfrictmyHuTp9kSGla5aSwiLsUq6z2dGnu53F9YlQUytezXCxEUenT/P1bq5o5+wrOqK75j63SJt/oVKtLlr/0eF1i//AisbVd2c7/HjLAHL0F9lBeOkN5FWWJg7Fhq2xzoSidEh1JpHf242LPKzpyMJkcwFVjNgmAOzE4nlXKkH1E50MJGxASBr0R5WmSBWjJ1omposL2kCizfbJJnpgvOTs7kyOih4RKjc398VrZwu84D+juhdq470Jw3O9DxsA7KmNudc7l1Clg==
+spot.			86400	IN	NSEC	sr. NS DS RRSIG NSEC
+spot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lM4Oz8n1Ui6prpHFXsUoZwwyq1liz2INiBCODO+7s9em/zn6N0IqIuW3hLdkCJBlQBlydGxdznmsfpksfoEq+Y9G3at1Fb4+lnO0skmRR7RM+SUxewXPZqdfKVEoKAiJRZFqABh4sGbNW8cCUSHb4pTP4wBKr2S+DuwKM/yOjE7I3KulFpiiHLEYWDt8a4XKPw7fqA1hWVHAWgMdQnwUoDhn4j0AwG++/N3Znl1JXY4lNp/u0yrKg/7x11091WnZbWwB2rjBl4nex5RiXoLXDU6HG6dfe5iaOF5tYV4oqC+nTSo9wNRJKjOtAt0ZqGgGyZrkN31JR/eQjrl0M3nIOg==
+dns1.nic.spot.		172800	IN	A	213.248.218.82
+dns1.nic.spot.		172800	IN	AAAA	2a01:618:402:0:0:0:0:82
+dns2.nic.spot.		172800	IN	A	103.49.82.82
+dns2.nic.spot.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:82
+dns3.nic.spot.		172800	IN	A	213.248.222.82
+dns3.nic.spot.		172800	IN	AAAA	2a01:618:406:0:0:0:0:82
+dns4.nic.spot.		172800	IN	A	43.230.50.82
+dns4.nic.spot.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:82
+dnsa.nic.spot.		172800	IN	A	156.154.100.3
+dnsa.nic.spot.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.spot.		172800	IN	A	156.154.101.3
+dnsb.nic.spot.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.spot.		172800	IN	A	156.154.102.3
+dnsc.nic.spot.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.spot.		172800	IN	A	156.154.103.3
+dnsd.nic.spot.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+sr.			172800	IN	NS	ns1.sr.net.
+sr.			172800	IN	NS	ns2.sr.net.
+sr.			86400	IN	NSEC	srl. NS RRSIG NSEC
+sr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AC7N64qG7dAKeyxGjuSSXrBon2ZlZ9FknCtFXW8zABC2Vr/+n8SRTvrUv8/r0VP1cUf1igcppXE/2RtkCXZvwJcucEBOgeIofmEey87Gj064fUtMa4JyD6OR3GdwN6g50lyzEjIhUlZtnmcHv8xjXW6/Y8jLwzywfV1W1UvGS3Yl4gB+sgxSj8ATbPipkpkOC3CzSkhjnqCzNX3B/ZQac4Pdon4aOf3Of0yCSyGKL7Y+UBsN2gsYLV1u2XfTczZgjHsliLxmfF7fvnrTtfu9XV0kgUpAjuNMt4VMOzIekGy9cqyn5YSqyNHR8w9vMngfjwQqjMFmlycFusmk2Hteaw==
+srl.			172800	IN	NS	a0.nic.srl.
+srl.			172800	IN	NS	a2.nic.srl.
+srl.			172800	IN	NS	b0.nic.srl.
+srl.			172800	IN	NS	c0.nic.srl.
+srl.			86400	IN	DS	33382 8 2 8414F09570E69F8FF6099EF53136AA4304A85FE21BCB1F65E937AF7C5E5133CD
+srl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uqr5Jh4tEFz1ItFZK+U4n99Qg9w6jbjvnh79W0GV+bdxm4mgNonEu2KVV7D/TfFkXRN/iuOaKb0sVsJnlKvZFlsQfPpdlbHNbVRkC+yKBh2c4s+1xL7eAQABRV5f/15X4MOv4mE9bdRFta3cYu+MbomdIIeOBqjybHqSmA6Bw35wYkw8IrI/LY3cnrYXuoJ8OJ0wVTpmD0mtrxV4dEAg6DjV6aw7QcViBBYnSuzwCtrTXNhrWDPTfYAMU6I2KLfrHGlbVQugNqVsYzHJaTnjwqgTu8vahYn7j/ljNGOH4DaUoW0hIf+S9wR0YgGF/B4o4x/EFu2cq8WTigewmUoUAQ==
+srl.			86400	IN	NSEC	ss. NS DS RRSIG NSEC
+srl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GK7Yp9TfLslto5oZ1srRG2SuGdxVzDEAiXmjQdnaYKwhi6gj5soD7h6SRZ2+VbKe11vVcSq9XX7gd5YBtr8J1QY+JhD4FkmPbEz/ZwDBVJuVvKEnuth+E6wzzTxzFeF04OtuhxvG4Lw4N5KL4aQEi+JE6x2OoMU1zFSHHwflx7UoIPBlQdkiLRsXSiNK/P84yKDkWggAEKdvYP57kzqpU+/efVkJpkpv8mbVcwExA03MmqTT8Pt+AJ13VrHGnObh1UBF/jJRjkI28DMbwgL2U527B1UcPuaAOsiAwWZzE/XjwPRw9T3e3GWoYv+zzwSX99+lzZ3avJXtnqPGMgqOow==
+a0.nic.srl.		172800	IN	A	65.22.80.33
+a0.nic.srl.		172800	IN	AAAA	2a01:8840:4e:0:0:0:0:33
+a2.nic.srl.		172800	IN	A	65.22.83.33
+a2.nic.srl.		172800	IN	AAAA	2a01:8840:51:0:0:0:0:33
+b0.nic.srl.		172800	IN	A	65.22.81.33
+b0.nic.srl.		172800	IN	AAAA	2a01:8840:4f:0:0:0:0:33
+c0.nic.srl.		172800	IN	A	65.22.82.33
+c0.nic.srl.		172800	IN	AAAA	2a01:8840:50:0:0:0:0:33
+ss.			172800	IN	NS	b.ns.tznic.or.tz.
+ss.			172800	IN	NS	pch.nic.ss.
+ss.			172800	IN	NS	ns-ss.afrinic.net.
+ss.			172800	IN	NS	ssnic.anycastdns.cz.
+ss.			86400	IN	DS	43817 8 1 65FB691DA6EB488ED99195E7609837F787EAFC4A
+ss.			86400	IN	DS	43817 8 2 F85D36A2E056FF8CBB8DC79C748E4EC1E862C4F739891F9595669AA3384A252D
+ss.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IfssLaAPDn6XzQVI4EjDdrVJWlkihuns6QZwlfGwdF5oR4eowJINCdWNhco+524xPRfe1nzWwUAugzsLpj3zvp4peG/HGWP0ucHhLSVpmaLG/HcvvqGSVzGkvgOyfdbKOvct8aV6H9QK3nr+z3dDyunl2LBiU9CY7fvfF6lGTctJWfJxwXyPEg+msX340o/kKRuqVJNjIiiyzvhFUlPXuSlAWsreSY1v4tgCJG6yUvY+QMJc10BhCMwWu3mSZcqgOEMLVEoVcPlZoyE5gyEgYG5vmm+fk6I9J+OwK5wYVw7C9rqt8stUNQFiIpxoQJVRLS8D7ms9kvQHt4HDLDoghA==
+ss.			86400	IN	NSEC	st. NS DS RRSIG NSEC
+ss.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U9xsIZANfIozURgpjN3TaK37kfnPiOTMUsV6FlCd7VqceidDzD9B3SV/0sc8t+s9TqhHwqCAZsk+ajJkhm9nRjkv9fORaipELiDotKWZsPGseMbSNWk7PqRys1A+UmcdmuIMQMDsIYoyUjMPTDQeLlkUQ3yCq0/DyMJdR8s0JFmtIvnXi1946HZXwmmazoHfHP/kpVNEChncuvuB2EGcGvkt9vVWsUVmIaSUKyuj+3ZzZ3ZKfN9bH/0ksbn3c5gu1/3UubLbRpK5PAEVIlCiVzx4AFXv9h0w05CuPkhgMnbTNI2PquJan3RbGeC9L+3d7SF5R2rUwZhOjTvlTI4NjA==
+pch.nic.ss.		172800	IN	A	204.61.216.130
+pch.nic.ss.		172800	IN	AAAA	2001:500:14:6130:ad:0:0:1
+st.			172800	IN	NS	ns1.bahnhof.net.
+st.			172800	IN	NS	dns-st.bahnhof.net.
+st.			172800	IN	NS	west-2.dns-us.st.
+st.			172800	IN	NS	southeast-2.dns-au.st.
+st.			86400	IN	NSEC	stada. NS RRSIG NSEC
+st.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XNic1ySWzXvvDxCqtxZdtBQk7c2XHe2YpNdhWjLZC/dq34jPrgA9MILO4HJr06LPsmPA38Z16l1PndnJhQ0h8jIspTHv6f1ixc+SQj4YA2DmDMklv1W5JrBis6rCUNk9Bj2qDXW2BA4ROD+WzF4bRiCh/8OGlOLQ6fkE9hvJpGRjQyT9CeGiYWI8IqQQBUBhoPaFEdgV/OPtWoGPDbfZal1s5WzcL3i8nJsI5byxeSxkadBuITNxzkOBv+p0Gnw6qqIG8LpsUVljIfoSnaGDRoGKtGjAFyHgw3mfqbXEYtCBBSS50dlugZ5zr8iSehq5ZAjJplb1PFfYjJfyHywt2w==
+southeast-2.dns-au.st.	172800	IN	A	52.63.82.137
+southeast-2.dns-au.st.	172800	IN	AAAA	2406:da1c:306:4700:d0cf:a4f8:f1c7:249e
+west-2.dns-us.st.	172800	IN	A	34.218.33.231
+west-2.dns-us.st.	172800	IN	AAAA	2600:1f14:15:cb00:c08f:baeb:bf79:c730
+stada.			172800	IN	NS	a0.nic.stada.
+stada.			172800	IN	NS	a2.nic.stada.
+stada.			172800	IN	NS	b0.nic.stada.
+stada.			172800	IN	NS	c0.nic.stada.
+stada.			86400	IN	DS	10585 8 2 0BDB59EF7DB2DBDD103CF1CDA4ECBDDD6BEFC6F4D074EF177311FC3358C14941
+stada.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lWOFiegIjr4bIbWF+JiUa1DaHi3ozQE7F4uj1hpDpGDUPYHkdusqXoSSRcJf1JuO1qOP3CxfmKPGQfnlkMSUd1B+Px/s7/CCyKUq/6x53tERpo3KbBBULv8xTuFJVS6WYmkrxdhYQycT6C1wT8nkOFeyaMYCdh6Y8hgir8DiDxJsAi/dEbLkWtdL58PA9App2Q2AY5WNzeul33XgQ9TIdClZUxjLi4iNQrsYEp5j38mevT713K1yACYsykCjYwJYFnKKPrWo2v1HsaR/UpolhdF/LCkNMBcu4qyGj0hSMdeWVf735sPkieo5ulTs7afa3vScjHbcQomK9bZoiep2Tg==
+stada.			86400	IN	NSEC	staples. NS DS RRSIG NSEC
+stada.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Yetg3sY/g5V+5mu9wG+n9pDthCI2tfjM/pzQ6qbufgeX8TH0rtjPTe7gz90p/FegIyBBlikTzQRSvo1MB86wjaJn5hvrm1nHJUlVSu4+SxtU5Rp7kAkGXWgmL4PVSmOuCU+JtVl3ZpxG50jYUo101iUx/VtyA3q53IDebCQeCPrxW7BDOiOklzMcaz2IE9YNQOdpwqHZTWzip3hmuNWWqvfz8+hoRScp9tMIcQ9M7InX863Rl2NY6i9/ff2As61eqBTyweJG1XiRJ18FWCETxSTQ4RE5+LmcA69ZbV8rct0+GPsIBbdTBk7iSoCJzkhirtP7gnIitWUKDzG63IsRQw==
+a0.nic.stada.		172800	IN	A	65.22.156.25
+a0.nic.stada.		172800	IN	AAAA	2a01:8840:9a:0:0:0:0:25
+a2.nic.stada.		172800	IN	A	65.22.159.25
+a2.nic.stada.		172800	IN	AAAA	2a01:8840:9d:0:0:0:0:25
+b0.nic.stada.		172800	IN	A	65.22.157.25
+b0.nic.stada.		172800	IN	AAAA	2a01:8840:9b:0:0:0:0:25
+c0.nic.stada.		172800	IN	A	65.22.158.25
+c0.nic.stada.		172800	IN	AAAA	2a01:8840:9c:0:0:0:0:25
+staples.		172800	IN	NS	a.nic.staples.
+staples.		172800	IN	NS	b.nic.staples.
+staples.		172800	IN	NS	c.nic.staples.
+staples.		172800	IN	NS	ns1.dns.nic.staples.
+staples.		172800	IN	NS	ns2.dns.nic.staples.
+staples.		172800	IN	NS	ns3.dns.nic.staples.
+staples.		86400	IN	DS	23296 8 2 EC6E9A376B2A1274D837A25381DFB539F1404EADA456C15B7258074517BDDDD8
+staples.		86400	IN	DS	35455 8 2 632AF1F936FB38D84FCED84EAACE443D47D287F3346E8CD4C456D8DB70EFCF72
+staples.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . g4kAJSUnphsdFOco5+KjLMFIe4gFu/6jbt7kGkZ/q+zXMaI/uy69bzlGM0f1ZuklrgvO/KynqQhElolVcXOOAEL2YkRKfpc9NFSNt+B1iRGE063BfaCrQlPeA+NRKP3GbzuVFyb0TzKJY2ryA7jqM+vELDjYblJvr9JklUigOVdXD2lX0y3s9EJ22xOh0SJ66ULeCTfoApZVHk3GCvE7nPy/OtMPepZeiSD0hY6LA8hMlmSmVBGm60kF8fhpHet643hz0ZlYl2bbXRf9DklXPVNjOfs6ZpnIm48a1d81fg7UpQD+OF0LpmSIWTavLBqGDwcsYPAJFqikJPxVXHeVZw==
+staples.		86400	IN	NSEC	star. NS DS RRSIG NSEC
+staples.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JPi0G+3/kTFSrvXaVtnwVlE91Jk7ITCEjOK0iCtbulTmSW4+p2EF5BrUkKXr0mGE1Z+09SwnoTFmxUfeY7Xlr0BYL6V1FOZwmeTqzLRMAyisiWQ29rKTvMgdzdL7w/WBoLepnZcz+ZEm8GnD884wbKxRrRC1n+MBO3J0ZxLubtNvkInY8nCUgyco9imD7CdW3fqrcicjbnCK7Wdv+nMtgiUD+Sg7aGc7Ng7loXhJRsbx3faZ+Hs2Xw4mdsLv5bEYpJOaS07TJ2IyiyCkaZpSdRYOul2KkFpDdGPPD8KCU5wopyw2PhaI63wGFmhJjdsQpJBmTh8bA+nKqmt85HrJQg==
+a.nic.staples.		172800	IN	A	37.209.192.9
+a.nic.staples.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.staples.		172800	IN	A	37.209.194.9
+b.nic.staples.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.staples.		172800	IN	A	37.209.196.9
+c.nic.staples.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.staples.	172800	IN	A	156.154.169.79
+ns1.dns.nic.staples.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:4f
+ns2.dns.nic.staples.	172800	IN	A	156.154.170.79
+ns2.dns.nic.staples.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:4f
+ns3.dns.nic.staples.	172800	IN	A	156.154.171.79
+ns3.dns.nic.staples.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:4f
+star.			172800	IN	NS	a0.nic.star.
+star.			172800	IN	NS	a2.nic.star.
+star.			172800	IN	NS	b0.nic.star.
+star.			172800	IN	NS	c0.nic.star.
+star.			86400	IN	DS	59872 8 2 306C152BC34676BF135928882FC21C5702BF37C893F71D4DF51E3A84AD6B62E1
+star.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NBA0vdBa3WVramM3g479MOceejUEtg4rGRrIQCRh1W/pQp1XSaBRak+w+v9U4icPGUoGGk7mwh4xRbuYkjBZI1yg5iBuLXlnsjC2k4xBhx7xwflf/NjVr2nhGoU/R9Zr8V19fp5CJMDabcAxw2PDeledJOOlyiAhT5QLAvJfDc93dLxvNH6kBpu3APUPANpickHHS2ouZfh76LgympYT4d9wv5bLra4oaSlfHQaRm0c6akq6aGR6MjPBJnkrXzsG7HGH5QUn8VJgG+g2yQ14BNt9yaEDienCTpae+M8hj9oO3Cns6dk1vL5ffr9t6nBqXyUUl6alBypKKSmIv/C3IQ==
+star.			86400	IN	NSEC	statebank. NS DS RRSIG NSEC
+star.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qAyy7z4a1SC3j/QesXuCuB/SEDt+K19oiMLja8fc1slb5CiHwu319uM7dJ1rpGFOu99xai1raH1uk+rwxAiieUzrqT++F6KroNE3oBBTUw8NQ3GIImc6Rpv26GZxDB8DUbHjn/6/XHzUMPkpb3gn883MKuR4myXEaela8evsZzv/ilVEo7tZAKfxaNWceYDuBvobAwgNLkKINaGCoTkE+4I/PYldfsYp7JjV1kgpV+QLlfy6o/uGy/5Pm0dA0pFOXVRUKRll60obgwOKKUZzusX4F5MbyykG5VuEvwcXOwEWiM1AklNmi3LfCgEs4RZsaawr3fzPyeXP32HC/UDn9Q==
+a0.nic.star.		172800	IN	A	65.22.56.9
+a0.nic.star.		172800	IN	AAAA	2a01:8840:36:0:0:0:0:9
+a2.nic.star.		172800	IN	A	65.22.59.9
+a2.nic.star.		172800	IN	AAAA	2a01:8840:39:0:0:0:0:9
+b0.nic.star.		172800	IN	A	65.22.57.9
+b0.nic.star.		172800	IN	AAAA	2a01:8840:37:0:0:0:0:9
+c0.nic.star.		172800	IN	A	65.22.58.9
+c0.nic.star.		172800	IN	AAAA	2a01:8840:38:0:0:0:0:9
+statebank.		172800	IN	NS	a0.nic.statebank.
+statebank.		172800	IN	NS	a2.nic.statebank.
+statebank.		172800	IN	NS	b0.nic.statebank.
+statebank.		172800	IN	NS	c0.nic.statebank.
+statebank.		86400	IN	DS	6556 8 2 CEF021E759C80743AC2B871F39DB1AAC7BFB542244B74EBD5C98776F5D4D844A
+statebank.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cJm/O+BmBdt28svFPr1GZ4gQ5F9HhY3Oonlxes/ERZsEhK4CSrA/LanqK47nwF1+oTScz7i9WWikK0YWyGeujOQOVcVDd6buJQWtuGO9MDtbbIU5XVkC1h7bt/AnAFTUQIyUuxwjvx1YhNUuPun4N3alboOuzu0D/1VBtQSFeaZ9+FzeEVbSto7o9bbNF4PXJpZO2SJqjFznXRXMXhvkl+So0nSpbvspfdvDTDEM/pQjCLcKDHj9ESm/iiM8QeVB78Wp2RGwc6wTP3ksggaqKmTEo5gIiYovonTKGfyuIAWHMsfzhzSX3zcZ3rn6YEBOI9ZjLxyuSwZNwFT5UromcQ==
+statebank.		86400	IN	NSEC	statefarm. NS DS RRSIG NSEC
+statebank.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aSFcrCqfrjsDadvOQySFi5DhubrQ3CaqSWugVLLjRjdCqH0EuSAAgCBWrUpjYA1fnSR50htKpi0GaNjKRySCUJv6rfTXalSzvHSLJQHmTex4XB0JC4+DXc7VcQnj/2RrMwlM7+r02GBP8RjmZgR0QwcjG+aSUMty3CuBNJuwZobx2W/USG03oqJipFt4VIMnXAMOJpQSHkufjTo0JuK+vRvYi5Ge56Q3D5Op6qPUBUVcMI+amq9yfgAhNtOoWScME0n4TgX14+llpTgFWLGcqnxhp9riDWDZZAL5K8HPTaFCVNyqZwaP70KQc8koIn+k4V1du1wXbpqN1aDugM3Pig==
+a0.nic.statebank.	172800	IN	A	65.22.176.1
+a0.nic.statebank.	172800	IN	AAAA	2a01:8840:aa:0:0:0:0:1
+a2.nic.statebank.	172800	IN	A	65.22.179.1
+a2.nic.statebank.	172800	IN	AAAA	2a01:8840:ad:0:0:0:0:1
+b0.nic.statebank.	172800	IN	A	65.22.177.1
+b0.nic.statebank.	172800	IN	AAAA	2a01:8840:ab:0:0:0:0:1
+c0.nic.statebank.	172800	IN	A	65.22.178.1
+c0.nic.statebank.	172800	IN	AAAA	2a01:8840:ac:0:0:0:0:1
+statefarm.		172800	IN	NS	a.nic.statefarm.
+statefarm.		172800	IN	NS	b.nic.statefarm.
+statefarm.		172800	IN	NS	c.nic.statefarm.
+statefarm.		172800	IN	NS	ns1.dns.nic.statefarm.
+statefarm.		172800	IN	NS	ns2.dns.nic.statefarm.
+statefarm.		172800	IN	NS	ns3.dns.nic.statefarm.
+statefarm.		86400	IN	DS	56986 8 2 F07E46D54C6AB0B5D79DA353CE0BF2F58446572728C2823AD964F6EC50B99AF5
+statefarm.		86400	IN	DS	64867 8 2 1ED8A8C0E5102A11CC8659D9D0543EA7EF5F44B63D553A4AA78D46D398FF5356
+statefarm.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MfMV2EB4FHfejBHGkasVchJXftjblaauZ9OviYqf7PkhE8fYtQw6zodpzeeE78eL1rsushWFCsQqt4gkgJBJeb/e1tmY3evzx2n6YVGN6KlXN/SsPnVUmqgBOYv/saa5w7gdXPgHGVfpS/qxG05shQ0SbLP9Udtr1huQ744D9Q/Y7ewFqRB8V+Xq45dFbO1O94MD22eGs+kE/EfOKJVssENiCQlh0bRZxaOcUXPk9560SAjwZov5bRFbAzqaakbujRhQdjZ0Z7bPjZUEXh1gHtIdDrQ64gnHyQm04FG8lCdlqZrWKzcvM8rWqm/r43EKSkhNVoeRkQKHBOATtGcXUQ==
+statefarm.		86400	IN	NSEC	stc. NS DS RRSIG NSEC
+statefarm.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rt11GKLkFRxPfjaRK5ZF3eU5eCr7Gu/0eXIaN81blz9EiB2ap/bsyD2CabLKe6bnR6bY/mhLglC6AsJ0KTuaCS0AYNRgwSUtohy1hNDR1m0fQr71GOua1tPPyGtyrxsk49XnhmR/E1/UHMRBUpvn4d7O2u4exmY6Dxw/GV6fjuFeOIQeK8zqaeoB6t+u4jC2JmmUtxLZg0NepQubd642I48s8F7SI5P8RmHc1/4vKaZLIN3g43VrHGYDBMGlvRlsGpowdV/W0OYRgzI16KC/rOlUb3UF4hwdHn7LlHAS/XjAVdFwj8Q3KTzL/jBFSr7yrrxP1XpCGNKKtwDzhYjF8w==
+a.nic.statefarm.	172800	IN	A	37.209.192.9
+a.nic.statefarm.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.statefarm.	172800	IN	A	37.209.194.9
+b.nic.statefarm.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.statefarm.	172800	IN	A	37.209.196.9
+c.nic.statefarm.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.statefarm.	172800	IN	A	156.154.144.154
+ns1.dns.nic.statefarm.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:9a
+ns2.dns.nic.statefarm.	172800	IN	A	156.154.145.154
+ns2.dns.nic.statefarm.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:9a
+ns3.dns.nic.statefarm.	172800	IN	A	156.154.159.154
+ns3.dns.nic.statefarm.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:9a
+stc.			172800	IN	NS	a.nic.stc.
+stc.			172800	IN	NS	b.nic.stc.
+stc.			172800	IN	NS	c.nic.stc.
+stc.			172800	IN	NS	d.nic.stc.
+stc.			86400	IN	DS	42226 8 1 8956D12E91DC98337231BA5B16F75AD766051947
+stc.			86400	IN	DS	42226 8 2 79A9D1A91D2DD8F3BCA16221E6FF11E7E5E852E63D0C3756F6E73F94296B12AB
+stc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mL8F/GjNvG9UjfpbAX0MaLHUmzxD9+uoa5is7yWQrDW2QB0Sn9EpXddnVulFO+GScgj2TCz3dJEUPLQA/RKnwuiWr8lc54Dnx+7X3i8YOIvqFUVPnOgUgBpYntYnMmG2WhDFCt0LgTF2UoAmdBHchrYpygkUqh973vwxrHKC3WYL+dNMT4ldvbLfp08j+vUfx2Zw42iiifMhevCi5mo6NoMgQtQcTUCFNlAmlyRCIF7cPBWSaYH6Kd6aM3GBJIwEfbS0jUsJAGVxZPt0ZVHoDjyohyxA3oyLquxXG8Twh8dqsP/XriLHkB4anNHKoJzUijsxKMt9EQBjNWz9j2Ye6A==
+stc.			86400	IN	NSEC	stcgroup. NS DS RRSIG NSEC
+stc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . X1FUgP//LFS7YpM5CvofoY1b0O7lSd0//qyrR0R6OLax84imWVu+Krc2W4hbpDTjQA2xKRtDXXXW/DDZcpAtOEyU8JqoyWWQ1RDO+I3NScyyo1X/qfyhKIrKE01ScFVpi3YYr4JHhYZ/uc2IScMcYnMO1OkL1xh/1MizRq0iy/5pfWJhGBsQweDwsfD5nBISUTfn6czYWQCsxEEJ+4p0uUhav9Hu6V4jipiFIoGgqQw9fI825diOxQKHa6iGVSymZkfGgQ/vEzcNOODsBU0VLY9QRqGFrLpMw1javmGuwO1XvOH1DQuqYE4V8UYE6SEhmRq1L7jaasdPyZDQI3Jxpg==
+a.nic.stc.		172800	IN	A	194.169.218.29
+a.nic.stc.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:29
+b.nic.stc.		172800	IN	A	185.24.64.29
+b.nic.stc.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:29
+c.nic.stc.		172800	IN	A	212.18.248.29
+c.nic.stc.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:29
+d.nic.stc.		172800	IN	A	212.18.249.29
+d.nic.stc.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:29
+stcgroup.		172800	IN	NS	a.nic.stcgroup.
+stcgroup.		172800	IN	NS	b.nic.stcgroup.
+stcgroup.		172800	IN	NS	c.nic.stcgroup.
+stcgroup.		172800	IN	NS	d.nic.stcgroup.
+stcgroup.		86400	IN	DS	63781 8 1 B6FD1903A8AABAF134A517661DA8B7F1687F334B
+stcgroup.		86400	IN	DS	63781 8 2 5A2C21B0D982A47EF075DCCA0378175E917E9BCA8128E4FFD52E31F627F29151
+stcgroup.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pnChU1Qvi8C325YaxKOmEJ7ECKzv2kw912LzJydSBFZ/vDs6BqTLPLLbF4Spmz4uW1f6S5n7btql9NDZiJ9EjJFbEFb1ZRELhdWm9h9Y/Y+tLWF+1GrHPIpYVmLBjfzCiT4Y1h9aD6g7TuaqiJ6J42kVNIrZ3rs8uwi7y+U4fqdsPZz/tc8tHG7tRS2PEb2ZiFj9ltxymVyWjlQYoXhYglGxdDEiT3XMGrgbnc2JYgmoNDLfE8wdqwmRO9reU9aDpohbUZjS70Mwmx/JlzBHuwim2+mtv8x4iM8FEoV45ceYOWvE7w8ID03BMktC4aiqkR8fIoDxpvSC2yeehdyihQ==
+stcgroup.		86400	IN	NSEC	stockholm. NS DS RRSIG NSEC
+stcgroup.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SSEPQXxVGAWPD7jtB0E3lvB6DtU7gu2MbJ14QzBCYOaUCz+DrOAWni890MwKv/IuPyD49D5XLRE4UOju1WwD1cvC9P0gDGY5yp0q8Fz3kO9WO+mHTaqqN/1jSsL5YLrj1DHWabboSD8ikoxaSWoRwz43Ize3iw1QjeSqYSe1ZNcJlc7YLaksELDtXvKkHS881VRWrbZc+nTaK/MPNMgyd09gjcnhHg3vZFd6y7enb1AEJGi0jAcqtM20cH9662QOXPmg3fkDbBFFynWgKR12Aquk4DX+QsWx/I2xGxVS/5/co9EuRggXYofIEgjFKR8gBHUYbh7G1eUoxisYgianTw==
+a.nic.stcgroup.		172800	IN	A	194.169.218.46
+a.nic.stcgroup.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:46
+b.nic.stcgroup.		172800	IN	A	185.24.64.46
+b.nic.stcgroup.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:46
+c.nic.stcgroup.		172800	IN	A	212.18.248.46
+c.nic.stcgroup.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:46
+d.nic.stcgroup.		172800	IN	A	212.18.249.46
+d.nic.stcgroup.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:46
+stockholm.		172800	IN	NS	a0.nic.stockholm.
+stockholm.		172800	IN	NS	a2.nic.stockholm.
+stockholm.		172800	IN	NS	b0.nic.stockholm.
+stockholm.		172800	IN	NS	c0.nic.stockholm.
+stockholm.		86400	IN	DS	28681 8 2 CD787970D0A7DE33BC49589FB72D41BDE6DB32C4470C93C170EB8F2D25978128
+stockholm.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dISUkz33dobmaNVcLpMJ1qkpR2tCplu7sMv8tEvfIF6w3zie1hhSife5w40axbeoFvc6dL64pkg1mXlN4TdyC5UdVZIjBsPdlO7QoLn/H4q51DG9wQ8XXORyF2KN2bw5Aoy1ZjB92WRAIGcnrqWdUI7OUWawkwOtczxt186C8smzO2mL0bn6yfProOxTOwMrQx1RHA0I2Gdu04TTa8xCOTMCBu4Q93nFcnx3IduzEpYtw7EoYNen3FPQc6RKXwUghtljd5v+OLfb4Bnc6Qkl64Vs3Qnv/MhCYl8bWXqYdZgl6JxUF8usds8gU7IHgs54PeDmEGv+xrQzKpxOEG8xzQ==
+stockholm.		86400	IN	NSEC	storage. NS DS RRSIG NSEC
+stockholm.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . M7AhkGQzciObp2NuiUrxaZhjGVxa6l9OB37mJNMFolqVaJvGj8dLLGGuaFX8xOXiJIRlBArCAUCYo9n4K9P3reqhKPJsP9zH+J3gvTTaF0tO0pXzfReY4xKMWhpWpRl65LCJ1FJAt9ExDJwWzkrjeGXPy0EfzeO3eufM6Y/hve1ajM3n+8+a8Yex0tP6Uza8KM3sGCwamGZQ41svTWE7J3hAjTxJGPnJiWjZvR+HejTTwN04u/udySgmpLEAgCyz59WAsYXIWCcw5XAwfmZmT7go2x3FD7H/uVLHtvsukmNUndDeggyA5vuXhZLUFQEyRIvDmb1WUUIhG8uhcDohBg==
+a0.nic.stockholm.	172800	IN	A	65.22.220.41
+a0.nic.stockholm.	172800	IN	AAAA	2a01:8840:d6:0:0:0:0:41
+a2.nic.stockholm.	172800	IN	A	65.22.223.41
+a2.nic.stockholm.	172800	IN	AAAA	2a01:8840:d9:0:0:0:0:41
+b0.nic.stockholm.	172800	IN	A	65.22.221.41
+b0.nic.stockholm.	172800	IN	AAAA	2a01:8840:d7:0:0:0:0:41
+c0.nic.stockholm.	172800	IN	A	65.22.222.41
+c0.nic.stockholm.	172800	IN	AAAA	2a01:8840:d8:0:0:0:0:41
+storage.		172800	IN	NS	a.nic.storage.
+storage.		172800	IN	NS	b.nic.storage.
+storage.		172800	IN	NS	c.nic.storage.
+storage.		172800	IN	NS	d.nic.storage.
+storage.		86400	IN	DS	50476 7 1 AD942D7FAEF7C429FEE5497A67162643E96E1841
+storage.		86400	IN	DS	50476 7 2 BF2260B22C8C9630DC3E5CE22130C4FB97EDD6B27805A05F8F526B951B465156
+storage.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . a5iG4gnj4O0bp5VOgjFTOnHqpiEI4K9ANQd8HNEr38z6KcAfjglb+tMg7Ye/3jKGigkvPC5cjrSRxa6K8KuH4jvOPiCB7wlvNVtIl++5igHIGL2q7S17P6JLGrNb033Fij7BfNxlH2mt/g+VgvNMR1e4QZ8vJ46zu8ozCnHa1rQQrBdQiz5brz1AEQ3rs5jCyyMqfNNVvzXZRhXLHV3KiD96xg9M5xFs5Lw9VeVGsvtpGk0iokcnUY9NjqKR8iRRKY098LBEKgairLxS3/oFNDkgYDMrIxnXu/hxF9Y/ciK06T+q7oLylKDUnIZNJqFdCTKt/tn73TI5DWMpU+4exA==
+storage.		86400	IN	NSEC	store. NS DS RRSIG NSEC
+storage.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UzSIYIEpW/bwMNEJmLgwPhwfWyJbwkH8eDYgPp4OPngOhKbjuHDudNWh1uBEXeMSyQ895yJLslfSUJHnemNiaGBKQKG9gSmG8KSwZG6JKfO5kNhsAy/IwQfMbT1ffv/iVBRyKumM14DF9gtPyAF8mt/uyHSeQUgnV5c02KFSThZk1TYYHwEtP+1E8lNZCDtK9FRerqlZxqJ8v2qTCjCbaMORfEQJEIpvKBC+Rs+PbVSXoBPcUNnzAem2QaSYe1Bgryl3CMjVpVhqOfEsPRhueddMw9HMj/Q0+42eb2dPS5Bwc0/ocuEpRCzJdvRz6AkSuWw6oCTyXMWp3iGos0k6NQ==
+a.nic.storage.		172800	IN	A	194.169.218.55
+a.nic.storage.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:55
+b.nic.storage.		172800	IN	A	185.24.64.55
+b.nic.storage.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:55
+c.nic.storage.		172800	IN	A	212.18.248.55
+c.nic.storage.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:55
+d.nic.storage.		172800	IN	A	212.18.249.55
+d.nic.storage.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:55
+store.			172800	IN	NS	a.nic.store.
+store.			172800	IN	NS	b.nic.store.
+store.			172800	IN	NS	e.nic.store.
+store.			172800	IN	NS	f.nic.store.
+store.			86400	IN	DS	16342 8 1 C6D41FB11396E2B908BD82ADD46457DAA960EC23
+store.			86400	IN	DS	16342 8 2 E59827295E51C4F46D5208ED454BCD78DD6FFA49F01BD203B24E1380AA535675
+store.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RWRs1JkuaCPdrVo5Kfp8VYs+z69BOc1qCKQfMWdR8FFlZ0YZoSRcDtWVP0BTTYPjP9T9tWci8Bnc8qt37VnODHyZV7iA84jsAslxHHrsld8s71Nx53BevW5hlJrGN2R1ljdNHnFIFmU37NIAtox3WN3EEPq5HkgS4XZ/oyCfUohuUKEXRdT25rEp/i7VaWvH1dqlJxoeatmo2STauau08kihdmGGAPSow/DhTtPW4QXyvWn4p90pvdJkZgVFjpaAUKI621mM/F9Lc8eMyoZ4SlzhQlnwLeWxlPi9uN1dGtNGWm7nG/GSVJ0gmHa4l8mjNWEmSfPtYbpNHq/CeUknXw==
+store.			86400	IN	NSEC	stream. NS DS RRSIG NSEC
+store.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fyUPwR1UwAK7UHnGimT0jaVyNpJw1g4OmVKJwL+VAiU+pfJc4x5gYbHOeBf+9Y/2ohcpxZwxXZcf+uTaVms5kmV7IBt8ZlXmjqMPmDzOnA2qkOmSKIUj0mDfW+AezMXrO98rY9MiafwQow22M3X65qZN8HzPM1oxQNajbUjN/gKwCUxgr9C8BnTIFn/dsqBzrM9tSsL1LR+1NAMB7Y+BX9c2CfUdI+yGZRAFCRZMbTPVF8MBuX78dtGLXbmzUS9lVWRHF7FLhAYkCuE/ATR3L60WnWBUmRjjNlfClVonYIwLNVBbSo5bIH7euiGHERM8FVXLzZlHsYAAxIII70MG0Q==
+a.nic.store.		172800	IN	A	194.169.218.45
+a.nic.store.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:45
+b.nic.store.		172800	IN	A	185.24.64.45
+b.nic.store.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:45
+e.nic.store.		172800	IN	A	212.18.248.45
+e.nic.store.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:45
+f.nic.store.		172800	IN	A	212.18.249.45
+f.nic.store.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:45
+stream.			172800	IN	NS	a.nic.stream.
+stream.			172800	IN	NS	b.nic.stream.
+stream.			172800	IN	NS	c.nic.stream.
+stream.			172800	IN	NS	ns1.dns.nic.stream.
+stream.			172800	IN	NS	ns2.dns.nic.stream.
+stream.			172800	IN	NS	ns3.dns.nic.stream.
+stream.			86400	IN	DS	5689 8 2 6B26A93E218E96C47E1E3984823BDE21105BFEB4EA6D0CD82E144E24D5D2A0E0
+stream.			86400	IN	DS	31735 8 2 B6A0AC51C5711A40B336884EA349544E664814376C82CF270336799225A7FD99
+stream.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nWdPuBlJEXvAGDLEKP71sZCkMgSotiY9vsyk4UdsoBb3nZCRIhp5+bQNk0p+OquCyyIn9O8x8KkVzaev8GehH54efNpdNvZetXaUNXFNvfNl8k5+V11dBnEsyFcoyixnOOaEZnzWI5tDTxyN6I0KbodKESlcAqvqjLX5kjLob3ZprhDlkMUTGn/LdVwBgX3tam3yFozqD8QPJnP58bkw1SYtk3JkoLaQm2NKwMXXxErSzJdwkHfXcxvbjIdxL2LvC6mAbIbi1Id/BIBYeKoSK3u3g73yOTVqTEYBQo/mLQGpWOZNr75PaDx2FFaIHUOP26WZhAeeMGT+p/C6zcIdbw==
+stream.			86400	IN	NSEC	studio. NS DS RRSIG NSEC
+stream.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SMmEyhlctP1WUlT294d3xulbdhE2J2IqJ3wIpiGqZ25x93aZqBClOr1cflGhN5Ts587YTn9lacRty30Zpp9qviv7tyR1TxpOKvSRqtqdph2YPJjBUl2VCpB1jUuvkvkndSaWga9XZ37VuArF1lUA7v1PkSBoKnm9P9KG/qPTgERfItaft/cTDF9XPP2zhdfBhxTf7/3FpjPagN1PDhVj5BF1NMwoxZSQwVn7Gn7ou6NdUkmCYAaG9DsWotNTPIcdEp1YgMB2lnAf0JIKZasDEfAw+PW1bcNAL1pFmT7bHnXWZDhSifkfdsFNosdckHB3Dwljny3FcISBd8uM1rBigA==
+a.nic.stream.		172800	IN	A	37.209.192.10
+a.nic.stream.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.stream.		172800	IN	A	37.209.194.10
+b.nic.stream.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.stream.		172800	IN	A	37.209.196.10
+c.nic.stream.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.stream.	172800	IN	A	156.154.169.50
+ns1.dns.nic.stream.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:32
+ns2.dns.nic.stream.	172800	IN	A	156.154.170.50
+ns2.dns.nic.stream.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:32
+ns3.dns.nic.stream.	172800	IN	A	156.154.171.50
+ns3.dns.nic.stream.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:32
+studio.			172800	IN	NS	v0n0.nic.studio.
+studio.			172800	IN	NS	v0n1.nic.studio.
+studio.			172800	IN	NS	v0n2.nic.studio.
+studio.			172800	IN	NS	v0n3.nic.studio.
+studio.			172800	IN	NS	v2n0.nic.studio.
+studio.			172800	IN	NS	v2n1.nic.studio.
+studio.			86400	IN	DS	1354 8 2 D4289B105C9CB81D1EA631FE723A7DD3E9A52FB649B4A0A40C4890A9FAA62846
+studio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NmZxRnYjsj1HYEA9uJfde+cf7heFgDZJCmM+4ddEI4zNf30/S5o4AF99C23hMaucs2rox94A40Mv467zGYHuyQIz6wyHnCFE9MfPIxmXE5ouPIZrVhRAEPdZRHrRWXT+29n73IoX4iTW59zIUsW05hga9+xT3UjDYLcN4MaWsitwfRbn1nrZAHPyAGPSlNDsRvlCSF+a/kXHDJxu8Y+wUeVuVzAenKpmvrzRJDPNRM8O+HoEgnclZ126jc1LnhW/8KKVP2IuR8YB/OM456kuOdRhg9aktsoqL6LNS/QfECvk81XkNHEcapbF10g5/ukbLAGHSJ/c0AHOfv2KKxoLOg==
+studio.			86400	IN	NSEC	study. NS DS RRSIG NSEC
+studio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J8UQde8z05meu4mxMixx7ibI51Pqi0PmDwjKWlfR84/6SYqanRModYl/I5GfnfjaP0VR4jc7+Yq/5Nkiynygwdj/C7HRK5wJ8AtFBgbUCzqb/0LLpuQkxMytG4QtDP8akCz+E3sR6XAa5ZMyPsJfNOtwRiiACHwEU5OkyO6d4Fqec/Q5lxxcOosqIcKyu+UCg/VyQHJlMgH77bgwEOELnk/8ZNbCMdigEw95mvLek55J/RVT5q+crfXqNnFh4Q2+HPa4HBab6hTyt23AMS3TWDnJ+8Dr2ME6/1th7V+Cl7EJiwE+arAqUI372pe/yUVBzOFWfUPx6Q+PMX7Bn5GXBg==
+v0n0.nic.studio.	172800	IN	A	65.22.28.3
+v0n0.nic.studio.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:3
+v0n1.nic.studio.	172800	IN	A	65.22.29.3
+v0n1.nic.studio.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:3
+v0n2.nic.studio.	172800	IN	A	65.22.30.3
+v0n2.nic.studio.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:3
+v0n3.nic.studio.	172800	IN	A	161.232.14.3
+v0n3.nic.studio.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:3
+v2n0.nic.studio.	172800	IN	A	65.22.31.3
+v2n0.nic.studio.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:3
+v2n1.nic.studio.	172800	IN	A	161.232.15.3
+v2n1.nic.studio.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:3
+study.			172800	IN	NS	a.nic.study.
+study.			172800	IN	NS	b.nic.study.
+study.			172800	IN	NS	c.nic.study.
+study.			172800	IN	NS	x.nic.study.
+study.			172800	IN	NS	y.nic.study.
+study.			172800	IN	NS	z.nic.study.
+study.			86400	IN	DS	52297 8 2 D306E55CE201DDD1EA5FD896B2FA4389A25F3B9D71E2F91076B65552D421ACFF
+study.			86400	IN	DS	61795 8 2 4B9E5E4B221D060C3DA6B8CF0CBE64E526C00ED82CE0D634E52A22AB4D1602CB
+study.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NgujvhHeBZj0UnzFzqYrZ/TdE5QffYTxogNG1OyNE+vfEEgRBhazeiyQH3vvdt+PrCZRBxVoP/+PedpxmByUpYT+y2hlyw13EgMLnjSC4gkOvy3W1ge3plgPzxSR1e+2KiL1As8Cgczwyf4063PfN39aPzhaj+XaePD2PIO/pBLlyiWiKOC7PVyqTI2MivmWSzDv29rBdMsl7M349egP739VJcVms+VbLskd1s5SJEGNSANBKUyxCABfAsyObOr7RFe3oqwWTA6kFoP1o9niNb2BydosqnblOX+Ei+2Yut+ll3AFljR/gErWN/gl1/ah4MEtL1oUL0UgSwUdyrPesA==
+study.			86400	IN	NSEC	style. NS DS RRSIG NSEC
+study.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nrRxh/fCU88llD0Snp2kPhPyhpOgFDyOjul33bgG2b9MvhNdiQQEJOi+aHtPCl8wn1CmJNDDU7maOkelM59U5HGftf283OQ2Nk0HRZuNtMhte+W8VkdWlpuzClCEcz79TS1NeBzVr7z0kzL5DVjFY/4zmhbzd73UClCAjPnRhGFhXSCnjfDNBgxGtSNrHDuvnSAVtbR/jxe9DnilF+C6kOmw+qMn9sxisTLjtI+ACg0LJEdj2ElOe/X/woIQcnT0oXj/LNl4Hce5hOw2CrAwmUKuzhUqJteAsAyILtDWz1N3R74zk+Qj00dvnYIVQQe5AwL7pzBNXCcUsw0HrR26eA==
+a.nic.study.		172800	IN	A	37.209.192.10
+a.nic.study.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.study.		172800	IN	A	37.209.194.10
+b.nic.study.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.study.		172800	IN	A	37.209.196.10
+c.nic.study.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.study.		172800	IN	A	156.154.172.82
+x.nic.study.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.study.		172800	IN	A	156.154.173.82
+y.nic.study.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.study.		172800	IN	A	156.154.174.82
+z.nic.study.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+style.			172800	IN	NS	v0n0.nic.style.
+style.			172800	IN	NS	v0n1.nic.style.
+style.			172800	IN	NS	v0n2.nic.style.
+style.			172800	IN	NS	v0n3.nic.style.
+style.			172800	IN	NS	v2n0.nic.style.
+style.			172800	IN	NS	v2n1.nic.style.
+style.			86400	IN	DS	64534 8 2 AE493C6907EAB77640DED4690AE2035A5A613D78EDCA8814F9314334E4C19943
+style.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Dl3MC81xrxC+g+NTUkKaEGcqBqU+on3KJYub6ql5lY9SakbTqDRPuZKTJnbHDOwtgw/Ux0wiZn7zxVYH7z6PrVtrsHAYu0YRLrbp0WgEjdVGNe2Rke0ZujOIqDqykNDda23F3E1J3l/+4cuy4C0dfmn6dl3yHEa7ijS3FLK801DEkeYNVc5tSe2Of6Lnr6en0Kt98cYmtkvr7cUQqcOYAchOllQRj+mpq3/gabg4Zc6RQYLo702V1RjtAau1J5g1YSp5ngrU0VSzwd0bSURPdcX2PTw2Bu1oZMzakp6LX03K93BLbqQrm0YAkq4VLtyFJEaEmVlEmQVwpiJr5x4O4g==
+style.			86400	IN	NSEC	su. NS DS RRSIG NSEC
+style.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V9XZ13iL6UmQ1PsHpSX6W2n4TddIqZUUysPkrAl88C5y/zZh0NXIvs6lSBo6AHkwTJyOUAOHlZA7kqgS8+7O5+igRNsmPKSqee2Z2VaxtDv+8zcWxeKW1N6scoxo91H6MoPcCbLY2Mw821MeTafjULLSjYmoOO1wRQuhSI03ei7U9Fx8x7U9Ah5H7jt7gwlGZX4pQiRzxEu3UUJNQC+eGhjdXrFfoLaD24f/9aiS8tCia77lI9/CQ6zfFgVEKNDuIhmyW3eTnLzHzvPHrzywfAuBmIj0vtri+r2MUil5dYKDzalDBXUUSwTwTTzq7gIsO46tDUiqy/BeoUSYVxauZA==
+v0n0.nic.style.		172800	IN	A	65.22.32.46
+v0n0.nic.style.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:46
+v0n1.nic.style.		172800	IN	A	65.22.33.46
+v0n1.nic.style.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:46
+v0n2.nic.style.		172800	IN	A	65.22.34.46
+v0n2.nic.style.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:46
+v0n3.nic.style.		172800	IN	A	161.232.16.46
+v0n3.nic.style.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:46
+v2n0.nic.style.		172800	IN	A	65.22.35.46
+v2n0.nic.style.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:46
+v2n1.nic.style.		172800	IN	A	161.232.17.46
+v2n1.nic.style.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:46
+su.			172800	IN	NS	a.dns.ripn.net.
+su.			172800	IN	NS	b.dns.ripn.net.
+su.			172800	IN	NS	d.dns.ripn.net.
+su.			172800	IN	NS	e.dns.ripn.net.
+su.			172800	IN	NS	f.dns.ripn.net.
+su.			86400	IN	DS	2074 8 2 9982CACC6DE539A854C63D5657960120D4367845CC64BE2999013BC28463C9F2
+su.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZtY1ExxZliynSfOIyZdUw2JR/SgghDgnVCHil/A6gO0hyZd0kaKrcR8CZGbRTelZ3tXxx9YKw+eYiaQB1il2cmlubA0aq/sBGLdZweSXGVDCPu4mcX6RrTAPGjDS8mf0WMNj7cMXZhxTBA5fDN72lfoCDz7s+nK/vH3dtBQIL+CVwLDbIOslJPJj2kLW/FqC6/OzOXA5BSME8Ph7ETm+GWDsz/tjQ6/LeNE+8EQlCXfL4uWjRpcVc8VJh6AeBVqAo10RdIE2pKo0eTAJPeW9gQr+LfMiz2UXJ7rxUiwmVliy7uXXp9rC8EMeRAhUVLjTnbb/fO9qZhDoWAfM8AzOsw==
+su.			86400	IN	NSEC	sucks. NS DS RRSIG NSEC
+su.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Dzus8taaXlQ2yI3cnyBxwS474dWc65Gjg08XfLta3azpgDZ60erp4Je6WtXgEYPuVMqJeNyPNOl6z6vY2rASjrJIOhSSvFZi6Q24P3hkXkSF6H4n8AZnW4f1pLsCjTiVG3Ood0f6sk+6A2jhgLxn9kfEUTspbHRtTr/34gJ/qTzkolj3wk71tEZFe35JH6sVTA8rekVPgXuRT2aY/Zz9Fh6Q7sAGCwTBCPeT19k/fsKoAuhi9QsD1PO5wGbJqeNsZ6mDSxlRCQBFy0L1Fw6lNFiWs1ZrTRbsQ392Bvlb/C67kCnBERGTLY1eM9O5p6Shw0zRdOR2hPh7o5gwUs4ykw==
+sucks.			172800	IN	NS	a.nic.sucks.
+sucks.			172800	IN	NS	b.nic.sucks.
+sucks.			172800	IN	NS	c.nic.sucks.
+sucks.			172800	IN	NS	x.nic.sucks.
+sucks.			172800	IN	NS	y.nic.sucks.
+sucks.			172800	IN	NS	z.nic.sucks.
+sucks.			86400	IN	DS	33844 8 2 3BC39B543789DE80C38841624E4195136CC4CF04F47AB5A09D052998E9F374EC
+sucks.			86400	IN	DS	59257 8 2 0EB720A2C0284375766EFFEBD01EDD5255397BAFCCE4A8AAA46F0BF13FCA9A5B
+sucks.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . K2vdZ54EIYHanB6K6f6T9LcCuEl3edDemDDNfor55EJZcu6HrxoUJoIlrFx4NRC1rJ1pVhY4ekYcZvJQ7y6KlwH89MSMMN+zYnUm4q5+FKbcL34VZdqP+YUuyxh58xCws2xpjXVLFEBAdlbDvmB+hdS/IGY5NNgIhI0lJifmYbwkB01/OjaPHAHE4ljU4cvBfOn0+cSddnIbwuL3BiA3mqe/94Sr8pyipisaiV3/I/GaqaEi3RvSx6dfKe4RKj4Wbr/Rp/21CbVIeF9zF4TsnQeGvN9dzWLIu27H5NrBrQFAxkRRPyyRuwbs3Nv5MbxZ3DXPbA7v0iFNsmZuSvpZgQ==
+sucks.			86400	IN	NSEC	supplies. NS DS RRSIG NSEC
+sucks.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wuGAfA5Xiz+P6ebYYdjLQrkjjaFMcV6kEFxT/VIKYvN4LaQK6OxKAyNe6HBPgbEcVII1UWWPN7QRGe/rixu6us0tkcfuSDJIzbDGfDUCPuL+GSkaa0zt2Vjx8wVmX7VNAKRE8KVyqNvgiB8+z48GOcD652qbr4cRvRqKc8Z1f5W4Z837eqhv9ZTp7yfkwx6BcV4iiO4Yz8FRCOPAvJN+nbdgfzkX+PyWQOXl49KwAaAdKfPhSR06vZRy9u9PCv/VzvGsGFEWY/MZ637wOwpU1523F+P5H47cTxESaiZBXXqEigPK0dJL79SNGFaz1DNQYfO0bF2H6F1/HneO0k0ohQ==
+a.nic.sucks.		172800	IN	A	37.209.192.10
+a.nic.sucks.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.sucks.		172800	IN	A	37.209.194.10
+b.nic.sucks.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.sucks.		172800	IN	A	37.209.196.10
+c.nic.sucks.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.sucks.		172800	IN	A	156.154.172.82
+x.nic.sucks.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.sucks.		172800	IN	A	156.154.173.82
+y.nic.sucks.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.sucks.		172800	IN	A	156.154.174.82
+z.nic.sucks.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+supplies.		172800	IN	NS	v0n0.nic.supplies.
+supplies.		172800	IN	NS	v0n1.nic.supplies.
+supplies.		172800	IN	NS	v0n2.nic.supplies.
+supplies.		172800	IN	NS	v0n3.nic.supplies.
+supplies.		172800	IN	NS	v2n0.nic.supplies.
+supplies.		172800	IN	NS	v2n1.nic.supplies.
+supplies.		86400	IN	DS	10984 8 2 AC8AFF181900B2A9AC0736C0E254C3E847E240705467109B03CFC22839A30405
+supplies.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RWN1I8CHnbC7YNxeQOSLbznFD3yXMRe5ynSA2Nss5VwAywiDtcdPJzCd9H8h3hvLbXiYlXTmYwXACr3gaYa4xrjGfRh8yiO4y0lxm0vOj4QCYlhjl7uqc361u+0aPH4Pp3zHR3z+hMSS+i9ZkrVG3AB05gLTfHT8y4xLsc2vLHdFgk3uyL92gd/+z4z+Tfn3PU8XGpr4VYWYGe1/7MZW/Ogqndhl56/S/t1V4dNAfvnvC0W0lMDRiaioUTDEiUMN5znsppNvy94S7lkLYkhR+BvZRFuKDUORhceZN6lSgius9jp5z+5tWbWSm2GeN7N/pXBCaV7WbXwnVImemcQpmQ==
+supplies.		86400	IN	NSEC	supply. NS DS RRSIG NSEC
+supplies.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . po/+Z6KF95G/SGJD6ik98CG0jx0/d4ORa1aYbN8O/Io4kihr0uTzcVilmnzaEKSQHkUxgQtYC4+hrTTTZ3ENnd8AuSuD3bGrjiQ8XHB+Td1Ygs63HpFlmUMawpGjr3FIfQSe7C1AC9GUjIf2+IJawf28OzqnY6VWN5oBBwPE/iCzDmyBOp7u3PB+5Y+iYJ/78UtNU/H+M1ESMDHBvGsE1d40uSbjVVC6Wmtqmm6mR4Ku4PEExYUpK2r+0qa2hInOuTBLP5nnxCs3dw8DIsKLfJHLei5dil/kmJtlazMIuDNpfkoDiPps4iRUnGGi+CsF6kylUEQHnkI1FBvpPhTJWA==
+v0n0.nic.supplies.	172800	IN	A	65.22.20.59
+v0n0.nic.supplies.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:59
+v0n1.nic.supplies.	172800	IN	A	65.22.21.59
+v0n1.nic.supplies.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:59
+v0n2.nic.supplies.	172800	IN	A	65.22.22.59
+v0n2.nic.supplies.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:59
+v0n3.nic.supplies.	172800	IN	A	161.232.10.59
+v0n3.nic.supplies.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:59
+v2n0.nic.supplies.	172800	IN	A	65.22.23.59
+v2n0.nic.supplies.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:59
+v2n1.nic.supplies.	172800	IN	A	161.232.11.59
+v2n1.nic.supplies.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:59
+supply.			172800	IN	NS	v0n0.nic.supply.
+supply.			172800	IN	NS	v0n1.nic.supply.
+supply.			172800	IN	NS	v0n2.nic.supply.
+supply.			172800	IN	NS	v0n3.nic.supply.
+supply.			172800	IN	NS	v2n0.nic.supply.
+supply.			172800	IN	NS	v2n1.nic.supply.
+supply.			86400	IN	DS	43957 8 2 81A7A79353C68FF3D449A1B307F82944686706043CFDE44F65B22B396FF9AC5E
+supply.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VU3h2qR4JkeBqjVFJLRvZagTzBbyMvYChPnkh30igFRzlX7nHoFWoc//tsuJZzaMxBMiupzctRS1oiQ8hKwCxTS6V4J6rnelzma7gtJDm/eNgnZz+PYFG/p/evtjixaLyyJyO+yGgL8Y0hqi5CdmshwRcjSPG+66AzKGeUv4de5snMg+AjSN4JBLfsr+3CLmtbyZI0ApzAzAJx0kRpcm8yQ6UCjAjbFtG2PoIHjda27VbEiUcSVa2+Q2Y+mT18OP4gILl9Oy3vVf+4n1CGOJVf5BFhc7rQ/Fb94CoLkxeNpu00oDuVvxls5WDoZ0lXsb0araKp6fUMfvfFBWMCRYEA==
+supply.			86400	IN	NSEC	support. NS DS RRSIG NSEC
+supply.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oC9gc2uslq3TZBczF8CxVwfYyBob1LkMni4TYNs027Hj044sPn4t0VwZfIrK9BZrwzMJUZHwX3G0nVI0MrNQ0yCN3vEjRmiOdzoU4z7jmgOvsFgWTuKLeBwdm5Trlj70KCB8vI7Pb+/+wxdSxufYWC1oMg5zcZLdQkOCXHHKzRmQDo3z+WzxNuhtvTpZ21Ne306LGyALUEUXFKGWbo8l3QD7mfjUcp5X5WPNJ6jvk2FcGVCxbw8ox51C/ssm4oQaUIkHXiiub/bzfOxttYxlenckKy9zBrRVI/gJi73MXYO7pLJgvh1QPWdKmvaxDlqcN8KjFcuwKe0CbdHOxYQ5vQ==
+v0n0.nic.supply.	172800	IN	A	65.22.24.52
+v0n0.nic.supply.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:52
+v0n1.nic.supply.	172800	IN	A	65.22.25.52
+v0n1.nic.supply.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:52
+v0n2.nic.supply.	172800	IN	A	65.22.26.52
+v0n2.nic.supply.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:52
+v0n3.nic.supply.	172800	IN	A	161.232.12.52
+v0n3.nic.supply.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:52
+v2n0.nic.supply.	172800	IN	A	65.22.27.52
+v2n0.nic.supply.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:52
+v2n1.nic.supply.	172800	IN	A	161.232.13.52
+v2n1.nic.supply.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:52
+support.		172800	IN	NS	v0n0.nic.support.
+support.		172800	IN	NS	v0n1.nic.support.
+support.		172800	IN	NS	v0n2.nic.support.
+support.		172800	IN	NS	v0n3.nic.support.
+support.		172800	IN	NS	v2n0.nic.support.
+support.		172800	IN	NS	v2n1.nic.support.
+support.		86400	IN	DS	59704 8 2 5C789108F88D370A56E1C616C42694A492FA0B3ED7CAFB7F9565777E1B85AD96
+support.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mcYAcmdZLuonqjnfgrKfv92tVT8hEXkeHKjO3gOQxUdh3ZRVVJfRVOGCbsrW4XGX3z9qLXMwVRCPvievxOQN/wwlUxR/ZKDqNYTBW9bFStpr500LI+wfbZCCtbdvc2XuwlWy5S07jmBdCE1pHYA1jlV9xPLCNLExaGFA6CY1IuOeukGyLzluxveKnhenCnm4GUJo9eeahdJpjTlLfPH/YA5I5BzyRf56IuC0M4IX8J8J1xoeoZCi2rhwfCt417tKC+JdPyudtmR4OsnmImSDrGNCqEZuINyBN1UqL6HvUEU8kbRpzjCt9EdiGx4sBiY+kp56faaPH76+RQ7U/tN6lg==
+support.		86400	IN	NSEC	surf. NS DS RRSIG NSEC
+support.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . t3XV+1z2VXgZzULZHvMq8B3g99KzloqRauSYD8vwXobetlHDNAhDaMMi3jbbPba1T1r8v/IOilvGOzWmwk6Eb2h+h3jDysOwVqSaQVQTeApvM11ywSQKrA113yMsru/eUg2niO4OdPO7+cnv8kcOXbpDCRYHb3hdPDoOkvhV2AqNDOTsWcMUAzlrYiJ3dHbSVKXn86QbtyXQ+P/B1l2mmWqgB1rVQyu/A08EAnyE1DEqMqa7wvxlaWX3NW+le5Cl1CHMG7UtgcbmYme11mzyhN8rI4EdMhgsvLrpG3dCYRv+IBqC/k3uN9EY6OVu1YnBBuCpZJeapLQLToWgzg4/3g==
+v0n0.nic.support.	172800	IN	A	65.22.20.5
+v0n0.nic.support.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:5
+v0n1.nic.support.	172800	IN	A	65.22.21.5
+v0n1.nic.support.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:5
+v0n2.nic.support.	172800	IN	A	65.22.22.5
+v0n2.nic.support.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:5
+v0n3.nic.support.	172800	IN	A	161.232.10.5
+v0n3.nic.support.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:5
+v2n0.nic.support.	172800	IN	A	65.22.23.5
+v2n0.nic.support.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:5
+v2n1.nic.support.	172800	IN	A	161.232.11.5
+v2n1.nic.support.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:5
+surf.			172800	IN	NS	a.nic.surf.
+surf.			172800	IN	NS	b.nic.surf.
+surf.			172800	IN	NS	c.nic.surf.
+surf.			172800	IN	NS	x.nic.surf.
+surf.			172800	IN	NS	y.nic.surf.
+surf.			172800	IN	NS	z.nic.surf.
+surf.			86400	IN	DS	42349 8 2 F4D78E449D9BF4C11668DF78A7A3F5747797EF8DC5304270EF0574716C0C803C
+surf.			86400	IN	DS	54106 8 2 62E4B7017888F8EBE2231145A20D9378419290F0ABA9C5D561AFCBD1EC92D176
+surf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yA5vyHItIwuCfp9S8uFo1AjAXxY0vRzQqINB2r1i9PnOzC0IB3Fd8/POwG+6Xt6mBpYC/K1CpythpA/UwtQSIRLPQiZabaIi0keZIPVs24eaWHyiqnke0N1gjF3JRv1fZ4FWfCsOLfHVlv0owClrXrEKjZsvfwh0j/FtvvRrpmUdrhh6vh/54nAYgAh9e1A2qUgUPKVhaG0avH64TveJQEwGp5chNLO5kIebfB2ve5Ts/ZXQ/lg3PHIESgyGI97nz8s216KAcGX4R1HXqRPWDld7ZqEfZz5imqgwdgjgyL4QtnRuzz8/Suy1Z+I6AsP0eGgGnue1ypdLs15/KDEo5g==
+surf.			86400	IN	NSEC	surgery. NS DS RRSIG NSEC
+surf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tyjUzAeXWPi33hti0ERWHiQZu4JdaAoFzVh07q1s4SQaDioSTDb2GqKQBd70QhC0WADW10v7utnNNbW8I6ULD6u6RfX8vOQ3AGGogI6ZobpS/F9S0KZsleaCkp2ZRo3up+ZBQyd68MDygxNiwsiQqlbUZ5YbYlDzVLmsgPkfoQ3l8ZaOifYfavWDJEk98O+uSbMzED/KWESPgz5gdc9YTgOGwbJRqTUj9lsesS9hlc5z2BnEzuFptq22Ws0sm1x9Iz98ZdXhsopouPIeJ/FDy1SwXm5LCNxc+8ru1QYv/4Fm6ysjEbkDJ8pwHsgmo4UIl2YG+orzu84fIthPd6xG5A==
+a.nic.surf.		172800	IN	A	37.209.192.10
+a.nic.surf.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.surf.		172800	IN	A	37.209.194.10
+b.nic.surf.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.surf.		172800	IN	A	37.209.196.10
+c.nic.surf.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.surf.		172800	IN	A	156.154.172.82
+x.nic.surf.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.surf.		172800	IN	A	156.154.173.82
+y.nic.surf.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.surf.		172800	IN	A	156.154.174.82
+z.nic.surf.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+surgery.		172800	IN	NS	v0n0.nic.surgery.
+surgery.		172800	IN	NS	v0n1.nic.surgery.
+surgery.		172800	IN	NS	v0n2.nic.surgery.
+surgery.		172800	IN	NS	v0n3.nic.surgery.
+surgery.		172800	IN	NS	v2n0.nic.surgery.
+surgery.		172800	IN	NS	v2n1.nic.surgery.
+surgery.		86400	IN	DS	23746 8 2 26E3F51A86C852653EF6B6FDD89566F7D9FAAB6985201274B0ABE95B530E400E
+surgery.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DnVDkDFviLUW473CuGCQZT8I3uCiH6JGfVAJTA5hG+tZBUTfaHfAmpO4/rj4nJIy2eKkg174KNgf0MS0t69OXJ0Mg8H6wtSawP8+S8ZZozQhhBs6uk0ze5mygqJ9XpKlJTom1VOpvNu2GUhmjARWtXv4QepUVDC5fhGVddlI4Y3aGJ90oNqklAroroY65+C4K5vY1J+g7g/2NxvW3wCiN0nzwGzVD9jqX5i9haPJ1JZvLk8R/TnYCGOJaHn6xt6O0y7M7uVR0fSwf0mwqVTOwnC10BgBgCZUUGze8hQACzKeVd3wJIxIjAsP4992Krn2XE5gpOjmgAY/gEduMfbgIQ==
+surgery.		86400	IN	NSEC	suzuki. NS DS RRSIG NSEC
+surgery.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NJAzL+2RFAzEaK6BDVISr4YiQTdergEMBva8Rlhr2VAhL8+l1kIZBtjyh8yWTBzciU3HMyi/yX8yT3snkR9frq0CpGaaSsmIjgEYiYaPGzzT3lk7/7xsFv+p857TUtYgeLqeaxgaggJUSWB0SbRD/3ZcWqTvGz1AOOPNxdPUoVU/an9fcQdEBai1YFt9oQpV0o12HBH0qhPw6tngi5jv42LlFLEIe6G96J3DCTZZZG1F9wNbiNwDThBayPTiI5jZd8xPYFmDgymhnWpUrOMLfNs08eiQTK/6r6FhewdhJ5QtUMTbP7JiY1MQAZ6zvnGrcG43U5f4f7NikFJM4SPjCw==
+v0n0.nic.surgery.	172800	IN	A	65.22.24.31
+v0n0.nic.surgery.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:31
+v0n1.nic.surgery.	172800	IN	A	65.22.25.31
+v0n1.nic.surgery.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:31
+v0n2.nic.surgery.	172800	IN	A	65.22.26.31
+v0n2.nic.surgery.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:31
+v0n3.nic.surgery.	172800	IN	A	161.232.12.31
+v0n3.nic.surgery.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:31
+v2n0.nic.surgery.	172800	IN	A	65.22.27.31
+v2n0.nic.surgery.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:31
+v2n1.nic.surgery.	172800	IN	A	161.232.13.31
+v2n1.nic.surgery.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:31
+suzuki.			172800	IN	NS	a.gmoregistry.net.
+suzuki.			172800	IN	NS	b.gmoregistry.net.
+suzuki.			172800	IN	NS	k.gmoregistry.net.
+suzuki.			172800	IN	NS	l.gmoregistry.net.
+suzuki.			86400	IN	DS	33941 8 2 DC04EAAE9D4E306EEC2A2D1EBD1F146B8E555FF28E0924EE22E36555AC44C386
+suzuki.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RUTKQ+A0CZatKDkG4aH7jpy8TM9VHW/2aaKut+rMJP2NcmOlsr7bBQHguikVEC0EkyQRx2vomKkc5t0vCxvHKbVB09rg9SnkgI2Ijzj6JoWzFTUHr8XMCAi1BsitavUOumSZsIlP+xOV+17dyLLAsHMAqDh288QOYnWD11OekgBahOZmCFONqG8RtXSZP52p+WpvAulbQGcFzzXxkZD1W36jdCIWWFN1cDZ51Dq+ahn1GYzgo1dOes7zhJL/2ZbU2u/rqjruwMsuTlRJcNSkMgFe2O9s1UikJzLC2Dmnnrv2E7kZXgaRA52cbxZ6BiS/n3FtdSQPeDFNw5Tj/r/hWw==
+suzuki.			86400	IN	NSEC	sv. NS DS RRSIG NSEC
+suzuki.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BdTLbuMecrFXIsQI5cZrVKC4yEUWWELEIjoR381ScK5U4Ab68whG6dy13lHb9MhPYt1TfFI1e/vFrzSjMIolha0bvCkWMX5lOZUNeuHXaN5n2x/ATm5axiUjoFvO+1ZqzFM4a5hh3E0O7J7dMfbGSGbDt88IaJlVi+SEBA8BA2LXbzFbCo1s/WDZIbFegSEZYH0VUIInezzwSMcK3iALKre6gXRMGOm7LlnMmKun31ZyciIkZ31p/uSbbYlSxn7Ajv1iVzWnsjoOx9rPVQ6G2nryt7HzEOWlTJ97+d4vfkRTd4ugqhwtdbzGrUjLM0exiBpbe8s3mbi0NDAE/171/Q==
+sv.			172800	IN	NS	a.lactld.org.
+sv.			172800	IN	NS	ns.dns.br.
+sv.			172800	IN	NS	sir.red.sv.
+sv.			172800	IN	NS	dns-ext.nic.cr.
+sv.			86400	IN	NSEC	swatch. NS RRSIG NSEC
+sv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dvlUHJnDW3x27SwsfvV6BznuwhW4W5DowULuh6b3zvIdSOKYTP3jHetOkEVic3+pGM+R3JoHvpMaKw0vg8Ujxs1/tZECKPtLHM6waVh5UsBrU6vvBJw6W+UEmJweTNeo6PWkMUZQoOGbxkRHTCoavu2vcMwZBTdsQM9hjvZYSNtD0Og1edZA4KP3p/spsyJr26fjSA803jaholltjNUZ1BjlFJ7zWb7t7m+xrtHDTpvmMFkAhgOzNlEv59hUuc6N9fQmXqz2HzLowGuXFItWc5ZWFW9gbRtmyhQVR+dlQ1H0ZCIubRtT1lTsBD/qgfRghCE0A4dJ85PaztWlscrcvQ==
+sir.red.sv.		172800	IN	A	131.100.140.162
+swatch.			172800	IN	NS	ac1.nstld.com.
+swatch.			172800	IN	NS	ac2.nstld.com.
+swatch.			172800	IN	NS	ac3.nstld.com.
+swatch.			172800	IN	NS	ac4.nstld.com.
+swatch.			86400	IN	DS	46125 8 2 F8F63257D53D748EAC6844C412A246DB125E330F646D32922FD947E9F6A1FAC2
+swatch.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vTkDRgO3bIqT2AFpjm9BXMhqFNusqym+Lk7sbo3gsge0EAKbULGg6RQU0qjULlLRqG3hhP/lYUs47HqQQOmknoDzs5cIqXoAt/rswQKN82JiXxRjDexGVRAchsNYFQEtt5yj5TGJg0OVU/eXJoJyjKsRr7+iu+MtW13n1FFJI3SA/eQa8zJ38QjPi0plox2xf+cXYhbRo5ud++6YnIRTWbt3qDB2PDjlpGp9qmu6RjlisM4FusATZH7HekYlwXVMdf/60yTrVRZ8buRYxQhY33RaMLFWU+y1k1zvWkCpsbLGKU0H/sL53+C4mHgqdl+AHuk+BYXfuMAm24xfJiW6rw==
+swatch.			86400	IN	NSEC	swiss. NS DS RRSIG NSEC
+swatch.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VPU0klyCizfqSgyAItgxXdlfNtK3CsHtB8PDgEsIHoEajJ6S9QvKaIHvN3pXIedShc8czZZBfpnLq9IjENMzHNQv/RsBpz6uRH8lo76QL9JwB2jBXGChDgCknC3j4AoJKs2Dpx4/WhtebhCV0aY9UQg7NrtxklnWd8wKB4OK/dPKW6dr2ElcYwNOxOGIpOkYD3LbXkE1mkbGZg9MWGJ7cLsiWfsVIQcdISML9FIhmXgLG0vyBFEK5owwJCefN8dbF7iHpLB+RLEMcIESAYh50QOwPrIhYwyfDHolt10FUL4LozH/leqcmxJcBWcL61HeJJmzwLCWRIJ4Yf8Ate4PKA==
+swiss.			172800	IN	NS	g.nic.swiss.
+swiss.			172800	IN	NS	u.nic.swiss.
+swiss.			172800	IN	NS	ns15.rcode0.net.
+swiss.			172800	IN	NS	anycast9.irondns.net.
+swiss.			172800	IN	NS	anycast10.irondns.net.
+swiss.			172800	IN	NS	anycast23.irondns.net.
+swiss.			172800	IN	NS	anycast24.irondns.net.
+swiss.			86400	IN	DS	16056 10 2 B974351F3624A85D4304C09A005203D8CBD8FF0D790095413B19C31538F1AE31
+swiss.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lUKUe2hoh1VorSu8NZIQgLiMyMZss5hL6d2CsUfRfMlzqwVtOyDz4Kue4VNzhe/dGTNSmcqnTjX1WBZiIP2g0NbK5yjRfnjVlQRbKRD49L0c1FVy6QR56qGdnl1ZDKVuEdx8xXWIY2gIfgZSTzVlznKW51iEZr28R4yTpJX3MuXqHA9L6y/cU/O6QYMa3Rard0JBeKvgPLUKxhABAEgKXwOWBGr4n8zwcFzYHiAegZp+MON2BvZROvJjTFOGyqyuxhxXYPGEgdXo2wodCYFpWYkwgVZG/oXhC0bmtNibWUo+Pk04DwaYOIgCpg5kzYcnW8hxQyzVEN1kbWT9zad5nw==
+swiss.			86400	IN	NSEC	sx. NS DS RRSIG NSEC
+swiss.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DRC6GFmKkQt+I3Qd3V8kNkoqmYFdYHcTm0kp0/RsJ5pY4pRZiKvgHTcLToDtM9rQ2bnweTHR0zlmI3MCZnx/Hb/tunPznLEjfY/MBJbNc3GitL2qQNgxTflH+WDmSuFGfknJtnREg7b38KPfjmjKcoS7eirQVYEgwod9L9g+5RquE3ls6FN1MeXK4oCNSOGxS0ccnBL77KYfgV7t/n7BMec/S0Ehimaje2PRgrm69gBkUcd1JgHTN0X0avC4FGHrHeBFwWSS1TR1X/0IftCVYLWq3rxgZXYNJkA3P9xFrNh8oMxgovZNOii9l6es9yIzOVBTVZ1Tn6JYDqUHa+dNXg==
+g.nic.swiss.		172800	IN	A	195.253.64.9
+g.nic.swiss.		172800	IN	AAAA	2a01:5b0:4:0:0:0:0:9
+u.nic.swiss.		172800	IN	A	195.253.65.9
+u.nic.swiss.		172800	IN	AAAA	2a01:5b0:5:0:0:0:0:9
+sx.			172800	IN	NS	ns1.ns.sx.
+sx.			172800	IN	NS	ns2.ns.sx.
+sx.			86400	IN	DS	34036 8 2 8FBC9761B3375B5A00AD9A7C0E1D22F7574C87EFBBCDD5249845A9778F876CE6
+sx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aDg6O7tFvlZAAssfRmoo49pLqdpfgb/iLoO+JCaGn9Zbt/93MBNG2aRRFaez2o9K5UliIYhKm8fcd0/jmvm8VE3LiaGP0XJMWwvvdNFU3p6LD8oK8VOjxAFKv4O8AzWy33tgOxfLzptdmqqUIe2QjCG5HlU9WEiU58MyTPFpP9Q+53+/zqABjVyV7zdFNScfhBy3IORKk3PA+4y52sLZsB44iANeFhUWlTxzOXuZtn/ktIdmVows+VdcgcY0IgPPyDiFiUrHW/ausxPVHcF1AeBn1eJTRyseilWzY1EFu0qVYuofNR7kBDs0Wrl4mkkjbrYshhnddxiqhCc88X4org==
+sx.			86400	IN	NSEC	sy. NS DS RRSIG NSEC
+sx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wQOKXezC/6BsBeGTbjF/wW+DVNZ1WsZ+L6wfqPHot4nb9dfOdYREU8GgyXTBMVvvQdYrOd5pZPL6KmzZh5/E9sGH2GkRY5FmeWp3jUY486Qb1vzSEaXGW7K7fSg0stlWhgAQWkuhd7VDI4kTlkkpOLpu3ByDPHGvMm0bkToycpF/LEIZqKQ4RDbni+PmvlvkfM0ShuM3cY43Olxp6k4T+VbN0XXEs6w3rbEBQctyXeGmkjibzjZMqv3+oAmyb6VFK57yewvYel5RDcUv/egciFGrvd+tjvcgG4SEbKF2jdgahkuIs59uuZtEUGyAd0JlYz788rr64TGBuQnZtDX7hA==
+ns1.ns.sx.		172800	IN	A	185.159.197.10
+ns1.ns.sx.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:10
+ns2.ns.sx.		172800	IN	A	185.159.198.10
+ns2.ns.sx.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:10
+sy.			172800	IN	NS	sy.cctld.authdns.ripe.net.
+sy.			172800	IN	NS	ns1.tld.sy.
+sy.			172800	IN	NS	pch.anycast.tld.sy.
+sy.			86400	IN	NSEC	sydney. NS RRSIG NSEC
+sy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QuBnlJdbW3nXr4YO3YwkaF4Q9TVYgauXl9aNJMke3XOw2lemCennQ7vbO1jufrpK+VTRjY+f5UziXk8mdsYyEk3a0KGrAZ11e9wscgiZFRXBWOEzwgkGefbSJjl2CbWQG5zz7ICkJqKq12dZYf7D5fUgXf5JZxmNNGYJGQ6JIx4Yzy/BmxXxmRSVKC8DTIsIlp8QIUY3fB+2bB7F8z0J9clTB1mIvJD8qVsopkelTGlAZq4rJmPVWaMyWzhBYQYv9ID3F0fFdG3MAFYBT7QCzVIjzlEK+JOymO1SBY67RWtGMopOFOChrbvXXfPz6iPr7EWJZy4sVDzWnjjAoAESJA==
+pch.anycast.tld.sy.	172800	IN	A	204.61.216.71
+pch.anycast.tld.sy.	172800	IN	AAAA	2001:500:14:6071:ad:0:0:1
+ns1.tld.sy.		172800	IN	A	82.137.200.85
+sydney.			172800	IN	NS	a.nic.sydney.
+sydney.			172800	IN	NS	b.nic.sydney.
+sydney.			172800	IN	NS	c.nic.sydney.
+sydney.			172800	IN	NS	x.nic.sydney.
+sydney.			172800	IN	NS	y.nic.sydney.
+sydney.			172800	IN	NS	z.nic.sydney.
+sydney.			86400	IN	DS	38014 8 2 A5CD19204CA09E64B3A91AA6BF40955E4B7553CF8F288B15D4CE93B4A0B428BE
+sydney.			86400	IN	DS	56155 8 2 6F8BEC880CB37266B04E5B34A8A61238404DDCA2AC3EFCFD47BF641E650D3D78
+sydney.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . k+twAquP0iX1VWVIlgEkle4mo791gsf0Kj+earWAlQd0JajDkUsMGDglIqd2xS0KZW3K+6h/TF30GNZ6ihDONKxq6O8Fey1SECySvAI1C/m0l+7AD93GLw+pwBkfZdIk0nV5WENPRCtl4CaJubjHup6DW1id77xnIWSPrzBSdAz2j4pXeQWddi2uJWvWN4SGPRHugpbuc8LJSMSxIDuVgfnAuLzMxPqKFSGpY2SReE5Bd6uDsUtKr95qyLP/H4Ao+NUzSz4BPuWGYxVnZA/q4/N2IQOPmKhMa6sj6O/rZf6hNZg6Ygt5Iif8lOA6uZCnQSj1dPmczMGul27UIMW8cQ==
+sydney.			86400	IN	NSEC	systems. NS DS RRSIG NSEC
+sydney.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YBz97RFZe62jaxDvQBtGndmQD4ZFDw7bfWzq/gmYFzMVTzdOLM4130FYsG82zDH/92nWhbX4VFsMjKnXNpsF5SkLJaXMlrjJ5FAbG5MHiZ2073kmUOd1vg6YH+D4nq5ZFYiifdmvD1oQFZ/V7vWWFq6CLpVO7UVuyyQLr7pXDpr3yorFNJrqtWSqChTMwF63JmtoR10uxH7dn8XALsDJDTuYXbe/sDKvwtpRbFDYEB4Mltj/DVbXQyab8vdF4L/4uBcuNwjbDiVkvyPVJnOaus5XkX2nCeF9I5iDMufrznDD0m4IdETvayncK5V/QYzctMUJuKwch1WyFIDpwmg81A==
+a.nic.sydney.		172800	IN	A	37.209.192.10
+a.nic.sydney.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.sydney.		172800	IN	A	37.209.194.10
+b.nic.sydney.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.sydney.		172800	IN	A	37.209.196.10
+c.nic.sydney.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.sydney.		172800	IN	A	156.154.172.82
+x.nic.sydney.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.sydney.		172800	IN	A	156.154.173.82
+y.nic.sydney.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.sydney.		172800	IN	A	156.154.174.82
+z.nic.sydney.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+systems.		172800	IN	NS	v0n0.nic.systems.
+systems.		172800	IN	NS	v0n1.nic.systems.
+systems.		172800	IN	NS	v0n2.nic.systems.
+systems.		172800	IN	NS	v0n3.nic.systems.
+systems.		172800	IN	NS	v2n0.nic.systems.
+systems.		172800	IN	NS	v2n1.nic.systems.
+systems.		86400	IN	DS	9634 8 2 A45F6041847622B7A24E0B41AEA1BBC2E618E952E2555206776295EDCC9EF77D
+systems.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DxWqlpU7VIGfbCUfp7ZXN7oayXLE/6Rp+E69XvK6RjnBZ96NXW/PIsh48Ghyu8udvDTePwdD+LPG6lx/XQNksQ7HxHI0SHVcxLTwoBlw+VeL9Cebs7ndOUjA1zjPNs7GMCRJ8KdJwcbZxUheAQtEkOD8F0QxdvsyVpGeYhD79mo3+U2riheyh9j6Tgex01i8hPFnf8Y3PiuAf56VXToNhrWcQHQmRu1TdIS5WbZYnZJsq7APn+zAvMyPwk/S5q+x0DdwIvBfOl8Lwigh8Qg0BzLPS6EKsXMUTa1u4YpLrJT/BzPfaX5QcKSe6+8UUV62WLBYGtjoqu12INkKj+JjoA==
+systems.		86400	IN	NSEC	sz. NS DS RRSIG NSEC
+systems.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Nn+xIhKm/I1zf2ZSFkV0djb/UCExhNEprqkaUwbi4U5YmEAoa+rFw8i3Ul/yGPywsAop/oWdKYXQgV5cvm+NsbBTNG6Y6PRZ5lDEOuDYyUYTECd17PKzHBlcnpF03kTwY3OGcJaHSJggiKHwKfphMCn9zbJ6G28b0qun9JmKR91Mf/yRiuLYM2pDumRtAY5pJ/N14tskj7jvt3dSrUr+ie4d2FySxUQQCCcVdDoaCW7Ni3s87eN92KT1d2HxHZqaTRVB0eDoWkyNGm28d9X+5Z/pwdLfTzCq8YfQC4KsquQR+2qFleeDIvHJoRrdi1vYUQcnaCuLslf2srTgNf9Q5Q==
+v0n0.nic.systems.	172800	IN	A	65.22.20.38
+v0n0.nic.systems.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:38
+v0n1.nic.systems.	172800	IN	A	65.22.21.38
+v0n1.nic.systems.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:38
+v0n2.nic.systems.	172800	IN	A	65.22.22.38
+v0n2.nic.systems.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:38
+v0n3.nic.systems.	172800	IN	A	161.232.10.38
+v0n3.nic.systems.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:38
+v2n0.nic.systems.	172800	IN	A	65.22.23.38
+v2n0.nic.systems.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:38
+v2n1.nic.systems.	172800	IN	A	161.232.11.38
+v2n1.nic.systems.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:38
+sz.			172800	IN	NS	sz.cctld.authdns.ripe.net.
+sz.			172800	IN	NS	ns1.sispa.org.sz.
+sz.			172800	IN	NS	rip.psg.com.
+sz.			86400	IN	NSEC	tab. NS RRSIG NSEC
+sz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ozlUy13uSHi6SwaYMLvNvfh+3XzNxkpQQAWrf34XUtVtF61IlKKVJN9mbLDjfzAxb9/sJEnMbNnjSYdSPCSvmnZsA+2hNuR71C+ZSUP5K2xyOELKIDL28T+cM9/cc1wOvLuxmKwCN5oKCLsJjsy24WSMHhRbXOdA7rVqa3A8NO+o7Gv9jIiOYIA5ty1+BNydOqUY6ayAgiOleClzFwAsnBGRARWEsZVyG3afJcjvYqIOOQeppXMy3+HHt6TjhxLY+Uv35uWJrMCFtXxt12JkgqDLtHncrvT1JJ1TEZPBeq07TAgTK5gnwQlSitLa/q7LzuBTSEcy0j8KsTtxlGfwzQ==
+ns1.sispa.org.sz.	172800	IN	A	41.77.232.4
+tab.			172800	IN	NS	a.nic.tab.
+tab.			172800	IN	NS	b.nic.tab.
+tab.			172800	IN	NS	c.nic.tab.
+tab.			172800	IN	NS	x.nic.tab.
+tab.			172800	IN	NS	y.nic.tab.
+tab.			172800	IN	NS	z.nic.tab.
+tab.			86400	IN	DS	12205 8 2 BF58E40EA4764E2E24254DCB7A365D90ACA26773209827EE0A41BE128CA1F977
+tab.			86400	IN	DS	43171 8 2 199DF3DE634CB26FBFD95EF9C9CB87C804B3D5DE44460A58EA80A49A57A90C9D
+tab.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dS5Fh6rZ070aghsZLiACnk4USPavLfZv2SWkR+tEs4X1cBxtS0H91QfgqisDN0oDMu857DA0hlSbkfQOq6seGIXBlXSk7K51PNPwUrK1FtdjjCD5kWGcHG3fL7tWt63ykIVLAHGVt04zGcsyhu8E+OiPbkVlg4k4QO6DLKxBDD2knasRsKNCPJ1kGyvBWRVfhmqngJ+vXUeKVSvbo3r1OaiyJrjuxUi1DIKmF3DXXe2cMuM7tSZp8N8jFPmUVFoHgW66uMg6G+2XpOYkdAct8izQ4nHr29znf3W4UIYVrN7Ycis2MnlZrk4j9JL7F+XIWENf1UCvk7//Txb9t2jhWQ==
+tab.			86400	IN	NSEC	taipei. NS DS RRSIG NSEC
+tab.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . obcJ6GPZWoBczerBCSdDlz9n5buH6Q6G0QrNzspRWVJRadwkS/y2y04zPghbEgn792cwNQlYf6wCJApGGMb7S+N/hZPbqi1YNWVvifn0lXVmSW96hd6SOqLOrs396ud2TFievm621n54MyJtaoLKvc4++OCCCTrXJRbgvcq/f6sIntd2zS2Un7HKJy8fMVYQHp2PHTHiv23B/A0Xby5xDNS2itaPbZ5FO1BPf3D80RZpIkAA9qe2eSeIHC0LRCted2TtN65oWdutCN63OD1chjs8Ji/1qgH6a5nVD/uT0G2tTe1MhrI4mq1nAAXl9sOwDp899hrd13wFToXRXqFoDQ==
+a.nic.tab.		172800	IN	A	37.209.192.9
+a.nic.tab.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.tab.		172800	IN	A	37.209.194.9
+b.nic.tab.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.tab.		172800	IN	A	37.209.196.9
+c.nic.tab.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.tab.		172800	IN	A	156.154.172.82
+x.nic.tab.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.tab.		172800	IN	A	156.154.173.82
+y.nic.tab.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.tab.		172800	IN	A	156.154.174.82
+z.nic.tab.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+taipei.			172800	IN	NS	a.nic.taipei.
+taipei.			172800	IN	NS	b.nic.taipei.
+taipei.			172800	IN	NS	c.nic.taipei.
+taipei.			172800	IN	NS	ns1.dns.nic.taipei.
+taipei.			172800	IN	NS	ns2.dns.nic.taipei.
+taipei.			172800	IN	NS	ns3.dns.nic.taipei.
+taipei.			86400	IN	DS	28855 8 2 6AF00FB1EB9CE9F7B6DA427E29C32BFAE5B605AEF733AFFD9DE17F150A099BB2
+taipei.			86400	IN	DS	45859 8 2 1D7533B060B299291E2C060FE110169784881081BBC7738AA4B7A774F4DC4746
+taipei.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JPb52PTZHknL8aEO+t9hx2YI7htscQn4wAa+jdrgAhUlj/2xY+hBEWgdHhJzPMsc48kWmjxVhu7Ix62lwh4dK9f4ve4/Yf2hL63TtfqPDdGM9p357apj/qczDmCNtLnVcktixnA0fF7NZfzJaHBYW7+bMj1IDogmkwnFRw0JKVaiZcbgtHh3PRafGEMANk7Gg9850w4+CR/1+jGp1J4bCUfNf3xb3TFWdpcRt0ko54EEzYUya+USh58tCsuwv4tzalzgy61vJ5UybEewsRsRxEl0+Wv5FBTIk75dvxnXwS4r0kqpZqnWGRT1uhYBWNIzHo+ReQSe5mYudZA6usUeLw==
+taipei.			86400	IN	NSEC	talk. NS DS RRSIG NSEC
+taipei.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GpCDr52DorQGjE8GsCc5BtU10a/3ZJ8PZ66JqLUy8YJsYXB7A9LIRTs5EZA8sBINd536t152/HRRKF0kZl2LEBZoiUX/PafB4CYjy6HxWiGnPEE41itFl2NdwTDqCkpD5qjC54cEgcmHmQWv0oG1G1M0Qf5BCPyxM3Hd3nKDDQpAo3A6m2+zC2lxuODEyqNkY2CAPzX80k8xZQl9xSZmO/TqCXTYFpd4TzEQynXtZv7GxEg5WYLWRnAjJVT+G2arTFeyHc0VBLw+jGAuDgOXmfFbwMRWc5jiueU9CYwnLvE/5Y/sDzNbydtJoJM/+fJagOl1LDHI5S5RU+09ysIfBA==
+a.nic.taipei.		172800	IN	A	37.209.192.10
+a.nic.taipei.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.taipei.		172800	IN	A	37.209.194.10
+b.nic.taipei.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.taipei.		172800	IN	A	37.209.196.10
+c.nic.taipei.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.taipei.	172800	IN	A	156.154.144.156
+ns1.dns.nic.taipei.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:9c
+ns2.dns.nic.taipei.	172800	IN	A	156.154.145.156
+ns2.dns.nic.taipei.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:9c
+ns3.dns.nic.taipei.	172800	IN	A	156.154.159.156
+ns3.dns.nic.taipei.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:9c
+talk.			172800	IN	NS	dns1.nic.talk.
+talk.			172800	IN	NS	dns2.nic.talk.
+talk.			172800	IN	NS	dns3.nic.talk.
+talk.			172800	IN	NS	dns4.nic.talk.
+talk.			172800	IN	NS	dnsa.nic.talk.
+talk.			172800	IN	NS	dnsb.nic.talk.
+talk.			172800	IN	NS	dnsc.nic.talk.
+talk.			172800	IN	NS	dnsd.nic.talk.
+talk.			86400	IN	DS	63701 8 2 6EAFD932EDDD45279072054C3CDFCF9CF04EE9CC5847DE8F7AE6442A3ECAC117
+talk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ko0Yyz87iM7z8m9n87sIq6/tSFDKo/uXE7gBZcI8cQPMZ5SR7GPo8Jk8ZCRbqxM6GxJn/bWVbiHUaXAVjqIJgus67xkyL4STyaUMLWsqgyR3/CaucVLm1aemivFl/jdjOwnbszw+VlYJBWR8ePbfoeVaBD09er29mRKTmqTCSlRLaE0UKVMCCFD2KWI3a+RiKjEDq6jiH5Lw95s3mPHrUY48DbL+k/083lqd2G/+19znqQzBfM0ENhRgmEWIO8y7QTsj7IGDNNzaqLk7HgU4MbIsUq3s/9mqb45/OqizecTFkPgDuMqOWX7yWxrPX8fwXC7lWYLQVp1e1d9GhhggZQ==
+talk.			86400	IN	NSEC	taobao. NS DS RRSIG NSEC
+talk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dqWj/l/P+g03wVJplDL0L8JHmanJ7ntv1bjDr7BI/q5yBSv8dllF8yO8Jam6yMe7jKrtWNM/JYo9me2mgrZScXnS4TOtO+RC9Eg3GPDzJJ5yTrcdRF7LWDX9dL89bk2vRJZSXwCt9h7A0PbiMZFPLX9CeVcg2aada521aUWlt36XtQSQi61nXGo0gzeGW8HxFGWWlV+ipRtzb9ihBRKlTKBITa9WFl0LAND4hXdB683yf0RUqZWzMq45Q8Ytgtn6mT3xz7jYwmVYxcCSiuXPZ4zgTPMjbnHZdgGfYqBMI830eFAzA+NzgSWWojhAhyFcQBq6PoAPVrXxXG4sWGSHdg==
+dns1.nic.talk.		172800	IN	A	213.248.218.83
+dns1.nic.talk.		172800	IN	AAAA	2a01:618:402:0:0:0:0:83
+dns2.nic.talk.		172800	IN	A	103.49.82.83
+dns2.nic.talk.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:83
+dns3.nic.talk.		172800	IN	A	213.248.222.83
+dns3.nic.talk.		172800	IN	AAAA	2a01:618:406:0:0:0:0:83
+dns4.nic.talk.		172800	IN	A	43.230.50.83
+dns4.nic.talk.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:83
+dnsa.nic.talk.		172800	IN	A	156.154.100.3
+dnsa.nic.talk.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.talk.		172800	IN	A	156.154.101.3
+dnsb.nic.talk.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.talk.		172800	IN	A	156.154.102.3
+dnsc.nic.talk.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.talk.		172800	IN	A	156.154.103.3
+dnsd.nic.talk.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+taobao.			172800	IN	NS	a0.nic.taobao.
+taobao.			172800	IN	NS	a2.nic.taobao.
+taobao.			172800	IN	NS	b0.nic.taobao.
+taobao.			172800	IN	NS	c0.nic.taobao.
+taobao.			86400	IN	DS	62422 8 2 9F3D7CEB441CD4DAC22EFCCCF5E79D238163E139AB368ABDDAA1029302A77BCB
+taobao.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . q6VzMs2gTkrqQrA8IvUaGlE3BO0Zt6R3VhlkkPUWb1HW5c2+zN3FooRO+Xlz224noEkZ1nQHhqanc02MZfuW0vFw2YMc6Y0v+gRaHv/buXdaYloa5lDI1Iq7QH9NnxFuxhtD0/iyu511dps9ZM15b0bbEh2DUKWj1rBWcOagTXk/0z3yQ2gCSwdDmgEt4830+a5s1x2AXbdrGXdVz1X0abhiKtjnFl+bw1JvNS4+3ced8CyQbHMXOdYMXDhBaDwlMGOUcD5Mc287HCeHXGNyfTCi+0myHcQcbm+Dtz79zfhXNzViRx+EazESFV/HgYOnYnLSaLwTJfWT3coEG3o8iw==
+taobao.			86400	IN	NSEC	target. NS DS RRSIG NSEC
+taobao.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YkuCSaYb3j+XI1XJYlk1IOeR7XhjMLsLJLceb3p1GiXpSc3jx6ec92G1cyexoy+KfvunnjaiFhguLbvpKi3CaZjXaSagVOe7WnteWQ0dEnduf2b2NeVcTRexHST6wqIi/+eFG+29DFscHSseE8a6bwzAVjqrYPzV/YBQ0v5iys+NON4CSPTLQn82jPgEYmeZAJHvbNQRPxLTcKtRKLyYW4JMe/lOxr4vWt5CFmWo2bguqMlx/sokyMbTwIM7VGtMtaqY8nHi7djubvQLgepINCVmdvABuUSsiR5H1gHM+dcsLCJjRWe/r8vjtunK78uWqAyaOVXBBm2Hi3OS9BivNA==
+a0.nic.taobao.		172800	IN	A	65.22.52.17
+a0.nic.taobao.		172800	IN	AAAA	2a01:8840:32:0:0:0:0:17
+a2.nic.taobao.		172800	IN	A	65.22.55.17
+a2.nic.taobao.		172800	IN	AAAA	2a01:8840:35:0:0:0:0:17
+b0.nic.taobao.		172800	IN	A	65.22.53.17
+b0.nic.taobao.		172800	IN	AAAA	2a01:8840:33:0:0:0:0:17
+c0.nic.taobao.		172800	IN	A	65.22.54.17
+c0.nic.taobao.		172800	IN	AAAA	2a01:8840:34:0:0:0:0:17
+target.			172800	IN	NS	a.nic.target.
+target.			172800	IN	NS	b.nic.target.
+target.			172800	IN	NS	c.nic.target.
+target.			172800	IN	NS	ns1.dns.nic.target.
+target.			172800	IN	NS	ns2.dns.nic.target.
+target.			172800	IN	NS	ns3.dns.nic.target.
+target.			86400	IN	DS	63634 8 2 C16DCD3729FCE936B4FF2021E1D2409499FC85C4934137249EF7B5288807AEA4
+target.			86400	IN	DS	64351 8 2 0168137C6E180963663C74F30E4B581847C1D17E674B59AA1CB2C76D671D5ED3
+target.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aFyCTPBpaLZV3Ynxo6kNbe47Zgnydj+0fEyPzswKQxLjcMv/B3GjX303UzO0fgbnc6JxIKRievHFJKsb1l2/3+Amuht63iPES8/PJyMUffu6q2gluE/72vQLF9+1cH2Af6EBt83u6pkqTEGDksh8HpOQVxeN2vXILYHV/SDf0BKw4oqddJnepy6aPXxDHDShWXDW7Hx7GUoKgjmDJ/3oUFXeq9DXct/bM51LzAqvJmsrcTpSrRXqaQ5WaAcG9Pp+Ct5AVeIGmS/Gyj54UKryvjcDehOttllDmO0KQNPSXh/MDvuoUexsD8/ALF+flXa3o353gD1iRYMx/JaogWcvsg==
+target.			86400	IN	NSEC	tatamotors. NS DS RRSIG NSEC
+target.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FEwBzuG8ll9jHBiqcgg5uOOKYefV8wUASiUpkPqkFc68zPqM5Kvh+qrXyIdG71t3WMjmvtA6M1vjzhqNooBjxhkiCRFpoJNI0K2x2/UXVMKnDyLCL4Cjnud+WlwxSyuxUO29fM/ceJgoWraGhy6rhSM98gGD+earWLNAL18103/3B6BnL6ABO/pvFlOiDrHOUmuJP1lKCWpBCLv+G6xnoyMh95oHg4Fw3KhLdKLSD6XBLIyc35MoqJ7SMCvJaXccpOqOW7LIY++7KX1sj0CrrEqsn+g5SoCcqX9bykAYEWnQaF/mJvEFFYRMbB9ji4VvWCTOjwSPpgLgVyebJZmwwA==
+a.nic.target.		172800	IN	A	37.209.192.9
+a.nic.target.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.target.		172800	IN	A	37.209.194.9
+b.nic.target.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.target.		172800	IN	A	37.209.196.9
+c.nic.target.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.target.	172800	IN	A	156.154.144.158
+ns1.dns.nic.target.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:9e
+ns2.dns.nic.target.	172800	IN	A	156.154.145.158
+ns2.dns.nic.target.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:9e
+ns3.dns.nic.target.	172800	IN	A	156.154.159.158
+ns3.dns.nic.target.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:9e
+tatamotors.		172800	IN	NS	a0.nic.tatamotors.
+tatamotors.		172800	IN	NS	a2.nic.tatamotors.
+tatamotors.		172800	IN	NS	b0.nic.tatamotors.
+tatamotors.		172800	IN	NS	c0.nic.tatamotors.
+tatamotors.		86400	IN	DS	55006 8 2 038F7FE751B672C38C8A1748D2E8BE90C1CB1FF8C35766EC10E0242E0C2FB843
+tatamotors.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BQYr+JZ44hl/TJfurh2DZWB4x3usvf/rD8gAWleB6HzYrjPGEjStAlKWK3hdOHPa2xMLR1Sb68AuFqmonI3orNn3LMSC9AtP2U1218oFaL9k9gQmhg26B1TDuloe89FukVIONysWw3BYDFdaqhqFNxbDPEftHxPk+KDCqKr5rRrISdiWWLofIReAQB197oMUzMuc4T/4biybc6rrT0fn7cUfQYInEPvsHkDSK8ZoVlmN+EBmfzSlj7Q34P9ncdu1dnzLquf7McCE/116V8xH8Fbtc6j2vRW5BRm+BBstrGcbfDNR05SP2xqCNGx4vzx2JY96kIqXjRtDIEcLh8FdRA==
+tatamotors.		86400	IN	NSEC	tatar. NS DS RRSIG NSEC
+tatamotors.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yzUYVJB++NAYKwqTVTYuNCGHmxrUsb9AE6hVv7OUK2FadsGPWcHfeN5MQiC7PGF+zwmRrj7wmu59EO+YnFv0I1L11x1f/jPx+PD4S1cZzJMqVmbcV6RGikg2KRt6yzSDqdxKN1HR6Wx5rmrJ6OS1w2sc9Bbb8k67XNWX1GzSoBpEeHDi+5HzdjWEDOf+R0737dsXAyvx0OShWIloG5U2HZMvOSstEqQDLiSvbAPq5i9+9+z1f7R9eg2dItky0fAoNmiyFx2kujWZlinG69fweJwBv4qhn5DQnBcMX5yPre1XiGfqQFoG8ttqaYAByumtOvh1+DMMmQ7aV4b4VDndBA==
+a0.nic.tatamotors.	172800	IN	A	65.22.112.69
+a0.nic.tatamotors.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:69
+a2.nic.tatamotors.	172800	IN	A	65.22.115.69
+a2.nic.tatamotors.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:69
+b0.nic.tatamotors.	172800	IN	A	65.22.113.69
+b0.nic.tatamotors.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:69
+c0.nic.tatamotors.	172800	IN	A	65.22.114.69
+c0.nic.tatamotors.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:69
+tatar.			172800	IN	NS	a.dns.ripn.net.
+tatar.			172800	IN	NS	b.dns.ripn.net.
+tatar.			172800	IN	NS	d.dns.ripn.net.
+tatar.			172800	IN	NS	e.dns.ripn.net.
+tatar.			172800	IN	NS	f.dns.ripn.net.
+tatar.			86400	IN	DS	27077 8 2 CCED6D290E870530527ADFDA81F3277C9F64B8DC2724DC9D90640946D176A01F
+tatar.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . g/Yp1rP6FRMdzXv39vJ8ejjsKKTeud2rh0opJ7F+cfGI//eKJhv5u/NfjbP1ft16rnyfwTDYbthOTxG1WFUtSL+zargl39Y/oy7Q4B13/tTrB5C0/Nr/ovDF0Vt2eU1/aV3OuN3fycSBNlZwc+QZVFjwMoEhiMXh1nhNOdtjrYXqi0PURyGqiOzTn6MfOCFlCOgUs/uQTu5GKk/AoLSTNaPKBXVSbaFf4rzrGCfEcR1vu1SwyQfrvDYOLwylZUug+UK8IfBYBF3Q5iDGVcBMWT4UN73/imPBm0o76NtLQy+VCLz2Xd2qYMpSQx5IlQNGK5LiJFKd5FjnwMImwgdo8g==
+tatar.			86400	IN	NSEC	tattoo. NS DS RRSIG NSEC
+tatar.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oS3qDDRZ82Rjyr4nVpGQhK7aziP4ZMVXKKObVpTFz2qWsw0OU/KUGuw3R/92TTiU/DrQTczdhq9drT/EIyL2YFuyYmEeKLkrCPrpoAgbichiI2llM68HBB69hqeLmYcP/BaUkmObOV4ifSqprGq9y75nv3sTq1YgqiqOuaxHFbTatK0hBY1TJQd+t/nDkYdpqt+AsdKxU1PIDz/OhvdTiwTxh53yD49dwJr0TdwgEWHSqH0cHBnEnc7o+AvQwn+/xSQOnOQG58hkWfDn4RfuYfTRjyqAB2dpilHYo9j61OnWoV/85qDoSqL96Qy0x5I9ytGt4N+Byo7Xp2GdrU2kmA==
+tattoo.			172800	IN	NS	a.nic.tattoo.
+tattoo.			172800	IN	NS	b.nic.tattoo.
+tattoo.			172800	IN	NS	c.nic.tattoo.
+tattoo.			172800	IN	NS	x.nic.tattoo.
+tattoo.			172800	IN	NS	y.nic.tattoo.
+tattoo.			172800	IN	NS	z.nic.tattoo.
+tattoo.			86400	IN	DS	20907 13 2 2EB5F4E97EBC340ACC792395037D9BAC16B3683099BC109ABC2EA74E7D0D2555
+tattoo.			86400	IN	DS	23225 13 2 BD1E542C994F3E0D03467D60D852AC6DA47C825D16D64612006AC2AFE1FE2DA9
+tattoo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rTvyZeUr3v26Co5OjJ40XbBQny+XFqEo+oQAFi7J9pZ/MWi2yQeBodmPCTD1PsnwE+WbSpH7PRn+iFkPefgtnHIXdg9PJKIV3tRyNlge5WGsxrBLcqO+d1pfKZHiuNIr78+5cTYMdQ2j1kugG9a7jGSku/dj0FKPyLF9/s7l9caTUsM5XSgTQJLLHp3e+qnJ3Y4a57BgDGUr7Nsp+m6rLA7qXXnBKt4EucuVjiS1IySuWHMl9CHPzKGixGVZ8TKX9LR+j0PClWBn//Ge8ALnRq3kP659iqFqz2rLr22S6Kz2K7aOx4KxLHRnahv7nY4JDjxY4M8muA0iskHdKMCC4g==
+tattoo.			86400	IN	NSEC	tax. NS DS RRSIG NSEC
+tattoo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l63GIUnBJHoJpLhKvK5EUlvGvpNRJ5PN6jl9unrXeehJ0fyiXcMsQhn65AwkSbtLRdxR+/Xya7gpdmsnj4dNQj0ega/Ae4ScYic1V+p0mXxCvYhrmZFfEPW+TPQ783aXi4enyeNDEW6E5TJvkx8iwcSJJadqTRgQPVq5ISqkGIIsJ50TQkXGmiUXQZwzkGQOf3UBxi+tdhwsyRuci3npCHjxcZDaZ/bf972rVIvmscCESL0PXwefVtQv22PNokPHNIbBp+Ojf4cPA1VBEEFmjMJkkg6FWiuuMwkmkxpxvq2nZSr8W5gJ37pcQCguKPxJ/kz+sJBOtjJsij737G0oFg==
+a.nic.tattoo.		172800	IN	A	37.209.192.10
+a.nic.tattoo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.tattoo.		172800	IN	A	37.209.194.10
+b.nic.tattoo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.tattoo.		172800	IN	A	37.209.196.10
+c.nic.tattoo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.tattoo.		172800	IN	A	156.154.172.82
+x.nic.tattoo.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.tattoo.		172800	IN	A	156.154.173.82
+y.nic.tattoo.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.tattoo.		172800	IN	A	156.154.174.82
+z.nic.tattoo.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+tax.			172800	IN	NS	v0n0.nic.tax.
+tax.			172800	IN	NS	v0n1.nic.tax.
+tax.			172800	IN	NS	v0n2.nic.tax.
+tax.			172800	IN	NS	v0n3.nic.tax.
+tax.			172800	IN	NS	v2n0.nic.tax.
+tax.			172800	IN	NS	v2n1.nic.tax.
+tax.			86400	IN	DS	3385 8 2 4D66CF4D6309A91268D634432D008877AB792D0632A1F8775B732A18C277786F
+tax.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NcB1Te7WHgL08LjDJ8Q7IqavwfrByzXx2uKMIwE9QrB/psAeoiM/lAYFDT122zeBtJ5CVueu7EidjcZklH2HE1JCBcJ1xqjf7M7+G8FfG9/36RwSbk11oHLcNIC2I0M3PKT9MQQUM+u/aiVxQ0lRjT4BDuuhHAtMSiqRL3IpmCVoR1lHQeX7wyncZv97qGvjILGp2+TD6XsKyBUASkMNEmZzn1J6foGFFtUWCki+3EZ62vQ9fvjmZXsKpSKv1FAuTQ+0xIClFLfjOVQVLciNKW1AaAnWrZXgiLw2qJIGO6kQBwYWuX6P4r2QMKnuqnGydBebmLHGz/PAEzikHdMaUA==
+tax.			86400	IN	NSEC	taxi. NS DS RRSIG NSEC
+tax.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cB+GuY+istdPjt3JEBvX7FaYewAYUSSdWZs1C3rMPnRsKpMz3HUGj06Rid59B8Md0gQv+0vFY0oAX05eeo4Xcpsvrunc7crqwPxA/eog3QndWSR7OkevP6ljKwi6MZCP7d6TMoqxrfsHPiSr4Vj3+5Hndr8Wp7/akHCk1TTpS+renYDly1kU+0VJPBT0zmjlEIGSOpP7pDrMoNitflZfaOrdDBi2zVEb7/O8IFNtUU745yzv4MnQhMM68OjYz0F2DJcxLJ9JOXQxClQIyhUj/uQVZqtsf2yZ2iWCb5my8uVwm7pWrH2zVhi3FCUUALcM8qsUMxhcnHnzfaw/KQEvrA==
+v0n0.nic.tax.		172800	IN	A	65.22.24.16
+v0n0.nic.tax.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:16
+v0n1.nic.tax.		172800	IN	A	65.22.25.16
+v0n1.nic.tax.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:16
+v0n2.nic.tax.		172800	IN	A	65.22.26.16
+v0n2.nic.tax.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:16
+v0n3.nic.tax.		172800	IN	A	161.232.12.16
+v0n3.nic.tax.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:16
+v2n0.nic.tax.		172800	IN	A	65.22.27.16
+v2n0.nic.tax.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:16
+v2n1.nic.tax.		172800	IN	A	161.232.13.16
+v2n1.nic.tax.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:16
+taxi.			172800	IN	NS	v0n0.nic.taxi.
+taxi.			172800	IN	NS	v0n1.nic.taxi.
+taxi.			172800	IN	NS	v0n2.nic.taxi.
+taxi.			172800	IN	NS	v0n3.nic.taxi.
+taxi.			172800	IN	NS	v2n0.nic.taxi.
+taxi.			172800	IN	NS	v2n1.nic.taxi.
+taxi.			86400	IN	DS	28756 8 2 75A029EE9C29F3CFB66255F04C724E4739ED871DA812F13B9684E07382535369
+taxi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pSmr6QU9FOy37wnCztDqmFzwfDr01opLCYKYhwWFgwtW+2C4TDNAIG+rxhnWWkMSwGA2F17neC5HU5Y6sP+PXwWjC74Y1qknhsgRJLhjpkGSAs7HHe4XIZvRkf1D26cJeEEavrNW0MjeIuuiGXHA+hQfn564RCZnGa3tvuhoUTnY4aHOKWAt6Ob4MPZvtBMkub75QjW0wQ2ss7RUJt3MxWExVp3epdQo1j79uujqTn6UvgtQZy/fqVaBvUtgKGwk03Zd9/X60ToQPomU4/6AQmj7638+BDBCUGzBcI2OtCZ/GzSSDgKnzW4ol2aB47BiPjZx6ZylXo+BG17khu2cNg==
+taxi.			86400	IN	NSEC	tc. NS DS RRSIG NSEC
+taxi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . M3Ykqs78R7JfvEPa2+dmBQwk8byVadXD8Z527DujwlZZv6ucs7jjDfbLLzrnzEFPnUw1a0sGAdBWR/sJpymFaW6dNV8GMRfKwOrPxyZCwtTXk0mXGt6rbOHrU4kYJwM0np6FMq8ycCpBJUJm+bSBKtIdyru/EybeXVKUlMiF+8k8mMarWQXrW4UsMlK2sgyii1ecazDOf7YC3aESj6lGaExk0O+f6OIaGJdCM75jUtN2OpYhfMDuEPvIDW3erKHNt83DI/Wubuq4nCHgHp+hSp1x0Os7jeS6vhfVz4UF4J7ZGd5fVhseu8KXvcOZ90cv2UZNvoHVGjJ98hRMliAGxw==
+v0n0.nic.taxi.		172800	IN	A	65.22.20.21
+v0n0.nic.taxi.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:21
+v0n1.nic.taxi.		172800	IN	A	65.22.21.21
+v0n1.nic.taxi.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:21
+v0n2.nic.taxi.		172800	IN	A	65.22.22.21
+v0n2.nic.taxi.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:21
+v0n3.nic.taxi.		172800	IN	A	161.232.10.21
+v0n3.nic.taxi.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:21
+v2n0.nic.taxi.		172800	IN	A	65.22.23.21
+v2n0.nic.taxi.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:21
+v2n1.nic.taxi.		172800	IN	A	161.232.11.21
+v2n1.nic.taxi.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:21
+tc.			172800	IN	NS	root1.zone.tc.
+tc.			172800	IN	NS	root2.zone.tc.
+tc.			172800	IN	NS	root3.zone.tc.
+tc.			172800	IN	NS	root4.zone.tc.
+tc.			172800	IN	NS	root5.zone.tc.
+tc.			172800	IN	NS	root6.zone.tc.
+tc.			172800	IN	NS	root7.zone.tc.
+tc.			172800	IN	NS	root8.zone.tc.
+tc.			86400	IN	NSEC	tci. NS RRSIG NSEC
+tc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g9A1F+X7fMvprwsRRgj/SuFya7mqMPySnHb+GIzmZ39ouonX+mRNRORXMpLcChyFJPfL9TNmOJ47dRXmN4jWpnVLxCxSVso4kGLB/xj3dc43FIyCkDAhaj3S3nEc+0ecgU3NBYPtnFwJh/rQfifpoUMId6HgXidNUcLHe20zHBpeZo3dpzCiqaR45xABlFPtdWcKcdWJTx6XZf98kq/uW5YakIxSwvQj76gUw7cH1oDxkUKgWpc6C4TMVEGGKZ/2RUQpaMw/LEY6E6uRcpQVopuaueHkA2MKpOalAtGwL/Pj8O6QaS5V0+WzN/OegBq29zaw9O7WQkKSgrftuASO7w==
+root1.zone.tc.		172800	IN	A	31.169.81.225
+root2.zone.tc.		172800	IN	A	77.79.104.226
+root3.zone.tc.		172800	IN	A	77.79.104.225
+root4.zone.tc.		172800	IN	A	31.169.81.226
+root5.zone.tc.		172800	IN	A	95.173.188.6
+root5.zone.tc.		172800	IN	AAAA	2a03:2100:0:100:0:0:0:5
+root6.zone.tc.		172800	IN	A	166.78.254.145
+root6.zone.tc.		172800	IN	AAAA	2001:4801:7819:74:a322:3632:ff10:3e2f
+root7.zone.tc.		172800	IN	A	119.9.93.69
+root7.zone.tc.		172800	IN	AAAA	2401:1800:7800:102:ab3b:e6a7:859f:a6c7
+root8.zone.tc.		172800	IN	A	162.13.87.182
+root8.zone.tc.		172800	IN	AAAA	2a00:1a48:7806:115:d994:9fe:9eb2:e68d
+tci.			172800	IN	NS	a.ns.nic.tci.
+tci.			172800	IN	NS	b.ns.nic.tci.
+tci.			172800	IN	NS	ns1.anycastdns.cz.
+tci.			172800	IN	NS	ns2.anycastdns.cz.
+tci.			86400	IN	DS	12317 8 2 1D37F5016C69D56F3A3732434A0471FFF1FFFD580E4A7CE26816BC525095DE83
+tci.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZfO5qGDU7dKh8g3CqGUYKZNV/C0H5dZkmYzSdNN3mH/P0s1u5DnEiTQ1i4Qq5ZSGHCsnxNYBwy8ENFILbHMvn3YJ9ffxlbzHrQqwput1xoAYiTwF2p0ddC0lleBf4wWghIYyK+X0iTgAI3mZ1MECeL2hXVvVRhPdcxNzo5UZS1ORUGzj30YLCmf/7R7fo4U40grQJEEotWsiSPjnVghINGKSoBBuvTqQsNYB5E2hd+It9+GWTPcLil+XFSlhQ10OHGx2n6y0cww/sKoxfQjGOj50Jp71Y9lhfpecNfqwy1me+HESYPCJP9gL8jxfiuZUTnRm41yrs6IIi8q2EWeUxQ==
+tci.			86400	IN	NSEC	td. NS DS RRSIG NSEC
+tci.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EDvGMhoHbxlX8zOT8nkl56giFfdlOes4HOhFdSHaluxCyza+Hvhj56vFDL2KTbFC8XEVVFYAaWPQK87r9t4p8Aybx+d1HyNXbXefCQr+k68rwiita/6Gc0tnI/DQIARCDbYblPEEctWv/RfBPWL0+SvkOdWm9CIt+GbtP6C8iThpSEFuWKSBtbsqXrwAHeprb1KMDDICHB41uwVgp3QnmO0hqgn3nTyj/PHiZyuQGzbuyWGOGP9NcUj3k/RkvP27RlQz6Wk4CGo7PrTkSDYuOe99eKHcUtFmBd51uCuniGsoBsMr4Wplva/VF18neQOnWufYW4bk3tTjoneRl37CyQ==
+a.ns.nic.tci.		172800	IN	A	72.0.49.8
+a.ns.nic.tci.		172800	IN	AAAA	2620:171:a01:ad:0:0:0:8
+b.ns.nic.tci.		172800	IN	A	72.42.113.8
+b.ns.nic.tci.		172800	IN	AAAA	2620:171:d01:dc:0:0:0:8
+td.			172800	IN	NS	pch.nic.td.
+td.			172800	IN	NS	ns-td.afrinic.net.
+td.			172800	IN	NS	anycastdns1.nic.td.
+td.			172800	IN	NS	anycastdns2.nic.td.
+td.			86400	IN	NSEC	tdk. NS RRSIG NSEC
+td.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r75q8SIQzKnp1SVcC+dRT6Id2mfosahLp68tPYzlOgw8xLeFde6TYBnpc8wZjA0WHNiFjd1TTmFy+0qf6KPqVeY+LspD2AhOaiUZrzDxYqZyJk+r5eEtzueOM4Tk2/1p8hQ8oQt33MQz/buCC9UD3MiZl8JjaXGKvZOsacIk7cXvX/vRGfm+meZOff+/bS63HIhwz70t8InIvoFqmhjELeDLXFonfAxo51By7hF176LJC0A1/BaZ+MN9MJuJTV51htPZ3oW+XW2AZ91lvosrCWEEiD7xRAkJoQE5M7JTk9W/cjTyFD5uBiLjTMN7zQe6ZCCSR4y/0Pt5qwA/IJwj/w==
+anycastdns1.nic.td.	172800	IN	A	185.38.108.108
+anycastdns1.nic.td.	172800	IN	AAAA	2a00:fea0:dead:0:0:0:0:beef
+anycastdns2.nic.td.	172800	IN	A	185.28.194.194
+pch.nic.td.		172800	IN	A	204.61.216.129
+pch.nic.td.		172800	IN	AAAA	2001:500:14:6129:ad:0:0:1
+tdk.			172800	IN	NS	a.nic.tdk.
+tdk.			172800	IN	NS	b.nic.tdk.
+tdk.			172800	IN	NS	c.nic.tdk.
+tdk.			172800	IN	NS	ns1.dns.nic.tdk.
+tdk.			172800	IN	NS	ns2.dns.nic.tdk.
+tdk.			172800	IN	NS	ns3.dns.nic.tdk.
+tdk.			86400	IN	DS	39604 8 2 6AD7C7E7EB4C9F8DCB98AD56864A319E516C94CD953B3101377A8BA8C023D1B3
+tdk.			86400	IN	DS	55690 8 2 BBAD3FF362D157B3E4C07DA5EAB21DC9023320E511F6B5CEF84A19D773EEC2A9
+tdk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . q072JukIvJiXGl86/1skJDAkpbGLDpFQRLUkUYSOf3iTjETBXeJNYj/HMxZCaKfw1hSUZ0N8fIon588fIVR+2X+vj0jRBN/ozGhcjLVLWBhbU0JWJ1iYzjrdbw3hSEfpWuBmCIdNQtga3d9WLFx9mZ0ludUxFaQ07/towovTJd4sKH3FHQxq+c+YbwYM/6XTf2FsrLmLf8Q26AyJ90yFFXPKMhippC9ZivjImYdRe58u6R8CBgqN1coLL75YDuDI5cnneguvhCPPi7qK4NXViDm6wCJg1Z8KX8xhHPSIZUvF5LO/R9My3bNGY2ywF7jFp7lIsfmR5Eby848FzBLrDw==
+tdk.			86400	IN	NSEC	team. NS DS RRSIG NSEC
+tdk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F7Z9AwtlfLEuXlhvzL3lE2UVMP0+fj64NIdI33+4dbUnwNkYd+PI3Mn/pJ0qTkwSnu7pC29pRDnJ2+YHc2SzOaFuAiH14d+qBwaZVC1f5Vm94W0x2iO/XHjp/P49nBSUITWCkGm/H5S9C3h4mJoJVjc5zQ41T1aB33vlwz2DM+ue37jkO02+8qN3pZk9Eqta1i/DGK4qQQtsnxhIpdH3rebm4J1zizGesl2I166IsnWwO+1LkFWyx0Y4OBSaymM/g39VdnOrbVy8NuvD74I+jna2a3XD3NNNVRJlEHcLuFLtnOty/pkM3q70SZNKxXjJzSqrWp0WRuKP20XVs9Lkrg==
+a.nic.tdk.		172800	IN	A	37.209.192.9
+a.nic.tdk.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.tdk.		172800	IN	A	37.209.194.9
+b.nic.tdk.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.tdk.		172800	IN	A	37.209.196.9
+c.nic.tdk.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.tdk.	172800	IN	A	156.154.144.159
+ns1.dns.nic.tdk.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:9f
+ns2.dns.nic.tdk.	172800	IN	A	156.154.145.159
+ns2.dns.nic.tdk.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:9f
+ns3.dns.nic.tdk.	172800	IN	A	156.154.159.159
+ns3.dns.nic.tdk.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:9f
+team.			172800	IN	NS	v0n0.nic.team.
+team.			172800	IN	NS	v0n1.nic.team.
+team.			172800	IN	NS	v0n2.nic.team.
+team.			172800	IN	NS	v0n3.nic.team.
+team.			172800	IN	NS	v2n0.nic.team.
+team.			172800	IN	NS	v2n1.nic.team.
+team.			86400	IN	DS	38380 8 2 98207980337ABE3132EB70514E4F2117A2CBC9D83ACD2E89B18F9368A0456EA9
+team.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VKwDBykNlha1lzaUQlZrz5IT/db6lLxejmC47wEe/YQhKvMVce9YFRtLM3aseyfP3zQjzYcEN7d3O8xbVYkQYuue1AfGedkW4N++PaLLcZDSkQb9CseoKgy88ZMToa/SW0fvxztU9nsteg/WqIbD+dyrV8c4xfBURSR+cL3iaogGf3CUgvPnNWd4iwWh0DcB1vnMSiT+iK9gHPjVcr/ANUqY6Kds6SJo+V3qbDd/+p8U3GHh3vIeUKFAtaCKVgHh96clmNlBGazWJRKRdsFPQ0C5K0sVwUWzhtTY4TIGCf4hgV1xdnAFujMKEY3DkYLvUhzJ7nOozn+7rPAmWIjyiw==
+team.			86400	IN	NSEC	tech. NS DS RRSIG NSEC
+team.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LGGpHCfisTqBxBsX8pxeQ5VkT1Qkq/ZHzRMiApD2YFEHksAIMwgFAbbi9RQZ6uHPtoSb8kcp7Spkctwqq+va930w76Ydsnr9fVdtyMfJrvWwtAAIITKBVG/Ac311uk0Oig1YLSS7yIlGu+C1FN40h3W1C9kjp91dYTp/3DBvJYoyNZe+tAwpYEZXi5gtmQjE7iSRpD3NIcfd1tL6bmFdfYJViy2VynDpRblcIqCF5YMJAQEv+pZUu4HFBLNecEm6EcmyA5kSRvIS/1c2ib++hWVZGwcq3YQBEjbmcVvo4jyvPNeDJGyGelIzYJTjMBZ3schxreH9m3P53i+scBswPw==
+v0n0.nic.team.		172800	IN	A	65.22.32.37
+v0n0.nic.team.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:37
+v0n1.nic.team.		172800	IN	A	65.22.33.37
+v0n1.nic.team.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:37
+v0n2.nic.team.		172800	IN	A	65.22.34.37
+v0n2.nic.team.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:37
+v0n3.nic.team.		172800	IN	A	161.232.16.37
+v0n3.nic.team.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:37
+v2n0.nic.team.		172800	IN	A	65.22.35.37
+v2n0.nic.team.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:37
+v2n1.nic.team.		172800	IN	A	161.232.17.37
+v2n1.nic.team.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:37
+tech.			172800	IN	NS	a.nic.tech.
+tech.			172800	IN	NS	b.nic.tech.
+tech.			172800	IN	NS	e.nic.tech.
+tech.			172800	IN	NS	f.nic.tech.
+tech.			86400	IN	DS	50095 8 1 82F72F2462DEE25B99DA2470535AD0A7D131F1EB
+tech.			86400	IN	DS	50095 8 2 83F40D01141484D8F07305E5D2E44AC5663149054C598D6E9D993C661686C6EE
+tech.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wBhWUxHIWpQ9NaNG/egI2ayQmao8Xa0HkvzyraRfIVC9jGPP47AgZiTtN7lJ9xc3r2LYHIqtGsjD0AD8upJqtLO0yLcqFvL5DnO+LOuhWkpx7Q+BxJWxQmu4AVP5AvNEGD6YIPP7hmUyszGtWg4nzAKpc8Jav0bNChG26sVxbTPgEc+L1Ts/7saYPK5gQSCDrJw6bin7feBiB8PlWNsIuPdoGbNJT3NEswm/x6Ya4bC4uAFPe84QtlRhhXp98NXiLPBFejW6B7BBYKC7ZNJF2S10gKgMxmBaQlop8XS3CHBG1rwLNj8pvxnb/qcPWr8VsQB0KX1lPno0LE0UmdSkHA==
+tech.			86400	IN	NSEC	technology. NS DS RRSIG NSEC
+tech.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . t4/Waz8MhlR9MmaDF3rt46emWD3TnEA/zBQXzB2pyBr31c0qu34DRfQ/HeYUpqLLmDpQoolcpKS0lbDU+nZb12b+T3x3grq/AYUxAKXiuTfH4WwI/FiA9KU2KJdtJzV8PiQVqCjY8oCGEpIAXYyYBn8IspaVwIFSgnMqFWCx6qvVUbotNwon67YWoeaj1juDRWSYyT/UagA4tyvadEoIMiZAiQ7tJJkWL8BX9IjGZepaZv6RpHFIjGOYrOVcV/0RCLkNIStBMJc6BSK4SFtaAJ8NNhgUOuIuBdFjhuCvqHsfDUtueJQnxG9NPDWEcyfMAz3+GoGfRzJgXtOWJ16kWw==
+a.nic.tech.		172800	IN	A	194.169.218.60
+a.nic.tech.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:60
+b.nic.tech.		172800	IN	A	185.24.64.60
+b.nic.tech.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:60
+e.nic.tech.		172800	IN	A	212.18.248.60
+e.nic.tech.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:60
+f.nic.tech.		172800	IN	A	212.18.249.60
+f.nic.tech.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:60
+technology.		172800	IN	NS	v0n0.nic.technology.
+technology.		172800	IN	NS	v0n1.nic.technology.
+technology.		172800	IN	NS	v0n2.nic.technology.
+technology.		172800	IN	NS	v0n3.nic.technology.
+technology.		172800	IN	NS	v2n0.nic.technology.
+technology.		172800	IN	NS	v2n1.nic.technology.
+technology.		86400	IN	DS	27175 8 2 DBBBB57529756C1BF2ED1AB1CA275B580C2F3296FCB65689844A8D58CD936516
+technology.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y2cq1M3HvpMyO9SR4OdHPEwVtdFA1qYeFsWyQV/ZQBExlDj2JocFpJVg6mdtmXuS4iGant2eTjn0Eb45pI9rJHwQdhQfp3Q+M7xHqvjSXX72OZpkmJg5MBz9IRs/daQVANtQmepQhBGMWPzOfU2Uu++1KWibp/wF/gvu8b6BpF3958O8sFgPBZKbMGe7y261GFWiu49ThHdiKdbnhPAQ3fE9g5P8QkwMFvRecJfBJ6QAxh+WbAzLsWqP/1vYEpV0a3t+Zg/xsTRDVeXrAdDfd3XAL/IG1W3UrfDjXm5Jepps3JGl1p+nd/QW+O/K09H63cm/286Tm8wciTlNigrrPg==
+technology.		86400	IN	NSEC	tel. NS DS RRSIG NSEC
+technology.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hfOXGXjkUZUiBiIJs3+2L2Rx0glnwL7hUgApe73mwTAtzVOOsXHPZcMTJ7M/Ur72XEWXbvbvj0WF3DuFhh+tvQFBAZ+vM5N4rA5xuyg0EQ3+wNYvKHjwi859icf11M/1x+WgqDCGAel/snan77pCxkWaRrrIKC526Tm9HoWfdCedSoXkAFj7CBHJukNY0mZWis6C3WeEgTFL/HyRvEewlP6jDfxbwdbC92dXD6/GhLXFQ7ljd6Yl7h24PBWw0EpO/CaADtjUuFVXa5UyGQJeAK0NHzl8/HEz/ljwOIrGnsXBslurFsGiebjXM2547GGsOnDX74refptksBkEFyzW/A==
+v0n0.nic.technology.	172800	IN	A	65.22.28.37
+v0n0.nic.technology.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:37
+v0n1.nic.technology.	172800	IN	A	65.22.29.37
+v0n1.nic.technology.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:37
+v0n2.nic.technology.	172800	IN	A	65.22.30.37
+v0n2.nic.technology.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:37
+v0n3.nic.technology.	172800	IN	A	161.232.14.37
+v0n3.nic.technology.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:37
+v2n0.nic.technology.	172800	IN	A	65.22.31.37
+v2n0.nic.technology.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:37
+v2n1.nic.technology.	172800	IN	A	161.232.15.37
+v2n1.nic.technology.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:37
+tel.			172800	IN	NS	ns1.dns.nic.tel.
+tel.			172800	IN	NS	ns2.dns.nic.tel.
+tel.			172800	IN	NS	ns3.dns.nic.tel.
+tel.			172800	IN	NS	ns4.dns.nic.tel.
+tel.			172800	IN	NS	ns5.dns.nic.tel.
+tel.			172800	IN	NS	ns6.dns.nic.tel.
+tel.			172800	IN	NS	ns7.dns.nic.tel.
+tel.			172800	IN	NS	ns8.dns.nic.tel.
+tel.			86400	IN	DS	46924 8 2 3F708AF9FC2D9FA7E09AC99FA19BD6D1B4B0F3F5D95DD06BA2DC95B0AA2E53F8
+tel.			86400	IN	DS	48802 8 2 4A00B3F46AD973780B87F241360DA0B79481B257410BB68A923FE887087BE139
+tel.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GYGfySMSdIaxWKLUpgof9FWStsl45sIofcxWuxZOzbxki9iRkj9DfL/3DhSb0eFTzsGEJsk7P/66sNHt5OHKd+a3ZqIN/poMtDsmRZheatezwsCrdVrf9JYfGOlnTtjwjRu2N8zWwZpjsyxF502Zgxrb5nPlzmVwENMv8lz72RdbSYNm6HLpVm7M5g0ecn1Wt90Jj890Q/2FFYJAV28MVQWDJELt3mHy2HcXjv5GwJaywVulAXCXiCNd5H7+m9V10OvW5evKT4TN6cB1CuEetOK7e8+Rg2XmOBRXX7+LBmDVZCl6TdYvwNLNVh15jJQNpOK/OBeX2wwt+DJZKZ8wzg==
+tel.			86400	IN	NSEC	temasek. NS DS RRSIG NSEC
+tel.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gmEqQc/ZpX4aqTQ5QiIu+J79YLH50I57vfoCu1kyu5C3Plz55TXsZ5KSsjGkHAO7drFRxcYsyc2rKDVj0kIXUAdOO6qXUA9/bHpaTun55y/544VaIjC2LNwCThO+5kf52MQB2tVgaYvx2BU0IjuoprXCE7aytXrKDsCLHVmddi1X5m5KetuZ9bJTLjCXC4EN3zGf5j9ZRyBjg3Con5KVuEU7QQ6DfQk7p9/xiU1slKvD4cP54z3GrGV8N6ExpXrFejZETmCZ0vasxzr3x1if8HgmANaFfnatL5xg0lRULq9w5Vv3K2K3X2v+K9yxXe6eTjKyKVrySqpRW5EUi7FIRA==
+ns1.dns.nic.tel.	172800	IN	A	156.154.169.10
+ns1.dns.nic.tel.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:a
+ns2.dns.nic.tel.	172800	IN	A	156.154.170.10
+ns2.dns.nic.tel.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:a
+ns3.dns.nic.tel.	172800	IN	A	156.154.171.10
+ns3.dns.nic.tel.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:a
+ns4.dns.nic.tel.	172800	IN	A	156.154.172.10
+ns4.dns.nic.tel.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:a
+ns5.dns.nic.tel.	172800	IN	A	156.154.173.10
+ns5.dns.nic.tel.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:a
+ns6.dns.nic.tel.	172800	IN	A	156.154.174.10
+ns6.dns.nic.tel.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:a
+ns7.dns.nic.tel.	172800	IN	A	194.146.106.38
+ns7.dns.nic.tel.	172800	IN	AAAA	2001:67c:1010:9:0:0:0:53
+ns8.dns.nic.tel.	172800	IN	A	192.36.144.116
+ns8.dns.nic.tel.	172800	IN	AAAA	2a01:3f0:0:300:0:0:0:53
+temasek.		172800	IN	NS	a0.nic.temasek.
+temasek.		172800	IN	NS	a2.nic.temasek.
+temasek.		172800	IN	NS	b0.nic.temasek.
+temasek.		172800	IN	NS	c0.nic.temasek.
+temasek.		86400	IN	DS	35989 8 2 225862860C611D932591E3173CA1FF2A1903716878EE30981AB59E1D179570BB
+temasek.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZfkRW4Xs4aJohr/vq7EppC58l1VTCnaT5acstolNbGCCy5Jiq+PAAZDezO+b90gtzLXySFBqfYOL5IAXTNz+hV3up8PTNXMS2sd4nPqmUUncINV/6obv0kNrvjVNqf1L754SRUYo+7/od73qcDk1Vsq3C7oDoH99WaRzNn6Pe0mRlh5oTAG74i/l4ZBJvO8b9T1XXUhnknEdXMTkUsub29SzF5Osv/wsxN/Yh4gU+5Nix7SfhBUBYJzZpZ+qKkn4fs0utPc+wyizNTS+djVdNs/zqyy6Exfe7ltfcBm1nmA5xklOunPwSaNcAqIGwc5v/kn0SMcfLRPblh4Lit9epw==
+temasek.		86400	IN	NSEC	tennis. NS DS RRSIG NSEC
+temasek.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tNyICUQ6mGTURWqkn6rjQJutg1sUE7HemLA67irOZ00jzc7lSYBO2Wr+ORGMSJMWUxNfzZoVL/Alm0LqCiMopLULYry1IQEkdkcQBC9d/N7uLmmZAKA6zaAkjf/A1b8oW6gSRmIhI5w02AxHCHtjWKOooRnf+LFz05snV92TJqMFC2l7n7jRfl+IZGvLtdPcH+ODlYJe8wzw2TzSwvI5qn4TSZ5ewPUmAGA7fgrDoGkclsZlZx6THRzldhaHEi6v6tSCTF2IdETaW/SsPEpSRcRQRn43TSTPEUQGyeQMv01UWqynZz2zlCvkqOaAlXBuwjWbyL8Ys5QpdtAODAl4tQ==
+a0.nic.temasek.		172800	IN	A	65.22.140.9
+a0.nic.temasek.		172800	IN	AAAA	2a01:8840:8a:0:0:0:0:9
+a2.nic.temasek.		172800	IN	A	65.22.143.9
+a2.nic.temasek.		172800	IN	AAAA	2a01:8840:8d:0:0:0:0:9
+b0.nic.temasek.		172800	IN	A	65.22.141.9
+b0.nic.temasek.		172800	IN	AAAA	2a01:8840:8b:0:0:0:0:9
+c0.nic.temasek.		172800	IN	A	65.22.142.9
+c0.nic.temasek.		172800	IN	AAAA	2a01:8840:8c:0:0:0:0:9
+tennis.			172800	IN	NS	v0n0.nic.tennis.
+tennis.			172800	IN	NS	v0n1.nic.tennis.
+tennis.			172800	IN	NS	v0n2.nic.tennis.
+tennis.			172800	IN	NS	v0n3.nic.tennis.
+tennis.			172800	IN	NS	v2n0.nic.tennis.
+tennis.			172800	IN	NS	v2n1.nic.tennis.
+tennis.			86400	IN	DS	41695 8 2 30E59D10FA2E38DB83B8DBAC7CED28B8A1D6A6697B19B0B8EAE5F7CBBAF5D0D8
+tennis.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . POq8Mz2f7wHoqE5YjbB2WU6LWeOGujoTBePWudF9qv1TNoMI40TBWrwzrbpEG5BHjUhGg9medOJQrKEU9lzRkNfE2+1i5Urx4x3d4ewvTK82iPMX1y5QmtWqPEq+6cDZwlRQzyJnsvHUpovcj+k7T/bwszig2gDS9GZxhHQC9KdEstsKLCyDMSyHXLSERrvAhe26YG/DQyDUOITdmpRiNwmBKFz12HRuEgvJLYQgphPu/Z2pYvhrHv6sL4AHatFxAPQtP4kr+lq8VakKeqWiu7GOHSL4ry8k1l5idKkAkEmbVw5EHf1zfOl3apcf2t3ZU0t3YhiEs/6SCYQCkwSf6A==
+tennis.			86400	IN	NSEC	teva. NS DS RRSIG NSEC
+tennis.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yXQuOFDzE5wdMn4LHzflHrLTJw1Hh+g6Huu59Ws2DnHtz/yayX1z3z1gSontFo5WhRKrJyBa35JYhRmZuoNI4jkxn/QlUPEHC2MJ78XAx9oEiQH69J9yZCLtSpUI9xuvipTKyMFkl9xVG7PSitetTCtxxkKfllrBgW+V7oN0krmDUdFdMFK7OrOq09ndcmX7+ySSPBd3AHzEeOOfTCusETcNSuuRHYf9I5f6myw/DspcXSj1Bqo3DVbWoSjP/I0KWmY3aNjALzoSK7nc2EVoUka3bRfPrAyLinUmX+HukXXOEhh4qyTT49FSw7ZShG+KRkKM4DTLeExqR15ye6+kSg==
+v0n0.nic.tennis.	172800	IN	A	65.22.28.32
+v0n0.nic.tennis.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:32
+v0n1.nic.tennis.	172800	IN	A	65.22.29.32
+v0n1.nic.tennis.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:32
+v0n2.nic.tennis.	172800	IN	A	65.22.30.32
+v0n2.nic.tennis.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:32
+v0n3.nic.tennis.	172800	IN	A	161.232.14.32
+v0n3.nic.tennis.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:32
+v2n0.nic.tennis.	172800	IN	A	65.22.31.32
+v2n0.nic.tennis.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:32
+v2n1.nic.tennis.	172800	IN	A	161.232.15.32
+v2n1.nic.tennis.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:32
+teva.			172800	IN	NS	a.nic.teva.
+teva.			172800	IN	NS	b.nic.teva.
+teva.			172800	IN	NS	c.nic.teva.
+teva.			172800	IN	NS	ns1.dns.nic.teva.
+teva.			172800	IN	NS	ns2.dns.nic.teva.
+teva.			172800	IN	NS	ns3.dns.nic.teva.
+teva.			86400	IN	DS	21292 8 2 2F66A0187371C329D36B36768E56ACFB62F8B60C8D17A7BB6E3CF7ED800F8789
+teva.			86400	IN	DS	46417 8 2 7E670079255665759E954DEF033D30AAA2DABB07CF77ECA7F27975FD03E0CFC8
+teva.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cFoRhP/JaswQsnM0opyQbWKWqALaOMWGidBm/nAzVwwkdFdgoW/nP5F48gnPwViOhltXd4H9sm03goUpYxdrGV4cAX3cfc6nroHq7yDVPL11n39Ro5UO34k2idHL2EmeFXtsP8GtcABYOCv/2dKwv5C/hMWOOll5lQRF+vNVIoJowiIAW2/ehlrRxmNLQbYJArL6ZiZ5YJpSEQSD43OjeWxr60CXKEyOPBe7IwBQCWapx8+c8uJqNb+k6DDlRT5A1/pKPNWA7BwB/4OUitMmxdJ1YZpKQyQDC216wtn2tqUSFRjC9Zn00zizHBXftbbR6hgifSj7mwqG8/aMvPyG4w==
+teva.			86400	IN	NSEC	tf. NS DS RRSIG NSEC
+teva.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ztyBb0lTgAJ/GD3Fvw0tuR8Woc+ltyz1qpqMzjY1i7q9UwGK2uSI8q6hSzFn1plDMhgs6YA9CwnK5+V28xo/Ug3dckGksuSRwHyKJu+77kCeQbpwLpKo39XKO3n23q8+DuOKdRLX0h6NuqBzJId8icEXhs/BKvjI593nSFovU9KiO37982Ino77F2gLWPMHI69jBG1A5PuVIbJU7TjF+NsTL1cH4w8Jju+tX1jqmI1IdZvTug/ryw/OJuvi15dB6ZHUstDtU2BItjVil13Md+ofWOVuzSfxKpub1N+kGHylZJyv6VRF0Y4oI2QjcpeIDyXQzg33iQxTX+JIXuzKb9Q==
+a.nic.teva.		172800	IN	A	37.209.192.9
+a.nic.teva.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.teva.		172800	IN	A	37.209.194.9
+b.nic.teva.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.teva.		172800	IN	A	37.209.196.9
+c.nic.teva.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.teva.	172800	IN	A	156.154.144.160
+ns1.dns.nic.teva.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a0
+ns2.dns.nic.teva.	172800	IN	A	156.154.145.160
+ns2.dns.nic.teva.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a0
+ns3.dns.nic.teva.	172800	IN	A	156.154.159.160
+ns3.dns.nic.teva.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a0
+tf.			172800	IN	NS	d.nic.fr.
+tf.			172800	IN	NS	e.ext.nic.fr.
+tf.			172800	IN	NS	f.ext.nic.fr.
+tf.			172800	IN	NS	g.ext.nic.fr.
+tf.			86400	IN	DS	12095 13 2 4110ABE221396D1A9493C5DD67140890E14C73D7AC0FCD67F4B60979E9881283
+tf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F4vKarwZJL6fcbzJpgO3nC/DoMT3L8bbvOMLIIH1aZX4liY8i6UEbZKSL0bHujUdQ5vgzo2juH/zCwAKW/YcUfPQ5Yzw2y6KE8giMBitKDYrW7wy33FWHDqMCD83MK5cjHkMxF0qRWheTAmVTF9sQz8r7vDHv5SxPfNSxWUkASMcBRXzIRgKpygOBbOP4wysUYnzgQOpAJHWwFQUdM1t+K+TAd9ex0C8UOMIC6p6POn9XQtrq42vcspkAh5qh7Py3QQz+LRqIcN/3POnz6KDgQbRk8mjx9IzUyhL+bMPpGwmOcYUq/7KFfBUwjzVi0AbjcVShJcSgrWFjRTeqWrhXw==
+tf.			86400	IN	NSEC	tg. NS DS RRSIG NSEC
+tf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qq3ghMjDcnwdwRGEaY647doDIj3mXHIctSbRbc3RLlgtHkZS0xAIoZQwuz6iKwLnwrKAvCoVB1Y2k2QOHt6cw8IgyazP/WCrwEu9ACP9QyAgYi7VHS9VqqOtUrP3PwsDsIxAAaTDb6hGnhrIdtajnpfixQdJt6WiVl9otEZGee360Kgeg0Pu07sn/W1zGB35CAxWCGq77zr7EQDn6g9NhjuZbUlxnO090d4BJtP/1kl3/SQBo+LmDxFybNcuopTQ3nqWHqlSucw68xMh3wtMjRqoGdkrhSP3GoLsGoC5d98JHnekhvs8mvKrUSRAnwwGxZhZHo+qriYDe6N4n3BRsQ==
+tg.			172800	IN	NS	ns1.nic.tg.
+tg.			172800	IN	NS	ns1.admin.net.
+tg.			172800	IN	NS	ns2.nic.tg.
+tg.			172800	IN	NS	ns2.admin.net.
+tg.			172800	IN	NS	ns3.admin.net.
+tg.			172800	IN	NS	ns4.admin.net.
+tg.			172800	IN	NS	ns5.admin.net.
+tg.			172800	IN	NS	tld.cafe.tg.
+tg.			86400	IN	NSEC	th. NS RRSIG NSEC
+tg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1Ds4qiAqB+H7alRuuIcFuzh0z83bDhG2/V2YSVpLqcgOC+81leYiKAASL8tJ+Be0fCS4VmK1lHS8x63gMwhVibAk28auZUDRC0ae+Mu5+eM6BzSeVtC10EIvr5CZRUyLhzKbnTv6MI/JrTJ/pZFJ+WLCrYw29S5b20S7MZVrrg9ziYf6Dn+KJRo69YI8BrYXLfPWxTZZqAwUGk9JPN7X6tMH6w7/QNfUwFdQyrKbbHZ5UT0NdEVIO7+TOSmK37i0RsAa7sMYE2aWTFbzCUWJHipI+3v+p2LLNgSZJtee114+UaJ0oPDre4GwUPxp/YsfGyBsG+GCiJ2ZI5LNblE24w==
+tld.cafe.tg.		172800	IN	A	80.248.64.20
+ns1.nic.tg.		172800	IN	A	41.207.188.36
+ns2.nic.tg.		172800	IN	A	80.248.68.12
+th.			172800	IN	NS	a.thains.co.th.
+th.			172800	IN	NS	b.thains.co.th.
+th.			172800	IN	NS	c.thains.co.th.
+th.			172800	IN	NS	p.thains.co.th.
+th.			172800	IN	NS	ns.thnic.net.
+th.			86400	IN	DS	19117 8 2 E26BF35F73234AC50C600632FC717AE491F4A8B4F662FB29234F5499ACFEBF64
+th.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mVMKlqvEf6plpsEu0GIhuCg1F3vVe/O0RuTnRRN7JE2SwjRWXmmvmk7ntJ9tszn5VKLiRhyB2BD0djfpwePRldpcYtG1R6qAwtOonARXjLN6dF4QqGvZ2HVVHBWW5JGYbZc9qzEW06aDtoyLSvK1Eogv3fnuaqrovulUo7HT5e5aqczImxxfEriQ/aobU9UhtKKC4f5OIV0Qd4+Gt5DlEFxW0nY/dZ0G8F9UXQXnyk72k8ZGyHCH1VX1UsVrR5aGIEq7FDVIM/321um+aIdDC//8Uud5Ftlz/HppVX5mPY8TUkqIh+XxCMJz0n2lOz2L2H8DlqDdCVXk7U0Jh+sYjQ==
+th.			86400	IN	NSEC	thd. NS DS RRSIG NSEC
+th.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cz1dJw2NlshUtpL3/cWOvFGphUi6I2EN9mw12IW1u9PsGYeY4qwd+LYz3LR9CKYqZ8f/n1DxYcSdh4OP39kw5NL9gnw7A3yqyCi8ZeKTTfXMv0uaSoB9A6k1x4dnDHhJi168fYV0ShOfKh6bZbAijvD/e+9ozZav6iiRN+T4N5Y/O3E7lIMSwANtvNWS3v74Tjjavnf4RHphzDYVK9jsikvg0T1PU73U8Yi68IOBUdUi39I/AlPUoTzt6Ro4F2l8PoWUKiZwPaE5d5Xc4USUxn8y5stjBdP5RuEUO3u+BVzq0o3knEUqtAFGjzdMaE+Y9atKLoI0U7U68uE6BkS4sQ==
+a.thains.co.th.		172800	IN	A	122.155.23.64
+a.thains.co.th.		172800	IN	AAAA	2001:c38:2000:183:0:0:0:30
+b.thains.co.th.		172800	IN	A	203.159.64.64
+b.thains.co.th.		172800	IN	AAAA	2405:3340:e011:3000:0:0:0:30
+c.thains.co.th.		172800	IN	A	194.0.1.28
+c.thains.co.th.		172800	IN	AAAA	2001:678:4:0:0:0:0:1c
+p.thains.co.th.		172800	IN	A	204.61.216.126
+p.thains.co.th.		172800	IN	AAAA	2001:500:14:6126:ad:0:0:1
+thd.			172800	IN	NS	a0.nic.thd.
+thd.			172800	IN	NS	a2.nic.thd.
+thd.			172800	IN	NS	b0.nic.thd.
+thd.			172800	IN	NS	c0.nic.thd.
+thd.			86400	IN	DS	16237 8 2 A2B1E70EC2A5831A069B94CCF9B39E547CD9A351055EA87F4B74DD99F7B061E1
+thd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ssdx9keeVgxquKj74a2CU5xX2OcAwwH3yO68J0sSF0m+YtIYG75KH3rFal+NH4GbOm7H9cWavgdGEpS1oNcKsA/FaJBEslip+4cyuFW2j5L5a23H7UEoi1jA/XAzV2gLN88v2WczthJPNi/VPxbUE40Nv8OAveK+kuJDTxM52iRIBiliZKe8+sX+UmXKabN7FfAYVQSx3v7g83B4hdzezaKz8R/xWtJ55JVyLHSj0ToP/X+PeSrgyCbwA5j4R+Jsn0y/c5UNw49o5UoGmrenxwDeOa/3MdscXTXKLigFzOsk56UmA4hQxIbTEALRTQwT/7Ugphu/TIgJNBTqtjrgZQ==
+thd.			86400	IN	NSEC	theater. NS DS RRSIG NSEC
+thd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 01pjB3KzACNupmDuQQr9YqWPYYXoKE+uboLvBC7OguUwd70QiFd8GN0PI7+k8amPRn1i5uzICd8FHNRqzZZy3BlBAZi5pAkpK/hpZnugKiBHHBxHiatcAyKYBq5SsEhbHX091ai/gLWpbbxc4aMhqlxagKYzfpuGrLLFBXBn2+UN5YNSTFwaOAzQbcNl4MzzLZ52aJ2qqL6scTjotc6LKtqAQXIgFExQ2PHfn5XL8eshEI9sONe6QEfYM3+tVnxrlq4MVrgj7OT+8BJSfJ3jlwTQ0l5ffcNs9odu+HgjYf/qA/N8RYmCYIYlDAx24iZEYNX+g83IxxHw6sKFANrvQA==
+a0.nic.thd.		172800	IN	A	65.22.192.9
+a0.nic.thd.		172800	IN	AAAA	2a01:8840:ba:0:0:0:0:9
+a2.nic.thd.		172800	IN	A	65.22.195.9
+a2.nic.thd.		172800	IN	AAAA	2a01:8840:bd:0:0:0:0:9
+b0.nic.thd.		172800	IN	A	65.22.193.9
+b0.nic.thd.		172800	IN	AAAA	2a01:8840:bb:0:0:0:0:9
+c0.nic.thd.		172800	IN	A	65.22.194.9
+c0.nic.thd.		172800	IN	AAAA	2a01:8840:bc:0:0:0:0:9
+theater.		172800	IN	NS	v0n0.nic.theater.
+theater.		172800	IN	NS	v0n1.nic.theater.
+theater.		172800	IN	NS	v0n2.nic.theater.
+theater.		172800	IN	NS	v0n3.nic.theater.
+theater.		172800	IN	NS	v2n0.nic.theater.
+theater.		172800	IN	NS	v2n1.nic.theater.
+theater.		86400	IN	DS	835 8 2 1F2F456AA1F487103616FE00B21F4C6B8238213F5FC85401CFE49DC4B4C2DA10
+theater.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fGfY+TI+j9KLi01m7oEm60J993SipI0uNsP/C5KG5F8WNnpGTaAAiatqBOpm2fuheQLhLVy0tqtvDLN2ae8XQd8GpexQPcKA+GI8x+PgQhISm40LsVRTHWN2h/51t3jem9B29HIn1F2T0M2xewpBosFq+xlLsZFVBjwFvpYPmI2p189VnvBlZo3hlEHw/MRDQko12v/61cjJHdbjwI8Au4UUdUAPn1n002oW59+XFE96Rekc/8eeuFMLMliCOP5bVVge5JQ7ogKKas4fOpM26sGEXxYFHZQPCbn/n3qjYzL4h3A96L+Q5lrq9sN8LddkOGmXB950sPWvs5/piiXcHw==
+theater.		86400	IN	NSEC	theatre. NS DS RRSIG NSEC
+theater.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RTA8yRb98BjoUDLM0PPcUkz9yBIMjaETKf92WSpjksBAOrAcZ5KTOxmOMRWO4keSvVt5C9kxNVfsSgunVHDtDH7P+vePfAiIOHh4aPZJjlBUe5EhbLYakTz1hg27Y4QYqw2Q9Ud1sVD/BGN34beNVLZPGsuKwJbv7bK9mWZaxp1obRFqh1Uht6VYJ/9HeRUcR9nT5Q25n9ZCNHtr6zOcu1gxfssvo8uFhcdzAN/XbQ43dCephigQ5sZt3lKvRt6OA+m/44eqc8hIB+CWuaoIV/So3wIRhX3CTAhHKTvbVD3ZdeZ3z4p2OIkBqYb/XrrSdk9WZ2AFv8ncL3mtYPqKiQ==
+v0n0.nic.theater.	172800	IN	A	65.22.20.64
+v0n0.nic.theater.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:64
+v0n1.nic.theater.	172800	IN	A	65.22.21.64
+v0n1.nic.theater.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:64
+v0n2.nic.theater.	172800	IN	A	65.22.22.64
+v0n2.nic.theater.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:64
+v0n3.nic.theater.	172800	IN	A	161.232.10.64
+v0n3.nic.theater.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:64
+v2n0.nic.theater.	172800	IN	A	65.22.23.64
+v2n0.nic.theater.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:64
+v2n1.nic.theater.	172800	IN	A	161.232.11.64
+v2n1.nic.theater.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:64
+theatre.		172800	IN	NS	a.nic.theatre.
+theatre.		172800	IN	NS	b.nic.theatre.
+theatre.		172800	IN	NS	c.nic.theatre.
+theatre.		172800	IN	NS	d.nic.theatre.
+theatre.		86400	IN	DS	45196 8 1 ABED901A738D17ABFA754E304B6E1C0C9021AAC5
+theatre.		86400	IN	DS	45196 8 2 530B10CE5CC67A1F4C6E5F59BF28E851426B9D6991233203E42A8970BD9A8011
+theatre.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0IxW1sxbTvYWDA5+FwbSIx6O3V80ind6hREe+Xb5x8lIoNrGNRlIdqdy/g3Co2jcCFyKA8RYJO1kiB14nkE36yshYhUAj1ZQMPUD0BqBuPT9r6S6SdZiVWVOrtectwMiZbkQO1sTcOM3kszXR+cI89MOgNVPCAo125rpbVzJj3XhM6Cg6t+MZv75X9tdw/nYRSdg5IelHPTodnP5MIVXlzsdPRNN5NwVtwNX80zWi9ZKuKAMxOXgcWHwb20dg+Xb+HLTozTKINxprgt6ewCERdLL6ZZmafVMUaMKjzD83wt47ONONFTA6GHsmro2Qysn6WaikdLW8YcQ23uVL+FisQ==
+theatre.		86400	IN	NSEC	tiaa. NS DS RRSIG NSEC
+theatre.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pK7ucLWBsNCV0NxeAgv1yqd8fuMhXtOOKo+Ga6S872wTZDVoDS1wMeYP6fm6TnGo7/zZ0MZbvf4NDQq1S/mAmGsnOXVbytLMRGUgyaGqY8r53OJ2phopyw/uy4csjDMZKFY3pjaxDAOHtL8B0DkHW3xYYAJf7DNAZuSSg1T9tJMvYyS+TDvxAuTByNZKh5WRnsHt77Gw2LswdMrQfasFjLPOU1iHglZa3NW5XwF2n3W64o56x3uw32M0QgI+uGMCYMooQ5yr4HNjxAcIgHKz7ehrStsYBWp096o52ekK2ZU+7bawz5dFQYE1TcYWzp+IsFttPYq+L4kgiRH9lcbAHA==
+a.nic.theatre.		172800	IN	A	194.169.218.69
+a.nic.theatre.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:69
+b.nic.theatre.		172800	IN	A	185.24.64.69
+b.nic.theatre.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:69
+c.nic.theatre.		172800	IN	A	212.18.248.69
+c.nic.theatre.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:69
+d.nic.theatre.		172800	IN	A	212.18.249.69
+d.nic.theatre.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:69
+tiaa.			172800	IN	NS	ac1.nstld.com.
+tiaa.			172800	IN	NS	ac2.nstld.com.
+tiaa.			172800	IN	NS	ac3.nstld.com.
+tiaa.			172800	IN	NS	ac4.nstld.com.
+tiaa.			86400	IN	DS	9186 8 2 5214D8971EC4DC7CD349205BCB13F84D4446AAFA4D87D07C8C5443A180741FEA
+tiaa.			86400	IN	DS	14185 8 2 14D2BA968E8BDA466149FEBEC577C50ECA9CB7759996FA762A5F8081C424B825
+tiaa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CmC9P3f3AMN8DrpQSmBClXaXpQbiZWkyxA4IVdaEQ5gzEQl3aLeCMX2UyEM9pyrDFanqJ3ed9nWx8FQK1swdp/g697nQ3skFDUwfRMC/1H7UHjh4JRqFrdCzZcmQzBYaX5naUShWH8Wkb/8SSUF44Yb7UccYXGfsEsrva0jrjgzADTme9Amz1tfQH7a/7GHzAcoYfM95tTHXD3Rwwnqgb01FHUFlr6bDg1L0+8ASZc9yNms1pZx7Zko7Zf4pMOpQHca7ggJkimgHyaReuIfYdTIkyI+CbrhXHjfj3/tQCAo/xLrAeVm5Fr1wQH4FpM0GFpyCRiJ91W6My42e/jLiYw==
+tiaa.			86400	IN	NSEC	tickets. NS DS RRSIG NSEC
+tiaa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OmCFuzJWxIY1XXZGPwdCUKuFsM9tDb0TTlxZiP6zigzJPsl2CA3asjBmqwJGzQmRG7OS1reygagUkjQ5LwO3BWQn1L2f2N7FAAhUZwcQlLVRJAJZJGqYkay1aRt+4GpWORVZpPq9XlfVXxAYSvdZTeJHs6fjR0Qo9X1oHM/GWvenHrHt3P1ITbLJDasjldBZ3IYoQca+OmAVkznnUfZo3zXHX6CcbsU1iIBjHG6uv8ZxfoHL9IczXTu+g0tmxqrbOdg20qPbQ7pSbAEITIbyxVqLsVc/Fe7g1jX2xSR6FKMc/l1i92i6RClmZ2xNnVVgqol0W1HRA0aA1E+s1WMe2Q==
+tickets.		172800	IN	NS	a.nic.tickets.
+tickets.		172800	IN	NS	b.nic.tickets.
+tickets.		172800	IN	NS	c.nic.tickets.
+tickets.		172800	IN	NS	d.nic.tickets.
+tickets.		86400	IN	DS	11069 8 1 EF9659C10A6FF3B9259F2DF0CF7D36ECA515C8F0
+tickets.		86400	IN	DS	11069 8 2 5D58D40B472461672340583B4865540A52BFB551CA57663B22084E554D09532B
+tickets.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SKTQR3THe74Gcg7ck9WiA8tDmSIW49gBRqAIDJmConoHMMHXOQLl7a+BFOYmVjtL3tYUuQ5r4Txhi4e51ETSHkCSZHcn7hqaYgwfYCoCu92iZLqtPw9ytl04JAnwjp50VOwxZV4eGXAXy1PcxcY5uikIT12c0620EXnY2myTLuc9F/Q/tbHzpEOUrBV24HNKLkdNT8oPietKCku1W6IrwsdfBlJ2eD6+KfIsnZTOMh1GbZENuIqIUWd1VgtLP0erK10ol/KtMMHQaoEmB0bFVGxcQhauew9JvZwAMYgo9R4AHeol76TT2yVvJ78oLamXVyUF0HDok5WutJAUQx+w9A==
+tickets.		86400	IN	NSEC	tienda. NS DS RRSIG NSEC
+tickets.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . t8JqoeyOzHzmhGFUuCLZI9pKxIGWpHhJHOYk7QGQDlVxR3d/tgmNx78otMpIBKjI8tOVH12jI4UnWIzDMtdm/9quasaDsQtbvFeQAqnCK26TgYTSYdQNEoKNWV0ytLgSDYkYGFNiWE54QJTYyqJqEnPORBouL36TsiyHkhoF9Meckl0Cl5N3Mw5/YVO3oQnQkALwJMRPry6jklaC34BZSkQTSD8z2PjsChPiQu7DXA2BTEyozCNHytm6A84F7QeFVA3BItw9YnNA1SU8XIx0z2qBwLnl2YvhUu43DQ+ccJxJW9Xzj4Csf7A99SQhZG/2BmY03qibanKOXZYa/yB8ag==
+a.nic.tickets.		172800	IN	A	194.169.218.58
+a.nic.tickets.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:58
+b.nic.tickets.		172800	IN	A	185.24.64.58
+b.nic.tickets.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:58
+c.nic.tickets.		172800	IN	A	212.18.248.58
+c.nic.tickets.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:58
+d.nic.tickets.		172800	IN	A	212.18.249.58
+d.nic.tickets.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:58
+tienda.			172800	IN	NS	v0n0.nic.tienda.
+tienda.			172800	IN	NS	v0n1.nic.tienda.
+tienda.			172800	IN	NS	v0n2.nic.tienda.
+tienda.			172800	IN	NS	v0n3.nic.tienda.
+tienda.			172800	IN	NS	v2n0.nic.tienda.
+tienda.			172800	IN	NS	v2n1.nic.tienda.
+tienda.			86400	IN	DS	18877 8 2 8A24A050895DB01A10AA65274B30E9DCF130A48499F4E24659488430893DE7E1
+tienda.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z3QoHSdJwYkuK+fojWRYOTw2qSRyHIdY5tQBVe1E69b9ukC0feeim4p2srLwobtXtFb+Feg9CiyD8hh5Cv/oVw/xtS9t6sk5JeSfjOhn06dNk+14u3n5kDodLbGlF+nwPKjrnoUNLpTexIZPTImke4SfRf0E1ExY2/kIPkWDyrLqFbv8fzr3spRXCUq0CpNLYgq5qGoEYvuEQRXemw34GFBCEPedjmsQoN/zRuITRSFDVSy9JTM2MwsrEVk3i7duETaEFxP7UwZSgkHRFqPPNUJCu6SS32hBePEbVIENxpRZ0KgiySPbFEb2j/Sl9JkOjZ2QpHGlwpxCl9MrveX4bw==
+tienda.			86400	IN	NSEC	tips. NS DS RRSIG NSEC
+tienda.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QQPALsNbSFflpMlGSbGo1Kdmqx8iN7qczwAb/08ITf7TkB/iUW5wuOQ6v13yH7gSRQ+vsWvsma+wXmJd6hUoc7jobaNXowM14350npXkaeZwB+HewUsD4IhGbNxEaT+Xv1Z0WJOeqZ35zn3swF80w2WNFJCBS4eMWyC3WdkbGz4tbUwkEscygIQL6GgYAPhkVxYkUavOW9m6SmgJsLikB6lV8UNMFrkcGPUjczpeKDeG8g0W7FcetXbHKjOvfsIbBLNBcRhJ2Xmtdea/wPKwxjuR70q8AmtYCrxjY4eulpttGywmpSgNrtqtQp2eSU11DCZZj63dKBSY3nXWO3YEMA==
+v0n0.nic.tienda.	172800	IN	A	65.22.32.29
+v0n0.nic.tienda.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:29
+v0n1.nic.tienda.	172800	IN	A	65.22.33.29
+v0n1.nic.tienda.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:29
+v0n2.nic.tienda.	172800	IN	A	65.22.34.29
+v0n2.nic.tienda.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:29
+v0n3.nic.tienda.	172800	IN	A	161.232.16.29
+v0n3.nic.tienda.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:29
+v2n0.nic.tienda.	172800	IN	A	65.22.35.29
+v2n0.nic.tienda.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:29
+v2n1.nic.tienda.	172800	IN	A	161.232.17.29
+v2n1.nic.tienda.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:29
+tips.			172800	IN	NS	v0n0.nic.tips.
+tips.			172800	IN	NS	v0n1.nic.tips.
+tips.			172800	IN	NS	v0n2.nic.tips.
+tips.			172800	IN	NS	v0n3.nic.tips.
+tips.			172800	IN	NS	v2n0.nic.tips.
+tips.			172800	IN	NS	v2n1.nic.tips.
+tips.			86400	IN	DS	47965 8 2 F7855E0B7ABE74AD44B19DBA63986F47A496E1B7DD37FFED2BC2C2499DA4CA72
+tips.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CSNqL6T/DzMBdrzFl3DH5m3ECHazkeRv/P7KMVLZCoew0jkfP/ZmQor5cEakJA0u63VvIqiJnlaTX3SbgEiI3aQJzomCNvItRJavrzBlZYvglMmWF3OuVMcDXPclzMSMwCys09zDfSagRu31tudBo6Eiv7URz7rzXVuVxYQ/iNvXYP2FJpBp86xXMIx3fE4x857KQnH65fniotoINeCGicWcWvmw8Bn//+JYZZjyjTQO3stXq2HrZZgL578MQ4aXTy8tSseXlNDPsgvSyHMix0/Dk2HF7eJ7ddrlM6j72q9RHd4MyBxSjTVCd2izvHjAlF6orDk4bLaLi2hmgmAvsQ==
+tips.			86400	IN	NSEC	tires. NS DS RRSIG NSEC
+tips.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dfU0r/coBeGb/fw1TSwQI9ZVpLhhxsDx81emwxlkYIWTHs3QQhW5XSx5z/awjPODCgDt6aKxm5QfH9y+dUBQWRKuZI0dMHcQo9zbHni/Po79DuJYiF2xyqmA8fXV03i4VbhVgfafTTbZ/M8gYSTHB8TRxZRrqYglVIlj9A7MAjxqQOyP4OAfdo6FQ3pGSaEd7pz3Ldh1W8Zksqjsyie0MmfLGv20WJu30is+ju8bb0keag03/t+S/jMGikQHEXzs+UfqStO0SfKRwdgl7Nwxob2ZkQf6p3z5ZORjYrqhljqEPTS6yxW2ybDF+rQ/3ZH+deCDtBQpcQZi2MBMBjv/zQ==
+v0n0.nic.tips.		172800	IN	A	65.22.24.5
+v0n0.nic.tips.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:5
+v0n1.nic.tips.		172800	IN	A	65.22.25.5
+v0n1.nic.tips.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:5
+v0n2.nic.tips.		172800	IN	A	65.22.26.5
+v0n2.nic.tips.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:5
+v0n3.nic.tips.		172800	IN	A	161.232.12.5
+v0n3.nic.tips.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:5
+v2n0.nic.tips.		172800	IN	A	65.22.27.5
+v2n0.nic.tips.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:5
+v2n1.nic.tips.		172800	IN	A	161.232.13.5
+v2n1.nic.tips.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:5
+tires.			172800	IN	NS	v0n0.nic.tires.
+tires.			172800	IN	NS	v0n1.nic.tires.
+tires.			172800	IN	NS	v0n2.nic.tires.
+tires.			172800	IN	NS	v0n3.nic.tires.
+tires.			172800	IN	NS	v2n0.nic.tires.
+tires.			172800	IN	NS	v2n1.nic.tires.
+tires.			86400	IN	DS	21502 8 2 6DB31BF7D51A54D4C5179619A31D6256747D09B3B4788B6A82C61841C20ECEAA
+tires.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LDtz4S5mSgXR72CeNFX2WOj7hGXbDsa/MOx37M0yaM4coSHnstWcVwnq7i/j/W8JKvGAh0Mb4vnkDQ/lVJnWNyA9vhyjFLlVPGD6qjs+D4yoruu0r0njIdvp1K5rfAueE/HmNjjLxN1BZwOcWpIYkVdJrwNyfDgE2KkU9BDPJ7bZP0mFhy+S3mIXRmoaQNrUu8wRoDg3PaJ11KBxOq6NvDtO/gN/lS7C0ZGY60g8KncdUROxGoWudQH+t1o08l+vxN4/28dr1ofnU8deEemprTtuWUemJQOIIp1gJUrwMFMRzrDiHO3pt7MF/iW1/MMbPie8zHDo2ke6WyjIwnpH7A==
+tires.			86400	IN	NSEC	tirol. NS DS RRSIG NSEC
+tires.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SkmxJYHSKuesp2MOjWlLT5p9eTCjV+kR1vyeZMImZqmIdHn5UqMJgZcuvLrj0gfEuYtU6UwFvp3EYyECo5jxcchTyGcjgTu/0mkAPgsCi7qYFsQcEIr/L6nmcbUZtMuOH+PMGSRZWeJCyZ/efFm7iFHbY+0Y7UaOMRO/5c9+aH6AH2LUtFUcDx5JdiX4HGmuBRhOsKFALC4Wrm/niYRy/lXBFAWsIBLHdKYdG2p4/hvyGB3GarmX6e3732sJJ4F+0pxG86G8fl2V/jIX9DTKkdhzIVmbLtRsfQqBh/C2mBVq0ksOeSusx8sEaNxi57MN2mr2AXUVLUNInm9vePP5EA==
+v0n0.nic.tires.		172800	IN	A	65.22.24.64
+v0n0.nic.tires.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:64
+v0n1.nic.tires.		172800	IN	A	65.22.25.64
+v0n1.nic.tires.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:64
+v0n2.nic.tires.		172800	IN	A	65.22.26.64
+v0n2.nic.tires.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:64
+v0n3.nic.tires.		172800	IN	A	161.232.12.64
+v0n3.nic.tires.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:64
+v2n0.nic.tires.		172800	IN	A	65.22.27.64
+v2n0.nic.tires.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:64
+v2n1.nic.tires.		172800	IN	A	161.232.13.64
+v2n1.nic.tires.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:64
+tirol.			172800	IN	NS	dns.ryce-rsp.com.
+tirol.			172800	IN	NS	ns1.dns.business.
+tirol.			172800	IN	NS	ns1.ryce-rsp.com.
+tirol.			86400	IN	DS	49289 8 2 79FE828514049FE47CF888BD5BCC827503356C085951AAF089894C61C28F7496
+tirol.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xuau4vtlNRXPoix7EQMtIRJdzh5DFy6sT6tUBEOp0fA5AZcA6B3ytaPeYh9+dkUlHIJ7mYg7v0wrUY3a+WelRLp3fpA3NZeZTQ8ZjNtLtvcXUfdPwM5V5vwdJowYZ7PQtBmScDWd49hUrJHuVqZmBg+LOU+suSm30tY6ou5KT9AgIhVOV7yufUq/yQ588FvHNCx1ZMRrfOh+o4YFfQqkQobzbJi8y1Y5WbYer1Dizy4LcQelO76E5VL+BetSjVZ34lPBMpyqESH+mzHoFonc4cKzaAj+9eoPgXCUf0gMiEr9mEufp5G1NJf18e9v/iyFGsPhy1abGcgLABZ24cnGmA==
+tirol.			86400	IN	NSEC	tj. NS DS RRSIG NSEC
+tirol.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . R8DtqgANPIJZ61b1bYBfAM/2rx7VlWKrZGiSqK2gsbTWnw9ZPgfZdRlhQE1FhVTK/MxVmN1otxqvndzUh2uyR495cUQkWHU3X87RDzb7JUAa66tG0i7GP2G482En3Ej6pp/V9EM1Q1TyEdyTYKlLEAB00Nq/TGGQaOMRIJ67fdo5sRE9dB/WBnX6obE+p+BXf9UfezFapSsMOUrIsIPL538L2Q4ZS8oGazz68VdyHqUffqjd9iakcNzgr7T2SL43DXdAryd7QxlGialq1VElx6fT9j0yrNqw5dzPQZuJfxmpCvvX6Gek8VZLQ3sR4e2umFuP0wE/Bhm0vjyERYy1RA==
+tj.			172800	IN	NS	tj.cctld.authdns.ripe.net.
+tj.			172800	IN	NS	ns1.nic.tj.
+tj.			172800	IN	NS	ns2.tojikiston.com.
+tj.			172800	IN	NS	phloem.uoregon.edu.
+tj.			86400	IN	NSEC	tjmaxx. NS RRSIG NSEC
+tj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JIe2o9sMkoy18BNx8q0E9AhNzBklUyt8y8f1DVSgzW6wAB6ctJFZPcsVp9+VzuTPUt2UiFW7MDLuKf7XlesssX2gU7mXRJjfdHDMdoI4H4PX+4rpUy1YgpZ58rImtfRGyHPW2x0mrgXzl6rKV1P8k2Ai3EQ4A0lo5I/eTvfoP6QC8ofNslweEfBfA3apobcfQjjncuj58Y2XemF9KsPVy7V4WlKrtPiqmYuPeX6Tl8KuAzU6xBYl+1MuqNIXgCsNzym1LGarmjnZBbvROsASShCYXmtCi6TQxxTJGhRRgorV3UQj2XFfkPxDbAB98wr5kLDzmQy3AG/rGNekCHs3yQ==
+ns1.nic.tj.		172800	IN	A	91.218.160.197
+tjmaxx.			172800	IN	NS	a.nic.tjmaxx.
+tjmaxx.			172800	IN	NS	b.nic.tjmaxx.
+tjmaxx.			172800	IN	NS	c.nic.tjmaxx.
+tjmaxx.			172800	IN	NS	ns1.dns.nic.tjmaxx.
+tjmaxx.			172800	IN	NS	ns2.dns.nic.tjmaxx.
+tjmaxx.			172800	IN	NS	ns3.dns.nic.tjmaxx.
+tjmaxx.			86400	IN	DS	47464 8 2 FD4D33C7B820582CA00AA1191DF28406FF4AC867302F06CB5101F29F7F54C33D
+tjmaxx.			86400	IN	DS	52204 8 2 C70AB029DCCBDE228B1CF0784CDC44470B89BF5F603C560645B614CD33D3CA45
+tjmaxx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DDMDQwcnw+2BXsrocUtF+kMX7QTGW8gVewGJO6t052k0rQm7i0gY8ZGYQSKoWVfX776IdDsHVyvF0XOoTXd557hgz4s8NWV240/lVebXd082TBlwRHc9W4tW3upIA+KqBiP8Zp5YMdQnao2rueuQ0hsFBL7EnXUMcRzXxpPpx/0C0plKIIoJcD92YAqN40tG9w9HKmBjcTYhnIcRpWydyiJZOZm6+KUqBp/dKLoD2qZoqUBDHsUd2hmhalAVEAe6kuh1vzQEe2MKnjJFk9KbI6BDfKSSnjNs6FylPTopz6FWwiDTVbCkPrP60v5/dMh9AOfmHnpc8U38zZSZVljxbA==
+tjmaxx.			86400	IN	NSEC	tjx. NS DS RRSIG NSEC
+tjmaxx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Loj3H4u4k6eoGFWBjo3D9Zm+gOKjR49HZF94XLQJVjrOpJ7pdX88FYYMx//8KwRJ7vCVlhnRb1bjwwKhbOFkyyTUhlvjK3qdPJADuN5R4i+XUWF2kkvRVFseLibQzxovBbjNahTaXNYgR1n38sKSRVg/p/UzMLiP3e759/4fKPGvhXYIgUupxqoj8t+FgDqKOrZdsozaf+yxejz4leTmdRtBD79VCFwEpf2ontegqtrMvm8JJ8oOoZIh2cWUsbjdDGAAIfrNOXz4owWDcus9QGFv4TqBHEd17A5PXOGzrjm+syO7v7KlpPtVnVzYPuKOMgn695cgh1PrzqzDKeSf+w==
+a.nic.tjmaxx.		172800	IN	A	37.209.192.9
+a.nic.tjmaxx.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.tjmaxx.		172800	IN	A	37.209.194.9
+b.nic.tjmaxx.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.tjmaxx.		172800	IN	A	37.209.196.9
+c.nic.tjmaxx.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.tjmaxx.	172800	IN	A	156.154.144.161
+ns1.dns.nic.tjmaxx.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a1
+ns2.dns.nic.tjmaxx.	172800	IN	A	156.154.145.161
+ns2.dns.nic.tjmaxx.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a1
+ns3.dns.nic.tjmaxx.	172800	IN	A	156.154.159.161
+ns3.dns.nic.tjmaxx.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a1
+tjx.			172800	IN	NS	a.nic.tjx.
+tjx.			172800	IN	NS	b.nic.tjx.
+tjx.			172800	IN	NS	c.nic.tjx.
+tjx.			172800	IN	NS	ns1.dns.nic.tjx.
+tjx.			172800	IN	NS	ns2.dns.nic.tjx.
+tjx.			172800	IN	NS	ns3.dns.nic.tjx.
+tjx.			86400	IN	DS	6334 8 2 009E613888CFDE218F0B08E676EFBAC926CBD6EE7A12CFC7B984BA18013A0C4A
+tjx.			86400	IN	DS	62626 8 2 C5299CA2E7E2344FA3FBE4E7AB6479704D235F4A8B0A628EA98E91D2F7670745
+tjx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sOegAJ906vEjtXr95GMSYXYIZ/wQGtrVi+Xw/JadQMmNnoN+Jqtekqi+bMSm4vFtWo+BXlcD84EVC2Mjf5nV6Xgt9TPZOt3VWxt2RYc4QKL1llkeJQVpHhpUzghodaZ3HweIa8I0MVLUxDQGS/2KEjfopCL/j36Q50GeKlLQc8soZdZRCqgdqLAGP8xH/SzTEs/VMbXt1U13n9drZ3tZtyCV+P6BjxXq7P5R0VFsY/jBmTMDFEX4hHOJJrP2A3O6ZEP7qmnqcM4+Fh+Z5CEUuEA+ASO//FAUk0pzOVnkwD4wfGR4SSL9oNZJ6G2wOl+6+QIS5bHjbn8PrmSoXCKBWg==
+tjx.			86400	IN	NSEC	tk. NS DS RRSIG NSEC
+tjx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UqAqAyDeJpl6hVfOMRNqnultD72Y4f8OECWrmtNPNM/UboS8st8ahNn1wEPih1ZQDBn5YsZ3RS9aDlJgiE7zSDFQJh7sFGgrXwP/mSxsM2ux5gqtIhMpNMbCd7bnSK0Y5CkZkvPqdSnklXbWTXa0ZTq4n41h31TOpqOl7SiVM9xXv6oPSjAOJGsMMy8v2scXxUVPd7W7JWeJEiYDq5ULl3MlhZOKkU2Fl1ipqmmzLWjxYG6THvDIVGnicEco+Jve+59JhCl5rxuJ2zG0NpjCRy+WY2eXTVK4cVseyLUVcoZZ/PqXdGgy45ibTKgkLXiMPyoC73mbZEGt8nEvFmTFxA==
+a.nic.tjx.		172800	IN	A	37.209.192.9
+a.nic.tjx.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.tjx.		172800	IN	A	37.209.194.9
+b.nic.tjx.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.tjx.		172800	IN	A	37.209.196.9
+c.nic.tjx.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.tjx.	172800	IN	A	156.154.144.162
+ns1.dns.nic.tjx.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a2
+ns2.dns.nic.tjx.	172800	IN	A	156.154.145.162
+ns2.dns.nic.tjx.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a2
+ns3.dns.nic.tjx.	172800	IN	A	156.154.159.162
+ns3.dns.nic.tjx.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a2
+tk.			172800	IN	NS	a.ns.tk.
+tk.			172800	IN	NS	b.ns.tk.
+tk.			172800	IN	NS	c.ns.tk.
+tk.			172800	IN	NS	d.ns.tk.
+tk.			86400	IN	NSEC	tkmaxx. NS RRSIG NSEC
+tk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KqiMzAbQz/k5CRIZqxJF+4DOHZWwUFRskJDV+3tb0ghmg2/liyDcYauLSmYNia0LMQKjNU29xgac+ajdovKAu4rZ9PrH/5EczsYxXOqda9qBGJ+VOw1xVDgIZVZsi+9nXt+4jP8lRUL1tPanb10StE24jdr8Nx4KuRnNm5O6v5qqkrZ/yJFiUIfCzNub3wFuxNLBt9Zui44YhuLFoBAoynHwJ5TB2uLvtHYOb2inoapgzuQ75ulKAqKMNRXfrS/7ZBXcSmpYe4HOOVf9KP0VSBZDalCHmJwkw6JixpXRzjx3ZFhao4zmoICcPNAwoLs4kCs1InI83vgUVDjHkR8s/w==
+a.ns.tk.		172800	IN	A	194.0.38.1
+a.ns.tk.		172800	IN	AAAA	2001:678:50:0:0:0:0:1
+b.ns.tk.		172800	IN	A	194.0.39.1
+b.ns.tk.		172800	IN	AAAA	2001:678:54:0:0:0:0:1
+c.ns.tk.		172800	IN	A	194.0.40.1
+c.ns.tk.		172800	IN	AAAA	2001:678:58:0:0:0:0:1
+d.ns.tk.		172800	IN	A	194.0.41.1
+d.ns.tk.		172800	IN	AAAA	2001:678:5c:0:0:0:0:1
+tkmaxx.			172800	IN	NS	a.nic.tkmaxx.
+tkmaxx.			172800	IN	NS	b.nic.tkmaxx.
+tkmaxx.			172800	IN	NS	c.nic.tkmaxx.
+tkmaxx.			172800	IN	NS	ns1.dns.nic.tkmaxx.
+tkmaxx.			172800	IN	NS	ns2.dns.nic.tkmaxx.
+tkmaxx.			172800	IN	NS	ns3.dns.nic.tkmaxx.
+tkmaxx.			86400	IN	DS	8737 8 2 96CAE3DD0D803DDCD31CEDE1B63D600D645CA9EAF67E39660E00D521CB16FE8A
+tkmaxx.			86400	IN	DS	46960 8 2 ECB1A09652906F084A1D362E599A9FCDB024F3E9382AC8DC6C3E47F6DD25FBD6
+tkmaxx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z34v245fAvYpnZOlOmcJWMk4vuhewAQv+kcbYJfZoPjvQGIypv3sPrYlt1yoNBKYRphOnRHTvKRNpK58bSY1RLkmJaJoqizUQ3PP++6gYIyEsunhNyA6Mh4r1jn/2gX2503m8rC6yFkY4VvO85K1PsUUR+Y6keB3mMECFNYCs6KMkrupSzcPNLEs/TILDuXCzbk/qmeJA7LyxBK1xUL+6caT2h1450rvpCnxJULjp+yss3AxH0UtH/ERG8vDxbyfNvEb0sO8gakoy/eVk8crxWGav0DEzknw7BB5A+juRlsg7UMWWvEUyljZJyeOggl9JrbT7iK2hvvVAD2i5NPgIA==
+tkmaxx.			86400	IN	NSEC	tl. NS DS RRSIG NSEC
+tkmaxx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q3BkHBTtYLOn0m6PObXXoGo8n0GWKfehMkGlN1jNYEyKeiyGKjYsD4+d5ai7Z3uZokbkMrOc1VgwCQ2De5If/tXQ2cj+It+ZqMlHYKR7Diedg6brnkq3Bt/2Dx2bM2rZlkhrR1C5S/DcLYtNddJDpRLyBcfPbRt4L/hasNCv3P0eUcsFSxqyWARxFfNOhUgwsGxfZ36Ft+lwRR+QmWsy7R55maBG1dsg2gBWGXxJhnxRCoxmOZju0gjBMbxW3+YofQHpLDwmrh8G0EIhFmyzIArPZEQQUYrMIJuh/MtXmieSntiPzOYwef8pY01H4CIr1bx/fgmgT0DxMIqNZo/Rng==
+a.nic.tkmaxx.		172800	IN	A	37.209.192.9
+a.nic.tkmaxx.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.tkmaxx.		172800	IN	A	37.209.194.9
+b.nic.tkmaxx.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.tkmaxx.		172800	IN	A	37.209.196.9
+c.nic.tkmaxx.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.tkmaxx.	172800	IN	A	156.154.144.163
+ns1.dns.nic.tkmaxx.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a3
+ns2.dns.nic.tkmaxx.	172800	IN	A	156.154.145.163
+ns2.dns.nic.tkmaxx.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a3
+ns3.dns.nic.tkmaxx.	172800	IN	A	156.154.159.163
+ns3.dns.nic.tkmaxx.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a3
+tl.			172800	IN	NS	ns.anycast.nic.tl.
+tl.			172800	IN	NS	ns1.anycastdns.cz.
+tl.			172800	IN	NS	ns2.anycastdns.cz.
+tl.			86400	IN	DS	25307 8 2 BC0412D59817424A34040676F1AE1205B1F33FC9510E7E30114711851FFCEDE4
+tl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tDkBPBCfVFUSgZ9H41sLjOfoniE9sJcU4xvg7I4HMfjOPhBy1x8Vwj+EtcPer4nofaQ4+1zG8wZSeuVtvzSNLqSEfE7iDcvkm0Ica3cXXdRzEO3r3wnbl9pANa2xT2+z+KxAi4q6cGSDNeAnluKk+dP9cYTqnTtSpW8D0LawP/Scv4c2vUDXIp/gFtA0LGnczvPmZIjR8VPs4EkAXBUJ3oz6miHkC6hr1bwdm8Gj38RJD+ncdqRpMSbg2w3LHFJBImFLX63jWNKiS2uw4CJJNcvBAxfDKPBy43tW+yHUfN8y/UnUGHtSAnBCVA1Wwd6MsryhlDs59pUn9kRbzktf2w==
+tl.			86400	IN	NSEC	tm. NS DS RRSIG NSEC
+tl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . asUIgwwrFLxKeJNasMAw1JWdN3845ewOqNxWo5Gnt9Rls5viXcCIKmtwYOGh6k95cz6ver+cJC81HAZ1JMacsIy/7a+s/AMR8WfsU2hssAavKNpJ7Xd/Q1aeKMk3eLr/aGyZlK1t+mIiYg9sadLIEsfEGAJjvNMNedHxdz1S+cN+yimTpHODLXUeTHImWG1ggm4vLLZy2TqRSOylXfnGOdUqMbCfja0pdIFmrttblegQ6+sKQsjqIoU0wFLSbGrOuEzGlhe84ZXuwq6U8SE5TwIXUjePBEoS3qVjdh9A8NbGIBk7xJJCRvIr00L1Fmjp4XEBSfXgfDnqZMdvUPd1sg==
+ns.anycast.nic.tl.	172800	IN	A	204.61.216.19
+ns.anycast.nic.tl.	172800	IN	AAAA	2001:500:14:6019:ad:0:0:1
+tm.			172800	IN	NS	ns-a1.tm.
+tm.			172800	IN	NS	ns-a2.tm.
+tm.			172800	IN	NS	ns-a3.tm.
+tm.			172800	IN	NS	ns-a4.tm.
+tm.			172800	IN	NS	ns-d1.tm.
+tm.			172800	IN	NS	ns-l1.tm.
+tm.			172800	IN	NS	ns-y1.tm.
+tm.			86400	IN	DS	36787 8 2 AF4A3A54AA5F73C114F9C6E4D9C3EF0040E387806A9F92AE85276FF38F33BCB5
+tm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VIZurKPOoOUUdX+MQktFNVOoNrMsVGI74H6SbZm05/OfJprf87FKUKhrGPQAz27z9XIfKewYaWristwV4l7LUYnFbNBUhV9vUl3MTCcY57JeEz8nxTV3zuOO++fGrYeZNnUfT1hN9S7ufZWrCdQZima+4EPS3AOB4BvF/RvzlKWILDzlEHSkrD8500c84F37YWuQH64wKhcRy6+zXmzGDhxbLSUNVPLqSocE7lvcia6WE0rxXztydhzSPdYScfISsWMtOTIoEbpk1cmvbpdIqbPDNv93qtxsZ+RSGU7vvakn5gYTdVmKwJy5mlM60niG+QyNnloeHCXzWtxIkntrVA==
+tm.			86400	IN	NSEC	tmall. NS DS RRSIG NSEC
+tm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dLz0IxuuKrynNmcVuaKNLmhmWXUoz9vr6fwHTKuzAfL7vzcSTV76TN0MXhOoBQnkI+uO0dW0n2RZStDY6tvWGoLK8lI4/cDu2N1IfoDNB1JApWG37+BDLXJ+x0CBEosZsh9lZd+iy3Cn1EiUqgFGC7Ffbit3BTMJMv8x4mU2WYjPb8ntunFJKp3FfM6dKD7Pf36b3JEn4ez5OM05gWc/wI7gjl+OyMEghr9i9KpPkyn9LCNiMtWBv32AydBhWr/RberyjWij0Cxxf6ZvF0Ouj6hdNuvOWlHa54TJO7XAPZe5kWuWsIhP8vPwlXmNZQwJyrOaiQmUP2UY4CIKem2Jpg==
+ns-a1.tm.		172800	IN	A	194.0.1.22
+ns-a1.tm.		172800	IN	AAAA	2001:678:4:0:0:0:0:16
+ns-a2.tm.		172800	IN	A	194.0.2.22
+ns-a2.tm.		172800	IN	AAAA	2001:678:5:0:0:0:0:16
+ns-a3.tm.		172800	IN	A	74.116.178.22
+ns-a4.tm.		172800	IN	A	74.116.179.22
+ns-d1.tm.		172800	IN	A	64.251.31.180
+ns-d1.tm.		172800	IN	AAAA	2607:feb8:0:0:0:0:5:8
+ns-l1.tm.		172800	IN	A	80.249.100.44
+ns-l1.tm.		172800	IN	AAAA	2001:470:1f1d:244:0:0:0:44
+ns-y1.tm.		172800	IN	A	91.208.95.22
+ns-y1.tm.		172800	IN	AAAA	2001:470:1f07:d0b:0:0:0:22
+tmall.			172800	IN	NS	a0.nic.tmall.
+tmall.			172800	IN	NS	a2.nic.tmall.
+tmall.			172800	IN	NS	b0.nic.tmall.
+tmall.			172800	IN	NS	c0.nic.tmall.
+tmall.			86400	IN	DS	58525 8 2 74CCEEB96EF2237B854B057AB38A9384865F16C48EEB467364D09458B75355EF
+tmall.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . etf45TaleufKmuBgn2qk6BpEZvoeb57ZRoBBhk8DoqkUm9WQfWh+9Z94UvCOmmam0L1MJ5P73CzqH8OkfqgGlP2SiTbQqJEneNfRtswxRzafalDlWr11v/4SCSTqirfBzJuFXFnNb33nBDACWykWUVcBZRL3U/yhvbCyX43T+uy9f1jCAteFGhL4pcoB6/fvCTNAYk1AQ9X3kO11jL1yB04aR2oTNlOOZXrVtCc3GJdJPAZnmWaemWCjXUXmFvXFDXBzowzzfWaD1M+J2CwDhJCDtS/pgwYebDBi0Q/N2IDNllpQXWzd1n0FDTZmlBBNLvbgpF2ChX2+vkIpWavAtA==
+tmall.			86400	IN	NSEC	tn. NS DS RRSIG NSEC
+tmall.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O3KTOcTZUZvmTa/W+L34YAOAb0lEr1gTE0bTQdAAaZ+Nwrpa3nKtTVyWViOWY/saR+sHGMoHSXT50Q7ImpUbpcSEwmcXmGY4J6HPTteQGSzdKT5DGNIQGz0hIfcN1y4Cv6LvL7oPD5Mciej4vYgMQnnL0iCYb6APiHEeGB/4YIpcSvcByJcOgTFlzgQ2l+VC1f28N2zDklEsSmmtQpuTVTElBjcxyRXP8PrrDHZzcR90gtSV+/SPLmSBjejghdzJ813QjQDfGizVXU+lBWMUKWmEIDJbZzgXhB5QPHX1wgnuOZ6luyLyW0vd9AffDglX7ROVgub+d2ZqFjwSERwRZg==
+a0.nic.tmall.		172800	IN	A	65.22.52.9
+a0.nic.tmall.		172800	IN	AAAA	2a01:8840:32:0:0:0:0:9
+a2.nic.tmall.		172800	IN	A	65.22.55.9
+a2.nic.tmall.		172800	IN	AAAA	2a01:8840:35:0:0:0:0:9
+b0.nic.tmall.		172800	IN	A	65.22.53.9
+b0.nic.tmall.		172800	IN	AAAA	2a01:8840:33:0:0:0:0:9
+c0.nic.tmall.		172800	IN	A	65.22.54.9
+c0.nic.tmall.		172800	IN	AAAA	2a01:8840:34:0:0:0:0:9
+tn.			172800	IN	NS	ns1.ati.tn.
+tn.			172800	IN	NS	ns2.ati.tn.
+tn.			172800	IN	NS	ns2.nic.fr.
+tn.			172800	IN	NS	pch.ati.tn.
+tn.			172800	IN	NS	rip.psg.com.
+tn.			172800	IN	NS	ns-tn.afrinic.net.
+tn.			86400	IN	DS	8629 8 2 05C891303FDEE4FDAE258E2A7D48370CE21F98058C0EE0A50C438C2878A8E2D6
+tn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uHTW8ASAZ8mfpOjYOhSWPTgA/Dq4bn+8h4vx8YgbP/7OY4tkOJOh/xG8eqISpwLZLEQVhrCMPy4R4LJMyv5xtRkF68xrlghuhu0brTuyHtdQJWPvlNKldPUdIYFdbDJN3mWPrJG2ryZwEp1dbWHi/+5hirsC7Wft3jiFRLmf12EJHTWK2Xf2C5DXmEhlz0IeschVGGKswnLGrm96BRIWNcWr5kYPz0K7YBHxGWQl+Ai7ingL7NYAiijxGZXuhvtQ8uGexl1kewNvvkbo/W+Xpf87baIQ4WqZwp5e28cR3YGGRm5+Z9t/Qxn0xITBy5ngXqpKk+AzInAtzElIo8fGjQ==
+tn.			86400	IN	NSEC	to. NS DS RRSIG NSEC
+tn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . K+dhoUy1qtXbcMNOfRa1Rmg9XMc9Hn2ZQMd5gs15ldiwpyzg0It+8i1E4Es/731AGGBbe+bN92EikGJGrUNRWAIPP9PVdh5jrFvZyju0aNa2c+sDIsrjwd4pPXWWetZyVW6U/iZrh6DLulX/lkFpRbj66z4TpjIodvbGjkvqCPwop2y6NPfi5EWOIRRnNupcXjNkoh4o/1+mUXPa+cSG1BtaQZD0Hrf+FA8rYo5wB62BzEnl7Foq4Y2g+BXfQqqOb1x76fJ8ho1Q/czZkyyrrOZG3/KxryEE37pD3C3xkxHc8eyGy4t8W9YyccporQBrIpEQXt0w14kRqMh8+hbZCg==
+ns1.ati.tn.		172800	IN	A	41.228.62.63
+ns1.ati.tn.		172800	IN	AAAA	2c0f:fab0:ffff:4:41:228:62:63
+ns2.ati.tn.		172800	IN	A	41.228.63.62
+ns2.ati.tn.		172800	IN	AAAA	2c0f:fab0:ffff:5:41:228:63:62
+pch.ati.tn.		172800	IN	A	204.61.216.94
+pch.ati.tn.		172800	IN	AAAA	2001:500:14:6004:ad:0:0:1
+to.			172800	IN	NS	cd5.tonic.to.
+to.			172800	IN	NS	cd6.tonic.to.
+to.			172800	IN	NS	cd7.tonic.to.
+to.			172800	IN	NS	cd8.tonic.to.
+to.			172800	IN	NS	tonic.to.
+to.			172800	IN	NS	sydney.tonic.to.
+to.			172800	IN	NS	newyork.tonic.to.
+to.			172800	IN	NS	helsinki.tonic.to.
+to.			172800	IN	NS	frankfurt.tonic.to.
+to.			172800	IN	NS	singapore.tonic.to.
+to.			86400	IN	NSEC	today. NS RRSIG NSEC
+to.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WEE4tzxcxm6l7kL9OtGS8Pw3ocOjOufe+nxOqBdss8oQHudAaaI5YaS1xiRcnhaRwPXVPtDA4Z+QyMi3WPo6bitQz2NgDUnu1a3v5pYlNFJ0bsO9PqCAqmy6Qjqleo/p/s4tDuyZhmPW/LcbWl8mGSUTJDAgzsY52SiUTKK4GBEWaH2Fs3IAWlijoXXjcBnIL8KVSiRvocJ2n5XctjvBmPBJ3Vw1NjB/ML0w9URg+CbSRLSpX4YLnPE2EeHYNVu/afneXYuZcy66s/UFiW++gcp7C2xit6R6MS9Fhy2RoWFhV6MBiAGL6TVAt5duz1Ab+1L+Tdv9phOPnVRC8bES4Q==
+tonic.to.		172800	IN	A	149.28.204.240
+cd5.tonic.to.		172800	IN	A	185.136.96.197
+cd6.tonic.to.		172800	IN	A	185.136.97.197
+cd7.tonic.to.		172800	IN	A	185.136.98.197
+cd8.tonic.to.		172800	IN	A	185.136.99.197
+frankfurt.tonic.to.	172800	IN	A	46.101.233.168
+helsinki.tonic.to.	172800	IN	A	95.216.159.42
+newyork.tonic.to.	172800	IN	A	162.243.211.202
+singapore.tonic.to.	172800	IN	A	188.166.187.0
+sydney.tonic.to.	172800	IN	A	104.156.232.193
+today.			172800	IN	NS	v0n0.nic.today.
+today.			172800	IN	NS	v0n1.nic.today.
+today.			172800	IN	NS	v0n2.nic.today.
+today.			172800	IN	NS	v0n3.nic.today.
+today.			172800	IN	NS	v2n0.nic.today.
+today.			172800	IN	NS	v2n1.nic.today.
+today.			86400	IN	DS	8164 8 2 92C5EAF94DD9DBC7D5254FAF41CFF9DFEAE138C718773528DAE6B717EF1B6FE0
+today.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Wogm2u5ydFl78THQuNld1Lv8mmgGonZdQi45XTAEdz1NBuMDaA6AXHgXJ8EiCEpAJW49/THY73YzVUJz4qqdRUVRSJ5317s+/Wf/ct2OpHSb9U/67r5vebYezVOK49jdkQE6Q/vI+ijH136n94loomrHG9y0acaDdQg0lBbdP68G0QKyEOZeeEs3YjSZ5vKRDNIF881uHrcJ9ITVfK+t3qlYKRofLLDRBYsVaooMgsA735P/8YLgpmdEuN2z02pH1vPJjtUAwKarhA0nX3pA0DvsHt5dw7+CUFrUHbwVEIjaLNf1QCh8sHDUT5y1H8b5pTY58I8e4Es7+OWnp/tzDg==
+today.			86400	IN	NSEC	tokyo. NS DS RRSIG NSEC
+today.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aPZFNN6RWH7QKPX/575OuFtDhXnl8bsrDOtqcAy6Q5kjxFXDpjn9JHKFWAcmf58Df8fQyzkCgGO3hhXvolQKUbqoohu5HFO4FHYi8BSlHttRw7im1IygpQzyRurz5WWsB5eHxI9u52RDrqZWzLrTBY92zZFTqwxgfeTdHrtDl2lqUsFsbwI931iFP4wZbdHpGU7A2p+CnNEwKEEuTcOGGXKrSXCWArqihY7IiKUSs0eotP26YfNZZK2J7RJKf/654yEI9T0ag7noZj8QaBCoYMbVP338wdk+yqzEplJRKUnHW92zTQQYS1CLcz57LMwaMG6lKvMs0Q0nbaDJgBg2TA==
+v0n0.nic.today.		172800	IN	A	65.22.28.35
+v0n0.nic.today.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:35
+v0n1.nic.today.		172800	IN	A	65.22.29.35
+v0n1.nic.today.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:35
+v0n2.nic.today.		172800	IN	A	65.22.30.35
+v0n2.nic.today.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:35
+v0n3.nic.today.		172800	IN	A	161.232.14.35
+v0n3.nic.today.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:35
+v2n0.nic.today.		172800	IN	A	65.22.31.35
+v2n0.nic.today.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:35
+v2n1.nic.today.		172800	IN	A	161.232.15.35
+v2n1.nic.today.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:35
+tokyo.			172800	IN	NS	a.gmoregistry.net.
+tokyo.			172800	IN	NS	b.gmoregistry.net.
+tokyo.			172800	IN	NS	k.gmoregistry.net.
+tokyo.			172800	IN	NS	l.gmoregistry.net.
+tokyo.			86400	IN	DS	34775 8 2 009538D854DC2B09A147C657B496A8CD5151BC2FBADD83CF0C322F625FA5A7CE
+tokyo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ov/4USsyopE0ZrIrY6I346ih9hK0afnoL54t8GDnfShOphfA+MnrCjjV2U1+A4D5hJyVDI+XYWo/PpTpi9YmwYp+t9f4y15cg54e2urVBKlEgEtkQccYX9a7WMkYZZD9L0105fXnEsKaepa1nW/cPWPbVTJzIlpA506e+ITULqhHe91PSOsO4FB3uBFAr2xP1esjQAEVoEQN8JBhCU/wnmcKY1645/SKrRrfF2TncXqwkRtSNeQSrkbcTWJVkuLXdmktDrNkuZ27hmSKpE+0/ZITWiFmZtYHSmxyb81L0pekw9TcVJiKrUXf4aHeUK+qUBLlKPn+kbscxDarEU8TIg==
+tokyo.			86400	IN	NSEC	tools. NS DS RRSIG NSEC
+tokyo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BKbJvYuWXOzSryZuMJ9TnX1CGFPJhDxX762x/RaXQuXj3qRtZOlwKYHIYqpaJIfSI9JNMPXq0Nuz8phsE9YbZEsS1slPzjt+pPTVOsTw/k3E9NIRRcip/ujrars1cj4h6rHyVOmLuxi2y1LPnQHQx8spCW7oU2bq+ryKh4FMlNI05zTEdRya/XHjmRpYU9V9WpoMZDOMQE9YTkF/pqNA0ctBoUvoh7PwQY6ZvyQJ6P9Oh15lOQ+lVEZLvyS8mzid3/159buJJG6a8LUShrGjtP+agfrB6f+KqMMHNKPfasYY2kIciK+vDvqJ1BRO2uMmCxi/JemAK2htWkxepQhMzA==
+tools.			172800	IN	NS	v0n0.nic.tools.
+tools.			172800	IN	NS	v0n1.nic.tools.
+tools.			172800	IN	NS	v0n2.nic.tools.
+tools.			172800	IN	NS	v0n3.nic.tools.
+tools.			172800	IN	NS	v2n0.nic.tools.
+tools.			172800	IN	NS	v2n1.nic.tools.
+tools.			86400	IN	DS	13831 8 2 5DDD852D119830BE951AFA0D5176443A935EAA350278EF15FBEA34156CF5A9AB
+tools.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . V81pVhO7fRrpbR7Vs9eoTR0K1yMhDuoLZ6SPXov6COGqxsUYjNHwnVX1xk/P6yhSZN63v39foZkkgQVjSo7B5qKYyD5oRACQtTxAGICULyzXiBr85FDL25bJq56y9oKhzKpUmKFczFQw9j3PqBiZCRBlwq4eVUi2NFUNEo9pMF1FUT+dUxiLxAjDJSZ8/wLKRI9ewRar68+hauEfe+vkGUoDJtK/zBNC3HxAi2ji51Vdsxyq7TbHHoAXFs1GKdLrn9uhSTJssHuAjs5Nt+WsaKs5CYO3S/FXu2JP1hQgW3mT7y3y/yBur4A5zcVekS5tXU0BhQ9sSp+rRFog3XudHw==
+tools.			86400	IN	NSEC	top. NS DS RRSIG NSEC
+tools.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IXJ4Esey8tTNsUWqAdF0agRlWRwEh5ShIXtq3bvTMqxKvl2iB1HtVuSSruo89F20TY1uhhlEcaQnmXN2NOSjxeLyKON43y8eU5svTkJGcTdcoP7+r49hR7PwpHzg/EkoQ4lbQLOOkMbmM5Mp9TAI/5SwfphIzQ8qdHWahJTRqaJDblzN/+aziPIi1DLTcJNnZU/FEH5xttc7H5ag4F2XuJFFktTBBCMOWWWEJkOtjWRSzFUVrS1TS7ABvxtTgCzsXk9bF8dElDIQAmn4uXOezMuptQymZl6z5Gzi5u163xBkaQxTn8wAucM47eLGeQyBcR1i03wBUks0rzqaF7zFyg==
+v0n0.nic.tools.		172800	IN	A	65.22.28.44
+v0n0.nic.tools.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:44
+v0n1.nic.tools.		172800	IN	A	65.22.29.44
+v0n1.nic.tools.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:44
+v0n2.nic.tools.		172800	IN	A	65.22.30.44
+v0n2.nic.tools.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:44
+v0n3.nic.tools.		172800	IN	A	161.232.14.44
+v0n3.nic.tools.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:44
+v2n0.nic.tools.		172800	IN	A	65.22.31.44
+v2n0.nic.tools.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:44
+v2n1.nic.tools.		172800	IN	A	161.232.15.44
+v2n1.nic.tools.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:44
+top.			172800	IN	NS	a.zdnscloud.com.
+top.			172800	IN	NS	b.zdnscloud.com.
+top.			172800	IN	NS	c.zdnscloud.com.
+top.			172800	IN	NS	d.zdnscloud.com.
+top.			172800	IN	NS	f.zdnscloud.com.
+top.			172800	IN	NS	g.zdnscloud.com.
+top.			172800	IN	NS	i.zdnscloud.com.
+top.			172800	IN	NS	j.zdnscloud.com.
+top.			86400	IN	DS	56384 8 2 BA378C5913404EC654DF544F519B0FB287E140D64DAC5D59E349962393C17945
+top.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Zp4UiW1xbfmegJYzPxk24heMxcG4jq3RZLJynwcEBJjUm371EJsSRb31zi+/A7Zi9iCkcUdcb03hvMiAtJPgC0jfQEW6kRAs/mEPKrLXIH5xNnaWqvIU3dPEP8oZH3mF0IC9xrFkvUspSbYrTDg7zZjkm3DZ20ghYdFgqVovBLO/ODnpURUrW8OrPb7S+uRxuEzF21wPYgu2WfSsysYD/0qJbT5oe3FGUykcgMQy8PTlBqFAnf3momkNb7iZQpgz7BYYMrXRtcPl32/vVtxuMbny3sAitsqJkYbSklr+gmYLPO9+ROck4ZJG/sNN6JkSc3TLpVoTxZtLZCswvD9eAA==
+top.			86400	IN	NSEC	toray. NS DS RRSIG NSEC
+top.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MsmvXoMl1jco6GE3/C/SP6mtI824OvLnfX+hB5NunbJU7JnBoXvUiKCwxJJYI/hXDcAV8pt8vBcY/S0U5EYjS49qYm5wLm4jSh0cjlV7wdhxiOozycEircCI6TkkewFQYFas7XOZWxgMj97XUSNh1eHDFH/55YDBXbkAOeKbUsI3n9UlytG6u0mWP9E7WCu6R2OKFVu81Gh5owh7UuF73IQ1ptM0fa0T/pSosQ3y8AjUq1bDX+m6Jdt43vBukdu+YMS5SeMMza5QXF2l4Q/3zsJcsP9iANe4qA9akcrxz1ONLm8Xfd2PqkldmodSPhVnaX1TQKIkbT96NhFUI9eLwQ==
+toray.			172800	IN	NS	a.gmoregistry.net.
+toray.			172800	IN	NS	b.gmoregistry.net.
+toray.			172800	IN	NS	k.gmoregistry.net.
+toray.			172800	IN	NS	l.gmoregistry.net.
+toray.			86400	IN	DS	53057 8 2 940A6F87F2D2482FC5541E20E646F38BB0535E7700D3317690BB42030C822D2C
+toray.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xXr3p+7p9ZxC1EbdIFDwiWzuCsiJyoJcTzvnHY7jn4uvWBi9FQP88tQ8Fw/17nQnY0IrnAHIf0DiFjiUzNxBJxXLeBRCIxzJPnp/4YwjFvslpdxQizZLMTQgE2MS6h9E5YrtTZFw0sEpTLmMDJjmwE8R4xmz+OqrOjLnIx+9P/UK9WRbDeblW1RYDGzNTzhSoJ9P4mV+sVj/ujTqmg7Bh5rfMFGa698Lpm5jYPTrS9dEr2EFTQ3ZrNd+Ebt3oCCqR/9yUrIGwLi1iWIppScMQNmj/O1eluBAZu89lilk4CKkB8zpYU8zjmYc7Q8GkCvA54TWT4/fiAO+bB1/6kS8DQ==
+toray.			86400	IN	NSEC	toshiba. NS DS RRSIG NSEC
+toray.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . W9stMhCx+rHgPbTClXi42V67BTvxOrlHTbhyockXvnVXSKEqNhBBZXkiyUi8/C/ecyaSh2zFrAMsiwcI6WhMMf0GUfQHdHzozEyySSmuuUZj9gW1akAdcz8ynfZdQAKP4tbNqavx9c2ZdrV8aqXb5tTj70+DdJGeGs6tnHWo8gMJlFI9QZuypV6qhPopj4N2Uun+3NRkmXdiOY/HL3yyRJOGmheD6coQeFSTR1Vu0mf4CIGwM1bHf8c7yGjiZZWVoRamZRFhtl2vtnDPVg5wgtYmnt41d9Z4aL5/dWu6WYyKchgazcMH4Hl827FE59xL2p0Kg29Y3VsXp8jz3lgoBA==
+toshiba.		172800	IN	NS	a.gmoregistry.net.
+toshiba.		172800	IN	NS	b.gmoregistry.net.
+toshiba.		172800	IN	NS	k.gmoregistry.net.
+toshiba.		172800	IN	NS	l.gmoregistry.net.
+toshiba.		86400	IN	DS	38891 8 2 3EF24A44F5FFDA39FE23E4E4E4D2449E55A0B3001EC68A075A38313B6A4FF0D5
+toshiba.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L/+4KsplgYT3Lk4TbAU5ljB7Bv16ug/xeUZcKfBPriXLTMzonIjd8PN2nqDhMQ+oDB8DmS6xbrgO5IGw2MsUKnS4NPu3tC/oGDzBGIa7tqgTWCZeVzCnhUnMUmnw+fldCL3Uq60Ph7fNYHxRDO0UB222BrbXR1yJJHIzIGzpTfUO+6rUSbdsRMDSkYMZ4ySAEWuYovVRBdaebVbVl5QEJVajKTndsY2HIJsv2ogKiC0VLpbYX/nscuo1Ut4A4mOarSMk9XTfkQ83yXBnJV1aVSBlBHc18OawyPyMjfKx8Wi1eZWYx+YTAhJrO3xRA+PKPtCtoMXpGSYrLLsU6rEUvQ==
+toshiba.		86400	IN	NSEC	total. NS DS RRSIG NSEC
+toshiba.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nleuysDp4J3rFcu6lkH3rtacxtImoR/Cki9OM4b1B2/JVEg/g8g1dmDuK+L/9JgcJi9IzDhqG3w8sdJhFlEsAalQM6Bc4/c7Xa9TQQm5MHpplyP266p2o7RmHxPkB2I/M1w5r1F+AVnyFdvnIP0K1bM5EYA/lHnn4d8+7SD5ZMqaxI+mt/65uEaEGFMbNX3e95b1DXfxk7OPdJ7AjfblEOxXK87XoCKt5E59R5kLYBqt4D7ZThyReWtpnAR8XsoCjfK3UqqhgptVY8V2ia1agoyrerS5R7cfa2skT27kOEAYilJ1sIg/uDedz1lOGtxMPxEPAWylEqQB3ZtyWCCm8A==
+total.			172800	IN	NS	d.nic.fr.
+total.			172800	IN	NS	f.ext.nic.fr.
+total.			172800	IN	NS	g.ext.nic.fr.
+total.			86400	IN	DS	60785 13 2 EB38C07816FDF6CF8277071F558AC0C7C787088263271B55EEE4E59981414D93
+total.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WvUhhzz9U1pp/PhPlUilc4tpiXRhict6deKjwbdgZtqsKi2gY1DHi7dtqHxBd5l7WcRIC0ltOERIo3IZd1vhou9GPF06w2BVheFoCcQX4zxvD7SyE09x2Safm1lBx3nsZB9qSVb2IevrMHX74maBeYveWmiujLimcREyq0bQHmCV4WzuGPGDSOH8R6TqE/p7MB+wINPG8yQGahxqbLMhW1dAVqCg8LqsbqtasZaV9sxAw2CrXxA31exdl4bhOYySqY25zMbwU1XeZOSmjzwkeJAVRUSgAuow8b7iq6hzjkysujgTiXqLmW4rguMmMq8awTtgPq7Rpw+ORSVRcwtbcA==
+total.			86400	IN	NSEC	tours. NS DS RRSIG NSEC
+total.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . c964k4MwHCF0W+QWxgHGNK0PgZZXmdeLyM2bVTzjHBatcdWkdhr12C9p8UnvcsXjLUQve/pD560Mo8sUj8Fu6RsNMmZCp+801f5FjPuwDEeQL6PTGkYiSUrYxIFyxazn98WPRHMgj+S7OztFN0NBDdP+kddNaj8ycbzEcXQrenSrcpXxqd4aY1dWn/yUO9ToNMRFP6fKZL02tXq0cylv1fxwFVkrSeWcmf/4TFMQVQwWtKSzS5Bfr2a1npxQVHHJqTMcc+fR3b9IH3Eq4LQ336epJcV0Meh5uLOiI9VYdNfYWgZgTsJh07lDBlni50NWeMGHDZk/5c0DSsUH7FU23A==
+tours.			172800	IN	NS	v0n0.nic.tours.
+tours.			172800	IN	NS	v0n1.nic.tours.
+tours.			172800	IN	NS	v0n2.nic.tours.
+tours.			172800	IN	NS	v0n3.nic.tours.
+tours.			172800	IN	NS	v2n0.nic.tours.
+tours.			172800	IN	NS	v2n1.nic.tours.
+tours.			86400	IN	DS	41716 8 2 AD0F4D55834496F7305AC2A3A8743DDBF7C4802EC246341E7F9E555FA42B5EE9
+tours.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GkvAD4Tvq+E+5HVQmW2K4tr//boakPF02A3vf7xMzGrZyYq7E8h5/zV2IJog64AG3lGNizEHCA92/rTqHYv6vG+3nH+zAHABUpniUVjLGR2CEE8rp4U5Plo10AGawLyxG0zfnKDfhMiNg9cBBERYGOS9w6jLiInGy9s1I+NWsqD31exfrOqOb+EHj5/yRwXFcwWCVmHDdbeCix6M7F1wI/lAffr2yb9EoaLZs+zHZGD+5W6dgzh2/CP6AnyGXaUEvs5heBIi2zLB1xpJBUY78V1wyk5Eezu1uhfZxJW0noRzgRK7QY1dq5+O78ThbpsaIY1KIG5ASHsH7sPUEBsWAA==
+tours.			86400	IN	NSEC	town. NS DS RRSIG NSEC
+tours.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HNBYtyYeBf2OB8XOCN4GC/RMb3uJNb05hKO63zAkmYCDyuNijIkZ4uumgTa/ICDmr3a2f81PJw5Uqr5gNiW12NDqMMNze2cJsOZwBCcQJHaLu7tSRtRLX3R7VVnWG4n9IV4J58TCvIGTZ4n9DBDBy/DzdrNFfAnarU8grC4zWRyfjF2SfZP19W81Uhd1lEz8n/kJZuhGaOWUYwoDgMPhHd8tC/BptRZP/s3fZOEmGW+2XdAdKBRolX9eYp7wXPP3NBa2col4OS8L8jfSmsa0Pok9QGDbEnWOvwv7ALEmfMkGdVULxnjnp+2FQYeCjL3c6s18cJ6DIdR/e2iP/ptLGg==
+v0n0.nic.tours.		172800	IN	A	65.22.24.47
+v0n0.nic.tours.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:47
+v0n1.nic.tours.		172800	IN	A	65.22.25.47
+v0n1.nic.tours.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:47
+v0n2.nic.tours.		172800	IN	A	65.22.26.47
+v0n2.nic.tours.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:47
+v0n3.nic.tours.		172800	IN	A	161.232.12.47
+v0n3.nic.tours.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:47
+v2n0.nic.tours.		172800	IN	A	65.22.27.47
+v2n0.nic.tours.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:47
+v2n1.nic.tours.		172800	IN	A	161.232.13.47
+v2n1.nic.tours.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:47
+town.			172800	IN	NS	v0n0.nic.town.
+town.			172800	IN	NS	v0n1.nic.town.
+town.			172800	IN	NS	v0n2.nic.town.
+town.			172800	IN	NS	v0n3.nic.town.
+town.			172800	IN	NS	v2n0.nic.town.
+town.			172800	IN	NS	v2n1.nic.town.
+town.			86400	IN	DS	63256 8 2 515451761441C5C476F32EE4D28AE24D5179521FB505C318EF721E5FD6165C16
+town.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z+ZXOOqrFuEVxbluPmJgnA+aOssEpc/pcE1/YMUHC+EpaCbdG4KFOvRqP9AC9YRsBh3oWcTvQFO8tuiOMEzeq8sTx9i21VNSfkhKmxvZuf6u6LZfKzH4KgjdXGmz2zJ20niwmaUjBjV5GqnDHmjbksW5zfQpBoU/8hJ8k4hXWPp3KIS4Bx0DwPKYmmFx2JuZjtEv4rXVmuBxRD+ujr/iWxiwgMJlb3F+vNtHDEOAl5ir6JK24DjEoFHh3OQNsiI3YgU9Kg+w81VOSvDoj8wG5Vf11rwp9qQGMFdSNyO/XmGoOtzZXNeAOZTLkk58ULamHx8+GXjVm6YS/Igz+Qga2g==
+town.			86400	IN	NSEC	toyota. NS DS RRSIG NSEC
+town.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DUyX+jaA9kkq5DSaN6ez7BzAGAzE4yU3ilgzFDwRcdx+dn+7ftlFbWu9MZpDxX464aWtpUQb3h7wnNqGLOq0oe91tGsf81Ygh5sw9UdXVmRCipCuLsbY+IxLsgep8m1tZ88P1wb4oiohhpsIE3pquFTUkE0i5NJOJhSLz2zT4vjxh5oHclAfYDXcq5VUOwbwsNy85bMb/gNtMoZsXuK5pUmLI07ZpEPVaJryymZimga+Do05Pfl7RGgWGbtKZQLlmgfF+sWjVdGXGaunGm9Kx+7Rc30K67ADKmr4/X485xl5w/S/ZAR/W65vMQQk2yHCo6iMMWllDEBpLc6zha9rqg==
+v0n0.nic.town.		172800	IN	A	65.22.28.55
+v0n0.nic.town.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:55
+v0n1.nic.town.		172800	IN	A	65.22.29.55
+v0n1.nic.town.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:55
+v0n2.nic.town.		172800	IN	A	65.22.30.55
+v0n2.nic.town.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:55
+v0n3.nic.town.		172800	IN	A	161.232.14.55
+v0n3.nic.town.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:55
+v2n0.nic.town.		172800	IN	A	65.22.31.55
+v2n0.nic.town.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:55
+v2n1.nic.town.		172800	IN	A	161.232.15.55
+v2n1.nic.town.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:55
+toyota.			172800	IN	NS	a.gmoregistry.net.
+toyota.			172800	IN	NS	b.gmoregistry.net.
+toyota.			172800	IN	NS	k.gmoregistry.net.
+toyota.			172800	IN	NS	l.gmoregistry.net.
+toyota.			86400	IN	DS	1172 8 2 D29F5D4BA40BDFED42ADBD4A710003739220B1D361D1A29E8E31F03BB067D738
+toyota.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CdQMaePrttVO1/cm8QaFBpPJz00TpmVtNkExXVT3uM++iZ6/EihqXyf5SSHs6Zmej5qjrjH5jALw3rB02Iru0wyeJeuvjcYbDBJzu34t8yYk3KvpDBonMjdjE5r5Htu1EQTIMJulAG4f9iApR5h7ul9N9GgQyBoMaL2vrh+mzIQR2ILQkQLK6d9z/PpzR6kzcQ4ZI14ZCbgyO7UlGaTCqWurv3w8USZX6JOtlnSTNHLeQY0ZI8+SUldgVXyeGXg1/sc6FwsDuCdMkvanBLAPHYc76SQ4o865D8Ar70PPjxQ+Q2ucxI9hzBtJ5BtwTGQLVER/zTWLYw+T7H/d3uX0EA==
+toyota.			86400	IN	NSEC	toys. NS DS RRSIG NSEC
+toyota.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UGGPHNUfUi9dRKLumHpDgC9ebJSQUGFVHHo4sqSfEVYjpTGfmy7kt12oC9JO1vIBuwZjEbA8nrMIz//h/Unx4VKA7Be2Xu/W2ZlpvwesDYFul0OVNHkX/5I6DnmP7rgMlhXgdGreeSVCSQRXCvBJr/L5VU7zAXbP9OlX2tQWbqDiK4lSDzP29Pgm5XeAGYqvUb8sQk2oX1D/OSQE3bwhYxDFoLw5QZ3IBci4fOIVhK2i27duRfELMNUXhZtELKyeL2SPJxaoHhnJGemLdm71/RaCDC8fDgc5ZK+vzuyJnRjeCA8xXDH8OFL7IyBu5BeMjZ1NO0KY/qQNryciENL6BA==
+toys.			172800	IN	NS	v0n0.nic.toys.
+toys.			172800	IN	NS	v0n1.nic.toys.
+toys.			172800	IN	NS	v0n2.nic.toys.
+toys.			172800	IN	NS	v0n3.nic.toys.
+toys.			172800	IN	NS	v2n0.nic.toys.
+toys.			172800	IN	NS	v2n1.nic.toys.
+toys.			86400	IN	DS	26029 8 2 7E93110615B5FADB76632C18AEE800588A81FC4D6D70B9029385987290678EA9
+toys.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Qu6cJp1T0KlF10lxhbw+tng5K++ShDlg7+00G3ebT8JySgT3O3eAldrrerphGHR0uC0uRL8qdSgAeNuvjwxsXgOAkhb6Xl3E3Rw9aC71RgTi7jZbCGLV07zh5d2BMl1+iJ1dvpkiQ8sAourNRoZXZDL4FqHAgFbgHwRlUbEkmQRlHCKRo9NxlKXM4HYFSkCnhz+0eGzxgqCvcTSCVz+s7aGam55pj7C6j1VpPnWnw+wdPWuVXEQo4fntSW1zhYvk7pRMUklfCpKGXk6rI4+5tcn/tX/zlFwq3XyTYYD4cmOP2eo5SM28krpIet+LnZPkXHdM/2TKBXua6Yg3XcshSg==
+toys.			86400	IN	NSEC	tr. NS DS RRSIG NSEC
+toys.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a13gFn8B4re0gsPgXiDb5yruM/2BR/tyF57ZdFfeRchaY1soNIeCYuF80+Dwte5NhsV3yNxfNZeP52usycmz2zpGGhiNK/Iv1zNR20mhQjvHDGdmOVdcHbE33Xym5UMnHD7eKVpFWqshAGNz6hPJx08rYouotQ3hdCWwqBzRp7xXawvNHJ9U7nIjz7orMUxVykiHzTCaET4UXwn1381AdxoGFRPtz7+tfczSpVIO4ftIZZq4U2ky0PE+uz/T8VxXZL0MHITkrjo6xx2kPzwkR1+4fI/3LhR6dQ2haKnx+QVmB6OGrpY03XDZmI5jODZrTZz3QoLxl5bwD2iu7Gq6Jw==
+v0n0.nic.toys.		172800	IN	A	65.22.20.23
+v0n0.nic.toys.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:23
+v0n1.nic.toys.		172800	IN	A	65.22.21.23
+v0n1.nic.toys.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:23
+v0n2.nic.toys.		172800	IN	A	65.22.22.23
+v0n2.nic.toys.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:23
+v0n3.nic.toys.		172800	IN	A	161.232.10.23
+v0n3.nic.toys.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:23
+v2n0.nic.toys.		172800	IN	A	65.22.23.23
+v2n0.nic.toys.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:23
+v2n1.nic.toys.		172800	IN	A	161.232.11.23
+v2n1.nic.toys.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:23
+tr.			172800	IN	NS	ns34.nic.tr.
+tr.			172800	IN	NS	ns35.nic.tr.
+tr.			172800	IN	NS	ns41.nic.tr.
+tr.			172800	IN	NS	ns42.nic.tr.
+tr.			172800	IN	NS	ns61.nic.tr.
+tr.			172800	IN	NS	ns71.nic.tr.
+tr.			172800	IN	NS	ns72.nic.tr.
+tr.			86400	IN	DS	48972 13 2 1E67CF0AA2E236A06D1F93491990960EFEBAB089A2BADAEFBB64E391AE6E95EB
+tr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WE5edfvuVVrnB/YyL08hK5wyVpyfzAE1Al3j6GEfEYdZYpPkmdAEMThpd7xLo6boauImlKyjHqP3WDHzfYyGU7EQKflBAh7CowY9NTN8sXqLi9n8PG+Ou888H/sAh+dncllwqqv0e0BO+PQH7lY4eA5Rt9/itVw+iowO9MmnC96ZxUYAoi6xluHpK7iCs7zI927X/fFfpHSrA9OPmK0kgVhdiCZbe3IcNpAUZZi1xE9ETwy6bK1WvWzBJK0fKCCXC9VHtuoVAnGAShgb8bgoLK8PQxrtC6YO5vAy8pjW5v1WKHSjOJ7Mvu+FqEbkYQrtqkpRzqOGIdHvAoprhR81fQ==
+tr.			86400	IN	NSEC	trade. NS DS RRSIG NSEC
+tr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bOYWa0HX3D4vWsJ2v4R8JsHQrAVShLlCdEJbMy9bd32dwm1v2iRF+MtyQvWEw9lYtZZvy0KlFtjyU6D+WOacDxZ7KqNjWe0SM5RaeYOxX1kBfc4Z4PVqldOwb6ExMpUWGp0lTipmv3oo6lFRNQsel0QTMDaFw7AVosroYoS1vBVmDkAXILyKL0oHk5JTlQENsnFqWIb37gPTxANALwVuZtR15/FwQ2Ha8yPPnmXDAsPFdYY/Y7Sc3ZjgK1smdaTIH39iAc1FGCDH9nrtJMifExB60oj/PBl2UGIyNo62JOxLlyOG59g0RxLkJg0sR4d1GVG3kNdhu/Lt3LtAE1Co3g==
+ns34.nic.tr.		172800	IN	A	31.145.139.99
+ns35.nic.tr.		172800	IN	A	31.145.139.119
+ns41.nic.tr.		172800	IN	A	185.7.0.2
+ns42.nic.tr.		172800	IN	A	185.7.0.3
+ns61.nic.tr.		172800	IN	A	206.51.254.1
+ns61.nic.tr.		172800	IN	AAAA	2620:171:804:ad2:0:0:0:1
+ns71.nic.tr.		172800	IN	A	185.67.32.53
+ns72.nic.tr.		172800	IN	A	40.68.114.66
+ns72.nic.tr.		172800	IN	AAAA	2603:1020:201:10:0:0:0:111
+trade.			172800	IN	NS	a.nic.trade.
+trade.			172800	IN	NS	b.nic.trade.
+trade.			172800	IN	NS	c.nic.trade.
+trade.			172800	IN	NS	ns1.dns.nic.trade.
+trade.			172800	IN	NS	ns2.dns.nic.trade.
+trade.			172800	IN	NS	ns3.dns.nic.trade.
+trade.			86400	IN	DS	34372 8 2 2647B121FA8A1109CF92D8A945F29FFC3BB42067D3B3C3DBA392211DE020D87A
+trade.			86400	IN	DS	64969 8 2 A6A28C3E7E7027758C2A68A2D255FF07956CF8BC41CE1F8BF8EEAEFD9280552B
+trade.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oz52adGtKxi+SkP+hO5XexsJU2qcaUg2nE8qCfXK2kMljT3mdPn055HfXX5VXAq4LCE1Fu9cszyG1vzTWiY8UJG5Dt//nZYjSY1uNMA4NWKqhdjinK9Wf5mFN8yazt6AJNbxTlj0MNz2Ujo2uJbOj0StcpFT3aqDnBoxuYAay2oO+caEsg99Vl/swAiHhZg+epPaW5LI1bHj0HCLS+EoVvZmqsI5sM0UguDpHTCgGQmfUkNPfS5WqkZOcXQjOcPgL7i7swZkSKLrljdrkOjChkdYpogu3cv2UvnrHWJOqPDE2OX3/Yhd44MqAzssK9bJmll5bjvnFnNmzEescWxxaA==
+trade.			86400	IN	NSEC	trading. NS DS RRSIG NSEC
+trade.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . u0AjF3RHayGu/PdK6oDQ2O4Oh96OOPlfhmcCcPXSPwdUWfoSx36ye+ndUaUg9hkHbCO5GgfbOrBLciT3jIb6EujPnvjsOwmKr444GVjoQi2auMYNq/vT0QNOrOcOHcMrPEbJY0u+hyLtlo+lBtb1W+bS0upo5XbjgKQNq6gRAr+bDw0RMHNlmtgUYGrERPK5iQTrBLteh3BXBbsVdp3FRHVI6te2VJPUfIeVo99GqXEHASFC16oqFAFPnpuFk3FgykKRshTS8rsNqnyhvx3LT2ADhuiaJgVWRkKfYlMxtVxGKdmiYXGU31AIhG0FmMW+5A9ZwMBSDmov4t4VyGu/nQ==
+a.nic.trade.		172800	IN	A	37.209.192.10
+a.nic.trade.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.trade.		172800	IN	A	37.209.194.10
+b.nic.trade.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.trade.		172800	IN	A	37.209.196.10
+c.nic.trade.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.trade.	172800	IN	A	156.154.144.165
+ns1.dns.nic.trade.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a5
+ns2.dns.nic.trade.	172800	IN	A	156.154.145.165
+ns2.dns.nic.trade.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a5
+ns3.dns.nic.trade.	172800	IN	A	156.154.159.165
+ns3.dns.nic.trade.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a5
+trading.		172800	IN	NS	v0n0.nic.trading.
+trading.		172800	IN	NS	v0n1.nic.trading.
+trading.		172800	IN	NS	v0n2.nic.trading.
+trading.		172800	IN	NS	v0n3.nic.trading.
+trading.		172800	IN	NS	v2n0.nic.trading.
+trading.		172800	IN	NS	v2n1.nic.trading.
+trading.		86400	IN	DS	49129 8 2 EF6CA74A84FBAC616C85DDFC58EAC5475041C67DAEC11FE64FA0C481968A0790
+trading.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Wkxj3ID0kkEHq3xBvUY0pceWXYbWWTzVg5SsajUH3bBtq0AV+nzYOrBLP/yZRJal11ENBupKGSYRKwrT7H5WZ0w2A+gMmQ3+xzL4/X5XYVKd4PrzZp6svle9pQqkYcBnFOaU3zme7XVlvmUrX8k7pscY9DorMq6rc98nBTbAJxNghTKQfnWOAh11P3uy2TOzHt5/sJE5XRTXKFU8GiFXxHi4Wk+ZYozf/VVOuK9/qpHNRvEP/lKmG1ZI4Z8rGMBnBZbmIi+3khoWSPU4tYVuQO6J3MvrD6G7qZWC1hZ2nd94McIgnmygJO7ebZI6iQLNQ2psL9lgSogRJsp/y4tOkg==
+trading.		86400	IN	NSEC	training. NS DS RRSIG NSEC
+trading.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fPU1e3ujBMQQG8LRqVvBJ+3nnobsy2YT9pFOjgUXem3ArjPt2Se679JxzRaWd1GJXDfqhVGFokxKEJ8qmDYPQ5MwCb+bNgKXbAjhZqEXz4esumSg8fsf74fhvZKIuvNBKPTZOl6neFlad8Z1GwTL59TXTgRY61GX+/kFohw/VaJqHSMDKvmlwrjEB9F8eCaCJC6kEByU8gTE/rgNYA0Cr2cgVqYwWCyTcTNWTVFwXZt7wcZJvaApxvHsrWs/ph1y3iVubgmK7gyHVJBffEJAF+7SBgMY7VKZqoz9z5vO3ESiKAACc+zWNp27Wd1okdfym1XdA6FYEhmrYUzb5vlXmA==
+v0n0.nic.trading.	172800	IN	A	65.22.32.66
+v0n0.nic.trading.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:66
+v0n1.nic.trading.	172800	IN	A	65.22.33.66
+v0n1.nic.trading.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:66
+v0n2.nic.trading.	172800	IN	A	65.22.34.66
+v0n2.nic.trading.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:66
+v0n3.nic.trading.	172800	IN	A	161.232.16.66
+v0n3.nic.trading.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:66
+v2n0.nic.trading.	172800	IN	A	65.22.35.66
+v2n0.nic.trading.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:66
+v2n1.nic.trading.	172800	IN	A	161.232.17.66
+v2n1.nic.trading.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:66
+training.		172800	IN	NS	v0n0.nic.training.
+training.		172800	IN	NS	v0n1.nic.training.
+training.		172800	IN	NS	v0n2.nic.training.
+training.		172800	IN	NS	v0n3.nic.training.
+training.		172800	IN	NS	v2n0.nic.training.
+training.		172800	IN	NS	v2n1.nic.training.
+training.		86400	IN	DS	44281 8 2 80DD6F1AAD9C85FED280BC232C0DD8426C09DD7BDD6F6E6BC16232E252CBA059
+training.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NljWx7MNqTr98TR0ZFwtZkKCbSSZwGqBs/xQ7rzvgUbkie9YX2Lyzd3CBm1mL3CyQARxkP86fjPwzxbjwUuvWnQkcJT9uko7XdNyL9cvEFXTKpkv6inrgasaZba406zYPTkdIzz93Wgba7L/HPwwtKo4khrU69uGhpl/PGdAWhJtkPdu+gmPmBZNAfEfVJvXQJYiHKitB3MYPpL4zjCsYYGoSymxN9sdRcs3iiIaUQ50oORWicXq9dm6noly4m6yV1SeGdx9IrjFOeBruC9yYvbwJgpHvR9B6H7j3mYp4utfY53e8svbH3N915YPsnrC4Z3L1xUOI3iZ31dHGww9wg==
+training.		86400	IN	NSEC	travel. NS DS RRSIG NSEC
+training.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gHCvFhCBVNds2cQAC/DxK2SpgEO6olO19LemWCepA5etvzG/PFPEMY6Fw4M5YcGXSGXgn68Wc2Y/javN1TJZ2aLVAM3sB4g6Efekdhb36S7zqQqtCADv3rTA6laucBT277O5r6dLY8RWB5ZZ0R9NsIrJ17QpsyqLIvbMN9xZe+H4QnAkvhCLAacl90JM3H5lPVkBAJBHobHdX5UtjBD4Of6wWdyluOKDeGr+vZmKzLz0eNW2X22fA1tdE9gKis1uVR4Wbh2TWFWqF1ss0acqyECX0beVDeC/qM5ODhRhnk6vYocyBHTMZN0WR5/Z1ZsHTFppOZxOd1lxgfZJUXLjSQ==
+v0n0.nic.training.	172800	IN	A	65.22.24.41
+v0n0.nic.training.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:41
+v0n1.nic.training.	172800	IN	A	65.22.25.41
+v0n1.nic.training.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:41
+v0n2.nic.training.	172800	IN	A	65.22.26.41
+v0n2.nic.training.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:41
+v0n3.nic.training.	172800	IN	A	161.232.12.41
+v0n3.nic.training.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:41
+v2n0.nic.training.	172800	IN	A	65.22.27.41
+v2n0.nic.training.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:41
+v2n1.nic.training.	172800	IN	A	161.232.13.41
+v2n1.nic.training.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:41
+travel.			172800	IN	NS	v0n0.nic.travel.
+travel.			172800	IN	NS	v0n1.nic.travel.
+travel.			172800	IN	NS	v0n2.nic.travel.
+travel.			172800	IN	NS	v0n3.nic.travel.
+travel.			172800	IN	NS	v2n0.nic.travel.
+travel.			172800	IN	NS	v2n1.nic.travel.
+travel.			86400	IN	DS	60277 8 2 DF8590752DCF2CC075F91D5A6178C38A7BA1DBBC0C2327B88CA37BE4797BE126
+travel.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WlO6SeLfyUoBrgxZxYuBEoVLQ94jnq+sC/v1M+BVVIRv3Z4UTxNYaAAy5A+U4XkNbYZJsgvbdM2ahxMfOZ21dlnPU8PH1pjWxrwGcXWmKAfjOQBHRe6xg3JL21zctCoaoSM35SEea94ElLg+LH/y/sj5Zl90yijna8rvx7pYCdSZweXaKY9tUdILl0Si/ADbWrIcKZTf6cei/SzW6E6e1dXMhEAb2ZKGRWcnAx5ID8IyCvdCoP8b5Xd1sCjuFNLnKIvPKhOwUfo7CNYVjOYW6x/Or2qYY0FCj/HO7FUAls92rD/bhhpc98QcBMnVGIbNaO7o7BpIOAtP2SoDHVqjrg==
+travel.			86400	IN	NSEC	travelers. NS DS RRSIG NSEC
+travel.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L8zn+dnzC6e+yYBnA3PPyhex3Oxtxi+L4Ji5+yvqKag7uy9C8R+MW+AOzaDnQg9hjyrahLx6eROu2sgOinlOyPoodO6zbNHdlK0Ya+eH2Dzs7oJYPauITQby0JYCadz6Azf6UT6tzEdEN3kvDCfIPghMgLP/llkdKf2UVyx6D2NeAAMmyy0tM8cQ11kzDfZishKRat4JXlkWC86A4CzckY0bH7WZETx42/6yeWgidR/n0CHRFMdFi51U/Xv8+oeNMCHRoTWTanzY45mr+Y1UyYJiezdkNIPchJtr1OO5FtbzQbdFNYIS2/z7N2XvojjMCHtPmiMIQQpSTFrW0XfcKg==
+v0n0.nic.travel.	172800	IN	A	65.22.28.8
+v0n0.nic.travel.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:8
+v0n1.nic.travel.	172800	IN	A	65.22.29.8
+v0n1.nic.travel.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:8
+v0n2.nic.travel.	172800	IN	A	65.22.30.8
+v0n2.nic.travel.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:8
+v0n3.nic.travel.	172800	IN	A	161.232.14.8
+v0n3.nic.travel.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:8
+v2n0.nic.travel.	172800	IN	A	65.22.31.8
+v2n0.nic.travel.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:8
+v2n1.nic.travel.	172800	IN	A	161.232.15.8
+v2n1.nic.travel.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:8
+travelers.		172800	IN	NS	a0.nic.travelers.
+travelers.		172800	IN	NS	a2.nic.travelers.
+travelers.		172800	IN	NS	b0.nic.travelers.
+travelers.		172800	IN	NS	c0.nic.travelers.
+travelers.		86400	IN	DS	967 8 2 975D9FD3B056E286263F680F31106C7509ED466EAE0AA08B3B045ABAE39945F6
+travelers.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A52Z8tmk4F3kMMnGMFBiWr5tcsizBfi2HSrcAT3bnE5pFvTlaYt363n4giZ/f/GjdzeR5yuiJYnA9P3f3XVQhFNDOMqwOqPfgl+YiVX/tBIYOCC5wFc6KlZXnJedBz8OAjxyRM3lRtgzcac/7Z2WvgnIulT6Ily8GvFM5a7RvdwgJHiKsQG9QEPAB3704Esk+jI/GW7c5OHlKOppI/Hx47ljM2/Z+5EqQ2OZ7CqRKxQ/Zrr8iK588OSwI1MV4joG8GF9JYUdjI9ABYe4zpLb/cZLqpSkiXOjtTk+6ho6ZEXx+2O8u7sIeZfgDCHTr0cELsWvkWBcuBPtynIBlGD+uQ==
+travelers.		86400	IN	NSEC	travelersinsurance. NS DS RRSIG NSEC
+travelers.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MFcCttHBZDD3wm8LFpzGxgAvIqzoFnhCZMoxXNtZrABQ/khtanmeHEFsW9kKGGHbFmtGRCovS/osNRZgWiYSF2hPSvJP+GUFGSNjEdfs6UpQm39gp5MUa7kg7m4o2SihLTtAL2QG34z2SF/Q2rfKuQUvObmu88zJJCtG+nM2kdThaSe9ieUKU1e6DYncNT3zXoP0ytsX/93JGd5qR7Qofvpwa52O5mI3bbpQrVUgHkXzvXuNJvTgV34ncoZljSl3Oek/zjXLFsbgA0ivRLiAFB1dMfTWTWmkG9fCDQhWWtsI+AxYwAho1WfDp1/9ENliBEROAae0ulgNsC+SmQJ1fg==
+a0.nic.travelers.	172800	IN	A	65.22.200.9
+a0.nic.travelers.	172800	IN	AAAA	2a01:8840:c2:0:0:0:0:9
+a2.nic.travelers.	172800	IN	A	65.22.203.9
+a2.nic.travelers.	172800	IN	AAAA	2a01:8840:c5:0:0:0:0:9
+b0.nic.travelers.	172800	IN	A	65.22.201.9
+b0.nic.travelers.	172800	IN	AAAA	2a01:8840:c3:0:0:0:0:9
+c0.nic.travelers.	172800	IN	A	65.22.202.9
+c0.nic.travelers.	172800	IN	AAAA	2a01:8840:c4:0:0:0:0:9
+travelersinsurance.	172800	IN	NS	a0.nic.travelersinsurance.
+travelersinsurance.	172800	IN	NS	a2.nic.travelersinsurance.
+travelersinsurance.	172800	IN	NS	b0.nic.travelersinsurance.
+travelersinsurance.	172800	IN	NS	c0.nic.travelersinsurance.
+travelersinsurance.	86400	IN	DS	11389 8 2 1A8F262DDBE7316233E999F81AE452C17B3435C57BAB9CEEC4BAE518F121E1F1
+travelersinsurance.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PsCKt2GXNE9wIkd+Kf/Ng5VLo8ynPj8cYQLlGWoHG31zIbRmeHKkD6WZboPFL0R9RFa7CVWHMN9Z/qmpHLcnb9DgVi6nj7+5/Q7KHwAyBV4iIoqRYSLl5LJ/WutcbK6ObXiovUSjfZEtEKGCZIWJpm0+FHXYa1E+KNL2tq+uNjZtVpY9t9CK2OGnuNeB6h3ShTLHIGsd4yE/YhMwO93rCUl7nt5vA/mQfP+kyb45uWDGHQ2253iKw815CiG14bnnFRKcWajhNZPyPJcXyMqMhuM0UvQazdrLs5wMurbOVPoVheoJTGM8xhqel/gTp89QcVcfr41V27BuWyKpK4gUwA==
+travelersinsurance.	86400	IN	NSEC	trust. NS DS RRSIG NSEC
+travelersinsurance.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PcxQ72RNly0R8K8dCvNp0VjNX9gMCNsCaeX43osFGIFJGv3mMHPdKitim6AY2yV3lzAWwcH664QCAXnnQ7EEs42wSbRRjYlOVOTRp8A/hUTaEiAXkM3axaA9dkM6t/cha4liFkHis3qq6dm0htwYPus6KOFyXnoDq8aba7P/dOLZO6S+r55oRDPl+Qnq7I9i1tFLffNOO4PtzUzQDJhBzr7pIvwiCjGQXOZI/eH52S1dTg4CH4HdAzPGSCQu8SVow/YoIczmp58wIhsZZyRS+fcz+AacC5OrV1g60U1PQ7+MmbRpS3I2C2M7YM56sEQcU4HEy7srltFjOK+yeMQzfg==
+a0.nic.travelersinsurance.	172800	IN	A	65.22.200.17
+a0.nic.travelersinsurance.	172800	IN	AAAA	2a01:8840:c2:0:0:0:0:17
+a2.nic.travelersinsurance.	172800	IN	A	65.22.203.17
+a2.nic.travelersinsurance.	172800	IN	AAAA	2a01:8840:c5:0:0:0:0:17
+b0.nic.travelersinsurance.	172800	IN	A	65.22.201.17
+b0.nic.travelersinsurance.	172800	IN	AAAA	2a01:8840:c3:0:0:0:0:17
+c0.nic.travelersinsurance.	172800	IN	A	65.22.202.17
+c0.nic.travelersinsurance.	172800	IN	AAAA	2a01:8840:c4:0:0:0:0:17
+trust.			172800	IN	NS	ns1.uniregistry.net.
+trust.			172800	IN	NS	ns2.uniregistry.info.
+trust.			172800	IN	NS	ns3.uniregistry.net.
+trust.			172800	IN	NS	ns4.uniregistry.info.
+trust.			86400	IN	DS	33872 13 2 D324A81281464251E04686F4E75D2978B119496FE596012A89647FF6AF0EEFC3
+trust.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hxjp3IRTER6+zVpzcEJQok1iBjN9wk6Xzze6MjxDaClJ4r4FAjvvI7/A6MXg/sR14NIurCXT5uWi6vLH43PXCKskCUPiV6CwnipO9TU5Tncn3BVrlBNTI1xdltqwj2ZByuuGl7nOMSb+BrkYiyTIrmpMy9MWYRwPSuC0EWa/UKPeEHsZxqWDFaEUpEtNNDiZbPc6PZbyG8D4uapjekPKp9LAwrKZD6iGNHTSQ+gzLXXw/iU3EW1hphZHWa3NNt4YoZfVtGki/rF7rzRsX4vngAp98UFJomJlzrFP1K8SP8FlQ0TIJwFhqqUQ2SWMh1I2d6nDVqfiQHXARPyS0/lc4A==
+trust.			86400	IN	NSEC	trv. NS DS RRSIG NSEC
+trust.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ppM044RASaR3iq+0d/mIfzKdRNwPCbKETuoWHhmO07JxCPWb9SlDdDSE5cR67VMm7WJD1inNB3XTl/FxamIx58ZYW+RzF2vLZ3QyrCJBuAPBufrgQTZelYPvQX7Y+YyOfKdcJfX8nlZu78/FyJ4FnFXQm4HOpvGfnIVl53mh8l7QMo49O487CIP/z8RFp+AImuMD8S9/3xyEypmOZDCYt1geOLibBZTKJw0vnvC7dWhCaygrgvo6921FpRuB8dmL1Bw8gmQJRjgseCawYjSjH4UJuY7BTqQsMF2+GKL5PJAcorljvEW+TJtvc93gxjfHvSQ1CP6KLXZYohVHQyzNqQ==
+trv.			172800	IN	NS	a0.nic.trv.
+trv.			172800	IN	NS	a2.nic.trv.
+trv.			172800	IN	NS	b0.nic.trv.
+trv.			172800	IN	NS	c0.nic.trv.
+trv.			86400	IN	DS	48547 8 2 F525871EE63FFED32856BA0C67F5115D5B011A437B67250E357DF2BDCF1EA31C
+trv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Bj0TM0d/5Dyb0iENvHn39fLdVLVGOr+di7dbEMjjd+uwW/2Elv6x+KKKqwKXZhGUSYe3sXTuR4GpydbeNg9Vp7rE28hmUNhsCGfXoq6uvQ56c3QCKCNKmkg5pmBQeyEKFe+eEqiUc1feBR0zgGqryLFfwNOJRvT+HFNIYzQCutfbDWckFJHkPSw1G0RUZ4w5Jjv5aDCqpcLkyKRpfq8hxPaxGyfyNkiWusnAs0x+OQlD6he5SiELPjjoJS2LfpZQFu7FaT6PiggP4x3p2RUrHlEIY8pjyJTH7cvzrUVR88BLdtewO/voBUY9IeSt1914p0ddpgIhJCQkjvjqVELcdg==
+trv.			86400	IN	NSEC	tt. NS DS RRSIG NSEC
+trv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nDwDsJbhErTJJZSPzfCSCM6oqREad+C1QS4pYY7OXZjSJNbewuUnbpPyuvQxDJO8UpDC29A8KpKPA1txixXtuhDwJJmA+ZOtNCAt/T4qwMbSx6Pe3rTZLrnBMLd1DTYYtUiusV7BtMsBWXkfdy4+aWpgoQV5IdOrMY/bef18sgpUZQoPKdILkBugN/8U33rP53VLm557VqP4cTY3cMlOc/OLfWAG1LiFEIS7mFvR6rqm1D8NKQmHargjjBlfGFjla3B/FMvAjcopmxAClYJo6MK6saDT2MMyGAdXU7ApMc2LSgz0puUryr1/9lkajBoajRRYb/AdolWLUgT0C8SCQQ==
+a0.nic.trv.		172800	IN	A	65.22.200.25
+a0.nic.trv.		172800	IN	AAAA	2a01:8840:c2:0:0:0:0:25
+a2.nic.trv.		172800	IN	A	65.22.203.25
+a2.nic.trv.		172800	IN	AAAA	2a01:8840:c5:0:0:0:0:25
+b0.nic.trv.		172800	IN	A	65.22.201.25
+b0.nic.trv.		172800	IN	AAAA	2a01:8840:c3:0:0:0:0:25
+c0.nic.trv.		172800	IN	A	65.22.202.25
+c0.nic.trv.		172800	IN	AAAA	2a01:8840:c4:0:0:0:0:25
+tt.			172800	IN	NS	a.lactld.org.
+tt.			172800	IN	NS	pch.nic.tt.
+tt.			172800	IN	NS	ripe.nic.tt.
+tt.			86400	IN	DS	2539 8 2 B06DFA79674DF3EA8190E7616164414B01E9199B7C94EC1540378A395DAA401F
+tt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cnrxdvGPInumkfpOeLG/Zp0ZNTzTBXtvN4YQapgntmgW6zp/5PceqT1Kk0EClSY0VL++a9aH7yYWQuPcG44W6FOIqlFEvoOjbvijrM4apTOL6eccsQ/etTu9OmOgZ43PYFVJeLj0xKXv5w5+lAm6PBF9oILtABt8ds1Xn+8MeKIB/yDyscPpXYw2sGHlF8ewxj/tgj4pECMTmHfLCpAvZbIT053arCiqM4zcsVnneDcqjDa+OOJLY2JDxX/MXBSlhs/xunHUyDqulJVU9dgGbxcTSWELwXgAsVpR2FzQbX0+YxP0OK8XrV+R/rZFqNOtbDRZQuVF77azGiabh+Z91g==
+tt.			86400	IN	NSEC	tube. NS DS RRSIG NSEC
+tt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vBT2vl/ZFd2Kvg/OKYxzp8wLhF0heHy0iRFmE4/XRrjLSU6mi5EDjUz44rr+0SBC+IqECSR5F+1swe4KRI8DxFMIxT8E9GnIKROZo52YiqlNWEoRZwX4OWWc0Yb/4lu1/b7tM0wrp63VM4fGkrVJ+VCPBN2Q7LpjryUGRnLleXz6zzYfywqVYfK+lsf+0bUktaWhYvS5dQAvkvMG/2x/UHAI61Q/2OmEyKxE8Lg+HoLjwybUYZzPYUaKf/Ef/wrxsG/YxVWQ2FoxODWjzu00flzA/fsmfyadHr+O5uwFWnQ+/44z1jXZXM48RGLP0hkZ/nnvTtaAMXyiJthW8M/YMg==
+pch.nic.tt.		172800	IN	A	204.61.216.63
+pch.nic.tt.		172800	IN	AAAA	2001:500:14:6063:ad:0:0:1
+ripe.nic.tt.		172800	IN	A	193.0.9.50
+ripe.nic.tt.		172800	IN	AAAA	2001:67c:e0:0:0:0:0:50
+tube.			172800	IN	NS	a.nic.tube.
+tube.			172800	IN	NS	b.nic.tube.
+tube.			172800	IN	NS	c.nic.tube.
+tube.			172800	IN	NS	ns1.dns.nic.tube.
+tube.			172800	IN	NS	ns2.dns.nic.tube.
+tube.			172800	IN	NS	ns3.dns.nic.tube.
+tube.			86400	IN	DS	45112 8 2 A5918AFDEEED73D4603ADF2EC0EC6A2735B7DED61849C500DEB6B68A5BD03610
+tube.			86400	IN	DS	52096 8 2 03E03ACED82968F08EBE79B3D8641A366AEB3A9600B6B29671DCE8AF94492287
+tube.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UW7E2m0/u/A7lwz85uEzAHlLmAKKF4PBlFav8qObqoe6NAzxbglLG4SrtwRC12BO1NmJZR6v1yfZi8QqnH6IOCUWpWywKdG4Bj0IfLOqkWys+jt2AolqHlY7L0Kk2LfprtxlCj4ULFNnjcZylI/7fkND8IU3HNw0VaALK/i0LxZxnIscXsml/YtU9ksQNy20Y63RPOqoiMWskexh85QyXWEZXBL38HWwGxbgN9MSE22RRmcthf5bPuwSZ3E/rC53Ru4Q8uI0O0Qt5vWDXupFjcDoEaQNBA0nwUrYK5iKWJHp8q5gDSiaO9NQiR/J7KjZjCicefBabfrOsZIQZXDrPQ==
+tube.			86400	IN	NSEC	tui. NS DS RRSIG NSEC
+tube.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eaNAicg3rMPRLzMFhRwM34o4TwDjvAstqcOpvfS7B4ORx/Pz9AWTMSlIl/40ocrxN5g7xW5w39YhK6oxT4CgGQ4qEdIS5jbAHucRzVmobZRTuV/LX/VndF8rdFDq8yD9JGha/F05q1lH/e7j62+PhdP6+fwn0LbsIrMsuknZWvE+afkyWmitqAWfT63n3LJ/bVt3TovLVlvxNKd2d95BtZtbajphjVjbcBCCprnHgOk1FeTy9fuhLgEx8Zi3lYlCd1+SbHpKSpx3eLuY87SLsbJeeFFYd0wE9WPA4spnHpif5byh/x632V1brOIF1UMgoeUR2RiQXzZ51Fl083talw==
+a.nic.tube.		172800	IN	A	37.209.192.10
+a.nic.tube.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.tube.		172800	IN	A	37.209.194.10
+b.nic.tube.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.tube.		172800	IN	A	37.209.196.10
+c.nic.tube.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.tube.	172800	IN	A	156.154.169.80
+ns1.dns.nic.tube.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:50
+ns2.dns.nic.tube.	172800	IN	A	156.154.170.80
+ns2.dns.nic.tube.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:50
+ns3.dns.nic.tube.	172800	IN	A	156.154.171.80
+ns3.dns.nic.tube.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:50
+tui.			172800	IN	NS	a.nic.tui.
+tui.			172800	IN	NS	b.nic.tui.
+tui.			172800	IN	NS	c.nic.tui.
+tui.			172800	IN	NS	d.nic.tui.
+tui.			86400	IN	DS	23290 8 2 D53C138EAD14027D6192DFB0C2CD0B7CFF36986E47FE680D8B05F84AC78D633B
+tui.			86400	IN	DS	35342 8 2 60BAC1E816660EA6CC89BBE453C4CAC50EE7FBC9BBAC3CA6F8EEBFB1A24AF721
+tui.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QJrCXSdluF531DdK+/GlZk87AJ3a3n+yMbp+semnZyTVwGZLEipAvLf0Fec4Wj9KdbM6WUB6GdPP/Ycne/JqZtT5su68uq0J32J54J2T58hJu+o91wTdKjsqq2COCR5tNgmNdEPuCGPr/EhUPv/nUuYBbw9enQl/YlHTUt8pX/VaW5pBRohocXwN8pZYbo+Z0Ozh5/mF+hXSdMZSgdszVxQB8rlSWXlTXBZpEHLaW/QdTczOTlNFmLGSsZcv4/Qv4vhq6Hvqf57ouYskAuIvr+vjBRArJ3nKKlHST5QUGWKQecoyODoSZvCZYNCCPIqq22MI3ApF2jlbVNnnpw6ybA==
+tui.			86400	IN	NSEC	tunes. NS DS RRSIG NSEC
+tui.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yZE/sCcsR9/VXUj17KvDZeQwikxnO6ppS0hSDpdiMH2N3OyYwEX+uuTnsgfynGpwlsrT+c5MfN4bN5aB6Xx+XTjZphDZUKOvNuKyZsbwv6NG44g/eA4rqZa9pkdX0RrcFTiHyX9ZZ0ZlUCh8oRqeR9gbmezSseBeK2K33SEDCt9rCBWEQzvZTPk48As4XhXvb5096f/EB5QtAWLDO2WzWhzg1kYk6gjzl1AwTE0MkCIxOFzvTvfTxVjPT8003cMiOogHhTuNfzh2XCdytljFIhyW+opvKvRh9xKAG1UloulmxpbRcGGsxYIaG2XZzotDXxmUl8iOAUn3ImR50vHXlA==
+a.nic.tui.		172800	IN	A	194.169.218.103
+a.nic.tui.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:103
+b.nic.tui.		172800	IN	A	185.24.64.103
+b.nic.tui.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:103
+c.nic.tui.		172800	IN	A	212.18.248.103
+c.nic.tui.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:103
+d.nic.tui.		172800	IN	A	212.18.249.103
+d.nic.tui.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:103
+tunes.			172800	IN	NS	dns1.nic.tunes.
+tunes.			172800	IN	NS	dns2.nic.tunes.
+tunes.			172800	IN	NS	dns3.nic.tunes.
+tunes.			172800	IN	NS	dns4.nic.tunes.
+tunes.			172800	IN	NS	dnsa.nic.tunes.
+tunes.			172800	IN	NS	dnsb.nic.tunes.
+tunes.			172800	IN	NS	dnsc.nic.tunes.
+tunes.			172800	IN	NS	dnsd.nic.tunes.
+tunes.			86400	IN	DS	52234 8 2 0D317EA34EDC8D43E8868616F66BC5BD9B5E5389DBBFDD1529F7C609AE095B9D
+tunes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wsxZsfrKVD+JC1jjrJyqu6UsQW8nMVOZRiZJhYrxRogjquZhCw0Up/F+iCYTP2FllhG7tIHintbCCkYsv8sYLE1ZyXeUkgm83Ec7x1a5FhSIiZexj1PQWPaYDOUjnxbAuH+Uc0fxy71wSjEePmLAo8L6wuOBl5yneHMXeh1OCkLNr9Ob7isGAAD1RfDjxwnNOCxNdFyVIJbgjFA4S3z5HamLLUWIfIQghxgFhZnkS3NKzM/lSVUwP1dg8HX3LLImM8gLWJM9epvq+w6LbCfRXH5E7CS25oe7Pp40Vg0UcCiOkZwb3yrj0iPyv/rInIi7iZByYwHFFwuR7Ar0pdH4NA==
+tunes.			86400	IN	NSEC	tushu. NS DS RRSIG NSEC
+tunes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mbNGb8sdQGegPoJ+tb4hi5hfgTRNXUvT2OOWTtDzek0E/c8Hdq/Q2j2VwL3l/fIR3aTX71nOn/9+fO5Dm3WqtUimUdV1PHqP6bg/GeutTLM3bZzuGjWzzAdCr/HD1yNZUJ8CDqFAXP0F6yKlWytnzXHXn2ZnPaC+AiSGB81GBDOcdH3P0LbDwjTYdMNkfdXuJc53mzJ+cyM8gaW450rSG2RMpIJuFe3Scj1TbmjNI4fb/EwVDmoKY4K9t35Okyr8TgUMXeK+kniBuZSzSVoWjMFtMHRqfkJDOk5eaS+Ris+j6BonehgDdieIWdt07Gieu+E3V+rsiw2JPVkiHAL+Tw==
+dns1.nic.tunes.		172800	IN	A	213.248.218.84
+dns1.nic.tunes.		172800	IN	AAAA	2a01:618:402:0:0:0:0:84
+dns2.nic.tunes.		172800	IN	A	103.49.82.84
+dns2.nic.tunes.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:84
+dns3.nic.tunes.		172800	IN	A	213.248.222.84
+dns3.nic.tunes.		172800	IN	AAAA	2a01:618:406:0:0:0:0:84
+dns4.nic.tunes.		172800	IN	A	43.230.50.84
+dns4.nic.tunes.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:84
+dnsa.nic.tunes.		172800	IN	A	156.154.100.3
+dnsa.nic.tunes.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.tunes.		172800	IN	A	156.154.101.3
+dnsb.nic.tunes.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.tunes.		172800	IN	A	156.154.102.3
+dnsc.nic.tunes.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.tunes.		172800	IN	A	156.154.103.3
+dnsd.nic.tunes.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+tushu.			172800	IN	NS	dns1.nic.tushu.
+tushu.			172800	IN	NS	dns2.nic.tushu.
+tushu.			172800	IN	NS	dns3.nic.tushu.
+tushu.			172800	IN	NS	dns4.nic.tushu.
+tushu.			172800	IN	NS	dnsa.nic.tushu.
+tushu.			172800	IN	NS	dnsb.nic.tushu.
+tushu.			172800	IN	NS	dnsc.nic.tushu.
+tushu.			172800	IN	NS	dnsd.nic.tushu.
+tushu.			86400	IN	DS	38627 8 2 81D6D592C13F144D74BBDE9D4A93531338245E9AC1781EEC826D4B610947D1A2
+tushu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aECPRI+O81pxjXrp59lCa5eCFfuS6CeLb52CvlXmDdwkRl/HmETPln2nUv39m32kJGLB0SylUG72KLo8+STTAF5Su4rQtCH+tJMA/jYeo6ipVUc0H49q4pnWbepstxKcGn+lyJxoM4EPt2GyBVu/j+O8DXpDMjjJQXaCSXx2OykcdJc0OzisS5PggceoEBSUV07m21415k1Q2aFCAsKbLnReKMo9TgrYyD5g5yzJSnuVfhH9CbMeqAkcFJRTGBrjl4R+7g7inz0iuigJrzt9oXAOHXXBjpP+xUt7pWGumS2leB/kTZuAri5iktJ0uyU0E9YkwCeaQ+IQuA75Ume7mg==
+tushu.			86400	IN	NSEC	tv. NS DS RRSIG NSEC
+tushu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DSHpMOQW9Xk+d+FqU+spzGMQBlqgAP9AxnXueJSHsy1oCcUfDjIWYNZ4PzI/uiX+44bIm2jxf8kd3wVhAhaFYLfxhKOQWO5iA5cpBqly8Stt+51XNp1zs8bVjJ3BzhBXXtJ5M/IaBjqyOFSqOK/TpG/ZGxZX8fHO2yltutESN/W4WEYO5EVOjtH2nBu6saLxY0+Ckc29OPW39vHIfJEdxkYUuCiIfBDpHsZcs3xLPhEvwBYNbSqcEtCjhfbb91Qg1tSegCBkJ/VvgUJp/wOV0aG8lpxtlwv7BSdze1s/iEplJyXlfx3LPy+sitOOkIvOW9kP8jAglPklMRBEbdl4xQ==
+dns1.nic.tushu.		172800	IN	A	213.248.218.85
+dns1.nic.tushu.		172800	IN	AAAA	2a01:618:402:0:0:0:0:85
+dns2.nic.tushu.		172800	IN	A	103.49.82.85
+dns2.nic.tushu.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:85
+dns3.nic.tushu.		172800	IN	A	213.248.222.85
+dns3.nic.tushu.		172800	IN	AAAA	2a01:618:406:0:0:0:0:85
+dns4.nic.tushu.		172800	IN	A	43.230.50.85
+dns4.nic.tushu.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:85
+dnsa.nic.tushu.		172800	IN	A	156.154.100.3
+dnsa.nic.tushu.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.tushu.		172800	IN	A	156.154.101.3
+dnsb.nic.tushu.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.tushu.		172800	IN	A	156.154.102.3
+dnsc.nic.tushu.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.tushu.		172800	IN	A	156.154.103.3
+dnsd.nic.tushu.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+tv.			172800	IN	NS	a.nic.tv.
+tv.			172800	IN	NS	b.nic.tv.
+tv.			172800	IN	NS	c.nic.tv.
+tv.			172800	IN	NS	d.nic.tv.
+tv.			86400	IN	DS	2107 8 2 2F2DC481C07E7DB2E54A546A7A35CC16CBCF242EC76B71385A42CD7BC37E7FC8
+tv.			86400	IN	DS	57277 8 2 CDF61FAF1EBC9D83D5BC3D9DE22E794AE8ACDB0475EA8CF27E92CC00F0C3F5F9
+tv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QckQDsCazN1nHuYXx5PmJYDBNgROSgTOyh2X5CK4a4L5WJia97WpYZTutTskA+OuQzHehqUjiEKQhOIoxC/cg1YM4Xc+JGfhP2EqQQ7180U7jjPE5oZA8QL0gzFgrsdMd6e1I9p5njHuDNQAS0kCEsFZEi0ko7AekAQjJZ2Z3gIA+uPAUHMTeHAZ4L025jVxewTEOM93tUi8rE3EZLeN8D3/L0jvjvf15qwsnypSbaHZ1DzQu58ymiumMIAbnJ+9jNj5D/KTZ8pbMF+KaEmggUpysTlUC/iFbt1lBza/ahq/ralGkwuum4JdlIUtBRfi8l/ZsTuNhmfb1ZEXYCykjA==
+tv.			86400	IN	NSEC	tvs. NS DS RRSIG NSEC
+tv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m7ySaoiny4RPl7ocqkiT0EugyeWZ1OZKzn3+vwv2B6RmcJ2cBYYonXS76cajJqd373S9/4T31NjdLESrbnjzg143rkuafZHRO3ZeG70ayifPOolzde+DuG17WjQh2io5UOjdrKasvkYTamFZqholFpiZO17w5XwhlhYUkBFluCnUzGB/aDJ5qmCQ8g0aPQyHwjm3/VwHHZFytqDkAdMcTEhEER1W60rCDKygkCz2k1EBddQJPnsBFsn2CRMZbqd9NCq+keUm5Br09BaxILmUwf93WRgCH5cpbSl/j0+Jtb0RMpvnylqdb7j0VX4K3y5XfYimeqtKx+u6W5NctPxu9A==
+a.nic.tv.		172800	IN	A	37.209.192.6
+a.nic.tv.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:6
+b.nic.tv.		172800	IN	A	37.209.194.6
+b.nic.tv.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:6
+c.nic.tv.		172800	IN	A	37.209.196.6
+c.nic.tv.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:6
+d.nic.tv.		172800	IN	A	37.209.198.6
+d.nic.tv.		172800	IN	AAAA	2001:dcd:4:0:0:0:0:6
+tvs.			172800	IN	NS	a0.nic.tvs.
+tvs.			172800	IN	NS	a2.nic.tvs.
+tvs.			172800	IN	NS	b0.nic.tvs.
+tvs.			172800	IN	NS	c0.nic.tvs.
+tvs.			86400	IN	DS	29161 8 2 A36CBB75C2C810D16FDD5562C334351BDD007F5AEB008537115586951AC39240
+tvs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hyihM7B1QyNoVrZqZrpttaZEvVI0oYhU+iJYCfrzTzgJaJcPjr+Ds9oXT/eZrilKinzsGmIcEfE6he2K2YPptIhO4v70B3NAKK5GBa0LH3Bd9pcaZAx+ENznKl2YeySbGfBNY+gavTze1bCkvkxp5fTgINBjPZWmTpIgpJEpMszXvhKvgt/JDH6aOCNZI53ZOEWEZWP/WIcY+oqP+A8SKU90S+tUWlDFKG35R34ScwnqAdSgs9Nnh13Q+HmhhKWixlVISxvwuDf8hmbqeW9D3n9fXWUw5xZFmcdJvo+e9QkFyM1ahe4VTrfhFEdkuKzk3tN4RXQZSmRC9nOKFzjS3A==
+tvs.			86400	IN	NSEC	tw. NS DS RRSIG NSEC
+tvs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . N3coToESAHaspj1LfcMq+rld0GvOXyJ70VzJaVuRrLHENl+LOPPLlC+QCrB6pGn5bJYAzpTNW+Z5gpwKUlSYDp8dgx+uNEYJqEq2pV5/V9gUbt5gNdu8ljJpM0ltJADoHx4GDjkwDgAprU25C5cm0cfFrfpw0q+nDpA8jvPHXp9pMiJ//WODLpaohm0QGXIYlJaRVeVOc9n24KJ8C0hOZEQIVf4B77siehJNA/xcPL+jsIvXWDVml8YT2DvzFoSl2qVD4PHfPjPi2kNcEyRQAyYn/8PTlRAODZdjXHktKGB4WecCG3x7zOTUAOs3inJDiowYEf0Yb4KLreWHXWKOpA==
+a0.nic.tvs.		172800	IN	A	65.22.204.9
+a0.nic.tvs.		172800	IN	AAAA	2a01:8840:c6:0:0:0:0:9
+a2.nic.tvs.		172800	IN	A	65.22.207.9
+a2.nic.tvs.		172800	IN	AAAA	2a01:8840:c9:0:0:0:0:9
+b0.nic.tvs.		172800	IN	A	65.22.205.9
+b0.nic.tvs.		172800	IN	AAAA	2a01:8840:c7:0:0:0:0:9
+c0.nic.tvs.		172800	IN	A	65.22.206.9
+c0.nic.tvs.		172800	IN	AAAA	2a01:8840:c8:0:0:0:0:9
+tw.			172800	IN	NS	a.dns.tw.
+tw.			172800	IN	NS	b.dns.tw.
+tw.			172800	IN	NS	c.dns.tw.
+tw.			172800	IN	NS	d.dns.tw.
+tw.			172800	IN	NS	e.dns.tw.
+tw.			172800	IN	NS	f.dns.tw.
+tw.			172800	IN	NS	g.dns.tw.
+tw.			172800	IN	NS	h.dns.tw.
+tw.			172800	IN	NS	ns.twnic.net.
+tw.			172800	IN	NS	anytld.apnic.net.
+tw.			86400	IN	DS	51277 8 2 462DA9AF501D2B1EEF6725522DB5972F8CD2490B51D92088FF1E3D2DE0EC7BCD
+tw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AiBDVciALzpcRqrQWNLs1WK3QYZkPvzLvH/F5I2R5H3aHTPxm2CHTeTsZND0X3KqqqkIAHe65gANc8J3klROv+qmonTkiel12hVqg54uK95vft1AaMMywM/aZPAJBM5yEXP3lkiEqAGM+4TisHH5dTh0FGHFnKPKGf52LW8SMB++FDL3uDqCKnqKJgaNgBIgDMwePljXDBVc3pvBEdpZTlGzaix/C24pQ6BJ0ZU6hP+WR1tidBX0UrExkWx+JAQVBds87GlJRKKiZz/5gkwgdrttSeqglq6mo/c35AsmwKe7C6o7GQSZYLgexfnKf5R3ojz1SyjSKTYfTa16esdU3Q==
+tw.			86400	IN	NSEC	tz. NS DS RRSIG NSEC
+tw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yS5oqcHzJtQqEmBCF4Kiu7pg4YKOEXPk9d8wceXl3uFYwgUqpdOGVvBSNngsg2kvoYrWMtNNGD3YtMS6xvlvfcXASyCw8BIxGjNECzKjTZUc+yyEZaYJLhu2CrTNe5gpQzdSNVg2+jW2VB+8VhPcv8VaqCKTt71nqzbEQYawBr47Yp8wB6EjJmivZv4wBmNGAYukIQrfc663I6H7qQ7TKKV6pW+0I0NuxGX2rryKeAe59g69k0TzCdW0UlfGlkBWby85D9WgcLtiOCG2ZP0G23MLXLfxz8aF77Ike9ohW3crNi2hlnp2GtIcWIiD3oFYdYBI1aTDqkSVhEv8COaOsw==
+a.dns.tw.		172800	IN	A	203.73.24.25
+a.dns.tw.		172800	IN	AAAA	2001:45b1:0:5:0:0:0:25
+b.dns.tw.		172800	IN	A	210.201.138.58
+b.dns.tw.		172800	IN	AAAA	2404:0:10a0:0:0:0:0:58
+c.dns.tw.		172800	IN	A	203.66.87.201
+c.dns.tw.		172800	IN	AAAA	2001:b020:0:77:0:0:0:1
+d.dns.tw.		172800	IN	A	60.199.165.186
+d.dns.tw.		172800	IN	AAAA	2001:4541:9010:7:0:0:0:186
+e.dns.tw.		172800	IN	A	211.20.231.11
+e.dns.tw.		172800	IN	AAAA	2001:b000:1e0:c000:0:0:0:11
+f.dns.tw.		172800	IN	A	163.28.1.10
+g.dns.tw.		172800	IN	A	34.141.111.176
+h.dns.tw.		172800	IN	A	204.61.216.119
+h.dns.tw.		172800	IN	AAAA	2001:500:14:6119:ad:0:0:1
+tz.			172800	IN	NS	ns.anycast.co.tz.
+tz.			172800	IN	NS	ns2.tznic.or.tz.
+tz.			172800	IN	NS	rip.psg.com.
+tz.			172800	IN	NS	fork.sth.dnsnode.net.
+tz.			172800	IN	NS	tz-e.ns.nic.cz.
+tz.			86400	IN	DS	30234 13 2 3D83825B9F7D66F9B28B5566BA5371798E8D3B88EF079BB88F52617811C1B9A0
+tz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l+Vo/vYcIyKHtt2vr4kjIcUHWsLDFNIpFE08v4jZ+AtFKQQTks3M1WXVFi5yuqT/ztzCqXC7roXn9siyZfS52ggmJ7kdnlnYml9dBuPmqyNIWLjcNKp8bevDADerlI/owYvMvZyPduuXtfott7kykUn+mFbMoo8Flw+4ZR6Yh5zocb1DzKBgeH0ZyqQBegAPccGCYDscXNkI9xzeJWrzpY6PoAXJHiLCyRAQq1qTTkeeV6tW+cCnkr+b1+R1Bq6tNs93jU+UgSZ+EE26tYFxA88dukA6mi7K+q116UD3jIBbuZKsyXmYILEiZcan6qdvg1gFSp7/HYY7cE5fwj1ECg==
+tz.			86400	IN	NSEC	ua. NS DS RRSIG NSEC
+tz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tYQnTXwAGrTUJHGwlKuHDG6CIbyJ1g+BwP2LKtwH2lUa5gS6VsetucuAgdTi7yvkvKSv9MSQSJ42hlCBKgIzvmOPuS5KEBxySuLjpasfF6Acuzv5W5ZRJOcnl1fdRGQSdEpCfc6/awr7RclObHLTVjvSLPHoSMfXN1FvzilmavKObCfUGsgtnY19nkRiD5qPNn+JTetaojd549PnbizhWelc14Ps/PhxDUpjaq6wU4T2nDvmAVqodwTg9y3gWfqv8577D3ZBuPr4L1LgZOpDMvNpUU1LsYOkaWJS7UsO8I+7pDYBk5CYxgnagCFTAY5fzqGdF+yc+jg7JFIyusXx1w==
+ns.anycast.co.tz.	172800	IN	A	204.61.216.15
+ns.anycast.co.tz.	172800	IN	AAAA	2001:500:14:6015:ad:0:0:1
+b.ns.tznic.or.tz.	172800	IN	A	196.216.162.70
+b.ns.tznic.or.tz.	172800	IN	AAAA	2001:43f8:e0:1:0:0:0:70
+ns2.tznic.or.tz.	172800	IN	A	196.216.162.67
+ns2.tznic.or.tz.	172800	IN	AAAA	2001:43f8:e0:1:0:0:0:67
+ua.			172800	IN	NS	bg.ns.ua.
+ua.			172800	IN	NS	nn.ns.ua.
+ua.			172800	IN	NS	ho1.ns.ua.
+ua.			172800	IN	NS	in1.ns.ua.
+ua.			172800	IN	NS	pch.ns.ua.
+ua.			172800	IN	NS	rcz.ns.ua.
+ua.			86400	IN	DS	48349 13 2 D8456DF0EAB0DB7D2422B4110722F5772D7B2F1FD41D487E956A54F1039D53C8
+ua.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Yp9PZfsOnnKTEgIyJjCTeF5Yz4IfQ3uWQyDNa8JuSLlzjN6wDem5vJU8qNz110aHyzJxpp6Oi+4c54d5NeZ/5gxc2Yxqai10GY9tZFu6sHM3AaEYJtjItDKSw150TwEduqw2TrApHkuxSjzYaq3OiPzQeWLALc8ixvppVFkRuszyyPW2kQQHEMFJ1PcGjvnGFIITjU1nug1YkUIu+By+djDdozY1tawBnzTxuCQj+suBy6f+vtlMJYMhO89G7NoI6+xCaF96RhBQDXNEEzj/8H3q6m9e8GpFgLmtcb4cnd8gkcpz7xFsyQu2vFOpavf5wnLFTzN/5qHJZxJmN2NNMg==
+ua.			86400	IN	NSEC	ubank. NS DS RRSIG NSEC
+ua.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HWCsXv/EUDKaaY2gFS5tt9FB7/N+zizaQ9mfD8769q2GenWcX23YkTpF4HZid569tdKmLwhVJUI3s8f5aTGJ6xcvInc/A1WbWavrBgmWObLleRi4Ux/cbwFs7FmFBFYJ5FAVCYN+2eqKkl1Gu9+gzE91a8h8cbS5e2FvvhfKL7dWzuLRY0FnqVjGUNtNAbbQHd2QjnASuwM4D2h2eqikEofhuRD7yrXkfjcNxynd8JFWrgq6hPX6TgpRU50fwY0zFogETU6D3absRBxTAzWw7HEqZAdvFmTXXe15ju0kjidbRlj4hE8z6/ufruCmdNK8YslVvcxtCH5kKs+PvaUUEg==
+az.hostmaster.ua.	172800	IN	A	195.47.253.13
+az.hostmaster.ua.	172800	IN	AAAA	2001:67c:258:0:0:0:0:13
+tier1.num.net.ua.	172800	IN	A	149.202.5.226
+dns.tci.net.ua.		172800	IN	A	91.231.86.238
+bg.ns.ua.		172800	IN	A	185.136.96.185
+bg.ns.ua.		172800	IN	A	185.136.97.185
+bg.ns.ua.		172800	IN	AAAA	2a06:fb00:1:0:0:0:2:185
+bg.ns.ua.		172800	IN	AAAA	2a06:fb00:1:0:0:0:4:185
+ho1.ns.ua.		172800	IN	A	195.47.253.1
+ho1.ns.ua.		172800	IN	AAAA	2001:67c:258:0:0:0:0:1
+in1.ns.ua.		172800	IN	A	74.123.224.40
+in1.ns.ua.		172800	IN	AAAA	2604:ee00:0:101:0:0:0:40
+nn.ns.ua.		172800	IN	A	194.58.197.4
+nn.ns.ua.		172800	IN	AAAA	2a01:3f1:c001:0:0:0:0:53
+pch.ns.ua.		172800	IN	A	204.61.216.12
+pch.ns.ua.		172800	IN	AAAA	2001:500:14:6012:ad:0:0:1
+rcz.ns.ua.		172800	IN	A	193.46.128.10
+rcz.ns.ua.		172800	IN	AAAA	2a02:850:ffe0:0:0:0:0:10
+ukr.ns.ua.		172800	IN	A	194.58.197.4
+ukr.ns.ua.		172800	IN	AAAA	2a01:3f1:c001:0:0:0:0:53
+ubank.			172800	IN	NS	a0.nic.ubank.
+ubank.			172800	IN	NS	a2.nic.ubank.
+ubank.			172800	IN	NS	b0.nic.ubank.
+ubank.			172800	IN	NS	c0.nic.ubank.
+ubank.			86400	IN	DS	54160 8 2 7EC37B9EEC2FD88753A21503F50E7A96F59E706EF760D8143773B0D6B1B16E4C
+ubank.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L/B5O2NoVHB8FfHrWgZl5x/SdZGMdAzfK6LYnR2y2zIBeoWCdvJ+Cz0vZxGt4MqOAGuCTRW8OnoDWePUp0xp5aZ6HhXDDmbhpoh8zjC1+iFoHcaYbxiE8W/t1dlI8jZ5+1IXTxIZ2PzQ+YkrwfwoofxftSpogDSTQLRA77riXESYKZxGZWk1vfaXqzg+c4cQookvC+vvtEzKd2+Bxs6/8GXP2GA4iX78wW5eBZJQUkEnRcancJXnExbQtpEQHLz0cgXQ2DlYSg31nVVcDqnj0OXUJ0nwXv3nR3s/XL9ZOUs1mhwVwWbzHOApbHwkhK4O+KjZqkfXpOBzGvhCVvcffg==
+ubank.			86400	IN	NSEC	ubs. NS DS RRSIG NSEC
+ubank.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tprkMZn47riNxVRMobwTkDir+42rK5wjYv1wzXXQWvfIYT2IPyr9Yx+/b6d0O9T9VIyBt+doP3Kz1H4VbyeIQdKGlFcmdOA4bSeAv6hw53BseeUcL2kwS558iYtY4DqogAdxkb5gsK2ysmD4MoCIpLhyiIo2FolDJMkLFGEcTWu2aGoldk3ZFNHFMjYriDuQivZmGhZFOu7msHOj56sw6izIdY5wh8WMmTEC21Amc25/bqryl7CwSBjVKffsip9RDy/pSwjISh7Brn/CNF/f9sQ9xjgsFV/KgeOV5t/LCgMWmc6KMKMDUVcc6eCoqx70sNYa3tbWWR+VS5276KGvAA==
+a0.nic.ubank.		172800	IN	A	65.22.112.70
+a0.nic.ubank.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:70
+a2.nic.ubank.		172800	IN	A	65.22.115.70
+a2.nic.ubank.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:70
+b0.nic.ubank.		172800	IN	A	65.22.113.70
+b0.nic.ubank.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:70
+c0.nic.ubank.		172800	IN	A	65.22.114.70
+c0.nic.ubank.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:70
+ubs.			172800	IN	NS	a0.nic.ubs.
+ubs.			172800	IN	NS	a2.nic.ubs.
+ubs.			172800	IN	NS	b0.nic.ubs.
+ubs.			172800	IN	NS	c0.nic.ubs.
+ubs.			86400	IN	DS	59500 8 2 7C8D56D7ECD2A44500D7463258C99B2ACB49EBC2BBABB7AEB3A658F2D21581AB
+ubs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wULfBpQFG22XtMMhGf7SNFW1obN+l48iqRcUZa5Iv4TEo5jfIEBQW0KfQzFmY+CLBV3sxSh/DFXuDlm238IDZ1xyV6IUTeC8B6ufyiqpcLhBsemzwID/8YqSIp0JggGKaXBis2PQQUYD+XgPZl708G9mR9aUPgeT8cb9MSCy88o+MSt14vS3n3Lte+DuQ1TGHSVa1HWy7yagTxv6KgwTCsyW5KZhgCNmjEPyKSIMqN72IV1YwpoqvrzQtYR8uwqCyfGdJmy22sZtTTtz42zdJYnZ3UT/q21l1klfAJm+BkmcHyT+5xAGX9iEthpsnaqt4BYe5hCiVZwzry0o/lHbug==
+ubs.			86400	IN	NSEC	ug. NS DS RRSIG NSEC
+ubs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ARq6F7CaszVPxfBJ1PTg+IafumLVTfA3vyvbxxZkTHbTFH9PQC0YIZ6+NeQmmkMy2OK4ex2vBKqdxk1wM50RMWkETqQdn5vLBkoH7nMGb+8UJ+rVmE0Nv7Ozj28pkJIqBvz9GgWiVkaDv9wHHpGznO2N15HZwHzlBT3pnJdbEmwo7hxj6NsMtQmsjbkxRMv6r2+aFfj22FWBU3Qd5hjrh/cOj1BFKt0ZcGjKOwa5gL4FSAj6Pkfg/pNVDeh4wpslHDlK4su9oKcnsmx+Wvp4LzT123GngUbjkCo4nbAq+UDfGofW9eSf4GDkq0dDPzb0dbp6s2riOzJ1xhiXJDx6Ag==
+a0.nic.ubs.		172800	IN	A	65.22.112.71
+a0.nic.ubs.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:71
+a2.nic.ubs.		172800	IN	A	65.22.115.71
+a2.nic.ubs.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:71
+b0.nic.ubs.		172800	IN	A	65.22.113.71
+b0.nic.ubs.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:71
+c0.nic.ubs.		172800	IN	A	65.22.114.71
+c0.nic.ubs.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:71
+ug.			172800	IN	NS	ns.icann.org.
+ug.			172800	IN	NS	ug.cctld.authdns.ripe.net.
+ug.			172800	IN	NS	root.eahd.or.ug.
+ug.			172800	IN	NS	ns-ug.afrinic.net.
+ug.			172800	IN	NS	anycast.eahd.or.ug.
+ug.			86400	IN	DS	2767 8 2 4278D7C4B2B45738A39F310EAC36558411BD547812517BDF23F95FCBB4796B2E
+ug.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Y4k5HADQuk4N+jbvzKSlR5t2J9kJtzanjeG8jqizaJKMB9poy8vndAoc/t7o4Q3MVbxxnxYYKdbe2m2sVeQoAIsL7KmwW7F2E92WlSCxBMoCpfeCY/SsFUXSOF7NzpI7Nc0d7L3Mqk1J2DXaUCVFDHDn5ZsXiChuQVj6XeaPmVjelHugLuo8g2BK/NL7kPXiJcD70rH58h6oo4Q12mk//+OKXES5c6ZpxIY8/Pxsrf8WsLQcGAbeSi8MT9eZbP1L/qx2hhZRgDyOOPAnNCOuxiQ9VsJOOGwAzvL7z/2fjvAM7Hrxc0MVt62x1O94/KA3mgG2Jd70TXsWfbb6LAy8pg==
+ug.			86400	IN	NSEC	uk. NS DS RRSIG NSEC
+ug.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A7AV/4+w8ndq55cBVxF7/gfVMBYkhXD3/jBheU4y1zCLLp94QRQIwYD/0lsz9sGDOamsi/9sfO9iy860ONjV+tKxOx7fDFLn/HrTvlGB6DvhlES0Vfp8l9B0MbpEJ694mGZ4FokmKJnUd7a+oQp9HVUZ9iIJ7C8se5bPP5BVgT3Il5lG/4RAb3iAmh8uRF+bMByFbBoJ5K2Y2S/Qix5J4gvDM4pqZh3DvVN6sxG2uCz5icg7FenO3VVJVPscSmgSSMM5XI0cBpWPj0izZ72J4S+Yaz8TxtdnJ+2Ce5ZlQujHBFwcyyUG4AZRlMO1acryBix/i8Pun0NuI5G3IKN1kg==
+anycast.eahd.or.ug.	172800	IN	A	204.61.216.60
+anycast.eahd.or.ug.	172800	IN	AAAA	2001:500:14:6060:ad:0:0:1
+root.eahd.or.ug.	172800	IN	A	212.88.97.132
+uk.			172800	IN	NS	nsa.nic.uk.
+uk.			172800	IN	NS	nsb.nic.uk.
+uk.			172800	IN	NS	nsc.nic.uk.
+uk.			172800	IN	NS	nsd.nic.uk.
+uk.			172800	IN	NS	dns1.nic.uk.
+uk.			172800	IN	NS	dns2.nic.uk.
+uk.			172800	IN	NS	dns3.nic.uk.
+uk.			172800	IN	NS	dns4.nic.uk.
+uk.			86400	IN	DS	43876 8 2 A107ED2AC1BD14D924173BC7E827A1153582072394F9272BA37E2353BC659603
+uk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1fSSzqcGoLO8k5W+/Dq86U2luFM42eATFl/dlfS8w3tKLI6KEUidK0pAU/I0ewxojV0KLJwnusEbMDNijTkNN5CPf3NkcwW9IH+EarkufLURNVdymwVvjN9tq9BX9n3FWUlbLm3B3mroFPN8iAeNwJTrJ3ccA3FxuwIAB6WUMJ+1kDF8y7Lb4/LEEwFH3qFkiodS6CxiM60ZGfypSBvvGT6c6ycDKH2Cg+FL4YtpyfY2y9aNdrUyCDlWKoHBDvbsV3xUknGp6hxY3o/hoJA0bRyPwJ60tv9T7odfd5lSKS1Ay3y9ae12GA/7oOsLnv37CCvdHa6XOqFYGBwgoYkguw==
+uk.			86400	IN	NSEC	unicom. NS DS RRSIG NSEC
+uk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kUpMo6Vlmzs4vyCY0tG0XPriZqyFOdW/FKNDQz2g9Vg3ALO14IKA+1K7AWxXklvNQl7y+uf80rf2JQUnZAQEU4ObzNdQS5vRy9KL+PR6Y/Qltop+NrA/pcfEfpRx1WsBDBi23pLn5OCmh0mnTCmOzBGcdO9MZAaR3uARX24s9CX1xLqLp5eZhqQuUlaWv3Mkgz43QDcorjAYPP2VFYtpDrMB3+qXzir4KHItbPQuB76C9O9I8gkSd5ApOeBC/HSkRHRway2PRJEkkyXfcEX9CTNontsZD6Xvobw688CBGeHsPTA/KdRIhWLchs8XNsaWtmKTMZ5mhqCo1JPY1vUW9A==
+ns4.asnic.uk.		172800	IN	A	43.230.51.254
+ns4.asnic.uk.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:254
+barney.advsys.co.uk.	172800	IN	A	217.23.160.50
+dns1.emdns.uk.		172800	IN	A	213.248.217.153
+dns1.emdns.uk.		172800	IN	AAAA	2a01:618:401:0:0:0:0:153
+dns2.emdns.uk.		172800	IN	A	103.49.81.153
+dns2.emdns.uk.		172800	IN	AAAA	2401:fd80:401:0:0:0:0:153
+dns3.emdns.uk.		172800	IN	A	213.248.221.153
+dns3.emdns.uk.		172800	IN	AAAA	2a01:618:405:0:0:0:0:153
+dns4.emdns.uk.		172800	IN	A	43.230.49.153
+dns4.emdns.uk.		172800	IN	AAAA	2401:fd80:405:0:0:0:0:153
+dnsa.emdns.uk.		172800	IN	A	156.154.100.3
+dnsa.emdns.uk.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.emdns.uk.		172800	IN	A	156.154.101.3
+dnsb.emdns.uk.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.emdns.uk.		172800	IN	A	156.154.102.3
+dnsc.emdns.uk.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.emdns.uk.		172800	IN	A	156.154.103.3
+dnsd.emdns.uk.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+dns1.nic.uk.		172800	IN	A	213.248.216.1
+dns1.nic.uk.		172800	IN	AAAA	2a01:618:400:0:0:0:0:1
+dns2.nic.uk.		172800	IN	A	103.49.80.1
+dns2.nic.uk.		172800	IN	AAAA	2401:fd80:400:0:0:0:0:1
+dns3.nic.uk.		172800	IN	A	213.248.220.1
+dns3.nic.uk.		172800	IN	AAAA	2a01:618:404:0:0:0:0:1
+dns4.nic.uk.		172800	IN	A	43.230.48.1
+dns4.nic.uk.		172800	IN	AAAA	2401:fd80:404:0:0:0:0:1
+nsa.nic.uk.		172800	IN	A	156.154.100.3
+nsa.nic.uk.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+nsb.nic.uk.		172800	IN	A	156.154.101.3
+nsb.nic.uk.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+nsc.nic.uk.		172800	IN	A	156.154.102.3
+nsc.nic.uk.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+nsd.nic.uk.		172800	IN	A	156.154.103.3
+nsd.nic.uk.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+dns1.nominetdns.uk.	172800	IN	A	213.248.219.254
+dns1.nominetdns.uk.	172800	IN	AAAA	2a01:618:403:0:0:0:0:254
+dns2.nominetdns.uk.	172800	IN	A	103.49.83.254
+dns2.nominetdns.uk.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:254
+dns3.nominetdns.uk.	172800	IN	A	213.248.223.254
+dns3.nominetdns.uk.	172800	IN	AAAA	2a01:618:407:0:0:0:0:254
+dns4.nominetdns.uk.	172800	IN	A	43.230.51.254
+dns4.nominetdns.uk.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:254
+dnsa.nominetdns.uk.	172800	IN	A	156.154.100.3
+dnsa.nominetdns.uk.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nominetdns.uk.	172800	IN	A	156.154.101.3
+dnsb.nominetdns.uk.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nominetdns.uk.	172800	IN	A	156.154.102.3
+dnsc.nominetdns.uk.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nominetdns.uk.	172800	IN	A	156.154.103.3
+dnsd.nominetdns.uk.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+unicom.			172800	IN	NS	a.zdnscloud.com.
+unicom.			172800	IN	NS	b.zdnscloud.com.
+unicom.			172800	IN	NS	c.zdnscloud.com.
+unicom.			172800	IN	NS	d.zdnscloud.com.
+unicom.			172800	IN	NS	f.zdnscloud.com.
+unicom.			172800	IN	NS	g.zdnscloud.com.
+unicom.			172800	IN	NS	i.zdnscloud.com.
+unicom.			172800	IN	NS	j.zdnscloud.com.
+unicom.			86400	IN	DS	51527 8 2 79FE987F5EDEF21F8AFC9A56DFE663D4B6AE8E2B046F82EA092571B6B2871D96
+unicom.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cLbBcwOY6UujV4GTaHo9gKJn/XqQWH6JHe4qa5jLd8saLRsJIk2ie0sPLvoBnhIB41YzPzVC0nBQJkshN78ddO5TAHv+jodAbnUJP3iXo8vy2fOGsqwRdAIqapP+ddB55lK6/C5CZNRupcZq4Z+ilzX1YQE4q5m0C/WJYacddnqcJ6ac9Z3neDKG92hA9ZY0UqfeCoolPYRnZjUQ0ShwWMMlOfRI3gFuVkppDC7XY2q0ri9ob/umpMcvJYuXO2McaMhsK92UX1tU+wR4dN8ElVbUjNvTZ57y+zdoefh5DuUWa447fU1ClRUjnv4laAsh9jhEcvuPyec4RNBtFfuAAg==
+unicom.			86400	IN	NSEC	university. NS DS RRSIG NSEC
+unicom.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JDkimj2Yj8xSB+9KsqenF+oUzPQnbuMtZlkGPuofnWnfyDNgQLZQfB6Z1wMlnuIdy1yMjrq4PUoUlJ6uZM2Ftq07NeIVwFbXB2TlvyQQwX1GYwJ+HCr9e4pDOs988STDO1RerCFxYX/k//sFP8DlPr5zEfCDxNuP95qFbGJxzAHjZUkr7ukx2lP8JNYqmXxdenKPXJAnA1hw+FBbjWXhNTbf1utomIa4kn0QSXlqKIa8u/UKs9Fuv3+477ErP68xDRa86qlwAAIrmBmSKxJBM0R9OO+WMS/pLHoQuMxIQMt8cRRXkaspDPV5F1jfyfv1CV94Fi01QeaQ0Uu8mqNxSA==
+university.		172800	IN	NS	v0n0.nic.university.
+university.		172800	IN	NS	v0n1.nic.university.
+university.		172800	IN	NS	v0n2.nic.university.
+university.		172800	IN	NS	v0n3.nic.university.
+university.		172800	IN	NS	v2n0.nic.university.
+university.		172800	IN	NS	v2n1.nic.university.
+university.		86400	IN	DS	40537 8 2 674E5D0FC3D6A5EE42486211CE3BE970A6B6DDE79BA48553732C1A929715302E
+university.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NKsAiqDZ7yJlJhchuo4/nGBm3Gxuy69vZ8xRjPTHheVt84Z0GaL0hKAWi1l1tDGWhukMD0ECmef+eYkjl4FdViTvQCAaEoCozQHap8AuDK+Cr17Hw7pz/ekYurYw0clipb/Vs96OdBuYPQqeuz+6sRk6dzvxmEIXfP8eoNXfHUkUXmce5JVuep9wvMS34B3JtQR47CMngvkKTDG0uonD4aUE3OF5249rGNR5COZA3a76DChyrMXerSPmpcA4o9ICzqPDG1zlIzNBrTG/G6cfJsZhkggLp3uizxvo9m+TTr82regJu+5tmb7G2CAAP2o9erXVYTC4nr/ohNZ5rI5hcQ==
+university.		86400	IN	NSEC	uno. NS DS RRSIG NSEC
+university.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cq8FwAhmICydPGj6A6DHuIqqMPClleO2i9zyXAGINa1vtALEpykn3DzK1ZTLkya3KmFdL06rPkXbQFueUh+2kMdR2hBJ1ePAYubX7udm3DxFmCdjKJ3oAcXhHcf634FmSecIHGOm1sG52kMPa8VSXI+KOa6Bj8xm1O9u9SzlzC5m+7k1z6U/2XMbqORITBp8za7WVbC2pOSm7HDdGfJWjVuESKuPjZR1JekBUcp7+iYjHHpcrUIt6DHW1Ugew99k1mUTTxExrCF7TyZPplp15UqSgxfOMytl638KfilK+SwJdI/8SvCvwQn6e4DJiOaz9Uu6EUR8eSnzZ/a21zih2Q==
+v0n0.nic.university.	172800	IN	A	65.22.20.19
+v0n0.nic.university.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:19
+v0n1.nic.university.	172800	IN	A	65.22.21.19
+v0n1.nic.university.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:19
+v0n2.nic.university.	172800	IN	A	65.22.22.19
+v0n2.nic.university.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:19
+v0n3.nic.university.	172800	IN	A	161.232.10.19
+v0n3.nic.university.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:19
+v2n0.nic.university.	172800	IN	A	65.22.23.19
+v2n0.nic.university.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:19
+v2n1.nic.university.	172800	IN	A	161.232.11.19
+v2n1.nic.university.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:19
+uno.			172800	IN	NS	a.nic.uno.
+uno.			172800	IN	NS	b.nic.uno.
+uno.			172800	IN	NS	c.nic.uno.
+uno.			172800	IN	NS	d.nic.uno.
+uno.			86400	IN	DS	35737 8 1 A6654717B1B97394DE61BFE6D043459BA3A0112A
+uno.			86400	IN	DS	35737 8 2 0DFCCFC8E90286393539413D9F228FD96F7B08B8F15143020C07E32E3D254936
+uno.			86400	IN	DS	57892 8 1 3B49FDC11DAEE5187A4170A5BADF77A917BCE481
+uno.			86400	IN	DS	57892 8 2 C156DD21B3B96A50FA94BE322CDF6F0144E86C9597E4AA56D53E9B490C94A537
+uno.			86400	IN	DS	64285 8 1 E0D6F2ECBE3F28F3F59D4193198240F9966011E8
+uno.			86400	IN	DS	64285 8 2 3B4DD0FEBFBD51CB5F15DB43CCFC832DE0989445D6BB70C31A9B96F681CC6C77
+uno.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RycShqwIPYxgZ0zH43081E2fiIaXe5nUE+3/e+xcqHV/8YIIhF2q0J1ObKlc9ReW+BJ5bvVuTiYi9GuOZ7ltnvobcWuP0icfs2uXq5hOOmgA1I39/KUm8nq8fgI2BAEXjm2iDmCQ5/leVx+XVCq9wCGlK3M/9ZMiC9X2Dj9w84StfEP+54mGKEV+lV3wZ71n03yV20Y2vYicB50E03PpDnCnni8LxKb4YNDGgrXG/z0KXI7CoV35NbS63r/+ZFTulGSXg8PGbdjX9baKz6RrUHr1TZRfmIxBZxqBAqUgbp+NQVFmUxWPqCvlMwwMBG9A7mMXOdCF6VCIlPgVPGuMLQ==
+uno.			86400	IN	NSEC	uol. NS DS RRSIG NSEC
+uno.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eDiYmgFKJex2pJrJCgPufYqASC1LmTjNnhbgGg93abBfsFGRJh0dThVoEAt0GVTXOGZknczMkbjv1AK5yw4UvXUQe/Ymqwt/GIlx38ysZxu7JupDaVlci1gpq/4B6HRVEC/mcZxvGkjd+sAWyIebkWpG3W6e8wejhVxU8CB72RDPIC/Wm0IKlgJkZBP+2d412zBY8n0rfZeOo6V7sjrrvm6q9eENk6s4YPXi2m1KD68O49Z4lwiRTtJKWyPxPfDEX/OpL1gg+ywUfat2oI+FhZweWKOyU5KfQ0TmQlwxywfkP+krhZIBRvku7bL8E6K8stDuqG5qiIz/LNiKR3/zsw==
+a.nic.uno.		172800	IN	A	194.169.218.21
+a.nic.uno.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:21
+b.nic.uno.		172800	IN	A	185.24.64.21
+b.nic.uno.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:21
+c.nic.uno.		172800	IN	A	212.18.248.21
+c.nic.uno.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:21
+d.nic.uno.		172800	IN	A	212.18.249.21
+d.nic.uno.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:21
+uol.			172800	IN	NS	a.dns.br.
+uol.			172800	IN	NS	b.dns.br.
+uol.			172800	IN	NS	c.dns.br.
+uol.			172800	IN	NS	d.dns.br.
+uol.			172800	IN	NS	e.dns.br.
+uol.			172800	IN	NS	f.dns.br.
+uol.			86400	IN	DS	2471 13 2 3997A266FB5806ED43E8FA8DF8D9E492673FB4C8D35747346BE522FA5123317F
+uol.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SgJYjPBxDfxoAeBhbZrkn2zYgBF+3OLWTmXbZzPIQaBvs0V6oB1r7Dz+yQXhYKduKLi+M+p4JiiYLXifttTiuJxLY7+iXPFl3yVTrA5IhAwn2BY4jp0qiOCNbbfEA4yjzSWwguYTxucuvFfRifT0c6FOTQKT8fKmTsv8p7JQ3hg5RBdhzyhD5jGdDJAEjYME26fje6MO0/ZLp9b6SlNAdoGjR4gAJzWNGYP+XfGX5oDv6B9HNjdcRMv2+4KN2D5e5fj8nTvrbkBqR+Mnfe4nAmEEoCP55LYoHI3tsF0miGl7ReFmoRk23TCGev4uDzT0JAG0FrWmv4WEXPtj740/Kw==
+uol.			86400	IN	NSEC	ups. NS DS RRSIG NSEC
+uol.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hUAyPb4vj4suR+J/EhfRZVIt2Q9DomkkDWxsOJEPOgKX6l0Q9xdj7zxLTGGZAG73Ukp+vnP6+GplrTrgj0EJ39Js5y57cQoFkaWQpgKAttcdRtMDqllwGS41arZl0XjOQliuTnmQXviactqHtsgovlLms8pd3UD2Wnixm+giYFViXzZgNM8A16oORUa+iqu9o9bVpsB1bOIMu3a7kMiNFjTgI5SLfyPGIYdFCwplThTRonueQnLbwO1fS4G53cO6PBahnfbbZSBcTyHpmkONPyBZtz/hcONe89s/Ge9/5hXsgWP+plfoHYQc7CpLeJ33g/cK9HyeNo0dur9KCRgplA==
+ups.			172800	IN	NS	a0.nic.ups.
+ups.			172800	IN	NS	a2.nic.ups.
+ups.			172800	IN	NS	b0.nic.ups.
+ups.			172800	IN	NS	c0.nic.ups.
+ups.			86400	IN	DS	2002 8 2 28E49220A4B3BC519F2CD5800B8C96DB682A9651EEC3BB19FF98D670CBE4BE36
+ups.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mWoNWiggWNlRWgXB30IxnsVC4Rt2ukybJKOMowqbjkitnA4UtfutKLMkE4RuoCba6981RnDH1lw/H8/M3DN0yNDof4S7+NGsD/QVNHDLwflbEW7h2exn2kezYAiKJA4r87GfVA1nKrh2AvhG7L2WcTYewthSz0IZjFbS1GShCGBOPvWL2xiOP3hXmcDU/G9oNXKuFSiEZFeA6nSTWNCD+w8OYaJXhEW6iXiJQhKMxtyc/DF+Gm8sANLKw0S3aoWuJdVW3Q9EAVtzdWWym9MBj48j6mbLKI6OFQesL3xhGOwI6SRtZ9qXyc1Nu0RphBCLuogfgAPqE5KHmqVyTxo8Zg==
+ups.			86400	IN	NSEC	us. NS DS RRSIG NSEC
+ups.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IZ3hxZqHurMs4I4LJmyTn2vfo04kiEfOWqCqk/a7PknvbJWmCqoYB6Nd2W7aEihp2h87z7zUzs62PnWeuTB4FP7xEp6nDNGeh/ejGESW5Ha/V5ziwH3VzE0tQuSIC6V2Xetyq3Vu2GGx/gMJisYHGBNM42rdY+ZCCxJ52dqktHa6w4AHcyYrYD2VKmJ+gkRj/IeWL+eKLikMnmJaKoe77/tjEzkYF0ohdbrXWKVakl8zwjnzhLNuy2nb3BLCpg7j75AV8PBhZgPB863ld8C7oxCy+W6SFjmXGtyMCSSlMqPdV3AMWsUNu6v3nrAPgwjhKNpN36L9/LkI+76WlK89LQ==
+a0.nic.ups.		172800	IN	A	65.22.240.1
+a0.nic.ups.		172800	IN	AAAA	2a01:8840:ea:0:0:0:0:1
+a2.nic.ups.		172800	IN	A	65.22.243.1
+a2.nic.ups.		172800	IN	AAAA	2a01:8840:ed:0:0:0:0:1
+b0.nic.ups.		172800	IN	A	65.22.241.1
+b0.nic.ups.		172800	IN	AAAA	2a01:8840:eb:0:0:0:0:1
+c0.nic.ups.		172800	IN	A	65.22.242.1
+c0.nic.ups.		172800	IN	AAAA	2a01:8840:ec:0:0:0:0:1
+us.			172800	IN	NS	b.cctld.us.
+us.			172800	IN	NS	f.cctld.us.
+us.			172800	IN	NS	k.cctld.us.
+us.			172800	IN	NS	w.cctld.us.
+us.			172800	IN	NS	x.cctld.us.
+us.			172800	IN	NS	y.cctld.us.
+us.			86400	IN	DS	46144 8 2 0C67E6017124BF19D50BE565CC486FF3CFE2A278FE2E5983FF97B2A453386419
+us.			86400	IN	DS	59017 8 2 7DAF469D42B5D8E5537FD4DD4B6057710E9A61F72C32EB7FB6526F52277EC2B0
+us.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EfG7dvlLKc5oTHJegrcd0WLA+D6QHGCCJ2kPdZxvz9P8Yebt1OQTtZmyfBet1o7sQFiNzMm3I0uETAPBfgXun/hyL8mW02hhFNJ6adZWUvo8eK6eUsf6A24PzPxbYUmoS41dXoGDpojN5s/htTyBSSvDkx74iABzl26S2gpX9F+DTczMBJmrNbzPjporfv3gb4w8oQbnxEmme7o1WRMCxkW6cdBrW/WvLmiYF70vTgxvg0PBElJ5q2UsweQDbSLnN4md4jBySeAa4DHRM3ZmpviYSNC/FM778rr2FzOqxQ1lQEpWJH+c7IidXnr0BD0RyyCMY1QgAR5EyduCEuXUAw==
+us.			86400	IN	NSEC	uy. NS DS RRSIG NSEC
+us.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xJ/TEqCdoM524I//4BJoZV3xJzEjpNk5JXI40kipDZ8BB8QBM2fWaZfksYLfl1OQ2AMoQiYiVpj8mPOCrt9mICOmv1ilRnzuMXInuB471Z/uYLil47TpJwC2Bjc3q4RE0VAbiOWFcoCTBmhzxc+JB0aT7ywu3jwmMngwIvr+Vl9BNP924dr/J1+qRzUesbjHBN5WtDWkSykI3bVfRmc8exihT3xquVCxll7OjQUM97sS24/vtoLCKIGsroST6XvkwGhjdJhS+5j6yGKa9mI8QXkeW/EqThztNr3zbbI4Wh0fZbshrl08tBhu3iNX0/Op4v8L3rvIHmEYxTHSmldI3w==
+ns5.asnic.us.		172800	IN	A	194.146.106.86
+ns5.asnic.us.		172800	IN	AAAA	2001:67c:1010:22:0:0:0:53
+b.cctld.us.		172800	IN	A	156.154.125.70
+b.cctld.us.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:29
+f.cctld.us.		172800	IN	A	209.173.58.70
+f.cctld.us.		172800	IN	AAAA	2001:500:3682:0:0:0:0:11
+k.cctld.us.		172800	IN	A	156.154.128.70
+k.cctld.us.		172800	IN	AAAA	2001:503:e239:0:0:0:3:1
+w.cctld.us.		172800	IN	A	37.209.192.15
+w.cctld.us.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:15
+x.cctld.us.		172800	IN	A	37.209.194.15
+x.cctld.us.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:15
+y.cctld.us.		172800	IN	A	37.209.196.15
+y.cctld.us.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:15
+uy.			172800	IN	NS	a.nic.uy.
+uy.			172800	IN	NS	a.lactld.org.
+uy.			172800	IN	NS	b.nic.uy.
+uy.			172800	IN	NS	d.nic.uy.
+uy.			172800	IN	NS	ns.dns.br.
+uy.			172800	IN	NS	ns1.anteldata.com.uy.
+uy.			172800	IN	NS	ns2.anteldata.com.uy.
+uy.			86400	IN	DS	19730 8 2 E85A089D69F869CF923DF395F279F1C92BD136A33B60988748B0186E12F7B88E
+uy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ritefIPkXRhYTcaOgODG+T/fPVGQd4bvG6Dc7tQ9EsX6KiSRRoBmnbgbiHn/Mxt7ZpXIaFegQGqLorbrVGCD8o45YPCiWjpv36Fsxi/Qaev6AA45q9UKUk8NRDSx75cSmF3KtvrdQPosITUWWsjm2QdPBZLOHWu1ETPH7vUydKn2hK9O1a3M4c2OGO+B2HFjiQdAyvOQni+nJDOCiBIRB4yPH10vbiYSAencjgZwgcAtaZiP+1bwxhd8FLhK+AYitqO9vDu9SFnMDcvX/yWAX9YYH1cFAyhDWf/Y1bUKHcoRf0TrCyWSD1rhn3yPftWTKAhlq4jHIme0sB5BOtW/XA==
+uy.			86400	IN	NSEC	uz. NS DS RRSIG NSEC
+uy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dbkNpcWMOSfknsj0klJj1q82XD1OT+rAWTWABt49Rw2/aGEHj9ytd4VUZdO0Uorcr1mGiaxTqHemIWM0p6RG5/uKrrHWJ3PYyA5umyBMuGSl2n1G067V60cgcf6X3a6+WK8XWRWR5dFXT66IEuavs+L3o23rmfkf8uMN2TWRqwcjarTFViD3i9ay6zeRJmsW6L3+1dgEht6eA63z+jqn5fVWvsrhuINs9nIaFAytWlocN1wrvmTe+JbZvOxvrpX+US3lky34aRAAIKhRdBjSWIwq46d4nMWbwY5gHIVia1FPD4WXPR0DJ6pg9aFOU3kGJY5iqHbvUN0KvolMQYyx4Q==
+ns1.anteldata.com.uy.	172800	IN	A	200.40.30.254
+ns1.anteldata.com.uy.	172800	IN	AAAA	2800:a0:53:1001:0:0:0:1
+ns2.anteldata.com.uy.	172800	IN	A	200.40.220.254
+ns2.anteldata.com.uy.	172800	IN	AAAA	2800:a0:53:1002:0:0:0:1
+a.nic.uy.		172800	IN	A	164.73.128.5
+a.nic.uy.		172800	IN	AAAA	2001:1328:6:0:0:0:0:5
+b.nic.uy.		172800	IN	A	164.73.128.70
+d.nic.uy.		172800	IN	A	65.22.41.1
+d.nic.uy.		172800	IN	AAAA	2a01:8840:1bb:0:0:0:0:1
+uz.			172800	IN	NS	ns1.uz.
+uz.			172800	IN	NS	ns2.uz.
+uz.			172800	IN	NS	ns3.uz.
+uz.			172800	IN	NS	ns4.uz.
+uz.			172800	IN	NS	ns5.uz.
+uz.			172800	IN	NS	ns6.uz.
+uz.			172800	IN	NS	ns7.uz.
+uz.			172800	IN	NS	ns8.uz.
+uz.			86400	IN	DS	3685 8 2 D058D5A354EFB638058DABD7E0310AF31BD168FFDCCF49405750BF4D5CE5AE0B
+uz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NGAa23uGuKF6Xmx3Z0QtFd9cbZ1hIqeCMtuQmilrUn3Ad7aEYNVP9qvZMKwoEdtMsmPw2bTi6Xy/2qLjsz4ZFPps7srFLPBlAOKE/23aVhiysn1L6bJBiFUi/3Rl6rHKgMJ1t9iItZuIIv0FlxePrdFiifOW96Oamxmwx7JSQkqmtUImdzNz07/bnTHVYHZgA/H/rXtqvFodQGO3KjsNcEpAcAPU5+O9Hz+SmqhrWKI+uUjiy/u6K/OF4bSXat+V5STtlXdT94S15r/t91alIK7Ufn3nD5+wE003qFxN/XbbZUnsTwldh56Obt5j2UXIjLpJQ3N2Qcred9GpXPgIhQ==
+uz.			86400	IN	NSEC	va. NS DS RRSIG NSEC
+uz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m6YhR8ez+mHL8H/iQcueo6uVzZ8pJX38DPcHPVDwwdlF15/TgPhA9pXXB8Clgyk/MF9Jxh8ESjlmxFSikZIzcm8VL3wf4na1ocKbdn+DZf6rFy5Nc74dcybB/vqvuHNMFEToqcz10f0Gg+X12dtHmurt+8XI49Ycce1ouMmTgW+KlZx53k1YmSTF+tBwKD+ISfsxKUUV9nsABU/ZZUvet/pEgM61WTC9UWK8qktfAmuhmKyong2ZpqC7GBpztr1vTFWMpTPUmL8BOYr2rJhdlY4riCiMxsHrLhLHdHdM5etIv9iZZirSjcCsriEsj8wshGFz5RyqzNL+4UY3SvcI2A==
+ns1.uz.			172800	IN	A	91.212.89.244
+ns2.uz.			172800	IN	A	81.95.225.245
+ns3.uz.			172800	IN	A	185.74.6.29
+ns4.uz.			172800	IN	A	83.69.136.139
+ns5.uz.			172800	IN	A	217.12.81.129
+ns6.uz.			172800	IN	A	83.69.129.33
+ns7.uz.			172800	IN	A	104.238.81.247
+ns8.uz.			172800	IN	A	91.212.89.233
+va.			172800	IN	NS	va.cctld.authdns.ripe.net.
+va.			172800	IN	NS	dns.nic.it.
+va.			172800	IN	NS	john.vatican.va.
+va.			172800	IN	NS	seth.namex.it.
+va.			172800	IN	NS	osiris.namex.it.
+va.			172800	IN	NS	michael.vatican.va.
+va.			86400	IN	NSEC	vacations. NS RRSIG NSEC
+va.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hx2LQYnJ2jNhZaMsI0nyiak/8WSbecLl1rYrl8E8IXHEWQBqtP9roNcAKGGJk4J/6Ts6mYQUZOF4ZJogLaSU5R6cy5tMkYFYAQkopFAw76NlNftBB7YrOFcRgwDPLM0hxiyy5XgQh/kPaCtolBEW8Gm43c05Zvt0IUmrA8MFSsJzDBc1//7ggTj2Xw7sPTzkEthGwpesMoyF+U7qNuD9icZxVe/EThBsA5E+rLbEeONDBVUMp0rerf3QPb+Drvoz1Re2VX38QH4JMX0s/x8vjksmrB36SJbh5VER05OKBHWmToN+thN9pygFT2qAWtIUY4afTRJ9GMoINSZm9fzyIg==
+john.vatican.va.	172800	IN	A	212.77.0.110
+john.vatican.va.	172800	IN	AAAA	2a01:b8:0:1:212:77:0:110
+michael.vatican.va.	172800	IN	A	212.77.0.2
+michael.vatican.va.	172800	IN	AAAA	2a01:b8:0:1:212:77:0:2
+vacations.		172800	IN	NS	v0n0.nic.vacations.
+vacations.		172800	IN	NS	v0n1.nic.vacations.
+vacations.		172800	IN	NS	v0n2.nic.vacations.
+vacations.		172800	IN	NS	v0n3.nic.vacations.
+vacations.		172800	IN	NS	v2n0.nic.vacations.
+vacations.		172800	IN	NS	v2n1.nic.vacations.
+vacations.		86400	IN	DS	53014 8 2 63AF40A94F8066D7F6AD7FCF89DC7111407C1DA7A217FFC6C7F2F84A87CC9FC0
+vacations.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eGk8aXVBoJR8JDkovA1yOIuYhYhx0/RiCcQu32JFdwgjioyDGGbmZKtdHh+2N3X14Zj9SxUWfwJidbJ4xHqS2acJD58U5nIiHXHYtGgxyvr6uVh0PDTO0kLRoG1hbpNGVAmzncqqQONle1nlQZNy0Z0sbghrvkmlikMvgTtBRCq+fx73wwMPJpM9ZwPDFPwDI+Ze1p7lSDYZiguH6KQnOZu+mHEDSirKBc8Rpq3EhF9QLGo+K1hrDr6pW50IUGw3m/Xh2+E3CiyNTVPu+x/k8pgRLBCQYW6p1yhlhoVVIPUxqOPXGhtttDuMQOF4+FM1n9bm7X0t1KXE20SYok7vMw==
+vacations.		86400	IN	NSEC	vana. NS DS RRSIG NSEC
+vacations.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nhkxAxKZDUf3NhebkhXhAJVyLT1MqsYxva+5hsGdLvFP33NtGsY0x6d+DkwhTC238IejcpLxUKT+CIgIJPU62AYn6+CJZjKwaZsONAOQjNJ8gRNteR3miKwmHo0pVe+mI76NtyxzmRSzRyeKS5uust61h34RyuTLUt509YBqU/+d6W5i6BNXn0wZGzDEPekhtWt+Uj0kdex30h4AdeguLCULmzK+Deu3MNd+TcRPPYT4Ndb/qsEMdNZA9R7Csm8v/lbU4DdY7vDxOwZYNsrtvhvddQk8+LnckkRvJIGIkKm/2dIHBJTeJIaocAWtXwUEdjAOFYuKZLC1/MVOAdfcLQ==
+v0n0.nic.vacations.	172800	IN	A	65.22.20.58
+v0n0.nic.vacations.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:58
+v0n1.nic.vacations.	172800	IN	A	65.22.21.58
+v0n1.nic.vacations.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:58
+v0n2.nic.vacations.	172800	IN	A	65.22.22.58
+v0n2.nic.vacations.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:58
+v0n3.nic.vacations.	172800	IN	A	161.232.10.58
+v0n3.nic.vacations.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:58
+v2n0.nic.vacations.	172800	IN	A	65.22.23.58
+v2n0.nic.vacations.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:58
+v2n1.nic.vacations.	172800	IN	A	161.232.11.58
+v2n1.nic.vacations.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:58
+vana.			172800	IN	NS	ns01.trs-dns.com.
+vana.			172800	IN	NS	ns01.trs-dns.net.
+vana.			172800	IN	NS	ns01.trs-dns.org.
+vana.			172800	IN	NS	ns01.trs-dns.info.
+vana.			86400	IN	DS	16105 8 2 F270CC6904F1292FBE949FC33C20CF64887D06CC82D2243413ECCAEB98E7221C
+vana.			86400	IN	DS	51813 8 2 93BAEC1BC806C42034F1BA91345D8AA439242EA114157951BF6B7E9F79FC9E0C
+vana.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ecw/Zo0ztynHoUw3QbXfr4dxJj2QvfYAFhOZcZl99QSw9ipO6snwF1UAQh8tqOUdcNRQtqMDWBBS0UhyQKKxfqZfhTGIkCXNyBgN+WfPGygvLEe4+JT3CJmokRq99FM+j1fsXxZ9kigYG4KGZn+MLPRNkY/1tQnbtuYdsw9Z7EOtAZDcU64AIm3k4t2YyBKs/VHLEwGniBnpg1NARwdOm7h7ngQxq6nDQ4MeLz/AUgqPeH+XtJ30IEMK3Gs8G7V6OrbGV8udqFVv+bYq1lLyusO44xk3OpixsU5U+oBQAnY1lyhZaIXmQLP8Nio1wlmMe+PwhC4TWd6dhto9exuEow==
+vana.			86400	IN	NSEC	vanguard. NS DS RRSIG NSEC
+vana.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GfAC0ZXALOfVvkdiQVRR0QFp0w8qnBsawEyVCGi2gtQENqt3nVjUVgTh9oq6TD7TAJhCDN/yVrGnEC3ldfpgdVe6wTFTJtZ27Rmm/fAeb6v06e5O6RiProPooWSfrlLBqvGuG07EdWHcu8CXq7okmh1f46Cf3zktuVexbORXp3clmO37U5ikBf5OUnV4yP3Z0j6wYUwNXNQF+4diEeDRnwusghpqVYzT918qGodDaf3Wi5EPeotZwVN4XI3tWbcOFOx83Oa41gCiMJUnVNwNPzP/1WGYcKSt3BvX5pDUFzWQitxKvRMJsG2BQlNiLJVZCAo1g42w8FsNWJPigIqRfA==
+vanguard.		172800	IN	NS	a0.nic.vanguard.
+vanguard.		172800	IN	NS	a2.nic.vanguard.
+vanguard.		172800	IN	NS	b0.nic.vanguard.
+vanguard.		172800	IN	NS	c0.nic.vanguard.
+vanguard.		86400	IN	DS	28675 8 2 DE83F2879537F8479C81335DA97C8D0B923767B78B5FB56544889D3A7006EFB2
+vanguard.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ca26JiW7ny+pK8V12/DiA98Sd7YxRBA2eOE40zzVI/ae0zIYJ0Pm6B2ah+8oLIcQ/gkgQLFyO+uJic6xUxaf1u0vG2mq+PiodOaHjnawkEKjGui+D8SX2c5Bzdc48lyNHN+y/93CMltB88g01u5Iarbyh7yiZce+YxI4jiiAk4Qd5WOTvgO719Ex0dQbEYq/Nilrbgj3hMlNq2naw1niYwCIdjChM6lLlUsH6lUrzUUqGaCdWax+ooH9mM98arrSsYO9iByXPlRo2+Kn6h3p92nkIf7GldaEyo8qBiPt7ZmGCU2PcRBL3jZk19yJQWBhuGTifXI4y8d9f1pXuDhqhg==
+vanguard.		86400	IN	NSEC	vc. NS DS RRSIG NSEC
+vanguard.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DQ2MEXCZCVaoymSli7+84eDK7Kx6on44+SeipNqbkGKLxDsXhuz0L412ZB/FtHRQOMvkCGxZu+BjvSX7xyzTdlgmASc2Spy/gyNtjMyRnevPjU9xNs/43lfhp/Db+vwxXObk4WckMg3EtL19P8thKFQC88A92RKah94fNxCXAQ0cQWPkF2srirEdMeDHc8FOoBqqTA8jVp4z6ReeM8DXsa5TbCmyHEL+TWXL8GrbNwFRfvz1kWN7XQn+w4BRSirqCy0KWJ1So40GFMSYLIv7bLawhMnw30/p+AJv/cwH3tOSw9mBimgvjnn8wG7zFbeKIDUb5heX4ISC4ZE98r22Fg==
+a0.nic.vanguard.	172800	IN	A	65.22.112.72
+a0.nic.vanguard.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:72
+a2.nic.vanguard.	172800	IN	A	65.22.115.72
+a2.nic.vanguard.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:72
+b0.nic.vanguard.	172800	IN	A	65.22.113.72
+b0.nic.vanguard.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:72
+c0.nic.vanguard.	172800	IN	A	65.22.114.72
+c0.nic.vanguard.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:72
+vc.			172800	IN	NS	a0.cctld.afilias-nst.info.
+vc.			172800	IN	NS	a2.cctld.afilias-nst.info.
+vc.			172800	IN	NS	b0.cctld.afilias-nst.org.
+vc.			172800	IN	NS	b2.cctld.afilias-nst.org.
+vc.			172800	IN	NS	c0.cctld.afilias-nst.info.
+vc.			172800	IN	NS	d0.cctld.afilias-nst.org.
+vc.			86400	IN	DS	54391 8 2 8E38107261B61499F2E57A72E762EF501798A0462CB69E6AFCC9C4A2539E6BFF
+vc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 01XbuYW6XlDBSE1DqiSH3o1GfenOLJA1Kc50IHpwdA00V4/XGrsPaG2JjHtwXEE+2YlE1Vzde8q81etBvgaihpL1GpcesyH7s0fH9dvKmjyVNbQgYyv7wShiTJRh8HU20OaQOkbi3DBcL16MaVdTAWQ8KMcdaHkm/fJaidA8fvCqSbUkBdSG4AGwP6QtuNKEETXkdNnnKDgIjik/PoNlo82ctGcfBalHeOoYvZt8j27X7uR7t6/Y/zxDPjDfPH0CF4qVAFPadyjwILe4jrWS2+upqpa8wPi43Iw02BixrW7fTpHUaxcihOeYuovAM81PPJkua58FO5e/Mre7OvFzGQ==
+vc.			86400	IN	NSEC	ve. NS DS RRSIG NSEC
+vc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OKJVaDqePIYRhNit+Qc8UyZBCIFIrxLI2cUWBBKKlFTui0W3/m5BK9smYWZkAL0t/6psHCs/BH8ag3ZsnWY/L5z+0As7eXxnfkAcq/CO3RhAQ+62+woE+BXx89as+3Kf7aqcGOS0MmTw1+Tzj+TY/0nkawSX9q9LQsSIyOcuDELXS5NHMdeyjUlOh3uJX3s9Aqw+6+lvZTMVA2jDN219z79KgJCFFdBfutHTYVNKRPe1HaLqtcD23vE6HuTjdrzcbhxRDJ68uBXTRlAyiCF8/RhscAGPrn3aMdMok4G4JaYUMYdMRe5s6OtvBoZS/dze0RwicDSqisnFL7HLfKO+vA==
+ve.			172800	IN	NS	a.lactld.org.
+ve.			172800	IN	NS	ns3.nic.ve.
+ve.			172800	IN	NS	ns4.nic.ve.
+ve.			172800	IN	NS	ns5.nic.ve.
+ve.			172800	IN	NS	ns6.nic.ve.
+ve.			172800	IN	NS	ssdns-tld.nic.cl.
+ve.			86400	IN	DS	62041 8 2 78F2ECB0ECD744A381D514EC91CA6389921FE168F41C96A41D0D794CAF30C3B1
+ve.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . waasti2sZEgmFvWYFmlqldMLVjLcBAGJ2Ic2mKT/rh6FS90/WJZXoDdowODOZ/o3FI8LnSbW3O4ZYgSu3PALmzUNsLjcBRZZ4otyl+Q3doCLUBWrWBkTNddqcBcClqnyDSwsm/nPAUq9aVW6aLi5V9yOwJnWSP5qMcVEnk3I0imx2U+dC5vChZJnMC7Gh0ZOYkseU7xYB+18rnebvE1EBOG7wDIL5CUwEAHp1Z0YO3uMXqPHt0hEuY7v5K95bg7nyTRlt1pAvwjvo1slbNDz5Vq1FKBX9TwhQpG3/gpZGJD2Pz/aJjZslkJLlPABOCrZyiCJiCaBvxgjTrdsZM0YZQ==
+ve.			86400	IN	NSEC	vegas. NS DS RRSIG NSEC
+ve.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ekqyfMjb8xp7AEEngYApt4LFGRrUEjW1zkpauw+gSH1Lx0TsRG/XNIc+68cba893OunKAYUeLhUz86W17yFS3MXUCSTfdgx7xNQ9NHVAmStd6FyhmMiBgCCuAdJZJevTE6GLsW2WxXXjMj5iJUIcXeNtAdBpb/jjxYYKO8osxLdr9t27usNyBUs8yyzqaD9T39uGksXrpdRNN5oTYM+J17iFlknyj94zcAEBPyLoZmfLaEUcq5T9U7V4BmyNJQd9I/ooHYrq0ApYYhjE8YLG0IAjgo/YV9wILc31mC0FQW+LxVRKSHaUs89YJ6bp5RBRxRCOQqNW1vUjG6tqXbB8Jw==
+ns3.nic.ve.		172800	IN	A	190.9.129.56
+ns4.nic.ve.		172800	IN	A	190.202.128.43
+ns5.nic.ve.		172800	IN	A	45.175.22.88
+ns5.nic.ve.		172800	IN	AAAA	2801:18:8800:3:18ba:beff:fe61:d08b
+ns6.nic.ve.		172800	IN	A	45.175.22.4
+ns6.nic.ve.		172800	IN	AAAA	2801:18:8800:1:0:0:0:4
+vegas.			172800	IN	NS	a0.nic.vegas.
+vegas.			172800	IN	NS	a2.nic.vegas.
+vegas.			172800	IN	NS	b0.nic.vegas.
+vegas.			172800	IN	NS	c0.nic.vegas.
+vegas.			86400	IN	DS	13336 8 2 612D11E84DB7671F5DC9B54FB8944D57474DE91CA498CA80B6EBC05C162C3AF0
+vegas.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QrN2Kn05RsBNb/dHJEhFLyrx19F7Obkwc2j7YjmpHmVNbeGoITTRFDauPwZO8qdVa6wszbbXuePwgOqnU/V3zwNH+lJph4nGZ/hoE6LIG9Mb5f0JsEHpHE5tS1LF6hq7iFqCeCjrXOzORdPjLMwMEtJCtGMavydCazG4yjlCMjV5N9OUqkQfyYETisJcxpqP27PS/i/nYr4tDXg+xf/zswxCCSoNSr0kGHa2RwMKz8kzM/o3oJa9IpIoEPZ3MSEsbTWn11B216M+dhpPAqVcSN5oaDEmCtUA1AmTbgW0KfTgWx6tviPQXJZFvy9v4NjlW2ApDhuD330ng5wTKFVShQ==
+vegas.			86400	IN	NSEC	ventures. NS DS RRSIG NSEC
+vegas.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . I9YVjdlZz3fx2lAjck67YEqc/iOGE0GZNKn9TuVZKwIjCLrDqaGAozB53biHbM8nM53JYCmkSdRk3YtR67qaRfyOC6aFbCYAX/ckFrNTULF0H4Zh1363FPT8nZZMZeazoOMQXy0g6sJBquU/0AabVwSiAQEMukxgL6fTlQiLxQeUqJtPf6VohiwvsPvUfPrlwRjd8AzcEcv2FNhHQgnnB612q/9HM78gjxFuu/25fei3/E8BDV7uy8Rz/GLj8iKTx9L7r0DvbzyUZMlOneIKgEH4s3Zk5NSPMMXtyXk0h7M7ae1uFSzHSKeAV2vlsk/QghiUY+VxFpEiplqlXcFxXQ==
+a0.nic.vegas.		172800	IN	A	65.22.68.17
+a0.nic.vegas.		172800	IN	AAAA	2a01:8840:42:0:0:0:0:17
+a2.nic.vegas.		172800	IN	A	65.22.71.17
+a2.nic.vegas.		172800	IN	AAAA	2a01:8840:45:0:0:0:0:17
+b0.nic.vegas.		172800	IN	A	65.22.69.17
+b0.nic.vegas.		172800	IN	AAAA	2a01:8840:43:0:0:0:0:17
+c0.nic.vegas.		172800	IN	A	65.22.70.17
+c0.nic.vegas.		172800	IN	AAAA	2a01:8840:44:0:0:0:0:17
+ventures.		172800	IN	NS	v0n0.nic.ventures.
+ventures.		172800	IN	NS	v0n1.nic.ventures.
+ventures.		172800	IN	NS	v0n2.nic.ventures.
+ventures.		172800	IN	NS	v0n3.nic.ventures.
+ventures.		172800	IN	NS	v2n0.nic.ventures.
+ventures.		172800	IN	NS	v2n1.nic.ventures.
+ventures.		86400	IN	DS	43132 8 2 5AD3E6B74A570BBD7EA2F84C87E6BFC6C305233383D14F29074F3E6E4A03A810
+ventures.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FFSBRnXreBBMoNMQlYX+zw/BQs2jT37RWEmnSBe+WFmKya6RDAlmYk6LMVMmuXb9mGVApoh2iDNA/ele+xVDbNrCdYZ2WG14YCCZOlXMbyksuwfKlRcPk/71rr3s6u7zbKMqajXPe2vK1N7cZBDL7IgzZwOtwoN6QSfAZ/Z1cvtrC3SFmM4n1nM3Hdn63q6BUSP1mWEnlak6QlBNCHXCHT4CFPBqoC4+NinXn0u93zLThhfa3dUWAW0YrhI9D7sP8ZVryll+UqjNAimwmap4hApL85K/1CfVgu+psnZP3qT6rHRt4dvxVsJbrTf66yEEjby5KdywbtF3DaCZf1WqYw==
+ventures.		86400	IN	NSEC	verisign. NS DS RRSIG NSEC
+ventures.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . q17pVIO47JpAx3PkPfkh/l5NlNyti2Bp7rQopQAWx5gFQ32HerHXAzOeOYdvjm+RekLB7aGaZEqQADD8/YVPISf49ZkHVZWHBKXSwr+shB1i7xcoIMKVLRtFSCbFLX3rrjLXXYScrkgBpqJ1KzMNT4TAYPvg2rLgRKA/UZ3nW8JT7kg8FvCMJNZ51kj48h72XzhYwsmG3U1I3d2Rs1g6xw8o19ta4NVUnRSaXK6mTnVZaMQxeySfR7E/4vXCajIsxFHebtW/8rw76VCjlAO+5/2ojad7EVoWCMwwMuHr8e6gM7Mx5gVf1eLQ6z9+jA+UBDyIghIZ9w51bc7g5/C9hQ==
+v0n0.nic.ventures.	172800	IN	A	65.22.24.11
+v0n0.nic.ventures.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:11
+v0n1.nic.ventures.	172800	IN	A	65.22.25.11
+v0n1.nic.ventures.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:11
+v0n2.nic.ventures.	172800	IN	A	65.22.26.11
+v0n2.nic.ventures.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:11
+v0n3.nic.ventures.	172800	IN	A	161.232.12.11
+v0n3.nic.ventures.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:11
+v2n0.nic.ventures.	172800	IN	A	65.22.27.11
+v2n0.nic.ventures.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:11
+v2n1.nic.ventures.	172800	IN	A	161.232.13.11
+v2n1.nic.ventures.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:11
+verisign.		172800	IN	NS	ac1.nstld.com.
+verisign.		172800	IN	NS	ac2.nstld.com.
+verisign.		172800	IN	NS	ac3.nstld.com.
+verisign.		172800	IN	NS	ac4.nstld.com.
+verisign.		86400	IN	DS	34740 8 2 7468287539BBB69B7D1FCE14B16E16B6F75B6A1A8E50832DC333FD0F177C633F
+verisign.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Bdv8k6p/3eDlJNuKJ0kGQsInlnuNtqH7N889JGJR8MB+PofYUWsTAHUU5a+z7h+IQjtxNtt7XaeB7X4uzGub0uOzrqDFaW6s0JeayYtiipgbJglDzrQZjWAJtNRAWD6lYoZgVltiv1G12VTIAkqgemJSszQQPBuHQrWr9G2X6o0EwR/AhAhq/m/LqxtWYOkulYSf/YTm4C4+L/EbrC8LK6AX/GyR4zVPQ3Bgus4sMmbFItN2xiAzsgXSz8IggXU9MgQaEscsUe+Gx8GI7lKBF1P4OLWX/knrsQfr+991ZYNOQq8OC7Y9ZlOY4RhlzrAs9qphw4nDX/f5paN4xrIbfA==
+verisign.		86400	IN	NSEC	versicherung. NS DS RRSIG NSEC
+verisign.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XaFHDj6R7++l5URx/Gr7TWIkD/f2vyEWUVPzoG2Hmfw64fyV+08lMbgCRL1qf4juFE98ENCm4IqDiY/8wd4bhGC2m1aQnuIFDCRHZb2NNtq4zoRScIRxUwxmtokv962OvxBR4jW93FyYycqJkblcJt9hGOJNrlXIqIFE+UOVm93TBcvl9XMrzQ1mO/OS5Rb43OtdK/qB6nUapjicxSN9w5ZepWWyRsxVcZNbdZuBJmm2DUQRpP0BDTdiWN1rd6YKBIwW0waSrod2bODcXMjzCYqFcD1V/jWvKhvPgmSkkQUWMhlWbNWsnRpfpUWojmBC47e8SEo1S7WuDhHN5W3wPg==
+versicherung.		172800	IN	NS	a.dns.nic.versicherung.
+versicherung.		172800	IN	NS	m.dns.nic.versicherung.
+versicherung.		172800	IN	NS	n.dns.nic.versicherung.
+versicherung.		86400	IN	DS	26134 8 2 925EE924B5BC6876443E476C16EAF5BF02885ACADBDF27CA2C87BE8EEB7F3B41
+versicherung.		86400	IN	DS	53914 8 2 3FB290C372A8E1F1662E968C7836F7856E493F96F0A6603DE8E882F54BAE577C
+versicherung.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DVqsH510izC7S865j5JwHcesuqXkpx09okOxbRfpYrcBIc3AWpu77HWNDbXd+UsTchm7R68oT45ZuF6BQctTkv7Ygm+8Nt0kUcDYiWvixJNObOeJQBJF3K2nfR+pP4/xYcgzzLGixnBrsWNWg2pLQOMxnIMLuCI4OAId3+mIxATWAGZN4nnxwux8uMs5s2IChadf13yDTjHQM1/KNjpDOeNPldYvx4eWx8dXXEPBeTTqEv9VQ0Iap/QscoA9RDDPF8Yd7dJGTtckCChxa4BokL9Vfl5BtgYsZPHt5W5N/mAGmXYkzE/t/40BijyrKcMHnisdFyBbXNVMQBcaHmly1g==
+versicherung.		86400	IN	NSEC	vet. NS DS RRSIG NSEC
+versicherung.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KYRjpozTmcpLJGmHEYON7VyuTidpK6HxpES020XY+VAfwO2czhzZQ74Y0UdoOe9DpyIAjXfQ49k2pPxT8Ip7Zp7wej5EfwYQ0UP1zgUx72on2r/FdSDcubgfkceSU/D4XDBUAE5wwxvADtaws9QGfPEcZrsFEqL/c3pRYS9MP8PjozSw0qmUYDC7qPr/aqbXtet76JZ1sKiDo2rkN5lppJynYKIARoNcZm1bewGSzR1rDaP86giBQq6paNdZQWv7d32XceU/FNYraWrkxC9ad3ZWl/eE7pmEJ2TQ7FxGw0sq2u5o67rx8NX+iEsW3UkngDHo2P4tOPur8C+6/FAFVQ==
+a.dns.nic.versicherung.	172800	IN	A	194.0.25.13
+a.dns.nic.versicherung.	172800	IN	AAAA	2001:678:20:0:0:0:0:13
+m.dns.nic.versicherung.	172800	IN	A	194.0.26.2
+m.dns.nic.versicherung.	172800	IN	AAAA	2001:67c:10e0:0:0:0:0:2
+n.dns.nic.versicherung.	172800	IN	A	194.0.24.2
+n.dns.nic.versicherung.	172800	IN	AAAA	2001:678:24:0:0:0:0:2
+vet.			172800	IN	NS	v0n0.nic.vet.
+vet.			172800	IN	NS	v0n1.nic.vet.
+vet.			172800	IN	NS	v0n2.nic.vet.
+vet.			172800	IN	NS	v0n3.nic.vet.
+vet.			172800	IN	NS	v2n0.nic.vet.
+vet.			172800	IN	NS	v2n1.nic.vet.
+vet.			86400	IN	DS	19864 8 2 2B1B3AB9F4FDD837FC9F9C7875FA916B6A22C3EF5C0C04D5D3235E42828CF6A8
+vet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . p4cYFlErJBJLVLBjuoVLvHO/v3BBv7dxeib11DdXBdKXDCBIcA8Tr3m4XOtOncpRNOvgbA1HboOAVoeV6IXZrMQOpiZn3n6UBMkmi8xpXw70TsF5IS5zbL8EhkBLbZxsgrbO7eWR7IV4Psz/eAW0D6I2gZZ1IjjzdTeUqC8wwMOHIVbh054cxHQGDW/m2axnRZpn5mPW2okgT9PkXJQ2va2y1p05CryHA6+A65EhCEoGrXXSVrozRLrKqjBdPwcFoczj1m7qj6Ux9mx5dmqslhcVm/xyDSi4qgEpQq4xQ7qb7K7EmhutflOgWxgp/g05c5QlQGQvuTy4qxw0UzOmdA==
+vet.			86400	IN	NSEC	vg. NS DS RRSIG NSEC
+vet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DyjgTF6+n+438I8gTgWJK3c1kWQRxas+/R2kGf8Cqe6644PlKTGK0qP7jkciVqR6Yo/6LYCfoNHqtooAkFRrUtF9vtzKVIYrOASkkd+mLt5IHpjSynG1BeHNoMOTk1v66VGNZ+ghJaDptZ19aQ1DrTyKhzC8aiyKgHrRhm47CqePbqVuIvzXlWNIjgfoBa3Ti10xM9FE8zCZ8oGUDDz6w+TNNeqEmSxJcc0n1oCkZJlrLppMwIYECdJcqZGkBfpy3zEz20vcUZSzT/Ey0nMk9y7SnIH0RDTZ2JhyR+mo/coqRud/H1W6x2Z7muNKQDh23EIliGnKSndziliuELK1vQ==
+v0n0.nic.vet.		172800	IN	A	65.22.32.49
+v0n0.nic.vet.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:49
+v0n1.nic.vet.		172800	IN	A	65.22.33.49
+v0n1.nic.vet.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:49
+v0n2.nic.vet.		172800	IN	A	65.22.34.49
+v0n2.nic.vet.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:49
+v0n3.nic.vet.		172800	IN	A	161.232.16.49
+v0n3.nic.vet.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:49
+v2n0.nic.vet.		172800	IN	A	65.22.35.49
+v2n0.nic.vet.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:49
+v2n1.nic.vet.		172800	IN	A	161.232.17.49
+v2n1.nic.vet.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:49
+vg.			172800	IN	NS	a.nic.vg.
+vg.			172800	IN	NS	b.nic.vg.
+vg.			172800	IN	NS	c.nic.vg.
+vg.			172800	IN	NS	d.nic.vg.
+vg.			86400	IN	NSEC	vi. NS RRSIG NSEC
+vg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ecM+D4SK+CmIG8op7XXY8byhpiWYXQQ6OaNj2jpMHHvuD7n6SNxSM+v52mp3dLyuNtpf4iTIuK+o5WoOT+Kh5D2BBN9IX98IfCG+r6qKTq7pzZH38pJz19qfiFZJh0Rum5Q8sdDj3ZEFupMNiyjEargEp/d43fGOPKWlAuWwAZVquW5scosh8AxB6KNPmV6Z142o3O+uN4uu8Zoi9+MT6eMQMg8Bp7pR7ghAHmgHA6FEWU2AKALmZMTsOdc7KJJTR49ncRcUwGtChiixwp3/1GMCxH0UoisZgaYfCoF48k43GGrTLHdj0kIWG1R52nfxCCfDf38Zisd+6NzZijS6IA==
+a.nic.vg.		172800	IN	A	194.169.218.104
+a.nic.vg.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:104
+b.nic.vg.		172800	IN	A	185.24.64.104
+b.nic.vg.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:104
+c.nic.vg.		172800	IN	A	212.18.248.104
+c.nic.vg.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:104
+d.nic.vg.		172800	IN	A	212.18.249.104
+d.nic.vg.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:104
+vi.			172800	IN	NS	ns3.nic.vi.
+vi.			172800	IN	NS	pch.nic.vi.
+vi.			172800	IN	NS	auth100.ns.uu.net.
+vi.			172800	IN	NS	auth110.ns.uu.net.
+vi.			86400	IN	NSEC	viajes. NS RRSIG NSEC
+vi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EvqLZscCr5S/iK4rgXEsrgxr+HwriSpjrEccy7FkgMJTnUOh9r3LWrlda0df+bS7bXQT8fZQKfHV1jSDvVHX+/2B/pBwhpOroW4jKsotCXQ7cJo+MoEXaNRw6LTh3BsAIfshgeiuFGjfSOnZ3IwT+l0Czt3PL7F5wkOtC4N2h0RqpG86fkWaLBo11u9qoyfRwENOdpskGeJ0HSMUItWencWHAr2sZKeFWxPMtv12Xe3jfzfQigqcXytyIMTaU3ieUK1m+ROGqUf1tUgX9OOcuK3jZ24jeag02WmOCmF71Vp4eSmYosyGCyR5+XLmVa/xY35vvUTu9hk5u6rdaLf1gw==
+ns3.nic.vi.		172800	IN	A	185.17.236.230
+pch.nic.vi.		172800	IN	A	204.61.216.133
+pch.nic.vi.		172800	IN	AAAA	2001:500:14:6133:ad:0:0:1
+viajes.			172800	IN	NS	v0n0.nic.viajes.
+viajes.			172800	IN	NS	v0n1.nic.viajes.
+viajes.			172800	IN	NS	v0n2.nic.viajes.
+viajes.			172800	IN	NS	v0n3.nic.viajes.
+viajes.			172800	IN	NS	v2n0.nic.viajes.
+viajes.			172800	IN	NS	v2n1.nic.viajes.
+viajes.			86400	IN	DS	1006 8 2 EE19922420D5F38807E2D61A8D0A7811E2C622BDF65CBDF56AB83FF4569FF4B3
+viajes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PQC3MCMqnLxY5Rkzf9VeUezrpYNlgZYHKeXEayClmtxjkpg6npha1F6/EXyxl5WTs0HLlplcx3BlPVtA7Uqc6+K0Oj1+rbmcR6Y3VDASWYXMu0TZPhs9dSz/iPqKCo2Yw/jiGbOEC6flMkjv0XeHWzP0D9nt7VbYMP/D1dV0M3iloWLcI066rvK8guKdSe8l2gpWTp/KkFcE2SKwmOaq35I5phrIxY3B8wfPnRNNJgLzaqk+7pHDXiFYGsAsivlcqNlms/c6D9g1m3MQY7FSJQD6iWqt0/Q3FYOhjrM/i3aKMrsDKOHvRf+DxdV/A/gDAyQtT/eueXzevSDNeFOuZQ==
+viajes.			86400	IN	NSEC	video. NS DS RRSIG NSEC
+viajes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wS/BtGyBVK1UymeVppn/gwCYpoBWlr5ByoNu0Qo/qCbPsxOQHWgKVlWZcvOcXxmxiX+uSWQQUd9SFQOfHqLqw5GtvDXVv+XFN995E7/jjIEgjoRvNUuzTjr+0ANXo6JmrUVTwb1ysT990PiNCYqLNNd4JM3fdmp1Da6H9PpqWJGzaxRNCPgRrpkbmgyDv91uvHXS2qOdlC7rE+qdwxsnL4BFQ2z7DWrN+r9ZRviI9Uy8qdKtNvax7fAPawH/LgnthYaHCcvaZDh7FhCB69tGNqp1kIV7f20w1cyGTig8lfs3AVkRMeaDo3jWVHdhMQe3PNt10z8rF9VOZqaq8aq9DQ==
+v0n0.nic.viajes.	172800	IN	A	65.22.24.32
+v0n0.nic.viajes.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:32
+v0n1.nic.viajes.	172800	IN	A	65.22.25.32
+v0n1.nic.viajes.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:32
+v0n2.nic.viajes.	172800	IN	A	65.22.26.32
+v0n2.nic.viajes.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:32
+v0n3.nic.viajes.	172800	IN	A	161.232.12.32
+v0n3.nic.viajes.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:32
+v2n0.nic.viajes.	172800	IN	A	65.22.27.32
+v2n0.nic.viajes.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:32
+v2n1.nic.viajes.	172800	IN	A	161.232.13.32
+v2n1.nic.viajes.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:32
+video.			172800	IN	NS	v0n0.nic.video.
+video.			172800	IN	NS	v0n1.nic.video.
+video.			172800	IN	NS	v0n2.nic.video.
+video.			172800	IN	NS	v0n3.nic.video.
+video.			172800	IN	NS	v2n0.nic.video.
+video.			172800	IN	NS	v2n1.nic.video.
+video.			86400	IN	DS	42529 8 2 4CAFBFEDAB7097A3727581BCC76FF8EB10B0C144B96F77CF48D7814E21D8D3A7
+video.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aKJw2H30B7OJI+sY/IZwq+ekRHjpONQf99DDkYGLgnNJbuIvqkJ81J0cWAUCHQ4Fq2OToTLBG8vosW4RRD02uh3H9aY9YgEs3M31PXpvB1SxiJLp6tIEFBhc3/RdfAFvlmtyBIYTorB63rCCA7y9zt1FCAIezppKqFZbKD/LNcn7g/KfvQTtNM4GuNagXpyHYX7U1+45bjyCt8HFbCr1jMo2crTcd6CEGXwmqyUHQtNEFo3tWWznCCaQQ84+c1mtTofX4um8afNbJm52h/I+jEwMW3pH6v23g3kcNA0oK2Sfwi1WCN2m3LZbOcXCJBB9n3cCQqTIvp2i0sclQwzVig==
+video.			86400	IN	NSEC	vig. NS DS RRSIG NSEC
+video.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ufL2P9lVvX3xWJdVW3Ry/nv81PXw3sCvH3/YVrJeC3NwmYFy67mKw/ptr9y0kjnH3CEILeGRbmDpTvpzAjN88vIyJ1Du1cJrSl6WU4c/PypP8XkQ49pEC4Odyn3sT8oICGcB6OmrM9mdm95szVxRlwH2eJ4Wm7eFskV+1F9X76zp7GRdswmLueup3MfOxCW1JclqvNi1VvWJSRbFuVZc6f7TULqUL60otnaMnJPHrW7D1gnpRemhLImhhevzDX1ybcUxYt0RPLSz+5TJBIJYi+Ichi91edskiSMZGAYmm+lUH/KmMfW8l3G0wWBbJn9jjo+YWfMvKUN9rM+89+mNFQ==
+v0n0.nic.video.		172800	IN	A	65.22.24.40
+v0n0.nic.video.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:40
+v0n1.nic.video.		172800	IN	A	65.22.25.40
+v0n1.nic.video.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:40
+v0n2.nic.video.		172800	IN	A	65.22.26.40
+v0n2.nic.video.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:40
+v0n3.nic.video.		172800	IN	A	161.232.12.40
+v0n3.nic.video.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:40
+v2n0.nic.video.		172800	IN	A	65.22.27.40
+v2n0.nic.video.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:40
+v2n1.nic.video.		172800	IN	A	161.232.13.40
+v2n1.nic.video.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:40
+vig.			172800	IN	NS	a0.nic.vig.
+vig.			172800	IN	NS	a2.nic.vig.
+vig.			172800	IN	NS	b0.nic.vig.
+vig.			172800	IN	NS	c0.nic.vig.
+vig.			86400	IN	DS	64474 8 2 4DD8D2A7168F0358E8945F0558E2A643F3E941F6440FD26AA0D91B4E2B54B0E1
+vig.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jerHNvhaWuaerSljFoCAbs6dMb0Zzej+s+g0B22IQlmUySAXibnrv4JIgEz9MfR7DyW19fEPMkhIJp+Fszhv1O/8s9CLey8zv2YO3lXAp0m5G5hN6DEZXEhkqpvgShEszW5FicS1rCFFtfHwvslP+ocaqd/u8AFLaVABt9dv3ooBalalnfGRyYSvp2EtXxDmTxAffd/pEfXfXqYLYVGAnamlaZAbU2FWuVw4+PU0tH5xUhXrtcGq8+4wAwNVOMbUpQhbef7WCKOvzDPalTOtzZ2jcQizo2C3eE9P9Othv74XR9F8dC5fi5c/xr9f9ZUqklvdbKQXTok6e2odqnkWWQ==
+vig.			86400	IN	NSEC	viking. NS DS RRSIG NSEC
+vig.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J/TytUF8VJmyzRuqPRQShB/MhVhMmv9VAClhs+8PwgUlg1giyYDdUBIOllo/QSkDeJ3CXUit6SmMAZv5lUdCjFPczLMwZKwByVTLng7zstLU9+ihbU7xTNtprilAj30wvDFwKTsiV2ZjdF82O7d+K2ZpDpHQgZD7X0LB6I/nFnQ7FNaoXZ5jXSXxbfCsFext5J+okXE5c2mpSWTKaz9zzpmzd1RUi+KSN5AP3mdRWwoOPTSSRBvhhDA4uImLn5V51P2TtOQbL6pQneh3thPg77TXQrWrtpblEsALDX4pElkewwEVnhvGAzwsA7uA8ipf/Q3UkCcR3sArf9lsTl+Kiw==
+a0.nic.vig.		172800	IN	A	65.22.48.25
+a0.nic.vig.		172800	IN	AAAA	2a01:8840:2e:0:0:0:0:25
+a2.nic.vig.		172800	IN	A	65.22.51.25
+a2.nic.vig.		172800	IN	AAAA	2a01:8840:31:0:0:0:0:25
+b0.nic.vig.		172800	IN	A	65.22.49.25
+b0.nic.vig.		172800	IN	AAAA	2a01:8840:2f:0:0:0:0:25
+c0.nic.vig.		172800	IN	A	65.22.50.25
+c0.nic.vig.		172800	IN	AAAA	2a01:8840:30:0:0:0:0:25
+viking.			172800	IN	NS	a0.nic.viking.
+viking.			172800	IN	NS	a2.nic.viking.
+viking.			172800	IN	NS	b0.nic.viking.
+viking.			172800	IN	NS	c0.nic.viking.
+viking.			86400	IN	DS	50971 8 2 1809DBA33D16E851270758C3EF774D65984AF94F7C3DE9B3470167CE19C22DEF
+viking.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Rhytx74Rdn57HLAkmyfRke5JuV2aHpQpZYFzQ7rtHmDP9z81MGUheDPkQ8MLMfqWqLYdXpoKjZ5ywlkD2o18vbcVFen5e+x1FYxkFlmxkUMpzWpvuOdM4dGQc1LxHDgOpYW4eXHczE85I79LU827jD5Q7sfPBOXR+KqRLRpVBdQXjF8C3zEFQO5lNo1ZrXOvzR4nwp668THxNRWSA1yncAJck23+TP/vrqRbhuxUrwTI5r6Qm4nKBqP/t455YJxV6WeT2SPlmno6VzIIvmLK5cJ6wkOw0HsakLPvae3eJmzqBK7jYOH1xHEqf+i0yOUbotqxGIBXxoMIVlHix+ISXQ==
+viking.			86400	IN	NSEC	villas. NS DS RRSIG NSEC
+viking.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MuTPi66DnKc3ZsTgz4hlXfWby3+TR/Sf/lQjWnGPkg/VTAqeJ3cGz04LcwKJ2abmygfBKRbm+uJj9G1f43RlSABBniQ8t1AcU/R6UQpEXOvqjRmbkdLL+3X0i1PZJ4i2ISvyC1EdwmGjCDmAjOGxu+DZsK1ztoRJFzMpZBOA6E8NptXZ647YwIMD0CKLVlAVsoISpx5WVqp+coIgOntc+KFR0XXR3w5hIORj00a1HxNoGNyXS98ePtBtLOiNQtXcBrz45Fcu+SrRcLPkwAnKCH1veXtX5nSZlN59StIjaCzzVuyn/AQpXuS+Txe49ogal7zH0fU/RQ92lpaX7381Lg==
+a0.nic.viking.		172800	IN	A	65.22.192.17
+a0.nic.viking.		172800	IN	AAAA	2a01:8840:ba:0:0:0:0:17
+a2.nic.viking.		172800	IN	A	65.22.195.17
+a2.nic.viking.		172800	IN	AAAA	2a01:8840:bd:0:0:0:0:17
+b0.nic.viking.		172800	IN	A	65.22.193.17
+b0.nic.viking.		172800	IN	AAAA	2a01:8840:bb:0:0:0:0:17
+c0.nic.viking.		172800	IN	A	65.22.194.17
+c0.nic.viking.		172800	IN	AAAA	2a01:8840:bc:0:0:0:0:17
+villas.			172800	IN	NS	v0n0.nic.villas.
+villas.			172800	IN	NS	v0n1.nic.villas.
+villas.			172800	IN	NS	v0n2.nic.villas.
+villas.			172800	IN	NS	v0n3.nic.villas.
+villas.			172800	IN	NS	v2n0.nic.villas.
+villas.			172800	IN	NS	v2n1.nic.villas.
+villas.			86400	IN	DS	32191 8 2 CE7CF1B69581DC8A7D97B190D57A0D90DE2F35F3F906E15984163F3BD62B6A7A
+villas.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0v1j08eSHj3iNmlvM98KT/yCgP0PC8adQsLdn42ZeRdahZ4AfZInHQxjjqXKEoRhU8MRIi74J5eGu2IAlW2R0mUYoFHHFTOp0lWvjf8LpaAQH96xq0A9TJDgDpPtRHorwtk79plcfVUnAI6mp+NCaqm1vTuuoGdgr9V4tUwl3+yeq7JHWGvVBjgbqtXWBq8Ez64fDFWQdVW7USdYNCZ7G5R4XhknckQEkKFjlAYg+lf3yqpCBfUDK38+wXGcm6QZrjElHLkrGVaBSnUN02q2wBS80gMTZGi3HMKSCQ/WPtZ0sBzzMEu4D2oE9/UOG0HvIC448oe3ZZQgvLrWSR+kSw==
+villas.			86400	IN	NSEC	vin. NS DS RRSIG NSEC
+villas.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wT1nqo80RBQBSxNJgYrueGDZeS8chL1fO0YxLDw8lptS8WvRv6WG5AtmOzNJEtY2dqQNQjV9vtyBIlzVsotoDGnerb7iyOHu1EdnOdM3JwlHBZxYVCM3xD53VlZSH2XY0aWiMAS+qc3NvYRKezeifZ/sbxwv7qq7i38wF3L4Pl66DzNNowb96ZU98NiLnJVIwNoolvKA7iYggXqIPXPvAM85YmTJP9sSgiKa/EsjbMfuL6jltfI2QDBYPUURz/tAnouyPnYEQkHpLacurKTn/iA0wK5GSpBy+wLg8A8oTAQYTLvEI6oY7RuE7pfJwp9of8ZeRO4IVWVy125Ny15saQ==
+v0n0.nic.villas.	172800	IN	A	65.22.28.62
+v0n0.nic.villas.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:62
+v0n1.nic.villas.	172800	IN	A	65.22.29.62
+v0n1.nic.villas.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:62
+v0n2.nic.villas.	172800	IN	A	65.22.30.62
+v0n2.nic.villas.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:62
+v0n3.nic.villas.	172800	IN	A	161.232.14.62
+v0n3.nic.villas.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:62
+v2n0.nic.villas.	172800	IN	A	65.22.31.62
+v2n0.nic.villas.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:62
+v2n1.nic.villas.	172800	IN	A	161.232.15.62
+v2n1.nic.villas.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:62
+vin.			172800	IN	NS	v0n0.nic.vin.
+vin.			172800	IN	NS	v0n1.nic.vin.
+vin.			172800	IN	NS	v0n2.nic.vin.
+vin.			172800	IN	NS	v0n3.nic.vin.
+vin.			172800	IN	NS	v2n0.nic.vin.
+vin.			172800	IN	NS	v2n1.nic.vin.
+vin.			86400	IN	DS	25786 8 2 BA89439B43DD4C15AD9D0BC69198518041F5A9E269CE479569F0E42017D8A9A5
+vin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Vx1hUXqqxbIHnJglzSNldIuSatLsteE6OMOLTOIAD4zQwOJTlq57qVQ9930btsW8qwCPZt+sAUaIokwOSDJGmBsMiiyZ5MbYs9QnuCF64XI0PJujN8ofsbcNy+hCeO1+0PMLi5IMLHm96XnIa0ZgI/CrsXVZhn4/07EY4N0quFesL3EXk+bM+ffTS9wa2h1PLBOczYCEwHSNDwAQMPQFCs//t0PbXRs9esgqxiFL8P/vYYr38ZgZvpJesgwxOzW9vboYgKKYW478/T6nJoPyAQrW2NIzAZU+61KubKjUqCaGd2K7psl3rmx8O1W7Q6qOSKuTVI0f/+xdnn4gaRf+zA==
+vin.			86400	IN	NSEC	vip. NS DS RRSIG NSEC
+vin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JTPsxfpkZkAo8N3HOna3eb7/STuf7jrarkDaO6cYPokKBpWEUfZg9Qv77Z3B6U0Brs0TbyK0O7NswpE9watET5e0fqjILDz2BS0sKcrSr4u2cFkieMEAERQaaMBUEVLOC52pF3auabWh7237MqdEqUYQmUvFae+ErJOLaX45hbzRLwVZ/21DJbjyxYMaPS15kH7Na/SEvcxkxFEItdUbu4bKBQcbOj8XPVQXDG6DErMx69q6cS6tiCMRe78DHhqetjTXlk6T+qubsVAVYwG9cLVBvtCGtA/VAvX1m+GmP0/xEElSvZ/nEh6gQuM+zT6OkmVMbIJcAWmYcZTapm0upA==
+v0n0.nic.vin.		172800	IN	A	65.22.28.21
+v0n0.nic.vin.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:21
+v0n1.nic.vin.		172800	IN	A	65.22.29.21
+v0n1.nic.vin.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:21
+v0n2.nic.vin.		172800	IN	A	65.22.30.21
+v0n2.nic.vin.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:21
+v0n3.nic.vin.		172800	IN	A	161.232.14.21
+v0n3.nic.vin.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:21
+v2n0.nic.vin.		172800	IN	A	65.22.31.21
+v2n0.nic.vin.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:21
+v2n1.nic.vin.		172800	IN	A	161.232.15.21
+v2n1.nic.vin.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:21
+vip.			172800	IN	NS	a.nic.vip.
+vip.			172800	IN	NS	b.nic.vip.
+vip.			172800	IN	NS	c.nic.vip.
+vip.			172800	IN	NS	x.nic.vip.
+vip.			172800	IN	NS	y.nic.vip.
+vip.			172800	IN	NS	z.nic.vip.
+vip.			86400	IN	DS	34207 8 2 DB3E27D9A9BF7BA3AD1E2A45D5D2B10486670711BE8D81F1487B01912F06A47A
+vip.			86400	IN	DS	40669 8 2 EB70A1F31A3C3B26E464DD98A97970001FC220021DEA2B4A5DDA68DE2C1DBF00
+vip.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HMp1PoLWc9wHPn3JrS8hkRHdT4Gqjw/0zdO5P62p4dbl5urpowDGnfeKKf8WWbNZidETKFe0chSeELCpc19lwwiihaTxKUKKDFv61M4yDHzAQTIym8SVZWltNRLyc8pMYVL10+sccJllaVU0FmWj86NaCYgUdFEpJIASBw2ItqCHBr6paw+l014ekBIKPnZSXz/Qlcw0VLQYQy1jkmrce//PYeLneS1SZYx43xjqLbpOB8lwZ30+kD4pJkqqxutzB568OE1vEx0+twQacMrT9Cq59779BM7M6z5vdn9LrSygpC9wrV8k4bNhTIsfmpaDvJ8RQBW1umSiey1MYfX7Wg==
+vip.			86400	IN	NSEC	virgin. NS DS RRSIG NSEC
+vip.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . R59iTA9zwJ1DEqLbO3oSirR+Yd8OdtWnau+2ktvJRsrpTM5yAeEf3mEqCc1fhhDrUVXAD7huTC/XplhOOEhkjdl4BWksbBIJuxFFVmERST2IdhEU8i+g7biMiRcYjcVpc6U1eW4b6IiJL0klwpMIErR9zdxM+sGkLZ8cHw4omeGARZ4hnnqKjm3fR/Ru3Bs24QNDgKy9ncbwhv2AMR0VlUPqnUODe3lhDSJlv+cfh5D8EGxqdOAqvG7bIF33he5K8tLqyYLgrfxxpZiOtXKaPQq4id5Vs73HgsWBGDklJ5YnCAt26JdXeke5eKAP91ljKeDSw1qv34tFd3sR5r1Lsg==
+a.nic.vip.		172800	IN	A	37.209.192.10
+a.nic.vip.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.vip.		172800	IN	A	37.209.194.10
+b.nic.vip.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.vip.		172800	IN	A	37.209.196.10
+c.nic.vip.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.vip.		172800	IN	A	156.154.172.82
+x.nic.vip.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.vip.		172800	IN	A	156.154.173.82
+y.nic.vip.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.vip.		172800	IN	A	156.154.174.82
+z.nic.vip.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+virgin.			172800	IN	NS	dns1.nic.virgin.
+virgin.			172800	IN	NS	dns2.nic.virgin.
+virgin.			172800	IN	NS	dns3.nic.virgin.
+virgin.			172800	IN	NS	dns4.nic.virgin.
+virgin.			172800	IN	NS	dnsa.nic.virgin.
+virgin.			172800	IN	NS	dnsb.nic.virgin.
+virgin.			172800	IN	NS	dnsc.nic.virgin.
+virgin.			172800	IN	NS	dnsd.nic.virgin.
+virgin.			86400	IN	DS	41930 8 2 64E74557CC76DD3BB05F8EB86EBF531B186D95E91BFDAA09F35FD620D960603A
+virgin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ywKN9HFKUsmp6roh6n014wviTlHK3zrYD/K2UTDuJH+GrR/9dvsPRxF62ATwsAV7t7bXkOrBl3fp7suyUiK/xbbGcMEw01OmZFLCUH745/3ppPxMfD5q7aG9L+6s/ljY9Eflhe3fZGtPeQYZV/8EfKzZge7wd83+HG5teHsQPrSkeDpi2OA2Vm4NrIl7pvMgAE9QytfYF/I63NonqGJZ3pHRyHoA9aDVREe0uvOAM1NJc97sNQdoWPNhGoiKqOyKlFF9nZdu5G/4V3TsSe3YVG7j8vCKvhY7l+BQdiVf/arMraixIPp8fhsvrbXPqm97HFw5cNg36Mo7mq7mXfqNpw==
+virgin.			86400	IN	NSEC	visa. NS DS RRSIG NSEC
+virgin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . S5ixnjWVWJmKRNZWobQFc+QsBE1ShgIdTBPZhaWRo1eY0a2aghgco9zOQKcCFxVy1wUlD7FGT2kgBdbZnGNAJWJeBswfnO2vV74erJ2Wk/7D3WdmSo99oZ9ERL8Ah42us/Mq4GNF+ZKXxj3KKYAeAXqcqQ2OTByjL0R6i7/hl0cOM8t4BDrjmRlaMwaTCqyxNnuVKFno9Z1/zgnFAaM37DrZsQaegtGEmID8TEIoFfyATlt+1QEo6U+Z77V79LmsWovnTTic6ipzqe8Em07heNNdwBwo5yAyzv32BMWNaeCPY5nSwZVtFzq+4Ryz1kaf2mp53LIAPjMUs4WqN4Rfdg==
+dns1.nic.virgin.	172800	IN	A	213.248.219.40
+dns1.nic.virgin.	172800	IN	AAAA	2a01:618:403:0:0:0:0:40
+dns2.nic.virgin.	172800	IN	A	103.49.83.40
+dns2.nic.virgin.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:40
+dns3.nic.virgin.	172800	IN	A	213.248.223.40
+dns3.nic.virgin.	172800	IN	AAAA	2a01:618:407:0:0:0:0:40
+dns4.nic.virgin.	172800	IN	A	43.230.51.40
+dns4.nic.virgin.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:40
+dnsa.nic.virgin.	172800	IN	A	156.154.100.3
+dnsa.nic.virgin.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.virgin.	172800	IN	A	156.154.101.3
+dnsb.nic.virgin.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.virgin.	172800	IN	A	156.154.102.3
+dnsc.nic.virgin.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.virgin.	172800	IN	A	156.154.103.3
+dnsd.nic.virgin.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+visa.			172800	IN	NS	ac1.nstld.com.
+visa.			172800	IN	NS	ac2.nstld.com.
+visa.			172800	IN	NS	ac3.nstld.com.
+visa.			172800	IN	NS	ac4.nstld.com.
+visa.			86400	IN	DS	55863 8 2 B7D4DD6E17C137C8D9121055EC796100868870D2D31AC0DC5A2CE1972F692CB4
+visa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mJ7tadLceoIDY9Hb1e5eZhj1N2BmN2VPPK6rcvBB7vF+vMPvDX2c5VvtHXX5Ly9NRY1hNnkuYLJ1dDpIY0txXtd/NPhTnYaXnpsp63OhdZ31J27l1O5TogVwva/Yjq8fBzjAYEX3nx5rI/sLJIXQvWdqPS50qTSR6kM3g+5O9Hsjfe8SQY2medW2QQMXdOLGZvx6DrhYEs9DCVtJZIJpyU2jCyCUj/3BLDPT/mdl6QsPNFiQOxcEKdFKzZx8wkmwyiDW/9TlJsbNj1KTyQkO1ISjCFXboJNZ+aX9nDl/FdyXDLELccIkEkb6w9E7EOp2BT0V7ED+9hMWRyJLlHv+mw==
+visa.			86400	IN	NSEC	vision. NS DS RRSIG NSEC
+visa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b3rm0YiChNwWIzyFC2JrVE2qfmuckhkTHmJfmICsv5jOOrh8RqOsgkzvaKq0exmTMeNSuqDo/oo5eDF7aJvlQmhpWCgoH9yahotkaRPbSPZUsYMMGAfPhfmhss3bfYm5wTyu23sT0dCf49nEcv0qRj8MXK17QRyG4d85PktsG1znWcF/jA/VNYdwxL/XWSO1D9XaL7iZtOcFw3sAuopI8UZ+sd9MehY/f3eQ8l2WrTt1XQ+XgdulWo2bSMgK/yqF4oXGYWdCgXE9fPi3zrIE8X3wzA8CC8lyjsWH/BQwQ6Ufja7IzkOBXSUWE9hyw3Upn45NyzFbpiTnlSoFGz7WOg==
+vision.			172800	IN	NS	v0n0.nic.vision.
+vision.			172800	IN	NS	v0n1.nic.vision.
+vision.			172800	IN	NS	v0n2.nic.vision.
+vision.			172800	IN	NS	v0n3.nic.vision.
+vision.			172800	IN	NS	v2n0.nic.vision.
+vision.			172800	IN	NS	v2n1.nic.vision.
+vision.			86400	IN	DS	58084 8 2 4E659852DD1934D5E78A5E6600EBAD107682821E3BB5991F8B4BF8DFBC6927FF
+vision.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sWOvTmRoVUDOv1AdDiDacluzvFNMljE9xuS5YcEDdefukwxk0zClnZGLjJMu5dttn8tX+XZiUxBwhK9fRUnc4lsPcWbQJcw2+oY7UkFEy7hZs270kDg76nQw+i1UpfWMuu1xdmRCjPTW/Htm0fbBcrxTM1w8rrBF48BuVK5IU1Voyv0776WQB3zBjZnJmbRcqYjaJmVnF05L6XHcw3le+qV2z+ssaIbVZqcCKoxmHN6fOPgDpx3ybo6MBK+Xteut9aHHynaqoTlf1J0hfcFw6/PsYuL4EIkOryWyTnTO8+2BCbi5mYsggVU6X/r2WK1kT+XyMvYLnHm0r9YgF2/SOw==
+vision.			86400	IN	NSEC	viva. NS DS RRSIG NSEC
+vision.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VDbNos/ACwW3DqhhLCTBuy3JjQqf5hAWF6WZi3Macbn+YNyNFeV/pBAssYdoai+0UHORwEr78POGsp5YJSLlF/S9HTPImnu1OyxpxyERlke0gMR1l4jip9r4F7dbRaHWp4GKSW2OyghpVRp50tDuPZQ3/xHY8hCSX4CYVSkNEM17jD3QeygqLEJm7a/+5Vx80OR2zpwN087iYCqk7udnWI344IFpjvYKUpj9RGcRYCLmZ4QNwZWnzy1lVVfo1mtK9jlM2dTjnfEh04wVk7G4sRIOpuiKcz+b51Iy+3apu27Y6j5vOVPG3n2df9zeSQbz+MgYNSe/OuS8ZmtCFWMJ7g==
+v0n0.nic.vision.	172800	IN	A	65.22.24.15
+v0n0.nic.vision.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:15
+v0n1.nic.vision.	172800	IN	A	65.22.25.15
+v0n1.nic.vision.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:15
+v0n2.nic.vision.	172800	IN	A	65.22.26.15
+v0n2.nic.vision.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:15
+v0n3.nic.vision.	172800	IN	A	161.232.12.15
+v0n3.nic.vision.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:15
+v2n0.nic.vision.	172800	IN	A	65.22.27.15
+v2n0.nic.vision.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:15
+v2n1.nic.vision.	172800	IN	A	161.232.13.15
+v2n1.nic.vision.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:15
+viva.			172800	IN	NS	a.nic.viva.
+viva.			172800	IN	NS	b.nic.viva.
+viva.			172800	IN	NS	c.nic.viva.
+viva.			172800	IN	NS	d.nic.viva.
+viva.			86400	IN	DS	12386 8 1 4BCBDAA886B0DCE29C68A90C49A964D61E95C59F
+viva.			86400	IN	DS	12386 8 2 CFAE0771825B368BEB345F67A1A08A64415AF41076486890EB62C79A32113F71
+viva.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ph53kYFDOg6V0cBroYJkKUghI28yT6FQ7Rx7/8mRQbfh9iyv6K4TP2EbOseQV8KSOq+kbjIEOfn/8zqKw72UDJK7xtd51Cr+7MovJH3kbw0lDwv3UVvlZdgHUl2x8dyLHgrcyjjXChg053pPcrp9yeho0afDygwo4Ex3rGNczbyy3ElLndDl/vriQE7hmXtUsTYlbbJsWMrFKQKdnify+GrFdvx/tSiMuvFkBPINQkq91F+QshMD5GqUAzTZy9ZeYU7fcGJIMZWxUsBb+26EtYviGO5NWX78DvESpj+ZBOiGcQTPo87DxqpGfqjoKKWGvPTFaYuyoJD3Io78qCeKfQ==
+viva.			86400	IN	NSEC	vivo. NS DS RRSIG NSEC
+viva.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oTAJglOf99OTdp1WjzxSuUSJVnnPGVDXEWlwcFA3DfEeUawdqLCI6yGW9h9ylB6nx1W3CUJ0TLJm/L9b37hahjP2fY5rY7lvOHedp81FHcXvM6Ov/vWTj74Qgz9zFkoIdw1RYyh4goqMtxyv3KZ6skTelpvTPwveZoZG5YIEvaztGNoqPmHPGH4zXey50ipcYJT9cVlFONmLoZIqo8hGZNFM/tKy8JkTB2nsz9qR/apThQI4K6Pe3yvWbcWBtaP8ZXnKfagJBAMCIwTmH9NVdjCDLPXfID7fi497/davtZ8PxAsVyZcgxZQzlr7FSteaau4/F1gf+CmkuXR2I9rjfQ==
+a.nic.viva.		172800	IN	A	194.169.218.28
+a.nic.viva.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:28
+b.nic.viva.		172800	IN	A	185.24.64.28
+b.nic.viva.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:28
+c.nic.viva.		172800	IN	A	212.18.248.28
+c.nic.viva.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:28
+d.nic.viva.		172800	IN	A	212.18.249.28
+d.nic.viva.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:28
+vivo.			172800	IN	NS	a.nic.vivo.
+vivo.			172800	IN	NS	b.nic.vivo.
+vivo.			172800	IN	NS	c.nic.vivo.
+vivo.			172800	IN	NS	ns1.dns.nic.vivo.
+vivo.			172800	IN	NS	ns2.dns.nic.vivo.
+vivo.			172800	IN	NS	ns3.dns.nic.vivo.
+vivo.			86400	IN	DS	25072 8 2 D450EBD4DCF5F47B529804DD9DFCA7D2AF45D3C6B0E4F72E0393F0512196D5F1
+vivo.			86400	IN	DS	37450 8 2 94B4E1A1583215ADB71AAC0E4AEC100854CAA49827165AC3AD6C3627FCAA7DDA
+vivo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Y4XdB6KmSKFU7ZrH6Ic6VqsLHKFP8EuDqi8C1prBw6IJR7ekfdehqle/jjMUMSIoYcVQe6d+JAKxXxv0vrrQ6bSagjgSHhmFFrGgR9ivV3G1C6Oi5G110JyofMp/5WxQDadquLIT3s3MHp2YS3K6z+0O3egr2AqHqmaJWtKBBj5Np9fGKrIccRitipPR3wIUakxmAvP0KcWGCj+5PlEp/HMyermwTyrcESMCgNN0S93pHc7PSLWgAwt72f730icF1+aV23Sry5NmhF3j2UN52LGSFT4uJUMF3wDbZ8dwvqRzh/54PaqaEEA7LlcinzS33O2HwxEmBhiV72GEZ4hRKA==
+vivo.			86400	IN	NSEC	vlaanderen. NS DS RRSIG NSEC
+vivo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YmKLdiJDhKG7+sgo2Ws8fK8eYKbG0Q7qm/CcAI/p59qG4+2hS3GBVPsEL57/TvmNZro7pvCsGDRSg5+LuIQsMlmCyV1McH3GeOMkEh0p5bdjVNJ4qwrshVOJFLLnivL8Ee6yXynMjha8JF08LGYnZIDPrWe8b0IOqNSqjCUv4PCkna6Re1bnsdcsV8NfwO64Wu1x7d43jFYGRSFJGaj/TX4uH+IwtDwHw3chrs+UcIzsASFSy2HHuF7VVfC0w0BPo+sm1EDJpkMj5pZ1BHJI6HDo/OaplgEFJT88RitSz2aUHYywEUNNafCGp04037yjM0V3RoQQzb2xQ+1a5EFkkw==
+a.nic.vivo.		172800	IN	A	37.209.192.9
+a.nic.vivo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.vivo.		172800	IN	A	37.209.194.9
+b.nic.vivo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.vivo.		172800	IN	A	37.209.196.9
+c.nic.vivo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.vivo.	172800	IN	A	156.154.169.57
+ns1.dns.nic.vivo.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:39
+ns2.dns.nic.vivo.	172800	IN	A	156.154.170.57
+ns2.dns.nic.vivo.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:39
+ns3.dns.nic.vivo.	172800	IN	A	156.154.171.57
+ns3.dns.nic.vivo.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:39
+vlaanderen.		172800	IN	NS	a.nsset.vlaanderen.
+vlaanderen.		172800	IN	NS	b.nsset.vlaanderen.
+vlaanderen.		172800	IN	NS	c.nsset.vlaanderen.
+vlaanderen.		172800	IN	NS	d.nsset.vlaanderen.
+vlaanderen.		172800	IN	NS	y.nsset.vlaanderen.
+vlaanderen.		172800	IN	NS	z.nsset.vlaanderen.
+vlaanderen.		86400	IN	DS	9286 8 2 F04E1190A18D3E63B8FD5261768EF06F8FA5F27F80F39C54AA81753B203E05E7
+vlaanderen.		86400	IN	DS	54397 8 2 2D655A3F1A0C26AD210018757FFBB754B2C4B167673283DDC1496C614AE7A9F5
+vlaanderen.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sk+Rqgx0tJiAjD1gozfUiHPTZknFuN1IEqcTxIsoyUaJr/NORXHjA8f9QWEPmGPRzz77Ci6NrvhIU2JhBU78ni2hTO5ZOf6C1ot+GrKGQfAJcUiG5kLJgi59s4R8GFkmGCtKgWO7SV7W+NHLhW0sT8MUF5jY6uvG2B7JR0rOFqEG6ka7T+lwhfVyDpJAiJjxHZEbbYWoelPAn/eM0YJM7IpYW95aN9/p2M87znAuIXsLGVfQEGqVvha/zJ4sRR7SxdzTE+UuZqQSoW3Ez40MmT3+f+Keu9T/rpRpjkGeEEQOwmQZOliW8D7zkjNXG33CsYZyATwQ+hb6qXrS2KGXeA==
+vlaanderen.		86400	IN	NSEC	vn. NS DS RRSIG NSEC
+vlaanderen.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XoaGAPjDn6mPa0c+vJvulUWnHjx1Jgx5p9AYx0XYZzFTtdLlB8Cwy7URqpP25LcOgQ62DH+MF8E9+C/RylDtdAAaQOtzOsBlAHJN5pLOP4Je1C88OwXiyhHBJt8404FfmF4GuckITbuWXjHunKZLXq11KIRysVOwIaVNBeqDFTV0AKxh82rX1WLX0d/CSe5NCmc1B0TNx1WtjyALZ+bQn5oaSnohblfz/xZF9UrGOCIzhYs47j1bxPqRi2/7hLWGv13563KuGETxW+D4uEk7SNHwnJoYf3KdbKVhOzo1rzV4KNX39S6RpumjCap5GBx+mG6+mDbO9ZXDJ3ATo01EMQ==
+a.nsset.vlaanderen.	172800	IN	A	194.0.6.1
+a.nsset.vlaanderen.	172800	IN	AAAA	2001:678:9:0:0:0:0:1
+b.nsset.vlaanderen.	172800	IN	A	194.0.37.1
+b.nsset.vlaanderen.	172800	IN	AAAA	2001:678:64:0:0:0:0:1
+c.nsset.vlaanderen.	172800	IN	A	194.0.43.1
+c.nsset.vlaanderen.	172800	IN	AAAA	2001:678:68:0:0:0:0:1
+d.nsset.vlaanderen.	172800	IN	A	194.0.44.1
+d.nsset.vlaanderen.	172800	IN	AAAA	2001:678:6c:0:0:0:0:1
+y.nsset.vlaanderen.	172800	IN	A	120.29.253.8
+y.nsset.vlaanderen.	172800	IN	AAAA	2001:dcd:7:0:0:0:0:8
+z.nsset.vlaanderen.	172800	IN	A	194.0.25.19
+z.nsset.vlaanderen.	172800	IN	AAAA	2001:678:20:0:0:0:0:19
+vn.			172800	IN	NS	a.dns-servers.vn.
+vn.			172800	IN	NS	b.dns-servers.vn.
+vn.			172800	IN	NS	c.dns-servers.vn.
+vn.			172800	IN	NS	d.dns-servers.vn.
+vn.			172800	IN	NS	e.dns-servers.vn.
+vn.			172800	IN	NS	f.dns-servers.vn.
+vn.			172800	IN	NS	g.dns-servers.vn.
+vn.			172800	IN	NS	h.dns-servers.vn.
+vn.			86400	IN	DS	16196 8 2 CB68C5384104B31E1D9CBC1C45F861A92CDA9D8121AFE76F9A8978527983FD99
+vn.			86400	IN	DS	16196 8 4 276643F5EF43A0610277C06CC5261056728450B1584B34F6D19F4C5BD9DD1DEFF2D5D3CB805B86718B1E0778682AFE91
+vn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Q0rKejLTCJKvAlRIl/UCZ5Mrc3LDJVEhD3bAvJOXEXhfVVIpPkieHZXihMLW1jc+tWhW/L8QgYQ5eiX0wi9rvrMZG1SeIvs6hWjrb8U+cFVK1w+hpOZ5qdF43A0CbcnXKPFohUaYQum0wcB4XtOi73E6wNROe2uzVcJcwdZNd1RZANmAbRJsnKnb4REhaZmhSwlIWRwLc58EUlfk3lWqKH5ssLY9Cv5sptlirtE319/gjwf2Pk5C8UD/mCexWWqklCre36TDgCdpnprSHAyR+9lqgzIPNuQ/UHutKwiXOnloKnVAFJx3doJ7uS9mSJc+Sr7bvZE6EzzZSwLaRSAbIQ==
+vn.			86400	IN	NSEC	vodka. NS DS RRSIG NSEC
+vn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pGlWTqWZXwc4qycFeDkNgDOShX6MWbP/xGdlSYVKzETAKc5d9jzK8cuj7fHUNhKPITJmL66N250VW9Gjgi7/CZkDj2DrPypO9iivhfvJ5xuNl3uL9u7W+0EGbSko4u2g0tT/P8UzcLTI89bVCpb0aiRpose1E+GV55kOIYH20gyQIPewVLS6PKkW4v4miCyjjJbNEKB6qmG7pPfrKl60m+HN10TY5avBJ3NouL0ez8EeACmgnsrhsLMxfMHRp6JQMbbmDYb+JHQmwFzUsYUN7ccdNeGpyrDrmW9ykihM9myz/CdDBAhk8RO2z753r2evqwpc0UEBYaRJb+OzTMm2vw==
+a.dns-servers.vn.	172800	IN	A	194.0.1.18
+a.dns-servers.vn.	172800	IN	AAAA	2001:678:4:0:0:0:0:12
+b.dns-servers.vn.	172800	IN	A	203.119.73.105
+b.dns-servers.vn.	172800	IN	AAAA	2001:dc8:1:2:0:0:0:105
+c.dns-servers.vn.	172800	IN	A	203.119.38.105
+c.dns-servers.vn.	172800	IN	AAAA	2001:dc8:c000:7:0:0:0:105
+d.dns-servers.vn.	172800	IN	A	203.119.44.105
+d.dns-servers.vn.	172800	IN	AAAA	2001:dc8:8000:2:0:0:0:105
+e.dns-servers.vn.	172800	IN	A	203.119.60.105
+e.dns-servers.vn.	172800	IN	AAAA	2001:dc8:1000:2:0:0:0:105
+f.dns-servers.vn.	172800	IN	A	203.119.68.105
+f.dns-servers.vn.	172800	IN	AAAA	2001:dc8:d000:2:0:0:0:105
+g.dns-servers.vn.	172800	IN	A	204.61.216.115
+g.dns-servers.vn.	172800	IN	AAAA	2001:500:14:6115:ad:0:0:1
+h.dns-servers.vn.	172800	IN	A	202.47.142.105
+h.dns-servers.vn.	172800	IN	AAAA	2001:dc8:6000:0:0:0:0:105
+vodka.			172800	IN	NS	a.nic.vodka.
+vodka.			172800	IN	NS	b.nic.vodka.
+vodka.			172800	IN	NS	c.nic.vodka.
+vodka.			172800	IN	NS	x.nic.vodka.
+vodka.			172800	IN	NS	y.nic.vodka.
+vodka.			172800	IN	NS	z.nic.vodka.
+vodka.			86400	IN	DS	9085 8 2 4A2F917B298B97A57BF484931C74134A82B3EF0CE16DA123093C509EB9EA153E
+vodka.			86400	IN	DS	62887 8 2 7286A1B64C79D57E7D499442EDC470AA0685280D2DC642AF97615E215154A50B
+vodka.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xj9NPmAo/2AhAFbQ9oMh3NZBs2twtcHT6vcCdMOfjvcz0Sl0j9g6hit3ZACZ6fmc3Nk8Qrbkiq7Pgg9KvHJt+Z1SQxbzHdsr/339b7VFLvYlPx5radJeZm7njssuJ2UIc5EqnW7eWdwZUtPsVesAHDY2k+VD7ZYwVXvXUscxb2baaBsFODnLhMJJ/EChLOEwJx3XdLCSteqIuyOm/xqfQPUjxjm4ZKNL9+ci6XGrEeKfEuXHe/SZg9N2QPtoh1pWtFHt9674Nfjr7n0RzmHuDrJO0GUGRZTzHtT0PkNnRDaRfkh8RMKhJS+HMw9HONLXSC7vXnGeI8ODLagIgndszA==
+vodka.			86400	IN	NSEC	volkswagen. NS DS RRSIG NSEC
+vodka.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Wtn7eNsY3SuT43Pdr0kJERSh4PVx58z7k8RD8eJeBqYJ/xMdqeMe6wdTryAf52f4C2AZlsvBqR0EKjhc4jUjex8vfsrB2CxrHv2uaC1yH/vReQH9EHu8mq7ZjmtTvxrW/PEoDxvs8UdRlUdbBI8RIwW4+cimOzsqBycRvnfY8nSY+NNATbTMVLqmzVw327A3YlggHDiPTFEbivsHRl12iKJGrThxZS+6HzQc2GIvMOR64GmcmI18G7/AL4DDiQT+TNXlg70TXcRhc3rzCszWMIBT5OEFJm4ce2NSZSz5Gb0TZdP8ClBfC1QWr5zlOMaPwHxGJNKNY5qgnUVwqsekKw==
+a.nic.vodka.		172800	IN	A	37.209.192.10
+a.nic.vodka.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.vodka.		172800	IN	A	37.209.194.10
+b.nic.vodka.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.vodka.		172800	IN	A	37.209.196.10
+c.nic.vodka.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.vodka.		172800	IN	A	156.154.172.82
+x.nic.vodka.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.vodka.		172800	IN	A	156.154.173.82
+y.nic.vodka.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.vodka.		172800	IN	A	156.154.174.82
+z.nic.vodka.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+volkswagen.		172800	IN	NS	a0.nic.volkswagen.
+volkswagen.		172800	IN	NS	a2.nic.volkswagen.
+volkswagen.		172800	IN	NS	b0.nic.volkswagen.
+volkswagen.		172800	IN	NS	c0.nic.volkswagen.
+volkswagen.		86400	IN	DS	52507 8 2 10DC75D4A1277934C86BD53C004EC0109396F5CDCA83C2B25C09CBDFE59FF6E5
+volkswagen.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BGEG9S4aQ51czNcUijKUx5mQgMfhBc74PsospgqUHgkFfwjzeBVA/8ieaQWcawKXfXa5LE2ScLM8miMUT8BMxiL47nZcsYCpQRFzHsXrmJ4CexxfLj7paFwKYl3cXE2k9GrXplhXTSEo4KElUfLo+NPfwxfyk8724tgcF8b86ykWlKVmnW5PnDQXTKJB54rE6MGec8clJuWijzNo8Theg6XiVtE+Di5dSEpuAiAyrfuSSseYpOUxV6bOmUjU8Mu4+l701x4fWex43nvs1lnI9TbUYRrFFG7McYrdEwCy4G6Gt/jUgUBbiPUOmoDLK4BHLs36ddJiRp99fqMio02FPw==
+volkswagen.		86400	IN	NSEC	volvo. NS DS RRSIG NSEC
+volkswagen.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xC2O5fCaT9dBB4BmNK9XNlfHR2jsd9OtO6IHPD2dSTG97pu8yPwGc53ZhJiut9vvk4TlhU7XGE4ysNFXHI0JC3/U8SiiX89rJz2EdvctMk+UJS4KnuepQfG+Dk/EhQzngfTm+k09aJnYqtXo9HbdHxTr5HvDaZmfC/e5nPaP96TgTXxuwYjwxU1UGYJjGrKDoMg0YA/9Un4oOw0V/xngcipb6AS7mcWHVDb3XRkRlo+sLzuG9VxUlzmZUPyY2oyemkNp1YaxojBnOkUuVDdrheiwj4AZ6OCf9QEANTQH/omPNrngWC6oBbohx8Gw6WTVg8kGm2jNuk3xVPnpchfckg==
+a0.nic.volkswagen.	172800	IN	A	65.22.208.25
+a0.nic.volkswagen.	172800	IN	AAAA	2a01:8840:ca:0:0:0:0:25
+a2.nic.volkswagen.	172800	IN	A	65.22.211.25
+a2.nic.volkswagen.	172800	IN	AAAA	2a01:8840:cd:0:0:0:0:25
+b0.nic.volkswagen.	172800	IN	A	65.22.209.25
+b0.nic.volkswagen.	172800	IN	AAAA	2a01:8840:cb:0:0:0:0:25
+c0.nic.volkswagen.	172800	IN	A	65.22.210.25
+c0.nic.volkswagen.	172800	IN	AAAA	2a01:8840:cc:0:0:0:0:25
+volvo.			172800	IN	NS	a0.nic.volvo.
+volvo.			172800	IN	NS	a2.nic.volvo.
+volvo.			172800	IN	NS	b0.nic.volvo.
+volvo.			172800	IN	NS	c0.nic.volvo.
+volvo.			86400	IN	DS	3397 8 2 0BB2AD4280D93D2C86CDD0DC7CF335C35B50FEE80E6E07C25A061C76A506A006
+volvo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mfu9MhFy6KMGAgVjArQ+452CuVPM6znprttljtgE8iWztu3M38vI/MCwgOJhrfygaQgwog0H6UrmhUsMc5moFWYFCdmd39cmcGd8VZ7HzvT2ei5EhqL4rErtLf89FVSeV6gqobtZrYRzgDsB5dmUm5vTWpcxpQFohb968sYAzt1Pob5P4Qi1K6RQaLmBDIrNRZf9gnbRECURF7HTFVpDfHIDrQbTJsIskHEnGBhzsOmQRjOCx7tukWcCqaxbHHy0Ty7LMlqxM5J+MKTNSsKUJQ63j85xYFokrY71KSo5aMV/DOa3v2hiU5UYLhn50Zj4Y9SIpelGdqckMEaVmFkJXg==
+volvo.			86400	IN	NSEC	vote. NS DS RRSIG NSEC
+volvo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J+PCfSRbXjoZWuhoPq9tL6a/4Flc+No9xSLtSi61mnQEkgChccgQLSSlfQp+Tpofct3kfM7/4sbofsqytjKVGZltJ0dqRLXcisYC0H9Lewk6WW+39rwe0DGRBrERqPXIChS0BFwOPRSS4qYLtzjKxM0ycTJi0lwesmcPoAu/B6ED4CuZ2l8TpxLro2KNCtiyLFQ0aQlDe/cUbprBCb7feiRfCC1QeqZMCJPtWVyQ1fIQDUtCdZXoKIE4Y1DjqbF2cGzBE53DWVyAw+VBy1hw1UJiFdly3HEJJg3lP3ptxD34jrc1uVy15hyXuHEOlOeOtroPnTzSsul/meuPF6besQ==
+a0.nic.volvo.		172800	IN	A	65.22.112.73
+a0.nic.volvo.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:73
+a2.nic.volvo.		172800	IN	A	65.22.115.73
+a2.nic.volvo.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:73
+b0.nic.volvo.		172800	IN	A	65.22.113.73
+b0.nic.volvo.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:73
+c0.nic.volvo.		172800	IN	A	65.22.114.73
+c0.nic.volvo.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:73
+vote.			172800	IN	NS	a0.nic.vote.
+vote.			172800	IN	NS	a2.nic.vote.
+vote.			172800	IN	NS	b0.nic.vote.
+vote.			172800	IN	NS	c0.nic.vote.
+vote.			86400	IN	DS	62749 8 2 101D2AE9C31FBE10078E74D477010AA5C8966D814421123A893B8B0E7B46891A
+vote.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . S1wyMuqrj520qTX6TJPlAu9oAQ2L0RGzAuttJEC5TcpTkZ9r1vhqeDRFxmpZh2VghblwAimxcuo8k4gZbnJUkPOPsgpAQR16QP187U+q0bRHu52C559yy2wK0Ke4zpW7HYNIctbDoBRBpkGy6fQHVCK515lxu7qqnv2dRa0P2vF4p5lpIZDLmRzJJhyaJtj/vWH1nFbivI8B7JT7GysJh6X/8VJ6jP6C4VtS8Sh0j/mmNwOIZbWF65koNavlEuc5UDWinkE79ZyvJ8b1VX7PGkY/76ORpGpdZkGy8oYXAybnBtXADaO+lE73I/X7SpmV6x7gHFhBvaYgzWD3NtQUwg==
+vote.			86400	IN	NSEC	voting. NS DS RRSIG NSEC
+vote.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WjdjJMPqHwArzTJs0CxKFoU+ZKuS4JX+tnSdnftGD6rA9BqAwaTJmvmXpkQGjlVH4hZtNbwCzepZfqakyLNiPocIioLdZlz9bkJyLznbh5e6wfqVziIgTFk6XWkk4uGApmPzPntJAdF/+zaiQQvl9Ibvm9Bh5CGR+hykKSnwNLQ/bM/YAq8PAV+jVV3hgU/OMiojBhd3KBvZa+i3HeSa/jayFwldj1xZPXLqlrZISIxexl6DEdSsBgVoizsu62ITm6sazju7q23nOuAnJnQN0nCU4uVckmIHbH2Wsk++RzvIaY34P79o/XJ9wDQVEcNcLgPlx+T55YfPVX8YBntNmg==
+a0.nic.vote.		172800	IN	A	65.22.168.9
+a0.nic.vote.		172800	IN	AAAA	2a01:8840:a2:0:0:0:0:9
+a2.nic.vote.		172800	IN	A	65.22.171.9
+a2.nic.vote.		172800	IN	AAAA	2a01:8840:a5:0:0:0:0:9
+b0.nic.vote.		172800	IN	A	65.22.169.9
+b0.nic.vote.		172800	IN	AAAA	2a01:8840:a3:0:0:0:0:9
+c0.nic.vote.		172800	IN	A	65.22.170.9
+c0.nic.vote.		172800	IN	AAAA	2a01:8840:a4:0:0:0:0:9
+voting.			172800	IN	NS	a.nic.voting.
+voting.			172800	IN	NS	b.nic.voting.
+voting.			172800	IN	NS	c.nic.voting.
+voting.			172800	IN	NS	x.nic.voting.
+voting.			172800	IN	NS	y.nic.voting.
+voting.			172800	IN	NS	z.nic.voting.
+voting.			86400	IN	DS	9277 8 2 721CD786AA7F964EF0B943A67BEAA4333756F65771475F91678C536616E2037F
+voting.			86400	IN	DS	20254 8 2 8C2FEA117F4531A3DBD045F935E0E412A8BC7546104BC003D5FC4357AA9AEBA4
+voting.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rENWb+3SdXrjk07Vo1/CRmJ1akG5uD4oyWqw7Pkp3yJfIOQfCD9mpPh2wLCOk8n7EDYXPZsWBhJRb3qWyWwbCFUBxU2+4l40G3STbJP+VTutpGAUXucZzxr7BkOWixAwZqsKcX83g7zWv2ypXHK5ORRlIcqsuOJC99EDIPOgoFNrv8BuEbl9pUL0ekQhFZLglxVxg//+ME9HkfxmDhQDtOXY+9yo4/qioEcJSy9s2v2sFVUz+vkgkXA9JgBxxgmTViEPX4yiS/ReukZysnvWSlHuULJxb+3y92ijOzxsurCVnfIqbKaD/pfQMDJKaLwEWIydmHuwsfgKd5Qq4UFxYw==
+voting.			86400	IN	NSEC	voto. NS DS RRSIG NSEC
+voting.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d8HqgeRiImX0zPtMzDy67kut7h4+dLWetslg20vA9g//8GbW0BizfxihL2TWSZJW9qMw2488ouA19MSbXKCo2LtJ9rEWUlAeuoUqphn/8LXB0OmX2O4ecU79bPK5pPwx2MissdxNjxo0bdpCDDgetURotjY9tQLBtY1sCZ7oKq6rCU5BHnA6pTa1JyJf/xnv8PSbh89ojF7Q5Ahl064UVrBtgZ4i8ohrR1TKMwRLu4G5gX0OhfAVZaxTu8t63+mh8wzzWYWP5p/9wWobQrTFPWz/muBbL19eOBB4hNHhD2p6wOmDpGk9eHudO3uZYlXJYS+oHtTXliixETSg+nafbg==
+a.nic.voting.		172800	IN	A	37.209.192.10
+a.nic.voting.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.voting.		172800	IN	A	37.209.194.10
+b.nic.voting.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.voting.		172800	IN	A	37.209.196.10
+c.nic.voting.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.voting.		172800	IN	A	156.154.172.82
+x.nic.voting.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.voting.		172800	IN	A	156.154.173.82
+y.nic.voting.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.voting.		172800	IN	A	156.154.174.82
+z.nic.voting.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+voto.			172800	IN	NS	a0.nic.voto.
+voto.			172800	IN	NS	a2.nic.voto.
+voto.			172800	IN	NS	b0.nic.voto.
+voto.			172800	IN	NS	c0.nic.voto.
+voto.			86400	IN	DS	26875 8 2 847371B1A0A21AE134A0E0C15B0E505BB4C88A26ED401DAFF4F4E8794C5B31A1
+voto.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zESjSs0nIRjnVxGsXM80/+B54rzVhcIztVm91DH/xCukwwKkSm2u2BtOosnV6TBsaHrpBc9spJRVD+DzIBinPDsTMsSlUrwABHVk6xA1c9Y4bh1+rGgPzuUKS3fM8g1gY/2B0TIocri3yU6aXGgTvelFLpnssENb0uZN9/cDGYxsc6Tv6WbMVqbjwMXV1x/zq4RUetW60lPiIL2NQXcMvCRSixgqnDuM8hTbBhuCsvGR3hcq0+w/cBPiARKCTvwd9JJjFo8Coc5o2jvC2IDa0scE+GoDSuiFMHf0sh0SknxbEPmoFU+6fpSg0ctoubOvLFk3q7ULqfQIDS1f/meDDw==
+voto.			86400	IN	NSEC	voyage. NS DS RRSIG NSEC
+voto.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z3ogOZ5jRi9EiYuVqO7UrTiCd6xYhkvrAPRa0MiuVDwNucVR167EQTj5gW6Hx58ttjQlji+uKOeOP8oHPb0tI7x3f9QLgxoDMXB+oklpWdQr+Zg7hl52sMhYafRN2pF4sURx9i872b7vRO2jXJ6oa3iTOAf92+7qAjJSq8KTHpKa2+R72sWBeWA7132Ny90EMhVrCPgALGl5AA+9cykk62i08qrbPwFfHivU93R3U7BBeJNozgyLpTAGLg6NmZacV9VQ7rLi0r0Araeieh+7TnL5oP/wLEkmj2NkwnuMRwux0OJ2IAxf266Qjez93qZaIcKzW1RGreULksyV9wKrtQ==
+a0.nic.voto.		172800	IN	A	65.22.168.1
+a0.nic.voto.		172800	IN	AAAA	2a01:8840:a2:0:0:0:0:1
+a2.nic.voto.		172800	IN	A	65.22.171.1
+a2.nic.voto.		172800	IN	AAAA	2a01:8840:a5:0:0:0:0:1
+b0.nic.voto.		172800	IN	A	65.22.169.1
+b0.nic.voto.		172800	IN	AAAA	2a01:8840:a3:0:0:0:0:1
+c0.nic.voto.		172800	IN	A	65.22.170.1
+c0.nic.voto.		172800	IN	AAAA	2a01:8840:a4:0:0:0:0:1
+voyage.			172800	IN	NS	v0n0.nic.voyage.
+voyage.			172800	IN	NS	v0n1.nic.voyage.
+voyage.			172800	IN	NS	v0n2.nic.voyage.
+voyage.			172800	IN	NS	v0n3.nic.voyage.
+voyage.			172800	IN	NS	v2n0.nic.voyage.
+voyage.			172800	IN	NS	v2n1.nic.voyage.
+voyage.			86400	IN	DS	25570 8 2 E17EA6FE786D37D2884B4EB52AE275EC41C4265AA252E2469396FF49878170C5
+voyage.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hoNfdGrq9lfojMqToanf9HC7yH/67ErkmfweIeXUcZ7pwkESVhlEXs9NhJLWoqCvB9lmb5YkgvLaPDdQRD6UjcRZujI5YFuZLpl8aM2FIFaLqv40cIW6NmI/Nx64k8RbjBUzRYM5+loTKTDFB9pwmFlhEgKObZrHNuIO1QMzwk7bYNP8vYvcPJLRkn97zuoMwWJNj6fA5oPFKnf8BHVL/fhSE4tCyM1sLHuXauZ4nwgSXLI/jBzy//GFgBZkWwRBcZyrqsfMm+A5swbsDTt4/Vrpc+EXvNzLOysTcptgFBG9hSfwN6Wlv7sj//KjKATf+lZjuK7XF92brQMczFqMBQ==
+voyage.			86400	IN	NSEC	vu. NS DS RRSIG NSEC
+voyage.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . v/xEP/8yDpacaltwnoKjeYWHX4J8Sud6Ms8kl83D8QLuoluR1fjvD4EwWxRJ7tkpbOwnKXvyPPcWNga6HJ/rJOBhyNqUtrJyqSi3MBx4WKphTf+umSPhPYtMIm+WHhFVrishy7G8bSCxFlwvgR9+tameXt2CiJnUQVdVgW0F69hBDW2UWHXVeLmNMxmvusEawFK7vccABsWXSw9rxb7VfhtGsDTYCAOcXrJhNu8wkjcmJ7/q/ygf0VjqPPyh0St+6vh/FBZ9Af8JrQVGLr1mkqod/tJakeOncBmh5wIr5JxbbWgPwAg+SUVXskYjVlDxOFfoL19sQh1nkpVzhT5BOw==
+v0n0.nic.voyage.	172800	IN	A	65.22.32.28
+v0n0.nic.voyage.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:28
+v0n1.nic.voyage.	172800	IN	A	65.22.33.28
+v0n1.nic.voyage.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:28
+v0n2.nic.voyage.	172800	IN	A	65.22.34.28
+v0n2.nic.voyage.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:28
+v0n3.nic.voyage.	172800	IN	A	161.232.16.28
+v0n3.nic.voyage.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:28
+v2n0.nic.voyage.	172800	IN	A	65.22.35.28
+v2n0.nic.voyage.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:28
+v2n1.nic.voyage.	172800	IN	A	161.232.17.28
+v2n1.nic.voyage.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:28
+vu.			172800	IN	NS	ns1.tldns.vu.
+vu.			172800	IN	NS	ns2.tldns.vu.
+vu.			172800	IN	NS	ns3.tldns.vu.
+vu.			172800	IN	NS	ns4.tldns.vu.
+vu.			86400	IN	DS	32778 10 2 E9A2E16E09E41F325DEB3B58A721D9980D0942E19E7C41B44FD4B2BFD8611E08
+vu.			86400	IN	DS	50412 10 2 49257111E03AD5F8C450F8330F101B87B84F82251FA54CE67C832B7EEFA45232
+vu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ttQICJ/8YQxhBsWnEC1z3zYLyq41JnCJuAmk+8BtdhsLTrVykf9Av7QHHzau000SvVjygoVsG8h8YkYH8ygwU4pwFSGzAFgIVpd7xVMVvYqJowMqXTGPov2kROQuAcnaLY6PvT8v5ipdMyCRzeWHusISNW4IS93CNSzU5itchShmm+TENBf0AbPYQq2Lyz9OjBKo5K8+Gs7XHkX45JWoa9Xp2rF/n5g01Y/vd2hKSdTQY+2+wHHvvUIZrPCYqhCAQTrGmphYrpKq2MFLCrELL2FiTiWkYVA+H2Lvbq95P2VtL+mCXEKMSnqHZZVv0YzkJRhMD1ADDwS/itZFhNULWw==
+vu.			86400	IN	NSEC	wales. NS DS RRSIG NSEC
+vu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bImgw5s54+eLkEMLkzS6dMY0ac3zDco2hYw4qcSMXypF2KQw//EF80sv8K8RfOwuBmoOLxC2a+gx0lWfswjwQiPdfD1F06P11obXNxMkk0CyDTW9zvzRvsHY7BRT4Q9C8Ksupg3/Rz7yjd2vg1ZkYg+OgIhG33DLPjM+G68bxmNpBpZbdPUmQaX+EhtOg5riXu97qFj6uFFxeb7Nwu3Fkud+WxJ7L2OGXcjl6dPxHhMn8hGuXM5bSMmPWSJsZEn3TEn1Wo0hOKR9HmqEWGJBMnDhKTxdvWdQsICNv2dbCVUGVKIbhRRcQbQXwuoh9xgMMKEZiMWcAeoFHxM505ZUiQ==
+ns1.tldns.vu.		172800	IN	A	37.209.192.6
+ns1.tldns.vu.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:6
+ns2.tldns.vu.		172800	IN	A	37.209.194.6
+ns2.tldns.vu.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:6
+ns3.tldns.vu.		172800	IN	A	37.209.196.6
+ns3.tldns.vu.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:6
+ns4.tldns.vu.		172800	IN	A	37.209.198.6
+ns4.tldns.vu.		172800	IN	AAAA	2001:dcd:4:0:0:0:0:6
+wales.			172800	IN	NS	dns1.nic.wales.
+wales.			172800	IN	NS	dns2.nic.wales.
+wales.			172800	IN	NS	dns3.nic.wales.
+wales.			172800	IN	NS	dns4.nic.wales.
+wales.			172800	IN	NS	dnsa.nic.wales.
+wales.			172800	IN	NS	dnsb.nic.wales.
+wales.			172800	IN	NS	dnsc.nic.wales.
+wales.			172800	IN	NS	dnsd.nic.wales.
+wales.			86400	IN	DS	64480 8 2 5A296B3D4CDAAF2BB3B243EC31F31B283782BD5A930F84741AA3DD3CCDED6A6C
+wales.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u99kD9/TJjsPt05J1uJhqE5oetc7au4KmWep236H3odz96nKB3S5SbPfovsD/8gIP03Pj0KaZnbwowcEr8TY18DX60c2PX0/vdLXHKFKmBenCIrUvaIRLtfj/0cfYcqogiszmzgy8ks06/N4V7N/phj36KZI7Ov63/dpsS9+GNAcP3gPVw/1SacMf8Wj0iXLxjdmt/s9Y1tNgIp3sKbQXkFQjHNWX6et37h+9/p/XEMMFTlJ0MZ3YbHn7Xq4ZmeCTAQfDYr/8dK/K3zlfUKKiFg2ifkLVBNJWNjx1mb7orhXwHH0shgHFgN6Cu5uX5CZKmaRHPnBGKYwGf9wLfUYtA==
+wales.			86400	IN	NSEC	walmart. NS DS RRSIG NSEC
+wales.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QB1G2Czv3ey03j6VfRABBsOIwk1j+X7om5fX5E40YZJ3szBTsGf11EyYMIpY5gAneawOXkPu9zN7Zx8CpzWaQHiuKsW9hhjUrqSN4Ylop3zeDqvNauNIyRCO/6Guxp+/uO09+FvlWYX4LdzDwbvBd+70xhWscBg7acXe6e2YWnjmZhQl/VtvXa9N51Yp/5BcQIddVV4QvpH01kgdGjfUL3jV0FvcwjcE0/+CuzyyxiyrUIHz5meKqF0BV4o0PwUdN4LkeUP2IUsKA+FhHYuSk1lRtmebnHXnYnEb+viktl6/PcoAag6FklhFxx7DUpcHKBEI72Q4GfuIX0WKe/F5Aw==
+dns1.nic.wales.		172800	IN	A	213.248.219.2
+dns1.nic.wales.		172800	IN	AAAA	2a01:618:403:0:0:0:0:2
+dns2.nic.wales.		172800	IN	A	103.49.83.2
+dns2.nic.wales.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:2
+dns3.nic.wales.		172800	IN	A	213.248.223.2
+dns3.nic.wales.		172800	IN	AAAA	2a01:618:407:0:0:0:0:2
+dns4.nic.wales.		172800	IN	A	43.230.51.2
+dns4.nic.wales.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:2
+dnsa.nic.wales.		172800	IN	A	156.154.100.3
+dnsa.nic.wales.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.wales.		172800	IN	A	156.154.101.3
+dnsb.nic.wales.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.wales.		172800	IN	A	156.154.102.3
+dnsc.nic.wales.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.wales.		172800	IN	A	156.154.103.3
+dnsd.nic.wales.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+walmart.		172800	IN	NS	a0.nic.walmart.
+walmart.		172800	IN	NS	a2.nic.walmart.
+walmart.		172800	IN	NS	b0.nic.walmart.
+walmart.		172800	IN	NS	c0.nic.walmart.
+walmart.		86400	IN	DS	34531 8 2 E09B4CCFA8A68B1D6A13042FA28A343782D0D1B4BF3E79C6A1415D3B2825B922
+walmart.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EwTkjUgoTGLPGuXZAOEz6UFpfe8aJYDLj0A0v2bpXVWF3qd302I/s6twZo65XkGk6ZE9jtU8YStMHGhhJhObWPpCjTFPmslh+An1lCnukzRvcQzRC7uBsfbGDK84Z00XqNeeyZkNikQoqNU5Ohb+aIfuukxT3CvDLX3j20A5zL+xWy+FrOCF0Gg47tuQzVfUOUrvGbVpXGmKH9pAhg57ifF3jHwquqCmZXe+/3LedG1edYpmo2Z0woyZVX7Ns8Y7TvaenJ6va2m4zRUYjxvHjAROV12Nmzhi+0ZILKe7gT8qtfh41N2bR+pGesVTizeig34AFMUfKaNqgHPsGP6O+g==
+walmart.		86400	IN	NSEC	walter. NS DS RRSIG NSEC
+walmart.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BPpWMUUsTIXNq+ohkeE9AsMpN9tMkWo/i2gMy/4f5TpDtwwuHRrxc6o+biRcTVhm5xbhNeHeyk9k/tb/uCvADqie6mh7i3z5ZYTw7h6ZT74G65TpaZFHvmTpIDZJ5cqy3HqUJu0J0TL2zh5+Qsx0GAN4KY2ZBhykEmaRd0HiRKu95GNZrT4RjJ/kdkMbwVfEfg88AyuL6HrlhBFXJ6+0Giacu/m0knHjnfQy/TuaZS72XBF7rjNXKUBmZFuSElORFFrmBfBwAssdyMLHqygOkBP5Jm8mGUm2FXIrl8T9cJxXnq+FHf/D3Ld8gMWAQ12W9B9wL5WFHEJYKBS6Oi1ong==
+a0.nic.walmart.		172800	IN	A	65.22.112.74
+a0.nic.walmart.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:74
+a2.nic.walmart.		172800	IN	A	65.22.115.74
+a2.nic.walmart.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:74
+b0.nic.walmart.		172800	IN	A	65.22.113.74
+b0.nic.walmart.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:74
+c0.nic.walmart.		172800	IN	A	65.22.114.74
+c0.nic.walmart.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:74
+walter.			172800	IN	NS	a.nic.walter.
+walter.			172800	IN	NS	b.nic.walter.
+walter.			172800	IN	NS	c.nic.walter.
+walter.			172800	IN	NS	x.nic.walter.
+walter.			172800	IN	NS	y.nic.walter.
+walter.			172800	IN	NS	z.nic.walter.
+walter.			86400	IN	DS	11875 8 2 D7E94CBF8078C9B30AC939B8C2E4106C510879B267A0AB93A4CC61CE7B72E193
+walter.			86400	IN	DS	53764 8 2 1CB0D022FC25C7247A551E0A02B46025D83DFD7185CC1F016C93494C471F0E91
+walter.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RPrDlLQBJlg2+/hONIFDkx+FYCb5+Kmg7NYS4HyPv/3LSdvnKWeUqT2DhVEYwLBRY9TbLAfS8S6YTfoJ3yFdCuaEqdoZsLCGHgSB5PUrQGQ+aCwBzGRFaNfH2JiZKB8jFcRc0uGhbraV9pqK8ich51eKj0Uioyi5mKDoDyCg9dz+4k/PElaw7w8nXnUHtDSXpX5r2gE7SbpvSW0W43RELzg61qE8ohTHO+2unr83Fl9iDsUn1ZAqRAqHpsclTyhipRIHkEj3iLSv+5dVfa9rDR4eOBkRBUCyVg6QM8wpqQwFTzsUFKYCTorz5XO7fYjBba0eo2OapaaxwzpmMycRAA==
+walter.			86400	IN	NSEC	wang. NS DS RRSIG NSEC
+walter.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gGIaD8h/9/CasLOMb46hJZhCsd18dbNsGy1Vv6wMDnMHOh2PQQYybDy5fKd+yCFHl+38NjAqIDIsrONMo/PYxUxX6xlOnUZMu6NpFFhqz3D8dJdIj2f1X9cbnlY17a7UaWF58wli7QIQTFWzc8cSzow1MT2P/oB0IcMBg7JX90yh0q5ciEPetOEl6WmLu5chvMd6rxAJI/VqgR7KM/DKwllc8v2KyH/tGnepSr3Vn6pYZHUFjmh5UhsVnrY9lL6Jsti+XAC0oZrnkXYqoKBBfJNSrjlDVGcU96faDkNtmbRmeCGxiygGFlpSQlpqwFfWmEihPt07TjRvQ8w2n7QM8g==
+a.nic.walter.		172800	IN	A	37.209.192.9
+a.nic.walter.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.walter.		172800	IN	A	37.209.194.9
+b.nic.walter.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.walter.		172800	IN	A	37.209.196.9
+c.nic.walter.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.walter.		172800	IN	A	156.154.172.82
+x.nic.walter.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.walter.		172800	IN	A	156.154.173.82
+y.nic.walter.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.walter.		172800	IN	A	156.154.174.82
+z.nic.walter.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+wang.			172800	IN	NS	a.zdnscloud.com.
+wang.			172800	IN	NS	b.zdnscloud.com.
+wang.			172800	IN	NS	c.zdnscloud.com.
+wang.			172800	IN	NS	d.zdnscloud.com.
+wang.			172800	IN	NS	f.zdnscloud.com.
+wang.			172800	IN	NS	g.zdnscloud.com.
+wang.			172800	IN	NS	i.zdnscloud.com.
+wang.			172800	IN	NS	j.zdnscloud.com.
+wang.			86400	IN	DS	20969 8 2 E686EB5367B243E5DFD5C5FAADB23B0A52172B9CF5C72B28836BE2AF9402DADD
+wang.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . J+Ti6Km3CjkHs8lpznC4eb/CoKdaF7m6o9968ImRX42O+6LEdg6fGgfQ+cxGqGEASaOO42BmRlr1tXzQJufQcjJJ0kI+aZsnQd7CfXpt8yhSQ711+rA3hTVRzYjSbEDWWy9FBwKOSUBkIu9Ab3wX6LNipseMGZvXCwRcq/LHT5ll6BLqFEVIBqYJJ972Ld/4Yalwp3j02nRT9BY8ZrOwNdmAwRpdxvUbi0kLYPSBw/DZrviqL8WjHjdOH4pFzJwOlbtUuOTPnzFKfI3lUY8AzyJJm1ysQSaD/8WSDzwKSdym/EHLbFXuzZpgZmdthggKGnalf4DYAKUXYckouqX4NA==
+wang.			86400	IN	NSEC	wanggou. NS DS RRSIG NSEC
+wang.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wpOumR6BgdlOu4objdFsiPcSadn+u6cArbkVhqU91BJLNzmZa9sAfrx2M7XkPFaJt6ieSeVFB/gygIGnIlOeR66UDChbQ16CAcO9OqyJO07AwuA9xmp8X6lf14H5aPS6TCghjfhoPCcCLQ7ZsyabWgMQ0VojkufoD8jIPn2CtgN7aWh8eL00VNeHVbldL8Xou3TRpFPGmyW/Xe2nypcndMIsTtuqT8Jb9zHS766HE2UNgpIKbU3zuyUCDK6AZPYsRADCfuH1GmcB+e43ka1zZ1B0DUobwFaduicF4YoOL+3VM7Ob2Kplo9VA6YWZaFrWt9lqYhi07lvAnhkdrrRVTA==
+wanggou.		172800	IN	NS	dns1.nic.wanggou.
+wanggou.		172800	IN	NS	dns2.nic.wanggou.
+wanggou.		172800	IN	NS	dns3.nic.wanggou.
+wanggou.		172800	IN	NS	dns4.nic.wanggou.
+wanggou.		172800	IN	NS	dnsa.nic.wanggou.
+wanggou.		172800	IN	NS	dnsb.nic.wanggou.
+wanggou.		172800	IN	NS	dnsc.nic.wanggou.
+wanggou.		172800	IN	NS	dnsd.nic.wanggou.
+wanggou.		86400	IN	DS	3407 8 2 AC4CB98B121B9214B4432A123BCE7930F5152BF7A496EEBD7602731AB44615E3
+wanggou.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u0tvnsxpc0DFaoCcVKlAn0MvzDzl6H23S53wFrS+eAlzswmpop+rjlLC3mbRtT6RLdue7P412hyUhJ5aECdJWS2vOX9ZoGu4uyj1aGjaHhIWtTX7WcZIBTNR5Z2MKiVYav1Tu80HojX/lx3uFNDe4Cb/J2d+T4EBYRgQQ1CWTZCm0q5/IqjJWVgs9lJiHQ1wiacOWX4/YGiqqhR/B4ZVN33Ylqz9hVoSOl/dY7jBh5o6Gz8twUncUeZhn0o9AU1bZX92HCi29n6OzA4iK0ugs9naM+CswvEd/brGcdaZuY689TjJB7vMKu2J3cv9V6sxbtXYrYOA9/6xq9U78/yZeg==
+wanggou.		86400	IN	NSEC	watch. NS DS RRSIG NSEC
+wanggou.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gHKDVAcylUo0wpOWfEt1DVIZqZ3GuK+0WETaJnuVjX8BwvcmEpu19Z0HUpFTsOUlUrCT6b3yICYdHz3d4V88IsNXcQ27GvBkts0RuiAhtMqtPW8yK0ocN/MgeBHKu1MMBslkNw8XHWKhomSpeQuq7XQAM9p29o/vbLiKVmY2c24iCXLbbXOtmCLf86aJVr7XpoXinONWEj7ibJyXbiIpy0gKDfWMHcfZ1NLkPGhqjUt9SmsHnubRbUziRb1ZPoTy7013/fiLtbJt+kqriUUm5R+9juk1x0RwxutqsYvw13dQ1yC1oaQiJ3Yy21Dfv3+AhumePdBIlLuvPDGa1LfZlw==
+dns1.nic.wanggou.	172800	IN	A	213.248.218.86
+dns1.nic.wanggou.	172800	IN	AAAA	2a01:618:402:0:0:0:0:86
+dns2.nic.wanggou.	172800	IN	A	103.49.82.86
+dns2.nic.wanggou.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:86
+dns3.nic.wanggou.	172800	IN	A	213.248.222.86
+dns3.nic.wanggou.	172800	IN	AAAA	2a01:618:406:0:0:0:0:86
+dns4.nic.wanggou.	172800	IN	A	43.230.50.86
+dns4.nic.wanggou.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:86
+dnsa.nic.wanggou.	172800	IN	A	156.154.100.3
+dnsa.nic.wanggou.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.wanggou.	172800	IN	A	156.154.101.3
+dnsb.nic.wanggou.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.wanggou.	172800	IN	A	156.154.102.3
+dnsc.nic.wanggou.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.wanggou.	172800	IN	A	156.154.103.3
+dnsd.nic.wanggou.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+watch.			172800	IN	NS	v0n0.nic.watch.
+watch.			172800	IN	NS	v0n1.nic.watch.
+watch.			172800	IN	NS	v0n2.nic.watch.
+watch.			172800	IN	NS	v0n3.nic.watch.
+watch.			172800	IN	NS	v2n0.nic.watch.
+watch.			172800	IN	NS	v2n1.nic.watch.
+watch.			86400	IN	DS	54769 8 2 DF912E3DD3FD5D0961CCD55ABBCFB99E3CADBA09FF443E3F1A7BEBAE400D57AD
+watch.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QmvPmg79HkMiomSi6usiD9XSH1EEUkdCSQpLkABf0BIZH25FbIuhRoao7qPHvzwpz62FivLrJyVmJXWll9pSxQJThvGb9GZQCT7mpTPGBaQDrf4I8ZHbYnwajxIMeva7kRSB5nwj6LPdIlJka6PGCDDvljwxH6orhp9pKIZ72yludOFAf1+QOjg/gIR8zL4QPMD9NlnlMYCqjOVqKKV+w8b0+7cjvPqHy1OUMy0eGGxqunhNfkEN/5jWljyBYMzLZbeLjONvxKhGIZp+r/9uyM3dur4QSHMACeRZ5DuduEG5+bwNhPJmuv8Og7KQtNYREuNGR+5iH6rNexSLZQQHYg==
+watch.			86400	IN	NSEC	watches. NS DS RRSIG NSEC
+watch.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mbZ3lpUCDj5XB5yhbV/711NHoGLBqg+WQmSJGiV44g9ibFAgtc2QrnfJecSySJKS5csZq6V0IgNChnWr7WbDtBHCQonzx92E60WlE/A9kh8p+OMgbsvucozcw2WgQ06bDl/F/sQKLd5kYCo1y/WNetobqSZilopVYB5FADetCwius3AO0gHZd9I4wKCdxCwNopHDsR+RvyKp7tnOdafCTpvlVvDY/c4TTpLjm0brSsJ+bO7G4mPT1gD77J/52QYohC6fNSWWRP6tdwihphMNqzHuPTiWnVbzV13kLFvN/oaMu4Ugp8lCazMPHTeSba65DTRw7vKaLnQ2NAEpReYn0Q==
+v0n0.nic.watch.		172800	IN	A	65.22.32.48
+v0n0.nic.watch.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:48
+v0n1.nic.watch.		172800	IN	A	65.22.33.48
+v0n1.nic.watch.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:48
+v0n2.nic.watch.		172800	IN	A	65.22.34.48
+v0n2.nic.watch.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:48
+v0n3.nic.watch.		172800	IN	A	161.232.16.48
+v0n3.nic.watch.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:48
+v2n0.nic.watch.		172800	IN	A	65.22.35.48
+v2n0.nic.watch.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:48
+v2n1.nic.watch.		172800	IN	A	161.232.17.48
+v2n1.nic.watch.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:48
+watches.		172800	IN	NS	a0.nic.watches.
+watches.		172800	IN	NS	a2.nic.watches.
+watches.		172800	IN	NS	b0.nic.watches.
+watches.		172800	IN	NS	c0.nic.watches.
+watches.		86400	IN	DS	61699 8 2 9110905C79B0C95933EB1F037A0D7A150819F1D1553AD89187A7849039A97EBE
+watches.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CwyyuJ9Y6j/zLWpjXIP7fLzvZoaClB9koluCXTbQDkip+FBCfggg7FnZQUv23Q5nou66R11RgM5F9p2R0vdDwC3M6yy4pS/uoV16F1o5QdxNOhSdo7Es+8EelVT/lOCyJL2SVBg/VThOONK9WYqt3cDkehFnAPnUEcrhaV2g2TIiGH7NWJIdYt7iS4jCEeOa4BwaD6lutql9OLHP0CA9R/qbLUZ4cbXaDiAG13U/H142Ccr8MzmC4Y6TtPyGPMIEdxGYedhN/APkZ93AZIhMKDa8gveUG2yesggGpHSoU7N5sA1sTtiLwvRyPdCAWUDQLAMe0P1kFAwQQXLZIhvhVg==
+watches.		86400	IN	NSEC	weather. NS DS RRSIG NSEC
+watches.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0+muSe0s94hTUB8VqyeVf0v0aMidtoGFeOlhnk5vF2DGpGbKGF+hOMqYixQHEn/xsWDOrjpkPnnGsh4YxkKEY/LD/CPnkEaFshXTJl8JUOeXbG2eT3GgHBXILMOmfaPulF8dEAJCbEUCMpyd3tT5jQllMBoPi3swq2/4qNzxJBZqhdx/FjB01Uuvkyn7r9yTWEnu3TiBBZ5ay4issdTRNvCiP9/wNkCFeDyxI5WO+PQW5LAFISRr81f19bTCjKyr2q3tSwQwTn0QyTLB44fnB/Apor3AuVqp73eoScEVxJg9ovHF7YTnxvlPFEV/IPrOUxW/MIqAv3QuALbnX6XPGg==
+a0.nic.watches.		172800	IN	A	65.22.204.1
+a0.nic.watches.		172800	IN	AAAA	2a01:8840:c6:0:0:0:0:1
+a2.nic.watches.		172800	IN	A	65.22.207.1
+a2.nic.watches.		172800	IN	AAAA	2a01:8840:c9:0:0:0:0:1
+b0.nic.watches.		172800	IN	A	65.22.205.1
+b0.nic.watches.		172800	IN	AAAA	2a01:8840:c7:0:0:0:0:1
+c0.nic.watches.		172800	IN	A	65.22.206.1
+c0.nic.watches.		172800	IN	AAAA	2a01:8840:c8:0:0:0:0:1
+weather.		172800	IN	NS	a.nic.weather.
+weather.		172800	IN	NS	b.nic.weather.
+weather.		172800	IN	NS	c.nic.weather.
+weather.		172800	IN	NS	ns4.dns.nic.weather.
+weather.		172800	IN	NS	ns5.dns.nic.weather.
+weather.		172800	IN	NS	ns6.dns.nic.weather.
+weather.		86400	IN	DS	1249 8 2 96765E88A1B12CCE10C5C67934B10344AD4E5D63588E4B9D442FC533C8224F01
+weather.		86400	IN	DS	6439 8 2 F994E24AD5E878714E771FA57227EA081F681B270D9FAA5BA4CADE422EE1AA3F
+weather.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xItCekUJCoTDWWL4XJ8l8JyZv+VqXw122J2pioujiHYmrj9N58wYgYwRZarLlskwo5tGHostmA7f9U5ZsWunXpQJlfjEdTmeGQ20gB4vxArZN/8WvKTBT4ChZwILIP+JtlxAeIwUkfkPOoUdajEAkt8/aqiBrnTtbCvxBIjMOAqqfTRzGV/eX/nWy4+fzJNHTscRcRds1CK/BtdxWYDSTs0gi5XVf+1NseHYQAkuBd9sYrhXSOvmyK3Czol2fiVo+6Ijau8dvHn6ZERjD1EcI5bE8ufY1EKEmyYttvMfelv7KdTUZIyfAfK4IL6dHKhDIm8/oHwr+waaHLCEdw33sQ==
+weather.		86400	IN	NSEC	weatherchannel. NS DS RRSIG NSEC
+weather.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b+14N80DfQdAgxwH26IoSu45DRLWaa8yBDVWXxujm8TihS8LhjkhisZaxR6akGICjAaivreyKdL9ANPrMCLEDl6QmZRRRxhN6ZjpVScKZTjZo5e0dlAUcvl5RbT4JHVVxLIv3EAkdAkvPMQ6R2BOA7o3tojkoJC0q02mdP396ReX37j/aa1It641EPJQaqi7WIy7iSK8qfpKysQHb7X9JnZkRp4Tj9QbjHmQO+JOwRBxsQuy7caCy3/d8RRPBWcNnebbOqIxZpbeDoq9X09bp2TRHlBvGvaZPIvs9o+UIyo/5Ced4Id3ThiXcM8nNmRNvCyeuqr3C3ixMgkVag7COg==
+a.nic.weather.		172800	IN	A	37.209.192.9
+a.nic.weather.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.weather.		172800	IN	A	37.209.194.9
+b.nic.weather.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.weather.		172800	IN	A	37.209.196.9
+c.nic.weather.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.weather.	172800	IN	A	156.154.156.178
+ns4.dns.nic.weather.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:b2
+ns5.dns.nic.weather.	172800	IN	A	156.154.157.178
+ns5.dns.nic.weather.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:b2
+ns6.dns.nic.weather.	172800	IN	A	156.154.158.178
+ns6.dns.nic.weather.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:b2
+weatherchannel.		172800	IN	NS	a.nic.weatherchannel.
+weatherchannel.		172800	IN	NS	b.nic.weatherchannel.
+weatherchannel.		172800	IN	NS	c.nic.weatherchannel.
+weatherchannel.		172800	IN	NS	ns4.dns.nic.weatherchannel.
+weatherchannel.		172800	IN	NS	ns5.dns.nic.weatherchannel.
+weatherchannel.		172800	IN	NS	ns6.dns.nic.weatherchannel.
+weatherchannel.		86400	IN	DS	7789 8 2 79D6DAAEFC15969665F10E9DE136425C117994C302F41CA70F1157BE61FB9384
+weatherchannel.		86400	IN	DS	47695 8 2 B2F90E6997386B0411808F05702D0F9AC00F5C0D129262394C86E1BA79977BE2
+weatherchannel.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uxjVcpFj4x9foKqyG+bK3Mehwyg0Fs6CRKJYmCWl27wTtWXjU87jKeN5Chx8XOT4mDcpLfy/opTwaCUD2t7hWGbzbIIbp8sY39iKdmpvjOQ7pd0uRpuU+wklOKG99vnIvyA1qQKzujBup2JMNu7c2tiZNDcM32vHN+OLPFsL2IsagLPmg0osUJ3ewdd+uW89GgctMaKzTvnRJrhoH3kH9yZ2UE9s77TQVIIeMlatAUh6IqjenggcQcmzBJNox8IYbd04EzKuWP6nA7QxnI5TeT+v4xfcTALs66R52GhMrF4Zf3CACc4FK85WqYJoQ41AGgw2mTTEgU+D3W25B85mDA==
+weatherchannel.		86400	IN	NSEC	webcam. NS DS RRSIG NSEC
+weatherchannel.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MHU1CuOTVip/eyv7kWekj21GUZDBp0hnmReF72Up2Pefdlzk+J2goNhC+VU38ryMuzRuWhvqasTitt8/7ToGHBjzZraCey9+PZ3SUkONuuY37pnHNI/MSacYYVsqnyoAxRP2MI417ZPN0szF54AMalKlJbVHmziQw8kKQz2LPbHwUbFt69CEfrAGv7AXWVry45uTGuo2lkBDpWOLc2DL4T+XV/+E3Lb2v+cXCR2MWEEtnhSkfi/WMv+fgIoPHiSc5FH3DYr/Qri9uAiwZgdDgvRLVDFPTKf6r0tCg6mzFLMQ3GQG79v8J57QO3Ca1iBhGzsd4gY1ePJEinIrHBbWLw==
+a.nic.weatherchannel.	172800	IN	A	37.209.192.9
+a.nic.weatherchannel.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.weatherchannel.	172800	IN	A	37.209.194.9
+b.nic.weatherchannel.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.weatherchannel.	172800	IN	A	37.209.196.9
+c.nic.weatherchannel.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.weatherchannel.	172800	IN	A	156.154.156.179
+ns4.dns.nic.weatherchannel.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:b3
+ns5.dns.nic.weatherchannel.	172800	IN	A	156.154.157.179
+ns5.dns.nic.weatherchannel.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:b3
+ns6.dns.nic.weatherchannel.	172800	IN	A	156.154.158.179
+ns6.dns.nic.weatherchannel.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:b3
+webcam.			172800	IN	NS	a.nic.webcam.
+webcam.			172800	IN	NS	b.nic.webcam.
+webcam.			172800	IN	NS	c.nic.webcam.
+webcam.			172800	IN	NS	ns1.dns.nic.webcam.
+webcam.			172800	IN	NS	ns2.dns.nic.webcam.
+webcam.			172800	IN	NS	ns3.dns.nic.webcam.
+webcam.			86400	IN	DS	22450 8 2 E2447935904A4E1DA9F3695F56055A2132FFC565A4EA2DDCF22C5AAE0605A2FD
+webcam.			86400	IN	DS	55165 8 2 90F6B109EFA3C0BDEE83FBCE4F70284B66FB7E61745B4D78A11DC1923DB958BB
+webcam.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HOFnEoc7DQGFlu9FQ1SkpJnfP7l9X5myHuPqWYBIb9qRmwvHJwb6WRWlGIrVL3/hEFS47+KB5W+li4Qrwcmj9xG1tsY9uIllIAVkFDgGvIBXbUmAboDxqDP2219BnYqTB5Zd/yiT0e2egGNHQSCoh7Ejpi3A2FNGNFvjhj/tUMYYGGU1ASLrTLs2W209cJBKGXEP6V7G7XSSPv/JrbEXNl9BmDfpydaT0PiXrHO2Oe0uRXIZD+YY/J0+vBUhetrEf3ziQPG4IiOg49xwhFrgwuoZ0nMY3HmAJe3Lm7XoX9EoKsuGgI5DPM751O0wRdl5hp2k0ub5Em2yb5jQxJAbBA==
+webcam.			86400	IN	NSEC	weber. NS DS RRSIG NSEC
+webcam.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CEYhgkZ+ezjj5QXvSl4Ft+PKQ1/7DBaiWfIdbCTaVDpSl0HSUXL9vdqFIVSKD9aNUDxlcsH5YkAfVpLG+K//gS+x8YQXe5di842X8YOGyB1/D24lIgEl82LsOpRqSdePvbBGfiE9mW8PDbwAes8CULCNZwRLgWK47DaJUBCkuydV4YMLXml6IC07tzJQ9+FvEaJH9790tahH5/hxmegga60fJYQ/IuE3jf0q+O6pc3YUw+546AbxjgTgVuiWjGqQv/NH4FOfkvVm13qFoidRJ3eVIeTJm9kJg1BgmQmTlIXqxu+/mdWwTt3/dmB6Ub0nOiGVBhwhHmPYCKo5yZPpYw==
+a.nic.webcam.		172800	IN	A	37.209.192.10
+a.nic.webcam.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.webcam.		172800	IN	A	37.209.194.10
+b.nic.webcam.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.webcam.		172800	IN	A	37.209.196.10
+c.nic.webcam.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.webcam.	172800	IN	A	156.154.169.60
+ns1.dns.nic.webcam.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:3c
+ns2.dns.nic.webcam.	172800	IN	A	156.154.170.60
+ns2.dns.nic.webcam.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:3c
+ns3.dns.nic.webcam.	172800	IN	A	156.154.171.60
+ns3.dns.nic.webcam.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:3c
+weber.			172800	IN	NS	ac1.nstld.com.
+weber.			172800	IN	NS	ac2.nstld.com.
+weber.			172800	IN	NS	ac3.nstld.com.
+weber.			172800	IN	NS	ac4.nstld.com.
+weber.			86400	IN	DS	32799 8 2 67F60D0F656284C11307FBC8402E280BA0E53D83F601EC4ADF2EB54FCA93AAD9
+weber.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GDWojfd7ck1m6Y/YI4M6iOr4sRiS7N4F7dVE8LOcK0yl9Gkx+BkkCX8JuwopuN3RTKZgxo008HFI7o5/vlTVXmBYKXE1eRHj841bK92uFbefA7pceB9CKhbdTi1JYJTEr0mTz7NVO4vsmwyN/zr3TtTAjSNlb4OvYKBpel42J83w8/JI9fW3jzgDfuLvsaZ9EHGpv8lJDflnYfbOofCIs12MjmFDC5AMx0naKTB6wiOeVxXbntAZJrl20HRh5QdmNwRlkZ0n16AvbuWseaXNcyd08oTxAbIS1Xx8zt2tVxbloLVAqdscWWzjm6v53W0E99JlgMgUaR+MosJ+iCbDqg==
+weber.			86400	IN	NSEC	website. NS DS RRSIG NSEC
+weber.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . H7G+n5A4fb/EC37kcuo/aaaE82QaIcfPJu1EiFEm9Xf5tcjCd6QYd5wImJ/HiSnMchjF7UjvcwQm0W0KSghcUspKqWbgV66E7VIiABzGz335sY3SsrrteF0cWTr1wfFQu7r6RNLClOYvtOAZt7HC5k7A49cRa7SWUvZUMCji9ZCKUTetjvoPqAyg8crIFcOGybgE5A4uAeMdu+eKz7NO04RfsRXB6/shn/Z5OdorUYRTuPLEbmyDpwyHAfDp7icWd6WuTNPzb6Q3372FjWJQYD4ee9pfA1GJvfuQWt4iR6t+tqAvLsvUrP/Spe8ik2Cpe9ncmL1r7gwfvc6LpSse0Q==
+website.		172800	IN	NS	a.nic.website.
+website.		172800	IN	NS	b.nic.website.
+website.		172800	IN	NS	e.nic.website.
+website.		172800	IN	NS	f.nic.website.
+website.		86400	IN	DS	47815 8 1 34C5E08B2F09248A85BE31CD465DB919AF06DA90
+website.		86400	IN	DS	47815 8 2 CB5F31743F17C1C1641D7ECC4C7DC40217363645E7AC25C509393C6709D933A8
+website.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NM/ZsgBss7tdNio+Qqx30+v0D1bj8bzia68NAWJZhaWi955VJDIo8PezchTQe2kSM3wlrGAxVqlPGukL9FdFMw0U8+jJqI8hspZLLVWeZSVMMI1YIXB83yEBLpMzsIBuY6xOACI+DGcVfqBNFD5N5YAQvzAmJvEx7gsdFGaI0j4vH9+twSKAMcpfrz7soaX4lN06ONR7y23F8NKOe1y13pHEuqe4gM49kYLiIJwqmC9VBP/6JyqH/RSgAwqsMpB9JkORETNgNtmBoaPNsvhTUAOA9pG1bzGhWITg3qX7VKbv1ueOGQytGAbvC9SiTPvQ28iM2zVwDp4mogL7KcBqPw==
+website.		86400	IN	NSEC	wed. NS DS RRSIG NSEC
+website.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OVLhDLg81QCgZ6Ne4YRFvBAH7r346CXFBBdNaDPuO9UNJwiOiiPTeYNzBKYrmpu4EFV03J2Gx6b+whTy0wDYpU0nf/sYuuNyOUPAdbk8KetGqhv/ufbX2J04e6NEDYudPLeRB62scS31LX18t5Xe1GZQs0j5cOUGuTRkcArYJZ5lAc+lCrNtP4aWNk05U3Q7Cq9KQoPlDEmRUCF8OZHlmdGwPWl7tR3e/CBLsSqhM/e0gtGopfvGdkYDgoH/9FAhQxz28Cr2mD8Xf9ncakex1f8trxLg7JC/XCv5z5CkljUNRY9SueX1vnLojjH7A7S0jQqvcSbtvRolVT0DqwuBUQ==
+a.nic.website.		172800	IN	A	194.169.218.52
+a.nic.website.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:52
+b.nic.website.		172800	IN	A	185.24.64.52
+b.nic.website.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:52
+e.nic.website.		172800	IN	A	212.18.248.52
+e.nic.website.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:52
+f.nic.website.		172800	IN	A	212.18.249.52
+f.nic.website.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:52
+wed.			172800	IN	NS	dns1.emdns.uk.
+wed.			172800	IN	NS	dns2.emdns.uk.
+wed.			172800	IN	NS	dns3.emdns.uk.
+wed.			172800	IN	NS	dns4.emdns.uk.
+wed.			172800	IN	NS	dnsa.emdns.uk.
+wed.			172800	IN	NS	dnsb.emdns.uk.
+wed.			172800	IN	NS	dnsc.emdns.uk.
+wed.			172800	IN	NS	dnsd.emdns.uk.
+wed.			86400	IN	DS	60571 8 2 32ED00D841E724EAA980472283420EE9DE48905E1B04709E79FC418C08FA1561
+wed.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U1VKPupMdPOO4hlB8aGyR4+yNVT/TYtAQV+xPGu6YApOLGJIH8iPFMrRiqmBpPQRJu6XymeWSU+FoGP3+3ndlAc0FCVMB9kRzmPmcbBG0r5opIwnzAolosBZuUZpMTS9nM9IVE0Gc2v5n2wZJ0eTeyjUxLY63kinnFIBbAATLm8CX9TH3+UCUhMCOo7J0Nu7mJ+8RpYk715X/6ubciB/Z3fJtQ9tkb6OQb9ft++ZHTZHAKK2hkbjeNmknoCjn48VBb90j1v80yIQ5OdPlOpRLnZJMyhS7SLVwQcl7W7cO3gv21j8pAwVbekaheIN8KD8tc9gLGfYMHw+HhTE2NfcEQ==
+wed.			86400	IN	NSEC	wedding. NS DS RRSIG NSEC
+wed.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aJ6Fbee0SGJfNNdQtX/e+lSVU4ZqXSnJ32v6oZoJ7BRj369POiWaDWfqIABJEwgPCPXTWegb76SOJ0M3z387PzMeeLdiX3/yq0juPNFNVX7iJt92BB8gDpZlgmN2Kd3GwMxZ+TFCv2WTniFHBGt+LaIhf8xskaCameeFupj9inWbKQRLIGsbZS0FKIvJvBjA5lNG554Gkc27UMOx1nkPh0qKZDEh2YSybN2wXN/KyffZMytWXE9R9NpO9UkO+DP9ypCiErpAE3f749Q8+yaEzr1MZSojPSHf3YtA5ORQkY2xSVUYK/7THOY5dG/wgYf+boI/zbDa4SgvpcrknP6hpg==
+wedding.		172800	IN	NS	a.nic.wedding.
+wedding.		172800	IN	NS	b.nic.wedding.
+wedding.		172800	IN	NS	c.nic.wedding.
+wedding.		172800	IN	NS	x.nic.wedding.
+wedding.		172800	IN	NS	y.nic.wedding.
+wedding.		172800	IN	NS	z.nic.wedding.
+wedding.		86400	IN	DS	7942 8 2 6BCBB57873BAD3EF4BFC74DA093B04A5232BBC92C68579DD6776F326467510FD
+wedding.		86400	IN	DS	52771 8 2 4D92964EE9FD15BB3ADB2D0D06C44B6E0FF864F19AD1CED67AB020A9921F5460
+wedding.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Th3kmIndyf0HNszX0Mfv5PmrbsYUk90zkZJfPh2732uSQ2RQmyWMcJAbe6Mfv5nkUuq1lRFRIqhkObzLc9j44DALZZZ/rKxMupvPS8F8j1/4sC0G6s62yQOXtdYhlBuiCWGQHngOl9leCS5lW/3C9+WzsfKIva+z6s5AMKK/P1N5DJ7km+2fL2VV8DB1lYMBzkdoIGJChGbrtWb5axfY/+wZy69u67l9l9KonxLcWU8wwOi3IRVYmxI1MIrYdwuk37kPInrhWGZZ4TvGBhr5DdPnXkKvKk93LqA8A7WMPXVGvIF9nM4yBlhHNRkRrKLBH+ApTQO81RHFFTEvdtkYUA==
+wedding.		86400	IN	NSEC	weibo. NS DS RRSIG NSEC
+wedding.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . v8XsLA+Jt+xG7JYI/rlHFXRKgk50MEs9LoDntc1Jzguje7rSSiS51pTAyFKvs113yfX6AGowGS+8FA+uMp6wofPGSm4EM3k/us7w+uyf4UB4wGvrOgwzgyug8urFK+zFVBqXsXZmg1NzBlOUqcjYf5CipYliFrP0NLl0LIfUMVFMSkpAxVdVmzoMoAWngBqDr8qy6dYSEfWrxEmpNcOabDXCOMl7C6me7CXsfTTYWQU++5jISGhNUWrr+YIoTpaV06I/6FG4UC+ATbABwX/s9DkkboMQCF2Vq4dM3cksaDUtDBwCFlPvnpXMA27SoAM+kUhm+S+1Pm3JLnP9uZGt6g==
+a.nic.wedding.		172800	IN	A	37.209.192.10
+a.nic.wedding.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.wedding.		172800	IN	A	37.209.194.10
+b.nic.wedding.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.wedding.		172800	IN	A	37.209.196.10
+c.nic.wedding.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.wedding.		172800	IN	A	156.154.172.82
+x.nic.wedding.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.wedding.		172800	IN	A	156.154.173.82
+y.nic.wedding.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.wedding.		172800	IN	A	156.154.174.82
+z.nic.wedding.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+weibo.			172800	IN	NS	a0.nic.weibo.
+weibo.			172800	IN	NS	a2.nic.weibo.
+weibo.			172800	IN	NS	b0.nic.weibo.
+weibo.			172800	IN	NS	c0.nic.weibo.
+weibo.			86400	IN	DS	40642 8 2 930EDCD3B0036BCDEBF43862AD49F6B7486DFECFC2E42F769AB66F21938CF112
+weibo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0p+i3P3/aGbzgnZ0cIsdD4n/zBipNa/C6WPFqXkeuuFappkv+CzUkmCE4y/y38pRkeVysQ9FprM8JS/jp31HNroPPyYklQ5iwLxIuqk7QjVWbKyJQPXJHWu/4HPqfbmk2o5M/oVSVRzFiWML/Oc+Mr8BXfn3d8rAToNjgbkqbit1cfi8xLuj2S04z/NfzDt5ioI/UfLFgnECYJMn/ladGEECR4caLwG0bfkUEeHIF8ODbiflvCT3ZHsdubIh5G8kKepCsqZYmVbaSC5MkTv81AoSuyhSBVI9v105b5b5340ss35gXT8Mh539p1Mzml6d9mDleRDe8H5LnMpj+t/3kw==
+weibo.			86400	IN	NSEC	weir. NS DS RRSIG NSEC
+weibo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O3z14v9hzDPbNppMFVruwC4mqPqnOrM56alkeXdyCo/zDirdgVU5OvT572AAWIwfoffwYZQZTrZ0JxHcUIlCh6MCSqM32cclGt47I/uH1fxp0QHKFnapbJKF/Rop75tCmKiFMBpGQMna4WMd8SiSCHnBJq7cL0aXne4lzeUcTNYTg2i+niDg18Hgr0X1d1i2NYWK7LFKc3uRJNILh1kXN1eiwjZFrwMUM6qyoiyQoupPFAI7zZ2Jgw4jl4K2sfnUY4hVEx2lxYUaBeRULC9BFlk1OKT7c//k5hbVWxmsA+JjhidZFWtcjD5KY3ejxxhvl8GtRptGmhR81wZJMGNfvQ==
+a0.nic.weibo.		172800	IN	A	65.22.56.41
+a0.nic.weibo.		172800	IN	AAAA	2a01:8840:36:0:0:0:0:41
+a2.nic.weibo.		172800	IN	A	65.22.59.41
+a2.nic.weibo.		172800	IN	AAAA	2a01:8840:39:0:0:0:0:41
+b0.nic.weibo.		172800	IN	A	65.22.57.41
+b0.nic.weibo.		172800	IN	AAAA	2a01:8840:37:0:0:0:0:41
+c0.nic.weibo.		172800	IN	A	65.22.58.41
+c0.nic.weibo.		172800	IN	AAAA	2a01:8840:38:0:0:0:0:41
+weir.			172800	IN	NS	a0.nic.weir.
+weir.			172800	IN	NS	a2.nic.weir.
+weir.			172800	IN	NS	b0.nic.weir.
+weir.			172800	IN	NS	c0.nic.weir.
+weir.			86400	IN	DS	7762 8 2 BFFFB5B824D7CC802BEB433840269CD57749AA46593C40B9967BFBA4C376FC6F
+weir.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XWRU+aRUwPj3Hz2QlMNb0AHnw+vJXtktj1K1PahY1ml8oq2oQTmCO79Y2aPdZHxXyRWjjbaFHDB/+RhtfWQqoYzmf56nAH8VwKGRkX8gZ8updM9343RDqGu8P8bJHVPRODxEx+9DONeMmW4NKW6VyOoUEtjBS/opvFDMM2yWuJq17fL6vSm5waLp4dyzSiXZMTnG/vzkJC+5eo7vwmtJ/EqrDHvEjPmj7h+dKeTXsY8g9E2lOKacNNDg983Fcmde0voLsKdIcJNtT6i5ZpAmXmO7CVi7Aw+LjhsIYkc+eKSPsrdkFcLo0ThFeF+Ohf46LhDVs7S2xTkFxXo4Z8gzEw==
+weir.			86400	IN	NSEC	wf. NS DS RRSIG NSEC
+weir.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DAUkaWPghAizBs4wpHbVV/ZB3mJH6h/6YWnqEfat6qEAhkA/lvfgJQSkURBjcXjhDVHsGqP8YvVECzdhcn67yvDAbnDrxc94w4ZbVzjCvhbHlp70HaBv+fXoHzG2JD/iAizETG+ByYpmFio1UZ/6QUU3wiyB4MFYSfki4VcCAxMBqQkh3e6sZEDQPigRnqHB0myXlWh+SQtTlu5B6gG4lA17xVbme5yMIWhl4Te1yVFeamG3tpG0wMR2CfvStK+Z+R/NOfCwVEtO6ZCI0ZsvuWzCRhCTfHRzQteXTdhd8Xdl2ay7zmyuZ8Ie+Z772IDLbWT5qg615Zs9ayMxgoUa5g==
+a0.nic.weir.		172800	IN	A	65.22.112.75
+a0.nic.weir.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:75
+a2.nic.weir.		172800	IN	A	65.22.115.75
+a2.nic.weir.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:75
+b0.nic.weir.		172800	IN	A	65.22.113.75
+b0.nic.weir.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:75
+c0.nic.weir.		172800	IN	A	65.22.114.75
+c0.nic.weir.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:75
+wf.			172800	IN	NS	d.nic.fr.
+wf.			172800	IN	NS	e.ext.nic.fr.
+wf.			172800	IN	NS	f.ext.nic.fr.
+wf.			172800	IN	NS	g.ext.nic.fr.
+wf.			86400	IN	DS	18393 13 2 C67316FA4C43D54D07C93074EDDB7914346C4132726A258CD2ACC3D4877081E5
+wf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . agNW5rXOXuOs5P/sk2DHcjRRv0iFMeyxtUf8mjdHTFOhCzpLC4P3UfqaZlRnrUH0Qffn4sYZ5sjHyfBYocWqXADeylmiQ50iTu7vlienDMu9STpBJigal69YH535shNzEb26FWdYqWOKJj614VTvh4foUqAtA6ReqWcDBM8pYFciaBhn6o2MILnWu/yn5XC0hTVlwXOUCtU/CAVqPTTajz/d36VXM/beshPXbJ24PNmpA0tY323HBdLfiaKeEErTGUqPZfrF3+FiVOpr6DkjZOGAEgRUtYHqy3wZwOlXmj/jyNrydnGjZ0V1vXuxdABrCc+wHHVp6d0ouJhtApghRw==
+wf.			86400	IN	NSEC	whoswho. NS DS RRSIG NSEC
+wf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MmCyboMwRDYDB38+VfaeQOuinnrpsmepzyxJOKJDXuc8GVSJr8egWbyvk3T8U3rNDfaGLJLUZFT/HpnUfRcQQHz0ZhWyjNKXXgF2Q4M1kHFE6oChh5Tjz9vFBGF+qgwYSgiEmUQQBMcvAgsS6zN2SjCOm4j9pMZp3UmBiQDgpwp/JgV8jExjPEEzVFs3RorUdYmpAWQAizfivOK/wxROP6zR91SY2RUrKTUOt3asHvYjfgzUO3qkgbFmng5VDcBBRIQl5c6GJrOA2mWsIp0FeFrtiklR9B2KWBDHC/zaLhyOZnt/x85wW0+8wcFwqfrj0lILZs90K02XagY9mAHOiw==
+whoswho.		172800	IN	NS	anycast9.irondns.net.
+whoswho.		172800	IN	NS	anycast10.irondns.net.
+whoswho.		172800	IN	NS	anycast23.irondns.net.
+whoswho.		172800	IN	NS	anycast24.irondns.net.
+whoswho.		86400	IN	DS	1094 8 2 B35D9BCF8C51A71118E63F2D38A06E25418DB690DBABFB35F0CF9635959B5E5B
+whoswho.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OP3VPRBLSXPhrOYorS1fC4HfxH+xFWw4SBd3QlQe5wuC7Jd96uyTxMTJzYfOt8RNDGYm8Eg84YsjbGzo6LRca9RwJGgEnwlCsV5Z6JDXsQ/rwOiCuo/k/Z9ivmIENA2UNv2FB/CbDkRX3JquJgG9kaHUoJir5htCXAsVOPnoveO9J3839mLMaCIo9YRdBwHV/eE/JwZKcT9sLF8AHDMsuwajh4JM1ZWMR10WG3duTTUynsQJjWDAMymu+Js+g49wLmh7YaHh+vMq/muxqaVV9DFK3+//ZfKp27WbOP1dO1Q5IY8hmXvVqto+Dq+FqFKEiGQdMl96189vaoWRDAoiGA==
+whoswho.		86400	IN	NSEC	wien. NS DS RRSIG NSEC
+whoswho.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rGCS9iB/xzAG+Zwwfr7O1v6wKAxKgt7xNK+A9K72EX9YofPW8V01NX7o9crFpIPzvpHVj/qDbGx0iTT+q9o5uEJOjrgpz6C/wQ1kmxZADTCiT51vjodqhGDpYiZPk6OnV6+va22IKef2Xc9pDZVUEnMzCguSHs6bcBOOTLoa/wvAkL+2We0JtKU/iSMwEAgt3kGwvHJ+jcWsE61tNCggTUWVGXmsFRL6uruKqGlObVTNGU9jWBy+ip3zdgHTA4joRDpcIrZDa+NfdD075rb4a41rk51oD/1UfZWmSx7AZ0rea3eS5hCn1za4Ft/9+I1+kS37C888hFgnjR3ayExJwA==
+wien.			172800	IN	NS	dns.ryce-rsp.com.
+wien.			172800	IN	NS	ns1.dns.business.
+wien.			172800	IN	NS	ns1.ryce-rsp.com.
+wien.			86400	IN	DS	57889 8 2 E2AA9BA196C7D4F10A8320A710FC24AD4BC86CE362239C307AF3B875D5CF44C7
+wien.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . X/756FshiyfTuCwJJHI16eak9UP9BIx2UxH7jqdjgiRSWOx4WBXsDAjxPg84NwYIFGfx9pc3Aox+A4jJ9sb//wt97qpqadFE9T44zfSu+DZhbX648C8m3Qj8ZDNCNtxbEdB8m92FunAm2aszCCd+k2AM795xTOtafyRkLvezAZKnrKAkXNxJ0Ote/Ag5K/Yg8p1P5SyqW4N1M8Q+HIbXBGlELuF8hI/pNyaloWp92z4cy64ocMgEHVjScGvGEu9jlbHdTrsKWe9CBDlnrPPkkJwfJU8+9t0lk52/+GCaaULsM46uGJ8SYY1lE1OtfQcHdK2FXK+zwVtHwet8x5sU+g==
+wien.			86400	IN	NSEC	wiki. NS DS RRSIG NSEC
+wien.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XQwi+zRmUROoAYde8s6FZGJ2rJUuv6E4WIT2fum/Sau1X/z2GD3HXyb+nnc2GYvHLl1sfUtoynBxurlYL0XH0t/NA0otaNdBkjnZei5Q3ppr0Rt+J/Gpy06lZtHrQQAVoPCNTtttMITuVMKfe/nUrd1ZY5fgb13oxooRCQoZyobeJ/BfH4A5K7OSleMTXXes5LLA6z0HGz18GvoneRH4bcax83jHoqglEZa2Oo59Uw9LFVyKM7F8TeBBDWxf2IkHQ2dCNF2Kv7kkQ4CEAMc0iNrc3KAVivZUcv7WiFnaMtPpR2sWQbvmSf4itpgOHzt2ng8gwqIXHOzrKxRt1a2plQ==
+wiki.			172800	IN	NS	a.nic.wiki.
+wiki.			172800	IN	NS	b.nic.wiki.
+wiki.			172800	IN	NS	c.nic.wiki.
+wiki.			172800	IN	NS	x.nic.wiki.
+wiki.			172800	IN	NS	y.nic.wiki.
+wiki.			172800	IN	NS	z.nic.wiki.
+wiki.			86400	IN	DS	10870 8 2 3C2CA6A68BE31FD1222EB66AAA693C6C4991E6F8737CA62B1427B3C9E3E67539
+wiki.			86400	IN	DS	27157 8 2 C72478A4986A5330FB21A2E427823553131D70C399DDBCFEDEE395103CA8543D
+wiki.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wnqbScGbOwkJnH8tRobcn2lXgsA+4To8VFNiXviKcnq/P431a2Ci+zqdSOatsxD8d9nA5/EzJuHvV+ph4snLu7LGew7FxO4o3Ymto61i6gj1Pz2ivV+sbMshA8mCGIDtXG42A4rRdbtgmEqFa3Q1AEo4LPhzUnKf3kaZd7HGm2M1K/63CyBroZlqLV5OxqSTQ/ObGLnU/mOFi8Ha+U0fEvyuks7T+OXT5jYp/lhWzLZ34ykjSPWpCSJUJtJw3KRMfz5u2O+6/ZuJxoFJfCI3ng0ou8hp7rCaGU2XgThiizn64XmLsMbGvyk2XVxETLgcOiM0h1uDGMTNGzCy+DuJkw==
+wiki.			86400	IN	NSEC	williamhill. NS DS RRSIG NSEC
+wiki.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . si6GnPAJOOCS9sOEsfYxkXHmGxDBnZnpn6sKMMG15OzmIDIH4+wnUsiCkiHf0lbZduG6tXuHgAaUKSEvqEMcmVLIuWceyIrFIvxdu+6PRT+TeJb0nbNvDOCP4FPN60TG1W2bbchto7qz/uu0Eb1vfy/bac126zeJ4y8TI8Xilb1owJsKpWLY5t3ySq2S0IfkK01IsfABYRV8wMqePdysnSOEl68gfzBah8R3JuP0TbXlPaS8lZ2MIPiVohX48uAxJZIWBT45RJQVWcjPX38PIFkWOUlPIO4pisXpbkOnWT8JUGX4PrFWMhWK5obaWu8t239jZofdGLSkBLDysMfOog==
+a.nic.wiki.		172800	IN	A	37.209.192.10
+a.nic.wiki.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.wiki.		172800	IN	A	37.209.194.10
+b.nic.wiki.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.wiki.		172800	IN	A	37.209.196.10
+c.nic.wiki.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.wiki.		172800	IN	A	156.154.172.82
+x.nic.wiki.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.wiki.		172800	IN	A	156.154.173.82
+y.nic.wiki.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.wiki.		172800	IN	A	156.154.174.82
+z.nic.wiki.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+williamhill.		172800	IN	NS	a.nic.williamhill.
+williamhill.		172800	IN	NS	b.nic.williamhill.
+williamhill.		172800	IN	NS	c.nic.williamhill.
+williamhill.		172800	IN	NS	ns1.dns.nic.williamhill.
+williamhill.		172800	IN	NS	ns2.dns.nic.williamhill.
+williamhill.		172800	IN	NS	ns3.dns.nic.williamhill.
+williamhill.		86400	IN	DS	34804 8 2 A9905AEA06276DB0257B1964B05D99AC5CD6F787F1D02EE138166730B8447E0E
+williamhill.		86400	IN	DS	64624 8 2 97386EC38FAB6B1D4F0C1BCDBC8F670D92A474996EDDCC24786A028A249E2C23
+williamhill.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kuukKagQMjfuJCvPDd15UEUmSm7jqVV/Od2VyrcyV34riicmwH41j7OoX+rqRqHmQ3K1qn+UqgFoNV/M+R39N/RHKQA2GMJwlGW/mNTmCwXoTskJGrGYQ+O1idmCXtZqk2OK0fPpsJCV5HagE+M4azP5yqF/pLbL5wll3/zFaMVlxjFzOj+Laq+y20Ud5UAFCPuED/7D7soBO6IMItJt4vs1ytvOsCTLh3cVaj4T04tNZ2QcIUjzuSpPO3E7SNvfJfbdMrGfzeXRz5x/ICcm3jXCfYVd6/YdjnqYez9cGC6UYUtjLQ7bmOoYSu34ZDri8dKE9Tay2YeaNLVm8VYscg==
+williamhill.		86400	IN	NSEC	win. NS DS RRSIG NSEC
+williamhill.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gBXF1C/q38dlQZ+3+HJvn3S565757tAr0Av5SeXkt0MEjuKOfpMUGp9RUyUM6av//tGtXlQZCGeXnAQAq2eVgmtZat/+IeQknEP9h6czmMUklrmvYiRQv4O4huPoRpwzlJ7dCfH3Nyyh9kIaDtB4k9wiegIMvREnG6ACjZM7QM5sj4koK3Elzt6CKOb2LDuNveqmseX4SLIMKdwYbcDziwen3QQb+0IGiFjcQIuTuyKkW+6HRlOElI+ymNOzv1+bIzbpoSozbi3OxDvlywwIDlki8s4kIxENlkcbwjLAIJeWJz8yK4BlOfuBSyJhZkJbrPPl58KQ02qRBvDrdnV3Ng==
+a.nic.williamhill.	172800	IN	A	37.209.192.9
+a.nic.williamhill.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.williamhill.	172800	IN	A	37.209.194.9
+b.nic.williamhill.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.williamhill.	172800	IN	A	37.209.196.9
+c.nic.williamhill.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.williamhill.	172800	IN	A	156.154.144.181
+ns1.dns.nic.williamhill.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:b5
+ns2.dns.nic.williamhill.	172800	IN	A	156.154.145.181
+ns2.dns.nic.williamhill.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:b5
+ns3.dns.nic.williamhill.	172800	IN	A	156.154.159.181
+ns3.dns.nic.williamhill.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:b5
+win.			172800	IN	NS	a.nic.win.
+win.			172800	IN	NS	b.nic.win.
+win.			172800	IN	NS	c.nic.win.
+win.			172800	IN	NS	ns1.dns.nic.win.
+win.			172800	IN	NS	ns2.dns.nic.win.
+win.			172800	IN	NS	ns3.dns.nic.win.
+win.			86400	IN	DS	29737 8 2 980F7CD5E938E5ACAA28B0B9A3A1504AC3839B3919CA6FDF9C3523675D0FE875
+win.			86400	IN	DS	49585 8 2 4466F9D8D5814557B154063E5B82925059115249B97F19C8B091C6CF06407D57
+win.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PRy0yrOdvU1cqDUN++hiLE13sud1fK6URWKEjK439j2t/3pm1eELnxWIF7c8SuV8x5iedLfM4BP+5NyCS78ayMYp1sxUZMAvqLU3LBC6LHnBM5zT+IcXLneNc38dXF2kKDnhQ+mSNlnhwl/OWW3Cs9kcZVF8xPRG3Fr0gNDsHQk5DsRDU+CzLMa7WS7jdmpud9xmL9aO7RJ1kx22nOTT7CyBPMwCnasWM0NbblurlcF69IF3K0WzXNigGpBVHNZRlvWyLzCZ2OKErsCw+q4u1UfDCPRKkwn9s0E6DlH5rkhMYopEA0ROyX/aMLxKnwy5Jf+aKvLySigHg7k5GrD4PA==
+win.			86400	IN	NSEC	windows. NS DS RRSIG NSEC
+win.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Xhtazkl+eFzuJxPm40pNgF49ZpK/PBieRUilxzD2ZfFkB1wusENrJb+OAUtChcvA1qZOm54qw18OQgc+uOU5+2iAhqGflQThxuDkTY7TMuvT3upegeVkh6o/MRe5w00GufPGO7vu07JvNzARA4Hn4oDiwIKklDBcmwUuUfSXt+uwMqSAnspcGkod4baI2scf2SYI9pS9wLxlhzIFSDqw8d5v8P716/oAttILQOEMZUezWyBAqp7MiZ4sAc5RVXeA7ZxzoQRGC1crsZknHue1fVxE8gko66d9CNdvuZc6MTcMYh7ua7hpH6de3zNp3qF7GRRrTBlChBfaSh4TRTKezg==
+a.nic.win.		172800	IN	A	37.209.192.10
+a.nic.win.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.win.		172800	IN	A	37.209.194.10
+b.nic.win.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.win.		172800	IN	A	37.209.196.10
+c.nic.win.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.win.	172800	IN	A	156.154.144.182
+ns1.dns.nic.win.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:b6
+ns2.dns.nic.win.	172800	IN	A	156.154.145.182
+ns2.dns.nic.win.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:b6
+ns3.dns.nic.win.	172800	IN	A	156.154.159.182
+ns3.dns.nic.win.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:b6
+windows.		172800	IN	NS	dns1.nominetdns.uk.
+windows.		172800	IN	NS	dns2.nominetdns.uk.
+windows.		172800	IN	NS	dns3.nominetdns.uk.
+windows.		172800	IN	NS	dns4.nominetdns.uk.
+windows.		172800	IN	NS	dnsa.nominetdns.uk.
+windows.		172800	IN	NS	dnsb.nominetdns.uk.
+windows.		172800	IN	NS	dnsc.nominetdns.uk.
+windows.		172800	IN	NS	dnsd.nominetdns.uk.
+windows.		86400	IN	DS	31600 8 2 8057ADBDC309CAC9CDB987F477B7217B15C88D0A7F84E3B9BA5AF412D24B60C9
+windows.		86400	IN	DS	44526 8 2 F6DDA2F2E3E99E70C47F0393F0154D1641435ABDF20E5E5C0A8416C0DA34A922
+windows.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XqgdGQNmDXFml2DHdR4MV+4esN/a6RPSbHknHntyW5T6qaw/6hinY/8D59SacEJwIuM9gwjH1dKRjOZMtLqGPvvE/8jt+kqvX/aCbExmdoQu6VZhPhWdKZhS7ccwezlQ84rVg1v54HHiH/Q2FXW2iEF0XEaMX9DBHXq3TIPXNuXlHdZggTczEkYyRPX38lnD/4FhJRFxnl6I7CCExe8lRoLjG85GtqqrXTsSHqgmNPHc9At2dS8VpIQHdFNqACPZwgFNZuFCkhvdsJQXQZZFtLeSfR1Q0bd67CxxJ9fQbWCYMSWyxJ/so9hSyw8NM4tYc6HUoLFJpEOFLJ3ndECcBA==
+windows.		86400	IN	NSEC	wine. NS DS RRSIG NSEC
+windows.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . v1YnsIrAvxPg1O2xVm9VflsTq0N+v5EgvU4WNuWeRIJQ3H9k5Heyj4kY6XDhhJKkVKozvbpBUAFH1WNzJp+lFaFkBWv0svG2Ts+4MHNsQ65dT8KgBrXGS7eDMJtEKQ4XBP+gD7RNFsDvEfhxlNw+cNHL6mj3rNRxJTgEcXcnvi4VDvogqQSdUvjbpZTBaUTJK/c6p38hjx/r3swHxPNOdvbsR5uewjrGKoYhrhKFx7Z0xttpgXNxXWk6sW9GsokFZ5Gc+wUa8lW8vhejHaWQSpSqaMpYbdFGCT0kdAI99yHrujBJ7ieccQ67dbILPINatgxDd/j/mqJ4Z66IrUiEPA==
+wine.			172800	IN	NS	v0n0.nic.wine.
+wine.			172800	IN	NS	v0n1.nic.wine.
+wine.			172800	IN	NS	v0n2.nic.wine.
+wine.			172800	IN	NS	v0n3.nic.wine.
+wine.			172800	IN	NS	v2n0.nic.wine.
+wine.			172800	IN	NS	v2n1.nic.wine.
+wine.			86400	IN	DS	4210 8 2 16016CD0C2432421B72D072422278999C3C2772353E3D5214D25BE24B4D521CB
+wine.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TRPNAjZd3rrOSjhJvZzbXQUItT91fu/ct5Qejbx7Y0oMkxwZjNNUiskMGcjQmjxc8RYv/YGzy3VMt0Y/trbXd7JzQF5IVm8pRdpjAkBFnYZ4M7oKx2zvhiG6vkX7krQ+kVsv1aNHfgXhKboIWie/P5biUmRn+GLQ0acqGdAMqN8OFDZc8R/+GDCj6C5FbIstTBB6Q16fmiiY84aHAx9m/asuK+B+TPtNyUUVlRLQZJbhs+uf9MwT8qtwkvzZDFUsfcPErnQSeRUIQ8k8+1/iTaBMFMuZh0XiY33sr7Q5SvlrRHOQGh1dfWWlaxhE+vQwtslrWMCVVGki8gZfdDUKvA==
+wine.			86400	IN	NSEC	winners. NS DS RRSIG NSEC
+wine.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Fmu2iDspUXGxFA/fyUJuIS/q8iRJpOLIPQAotqVO1wpaGg/Z6c9mHoA54wIKK1UMpazCfG+8gE2VIn3eoDeGyTgn+qLeTs5r+SWqWtxH4NyHGQJHwmz72l2PrUPXYD5IY4JjseFIQue5IaQpWuq2zFJmArpcq8d+iPRWebCTaYcSW/QW8Whd6Xzbc5I69gMGMuE5F4ilmpRib4Sdgjmka8BlYLtSnsmzgYQnXfBz7j2c84s8sZDedxcuWuehNt0Cih8e8VLbgpS4waHhZTft+XqnuNVY7uLg8DgTaNTWFiezPrKs0tNSghpHSREWM5AAXJWQB00irg0ChXYqcM/Gbg==
+v0n0.nic.wine.		172800	IN	A	65.22.32.11
+v0n0.nic.wine.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:11
+v0n1.nic.wine.		172800	IN	A	65.22.33.11
+v0n1.nic.wine.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:11
+v0n2.nic.wine.		172800	IN	A	65.22.34.11
+v0n2.nic.wine.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:11
+v0n3.nic.wine.		172800	IN	A	161.232.16.11
+v0n3.nic.wine.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:11
+v2n0.nic.wine.		172800	IN	A	65.22.35.11
+v2n0.nic.wine.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:11
+v2n1.nic.wine.		172800	IN	A	161.232.17.11
+v2n1.nic.wine.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:11
+winners.		172800	IN	NS	a.nic.winners.
+winners.		172800	IN	NS	b.nic.winners.
+winners.		172800	IN	NS	c.nic.winners.
+winners.		172800	IN	NS	ns1.dns.nic.winners.
+winners.		172800	IN	NS	ns2.dns.nic.winners.
+winners.		172800	IN	NS	ns3.dns.nic.winners.
+winners.		86400	IN	DS	44842 8 2 E0735A12E87E2C61DA2A863567D0D12D3754B2BC42237C53F08280F833F9B42A
+winners.		86400	IN	DS	45580 8 2 7A66263CF952160C86B31C0B85AD2D1D79E290C8C506F45ABDD807A6EA4D3BF9
+winners.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f6qw/Goe9JNdecSw5R3mf6avxFvvfVn68GjI2L+vcGbnGzAU410cBIZXqR8GmtmP+CAQ6kI8Dv6ecPDw1K5vWxYxcgFxkE7TQBiMPzN/adgSOv4PFTFX+2fcyHfdlPLzNWDzGdxZjmFSZTNyRmLigxVy3wYDEi/wWtOw4VzB4QANVL+EjcdsIK5s5wwq7fjQtNCGYKx0hoc1ehniSg/4ujMO4uZq7Si9kapyAhVmbNi+7WEiftSJUHW74Qi0kedzA//YBI8z/k54wzuDF9ha5eLrz7GTMq8f/xLNqq65OAEaS2blmVIT2AjdDNR7bSekbaR+swVquVPrNPNORL8Kzw==
+winners.		86400	IN	NSEC	wme. NS DS RRSIG NSEC
+winners.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pvjWVA0qdaTtRvY+no4V2hDCOi6g3mnXNOs+IMNEXvzjaDZPCAQKkzn+8x1dugCXZY61h1FIun+iGWuCoLKltJt34Jb/c1ofB6rl/MNLAjQQZN7ADfFdJKa7J/0yzKpMabBCC9Jtdtift9T0Ii1FjocWa1bKut6tq3I5blcl4UvfUXW7PfMEOJV0WhKYyrEE902H3clmZleDxJcLeIjvGbCMaIQtCgQGNmQPQoOoxXXt6U+n2auWKawHR/zOs9N2mfbiecbpUs12htCRKTz+EI46mtj9yK1MQeLCwm2pRiKiZ9aNc1k8Uyjqma1shewU9PgpwpnbyMmab+UcWewwRQ==
+a.nic.winners.		172800	IN	A	37.209.192.9
+a.nic.winners.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.winners.		172800	IN	A	37.209.194.9
+b.nic.winners.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.winners.		172800	IN	A	37.209.196.9
+c.nic.winners.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.winners.	172800	IN	A	156.154.144.183
+ns1.dns.nic.winners.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:b7
+ns2.dns.nic.winners.	172800	IN	A	156.154.145.183
+ns2.dns.nic.winners.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:b7
+ns3.dns.nic.winners.	172800	IN	A	156.154.159.183
+ns3.dns.nic.winners.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:b7
+wme.			172800	IN	NS	a.nic.wme.
+wme.			172800	IN	NS	b.nic.wme.
+wme.			172800	IN	NS	c.nic.wme.
+wme.			172800	IN	NS	d.nic.wme.
+wme.			86400	IN	DS	7259 8 2 E7CB7561099040DB08978F7696320DDAF323F52DDBF951FA5F4C44B2F34E38BD
+wme.			86400	IN	DS	60194 8 2 A1D20932B733059C4BB7E989FDF75A19A787EB186CE2DB5648B1560C1DB54495
+wme.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aSJsOKy1TBLd/pussHrNyl+IRUD9K11P8O5F533kNXNCQgMrxmBe8Tnwk8jY556fkaBrIDJvaDzSTvuIvtek7Ep+MJYBCvxbKfvavpwEaJktkur5jag/SHWpfPewJcb7pNgEuy/3Bq5TAOTG9CcPEmubiIDiBvw8Tc8W1bXBrJWnkSow8ifc8wXBTrVorE5uK/ki55B/aa30WGZaI577rYr2V3nJDEast6A2QpDXgduZpjbdC7MCHXvu63kHpCG1kZpLY9Ppr1YtCigS/VDos0Lt4S+d/7fJyjNmhxEYOS4fB/ObtrsLQ2IeVmBjyjOtqkKa3vlhqgyY91TjamDUEA==
+wme.			86400	IN	NSEC	wolterskluwer. NS DS RRSIG NSEC
+wme.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FuY9T/ThlZzG4QIncANvYr+4ZAhQX56mwED5lm/m+mgbg+7YP+JD4j30kx6xtvrDxElMAfnqoyRXrcO8XyuS8qr5hfX2EeRTRZabxHqGbGkDvnQ84meDvBOXFS5ztF97fN3z4ebf4BrvDVrgre9LmV//D/bN/Wva9J8s4xVH1LR4PsiZQI4Uq81ar9ajTmxTP8n9HhS+91OzuVqhXTrWSTe1JQKbg5sZk+5vhE0t3oteme3TghNMs6ZTDkhBjYIPvtWxhJ8gagiezqCNPmVHth/aRa/VkNu++vg00N7+ntqpX2KcmxWt/5eb7wySehqOBITS4J1Z+FxN51BzyV2hAQ==
+a.nic.wme.		172800	IN	A	194.169.218.31
+a.nic.wme.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:31
+b.nic.wme.		172800	IN	A	185.24.64.31
+b.nic.wme.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:31
+c.nic.wme.		172800	IN	A	212.18.248.31
+c.nic.wme.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:31
+d.nic.wme.		172800	IN	A	212.18.249.31
+d.nic.wme.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:31
+wolterskluwer.		172800	IN	NS	a0.nic.wolterskluwer.
+wolterskluwer.		172800	IN	NS	a2.nic.wolterskluwer.
+wolterskluwer.		172800	IN	NS	b0.nic.wolterskluwer.
+wolterskluwer.		172800	IN	NS	c0.nic.wolterskluwer.
+wolterskluwer.		86400	IN	DS	58234 8 2 97DCE05D28C78AF0B76524DF031D5FAD0E1901B5AE12515BE48FC758AF56E473
+wolterskluwer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . s7CNw5tCWRuUD/E/z5p8kGvhr+hKA0irii9tF8Cp5RykGzd3NKztXtIV9ieIJYnsX9//0Fd3/ZPrr6OEanfPqSueABsI7iXQXHOPoIWABgOyWzdg3Frd1BYhOHqxLUaiScu6EGFpwFVekXq+9fQOcjhe2Gf4Sqrsmy4YGujzta0WvPbJ8DYpaX/1o7smW3svoiIjMu/EXDhk0xOjKyF/9u2vKnQWRwd5glj8buGh0jeNR+KJTTJQ3td7qKif+gzNO3c/Y/9FlYfcmXh95VfqTJI5aQfshDLbkEqxAKGfWOFFlqII/H/pqiAXLOIFmHF7FBISdZTWlULbiHT2j3w8uQ==
+wolterskluwer.		86400	IN	NSEC	woodside. NS DS RRSIG NSEC
+wolterskluwer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sV9xbYdXIg5pXh73bf5p/cdj4QYx6vNqkVQYhpMd7T2mYHc0L+64qLkEgGbF3Qji3q+0UjPjkaJa9VYjiNRbDxKjHgRDgtujwgkk8TsLfPC1UQpl+5ws+jcY9+0Ve543QIxlSNuTgpg8yDNc3akkhxdRmWJrsiTidLgv5KLq9W/s5ZbLNqzgDVIh1i/9LFKdxlGJFAew3vAzckgYn4wLdPwlurW4+LrIqjSpKn5BC7uXoVzqEOqee1T4wGUrb0ydD/4G65lvDXlTuelL9iArp5K0yIFV3V6loAzj2wh118We1oy23b7Z7wK0fBUtGR6cYI5CzHxaYisY1Pp5lySZfw==
+a0.nic.wolterskluwer.	172800	IN	A	65.22.204.25
+a0.nic.wolterskluwer.	172800	IN	AAAA	2a01:8840:c6:0:0:0:0:25
+a2.nic.wolterskluwer.	172800	IN	A	65.22.207.25
+a2.nic.wolterskluwer.	172800	IN	AAAA	2a01:8840:c9:0:0:0:0:25
+b0.nic.wolterskluwer.	172800	IN	A	65.22.205.25
+b0.nic.wolterskluwer.	172800	IN	AAAA	2a01:8840:c7:0:0:0:0:25
+c0.nic.wolterskluwer.	172800	IN	A	65.22.206.25
+c0.nic.wolterskluwer.	172800	IN	AAAA	2a01:8840:c8:0:0:0:0:25
+woodside.		172800	IN	NS	a.nic.woodside.
+woodside.		172800	IN	NS	b.nic.woodside.
+woodside.		172800	IN	NS	c.nic.woodside.
+woodside.		172800	IN	NS	x.nic.woodside.
+woodside.		172800	IN	NS	y.nic.woodside.
+woodside.		172800	IN	NS	z.nic.woodside.
+woodside.		86400	IN	DS	346 8 2 3C0F130C65367A18EB0943151D1678C687090B6ACAE1432D4CBE7585AB6745CF
+woodside.		86400	IN	DS	38707 8 2 E4254780378E282920AE5D44E210DA28BF5D7FADB0AFCA33E400B74C5086DDC0
+woodside.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qsPUmiz08q3ZzMM5aSEbMEd2Dwtg/twZzd7LJLHyBY/mdi9eRTAxyINJWhaOQpD1/vCGxZKFkC1sxuLnpUmfDOtHkkJCpvHM5JYRg684WAj3rjsf1RnpkNJ8wUh+UbziPVfU20h4KYtXqg3EO77JEPLV0bEM/UMN/kpJYM+bPwgrJKhOmY5loqgVLcrlvl/t0K2KbGVtsDfVCk/3zSJlhD+pbfTV7cCI805FsrOjJLZL/hM/t8tigIRiWApgTzt8RlsAssj8lsabkDLvM+Ml8uNXVci1S2aYsW2VMbrrOdxezT7gl58onHkwuaBrbnEC8rSCXjSAnN9Dje7UOCVmwA==
+woodside.		86400	IN	NSEC	work. NS DS RRSIG NSEC
+woodside.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CgdPMQni1jpu9W1Uc8IguuO0kLQHGtU5T1AOYrkoRx+dm4PmUFFeNsM2F6m4qhWA0nzN6CpVc/nSLgm1AoNzIlApGhXQN1Ai4ELW1bW7UXI5hnyEAbyXMVRdaljJida0Cgh7mh01iMQbo3U/wJzi54dcvFRZjg/FIsqe5kYU+d/9mtpMEsLW335ZY6TFixxdRF/mRTsWkxEm4LZyJn03rnUo0McppqLHmiUlV4QU9pb+ECZ3cxW69aW0UtWJxhUneOMZw2qj7VkgZwgFFbdEsYmrUTwM/IggxvcOpPj6U66PNwtg6SqkYb2MlixrvlGvMaUV6/Wa5b/v03TXwM94cw==
+a.nic.woodside.		172800	IN	A	37.209.192.9
+a.nic.woodside.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.woodside.		172800	IN	A	37.209.194.9
+b.nic.woodside.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.woodside.		172800	IN	A	37.209.196.9
+c.nic.woodside.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.woodside.		172800	IN	A	156.154.172.82
+x.nic.woodside.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.woodside.		172800	IN	A	156.154.173.82
+y.nic.woodside.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.woodside.		172800	IN	A	156.154.174.82
+z.nic.woodside.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+work.			172800	IN	NS	a.nic.work.
+work.			172800	IN	NS	b.nic.work.
+work.			172800	IN	NS	c.nic.work.
+work.			172800	IN	NS	x.nic.work.
+work.			172800	IN	NS	y.nic.work.
+work.			172800	IN	NS	z.nic.work.
+work.			86400	IN	DS	16252 8 2 499017AA972A79021573AF6624DDB5DEA13562ABB2C356FA30456E4604F3D4D7
+work.			86400	IN	DS	41389 8 2 D1AE5019CB2D29DAB235359FE6250CDDD84C83214DEAE65E7A1AB385D2050BF2
+work.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0F4H282KCP9LpzMhUxZujGgvzYz0jXaRQr+qjdmyQddaYlwn92NtGDwi7Wiw1MDiJMEGxdj4bGjOnz5pok6CZ7oEU1+/bMRaqnZxh1teifSKMcz9Jzxt/xxGwUBkyYscvemtPYtx3Erysrg2f6xtGBYeX3evqRrsZCUhKCEcQnBUHFdi5GOtXN8MmVqnQZSxDT20oX8WwIHeiKREzsohjcK1ijQbKoYJ1DzIpu61+93DirXxhQfXwvLKkLtZOaFoVsuyqYcnUKN2e6lh0lNG2NfeGzqTOz5dpMt9eUM5B0XpOhmQSEMW07Jpfyc21GFqxOtnRbJj2MTgBY+6gb7img==
+work.			86400	IN	NSEC	works. NS DS RRSIG NSEC
+work.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MHaSx9GE2vDDkgDzS/g84DUMk9X67+6pVTT+MQVrUbhclkxcyZHIkkM2PCYCoQmHEWK/TMxsRK1cvifDeYAf671S5lCrfRkZzLfZjoIWa9Ncl0vEdfHz1IIFg8+lrJray57UJLutGxu0LIMeyTNa4B76DUcVxMBwQsmAcBWJnRsJfUU1zsXeZR6gmQt7W71t/jUrY5Yh5vd3wN3YAkOLXkM/juY/4SWURTISbIubAbDFITM5R9YzT952h4T4DVDscWODeJEsvT30lFDYgure1EgyYDAlEt5xIycPmUI60Y1Tsnt8eesPZ39Y9+5kNff3KBb24fCKrg/kGqFBzYAk8g==
+a.nic.work.		172800	IN	A	37.209.192.10
+a.nic.work.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.work.		172800	IN	A	37.209.194.10
+b.nic.work.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.work.		172800	IN	A	37.209.196.10
+c.nic.work.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.work.		172800	IN	A	156.154.172.82
+x.nic.work.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.work.		172800	IN	A	156.154.173.82
+y.nic.work.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.work.		172800	IN	A	156.154.174.82
+z.nic.work.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+works.			172800	IN	NS	v0n0.nic.works.
+works.			172800	IN	NS	v0n1.nic.works.
+works.			172800	IN	NS	v0n2.nic.works.
+works.			172800	IN	NS	v0n3.nic.works.
+works.			172800	IN	NS	v2n0.nic.works.
+works.			172800	IN	NS	v2n1.nic.works.
+works.			86400	IN	DS	46672 8 2 0339DD99B86B96B8E437908E9AEA3EB578FAD0DE211BD8CF7A4FE6885E0ACDD2
+works.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qYdU3BAnUkRwwQy7W9fzkV396aoGsIh3s12f4e6iWlOxxQbjcs/qTmB8lABHUGamPJ0pKDXWGUAp2qiZhXsmk2CfN49I/6FveXOzUxtn3HkBeV/+Yrn9YwoCSc2jVlZGc01LGJxs601PKO2X+Mm85HbSb0JqaPhhkk5yNKtnwTLhI94lzsTkufTPUWWG16mH2P5fLx+vw5uAnoGbokyh7aguAEGJDoIDfZ10hnjopwYjX7cl4jqFcOvVPNO2B3+KEsYwSaP/O3l97Nyts+ACvy/Mw1HuX9tPPetBoKLnqT7de2pJ/fmslS2eq7r0ALfim4UPcKC4+UaUzoX5BDhjZw==
+works.			86400	IN	NSEC	world. NS DS RRSIG NSEC
+works.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MEeyO+sAWQStBf2RIhRoV48F+0sOlRoY7XPjdbegF41E6PoYzErzMnTHnobt3jfx2UBJzrkn3H5N0T/9wlWzQWlLJ9eel72DqijZ3/hPOZYMOXy8sM4f8tzP31jc9pxW78bYCO9YrFtGIrASVansSzlL2IT8MNEZUx45V89NIZeh1MtNQ6qY3CEEOwMrrYKsvciXRqERO7fUNt8XsvT/WFQdcUEDCcpk3zIvhoMvecvp0vByg28qv5nNRQZGxXmnJC83ngxVIl+pjEQ5DZ0nCptZ5Gez14l4FpfQNSd8Wb5xKNBMuKXkTJx5yEJjte1IVzDnr0EVjgPmkKyyHfkNRA==
+v0n0.nic.works.		172800	IN	A	65.22.24.6
+v0n0.nic.works.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:6
+v0n1.nic.works.		172800	IN	A	65.22.25.6
+v0n1.nic.works.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:6
+v0n2.nic.works.		172800	IN	A	65.22.26.6
+v0n2.nic.works.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:6
+v0n3.nic.works.		172800	IN	A	161.232.12.6
+v0n3.nic.works.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:6
+v2n0.nic.works.		172800	IN	A	65.22.27.6
+v2n0.nic.works.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:6
+v2n1.nic.works.		172800	IN	A	161.232.13.6
+v2n1.nic.works.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:6
+world.			172800	IN	NS	v0n0.nic.world.
+world.			172800	IN	NS	v0n1.nic.world.
+world.			172800	IN	NS	v0n2.nic.world.
+world.			172800	IN	NS	v0n3.nic.world.
+world.			172800	IN	NS	v2n0.nic.world.
+world.			172800	IN	NS	v2n1.nic.world.
+world.			86400	IN	DS	13081 8 2 84C4EE9B8CEC0C7EB9C2C892A07DF5513897F91C5B3BC80410EBB062E86EAC21
+world.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aP8SRYLaaJDnlPOt04l9i1zbZ0bAdXt472Ddkx0gG5NEzyPXIwov0ORMVRoCJDyes6U8I7G1QQXWShYUw1LWyKXkuuKS4KLIKGvDOgig6K8qfoZHvaSjhH3YjCQFaLGPcH0RbmAihEgIYKSz5V3kCgVhlmvtWqBEzFh2b9Vx1cP3zziMBBQ6kyWx/0j97tSu+54U8RZ8CsTntwIyXOP8U5FVcOSK3LMXDq8o8LWXhOoZzWVHbcDE8oO9GO+IQb6lTUcBMXpJvC3SZ/twtkbqBnCaSnKEGGOqlOqKxNX50o0jXw8ANLq7LXU0quz3HsXOTP55qNY5iq96I47/tuNjOg==
+world.			86400	IN	NSEC	wow. NS DS RRSIG NSEC
+world.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dZrzjXvK+MdL9MjMXq6vAsin0NTsspFXxrZPpSMinWOfEaugrEY7ApFS3MwRYLOYDCUVCX5BPse+970QvZrFzAT/tOMCSBIXAREg3CLpo+8YTz8cnpvovG/+tPhxAta5qZaY1jifVngc5A/R6fq9S4SC5VXv6tuWQrLb7TUZLWKnCeDmaq1TFI7gZ7mIoeRixOzT2FQPmdkohnBPoz4WH2i6YJ/ZM3pe84P4vX2HFH7O3HqCmTlW3Bc25ApEiNZMfiM5/n13jnv6kRXrpzaQ/4CoR4m6TJdpd6/9yCNdXvRxjkGrPiyKYaQSxLSLU12G9NJUtwVdi5uvnJkat8wp/g==
+v0n0.nic.world.		172800	IN	A	65.22.24.1
+v0n0.nic.world.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:1
+v0n1.nic.world.		172800	IN	A	65.22.25.1
+v0n1.nic.world.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:1
+v0n2.nic.world.		172800	IN	A	65.22.26.1
+v0n2.nic.world.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:1
+v0n3.nic.world.		172800	IN	A	161.232.12.1
+v0n3.nic.world.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:1
+v2n0.nic.world.		172800	IN	A	65.22.27.1
+v2n0.nic.world.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:1
+v2n1.nic.world.		172800	IN	A	161.232.13.1
+v2n1.nic.world.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:1
+wow.			172800	IN	NS	dns1.nic.wow.
+wow.			172800	IN	NS	dns2.nic.wow.
+wow.			172800	IN	NS	dns3.nic.wow.
+wow.			172800	IN	NS	dns4.nic.wow.
+wow.			172800	IN	NS	dnsa.nic.wow.
+wow.			172800	IN	NS	dnsb.nic.wow.
+wow.			172800	IN	NS	dnsc.nic.wow.
+wow.			172800	IN	NS	dnsd.nic.wow.
+wow.			86400	IN	DS	39542 8 2 168D62F4C47A24CD93F7AB8F58E366B5C225099B479D85366D61A43EEDA9D468
+wow.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wNBwu1rKR8Y5V3yc+7TQ/82N3GHM57NPWAFuri4JBUSYBwbraLRcQXnpXxsJFbgA8ZXFkRwtLO3uri5F+2GYGH1nOxsDv8uyPogJKJFRA4kLltj8CGD7RycAUaVxFwanCpTr9WryLwys6mtXJK5DVPjtc0HYgMjzABQHjifAxgZLte9l04bDNUXddqFy06oVvLjXb4cvnfXUfTRLcw+VJjPjyAOcFD5fAUlDggX8lTHPU5+VXp3izUOT0lrUZsoJhX3BsRM/AJqlWU2TyLoGjctm3Y4WtGd5NI92aLFI2QFOLY9imx/ZtG85Au2ybiuYvetqnqw3oZWId/PgK7imvg==
+wow.			86400	IN	NSEC	ws. NS DS RRSIG NSEC
+wow.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tWtEZwzKDB3mWq9bBGBFmh1mBDtHEsPEFE9rFKE9/jCEQHQQMYdJN23WfE0od/2XBwL69ZzB0xo9UBFHa4/uuJ/ZV2j/hb9Fam72Sy1WJipRjZ3axEcJfTscE7N8Duan25NiXtVd2seSlR0Ez3y/l+mbplffFSSQu9kBB+Z9C2fm7IE6iGqR5jd8CC0HqT/Hx3wzUs3DB2AUd3u53b/4yuFfUu8xbCKiDEmEKzeCfzHgj0a64tqMxqaGt1+QD6XiLeLsEAI5GIUd0xQeaqMe0k+DD0V1tCV/Mat6L8WgEcQkzbujIGqEB+wPLpiOCZhMA6CkK5kD+H5mCMLSP0m7OA==
+dns1.nic.wow.		172800	IN	A	213.248.218.87
+dns1.nic.wow.		172800	IN	AAAA	2a01:618:402:0:0:0:0:87
+dns2.nic.wow.		172800	IN	A	103.49.82.87
+dns2.nic.wow.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:87
+dns3.nic.wow.		172800	IN	A	213.248.222.87
+dns3.nic.wow.		172800	IN	AAAA	2a01:618:406:0:0:0:0:87
+dns4.nic.wow.		172800	IN	A	43.230.50.87
+dns4.nic.wow.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:87
+dnsa.nic.wow.		172800	IN	A	156.154.100.3
+dnsa.nic.wow.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.wow.		172800	IN	A	156.154.101.3
+dnsb.nic.wow.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.wow.		172800	IN	A	156.154.102.3
+dnsc.nic.wow.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.wow.		172800	IN	A	156.154.103.3
+dnsd.nic.wow.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+ws.			172800	IN	NS	a.dns.ws.
+ws.			172800	IN	NS	s.dns.ws.
+ws.			172800	IN	NS	ns2.dns.ws.
+ws.			172800	IN	NS	ns5.dns.ws.
+ws.			172800	IN	NS	us3.dns.ws.
+ws.			172800	IN	NS	us4.dns.ws.
+ws.			86400	IN	DS	36454 8 2 7DB7C8F0FAED1FF118C3F081487CEC39CEC5C89FE647ADC1E2D3643D1BC1F77D
+ws.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ITyiiBDR7hHZ8jW48EvEhV4FhUM0+mdW+RCsfZql7b7/0un3i9+o/vwSUwGtbQ6H1Z9Gy0lz3LIsKRUF7SZr/n/ZkyEMvKiQTgM7qbv6M6NEFbIY5fV5e8zYnRcY0oVbZ79niyu6Gw4JC0t8JgWhxcR3/q0rGjdIqRzxX19UbO7fCasLjc4vrqLIxp+7p3Hr47a9SkDi27fWHCZH94hqT9YtRo4UVA64j9eHVa+2ucICc6RLsjbXZjHOyL03q857qY1rzSq1LncmXxc2c7algj7ngfC8gWZFHcAeJBnTHgdOnDV0er2XTVFGFNuUkSsl7WoYViw7mdvfSgYu3/fEsQ==
+ws.			86400	IN	NSEC	wtc. NS DS RRSIG NSEC
+ws.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HQt6xwxAB22CsyPZhLQN5JCx02OLSfPGcD8IDSM7+AUpGnO7Wlxz9D+sRsKumioOoemCD9t84c2Kn+/cN/CiNCKzQvyOOf3t95FKm4EwFwcnf+4Pq4upXdjNNBxJZ5IBHEiFXqVBhWLsBdGcExYaqRjQ/2olwTLPhjxZLJRaqShCfy6Bnayfm1t8PbEuwTLDiWZS8XUjQoKSw5dxel9nPtvgfQl0oVHZ4e7F6Xyl8dzqj37wdOe8uuDVUYXoRy10G+1gB9UA6HAjqHjX3JHkcwZ7Ztm7OGWnx4t4y0o644DdDiqZ6zfU5FPJHuEtW2790pVCgQr09MVH9XhLmYb4pQ==
+a.dns.ws.		172800	IN	A	194.146.106.146
+a.dns.ws.		172800	IN	AAAA	2001:67c:1010:37:0:0:0:53
+ns2.dns.ws.		172800	IN	A	64.70.19.80
+ns5.dns.ws.		172800	IN	A	64.70.19.70
+s.dns.ws.		172800	IN	A	77.72.229.248
+s.dns.ws.		172800	IN	AAAA	2a01:3f0:0:311:0:0:0:53
+us3.dns.ws.		172800	IN	A	64.70.78.70
+us4.dns.ws.		172800	IN	A	64.70.78.80
+wtc.			172800	IN	NS	a.nic.wtc.
+wtc.			172800	IN	NS	b.nic.wtc.
+wtc.			172800	IN	NS	c.nic.wtc.
+wtc.			172800	IN	NS	x.nic.wtc.
+wtc.			172800	IN	NS	y.nic.wtc.
+wtc.			172800	IN	NS	z.nic.wtc.
+wtc.			86400	IN	DS	44554 8 2 B9A169F58E754770E8E23D48DA8591A92F602F3D94862B33344C996C0590A6C4
+wtc.			86400	IN	DS	60754 8 2 F5BA575547A9CC6E47F9785E00D2F89D55F9541135A7FA91926E8F953ADD6609
+wtc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U6L8taWZ+kImOtu/ndA7DVM9WXdUOfsWujBcpR9YnbxgLiBEeZd9pWzF5vsL3IlzMwdli0FhoKHjuLtQpbKF54YzbfG+4Cj/LD4kJ4CawJmsWlHDdjnNlCBZU/YLOAubk70JQxQpbrfMudNjatds2pdu7Io9MpU2/19mpLVoEpw/eGo1Y10VBV2dGLrlitM9v5V0mO2Lh5MdnB9cLUq5NIQPmNpRH5oUMEAQN9rprVHdQpECtnfvGnNRdJ7c7uI+x9bc5XEnVwDsy3z6rJJ6lh2qxAhF1kH2gMwuOG6FG2Pshb8EObBz6cgmnC6052/5onQRxtB2OokreH6oNF5JhA==
+wtc.			86400	IN	NSEC	wtf. NS DS RRSIG NSEC
+wtc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EYZ83H9UUhg92papldB5vDxC9mR+13up2cZ9KYdxYYrjrjxC085sV6MIOsd/2lujJhxqUqq2+CJafbFnjG3I/GtnGR6fUeNlRlfMQ09+F2b9QEr4IXEf8blzaYH2kPjZ1u5+2TgzXCQiOwJoE80NNYx15TWjtyWeIPXhAn++aQyoa5QrAzxo34QcAkhoHTWNAJp+8F5q/NWwcxbbt0VVWZsIIXFzoma3cvIIJkwjKLn8uSnn4LfEHRlfDAe7pmIy79wAcOHHoA2AmRzJr6Hg5PxOTxh8P405gHiVRCf5Z99qAuZKF24H99KOKbD9Gz/AzBO6QRalBvL3gTxySV6bCA==
+a.nic.wtc.		172800	IN	A	37.209.192.9
+a.nic.wtc.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.wtc.		172800	IN	A	37.209.194.9
+b.nic.wtc.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.wtc.		172800	IN	A	37.209.196.9
+c.nic.wtc.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.wtc.		172800	IN	A	156.154.172.82
+x.nic.wtc.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.wtc.		172800	IN	A	156.154.173.82
+y.nic.wtc.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.wtc.		172800	IN	A	156.154.174.82
+z.nic.wtc.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+wtf.			172800	IN	NS	v0n0.nic.wtf.
+wtf.			172800	IN	NS	v0n1.nic.wtf.
+wtf.			172800	IN	NS	v0n2.nic.wtf.
+wtf.			172800	IN	NS	v0n3.nic.wtf.
+wtf.			172800	IN	NS	v2n0.nic.wtf.
+wtf.			172800	IN	NS	v2n1.nic.wtf.
+wtf.			86400	IN	DS	47461 8 2 A9F9582D8B0F154F7051751B8C2AB121231CCB2AE36EA6DA9536439855BF9F0F
+wtf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ulcCM5zyODqoJjheUKGCuARtwElsoWrfi0ySatUbEU9x8pxgXEcsybtG3Z114Z88Y9FTtcJTenAw/kieI4oBQu+h3LZMiojR7ukDdATrGv8V5yT57cLtlsn5DMODQjVK+1hpuM/Od+Cj4b44peTYJUzTEVUJyHv8hGN50lWdoC17ucLZgcYMOPJ3eXGvhHERgBjsI2QALHDQiVoCVDNEeAC5hZrEM/je11QA4dx5d0lYlHxqSZc8gXlRjdJZvz+OUB0GYgq0xGUCoC2VeOD5OKHh9FMU14NOyZ1B5PP1JYdmbESMTqXMoXUFEaHwhVHz0td5fcUGh9BD/pAhDp5ENQ==
+wtf.			86400	IN	NSEC	xbox. NS DS RRSIG NSEC
+wtf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Pu984k11xc5meq8bsp8XMi8SV66TD9c4BHyht/DFZ81/fkNaruoi7pz4zYOB+Cf5Pgo0M8gq/zzaQ2prsi4UCp6bh1Go6kL6A7hk1CmgDw2IApxcWHc8+dUkvZBrLXDh7dg5ytTiCVj7aP6lVHXTkNAo7+pqdxGX/ZXnyx1fe5OM8P3Df39cYcIork6OCOA27TdausBkSHOo2lSGeDtB0uTDS64NjcGz2A5eRG4twuhBBne2+EGfnW4lNccUrZMnZi3YWHyzxQPRcN5C+Q95SfHGScsbjC6T64wKcnnqj1uy3wB7e9J3WayF10QXC5e9pcwr2pHIvcYJczbFB/W8+A==
+v0n0.nic.wtf.		172800	IN	A	65.22.20.7
+v0n0.nic.wtf.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:7
+v0n1.nic.wtf.		172800	IN	A	65.22.21.7
+v0n1.nic.wtf.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:7
+v0n2.nic.wtf.		172800	IN	A	65.22.22.7
+v0n2.nic.wtf.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:7
+v0n3.nic.wtf.		172800	IN	A	161.232.10.7
+v0n3.nic.wtf.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:7
+v2n0.nic.wtf.		172800	IN	A	65.22.23.7
+v2n0.nic.wtf.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:7
+v2n1.nic.wtf.		172800	IN	A	161.232.11.7
+v2n1.nic.wtf.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:7
+xbox.			172800	IN	NS	dns1.nominetdns.uk.
+xbox.			172800	IN	NS	dns2.nominetdns.uk.
+xbox.			172800	IN	NS	dns3.nominetdns.uk.
+xbox.			172800	IN	NS	dns4.nominetdns.uk.
+xbox.			172800	IN	NS	dnsa.nominetdns.uk.
+xbox.			172800	IN	NS	dnsb.nominetdns.uk.
+xbox.			172800	IN	NS	dnsc.nominetdns.uk.
+xbox.			172800	IN	NS	dnsd.nominetdns.uk.
+xbox.			86400	IN	DS	43570 8 2 2C478092B86D62235C8A27BF365EDDA5C86167E1E9244A50526B735038E5DC26
+xbox.			86400	IN	DS	48291 8 2 1189083BB85010770D8937E4BC2A2AF6FC2C81F2EEF8A53A7A2457709A53C362
+xbox.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n8wHsu2ZGyFLWBfHQlKM6/K41rLTDWXmGTjUF/ZiQG9VJi1rJpgdmC/FpwLhYlBB/wRMTBYUTnhKcJ/hsLzmRhbVJuezTrC10llkapaTpkEuLW4yeQxprYFzAs8oAsay0P1fMMAB2pWU4uD2eOrxsLa6qol5/lbkU3Qg8t8IYDNv2QHziRBx1z7ghFRlygfG0q0YXSAG/mtvf6KNc9g3UXZwHjGEUZ1JqnWgdkpmKfzntxdh7El/NE64Z0fCK4Ca6ydP71+J3rq9YYMpkuJAcHOyPX+gU4BHSzVaQ2eQ0nfOBRB3CPCpA3oCtSDadsybM6Xr0sj57mA2hY6psQ9ACA==
+xbox.			86400	IN	NSEC	xerox. NS DS RRSIG NSEC
+xbox.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qhRtpSmh8iSk0vibCCcei7aQSRxfy+fzQuJ/v3x3JWdxWeGvI57di60jgTcHwLsSUB/AwU9BKhZh+otqdzjASTahMPd8xJ7AKPMOjCEsWu1ut93+SY3s2i0n1mwZa3+3VgNP4Y0phwas1MOSD+UDLnaFhZ9GjDFqPw/oJy7X9gWVGCpHZGJr0sSqZW7oFRe7Rnad/vLq8MVDCVcNAQgAY6rjtYdikNDX3CTwjyn0sjrBTeREPU+uC/iGYlsbquxIH0uoDTmViVljj57RKuoMMECTuBd6frWX3nwx+AXUNsVRtagdhyqG5KXv5zXVP1z+o9nTrGqG4Vv6ioBMbtR4zA==
+xerox.			172800	IN	NS	a.nic.xerox.
+xerox.			172800	IN	NS	b.nic.xerox.
+xerox.			172800	IN	NS	c.nic.xerox.
+xerox.			172800	IN	NS	x.nic.xerox.
+xerox.			172800	IN	NS	y.nic.xerox.
+xerox.			172800	IN	NS	z.nic.xerox.
+xerox.			86400	IN	DS	26830 8 2 7B5C562E138431A73348593E3A2D18C66DEBA2294F849C3B5BA62C7FB92443D3
+xerox.			86400	IN	DS	61096 8 2 95F8FB00A7DF39CC9FBAD6444F8D2786E6A15DEEC56424E1BCDA21E94A7C386F
+xerox.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bDaP+nsfwb4q8Y2CLyd3Tvm2XAXXidhH9PG4GncjdT1HEGTGVHAWTvWp/13t2N+6OSxowCXbb8dm+DHxcCeCK6o2695gZx/rB8ZzkHyy64StVVqryyUeszcx1CIRH5NK64gO9l6fL1Mep1ZL6IlX5QEXcKxcnhbP9tsJ35FyXAAAWO0FfojWVguQe8792ZXwnBb6e0WnDObvMt1JSLRudFd6C64HhdQzIyNAcYdrogGGrHvNGCUi9/pCdavuHGxBWIIXYzIniHKhBTCjhKVDDvaVzt3PgoJd4YVlM86/+2Z+u4xXyj61Al4upfPsr4rDqd+TUcm1CKyLA1ZarH1uvQ==
+xerox.			86400	IN	NSEC	xfinity. NS DS RRSIG NSEC
+xerox.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KTRKsZ6UaaeC4KuCaizrmfb6YPdrfvqQoJSQn4/ZxjtnHyqw6eZO8mQDWUZK8c5BeWduQNIBkTYAsHXSTTyYGr6/DPcXPCT74ddEWiyw+PAUTB7b+8WvV20hwLuzTovXRTWdcanwPsptXa/chhBkej7vUOqSggl1uHL937Y4WLxcLjzgpID8LBK7TSJD8Qv1VJv8U4qbkkSWjuRVNJA/iOpWFl5ZRxvFbJzj7cKmUzBfsAMJRDuT+XB8HkBDA41PN+VcSGfeRNX54L7M9l/BPRvPvTcsX0rNnmO3x3ETyvl6PGnTboG+jS8iex3B3yE4Jsc8nJI9KYlScucLxySnHQ==
+a.nic.xerox.		172800	IN	A	37.209.192.9
+a.nic.xerox.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xerox.		172800	IN	A	37.209.194.9
+b.nic.xerox.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xerox.		172800	IN	A	37.209.196.9
+c.nic.xerox.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xerox.		172800	IN	A	156.154.172.82
+x.nic.xerox.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xerox.		172800	IN	A	156.154.173.82
+y.nic.xerox.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xerox.		172800	IN	A	156.154.174.82
+z.nic.xerox.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xfinity.		172800	IN	NS	dns1.nic.xfinity.
+xfinity.		172800	IN	NS	dns2.nic.xfinity.
+xfinity.		172800	IN	NS	dns3.nic.xfinity.
+xfinity.		172800	IN	NS	dns4.nic.xfinity.
+xfinity.		172800	IN	NS	dnsa.nic.xfinity.
+xfinity.		172800	IN	NS	dnsb.nic.xfinity.
+xfinity.		172800	IN	NS	dnsc.nic.xfinity.
+xfinity.		172800	IN	NS	dnsd.nic.xfinity.
+xfinity.		86400	IN	DS	42454 8 2 C4D6CFEB973503EDAA89943505206BF8C406FC92C80ABAD132318165AA1CB445
+xfinity.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hKoez93CYnJDa5XD7mJWFeOVjjmyeu5sITanX6p4KAhFUgRmjpuCxisbFnwSEh0ln6oFH5hPh4nQGzQwXLlg2xvFQOIFk1pQlaaUBD2Cke1CiJM/CwXP0qtVUWZW6wJYdtuR/MFva0qbObqFlcSlhEQPLk7dBf2C7TvJk3bgC8xekO9miBoiB65kvEjZrahcAI5hwSea9bxJd0na093qDuxjWBTgzLrBEul9IwxdXkj7a2wo2zamLFZPpReIEQzjcNQ1CgbJwstNcBv4c+L7KCuMQNd5KUMLlM4oqgHHHfsnO3KbnMNjvHlZuH/P9fpscSUbpPFP3y9cpPg8jaAkhw==
+xfinity.		86400	IN	NSEC	xihuan. NS DS RRSIG NSEC
+xfinity.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oceizaYzzxY0CtkskVTIE++Y52L544Ncc+iKfKHnVBoZ1ofEytpC8LCWLuhTqOGN3aFibAnFGaIy5RigoWWzsPd9+8OUepHRDi/U5DESvdsT0t8w32aHiRBgdvZEPYhA1qWRK34onq0oB+Q0s9ciRZll9K3pmRvvhCoWiuRAMBZvE4mdjibdPpstQjv8jTZKZKpdsw42cEDQDN7jooXsYo3KCjoHVq5gC768r4ksdWy2ZSTuW1e4zub4+IZWc2KZRLoXjxED3HFRfQFMGDBIdWzyJWRVb23iLz74GaD+Tby3PslRdjKcl6Pf37F5A2xtRrF+FSqfMwGVtjN/Q0dC6g==
+dns1.nic.xfinity.	172800	IN	A	213.248.219.7
+dns1.nic.xfinity.	172800	IN	AAAA	2a01:618:403:0:0:0:0:7
+dns2.nic.xfinity.	172800	IN	A	103.49.83.7
+dns2.nic.xfinity.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:7
+dns3.nic.xfinity.	172800	IN	A	213.248.223.7
+dns3.nic.xfinity.	172800	IN	AAAA	2a01:618:407:0:0:0:0:7
+dns4.nic.xfinity.	172800	IN	A	43.230.51.7
+dns4.nic.xfinity.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:7
+dnsa.nic.xfinity.	172800	IN	A	156.154.100.3
+dnsa.nic.xfinity.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.xfinity.	172800	IN	A	156.154.101.3
+dnsb.nic.xfinity.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.xfinity.	172800	IN	A	156.154.102.3
+dnsc.nic.xfinity.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.xfinity.	172800	IN	A	156.154.103.3
+dnsd.nic.xfinity.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+xihuan.			172800	IN	NS	ns1.teleinfo.cn.
+xihuan.			172800	IN	NS	ns2.teleinfoo.com.
+xihuan.			172800	IN	NS	ns3.teleinfo.cn.
+xihuan.			172800	IN	NS	ns4.teleinfoo.com.
+xihuan.			86400	IN	DS	27565 8 2 B77F15373B8AF8E7BA2D8641701AE833416F8D439BBDAEE71D18CE55EFDE7903
+xihuan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uJtuCjlaovXV3KmZtl/9Ej8OzDRPwWCC7k7woKQfe4T54xaVnkUeuLDKGmRUGUhp0b+xmmlL+yUX/jg2bKwqvzMqXG05z45CE1jb8dWr+BsW5knm/MNMa3KCUABQDYtODJcVtGmO6Zpg+4tVv2KOJHfdM+WSpibgRJTECf4jQXv7n0lWEbyBW7EXvP1/YZdiaRt0AMJ9FJyl6zL7IFNnR6Xs3gO4bPJxqulVYKJPblYQEnd5Op6ql9xmW4LJvUJlRumj41MmavCPZvVoxSX3ogQ5Qn80kp58p3pfgwZjWDU9u2dFNGpHOWM3EUfv/1/nwPUcSutIHSfJjO58joXWhw==
+xihuan.			86400	IN	NSEC	xin. NS DS RRSIG NSEC
+xihuan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Nr72gwXYIqzF48jUKb9EeZBhbx8d37qQ6sDhqIcm7gJdIo2DNY7ty9KgAaK+66+0bhV2tavwLq+erWgxMXBWLbhlyZwLLWl9SoBZ3wqKJEFIFrcXNYN3ErjjCJDL8nSyHne+hKmLhikIBQDfKY5LtriTlVvP9XLZtoSb1JlueDLgdag0VwQcZAELJmB6LcQxYZ3yoM70lC2BGJRpNaZq0lQ6EJZ1gebNxQyXdYPBz6+rE/N2vzLaPNjyEERHOuS/N9iOibKC3ruktKBCSlpzfylmLkBVlgNY0NJQ1Beagv2sXsXn/sZdCLgnMaqWDbYi9Fx1jd50X3q7Qo5P74d94Q==
+xin.			172800	IN	NS	a0.nic.xin.
+xin.			172800	IN	NS	a2.nic.xin.
+xin.			172800	IN	NS	b0.nic.xin.
+xin.			172800	IN	NS	c0.nic.xin.
+xin.			86400	IN	DS	2809 8 2 3BBBA82EF5EE5583F6743AF83A583F203153DF0C2066F8707A735DC514474BF4
+xin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XCk7DnKAIYnyXAWTST7ILxkxM0LS/261sSTTlD87Y4XWkRBkg4gAkI0Sq5vjF7BVcm19YNhkMrSi82LcCQ+6JIgtLz77ny+85ViloOhBcbXESEWfC+8jRI4yjiZjdrLjqWhrUdCkaFKg2PkYUI3/odmTUCu98BUfM2ap8jmTbPLXRnocu010QCDNcHY3kIGRKl94M0Za3MU/df4SVLJE4okbNeQDPdElRPummriJmPioeZDjlBmIoQ+5NqQhfaCCcRY6DQ1IBVL9cFkYvqfKneIG/1sBbl6BJf6KrqEfuzhShyBx6a96fqXYoIYuuSmxOjRPDnNBen94PIyIRDfInA==
+xin.			86400	IN	NSEC	xn--11b4c3d. NS DS RRSIG NSEC
+xin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F/2+AToz0xMt3qhmWdSpKZnr903eId4TSPAsGYXBvE/hbHH1YQa1btCjJGK87t29YIdTnQzAY32DyQgcS7uO86/7/+zNvrPbQrS7DalMZkzSig7EYt0rbbBrsQgikcjPplgYlB5dCyU2/HlRuJxTDEAVp5JbfvuT0xlXGXeUbafWVKbnCpmOgpIQ6lJUC0EurPKcLOkNDjwJKtay+XCD5aFo8oNWPfkUoZ4dpIyD7TaVy+lt16Z2paUGc0u36WodOO8IcDYJoY2uNPUuKfAlx1sPLCW9Rq/yuezZaAFbruv+ER7d+nsc/Sr4z7BipxL52+qPgHfTur61Ikb/wug/yw==
+a0.nic.xin.		172800	IN	A	65.22.128.17
+a0.nic.xin.		172800	IN	AAAA	2a01:8840:7e:0:0:0:0:17
+a2.nic.xin.		172800	IN	A	65.22.131.17
+a2.nic.xin.		172800	IN	AAAA	2a01:8840:81:0:0:0:0:17
+b0.nic.xin.		172800	IN	A	65.22.129.17
+b0.nic.xin.		172800	IN	AAAA	2a01:8840:7f:0:0:0:0:17
+c0.nic.xin.		172800	IN	A	65.22.130.17
+c0.nic.xin.		172800	IN	AAAA	2a01:8840:80:0:0:0:0:17
+xn--11b4c3d.		172800	IN	NS	ac1.nstld.com.
+xn--11b4c3d.		172800	IN	NS	ac2.nstld.com.
+xn--11b4c3d.		172800	IN	NS	ac3.nstld.com.
+xn--11b4c3d.		172800	IN	NS	ac4.nstld.com.
+xn--11b4c3d.		86400	IN	DS	3846 8 2 A241C8EBF2C5CD49C2DDCEF1B9E6F66A0CAFB2A40C15B80B5CCEC1BFB8AB9E9A
+xn--11b4c3d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hYqngl8LwjmMtZ6cRzvU2hvtTtuJGTHp0LVsNw71pcN2V/R7tQx63LUjAdvt0ppoKvzS0zmMywMBMVWSMEeUXmZD4XNmDJuCRqrI4N6YY9AXj2EgZid3jX2XyAK5ZRMjEd1c5I2P2ObhWxhSp7EcaJ7vKXNTSTcDHUdfDDkiJ6TvthiH62U0FZoOkqQwvuEAME1Q1+ZsgjUmRjP9xeTMIheSoxlg3va+BWXhg+VWaPSVUsI1pBX6fjnLn0dFlTS+y2Zvr65asUQm2Y7C3gPSpah28nX/Opmvggjtqbtac0g4hpz60jHG/PFIJDyO2H7QBc5CR/8MhXR+RnCGMBz0jQ==
+xn--11b4c3d.		86400	IN	NSEC	xn--1ck2e1b. NS DS RRSIG NSEC
+xn--11b4c3d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1LlNPKti6SOF/Etp/BSGOdK66vokSqDnRrEoTZ4n5HYBUoBxKP80NinxnSeXEBhj9Ei7Xg9dr+B8mCyVmArQ0kAqPOGR7my7OKhUu+FTbUdH2C/5gEUZsf2wTAe0sX0wTSKlerVgPBRCGJ+NfZqQBoBeb+NUb0Suyv7XK1RnyhlrqNB2KzmEy1wN5GuzaE6pz4tV/t1jIQWujo8mG1Ljkulm6eEduRNSO9WbgwoJoJUvHB49ZJX8QQg7ANfxccI38gUPau9OvqeWGEOS+quPNCDVt1DeRboBoK6UVAAf5V18BhiQfJ7NigGjWZuXlPxrTs2qKoFK9iSmh4vnXcVSfg==
+xn--1ck2e1b.		172800	IN	NS	a.nic.xn--1ck2e1b.
+xn--1ck2e1b.		172800	IN	NS	b.nic.xn--1ck2e1b.
+xn--1ck2e1b.		172800	IN	NS	c.nic.xn--1ck2e1b.
+xn--1ck2e1b.		172800	IN	NS	ns1.dns.nic.xn--1ck2e1b.
+xn--1ck2e1b.		172800	IN	NS	ns2.dns.nic.xn--1ck2e1b.
+xn--1ck2e1b.		172800	IN	NS	ns3.dns.nic.xn--1ck2e1b.
+xn--1ck2e1b.		86400	IN	DS	3829 8 2 9402244C218BF8FE172483E4D2AD8355589BE11F812B471FE722DD4E572EAC26
+xn--1ck2e1b.		86400	IN	DS	45052 8 2 95AF6D712437FF0146056FB29421E23251BA928DD50401D6B48DAD894B00B234
+xn--1ck2e1b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Oe7nCHap7qsZYtEkwrtBYcfVV0HgGjbGFyLBBR6a4WJrGIupIktVCVXyzn+hxpW14z8ELiH6RyZBJ/6wz2PBYwqcmEU8dUd0fnCLFii5L2jR5u31IA9UzJL45Y075mVTZbPuoYByixdfc8a2SmizzaB3RFat2KXGsLGl8biZXSPkeRU5s37BExZqmuM90YYfshO1mk5idsJcUf0xfpkzJCBjBzI8Hck5TTJDX5/mLyemgs7v/paTa47SflS6OmA/zi73uNxCLRD0ZEaeOgknnWRtbDhb3SrMEkTv6DwpUadr/piCBo1fEghehYmn5K382FCXtpONJ3RkQfBG73pBNA==
+xn--1ck2e1b.		86400	IN	NSEC	xn--1qqw23a. NS DS RRSIG NSEC
+xn--1ck2e1b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J1lLp1QTUd+VD+Z77CeA1io18ZegHQSzKLWtWntoyDQI4Tmyha5eRMDngJBAYBbnjNCZN6EMHY1JywwQsWKwNwDYt4ExDVesrMRLNGdXPVgrpfulDjikd/5uCeWYMRWKvKh6g3QnPyQbiewEZMxaXBrG14D3Dqe9lBwS1UIKlQeCMnDa84bA+/pijZyE3FpPxjYxc9z8Fla6JwqUvr3Mt2eYcKw9ZoVFryNuWu3hRWg8J7g1FMzZ/v/tGHe7VBRU73nlumcCVv+gCcq68T7DAbPa1tYG9o+Yp8Gnw+Wk/xOlvk2NbOBRR+I3Dl2/x3qgT+XjXZg3/oMrdWKudWVZjw==
+a.nic.xn--1ck2e1b.	172800	IN	A	37.209.192.10
+a.nic.xn--1ck2e1b.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--1ck2e1b.	172800	IN	A	37.209.194.10
+b.nic.xn--1ck2e1b.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--1ck2e1b.	172800	IN	A	37.209.196.10
+c.nic.xn--1ck2e1b.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--1ck2e1b.	172800	IN	A	156.154.169.64
+ns1.dns.nic.xn--1ck2e1b.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:40
+ns2.dns.nic.xn--1ck2e1b.	172800	IN	A	156.154.170.64
+ns2.dns.nic.xn--1ck2e1b.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:40
+ns3.dns.nic.xn--1ck2e1b.	172800	IN	A	156.154.171.64
+ns3.dns.nic.xn--1ck2e1b.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:40
+xn--1qqw23a.		172800	IN	NS	ta.ngtld.cn.
+xn--1qqw23a.		172800	IN	NS	tb.ngtld.cn.
+xn--1qqw23a.		172800	IN	NS	tc.ngtld.cn.
+xn--1qqw23a.		172800	IN	NS	td.ngtld.cn.
+xn--1qqw23a.		172800	IN	NS	te.ngtld.cn.
+xn--1qqw23a.		86400	IN	DS	2506 8 2 A379E36D05FEAFA4A5DAB25F518B9F62DF2FD2BA659BD8DA1A3EA48E677DA5F9
+xn--1qqw23a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . S/54uR83FhAqeiurXb4qgvGM9OFTl2aCaScZRqBcPv93A8AdSotWCFzPkt+BFNCRl0E/qoAVzRNcWUfvyVxDmIPlFuD7MamNXUs6UQL/6JPOdAFUNvLXQMTd6iuKy/PyG0D1py3DnsytbB3UKI5Cx3aHCpmKfok4WR+Z6u34eeU3Out6xNctLmPGMQYWkvmQ5ZlEIlgjscTituQlWW0F6EKLlO3Bedr0WJ39wr/EdO4cIn14if+FOWFr+R2vqVpfVQTrqKTACW5LRGb6/2rEd6rdwC8dO/gFcyMCuGByawox67QWPbzZKy7QSpGrF+QdCNWCwLWMhUNf9orMRSzK4w==
+xn--1qqw23a.		86400	IN	NSEC	xn--2scrj9c. NS DS RRSIG NSEC
+xn--1qqw23a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ekBkQutdMchVUYYqzw1cjF4yd8QrsbxqwT9BG0+NkiHRUYDgpP0xYYjId0jb4Mi/QMyaaoOcdfGEveKYzQkP5qDOZKwL0xK4f+uWZ/HLh24dmF32hCRRsUxlR7a8njpDsNJpGAKbPqyICNp4UuBMHmEJ7oEs4GM+Y3ISBLZthhmJqXV1ETQ/hwVHTOag+2Z8rxYQSijV7gdHQoAXeZwMI9y0QDrmnLOTiXQkHXxuFdvGbO9FO8g0x6JlqrT7gkOV6ptoNlxFVFeHH+DjexRI4U79dZU9lFk3Cbot+/gOMp+rlkH+svzF1cZC2Oqn18Wix82gpIORds6FG1BEmlLpBA==
+xn--2scrj9c.		172800	IN	NS	ns1.registry.in.
+xn--2scrj9c.		172800	IN	NS	ns2.registry.in.
+xn--2scrj9c.		172800	IN	NS	ns3.registry.in.
+xn--2scrj9c.		172800	IN	NS	ns4.registry.in.
+xn--2scrj9c.		172800	IN	NS	ns5.registry.in.
+xn--2scrj9c.		172800	IN	NS	ns6.registry.in.
+xn--2scrj9c.		86400	IN	DS	11140 8 2 4D6066C559009D857402623F36CFEA85B92EEAB23D507F12F28050AC873491C3
+xn--2scrj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ci3IMEtVpm3RLv+yQUfKZEXoNZiYGCPEIp7TRFTR81qFHnspYVYr1SjVG0lC0Nxni14JlIbNdQb5LJQ1YQOxVknQlqxK8qMhNNfHgc2Sj+UtWqquxjWKcJDQmTvuarA+raipTpYi1/u9EPGS5oGL7+Xh8FLGj9Sj6rb/al0DTjP8bDCmxH3U/p1SdzxsCo1YQYFc3AGqED1XInV/0TsVtcRyd+Hg+bZosMHG3qcOyVB+waphH9V/phTLW+2LRaH3A+uNFkr4FIDLjxGU1lYC6ccoMfKZjag+2N6t5B9ZeEkjKyMhkSE6a+OHoX6ao7/eMGUI+/xL3pvU7oCKB9ffdA==
+xn--2scrj9c.		86400	IN	NSEC	xn--30rr7y. NS DS RRSIG NSEC
+xn--2scrj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Dn9PuWphPTsivpHTeSsYdCG7rp761HQsvm6/2FJSz7oKxR6X/6fdNjSnIa0mdKY2PQKrsn5l0gc5EZr+WmCmb+Q3e3mhrGCsfcTfT5ZVohnJDgAYryEH3aK+pWNEtPgVvVqy+0+X55nt7coJFVNsJxo7Lle+7kC8bzFhyYZ43qRtnA/aXi5ZFptSKzmXX/UYL2xsI8OXiYKdh9ywIg+Lr9cVmoDdSZtgzO1PD5eSLaFVGq1Hm38BIhnz+t2vqYA2Rs2O5ggFTboySEQ8TNVuFdp+hXg1qNGzYa0eBpTNtt3Eee8wRKAyDBUXtGD3dpuE+F02Sb7+Q+jn8JhkYiYJcQ==
+xn--30rr7y.		172800	IN	NS	a.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	b.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	c.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	d.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	f.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	g.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	i.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	j.zdnscloud.com.
+xn--30rr7y.		86400	IN	DS	42247 8 2 339254F4939C992790A50B1D257EA5C50BF4FC30F9D7B55A0FE875885AF8BB7A
+xn--30rr7y.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pFPamONiwyO4mIpX/9V7GK9VhnUCpG7X7UpvgNQ8kHRxlfyqT/v1mvWYZGBW/ZCPXjUcvd+M4qHG6biY2xJUZJP3wwn32dk/Cj8Ohg/dbC35VyDGSZGFpU+xq/CWFhhHfPUEpLxRe33rmf9bVZZudrypb1ugAqpjS7Rg56mQLxGwlfPTTZip9A6/Pio9weBH+YeoYcITqvJ+pZ7QKHiqPr2/vAspL5GJenxrWDceK/+/HHRGZ4VMp9S2NRO3M07UwDzh84UK0k3r+ZvMkTwo1J8uvfH0Zu2kGXXqWZDqiOS7hmOGpLAFe898mSWfie/YxkAp+43EOdmmOO3p2FcVGA==
+xn--30rr7y.		86400	IN	NSEC	xn--3bst00m. NS DS RRSIG NSEC
+xn--30rr7y.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . f5Z7lCyFl2+UP4FLRHJI86rIVaciA0b8PFN5pxsXCZZTPovxQyGM24byuIQYMu3tI8UrS0I1h1k/T3zFtd1fOrdYaJJ8g8s50Piprie+8MJR82m4jkdH0116ie3EuvUZkaLTuq12T5WCBf8whEqKqe0IY+rMxnX6cvM1o2oJhuOrodrKXIme5s6iUgVFbkDoQb7erQIBZGZAKoxvKhu7uAUTC+iwo9K3hVCiYN0rMZFbbbcy9omkdbhx2bYCtXgKTibnAeEdN6aF9fSSBFCgKtJj5aN0sFYkgxFbI47QHM1Ns+jVLPFyFr/5pdM654hU7CRFbcN4RC6ZdVVpCoAU5w==
+xn--3bst00m.		172800	IN	NS	a.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	b.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	c.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	d.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	f.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	g.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	i.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	j.zdnscloud.com.
+xn--3bst00m.		86400	IN	DS	11479 8 2 7881A662F41E0D4B2133E66229672677147A22A8ECA1D1D02DB93ECDB127D895
+xn--3bst00m.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qnKRLpUErwvFWQENqWgN6zz8VcglD1ZD3HiWRlGSXfZhy+MDYJBpwZFe83cAtZbLBJcYYbllRDfzyZcFx8GwgpXXsTMNWgIe4n6cZVrdjDn8248sFwxLHo/TUeFKv+BcNB/+CdzMhKV0KGCk2rgu1jjgUl9m0il51Mcnllp2TpWq1rd7OamGU3L+0mOVcP6JGDYLQuqm/f/S4jzlAI2TFhOtl9vSH6KtK49JzSIxicx+BHZq1t9HMvMlTMbVr1TiMzbBzMTXZSqWd6IS9OjobwTFcbyY3xWBXF47BERa9pM4fP+OZ1/tTKnieHa7Ci6z1CJwz4/q39nZvlIkQckJrg==
+xn--3bst00m.		86400	IN	NSEC	xn--3ds443g. NS DS RRSIG NSEC
+xn--3bst00m.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rFvQJ6cKfjeuEF5F6lruShIw4xX9E0iX60lwhQycWGjuVcwbR9TQ6wxxh5fBU9HY/aRrYZHLI1O2ztnFysIbI/sRsDJc8s+vF4oG+d7xTFu/O7klnZysaUd++SIw9gtbPM67lk/drV6NEG9A/PFqvqi3odIQFtZm8waMLQPuukaOpnxRZghRZUsmIPobB7wXg7hKIFPsncFhcWdBABqQFgP3hZHRQ76i5wCV1Cf9VL/o43twAnKShSotzrV4E2JSXUkHOIIakyxkDJlERbHRdC3nmaNRSPepnxLilD4/D1A1P0279WED4yfWBa7n45QVgDB+LzSNokU9O6mOEdp6GA==
+xn--3ds443g.		172800	IN	NS	ns1.teleinfo.cn.
+xn--3ds443g.		172800	IN	NS	ns2.teleinfoo.com.
+xn--3ds443g.		172800	IN	NS	ns3.teleinfo.cn.
+xn--3ds443g.		172800	IN	NS	ns4.teleinfoo.com.
+xn--3ds443g.		86400	IN	DS	27565 8 2 B0E469C6095B437074BFC7EBC7AB15ED6434662AAB72C95D45E110D44233EDB2
+xn--3ds443g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HfzTiSWLd7Ji6lkpIQJ92EVfzEoQjB6MgIF7X6xibWPjmCh912sw8TzsajHWLngvOFB3AzcxuxU4alw02NRix2wXxZxyjiiDpxS35N681r/HgEcjesCjqXtgYeBuSxZWD6EDh4Q1P4atWvif9v0LOzLab8zjkJv34N6G2yA6WjIv1lT3LJ8lsiMeWqPk+38Jky1tb9uIciXR72OEOptfu4PwOS1Te2sGmwEayzSM6L20oVdd944tW440B6FkkSQ2cic+zdotl7fxqF1dH/GK+SyKDv9NvJb8Lp+wjWnJz2hcGsU8DtTgSsTU42/zxWMSCQvwnu4er8+Z93mweRXlSQ==
+xn--3ds443g.		86400	IN	NSEC	xn--3e0b707e. NS DS RRSIG NSEC
+xn--3ds443g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . se9/R3yAvUabAZDbhj0rLFocZOWfyL4jcCXNNruTRSQ72ck5DSaqIHcD8FyZURDyJXSB3SvCRTwaqf7UQiMhb+lBMRYxNgs+hl9adjBrgYvjoaXSAgTZLZ6jHvAulyZUHmdIIxd1zntKxQEZF//n4yg7kd/xoOv0N9jzvlZjkTEfewBYRlYUge8oHxJFzpJPzO23n9ycB2tRo+KFfID3lWD5Odrs6tWIa62fGHOrKoiNnGC+lR7ZGNnM5Kf0i9x7bfxynCBRSWvB04q0GJdmS29C64dN3N6QWU7eE9lYJh2zT0O33XueZfz0ajF7tKMO1RAeSf6Y4+8NXj6fJsnjaQ==
+xn--3e0b707e.		172800	IN	NS	b.dns.kr.
+xn--3e0b707e.		172800	IN	NS	c.dns.kr.
+xn--3e0b707e.		172800	IN	NS	d.dns.kr.
+xn--3e0b707e.		172800	IN	NS	e.dns.kr.
+xn--3e0b707e.		172800	IN	NS	f.dns.kr.
+xn--3e0b707e.		172800	IN	NS	g.dns.kr.
+xn--3e0b707e.		86400	IN	DS	48379 8 2 88372B74ADB821C79FAC26E1883CC6BD96FF6EB97AAA1A9486BB4B3B26076D02
+xn--3e0b707e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EXhZahPF7JnXy07LNQMlNC3bCltRWBFIicRLNBMYIT6/YnFqAAClxGVpASiwWHy1UkXKKeNvfq3me6rar1mo8dtaDGfrZepdT9eowxwUlRRM5DTJf6DuroKChkogLPRFGm9OnSsv7yqfomLTw1JDEWc1liJLyEazGOTQ/T1wALCN5k8xgAH/s59yGWJ/rB02f7Z4LZ/7rCUP+LUITdtEYHklbKti70yopYyzTN4HtRYUI0aFZJLeYNfxPf8X539rlUDhNyWtr+J1PgTAWgFImbDOMcnREp/hPoY4hE9iwjm+ocVeY7v4tS9gvUEQrLbM/Gz+S6cqquKrOO6B8PWanQ==
+xn--3e0b707e.		86400	IN	NSEC	xn--3hcrj9c. NS DS RRSIG NSEC
+xn--3e0b707e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PrBzkMurLuDdVsGAbDLqA58YGH0WU9AZ45aF3/VQeNfGPnHI8XO+FF/4Rcyswu5tB0qFc3myI+f4tujxN+RypenON1o4rsBTlRgdyimSiX69gS/jJ6xP3X2oUTwN8jIfy39E0R6Fd1rFEpVlqaSgv+D7URtp7dURGvZYdcjoyNyI6NANxHvYKpcWkf+lgtT2PGBcbXXitvQ3AKyOUZghxan8zomPtvpChKRaj1pVXY6Pim4pJaivp0VIyCqLXv3D5REijW/WJXwvh+NIGBc2hbceve/f7jjhuAhS5mYm1jK5taO4ttkVTs6lHj1j/EGk7A4y4Mt/+kVpzQKke6FeKw==
+xn--3hcrj9c.		172800	IN	NS	ns1.registry.in.
+xn--3hcrj9c.		172800	IN	NS	ns2.registry.in.
+xn--3hcrj9c.		172800	IN	NS	ns3.registry.in.
+xn--3hcrj9c.		172800	IN	NS	ns4.registry.in.
+xn--3hcrj9c.		172800	IN	NS	ns5.registry.in.
+xn--3hcrj9c.		172800	IN	NS	ns6.registry.in.
+xn--3hcrj9c.		86400	IN	DS	29389 8 2 8C46DC84709BEA03AB530F8E3102AFB8A9CA1A20AF477186DAE164B4820355B0
+xn--3hcrj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y+8SfLVb8Au91RqiZb4UJtyO/LvHOvy0CPr+6F7RVdLMaCVAFTx2eYGkET/iR60TQUITAYF14CFkL+pO3ThfeB1mia5BE11CZGutfpzxF5FCJ8fAsNhaAk0qexwUqVBFVDtNBwYiECKzFV2Nxp2psWuCf7AUBkZRgE9iJLb3JJL1Zvf/G2Co+a6xtuqEZpXODpb+yilhAc2N8NJK6LUfZfyKl4ixJ+DX3OCZivD5p9E9B3cOnlw7qLe54jYSieQGLy76dyGAw6Hk3WGuVPzWHiJ25Zsho58a3vlT7dzrlP3HrVNhUmKWui52Nyka0QBeIGgEIQUEMMNFi4G4L8ZKvQ==
+xn--3hcrj9c.		86400	IN	NSEC	xn--3pxu8k. NS DS RRSIG NSEC
+xn--3hcrj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CcJRLFi0MQwbR/AM+HjSe0JiBvw7GP+rs0Xwh9dhYf8fKOS6BBWlMMwlne9ItyLhYIeN1nF9UyBEwRkmc2/7a5N4RLOs+UNGxcMVKEFQ5m2EBdCVILgNzmK51v96Uo9AgX48V16sQ67Szzle94BeKBucGf+5fTXkBvdWZH7IndpwhRSWn60kxme+tPuMF6F2T4ntmYhr1+6vwsHWb3+qHpysgXJwphfnZ4/ryO5jvNOnW8MIpwXhA7rLtjKYzetfkEINYAAK2xNRxVFq8KOfHKBhHV8SBWA1erQuJJu3Se1NknNUMhKdPgbjdM8YT7gGaV639PodpT5RC/pMEHKZdQ==
+xn--3pxu8k.		172800	IN	NS	ac1.nstld.com.
+xn--3pxu8k.		172800	IN	NS	ac2.nstld.com.
+xn--3pxu8k.		172800	IN	NS	ac3.nstld.com.
+xn--3pxu8k.		172800	IN	NS	ac4.nstld.com.
+xn--3pxu8k.		86400	IN	DS	23745 8 2 0F23A019515245F10713B33D636E88D012821880FF05527C13DEF97575A8A11F
+xn--3pxu8k.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BLJvqDTUPC40JqwocWlPjxwSmDQWTa5jrGprPv3KTelA8CXeC+CrBFS+1Z5Bih9iMwVFWR7jLrLlVr5fcgK1j5GfC6ivoZusebn76j287ZtD0XkEz2FrCLTFloszEC9zo374o1m9JkCMo77/nHpMBJ56W/X6t7ZZ/LkLLusC1IRcoERWoYK5eVfQnRBYpKYGboEl5pSKWfvf3pEziPt+TnukaHcZGRMiId53V42yRkeZNqbDbQtmbEqnmNNITs25kiekAJOOTrRuSiAs3aVVJQkcb3QbSPlL2pJxKjqQ6cuZ1zlw4qmPc1HZsvh/vKuS9rIqkaI6Lh4snECt0X7p+g==
+xn--3pxu8k.		86400	IN	NSEC	xn--42c2d9a. NS DS RRSIG NSEC
+xn--3pxu8k.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rYzXErIqFkhzkuBc9Y1fw5q72CIuc0qoZtPNQgyX5O8NSoCeyExrFT9q+sxmpjxWr5QbcGzLbRGS+G8nYae4C5IGCmgyz9xfyl/5BirCY8GmZ8wsJSVxk1knj+qrxeUWt/+NFdmPXncSYuJvLu4aIkVZD8srb5vNjv9tQZd2P38CqcoHfjZ3hpl6+CRrQiTAiNHJyCHlH4elUKoJyplwf0hYN964JBUYwD1Jr2ZpLYo/BYdMJ5Gh9AydrT70sFmcHIzVnq5l9mPuwwwvRlPzq2IcI2uAWfawrQxHvDrXYRXefEkSRGK+3RZpCGDEFjVNc+9rUfFLAM5V9jQklwoySA==
+xn--42c2d9a.		172800	IN	NS	ac1.nstld.com.
+xn--42c2d9a.		172800	IN	NS	ac2.nstld.com.
+xn--42c2d9a.		172800	IN	NS	ac3.nstld.com.
+xn--42c2d9a.		172800	IN	NS	ac4.nstld.com.
+xn--42c2d9a.		86400	IN	DS	51549 8 2 D9CB9D442C66759928FF2CEFBF93FDE4A4A45F0CA98E6C7D08DED196EFCB3312
+xn--42c2d9a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kZKPqn0HytSoHMd/AAPAVASPx97jUUJT0VoIADFVRDxWvsIP/bJ3jViC4ovfwDNvC7eSFLJKVHCwnqJCstX68uBHcBKWceJfnddNhb/W2LlUvMU7RpQ5Ae1uK/R6neXHVyVJtZ4EMBHJjsAGLUqHnX89n4Ih/kxgBYtiioTyY6netQQzyOUU5MkW/PiXS8d3cwetOQdc102Kl4nDm9hm05C6CbNA6g8Rd1FZgVScPnxrfHMQk6zSsb1cjnGzSStgAYTkNL4EN5d3ogDXC0kkIqCWvyet15TM7et0ekfI5/2WydQj7W6puUMZnsdnBTK5ZwepNPI0eKldLRiDZ4N/7Q==
+xn--42c2d9a.		86400	IN	NSEC	xn--45br5cyl. NS DS RRSIG NSEC
+xn--42c2d9a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cK554V4Suc8DbLxYGcNDpJoQAByXDeyFpfK6mo5uPjfVuA+mYE7wzRKUMfrZ/T5NzeKbu/aeXR9o4fK2ft+hMdGB0YkjWUfiuR6n/MATMCacdRhhJIaY+z0/yqBbWIqiQxYAm42UOQXrz5Pw9FJQYWsoaHD5y/QeVsm47cCWGNfzVm/o4b4pfnNcdYCYrRZnXw5YSjvMoBC3TYGKpdrWpmjUoyfbpveAL223ayvbqkGtLmQ2XwL9YeibGHM56kPvTOBFkTEOMqSOPugZkumJdYUMF3jim3s51OQGEPZWoe8QSYk/B2cget4t+DwQZlejGlqGvjyB6Ii3VH47ynnSIg==
+xn--45br5cyl.		172800	IN	NS	ns1.registry.in.
+xn--45br5cyl.		172800	IN	NS	ns2.registry.in.
+xn--45br5cyl.		172800	IN	NS	ns3.registry.in.
+xn--45br5cyl.		172800	IN	NS	ns4.registry.in.
+xn--45br5cyl.		172800	IN	NS	ns5.registry.in.
+xn--45br5cyl.		172800	IN	NS	ns6.registry.in.
+xn--45br5cyl.		86400	IN	DS	50029 8 2 1E97E87342E1FEC7260827D7E786453DF9950BBF59EF5E86C69C0E6DEB1E387E
+xn--45br5cyl.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NTWrh6AzJkdxFS9waWzkZ6qVcLbvuCpVGan040J3nhcIuAGJDT6WepVZsjoyx57MEogyvGncao9rA0fy8gQjTvqJ3pzGQf6gikpu4kuq0OXEzEZVWTsuFIWFUWS5UcYi1oCXpSMghGKy5Z3sp+Cn/qImOPrClhFMWugx/2bQnx3ZCbpaLxRCGvWMdwtZAU3EsWJ6o/lfa9pHWPHlv8ewjXqiN6b9+/gu/OgIRW+AdgNBKQua3uzLIybRMPetq1r4XpnKLYE6TgobkP+G/vhevW2vsNRLKmFvhKfugKp3bPPax5R5odSzJpMYIMQawGnFEy7ntYMVJYzuxwg4g1pwPQ==
+xn--45br5cyl.		86400	IN	NSEC	xn--45brj9c. NS DS RRSIG NSEC
+xn--45br5cyl.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sz4anLG7lp5nMy+m1DU5GFLoPIotgViH0RttiDew/XD+t7b91B93oP+ZhkF9dDNxLRG5MFlzg5b7YKQMJDokm+Jow+5Cfwgx5VvDOtj7lLRrk+ZLzBwpOEkrCK2uiI9vsTqP8boXzYWTfiBD0cOIDVxJS0yTsGLm/axoQmbPKC68UzU/fsGrF1OLgcioDs+uV/NBiPHooVk+t9F4Ljr9VMCNQrtWTILzgMEeP0oS69A3yAAln/P0JnX6CRoAUOniYN8X3JyLO1DpIgIwdtbp1T9+HChx9xsXuHaSuixCWMqZUclVG5HL4JPggpPZXd9o82Z9P/k9C9SkKpnlnwnfJw==
+xn--45brj9c.		172800	IN	NS	ns1.registry.in.
+xn--45brj9c.		172800	IN	NS	ns2.registry.in.
+xn--45brj9c.		172800	IN	NS	ns3.registry.in.
+xn--45brj9c.		172800	IN	NS	ns4.registry.in.
+xn--45brj9c.		172800	IN	NS	ns5.registry.in.
+xn--45brj9c.		172800	IN	NS	ns6.registry.in.
+xn--45brj9c.		86400	IN	DS	1777 8 2 9FF53F651D2C12F7C22BD9C301132042D423D7C935935E26376E57E352B6FDF6
+xn--45brj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DOqYNenk9gRsOVn49rty0Hq2/bRW9N59X4mcqsCHd314Amd6p3bAvuPunujufn5lU9CbarWrmWE2jVnYRI9KCpZpvfbhZ+6H7pHKYspzfD+kyZICEoVV7c6DLnGo1VK86fFFbcVew/Cb0DUkNfPdUZsQqV9D0/I6NaUhjRH8YVXBSdTRL0kpz6QMSE/HxxzibYCpnIrlt8LtqtJu/5xpEzT36vYQsAb5ITypWxEEv9rz+2ZNHnhCEkxIHBdqwr1b23QrbG3Qto9F1zyLg0D6G1jAiUL/wlsILGV6tFLaxYKDeACrMhIw4EAMHdPr/znoxjIxp8ygBykrL+Cq41B5og==
+xn--45brj9c.		86400	IN	NSEC	xn--45q11c. NS DS RRSIG NSEC
+xn--45brj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZdP9rQmHng1/7XYn/XvU/CEAlVZdAuezlY/6ktISm0CeMVc8oU0+CNX0I3l/iG5coQTtqCCe8fyfaBabiBeIi0yBXsjk0KdmNGH6oQyIrrvKR5NsW2xKb2RgxbIRvtEKdBKTlOulcDgxscDukhEAYpwbqKg/KWvtPtVkpJxznstYwyHxWb3cnaFVX+JxlwfImSxHGTpLdw3zYTslXr6bfSbaqR6xbCD8EmnREDuBGe2OZvzsEHOavrAZc6mPBJXkKPL5IoCkYALgpHoBhokQ1JrJWqc3baJp9BgI9NakKcWKC6GbGNWiIIHCQ4bDj+eTtmxhv1KeRZVYDS5Yd9G2Zw==
+xn--45q11c.		172800	IN	NS	a.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	b.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	c.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	d.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	f.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	g.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	i.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	j.zdnscloud.com.
+xn--45q11c.		86400	IN	DS	46399 8 2 65907E5274D504536003BC4C24AC8D4907D0A7018996FFDA5B7F46E8BD9825BA
+xn--45q11c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . J7WY3JNqiBpl7zYCb6cafebjniU8m+yuhmpEI4zQ32k7g/DvsIOijWWHDdwjkwSUDwVupQ38iE6jMtPCOKOOji+sNZBy7OX484D0pLNV7A1pldkIbx6I4DyYOO36vO+cTqSVEishfy/7M2ofGsyud8X+YDP9EWdKYJ0ng7hcvSmc0m2nQnAr4v5qTxHgxhO+6s0Se9qgWZRJlTRcfh6kf534fQR8wQIFM4Q9vOrwKWZ8kPNobWYzR3LNSeivOJO4V/fiPV/t8QbuFLMvxXExVBxOCTlFL0Z+EcAR+2Lz/wkKk/B4YmJbqZgO01o3/3i9yRtZ74cBrpanwzOA7TBaBA==
+xn--45q11c.		86400	IN	NSEC	xn--4dbrk0ce. NS DS RRSIG NSEC
+xn--45q11c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EBILNOo7aKaQw6L3ss+T6GNk/skcYU5x4ZgIojivSpASz7mLUVyJ41T9CABZquTvCbZtbnXqtheTOMbu7oMght12iHPGytEjZm/xt9RQrEWtcWzW+qQCbrGgbrWnt9TKK3+xOmKCpzKrdfpwuNZEP8Qwgk3HPiJhaQE+7qPHVUnBiKblEsU8bJwXHH8vfmg1/E5tTacRXgHM4YLR2Spm9sffNJ+SCVJ5wnmSq8mcON20F08jaxddugvcpkZ2XgVdglPmlPJwZq0j/nEkKtU8igZLRpEaatsNXkpPjf9JhwfP3i0cvWX6vCd23PZswly33oegR9v+SX7fD/UdhGzxdQ==
+xn--4dbrk0ce.		172800	IN	NS	ns1.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	ns3.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	ns4.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	nsa.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	nsb.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	nse.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	ilns.ilan.net.il.
+xn--4dbrk0ce.		172800	IN	NS	lookup.iucc.ac.il.
+xn--4dbrk0ce.		86400	IN	DS	48814 13 2 0255186B246DCA8E53DE92159F38EF7B209CCA2A1BE875CB1A1DAD2D592A9C9E
+xn--4dbrk0ce.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QE3zNJKBBEBGL0Hax/+pHEpWqwqtE1qo9BGYRytAuYFjSWRgOiTI6zc2Fso/UiZGRrrO5FsldLRBwHclXO6UntgT35uxpUdBkAHuwciplbei6PXvgsRF6UFsFmpXRss2rbMIqWSt3YaucUFBF83F5OIAAGoda9H/Wjne4ByNW4FQR+fZSmySPtTmAsUt7X9DcCp+Ry2o2c1QX9OMFohcMn2/xqFEky/O43pEAYgmwJpN5VJWGBe3srCGBbwjjNytzO5YXBmbiTZMhep1QDQCGdazzXfOvE6iprZIhy0rSn5V6JWmOsJ63utatg+pRVh/Mc090lzJMbcIFnZLDlmi3g==
+xn--4dbrk0ce.		86400	IN	NSEC	xn--4gbrim. NS DS RRSIG NSEC
+xn--4dbrk0ce.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XilBXdfyEMYzUJBjNxyDc8ntXpUIru+TzJ9i8efO47RPkiGIG0LGvRFyHZtSQfyxRnFtveAcBDbAiMr7IoC/rzyeYYBocF/FlynuOhzQIsEzRKxpyGEGlzBA8dtLMZ+voOTMqpV90H+nTI6t19GNmHAtvMXmWvDxnFMei+0G0kNFnjw7DIi3S3zCyQ/dYzJCqyMj1lF5dzvXop/a03d4JpQWSmWbOnVuZFui2GaRT5HydvdRf1GAuIOljEk9euSKuKpju8LTaSrjki+jyxvHL/o2K5xxBvAsAVZbo/BrtzlGLN5M5A8JxGuFiNyZsXqsEHMOFpqJUtD7ESWuxO1zIg==
+xn--4gbrim.		172800	IN	NS	a.nic.xn--4gbrim.
+xn--4gbrim.		172800	IN	NS	b.nic.xn--4gbrim.
+xn--4gbrim.		172800	IN	NS	c.nic.xn--4gbrim.
+xn--4gbrim.		172800	IN	NS	d.nic.xn--4gbrim.
+xn--4gbrim.		86400	IN	DS	25097 8 2 123B7C37A9DFD48DED1914C9172EE05865D10E47C0517F40659CB0305BA0D8B3
+xn--4gbrim.		86400	IN	DS	38332 8 2 14E1F26F8B51F92BD671DBE97F651903FA1F26DF07E2E882DD997A1D73971426
+xn--4gbrim.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Mqf+yP7klNRX/NToTPW49sxhTr707289B3VPyOVVWryjsjAfTBzHWxT596mOnech66StX85m/7M1Q8BUWbRlueOrsSkRlKazB/OzkpAaBVSjk+rJa/2quSvAK72ZgoPwq0NjXE3R3TmhK6LR6zBV8vmAAuJeFboKm5XAgAWp90AlEkEYehZShzGSkToslh7RTKUPKupg38ltmoYWegUVGjgEPVqdAVPl8PAqfFMLv75jDm3EBSRQbK8Ub27hwGIqU4UaxXnAwsNtXWFYhDcRorngzS+C+9IX9LOSwfZltFVl+oxF6PSNxjr2rqrhZcgWFvntrsTbg8rmXvFLo/zCGg==
+xn--4gbrim.		86400	IN	NSEC	xn--54b7fta0cc. NS DS RRSIG NSEC
+xn--4gbrim.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fYqwxIJFpISCSI7HhqZ3Y0a54VcY4COUd1DAkSz0mUFqSr/EfmCbnsDVO/VZP34WvntvcTvcMK982+TbIu+4Vg8XunvWXFlTKi2BapHnOFVJAY9fsMq9EBtKLJqFVKvvf7hEiaaAIG6i9Mi8XaOG+nu8tDSvX1g3wlBhe4JlralY5NVNVUoc2+JPt9QH1qZKHY3mIxs8ZFBk1nxpc7Z8KCQ3ZVUJl47+wXXLHII4uVfWKtY7BGIM5n3S6aafIh4eKJk2w1AJc//mLkE54msfZ/r/KSa8WdK9kPNx0wGeR89cHwb61eBPucDOiBIKe4Po3oUIUpOQuVs/DA7sH7M2PQ==
+a.nic.xn--4gbrim.	172800	IN	A	194.169.218.144
+a.nic.xn--4gbrim.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:144
+b.nic.xn--4gbrim.	172800	IN	A	185.24.64.144
+b.nic.xn--4gbrim.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:144
+c.nic.xn--4gbrim.	172800	IN	A	212.18.248.144
+c.nic.xn--4gbrim.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:144
+d.nic.xn--4gbrim.	172800	IN	A	212.18.249.144
+d.nic.xn--4gbrim.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:144
+xn--54b7fta0cc.		172800	IN	NS	bd-ns.anycast.pch.net.
+xn--54b7fta0cc.		172800	IN	NS	bayanno.btcl.net.bd.
+xn--54b7fta0cc.		172800	IN	NS	ekushey.btcl.net.bd.
+xn--54b7fta0cc.		86400	IN	DS	63049 8 1 91E8936DFE81E7350DAF041BD12B77F29643A13D
+xn--54b7fta0cc.		86400	IN	DS	63049 8 2 DCDD04C4493E029DEE060D18A91E87BE930B9CE4C54FC7921F51F27455843DCB
+xn--54b7fta0cc.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . N+AVFkIrxzmQG7Rl0kBZ0iEPMHFrsOz+oE6VpwDm107WCLWsqsfleyQqgoLnYsgRUiS3wzcaSOeza4eG0Rn82p9JQLYLbqWYf6kGD166XpiRIAXI+v8mYDo9I0M18/Mpmm48loAU7Pw4lw0RStTqz7ZxSi7fm7Pj9Lz1FO8qK5OTFdm7Q6RuCawjuEBzB2uQ0/WsRa0OsUU3Ta5lc55EWWFEM3tDL7JpoSal59vJLN7fgbVB29eFBVDT0mfx5iZkXFIxLTH1+/wDlWKfvK4XViCe+m2ftvmEijkuBTdNH8X3Hh3JpbabKUrsGq1hmOqIeq8jN/QZLGu3+L4Km+WyFw==
+xn--54b7fta0cc.		86400	IN	NSEC	xn--55qw42g. NS DS RRSIG NSEC
+xn--54b7fta0cc.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Gnlwk8DQM0V2CGVIE7bLegbKFe+Y3hUM/O38M0MH6GjF7rxuHWAfV3YZyftI6/2JAOOvgradIYXianINu2O9qI3HhmOlyF1uXXq1qnGF7SOCy7j9IGvscjGAYXeYzJ7KYm1Kfv+uJDJL9G22LW5eCv6m3cS6HSHmzNBGLxqy0iB0Ns4vV3+Oas88+62OP5EB01NySxRrCo1w34uLf0SvV4fGWFUqAhDDClGMU4bcyXWpXGiQiovA9TQCU2l11PMBxOYmbSPp4jNqhVTMtoiO3FXjfeouIUOwBXMDzf7cSjqTy6GyH3TqGU/KedioXfnLmLCmYg4IU3GEnGzxbPxTXQ==
+xn--55qw42g.		172800	IN	NS	ns1.conac.cn.
+xn--55qw42g.		172800	IN	NS	ns2.conac.cn.
+xn--55qw42g.		172800	IN	NS	ns3.conac.cn.
+xn--55qw42g.		172800	IN	NS	ns4.conac.cn.
+xn--55qw42g.		172800	IN	NS	ns5.conac.cn.
+xn--55qw42g.		86400	IN	DS	48226 8 2 A16754C480E58C0D17126B3BAF93F32BAC39A916CF9D1F6F3A1F5C33687BE80F
+xn--55qw42g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IkVw1WG77sReWz6uQTWE0lqusQUJ7SPeckBXhxPMIRNOPmN2UTG81UvtRBV83yiOyuTA8EPz/f20C5O4nS4trjmSbmDRGNxoRe7diTtCUvtFzo4OTAr6cvRj7LmLmNb3U1BVAA3BQh6dvNfg6KvyHrY0CL4nr/eWGkzhcF86iX905WrqWQ7MQ0YGz/8vECRMrT2eyjulDRFEH7yNU8J7CRFyhQHpQfcy/WBUTO6MsaYA5b6vVBFXf1SkAyVLm2BKLxaYowcXd0NV4DOWNYQYOcnbzeyod7jDDnecvkd4QMUyPmXVSGwikoDa1GQBYKQ2QHtNBfA5mkoc09e3RmC0Wg==
+xn--55qw42g.		86400	IN	NSEC	xn--55qx5d. NS DS RRSIG NSEC
+xn--55qw42g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . z4vwhaBUzZgIzJyGRFhtH9sRiE1tfNxALQnPp/7w7WrIujlQcz4gka14ybUfwuz77OOjXXjsaZCET8XN9xJwdUjjZs79EleQ4QJyu8YxDmbTXANYgmiEp25pgSYJzm7Rna3pyJG/9TaLktgghzY2NN/8CYgaeWGEDSbRzd26MIBROfsX3Fp3LAYWrDYslugDIr3pGr14SelJEIJR3CmOd6s6QBQ6S9d19DLHHABZdP33T/Vg0lHXwSE3wahtvftHk0JhSQsSD0oT1PpOtfOdennun/ueM2PNg2tqO9kZfoxWrd4nCYtfw3goq4YAGmsDP1FpFYTbOAFUjOMOH6u+sA==
+xn--55qx5d.		172800	IN	NS	a.ngtld.cn.
+xn--55qx5d.		172800	IN	NS	b.ngtld.cn.
+xn--55qx5d.		172800	IN	NS	c.ngtld.cn.
+xn--55qx5d.		172800	IN	NS	d.ngtld.cn.
+xn--55qx5d.		172800	IN	NS	e.ngtld.cn.
+xn--55qx5d.		86400	IN	DS	47359 8 2 D8FE897CE8AC620CB7CB9F6F4E887FC7A14C3ED80CB973DA4E30A17CECA1015B
+xn--55qx5d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0g3wzJpYDk2xsGdYKzMeKqhiqOIP0wG7A7Dh3Z0JxGSMYkxWnfFdJ+rVFncMEQhqji+dmmOVmyt86Mb02e0lyXqHk4QvHXGDuw3vL4iSRFnkLQ7pZ1GwG6GZsIssU6JxRXJo2CQP9nhDFB2vX9xCar2gLWnIS4ltWfF8vVcGYJUKzYGxpLlidxsqBvEGu8B2iw1HAeClK34pTrWDo661Vx99jbA1NvDzoTGHVXzxCBLADqgrejjl/qjyIW9xP9olIZGgZE99kxyz0bpmqYN2FZQLvTGO6BVG0aowAgcoZ7MuEmNTbkrOH0/GO9eXN7c8EJ0fUTboSJN7OcdO7GpYcg==
+xn--55qx5d.		86400	IN	NSEC	xn--5su34j936bgsg. NS DS RRSIG NSEC
+xn--55qx5d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 08bLip19LrEE91WB2G2rAKqUIBQpKHzcFjAmJT5yV6u81Cyz7VWEGU4EF/wd0xJhuVRcvu+uXhJP3CfMMaH8QjN1i6r+VYWXFZh1EXjg3S9A+v0lEjZ0sOjUVPCcqZrdcbTBBj9ZH9hDHjtYu5rb4ghv58gsHT1soGqqH9oxi1xcHo8R5AXJGwlgU2HahtW4V3saRe/lU/dozaRQ1w8CleGy41oDjZz28ok4disaDGEtFlt7W8qX/q+4hzrSemWnKPsmFk/vaTmRVqTzj6CnF8uO/Ws38lJkZC9br8AuLvPJkZdSvnxRrqWxg+/ryp1m9xJh2RhVqRmfuOJNjiSBjg==
+xn--5su34j936bgsg.	172800	IN	NS	ac1.nstld.com.
+xn--5su34j936bgsg.	172800	IN	NS	ac2.nstld.com.
+xn--5su34j936bgsg.	172800	IN	NS	ac3.nstld.com.
+xn--5su34j936bgsg.	172800	IN	NS	ac4.nstld.com.
+xn--5su34j936bgsg.	86400	IN	DS	38334 8 2 8E0BC7DE12A1B331B412EF896757471153D4FE1FB7E4EDFA21BCBCF49D9D7FB1
+xn--5su34j936bgsg.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xhPtJBaYOP9cSPZ5FiBuL36Kc28YwZplva4lMqz2qPsIGO3d638NfVh0QENVGvm8vMKdAJTe7nGRNuaC0EtBg/xD30pxfqk7KZEPHE+332ygOCrdMfBtLVcC+rm0gLS3Xcw2owdAD1jHVffTUV2k/DGB69hrRMGSYcUOPWwFsQ3zLuf8ATkenVft5DhyLxG0QiMp+IfUHdJLse3Au9HQYgu2VTGVlTSeAKslOkV457XAEk9hcdDWRxb3HDOEUWeQ1VRDFmiId5Xu9FIsScMwnpp5pfP7vTtludgLyVK/5Ty2uosM5KpnZI3DFxxfheleKRdscpwmzDgzAxbVQAfu0A==
+xn--5su34j936bgsg.	86400	IN	NSEC	xn--5tzm5g. NS DS RRSIG NSEC
+xn--5su34j936bgsg.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YOJ4qbsVC7MJ9Tw7Wvu/LE1um577AJMazjmBYvZiFFNDo5gc8+XwO9XoVjl3bA8RPy2+cclaeAErSheioQKS9JacY28U1OsYPIAV6aeSkjpoGsG9exo2TOFNzNGV3iMXcARyVL7aqHa+NxrEO31Ag5ZNUbO1G7eok3l/VbU7oTRvGY0/6Krfcbw7nsA2y9/LavoJkgTG76/8pxu9tzEo8JGYff3pPbqxgtjexWFjJK3SsV1ZQppqRxIEOSJY+tyYqlyh3t5VzqT0ju+ko8QzhRQP1wciaEXzWapaNpmTFHV517vpyl3o2kMn+OeO8NuuPMgJ8PMSEorfeDTVO/RqTQ==
+xn--5tzm5g.		172800	IN	NS	a0.nic.xn--5tzm5g.
+xn--5tzm5g.		172800	IN	NS	a2.nic.xn--5tzm5g.
+xn--5tzm5g.		172800	IN	NS	b0.nic.xn--5tzm5g.
+xn--5tzm5g.		172800	IN	NS	c0.nic.xn--5tzm5g.
+xn--5tzm5g.		86400	IN	DS	26359 8 2 7D1E023BBB026AC5D19AE62D5F13EE6E01F3450A1E6629E25A9205DCF2A31F9E
+xn--5tzm5g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Arsju5uo7Qyba/ws9aweZv9UTzAoklRNIo3oFtMWhXUH1TtEepjtfaL25yoEAP2HXCmeELrSAsqAaLz1BgWCSceTc9CVsHZkdFYIL/i0BHjzK42poqA2Z5I+/BqOR2grvJf6uqeX2Hq9RYl/2/ryOG+Y1kNpJCEk0fy5wZBzHDk4iDaIFjjciqZbxC3cacV3FKb0yMUAuWW9qol0T6dtC9xORYyoHM3E7/SrK5Zc6Bq5BCQrYk0zbKTeaw1GuKsauHyoIrlUsls4pfho2QLi7cDyPtN9Vdm8TGYKRSAdzizvUUK47bKKPBaw5OY1TOPIYjmEOe0Qwus7ok2rgfjLqA==
+xn--5tzm5g.		86400	IN	NSEC	xn--6frz82g. NS DS RRSIG NSEC
+xn--5tzm5g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . otPqZNH+9Fv+cYjqeTZvh1zOFSdmYd1VYe1pkoIORpTVCdM1xsDrhEgEdXgWCVPM3BD2H5CsecdIb1gNBvRyR6pFEG9fFzKn3pkr9dl4dAziEUSla+RRbnLp9+uIGQmkw3rI3WQ861O5nMkSkGnb+Nl2axSNcx+4MaEdhi8+9ormBzNNlzYDMtPxKbuFq3TG1WGmaR4Jsm2VnOXyrtODJK4nwOWtD+OnKH8BFL7S2gHjGBXeJN+GVniXS7gnxH+pslAaaDhQEdeoh4F8MENpvzwIsnx6MSbMN4KsBj2SoqSyCbGTpaSIw9Ya4OxjUWMk+y2kNUGnE8/ZFPocQkay2Q==
+a0.nic.xn--5tzm5g.	172800	IN	A	65.22.16.9
+a0.nic.xn--5tzm5g.	172800	IN	AAAA	2a01:8840:12:0:0:0:0:9
+a2.nic.xn--5tzm5g.	172800	IN	A	65.22.19.9
+a2.nic.xn--5tzm5g.	172800	IN	AAAA	2a01:8840:15:0:0:0:0:9
+b0.nic.xn--5tzm5g.	172800	IN	A	65.22.17.9
+b0.nic.xn--5tzm5g.	172800	IN	AAAA	2a01:8840:13:0:0:0:0:9
+c0.nic.xn--5tzm5g.	172800	IN	A	65.22.18.9
+c0.nic.xn--5tzm5g.	172800	IN	AAAA	2a01:8840:14:0:0:0:0:9
+xn--6frz82g.		172800	IN	NS	a0.nic.xn--6frz82g.
+xn--6frz82g.		172800	IN	NS	a2.nic.xn--6frz82g.
+xn--6frz82g.		172800	IN	NS	b0.nic.xn--6frz82g.
+xn--6frz82g.		172800	IN	NS	c0.nic.xn--6frz82g.
+xn--6frz82g.		86400	IN	DS	51310 8 2 B725FA381426F5E3A9338C5C5A57447611ABA619E9675D9BF973D1D2A3B14B5E
+xn--6frz82g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . APYVNp7JrjqtEza4dFy1k1rI4pkQH6982KgR9BOVqrvdrkTOnEDVG11aWfq2MrXOwGPNlp0A3jVeqdD6z/o8sKS/qP53wB/myKcxe9syG/faGGus9DXbCsUfx0X5i91tD0LcKZ8jfo1jGhbAUWKRaLuPijIALKV56YrLaAydtmQwD1cIMDHTFDG/gUPHEaPzp4GbkiJMhYQTa3XNq0wi2olG2yOmaRrrDH1J+GlSUHJ+gR1g4sLCqciggIHHCsRr6wp06jLbj4hegFyZzS3i5MYaBthd7rZqhlkJaig8MYDRJhGMqnjhpfd8kK+dcyx7RXBsAHqC+XXmFs2fDIY5Aw==
+xn--6frz82g.		86400	IN	NSEC	xn--6qq986b3xl. NS DS RRSIG NSEC
+xn--6frz82g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AYC3cTl7CDY3o8q516C9QlbBDu8Q0Dvby2G0Wwu0R7RgT4dI0bNQt6bLz2KrbWKwlwuZNpp13fxIXRwE1W1tzSn/DYJJXuTMvb23kHzD0+BFkluaIEkTo8mz/PWLNktMl9tGHQOzkpM5y4DPUGG2ZuaMh3v5rMdJQAhGcrWhPMO/S6oCYPelKMqnavFUuEHuAZ9HTK2I7Ybh0EfMP3S2lhHl+moqdfXGe2x/si2did0SnBWEXA20sj4LXgQcRswQxziBdsL3jGOdsD11Bp3nNhPEclSJPL8OZWwwRLO20SwCPQg5IlCTTKGBsRqfCfsskxOVPixGPPNcEjnAzPnvcg==
+a0.nic.xn--6frz82g.	172800	IN	A	65.22.24.9
+a0.nic.xn--6frz82g.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:9
+a2.nic.xn--6frz82g.	172800	IN	A	65.22.27.9
+a2.nic.xn--6frz82g.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:9
+b0.nic.xn--6frz82g.	172800	IN	A	65.22.25.9
+b0.nic.xn--6frz82g.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:9
+c0.nic.xn--6frz82g.	172800	IN	A	65.22.26.9
+c0.nic.xn--6frz82g.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:9
+xn--6qq986b3xl.		172800	IN	NS	a.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	b.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	c.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	d.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	f.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	g.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	i.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	j.zdnscloud.com.
+xn--6qq986b3xl.		86400	IN	DS	30406 8 2 A9B0F70F49B9E0819D93E5E98D1A24499ED86DC201C15D77EAF1ECBBF7C6D2AE
+xn--6qq986b3xl.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cnOZUyyYY+Leke56q1YEw6dk1boEPapixKw8W9UfR631TmV8a4BCmpR4gEfIF2FixwBPugiAD1MH8J2ZYGwD8o/pvma5C/HBSa6ps4eA4FBqL5muKvmp0gqz4UgwOcsFDvGjcjHnNhfYBow5mQLueLKO9w5wRo7dkmlLGwOJoD3wa2dOuZhg8FsNmlFpFqQch12qkqk6mntNBEkz1VHA9FE5sKfQJ+PxTHHvrGPK6dRm749U/DrgrPD0bHNH3k/0eCeGY0FtqaoTgEbAKKLLun6iAeQPiti9kK9zzsUC8LQ+FdvBiLnphdfTg4moUak77gYVSpkUp/ph8dsM28Vogg==
+xn--6qq986b3xl.		86400	IN	NSEC	xn--80adxhks. NS DS RRSIG NSEC
+xn--6qq986b3xl.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . suuMCgbaji6tRZkPFDJRRYGCVBnRyu9gW+DMV+CvaS89QUu6YRRDSCKjQ/M6QTBcFlEniaSzh6Di8l3BpTnBDmbg0CnJ6JJftVySvHa9FHU9FZJ6q2Etqg6ZzCduieceEfw4dXt49oBEwvcuJHNn+c9gXnKIDpNx8hinB7R4hKSUcqvPsx3JSxoUzEPva/CQnT1WK1IqfXKqZvJnDU+cSvbCvI/vnohjk0wz1Jgn1LCNRC03NLFIK9frJPiSXZS1NMwa74M8gBt9to/XMB2Zr+NDaGmrog5nucDH9gEvCZ65/wAh3y4lcR+QAPdWWzfB7lcupJIacxMiaHUrMbmgWg==
+xn--80adxhks.		172800	IN	NS	a.dns.flexireg.ru.
+xn--80adxhks.		172800	IN	NS	b.dns.flexireg.net.
+xn--80adxhks.		172800	IN	NS	c.dns.flexireg.org.
+xn--80adxhks.		172800	IN	NS	d.dns.flexireg.domains.
+xn--80adxhks.		86400	IN	DS	33904 8 2 7AF8634483E30E963ABFBF03F2EFE17732BA3C4D2F5020777A415420048F5FCF
+xn--80adxhks.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C/meunhuFJfdKVvrWIjJjkCJRq2hHygo+AYMREzwj95XwKdBQ0az1DUwTiyBHyqMZoYjByoi7UW/BkZu5W1OD2gTwYb4C3kK/1gnWu0x4J704HEF+QvR62TJeU7hhsHOnBPxyS84EyQxsaXXxgQRj0r4jNbBnrpn9HmsFEXm1LbmqTXrUEeO5Si4/+HcAMAI5g0O4dD2y8k4FzGP/ONgzZci7KME83R7t4YA//yIPSQ4BgvuiXDm0cHovdi3EH010q+yk1O+NLDIMNge/scNaBVSFZuib1F9GEoYJ+9aWq2g6821ZGsl8oynM8t1QU5OD2rgIIAKTvOJIcS02Xaqkg==
+xn--80adxhks.		86400	IN	NSEC	xn--80ao21a. NS DS RRSIG NSEC
+xn--80adxhks.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . iJfQkN3dTvTxpOjDYrV5r4COy+Ohq1KRzZPFwljH8x1nDt/7R8/EbgHseXbgD6jxuDI/5BH8Ow6fMgTyAU94DSTQWNWIjg9i73CJP4PPb3VdekfrhlvppQdih0kMxN5v6hHHTLBZJO1eMUL98enKxBhD9ThY5Mho4Wm+aZVSFmMk4krS8eujktxSyROzt0GpL6yfEBN0wuIyIQDxGKycRO+uM2i6gxMYvY3JBwzoP3PynH4J/3jjig0M0+QKAlMkc9IGlnTwgCzzitPWhuuHI+XyXSj4dMd2XVQZjPZRx8JL1YTWFbUCEZhTXrtnxvsvf0O1Xv6ivvWRYCX2zYpOmQ==
+xn--80ao21a.		172800	IN	NS	ns.nic.kz.
+xn--80ao21a.		172800	IN	NS	ns1.nic.kz.
+xn--80ao21a.		172800	IN	NS	ns2.nic.kz.
+xn--80ao21a.		86400	IN	DS	12941 13 2 1E67E661E644F9C2CC122CF6307CE2BA434A1D3AEBEC08769BF5A28EC697F8DB
+xn--80ao21a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Aa+toH7ai3xfwyAt6tevw3GYUgFpoDnPo2ZINgDVZRBtZVbxm5okhme8MZ7yXXJO1YT8xP77nE82XbKpL+kigAgbHFkLfH3XrQvpsBuC/NuimGT+rcGZjS6kJ0Ah/l2VnU/7ZMUm7F4dFEuO2rSafhuAcXSovzTHurNl5t4qDf/UcaJCoPLlY63b1TEIeFg1itKf7cyyX8rFXljMJHiIRw/Tk/PVjRx1t0nEOavSVVyPNMFsaMpIidQFvoPTSVPokYYfRvVesBixoO1IPYDdjbo+A2dYN59HGf/uZNaL527p0M/XCwlEqlKOAyMIyIp7FMpZIxGOZQimPFhZbNNjvw==
+xn--80ao21a.		86400	IN	NSEC	xn--80aqecdr1a. NS DS RRSIG NSEC
+xn--80ao21a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gsblrpNrFS8FGYSKhKmSHeOqdqNxLtDIK9FZlgF+O2yMHPqaNkOTEoQB6L+4QLK7JvoR3UacZBUFZzucMngACwVXvHV3qvlcYfwbr7T+Z7ORBZ16ZeZL+99Vb7sv7qPtgIjeZggJbniXIpsCcLh3St7TvwGKT/MUa8nLp2dKp3GO4ocv9x3FokBDtACTxM9K5kebL677ohT0x/uHmpYK2CORu1VMxzG0ZJry5FGHyyygWvfqFAcm5fF0KW1e9/O4xSmHmLgJHP9ZI+yBsSEZ+YFrUzqNuNJPpF3cnhcVc6Eq3DyQKxDpJR6Y22xgvL5cEbJC0ibmL2PGgTE4PVcDFA==
+xn--80aqecdr1a.		172800	IN	NS	a.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		172800	IN	NS	b.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		172800	IN	NS	c.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		172800	IN	NS	x.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		172800	IN	NS	y.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		172800	IN	NS	z.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		86400	IN	DS	16210 8 2 3EC3F92A011E4087D2C0FDF107A5AE34CA52FFA467BD73677128A91DA3F552EF
+xn--80aqecdr1a.		86400	IN	DS	50089 8 2 1C651BD0C4B0B51D953B5BAAB9DF5FB4256B88CA5883CEA94AE060C1E5C313A4
+xn--80aqecdr1a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f/EtK/N3hZB/Ofy2+xtyilSxrA8mXVyPiz58LljXX1cWAtb3JxZ5vQoXmUNTX0L+niPzHEojYDf6M5J0DeQoQdthoNIw+2ilq7MLMUTTU5o7zI1Wnd7DkdhiRs98uS+pl/ud/3HK0dfWtDQwPJucTdvzkZGrFdo/B77QgX68cMvMB/pGJTroO7S+5NMZAhEjPnn3cPiNFja8S0OJTQFS2uSnsh3IgKfretoeWuzXEgmmsI24ewnU0CFaZUm4asYpbE4sKULoujdiOGcVK2nb6rNDI7Jfx8f0xaxfzJcLy4JMma5878Bz29mw4M1T2RUo9ORm4otrytj1yJxSF5dKkw==
+xn--80aqecdr1a.		86400	IN	NSEC	xn--80asehdb. NS DS RRSIG NSEC
+xn--80aqecdr1a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . snLRqzdoZUpca8jVPetjpaT9yb7pj08xoPL1yQxn7/HNXKHDwCjJsjKh92/3b2OpX+Hr2A+9b9BylTPylL8Nim55u3SJLTtMd025sCp+1C5YWJPeJZyY2yv/y0Z6sqy1CTNhK1v0oNESmjNABqtXroT5YjyNWfcNFekUZnhMj8KkhjZjLCFIbl1fBLux74fb38K0mD0pabFM8ZC9Qrd/F56HGrT/IaAAn/MK3oISKWqgNLscay0Bdi5c6rxDs489fmvE8fcILP0ohEKQRg2hGKXrfDHhi4KnT5L1uTMr3ezMhqFEzRoXbZMos2cF4h40w8NxmBjZwlKkONm86C7jIw==
+a.nic.xn--80aqecdr1a.	172800	IN	A	37.209.192.9
+a.nic.xn--80aqecdr1a.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--80aqecdr1a.	172800	IN	A	37.209.194.9
+b.nic.xn--80aqecdr1a.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--80aqecdr1a.	172800	IN	A	37.209.196.9
+c.nic.xn--80aqecdr1a.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xn--80aqecdr1a.	172800	IN	A	156.154.172.82
+x.nic.xn--80aqecdr1a.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--80aqecdr1a.	172800	IN	A	156.154.173.82
+y.nic.xn--80aqecdr1a.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--80aqecdr1a.	172800	IN	A	156.154.174.82
+z.nic.xn--80aqecdr1a.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--80asehdb.		172800	IN	NS	anycast9.irondns.net.
+xn--80asehdb.		172800	IN	NS	anycast10.irondns.net.
+xn--80asehdb.		172800	IN	NS	anycast23.irondns.net.
+xn--80asehdb.		172800	IN	NS	anycast24.irondns.net.
+xn--80asehdb.		86400	IN	DS	54606 10 2 A1A13FCD0AFB413657352EBA09765C81E0BA0AF0B8452F03EB0D0E4C9661241D
+xn--80asehdb.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1eCHHdozee6XYTU6Hy0O9o9Krko839l3ntnh3Hu1w+ErZeQ1NbvzNsnYp9KQAKig6Ln8bEsG0FHxovMIML28cxqUj7YCV9VY5FP15lpAtd46I5MrlzFyJtyDXBJO8ZOiEOIvyFLY8xbgVJEpc9JW7nqC10eY3JbpzwQH/YS4nbDETU88Eo2bfVFjsZlDYRP5S9XGayowGNCSJ4G4vgUV0g8TZ0UQ6RTLvHkoQDlE5kp5Ho+pviLTxah+yOLmFCT07C4IQmeWHdRlxHcD8vz3mqV2rgOGLcImHzpgnl9C17gEJKG7rLctS6RcOC7IwnuQdxXpxqUjJ4geXYcsMRznMw==
+xn--80asehdb.		86400	IN	NSEC	xn--80aswg. NS DS RRSIG NSEC
+xn--80asehdb.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0LYaMnqFqQWCcuzF0qK+5Jpuro4Qx2yxLEbs1gFUT7Ys7tDGDjl9FAgmoiRW9SybkGTMw8zjVGDjNNhv+6gQPycAv/zeRjq3SZDeNPSig7+M/SIYOTZ7GyWPIsSUaYp35OVFGV3+IlIlBuxDsS/UxBJ9catLMJ+uGEsKdFY2Ee4bJ5SUSTL+EUNQKPsni3/TvZRFC78ien6cHfG8bjdzxpvyccMLDCsJsI8krcaWqqMJ5XuWQwVuG97aJ7zeoH2fJol+4MX+K/vaz+Qp230TjIhCiA3XB9REYAUU+bKOhfHB8bft8SABxgPLGnmebnq5sU1Clw1mfMkmVx7NKqL4MQ==
+xn--80aswg.		172800	IN	NS	anycast9.irondns.net.
+xn--80aswg.		172800	IN	NS	anycast10.irondns.net.
+xn--80aswg.		172800	IN	NS	anycast23.irondns.net.
+xn--80aswg.		172800	IN	NS	anycast24.irondns.net.
+xn--80aswg.		86400	IN	DS	61281 10 2 FD5803E5D6CA1B8B5B3345B8E6AEA0E640988D973AE153713A7BC890A84E3400
+xn--80aswg.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pZn72JXapHCeaEqyUSGJwclRwiCVpR1LaKFxhV0KMPeoOmLvN+dC/h6Xg0VqoYGSm2XYVK3H7CTeqe2muOr6jSQzveOxNmPu6YFud4qCU2RBmFcUiyLul+RXDr9EW1RqII30o8alaAJ/t+sauR0aBrHgWPov5iWP6+ANy2ETunVp2o6m7YT3Lts7fBvA1S+qZHNBsYnMkfZ9RNSdjD8pwsu5B0ud+01dSxqT2D3jkjUf5NqmV9UqaUysIDXnJ3XsN4RekjYeB2nX0Xpjqh6rPqzSQQ2i5NysB4ZF9KQ2SMhbd/NlO86NOHau3heh7EPqqxedis6mo0XbI2SgvAfGpQ==
+xn--80aswg.		86400	IN	NSEC	xn--8y0a063a. NS DS RRSIG NSEC
+xn--80aswg.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . T+ooy5nMqkO2O+KzElpgWX4ml3eOiheACdoxQRcDFNzsaOe7F7dj95iTpx+O4uAOlPq2vDLKM0gu1MrfLYilGUU+v5Z/Jv3Q4pSBJObUvLNWYofSeDjEoN+zWhu0bzD8qOr/nV4xepcKXVpTfsoycIGimJLxYmlRDoHufxN5IbVVfkD4mI3Kn693V0V2hAdfoWGh0YyxjuDQRbUs5XxPCHDbYgXDDS5nISEce0pvoWWpgT5Ux43lcQeBKKy8l14rAJpZE5pfopUPFOIFSPfjOO97GUEObAtvYi9f2Dw7m6qBL2oQuqXzNuj3FW7SsPRI28sTdxnL7wu9p7fNq9okRA==
+xn--8y0a063a.		172800	IN	NS	a.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	b.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	c.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	d.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	f.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	g.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	i.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	j.zdnscloud.com.
+xn--8y0a063a.		86400	IN	DS	44995 8 2 75EC90F39171D405CB5D609AB0C62F21B2C53DA70D28D642D226121A4DC9A917
+xn--8y0a063a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rRIWokxyKICXfxu9R1gMXkmXDACMdjjYtBl8foPNqPYo8yqOLguyCrq/CyCUcWTYrQCGFSH1nYsCGtoFt1ZGWXrgNV6KsVv7KIj7yG6Pnk3Nh5fKjPrNmwdkSJDCp9NIJdcAbrJG2PFDTKBg8MHUI4MtRfXCMzdh1wUDdTV/ri4glSdjYuhcm2PROBWr9yD9tBQovIVKPA9TQxXsL0qa3M4DBGlYw9Pk1QQyZwsIKKrW2vJxk/uTfJ09YGqbgFWvvbaPwcsPf+lo+Soym+nqacXu7E/8a7afNMhH4w9Uj5XR/vI8JwIy/7jt1Sk1GSnBPT6QngiUgnI664dIDPh/mA==
+xn--8y0a063a.		86400	IN	NSEC	xn--90a3ac. NS DS RRSIG NSEC
+xn--8y0a063a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . G1WWyxh0Pi56RrvbbkeiFcPeGfmxe6onSWv7l6Z8CKryc35SHUbGrqN4ki+j99B4tzf37l6r0RASbUinYDD9oUR3wo1GIGxpJkb79wlvCIQO5Fs2UVu3553at1/0x7gDVvWbhRPp5+htMmkGIase2p5cEF2a6FSfRmr4QaDJQt/jXzYxH7YXXU11bUxsJFSgz7kuXrdpVP+9/nkrLqB3XvI0ULnK4Jwj8OtD+/YmB4JQ8Jv+Fsj5CVSbv9NIrgjYc1hjkHbBk75/2meiLfwafwPuiwVkWOuU+OYdxSUqN08mM12u342tPkCPsK/TCh1wBeA41oMKyiBZqc4GjDWpvA==
+xn--90a3ac.		172800	IN	NS	a.nic.rs.
+xn--90a3ac.		172800	IN	NS	b.nic.rs.
+xn--90a3ac.		172800	IN	NS	f.nic.rs.
+xn--90a3ac.		172800	IN	NS	g.nic.rs.
+xn--90a3ac.		172800	IN	NS	h.nic.rs.
+xn--90a3ac.		172800	IN	NS	l.nic.rs.
+xn--90a3ac.		86400	IN	DS	64419 13 2 17FAF8DAC1408C3F80631695363F4A3B0A15023842563AF5FAF8850E3E632973
+xn--90a3ac.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GDgfH4tZ+JLpbkRBerplfkkqTm8Gf7NjZZRph1sM8AoX93irNJ54ZvpwUyCJ+Dbc7TzSMdkjeX7Sd01y4q6NWOGtaul/+L5wcJwoEOL/lR6U0tl3PVlGCMrLvRJojfnLhpdlxFuR7sfrIOtHE8c+uqk6GYNX+JqiG8Jrf+e4GMcjBjz59tw873mUPO9LTMrdihilpjgRJSQwhTV5XE+cdmsD9NW3zZGluIAlOrPy5lmx8LVuVerCE0J+M0hx8u5tWxyBdZQGCkPAVxv3UuRQIIs8G8ZUq+0nJ1D+0PIXz8wzBnzrxTo3kjSPoXJ4AjK8Z+MNDG+cyNcL3/tp0Wpb1w==
+xn--90a3ac.		86400	IN	NSEC	xn--90ae. NS DS RRSIG NSEC
+xn--90a3ac.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bsL9ZQBeEgFn4K/XqicNjoM1TJ6Odpb8dk4tiXMONLEos8nio0Ft/QoiqDE2Vlv3vgTpSPVXoaKh3yIqnhD4Oh2QqXC5uKi4JDAtmWS5qM6n8z4QPKYlq/F7eu/Oo0+FEI61MSAScFM/5g8iKCmmDQ0mURnE7P7ccD3lRxqP5AX43MjjqcSloNJFmwuNAc1iYDAjy667AdWw6m96Rw7u5rarlgawa4KWMy0ZjYV7j4EwFKyaLN0Q/y8F2fg4jRdYqTpoYCcsQobbmBfNs61i5s4N9GgIwxvdTuWL3/gOYhx9uog1mPYR+RMtvnM34yVAtiuHe98F3zPNYnkVoZlzQA==
+xn--90ae.		172800	IN	NS	a.nic.bg.
+xn--90ae.		172800	IN	NS	b.nic.bg.
+xn--90ae.		172800	IN	NS	c.nic.bg.
+xn--90ae.		172800	IN	NS	d.nic.bg.
+xn--90ae.		172800	IN	NS	e.nic.bg.
+xn--90ae.		172800	IN	NS	p.nic.bg.
+xn--90ae.		86400	IN	DS	55126 8 2 0669C2EB01C870DAE3EF098917DA83562B431531334A531E9814F117557509D7
+xn--90ae.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LqpjLArOuxfTOUidf20WeNAVNllpusBsSWDYZH3TN4PPFI9e2Kd3TuPZcF88slXyCzysE7kBlmWhScU8w0HzhoDBU/pSIy+wydDnxKGapYedFbnNEZkdZ/BEsWiDReGgwUq6RTMYctMviKBNKdTlCbTBnaQRKZzF9N1ZCMPy7GW8Ka+sGoS/P/gC5ulCaOx/li0qDvJof0OoNJeX74wM34gkI5TcCYD6jR/OpVHnnONns5Ge2S8Doxln4KTHmIE3G+BeNfRP26fftTyrBZxyHrpwYpMsHSRsolobZ1oZL6aFV9YpEPCF+5tTzT76SqYj6EBzLzqdnd+VkXOPgcs76A==
+xn--90ae.		86400	IN	NSEC	xn--90ais. NS DS RRSIG NSEC
+xn--90ae.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . iIxjRyqBvu41eehAV/1nlxa3rdT2rCf2aM7ZVpg2PD76nUr/ydsX+EXy8s/lp5JQgbW2e2WGlzGZzVAYf7/XxviMqK/pzEPjoYQGOfnFxTo2aNXaX2x5lrFnbdoLt7WQWdiSpoP2b/nZC0qPYVjnnG6aR+j0M+FkIO1piv44z6ruZhhMQtCEFI5RoxvrL+qOYiJBgJB1fMD4fzCNMhM0AJKP8HTMt36YnnKOrdK3rwLvEDfT//Ew0rJnKq48I8QdSlk9VaBCJInrj8RRGmzYMrTSir45IkovINybI53S+kt/btIBwwIaIvvbay+p2GyKSmFMexGBf6zkk/uy9kDd0w==
+xn--90ais.		172800	IN	NS	dns1.tld.becloudby.com.
+xn--90ais.		172800	IN	NS	dns2.tld.becloudby.com.
+xn--90ais.		172800	IN	NS	dns3.tld.becloudby.com.
+xn--90ais.		172800	IN	NS	dns4.tld.becloudby.com.
+xn--90ais.		172800	IN	NS	dns7.tld.becloudby.com.
+xn--90ais.		86400	IN	DS	43354 13 2 E3288FD293924279D5C2CDDAAC9875052D0D3CAC2476F03CFD546EA512740699
+xn--90ais.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n9bqsMgETjqM2oSX/1F3miom+pjZFeAhSzgwrnSxRi/QqgaBmOI6EYBiPsAvwwGrgk8EVdOjmfMzxLRG8rA3vXkI6mRjMjlWBqHV0RU10eWSkH2auBAb0TOfv/l1YIiQhSEbJaN/k9AxjMo9T8XKTFn+r/SM2+JGxS4YLcxlREKWfuFhb6yywwbrrykZVdMWRiqQNb/EtNM8nJgaUgN0hRcEZGBuOAN8ol3yJ0Lhgj/1cSjUXZqh7qgUJE/5g7fFIqz66u2+PfWk4n9GHjehWr/Ku2NtrjnEzSbqzhrVZ/oamk2opxpfgq3/cslAmSC4Nj+c/2NBJ+uhxUyDZ5LdVg==
+xn--90ais.		86400	IN	NSEC	xn--9dbq2a. NS DS RRSIG NSEC
+xn--90ais.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1yf0kwZOzVeFjMIOAQcqIu32Dx09U1LnOt1YrwTgK5SNSottU73xifV8xyowoZBtRxbDINVcJ28dSM2G0yrC23mWdJ1M583BZBTlErhcPZqOHxzb6tw8H7ak2llHJbF5oOV1dntI0sJmd2yFy/ixoxg9lOgzfJVKALV5WMeQAtn8XQofI0/ZdPHztEeo3hJ6HOuW7ohF84vIpIyUboUplbhE+7n+gPP89ApgU/RZxRBQ2kj/P8cOCrtDv1AlPUwiC18+OphhkyHZcOdbYjeWnU3/xyl4f0ffv8gTJNEc/4MBAun27rWtbxljSfUlsOdSc/phmRTdmV0k2c1MxwEE5Q==
+xn--9dbq2a.		172800	IN	NS	ac1.nstld.com.
+xn--9dbq2a.		172800	IN	NS	ac2.nstld.com.
+xn--9dbq2a.		172800	IN	NS	ac3.nstld.com.
+xn--9dbq2a.		172800	IN	NS	ac4.nstld.com.
+xn--9dbq2a.		86400	IN	DS	47235 8 2 014AE4831DF78851E081E2F33857B1335BBF16A65E3FE624CB42D2BA1A32DAE2
+xn--9dbq2a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . X5geJzyTbkta9eYkA3akiK+F0eJgs+fTQKHDADsK/tlgijRh7OZT1fDlLWtgCSvew18YI3ORjEFB8RYqcy6Pp/u9ClelGsXqgFcncw3S3vLllYh9auYbtijrRL7UgaBlI4bJhB3HOuVuIpCD1STOL12UijTCi+0qZMFlCvcTlVar9OIiH02+c/NAneVKRtDJODEiAgg9VcGBvPrVFTrqLKqSdRI7qNv8dsJoHU4NnU2TW2RnA22BVqwwve8njRtT3JOezqU9cWeU6dSHssYjaIdvbaXlEqQHEbr8ghaysvMyW7Rm+ZJCHaKh6CG2phai5BCN5/WLxh53GRM+AQb9Rw==
+xn--9dbq2a.		86400	IN	NSEC	xn--9et52u. NS DS RRSIG NSEC
+xn--9dbq2a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GYgZi/WFuXDgy2R0LuBv3g2YMZUrDc0BTmY5xONo8LkfFlSXxxSUgNPo4W6VrUPaPTf4LTsikQ51o5W2PWsaT21HMaWMGUifxgjFqZ+KUalhE2I3o4SpAjX8dGg2zTuIlA280DpoP4zBxwgg1hL4hrwWwKJ+tO7hp5sv2BmPSqX6Qvt+RNEmNabyihCxcr0J0wHJuKtSjygOMrQwe8vBPBVIorzLZAC4sywNey6mqK9t20N3RIaeGbmfV4Y3dkw/d7xO56GzH7rxQV73hfaCf+WDUquWe1G1CRRAVyJettPo9hR9oeFsxj4+KlF0rGDXFGIGOcZj05GHue0wNFwGEg==
+xn--9et52u.		172800	IN	NS	a.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	b.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	c.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	d.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	f.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	g.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	i.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	j.zdnscloud.com.
+xn--9et52u.		86400	IN	DS	769 8 2 2BAE7BA36EA94541B8BC12188EB1AA933B5081CC281909CC5874AF2EBEEBAE96
+xn--9et52u.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FXu5zHxxyTZJo0YdhK+vqnhWQy6FxCpPe5JEaiIeO6J/6aclCrxemd4tK6X2S2YyCb7kVGKSpukkq8PBSFH3ke/tmyI2HQqlB8UL/QTXgAIRSqvFGGIxw0LOSW009s/HCqgKFcqoqZFdulc7W0G281qaEF13kgrmy6+hz106q9XKjYAUI9xd+hhpPrJyXiaCtDQ3fqnmTrbyc3bgPy9MirRLs0sopFPL4H6lVSPqLyMfcJu5bEAWP8+I/EeATORbMU+Spugbufw3ffJeUl63yE8lsUa0NoBDCZRhjockQdKZOMwaMOwjW8rA9lgBODiy8GfuRDP7u9lKrrKqEsM/HA==
+xn--9et52u.		86400	IN	NSEC	xn--9krt00a. NS DS RRSIG NSEC
+xn--9et52u.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LOEF2OIqfOtZpD/UEgpl0TYJWA1iwD81APS2sIeEFK1SUxen9MGNT6fHdp0K3bbqg2g4V+HhhD/tbSj7iOguUHs1/OKFl1Q/xIS0b8fNYEweMI0a38NpvkmkjIa6kkGVVZMxMj9kjpqDmLWOB62AjAl4u0nkioGI7RZ3kMcrDjxoiXziFB8/Y8UDtOdwCA0DRjHqofy6UyGJCzJErLL30+Zyl/iBkoFlbFbrquPZGyFiS66A0rGkDGOp9G91/Ea/fpxsrqq/usWwzOhjj6hL4/VBfqPlvAl4siWpjQUIUYXc+dVTSq5up4Tv8omavw5uZO4NE1Ueg8OrlTpai1GU4g==
+xn--9krt00a.		172800	IN	NS	a0.nic.xn--9krt00a.
+xn--9krt00a.		172800	IN	NS	a2.nic.xn--9krt00a.
+xn--9krt00a.		172800	IN	NS	b0.nic.xn--9krt00a.
+xn--9krt00a.		172800	IN	NS	c0.nic.xn--9krt00a.
+xn--9krt00a.		86400	IN	DS	6052 8 2 E5AEA197B5FB7F042833684BBF64FD1F9341BAA2007B2DB2958C9DFAA5884B78
+xn--9krt00a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FVDYoup9ABq70jc235re53Wl9+8kmhaUulS0JneFqVRQwPqicgkEz55vxE+j6EtQq9FtqeWLfwP7WFfCexbgl/ImARFaRaBwe0dvimbnjqm8xrquh7UgBUIeoTfHvh0I3pr1wuwlZ3AZjfxRBp1q01ifKxe9Jpc9+AxslOx0Bqg76j6ERU+vv7PK2mXlWryPtlY/eUbluyMSvZxI0lSJrtiBApQUEfHGVv3zeEEbJWHpUBVV2uhG7jMVo0v5lB63FReEDc4Kq+cmo+qS8PuMnRZ2/BbJvHtiP6RDCXP2eiJaynlvmnD8OTHMD74IOr8A3OPkQ2291aqw+wg84iOaNQ==
+xn--9krt00a.		86400	IN	NSEC	xn--b4w605ferd. NS DS RRSIG NSEC
+xn--9krt00a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VNmQIgp6u92zjOAYKAC7g5g9R5ypAapKrENH4MmAauxnuWwkkFOrpj+XpV/Ua5TmL6rXorrDZM5G1ZukjrFMJCj1A16AO2NnfYxUb//YLun8LtTX1Fd+Qv3TW5zY1xObEqnmowP/OqfuLUFtPWfYCBFWyyersu2j16gGNRTwMCJbaqzIPOMZ4R7sBgfDyXmlH0NT3dqpxTf/izU6RVn7YiQR4QRa9qfC8KGcpzrFOlT9ZREcDbUmnQV6C6UaKwbc55uTSt2nU3FYDiZcrYs7uAChYd2FTGn8+yaTvdXotKzqR9mYttK4z4RLASVHAvjdSc8t15QGtzev9CqLDNDcpQ==
+a0.nic.xn--9krt00a.	172800	IN	A	65.22.112.1
+a0.nic.xn--9krt00a.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:1
+a2.nic.xn--9krt00a.	172800	IN	A	65.22.115.1
+a2.nic.xn--9krt00a.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:1
+b0.nic.xn--9krt00a.	172800	IN	A	65.22.113.1
+b0.nic.xn--9krt00a.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:1
+c0.nic.xn--9krt00a.	172800	IN	A	65.22.114.1
+c0.nic.xn--9krt00a.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:1
+xn--b4w605ferd.		172800	IN	NS	a0.nic.xn--b4w605ferd.
+xn--b4w605ferd.		172800	IN	NS	a2.nic.xn--b4w605ferd.
+xn--b4w605ferd.		172800	IN	NS	b0.nic.xn--b4w605ferd.
+xn--b4w605ferd.		172800	IN	NS	c0.nic.xn--b4w605ferd.
+xn--b4w605ferd.		86400	IN	DS	56659 8 2 BD5E5982605E7EC6077B7742D7894A6959657AFBFE9EE345EDA682A9A4BF0252
+xn--b4w605ferd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NZ6IK2/DMtyyC8yZNew6qKFHsQAUBAyZxVfMXUh44v3n1+7FBPJluTEPu7nQpN8EkWRUaVom/5uKAkeRt4BvViO90PWiDpxIzVzXyVGL/LZkQkrK0jAb5p7PCoHG4sW/Vh5kDsSTkHVpWVcR10RA1fsfEmO09FeA75KUJTtFBGJ8MXqErNpTxPjnTafuORIK+RlC7dQPq9xKFI+Uv9kJwwrttTJI4j9WlCxqluUSlBBJez2/q1HHY/nMlwsMs7qeZi8rQQW7NC6kWwiDQwd7bR6qPsSf+ylXCCxzjGlsbSr7bY0hVqQoHhURRIpxCeXNQOtN43Jgq/NaEPGqDfoC5w==
+xn--b4w605ferd.		86400	IN	NSEC	xn--bck1b9a5dre4c. NS DS RRSIG NSEC
+xn--b4w605ferd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xVc3UQHv82TmQmMvSBUMLVdfEmOw+4UGVAZaM/6P/agJGBj6JUMO1LrhDgGhwVpwkJDR90jWpRoBfwdOhhRP8Z54JAkU40c5/hPkG1MobyWmnDXlxKLWr3zbUNPaVFvpRVlsDa1v7g4mgJMXqZy3Let4WlY9Vt81ao6cDl2UCBCPKjhyIftECTGmFLtE5gpLvzGfJQaf6rQP9SMdPIF0t2LGk7+vSKm13VyxM19vEbC0/Z7UfkMA/eMYK08lzVl+dIiT5Eo+bPbmP8JCCbftDPF3PzHTsJx/8ylhrMlm5BQKU6BH2yBD01WQEz7/oWmXmOdjP47t3Bnd9LUoeV9OHw==
+a0.nic.xn--b4w605ferd.	172800	IN	A	65.22.140.1
+a0.nic.xn--b4w605ferd.	172800	IN	AAAA	2a01:8840:8a:0:0:0:0:1
+a2.nic.xn--b4w605ferd.	172800	IN	A	65.22.143.1
+a2.nic.xn--b4w605ferd.	172800	IN	AAAA	2a01:8840:8d:0:0:0:0:1
+b0.nic.xn--b4w605ferd.	172800	IN	A	65.22.141.1
+b0.nic.xn--b4w605ferd.	172800	IN	AAAA	2a01:8840:8b:0:0:0:0:1
+c0.nic.xn--b4w605ferd.	172800	IN	A	65.22.142.1
+c0.nic.xn--b4w605ferd.	172800	IN	AAAA	2a01:8840:8c:0:0:0:0:1
+xn--bck1b9a5dre4c.	172800	IN	NS	a.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	172800	IN	NS	b.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	172800	IN	NS	c.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	172800	IN	NS	ns1.dns.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	172800	IN	NS	ns2.dns.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	172800	IN	NS	ns3.dns.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	86400	IN	DS	2884 8 2 DD075C68DAC66ECE21097863183D23795595362FC5314150D38380ADEC50FD40
+xn--bck1b9a5dre4c.	86400	IN	DS	18031 8 2 F5936212E7D648F9906D69570E647F0A09C2C66BEE3B322CF39E5307175996D3
+xn--bck1b9a5dre4c.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JI/toYfAKv0KdwurydBg0DUA089xFgGKcMdDAFcbv+O/rRrq4RdDktNaY0uvzWbP6BColv3+3vIPndJJTUakzt216XWmTu+DXbhApcbd3hcyVDwanwocjFRWhA2trxIlcxfPpWHZPn96jUxnm7Q0OOlKDBs2G2K8bLUXHWCCdfBYpzpx9UnZMpNNTOnrrhe2HxQcEMjP4QWrj6ErLRVAQrfC3K5dudpN09zi+/5e5kaTktN0fhId8XqWnXKKnAtAyVjALNyTxI3YZ4Sss2rNWo0pb/bwnhR8KKitCumniS8kB1NHRUEIgPDnCf4Ywn01Et2JFEpdZmGriRZ8xNiDPQ==
+xn--bck1b9a5dre4c.	86400	IN	NSEC	xn--c1avg. NS DS RRSIG NSEC
+xn--bck1b9a5dre4c.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KpDbBHCGYCcHeiHcn++azn1LrEvOhI1XoEGiufswdaif0tO2wdQPTjWUtZraMXFXpHc1InTC0L7fsIZI5kijuO4HVe/Md9W4JeloLjoOBNZ8JZ07C4UIr2u91kp97khhlIug8nek0SlZbeaTHhwsJ9rZUK09k/xXF5za8q73FWaNerWWEoKagcxV+8T+Y6t64tX+v6Axcpqvs7KPNso6CV12UmdtXCP61UwJfp1MaDmB81qAbZrzmscAF2ZrLL4LvrVLU1bPNRUBYZ+ZIoOGXnA/V3BYZMVeoZT/j0dtkeD+Stt16Bu8nEHCteYiMxalwosaHjOtQ3MmW0uhkeZAGg==
+a.nic.xn--bck1b9a5dre4c.	172800	IN	A	37.209.192.10
+a.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--bck1b9a5dre4c.	172800	IN	A	37.209.194.10
+b.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--bck1b9a5dre4c.	172800	IN	A	37.209.196.10
+c.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--bck1b9a5dre4c.	172800	IN	A	156.154.144.194
+ns1.dns.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:c2
+ns2.dns.nic.xn--bck1b9a5dre4c.	172800	IN	A	156.154.145.194
+ns2.dns.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:c2
+ns3.dns.nic.xn--bck1b9a5dre4c.	172800	IN	A	156.154.159.194
+ns3.dns.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:c2
+xn--c1avg.		172800	IN	NS	a0.nic.xn--c1avg.
+xn--c1avg.		172800	IN	NS	a2.nic.xn--c1avg.
+xn--c1avg.		172800	IN	NS	b0.nic.xn--c1avg.
+xn--c1avg.		172800	IN	NS	c0.nic.xn--c1avg.
+xn--c1avg.		86400	IN	DS	16534 8 2 85D1FF435E850DCEF97843FD4CEED2D36CEEC9186DDCBC5FB3BD9AD440D7C398
+xn--c1avg.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SzHp9LQza1LiEhAeMLd3ICEkoAh5ljI48pp3zctEcosSo7/AID30Hm5MbPceJIYFuIQB1PZHqKgBKPYmwK33s59pv/beR79a0gR6BsbVlzghTVmWd1brrwty7mFwMeJvvA1ojKhcRQZMeVAcjSFx1pFJNiAc/FmNAGqOneeH+YI16f+YJ9nswbaSXx6NAOzZzMhO66LhgNES/JNKTudXyVj29rNrvd1Fvk4K9CTt2izcBV6zz77e1G9289O8zo8apSMvXF/xbDlgwYNjPUMHMnO/RbnGc5yM0O5MDYBdH/riI4P1LgXyQHS9D4RYzz6Hm341chxeIX4qxa3ME9acoQ==
+xn--c1avg.		86400	IN	NSEC	xn--c2br7g. NS DS RRSIG NSEC
+xn--c1avg.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hU+GP6gDy73X6+nvMZG+PgvcBD85LbuVdjxGLCFzdalQXeZCmv2byYMHe9dd1IlnQPFxCruuvKIGx26TO3RTs1mQGzyeOFjsow8zbaXZT9uEKOtVE/VaXVDrxdNF8rPogN40Cz1/3t4zBu4XCw9LzD8JeNPN2aH8oqEVLHnW5Ju3olafMoUN9BeCDtfMFTWck76OPrLuZLmLleXgDB+EbtWdD8b1X9XCrcYkOJPRGsyk2XTlmxwcbqxlODOuw2OPWaWwhDzt83zrhSxMUAiBth+fix6pscakPcFfWmP4Wadtz3fTiqFDjAT6H1GRYZUO/f24NPQBnEso5OnIOO2D+w==
+a0.nic.xn--c1avg.	172800	IN	A	65.22.184.25
+a0.nic.xn--c1avg.	172800	IN	AAAA	2a01:8840:b2:0:0:0:0:25
+a2.nic.xn--c1avg.	172800	IN	A	65.22.187.25
+a2.nic.xn--c1avg.	172800	IN	AAAA	2a01:8840:b5:0:0:0:0:25
+b0.nic.xn--c1avg.	172800	IN	A	65.22.185.25
+b0.nic.xn--c1avg.	172800	IN	AAAA	2a01:8840:b3:0:0:0:0:25
+c0.nic.xn--c1avg.	172800	IN	A	65.22.186.25
+c0.nic.xn--c1avg.	172800	IN	AAAA	2a01:8840:b4:0:0:0:0:25
+xn--c2br7g.		172800	IN	NS	ac1.nstld.com.
+xn--c2br7g.		172800	IN	NS	ac2.nstld.com.
+xn--c2br7g.		172800	IN	NS	ac3.nstld.com.
+xn--c2br7g.		172800	IN	NS	ac4.nstld.com.
+xn--c2br7g.		86400	IN	DS	42810 8 2 5BF46578D493A97436A5852ABBEA6CD186BD5786AD7D08387B7430228371EE33
+xn--c2br7g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nCSCfglZzpSW28SrcvZXwIlXDiwwhmzDnC4L7vKmtVCV//0z1a5RYWszesJGEVWljnGmh+TYgi/yfFnzWV/zDFEV9f85AYXLeza3IREZxGRXoszoKT7SwYcVTVjNAaoASwwkkBTN8mHDb8kE+Yib28yXe289ZLcRf0oSOZHm3sXQ+BRVnCf9XDmH1x+y39rYWOcFpMDSgNJ9niknWbkrG2jtLN7poUYyVA095iyiRY2pm5vVBGVzH8NpcMiDMEW9FgCnVvtQ2uhnX4mp7rUPA3qwAASECto6ViLN8auKhujIZHfLp80ufXTYudLkYD6DS+uqPQnxxK965bCrzIK4qA==
+xn--c2br7g.		86400	IN	NSEC	xn--cck2b3b. NS DS RRSIG NSEC
+xn--c2br7g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mfHy+PwaA+0I3S3eycQE3k0gsHFnCVGSXbBrXfx+R/NCcjiT6M9gyYNrfyMmQQ0V/2xpyvSwKVq2bjtwmzHvxd8zEbzSFZoT/piyT20mXKMh0mE63YEP22qebyBKkR598wvwVQ3stfN8n66A9/RB4t8TS/3grOaqZkKqAcd17L5HNcf2UtKtgvwDKuKBPIIFBjajLcQKIxfjfsWuyOR9+irDcac/loPepVkMKgb+sz1YkNQa/pg0/PSW8/lZtSeTrz/UlxghjDbDQF+IylNsFGe3RpMAp6PP5VH2G2s6G0sbqUbLDtM4EAQx3F+149kqk1MU0pIacnWU2/weBCQkIQ==
+xn--cck2b3b.		172800	IN	NS	a.nic.xn--cck2b3b.
+xn--cck2b3b.		172800	IN	NS	b.nic.xn--cck2b3b.
+xn--cck2b3b.		172800	IN	NS	c.nic.xn--cck2b3b.
+xn--cck2b3b.		172800	IN	NS	ns1.dns.nic.xn--cck2b3b.
+xn--cck2b3b.		172800	IN	NS	ns2.dns.nic.xn--cck2b3b.
+xn--cck2b3b.		172800	IN	NS	ns3.dns.nic.xn--cck2b3b.
+xn--cck2b3b.		86400	IN	DS	3841 8 2 123A65D7E5CEAAC47D65136B12037A6965B9A52F8ED600C1CFBEC8039B5877D5
+xn--cck2b3b.		86400	IN	DS	54514 8 2 00A885297FE7934B3A92A271DCCB88C79E37C8F1B18D15214E50E43E2386C63A
+xn--cck2b3b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A0N/XYsXbZI52fDTJmtFzi2HDyYBSSACAaoqmVron1br8kKklKzE2zDJH3HRGjH6MOKRypPFftXY3t89Xt8cw4HbIgIl0ZDT2oe7/8peD7vwJuYNh7CrZBHwktVKL5uwhnVQFjwNZEhF5jDGnAWWHH5+LwSoAeIP7sKwFYl0LHVmakIi+wmZpTuwRPgHPHWf3oHA5A1IEHjYoqASEiI4nFsoEjNI2jq26IBXch/77mlZ179AxmH3L3YYHftemd6twOy/C99pHhcsoHPIS9ftwR4dXh+6N/b5TI/YjI/A0EcL+36PffCD8kM+oGkAR0AF8nHOC6yiygoaNXmPAzB12A==
+xn--cck2b3b.		86400	IN	NSEC	xn--cckwcxetd. NS DS RRSIG NSEC
+xn--cck2b3b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AUJkUm+iHwA4Qpo0jJEqz6lWJlZBGhAi2mf0F8dIVvu5jo25/8yvvJnxbC8RuxhM4DUaQT7SL2EWqi+OXJdS/JSUP/8P+Io+k2yCEmwa08HBfXOAotHzQ950fzVri7jyDZ/5rdxO6gqhPKQk0yEJ8zPnICDyOtJz/WX/Ic2zweXFzCecfH+pc3EP/CqUnt61c/UUzjPeUp0BK7b7Id4WsCSCfB+8qFlJKkVDlFvJtNPMd7S5kVv0SpY2rmlJix72chlpEOTJ7UGZDIdCF1a00C2fXiiTIP5QNxtrJym6OgEuKtr9MfhC8vy8iygTQKIuartOmVfyPfh/S5j3uyrclQ==
+a.nic.xn--cck2b3b.	172800	IN	A	37.209.192.10
+a.nic.xn--cck2b3b.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--cck2b3b.	172800	IN	A	37.209.194.10
+b.nic.xn--cck2b3b.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--cck2b3b.	172800	IN	A	37.209.196.10
+c.nic.xn--cck2b3b.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--cck2b3b.	172800	IN	A	156.154.144.193
+ns1.dns.nic.xn--cck2b3b.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:c1
+ns2.dns.nic.xn--cck2b3b.	172800	IN	A	156.154.145.193
+ns2.dns.nic.xn--cck2b3b.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:c1
+ns3.dns.nic.xn--cck2b3b.	172800	IN	A	156.154.159.193
+ns3.dns.nic.xn--cck2b3b.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:c1
+xn--cckwcxetd.		172800	IN	NS	dns1.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dns2.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dns3.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dns4.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dnsa.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dnsb.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dnsc.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dnsd.nic.xn--cckwcxetd.
+xn--cckwcxetd.		86400	IN	DS	2212 8 2 750AE447B9A971825D2818BE9DBE88896F6FCD9148FBA4CF481F4323DD2E9633
+xn--cckwcxetd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SM51EX0M7nxCSr4nsFqozSh3you/aRQ6Aw6ikWo4NP7vuUTRuHJrThcdRwOm+5ssFx3kI+rMLQAMqIO83bF0G5uu7sPpiJXjxOgdEsRJkCy71WbNwL21XFg8t7h5hxEeHY90VaZrKwmBHaeU0ESh2CsHKFpZc0XxhLqa4gZiqJ+0MzzFEZdwjYDf6ofLckb2dSi1zrpxVp+ohYxchPL/go5pSmTpbG5gHP3hjZfn4woFPS6U2dVXCADwMd+BrMgwVxhVEt5PF8VYHqVkQFEykHntgTkBrpKbifDsesaEbUNuRu70/UiPcFZEb/NgYY/ZBA09n4HXXNU2lm6d7ZEGvg==
+xn--cckwcxetd.		86400	IN	NSEC	xn--cg4bki. NS DS RRSIG NSEC
+xn--cckwcxetd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . njNAoVF0GABtPvGZ6YJ3OV6hEQYJb+yiUE5BmlFRCnmiLPNkcMKOk3/XYnOUGtUr6zfeZk64D7KkLaQLJnwbR4aSfgmsegtd0Adf59MbE3392aqsjPTzbp9eAglfD/bK7CrckAvrisl1Cpk+Qu1G0HhjSetFJHhgy1VH5tLuMuFVpd21oZ/JFK2XgvZcSSAXmf9tAPuA6SYLxn3Nvqt6c0hbQcrBtPloAWxzFfYGBmSph1ZkMCQdp1HiCWj+RIoSXKmjT8yAa31B3Fw8k0kjLRgX1AkbIG8eHvt61tE24VgffNJ5C5Xfv3m2wtJQny3jkbOsp4Gdo6fIrqN38W1rBA==
+dns1.nic.xn--cckwcxetd.	172800	IN	A	213.248.218.92
+dns1.nic.xn--cckwcxetd.	172800	IN	AAAA	2a01:618:402:0:0:0:0:92
+dns2.nic.xn--cckwcxetd.	172800	IN	A	103.49.82.92
+dns2.nic.xn--cckwcxetd.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:92
+dns3.nic.xn--cckwcxetd.	172800	IN	A	213.248.222.92
+dns3.nic.xn--cckwcxetd.	172800	IN	AAAA	2a01:618:406:0:0:0:0:92
+dns4.nic.xn--cckwcxetd.	172800	IN	A	43.230.50.92
+dns4.nic.xn--cckwcxetd.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:92
+dnsa.nic.xn--cckwcxetd.	172800	IN	A	156.154.100.3
+dnsa.nic.xn--cckwcxetd.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.xn--cckwcxetd.	172800	IN	A	156.154.101.3
+dnsb.nic.xn--cckwcxetd.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.xn--cckwcxetd.	172800	IN	A	156.154.102.3
+dnsc.nic.xn--cckwcxetd.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.xn--cckwcxetd.	172800	IN	A	156.154.103.3
+dnsd.nic.xn--cckwcxetd.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+xn--cg4bki.		172800	IN	NS	ns1.xn--cg4bki.centralnic-dns.com.
+xn--cg4bki.		172800	IN	NS	ns2.xn--cg4bki.centralnic-dns.com.
+xn--cg4bki.		172800	IN	NS	ns3.xn--cg4bki.centralnic-dns.com.
+xn--cg4bki.		172800	IN	NS	ns4.xn--cg4bki.centralnic-dns.com.
+xn--cg4bki.		86400	IN	DS	59631 7 2 7A16187809F4725A91F192336F6A9576F246DF35EDF500A1356B8C8DFF2D59F1
+xn--cg4bki.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cyi0vp1lMlFtvMf/dcljqv6lMXM2yPFuYBDg4pgY94qwYmxeegQBOviHB43im68vVvVGnnwPZXpVD0DMqcRgOm3u2LB/97yCs5DZP0KvBH2cdyIKXZbfyh9wMZIAztljmtgjW5/Z64lr4v+6Tj4JjzIPPU/LtoLwsgfqsMEjNwUnICq8PI+++v3iSzXwmMGznybsvJdgcF/meKjJJTD1fyyWTwvyDCTgxGNRooATBA5cIY8k6piRciYjaMd3B14L+95cH61Q5HRFxWckYb6A9wfR/T28Q9tWN3KZ2MYd30PpfUENedey9ggl2OlXL86lcMjNvZBvdE08ODIyPAzP/A==
+xn--cg4bki.		86400	IN	NSEC	xn--clchc0ea0b2g2a9gcd. NS DS RRSIG NSEC
+xn--cg4bki.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UHa5EGKOIaNuK1DrHdj/qh7Re7kCUM0RUxRK9vkSm6899HeGXgi0r8Gxq2yHDbcvv4zNI6ceUtgfPWMXd6pIZDkiTQaYE8M/cbVhN5ZHKkZ7/J1DpN7WooFcVwCV5clk9QxDJXNK8ogE0sKuqtOLg5+/dkwcTKmWybatFV4L9WPnIqk7m3FA0nbFTFYXttJk+hBXMCBjb5fEHz3tvjOW8NW0JsPl5BY6FQn0jI7BEYr5qaeHL7jOn708MuwNDCT0uU4YulUoD3o2xlWuKhnATVfhRzWj6M0C7wAkxTwXGID1bDCA2uctSxNH5jEJPtmXWfxcyrEWDPoFuXdSWE5Uug==
+xn--clchc0ea0b2g2a9gcd.	172800	IN	NS	ns4.apnic.net.
+xn--clchc0ea0b2g2a9gcd.	172800	IN	NS	pch.sgzones.sg.
+xn--clchc0ea0b2g2a9gcd.	172800	IN	NS	dsany.sgnic.sg.
+xn--clchc0ea0b2g2a9gcd.	172800	IN	NS	dsany2.sgnic.sg.
+xn--clchc0ea0b2g2a9gcd.	172800	IN	NS	dsany3.sgnic.sg.
+xn--clchc0ea0b2g2a9gcd.	86400	IN	DS	48176 8 2 C1C692E8BB1ECAB17A80C5829445D6301787A275B6091A95754C4AC9681FB50E
+xn--clchc0ea0b2g2a9gcd.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ss7BmCPSBske6eAxheQHiwQLNaue6Gy2m0qiZkXp/Dpyb0TvZFbZzNsnjUM/77BECoJldxnoTcblQoY0HKaO9OpUhU2RtSwd6FlWVfQPbq9TenCmevm++6jXjEX8iFWBv2V/4tRf/xPRyLvbYz063KoC5ppiljWwaoWKDfs/OG46fS5SSyBoxjyDCpvTlO37SSL1ayGz+ahz8RvM9aLSp+XLXtzNUhPrfd2qUgow47e/q1ehwZCremhl7gdIobaadzdwdDduOWwQl5PS+PaGe5vpjz4iWbWvJFI3LbnTKFyG6zuJbP52Uc6DWotuhnmE5eFQS3bYvuSLXBGdJlZypA==
+xn--clchc0ea0b2g2a9gcd.	86400	IN	NSEC	xn--czr694b. NS DS RRSIG NSEC
+xn--clchc0ea0b2g2a9gcd.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cj+D9EIw0LHPurbrH/ofFR8bBJXECuJpGcdKv5Q6LBKJMCeykfEkVGYGosoW+296A1uwnwrq3FCYZ0i3/KaPB0rfqSlRQX4BWvHCGbGroCt63+uucIgamQ8mLio+vWTVGZ9zBH0hhjKxMcUDg6Rn/0S6he0Q7/hZjYpttk4DUI/HsH1PJ4dAviD7NS6aFyVrPvuJkRbQa5IRCav+sE1pA0Fqbj2HgzhINrJQKTevs4HU3z/tOlMD3pGBgKjLaQ9WuRGL5FMDYh9zutQvi3y8nb0yc62Cm4JjMIhjy24nR2p3wernWFN1pc/C1nUqq1BvLwZ6C7Cum8tVaGYL+wQrGw==
+xn--czr694b.		172800	IN	NS	a.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	b.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	c.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	d.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	f.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	g.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	i.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	j.zdnscloud.com.
+xn--czr694b.		86400	IN	DS	56914 8 2 5465BAA574AA100721EDDED85284559D873F32FED96C02D0144B0281569FF37D
+xn--czr694b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . H4ogTpfHqvSGNOpSdro1wT98A9ZtSQp6sV7O5SL8iYAUb1fDhLZ++v8Fzu+M+4mpAQaWBVKKVdfFML6xa9RBSZ+z/p8KViZKopw+x4/alsyfiKo1yQ9YPQcJIVa0YLSpTsmyg1KiT+V6zSxMos5xL2/+Rb1rh0o4k0+kg3nCHDWirkrwdP1iQxuyF6uPPWnIwVE370BU9wcueFD71d4SkoAYsw+1t2IOgp4ln2te1nEcWHA3ykbxShTwPo3wT5nOErcMo2383wl4QgFcijHZfTs4bL9BkfWZjRlVIvnox61W77y2G7oycQFp2fswPrCwUJ3wTTco/ZCFuOspZf4mwQ==
+xn--czr694b.		86400	IN	NSEC	xn--czrs0t. NS DS RRSIG NSEC
+xn--czr694b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . drTUOCeG/RRp+n8dkP9SwJlM1VrtP/lceIxj6xOFdSTnKiJuyDk+vV4UwpjblVOgD2uoinzmJPwwsG/+60fQVNeIwpTOUiFPL6GRCAfMNfptl9NKSFKD+WOM4+3cbnQIIIfvETF+BKnUhxTJ7SJUKkKbFIhjyRvFJrXdTiBzD4Zjnk9eAzKk6d4Q6XCTL9iXYoFMd6R/q1N1waVp7+/RM8kst5zy7CIrkqzFYFi1DF5TwtLElI0HorJ6vOdqqSCh5lE0OGsK6JLdW+xvfPMRLL+oeaYBkaMphi/Gy8obLgXuGXJI2NdGpTzvr2glBklALF0Anq239REfoi6WinEAZw==
+xn--czrs0t.		172800	IN	NS	v0n0.nic.xn--czrs0t.
+xn--czrs0t.		172800	IN	NS	v0n1.nic.xn--czrs0t.
+xn--czrs0t.		172800	IN	NS	v0n2.nic.xn--czrs0t.
+xn--czrs0t.		172800	IN	NS	v0n3.nic.xn--czrs0t.
+xn--czrs0t.		172800	IN	NS	v2n0.nic.xn--czrs0t.
+xn--czrs0t.		172800	IN	NS	v2n1.nic.xn--czrs0t.
+xn--czrs0t.		86400	IN	DS	1450 8 2 EE874DD50BA3CECB8187C1D3FB2F8C72FAE826A33C0C6A96DAB7C16DB8A70D84
+xn--czrs0t.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jVZFd/Or3AqVNEnigJmCH3Cczx8KgIl+JrpLjrapaQ0TsEgLqcX9nVKSOvQ7MI+ayeqgi4QnMT2iR36hemEVUqKzV6kt5C3BabgRzf7m7M6mcooF6YLcPjM5vsv1L5z6Og7tcN4jwDsRd6qXl8L0dN4gPBfGKjlJfZwMg6jE1KBn8snJ1VuDvu2AW7DoR0BUUNx0nuUDaxGKXXdZJwD8xd37pldPwt1hUkbi97Dq0zay+coorHI8HE7F11ek+5qnnQwL90HjAZKRTBMuQouQfV48BankqcF4fGQgLqQfkcLi2njI194XyFTK8LGTDkFNLKEi80hkm1Np3xX4Q1hHyA==
+xn--czrs0t.		86400	IN	NSEC	xn--czru2d. NS DS RRSIG NSEC
+xn--czrs0t.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UYyDa13+R6OB4sKfSgiwilXB8+WO/nVultkQKHSgLZCu4d3T4mlb/Wn4/9zInG7WGK039Trgv37wANXN6vOHyJAIiGDdd+efhvzb4U+5Nm8bHGUTPKom5WLm5cUCj3b9+kvNwhITo+Pa9i8X1iOMHtgEWBcGarmfZ1zaztLnJ+fKgN8s8wiF+JIdRzTiqpiDA8wFLp2bN0zD4bydXuCX6n5WmssYU3IEQBZu8ogruPwgA7cCsMAWUvxmxg4LweC4CmB3K/mMckxsmdYz1UjMTWAyBX2b6QS+AJ7QcirfzILBm/OeihtB7Nip7/izlK9TWfcT7XSQ66ak6dBhtBRUag==
+v0n0.nic.xn--czrs0t.	172800	IN	A	65.22.28.64
+v0n0.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:64
+v0n1.nic.xn--czrs0t.	172800	IN	A	65.22.29.64
+v0n1.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:64
+v0n2.nic.xn--czrs0t.	172800	IN	A	65.22.30.64
+v0n2.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:64
+v0n3.nic.xn--czrs0t.	172800	IN	A	161.232.14.64
+v0n3.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:64
+v2n0.nic.xn--czrs0t.	172800	IN	A	65.22.31.64
+v2n0.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:64
+v2n1.nic.xn--czrs0t.	172800	IN	A	161.232.15.64
+v2n1.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:64
+xn--czru2d.		172800	IN	NS	a.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	b.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	c.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	d.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	f.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	g.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	i.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	j.zdnscloud.com.
+xn--czru2d.		86400	IN	DS	995 8 2 C37DB96801455F34FC09B824107A81B4DF13F273E00D1EF24B73986DF0EDA81C
+xn--czru2d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xAdVWT7T6I917mLZ2Z8BR1r5eLMAg5jL8oFCr3CNUTw9vM63t2Nw/of0Wa9PqujY8V1voJYClf5fmQ+pG2TVqocoo4rYGP+f/NHcCWLEhlNgCXsnFjOSNdAX9frlMmqMbrnLFtTk8eX3SHwN+T4hwLW/y9oPaESi0WmqRjh4PwN4/QuZ4fG9bvKVBiRFeWzcAotOkPek/5B5ZRqfHH4hQ0dQ+SvDto7o669wEr/zHtmrIzJvaVzS4nW7shhDcD7jZZQ7Ktd+sZ6Ly4XlZEsUvvLFYPjFDNqUKYwJZAKbMhapmo5T9sM/vVs3RJbCzT2nK37Izf/nHi5wxlxCd3hSwA==
+xn--czru2d.		86400	IN	NSEC	xn--d1acj3b. NS DS RRSIG NSEC
+xn--czru2d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . p0WrtcO3bUjpVdpTh2kCdqQKl9fzGOmSY1EME4z6f/AyNhRjppW90B/jN9DbSiApEMIbgbb6P969mgV/Ez9aoinLfVRXHb++HxF+H2gNQANCgfCTKwgYhdmXpNZq0ucWKRi+91jLK67TdOgnhWghMJfhhfgKs3rtUgDPi4xCln/uDhTSamKBA2czF+MmLCiSTaO9fxpjz55tJYpj/WWfi6QO7Bk7C8MlZU5YacxtkfgZK8bZ4dXGn5qPORijLx9lTWD7CMBSmMby41aT7Xz0t6T68bLVQ7CIOgiljCVYP2zYWXNcr29Oa4WHRC+blaDOS0FOAjqxbpjd18aFQykOTA==
+xn--d1acj3b.		172800	IN	NS	a.dns.ripn.net.
+xn--d1acj3b.		172800	IN	NS	b.dns.ripn.net.
+xn--d1acj3b.		172800	IN	NS	d.dns.ripn.net.
+xn--d1acj3b.		172800	IN	NS	e.dns.ripn.net.
+xn--d1acj3b.		172800	IN	NS	f.dns.ripn.net.
+xn--d1acj3b.		86400	IN	DS	62719 8 2 78004BA803C2F5F251F3227C072DF8C545D30F3A018288142692AA4D20BA3F24
+xn--d1acj3b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SR71Abw3N87czGzq7GVsRYPXbJN8AEC19B5odm/NhgO+xPYpukKC46+843gnUYComJSD8F1FWWXRM6GNDsjFu7qlzSHg6B+vFW7z19ZBQlGVqQWC8dO7lR+TLoX2hlXF0u9M3L6Fh4bVhT88do/F7QQmOKy4gwRe9+00AAIOgi3JFAPa+xI3YhYO+cv3JZQm8diZJKB2NsvYiZr4thLdrlurIP1uV12mBGhavyLX/PArptrDNXtBMXYG1D21tnmZBRATFQJw+fPGql19W0epp15ach8f/19gG41v8tByPMgwpsllsEvRHq8yhuXQtq/CaCn/VJQ4GBSuRAMduI31AA==
+xn--d1acj3b.		86400	IN	NSEC	xn--d1alf. NS DS RRSIG NSEC
+xn--d1acj3b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KTCKmJ/N+yq4Y8JsqXDV9iUBS6QgMzEuTmUqxW2qGr8UZRG2HufBiEMQtBWhfSpQCfvvEaBgdhPVZn3ZQY1rNYf3DqvmJ0wESKK1zJPtaDuiJWGE9SB3qrqTtes9BWsiOU3iNHp2xfyoVj4iE2Nhmf9KQF8oTy5qUw1pdaX3+fl2BGpVdDtk517Xf2jSwLrJDw8LJFF6WZD5qQAtVH7nFcN1yWqzexMHPRe7s9yVBWMOst6dlw5ZoR/Bfs0R10veOgIhs5pTlyyRLbfsVBRK2LKeGbdwjxglc6Rom9oYjIZICer4gl90hSJLPU15zb9jh2c4cg6WbpvUJmNrd0OROw==
+xn--d1alf.		172800	IN	NS	d.ext.nic.cz.
+xn--d1alf.		172800	IN	NS	ns2.arnes.si.
+xn--d1alf.		172800	IN	NS	tld1.marnet.mk.
+xn--d1alf.		172800	IN	NS	dns-mk.univie.ac.at.
+xn--d1alf.		86400	IN	NSEC	xn--e1a4c. NS RRSIG NSEC
+xn--d1alf.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CsVDUJ0ej31G+2D9ZeyYjIDootdgCaDPNBmazgH+nZAwjIdtxlIPXgnxSfGGpcGAkGr1R8krI8DxrRXmS4rlWh8wlkdtove9uUa2+9SGyeueaAIRo6KsjYIcWtS+YoxS58yaZLR9NJ8J7sv2eiMP221EZwv31hPAlvWIY9ManmWlBHGIPkLet3ofNShnkZaxCQHxMj3uRe0TW5kLHnD95PM1ESQpmmw7sltbYoWOLNfXDTjGwVXv0NNrPprvI7+27xU/z2wQAbBp20E+wda2/mxh+EDGW29NjYSyqOVKI3UmbGnfKWrExMvbCoB7P61Ru+CEUgCnZ4w8j3n5YLLKbA==
+xn--e1a4c.		172800	IN	NS	w.dns.eu.
+xn--e1a4c.		172800	IN	NS	x.dns.eu.
+xn--e1a4c.		172800	IN	NS	y.dns.eu.
+xn--e1a4c.		172800	IN	NS	be.dns.eu.
+xn--e1a4c.		172800	IN	NS	si.dns.eu.
+xn--e1a4c.		86400	IN	DS	8731 8 2 90045C6E0579687C19D9318132095ADBC9532831F3D175004D8E4A05FB05D268
+xn--e1a4c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x+Jvc5Bf2dx0MATVNbMVVS59qQx/vCMAbape14AS8qp3DgiOwzQRPe613Wnjr0UXw6mUcyJl/Em2cFNqTpmnaQ559/PCuEZaYtxd7h5IiaR9vjiO2zxHATb+xd8oUu03bplgObUW78y2nG359B77egymQ16zEmvnJt2KWrGawddQYom/NdJDxXnPv/LrAgRNwT4ejl+eXRPN/Gof0glbW6HEwjOA1tlqc81qIr8pWfzIrXQb1tltCvnnrmOqiF2BF2dT+mndhchrUYQD9s2nXd9zf/HWNOdSCobzWX5HySRvBmGpvW3e2tpi1gr5tl1yB9cLe7tV+4RoEvtpE/ATIg==
+xn--e1a4c.		86400	IN	NSEC	xn--eckvdtc9d. NS DS RRSIG NSEC
+xn--e1a4c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZnQK05v6r7biLzh+EICSf72ecbZpSYsbDXC8o9G1dWCYZd4hQRtVEw5CO6rA1A5MkN6etjBhGRwqpjxz3wBo+C/8QlyZGptKZHorkvqqUkK9ulJ0fy8A1HO1nb45GAD3mu/02sAFp7Fh8UB1w9wq/rVxfqs1NKhvrMpppKZ5QsB/czk7GxuI+B5L62nokmMEK111l5OcZXfMXqOPRhkUtm0avFtXCd/oZ60gTtuxiwQRegvZx+pZBAiatAfTAnkmnkfBdrZaqSDGgE++EiAHAnpxNKPKPPh8eyNDNvK3NGU/1BDYwftacaHrMyaWjzHAHcskxIgYFW8KkCSZkc765A==
+xn--eckvdtc9d.		172800	IN	NS	a.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		172800	IN	NS	b.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		172800	IN	NS	c.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		172800	IN	NS	ns1.dns.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		172800	IN	NS	ns2.dns.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		172800	IN	NS	ns3.dns.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		86400	IN	DS	15400 8 2 02709FFCF8A245CDC4BB1D688F982898F244A65D798C574A5EC82749C918830B
+xn--eckvdtc9d.		86400	IN	DS	40972 8 2 87CA2A9DFFF26F0B71F1CFABF9DFA315ECA77CCAF0168C5A39228AB8A5394D7F
+xn--eckvdtc9d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PzZ4DdY9KAU58l2WiM2AP+UdWcNmlbY17VGxk/7DSUpnUBJ6lCr2brsI0m1L+GeZDlot52MLVeZSGWWkw+8IuT3h1YQmEAFyC6qxmwJomvWsZG0jQLbiMG4qdvZfgwLiYNY1Bj0qVlL6ksAgRHqMsU9O3bAb1hTTBpnJ8biykM0XTe6NLeAwRlUxTlSs/hbwV+wubIVlaeVYRmwNdUNlKhjcWRpu+yCfZWHkeOdFlp5VxILFhyxPx4PUOQIpjtef3PtlAUfoENBhzipbSU/1nNaLuMh3x6aMrR7gRQeze6sqTSSeFNC0qWv5/ZjvYsMEyYQrKpH+T5uHVm4zht/htw==
+xn--eckvdtc9d.		86400	IN	NSEC	xn--efvy88h. NS DS RRSIG NSEC
+xn--eckvdtc9d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Mu+O2yqaCP8RTx2kaQ77KXgprMKC4xCYowEQUNxIisrbBrXp1HTOz8jYf3OfKwBc63hpb9Jvdjkx9KKBVYmrrONU8TWWmVW7Wd6Sdq5xgVXv4ZVkB7O4DQ0iQRtZlubilfFA4kWmeWl+MTHgFgFPJk1zihWfKLBKEkMcha10SuKjwMcKzLMOYS2NLCfGMoxoeOQL3CkEGvJmBp2ZLeLGcHWkmwKXF38yOoRjcZRvu1PMAqupw7b+2X84P9G9fYqUEUX3OqcOCIqjaVZld4CPq84z60XjuBBWBf8SescLmI+TDysuYwqxuYADwxo8RsA3vuIYkU8JBoG+VVokwwFpzw==
+a.nic.xn--eckvdtc9d.	172800	IN	A	37.209.192.10
+a.nic.xn--eckvdtc9d.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--eckvdtc9d.	172800	IN	A	37.209.194.10
+b.nic.xn--eckvdtc9d.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--eckvdtc9d.	172800	IN	A	37.209.196.10
+c.nic.xn--eckvdtc9d.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--eckvdtc9d.	172800	IN	A	156.154.169.66
+ns1.dns.nic.xn--eckvdtc9d.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:42
+ns2.dns.nic.xn--eckvdtc9d.	172800	IN	A	156.154.170.66
+ns2.dns.nic.xn--eckvdtc9d.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:42
+ns3.dns.nic.xn--eckvdtc9d.	172800	IN	A	156.154.171.66
+ns3.dns.nic.xn--eckvdtc9d.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:42
+xn--efvy88h.		172800	IN	NS	a.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	b.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	c.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	d.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	f.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	g.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	i.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	j.zdnscloud.com.
+xn--efvy88h.		86400	IN	DS	16702 8 2 3DC3633898AEF4CF395E3B558DDDB6B02111ABC6BC31BE55346BB44CB7778E74
+xn--efvy88h.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZbmdsFJnqoyaK2s9KCxZZAjyCdxXnnAZwwuqliE0EF0nR+lloPvnXmTWngmZuAttddhUcnPntnnhFP1BaRLxI5LkKK9GSgjUONtAp4ybnzaUrSytKDMwau7q3sRzg4O38wh+faOxWl2dA4UiUaj3cUYGDX16GGzKdVw7PeugzzCZXsFY8omWwrq80yugb/aIsmNzFUEBKLkZZ3G9P2IxQNFKGv9fiIyngzI/lDVjuMULv8k40uFV4VzTDi54JhUPknveGitVc7IuUqtInA6wo6JeQxFiZN/vWMT0PbYcWqqMyi0ZXXbI/JjYQGfTpjHuPcE9MEXS0qqV9m/I9pbJ2g==
+xn--efvy88h.		86400	IN	NSEC	xn--fct429k. NS DS RRSIG NSEC
+xn--efvy88h.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D+TqqJTCvdJIbkCdncZlRZMi8jhs/LjdQ7RbyNnCHkJcjBZyNR2mD0wbj/F8xrXUzEBrdrdA2GC6LmO+Kh12Mf3YRpC9OeW72RLEf8om8FvyWexCTbLVry5bid/rgP+7y4gJGAqIJeS0K0GW7DEADtONtWrN87FLwNnuJ5LFX9swomLnUWr+i70hB1qHuArs2aMUzhsG24yQUUVWTpexp8BAqCDE1WkEpxRPt9CL9P2A05ATfnjCIaEXRchAlqgj2SZQwB2t7KjyxS50ATKBrx1+PhJm/NplED+xbAZzPNPbo2g1bkcZLUAR6xGFJhPr/W0oQfFwCth4AqTcQDLlSQ==
+xn--fct429k.		172800	IN	NS	a.nic.xn--fct429k.
+xn--fct429k.		172800	IN	NS	b.nic.xn--fct429k.
+xn--fct429k.		172800	IN	NS	c.nic.xn--fct429k.
+xn--fct429k.		172800	IN	NS	ns1.dns.nic.xn--fct429k.
+xn--fct429k.		172800	IN	NS	ns2.dns.nic.xn--fct429k.
+xn--fct429k.		172800	IN	NS	ns3.dns.nic.xn--fct429k.
+xn--fct429k.		86400	IN	DS	8479 8 2 C4FA8D520FBB397127D969D901CF7D4CBA2341020E00066179F240C9B631005B
+xn--fct429k.		86400	IN	DS	43072 8 2 0C2DFC5910AB7282C7C3201810C8A465C2AD7A6C6C4E26B5D8A2282F0387685D
+xn--fct429k.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fXBl1LF6ul/mYtnDqloj8AteeX2lnPiYD2c/CW/JK5QUE7lmRof0M+9ReuDn3lHWSfljuGJ9vqmqfct3J/SNyT5A75w4IL9R3aMnqTVDPbZKIJXbO7y30r1gVhaae9vZ0r7qIPwVtwU+rRHpbh6I7p/he772MReksrmgGvmABRwOBoZwIie6VwRSLGJuSdsZeQFk8ZYNpQ+mZ+9p7asRye7FEhXt2r0sGI1Crt4lu+oJacvl0jscz/soUWMjkU5PGjNlyGKGWtaI7sQmJjLmVX+w8j7IIPHg1e1PJZFTK+JgXeqrkGtM2U+T1PdqHaK8Rz1nvBDes7w7Egw5Y9+1vA==
+xn--fct429k.		86400	IN	NSEC	xn--fhbei. NS DS RRSIG NSEC
+xn--fct429k.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g7mwJyshvcD++OSKXgpSC49CrMp0/T6SSdPJWnwpOBzlS3y/Sm7FLYgv+q0BLJIU1oZEJUoUQFLshC5eixeiw1HMVsfoou/j9+sVuCwf1sq848CV+LxmREPzyl/5fiPdDvSKH43kmFfVasUNGHVgBR+wB4MEQlcXLbGUFnz/l4J2gpjFQfcEWktVRjrjK28L/rTK0zZkLHQm0uwR/EcmyFrczg7tvaIt8Ub6bOsIaGDYlt2zMroyLbOperYrfmVuK4svdCELmexdJ7Rodaq1bRbrM/216mkp7HryVt8Gnsqi8bXQywIpUbgvrXQXugh1FXCU+5z2EW6DB+c2mZCHlA==
+a.nic.xn--fct429k.	172800	IN	A	37.209.192.10
+a.nic.xn--fct429k.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--fct429k.	172800	IN	A	37.209.194.10
+b.nic.xn--fct429k.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--fct429k.	172800	IN	A	37.209.196.10
+c.nic.xn--fct429k.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--fct429k.	172800	IN	A	156.154.169.67
+ns1.dns.nic.xn--fct429k.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:43
+ns2.dns.nic.xn--fct429k.	172800	IN	A	156.154.170.67
+ns2.dns.nic.xn--fct429k.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:43
+ns3.dns.nic.xn--fct429k.	172800	IN	A	156.154.171.67
+ns3.dns.nic.xn--fct429k.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:43
+xn--fhbei.		172800	IN	NS	ac1.nstld.com.
+xn--fhbei.		172800	IN	NS	ac2.nstld.com.
+xn--fhbei.		172800	IN	NS	ac3.nstld.com.
+xn--fhbei.		172800	IN	NS	ac4.nstld.com.
+xn--fhbei.		86400	IN	DS	9171 8 2 8FA92257D3AB8E1BE968BCE6500CD79EFC42D91F43226C7147F978E00C80944D
+xn--fhbei.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0nAy6wOMNPOsxGzKsCGswm6rtpRRAJFeEg5WRf8y1dPLK23UCBeza6Y8hE8MU41s2WbtFgcXdkDz8qUiLMWgrMOr067UEUiWVh2Cl8LfX7aobHcujFcVkcg+STxZU+FT5uuG1m+1GcYyGfq51/+RBehN+1xG0jpWrZvevFHBemUoydF1jKf43Qc29ImzbTva6bAICz/XGgSbq9G9JG3N5SmJ+f2dWx96b9U5VeapQsMO7ByZvCS2LC7lc/qFUgnB5CQ0yWU5eOif2fAshzEIgMQWxpFvJ15FFgMYYbPtS0y6VeYepVHvNOKny7aKN2qIiE71HAlmPARmk8YJMP5BPg==
+xn--fhbei.		86400	IN	NSEC	xn--fiq228c5hs. NS DS RRSIG NSEC
+xn--fhbei.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wydeFkeEOTVkVPulbDhyrNRFYmmvB/0xZKv+eAXJ4skY/2gS2sDck9ZqIB4XGUvUAaskyjCTiUZop3KXEOqEYFG5MeC1X/kiAnkWdXZ0LFGOl60CKYvTsKpfsQIVBxg6psWar6/Y5+fUG3C5DwCURiPFmpXFKGAb/SJOxFTDpf2PK8xzX6CKFboZ6Z219ZD04X78cUXtk/PhAoyKfjLeT4mI891KxNAY7UrP7eJBxtGJC9reMV3mr+NFnx2ZhXDvMxHMDaMu2P8IqrCg6vOdxy4Gg6wmgdWw6pr2/UHcVl4iZHJouFHnt0I7G7u/3WrNcEN2O9SC+6S2IQvwaCsrKA==
+xn--fiq228c5hs.		172800	IN	NS	ns1.teleinfo.cn.
+xn--fiq228c5hs.		172800	IN	NS	ns2.teleinfoo.com.
+xn--fiq228c5hs.		172800	IN	NS	ns3.teleinfo.cn.
+xn--fiq228c5hs.		172800	IN	NS	ns4.teleinfoo.com.
+xn--fiq228c5hs.		86400	IN	DS	27565 8 2 646412B3004632FD45544EBEC09E1A2F27E3DDA2489814A170DFB2052BA1787C
+xn--fiq228c5hs.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l8cRROf8pEFir/vwC9eKR2kWH54MNZD0de5UM/hDy5uTajuM6HRfxJ3/bt5wTy5JNcHh/bdtCUl0zJoJ5TD+4+HRFbPmf7jYTFnqBDMxNuRrRMj0+2cIloE8F4fIUgXwviG724IiPBQgR5J434ZhhsVWS44JlocBlUtdntmTKBwaJhP6KArXqwFh4EG5ewRfzy3x2D+SFisnF+YWedot/vTFgzA6g82A7w/su/J3JhcPFE9a/d7N4jbF4hUgefYp0VJeScV3QqxZFEf1lmKpZnxzBPEkRhnMuMGY/0CoSuHOXute3oI1LpO1kk5yWH3Ydg9+boruMBaGJPA7vfaYvw==
+xn--fiq228c5hs.		86400	IN	NSEC	xn--fiq64b. NS DS RRSIG NSEC
+xn--fiq228c5hs.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IvNndWrroVYbubKjg+vSbKJcdFPdaOWLLZG1XiiHftNO6HQy3ck4q4j/GduiXDPe0Un8XFqpneQMlYXZFiWVfy7u9CxQ076MEntBDxnS5HAiu5qiABPbZHcaIe/dzh1z+quQDdpI7z2XNoBz2UGkCb5qrIQ9wpv39YYt86RtowkHYRBdqOllueWxhXr2/OF8bovZqQ4g1UrllDioCEMf8hZXXcyHfyc5emiosBpGi4XfeFaIy5X73UpNFOq1zetL5FGcwL9b5u0nNLNsxtLNqCeJg9I2DqS0Dtxf2Vis9PJRe9B0gszcoqT8KhvK4VwwX4kpa+XLFb+B+KcCOEgiBw==
+xn--fiq64b.		172800	IN	NS	a.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	b.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	c.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	d.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	f.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	g.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	i.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	j.zdnscloud.com.
+xn--fiq64b.		86400	IN	DS	38824 8 2 2DE6674A0EB17276F0E601CBD11A42A23FA04016329F0FA30A80DF7C6A5625F2
+xn--fiq64b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Hmy5jodKmdrnnEbuqHLTpHEx1tDkK1rSskH/pl7b5nXSjCzSGl/oB1MyugHlkV7+GAJjjlRYEwh1lkvvnDXoerDqwhIMmTzZbyVoDybZGRZwzZYeYDzh6p1cSM9I2LJZRdHjfDKdj3NYmcarr2fbq/dkjtZMyxk2tWFQZncmqxfdN5Vw2BHcJBPaVCR9KG1I8EnTp0TjoAiTFuC3BqxIbiGx/AHoO/GQgKK3Fy2ew5FoGA7KavQusyfwAtncRJ7mfvtVBI5vPA0s81yfi7TvZ1fBX+/IpZ+Th+56fMl1/TTQc7lPDcNIAjFtcSChFhG++EzyyRBJoMtif5IBjmz8xg==
+xn--fiq64b.		86400	IN	NSEC	xn--fiqs8s. NS DS RRSIG NSEC
+xn--fiq64b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j8F6MG2lAkrMRV/1zIR+hlB0BW6dtbCLLWMB8x1GmG4KcYU23rrUL76cX3o4/vOB7r3yI8YxQbHZc+ZpkoqPQcC8InaLkkEVPUf5/Ug1eNaw+1ztEmjdP3o69VPpOyY5sScqR62GF6M4yYgf3hVyjQHFIPQH+BnoO991bXaYIbvrEefgUKyKCE+zp7Tb0+uGbpFqXLQLJpB/rv8rnRQOj98Qn4jNQNDTeUENJiYOh20Axc/GU0UomTmnyPa6THH/rEEzY885NOlhZ/b5+URavTZ6kTs5SIOkTJ6qNExZHCjj/P40/Ufl7PhOc7Y6NsGqCmjaDSuObrG/WaL8+7xE+w==
+xn--fiqs8s.		172800	IN	NS	h.dns.cn.
+xn--fiqs8s.		172800	IN	NS	i.dns.cn.
+xn--fiqs8s.		172800	IN	NS	j.dns.cn.
+xn--fiqs8s.		172800	IN	NS	k.dns.cn.
+xn--fiqs8s.		172800	IN	NS	l.dns.cn.
+xn--fiqs8s.		86400	IN	DS	28162 8 2 9E1E18C1AEB006AD617593EC2D2971E33BB22048316D1BB9F67DDD5EB00708C3
+xn--fiqs8s.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l00LWdvO3PDj1PlnxFCh8yr3hM2TKVhnoJ5+xYATxyxa+sIRx6RWl329xPqS0Mfu/HIs8OvpblP5prd7kWMiT4IAUh9VDuE8NQeg5e2Dh1dKLx2Rk9LA4r1JHJC/bx9cv74otkpwfb7HH2Dz4lcU9jYJeWvovbf5L8mb8VrLK+xKIfhcYXqErqTR/ra+Z0UB06ZqWRi4UJiE2snDB/7c8A15e3ARmAcSrMoEakUGF21NCFMqZrjaAfzvtBm3yAiDUNmiOkvoRiOFslmcvfITvauc9m2BG+nWrx3GmlwrYG96aAeWj/NUGKoKofvsw9F8elnfhTwpVtghZDLhT4UAmA==
+xn--fiqs8s.		86400	IN	NSEC	xn--fiqz9s. NS DS RRSIG NSEC
+xn--fiqs8s.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . co3XIxLclZ3aZm6mnwPuoVNKaVOoSotJRsyMuYVK2LHb66x66ExVrFXv0ON/A4i09Z5xVfwcIPaqfaQDmbfaNlLkdH1gakU3BXTHCHIbmGlu78XyIBI3iu1hx6HVTZEtA9CkBvTeUa/huwGUvWn8vbInFkyhVhJXMNW7PQQC16rtEM26BldR4/egJqu7j9kyQeAYZL1MaU2ET5EE7eB0Y5LMGEbbCwv/9jLOMjXLAK/4cu+G2OIn5T3n9N9rn6TO9kE1GwDjbp4UyA9fbf8MviYgHK1HKBxJ4G5DYti0mFLrjRgoop9Ke46SAj84ZB/gwBJNs54laVLJFlRagCi7PA==
+xn--fiqz9s.		172800	IN	NS	h.dns.cn.
+xn--fiqz9s.		172800	IN	NS	i.dns.cn.
+xn--fiqz9s.		172800	IN	NS	j.dns.cn.
+xn--fiqz9s.		172800	IN	NS	k.dns.cn.
+xn--fiqz9s.		172800	IN	NS	l.dns.cn.
+xn--fiqz9s.		86400	IN	DS	28162 8 2 30B55F108E07F9C2397F0D233324E02E667A137569FF91FC0311DCB73CEA1571
+xn--fiqz9s.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WVXXf6D21eef+spDRgy45W16wu8TLmJ6VrZ8i0nNbhQhbaCv0W9x0rshiIrHWuB88uE0ahH84dckaM6XMFmahmj3GhV/TBxUnkcSER5amTjpNAFhUs9kumE6iGfx81zObnEWDVpGGB9bB5w2w00bSP8/XtL/pDjmYXfEEsZAC2ipJCTYz4tBuxxd1mdp6kWhRWpwNfvc2orgvjKsilTIaMKuOLSSeD5q+3EGnXrG1MTTkqnumpoPATH83+6ZffoMVSJaQP7By6GGKLuncz0w10qL62WABfc4W4goPGvM+ddPlZwoEOM79zaaGgDtggo6doHhoJRDHyM6ApXipz642A==
+xn--fiqz9s.		86400	IN	NSEC	xn--fjq720a. NS DS RRSIG NSEC
+xn--fiqz9s.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lC9vdOiDT0rqA72So8wkJeodYzdjMuNKynAYxjlDoKA5qwbXks9Z3I+JlOJ6Z6ld7w+HuchpmhXLeMqXfPPMk5yY18G9xsRZ+CTYVXnSzUqYgaZETy6EwiADGEdwmjz+CrBe/vu2UM0LBEJiO+8M2FzlWLYOSHj8o4ht+0nQVgZJeSxAJmuGYp1hbdjlV1jusFq3A81jZX8Bu9FUNGb4FfpuTiCBdlI8qqj+Us9QQUZI5NptGGZCbbZZykiV7wD+aTh2pr/IZN+oPJrPE3dLGyBpRlFNLu2O5wZ20tLPqiTZokeYORIhNI+5HeCr8dncQwl0qbVXNm1n2APuwtxp4A==
+xn--fjq720a.		172800	IN	NS	v0n0.nic.xn--fjq720a.
+xn--fjq720a.		172800	IN	NS	v0n1.nic.xn--fjq720a.
+xn--fjq720a.		172800	IN	NS	v0n2.nic.xn--fjq720a.
+xn--fjq720a.		172800	IN	NS	v0n3.nic.xn--fjq720a.
+xn--fjq720a.		172800	IN	NS	v2n0.nic.xn--fjq720a.
+xn--fjq720a.		172800	IN	NS	v2n1.nic.xn--fjq720a.
+xn--fjq720a.		86400	IN	DS	63835 8 2 E3F265B8894B76BAB24512C5276BE9243C0AFB4595A14C879F9FB711E754C013
+xn--fjq720a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yaZ3WbxzE3SW0tl1UQEorZ//aosYXcSmr3tYW0TNjZvhEw/P5tOR5O+vDwe16C5ZyRRgc9Fx9kpCl/cJUpc2vRzv+wSgE5Yv5mFEsz2J2dmixJSZUHtc8T7auzvc4uqbF7EY02hydlkL2jcS5YXzZ7G5t0H4MOvENLz18PoOe9LR0/P4Rwz4WyQtU2vhmNicI7zHHJPHejjxJEbu6zfXfjfO4kzYphs9s+cmud6jl8dz0juAsTMCIgxwoA6HLzUOnSuhqH0VB/U7WLwYjRe3Kxi3VMJP3K0M6l+jXyaJ0zkV2enuNXF7Gs+VexlC8p8UrI9/DZTeGTRQRsGK5iHEZA==
+xn--fjq720a.		86400	IN	NSEC	xn--flw351e. NS DS RRSIG NSEC
+xn--fjq720a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GonTdnMPxwBhzXW5mCOcFCDDYhvLmEuULhHjHI/hCE6sU8Z7Ww87z35xFP2UJXNc9lGpPao432rGXysqLZ4ywiDmrnNYpvDIGA2PU3+bYEVir6OjnJ8hQvzszHpbd2SLRtWFnABCwnt4rx0LLvQdSJmt5KIP8NyKTiRWk1Y22QI4xy5d5CGfRVN0aV+KHJ9i2oONe7W+pk6BXzBBZvXEofJeVVJp6JoMBFKD4BmIkWtR543q2jruowbu3oqS3r0bGmru9XaaqJ/da0d+8wWS9WDr79F4DW3IDa3T6UKmfDnadVG2EotTqOl1hE2Uq8wBe0UaP7OsGaXhvz2HXi81aQ==
+v0n0.nic.xn--fjq720a.	172800	IN	A	65.22.20.66
+v0n0.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:66
+v0n1.nic.xn--fjq720a.	172800	IN	A	65.22.21.66
+v0n1.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:66
+v0n2.nic.xn--fjq720a.	172800	IN	A	65.22.22.66
+v0n2.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:66
+v0n3.nic.xn--fjq720a.	172800	IN	A	161.232.10.66
+v0n3.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:66
+v2n0.nic.xn--fjq720a.	172800	IN	A	65.22.23.66
+v2n0.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:66
+v2n1.nic.xn--fjq720a.	172800	IN	A	161.232.11.66
+v2n1.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:66
+xn--flw351e.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+xn--flw351e.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+xn--flw351e.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+xn--flw351e.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+xn--flw351e.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+xn--flw351e.		86400	IN	DS	48919 8 2 AAACFE5EFE147EF640DBA9107A36F9E43BC2B3F736A538A680CD1C01AAFE41FB
+xn--flw351e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . E09nLKkiFc4U5TnNFAgZzHP8L7WuEAClbVsn6M84gpTES3hxqfzZjtbwY9u72XVQI20hFpHb714HE1n52IlDX26cf9kK0xUUCoQaGQQOQONAoNT4BmA8SUoOCnJFsTIqcfkS33W9JjloUvr6mH2fn8DFMYNt9JzWAna4dCUOkETz//OxxtAVMUDKIb7CIBu6X3exUlKBC6jDfBehGzxXVzYaN977J0Ug+JuepUv2VqgBkOatubnJCVwzlTjjhl16Q5JfV+fNkl0eqtTsYuWSbC4u7a4CleZWcGOXOfNRsRVo75460TGKcpc660fjtFhaQfbsdKXC85OCJ3IppeDzqg==
+xn--flw351e.		86400	IN	NSEC	xn--fpcrj9c3d. NS DS RRSIG NSEC
+xn--flw351e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . h9UkILbAgTA4C6fsmbEMPsI7od9DWO4Mik2pg/4PQ4AXG9kxXM1xdRX0r9dIBR+kzwxTmWiLA213289Ed6qdZM+7EGbDeaOvy4eDgWb/hpkRE7i9Jzzy2lTr1qa1RZmv/9oMe1weZPjFk8XWhkgLamJAKD12QxiaBGZM42QuJNJw5rYskJTMzn/YuL+ziQRKtHUSDKcjUex8Bl9oNrvoFsCYut/MxYH+I8yXdceTQJACCaHXGTbFtysTVk8mm/DXOWGl5ejL6I5Kzs0bTxV61d2ieND5GZkBikF9HUMZI1k48+tcCFXiDn+a3XlHFiHn3A2l0Xg7526BJWQ8EntKDg==
+xn--fpcrj9c3d.		172800	IN	NS	ns1.registry.in.
+xn--fpcrj9c3d.		172800	IN	NS	ns2.registry.in.
+xn--fpcrj9c3d.		172800	IN	NS	ns3.registry.in.
+xn--fpcrj9c3d.		172800	IN	NS	ns4.registry.in.
+xn--fpcrj9c3d.		172800	IN	NS	ns5.registry.in.
+xn--fpcrj9c3d.		172800	IN	NS	ns6.registry.in.
+xn--fpcrj9c3d.		86400	IN	DS	26197 8 2 EB7DFAFD23A445896290691D11244BCFC9B4A1FFFCD0F8927D613530C8DBE73E
+xn--fpcrj9c3d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nFJc78w2lD3Oe7f7Xxx9I5W9SdPhgL0uMofCuU37NgZS/reJuOdx8+eTAr9LW5MnITbtxoj9jHBavkFguRK5oLAtUsnixw0uVyoS/sKCK6O0m6Anlhg590QmZpqPKwnWF7tmQIHbUEn+N+kwtO/BRIDy6GhlRWSM3DQrVa1f9/m+eJG3Vvpz0fK9uCLV0Mb63AAmYsQsNXGiW+6kG0H/vJ4E7Bmu3iqILJDZXpTGGAbX7DR0rWgg8/Vr/d8eKI2YbTigJyJDCtwJPPL+/ZCcYW8Cil1UkdnIxYuCFm7WcOAvVb/EQNrb57D1J5xNkIrnvyI2kSB9bZS6vOeks3uwVQ==
+xn--fpcrj9c3d.		86400	IN	NSEC	xn--fzc2c9e2c. NS DS RRSIG NSEC
+xn--fpcrj9c3d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DE+wzj7NlP6PQIo37JYZHaUhSM1ORLVXwv52DXZzFVYlbuiozbrv4Z9lUbuUbqYKtCOXyXW2iI4VmKGp+G92Wkn5xEQ5q46XkPlpxLUO9K0MyVy7vvb6yhcV/T0wez7RYWdn//lHbui89utSaoXzjVh7q/0FaUOpR7elW12pT7Hd1JTIgRuaQDf5gMMNa0ZK06emJHzTYTPUoQUnD8BM/+RDic7HMjqladGeKMS9XN9PEPKHvT+jsOAdeZHOUWMcBWMWh7KAxG/PzV0owW+6Vl19iyrbGLJ7x7+0+9QZcr6xq4yEB7CHkODYJ035FYv+MDwjgb1RHW8IB7SZl4q1tQ==
+xn--fzc2c9e2c.		172800	IN	NS	lk.communitydns.net.
+xn--fzc2c9e2c.		172800	IN	NS	nic.lk-anycast.pch.net.
+xn--fzc2c9e2c.		172800	IN	NS	ns1.ac.lk.
+xn--fzc2c9e2c.		172800	IN	NS	ns3.ac.lk.
+xn--fzc2c9e2c.		172800	IN	NS	ns-c.nic.lk.
+xn--fzc2c9e2c.		172800	IN	NS	ns-d.nic.lk.
+xn--fzc2c9e2c.		172800	IN	NS	ns-l.nic.lk.
+xn--fzc2c9e2c.		172800	IN	NS	ns-t.nic.lk.
+xn--fzc2c9e2c.		86400	IN	NSEC	xn--fzys8d69uvgm. NS RRSIG NSEC
+xn--fzc2c9e2c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UZnvyVZacy9VMyUdJHK7/+uvCK/FJj183xszjqe254RsHQZr5vYqodMCEy3OssJ76zRBD0zq/SwDfjr3v9/3YWnS815D113jMsaWJHuNt4isx+VpiVwfpdhwQIG9FEVHXHdWYvVqiPO09PeXudlTyiH3oc6qvwq01C2PwxH5rVKqC+7VB3PoC0Y5/XSylKYxqc6e5TPp8jHh4Xx88dUWBihaTwdJ+dScb3nxoPiHXu5rsrNLWGn1pRTuuQ+/KPyUY+V3h5QaIHtv9KbyAe1HKHvJrLb9mad3V7mE1+vgnYsZVjRPRyDwZHCEvWIeX1Yw8tfGP2TpQCmUdIcUlZk16g==
+xn--fzys8d69uvgm.	172800	IN	NS	a0.nic.xn--fzys8d69uvgm.
+xn--fzys8d69uvgm.	172800	IN	NS	a2.nic.xn--fzys8d69uvgm.
+xn--fzys8d69uvgm.	172800	IN	NS	b0.nic.xn--fzys8d69uvgm.
+xn--fzys8d69uvgm.	172800	IN	NS	c0.nic.xn--fzys8d69uvgm.
+xn--fzys8d69uvgm.	86400	IN	DS	5302 8 2 1D8B69A4FCFC475FB7D9D7B5B1366B92C51826A503A530F2EA1C6D07D58B9D2A
+xn--fzys8d69uvgm.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KYYV7oZaj7N1Xymk6CHiuzoS0NPITEIG5/8RqKvZAC7vkS8kiEbC16KyabfpePvUHOQV+40rM894bU/o93/z8g2cucFqyqVSSL0G/ZPVHMxzSz4vg5nk+8TtfxSYgITK9UVYQ6yb08qiGw5F7MQMCaDy/gn0QqqfHETrGe3hPq+43IzEDceIKZM6Yyw2KPBfFlxMBfGekWKyNSZBxI7XFoN9yxHiDUB8H/DuUhtfGQeoprD74OMG2DFnp6EXFA1J6zSYX9Bjbd2DYNW5xm982Zc8zlin0RGpsdsDt12W278q21N5tTQtYczYfG1Shgoz2E7ASxzJ8iiPfg453Px9BQ==
+xn--fzys8d69uvgm.	86400	IN	NSEC	xn--g2xx48c. NS DS RRSIG NSEC
+xn--fzys8d69uvgm.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VSg5EjXyLdgCi6o52+HDbWVoMg6amYvrW0N6sGXksIP1T0szMiLW5zhONUM8cAlLvcWJwJMxG5LbqExza75wfcn7OPpK+KVWHr2bB0eQnu4JolKgezb74ovZOM+WCVo9LS1NdwCuUDOzQAhiVzYj/+ufRwdtn3I6ORrlLTzkRcBCsO2QfHYIp/i0VeSl3lN9HKH9vY9S9SSGKiU5kfZhk26MD2fCCyRpS5Z/mvEVKIfX5aEUEP8hLo5sDuFHvYpPdQ3PsDxhwADe0BrgNLCewJW/nIbEkmhtZkEmHiRHHL6FTKsm3ZMPQGfSuAYw/f0zF5jX5vo1Njp6RHTzccRZLA==
+a0.nic.xn--fzys8d69uvgm.	172800	IN	A	65.22.172.33
+a0.nic.xn--fzys8d69uvgm.	172800	IN	AAAA	2a01:8840:a6:0:0:0:0:33
+a2.nic.xn--fzys8d69uvgm.	172800	IN	A	65.22.175.33
+a2.nic.xn--fzys8d69uvgm.	172800	IN	AAAA	2a01:8840:a9:0:0:0:0:33
+b0.nic.xn--fzys8d69uvgm.	172800	IN	A	65.22.173.33
+b0.nic.xn--fzys8d69uvgm.	172800	IN	AAAA	2a01:8840:a7:0:0:0:0:33
+c0.nic.xn--fzys8d69uvgm.	172800	IN	A	65.22.174.33
+c0.nic.xn--fzys8d69uvgm.	172800	IN	AAAA	2a01:8840:a8:0:0:0:0:33
+xn--g2xx48c.		172800	IN	NS	a.nic.xn--g2xx48c.
+xn--g2xx48c.		172800	IN	NS	b.nic.xn--g2xx48c.
+xn--g2xx48c.		172800	IN	NS	c.nic.xn--g2xx48c.
+xn--g2xx48c.		172800	IN	NS	ns1.dns.nic.xn--g2xx48c.
+xn--g2xx48c.		172800	IN	NS	ns2.dns.nic.xn--g2xx48c.
+xn--g2xx48c.		172800	IN	NS	ns3.dns.nic.xn--g2xx48c.
+xn--g2xx48c.		86400	IN	DS	11539 8 2 FD57401D8CBD9EC59540DDF8FFFA884BC523D94B9A30D5EFD81ECE063376FF0B
+xn--g2xx48c.		86400	IN	DS	50719 8 2 66ADCE3F11BC5ED44969987CF67A110272341CDA053A5E1A03E92A24AC880902
+xn--g2xx48c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . E3sggs2Oymdh4Ov442EIZuK1oKs2dK8vKknFHrGkloiGeT+aTi2sTE0x5LZrzWJ6c0v3NlwLfuO8MfTqaF1eKQkiDTrnSvsQnV9iPYvWpR31/qZPoMw078fZV1bhN4u+RnIO3K33yKHx7W8JBXGjx7klDXQmWdUYBQrRz5nlXOInN0M2z1rVcRK4l4cHrsTT8PoB6xWvpTGUXtzBTrpAikalU70bkVK8U2hifqlNZlZ8MtGcOpMNPo27Cg+7VyCuzbbHpOxwHTvHZdcaeMuYmy05llSyALgMfzOJP/AwVzLg89jldPp0M+y9g4oURXxTfLOwdKZxm72FFErzpI7otw==
+xn--g2xx48c.		86400	IN	NSEC	xn--gckr3f0f. NS DS RRSIG NSEC
+xn--g2xx48c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lX0CTpT7kabhFGPx0Xnf2pLFYViPxRHYcG0rWOQaf/+s0srTqYfFJluHQhzehzPoK+nf/gHCan1pjr/dj8C+x9SBzzMjUSeVK2PXe/ef73tLG8rhb1RQ4AF7Mtal/KSBvuwh2fzpdMDXJFlbPI1uK2wo0Z/CFkpVh7/7pOXdWXekTPFCC+lnwFGYPrzcwHKzmVmpBwKZ9i1CqcRSXA4M6/4NG4XZWfu7KhsvNFTT1c9QnFgCJ5/3ikKapRQb4085kYb+ooQdJYxJOsHE/vpKCNAKq1hYFNr0boo88It8JMB3IcKncp/4K/t8xzjjfY2/iGRTK/tT6QfY4Con9SZT8w==
+a.nic.xn--g2xx48c.	172800	IN	A	37.209.192.10
+a.nic.xn--g2xx48c.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--g2xx48c.	172800	IN	A	37.209.194.10
+b.nic.xn--g2xx48c.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--g2xx48c.	172800	IN	A	37.209.196.10
+c.nic.xn--g2xx48c.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--g2xx48c.	172800	IN	A	156.154.169.68
+ns1.dns.nic.xn--g2xx48c.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:44
+ns2.dns.nic.xn--g2xx48c.	172800	IN	A	156.154.170.68
+ns2.dns.nic.xn--g2xx48c.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:44
+ns3.dns.nic.xn--g2xx48c.	172800	IN	A	156.154.171.68
+ns3.dns.nic.xn--g2xx48c.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:44
+xn--gckr3f0f.		172800	IN	NS	a.nic.xn--gckr3f0f.
+xn--gckr3f0f.		172800	IN	NS	b.nic.xn--gckr3f0f.
+xn--gckr3f0f.		172800	IN	NS	c.nic.xn--gckr3f0f.
+xn--gckr3f0f.		172800	IN	NS	ns1.dns.nic.xn--gckr3f0f.
+xn--gckr3f0f.		172800	IN	NS	ns2.dns.nic.xn--gckr3f0f.
+xn--gckr3f0f.		172800	IN	NS	ns3.dns.nic.xn--gckr3f0f.
+xn--gckr3f0f.		86400	IN	DS	20257 8 2 B43C572DB9A2FCF853558B4439FAE106547749D710B0F67528343F0274404543
+xn--gckr3f0f.		86400	IN	DS	63631 8 2 C31C7F2466446141095814965F54B1C216EC7D588A47557FAF927707BA09278C
+xn--gckr3f0f.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SygxRu42GnOXxoXkDCxmIA/9u4nK6uWWqliTIHILZEeQWRYtF2/z1bWz7dnubj/JZ/JXEV3Z22/ZHBCjR1nr85yNDzReaKQNtMBlTYuQmi+/t+UB2jL669u1kFWQQr3khvXONjHP8G8pit2/MJos8nR6WQ3imr1gc5GTFm95xwMogDXbybOtYhhFzR2ewMS038Jlta/V102PJgs7EjUMHXwQxkB3I0Wpo/8ybxewyeL2tlcvWNO5iv29lFhV83RR4kgLLuWIeHXaK0rqBWEQ46FiEXXAdCBWD5p1Kk9nLftgE8IKS9i4ylqcE7qBj8RS+zE3GRUuOicVQ0dj1VodpA==
+xn--gckr3f0f.		86400	IN	NSEC	xn--gecrj9c. NS DS RRSIG NSEC
+xn--gckr3f0f.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KxTjQ4GW3/oR/D0sfPtXPo7rjQxR/WGXLv06nxC5T+Af2daSDx9bp2gQkf+MUBScCXuogFvsRBRzQQCbHIdXAb23Sv46tuPw+3MVNZvS/Yq3cA3z9mAED19vRb4j/Mi3bP4hp3wHMzqWQ10prnTbyocfkVgQJRFonBKuAU3zKjAmgDITrjLcX693kif5O2T5Yzix+Qe5plpxwbTbQDKDMCuJpOFhkJfwveJ+oAYNOzapFbaCdXgTD54qwNJxOs0qS+VdqaI5axUKnM8zrK/A8uH5zzv5haaB+FavXWIvqUjpAgQ3ZFwGyso/TEzqu0P7xZPunUUnfWs30UGK/mjeeA==
+a.nic.xn--gckr3f0f.	172800	IN	A	37.209.192.10
+a.nic.xn--gckr3f0f.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--gckr3f0f.	172800	IN	A	37.209.194.10
+b.nic.xn--gckr3f0f.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--gckr3f0f.	172800	IN	A	37.209.196.10
+c.nic.xn--gckr3f0f.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--gckr3f0f.	172800	IN	A	156.154.169.69
+ns1.dns.nic.xn--gckr3f0f.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:45
+ns2.dns.nic.xn--gckr3f0f.	172800	IN	A	156.154.170.69
+ns2.dns.nic.xn--gckr3f0f.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:45
+ns3.dns.nic.xn--gckr3f0f.	172800	IN	A	156.154.171.69
+ns3.dns.nic.xn--gckr3f0f.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:45
+xn--gecrj9c.		172800	IN	NS	ns1.registry.in.
+xn--gecrj9c.		172800	IN	NS	ns2.registry.in.
+xn--gecrj9c.		172800	IN	NS	ns3.registry.in.
+xn--gecrj9c.		172800	IN	NS	ns4.registry.in.
+xn--gecrj9c.		172800	IN	NS	ns5.registry.in.
+xn--gecrj9c.		172800	IN	NS	ns6.registry.in.
+xn--gecrj9c.		86400	IN	DS	59902 8 2 9A26F0E597291522AFF9251198C841E6573924B8B142CF99A44E292B9A252BA0
+xn--gecrj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RhdC/OXUkR8way+9VGhKyzQX77UfadMXZSw9bMIpSloZaqy14+EjelWeUveaGkEvj1AL7F2aCW3a67yw7LZDSMRsKOGI0GIAX+3LYAymXtD+TL0Q3zFPdxOSCbm/Wvn3rF+0i6s8uh/0KQ/1PRPxLUtr+/zjhd7Ng0ktG/X2DONlyqirDcETTMMQIDzdAUqbQCiOpvNOLKT9b0Ue/uRqmgVpIonc5qlBxfwP4P6/400d9Bc/SDJAiB7zKjEh3bOEcEyPCOmEtrYyCAME0BQtaB3TxCB+HXN8yBLTmLWd60iQHJJbwxvvGCHG07rnNDYvFuxo0ZnyhEt1F8w+W5KFvg==
+xn--gecrj9c.		86400	IN	NSEC	xn--gk3at1e. NS DS RRSIG NSEC
+xn--gecrj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AzdT9JSMhAHK4BUmTHWj2ZF/rNuqtNk8CxgVtL0XswHqdcEH/olEX/SuJrHMOUA/BxUKCv1MM9L1w4CXX4bMpKG3DKJ/2pk2KauRy3P78sZzdPJ5TbxVImrhLbdbDXnN+MVNN4OOy3MF2UKIc9A0iRGzLWKlm8BIRAaNl+dOgwFHnzXfyGYcyY2BnjWmp3BLR4Qbyq/LZ8RJpt7Y1B7DgXHzBF7/h8A/7IAesFD0YOQSdhrjBI0EqlYQUytR5JSAb/Z5EHMst6arIt3VS3+/kNr/2pWMp6s3NcKvWcyuUUn2iG7toSCFK17wNs1QNhfdWAI741IHR1flQYEYPA0VcA==
+xn--gk3at1e.		172800	IN	NS	a.nic.xn--gk3at1e.
+xn--gk3at1e.		172800	IN	NS	b.nic.xn--gk3at1e.
+xn--gk3at1e.		172800	IN	NS	c.nic.xn--gk3at1e.
+xn--gk3at1e.		172800	IN	NS	ns1.dns.nic.xn--gk3at1e.
+xn--gk3at1e.		172800	IN	NS	ns2.dns.nic.xn--gk3at1e.
+xn--gk3at1e.		172800	IN	NS	ns3.dns.nic.xn--gk3at1e.
+xn--gk3at1e.		86400	IN	DS	3814 8 2 A8FAE65DE82950B05B5478B60D464FB9BF75810FD371E9D3A1869F0CAE7735B2
+xn--gk3at1e.		86400	IN	DS	46249 8 2 C189F2AC583E682FD789AEBEEF182AE85F9C55E7C1C5BA849A72C6AE3E7280FC
+xn--gk3at1e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bD/20wIJZxdxbW5C5RPhi7DZ54/hEPO+kndneqtDbldkIIHAa5jh8LA2pTzT98EuhgVchju+2sogY2iXcxdcd/xY7M5OssuR6pMJ4zPh+sEigfamB8k93DSNxD2WTCVdu7gSBWU8TDkzw+R1eIgJ/4d9aReNa3g8lShrjU089PnSJAOD5U2nS3oe612VFHgGFX+KASwgIvYSVcGGZb1LmRoGCW6GFaa6lJ7PlP4JNYv6jZ/GFeqr7wUNlzWkUTMabuaHt8r9K2fBeUTQkkvF8Vb34TrjhwJfTrdkEkXnMMbT/McrAEp3F+4hISAsV0q+4gjqQkmWFPpIIuJeLTTcNA==
+xn--gk3at1e.		86400	IN	NSEC	xn--h2breg3eve. NS DS RRSIG NSEC
+xn--gk3at1e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sK01kx9EFCKBBstfZdHPMt6VGfmsOh9YW38W4xQgxJEtFEUJjAz+7cMwwAccTA9e3W8xImldqAOGfCl4GTD2GZYF9bZqvc6rXi0k/0VXGt3TeKloNVN71/8vot2JzjLC2OUNVthszljfqTbjEdcAGEhtE62A9mbSjXgtxaNeME6hb+cRoqDnD5xKtYD6+renppItzYFOys8tPQnAw3fXFvDKar6eKfKE46j9TB3va1s6mVYFg7MvizBMSNiWzhowDHLioazA6dPsJOYRlX5hu3EO30063w9Xb9jLcypbDgRvqN+TJZydPP+MGPZLuZYVEk7P38j+rvbVc8QGp55b9Q==
+a.nic.xn--gk3at1e.	172800	IN	A	37.209.192.10
+a.nic.xn--gk3at1e.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--gk3at1e.	172800	IN	A	37.209.194.10
+b.nic.xn--gk3at1e.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--gk3at1e.	172800	IN	A	37.209.196.10
+c.nic.xn--gk3at1e.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--gk3at1e.	172800	IN	A	156.154.169.70
+ns1.dns.nic.xn--gk3at1e.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:46
+ns2.dns.nic.xn--gk3at1e.	172800	IN	A	156.154.170.70
+ns2.dns.nic.xn--gk3at1e.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:46
+ns3.dns.nic.xn--gk3at1e.	172800	IN	A	156.154.171.70
+ns3.dns.nic.xn--gk3at1e.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:46
+xn--h2breg3eve.		172800	IN	NS	ns1.registry.in.
+xn--h2breg3eve.		172800	IN	NS	ns2.registry.in.
+xn--h2breg3eve.		172800	IN	NS	ns3.registry.in.
+xn--h2breg3eve.		172800	IN	NS	ns4.registry.in.
+xn--h2breg3eve.		172800	IN	NS	ns5.registry.in.
+xn--h2breg3eve.		172800	IN	NS	ns6.registry.in.
+xn--h2breg3eve.		86400	IN	DS	42016 8 2 53CD6AC5FC1C70EB0014CD02992BCC719216CD7BFEE0F7B624DADDED7DE26187
+xn--h2breg3eve.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TXdRk2xjtvXkX8SkE/5dGm9AUObApy1MnbQIeozEYDzgqzxduukLcv78ge+efljupnZeOe+zZpTVDfInGSoap+NKdp/kPkdeqGW/LkR4j/9UvcPnjNTV8Aeqwf7//aMtABpN79PCPZQwxRBmZyDLX41269RX7ov1gbRXPqC7NvzHXeIy8lHvGIKEU7ebSqnYzli4x/eLFVBj0Uuabt9+zjKBRCEqHOMa4YhqGzECIelUt0NB4dBNhNzLdD4UjAr12tT+BssNOnkZU4DVOmA722D+75H+MtLNjKY1OAyCMP6SmOVc7xOusYQdxxgcxg6PLWsxd+pekcE3P/agCur3pA==
+xn--h2breg3eve.		86400	IN	NSEC	xn--h2brj9c. NS DS RRSIG NSEC
+xn--h2breg3eve.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OH5YuwpuJRLxh9oC4Y+hq5QqLLcPYwscoNv8IzQtx/kvZhc5inyBPE9XHdMfoTwCnjiohAJFzWf+lyT2NqNJ82v1WqnwZadD+yDXoE3JHrF8e5Ns3/TnaNBap8aiB/BO9l4U2wyylxcM3Wgc8EMr96RmHneuK2YU0IKQmfS+f5rzZfbfEDpEIH5sT8K2iu2JikoqlI2UeyLiLKqDGJ5YWWus7+bzFEa0l+0GEu4gPYUAjL0yr5BfJwQC3MEvKZT8pn2x+uCRKByDmmAmPFL/1/fPIp2yfwLqylp0koFASsReFp6KLZBks6XpwW/the1fqgqgKSPmRrDMFxWS53WW+Q==
+xn--h2brj9c.		172800	IN	NS	ns1.registry.in.
+xn--h2brj9c.		172800	IN	NS	ns2.registry.in.
+xn--h2brj9c.		172800	IN	NS	ns3.registry.in.
+xn--h2brj9c.		172800	IN	NS	ns4.registry.in.
+xn--h2brj9c.		172800	IN	NS	ns5.registry.in.
+xn--h2brj9c.		172800	IN	NS	ns6.registry.in.
+xn--h2brj9c.		86400	IN	DS	49894 8 2 72C96A20ABE89F4F0A75C573B5C1EDF91F8EF7940521AACF842A161D4A55E35A
+xn--h2brj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UAu1i4rQA78hNqOjbUg+lFkfGtGH9BgOtBIcL4B9L3FZLEsYHZdwIsco77H3dJBQ5Igi0Jl8WBAEGC5Awq6zzPW8dDk1nE+6O4/WpfPjHIfdpPF6zLyneMrS445bO9GOCGRsrKXwsMrCe6zfWY8CklMilFYmYs5KvUVLx7kJzWcnzRYHl3lRPExAiOqhMSlBlEmp8SzyHozC3w4wOrCH/0r+vlBPbQXbkTszouVmpHCbHnZuq4CSCNxiYvymDZNs0Z9sm3N/lrMLf7cI1QPPeDP+XlGG3rABEbnGMyr61fqoSXPDRsOKP00hpMT0AKisOcU9upg1Ayr36L4PSqVPkA==
+xn--h2brj9c.		86400	IN	NSEC	xn--h2brj9c8c. NS DS RRSIG NSEC
+xn--h2brj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . n50mRrIv9bSMIoZqOXfdpihNtfkpfoZmoNTlmkF7kNVTRLp7VUgMigfIS8E9KfonazmIlwiKMzBy6nFWWd9JQiqk7tra4ukd2bt5YqQagU1B6sRVQdmxljHgiNye9NkpKRDelBVZAz3fyGIcGb750K6T1dOTE+kdx0dZQuaWkAKcD4Z+w/U7luEdV3FYnaoYLiqanjJQnlVrUHgCuS4zhL5+SbZMGv4WxbSDHsmWe/9GXSofeiOhikFM6Txxzy91sLdLjPCoMzjtdh8/2C/yvhEJo2mLLdQDvB8Y3UxhVqOGjE7OLaaFIbSJhzAu9+4j4NUaZPEJpbfnA9pVjH2IzQ==
+xn--h2brj9c8c.		172800	IN	NS	ns1.registry.in.
+xn--h2brj9c8c.		172800	IN	NS	ns2.registry.in.
+xn--h2brj9c8c.		172800	IN	NS	ns3.registry.in.
+xn--h2brj9c8c.		172800	IN	NS	ns4.registry.in.
+xn--h2brj9c8c.		172800	IN	NS	ns5.registry.in.
+xn--h2brj9c8c.		172800	IN	NS	ns6.registry.in.
+xn--h2brj9c8c.		86400	IN	DS	44590 8 2 C4BE5D9DDC3D522148CE76774856BF13835A34D8FBE8F1228559708B15C39D92
+xn--h2brj9c8c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CR82Z71ZPDEAH4A8H6kJIVLUtQRNCmhmqS+4sLNuyGbYNqD9S8lumfB4cpP2mO2r7/761p/BIGeOhaDGj+/S4/AArcP9slxcyAIecjhAbocN5vmOaFb+ZQ5beTOaPQ27q243rU9Sgqrkze0HzyVi5niomxxMBJ6srU70kOuXqjrt44mxmfIH00/1wgX8YdokQ+Bh9cktg70u/kFHSxa+021+XCbHQRH5oMksXYWCeeMCwUlZGOkZcfSp3+/eOAz6KLY6IDTl1Ye5JoZppgxyriTFD0UvKCnYz7PdH0PyCJZ63bgLahXjpn90T08s8QTppwC3H8U4sIKbSWPbMCI79w==
+xn--h2brj9c8c.		86400	IN	NSEC	xn--hxt814e. NS DS RRSIG NSEC
+xn--h2brj9c8c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gtNhl/NJbCdDma1jO0VrEfu5G/U2UPmzf+eS/RDy4XWqo4rU6m/ZJOH2QWWK52EFJtSr1hGamEr8m6BVlK+JaxG7jNzfKDpNkYcYr7eDv+pQslDemxTsmCltqGiPRfNK9QaFfwK5ATVkMzSCBmFhIAxVW9WV/WB7c2s3x+s2OQQdcF2XZiNMPIWAp2eQMSI5B3qGpsoTY4LhvQ1vEieqcc4Xwt2XhIW7HtnWBXnfeJ/yxjPiq60/4bnNBst5VHg9PpdIDNBqUzokndUfW9HW/bkk6HlUnSU0ul8+dCCvHC5uUjto/f/upAEm+SdiyTsIOdIlmgPDekTsOUsnAIvHwg==
+xn--hxt814e.		172800	IN	NS	a.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	b.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	c.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	d.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	f.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	g.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	i.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	j.zdnscloud.com.
+xn--hxt814e.		86400	IN	DS	36091 8 2 D5BC5CF399DEADCE2782F1D21051A13787822441EA5850F69189960974C9EB95
+xn--hxt814e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hyYzDUOe8+gXoerobXIumU7RxGOSiQlVbBsYM4vlm9IShiQI8OTHF4C/XlZoQpjC6WNAqc94i6jLgAyOdfuKf/VkJd/asxDGqc0Du9B1CosDfmlvfBthPmEgQ2N/fp2EKLkLnG1JmPEPYhJqp7grEQqCHWI9BI5/AM5+csQ3qXx9TjY7lRmlMXoVcKlhGgaQ1zlG71YRO88Q3aXjuVKuw1ne2W7ccL82WREMsbizEb3YSJHpLynKw4iWUptv/57ZVi4NQCQWv9WqLkZ5+yli46FUgrWt8q8aiokIxFDR9E2eBXgr7oza7hZy03RL7l3oPMFEmolvJP1NZIIvP0L+Fg==
+xn--hxt814e.		86400	IN	NSEC	xn--i1b6b1a6a2e. NS DS RRSIG NSEC
+xn--hxt814e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YLGZJNDRMN3EFyYqQYIeXnGNhjbw5CO4oIa2WV9Fn2SsxhnPTIG+FkXHzGuovelnB+fUTmVtbV3KG8fcfZuu+o10hqLVlcThjXwmT2o2t4U/wobMZwgeSdHNuMj3GqkYXoPiI0Rn+ZGaCHEp34jkNRXttAToEv6rqeq2BQ4+Gro2Nby5XO6Km+Ucld8Cm6FMwYjvg17/oT0RoEkayrmvzZk5fL5LdIpSc6ZSRI+5M3OVeHL4xnkGU8E7Jb33xxScAWkx64nZXw4l2uVamK32TGBcNW/ldylnSlBHoIUxlHtsqcq4naNzVQO8oYmVFe/jn18WOIXL//gnQvV/zRHagw==
+xn--i1b6b1a6a2e.	172800	IN	NS	a0.nic.xn--i1b6b1a6a2e.
+xn--i1b6b1a6a2e.	172800	IN	NS	a2.nic.xn--i1b6b1a6a2e.
+xn--i1b6b1a6a2e.	172800	IN	NS	b0.nic.xn--i1b6b1a6a2e.
+xn--i1b6b1a6a2e.	172800	IN	NS	c0.nic.xn--i1b6b1a6a2e.
+xn--i1b6b1a6a2e.	86400	IN	DS	45889 8 2 1EF7ACA91F4EF292F518F1FCF77A646C21D7AA2594E3BD4AF18906AF70774604
+xn--i1b6b1a6a2e.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . g28TewLb1ThEM63wvmfPZDriWh6SO4TicZX/wMpXPPuqOK/QUscBBNd2sfr78TNaM3bW1LQn7Skmj3s9ftH1dur8HZ6dB1/gfpneJXhNB0SXowGP5NbZbF7Rle4P7z5Kqbpvqi8iRRNFdGQwB9org917/3Gfm0tZQMWQ8s3Bz2Snc8uHVi9zZI2HtG23Pn4UDesBl7x0AJ25TDVFxGZE+nJbKLYZUtWRHGFDhLW0G+rheTMLnRWb3Rc1d8X8wDcXVR51KNugln4redPSX3kZZjvqDsUxXJ1mQnftjUluv1BAIP5DM3zzKALRUjzbsStuc4BynyxX60q3Um2XVpSaug==
+xn--i1b6b1a6a2e.	86400	IN	NSEC	xn--imr513n. NS DS RRSIG NSEC
+xn--i1b6b1a6a2e.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Kxj/mfXXRSYnsPLwKpq2Z0NQ0xwOWuAjn16FERUfZ0gps02SCScHmGFNIh2u3XpkYk6FkFI2N/f6yQBYD4NF5s1dPByPRmeHqYn0Xps9cPF/td5GN+3FR6yHeQxyexfpMVoCsw+8UiE2aSDvcx0SlWyPQWpoWB7IiNOXhdVdqP+amJDu4lP0Ghp5DlwNej7sUqKnzCBy+CjAAFbDKqZRgrVagwtTLnFhNkidHgkSfkbNhFn2hItbDccT6wcDbyd+LgqkcqqBFVBH2up8ALF2Oxn9qDvSZ4cQ7ZHVpiTWK9kGrd1YbAKJDFpD8eTZ2F88pcL/grCwRGzdZ1bAGQYL+g==
+a0.nic.xn--i1b6b1a6a2e.	172800	IN	A	65.22.184.1
+a0.nic.xn--i1b6b1a6a2e.	172800	IN	AAAA	2a01:8840:b2:0:0:0:0:1
+a2.nic.xn--i1b6b1a6a2e.	172800	IN	A	65.22.187.1
+a2.nic.xn--i1b6b1a6a2e.	172800	IN	AAAA	2a01:8840:b5:0:0:0:0:1
+b0.nic.xn--i1b6b1a6a2e.	172800	IN	A	65.22.185.1
+b0.nic.xn--i1b6b1a6a2e.	172800	IN	AAAA	2a01:8840:b3:0:0:0:0:1
+c0.nic.xn--i1b6b1a6a2e.	172800	IN	A	65.22.186.1
+c0.nic.xn--i1b6b1a6a2e.	172800	IN	AAAA	2a01:8840:b4:0:0:0:0:1
+xn--imr513n.		172800	IN	NS	a.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	b.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	c.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	d.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	f.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	g.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	i.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	j.zdnscloud.com.
+xn--imr513n.		86400	IN	DS	14747 8 2 6581FD2FC61A9A81926E5DBE6F7EEB940402BF2DB280C98F50ABA666E4C74371
+xn--imr513n.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SWxWSyjTsv5+pSOJnzcE4jiPVdS/ssEtVH/X0PXDj/N4MU13vRKcDQ3KFQr4Yenq1EPQJkew+fTIBcp5HiRruGVeSXAQUSHAdWJU5v96vLD9tDC17i9rEzxAFDYvxrIyy1Pgu5taxJK3+X9qrEC5kjpG0jIEaWUyqCmCSEhBO2r+Gd7kQ9Sm2DrYCb6idpQ1TZ3Kmy+8cag1WuNT5x/d0qR+mu+UfHzRk32Xd2dxBwDf9MiSFmcMY+EnbVBJcNG8moCjZOm9YD2tDgkHVbZO+0IQPD/paVJ6/mQdqbx40ukg7gl6ANPmsQ+B27NChr4r/ZSzvk0h6jencnQxzzeV6Q==
+xn--imr513n.		86400	IN	NSEC	xn--io0a7i. NS DS RRSIG NSEC
+xn--imr513n.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g3iEQsq/UCJdHOs/U33TKeXikOTFefwMCIfA7VE4QEZFriu9aeY1NIRqM9Bqfi1G6npJaf8bAJwcgyqdzBv/Fa8yX3gQN+t3DwRNBoHvxPNC/klxcC3YMPJgqmkzlareiWDdLRBggYRFOsRJCnqmEgVgtJAEHpDh3r5R/dMjfGvcBIT95XjSZwwvVMgYEnnQQspCka9Ti+lPvgMKa5mASoBRvl5sAztjG7DZdpMvjOMJXwweFK7y9/2GSdkK7GRYuqR8w5n2cT4ogZ6tYcKluNlhvhinwFisBWcQQ1Cb93AFK2WncyBfklpwXbbjfQxiXYsgGGozIqT0nWXkg2euFw==
+xn--io0a7i.		172800	IN	NS	a.ngtld.cn.
+xn--io0a7i.		172800	IN	NS	b.ngtld.cn.
+xn--io0a7i.		172800	IN	NS	c.ngtld.cn.
+xn--io0a7i.		172800	IN	NS	d.ngtld.cn.
+xn--io0a7i.		172800	IN	NS	e.ngtld.cn.
+xn--io0a7i.		86400	IN	DS	47359 8 2 426DB7D3FB8E6058BE42D379ECD7742B2EFAB5DD0A7A95494D3518604B715B1E
+xn--io0a7i.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0r57c9RFDmLF0bMSnKCPeIa50vE7xui8EdaHEQOPdvLI3LUkprRBBfB30k1deeQXzXyGzz7wbjbu6aXXHGzlKUxN+32RbAgVi+xPpo7rYFbLZ5GDZc7npn6Dyv8+dkGMc3fZaX5+u6dVRtz7LS1j+Z3Q1S0em1yU2iEwilUVApJeYmvxW48417zM4MBeoF7ToQ68TMP0Hb9DnPEGQ01cRe3vDRuFAFvNNgEHR3I4RVDkCIqfmYxOn7ca7t97Gs4EObbHZE5kG8k5/U8RF8elLOlFJdIe67HpzcAPTg4rW80BWYRR21W+OmQRI4fcwtuiCspfIQjUG7hGW6OBFJZSpQ==
+xn--io0a7i.		86400	IN	NSEC	xn--j1aef. NS DS RRSIG NSEC
+xn--io0a7i.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xkji91XS69xWIXZ/nrLhHGeiX9yuwgK6J0EH7YGx7IuzvuFuAGhg4aix6PKDqFqBMmZMx9+ZbyJ/+fjcofVF4YkFm77u72TY7wPlmSCa8rK284CA8EGsqUy7jcWkfFucBtIkO1O9i/FANx+Sagxl2bM7Hz4dA5//wdCrSB9JGiy8wsgDdq3ZL10w17PmuYIBXSr0yrS1ckuw2IrCvxY6G+k8sxZUKXp1wiER/poIF6GQPPbTdCx81SvE0Dsd82Q8MgcRAYQ1alzXj7i+vw+O5sZ+gfIc2c3Yq8YJNx73kP5RWAIu4UKwr5Rv0oBmNxBN1Imey20oFu7YcxtNP9M97g==
+xn--j1aef.		172800	IN	NS	ac1.nstld.com.
+xn--j1aef.		172800	IN	NS	ac2.nstld.com.
+xn--j1aef.		172800	IN	NS	ac3.nstld.com.
+xn--j1aef.		172800	IN	NS	ac4.nstld.com.
+xn--j1aef.		86400	IN	DS	32220 8 2 8CBAA94CF4C8387C6E98DCC53A90C9C7CE339029CF54D43E59E89B7D9C6F086C
+xn--j1aef.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WtLrHu+IfYMO3EqUpuvs4ntemVjucgDRBiwRkaUSMwgUGf9PFMXV7/ZiPFsSKD1TTgY6vU32uEnZSOoD9UmM914c2Kx8hnSQKfe0Xf/Ymg9XsXECjUIeSONcKl2mmpcLiRE0NmNTVx+IKEEVcmciVFTec2ZMkuj/OwGBOyuUCOidEinier0kS1G07cWh9t35IiG9OowvOf4BeU7DqEQA8wtT0/XBkA0prO1oS8xR6KNsOfbUWMPbTl+FQ44VBNSDhiXyKDbh4Q3etR00qcYd6Mzq3jXY5RFOqemwbzRrtUsQxPDfKi7cyANMfhWsrXrzyJ70UlGT3d4ejt7UmmgZOw==
+xn--j1aef.		86400	IN	NSEC	xn--j1amh. NS DS RRSIG NSEC
+xn--j1aef.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . B0ZS5RCmFE9qnRlgcdTex0UHEkfr5XO5TeQNg+l/60lYCgviigxU6W7otHc2sQQJunXDbwI+yOwz7jptz3nqYy57Mj04Rg0YtVfwppIRknnm1BWN1OTy2RLkTbjXZRh4XvmZOk/ecEwwY/mxbUZCV93KowO9NaSqeIZoGcsLdsUjjQk4bsH1V3sSqI/luFYyt6A1W0GgPrO8Pn5pDKoNEo71bxuIWx6dqu+Q08mFQLP0xOXAcCRUKHashfmg3icoHIUz1yUBkvk236k9g2/3WjIc9W84GNGkEngfMo9ByXzj7R9t2Fqv9DH2JTbuJYhaXxDAji+PJQ5i8Q3eWSThNg==
+xn--j1amh.		172800	IN	NS	dns.tci.net.ua.
+xn--j1amh.		172800	IN	NS	ukr.ns.ua.
+xn--j1amh.		172800	IN	NS	dns1.u-registry.com.
+xn--j1amh.		172800	IN	NS	dns2.u-registry.net.
+xn--j1amh.		172800	IN	NS	dns3.dotukr.com.
+xn--j1amh.		172800	IN	NS	tier1.num.net.ua.
+xn--j1amh.		86400	IN	NSEC	xn--j6w193g. NS RRSIG NSEC
+xn--j1amh.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vtA5JsC6G8LUnkbtqvRzzjXfy3EmrBahQYGsgGwKiOCqX3Y5/qvfvPG6hz9uWtPVwDEBSeOBgWdUtzoqMfGdcJ4fOt539hGD5iP5baGTGPF4leb2OsSPOm2T68mYWkxMno7csi/K0A2nHy9D69Iw2VCyrADmcJP9JqLfywzv06Cx8jYSamJeiGMU/WI96YRT688EQwO3t74Wl6mB3TmsUN3rcoa/JAcDT5zi8371iq0LtgPpu92VptLQ6m04YtaXIzedqby0qW3Y4tOeLIOah+yySvPtWGQ+GlLInkaWSTao9sB8c75v46zYSOVTm+5a1TElUsXrxldJ0Cie4zjpXg==
+xn--j6w193g.		172800	IN	NS	c.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	d.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	m.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	t.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	u.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	v.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	x.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	y.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	z.hkirc.net.hk.
+xn--j6w193g.		86400	IN	DS	51901 8 2 E6CA0901B162F725E226E514EC0FAB47F90426A2EFFA779337EFBB4965E56C34
+xn--j6w193g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GhDEJivuhui8IdxNBiELYfA/XamQWoBJLG2aCxUs+T8ONpqUFX+y/NrazPsYp5MZdoqlI2tGCexm+krqb+emxuUZOhjcOSJYcYaiV0kdECJ0eI03ll9t8Qa9PWRBPrGSXUp9RcghiiThlQSKNb7NQZy3Ym6fRKvGN7JHQwzDsGI17gEdc62WOZ7GY/qgOez6lIiLN/3QqVQVZT4xwdgbaE3ZHoiX1fNv3WvHQLFwr2j2+c6XT4krSdJIQAo07ujtvLKL9tSEVkX23YqG+7I75lcAe7JCeY0fDhrCu41fXfffZ5/jCoCJ32rOIOsZZICMsUG1kISN8W883cUJvNtLqg==
+xn--j6w193g.		86400	IN	NSEC	xn--jlq480n2rg. NS DS RRSIG NSEC
+xn--j6w193g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aVdGRvrh9BePsS9gAcUK/+e4ArXjZWbGuFin7QwsQJOISm9C94S6IJUGVuBzfm0kpmx2bJEMoHjwuQgicE/m2mt7+Z2Oquork1WIbxVhR5ClM2fsGvOsMyrhiNoFm0+2GC468izUtPTc0WZ31NGlWL+7ZzSkMaEqrUjSBku1akeK75P0UmRBeg89ajxN3UWutiyRo3wDnWIPypYwGszvXvxRm7XR9pMe6rgsDrWkL/4dLvR3fG1mNam1a6m4IQueYbAhob/28tgQJyuoNuCbaCVFqoErLZVlHvPBgIwy7U2ks++AYJS58puXjzj8ZUT75eqhZlcMRr4VMqmxXN44lA==
+xn--jlq480n2rg.		172800	IN	NS	dns1.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dns2.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dns3.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dns4.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dnsa.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dnsb.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dnsc.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dnsd.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		86400	IN	DS	31571 8 2 3CCFC69C090A34CA30DB066549363F433AF1B5066FA8BD957F9116D5404D12C1
+xn--jlq480n2rg.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n0ySO1mRvrvoeEcs+APVPc/5F6P0y2j1B0cIq9TTO7HYDa23WNFTOFtD5mtUkRofVmmdkM4UcMj1o4o1W2OJpTOMZAZcRlm2I2wl8e/0cQ8deTKl3LanlAOknpIkG9MxUEIllqT65rDPJ5uUMkf1PIoeBz64GIfvZjNL8lGExhviKd4Cp5FkyZAnF1kwn/dgRkv1XrllBMgfDA67QUqnbp8A89GXSon3qsf0jLRxoUKaIJFxDBYoA7oSdgoFQTCZqmt7DgmU4QTXWuiMBtW1c/fFsMtxmfX+A/+UDWa0peYm8tgGBrSNucgBX2UDYOfwpbNfiuJVBlhSf26QcZT8Uw==
+xn--jlq480n2rg.		86400	IN	NSEC	xn--jvr189m. NS DS RRSIG NSEC
+xn--jlq480n2rg.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gyJu6Zt8b4Hndxh3ehgpNQ5beEDNMzyPMKFEB8qlA+Z4UeZFkjCJ3LeMkIu8zb8mrtzpZaOzp7hyhhWyFsUcRq8TCs+ZgwYu0U47di4bix6ISHsFAol7XA16wQaw1EaCW0Z0DZIab+Hgm5qAllmlCKxUQ3RkDcPBUAdSGj2+fH6pB1qGxqdTlUNMjrIEUZqj1lUwpodTSljbz425+0O9SEQmqRFmrRTkAEOVjvUmZdfZkVJNZ9d1xMZxwuRmve2Qo/FfwCyK9qki3Nhpq+Ln6pYoDMYgdBNsyv08YHW6TD09/TLCXauS4fcHYsaW7vk35dCXzaA2z/apMgwheDV93g==
+dns1.nic.xn--jlq480n2rg.	172800	IN	A	213.248.218.91
+dns1.nic.xn--jlq480n2rg.	172800	IN	AAAA	2a01:618:402:0:0:0:0:91
+dns2.nic.xn--jlq480n2rg.	172800	IN	A	103.49.82.91
+dns2.nic.xn--jlq480n2rg.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:91
+dns3.nic.xn--jlq480n2rg.	172800	IN	A	213.248.222.91
+dns3.nic.xn--jlq480n2rg.	172800	IN	AAAA	2a01:618:406:0:0:0:0:91
+dns4.nic.xn--jlq480n2rg.	172800	IN	A	43.230.50.91
+dns4.nic.xn--jlq480n2rg.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:91
+dnsa.nic.xn--jlq480n2rg.	172800	IN	A	156.154.100.3
+dnsa.nic.xn--jlq480n2rg.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.xn--jlq480n2rg.	172800	IN	A	156.154.101.3
+dnsb.nic.xn--jlq480n2rg.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.xn--jlq480n2rg.	172800	IN	A	156.154.102.3
+dnsc.nic.xn--jlq480n2rg.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.xn--jlq480n2rg.	172800	IN	A	156.154.103.3
+dnsd.nic.xn--jlq480n2rg.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+xn--jvr189m.		172800	IN	NS	a.nic.xn--jvr189m.
+xn--jvr189m.		172800	IN	NS	b.nic.xn--jvr189m.
+xn--jvr189m.		172800	IN	NS	c.nic.xn--jvr189m.
+xn--jvr189m.		172800	IN	NS	ns1.dns.nic.xn--jvr189m.
+xn--jvr189m.		172800	IN	NS	ns2.dns.nic.xn--jvr189m.
+xn--jvr189m.		172800	IN	NS	ns3.dns.nic.xn--jvr189m.
+xn--jvr189m.		86400	IN	DS	7474 8 2 1A4BD45FC99D1B96BBF07728DA08ADCD9F7C3BC71851E140C5B1D0B6D7710349
+xn--jvr189m.		86400	IN	DS	29656 8 2 77FEB7DB568A4783B12ECB6DECAD2A0C7EF4C02E6CA448305380B2B4FFF29867
+xn--jvr189m.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OXsyE1OJTdbSUaAbi1bWkM5EtbFnYooB/fcYR7tNTk16aXcDhXolAuoYW/o7gxE5JYcCoexoS3rVcWmOdVB/N9EazsasgvujU7hcaszW3hMBuHIXh6L4xVKXK6x6OgAMkok4l0FLsJYLArP4aCxcWO/dRW8ZA7Vnqkb49nkDgKVMj7E3V1BxPGs/DJ0mtnAFtMOHKza9SmLq7uy/a6Kso2xPH40Vb6A0APCy2rhJXe96KuUB8N07jSW1o+Mg+1LA+to4hpO+qSYqpvfA18RWntXgRA+J9P4s7TWcWrTyRHA4xTTbPqtHdy4OgADxSw/36454wJtsXNNc5ygjNN3cgw==
+xn--jvr189m.		86400	IN	NSEC	xn--kcrx77d1x4a. NS DS RRSIG NSEC
+xn--jvr189m.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jup1GKkuT9YFMqSXkhDfHtO4lWea5t9HGRQkEH/SoM+Xa2uIl6rxO5FHp1n5n0tdJoIiIisJFDJvxcBe/FZ/uvq4/11Ls+r4iUz/sEx4qMm13RK1gMiGyBem80c78/Zky1j5VG+t2Il41M7gni/EzRwTZ3ugZh6oW3Aetp/+YGFCpWDfuQ7SWWseKop31vxfWEijk1BqGtdDp7ojfkniZI8PUuMLIo6caPQukKtDT3QnVLr+8X/t9rwfEtkQabNMFYQqhcA5Wa66M+LtEqqib/9LkStsT/Buif+hOKzw247t92g1Ri4iUId19NGiNFbVebCgVm9cRvs1cwVxvi9S9g==
+a.nic.xn--jvr189m.	172800	IN	A	37.209.192.10
+a.nic.xn--jvr189m.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--jvr189m.	172800	IN	A	37.209.194.10
+b.nic.xn--jvr189m.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--jvr189m.	172800	IN	A	37.209.196.10
+c.nic.xn--jvr189m.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--jvr189m.	172800	IN	A	156.154.169.72
+ns1.dns.nic.xn--jvr189m.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:48
+ns2.dns.nic.xn--jvr189m.	172800	IN	A	156.154.170.72
+ns2.dns.nic.xn--jvr189m.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:48
+ns3.dns.nic.xn--jvr189m.	172800	IN	A	156.154.171.72
+ns3.dns.nic.xn--jvr189m.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:48
+xn--kcrx77d1x4a.	172800	IN	NS	a.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	172800	IN	NS	b.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	172800	IN	NS	c.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	172800	IN	NS	x.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	172800	IN	NS	y.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	172800	IN	NS	z.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	86400	IN	DS	25186 8 2 484679FBE2D01F386AC34D3E523F48E0A691C90DF9EAE97B80494F6AFB645A05
+xn--kcrx77d1x4a.	86400	IN	DS	52825 8 2 5BB0DDA1180FDF0F6C0932F027C0B6FAF19CFA8E9848F954046D4BD63EBFBC5C
+xn--kcrx77d1x4a.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . d189+mjnSs8Op4KOlGQz9elUamKehLhVOGHMhMdUSim8WPZ4VDphiYRzk+Nja/eh2OHVhhV74m499qt2EMqpODSHjeVJ8MvMRcS5tgx2WndreRKxhJ4zQc2AfvOapRmAvvjBzU2TuGVC1Q0OHxCvUy9/P8AARdW2nFC+1M6wf1DLXeARlbrdkTelU5e5Uw/evEvQhynwzT+/KGw1rTOIEnRZmLorKPKcF1hcpB55FlluzkqLrfuRuTNR9sweec2sb1SN70nYv1xw8HVHXjbi9R/jYxu99ZJZrP4M0CWE7MA8xl87hNa/v2QsgkgHKAGQSqzurFLeDHI5pwB75IIobA==
+xn--kcrx77d1x4a.	86400	IN	NSEC	xn--kprw13d. NS DS RRSIG NSEC
+xn--kcrx77d1x4a.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YzQfI2bf4F6p2lRh08u0xvfYsEz8NsCFeYVdtRqjSZPH86cWqOL1kEt3AOghkug0Ap0DQrm2LnmB4MbcpG5lKVoC8OEFJrXfQ4Jw2mh63nyWQv0J8ybP5aNwbCC2cGLA5C6OanDSIVQNvOSUQTvIoncBs56pvGTug/oNUXu6Z8AbfrbceDIGf4awl8PaFhNrD7x0ninUoYjitiudC32GgvPH06DmskHDJ8lb7fQPO9v0WPkkldPC64pMm7jH3B7b2dcS0C56GJO9M/s6uT85zCwwiiXvgiu0HMc/wSwOrv+LKsbqCO8fxbiOnQ5I2XgfcS44SMKClRTYnIR89E1XWQ==
+a.nic.xn--kcrx77d1x4a.	172800	IN	A	37.209.192.9
+a.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--kcrx77d1x4a.	172800	IN	A	37.209.194.9
+b.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--kcrx77d1x4a.	172800	IN	A	37.209.196.9
+c.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xn--kcrx77d1x4a.	172800	IN	A	156.154.172.82
+x.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--kcrx77d1x4a.	172800	IN	A	156.154.173.82
+y.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--kcrx77d1x4a.	172800	IN	A	156.154.174.82
+z.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--kprw13d.		172800	IN	NS	d.dns.tw.
+xn--kprw13d.		172800	IN	NS	e.dns.tw.
+xn--kprw13d.		172800	IN	NS	f.dns.tw.
+xn--kprw13d.		172800	IN	NS	g.dns.tw.
+xn--kprw13d.		172800	IN	NS	h.dns.tw.
+xn--kprw13d.		172800	IN	NS	anytld.apnic.net.
+xn--kprw13d.		86400	IN	DS	3667 8 2 8AC78818CCA7D2CD3A323BEAD03CCF68025CA932219014748692F12ED7A4B2CA
+xn--kprw13d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YCK7vvjTZcM0jAyCg30b6DD7jVF1PwXFM9FgzEu5aftXJnanrcjlvFWZGgnJrduSs8usUH4cuc7TPhNA+ASURVN5kSOjDUW/Zhk1gKtl/sYroXT53+jO/Rh9L6p11VMyrqzsCpO2MMwCHaM847bTm9R5O1pC+C36eRGEptDr0d0O1e3fdQovr6aCaOyRYfmBMY3IT67/kE4Zbe87ogW/nXbIfIEDBlLQvNQ9m9mLfuGATArDZNBLEUE6JCQsLu/F8bdrF3jZZIkTYOyMkzH4U3G97oYfcXIGC2z++crCxJy/sU5j+13RZY2uvgOK79gu3VNErM2g7yJq/PuBBzPyrQ==
+xn--kprw13d.		86400	IN	NSEC	xn--kpry57d. NS DS RRSIG NSEC
+xn--kprw13d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g18iqx2aPaVPwK5V1eWw5I5HWfA5a3eh/1mUkRv68qBr6wngOFY8t7WTY6X5Z0IK4mKP0NR3nlR628R6PtcL5l5CqKKFt8K+02TpY3I0DN5tl9BLVxq1KdShtNpHb9si60do0ZLPXqZg40ZKNQQf1QQWtjxWa2O76OVs9DFuOPd9oo/tyoPHrHDevyUyhru53aZVS59s6N470nYrvZkPeoB0ssT6lMuFbrPxpL60YN6vm3zzYKolETPPjU6wXFi+zMs4u7x1GoB1HRfmQoku6dal+qrGc8/OGgxvY32YUp01h2mPOww6TOlBoik3cq2SmXyIZRLfHi3i7sPlf+ryTA==
+xn--kpry57d.		172800	IN	NS	d.dns.tw.
+xn--kpry57d.		172800	IN	NS	e.dns.tw.
+xn--kpry57d.		172800	IN	NS	f.dns.tw.
+xn--kpry57d.		172800	IN	NS	g.dns.tw.
+xn--kpry57d.		172800	IN	NS	h.dns.tw.
+xn--kpry57d.		172800	IN	NS	anytld.apnic.net.
+xn--kpry57d.		86400	IN	DS	15901 8 2 119F2B2637AEB13DA5C5D5B605DDCB9389A811A27D52102D9DF28EE507C02DA4
+xn--kpry57d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u4rN1IM8D9BDmMrGh7yHX1S72brJoPHZoMgCeLCztH206jTtLljlfRrRZjLNk9cC0WMH9NIIrEc3ToY2mm98iLnM+iW38B+1j5jTXL3965jK2o8xXndf/DiUdaJsfA/255iN1UuY2g54Fc0LnClfJdkeLi/MujZnd7pKdkIcrrCmxQlstSiDZrCEewvd5FkrsknH9nL3i+hQCy6ItYCDxR8kmNFjRfmlZeItYaKBB3SITEP1QfzGJMi8I62iHwqKJzkOsxpxddc6HBRbqpZGbdqYk03CucmI8oowPtULRZzQZriuc9je4Ctm+FIC4v+we3UYixUSJXraIet72l3Inw==
+xn--kpry57d.		86400	IN	NSEC	xn--kput3i. NS DS RRSIG NSEC
+xn--kpry57d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cJYeyHgsyQzNDaoqx+F+/A60nAneLk7H767V6Y6Zwzyz92DIc486IFgzCS0hWN4XuACLsjBUNmzcvOY2LptfzfWxJrWUeq/pI5XsnWih0s7dcLu/PNiAzwy7p6/gsp2Ce+KPn/7VXQUCc0DT2oQ0ZO4GHz3k/SshbzOQiXCl1YtqxWI+IBgHe/0oKFSK6JHs+/C7eEnFhE44LXNutwjuEURGOjiqB/zyFxaC/K3LlUbR4D3B71Uni66PE0TQGii3ezN9u/l8E7TSKbphlTyAY4UvGnz6uPCSSxNx6qXSdOS0atWn5lyCqlGwrCSHR+b+Fhl/HVHBjlXOIm+gfuAyYQ==
+xn--kput3i.		172800	IN	NS	ns1.teleinfo.cn.
+xn--kput3i.		172800	IN	NS	ns2.teleinfoo.com.
+xn--kput3i.		172800	IN	NS	ns3.teleinfo.cn.
+xn--kput3i.		172800	IN	NS	ns4.teleinfoo.com.
+xn--kput3i.		86400	IN	DS	27565 8 2 A00D06BA7171102D9575F47AF108B70FF9E24CE0D2ED3AD8F8923F14BB58F217
+xn--kput3i.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1ukdbiNMjiMKk05P/BcxeIbVmq4g7M+pXk86VsxonFuIc4e7eAkCxqVzkN0ZuK8hCwO1L90qmk+KfXXmkFcH0eZj5qdKGMWEeRJ9Lo0sRe/EAcPeUVl7Ye5x5L4G3yLk5Dwn4JN82+3cWcV1aqSVGpI+qAuCyb3m8isNH7CtdAiSeQSdodezEL6qzCeeUt7MvrKV8Uymuc6Ow4JM1dHtBscZ8uBcCC68T9FWae+XZq0V3LR6vSsCqCtqornVG5yGsRK9T2LujLGJBAlYvxjxl7B3LhFeDDyXQ6IGfR3fof7EfkAfFG5Vb3NIP/aPSNSEzF5NjVOKmcppYrO4E8g24g==
+xn--kput3i.		86400	IN	NSEC	xn--l1acc. NS DS RRSIG NSEC
+xn--kput3i.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sGux2shRCeiD3Am5PDKk7hVb0O1ycnIYYLYt2L4tQD955c7NotqWmQdYnmZ2c//djuQ1hJpvqhK2hwgQk7SlCJOdfzNXqt88IbJkUGcqTwfyYvtk1oOYnE1Dac86Aojsy2HjjvUfin/TCaSNgIGKZuU3MsDR0ahn3hx11Y8Qt+PIsgQvaLYXwaUJuR98/ld/ti31afqLoglh01koWqTSuhRRzTe2smuPhWEQh4p5NtvfsWmhnS/URY/j7hm/fufhX/fjqMs6vVhw7rqdH7+0LhBHdIyIVMBHUk2ZxMux5RY3qV8Ml7q+BfHi8hCyGIWhW7Nd4AG/mzkPPrRxXgKMbQ==
+xn--l1acc.		172800	IN	NS	ns1.idn.mn.
+xn--l1acc.		172800	IN	NS	ns2.idn.mn.
+xn--l1acc.		172800	IN	NS	ns3.idn.mn.
+xn--l1acc.		86400	IN	DS	45112 5 1 1F4351261342FC31DAA8D5E4F1D4FBF6EE0D9857
+xn--l1acc.		86400	IN	DS	45112 5 2 1CBBA9081B31B12FA98F5B7FEE95751BD16676E41A2ABC0B25BD0C0031474492
+xn--l1acc.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oZ458GnfmI41BPFKK6Xr9vq/Vl6xUwEdzn2saFDpxEql0cWu9+p3OzK0f7bnrlo6sxg0cUfLzP0+MY7m1eC/SoDogLFCLEW+w6UHhiG+VNKvUXYgX4xJHUI47U5J4C6J2wgpbrH/x0auNp1AVmzZgXBJp2KXLg7HD4Cld+3jUVrd9Y7FF6X/V7hC4Xmgb/ZS5EbZC5zSU8KkDa9qt6N0y9KencmhsHXYMKc+yvh/c8oGIH5LslHqKF/Moaik2ZDM/hG0IFUQOdZm5DVkNFdj76M4bldA5tWY+W6zaV7N6GLtyU7QbSy14EkEvzycWl3Yo/wjN5j+tgCOael+23ztiQ==
+xn--l1acc.		86400	IN	NSEC	xn--lgbbat1ad8j. NS DS RRSIG NSEC
+xn--l1acc.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CqbT02pBtXhYW1ebALzNbp55R/ZxzQkxN9Nnpq22nhtBFd5zmwtqD7BMIEhQe1aijo8wuyQTw2/o0sZGSZIPv6HyXM04zaecfgXE3C+37l9TXp/J8nRxxCP5QlrgtiN1Pp09a/f7/hUfclYoyZVALp4l68SIfJ0K2mbaEzJBAiB/FDxI+4EMiqjGvbMeCvuGyPoNGhZbKtCt0FndNhhJ8WVswACKVHmKTINZ3xYDh+z/I0BhGYnyeQBUXmFf751hYd88/tjZotuGBnH7XRObs2w7GQsGjd1aT4/teEhkG7yWPzkIf5wLQG+4Dcl8RGNK8jpDcT0vuhrRQ/VNVQkizw==
+xn--lgbbat1ad8j.	172800	IN	NS	idn1.nic.dz.
+xn--lgbbat1ad8j.	172800	IN	NS	idn2.nic.dz.
+xn--lgbbat1ad8j.	86400	IN	NSEC	xn--mgb9awbf. NS RRSIG NSEC
+xn--lgbbat1ad8j.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AXFQDxNyDu3N59hq6FcUQ8x4M0/IpDqFUUrwoxayLtCMGSKZciCHwOs+8+7flDPgFKpW6AFVUw2wcYB8HkyEgyLW00NQRKezf2qDl62vRK7+iyV6iBNUXsESxvxkIKWqN3RyYrkEIDWv5fD4JyJnftRNxIz9qHzoFJhv0VC7ALH+qpkcEpHAJFiU5TADu9H6lTTCaVMFPKmaJETBQjoM7M+XPngbVFLBatZuv3JgcH3Rn/leEPpTlrTikc4UnYQhwyza2L/u125HdXyJJoxKKNiP/cviOGR3KZeCioxHM7ptu0hZjhK/IC1Y/ZB3NUKbPv5JzvUgk+7CiHwY+HrU+Q==
+xn--mgb9awbf.		172800	IN	NS	ns1.registry.om.
+xn--mgb9awbf.		172800	IN	NS	ns2.registry.om.
+xn--mgb9awbf.		172800	IN	NS	cctld.beta.aridns.net.au.
+xn--mgb9awbf.		172800	IN	NS	cctld.alpha.aridns.net.au.
+xn--mgb9awbf.		172800	IN	NS	cctld.delta.aridns.net.au.
+xn--mgb9awbf.		172800	IN	NS	cctld.gamma.aridns.net.au.
+xn--mgb9awbf.		86400	IN	NSEC	xn--mgba3a3ejt. NS RRSIG NSEC
+xn--mgb9awbf.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x5skPx2fzbFfM1Jd5tQe7DE6P6DoEvTQpS8QKP5G8cKA6zoUdRIzcMVbdzyFwfz5DlF3hOBi9lNrVwWIOFzPZBggzp1RnD/zFHVMcbEm4wE5/yEysjSo33siyseo5uIpDHKXMr3nRT9fU+hKd5s4Ohos8DwPYyVM3elxD5nzgqUODN+zNk5icGV9Q82iCcm64CMSSggkmWoG5L1+ob/7bj1C5efG+dEvaZC2dPzC3mb9IPUgfVLdj09KPw+yq2ERSQa6pzTnL2yhMRwl/iDzqHD9TFJDE91tqdTD7qfvpUDO0VkC3WW5CFsSDCvpN9+FnzQkTwZPZGqmHFHth5kz8Q==
+xn--mgba3a3ejt.		172800	IN	NS	a.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		172800	IN	NS	b.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		172800	IN	NS	c.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		172800	IN	NS	ns4.dns.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		172800	IN	NS	ns5.dns.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		172800	IN	NS	ns6.dns.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		86400	IN	DS	11089 8 2 C3A28D5F3C622803433961C5B5769C4DF33E5C83ABE9D1C2DD78FF4657FC8468
+xn--mgba3a3ejt.		86400	IN	DS	60499 8 2 31728B6312E2EEC4D09535252D0B46F6FDB80969882CD9E76D0320F3A2E37798
+xn--mgba3a3ejt.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pmZcMD3jwMHX9eMJRYzgHSWcwRzQOCIE9mIuBHWXZHrih3Gb9FnuqHN/LmuQiT87UIvz6tMZjuPO9Z7Ytc4SRWI1P3oMG/u3czfFvyQVN4QKcmkk0QcLUx6Atihy95pZULtouKqgll2d3ENxVZyOeSk92FtRUghx/VCI3sDJtCiFaf8bXxrHtx8k3nr/wvoNjA88udlueo3uDXu7I1vGMVKxdMhKWYynybx9/NVhsCFoHCAAQx9la42AGm4tTAViHBTajHx9oqHR7X4Hz+6opZnZahTDitf1Hf8JSk9BfCHmzvAt5DGdHgPgSgq+kjAYGH6WIEydyf2firfDoxzgcg==
+xn--mgba3a3ejt.		86400	IN	NSEC	xn--mgba3a4f16a. NS DS RRSIG NSEC
+xn--mgba3a3ejt.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wnKkF+mWpdasugI+tO+SXa+vD5vtGVpIyefzcvHNXeAvwjcYaH1q3o3Qn3uc2PI6Mte85JK4ZlRBNXRdUfQD3Xj0v5Sv8tOYDPTvArs244BZjNuSJva9LAud1o9B4ea7R8JSMLUf6M5n1nY8m2k7dUBl3IIaRrTwHwv1XF8snRKsOmc5/LFAZSzlnITcF15E8QUs6wsI/PtLJOkQX/aaniw5QZnqaG8mfSaISNvJao7rO5+4SWXfNJNimxtpcvUX6XGdD/kCl7KyijkGnqjQziA3rGhoC7VqnSi9wCFopVPVeb5hwgskceAg71kf07YaIg9QHwEH4793JaM6Et8a2g==
+a.nic.xn--mgba3a3ejt.	172800	IN	A	37.209.192.9
+a.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--mgba3a3ejt.	172800	IN	A	37.209.194.9
+b.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--mgba3a3ejt.	172800	IN	A	37.209.196.9
+c.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.xn--mgba3a3ejt.	172800	IN	A	156.154.156.15
+ns4.dns.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:f
+ns5.dns.nic.xn--mgba3a3ejt.	172800	IN	A	156.154.157.15
+ns5.dns.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:f
+ns6.dns.nic.xn--mgba3a3ejt.	172800	IN	A	156.154.158.15
+ns6.dns.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:f
+xn--mgba3a4f16a.	172800	IN	NS	a.nic.ir.
+xn--mgba3a4f16a.	172800	IN	NS	b.nic.ir.
+xn--mgba3a4f16a.	86400	IN	NSEC	xn--mgba7c0bbn0a. NS RRSIG NSEC
+xn--mgba3a4f16a.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bp1SxwRYIHCQaWFoGkdLq4WNc9/uslD5IWdt+gDOV1zczx9ms6fqunKbPcXPxejd2o9L7bgOJ9L7Eu/UUhDAHZcJTb7Q/gSVehow8YC/18yFrmExglJhxT1Fpuo/JdVG8uYADdN5cdLed6t1U3R9cFGvzVLSm//D1qKwxWTTmLRZVr4QRmji5FenTDnKPaQVTkP30YkQnv+vtDhG0BHgTOdmvaS2OR3zUnoUDLzfXOkldNI37Y+LoE1Z59DG6vep/+yHqTANocYyT4MlnY3jfgKFV3HelDgMxcHNclHEQ/sPVNzUGtZtZM0o1GVZqYZIzJ7E8oZByOExQo+onHH/Kw==
+xn--mgba7c0bbn0a.	172800	IN	NS	a.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	172800	IN	NS	b.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	172800	IN	NS	c.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	172800	IN	NS	x.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	172800	IN	NS	y.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	172800	IN	NS	z.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	86400	IN	DS	2662 8 2 A083E4E9E6F8037D89DE242FFFE38E301BF73B7E3F132835B239B6D68258EA9F
+xn--mgba7c0bbn0a.	86400	IN	DS	49291 8 2 3BDA917F1A0FEC4728394C77584D299DC23814CBCC508A46255A2EA944883CAA
+xn--mgba7c0bbn0a.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZSkd29530FSTipAoBnrzMYvGv0SGRlDcahCbiW/Gimk1gR+gymy4msrIB9Z+xtZdt72QnO8XxBiMRyN3DOFkFysMdGwyp1AC43LTbJL2I7sc/0M/PTQ9OjrDjQCDysGemAnzaOQMoVP/KAZFJ5TPubd+3uG6h2MSMlwO+i4ltXJ1/LDWRjLnI+ie9BUqaFKmUPV2fNR2b4F+Lci97Xiw3/n+OdQhKlATFxbWDE1lLM/ZINiwJISB1BGddhnaeFAjVEnXY+vtWCCd316Zvvr4BCbib5G3SVNm8XYpilS1Z5H+rwfA6VxUbkBsz41hrMAIuFVSjDjOSsO44F5aRuWNsg==
+xn--mgba7c0bbn0a.	86400	IN	NSEC	xn--mgbaakc7dvf. NS DS RRSIG NSEC
+xn--mgba7c0bbn0a.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wKwXUxKGF359RQXSG7A56jP3ujnuwi4VZgFaZi1j7hT56Dcn5CsY/ZYU1AnllLUPlZW/f+MBInE/1uJDhNAqRe2K1Y0HZVAutdSQDASMOYDYxLBq8LSD7gPAppgmNPNCR3On7R9gv7opU8eDNVxkLFMB5e5Yi6xh/M0Hrz5T6xKth0VPhHvMVA8rgBntRy5RrH4xkE57Sb58DE66TQwphYsFg1kAN424uKj2EubibRuo9OpUO8e19xfnbAEViRuGRYGZ0Z7uia6+/SsxCgG88a8EzWpNb20aeZHJTIz6YAEL/EKqPsIUxDiNh/lEJwSrsUhtnEt8IbfTqS3Wgzwznw==
+a.nic.xn--mgba7c0bbn0a.	172800	IN	A	37.209.192.9
+a.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--mgba7c0bbn0a.	172800	IN	A	37.209.194.9
+b.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--mgba7c0bbn0a.	172800	IN	A	37.209.196.9
+c.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xn--mgba7c0bbn0a.	172800	IN	A	156.154.172.82
+x.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--mgba7c0bbn0a.	172800	IN	A	156.154.173.82
+y.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--mgba7c0bbn0a.	172800	IN	A	156.154.174.82
+z.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--mgbaakc7dvf.	172800	IN	NS	a.nic.xn--mgbaakc7dvf.
+xn--mgbaakc7dvf.	172800	IN	NS	b.nic.xn--mgbaakc7dvf.
+xn--mgbaakc7dvf.	172800	IN	NS	c.nic.xn--mgbaakc7dvf.
+xn--mgbaakc7dvf.	172800	IN	NS	d.nic.xn--mgbaakc7dvf.
+xn--mgbaakc7dvf.	86400	IN	DS	1841 8 1 3ABD4823CF90E3891ACC13438DB4953AB99F5255
+xn--mgbaakc7dvf.	86400	IN	DS	1841 8 2 91BB6CEFFE38DDB9BD891A2A9D3CD1A86A6862F23F5E1BF5E9C77944BF47C030
+xn--mgbaakc7dvf.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Gd7H7Qlp1ns/vnPnVJ1/31084/R325t/+hqTLn3kfP9UcyKAi5qZVTohZOd1nVq8IdwTc9GMlR8lwVqtC0EmdyM9ffppBNyiW8nEe/Qfjd4RE62IXldwhkQWAWpUIwnKmxsiAZo8nokPtaamC41PPMYu1LNLP79DJHvkX4zcjTrfgbisipXtYQCQ5bv1RKcpyRa8l1el4yPCZ+De92QwxdaDgScVVUOy58p2AjHcJYJjCzJJGO4YGF9NxT0fW+Ky/fNQzV6YfU0z9sg4ClXilNeNmkL74UuphtrqYNqg9NzU2O0MXDK2I8+sfCD7mnXtqfzy0OF7Z2Ca5gKrzY+YrQ==
+xn--mgbaakc7dvf.	86400	IN	NSEC	xn--mgbaam7a8h. NS DS RRSIG NSEC
+xn--mgbaakc7dvf.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . USaL2aiYSTDCQceqid819BuRQ/3F/64ATOCb61dDUAqbFirR9JxOs7KNhPEXhpClZpWV7uYoX3UJ+14wK8p9xxgX2TMEN2mI1H5LNTDL8vCX/Or+lBjKnWASl2UzR8n93XmfcaHar88OSFlK1jQ2bInBGcLSF4mljIUVup7foQ99RBYBltyRlduCcOhIoph4Nvj9GFS3FtfDMzs2vN25SVKZTUpHJXusi65fnNBLB2BVcXoO+TETrFwLQpGkc/j8E2Cu7OO7Sh3OcMAyD9/uW68b2bajRNBMF8ULhqXMtFB7QQ6gicXE8h+k7Bam+I4tXBP7WDsZWQ8seX0sp7YYsQ==
+a.nic.xn--mgbaakc7dvf.	172800	IN	A	194.169.218.23
+a.nic.xn--mgbaakc7dvf.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:23
+b.nic.xn--mgbaakc7dvf.	172800	IN	A	185.24.64.23
+b.nic.xn--mgbaakc7dvf.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:23
+c.nic.xn--mgbaakc7dvf.	172800	IN	A	212.18.248.23
+c.nic.xn--mgbaakc7dvf.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:23
+d.nic.xn--mgbaakc7dvf.	172800	IN	A	212.18.249.23
+d.nic.xn--mgbaakc7dvf.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:23
+xn--mgbaam7a8h.		172800	IN	NS	ns1.aedns.ae.
+xn--mgbaam7a8h.		172800	IN	NS	ns2.aedns.ae.
+xn--mgbaam7a8h.		172800	IN	NS	nsext-pch.aedns.ae.
+xn--mgbaam7a8h.		86400	IN	NSEC	xn--mgbab2bd. NS RRSIG NSEC
+xn--mgbaam7a8h.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XnOnL0OUUsDlEJxrspBWQrrQZmrdl2D2IevGiGoxpz3PELsRooWF0XGlSMQkQZHwDRdf/bMYNtUvi/MTmnXxXPAnJCauHmSqKFnkz+xJvz1rI9G7i4gsJrFSBr5py0wFOiO5CLSI18yw5tj8BVgP8qbDVfYCGWeZzASfRnYIu+nXDHqd4x6RciC9ENbQOdaJqhHzN/6XItZJetfi4zO/c8AFqDksuR4C1xKtiwh2KjVdvNhsAOy9KgNzM6wbGF3G/Opt5tgBVOIc6YesHSu1c9Gsk01aduO7G9pYHIqAmirt7uCinYquyOSt+MgoMNvC1gTbwpHIdjHSUTaYIxH4Ng==
+xn--mgbab2bd.		172800	IN	NS	anycast9.irondns.net.
+xn--mgbab2bd.		172800	IN	NS	anycast10.irondns.net.
+xn--mgbab2bd.		172800	IN	NS	anycast23.irondns.net.
+xn--mgbab2bd.		172800	IN	NS	anycast24.irondns.net.
+xn--mgbab2bd.		86400	IN	DS	47778 10 2 0EC09A1126F31B2C64C4CF2302EC87B2F12375485347BD4BFCBE93DE7D33B7D2
+xn--mgbab2bd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . knzqJfvc0kyo7GsX3TcS+aL1/I7LA7T8WZKJZSDl3gL46qcmup9qMJDhKLIhvjhmLJrCQZEbWxm3ncpvOV+rndiM/hWeJMnlHTSP0caRvVh5x9UgH3jcOKP2Yr8fEiNn9Rq1LkzW6/2Hm4//A93ddkaCGYrq9azhOjalFeaZLOOXMfHIqh6bMh+ZlEWk+vJsLjFo7LoY9BIeV3oWacYjxnYinybp4lUaS4Ui3uWvryNrKrySyu1BPaZyvX2pf9M8V8cO8IX3bcmNdu9a3cyE+VyLAf30kClnqgsniAW1fg60OCGUlBURsWcWZF58nFcZG2wSct1e3zEbPiG7nVgy6A==
+xn--mgbab2bd.		86400	IN	NSEC	xn--mgbah1a3hjkrd. NS DS RRSIG NSEC
+xn--mgbab2bd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JYcGB+IpUIu3rtZVb3cSsWnKlN5+55hEl/U1i5eOBdIpK176qRwvI6jysVZaLop71AR+dC+/EHxG3clBQV2EDzxlyNMuev4vJUJ7+496mNJE2rge9fEHVwtByNOo1DC7aoosEPO0kOtpvB9HpehBeJM4QwMR2imgkjbRq2a2cAbxTdU14MDHioIVqAK/8UNKOIii41xMwVp63Aaszw9cMFo17fisM+NdnqrszPfVopg3Ptvo8nrQHzgfvnhTrOs4K73Iub5aym3jlfg50Ss6NJAMOh0plmfYXMAun+JSwf3+PFRBcXo6/26m5SD0QJTRmFvJAri68YBLIJea3ajiaQ==
+xn--mgbah1a3hjkrd.	172800	IN	NS	ns1.nic.mr.
+xn--mgbah1a3hjkrd.	172800	IN	NS	ns2.nic.mr.
+xn--mgbah1a3hjkrd.	172800	IN	NS	ns3.nic.mr.
+xn--mgbah1a3hjkrd.	172800	IN	NS	ns-mr.nic.fr.
+xn--mgbah1a3hjkrd.	172800	IN	NS	ns-mr.afrinic.net.
+xn--mgbah1a3hjkrd.	86400	IN	DS	19030 8 2 9C1324BBE5B1726510CA3EA47E2D42F7E6C6A09BAF424AC344F32DE5488AE5A9
+xn--mgbah1a3hjkrd.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JIsVJlCSLXlywVdvlou7FtUh6faAlnopzRM88Cd7F4is1dW4bct8ioIlyurxocOL4chOSHa0tf4Y6hxXC2y65XLU4Ert5nvSmC8879T0qbh5nFvYeCE7mTzXNmafEhjvL/gVy5kK9W//61SgNnGz0ZLPTQdUVkIi/eGlmmARB2mWqkl6h2PNtb24uXvF7ykTRrXO1SQFSHTqeg57kNLYDJDCW8jb7cyQKIG1Pf+167XLTMldvLSYdA3KXhe69tlXTErXXgcvOodQqGp5RJjUIADkgquzg79IyRX3aCNlIL6/kAyEqoTbIHocUv2QHzle6Ioqq6bFc45JbUpLG0xr6A==
+xn--mgbah1a3hjkrd.	86400	IN	NSEC	xn--mgbai9azgqp6j. NS DS RRSIG NSEC
+xn--mgbah1a3hjkrd.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Bs4xHi3Dn2ksr7Re9SWW7+mqSWfvPU3SOLxL24TFs8RAwVGZe2l6cGrWyzsxFIqGp2qFEzvczU66lmMtaeRh7+Hblh3OZwsNZpY18wg5OQsTyypy+HClwe63tTFmaD5L+ZeT0fvFsjyYgQPGhs8GSVkuapYAuRXHfm+7qok6phJTAMK2TMaqnsG4jvlXtRKOaojSnzjsZusun56TgnKqVCEW5opObFgzgOGP1jdxkaABnYz89jvRW3nE2KA0gBiagA1rWJ+vfIiHVz5LRRJiwxMCRxiSRGYjkBruJ+YRcbdONrffOYDhNC4eRFoFLjpaecE/TbD3MkCKyqfznfHVTg==
+xn--mgbai9azgqp6j.	172800	IN	NS	ns.ntc.net.pk.
+xn--mgbai9azgqp6j.	172800	IN	NS	ns1.ntc.net.pk.
+xn--mgbai9azgqp6j.	172800	IN	NS	ns2.ntc.net.pk.
+xn--mgbai9azgqp6j.	86400	IN	DS	21720 7 1 9FC6318AA15A43B4CF11D3F64CD678935E40402F
+xn--mgbai9azgqp6j.	86400	IN	DS	21720 7 2 BB7D853DFDFD7A39574CE1B5D3009E5C813264E614430C1B29C894C090393DD1
+xn--mgbai9azgqp6j.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bveYAUdg4wQ3cX7+wJL1ZAJVTH1KDkbvmPIYt++AJn0kiL8IdSWz13wjDabZimhB/cLyJVOkKS2yEZITSYW/dXTPG6DFoEQC3dIvNZxq6ui7dixLhfmscdDG5ty+sJS7pXuyFarixtu2jbClA0FTyvFD/EjGIEV8PZNTfqGWttnu+7uLVFYYIsCgczzW6jKabAq3palqo/ax7ZXNDLj0IGAE88tdl7RlUxJqZCj6+6jccNpUlYAXAfbmRgQ4Kd0DlE/Ap+mfnT37//Vrg0G+S6wZ2r4m8El80P/CX+S+7NnUFu53k17S6YeBtvDBM7O+Uz3D0jHsKKtUeplmKxUp2Q==
+xn--mgbai9azgqp6j.	86400	IN	NSEC	xn--mgbayh7gpa. NS DS RRSIG NSEC
+xn--mgbai9azgqp6j.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GAzBysR4KsYHEOjrRTXrGt/wCFe7QzJIpgQrnO7s53aWATnwYO0cZUehHLo9l427ZogJBgaNGQU8pN/3J6qmPWaxdaV29y9VK4ja7y7OaQyP/mZ7enRZDLkSdxkHdXLcd3hKMwmFmzkhF4G88qOGD3DNhO6KOE4cbVux6iesvZTVJlYEJIFZlKEJBvkQpcMdJKfY1ejJZXtW/a+aH+opuINVWWLMYvuLZW6+Q86WNzHn5Py6veH0JTSw9NGKLvE+7vy4Z0ZqhDIAv/jmh8L7kHSnb2G3SHhJXnopAc0w/EQdCODSJPVUvr1nsraZ5B0P26MOdi9NaQEArTIRgVqXZw==
+xn--mgbayh7gpa.		172800	IN	NS	jo.cctld.authdns.ripe.net.
+xn--mgbayh7gpa.		172800	IN	NS	rip.psg.com.
+xn--mgbayh7gpa.		172800	IN	NS	amra.nic.gov.jo.
+xn--mgbayh7gpa.		172800	IN	NS	petra.nic.gov.jo.
+xn--mgbayh7gpa.		172800	IN	NS	jordan1st.nic.gov.jo.
+xn--mgbayh7gpa.		86400	IN	NSEC	xn--mgbbh1a. NS RRSIG NSEC
+xn--mgbayh7gpa.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a2AcrJ41hMkzD84Uo33X1/QVE5noYM1+xBM7arWaeVUSJJyIZnDIryheXaSDVPZNrNqU+ZBze5bKO+Pm58GCnxfjtuncwmHqnod5DEURN8hz++VWjLLTpAVcz7SeH5M5LuI5AZbhq+L2ntctQghIfsbe5+2LfbrAn3Fuxq8JGhxaHOyBZHLGJr1LORVGCLx55Aha5fvoN5Hgx5BGh/VH3wqkfp131OgumWrJRuBx7SRv9yOzmxUvUZlwktZ0LICMuauFaY2xsKUv1nXMS4YVDcGmK5VBv2pSi+7I48vw6T4v9XgTb9Wdm1HUQb+4Yg9dGDL00Ibar5uQMIMh/le8bA==
+xn--mgbbh1a.		172800	IN	NS	ns1.registry.in.
+xn--mgbbh1a.		172800	IN	NS	ns2.registry.in.
+xn--mgbbh1a.		172800	IN	NS	ns3.registry.in.
+xn--mgbbh1a.		172800	IN	NS	ns4.registry.in.
+xn--mgbbh1a.		172800	IN	NS	ns5.registry.in.
+xn--mgbbh1a.		172800	IN	NS	ns6.registry.in.
+xn--mgbbh1a.		86400	IN	DS	4312 8 2 87EF57FB953465049FDBF317015EEAB875EBE6F4600494A191AFEC6023BCF46D
+xn--mgbbh1a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y/iXOBFljOnJngI1RylGX+OXuUPZ8j9V5jCntDO6S/FMwVlC/sz7OI3Vzqht+IDUk0iAdwf2OJ2DN2HnPdrLZRSlg7Bu+aMerT+XKQFFX/ovSOYOf6YaKan45M16jZZSNEoFz/3mhTIPIFdaotkvcm4+Tiw7S+rFH9GBnZzxbFtyjE0IySc22QeCZBeQSYYKJ+LE1wiU2WKeoitlI6gifJG4YM/5e8y9/gAjr9P+YNjten350xSnLPEJLXbzYQ6o5fGksSNlxnP7ycYi7EmAssbnI1TzLqNmKVkL2LcyFIiy3ByqudqG3lV/QLxWbbCADH3I60lKhfvceNBNJefgkQ==
+xn--mgbbh1a.		86400	IN	NSEC	xn--mgbbh1a71e. NS DS RRSIG NSEC
+xn--mgbbh1a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J4G2wwaWkzZIAuh3z6RXWrJFqnh2Hes5THQMrswxAmlF4IWlJiwuHYrL0Dv8/QvUgvh+RULEyBt5SKaIntZIfXDIxjWcD5yXUrpqg2hkZma+d0nZdmy0SWSpCqzWIk6t1O6E/bu6+3zn0QMP/rD+9OzAkFiLntBvP9GdWZJueBkHR0Z+/AHfNfGyVBMmn+6jy/4N5otGcZe4jxDt2LYm1u9bPeKFIve1k+jbLooKNTLEIxuzwQXGC5kVPWsWSpGzS/iLp0wKWovF++L503rH95CI2PSBXhTayt1LRmwnPeUu1zBq8XYuyyg40Dp95AYIEgfNDyJkt7PPxQXiSfaP4A==
+xn--mgbbh1a71e.		172800	IN	NS	ns1.registry.in.
+xn--mgbbh1a71e.		172800	IN	NS	ns2.registry.in.
+xn--mgbbh1a71e.		172800	IN	NS	ns3.registry.in.
+xn--mgbbh1a71e.		172800	IN	NS	ns4.registry.in.
+xn--mgbbh1a71e.		172800	IN	NS	ns5.registry.in.
+xn--mgbbh1a71e.		172800	IN	NS	ns6.registry.in.
+xn--mgbbh1a71e.		86400	IN	DS	14137 8 2 F965047D705B8CBA0BEE3CD298E612ACAC50A9CAE453C6114387793E8ADFA956
+xn--mgbbh1a71e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nA1A6VgeyhxO2Lvy7X280l4SvL9qYUy4Ij+PcdpG37jDx7F7GPXy9HpEtMFFc0BB6KjdylIVKt95rrsPdB3+rCybiMbpwubpI4pdZJ+ra/0ZVMVHW+iDc9ycUD7plLcoOoppaeNIGLV2kO0fOEDUGGX73r2uktxjXxirUoIwQVAYoXlXeZMd/z/m9ANN3DQmeZ5ujN8J6ma65h5KV8PkotJ0Cq3zS+qUM8ET+y3kPOKApNL4syv13YKYVYLyKAi9cb+wkM3lATDhvKgO2KWd6nRnZs+5Y2/CVqFq3AM6YPOnD1X06ne6lelb7kANoD0HWPM+PVQlKpUAlbdQh8HE6g==
+xn--mgbbh1a71e.		86400	IN	NSEC	xn--mgbc0a9azcg. NS DS RRSIG NSEC
+xn--mgbbh1a71e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pTa8/AUXtcnMZJm3hvKedBk7gv42nDHwnsrcg6KOLRWWEGR4lHXm9wK4ulTowL9FuPvXKskDOxCSbHCCnG42PA2gbIZ8skNvIvoA+DgjQmIlHEFpHBxknbPCzfYyogDG1gS05V8CaUhmxJP7j2gkYqkKonNGLBIsUrGvE8qPYdfO86p+hnKlYk+GbQ4gzhZjmIZuEQJGRVg6grEdCEqRr7IzVY4aBoFFYTADQ++4zcH/qe7mG2FpRpl7Bash6XDCmEf/ZzntTyCWbco+NtqtXR+4bkYnKmPFmgui7OL0MWBIWuZkesWbaDqsxtiC4Xhj6HlfU9MZgXjfCfzUEsk3VQ==
+xn--mgbc0a9azcg.	172800	IN	NS	a.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	b.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	c.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	d.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	e.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	f.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	ns-ma.nic.fr.
+xn--mgbc0a9azcg.	86400	IN	NSEC	xn--mgbca7dzdo. NS RRSIG NSEC
+xn--mgbc0a9azcg.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cwKnLyezWUmdDILedV/I+U2pITUITHRwzVHBVTV6pQ3Wo2ELGJbCyMz7jasaptfiROoSAkYxu3L2RSNTnRujdTtepNbZpd34w9AkvePL05GgYFvhDYaTcNOR74ynf9DAOkmLtHbN2gXyqvDs43+tNAaoAiVeezwc+cfJ1ua8XHoY9+3rL5D5Rx8w96MnbC8BMIbHODyEyGxIjQCRyn9ACFmaaMqUraq6PTK4E4TJU4KU5sZdWl8q5AftCN53xt2GSexulnrWpGZwp2BhIjr/PMQOx81Wk7TK67ocHywaYAlcNGAT0sv4HzNNL1mgZ2GgflOObMetjTO0naZlWRPVZQ==
+xn--mgbca7dzdo.		172800	IN	NS	gtld.beta.aridns.net.au.
+xn--mgbca7dzdo.		172800	IN	NS	gtld.alpha.aridns.net.au.
+xn--mgbca7dzdo.		172800	IN	NS	gtld.delta.aridns.net.au.
+xn--mgbca7dzdo.		172800	IN	NS	gtld.gamma.aridns.net.au.
+xn--mgbca7dzdo.		86400	IN	DS	1909 8 1 D5A6F96664AE0D000A01B196C4348E7E231D95F8
+xn--mgbca7dzdo.		86400	IN	DS	1909 8 2 F62B4E977CBA32CEF37856A9F919CE405EB998F04D4ABB309F1F9B86C105CA72
+xn--mgbca7dzdo.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FJB1+ipxdqXwyFDYN98sEiG+YodhsU9PRtMhI9KtA0HYS/oHyGHagC5Z9AJ5QgyWIMZM8uHJYywA+ONSUQ5YvQkLxA1ZMKt7V/89hc3+j7tB7xJW9bVZBsKFYIdovvSNhUlVvNpt7R15WKtXB79PTvZrJDAejjEQDgcPQBo2jhLkrQdoFzgYL16TfuJzIt+NH57nBr72FEbNl9Ek/gdh7eCQCt9S+rjtc/WhxIgeOUQEy/uUkoci0cbl7Tn3yFIsHoxHMlmaVLeyhk2zoFLCe7LFojj/3NI+CIpImqM22ap4f8DnvbJ8jI3cwv6Cuf5Wwl+RsX+5P6CahsMS3dJxNA==
+xn--mgbca7dzdo.		86400	IN	NSEC	xn--mgbcpq6gpa1a. NS DS RRSIG NSEC
+xn--mgbca7dzdo.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qI8mfcgq0yJHkRaNlxL4ssLqUzw3ElVjIFRIaf5OL/c/xkIpaCtS24ZlP5oAuMTGnO5rH0j2S/d0rbIayKxngQbKSWN2P2rHXcUJb8ly2WoA+FUftQNN5X/4A8WiY+vRU6ms7qZJ+HmhVHt+1Ws515xuTNkOHgrRTQCTIy0sAGtXP68LZTab4PyPJfvMq7fiDTyqAg7Z0inLL2I15gMuwcuL4jUcVFOjrrHUIw+QYiKfcKvJnT63fBHdHA/5b6EMEEsqGVmJkwgXd7TzNs5mtouVu7Renr52FePZ+C0TdG4SLZYa0Umebdoxue0z2sIlM3Sx2NgV4caySP4HGVVXfw==
+xn--mgbcpq6gpa1a.	172800	IN	NS	a.nic.xn--mgbcpq6gpa1a.
+xn--mgbcpq6gpa1a.	172800	IN	NS	b.nic.xn--mgbcpq6gpa1a.
+xn--mgbcpq6gpa1a.	172800	IN	NS	c.nic.xn--mgbcpq6gpa1a.
+xn--mgbcpq6gpa1a.	172800	IN	NS	d.nic.xn--mgbcpq6gpa1a.
+xn--mgbcpq6gpa1a.	86400	IN	DS	18592 8 2 0DECD54D82C1C675E321C38A49E3193F83066BD70D1BFB108B62231C75B8B407
+xn--mgbcpq6gpa1a.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . svQH/CfaR/kP0XTw8uBsISD2a24DW4Z1vR7Bv+dETqwm41sE6Tai8RbLDr2gfHH7IbYe7fW2ujkRgIZKvpJKD7QlynFx1pTUWBwW/lwgWfdI7iUUxVCEPMYxRBx1bYrZUgyqHx7eTriEz5jdm4AylKZQTllUxJeSEnazTKNs5imDIkXqde0L6JW3gEh48W5Vy4B7ozVwUZJ+katU4kiU8kH6iQOf/cXqTGcUKXDUZGmD7nwkczWTc8khpe71XbMq6+53+7Xox7+F+N5xs+tRr5nrTtw6HtW2058TcJXVGQDow+1K5WCowXE6r5BcSv+JPkrjI6fZKjRBECtYqOPnQQ==
+xn--mgbcpq6gpa1a.	86400	IN	NSEC	xn--mgberp4a5d4ar. NS DS RRSIG NSEC
+xn--mgbcpq6gpa1a.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rMepc1p2vCptZUd1Tcz0BL20TmjpqtD7eVNXkZ5UR29NBUv/aOhVgZidsyytCVhoeW1f8PQuXw2uHBfOWl13T8NE5zktws7hUAeGFlh5KfiGQlHzYwaq+HQvvP2OF9fJO4XfNk5LVowUlJUC8gjP9ZitbuXAiaDIYK5VJ59hU6bdI8K8BZfsfHpjbIUuBch4p+eV+RO5S7YVftCUZnPJmjl3JEDgvtPQ+em6hGC9i10O9fovOnDtzmxyyJlDlor8t8Vz+zGpWcRDNMM9QGtWLs9xxfO9Zj/w2OCuC+ywlmvtN7G2U9fdZNSaIJPAKu4DIrzLiiYOYNuFgpYFEUy70A==
+a.nic.xn--mgbcpq6gpa1a.	172800	IN	A	194.169.218.115
+a.nic.xn--mgbcpq6gpa1a.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:115
+b.nic.xn--mgbcpq6gpa1a.	172800	IN	A	185.24.64.115
+b.nic.xn--mgbcpq6gpa1a.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:115
+c.nic.xn--mgbcpq6gpa1a.	172800	IN	A	212.18.248.115
+c.nic.xn--mgbcpq6gpa1a.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:115
+d.nic.xn--mgbcpq6gpa1a.	172800	IN	A	212.18.249.115
+d.nic.xn--mgbcpq6gpa1a.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:115
+xn--mgberp4a5d4ar.	172800	IN	NS	c1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	c2.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	i1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	m1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	m2.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	n1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	p1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	s1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	s2.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	sh1.dns.sa.
+xn--mgberp4a5d4ar.	86400	IN	DS	10444 8 2 ADE9D322EACE5B4843BEC6973FCCC5862BF52238076C973ADBD7F166543EB298
+xn--mgberp4a5d4ar.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gUel2Vw99FRnnhqiiy6DXBzh31HafV7nZEuw9a6SiURIs9FD23Gwr/Z6enwFyZFwq2ZkHTSqFps1xmeM76TQ/7V0Sqk5Ksw3GnFsWv5Z1Ph2Xlbi4ASkLi7vnRd3V0eL8/tnAo9eir1rEz8uDXsGeimGEBb4kXV6GX/vFdjUJ/x45Bo14kGI/SNHkBQ/sMNeOOHn4wN/GLmz+leQGZ+Z07O4ykgtqGSxbX8WxIL3mS3L/4RaQdl2X4u3fyXjRj1D+dYH/ihPX1YBCIHBmdwVOsXWUNH7ztdD8I+c+rEqgsefrPO7VG0QCvFiTUMJwhSthQIdFb/6kA6kY3FRjqkGxw==
+xn--mgberp4a5d4ar.	86400	IN	NSEC	xn--mgbgu82a. NS DS RRSIG NSEC
+xn--mgberp4a5d4ar.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OYwDQHY2eybkBT2f/Gs5BuZ5WxYCOyxRtzjJI4i4/Mmhq1+52XSLhZNWIWt2VrxgXdjACBlJZlHEZI+EsirB9aE/H339jONfnOg6pZ18QrpfPyA+bKUuEhgxYRR2KTMPEmw+FxrajuXRxFYDE33bbqydJpILXN5ewXArOlabatzL5nitD9igN+qeBi1e3mEgOMeKO0QJHTHAJ66AdnB3HQt/hVqJ2bz+QHVaVM7B/8ewI3oN7zL5JssF/0CqIzorWealF11ccoKTddVGyGUp7Nw31wBxoFrq1XOGwTFd5064Ydkj2ZJbxnzsX0ueTBd96+UWLcmr+fz7O1c22c4HGQ==
+xn--mgbgu82a.		172800	IN	NS	ns1.registry.in.
+xn--mgbgu82a.		172800	IN	NS	ns2.registry.in.
+xn--mgbgu82a.		172800	IN	NS	ns3.registry.in.
+xn--mgbgu82a.		172800	IN	NS	ns4.registry.in.
+xn--mgbgu82a.		172800	IN	NS	ns5.registry.in.
+xn--mgbgu82a.		172800	IN	NS	ns6.registry.in.
+xn--mgbgu82a.		86400	IN	DS	43765 8 2 1649858540F42632F63A6E55EF3E982A5ABD98A4613DDF3BFBBDBB572F0774D7
+xn--mgbgu82a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oQkBDaFGPEFM6nngzMhY0bd2HgONaglzei8U3U3ziPbn3YO1YYRDwUyZHLBlJ7ztN+PE++AEyTGObSmlD4rX4gLNfC+xqmxPqJdOv13jwc6BKfSlt20fxofFrkO9OvOXyclNSTYX2Pgp79UHRy0SBLRQOJN9K3FubTFHBTV1VO8HjzEm/00vELkbtPu8FZEjUfwMySN1zc3asNacR8/JtlrS2WqrTNX/KVTdo4ruJDwUDYoOv0rFSEejYDXhpRRw3Esq1vRI6aZ8fSE2ctyfHAYzIihCx+TRreUBZtxon/iXtP6ebddqzc6bPFlLaRt8l/nYG8JCjDBdtfvMZW9M2w==
+xn--mgbgu82a.		86400	IN	NSEC	xn--mgbi4ecexp. NS DS RRSIG NSEC
+xn--mgbgu82a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . N/5qONy7d05dGgLuS4zj+oj/DH43eKDPxhQbeK6OqTj9j6InenMI72G7fNEJmKLDZWhaZRd4CNC5gqECT2NtcajyGXApE2/zYrQ7mLtuskmHE+GLsAE/CnmiWjtdJdIAIvqo9FnCsg7s/lgcxuaTjp7M628jpyVq8gT+wviz+KkoVhLVHAqhm5WS69qeRBLZHqaXKdg0Eztli4Z9bb90Ehit9tWvanPeU7yEPX22PTGlap/NJbmS2IIrDSeZnFQOBszVeaQoSMs1jYQNWchxSXL7MD8BW1Nq4X7EzfAM2YHTDtxjgAYAnARN6F6YK1t98srUsn+sry5Kf5VvDLiQew==
+xn--mgbi4ecexp.		172800	IN	NS	a.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		172800	IN	NS	b.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		172800	IN	NS	c.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		172800	IN	NS	x.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		172800	IN	NS	y.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		172800	IN	NS	z.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		86400	IN	DS	5914 8 2 308B25083F486A76906992484720BD2F9F944FCB49111512EA95957417F3C03D
+xn--mgbi4ecexp.		86400	IN	DS	34576 8 2 3D199736303984637FB5A1AF60F2E5CF6D276F89D464039DBA62C60F363F68C8
+xn--mgbi4ecexp.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Db8DGgh7ycCFxx5k+UP4s/qa/dTRrFUkNppy3OUeV2MQG8UQRwwVvdjmvCR14nJHtOji9deGnOfPsOjmMpfAghjc8v1p66sb6neG8zeM/hbHLP4Ab6Bk2v49MZNp6jvvOQSZe1iSZZ+qgh25rEjNB7SdLv3dk8PCdNxeBybEAJ5OnfdS3zdsGCbqzCLCuZWsCiQmZy8ZXpv1lmJiRS4SJkqIM3zap04BuZKnFj5AgQo3oIHnHFi9ZFTj7/Tnn7RHR3FYNR5f4yHK6pVfat0Gl1w4ovRG1u13F5zz9eAa0OebD/cJUzHsx3DWehJTCkQ/GG82ruKuUs5e+dvO8/X/5g==
+xn--mgbi4ecexp.		86400	IN	NSEC	xn--mgbpl2fh. NS DS RRSIG NSEC
+xn--mgbi4ecexp.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PvHI6FCQEUkHpTLj61xC1uvaLfWSjhzOMk63QCcCfjlkFGS523QYGBEIP71n1j5fF4yq4cnXbeA1UpC9w/QXeP4v8T9wng45smyUXVe68sVt+l2GYVlin6hlA8PHaOQ0a5fOO+AnqHtXtwNkJ2b5vwJTmkWqLQS1FXhjLa5CSf09Vd663YcBG911rQxWVxqiJuNsxgXhPlLZ2geErQJN2HNi447cGNOcvia8f3kbEjXv2iC/gTZVH2AW0Dj2PdJTgIIk9xB27hDQn2YHSGStCoM7FXN9eNNkwQxVUqhmt0E9dD0+fztiGLhN1NU7QXydqypditd+rSZnsOxRX3zwkg==
+a.nic.xn--mgbi4ecexp.	172800	IN	A	37.209.192.9
+a.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--mgbi4ecexp.	172800	IN	A	37.209.194.9
+b.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--mgbi4ecexp.	172800	IN	A	37.209.196.9
+c.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xn--mgbi4ecexp.	172800	IN	A	156.154.172.82
+x.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--mgbi4ecexp.	172800	IN	A	156.154.173.82
+y.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--mgbi4ecexp.	172800	IN	A	156.154.174.82
+z.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--mgbpl2fh.		172800	IN	NS	pch.sis.sd.
+xn--mgbpl2fh.		172800	IN	NS	ans1.sis.sd.
+xn--mgbpl2fh.		86400	IN	NSEC	xn--mgbt3dhd. NS RRSIG NSEC
+xn--mgbpl2fh.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fj5p+KTO7/JnV0vbStciX0wax6EkoWQStJTyCJuwxRGXpzPVqzVB9JyZ9DBoAX4CyXG2TiQzwKrFc39Xu/bYqiEAaeX0Y3E3fd8bvxaqMa6C7X7aaHdTTkajYesddcqopL/soboMUO8xhy3nBrFyyNP3AQow2dmMexPR/vuPralF6627UvrZ5YpE5HYGk6t5UG8PpTOLp6UBsCq2cbWf2xAFPhWOeihbB53xny1QPRoh01tgHixqej3jd8BWRWr2ADpzn2JIaXdd/6puiD3y6xT3gGMkBywsWBCGGDLzNiN+8tJcEakeIn+lpP7Cb9leClKlOM1CNcbzSJi3LhYqIw==
+xn--mgbt3dhd.		172800	IN	NS	a.ns.nic.xn--mgbt3dhd.
+xn--mgbt3dhd.		172800	IN	NS	b.ns.nic.xn--mgbt3dhd.
+xn--mgbt3dhd.		172800	IN	NS	ns1.anycastdns.cz.
+xn--mgbt3dhd.		172800	IN	NS	ns2.anycastdns.cz.
+xn--mgbt3dhd.		86400	IN	DS	11567 8 2 7C846E4D86211C362CECBCC868123AEE04F14232306937417F4E8B15148D0C43
+xn--mgbt3dhd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lqHo/PhjDUAq4/5XQrnM/WzKJtHUVoYSNzqqR9VsGOZMd6+NSjtNMZZzvC3PhXjEreYpUOJ/VnS3eajzccUXKjtE+3rXR7PseCsJ2weUy6N4nZIdPJkr5verPy4RG5ezIVqMSgVughVXyeUsAjLgcOy+RSAWSqMNI6ViaD7ZWcRpnuoURI0sLlI04dzpAcKaAsIyeJUAYt+DtKRPC8Y8LaZiVklu9BQVufHAULZnd9Y1XqCwjPo72Llaa4zDMLUtIxh5+lmG+QszFEdVrkHrc66ImnmZjx3wa/gY0NE1CdAW/8TwwVdqOnrutC3T7N7MQsn42YyRfhbl3PsRvyli8g==
+xn--mgbt3dhd.		86400	IN	NSEC	xn--mgbtx2b. NS DS RRSIG NSEC
+xn--mgbt3dhd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yF5btIupLpVR+2wVjemr6rnSvMJPPimSzASAWW51VlCYyCYvbf4PKqRQweetwnqilNfBMd3gWWquvJ9BD0LgDKzOfVNiq3/iqnzuZKfaB5WfKAzz8eS2RaDhaBGmTG2NnC+MR2fUJ3aYrxQaZN6ZNKjwbmoB8hX4Aq9yHctXfJrESWTKsugWhhpuBwdIRsmNLmGmhSa3NcUlBkaXDRz3zwdP6nWEqJsosqRGERnGfP5Alo/wmimmVvXCVzHjYYvxt24iOtTZYyMbVuUmerYwQrZzYzvbT/eQuoP9efkWvN54UfS///XJB8mCBPSE98ARAjF2601Pnzb/LdHx4wUbVg==
+a.ns.nic.xn--mgbt3dhd.	172800	IN	A	72.0.49.9
+a.ns.nic.xn--mgbt3dhd.	172800	IN	AAAA	2620:171:a01:ad:0:0:0:9
+b.ns.nic.xn--mgbt3dhd.	172800	IN	A	72.42.113.9
+b.ns.nic.xn--mgbt3dhd.	172800	IN	AAAA	2620:171:d01:dc:0:0:0:9
+xn--mgbtx2b.		172800	IN	NS	ns1.cmc.iq.
+xn--mgbtx2b.		172800	IN	NS	dyn1.cmc.iq.
+xn--mgbtx2b.		172800	IN	NS	dyn2.cmc.iq.
+xn--mgbtx2b.		172800	IN	NS	nsp-anycast.cmc.iq.
+xn--mgbtx2b.		86400	IN	NSEC	xn--mgbx4cd0ab. NS RRSIG NSEC
+xn--mgbtx2b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zzirwiFKpZdJwyPfPXekiYDOWc1yxvftB02fdj2DiQaNNfGN1Xtzd5zX3HmjUCoLr2YEBKEYEGPsbehjdwr5Ap7ibaz7OeKMV5WDRf6mSsaCU2+ujoqUV4k0Vydher0WhAz+neM730ddDPngdbtU1+JpkDjB2qGo0dK1kgOLWGX6Dd0AJAbFs+keb4dbCmAXCvE4BRbnCtJyP4sv6eAZmy8wr6c11Z6ogKQbaruti9H1laPR6SItYMXqF4dD0qgRkVXofAlqnAvMmnpfmoYfu4twGYrzZRdeHRQOCzeOrJ6AvICbkwTGbDlwGFMLxLoddRbKhDr00PYtRWt+r0fyQQ==
+xn--mgbx4cd0ab.		172800	IN	NS	a.nic.my.
+xn--mgbx4cd0ab.		172800	IN	NS	a.mynic.centralnic-dns.com.
+xn--mgbx4cd0ab.		172800	IN	NS	b.mynic.centralnic-dns.com.
+xn--mgbx4cd0ab.		172800	IN	NS	c.mynic.centralnic-dns.com.
+xn--mgbx4cd0ab.		172800	IN	NS	d.mynic.centralnic-dns.com.
+xn--mgbx4cd0ab.		172800	IN	NS	a1.nic.my.
+xn--mgbx4cd0ab.		86400	IN	DS	1998 8 2 DE4C45D877C64E9C3EBCBC79BADBC104D7C5292D72BC6CA47090B31BE24212E0
+xn--mgbx4cd0ab.		86400	IN	DS	15654 8 2 E7E6D7D1BBA6E0443EBE51946759FDCB9E370BA14F95B61091B9B989B1A90340
+xn--mgbx4cd0ab.		86400	IN	DS	37866 8 2 9818EC191CFCE9EF77E5E458BCF471D5AFCFA30D40F9A62BDD69A1863187247C
+xn--mgbx4cd0ab.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FA+71vifICM7/Da2WfJonZGMnZe0vwQHsc5tFgeZ5Qitpwqd1qcVjz9g3EY3undQWkd96MiIhhKCMJBuZ4FEV+nw5gHIhqiWGl72QGWEiXrSpGY9Tysog4xPnTZlDp/gBSgUb80dUcT+eRObTGXVz8105q5ABbnAb3gCleEWtZMAGGQ9abo/Iye1CM2bk2yNc0UMKor4ynZAHqXwyNmcUMmIy7PKdKugvRMGKw7752g8Hh2iR33dB/zDREolokUcADduLQxEEismXIosFVt3XSX3ibeOQPcbzZjEFV0vSvr3ch8XIlrWGF/8nFIzEB374OGwf5F5Dc/4LBAEhWU8IA==
+xn--mgbx4cd0ab.		86400	IN	NSEC	xn--mix891f. NS DS RRSIG NSEC
+xn--mgbx4cd0ab.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1NhZu4bIyRPiz8HDa7fFG+08bmdiF+2lbeuMSfXVlU7H61dW13uj1DuaQnakyRCG65o1vW2x5OXS6KuF5jzsTo8SEoWX4jsMxUfVjjIs0u50nl15TA96XvNgbpwu+AHyX3GGBb27+HqGypYAqDTbr7nRPDkGOp0AEHnEYclulyAMbONiiTY+mXtI5/cau69TMvYlxEDAjBB0ciV1tqwMjCRmUyPuS8yMefNEG0ToR/1oNc+PnYEzIUdOlYz+7hUiLcLAp+VPdjvqkGXpe6Vpc+8Hl2neOekOr/PhQjBB/HumvGjKtF8LMM/03hI6a2cUjhjYPQ0Nqd60SPIp1/R3ww==
+xn--mix891f.		172800	IN	NS	a.monic.mo.
+xn--mix891f.		172800	IN	NS	b.monic.mo.
+xn--mix891f.		172800	IN	NS	c.monic.mo.
+xn--mix891f.		172800	IN	NS	d.monic.mo.
+xn--mix891f.		172800	IN	NS	e.monic.mo.
+xn--mix891f.		172800	IN	NS	ns2.cuhk.edu.hk.
+xn--mix891f.		172800	IN	NS	ns17.cdns.net.
+xn--mix891f.		86400	IN	NSEC	xn--mk1bu44c. NS RRSIG NSEC
+xn--mix891f.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ao53NMh/kgH2vgL2/qoYSO/+0CB0K7zOIKCeOMdTApE0oxnnfIi8yYdNfOq5pSeCLGISfbnhmznz0LnKEBbqJNjKPD+olhAC+idYf5pZOKnr2VQhfLmH5pC6Z0rYk6nlIDKDkbcvArXrLyr0z1BssPYTX/0noCIcLt7uszxG8t1JfmkPl1FdDfCJjphcJkGFvC+dU4i9gUN1H/29+qWJw7fAtBbHxTW9Toto1DivWfz2xbvCD3sXqs0orhvorRFQW3zZUFKRUgpUttLaYn5WZCpGJ7Rf22WOAxx1rR35x20OUsyfBYP0LdQNZhlmfj4XUl4l8WWXk1Jz39rgkv26sA==
+xn--mk1bu44c.		172800	IN	NS	ac1.nstld.com.
+xn--mk1bu44c.		172800	IN	NS	ac2.nstld.com.
+xn--mk1bu44c.		172800	IN	NS	ac3.nstld.com.
+xn--mk1bu44c.		172800	IN	NS	ac4.nstld.com.
+xn--mk1bu44c.		86400	IN	DS	33804 8 2 1A04E458D4F1C4054140270E1806289F0093AAC5F3F20B1954526075988F91E7
+xn--mk1bu44c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Qb3fXupuWNlsujr3fot8pUhG5hH2xhMfkchoP1kfcgm25GRcewghZrGmnQveyKqa9cPzeQ+bgdPCCBXGQj4f4FLKzYXhzYPFIKD4Q6N8mCWASOLPTQT+IzMZCJ7U4pdfpUF0uEJSdYvxPHw+88wD+SluKnJX8CcmjMkPRteOmoUf7ZVeQbIb4CWBiOeXFkBmDuB5q0mImD53UPeD3dbPwQ07a8bYV+pWCXyRRPGJAlvBqLgbAB9GvoZtplgy5EdPLXrE16U6GOI+ZNr7JlkQtOCS1GpX8JvaeeAQ1nQTigxQ3HJZRa3GQdEW3kGFqtTHTZhg4ocTm8FMznwI0+t7rw==
+xn--mk1bu44c.		86400	IN	NSEC	xn--mxtq1m. NS DS RRSIG NSEC
+xn--mk1bu44c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . P6bl2WW/vz1uobDcTs4A74IAVYoRe1hqC6Xk2rT22JSIg8XpEnSzHhDR5Q/bC9XhS4cNS5gtcO0HZ3EhXj4zdeu9YUKgd53Sfmi/8DaCqGFg5t0q+zOjVjel1Vun+UAxxC1mzeIOgZzSPmwYggoFwl3Tme+5vBm97qUp8Vx+IDEYsnKTqOVJoSjOoWqd7MiTXQviyZ1xqsYaPsP//x/+04gOwNVxgWz57XBQiomACh7gXGM8entatV/5DE7nlHrxz8Nf0T0gdsg0K/nkP2xb2f39ZskoIDXs/Hzd5Qkrc1SDECwdl54eK22u0Ywx+CrPE/5YX9ovauPSQm2FP2DlJQ==
+xn--mxtq1m.		172800	IN	NS	a.nic.xn--mxtq1m.
+xn--mxtq1m.		172800	IN	NS	b.nic.xn--mxtq1m.
+xn--mxtq1m.		172800	IN	NS	c.nic.xn--mxtq1m.
+xn--mxtq1m.		172800	IN	NS	d.nic.xn--mxtq1m.
+xn--mxtq1m.		86400	IN	DS	65200 8 2 24F4E4C9AF4E4B45EC7EBEEB231C572496F89D13CF403DF4FDCFFC326333CA73
+xn--mxtq1m.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pQ9BeijK4m4mvmvYg2LCfuCVsAsUO39e3aNZOf80PILZDcqml01+mEAl2iJsFfueTxI8qs4FsSEepPboXBweLvdoW9fdKNmOKl/8JTJGGlZ0d7MqXTUa1jEZUtx0zr7J+tY+RCQBiR7Cp8kXfpqjmhH5nvgt1JM+NBdf8ZbUSyiIOdkAXEYaLlofGJyPNjwoaDYMtL+ri7QtxigKdj9PiG8JkrUCylk5Y4Ul/VMC6Qq+nz04DCAkJN4bj9F7Mwuj0yFEIhmE4MsOYQbzwATyKS0+7acAITN5Byb5qCBHqOA5p/suEKI/kH0Z5P1d/rDGmIJu80/XKfuqqKQQk6eoVw==
+xn--mxtq1m.		86400	IN	NSEC	xn--ngbc5azd. NS DS RRSIG NSEC
+xn--mxtq1m.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mOAtC0NdGs/7Nk0RC2/xj1xscVL8AxejJEj/19q9axjNgl7xU2c152Us1PKDxxga65v4zuQWiHUWtMSwuR+A3AzDlXavAIp1RtRaKObKE86doybp1PkbMYy+WVQfKZX3zsnBUIhBlbhnqO9HjQ5lMz9ksxu+YCfTi20JSjj0h15Rek20fJjbH6XzHLk/ukuCKCgflQ8kUqqJ8ieYljJo5hPlD/rC7n1/5EAaG1mwv+FLBINlKBmZAwzLwWEUM9XA06QnJJI/7W5hTUHzvdHpjbIcz7kS5xE6OCBQG02e6AXvMBj7LKp0U/46CFpblYrB+MfIsWlP5wkiy6FrcGuP8g==
+a.nic.xn--mxtq1m.	172800	IN	A	202.169.175.130
+a.nic.xn--mxtq1m.	172800	IN	AAAA	2001:c08:175:128:0:0:175:128
+b.nic.xn--mxtq1m.	172800	IN	A	203.73.24.25
+b.nic.xn--mxtq1m.	172800	IN	AAAA	2001:cd8:800:0:0:0:0:25
+c.nic.xn--mxtq1m.	172800	IN	A	211.20.231.7
+c.nic.xn--mxtq1m.	172800	IN	AAAA	2001:b000:1e0:c000:0:0:0:7
+d.nic.xn--mxtq1m.	172800	IN	A	60.199.165.185
+d.nic.xn--mxtq1m.	172800	IN	AAAA	2001:4541:9010:7:0:0:0:185
+xn--ngbc5azd.		172800	IN	NS	a.nic.xn--ngbc5azd.
+xn--ngbc5azd.		172800	IN	NS	b.nic.xn--ngbc5azd.
+xn--ngbc5azd.		172800	IN	NS	c.nic.xn--ngbc5azd.
+xn--ngbc5azd.		172800	IN	NS	x.nic.xn--ngbc5azd.
+xn--ngbc5azd.		172800	IN	NS	y.nic.xn--ngbc5azd.
+xn--ngbc5azd.		172800	IN	NS	z.nic.xn--ngbc5azd.
+xn--ngbc5azd.		86400	IN	DS	862 8 2 662B4AB8C83D78983F29DA731E7B495A7B249F8C714268631E21CD1E88370087
+xn--ngbc5azd.		86400	IN	DS	57991 8 2 2CD63A89A2BD11A0D1F2A5AEAF04D5B07FB24F6CE9227FB2B5FC4C9D39C0AE20
+xn--ngbc5azd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hN8A2aSDQNiwPSG75YIVYZKaLGtdxzwey+AvJNvVgMcbCW8dOVzB7qR4IAup+rIc8z2LPIgnj7Cp1V+LAbUW8FK2SQ9+qzSvJDhHwOlQgSU23GWL2nCT9Ob49Ick7xi2zDnur+Dc+HiagdN6lslUEeUGsAJws4CcBmQNOVjmouWQ1tYEDH1WTiurFzQPGYnWp+jVb4Nb3DRf0wPM/HACFS6aJeFwiCut2puEP3e+AlTylIjebRdMeeGsoj4sEjth4bDJ5VautDksa31s/Sq4P6mtez8558giL9pe7xY17LxE7cg1KQACjtI6ymW9H+Wl0Zqu0kixv3VW9RhMJNAFsQ==
+xn--ngbc5azd.		86400	IN	NSEC	xn--ngbe9e0a. NS DS RRSIG NSEC
+xn--ngbc5azd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pJTjqoRuhjb/dp2mgjpMGX+NdSr0ksVYVHJ+EWzIlj4bSsK3NMyiPctrGKsYGAkDwCZ6DNM84zPN3af7kDbcwaM5m5QYSpD+E95NPMd+PFCsZ4582lpsDs/+b/Bp2KvV134PNMLzfrGxSi4/Qf56gN+p8NvdVNNrNOupYQP735L5N1Ku8xQS23GRuLwzzEhyrLOJFkZILKua2GKAeQuTSB2WS1yADoKm1tmnW7ShoDamYek2jAfRAeWgFuHovaDgEFVvW7hBXTtTT6WBKpMBz+nOK3RTj11+0Rkc6CkHf1/OfQupJQ6yIW/ZVIxRVOrAZd+Be9LTsZhyWvPu3zMoJQ==
+a.nic.xn--ngbc5azd.	172800	IN	A	37.209.192.3
+a.nic.xn--ngbc5azd.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:3
+b.nic.xn--ngbc5azd.	172800	IN	A	37.209.194.3
+b.nic.xn--ngbc5azd.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:3
+c.nic.xn--ngbc5azd.	172800	IN	A	37.209.196.3
+c.nic.xn--ngbc5azd.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:3
+x.nic.xn--ngbc5azd.	172800	IN	A	156.154.172.82
+x.nic.xn--ngbc5azd.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--ngbc5azd.	172800	IN	A	156.154.173.82
+y.nic.xn--ngbc5azd.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--ngbc5azd.	172800	IN	A	156.154.174.82
+z.nic.xn--ngbc5azd.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--ngbe9e0a.		172800	IN	NS	a.nic.xn--ngbe9e0a.
+xn--ngbe9e0a.		172800	IN	NS	b.nic.xn--ngbe9e0a.
+xn--ngbe9e0a.		172800	IN	NS	c.nic.xn--ngbe9e0a.
+xn--ngbe9e0a.		172800	IN	NS	d.nic.xn--ngbe9e0a.
+xn--ngbe9e0a.		86400	IN	DS	10552 8 1 C5F1478252DC3D25E585A8D43AD460C0E8F86863
+xn--ngbe9e0a.		86400	IN	DS	10552 8 2 B4B742442C6B66D321259FCD7608462A75F2A7EA70AF4E42A6CAD0430DD98D51
+xn--ngbe9e0a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HIRsShFP4zuOKzuTv4JgQ2yCYpvWEbJ7WyM2NhlGc1etcj7uw3LToo2l2T+KiJ9Prsu/riBOl1BQbQ0HQiPxqogd8GwTTu4advUn/eXauDBA+2TmJiMRW9eGqui9MDmw/vM2hlPfEQ+U2rP8QR3pIxHXJudNggaCj6a3RtlhEyjuoJ38PIe1wXZ3l0N7Ehndq0QfzgsX5GVdQqhj22n3UZ9pHxVxFkEJ6uUW1BtEPdHXf52DNmoYGpLMBt5sGellNiFv2zcc6NaJKxspUs51jpobg+oOHihe5zIWS0Kyn/nc6TLgrj0mo0vW0kAgSX9xoXoX4wMxdiHt9z9EAzcDAw==
+xn--ngbe9e0a.		86400	IN	NSEC	xn--ngbrx. NS DS RRSIG NSEC
+xn--ngbe9e0a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dae6qE/Jh94F5z1xW/1soyEIKgER83G7TfYOeXwnbRHY+cTBly/0gPghcEc3s2zr0q9AamYqyCRRm/ErPh49N5nqQE7tCchgt2sWMzHkQOBK6y/+cwuG1i8HR/9hxAYbb1kA3w2EPuLQ5GhKNAgJ7l6bgQ0JEz01192QpbyivkdVkyQKzvGpu9nnAI99xTfMyM7P3IqqWur6vwLEBeimAIULgLRQ/kI6hmKpvsCY6uBMPYZgy6jO1fuciKCl6IsNv5+xzj+zd3H97zujL3GH5itmIXYEr4zadGSpmsW62/A9Lrg16Tu8bdn9oGQFBAaQYpUvbnI5zM077efmzR3DTw==
+a.nic.xn--ngbe9e0a.	172800	IN	A	194.169.218.22
+a.nic.xn--ngbe9e0a.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:22
+b.nic.xn--ngbe9e0a.	172800	IN	A	185.24.64.22
+b.nic.xn--ngbe9e0a.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:22
+c.nic.xn--ngbe9e0a.	172800	IN	A	212.18.248.22
+c.nic.xn--ngbe9e0a.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:22
+d.nic.xn--ngbe9e0a.	172800	IN	A	212.18.249.22
+d.nic.xn--ngbe9e0a.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:22
+xn--ngbrx.		172800	IN	NS	gtld.beta.aridns.net.au.
+xn--ngbrx.		172800	IN	NS	gtld.alpha.aridns.net.au.
+xn--ngbrx.		172800	IN	NS	gtld.delta.aridns.net.au.
+xn--ngbrx.		172800	IN	NS	gtld.gamma.aridns.net.au.
+xn--ngbrx.		86400	IN	DS	37096 8 1 71BD52E2A76BEEF79D624F5294C98588F940402C
+xn--ngbrx.		86400	IN	DS	37096 8 2 DD05B598B64707491E63A742D3E61EDBB57091B5B93C8E0D65422595AD255AD4
+xn--ngbrx.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f0ZhRcYJATRksDKg2maIee6decCXOQpUSEmKC2kteBhiIYSGQlJbCS6rcSx1du81w7/tpZumQ1R22V+cZot45yAcywaSKY6GFnj5kqfP+AwD4lT0Io3JI4rB5x/8hZ4KRCJM3+LDdPH8OlwzOnFdhFkJ5l6xvVViAnZdK+habNXcFvyZzo/w1hZgITSwYYLPxZf3HbsXPFXN/WwHtv0mhjo0jMOqFi+5FwrOkEWyRbNXFIZDUrvR+R6z6R4w3kHC756Ph1gUj6bY9HKxkSx/JkMMG0lHYlgrCCq6X03JNlrStsktL3mJeAD0hKKWQ4WlA0pmpCygqBdJLiKU262S9Q==
+xn--ngbrx.		86400	IN	NSEC	xn--node. NS DS RRSIG NSEC
+xn--ngbrx.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d6yU3M96+VIk4rW6+pjdCdRRhCP7XZZUtqKIgz2Ik/fMPMIvJxlnY6EWFzsLFG4ybsnDqHx4nJ7wHOEVP8UEO1dGvhCaWzRWHk4H4+wtrVxET6SANPQe9jglXV1Bb4tg3Fy/m3gAxtc7cnN2A9PF5C1sYxe+LCcClf0rXFGEMtTX85m4tI9bIvv3owre3VqWAKjmhnnrOofDEMeCfa5Pde/t0CWv/Q3JYOW7pk8m4llvu+nxhbmAwmppIvBqq0y6DVo39kz5q/dMbmt78hFFQ8FJmVSTPnlO4OVZF6dyHTy9fMxdrhbFGLqcJIzE+GU+fOUBbMhZ2WopaI133vhEJQ==
+xn--node.		172800	IN	NS	a.xn--node.globalanycastcloud.freenom.net.
+xn--node.		172800	IN	NS	b.xn--node.globalanycastcloud.freenom.net.
+xn--node.		172800	IN	NS	c.xn--node.globalanycastcloud.freenom.net.
+xn--node.		172800	IN	NS	d.xn--node.globalanycastcloud.freenom.net.
+xn--node.		172800	IN	NS	xn--node.ns.anycast.pch.net.
+xn--node.		86400	IN	NSEC	xn--nqv7f. NS RRSIG NSEC
+xn--node.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xfWI4Evs0vdHvtOe+GKw+DFx1tRokJueUegla1shidnzwo5TUPhacJoc1CxBX+Ses3E++2pvKEjXczzjhagJWygzOBpFmlUB0GLiQpxVzU77AhnTb+1/nWf7hswP/9BiCBC88YQfQlkmWV9pBHL76GfhHiL0Qv1SsGfEJBMq9AGBlicVcg0/hZSo9RiIk/tjBphXtDPUKm6+7hZzLMXgsRj67rFfGQiLRxgB/iXUZ5j2/DiOxzQfOJXZ+yMlFv3NgfikWbhKZA3CsVr2lXtWEdEyNIgcApD7gHTZwRgTvhkLicIkSCx7/mBeIHm1PpD/TyT028Mwqv1JffDBFBHMvQ==
+xn--nqv7f.		172800	IN	NS	a0.nic.xn--nqv7f.
+xn--nqv7f.		172800	IN	NS	a2.nic.xn--nqv7f.
+xn--nqv7f.		172800	IN	NS	b0.nic.xn--nqv7f.
+xn--nqv7f.		172800	IN	NS	c0.nic.xn--nqv7f.
+xn--nqv7f.		86400	IN	DS	22459 8 2 435A53C55E065976A2C03F1D8B09241A6EC3EA90D63D6CDAECD0ED93DAF61E99
+xn--nqv7f.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D4ksqviUChxjXuwnHsGH7wytG7YY1wm9T+b44/eJ2YR35+QEEIGzaN3KAp4Vc3NJLBs4Qa+e156CdhYVtUUCxgFpU8eFgEB2IemqigIvr954B3WCO3CZwbcCfI9KFawkyOU4A+hJlP8NRhosVaT4HlPIjwDVbNmO1gzRbxPHcBNUmCh81ZzyrPwglVvgTBzWRlKNtFV2bmazwO2D/X35Z/Hmtww6CmR9kcu5Q9beKdgT4XYbd0MyoDIzwAL4ATpZwdCyh7lpvMJvCFEbqv0atvijdm9BEqKyD2hQ+TW6hV/XSkRDNPNnRSU4cnxTE10GiG8ntr+LDQvpr+5hrGHfvQ==
+xn--nqv7f.		86400	IN	NSEC	xn--nqv7fs00ema. NS DS RRSIG NSEC
+xn--nqv7f.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YmFrmBlROG4eMLud8LvJJJvR7D6RI/7zECO0YGqAIQFSL5JVNtyMc7c/LNKuwqkdCUKf69GwIlgDjhD2HlQVg24yOTWmd6SA56WTssDOvZXz1klAt20xXcSLpi0VAGDW16zHytsh7q7T8uYXjwR7Y5cXi+wuh20dCx8HFztRoIwIsDLcLw0Wr9cZFHAyttUTLei2SeE3OLaJw+ErXIWBy9Lsvqa41Ka/Z0Wd5joMz6be+cyyAolohkgwuWJxX8sKBJ/ySYLdR9X9QNYBAvo322xknJnCdraq36RICrFokiB7fF4Hu7Uifz3XqrhFu81CZAg7imThFC3U2q3kDZav/w==
+a0.nic.xn--nqv7f.	172800	IN	A	65.22.184.17
+a0.nic.xn--nqv7f.	172800	IN	AAAA	2a01:8840:b2:0:0:0:0:17
+a2.nic.xn--nqv7f.	172800	IN	A	65.22.187.17
+a2.nic.xn--nqv7f.	172800	IN	AAAA	2a01:8840:b5:0:0:0:0:17
+b0.nic.xn--nqv7f.	172800	IN	A	65.22.185.17
+b0.nic.xn--nqv7f.	172800	IN	AAAA	2a01:8840:b3:0:0:0:0:17
+c0.nic.xn--nqv7f.	172800	IN	A	65.22.186.17
+c0.nic.xn--nqv7f.	172800	IN	AAAA	2a01:8840:b4:0:0:0:0:17
+xn--nqv7fs00ema.	172800	IN	NS	a0.nic.xn--nqv7fs00ema.
+xn--nqv7fs00ema.	172800	IN	NS	a2.nic.xn--nqv7fs00ema.
+xn--nqv7fs00ema.	172800	IN	NS	b0.nic.xn--nqv7fs00ema.
+xn--nqv7fs00ema.	172800	IN	NS	c0.nic.xn--nqv7fs00ema.
+xn--nqv7fs00ema.	86400	IN	DS	28897 8 2 6429B014E65CE5BD280E303E77C65ED29B9018FD717157B19871CD63994758F2
+xn--nqv7fs00ema.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PDLd4alXZ1/k8fGPd4q8zPva3+V/ka1/C0htrRn4CJ5C/AS3Fo0LNyEqDMD/Kpzc111+ODO8oCbMlrm0nWeZt0ZALrhM1Czj6BHJ2N9e+i1nTr92962kjh6G6NfBKjVKR1ZMFPSFaaWQmKHL5igUdGAkVmKLPo8CNrIxnSCBghhlWr9Ce9JeQdmXiiobw6FVYFR0Vyt9GBaP6wAbDnBA53JvTeV++ys16504aIgS79jHFRCljogjAkgS1oEskjDXO5uSJ5B3YeWVleq5DFSWZnzdgLQoCmnF9T0eZpp3LuhVjoffrgNSxRlTuTsAG+RfuuxwcDpWn8bzMdfsWWQzeg==
+xn--nqv7fs00ema.	86400	IN	NSEC	xn--nyqy26a. NS DS RRSIG NSEC
+xn--nqv7fs00ema.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VE7ADNpkYkvv2YdZzXkJ01AA2DsGw1+gYggrjdAaLRiyNC16JN2fY5Jbq7pcsCZK1ZKtJC0dNKEz9Cc/4BALaDw6WVMIKPm17g50GMj+VfkImNcsK5Ha3qK5D4Z1bwYoknz44mqbLYK4VcWLaGUMYE6yi6xeLK5srgWWjtKljlZhmDRjWIljX5JuPDzuEW1kqK80gQ8WmUPeIaGEYkIIXrRlwzqLvxP9WvsgOK3MwoKeeSgG0qR3FkICBBsmFBjbKJVtIUQU4/Qi9IaanpXEH8YA7UnXKOKXa1h+RCbuggfyYGnXfLwZ8S1Njy71dJQSc1XEHsfFub39kaWl37i7vw==
+a0.nic.xn--nqv7fs00ema.	172800	IN	A	65.22.184.9
+a0.nic.xn--nqv7fs00ema.	172800	IN	AAAA	2a01:8840:b2:0:0:0:0:9
+a2.nic.xn--nqv7fs00ema.	172800	IN	A	65.22.187.9
+a2.nic.xn--nqv7fs00ema.	172800	IN	AAAA	2a01:8840:b5:0:0:0:0:9
+b0.nic.xn--nqv7fs00ema.	172800	IN	A	65.22.185.9
+b0.nic.xn--nqv7fs00ema.	172800	IN	AAAA	2a01:8840:b3:0:0:0:0:9
+c0.nic.xn--nqv7fs00ema.	172800	IN	A	65.22.186.9
+c0.nic.xn--nqv7fs00ema.	172800	IN	AAAA	2a01:8840:b4:0:0:0:0:9
+xn--nyqy26a.		172800	IN	NS	ns1.teleinfo.cn.
+xn--nyqy26a.		172800	IN	NS	ns2.teleinfoo.com.
+xn--nyqy26a.		172800	IN	NS	ns3.teleinfo.cn.
+xn--nyqy26a.		172800	IN	NS	ns4.teleinfoo.com.
+xn--nyqy26a.		86400	IN	DS	27565 8 2 CB10EAD52DC0AB87619F0ADD9400977114E8AE84FBCC3C3A3C84674BD1C3D7A0
+xn--nyqy26a.		86400	IN	DS	38734 8 1 D1A95D7325518AC05264A89C41BCB06FCB34C4F1
+xn--nyqy26a.		86400	IN	DS	38734 8 2 F0E7B5258AD4D9048D0562A0C7D5AE30DFD87967A515AF0A256D3A8BA72ACDE3
+xn--nyqy26a.		86400	IN	DS	61705 8 1 8D4FF5A86429FBDF7BDD44C05391B08A3594C09A
+xn--nyqy26a.		86400	IN	DS	61705 8 2 60A626B01624F7305E1E22C1B04DA36C14BB501A3A6ACB76B40AF73AF445221F
+xn--nyqy26a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t373QvkJdmJdMf6MBldz2ET90NiyvxuGMpDnU4UFYhZGGBOeHK95F/JXGr/OwJ7L+aPvTyIVZeBqmni5kI/nyy5jHAjht0imC8az8u68CKFbs2Z+C/asprpYN3CKfJvPuUwqxxnvVC8IFdotgUZ/601KFZb2OueMejpEACIc+MGD5TAZoZ6kKtXaIbiynfUSmizur70REiSGSuA3wCn0smZvbCM4f1eu/mtF8BlF5sv7VWnVGsKwk58sExz1PvD0YI6GK2Njt/clg6sLMZ2Y0DRH8jZUlZmfAaF/VKeuykphvAW2Wmtg1RCKcfLu6oZ41m2Mr35VI+5nfPzKLliiOg==
+xn--nyqy26a.		86400	IN	NSEC	xn--o3cw4h. NS DS RRSIG NSEC
+xn--nyqy26a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . H7d5yG+jd5kWdtFA8ozD5oljNjPuvZpCZ0erQ9nirbD/0AcLDXbHr+9KpaCGcbTWZpUzMdQ6VOlpd4nIdfqEBGJQHuwpfSNFB5xLhUmzM5L7joHgho63oeUaRrKwsF4mNvNELuvtCsdxkwucwnnlAG/pXrmhc+ztQBoFwJkigAPKSD+HgI3yCdoNZt+e1WpftVgu3knfjZjU8pXUgwF4o+6oXCtwFPxW6QMser3oGPq1QkLlq0g8fiSjkWX4FC0gBETKMdpgoraKe9U1PveNIP/k+1PwqgulGNBr+AdM6EyNfWyo0TGTwKknDZrfZBkP+JpCX008zTCdg5BC0xdfog==
+xn--o3cw4h.		172800	IN	NS	a.thains.co.th.
+xn--o3cw4h.		172800	IN	NS	b.thains.co.th.
+xn--o3cw4h.		172800	IN	NS	p.thains.co.th.
+xn--o3cw4h.		172800	IN	NS	ns.thnic.net.
+xn--o3cw4h.		86400	IN	DS	27061 8 2 53856679AC45EA6562EF4ECD2DE7AEA57D786870979F09C4BC1D5244C2E2A9C9
+xn--o3cw4h.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C8k6itrbwqMJNuQv4eu0KhD4q1moHNPc2YuRc1OkfY+pIXpTICFGzbpXPMPhMEmI7VOsY5uZiCfwRaa1gJKQfMFT6gSnFt+86yyJPnfyFnvIu+cXVDGrB6zYbg3q7AAVkRlzAFhfPDpMotUTaY4nxOeMdzQEW5Cs3ZnwtYCmWQvEDwHdNB61CT00zYouWGQAz0F04lsZeB9ix+RImjxGC5KKZS7y2ww4+KOE9TfLSfBnc934LLeusx/3Sc3suot3Rm8MufoERHk8Y7usU6WuK2RAS7A5r4mCOYXs0ibVLXeoaxTzPpj04I3A/eA2MkuiRVXrHqn/mtj2SK0eSNI7Wg==
+xn--o3cw4h.		86400	IN	NSEC	xn--ogbpf8fl. NS DS RRSIG NSEC
+xn--o3cw4h.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ylAqPA9ZaxY+5yC/uS0/VszULJZByryOznlXAACmlFKayN3OKfyAOQGCkwaQHvVCu7e2YoxdpuCR/zmugUZsbpKIsStflblqRyNRW7THNgB7g0+4ojPJMraNVwgBMojfMRlWy+N2C9o4BDm8Ac9XDnEoy/U+dCZeW8HQkOsLn1p9OqvPXs0tjPth9iZxC7pZBoPdxWPbC547LWE20TrCqKLR2dYiZftjFVIMjCiJyeSwxD8yl+FGX8lo4yZc/pOobDwYN0a1q3+LavOFZgWtoTqpgKNY63kh1g1mI5oCauie5PaN3kYdztWywYfsgxTVNN+nWeDM7yQq5lklJ7fnAQ==
+xn--ogbpf8fl.		172800	IN	NS	sy.cctld.authdns.ripe.net.
+xn--ogbpf8fl.		172800	IN	NS	ns1.tld.sy.
+xn--ogbpf8fl.		172800	IN	NS	pch.anycast.tld.sy.
+xn--ogbpf8fl.		86400	IN	NSEC	xn--otu796d. NS RRSIG NSEC
+xn--ogbpf8fl.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hMVi5AXP7z+7H3mqcUZrkheuoR46xPF1t4itfAsX1AxORVWRzBB04cuC1W3Cq7FT5BI6VH7V7/NV08Uo/qvawFWp2Qc/9uOoXH2dQklFyUZxeFLJsgbYX9oe6Ji0nCDPv8jsuDfUN1O6pBeDCy1msRYbK0zi3LJbGato7qFRH0OYsJPV5hyqgTK4cUiQQhB+PhoUhOllGAJAjrbqyCYsxTvUk98gAV/BeKD1UcNz/ylD8VI2QV0iSmzM7TQ3ArNWUcd6dh6+SCJnfOVTTf9xCL96a6j048tHzncsvoiFWAM7L2DcHfZdAKYHTgLCNLbWFGmWsIvGMgzD9gc2bVH54w==
+xn--otu796d.		172800	IN	NS	a.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	b.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	c.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	d.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	f.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	g.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	i.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	j.zdnscloud.com.
+xn--otu796d.		86400	IN	DS	61882 8 2 EF3F494C35F4C2C571A0E5644F6E2760818F2EB7B08E1B05B522D995022B6786
+xn--otu796d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DTiRrjFIpw/Bqc+7owikGf/2JtEXuvFiWsVUsIBzkv3IicVZLm8zE43RUlCi+dY2xBe2bkTy6g+rpck8w4T3A5GD7jnTq+BhJ7sQVb3LlaAeSjrSnWc+yk+SBO2/wv+RpPhfbfOu5eQzRDcrXMa1atR4lo6qIEXlrg1jr9nAdbjmYRXS+7tB4JSsvIDLpUaUI7nGJH72/Yi+nmy+HiSEhdD5iojYog6xxnXG5ctTi4nW74bO1j2jfL1LrT/0+BjLB7bv7olTfe/xr0PWzPG0h9lzr37OOZra4vkbkqA0OeNaeV1m0a0bvfhfUMdvQzDhfqNJQL4e4G1P8qK8luHUhg==
+xn--otu796d.		86400	IN	NSEC	xn--p1acf. NS DS RRSIG NSEC
+xn--otu796d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d1kqmU3M/BMYsw4glf052BlqAPI+UmUHb76IEB9q0ZQrtgHKNJlQWZgHmH03OU9FCaZXmUHmDqIcoLgoqqM4FuFp9GtMCZKzl2+Xx57FaskMkDitQfmrk67XWP4U5XTGSZGUgmPa9DwB17yZIccI0ic3LEQWka3JKlmjcHgS3Yv0SLIGv5kX0Ars1bEnlPLKbkBRo5YB7DSi9V9OxXIOddXkhCBS6VJdrc0+S2T4Kg96DUs+GFkq7ZQaMPUudBlwOnBL0yDvX4B/ck6H5W2IesGvozdYxniDWoJ0R+CJlFI8ZNwrKXj7fmZB94BbwPI6oNZ+oBGdUoGzM68YlrOrBw==
+xn--p1acf.		172800	IN	NS	ns1.nic.xn--p1acf.
+xn--p1acf.		172800	IN	NS	ns1.anycastdns.cz.
+xn--p1acf.		172800	IN	NS	ns2.nic.xn--p1acf.
+xn--p1acf.		172800	IN	NS	ns2.anycastdns.cz.
+xn--p1acf.		86400	IN	DS	11446 8 2 C39B9FB91B155CA7FF3F84BC7F7B7713E8D3B40AE9B7B0D9C3DE0FDC36FA325C
+xn--p1acf.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bNK7Q3nwBGyyEtyvlZ6zmL5fB5jT/8La9KHFbCSHplLnYasnhSPxD+rOI0vJpw4BgyMyWayKCHxPCdKyXEsVRO59KWDnN8p1mAenguYbN5VqInfAfWMWrJlCaevvxe6JdcW7NixcUlET5Sx6KWBVvqspydll0+5WjQkyl8tfoxhKH71OJCXR2h6KTn83tvDlkx4lBcLUYrI+v3op7FgabzUY+KeikySK3O8aNThn8g2OxmITEcxCNhuXeXzn9k1tj1XT01fVW0UadAixPXyh3S6E3GvV55yJwgFxwgXhi8i49NcSrpulq0eQGnNln+un65KsousRvxrGc8br3hzRNQ==
+xn--p1acf.		86400	IN	NSEC	xn--p1ai. NS DS RRSIG NSEC
+xn--p1acf.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zMzOdUVlV3EULNWO4zI5gvSTx7KoquTpGa69Ohz4tnNgaN5cY+QCGFbNIHAG3T5JXJPyFDoNY3z/+TBXkGyirFY1Amndgy7oIzi0cdBjqfnBNJkQCQ6rHL9f+S72UCIfxHEtTp27XP/K874Fa1pFk/QVz8+r+UbN49GRZtq1nrhoxapo9d8080zAKrQLf+D0PTz1xxLyD9h+4xqbr7OXydmswAxSQrm/Y+uRnvJaHBsh2R3I2jDhNdgK7lJLatX5khc1Tyv+hp+9cZ7Of8nbwd4TJzbP56DRRiCVf519fOZJ8lcUpZCYWW58Vp7h53/EApCiWGYvWYgx/Ehysrju6Q==
+ns1.nic.xn--p1acf.	172800	IN	A	72.42.113.2
+ns1.nic.xn--p1acf.	172800	IN	AAAA	2620:171:d01:dc:0:0:0:2
+ns2.nic.xn--p1acf.	172800	IN	A	72.0.49.2
+ns2.nic.xn--p1acf.	172800	IN	AAAA	2620:171:a01:ad:0:0:0:2
+xn--p1ai.		172800	IN	NS	a.dns.ripn.net.
+xn--p1ai.		172800	IN	NS	b.dns.ripn.net.
+xn--p1ai.		172800	IN	NS	d.dns.ripn.net.
+xn--p1ai.		172800	IN	NS	e.dns.ripn.net.
+xn--p1ai.		172800	IN	NS	f.dns.ripn.net.
+xn--p1ai.		86400	IN	DS	7900 8 2 383545B7CC236FF2FF20FB9A035A650EF9F2EC31C8E8BB765292AD5F62A27FF1
+xn--p1ai.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F/5Qoq+hkH0y7a8v1Tp58kEuhsp1iQo99ju5tcERpHITRggrY8rT6SL6jLkEoQ1kKqsAbfKePJLmnei77bjWUzzoXZfqKmnSlO7CSJSHJitp/i0qmjWBycpZOsLJR7H8ss8fW1/PIfJprcNs5L+y505I1HazKQbQ7UDq6TJAlZdaSEv4+7+OHZSYDRdQ7fI5mH7KDJ4TP3uoFzHjSGXn9qzuggCEXlSMdvrnVtK+rYeY9xROvXIpfr6azao4tpeoJsTOaoETHAWKTR3aZYICPSVCXcwS5BdDkpudUHeIVZaeJbGYtIrxWD9lFgZkFt+ZT+acBLrfFV9g95B0jUH3tg==
+xn--p1ai.		86400	IN	NSEC	xn--pgbs0dh. NS DS RRSIG NSEC
+xn--p1ai.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Az1vYnnCRHUIGQ67TdFIY/6nYrLFKV8XbE0VOs/31KgiyRo7L2A5+rPXsfhCWVx9vcemA/bw2qR1Oi52wxv8SYQwzG0id1NreqMcITqcL4euX2quWHkSvsVdWtqPDGzpMzX9mGmY2ReRfvZhhnJyHEVkYmJRf3SCkQbyUWF9E77PL8OJ8MS4ARYYoxRqjz6R7pi19AhDIO/s0QqXuy6Cfgv4JO4CnA/V82+vNWsjIyOvFXtIioMeG0tuYLOzX1H5SQCir5sh3hRR7P72VoMSOUDP4jWNdbZyAYGTdUJ3QOcspZKEDwXYcZ/95w8UhBD9mFi46GfBjfiHGlZRILIAzg==
+xn--pgbs0dh.		172800	IN	NS	ns1.ati.tn.
+xn--pgbs0dh.		172800	IN	NS	ns2.ati.tn.
+xn--pgbs0dh.		172800	IN	NS	ns2.nic.fr.
+xn--pgbs0dh.		172800	IN	NS	pch.ati.tn.
+xn--pgbs0dh.		172800	IN	NS	rip.psg.com.
+xn--pgbs0dh.		172800	IN	NS	ns-tn.afrinic.net.
+xn--pgbs0dh.		86400	IN	DS	23341 8 2 D7A6ED1FD619775C26CEB15A96586B3C1D7AC38574E44F1ABC100FF2F50198A2
+xn--pgbs0dh.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SFxBY5wG2h+IUuemjAnO6j+1kxf+L+R4esgbfRGSkPk65ciVyQTbavhVzSWfDRriCAaMr8+4ne5oSmA0JeBqOfxZ58psn0/LXxRbq55oEFstonU7ulZ/420jn3sp+dbKyr3weKTXV0tFfVfGrsVYg2AR1zAd+BdsSZIdZOpT2ozHZonLtw5gIhlSCz8pKNE4ow1Ur9TyyN4NzWQzIKJPJRD6BBI9hjaC54ksshsxqJJrMRjEDjnLQfAF/+CNd3kebMnxw1Et4mF9OnoZFeqxtWN8I3GdRB3d4kzaLyC3ZzdPl9h+wxq4UUQv+vFf2zSMT44yvtN1dcX9eN3AwKEXHg==
+xn--pgbs0dh.		86400	IN	NSEC	xn--pssy2u. NS DS RRSIG NSEC
+xn--pgbs0dh.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . crq0UKndjapsPHfWO4E3AzhtYJ6jGTQQTC0rn+smilcMFtgzPhyPN+b1YuA7LPT3iha1ZVe4QSXhxUdkZllDkPDFsopkXxBOltF3ReiiVdHf3FlIw7iSXLATFmtbl6dX3zdiyXKaUN/pUN9zoCMcuQNQVP4vU3gDycCpzH0UzjvbdQ2tYQGkyeDkVWmW0NN3K+Du/sA3di9Z1XSGwUehGeP1q2+z3HWnD8F6slAuDRUyuJZx8xG0JR2iszVvvKrZimmTcG36D5i1/BTXKLozFb2YbEkM8GREtHk/xaJzzXy1gbFJcx/Z71YJw8iWd2Wl5K/V4VsSpoIgSXD+5cTCng==
+xn--pssy2u.		172800	IN	NS	ac1.nstld.com.
+xn--pssy2u.		172800	IN	NS	ac2.nstld.com.
+xn--pssy2u.		172800	IN	NS	ac3.nstld.com.
+xn--pssy2u.		172800	IN	NS	ac4.nstld.com.
+xn--pssy2u.		86400	IN	DS	39624 8 2 C8ACA8ACBFAF0BBABF83AD3A480DF9E961364D1BF326C953F1CF9597E844C95B
+xn--pssy2u.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lev/sFO86YvvuDQCOCo56FFjzadDe0DgZ8LHlPtHmkJYoiYcMve1ZUSaVAT/bRN1Y8sO9/5glt/1GZB3jpzGeptF0TMQ4L0cNUiX/mv3TlGtHqt43cT0v2krumuZyLnzce1MG+r3RJ9XmbCEhRK/7W0hPGV2VvX9WBdcgyqSgW0xiRokjF+nrvTVEbylawlpyfrRzFO3xEp88FpJR1aSBH6hh/67xplguJ+lqBOgMKSIhfxS4kjp22ngE8L6NNKEZb2uuuluq3o2xBWaTuoOI8cfYb2T0TdZYjfLzEcIB0oET36bIrk3c4ng9TYth3tXFfLyQrGEbXGfD8w53OMVKA==
+xn--pssy2u.		86400	IN	NSEC	xn--q7ce6a. NS DS RRSIG NSEC
+xn--pssy2u.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . W/4qHzPlI8T8DRQ+VXnrdWNMGW4AsLm7MNacI95rJgltc+bCRGx9MsEjD6MjcGUw0+63pH8zBBIJ7dscyPhf4vWH9HlEHZI5HXteG7ms3dztjsVDjrRsrySLobGCqCHc9BTJAAAeo4APMAy9MzvdnWEL00zm0EsTULc+IjCU2wxR5c5G3xAYDNyFaQVc651hhhuVCiJHEx+0QAakbvIhVXg9M4cUCNn82iLCxfyXdgFrqaqHFcQMLH5mPAdN9eRoHb5YYs5i0l9CmTtGwrLmMfQi4sTY99JoCo5HmFEnTLKdIu05p+SAd5ksT6l7kw34rQfLHV5kxslhtJovJAb8LA==
+xn--q7ce6a.		172800	IN	NS	a.xn--q7ce6a.centralnic-dns.com.
+xn--q7ce6a.		172800	IN	NS	b.xn--q7ce6a.centralnic-dns.com.
+xn--q7ce6a.		172800	IN	NS	c.xn--q7ce6a.centralnic-dns.com.
+xn--q7ce6a.		172800	IN	NS	d.xn--q7ce6a.centralnic-dns.com.
+xn--q7ce6a.		86400	IN	DS	10705 7 2 0ABE3FC3E0D788CC7EDA69271C7ACB9ED5D23460D381B86253B44C57716A89E9
+xn--q7ce6a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TPD886uTFSp6yBAif7vDO3VqMVGgABGSieae6OL/7DN7FAijgdeRnt5+7oPE9+Go7a480Vt4lCpV6kgOEy7mspRRVYhH7npngYeBhOxyUlhvSjOjCprnnIEZ6r85Tb2LmlHY1amextAPDKm20eg6PA1El9yJngVLRUfl+h+/YDHDTeZCqNMqJ2+tXYSS2u2gG0nuL3B8fMw/pzUS2m9d3JgC5wsB18cavycTIc7awlqaAlBDRnqjgogR/rLJmd5+rlleaqJeU8CijPWC48GfMZNaYqWDBZrtLoArkvAzgVyAD7ikSZlBiO6/ainaoFD17W+t9RjckLXsBFKLn0e1gw==
+xn--q7ce6a.		86400	IN	NSEC	xn--q9jyb4c. NS DS RRSIG NSEC
+xn--q7ce6a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U/AszEp+Z+O3C4eAxHafsanf5AF/CGUvi7fpkkDyBQIUQ6TDA8Qr3u6TAn8sHm0dzDXa2yH/yCzb91TJuZUPmiXKbFesOF7pVvR2jc3nDXHY3B4W2J5/QJAbeFC4UiT4ss0k75e/zo2J/iXpr8pITVVXKuS0lFPFGcvCkfnsMM3jiDusLsDrGyRuzSiUuAo807pbocNkDdavRTEsO5RHcsSd6UxTSJcaTY0sEOrj97hp3zPeeBf49QuZD9rQuGuuifUziqWj5Sn/lazOUWzNbQVDuU7lOgPi6qnJLtGtBaLUfKVtRl38rDR5B7qllh/OJHxaZx1f8R2nYABjIivAzQ==
+xn--q9jyb4c.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+xn--q9jyb4c.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+xn--q9jyb4c.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+xn--q9jyb4c.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+xn--q9jyb4c.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+xn--q9jyb4c.		86400	IN	DS	10159 8 2 2EC8C0789B0F4DDB281709A6B6D8EBE6259C0C30251F26F9759F29C6B93B7DF3
+xn--q9jyb4c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RjAN3vpXJzRysM++DxkS9d16+fOk1bYoD+ZNczgQdjeSZWWHVGy2AXaW1Fq1QWS8WKz9rknyTVXwLN4eQHefErmLChnfmGiXCb38kNlJHKudRdKDnH4UuJL+OLAg6furBlo632cBbqgrwgKYeKIU1zbEYOdrlzbLPTZFZNorE0T8jCplStdets6FFGjoF1CNVGepwjpNCIlw0cka1rIdpQxSL3CN/8IADSfhOoWW+5bdyA7maq9bICZTCbeGfMd2xdoPyeRfAaNSr8gvQjQSYYwBPgUi291cGBDdcbgXP8ipZfopk/Ce53TjxtJGgJOMnQcypsSN8YSkTbT3m7dOcg==
+xn--q9jyb4c.		86400	IN	NSEC	xn--qcka1pmc. NS DS RRSIG NSEC
+xn--q9jyb4c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MT3nVS/n/a49+lxU5zUdGC5715me0uvxL8aw9Zai4rRnRiBa+6E1wAAHWKFhjp44snpbLA4hlX1sGKeX5Y/fjX5B0rrVtMP+EnxRSXtBi5zWNRHv2wW1XyM0HBU4JgamiOMAswWkNNKh60mopYY5bg7Rr8zP6vPoT52UhWbBuEvcC6F50VAsSF6qJgQcvaBuqVyCl8NCtOV42pax8tRMNyKcEqMz1XzQtF/yKHr9kk/GzmV2dlVeoYCiL8hYu/3Y+PWZhdK6x3cyiYGtLir5g96xwVAbFKWe97df7vSzdy79DdXiS3tNoBx3jDCNCKSlSiGbWuVirnZPi7oCFCfjeg==
+xn--qcka1pmc.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+xn--qcka1pmc.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+xn--qcka1pmc.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+xn--qcka1pmc.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+xn--qcka1pmc.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+xn--qcka1pmc.		86400	IN	DS	65200 8 2 4F705EEF39238EF3192218A9BF4FA3789B1557CFC96E8EEB86583114C02ABF50
+xn--qcka1pmc.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WsjfOHAKq3OUZ57VSio79s4UMci9A4x3U7cw5DKsy1APNCezuFiRxJzaITudEYseNcXOSBFuOU0iQV7MIVyb69Wu4kb/GknB+mG7H2WExAdrleUnsihn7U1hxKCADXAUK/fgwChGkO3TmMxhFWauqw4BnV6JTd9h82WGGaYBYap3XajT+bC27V/qmbBaHR+Pq4eynSyKxF8tuB5xucwRAIqA2ZIVHmVCd/5J5fjCRK9V1P5LOp0EDXacevur2xdBll1PZx/rg+QGdUGqFk3XC6M0hVUlW6zS4ee4WfX4f3PsURcVoXuw65pp/Zc2apyrbgOMDg0bwddZmlZNbtRawA==
+xn--qcka1pmc.		86400	IN	NSEC	xn--qxa6a. NS DS RRSIG NSEC
+xn--qcka1pmc.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ELPWA6CGp/2C1PNpA8PicJ3BbT472SINs7pX0vB9c8VMIukzgya3zs2YWHulK/CXTJdSWa4G3Dv19HmOY9bh613y3dSy3XeV6cPd/SUHrmwg93eY7ai/3F6rorFjXqQBVVegamif5lW6jblsOrUnATW51d9DQYdBFKnAhA+a/jsbTuYdPmce7opJVY0I118wlLOXWHTG1Z2LIj/Asrl7L0apaY2oQpDMkwni8dIOSU0alZPwQ/BywjP/Sk5Pxx0wyUkddqv4wkfXMa+ooBZ1NpcsUOD+Qg4/M9TozEhDg9yQnyWgN/jJnIMqQzu3ReBliW45EjVjNYiJpMXmhkGYcQ==
+xn--qxa6a.		172800	IN	NS	w.dns.eu.
+xn--qxa6a.		172800	IN	NS	x.dns.eu.
+xn--qxa6a.		172800	IN	NS	y.dns.eu.
+xn--qxa6a.		172800	IN	NS	be.dns.eu.
+xn--qxa6a.		172800	IN	NS	si.dns.eu.
+xn--qxa6a.		86400	IN	DS	28624 8 2 248CB7496D7D6C9A4C0F2BC97187E1EA7A4F9F1ACEFDC745680875E8A009B793
+xn--qxa6a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lOuv53In5mgdEtgSzJFWizHp2eOI4xTY0Dg46+5q649CwFekY9OMWhxG4Ty0TWXuWoYjUuWnOM8u4xUhsvRrBbQjxCz59bcMvgRwwHV05o20nSfvQUNWBCh/sJtsher0GAPPfOVvG4Q4/t8EEN+YwmB7HP8cSijVJqYf+d7I1gz/Hc6CCebYjlEg09LyP4ul30zZnFeAPHcsoYYgFXAQjelzkEPjHqV37dUmUX1UXso8rSine2C1WtFdKR6A28vlVGZOWQEEN/6QEQ4JM4BcL3cg0OQbaJU7hstrDbbeAiwFN1qyzqlO8pEJvYZWCyzIR4CSq/mz2Dk763uuKHgthw==
+xn--qxa6a.		86400	IN	NSEC	xn--qxam. NS DS RRSIG NSEC
+xn--qxa6a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LRWzurBm9iew623xSg9uNJ501PyzTq/hinYaLehchmI6n+qZApglvuubgkjvIWFOlWLnbgmof6+JuYM98o923E+qSmFa59O5Shs3tQPuZotRBGBLws3kwCSKk/JvhM7Pn5fw+UmbtLOmSY9pSZOQitLWb2zExoKcPJKiMklo1WDXQUQfbBwoY1cZ9m0dRYikZHvooJzzfJVc4XuKTrztjcuZSqg3v+bz2aVgvrt5Op4iqJemuAmA4sw4FVmYfnfwQNwlGV9u+odhH3i6pPeUJBvcQNEypE+2lVJzoPrOJta0mRd26gPn1TXuqcM7uO2wNiUe+9ckr681/q6XBQMKCw==
+xn--qxam.		172800	IN	NS	gr-c.ics.forth.gr.
+xn--qxam.		172800	IN	NS	gr-d.ics.forth.gr.
+xn--qxam.		172800	IN	NS	estia.ics.forth.gr.
+xn--qxam.		172800	IN	NS	gr-at.ics.forth.gr.
+xn--qxam.		172800	IN	NS	grdns.ics.forth.gr.
+xn--qxam.		86400	IN	DS	10384 8 2 10A432DBF0112CE38A83CED26F36CE36AAC7A3D37CEC8D07583C01A5E9FD8ED1
+xn--qxam.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XHWsDHPdmV6HwN8jZX1MaM4UItyphwdOJpm/zXQ2y9LhCpDWzNXEG+Fy4N4Nn71KzXgEbmQNZWwHatoSqMNNAdXmrIbt/RWfPPkJs+RTaMl9Wt01v2pli4bNHEXnDc29FIGYogksolT1dkxlvw8BJHFNhRMyTzwhagnXq91u8XSixvO/+Mpjk29eHPAM+X0mRZif3lpGNaOIYCaRHS8OgnQ6AhpnUX4cw0i3cEzxtYjrSCPum1St3ksKXsd8fQ5c0neyxmMoyN4toj6o6cqeBC8co+xm3yhfKXo6E6T00he+BJahlnuBxeTbJQDR4aTZqyEQUmmtAVGpCrL6zPuXwQ==
+xn--qxam.		86400	IN	NSEC	xn--rhqv96g. NS DS RRSIG NSEC
+xn--qxam.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Bry0Q8frda9m5Bl1Oicy67KuY6hq+/Rl7wX+4Q+RPmMChE8mtt+xBjiwlwW6W6sx7kjLmQsYjOUs+Ji+pyafxgWj0HqoZxkBoxjK402xdTWpIkRrMnWCRDL72Xdpdg/iljwJduXhUVtCBtweCtmqIxtDX4H/vRUb+EiNb06PDe1ojhBGGCTgxyGh5XRyysr31hXJIDbAdVo6DyFp4gVwA6hZhXustaJPy88IugdP+5pzatkKsHv7Gr+GK99w94pDBVlZJSjXh7+kcUPrfwY73T2H0P1m/xCL+KsUlSnLGN+sbUABNAtxbBveNGQkdGI1Sg9gmldRfI+lmLCendFpRw==
+xn--rhqv96g.		172800	IN	NS	ns1.teleinfo.cn.
+xn--rhqv96g.		172800	IN	NS	ns2.teleinfoo.com.
+xn--rhqv96g.		172800	IN	NS	ns3.teleinfo.cn.
+xn--rhqv96g.		172800	IN	NS	ns4.teleinfoo.com.
+xn--rhqv96g.		86400	IN	DS	167 8 1 5A8EBBDDFE4D0E442138737A5FC1D3E34EBAE03F
+xn--rhqv96g.		86400	IN	DS	167 8 2 34F9402AB776FFB050D28976320570ACAAB0AFCE393A589494C7CEA61DA3D53E
+xn--rhqv96g.		86400	IN	DS	17089 8 1 122B5A9CCCDDD8FBCA1164643630FF6D75D856DA
+xn--rhqv96g.		86400	IN	DS	17089 8 2 0CAB870792E42B0EF02EBCEF64C3A4FE22D1BE9EF91DD64004473741347A11F4
+xn--rhqv96g.		86400	IN	DS	27565 8 2 B53C43C6B3F1146CC9969545C292FAE4823D43B81DA05141646F837451E92375
+xn--rhqv96g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zrOAsqxqtkcv26R10mxT/nhEBCAk3fxuJyvbA+KSwy3ZlTUrwym94R5hEcIpV/hmrTW1T6njqBOWLJr/UBk2pK44f6OIVbjn+zPl4r2RFcDyxP+JrJPDMaVZpCKZRsBny9zvIKIv4qqm1Uw0ujPP8qVRN/T04Ot9ifwQMzw0mmvldqgokIaJLje2EnfBWxUYG9v7CtMnZG1/Jq22TgrzMUAvKpIKXWLJCDrnfKUqe3TWc5cAkbWQibkLpAKvdVq63L9jfgX2k3iLKaOpFp47Sjm1OlBviKJ5Fk+VK9u4i004xS22JWDVfDFlSRPdduyuT+WpRcgA4wOfEVh1j+1lAQ==
+xn--rhqv96g.		86400	IN	NSEC	xn--rovu88b. NS DS RRSIG NSEC
+xn--rhqv96g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . q4E5axd48OD1sNCe4OukizG2T9qmRfInziYH7Y4PX4sVPI+aM13csRLVCJfDJ9IVfYy3ZcYpvsPTeDCjVhCHyJc0neRzmb3EtwIrWQyZMMR0wHcKy6acBaYNK0mhJpF6+gxpQ0iecUvwYIk8qSkkTCQtfhzvDq3c7XzLe4yy3yAMASbrB+VkU7nZBYjquLEq+U2SqWJtSjwNntfCFsiZpqRu11Or9bsMSSkk8XeU7mV9utpDkOj6otfO3y/eY/fa/VJ1IkxzQq/mvdPISbS842QY1RdkoldB8IXuvf4ST3syc9QKgKeM2RAT4eJ7D5fdebOXwXXprJDavHPGgCpiIA==
+xn--rovu88b.		172800	IN	NS	a.nic.xn--rovu88b.
+xn--rovu88b.		172800	IN	NS	b.nic.xn--rovu88b.
+xn--rovu88b.		172800	IN	NS	c.nic.xn--rovu88b.
+xn--rovu88b.		172800	IN	NS	ns1.dns.nic.xn--rovu88b.
+xn--rovu88b.		172800	IN	NS	ns2.dns.nic.xn--rovu88b.
+xn--rovu88b.		172800	IN	NS	ns3.dns.nic.xn--rovu88b.
+xn--rovu88b.		86400	IN	DS	247 8 2 74E7CC2A18827E9854E1F541072FB2346BBC81286343EDF089D7C3D9A24EB9D0
+xn--rovu88b.		86400	IN	DS	5119 8 2 48BD313E429D3C9E64D4DF6C2008EFAD55FE6D5FF0D1EE43CB991B2F4AEE8207
+xn--rovu88b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t65HRiH3uDt3XttQVnbja/41h4CGOVWueHcBKhyEG3Yo3MrRw8b23NDfB9Z5+aVjCgbaQAKqUYx6rUV/haHPp7p4fF0a2O3RdieWm8bt3JlCZ+t2eF0P783sUqLukAFndOVwUK3mzLenNi+ElD4ZiheTU/RNA+BfhGuBE9LPpyLnwZQT/8geSMZ4N7Eh5VCEaE2QeyHcGX1x24qIqnfcl0Qq9jDGZH+jdLn69Oz4k0cTJDUbftaV4aJD0+Ie9BR3bHQf4Px6XwR7hBPj4VwSfQKq1GEXtOGfsV+nm22oKSByVg0uVpAFaBO6V3vVoW8D1/hgFpZokFwr9VyFSa5EQw==
+xn--rovu88b.		86400	IN	NSEC	xn--rvc1e0am3e. NS DS RRSIG NSEC
+xn--rovu88b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EGjB7kNoXRwJ1tuQVtUupCZYQbxMzTYyAOrG8rkraddwDQuDx46utjFcA1oMdcTcT+582MIrPkdp1cha85P5LLD7Rplhtq8C2u1HoidGMCn+2Dcom/nFBR3c23MesB5aaTn4kzCKbx8DDaEXqbxzjFz/6iz3tuW0XNgAT7PlkbcS1IF/yOmkMESiKVbZOb3olQOFEuDxrgif/mYdbnffcRT23gQQhhk3H2az7uBYV97FUrkmNDuNDZ/yfhUxr/WaQDwqQXcLEqQDlGRU53gfX9MqESXUnEbE/oPilztzH2W2yiTlwTzE/GkFJCCeLtGHEa5ZEeAsXtnjvB4hNnsblw==
+a.nic.xn--rovu88b.	172800	IN	A	37.209.192.10
+a.nic.xn--rovu88b.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--rovu88b.	172800	IN	A	37.209.194.10
+b.nic.xn--rovu88b.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--rovu88b.	172800	IN	A	37.209.196.10
+c.nic.xn--rovu88b.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--rovu88b.	172800	IN	A	156.154.169.76
+ns1.dns.nic.xn--rovu88b.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:4c
+ns2.dns.nic.xn--rovu88b.	172800	IN	A	156.154.170.76
+ns2.dns.nic.xn--rovu88b.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:4c
+ns3.dns.nic.xn--rovu88b.	172800	IN	A	156.154.171.76
+ns3.dns.nic.xn--rovu88b.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:4c
+xn--rvc1e0am3e.		172800	IN	NS	ns1.registry.in.
+xn--rvc1e0am3e.		172800	IN	NS	ns2.registry.in.
+xn--rvc1e0am3e.		172800	IN	NS	ns3.registry.in.
+xn--rvc1e0am3e.		172800	IN	NS	ns4.registry.in.
+xn--rvc1e0am3e.		172800	IN	NS	ns5.registry.in.
+xn--rvc1e0am3e.		172800	IN	NS	ns6.registry.in.
+xn--rvc1e0am3e.		86400	IN	DS	44785 8 2 A6BFCE1BC1E4B74384CD0A53205286A4C56B822A29981E22A07233C9914A4397
+xn--rvc1e0am3e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MfMSL2N6Xt56Ks14g4Jl8L/Hv4jPFOio7dO7EhGRi5bTvnsD2NC8v20akCswJjL6GnSw/pauXY9X6T5JTAhw6aQbEA99Pavb++5ckzVcrg+o9SMTSdbgHJ1W+Pgq9xvT3FCHmgLKk8ZWmzhOA+qmbX8xM52H3brqROzdBu1BQx0ppS6w86EQM9BNkB4BCuQlUhXXY5RLEqD16gVuCEMHN40BgsO5GCD/9/jE+N8S47oavwdlbtnkz2WEN4g6dU6Mj6NfxziplAEwwjEpod7z2mUsNdR6jaMao8uY1NyoOlCnqkma5S85WsQi1a2y6p4CVDBSS9Q/lqn7WM2yEtCibA==
+xn--rvc1e0am3e.		86400	IN	NSEC	xn--s9brj9c. NS DS RRSIG NSEC
+xn--rvc1e0am3e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bhMJ+NR4zKRH5siewIFWN1NG77nndYwZQp/ZdUJRS9C62rk/lZ61IjtY3eK/DA8EmQ+5RK3QCY+rcVdFbox8TO12QwIWG0LYTzjZ+gaWk+4PZSUAgPCT2i/xe6J6I4W5QIBUk1+j5SrFfGfubIM/GXplmKBvluCrIZVuiwlsZYFgtI5jZTM3a4fvywovRKk/OVgTLR/vTM73f3HCz9cIkciuad/zh4uHkIgSco7kANKG/EJVquCpkQxbfplbEqQjTtIs1kKZrIwrpGiTO5PWP2h3+LPqFewP5GoxfEvdKUI52rSnr4MCZlf/jJM/+esx023W0pi0KUtujoI9fYj36Q==
+xn--s9brj9c.		172800	IN	NS	ns1.registry.in.
+xn--s9brj9c.		172800	IN	NS	ns2.registry.in.
+xn--s9brj9c.		172800	IN	NS	ns3.registry.in.
+xn--s9brj9c.		172800	IN	NS	ns4.registry.in.
+xn--s9brj9c.		172800	IN	NS	ns5.registry.in.
+xn--s9brj9c.		172800	IN	NS	ns6.registry.in.
+xn--s9brj9c.		86400	IN	DS	47272 8 2 5A0F20A974FED08735863B1A312EF3582290C5A25CA6FA79C32FCC3740CDBC3E
+xn--s9brj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OFs6tFF6bXRiCtqguhOrCf0tf3d+SkJLijOJP2JM6gEHRFMDntTeJTtAM4prZOJqPeblWoV9vKAkWMuTHOZu1dNPgnywaOTMV2L05eVykdZd7GqQKR5kVU/99TCIikj7zyH0NhLlfTA6HtjJ8Dez1PEhTKsYDWytZeWKwNc9ZTFDCYBpM6YQy3xNbn74oOHGTQngI6crrUv+Vxscn1fUhc/bXQVTPyhST7yil6tnH3ozzY1OcWGSHRcUvE5jiwBtWicYifjNse1vUBSpxYtFCa5UNz8AlC6mVqeSJQ70+6g0PcdJWZLVzReqnvvGa9JNqguKcThhgMcTTaQSUmgc+g==
+xn--s9brj9c.		86400	IN	NSEC	xn--ses554g. NS DS RRSIG NSEC
+xn--s9brj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . K5owoP8cU1UnGh3Yr2HKbv/4Vbyyw0Ef97C4yAsAeujfu9+61u/99oFxQvGQRf8PmhGjQSZoRaqoKq1U+leeIX07k5WRFHqsBh3GvAKLozuNCrhM+xN91acz8x2EqVIfgpcWQsFqbRx0Y7KbgEg3o3XOZbeeZOrOoRdydJwMSpKZoMJbOsJOtIMISY6U2C3gHbR98CyD0lf6ho0Q5rtehj9txFgMj7SjRy3xjqueu1A4wvvrlS9nMB7+vmCfMOnmLq/RjL8WoLWKEAT20MMOQJH0/VTLPnO8W59Xfymcbgk9n9Ow9Ugh8A2qkJuvhI6gHY1hvq8YaXs2J1mzNhp7cw==
+xn--ses554g.		172800	IN	NS	a.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	b.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	c.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	d.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	f.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	g.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	i.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	j.zdnscloud.com.
+xn--ses554g.		86400	IN	DS	57266 8 2 A3C057A22744EB0FF0518D51E55B1271DAB9D39391B55EDC98443B22882B1C0C
+xn--ses554g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C+TqGtywwePNeF9JAMYbzbP75DxCQZz/FC9j8LogqKDaZAIWvjLsZ+D7F93oDWglR2NibYC7+NwVe5O1G6FcKsM7tDu+CJXFV0I22pyx/+ioMiqFZLSlXMZaCiWJe0Tvx9elNnuLrJkt0tPvW5eQA2ELujzzZTZJE+QYnVxxCfsjbCx85wPAay0AqN1NnCDjMTZdywMmUlWj8rA/B/wiWBB2ce5y+reRo6LOpSTmOYnKvQWr960Sav0+tr6heLvOlys+wGMLuuX3/WtoHJkB3+OLaCyzVLz8XdQC0Jor0rK9zQ1EhxyoCUwHB5tzTGwPOx49hVAmhDAZoFd1sJvKVQ==
+xn--ses554g.		86400	IN	NSEC	xn--t60b56a. NS DS RRSIG NSEC
+xn--ses554g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yPyHBh7H93Oz2x6cgjUfSvMPYVw6+67upadsns/7otiUUfZDHlLbuqNXrzp+Rv+af6UKaWS4/VeFYmRnU1wxio5ORLskKVw2S5fDXMnxOyLg5E8bqDVdLlW2reZq7avHL8GsVSRGMqXrx2APDtr7hXquHLU+cUq7E5jSe8LWhprlKwRTaAukmPT1gSEHoaVVyJT1W3M2fKmRjMwr9DNieYvD82YvCvM1gosQ3pbV/6+7MdSQyOZoCLERKpi5PQsl51hO5ZSwII7H1hzbRYlP8NXeU/xdIptpdnT0jzVGNsuXqWESYSLZJ0zMvyvYdlmALdRm+2nF65BE3dQ5OTZjVQ==
+xn--t60b56a.		172800	IN	NS	ac1.nstld.com.
+xn--t60b56a.		172800	IN	NS	ac2.nstld.com.
+xn--t60b56a.		172800	IN	NS	ac3.nstld.com.
+xn--t60b56a.		172800	IN	NS	ac4.nstld.com.
+xn--t60b56a.		86400	IN	DS	13779 8 2 680CF412999F4FEFF1C17C14299D412C149C118DB24A9A5FC14C0C7B6A126387
+xn--t60b56a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FDPZPbsBgtgPmqWv6w7deLP7VfXcwEqq+ufdJ5iYmSU9pt3qplHOyMMa/mjnf70m1Tw8oqDhqpof9UsmCkECmBDJmXfNarTrwbxKJgcl+zrDuCznL3VySvxrE9zmYLI2Gi0djp9LXIuiOc/jy9mSzTQgMw2G610wti9j7emhIKCUDZJZd2xP7FfB3tAaNZPEAlFFukc+ehZPSrBBwoVTRp1gSXffn16qE51eoLn8J8r7Rugdjl1apnKkNEQrzgOX8H69zhDCUHzhYdNmO0nU52DRgy7CQrm6V1xjxIQVTcNAwPea4hSA0uQ7rI+fXhVV9Ms1s8xb7dl3K3YcpDDGmw==
+xn--t60b56a.		86400	IN	NSEC	xn--tckwe. NS DS RRSIG NSEC
+xn--t60b56a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NHUo8i3CPoed1Xi3tKGbVNC0/xqoiBvdCaDTbsgG7vKZ8jjRyFfaxpKhW2CNbl5yREYSPa/aerlcyAwpokYYzJLRbEz4GjoCz3DOwIuRK2WoUf/wpeNR3k+JJkDlcN2st6SdztYPGczhW9xenypPCLRTqqSz+DiGKKjKoSrnjo8VxqJu49+6cYhLbNiMBAM8jqzbLMgv92cxgbWGMDD/2gDRZskK3lNg+Eiswuax/KXhDBXDYpC7WCGST89jsaKS33H2YtKF3ARBGOYLOp1rQKRkgvzNoOafLESnk2nBT283Vt5o4sgOgKekv8oM6MnO6wGgdDHOQ+X174uFNQLZyg==
+xn--tckwe.		172800	IN	NS	ac1.nstld.com.
+xn--tckwe.		172800	IN	NS	ac2.nstld.com.
+xn--tckwe.		172800	IN	NS	ac3.nstld.com.
+xn--tckwe.		172800	IN	NS	ac4.nstld.com.
+xn--tckwe.		86400	IN	DS	35520 8 2 131328BFF91843A53643BF73535A6ACB5EF32A916A23E0A7AB54794C2227F45D
+xn--tckwe.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YfeYzRzz+rtoFJ1x5wzA22vg7grx2nHBmODF3kRdexU4jPwGDkGVy8XqJ9IkP6safCQnANfSOEKs9yNzwGUlVpdA9j18S9PUVKbIT+PrdJJZQywg3FcmRbjOSCuYU7mwQyF05J41eWYeG7ZvQcGrdv2f5NKCiQWvmoDu3nFvKnXXYz70KnMjy+nI6PN0p3TFhK5mChT30DVXtIECii0WYAuS3+2yzTFDf8ioXZLZ7R46QM+C07CX7iU7OLjlMqcszN7m9a9JCvdwmEwiZP61DwM9PZONYhR7E0ocDD29Zb5nc9VzfbM+l3LjOHoqjT9rtcYIvnVq+8lWPPfHPyALiw==
+xn--tckwe.		86400	IN	NSEC	xn--tiq49xqyj. NS DS RRSIG NSEC
+xn--tckwe.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aeEwViG5Bp8otFhDpwiud2qhV6D0BO2CS2jtAbHXuShHz74n49y+uE26oweoX7eXpz2jySCJS+rWF7We8Y9t6kubXMF86t2ShCnwD/XC1npVxmsLW/Oudvzj5QwPRYaKnIfrRmrxJYwohGqvwwOm5NyDvzZIcPA6Jalb96cOP/CVIUjElfaYKrm5E1ZHL5y8sTYEW2uOuROwhfw5lXkEXLC/1dfoJ9dfa98ZOlpQSlyC3MvfqJrw83hVhuwUTuM5b7qfQ9hpLmB9mI53UnhDkcigojNj9k4YPe73KUkeGKJq4KgkTgx/eOQoMfZx7U2rVmiHD89DGLpnHlh8RUkQUw==
+xn--tiq49xqyj.		172800	IN	NS	a.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		172800	IN	NS	b.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		172800	IN	NS	c.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		172800	IN	NS	x.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		172800	IN	NS	y.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		172800	IN	NS	z.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		86400	IN	DS	2386 8 2 EF5BB5C8DBC6EDFBB51F26333F779DABB955FDBEB68F276027494846EC8ED9DF
+xn--tiq49xqyj.		86400	IN	DS	20710 8 2 C1FBAC37A1A9B6FB9DC85BA47C7F98AD7CF2D78CBBD3CDA8C93D389870616BA0
+xn--tiq49xqyj.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nMZR7jTDn1hoekVptmjAUtmVBs/JRxm7jSWSs9vZ2FN10Ktq+5ENegEyAcw35NA0f/pP1RQC6Pa97q/q4GR/nRKZutkfOh0sEzrOo/p2gTkkm4TCepRfsrtoK3i4wUGHQrLTABP2cfagLtEx+E+RPY+l9oCCBLL4Gd5M4ZBbmailgAeqSZwhvftP1S+ShEagXALp4TrqVukPgc8xEgZx/AdZnmRwns3qdxSBshJCENlx3s0tKdHC0N0AHySiTt9rfv6wtspiIUWibGBqseNQwSL27EEI4A7GrzA3nViuDVJ44VYRmSYqKofgfmwMTGXNBTQ5RK08YPgspJ5mtyWuxg==
+xn--tiq49xqyj.		86400	IN	NSEC	xn--unup4y. NS DS RRSIG NSEC
+xn--tiq49xqyj.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UFmZp1Gc0yHlVxQxPMN64vjoAoAamuSfFnzyBzL6Uf74/V2lb598ZGGiLmkpJzjDlXGZsJspWVG/FpWeXHscou6NKj8Ai8WAu5IJWIQvhxzDGWHknV+KlR+J1biNMMJ4ZELw+hrxihyejq+9tfDzVK97mBkvKszy1F3qOUM1pUDPUyH95YcDYw8DQ0kbRjarNQeX/+rcWfGHgbf0N+NKg0WkEav772fPh5C+z8QLHSd4/TzUBt06zkE2/3a0JaPSwoNoq8EnF0lTHubwCeF39ve0FaOb+Sqvvp282Sodzj18VC5TfQ64IcMJ07B110tBgH01zknOQl8PSKQvwgDS5w==
+a.nic.xn--tiq49xqyj.	172800	IN	A	37.209.192.9
+a.nic.xn--tiq49xqyj.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--tiq49xqyj.	172800	IN	A	37.209.194.9
+b.nic.xn--tiq49xqyj.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--tiq49xqyj.	172800	IN	A	37.209.196.9
+c.nic.xn--tiq49xqyj.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xn--tiq49xqyj.	172800	IN	A	156.154.172.82
+x.nic.xn--tiq49xqyj.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--tiq49xqyj.	172800	IN	A	156.154.173.82
+y.nic.xn--tiq49xqyj.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--tiq49xqyj.	172800	IN	A	156.154.174.82
+z.nic.xn--tiq49xqyj.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--unup4y.		172800	IN	NS	v0n0.nic.xn--unup4y.
+xn--unup4y.		172800	IN	NS	v0n1.nic.xn--unup4y.
+xn--unup4y.		172800	IN	NS	v0n2.nic.xn--unup4y.
+xn--unup4y.		172800	IN	NS	v0n3.nic.xn--unup4y.
+xn--unup4y.		172800	IN	NS	v2n0.nic.xn--unup4y.
+xn--unup4y.		172800	IN	NS	v2n1.nic.xn--unup4y.
+xn--unup4y.		86400	IN	DS	57331 8 2 98698BF6004DCFE48F3C5BEB164F75D63FBAC726AE652DA39AF2929A8F836F92
+xn--unup4y.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . byx0EfXb3h0PXpzqPVGilVPfjXkaH5E2ZlEZQp9lU46GGamJo3ZOEhPKM/rExuigwahr5B1EhRozLN4uoqLNMZjUUXyndXKHQjwREYey6Okb0hY3Ktk2lqM/iAUIqlqLjojhlt0LfEj3dmvbs1U+Eye83BCkkfSvl3DL5e8TOVNSjCc01jASGSPLe7R8kRSa4PsbwtOAA0WTvZNrlV9FX/L1Z+b6dLgODR4ofMJkikZFsCL1Ck0liJ4DKZwyBHdxehEXD5Spmit8hwiUDQVFXJsaA2ckg0T1Nydyxt6z4LzvnB3z5hq9s6z0TOBS9bEFQQTLK1sqWPKzkjSnW0ZHWQ==
+xn--unup4y.		86400	IN	NSEC	xn--vermgensberater-ctb. NS DS RRSIG NSEC
+xn--unup4y.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0JPwUeRLHc27h1QGJr9GnWZPCbMBSG+8XWDiHKsTxata+fuGEDXF5NYBzFLpbCIJiE9/dZqOhQXbmo5Mn52kbeE0mm7HWkP5TImQLlMC42SV2dcIyfzejXgkfREh5NkPiF/orFJUsgk/L0yFYyN0jW7Uex+H7tq040VyKHct0IgRhqhZkekOeaOS8sWhEu7nPCVo37fuXSmzSJuaNaM49VThgMmKo8IUlKimvvLx00/83DYPn0rDSUdfqwWmd0gvNJ4wogpFRHpJv5IgHXYsh3GTyKPxniscyemdU8DUfCkULmMH7OVbhx7YLFZEtsYpOcB01/RuEpY5tsSwyVCgGQ==
+v0n0.nic.xn--unup4y.	172800	IN	A	65.22.20.34
+v0n0.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:34
+v0n1.nic.xn--unup4y.	172800	IN	A	65.22.21.34
+v0n1.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:34
+v0n2.nic.xn--unup4y.	172800	IN	A	65.22.22.34
+v0n2.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:34
+v0n3.nic.xn--unup4y.	172800	IN	A	161.232.10.34
+v0n3.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:34
+v2n0.nic.xn--unup4y.	172800	IN	A	65.22.23.34
+v2n0.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:34
+v2n1.nic.xn--unup4y.	172800	IN	A	161.232.11.34
+v2n1.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:34
+xn--vermgensberater-ctb.	172800	IN	NS	a.nic.xn--vermgensberater-ctb.
+xn--vermgensberater-ctb.	172800	IN	NS	b.nic.xn--vermgensberater-ctb.
+xn--vermgensberater-ctb.	172800	IN	NS	c.nic.xn--vermgensberater-ctb.
+xn--vermgensberater-ctb.	172800	IN	NS	d.nic.xn--vermgensberater-ctb.
+xn--vermgensberater-ctb.	86400	IN	DS	22529 8 2 86F326F12A977D5815D4F0566880BCE0B7C6E5BF798A6C848323991E303ACE3F
+xn--vermgensberater-ctb.	86400	IN	DS	60320 8 2 BD736C840D3B1B3FDD1679D500C5F5BD82CF0323E9706932BC5B2D847D5644B5
+xn--vermgensberater-ctb.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DuhBcbCSBeSSsrHayygyM5PbKAAfQ5yFcKCpIqHEptigpFQno+Bommn/q0wv4d0E8MeTwxhCiujF+PyneymUGhdbK2Jn3JlTtSCNPagtjPex09MhI8q4UjELugBRweR9udw2UyGkN1wYZoJGbglBOOYEG5NqLYQnjExaYiB7/ikpS6PWI7ULmxJ4AdG3u9cvfm2SeAgm78XMMG+AuKcDLEvR/hU1knVDdzPOhMQ2YG8Fj2zJRi+vczEedrZGEeUQy8SXWwfptHajHUtU466O+BPdp6jkQtoFFam0v+bw6a63mQIM6mNTFr/MdOT0R5NW5/hJ3dvdMQDYh+xuv2/2sQ==
+xn--vermgensberater-ctb.	86400	IN	NSEC	xn--vermgensberatung-pwb. NS DS RRSIG NSEC
+xn--vermgensberater-ctb.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . obs7fFrNbzXhrbQoOu6RbgHur+Vwq11apzm2uOGnjUX5fNYV6u3ajj2r9zrXCn4CKs/ylevBvg4qyFXGdhREMg+lpbUAaVIVoXWtEui9z5ngjXAkGA8fXn3je6ELybayQR3mpv+fQpqVA89J9i1NAtB4VOAxivu/d2BLP3YFRcSZPil1kHvww1hI3ki6rXBdUKBmywhMNSsnH15/ySOLnvlg2U/frHBqpqlB9Lsl+gutzwdFli1ioiQ/ydVy4kSh9CllfPb2/swe1kG5hsx8I7Orq22eEAnvTYhpEgpp/sY1krtWbclsfYIFGPW0Kk+b4Ft0VFWtoymGmIv/FZTeMg==
+a.nic.xn--vermgensberater-ctb.	172800	IN	A	194.169.218.105
+a.nic.xn--vermgensberater-ctb.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:105
+b.nic.xn--vermgensberater-ctb.	172800	IN	A	185.24.64.105
+b.nic.xn--vermgensberater-ctb.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:105
+c.nic.xn--vermgensberater-ctb.	172800	IN	A	212.18.248.105
+c.nic.xn--vermgensberater-ctb.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:105
+d.nic.xn--vermgensberater-ctb.	172800	IN	A	212.18.249.105
+d.nic.xn--vermgensberater-ctb.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:105
+xn--vermgensberatung-pwb.	172800	IN	NS	a.nic.xn--vermgensberatung-pwb.
+xn--vermgensberatung-pwb.	172800	IN	NS	b.nic.xn--vermgensberatung-pwb.
+xn--vermgensberatung-pwb.	172800	IN	NS	c.nic.xn--vermgensberatung-pwb.
+xn--vermgensberatung-pwb.	172800	IN	NS	d.nic.xn--vermgensberatung-pwb.
+xn--vermgensberatung-pwb.	86400	IN	DS	30509 8 2 B1D9B6E7E50BD1AC597183B160050A398919DDE4A33FAC3714BCCAEDD4BFD2EF
+xn--vermgensberatung-pwb.	86400	IN	DS	64685 8 2 AAFBCB4C8BB1CD236D7CD0EA943987F94DE28CB6DA343813AF260076D97828A1
+xn--vermgensberatung-pwb.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ke3ecUOYoZgx7zXqWpqJs0BYjBoc++UoIp0NwQ4KfqjdEX3l5tLm0h/wsPhxnJTzbDoSUJ2bzQudusoYvF7ZDNR85T9xqCi0jIebgShDxACv8VPTQqcu3n1ATq07cvfDsYjk/7DMP7esVE0TCsrRAGb9+sDCvmzPf2NFdLz1h7eGQiHvEVc+vJBpQRoAHzMBd+k+6lsxZVm1+VA5iHibtIeyiBCojoZG2/aIP3/y50rGRxEvG6UbewXRUTCvFs2RXkTRlo1eJLQi6XFxMiSDG2cPkXO0P1ySfEcJ7fEj2XLFoBtUv90prrQw5BqSHvV5KXtcu8rWMrhjwRWDKB0w1g==
+xn--vermgensberatung-pwb.	86400	IN	NSEC	xn--vhquv. NS DS RRSIG NSEC
+xn--vermgensberatung-pwb.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . weWl+ewvF8+3xnXkAUbdDnQKSMnepkx5AtLhdAE61CkMJzp2jUHFxs1wr1WrDXDfYMzzPq1RAmqSzxV9IclB6TdTgKXIFcRfD3qE9JITwzNsitf5t7wR3prhrc6HP13DM0bM7VbnvGCX2FS+o9IxsVlzw2Ncksh7dg8xEi6x90CBTp09/0rlKo2+KKNGZ4icxJsGzkvj66aA20FcUvWs6gaud0Yee8PXR5wX0Z2PMx5XeJ8GItqXW7aMoaAKiQAVe1/0zXNdyn1D4131qz0kQYK7IANds7nBncKpgzoM18GozcVdyzEVDH+Sk37bmvTs61UV0uUiGyJ1VCWB7QXDiA==
+a.nic.xn--vermgensberatung-pwb.	172800	IN	A	194.169.218.106
+a.nic.xn--vermgensberatung-pwb.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:106
+b.nic.xn--vermgensberatung-pwb.	172800	IN	A	185.24.64.106
+b.nic.xn--vermgensberatung-pwb.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:106
+c.nic.xn--vermgensberatung-pwb.	172800	IN	A	212.18.248.106
+c.nic.xn--vermgensberatung-pwb.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:106
+d.nic.xn--vermgensberatung-pwb.	172800	IN	A	212.18.249.106
+d.nic.xn--vermgensberatung-pwb.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:106
+xn--vhquv.		172800	IN	NS	v0n0.nic.xn--vhquv.
+xn--vhquv.		172800	IN	NS	v0n1.nic.xn--vhquv.
+xn--vhquv.		172800	IN	NS	v0n2.nic.xn--vhquv.
+xn--vhquv.		172800	IN	NS	v0n3.nic.xn--vhquv.
+xn--vhquv.		172800	IN	NS	v2n0.nic.xn--vhquv.
+xn--vhquv.		172800	IN	NS	v2n1.nic.xn--vhquv.
+xn--vhquv.		86400	IN	DS	25099 8 2 97139BE679993F9BC92729C06A1CE43AE75083580338CF750F15FD2B34737717
+xn--vhquv.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D0rfS26+ZpIvQbTmQR0SLs4R/ooDd+d7lTUzHIuZJJMAxhY3iSDDJgHVrjLsy2SmEkOoF5Qpr2pqRBXaZeA5iOyaRBPSbOrLVVOEikdPtMc/aU9koP1b6RkTJoOEyice1Bk/Mj2zfH0mAmJmwoWZdzla8xKG6IxR5BV0C9j2agqiGB4flb8840zyn+LUB9YO0l6biMesOMH96jcQ1sfoRCDOcqIZ4MypTnHwPBkwvlrvApr65IpVRNOTBrvtamdOVJA/xfJR4TLAuT4rz3WfF0W2qzTAXFEdNUsn1qyFzAvTmSUuJN85co3nxZHsTF+SohqPod527EThrehCyUSSUg==
+xn--vhquv.		86400	IN	NSEC	xn--vuq861b. NS DS RRSIG NSEC
+xn--vhquv.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wr19O9WioijoULYFyIo5zg9bhQ162eUUexw7lQDTTPaROUNgK98NN2RmdhfoIU+ks6bdht09ieYooJxSqi8fGJBh4ndervREZ1BQ2Y7tNwG/l66NlfVsb8cLnToLxifxk00SxraMCOvJq0hF/z6G/eufCkammgiWkL+MRMR7mm5wzD/dnGGrS5g9OfrsTC3Boxvf9zrLQsOJ17LyDjoBdcF4LBaB98FLiobAF48SM4g2NYWXDL+AGJnfCAF7tdnPHqTz1oPWOJRBd9qXF9g1ke/qS7CRhKRYaPhsOVmA6/lV625xNOfLG29JhOu2WiEBc4erGe6tw6VGVzHzMVQ4lA==
+v0n0.nic.xn--vhquv.	172800	IN	A	65.22.28.30
+v0n0.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:30
+v0n1.nic.xn--vhquv.	172800	IN	A	65.22.29.30
+v0n1.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:30
+v0n2.nic.xn--vhquv.	172800	IN	A	65.22.30.30
+v0n2.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:30
+v0n3.nic.xn--vhquv.	172800	IN	A	161.232.14.30
+v0n3.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:30
+v2n0.nic.xn--vhquv.	172800	IN	A	65.22.31.30
+v2n0.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:30
+v2n1.nic.xn--vhquv.	172800	IN	A	161.232.15.30
+v2n1.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:30
+xn--vuq861b.		172800	IN	NS	ns1.teleinfo.cn.
+xn--vuq861b.		172800	IN	NS	ns2.teleinfoo.com.
+xn--vuq861b.		172800	IN	NS	ns3.teleinfo.cn.
+xn--vuq861b.		172800	IN	NS	ns4.teleinfoo.com.
+xn--vuq861b.		86400	IN	DS	7210 8 2 EEE275C0966A2DCD2BC5B996B6C8FA003E991D877D456C2530D4681E1EEE0D55
+xn--vuq861b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o08TRX9qW2loAy4x1Fm1dORZQ9BoQ4CRStFqSwGCRJVpCohnJkZ+6AgUKcJBbtUuehZUlqxucZDP7q2zPtMAkzkQAJfOEHfT6DTVYl4Gzyilfv/JLwtV/66bVtRehMFMLhJWIv24Chz9nc/LLXbqpjFmHTqbG4I1cYaurEz7gW8yrNMRet85xTmb6mThARLzgUrfZU2R2vp19cNOeYzaCGrshv5M85ei2Idqamrzv244rWh0lqJrO/9xWfasurbVEwOuEmhVrlw5NeUY3IapHI3dgxEiywzxhXmmqHGbNs7W6amfW0yQxD0lLs6MWf/7CxgGBMYDTpHPaSo+bisa0w==
+xn--vuq861b.		86400	IN	NSEC	xn--w4r85el8fhu5dnra. NS DS RRSIG NSEC
+xn--vuq861b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rvEfhRJ2zcc48XHeY8UGTJbGRkbtNZ1N1oRUZvwuOmQ5ftFzSpwSG1pzxnoPtLuWMycVQge3/uYCBugpmOpz2hGq79bT79ivXzwbLOfct2nMEuBkMVMzUPaUsMyS9h7po8cFfCaDCmmGDJUm1N9omsTRagtVzDXfkXWXLhC9NcdmiEPh01dkzpEh72oaH4+jNYCtM+Sh69jzroKf4pDDrerzvdGBzYyFPXBknpvTEG3s06dfAfmrhiBlx/AaOP33nb7I4BTYNYsCQL8repPlYBJyEb7q3rBD5A6UlPOWpD6ZbDM7n0HMiubtHJHNWH5dO/cE/KpdeW4Vx1XqpaEGJg==
+xn--w4r85el8fhu5dnra.	172800	IN	NS	ac1.nstld.com.
+xn--w4r85el8fhu5dnra.	172800	IN	NS	ac2.nstld.com.
+xn--w4r85el8fhu5dnra.	172800	IN	NS	ac3.nstld.com.
+xn--w4r85el8fhu5dnra.	172800	IN	NS	ac4.nstld.com.
+xn--w4r85el8fhu5dnra.	86400	IN	DS	906 8 2 7A3AF4E169B87F77F5019E75A3BEE359415CD06E9787BFEEB00247517DD0EC0E
+xn--w4r85el8fhu5dnra.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OUdgmAfShNWdfnRAR74ubwBORZZ++rahE7gomE4ZciagIJ9yesGhDM/kQ5haayOIuvydbQIVdUHF4UBdJr12AKPlDsd0WMnUuwbaS5ClL3/FPoqots9ayYZ7PjLdGapMVfdcS6GH00EiMs8dtgHue3FBfa455qW7uewiZOY1tYI2DuBqz7dmrYPeDvk/IAebAayLcMAUTrObKFZy1V+nFolcPabK2qmnsE1ZSJOE/NIqoTrCiv7goRDxXhr0sLOFhOsrL7ZqO1d04vpFp73nVUZqA49JirV4/USkyrmpP/eTqkq66YtIygYaKumeuwUsvufNufglhLjrgilLFElzOg==
+xn--w4r85el8fhu5dnra.	86400	IN	NSEC	xn--w4rs40l. NS DS RRSIG NSEC
+xn--w4r85el8fhu5dnra.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d5R7J4kXgAeSGOpjSo+48utuMTj5DAfm2jeL/1uK67ItQhjhs6/QwikiW7qaPngq84ykeEXHcJt2Ip6F2WoB02zyb8/PkiZSdtk5uwg67nlppyMbipVE5Fs0dP53TcrzFVSYj+Hxcj54J+qbM+GMnYgzrMms2nSPghiZ/B16BCrzhBRmO8JEoGyWzuzAcipBoZonflolpIrj4yQ59ilGycCDyKK6yEj0FWCxFQWCKg4EZPL1TT6CjWU8Jb0MGZmNeAjzfevDC9HsbH6vMNZEpMY46/NjT8jhQRCdNt+3QGrcUWcbLXXiXISsEwV3TWetrQ5Wzx5KHZ9pWnam81teyg==
+xn--w4rs40l.		172800	IN	NS	ac1.nstld.com.
+xn--w4rs40l.		172800	IN	NS	ac2.nstld.com.
+xn--w4rs40l.		172800	IN	NS	ac3.nstld.com.
+xn--w4rs40l.		172800	IN	NS	ac4.nstld.com.
+xn--w4rs40l.		86400	IN	DS	37725 8 2 B8B0D86894F8635A37F163CF24737B3887B325594D58620764F04E99C1EC9287
+xn--w4rs40l.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . X1pcziPawIkxnT+bXvi2XDZKa6Bi44k8NXQ9+RiRO8ucihepGqV4xO8aoGQdCEf0ABnxFR97efoDjFebQKEtLRTmLldPmGLZ1qqM98YR+VC0RB75HL7dQSbGGwXSWYrE+WFt4I0Z1yxrJ4QCKDwRJIfaWw6zonm7qQZC8dFCC9eAOUjDf6jRgE+I5XpSddEC7BX6sMeSE7HeMS2uHxhR6R7Petw4Tahcw4gw2g5hg/whG6cHEtjZysTXzZfjODy3HsSiZ4Lo1jIZNV8tdwYjQI4A9e7dWZIoZAPQ6N/oSMRtEBP+7q6+ap3Cr29mFW9vD94DiqtgL6nRFLwstqIfng==
+xn--w4rs40l.		86400	IN	NSEC	xn--wgbh1c. NS DS RRSIG NSEC
+xn--w4rs40l.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ETEy5DjyluwuMNIvUXKnaIOYHn6wEjxeTNI/v122P5w1XCvbMaoGxpuXmE8YdPILhxtQEDL9FQSk61UG2itOkheJzWD999wKZxn5D82R/KGcSdiJCVDg2kMmopQs7zHOdulRSyYPSHmKt+mmhxy8VXjB//5p9oedqY9PPHRvUj5iIhSYRtJj9fXLQ0AFHw55t0LgcmjYgtapU3I2WUXteFKHh/mPa/xrAPPRYaWkZx0ZQYWUwCktzfpGRCEx82XRw2Kg85rzESf/XpL/zk0t1uNNp/pJfINEIiyx5Y0TaUXqKsITEp6gBL6LtzDywwjpoGHdff5bhURv8CXO4K58KQ==
+xn--wgbh1c.		172800	IN	NS	ns1.dotmasr.eg.
+xn--wgbh1c.		172800	IN	NS	ns2.dotmasr.eg.
+xn--wgbh1c.		172800	IN	NS	ns3.dotmasr.eg.
+xn--wgbh1c.		172800	IN	NS	ns4.dotmasr.eg.
+xn--wgbh1c.		86400	IN	DS	65350 13 1 746DD718F1BDAE3B4F2578767C4B47A039501641
+xn--wgbh1c.		86400	IN	DS	65350 13 2 5ECE34228C4114FC455E07F4BB4B3DF8B501D874C4A4070ACBB378F41F17A0E5
+xn--wgbh1c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OrJna9iH4faOr6M8uRPdBG+iIhiYDe9fiUJ8TRF9faVn6HTqE+VREmq1SxPQO/WP1rZ8aWUCeOgaAz0DIyficHg7LKPXSlSYrLlZtIYLap05VPGj/oStwdZuoHoebk1rY2rv5pgGd32O7lnsBd2APjL5nWVmTQ6sCsA2cbE9F4HJAh5rMrQ9leduDt6O0RnXQK0Qcszv5/00QWBkUUovnOjeQRQLKoRUnqWr/DIA7ZAtxxU+CnK8XqrhXGCtVk1Cur0UDaSr8oJf3FYggpdyJMimhjIeYmx8NPDuhZ5b+5qpSC/mia7r0SLXwjttaQjCS5Npz5OAcY2p5PIhqU4vVw==
+xn--wgbh1c.		86400	IN	NSEC	xn--wgbl6a. NS DS RRSIG NSEC
+xn--wgbh1c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mDzKlKVo6Eoh2aGeHWILeucR+fFvl+fhRYWnanzbA1YOC/H1ZoQbcKZQFfDPIi17hyM1p+bc29t3KOz1B9u7T9+OO/zZFDXgujZp5BB0iqfieK0VpVEVlFVnJQpE0LBebQ2DAu9nShgRB15/d+bD7fG8r4avziI5RexIj7aaDQviezmJV6VuVsI8WJra5Kkk5XKc0y4TW9h1ZBif0cNxTYE6hDdjZxyiLLRa/v+UASRA6+ZzOCD2PJ29HHw3QjvO3KlJjCNAo6u392ibwAoYlgWqYzI9YPOhv9KPbNBI7+WkxlX+vhyVYG3QKMtAw7awTknCaAWh210ekAq2CGg5HA==
+xn--wgbl6a.		172800	IN	NS	a.registry.qa.
+xn--wgbl6a.		172800	IN	NS	b.registry.qa.
+xn--wgbl6a.		172800	IN	NS	c.registry.qa.
+xn--wgbl6a.		172800	IN	NS	d.registry.qa.
+xn--wgbl6a.		172800	IN	NS	e.registry.qa.
+xn--wgbl6a.		172800	IN	NS	f.registry.qa.
+xn--wgbl6a.		172800	IN	NS	g.registry.qa.
+xn--wgbl6a.		172800	IN	NS	h.registry.qa.
+xn--wgbl6a.		172800	IN	NS	i.registry.qa.
+xn--wgbl6a.		86400	IN	NSEC	xn--xhq521b. NS RRSIG NSEC
+xn--wgbl6a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XB2LIGilsb9aEPxn43B1MhYSk/lxhVK2Vr6ceptpnxF+KS3VaBBzWtchDWAHtXsvan5D/G+kusJHvmL/zAeDhW3vVsmQdgFF8sAag1qSSMSZQiRYHUWM80pPDSz82uZVrkniHhBsBwGGxYW6kGvkGX5quYXKyJBBeVq5sBFXp+wnR73jtIt2N2p32UmBZDDLctAc606+z7QcLjkoUYKMDFxSvdP9pvpigZfkHiMH1QGCcZmsg59r14qc7W1ldGIjQIb6xANtMJTfpezOU/AqKdYBujEwuGLGjQi5Gpre73VGDWk3QzAyxo1W8AmT6Ku0ZoMmEw3wgRo6a1WLLbaV4g==
+xn--xhq521b.		172800	IN	NS	ta.ngtld.cn.
+xn--xhq521b.		172800	IN	NS	tb.ngtld.cn.
+xn--xhq521b.		172800	IN	NS	tc.ngtld.cn.
+xn--xhq521b.		172800	IN	NS	td.ngtld.cn.
+xn--xhq521b.		172800	IN	NS	te.ngtld.cn.
+xn--xhq521b.		86400	IN	DS	2506 8 2 AAB3B1CBC1B41DA41348F9B7546B700CE2356D7627B9026FD616320F18B08FE8
+xn--xhq521b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KsLp5zJOAliLiIDY/I/tjA5O+e7vcw1bmIulOzoDmG0guKLyWbqoQA/mtrZUoREpVXyPNMiblU6oD1hpC23Im9zss1gueFHjAgAJ0ET9tJT5TJKsvgq9ea15o02sMIwjjRGiOXLJ0G0o2cIC9sOa4ZA/uJV46QPtv/1h1BGhq/6X8wZSxS0czu5dMgLmL+wdjTK9YLr2wGXjXMsSvkOHC8WDIU3BPuCG/MBGbENKEX7n7FHMk4hvW/Gd/m5hPDRKgEP90uFLmmgvkq61UqklMd98WYeOHBy7z6esxfMdiMUh/fnOIaXhPHCAUvHyAOQkUDrG79/Xs7quF43WTGFuUA==
+xn--xhq521b.		86400	IN	NSEC	xn--xkc2al3hye2a. NS DS RRSIG NSEC
+xn--xhq521b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . s6zYIWWVq2FdDA/E5oAc+xCoauBWOCrqGSVBcWdtHb5Jlv2Fupqr0IgpQRwvwpZOHIm1UB6JFFX/lx80uIP6ZvdzlTLQ9eeZo+V/nkmYFIF8CQfeXngT/PbWQAVV2dDxW+tThEAVu6oVYwyuSZkeQnSiDqGIZ2VGPqRecoJPZcdBGrHMP9ykHA56ZEMWfxPxW+Eew5oICptCUMktwRMQDk6/fYmUdF0Gvtg2UH+YSYvwZNPQCjiUh+05+5qMhz+v6KeZQ5PGUq3B1nuAglY6w9Z500AVz4J0To46QHUJrNMWGEkuG6hWtfwQ3kph36E1T77vHKt9iLeVMKjF3b52vA==
+xn--xkc2al3hye2a.	172800	IN	NS	lk.communitydns.net.
+xn--xkc2al3hye2a.	172800	IN	NS	nic.lk-anycast.pch.net.
+xn--xkc2al3hye2a.	172800	IN	NS	ns1.ac.lk.
+xn--xkc2al3hye2a.	172800	IN	NS	ns3.ac.lk.
+xn--xkc2al3hye2a.	172800	IN	NS	ns-c.nic.lk.
+xn--xkc2al3hye2a.	172800	IN	NS	ns-d.nic.lk.
+xn--xkc2al3hye2a.	172800	IN	NS	ns-l.nic.lk.
+xn--xkc2al3hye2a.	172800	IN	NS	ns-t.nic.lk.
+xn--xkc2al3hye2a.	86400	IN	NSEC	xn--xkc2dl3a5ee0h. NS RRSIG NSEC
+xn--xkc2al3hye2a.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0rntgct56cX6zwJMY1kxDvIt85Kd5eqUg6I7lGBaGnibLitzfy58y/Afc2LPcCbRfOwI+tamkFWH8idwP14Pf8KCf/Xh40VT/rtmb1u/s17JjukGRJ3i1Ro+NWr14hUD0/yBAAjB5obnkLQhxH7gii/7iisAN9M4UgvxW3I2B/k7IFHiwsWXNellMHyaA8SyLXFX8HuTC4mjGX9F27MmY0az0Rc0T2o5PTd68/VJ98bK4tcV+mKxnE7dr0eDs2htRr6LXBEEpE2fC2/cjPLcOlW9KyrpxPo5Qj2LIHouRoLEKDjvNBrDwg7PVgyoYTQnXRZ0Ho4228b4sUDtu+C6Gg==
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns1.registry.in.
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns2.registry.in.
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns3.registry.in.
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns4.registry.in.
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns5.registry.in.
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns6.registry.in.
+xn--xkc2dl3a5ee0h.	86400	IN	DS	42949 8 2 5DAF7AE834260D89A675DE3088045669D58E6D9DCF2215EE95BD7C4C7A67BCF0
+xn--xkc2dl3a5ee0h.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OSfAC1Q/fNGzBRdZnhO1bx7DiG9IKF6FFYgL3+uENsEZ4FK/pjSfeShrTLcvqzchuuYS/S+hKoDKBdl5oZfliZicnRmWQNqmSDaP+9tSlws3HrTa3CorFJE/ptWidbM8TMX7/q+LBNtfD/M7O22+QtipYY/07PwIfz46lpgeKvqtSoPgS9V761IQ2TvDaANs7Ecjj2cI2cvzfMrXYk8cpYQCKIVaPUrARPC5IwWUJjpMsnEWKtnSU3KOWSyloqK6V/Z5GDaTRq3FykEx44YQ54WGPQSVVb8a6TAJJXl1MHoy/ltv23rr76KG7IrOo63U5d4roDqB3TWV5KvA+/cZaw==
+xn--xkc2dl3a5ee0h.	86400	IN	NSEC	xn--y9a3aq. NS DS RRSIG NSEC
+xn--xkc2dl3a5ee0h.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GexaIpGNNoyG0KWtaVmqHklao3i0rv2JgRy3UWmvN0bble0xthNmP6zuoxEvBfYQeHaTzSJublD+A+eeDcTqK5jbRgxADiUYZwTdYFZ9Ed/whPlrnJyO4vCzmhLfFsrlJSN7E2wO3frN8muVMFnWmQEZLhKdK96EY5R3ytGgrC91oKOQHrPTDx+WY+pqT04t3A2dMvIH1v29l8EFqnOKXLR6tp4DokeTbD1hzxPv4spOy58S2O8uPYYTPav7ryPhqw90/+gwQiwQQFMY0w/gCJPBMgAgeOLzswQDB68BQMdB/v3tffkehvEk+eGMiwQjxd0S8aqwfhey75k6PQGhCQ==
+xn--y9a3aq.		172800	IN	NS	fork.sth.dnsnode.net.
+xn--y9a3aq.		172800	IN	NS	ns-cdn.amnic.net.
+xn--y9a3aq.		172800	IN	NS	ns-pch.amnic.net.
+xn--y9a3aq.		172800	IN	NS	ns-pri.nic.am.
+xn--y9a3aq.		86400	IN	DS	62869 13 2 815A710EBACAF9227C48A8C96DD1199C7822BB3FC6ECE2620975B2A5FA16A0FB
+xn--y9a3aq.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FSXyhXdk6hYsznrFr36falBZywk1BCkXXY+kzz8hGM3Wl6vyle7b9goo+bI9uv4i8WKc/Y8LKxD/MASQstDrMGUHuoceYQf+hIOpuw677vjGMAad5HWZ7UYFoT4fPx2i6NLsMf2qhouH6Xj+3N9gExC0OFbOcX1dOz2RNA10ME+vNq7JqYQ9oBMU5SyB6nIzDH6m9Mam7iZ5ggeCfKl0eysg98gl9ApymKSvjkokZNcMUqEaBSstO+um4x96/KiRjdUdCzv+VNdz+MuFEmjueErAiXFb5pCFm/JLRGYavkzOauWfoz0qUAC0zhUN8QqCPGB0mhlBK2L2qq0DyVlwpA==
+xn--y9a3aq.		86400	IN	NSEC	xn--yfro4i67o. NS DS RRSIG NSEC
+xn--y9a3aq.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OFKLN9QY7ni/1q+yb/bTLtdpdm9lEOR/zgU1EAD0Y5MmJ5x0NCrfvzHBm0OGcWrHVCKiQbibBXpevz+EWtjHEIODHafAvouTnJk0LzD3mpykgOyOKsfZ8Tso0yA861QIsN7ytAO4fMUBq9ria1SdQjmdXYWSC4uhiZRreaMXw9FTDlMC0NcYShNjFvrnL19wQxtX/hgdUy9i0Nas+nB64bGAFea5yJEyPBkpCVWG2m0PZPIWZO7UrmWcnd8vyfJK9GsIrF3yojUnTG2CiNXs4Vt894h3yiSt4hwyqe7w58KqnilANaOPGzRsceyWJyVsFDKYG4UIitpnU0KSMgqHiA==
+xn--yfro4i67o.		172800	IN	NS	ns4.apnic.net.
+xn--yfro4i67o.		172800	IN	NS	pch.sgzones.sg.
+xn--yfro4i67o.		172800	IN	NS	dsany.sgnic.sg.
+xn--yfro4i67o.		172800	IN	NS	dsany2.sgnic.sg.
+xn--yfro4i67o.		172800	IN	NS	dsany3.sgnic.sg.
+xn--yfro4i67o.		86400	IN	DS	52561 8 2 8C1B2380F8EF57DAA14B40AB3F447A62838CA148D2D778E048AEE2D6FF374755
+xn--yfro4i67o.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kqiFsf8l7ukI9qJvNOP4bv2YTL9TeJMuaCwSv6HznDmtzKRXiweIyERnZqjdo/ndu6CWxutKUYxzP5WhlvvDMOQtk81fQJvcTWPIgB8GlnO5N58hPEZanGW4DdzfT78GkAPXg+xizuUHKqWPDZ/ESZODTijbz0XhTcL5gw4rVoaKXQWcUbStbBMZm9MZVIoOtw/yObvcEdxCO9aeB8iOxPAmY/HYN9tYMHdzlWS1d8xC0GXmLHfRiMDHOmHbGSCALIUDJSW4jEiuDAzxk6Zr3nE/fOPoE/+4b0G5M61Ew0WaemQPjwToHIc8fGKMaizOgX/VNenRES6ggJvnR4Cn+g==
+xn--yfro4i67o.		86400	IN	NSEC	xn--ygbi2ammx. NS DS RRSIG NSEC
+xn--yfro4i67o.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J1Dl8iLVRvfdarLQIL3ipqtrRArJoWhlWVKC/GwKw+xHbnh+nY6XQk9X34mkNeGr3TcOf2urzQ7G9iRZuTItofBO4VACBHoN+qevrK9pVAzei1h1kuxUujEg/6ows2iZSqI6C97hqobBHjVA3FX6SRTjfP4Mak4Gd0x5nR2yTmYKdVmfbQtaNXaTNm7EvQBEczHKC23hsORoAzaJjZwlIZtTP2XceGWYD4zPQaY/H/Hi5PB0O96NH/PLbDDU1JAXik3GJfVBoiE5ZNRj7r5miZBW+3MEJE0lErWcNDd7b8cQhZp52Tr2CTr09WeiT0UBKbDN2eRD4F2LAiuGBgu4mg==
+xn--ygbi2ammx.		172800	IN	NS	idn.pnina.ps.
+xn--ygbi2ammx.		172800	IN	NS	ns1.pnina.ps.
+xn--ygbi2ammx.		172800	IN	NS	dns1.gov.ps.
+xn--ygbi2ammx.		172800	IN	NS	dns3.gov.ps.
+xn--ygbi2ammx.		86400	IN	NSEC	xn--zfr164b. NS RRSIG NSEC
+xn--ygbi2ammx.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aGcfcOHedHXD0D81+L4fU+SO+gt/1c/+YQfuhHWts9s4WNwbhzcvZ5tYxEHSADQgamSkb8q1IzrOS2dGljzRthF9tJTdEKkLnd7a+38Tez8xL6GaLD2QWWBi89G8ViH4MHbwUIItP2fTorqNKjuKZvEP9WIjNP6z2REOwkSPt9fXN6ukfGwtRzUZ3bcERJzGRB0pCDXN0aCmDgirYb50IEfn0+2Yo8TegRVeVEgRDaqw/ykKSLU98zcy85RhJlO1v4nZ33wEZEEgX+35WkO66FEcckBn78T0hjhcXyeIOpUyxpzVkWGYdzowHP2NBgeX9Am+2hLqOo8tm6IPOeo4Og==
+xn--zfr164b.		172800	IN	NS	ns1.conac.cn.
+xn--zfr164b.		172800	IN	NS	ns2.conac.cn.
+xn--zfr164b.		172800	IN	NS	ns3.conac.cn.
+xn--zfr164b.		172800	IN	NS	ns4.conac.cn.
+xn--zfr164b.		172800	IN	NS	ns5.conac.cn.
+xn--zfr164b.		86400	IN	DS	51421 8 2 9D673623E84D7E10B2AA5B376A3F617665F8B38EF442E8A7E86F0F18161C7801
+xn--zfr164b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . R0z9F+aW6iKXiVq+r/1X16SbYkHjKlB6jz0VD+DmrH2V2pv4194oS5/wqTz0uxneUviuSpGOBji5h9uAXW7DOa+0RPzQ4V6+aoIzVXKhAgglqFf/smOKLrQx64UGXliplRSLF5NsggrShjDGWOuQfRi3sJY5MK9KMSXtZG5QU8B6tVkCM2RhZRjf1B2kDsjnf22QUqw0f1iVSF+PKajD3yImmkyFS7fAK3rG+MbtTzmtJtmkPDyWUmj6bXt/vkmPEbKUuaJs7NaOeOKv4w1ISuqCRD2TmW3UUFQHWob72QpiFUOB/Tc5GrbJhqxwoIFSPoMni7C0tEZxk7mT+yDUlg==
+xn--zfr164b.		86400	IN	NSEC	xxx. NS DS RRSIG NSEC
+xn--zfr164b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o7jf+4A/aDk9gEFO1JdiSZ77L2vo3qWk6NkIIRWeH4MDkUdjaCaTeHZfJf0Jb5Ys67QXtHU7HhyTW1wMabbI+6zcLkY0q5KwTPB7tcdT+2XXX1nhZaFyQy9FCniWGQ0BkQCkvQtOVzq//kp35pkioAAC6CpIbMRFdO7EEm1XiFyDgevh6tduEUQPM//TCKgr9CRS4qoomQg6POLV97gsj+DInWfANI5cyqLN0NOq93NM/HX9+EQZjNheDu0dhAzffER7tNjyyD2psn5kR/Gu5kz9VVcoqSlnbSh4KnlyMuOChVwT87rOz9KnJ3X43lU2p7jQDHc05cNZ2gPWAfU+fw==
+xxx.			172800	IN	NS	a.nic.xxx.
+xxx.			172800	IN	NS	b.nic.xxx.
+xxx.			172800	IN	NS	c.nic.xxx.
+xxx.			172800	IN	NS	x.nic.xxx.
+xxx.			172800	IN	NS	y.nic.xxx.
+xxx.			172800	IN	NS	z.nic.xxx.
+xxx.			86400	IN	DS	4654 8 2 0A2255017AB65CA9D9A3D1A1D74DA6F19E9C4DAD8B7B452E547D2420F9E74C39
+xxx.			86400	IN	DS	21709 8 2 39FE8AE19E8383391804637C5E219EA82B4AC7EC34368696E3C02B4756A59DA8
+xxx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l+V9FeD7vYF2pE848d7OAP8vR0kTnhyAT7wkzUW+d0bjE3DsbAkGD9Tt8wIGChRxReTqK73tuhfxdovnTskuHiv1UkAUrzRjxTvjmynd2gVB7gD/i4h0Y2eM3Fc/SwkFJk59vFdTri5/O3xKy52SGLZVg5opFHbUrmSTe3pMRgJco4oLYJeUcZoYbSiuF+e5/sYpH6E4asC+DKpyN5Nc2tCCLIzqudTlrOXR47G6STH/f0vx2C2F8eY89a9SZmplP2ttszRZ6gjOvLfLOIk9vqm+i5JVMQJGl9gfSOmuuufE3aHTjWRmHgiawxBXvoxWsmwR+171ZuOd6lSyILwuag==
+xxx.			86400	IN	NSEC	xyz. NS DS RRSIG NSEC
+xxx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . luVv/g6toS5CiADHyuLdZoB63ae2AaKjrHwZg1E4rPCQSBmO8blG3bXTls6Osd67xxP5p7gYH04eFrFVgphD/53D/tfGy8T1vgUOz6EjN4+iIaSx9WP1/fOYy8DJcZEN7R7xnDChAosj5jhe6g+p1zFIyfRyz9RFfBC/RuUftUpIV8YZQaMKfUvxFOQW6WfMxSsEpu+IyLRkIqazFCx8ZBxid9O3JjLdYY12yPpFViXmnD02o+86VWqMoiWuFgOBYzRiPt9KrxvHkdsX3rclgqlZ9w45Wrky/szF5ZQZLxx8erHkjHkrUeiw6HLc5CadVXJx746LFjfz8Rf/JYirRg==
+a.nic.xxx.		172800	IN	A	37.209.192.10
+a.nic.xxx.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xxx.		172800	IN	A	37.209.194.10
+b.nic.xxx.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xxx.		172800	IN	A	37.209.196.10
+c.nic.xxx.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.xxx.		172800	IN	A	156.154.172.82
+x.nic.xxx.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xxx.		172800	IN	A	156.154.173.82
+y.nic.xxx.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xxx.		172800	IN	A	156.154.174.82
+z.nic.xxx.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xyz.			172800	IN	NS	x.nic.xyz.
+xyz.			172800	IN	NS	y.nic.xyz.
+xyz.			172800	IN	NS	z.nic.xyz.
+xyz.			172800	IN	NS	generationxyz.nic.xyz.
+xyz.			86400	IN	DS	3599 8 1 3FA3B264F45DB5F38BEDEAF1A88B76AA318C2C7F
+xyz.			86400	IN	DS	3599 8 2 B9733869BC84C86BB59D102BA5DA6B27B2088552332A39DCD54BC4E8D66B0499
+xyz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UEmcWk2IenvE2PwiywzKv7wClyKfjyFiZzb19m+ZinGymU8ep41Ogt0VKXO78U1KphVDVWxSMR/gJHxU38bOZXVm18gJzLnT5kShrV9SB+J01YCFteKSt/CM1tQjLzVUqzXbmvGQFer+9FZ9aDtI1dmZNaZSL/rc41WhFyJDGlBolPTIxXO68K5nwt7CLHNr3+iYMmUJtbAnOZGcztEkWgIjWnynta8983lmmI+Srs5OzbeJBdu8KQwhwQJrxZB5l35hYjvOGTYmPrYHpNrYeQoRjgiPeys0jsGrTHtIsUYS3YWr9Ty7BCbYKw52cLFlnNhrfd5JToppDyh+sso8og==
+xyz.			86400	IN	NSEC	yachts. NS DS RRSIG NSEC
+xyz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . viIbj7frqH+jFa+EAHPDFTMDGBKUWEEaNmzJzkqARMD30sNySxBoVqa9kbQJCxwGTlb7rF2C0guSj7AJ2H5sSCjp+Vi74tXC0dJJZFdWGoWEidKZ4NbFZsQ966nErBF1JkWCY8JgTNmuC3XVN0Z95AbvOBLjGlTRd+srkVXrrENwnlL/iLJd1G9Q9yd4wWVKWdfwzO0AgjXVEyFl2rc7lINHbJjAjq49S+WTIjw/7Wok1UID4AYX/f3QP9+N0MGbRu2moDHE12hAlyOHcF00nzNCA280PArTOFf0GtwZNj4a4t51uHAb2kWSTKfkFeOIpN63e3lhxJzoSVrNvk+mXA==
+generationxyz.nic.xyz.	172800	IN	A	212.18.249.42
+generationxyz.nic.xyz.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:42
+x.nic.xyz.		172800	IN	A	194.169.218.42
+x.nic.xyz.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:42
+y.nic.xyz.		172800	IN	A	185.24.64.42
+y.nic.xyz.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:42
+z.nic.xyz.		172800	IN	A	212.18.248.42
+z.nic.xyz.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:42
+yachts.			172800	IN	NS	a.nic.yachts.
+yachts.			172800	IN	NS	b.nic.yachts.
+yachts.			172800	IN	NS	c.nic.yachts.
+yachts.			172800	IN	NS	d.nic.yachts.
+yachts.			86400	IN	DS	14477 8 2 0180ABC62CF090F5DF1EF074F1958C237261E14633F4AD949298514BDA155257
+yachts.			86400	IN	DS	50071 8 2 BF1B2D1657AD8BE12FBEDAD8AF0999D1E9185C100937AC023D01C9A6CCA78DAE
+yachts.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Dnv99LUUWSICROgr17QZvAriXogkTVJV4whSdcULxy0Y9r4IrW2KTfyNaH9KC+veNCEXuEknaYkevWgCApoN6TkU5LBSODGqZvKf1IBEjoRjoGl8aMYz+WntQKu3gmj361/zZC/IKwmls3Cyl6ExuuAdKKd1GgZ//hcSXhRvl3rDYBqDgLO51BtAhW5h5DQZf9iX51oO0/S1U46mE5HctEuloGxV20yI064vZwUI489+wezf7LLyfiGI9y1J+D4pEFigboj6CqCRKhnkl0M3/rVRtEh0U0Mdv6+KORqrseWoNbpy5pIhhynqlL2hlCvYbdWVcHPv9nV3bsvj+2VT6w==
+yachts.			86400	IN	NSEC	yahoo. NS DS RRSIG NSEC
+yachts.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x1ZNsLy39n4e73KWIYwBvUFRxELvNABxN5pRQmLNnJNbkWOYbe2xWIQXSocrrD+vaA0iDFbapvDO5jIwQm5/WToJfYhYr/5bwR6T3Kt2pjBTQ0C1hDXe33Be95Qiinke5Un3b/t68QZp2oOcvoRBv2yGxVT6X/nufweWWOABIL9tGNootYPQX1HLbv8zSvOinK2Agi7L088fmnexdYFZlT/a3vm3TPfmWKu2OTpIih0pFtm/ZLbB/Kpu6G9Od3ycl4Sply2fl7FkOSeRhiWp9vZqeafMF6Di75KcWEGZBryOd+3aZy4o4Usy6aQStaFTHpVcET+h56oowqlUXIWw2w==
+a.nic.yachts.		172800	IN	A	194.169.218.133
+a.nic.yachts.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:133
+b.nic.yachts.		172800	IN	A	185.24.64.133
+b.nic.yachts.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:133
+c.nic.yachts.		172800	IN	A	212.18.248.133
+c.nic.yachts.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:133
+d.nic.yachts.		172800	IN	A	212.18.249.133
+d.nic.yachts.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:133
+yahoo.			172800	IN	NS	ac1.nstld.com.
+yahoo.			172800	IN	NS	ac2.nstld.com.
+yahoo.			172800	IN	NS	ac3.nstld.com.
+yahoo.			172800	IN	NS	ac4.nstld.com.
+yahoo.			86400	IN	DS	52260 8 2 99DA5ED59CA94FC8C28C5C7A4A817E7FC0C52688B115DCF743FB914BE65BA447
+yahoo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zetsjTNTpUvrvXWtAgyvjZ7hi/C2wuXG6u33LsA6EP/5Px/luP+k1O7LOA/j4caG5zaye2liNIug8dKDaxZ6wCJsxh3pJF9OIujAJg7nWB/aLKZf3vzCDlkYD9syRNt8LbJzKiSHCztY2lpl/5VzYKlcG5dWzbDiprFwRNVQpk/Uk3h8ftd3nDdmM+bHoZ+PTQ2ye2FCUgH77t0EQWkF9UJSHTw9S8/agteBOwhWri9Ecnsb+JJsr1Cyk4kvPeWKyHt6ukt02KO2ueCEEh+kw+pyPDhJ/YxqiqbHwBrRNUsbSeitd2szh2ASon2TcuQLmNOXNYAkSaKG1QJwaSLrRA==
+yahoo.			86400	IN	NSEC	yamaxun. NS DS RRSIG NSEC
+yahoo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b2CGGVTZD5SPqnu2ny3X0Ws4WWT9IArCxssj1SACmonSLfPU67+hw8e+9HXLroUc2c0hRUsCcXsF+No3GKKpNxVqGabMEhfNRaAga3aNBvLJpG5DDof3MpB1uO0801vPgtIx4xlooDIgevIJABHjeHMqNuqfQHV1gofHAxlJemVJnF+eP+KDeqsDCwfj62km0Dl9ux4MBY9zWLRK8yJ9bgzSPcsR5K4TgReCPDzswTvdoMzKgsd6jscZnWIRxXnBgZig0ojP18T/3Nsbg/0pT+mEuaodj5WaDFth36GdWJuQVemjQlDt1A0ug607wu9pZHLbt9ToSAva+7/yDyJ3Vw==
+yamaxun.		172800	IN	NS	dns1.nic.yamaxun.
+yamaxun.		172800	IN	NS	dns2.nic.yamaxun.
+yamaxun.		172800	IN	NS	dns3.nic.yamaxun.
+yamaxun.		172800	IN	NS	dns4.nic.yamaxun.
+yamaxun.		172800	IN	NS	dnsa.nic.yamaxun.
+yamaxun.		172800	IN	NS	dnsb.nic.yamaxun.
+yamaxun.		172800	IN	NS	dnsc.nic.yamaxun.
+yamaxun.		172800	IN	NS	dnsd.nic.yamaxun.
+yamaxun.		86400	IN	DS	24775 8 2 FD24CFE326A910CBB3F11CDDC381ABC7E296BD29E75DAC6DE13B4B5DBB130EA7
+yamaxun.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0BKDWmSvFlcoDuRAhBnpVSKByOCze6x6xNObj2bf24yzsG4iBExxX3fPGnrNlM7cAjIxyxdRlJK8JaxfawOKfCjf+nGVF1mNWJW4ctNNc89W2pLgg+NAfQee+hcTYrJR7KWbCiyQE5guBIU7sA5tTWQKxtLBZz86adh78IHUs19wMEIEZmjKvzzDJrRTlD7UA3O+Dt4LTXOoOQHjTNom746QQaoK223cw+0MBHxi6z0BdZNebEd9TcJWjaUi+D1aI4G+xrSe8yMUgZcGjnoPw4qNGu/ZzcKat6eMicpv8t6GgT2jFCR3t6k256RMypB7PFz5rnS33qlEs3MjPQvqoQ==
+yamaxun.		86400	IN	NSEC	yandex. NS DS RRSIG NSEC
+yamaxun.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FOPz21oRY2x+vxXSbpZzJ0zAT2wSlHhpXaF9fxeSiLE0vZnRQXkBhpHc6bBllgzT+qFfBzcinViqStJsHorOgtEomE6IwxSfXrIwliFLdI2a/kbppYqfWKNEz2bItLCy2JNh19tN9NNHZKDx0Fz4Pop32tfMO32ICc+jVS5CHVV2bzxinWng/R5BSLjjfYHR0/oWt+aWNZp97j5DCsgXtifa657HXw7feXEh0MJAfzjI6tAWexBcVgp8okFHE4J/pVklm0LCcmXjgkL88Yrx8pYiiOM+6fTTBsVBHddL4S5Wqz7MzZ1fQaqiPKCp5W8/A8v/xr8U5r6gtUs+fDfuzw==
+dns1.nic.yamaxun.	172800	IN	A	213.248.218.88
+dns1.nic.yamaxun.	172800	IN	AAAA	2a01:618:402:0:0:0:0:88
+dns2.nic.yamaxun.	172800	IN	A	103.49.82.88
+dns2.nic.yamaxun.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:88
+dns3.nic.yamaxun.	172800	IN	A	213.248.222.88
+dns3.nic.yamaxun.	172800	IN	AAAA	2a01:618:406:0:0:0:0:88
+dns4.nic.yamaxun.	172800	IN	A	43.230.50.88
+dns4.nic.yamaxun.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:88
+dnsa.nic.yamaxun.	172800	IN	A	156.154.100.3
+dnsa.nic.yamaxun.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.yamaxun.	172800	IN	A	156.154.101.3
+dnsb.nic.yamaxun.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.yamaxun.	172800	IN	A	156.154.102.3
+dnsc.nic.yamaxun.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.yamaxun.	172800	IN	A	156.154.103.3
+dnsd.nic.yamaxun.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+yandex.			172800	IN	NS	ns1.uniregistry.net.
+yandex.			172800	IN	NS	ns2.uniregistry.info.
+yandex.			172800	IN	NS	ns3.uniregistry.net.
+yandex.			172800	IN	NS	ns4.uniregistry.info.
+yandex.			86400	IN	DS	50324 13 2 3F25B6EAF2B08861672673779CB294CE5154337B250DA78FB9ED949A997C38DF
+yandex.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nYt00rhe/vH2atE2ucEM++w8mRLqJmmBLQCjgdpGbLZOudM1nPkIAQAAVF6pw+igvqFLGmHedOlV/J0x1cEEHF71YZUM/QDvzBE0Y24KrhvBxewTY1eaH20kMWXWAN8brWeR0RaAatrQDxY2Amj0YYz/hDYtdUJLHunmXpRf/nEAfrxEtVvfgf4q8dsYPAgSiigUawxVC67p/51+pNd/bvTSV6Lg7pHj/hP6Pzk8Qzn68aL0M5m6CI9W5LtlOOF76IvwArbALRlUBMvzfmqGX8g1tQdvovaR5/zXG8dGEhgZ7BAfN/2dSckrhIl6Vps0ikzX/9TGvTcPy1yJNaWqPg==
+yandex.			86400	IN	NSEC	ye. NS DS RRSIG NSEC
+yandex.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Oqw/XOydOfzjQaCqGHj2GUqR3FBkeKAMmmIhz4dqVCOBYw22l+6wfi8vqnf6xPGBlJyS7ft8ycfxBopTKG5AZ3TXor70MK8gICZq+ZRJwzREaNdzhFzeSxLvpz40qq1u9jva1L8HZrtGCj1N/f2lmLx6CClQvCL3oXUz07mrCQs0f/VxSqMTVJeoj9/LpH4MB+GzFO8Edx0ApdXrH3V6McM+m1D/+QJTy2CNKBS0/u7g+G+BiYvslP/TlQvETSv6EdKShjHjDpDJLLQNVrc/rAY/AFanKBhbB21jN7nF7UQGUouSTp0HgKYjwx9twGlBOHYm6HTZ81VkH78cw7OuUA==
+ye.			172800	IN	NS	ns1.yemen.net.ye.
+ye.			172800	IN	NS	ns2.yemen.net.ye.
+ye.			172800	IN	NS	sah1.ye.
+ye.			172800	IN	NS	sah2.ye.
+ye.			172800	IN	NS	tld1.ye.
+ye.			172800	IN	NS	tld2.ye.
+ye.			86400	IN	NSEC	yodobashi. NS RRSIG NSEC
+ye.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V/q3AlmWuBhXgItZG8Auuh8LdB4Qa5LazgQ7/BOYSYd1vnAXWzaQa2d0R14pev6qcCP1FZDLe6ZzWLn+3vmBgqup1L8FR3oH/JxNNpNtTF265DCIx2yfIdi8fIXWHe5AmBLO+uZ6Lj3LPAk9Eq0XNxeSdYag0sBQevevnbOldWosRuuDHXyoS3xADyz2fmnr5RLyxNO2mn5IAFuBBg+pTVR5BfHnIu2rylQl1ngT91xFhD2GRh1b5g6C6d4a3PT8vz1977FIqCFvtmJBghxuZNcpCZZS7BFn2s+MsSNOrWo9RGfEF/k4UD7LRec4bwlz0c3ejmeaDqV4hkSWzF+KYw==
+ns1.yemen.net.ye.	172800	IN	A	65.162.184.33
+ns1.yemen.net.ye.	172800	IN	AAAA	2a02:2718:4:0:0:0:0:33
+ns2.yemen.net.ye.	172800	IN	A	65.162.184.34
+ns2.yemen.net.ye.	172800	IN	AAAA	2a02:2718:4:0:0:0:0:34
+sah1.ye.		172800	IN	A	195.94.0.34
+sah1.ye.		172800	IN	AAAA	2a02:e280:8:d000:0:0:0:34
+sah2.ye.		172800	IN	A	195.94.0.35
+sah2.ye.		172800	IN	AAAA	2a02:e280:8:d000:0:0:0:35
+tld1.ye.		172800	IN	A	195.94.10.22
+tld1.ye.		172800	IN	AAAA	2a02:e280:8:1000:0:0:0:1
+tld2.ye.		172800	IN	A	195.94.13.22
+tld2.ye.		172800	IN	AAAA	2a02:e280:8:2000:0:0:0:1
+yodobashi.		172800	IN	NS	a.gmoregistry.net.
+yodobashi.		172800	IN	NS	b.gmoregistry.net.
+yodobashi.		172800	IN	NS	k.gmoregistry.net.
+yodobashi.		172800	IN	NS	l.gmoregistry.net.
+yodobashi.		86400	IN	DS	40387 8 2 F2A6E4458136145067FCA10141180BAC9FD4CA768908707D98E5E2412039A1E3
+yodobashi.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . S1oWUqZDbzzHEDmq7gIbDYa3wCWFjp2vTzxJWv69SBMLE+OoTwVdCRkJe6cTBMUOUAigpEKFwXSoOjesd0AFoyQhMGynME4ZR67Ln7mjtD7GK7XHe9/M7FpgqthZsxxEtk9gqdCyzyw14160SbreEAsrp7MEBMuLKe4TZ/mM5Ihrz3LAjG5hpydn558MOP6KMRTzRzbMWfA+CaPziq4KVsiT9vMkjxjJ6I2Igw5+4buVuRGpeqkIE/l2eAq4kSLnxByYqux3NfvVG/Zs1QehSsRGFW1zIsiIkEU3F4RdSZqqJ8xuw8n05xnpwsQyYmPaYikeD7XswHEVDgy4us2ndA==
+yodobashi.		86400	IN	NSEC	yoga. NS DS RRSIG NSEC
+yodobashi.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ePm+htoNdGA5TcA4mSb1v/9XQEWMAgsZeqYPt5F0vA4o+aQk1G0vkdGYY/ylEiwQAocR7LvBcQxnkJja5n02bpoQyDNCwvIUyYYy901tkiNDDeyMMXpJuJr9TAC+oZ2CVTwFf/o58DPVjid0ci+UsZa/4nAWpnEHrmS3aOS3VyAf2t5hvZQXJ0Xio4WRp0AYN+4A1cuUov9/YXW+PmPXgJaNF/2LOO5pwMajDhdPrctV9qMX+/zDZsMdMwgwQF45UhicSf24IBVukxWaRMcJd3F46QHdaCU9Z/3Rmfum7qPz7VCMcb4NRGPNCX7EYfPrBOZMj8mcw9FRRrRiFb5+AA==
+yoga.			172800	IN	NS	a.nic.yoga.
+yoga.			172800	IN	NS	b.nic.yoga.
+yoga.			172800	IN	NS	c.nic.yoga.
+yoga.			172800	IN	NS	x.nic.yoga.
+yoga.			172800	IN	NS	y.nic.yoga.
+yoga.			172800	IN	NS	z.nic.yoga.
+yoga.			86400	IN	DS	19357 8 2 FB9B29F651414B178B56B756E96A6A8660D67616ECACC53B6124BEBE13B0D3AE
+yoga.			86400	IN	DS	49771 8 2 1CD19FF5B29EB880307E17A1168AFCDD493DA3B36A34242FFC91EB1E8E3882EC
+yoga.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . abJZLzulJwodDuLlaG9eosZWFMaCGZ7vrCYI+AzPtA3+sQyGDS7MFnfV1X3X54PxZKIUGVaNf2PnjBkDbwSvxOkgKZn29nnw4rgJWXLvIeeIoUR7OcmaJpeljNV6/LkBSS5Ulh3eFzyuau13YTGaDO2/f2s6hLF6xZ1ZhK9fJ2Bt7JcV6KrFB1WblrJKqeXZu+ldMiDhwNt7CneZbcGw6CEtv25wIF4eEjkqYxVqi8FLGKgYMRXuTKlAadHl8Pd2Xia838Yojdh50yPNg0cGizGiCjgE1vlvqqGJ1S2/h7BtiEgANiHQECv28JeWQS55cBeV8IYFnQ5r4AbQvfbQrw==
+yoga.			86400	IN	NSEC	yokohama. NS DS RRSIG NSEC
+yoga.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SYwop0Y1eC2MV/fdta1B1bjX+TsAFuLpPm18m3AQbxfrV2/oRF5z1Kttn9oaA4hMAbOswgS0ZArVLVIuFUst9OYkMbfVLyka11c+wAnBesG9gYmIxPTbCdEHLtDjz7YPstNBWXXZplXFFYi7gCgWQ5M2RibTyegB+ZLPP0gn6EYd/gsrDGpi02UW4qR0nR8B8ZEGt8104j0hf8nvKjjRedpuOMzxd9U8kc498CF5RFJIkW/TpiXhZfGN0hr4QR/UjrDNqxbs2yAacqyg4dt+nz86gK2R6p/A2DvAlb25xhsHJkGurnw0YYfsP3WE2TiXR8LcfqqlIH6G7C1rpkXIxQ==
+a.nic.yoga.		172800	IN	A	37.209.192.10
+a.nic.yoga.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.yoga.		172800	IN	A	37.209.194.10
+b.nic.yoga.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.yoga.		172800	IN	A	37.209.196.10
+c.nic.yoga.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.yoga.		172800	IN	A	156.154.172.82
+x.nic.yoga.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.yoga.		172800	IN	A	156.154.173.82
+y.nic.yoga.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.yoga.		172800	IN	A	156.154.174.82
+z.nic.yoga.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+yokohama.		172800	IN	NS	a.gmoregistry.net.
+yokohama.		172800	IN	NS	b.gmoregistry.net.
+yokohama.		172800	IN	NS	k.gmoregistry.net.
+yokohama.		172800	IN	NS	l.gmoregistry.net.
+yokohama.		86400	IN	DS	40754 8 2 E03E2AF9C07C1ACDE150DC51E5A2D8803F70626FB5B6DEECDABC5F8FDD0BDBAA
+yokohama.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sl4xqZc1yD3SuMp1WLC3FOTbljYjSdJPeaMBbGDJZBKm43Tagp3RTwl0c0QzAdLy0A2lT0M0kuWdAokDzXuCStzF76SEdl92BORlfkAtgDPYoGLFFcqn4GLlEmCvZLXRuVxTetKiZDcyzcNq7bRX5/BZfmRqOiStqMo2Yz1GPQV53fU++hpe2Je0cM7JcqMGDdz8ms+BUGWcZN6J4Z5M3qdd04gLjeX0IepgsjmVrUm2/5eoX5/ofKprXFbxOi2rO22ySEUYtvY0mzt9kIH6qx3mGK2kibkUcB0Pe3SucfdYa7nvhDyLJhLLAsN2sVtmcX9Y7iw2VEsz8LZ5yi2LCA==
+yokohama.		86400	IN	NSEC	you. NS DS RRSIG NSEC
+yokohama.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . G7H/BeJofh6KJAVhWmJGqW6FC6CFMX8Sbona0mhU31Cf11tjDSFItn3NKcGs7pvx6OioKzbQOMJU2tFUTDo8Zyw5E3apwPALyyq11ZjZaZE+SRuVxWV449mnRgXafFNlTzesHl1yUukxHgBHH0hmEs/5yvpURGExx62EptboVBUmt0abD2J5F3fFxXYLxOv2Bl7kauy1F306H09j0tBnO0K+vvl4Kd7CVo4yqqy0RjROgkk1BB12BcgEde3tnb87LZE9glLlBKXlo3CLwmfH4Xi08da45BwDTHZb4VeTR2ILweqctsOv8lIv0NrdQaEbTsyyloVGBFTEhGe5TArBig==
+you.			172800	IN	NS	dns1.nic.you.
+you.			172800	IN	NS	dns2.nic.you.
+you.			172800	IN	NS	dns3.nic.you.
+you.			172800	IN	NS	dns4.nic.you.
+you.			172800	IN	NS	dnsa.nic.you.
+you.			172800	IN	NS	dnsb.nic.you.
+you.			172800	IN	NS	dnsc.nic.you.
+you.			172800	IN	NS	dnsd.nic.you.
+you.			86400	IN	DS	41656 8 2 4D7022047E13AE416D1E12AC44C5EB5AB58C4BF1E4E86DD47C9DD62106A0E348
+you.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nSKaKVlApmBXK5C+zlPGDFHfgwwkFrDO4d18X8aIJa3Wyk6qeAMCzSWNgAvDwwmceWUXENNNLbVdPBtKCfkUxWO7XyulGHeclGw1ofhFewGwh9oWmc+mNi5RkvZDk9aQ3bq+R/ey+htrnouPX/eolPA43aUbBCYocX0WGxhcIjK2GGkqVVdWoho+C9sqHZ1Cd+V8lcdqRM/HmQsVKNdNlm77QepIl+ULCYcn4pRGJyBBzx0ULSXAWz7GH2xAf1bi3Tc4jeLcsNZKpilWcy1Fu+dUcgbZh1ccFY4L8XjSImYTDTyRGdfuhKOv0BbfMe0JMdQ90T3r2G5qtTfZm+/KaQ==
+you.			86400	IN	NSEC	youtube. NS DS RRSIG NSEC
+you.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jiNhkVPbq+ZKQClvi/tHqTwPEC7pFgpSCXnWtPq7GxXGg7ob5MjtqGzXransjVlI6ZBfuEkAz7G7nL/twcDKUWOm1ilEbqrD/hZEBi5Zfpfe4okchcuJwkbgcG0yEfwrykITxPdFEZEN/nc4sFZ2zChDVJA17TfEjRrmCWoQNObEjP8stl1t7jBrUyj1yu3ywKEA4EU7Qgh17W5xSR1EHWwyIiOTVjNUaxpWCxgDNzZ2jlCyUSHq00afRSSTmLJ9wVWwpxSYSZzXU1QZkpeAcYoWLjpwBle+v7oFmdyD4vCL1g5x9EE1xkLetqsZD2BIPSgrDqadh51672QjP8n55w==
+dns1.nic.you.		172800	IN	A	213.248.218.89
+dns1.nic.you.		172800	IN	AAAA	2a01:618:402:0:0:0:0:89
+dns2.nic.you.		172800	IN	A	103.49.82.89
+dns2.nic.you.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:89
+dns3.nic.you.		172800	IN	A	213.248.222.89
+dns3.nic.you.		172800	IN	AAAA	2a01:618:406:0:0:0:0:89
+dns4.nic.you.		172800	IN	A	43.230.50.89
+dns4.nic.you.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:89
+dnsa.nic.you.		172800	IN	A	156.154.100.3
+dnsa.nic.you.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.you.		172800	IN	A	156.154.101.3
+dnsb.nic.you.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.you.		172800	IN	A	156.154.102.3
+dnsc.nic.you.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.you.		172800	IN	A	156.154.103.3
+dnsd.nic.you.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+youtube.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+youtube.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+youtube.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+youtube.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+youtube.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+youtube.		86400	IN	DS	63811 8 2 704005247382F846EAC39D9654488F071934FDF3E96C05BE3266009593F60617
+youtube.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lY+Vsvl29uShPxlDopJp9JvW0rn6kGUo+yYq9zqjmuhO9S//RAfEe1EddiweAjNWsRLTganQFfhWWETOmYOW76gThUzOjPc993dWg+Y62/G5thy6TNejevb7F6MnPlKuqaLpp5gptJxBEgaKN0Ead6MU/aEXcpL3EXMvCCoVTKsFn5iOt5XZMD07zdXNMVP6t7qg847pHd4aVAwmvY1f3gyu5uJKRi033YqB7U6IN9bcIdcOs2gvqAct/Mo7olHLqb7LQvPa7Sy2u0rt9wHw5w35C8PRWsInb4CA0x8RHWnEcDZxT2Z0+isOF9bQfidcBvCLm4JjESuA8f1yONlhyA==
+youtube.		86400	IN	NSEC	yt. NS DS RRSIG NSEC
+youtube.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tsugYHEvNp7eWE/reFj8S6/BoTUoDyGIDuf+kXuQ+ObCef0kCbTWqAtDPDFpwfsLHHxSpPtfq7V2w05HCGbqzmUDiCeTg+ffmwHE9F+EnkyuLFxuA069eJgCMVsi2bBcAV7N481q3PgOAUHqDO57AUPiDLc2Zp1k/KBx73PBnHsMK60mjkNXIdVoBU1mL0QWEmLZ/6hzJ0jd6RkFPuh2JVNBztZ8lPzDUqiUjcrhZ99aJY8oa9UarLu2EH13Fff7O7veczLacfPSCsA8geD0ilP18SEBIWLS7lyBoh9e0CjePSmTxrJt50f7SmVyYkGqYPZplKpfOzvfsaEUY/FMwg==
+yt.			172800	IN	NS	d.nic.fr.
+yt.			172800	IN	NS	e.ext.nic.fr.
+yt.			172800	IN	NS	f.ext.nic.fr.
+yt.			172800	IN	NS	g.ext.nic.fr.
+yt.			86400	IN	DS	58156 13 2 712DD1BBC29E719CAF3B34E9A0BEE2D443DF1ED9D2D6E09B97BAA828D5FF3DC7
+yt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . deBNTPSei92mREkQYs5P/v4wy4ikF3jHGJs9ICycpFbRtHuPYtcY2sMS2bqkznjfqOZHCz7WQ2TwJqWw3R/UuSoq8jc0KVLmKEX8Me8VA7Oq/0SH/hHFns8NRfS7llbHsJspocCs2WDEFVXzPNYvV7QPMnKzXoCgoQKaDxoNyRvMXYjD7pK/9BMcgD1NBB0k64KXAf6da0Bj+eHAyG172PXD4IxSTTWxEpM9O3ax/638BG5KZKxskcBtQFYL0iVpAMJfGFVh1l/clxh9Zj0jPQy4I/kCb17WHpsA6icXZaDjZlYS+nZ5JRgtjYwxw/lZNLJjuHW9hhVaysQ6dvRX+Q==
+yt.			86400	IN	NSEC	yun. NS DS RRSIG NSEC
+yt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wFFuG+5aa6j1wMKPmLl5u0X2Wro6toLnnvKqfuuCYmkhxHiIVWvFMldENDqU/LsLV2mMUYSCoMuGZCy6ULTTwbhF6FcFgTRwennWpVyVuCn5mUQwL8PNagofYF7zIGyBBHcMytbpxTeaplPo/rvq/P00P9wvbrbfUZlaBQ5M2qZO9WmeLuN8G/LlIvtamhYneYIi3ZfjPcXEo6+7ZPyV35cwdWGctTOp3qXDHkHBG5egOXEJBEKxuMnSKIZNh9HQNxkeON8w65r+/n1g0I1Jra82WohQ/UDgVEBWCRaFYPHP4Pdez7H2C9mjcAN22ruX3nsmkY02j9cwmJ8T4GZsLw==
+yun.			172800	IN	NS	ns1.teleinfo.cn.
+yun.			172800	IN	NS	ns2.teleinfoo.com.
+yun.			172800	IN	NS	ns3.teleinfo.cn.
+yun.			172800	IN	NS	ns4.teleinfoo.com.
+yun.			86400	IN	DS	27565 8 2 D8B3C3D5EE497216F3920A87706F270101F63803903DE581669754AC772BAA85
+yun.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dzuxeaIY//X8j98BWjRQ11763neQz6SNQxBg0L7x4ctiS2X9lGhgUuOitRjf7IdSG8IzVStsAGMmxl/p+JYrvmOsK5MgcWv+l6GX6RiRcw+Pf7u7YsSMHz22Db8cxcLrBkVGgku5EvhNv3bufsF+2sRTR/YSF855sPocHzFBoFbDb6QHm8rc2PYpJ2btYKpF5eWmMBc5LZqoC1/141tVHUDYJUsitNeR4J4bl+UJOrYx3swm7StCAi51xFf4RNhiD/qoDMmHHlcaod2M9qIT57YR83HcqCpHz5WcGOTaACT4nTleM7vDGA7mmd5zKkcvzj7AmdbUE6wA+9RJmlmQKA==
+yun.			86400	IN	NSEC	za. NS DS RRSIG NSEC
+yun.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uMCosOUaE3rtgwjJ77C4ayOuxW7xbpyoA881/jNVwy0cOUUDU4pSfN/g/jeU9KrsbIszUgWmRknxaL1UZcGCACRkF9peg0T1OqHzHxAaAk5LDH71BU/6DPcD20qIj3UEDxeq9Zq+s1F5sx/qoVQdNJx82ZJAPPtfrHAgPZVxTeJSDeiaHxSABZahpmbKz6Y1wMsJRfBy8gff1WieT5g2PSyymA9qxnycd2rdvK0ar2fZ+uTpCaG+OjZlknuvhzsFc4CVQEmp8VUTcZ+/S1x48n8RE06RvZ4sC2sapTpMwxNsMq70c7KqnIlAxqFFmRNLR2OAe9d7Dm0nZ2HYArWrjg==
+za.			172800	IN	NS	za1.dnsnode.net.
+za.			172800	IN	NS	nsza.is.co.za.
+za.			172800	IN	NS	za-ns.anycast.pch.net.
+za.			86400	IN	DS	45749 8 2 3E2B0B7E6063CA11400FA4B54D8A530888234CD0EB3B5FBF820C0750784DA84E
+za.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y5O22JNIVey+rW58RsMEJp9Ht4skMo83AFakuIVw1y0lVvzimVk9+CZBja9vaBHNTj6EYuGAg4LFNMqGuy4Eco94sFp9zC+9w/DjA/xSC7+UG9FCQUTk1qLcwSMHtKFvqjO4ApyGwiIVVd3a9lziBTxlrZwArvS5BL27IqS0zxHY5JPkrfDHwXByN8d0HauJlt5sQkKoanMjpa5Z5ShMVyBBIuEDD+Z3jLqS3M18sdqbDAJpAwmBa10T3mp5LWMqY0eyt02LADoBJtVA0WnnkQfcz+FXN6PWcZFagvC3s16dyoSEBLFc2cxIJrYUev2WIVf3dJbmkb7QZ60a4irgOg==
+za.			86400	IN	NSEC	zappos. NS DS RRSIG NSEC
+za.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0sIy9m+0z/Xt9lkma2mSCriTFe/XgWyRMU4q53CPgOyVealmYn0oKB1qthPWgxA7clgPT9XWK6C6Q63OtAjEKZoeF4wwqr+QpTo8+qzYE0gdEMgwSDIbhSovbj146jAWSozvUqcpW+azkugn3/zvm1fFhUcImfRZdW79VN1rw0u/s290qz9a3f8/jq+oAvDf/XXNcM7AHmmjZEhpnk/ZxQ8yrKIMHX5JdII4vSsLzDUmwgNrdCZ8jU5+KYusVaXvuLG2FntjzCUmUldmhW2bkF4Sz8CcNzR8qUsH9i2BOuPNwu/6q0lZL/GzNQSm/EJv7+uXexvazNqR2+3fVDmnvg==
+nsza.is.co.za.		172800	IN	A	196.4.160.27
+zappos.			172800	IN	NS	dns1.nic.zappos.
+zappos.			172800	IN	NS	dns2.nic.zappos.
+zappos.			172800	IN	NS	dns3.nic.zappos.
+zappos.			172800	IN	NS	dns4.nic.zappos.
+zappos.			172800	IN	NS	dnsa.nic.zappos.
+zappos.			172800	IN	NS	dnsb.nic.zappos.
+zappos.			172800	IN	NS	dnsc.nic.zappos.
+zappos.			172800	IN	NS	dnsd.nic.zappos.
+zappos.			86400	IN	DS	36265 8 2 A8426C392C1C10535D73C70C91860AB821CE7CCFBEC9567ED6C015C0C3541CA7
+zappos.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vfQxx8gGvDlnWCwJeciUWIwlUsPjdbGcdbr3loFF2t1yXJ6kdlS5yDPohv6p5RPEUNL046XVHdTHVaqLQ85/tSWGQ+7BSoym2lyLgDAjSAX4AiS7ap2mzY5airiS6ZS9iWI4F2qFqLr1lyRGbrDRW2+gqY8f6J8gwoEiv09XFrTcHLRcuIIE252catQhxgmfx+uZ5WxpJU/ReQFH6EOHk8fSQWnnety/xnvO6aPhAWeNKepOL6bN9abAIW5MEI1zPbWdqESRLgB84VfAIg1uUawFHmGphcnPOUa18+bJNO5XnTWyN3yRdnmcP+Urnt58XfTOf/peroGGOjpMmYrcTg==
+zappos.			86400	IN	NSEC	zara. NS DS RRSIG NSEC
+zappos.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QxTEOfPq3IO9tYlGZxYRZIXHFeQ3UPYgm1wW7Hiqw0i5hux665o8mnsE1bWOccV+IJoutqpCa7m1zmib8MrtlhKBKL3J8MEVrsfeALJH6HqsISzM1VEct46ccp0Y5Bu0q+ki+agOJRHg3usChQiYAGSaVYv6moRuYAXB5Ob7W6sPYef/i6w/9fU79wYlJyHCiHEmuQvpdKJDOtk7NWf4Hs3FHUlCeb1nVoBIM5jueNc/xmQUBjqgGrrDZMyZjHLDSuxta6FWc26iyzuHMxqddlNl/vjS+sh3OdQLoFAgzp2IJxp8inc8WLBwNNtI9QIZWb5tnQU6vSs5YBnU8mv7kA==
+dns1.nic.zappos.	172800	IN	A	213.248.218.52
+dns1.nic.zappos.	172800	IN	AAAA	2a01:618:402:0:0:0:0:52
+dns2.nic.zappos.	172800	IN	A	103.49.82.52
+dns2.nic.zappos.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:52
+dns3.nic.zappos.	172800	IN	A	213.248.222.52
+dns3.nic.zappos.	172800	IN	AAAA	2a01:618:406:0:0:0:0:52
+dns4.nic.zappos.	172800	IN	A	43.230.50.52
+dns4.nic.zappos.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:52
+dnsa.nic.zappos.	172800	IN	A	156.154.100.3
+dnsa.nic.zappos.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.zappos.	172800	IN	A	156.154.101.3
+dnsb.nic.zappos.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.zappos.	172800	IN	A	156.154.102.3
+dnsc.nic.zappos.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.zappos.	172800	IN	A	156.154.103.3
+dnsd.nic.zappos.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+zara.			172800	IN	NS	a0.nic.zara.
+zara.			172800	IN	NS	a2.nic.zara.
+zara.			172800	IN	NS	b0.nic.zara.
+zara.			172800	IN	NS	c0.nic.zara.
+zara.			86400	IN	DS	40147 8 2 2E4669652E0C3B84007E43707F8354C94AFD6F929A5152524BEDBAA6F009DAFA
+zara.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . otGKrg21ly8uNODd656gDdfTZvH77/XU3iQGBf6ZUX9umu6wNvNhjCZOhFX3EqVfIEAmZnQuRrtoqIRVnwzQpcGcmHKJzj0hTNsGwAMB+9MN/WnXUYWBfmKDGvSB2XZTG/J6Z/oyugEmaKlJDSrS9qNkqSYofEIx7/5SZ0euHhrvK5wk9owjtyooAK7Kt1Sr7c5ISqx9RPRbJOBizF1aHQBJH22WTG6SMHhwIQG8DWgAc3FyTMaP1IiWHmMdslBtNxoVei8G1RyxJdMCeUIfZnpGbbknzbxAuhHT1PnPegu9RXJE7be77M20DSyYPeJx8LSnHb/5jAp98fGwLco7Ew==
+zara.			86400	IN	NSEC	zero. NS DS RRSIG NSEC
+zara.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a5fl8RfDXcV0/jpIBmYUCO0Y41Z3kVteZEIDi1UHnNpzkMbI+63o3oMezy2ZXQG/apLu8xRDLzAJhUAweIXQMmR/qtsv55Kh7bhAUhfLrFy6Zu+TmQpVSSdXi5aSyIvfCS2xmyE+TI0Xxz6pNAwlmrAkhf/KBpwHsiGAfwY/mF3HyXQO9H25IHPc+YBjp73OhyYEchaBfYZllZdtnQB49xRGBmllKjlZ0T78DL/J6FQq1+iyCFliMY0mOliNvQo1dEph5SOzZf1N0Tr0aXppcGgoj6jK0vtogFivpHxxomB+v45Ljydrwtxp8jdZgSz4a65ihmj32etDmQoxsRSOxQ==
+a0.nic.zara.		172800	IN	A	65.22.232.33
+a0.nic.zara.		172800	IN	AAAA	2a01:8840:e2:0:0:0:0:33
+a2.nic.zara.		172800	IN	A	65.22.235.33
+a2.nic.zara.		172800	IN	AAAA	2a01:8840:e5:0:0:0:0:33
+b0.nic.zara.		172800	IN	A	65.22.233.33
+b0.nic.zara.		172800	IN	AAAA	2a01:8840:e3:0:0:0:0:33
+c0.nic.zara.		172800	IN	A	65.22.234.33
+c0.nic.zara.		172800	IN	AAAA	2a01:8840:e4:0:0:0:0:33
+zero.			172800	IN	NS	a.nic.zero.
+zero.			172800	IN	NS	b.nic.zero.
+zero.			172800	IN	NS	c.nic.zero.
+zero.			172800	IN	NS	ns1.dns.nic.zero.
+zero.			172800	IN	NS	ns2.dns.nic.zero.
+zero.			172800	IN	NS	ns3.dns.nic.zero.
+zero.			86400	IN	DS	22717 8 2 C5360714B56C1EDBF51E44CD8D93E2C1AFA38D22EEC53750087915274E4BBADC
+zero.			86400	IN	DS	47974 8 2 331D019E413914C99D9AE0E89862063A248694E12C4D40764EAA91B109C3E4E8
+zero.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . W00ESdrQMO0P3BaIPNx/X6I4lBdXlr5xVlMQKNUSlO8jSzWoG0wksi/Q423oCGcXFe/pPUab08VAFLeQl5fzevzMd4NTG2puSmHlUc7KGAMYWHSSdc7PbrtvB/wukG+rP+aSusuw/MPeU4RUi4GdBVyPDez9wcHOzI71LXzoquV5qVbCcjjx7JoOrNsOjQPokWl/IuPv2Fpk1YH6lttGAMZ7l1zw3A6z78gOXs4MGebl3vwfX/Z1ACLFeOPebciyVYxxX/cY7BjhXzP5edlIHhVd/K907HtUNWwUdlaHxyavSk05UxUwQvdWQqpU4cJ9Li+VyqPykAVroSKz/NYKoA==
+zero.			86400	IN	NSEC	zip. NS DS RRSIG NSEC
+zero.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CLUb1kStOHF8Mu2zusyKQXIP/JJxkWkVjKtBlLpM0GnYejRSwFN01yy6tJJxV3CNcMKvZ3FtGR0WDQMLgGO7QJ5bvCKDiceBLJuDWWgtuaqFkypd+wwkeUTxEVeR6Usziqe1kr75VhyyX/Eujw/1uFMWHea5ZDUzwqYB+6HCXohAkdjZQLG8E+wH3X+ULG3nCJDE0F8J2Po4QEQxM89D0m4VCwL3JstWYoV60Eb9XIv39BLe4FaeA6kGhjbQp4gi7hgJU17I9lZPJCC/KcS3SUAU1kFDTVfURHX+fzuWASZPI1NIKTXy74axkwuMo2V1aWT/GOTZNh9+lm/VKLj5fA==
+a.nic.zero.		172800	IN	A	37.209.192.10
+a.nic.zero.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.zero.		172800	IN	A	37.209.194.10
+b.nic.zero.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.zero.		172800	IN	A	37.209.196.10
+c.nic.zero.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.zero.	172800	IN	A	156.154.144.188
+ns1.dns.nic.zero.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:bc
+ns2.dns.nic.zero.	172800	IN	A	156.154.145.188
+ns2.dns.nic.zero.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:bc
+ns3.dns.nic.zero.	172800	IN	A	156.154.159.188
+ns3.dns.nic.zero.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:bc
+zip.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+zip.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+zip.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+zip.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+zip.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+zip.			86400	IN	DS	37525 8 2 32EB9249D844B8593CF81FA5E2CEC76CFCC536C249E116EA9B49269AC8F239CE
+zip.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mtiMOB4U6zANVxXvRWhtjdyUq/y6liBGSP1AwcYARpxqG/ZZ2f8q9mMht1AtsnCTmzCd/FOiwLlvQI+q/qYpNrb0cjj/L5QXGIbKl8ytHqzuRhbQ1UeFUbyToUiMrMYlnCq8lJoDWdpqlIfKBej2bnWMaY9cXw9yIvFPrXIE7KD5EjKqfTiHcE1Ri7aFuWNb+zxxHIEcRS+qnA8zfeTBV1DfF5c+O/m/svdPnj7vohfQTzHFxeD3RIXMr6bWfKugXCXm2ULdrmDr6ywMxQtnup2uwTynumUvJy+KeyMtSOiuOBu/EzGETePzWH+9CQEUwPYPIrCvZYvzWQrLh8Bz3w==
+zip.			86400	IN	NSEC	zm. NS DS RRSIG NSEC
+zip.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XIwm+OboReegdF0WoMcQRS0RIwI9DlUv6/7a+IBwVdU56uyyaguxHf4KfZ5DQn5lJqwy6yyXGGrsHJNj0eloXcKAtQZagwZ2DZEc9M72rLMBwujwZdRALydDgRtvz7RtN/PgibzXQChZ4tz56RsBwPbVIjAzA/1/LF+/BDC1A7/H/3lTgSE62agAVT2lRHhbwYDRUO6RoEx8j8TDH0/dM2H3YSUBSz/ZtZDr9X92fdZjjmaGEdBmELD3Sj88Gql44G9RCzx0QJa92wswSVjLkBrmdR2L+jgrmv/5HEEhpIF9drInaDVdyptVfdCdu9VrbsoSzqlzS1II0zy4fpecSw==
+zm.			172800	IN	NS	pch.nic.zm.
+zm.			172800	IN	NS	ns-zm.afrinic.net.
+zm.			172800	IN	NS	gransy.nic.zm.
+zm.			86400	IN	DS	35075 8 2 EB06F34B2B9F1729366BDA17411CD4CC2193644368905DFB0CFB1868BD590581
+zm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F6bPgpALgZ96JgM9gyEWQvFuPobzarKO7P+CXWn086qZTz8OpeghSbLqUnuv+52r0W71WsjTGlVjwLwBenVgOsqqdp2QwalapDfF3hln+1uec8E5AOJJ8FBZkPip6K6ZBvrz4hmiPM9NxqtxxnoUvwsaUZXHfiNRI6uOsbNNiKygtYzoarfSTguuvqXb6Uqqc7u5ar2L/nxDHl+gMsF0vGn+zfg3Livqzo6bqIHPakkuBafVfxcMiQOgWHqIV0r39PRfCWuAJF/i/ghQhx601bbCRY7wcD/WSuDeV9eaCQroP9MYYsn2bqF7zupUZdy8C9F1R5e4XQmUbbHD8YVdpA==
+zm.			86400	IN	NSEC	zone. NS DS RRSIG NSEC
+zm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tTuPNEgSu70aS/jKsMBi++uSTLWBMH9IHfSqUejtvUs032Gjgy2v+w7eEAeXr/5pweF/d7xRDgrJNuSHmr/FCF+xSjnbc6f1Hy9XMn4INXQAdLhvDLmejdFE7+/p/xUTDdtyCrGGCEyE2scWa4QSz7MK3GFltPTodQx4xiDcMHxQFEfSq0ZSCjN/5ZFmLITw13uImlmibFsy2aAt9jZTtPdHXiEZg7+JM8wyd7baQJKHRdMhNWc75jvgY5phrRsJycih30KL9/pI9p6uoesNsaHfN4PI+v9xzSwRRTtDYuVH+nDyv2wWaafz78TnnbpLoYcNmawV7JUEYa0F4BT0ow==
+gransy.nic.zm.		172800	IN	A	185.28.194.194
+gransy.nic.zm.		172800	IN	A	185.38.108.108
+pch.nic.zm.		172800	IN	A	204.61.216.73
+pch.nic.zm.		172800	IN	AAAA	2001:500:14:6073:ad:0:0:1
+zone.			172800	IN	NS	v0n0.nic.zone.
+zone.			172800	IN	NS	v0n1.nic.zone.
+zone.			172800	IN	NS	v0n2.nic.zone.
+zone.			172800	IN	NS	v0n3.nic.zone.
+zone.			172800	IN	NS	v2n0.nic.zone.
+zone.			172800	IN	NS	v2n1.nic.zone.
+zone.			86400	IN	DS	12136 8 2 44853E072AA0C590351B822B9A23FF95631412A3583228163A995598EF764BAF
+zone.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . J8IU8bEJu0lyNoE9DhQ1ZFrnyfUUMDzjO/LCl/XTL0MSqAsX8H9DJiu1NFk/LjpyfubIZeKk5XKBDTTtE5wbKAjawJzIYUwGTqW81jHHHBC1NXiQQKaybPmp66a54ib+GNM3xKkB5E+DKe3wD5MPKQ0A8TE4nQtv7kxz/VERRHmkI68D5NDFLxhgVDYNzZDlrUeDgJGJeGycyRbc1DwAc8MjhgzAQDRhOEizalSqTcjhIEQ3IGMs9fI/W0e3bChAlmZFxZZ6sP2u/XtGFkJRuS1gqr9t5sz3xx6ydXdeRmZTqxqyoi/k163x+MkVuexmA2cI8oc3b56lWhDm56EOOA==
+zone.			86400	IN	NSEC	zuerich. NS DS RRSIG NSEC
+zone.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jFjXlTGxa21q5BQY2fag59gbhAvVAbk6yPBrH+ouN6N5Gn5urKroO7xKExUfseEYanCAQhS0XIG7F3I+L3ZyYbjfnlUvQvywlgqtUT9NBmhRNPGV6lUzJvHEAOcnQlb06MrxeEjKo4F30EIxb7X+0NausAb5S6JD5DaB8Qc/fVU1eJTYGleBa7ZGHeTah3Asozvm8zWOSEemA2i4TwhXTlr+s88TTJpyrYe8ZDYaa3bRAWxRH+/o7J0ukvUCzPeJONE39LQ/uIGxgQ+kYzE0Jx5BEmikjFhY6b8wrwQxvjcaJJ6FFdGjdHVUuIUfap6dhTXl+araNRppGnkF1o9w0g==
+v0n0.nic.zone.		172800	IN	A	65.22.28.5
+v0n0.nic.zone.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:5
+v0n1.nic.zone.		172800	IN	A	65.22.29.5
+v0n1.nic.zone.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:5
+v0n2.nic.zone.		172800	IN	A	65.22.30.5
+v0n2.nic.zone.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:5
+v0n3.nic.zone.		172800	IN	A	161.232.14.5
+v0n3.nic.zone.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:5
+v2n0.nic.zone.		172800	IN	A	65.22.31.5
+v2n0.nic.zone.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:5
+v2n1.nic.zone.		172800	IN	A	161.232.15.5
+v2n1.nic.zone.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:5
+zuerich.		172800	IN	NS	a.nic.zuerich.
+zuerich.		172800	IN	NS	b.nic.zuerich.
+zuerich.		172800	IN	NS	c.nic.zuerich.
+zuerich.		172800	IN	NS	d.nic.zuerich.
+zuerich.		86400	IN	DS	7399 8 2 69407FE45988E2C569855C70330A24520DB734481082C668317E8BBB764551D3
+zuerich.		86400	IN	DS	48857 8 2 C64FDE4469567966AA2300C152DF46BD230916A54F5BF936083EF79EB894C157
+zuerich.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QAyIyc48Vn0ptlEZEUEg59bs3Ee4fOEfy1t/k7ikQk3acxgckrvP3RiIQvjTeZlBeHuZJWTCb/z2FznrXdAINMc78ovJXrXoux20222q8rSCrWFdV6+ZldSJHqXVMiiyFJdA3Cfog8D73b/tkIctFPwIkYJdYds+x3MxMA6+HF6JcDeyDasHsMTvEadZhfWJ/9+fbbIUrSr5ot02tZDUhueYz6Qy97LxQ4+jLcMk15w72yUnx5qFDFqagcjAaYmEmd2/o9hZpbegG8LlUWHkQMZOlRcngAFYY9juDweNAEyC4xrSd7TwMcUaygTMmqphQXbw6r727FmVkEcHH0vzXA==
+zuerich.		86400	IN	NSEC	zw. NS DS RRSIG NSEC
+zuerich.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . H4Rk/9iBNquq6C6zZ99wtFO5YgqmSBkheMfeUqft+MvGIjtVAz6onWjxB+uGlMji+zg6BWjg+URS53eJxqXtlkcc1+cck3MOQJt/WmbQbDltSG55I5XmdOrrMnsgrVmp+v4IC8wHwfRM2T0/pn4su9p10+SImgZZCMNDpKLymFhmHVsU8RpwGqUoEJlQH3u0h3vL68o4UfqOCKxTtMBT7XNEAJh/UUYed231WsNoVMjpcgzeWC/TeEd5z0UsqFVS8Ju/n35jQQGzQZWRXg2OMDdTY0Ue6D6jrnGu399AbBzJ6Obra9QWvsloSbPr3NxPZNtd9iRgtpLCnNL7noI2vQ==
+a.nic.zuerich.		172800	IN	A	194.169.218.107
+a.nic.zuerich.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:107
+b.nic.zuerich.		172800	IN	A	185.24.64.107
+b.nic.zuerich.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:107
+c.nic.zuerich.		172800	IN	A	212.18.248.107
+c.nic.zuerich.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:107
+d.nic.zuerich.		172800	IN	A	212.18.249.107
+d.nic.zuerich.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:107
+zw.			172800	IN	NS	ns1.liquidtelecom.net.
+zw.			172800	IN	NS	ns2.liquidtelecom.net.
+zw.			172800	IN	NS	zw-ns.anycast.pch.net.
+zw.			172800	IN	NS	ns1zim.telone.co.zw.
+zw.			172800	IN	NS	ns2zim.telone.co.zw.
+zw.			86400	IN	NSEC	. NS RRSIG NSEC
+zw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kq88TDEJ2UK48cVh6/SHW7a1m87O+xuCFbz7D9i4wM4oN48v0dJT30fqc45AvClK2pk/6BfbObPyh0kng06tnVbClguxVorO5lcJmZ/2ND9nFrxAIyv0A8ufKHbxXRiI70BsuE0p7bI5aPWR79pYwn/8WiNAMElboWYk8smn1HmdyA+8qVm/Av3mwviBLCX3EKJ4lsZAqqcf3CPjOgRIpQWk9v4onrUNTzOx0LTKgR7lSgxpHfRKgAtfp8lAOB753of1SWrBl6oYb/LPhCVLZ01uK153c+zMIJqE3wTtUO+GJbHM3IaLxgLXeR8nKXBffkq3bkQCM213owVOf7FuRA==
+ns1zim.telone.co.zw.	172800	IN	A	41.220.30.81
+ns1zim.telone.co.zw.	172800	IN	AAAA	2c0f:f758:0:a:0:0:0:81
+ns2zim.telone.co.zw.	172800	IN	A	41.220.30.82
+ns2zim.telone.co.zw.	172800	IN	AAAA	2c0f:f758:0:a:0:0:0:82
diff --git a/src/test/resources/simplelogger.properties b/src/test/resources/simplelogger.properties
new file mode 100644
index 000000000..fdc49a422
--- /dev/null
+++ b/src/test/resources/simplelogger.properties
@@ -0,0 +1,7 @@
+org.slf4j.simpleLogger.defaultLogLevel=debug
+org.slf4j.simpleLogger.dateTimeFormat=yyyy-MM-dd HH:mm:ss:SSS Z
+org.slf4j.simpleLogger.showDateTime=true
+org.slf4j.simpleLogger.log.org.xbill.DNS.Name=info
+org.slf4j.simpleLogger.log.org.xbill.DNS.Compression=info
+org.slf4j.simpleLogger.log.io.netty=info
+org.slf4j.simpleLogger.log.io.vertx=info
diff --git a/src/test/resources/trust_anchors b/src/test/resources/trust_anchors
new file mode 100644
index 000000000..858627739
--- /dev/null
+++ b/src/test/resources/trust_anchors
@@ -0,0 +1,4 @@
+. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E
+. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
+. IN DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16
diff --git a/src/test/resources/trust_anchors_dnskey_invalid b/src/test/resources/trust_anchors_dnskey_invalid
new file mode 100644
index 000000000..4508bc175
--- /dev/null
+++ b/src/test/resources/trust_anchors_dnskey_invalid
@@ -0,0 +1,2 @@
+.           148029  IN  DNSKEY  257 3 8 BwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.           148029  IN  DNSKEY  256 3 8 BwEAAc5byZvwmHUlCQt7WSeAr3OZ2ao4x0Yj/3UcbtFzQ0T67N7CpYmNqFmfvXxksS1/E+mtT0axFVDjiJjtklUsyqIm9ZlWGZKU3GZqI9Sfp1BjQkhi+yLa4m4y4z2N28rxWXsWHCY740PREnmUtgXRdthwABYaB2WPum3yRGxNCP1/
diff --git a/src/test/resources/trust_anchors_empty b/src/test/resources/trust_anchors_empty
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/src/test/resources/trust_anchors_empty
@@ -0,0 +1 @@
+
diff --git a/src/test/resources/trust_anchors_invalid b/src/test/resources/trust_anchors_invalid
new file mode 100644
index 000000000..b87b6dcb5
--- /dev/null
+++ b/src/test/resources/trust_anchors_invalid
@@ -0,0 +1,2 @@
+. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6F
+. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB6
diff --git a/src/test/resources/trust_anchors_test b/src/test/resources/trust_anchors_test
new file mode 100644
index 000000000..1aa71b07e
--- /dev/null
+++ b/src/test/resources/trust_anchors_test
@@ -0,0 +1,13 @@
+. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E
+. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+. CH DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E
+bla. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E
+bla. IN DNSKEY 256 3 5 ( AQPSKmynfzW4kyBv015MUG2DeIQ3
+                                          Cbl+BBZH4b/0PY1kxkmvHjcZc8no
+                                          kfzj31GajIQKY+5CptLr3buXA10h
+                                          WqTkF7H6RfoRqXQeogmMHfpftf6z
+                                          Mv1LyBUgia7za6ZEzOJBOztyvhjL
+                                          742iU/TpPSEDhm2SNKLijfUppn1U
+                                          aNvv4w==  )
+x. IN A 127.0.0.1
+x. IN MX 10 asdf.bla.
diff --git a/src/test/resources/tsig-axfr/request.bin b/src/test/resources/tsig-axfr/request.bin
new file mode 100644
index 000000000..9e110f7eb
Binary files /dev/null and b/src/test/resources/tsig-axfr/request.bin differ
diff --git a/src/test/resources/tsig-axfr/response-messages.txt b/src/test/resources/tsig-axfr/response-messages.txt
new file mode 100644
index 000000000..492d3d2a4
--- /dev/null
+++ b/src/test/resources/tsig-axfr/response-messages.txt
@@ -0,0 +1 @@
+dig @dnssec1.stage.arin.net -p 53 AXFR dnssecishard.com. -y 'hmac-sha256:dnssecishardtest:q4Gsu0nYoyub20//PATXhABobmrVUQyqq5TFzYHfC7o='
diff --git a/src/test/resources/tsig-axfr/response.bin b/src/test/resources/tsig-axfr/response.bin
new file mode 100644
index 000000000..f861f8b18
Binary files /dev/null and b/src/test/resources/tsig-axfr/response.bin differ
diff --git a/src/test/resources/unbound/val_adbit.rpl b/src/test/resources/unbound/val_adbit.rpl
new file mode 100644
index 000000000..f23760ccb
--- /dev/null
+++ b/src/test/resources/unbound/val_adbit.rpl
@@ -0,0 +1,174 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator AD bit signaling
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD AD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+; ask from cache too
+STEP 21 QUERY
+ENTRY_BEGIN
+REPLY RD AD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 23 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_adcopy.rpl b/src/test/resources/unbound/val_adcopy.rpl
new file mode 100644
index 000000000..aeb8bfd75
--- /dev/null
+++ b/src/test/resources/unbound/val_adcopy.rpl
@@ -0,0 +1,173 @@
+; config options
+; The island of trust is at example.com
+server:
+	#trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator AD bit sent by untrusted upstream
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA RA AD NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA RA AD NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA RA AD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD AD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+; ask from cache too
+STEP 21 QUERY
+ENTRY_BEGIN
+REPLY RD AD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 23 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_anchor_nx.rpl b/src/test/resources/unbound/val_anchor_nx.rpl
new file mode 100644
index 000000000..5d8855b8a
--- /dev/null
+++ b/src/test/resources/unbound/val_anchor_nx.rpl
@@ -0,0 +1,220 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "sub.example.com.    3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with secure proof of trust anchor nxdomain
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_anchor_nx_nosig.rpl b/src/test/resources/unbound/val_anchor_nx_nosig.rpl
new file mode 100644
index 000000000..e0dc7d8ab
--- /dev/null
+++ b/src/test/resources/unbound/val_anchor_nx_nosig.rpl
@@ -0,0 +1,218 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "sub.example.com.    3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unsigned denial of trust anchor
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ans_dsent.rpl b/src/test/resources/unbound/val_ans_dsent.rpl
new file mode 100644
index 000000000..361e222c5
--- /dev/null
+++ b/src/test/resources/unbound/val_ans_dsent.rpl
@@ -0,0 +1,248 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with empty nonterminals on the trust chain.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; responses to DS empty nonterminal queries.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+194.example.com. IN DS
+SECTION AUTHORITY
+example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
+
+; This NSEC proves the NOERROR/NODATA case.
+194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
+194.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+; this should be NOERROR.
+REPLY QR AA NOERROR
+SECTION QUESTION
+0.194.example.com. IN DS
+SECTION AUTHORITY
+example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
+
+; This NSEC proves the NOERROR/NODATA case.
+194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
+194.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
+
+ENTRY_END
+
+; response for delegation to sub zone.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+0.0.194.example.com. IN NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+0.0.194.example.com.    3600    IN      RRSIG   DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub zone
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+0.0.194.example.com. IN NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+0.0.194.example.com.    3600    IN      RRSIG   DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com. for zone 0.0.194.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN NS
+SECTION ANSWER
+0.0.194.example.com. IN	NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      RRSIG   NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+
+; response to DNSKEY priming query
+; 0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN DNSKEY
+SECTION ANSWER
+0.0.194.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+0.0.194.example.com.    3600    IN      RRSIG   DNSKEY 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. fSmc7ef6NwbDXC0o4wPc/aa8LakW5ZJwEZ4xPYl3tTZKmPNM7hPXskl1tFlvst9Va4u37F62v+16trprHb+SCQ== ;{id = 30899}
+SECTION AUTHORITY
+0.0.194.example.com. IN	NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      RRSIG   NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+328.0.0.194.example.com. IN A 11.11.11.11
+328.0.0.194.example.com.        3600    IN      RRSIG   A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+328.0.0.194.example.com. 	3600	IN	A	11.11.11.11
+328.0.0.194.example.com.        3600    IN      RRSIG   A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ans_nx.rpl b/src/test/resources/unbound/val_ans_nx.rpl
new file mode 100644
index 000000000..feaf35442
--- /dev/null
+++ b/src/test/resources/unbound/val_ans_nx.rpl
@@ -0,0 +1,250 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with DS nodata as nxdomain on trust chain
+; This is a bug in ANS 2.8.1.0 where it gives an NXDOMAIN instead of
+; NOERROR for an empty nonterminal DS query. The proof for this NXDOMAIN
+; is the NSEC that proves emptynonterminal.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; responses to DS empty nonterminal queries.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+194.example.com. IN DS
+SECTION AUTHORITY
+example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
+
+; This NSEC proves the NOERROR/NODATA case.
+194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
+194.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+; Bad NXDOMAIN response, this should be NOERROR.
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+0.194.example.com. IN DS
+SECTION AUTHORITY
+example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
+
+; This NSEC proves the NOERROR/NODATA case.
+194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
+194.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
+
+ENTRY_END
+
+; response for delegation to sub zone.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+0.0.194.example.com. IN NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+0.0.194.example.com.    3600    IN      RRSIG   DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub zone
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+0.0.194.example.com. IN NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+0.0.194.example.com.    3600    IN      RRSIG   DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com. for zone 0.0.194.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN NS
+SECTION ANSWER
+0.0.194.example.com. IN	NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      RRSIG   NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to DNSKEY priming query
+; 0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN DNSKEY
+SECTION ANSWER
+0.0.194.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+0.0.194.example.com.    3600    IN      RRSIG   DNSKEY 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. fSmc7ef6NwbDXC0o4wPc/aa8LakW5ZJwEZ4xPYl3tTZKmPNM7hPXskl1tFlvst9Va4u37F62v+16trprHb+SCQ== ;{id = 30899}
+SECTION AUTHORITY
+0.0.194.example.com. IN	NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      RRSIG   NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+328.0.0.194.example.com. IN A 11.11.11.11
+328.0.0.194.example.com.        3600    IN      RRSIG   A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+328.0.0.194.example.com. 	3600	IN	A	11.11.11.11
+328.0.0.194.example.com.        3600    IN      RRSIG   A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_any.rpl b/src/test/resources/unbound/val_any.rpl
new file mode 100644
index 000000000..058f44925
--- /dev/null
+++ b/src/test/resources/unbound/val_any.rpl
@@ -0,0 +1,203 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with response to qtype ANY
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION ANSWER
+example.com.    86400   IN      SOA     open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    86400   IN      RRSIG   SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854}
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854}
+example.com.    600     IN      NAPTR   20 0 "s" "SIP+D2U" "" _sip._udp.example.com.
+example.com.    600     IN      RRSIG   NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854}
+example.com.    86400   IN      AAAA    2001:7b8:206:1::1
+example.com.    86400   IN      RRSIG   AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854}
+example.com.    86400   IN      TXT     "Stichting NLnet Labs"
+example.com.    86400   IN      RRSIG   TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854}
+example.com.    86400   IN      MX      100 v.net.example.
+example.com.    86400   IN      MX      50 open.example.com.
+example.com.    86400   IN      RRSIG   MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854}
+example.com.    86400   IN      NS      v.net.example.
+example.com.    86400   IN      NS      open.example.com.
+example.com.    86400   IN      NS      ns7.domain-registry.example.
+example.com.    86400   IN      RRSIG   NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854}
+example.com.    86400   IN      A       213.154.224.1
+example.com.    86400   IN      RRSIG   A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854}
+example.com.    18000   IN      NSEC    _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY 
+example.com.    18000   IN      RRSIG   NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ns7.domain-registry.example. 80173   IN      A       62.4.86.230
+open.example.com.      600     IN      A       213.154.224.1
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::53
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::1
+v.net.example.        28800   IN      A       213.154.224.17
+v.net.example.        28800   IN      AAAA    2001:7b8:206:1:200:39ff:fe59:b187
+johnny.example.com.    600     IN      A       213.154.224.44
+open.example.com.       600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854}
+open.example.com.       600     IN      RRSIG   AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854}
+johnny.example.com.     600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MCwCFAh0/zSpCd/9eMNz7AyfnuGQFD1ZAhQEpNFNw4XByNEcbi/vsVeii9kp7g== ;{id = 2854}
+_sip._udp.example.com.  600     IN      RRSIG   SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854}
+_sip._udp.example.com. 600     IN      SRV     0 0 5060 johnny.example.com.
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+MATCH TCP
+REPLY RD DO
+SECTION QUESTION
+example.com. IN ANY
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION ANSWER
+example.com.    86400   IN      SOA     open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    86400   IN      RRSIG   SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854}
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854}
+example.com.    600     IN      NAPTR   20 0 "s" "SIP+D2U" "" _sip._udp.example.com.
+example.com.    600     IN      RRSIG   NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854}
+example.com.    86400   IN      AAAA    2001:7b8:206:1::1
+example.com.    86400   IN      RRSIG   AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854}
+example.com.    86400   IN      TXT     "Stichting NLnet Labs"
+example.com.    86400   IN      RRSIG   TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854}
+example.com.    86400   IN      MX      100 v.net.example.
+example.com.    86400   IN      MX      50 open.example.com.
+example.com.    86400   IN      RRSIG   MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854}
+example.com.    86400   IN      NS      v.net.example.
+example.com.    86400   IN      NS      open.example.com.
+example.com.    86400   IN      NS      ns7.domain-registry.example.
+example.com.    86400   IN      RRSIG   NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854}
+example.com.    86400   IN      A       213.154.224.1
+example.com.    86400   IN      RRSIG   A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854}
+example.com.    18000   IN      NSEC    _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY 
+example.com.    18000   IN      RRSIG   NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+open.example.com.      600     IN      A       213.154.224.1
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::53
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::1
+_sip._udp.example.com. 600     IN      SRV     0 0 5060 johnny.example.com.
+open.example.com.       600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854}
+open.example.com.       600     IN      RRSIG   AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854}
+_sip._udp.example.com.  600     IN      RRSIG   SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_any_cname.rpl b/src/test/resources/unbound/val_any_cname.rpl
new file mode 100644
index 000000000..5e5d12b08
--- /dev/null
+++ b/src/test/resources/unbound/val_any_cname.rpl
@@ -0,0 +1,164 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with response to qtype ANY that includes CNAME
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+www.example.com.	3600	IN	CNAME	serf.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AH/qSA7et6tXS08u4UUsWmXbIedGFpBKhiCqqVAgV8Z95dgn/vrB5ag= ;{id = 2854}
+www.example.com.	18000	IN	NSEC	example.com. CNAME RRSIG NSEC 
+www.example.com.	18000	IN	RRSIG	NSEC 3 3 18000 20070926134150 20070829134150 2854 example.com. ACqeCl/aLq90zkeSfneQY+HnvJTUAeyTF03HWdXr3WhnYzupKAdnuQ4= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+serf.example.com. IN ANY
+SECTION ANSWER
+serf.example.com.	3600	IN	A	192.0.2.1
+serf.example.com.	3600	IN	RRSIG	A 3 3 3600 20070926134150 20070829134150 2854 example.com. AGLOiUcDNkSCplT07hT8szlUfMHNfPh6/104ydBt4bJ6UcfXUiM3pV8= ;{id = 2854}
+serf.example.com.	18000	IN	NSEC	www.example.com. A RRSIG NSEC 
+serf.example.com.	18000	IN	RRSIG	NSEC 3 3 18000 20070926134150 20070829134150 2854 example.com. AEBNiqg7Uz+NfNvoyA4KjkqJPb7hrjyS7oPE2MGNgVwUgQrcRIxd7DA= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+MATCH TCP
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN ANY
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+www.example.com.	3600	IN	CNAME	serf.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AH/qSA7et6tXS08u4UUsWmXbIedGFpBKhiCqqVAgV8Z95dgn/vrB5ag= ;{id = 2854}
+www.example.com.	18000	IN	NSEC	example.com. CNAME RRSIG NSEC 
+www.example.com.	18000	IN	RRSIG	NSEC 3 3 18000 20070926134150 20070829134150 2854 example.com. ACqeCl/aLq90zkeSfneQY+HnvJTUAeyTF03HWdXr3WhnYzupKAdnuQ4= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_any_dname.rpl b/src/test/resources/unbound/val_any_dname.rpl
new file mode 100644
index 000000000..37b38c475
--- /dev/null
+++ b/src/test/resources/unbound/val_any_dname.rpl
@@ -0,0 +1,212 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	rrset-roundrobin: no
+	harden-unknown-additional: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with response to qtype ANY that includes DNAME
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION ANSWER
+example.com.    86400   IN      SOA     open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    86400   IN      RRSIG   SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854}
+example.com.	3600	IN	DNAME	example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCdje5lZfq9kENX9a8lOOKn79BRlQIUbVCx/fXo0kfvAgC5kB8Dvd5LodQ= ;{id = 2854}
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854}
+example.com.    600     IN      NAPTR   20 0 "s" "SIP+D2U" "" _sip._udp.example.com.
+example.com.    600     IN      RRSIG   NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854}
+example.com.    86400   IN      AAAA    2001:7b8:206:1::1
+example.com.    86400   IN      RRSIG   AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854}
+example.com.    86400   IN      TXT     "Stichting NLnet Labs"
+example.com.    86400   IN      RRSIG   TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854}
+example.com.    86400   IN      MX      100 v.net.example.
+example.com.    86400   IN      MX      50 open.example.com.
+example.com.    86400   IN      RRSIG   MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854}
+example.com.    86400   IN      NS      v.net.example.
+example.com.    86400   IN      NS      open.example.com.
+example.com.    86400   IN      NS      ns7.domain-registry.example.
+example.com.    86400   IN      RRSIG   NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854}
+example.com.    86400   IN      A       213.154.224.1
+example.com.    86400   IN      RRSIG   A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854}
+example.com.    18000   IN      NSEC    _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY
+example.com.    18000   IN      RRSIG   NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ns7.domain-registry.example. 80173   IN      A       62.4.86.230
+open.example.com.      600     IN      A       213.154.224.1
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::53
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::1
+v.net.example.        28800   IN      A       213.154.224.17
+v.net.example.        28800   IN      AAAA    2001:7b8:206:1:200:39ff:fe59:b187
+johnny.example.com.    600     IN      A       213.154.224.44
+open.example.com.       600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854}
+open.example.com.       600     IN      RRSIG   AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854}
+johnny.example.com.     600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MCwCFAh0/zSpCd/9eMNz7AyfnuGQFD1ZAhQEpNFNw4XByNEcbi/vsVeii9kp7g== ;{id = 2854}
+_sip._udp.example.com.  600     IN      RRSIG   SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854}
+_sip._udp.example.com. 600     IN      SRV     0 0 5060 johnny.example.com.
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+MATCH TCP
+REPLY RD DO
+SECTION QUESTION
+example.com. IN ANY
+ENTRY_END
+
+; Allow validation resuming for the RRSIGs
+STEP 2 TIME_PASSES ELAPSE 0.05
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION ANSWER
+example.com.    86400   IN      SOA     open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    86400   IN      RRSIG   SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854}
+example.com.	3600	IN	DNAME	example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCdje5lZfq9kENX9a8lOOKn79BRlQIUbVCx/fXo0kfvAgC5kB8Dvd5LodQ= ;{id = 2854}
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854}
+example.com.    600     IN      NAPTR   20 0 "s" "SIP+D2U" "" _sip._udp.example.com.
+example.com.    600     IN      RRSIG   NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854}
+example.com.    86400   IN      AAAA    2001:7b8:206:1::1
+example.com.    86400   IN      RRSIG   AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854}
+example.com.    86400   IN      TXT     "Stichting NLnet Labs"
+example.com.    86400   IN      RRSIG   TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854}
+example.com.    86400   IN      MX      100 v.net.example.
+example.com.    86400   IN      MX      50 open.example.com.
+example.com.    86400   IN      RRSIG   MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854}
+example.com.    86400   IN      NS      v.net.example.
+example.com.    86400   IN      NS      open.example.com.
+example.com.    86400   IN      NS      ns7.domain-registry.example.
+example.com.    86400   IN      RRSIG   NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854}
+example.com.    86400   IN      A       213.154.224.1
+example.com.    86400   IN      RRSIG   A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854}
+example.com.    18000   IN      NSEC    _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY
+example.com.    18000   IN      RRSIG   NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+open.example.com.      600     IN      A       213.154.224.1
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::53
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::1
+_sip._udp.example.com. 600     IN      SRV     0 0 5060 johnny.example.com.
+open.example.com.       600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854}
+open.example.com.       600     IN      RRSIG   AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854}
+_sip._udp.example.com.  600     IN      RRSIG   SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cname_loop1.rpl b/src/test/resources/unbound/val_cname_loop1.rpl
new file mode 100644
index 000000000..b261ecf37
--- /dev/null
+++ b/src/test/resources/unbound/val_cname_loop1.rpl
@@ -0,0 +1,146 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname loop
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.com.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cname_loop2.rpl b/src/test/resources/unbound/val_cname_loop2.rpl
new file mode 100644
index 000000000..009616f71
--- /dev/null
+++ b/src/test/resources/unbound/val_cname_loop2.rpl
@@ -0,0 +1,155 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname 2 step loop
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	foo.example.com.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+foo.example.com. IN A
+SECTION ANSWER
+foo.example.com. IN	CNAME	www.example.com.
+foo.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC7kcWPsMnGbjvzj5UNnxQzM0YvnAhUAgxIKgs1huJHvcAP2Xt3p8Adpy/c= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cname_loop3.rpl b/src/test/resources/unbound/val_cname_loop3.rpl
new file mode 100644
index 000000000..acdd110ed
--- /dev/null
+++ b/src/test/resources/unbound/val_cname_loop3.rpl
@@ -0,0 +1,168 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname 3 step loop
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	foo.example.com.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+foo.example.com. IN A
+SECTION ANSWER
+foo.example.com. IN	CNAME	bar.example.com.
+foo.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFFMlXuWrNL/8aYOl9U9WYjgif8gAAhUAqsC/xOXakHP1SYxMSLANziOik94= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+bar.example.com. IN A
+SECTION ANSWER
+bar.example.com. IN	CNAME	www.example.com.
+bar.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFAsalUJJSV86uPlfiGS3kKDc0JB7AhQ+qmHqagY/r36Re/J3Q1OfvcA1dA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnameinsectopos.rpl b/src/test/resources/unbound/val_cnameinsectopos.rpl
new file mode 100644
index 000000000..c73118cfc
--- /dev/null
+++ b/src/test/resources/unbound/val_cnameinsectopos.rpl
@@ -0,0 +1,293 @@
+; config options
+; The island of trust is at example.com
+server:
+	;trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with an insecure cname to positive cached
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+insecure.example.com. IN A
+SECTION ANSWER
+insecure.example.com. IN	CNAME	www.example.net.
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+
+; Get www.example.net validated in the cache.
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.net. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+
+; reference the cache object
+STEP 50 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+insecure.example.com. IN A
+ENTRY_END
+
+STEP 60 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+insecure.example.com. IN A
+SECTION ANSWER
+insecure.example.com. IN	CNAME	www.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnamenx_dblnsec.rpl b/src/test/resources/unbound/val_cnamenx_dblnsec.rpl
new file mode 100644
index 000000000..4a0432442
--- /dev/null
+++ b/src/test/resources/unbound/val_cnamenx_dblnsec.rpl
@@ -0,0 +1,179 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname-nxdomain for duplicate NSEC detection
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+cname.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+cname.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+cname.example.com. IN A
+SECTION ANSWER
+cname.example.com.      3600    IN      CNAME   www.example.com.
+cname.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFBhJC8qi+g+EOYqzT2q6RxE8Im09AhUAotz8NFnpY+cpEDNBKjM940a74/E= ;{id = 2854}
+SECTION AUTHORITY
+; already includes the necessary NSECs
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+cname.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+cname.example.com. IN A
+SECTION ANSWER
+cname.example.com.      3600    IN      CNAME   www.example.com.
+cname.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFBhJC8qi+g+EOYqzT2q6RxE8Im09AhUAotz8NFnpY+cpEDNBKjM940a74/E= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnamenx_rcodenx.rpl b/src/test/resources/unbound/val_cnamenx_rcodenx.rpl
new file mode 100644
index 000000000..1d63ca9c1
--- /dev/null
+++ b/src/test/resources/unbound/val_cnamenx_rcodenx.rpl
@@ -0,0 +1,238 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	val-min-rsa-size: 512
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname-nxdomain with rcode nxdomain
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnameqtype.rpl b/src/test/resources/unbound/val_cnameqtype.rpl
new file mode 100644
index 000000000..05ef47426
--- /dev/null
+++ b/src/test/resources/unbound/val_cnameqtype.rpl
@@ -0,0 +1,231 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a query for type cname
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN CNAME
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN CNAME
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN CNAME
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN CNAME
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN CNAME
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN CNAME
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametocloser.rpl b/src/test/resources/unbound/val_cnametocloser.rpl
new file mode 100644
index 000000000..08b3fd434
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametocloser.rpl
@@ -0,0 +1,106 @@
+; config options
+server:
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	trust-anchor: "a.b.example.com.	3600	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8="
+	val-override-date: "20091113091234"
+	val-min-rsa-size: 512
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+forward-zone:
+	name: "."
+	forward-addr: 192.0.2.1
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to closer anchor under optout.
+
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com. IN CNAME www.a.b.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 5 3 3600 20091213091234 20091111091234 30899 example.com. mfQXJgOsRe8wiqNDZT4+ygSgRqzNowJ20o5+b681Mssp0xc007dq1ZaUYwUCdZjTn/GhF+f74t0UI1oqsFw2XA== ;{id = 30899}
+
+SECTION AUTHORITY
+;; nsec3param 1 1 1 d399eaab
+; example.com. -> l0c0e5lac37ai0lpij31sj699hkktdmb.
+; b.example.com. -> 1lq6sb4omkd2vgj0l8lro2cbie223hco.
+;; closest encloser: example.com.
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com. IN NSEC3 1 1 1 d399eaab l0c0e5lac37ai0lpij31sj699hkktdmc SOA NS DNSKEY NSEC3PARAM RRSIG
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com.	3600	IN	RRSIG	NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. qjV0zsbDWLuoOQQ3tgCE2zo1z31bK9nv/Wh6xqKhmhyFI87nw2HM0lZGfRQrpWvWfBDczLRxHH9WNZkeIzv28w== ;{id = 30899}
+
+;; nextcloser is:  b.example.com. ; under optout range.
+; disproof of DS using the optout range.
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com. IN NSEC3 1 1 1 d399eaab 1lq8sb4omkd2vgj0l8lro2cbie223hco NS RRSIG
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com.	3600	IN	RRSIG	NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. ZOJhHYt+YkGHBxHynuXlyZ8PEGg4YyqD/roWiEtBoP2PiGoPNCNqtWd0WjRgsUT0YFp/VqjqAU/RH8D45B8S8A== ;{id = 30899}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.a.b.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+; NSEC that proves there is no AAAA record
+www.a.b.example.com. IN NSEC zzz.a.b.example.com. A NSEC RRSIG MX
+www.a.b.example.com.	3600	IN	RRSIG	NSEC 5 5 3600 20091213091234 20091111091234 16486 a.b.example.com. pOj+aOIolZ8VXlLpaLD1NsYVbl8FW4wmsJbiVTYAMcyDOlgxOsbhTtlB4jQ7uV9pRVAzkvdm1V5wc/1PcncTuw== ;{id = 16486}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20091213091234 20091111091234 30899 example.com. hc+1QLqhy6lcfgH95k6eabsXrYsdH2oTLqDu6BjHYrmLi0kX4ZDiOI+syhIcGw9+hRqW1j8t+lsHvzvi7BgcXg== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.example.com. IN DNSKEY
+SECTION ANSWER
+a.b.example.com.	3600	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b}
+a.b.example.com.	3600	IN	RRSIG	DNSKEY 5 4 3600 20091213091234 20091111091234 16486 a.b.example.com. kPftbF2Rut5h2Sc2k/gp27XS+4I9WQ/EYa5NJOnqfJZqpw/es7GuLyWAAZyvNhBDIUEenXtZ8k1H8F8poKdNXw== ;{id = 16486}
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN AAAA
+ENTRY_END
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com. IN CNAME www.a.b.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 5 3 3600 20091213091234 20091111091234 30899 example.com. mfQXJgOsRe8wiqNDZT4+ygSgRqzNowJ20o5+b681Mssp0xc007dq1ZaUYwUCdZjTn/GhF+f74t0UI1oqsFw2XA== ;{id = 30899}
+SECTION AUTHORITY
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com.   3600    IN      NSEC3   1 1 1 d399eaab  l0c0e5lac37ai0lpij31sj699hkktdmc NS SOA RRSIG DNSKEY NSEC3PARAM  ; flags: optout
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com.   3600    IN      RRSIG   NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. qjV0zsbDWLuoOQQ3tgCE2zo1z31bK9nv/Wh6xqKhmhyFI87nw2HM0lZGfRQrpWvWfBDczLRxHH9WNZkeIzv28w== ;{id = 30899}
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com.   3600    IN      NSEC3   1 1 1 d399eaab  1lq8sb4omkd2vgj0l8lro2cbie223hco NS RRSIG  ; flags: optout
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com.   3600    IN      RRSIG   NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. ZOJhHYt+YkGHBxHynuXlyZ8PEGg4YyqD/roWiEtBoP2PiGoPNCNqtWd0WjRgsUT0YFp/VqjqAU/RH8D45B8S8A== ;{id = 30899}
+www.a.b.example.com.    3600    IN      NSEC    zzz.a.b.example.com. A MX RRSIG NSEC
+www.a.b.example.com.    3600    IN      RRSIG   NSEC 5 5 3600 20091213091234 20091111091234 16486 a.b.example.com. pOj+aOIolZ8VXlLpaLD1NsYVbl8FW4wmsJbiVTYAMcyDOlgxOsbhTtlB4jQ7uV9pRVAzkvdm1V5wc/1PcncTuw== ;{id = 16486}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametocloser_nosig.rpl b/src/test/resources/unbound/val_cnametocloser_nosig.rpl
new file mode 100644
index 000000000..1cf67125e
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametocloser_nosig.rpl
@@ -0,0 +1,99 @@
+; config options
+server:
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	trust-anchor: "a.b.example.com.	3600	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8="
+	val-override-date: "20091113091234"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+forward-zone:
+	name: "."
+	forward-addr: 192.0.2.1
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to closer anchor optout missing sigs.
+
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com. IN CNAME www.a.b.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 5 3 3600 20091213091234 20091111091234 30899 example.com. mfQXJgOsRe8wiqNDZT4+ygSgRqzNowJ20o5+b681Mssp0xc007dq1ZaUYwUCdZjTn/GhF+f74t0UI1oqsFw2XA== ;{id = 30899}
+
+SECTION AUTHORITY
+;; nsec3param 1 1 1 d399eaab
+; example.com. -> l0c0e5lac37ai0lpij31sj699hkktdmb.
+; b.example.com. -> 1lq6sb4omkd2vgj0l8lro2cbie223hco.
+;; closest encloser: example.com.
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com. IN NSEC3 1 1 1 d399eaab l0c0e5lac37ai0lpij31sj699hkktdmc SOA NS DNSKEY NSEC3PARAM RRSIG
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com.	3600	IN	RRSIG	NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. qjV0zsbDWLuoOQQ3tgCE2zo1z31bK9nv/Wh6xqKhmhyFI87nw2HM0lZGfRQrpWvWfBDczLRxHH9WNZkeIzv28w== ;{id = 30899}
+
+;; nextcloser is:  b.example.com. ; under optout range.
+; disproof of DS using the optout range.
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com. IN NSEC3 1 1 1 d399eaab 1lq8sb4omkd2vgj0l8lro2cbie223hco NS RRSIG
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com.	3600	IN	RRSIG	NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. ZOJhHYt+YkGHBxHynuXlyZ8PEGg4YyqD/roWiEtBoP2PiGoPNCNqtWd0WjRgsUT0YFp/VqjqAU/RH8D45B8S8A== ;{id = 30899}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.a.b.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+; NSEC that proves there is no AAAA record
+www.a.b.example.com. IN NSEC zzz.a.b.example.com. A NSEC RRSIG MX
+; signature missing!
+;www.a.b.example.com.	3600	IN	RRSIG	NSEC 5 5 3600 20091213091234 20091111091234 16486 a.b.example.com. pOj+aOIolZ8VXlLpaLD1NsYVbl8FW4wmsJbiVTYAMcyDOlgxOsbhTtlB4jQ7uV9pRVAzkvdm1V5wc/1PcncTuw== ;{id = 16486}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20091213091234 20091111091234 30899 example.com. hc+1QLqhy6lcfgH95k6eabsXrYsdH2oTLqDu6BjHYrmLi0kX4ZDiOI+syhIcGw9+hRqW1j8t+lsHvzvi7BgcXg== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.example.com. IN DNSKEY
+SECTION ANSWER
+a.b.example.com.	3600	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b}
+; signature missing!
+;a.b.example.com.	3600	IN	RRSIG	DNSKEY 5 4 3600 20091213091234 20091111091234 16486 a.b.example.com. kPftbF2Rut5h2Sc2k/gp27XS+4I9WQ/EYa5NJOnqfJZqpw/es7GuLyWAAZyvNhBDIUEenXtZ8k1H8F8poKdNXw== ;{id = 16486}
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN AAAA
+ENTRY_END
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametocnamewctoposwc.rpl b/src/test/resources/unbound/val_cnametocnamewctoposwc.rpl
new file mode 100644
index 000000000..1dc1c7f29
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametocnamewctoposwc.rpl
@@ -0,0 +1,211 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    IN      DNSKEY  257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b"
+	val-override-date: "20121030123249"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a regular cname to wildcard cname to wildcard response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.	120	IN	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 8 AwEAAdWzfjQD2bfQuoQGNYuS0ByosBxiTkoKcy9kMoWOQ/jx9rvTRhHImWxTxFtIyZOoRgn6E6mE71e5Y1q1nuyH544Em+4rNRMMW4bzecQmMmPk+B97MqW9aW6e4BwiCTt52IGfL++5GORYcaITw9UOlQLYH1oHHUNUC6ebHENofLTj ;{id = 64050 (zsk), size = 1024b}
+example.com.	3600	IN	DNSKEY	257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b ;{id = 46426 (ksk), size = 1024b}
+example.com.	3600	IN	RRSIG	DNSKEY 8 2 3600 20121126123249 20121029123249 46426 example.com. pisNb/A40XDEiMpcYtxc+yO6osISyfpqz+0UZ61pd70+TLXMF197zr9SqOVJHyRI6G2lSnFggxYrZDpxLbxOW0RY/KfjD3xlI14M/2DieJ1NdlQuYFGgTwxcoINUJ/wRd4YUxkF4JS0D4NBdQ0yQYR0KqDr84oyhnULEHX6WB7s=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION ANSWER
+start.example.com.	3600	IN	CNAME	x.y.z.wc.example.com.
+start.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. uN8+hg2b9kqpso4zTtpb8CdkGkgOdlbayH1Ui7NVSi1Y8un8FDG4NHy2gpCi0zIMpeAOa5bENe3cdTEwYZKHQdvnGjaI/zFWpFAzXsEFg0VlLxDQXSzRB6GtoFoUEYiZBHsmLIy3zWjuihlWK9fRzyPyVtBDDmqU8KK7+H3BYp0=
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
+SECTION AUTHORITY
+*.wc.example.com.	86400	IN	NSEC	www.example.com. CNAME RRSIG NSEC
+*.wc.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU=
+*.end.example.com.	86400	IN	NSEC	escapedtext.example.com. A RRSIG NSEC
+*.end.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126131826 20121029131826 64050 example.com. L/EsWsRNhM0Lt8877XYfm0FkVc+utuRPYlW/yxEi/Nzs/mTb9BMrOygsW0qfpYakYgfFvinR7S7ce9/naWidzGkWKYR85g2WFms3/TgchpmfjZHEsNyuT8zsiGrj3bQ3RxpT5cmt/IS2QlOak/RhdtawKfd9aqkMTVpP2idEQwY=
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+x.y.z.wc.example.com. IN A
+SECTION ANSWER
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
+SECTION AUTHORITY
+*.wc.example.com.	86400	IN	NSEC	www.example.com. CNAME RRSIG NSEC
+*.wc.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU=
+*.end.example.com.	86400	IN	NSEC	escapedtext.example.com. A RRSIG NSEC
+*.end.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126131826 20121029131826 64050 example.com. L/EsWsRNhM0Lt8877XYfm0FkVc+utuRPYlW/yxEi/Nzs/mTb9BMrOygsW0qfpYakYgfFvinR7S7ce9/naWidzGkWKYR85g2WFms3/TgchpmfjZHEsNyuT8zsiGrj3bQ3RxpT5cmt/IS2QlOak/RhdtawKfd9aqkMTVpP2idEQwY=
+ENTRY_END
+
+ENTRY_BEGING
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+x.y.z.end.example.com. IN A
+SECTION ANSWER
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
+SECTION AUTHORITY
+*.end.example.com.	86400	IN	NSEC	escapedtext.example.com. A RRSIG NSEC
+*.end.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+RANGE_END
+
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+start.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION ANSWER
+start.example.com.	3600	IN	CNAME	x.y.z.wc.example.com.
+start.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. uN8+hg2b9kqpso4zTtpb8CdkGkgOdlbayH1Ui7NVSi1Y8un8FDG4NHy2gpCi0zIMpeAOa5bENe3cdTEwYZKHQdvnGjaI/zFWpFAzXsEFg0VlLxDQXSzRB6GtoFoUEYiZBHsmLIy3zWjuihlWK9fRzyPyVtBDDmqU8KK7+H3BYp0=
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
+SECTION AUTHORITY
+*.wc.example.com.	86400	IN	NSEC	www.example.com. CNAME RRSIG NSEC
+*.wc.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU=
+*.end.example.com.	86400	IN	NSEC	escapedtext.example.com. A RRSIG NSEC
+*.end.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametodname.rpl b/src/test/resources/unbound/val_cnametodname.rpl
new file mode 100644
index 000000000..8f7db4604
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametodname.rpl
@@ -0,0 +1,234 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a cname to a dname
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN DNAME
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN DNAME
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN DNAME
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN DNAME
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN DNAME
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN DNAME
+SECTION ANSWER
+www.example.net. IN	DNAME	blarg.com.
+www.example.net.        3600    IN      RRSIG   DNAME RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. ByevtOI1ChCDb8CD8Qvu2pNcooUWN4LkNXQj0vzSLp62rCltiWWTg8iU6DiojeOx2inVqx+PZXyiX1nX80kCgg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN DNAME
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN DNAME
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+www.example.net. IN	DNAME	blarg.com.
+www.example.net.        3600    IN      RRSIG   DNAME RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. ByevtOI1ChCDb8CD8Qvu2pNcooUWN4LkNXQj0vzSLp62rCltiWWTg8iU6DiojeOx2inVqx+PZXyiX1nX80kCgg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametodnametocnametopos.rpl b/src/test/resources/unbound/val_cnametodnametocnametopos.rpl
new file mode 100644
index 000000000..d0b93022f
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametodnametocnametopos.rpl
@@ -0,0 +1,422 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	trust-anchor: "example.org.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname, dname, cname, positive answer
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.org. IN A
+SECTION AUTHORITY
+org.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+org. IN NS
+SECTION ANSWER
+org.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.org. IN A
+SECTION AUTHORITY
+example.org.	IN NS	ns.example.org.
+SECTION ADDITIONAL
+ns.example.org.		IN 	A	1.2.3.7
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.sub.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFEv1gOb7KEskzkJNtFKKVBxY+Hb2AhUAqKJDIZJvNl+AdzqAt+JgdvnYAF0= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.net. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.net. IN	NSEC	www.example.net. DNAME RRSIG NSEC
+sub.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. PsKlcOSNElUi3u7Cn6c5+Sv8CRLTqmooMbvloTwUCkM53SuAirXcCA+9Pz5y0unO9+5IxwdkwssnoCOX5FqnCQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.net. IN A
+SECTION ANSWER
+sub.example.net. IN	DNAME	sub.example.com.
+sub.example.net.        3600    IN      RRSIG   DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. G/UmcL1VmCF2mjB1O9IeNM2DnvayxEy6vOrvA+Ic/Gqcsgnq/f4VTCV9soQQIAWEir2v5Vt8hqPDP8rCRbMnyA== ;{id = 30899}
+www.sub.example.net. IN	CNAME	www.sub.example.com.
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN	CNAME	www.example.org.
+www.sub.example.com.    3600    IN      RRSIG   CNAME 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. ZE6A4pkyeUpNCscu2oeBv/3JbbirdwUaAMgmQ/ighzacUJCC6Lh8vAL5aYDEyTk7oktb8uS7gmYan171aM9/tg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.org.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.org. IN NS
+SECTION ANSWER
+example.org.	IN NS	ns.example.org.
+example.org.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.org. MCwCFAE1sQemdwqUPt4Qo+mr59a66DlFAhRV1mftIFs2YnkmIWsGtikIOJvh5A== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.org.		IN 	A	1.2.3.7
+ns.example.org. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFQC0yXaA8ywsZF+7dHukVIBFD820wQIUONbyI+UX9SDSDFmFnr+ApuTEooY= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.org. IN DNSKEY
+SECTION ANSWER
+example.org.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.org.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.org. MC0CFBCSESiUl5XEht/LRecGFuX2Xad7AhUAoURP4DsIEbwMjlB955vziIB798E= ;{id = 2854}
+SECTION AUTHORITY
+example.org.	IN NS	ns.example.org.
+example.org.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.org. MCwCFAE1sQemdwqUPt4Qo+mr59a66DlFAhRV1mftIFs2YnkmIWsGtikIOJvh5A== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.org.		IN 	A	1.2.3.7
+ns.example.org. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFQC0yXaA8ywsZF+7dHukVIBFD820wQIUONbyI+UX9SDSDFmFnr+ApuTEooY= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.org. IN A
+SECTION ANSWER
+www.example.org. IN	A	11.11.11.11
+www.example.org.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFB/erEAxSMqW0I51r6VQMq861B+yAhUAqJ7DPU7xHFpWJGILOQ0WW3aDGi0= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 	3600 	IN	CNAME	www.sub.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFEv1gOb7KEskzkJNtFKKVBxY+Hb2AhUAqKJDIZJvNl+AdzqAt+JgdvnYAF0= ;{id = 2854}
+sub.example.net. 	3600 	IN	DNAME	sub.example.com.
+sub.example.net.        3600    IN      RRSIG   DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. G/UmcL1VmCF2mjB1O9IeNM2DnvayxEy6vOrvA+Ic/Gqcsgnq/f4VTCV9soQQIAWEir2v5Vt8hqPDP8rCRbMnyA== ;{id = 30899}
+www.sub.example.net. 	0	IN	CNAME	www.sub.example.com.
+www.sub.example.com. 	3600	IN	CNAME	www.example.org.
+www.sub.example.com.    3600    IN      RRSIG   CNAME 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. ZE6A4pkyeUpNCscu2oeBv/3JbbirdwUaAMgmQ/ighzacUJCC6Lh8vAL5aYDEyTk7oktb8uS7gmYan171aM9/tg== ;{id = 30899}
+www.example.org. 	3600	IN	A	11.11.11.11
+www.example.org.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFB/erEAxSMqW0I51r6VQMq861B+yAhUAqJ7DPU7xHFpWJGILOQ0WW3aDGi0= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametoinsecure.rpl b/src/test/resources/unbound/val_cnametoinsecure.rpl
new file mode 100644
index 000000000..78d04de97
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametoinsecure.rpl
@@ -0,0 +1,139 @@
+; config options
+server:
+	trust-anchor: "example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	trust-anchor: "example.org.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20091011000000"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+forward-zone:
+	name: "."
+	forward-addr: 192.0.2.1
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to insecure NSEC or NSEC3.
+
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.     3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20091012000000 20091010000000 30899 example.com. BeCk6+D0ysmO1+X0CjvXH55AO78C7Vxrq58C3YgO0wt2eTG/deZCiWI3bz+3OC64cICbJr5fvCfqUuJDABU/fw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com.	3600	IN	CNAME	unsafe.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 5 3 3600 20091012000000 20091010000000 30899 example.com. FJN0bZitZfxNQNTD1V2vcDBQ9cb4y4YGa35Ilr+VnrBiisAB9ZyrO8umvdtwzV1VPIlfFDQTJrKh5aZparLHPw== ;{id = 30899}
+SECTION AUTHORITY
+; really an insecure delegation, but co-hosted on the server.
+unsafe.example.com.	3600	IN	NSEC	v.example.com. NS RRSIG NSEC 
+unsafe.example.com.	3600	IN	RRSIG	NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+unsafe.example.com. IN AAAA
+SECTION ANSWER
+; empty response
+ENTRY_END
+
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.org. IN DNSKEY
+SECTION ANSWER
+example.org.     3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.org.	3600	IN	RRSIG	DNSKEY 5 2 3600 20091012000000 20091010000000 30899 example.org. rd9aoXbeaE0zyT96Z0sjN3Mz5Nz/wuRsIH1lwcjwUFmAAT7F+SjwVWeo8nGaTBd8JDSUdiL+VwotEE0I22RrnA== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.org. IN AAAA
+SECTION ANSWER
+www.example.org.	3600	IN	CNAME	unsafe.example.org.
+www.example.org.	3600	IN	RRSIG	CNAME 5 3 3600 20091012000000 20091010000000 30899 example.org. ZgRbMnunAqa1K46GINIihekkI73/1PkGFSAJRn7bSTxBpLM+qiHJDU1+QgS2SjaSKHqNqbXy/eeG3qX9r9y87g== ;{id = 30899}
+SECTION AUTHORITY
+; really an insecure delegation, but co-hosted on the server.
+; h(unsafe.example.org.) = ltchu0548v0cof8f25u2pj4mjf4shcms.
+ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. IN NSEC3 1 0 1 - ltchu0548v0cof8f25u2pj4mjf4shcmt NS
+ltchu0548v0cof8f25u2pj4mjf4shcms.example.org.	3600	IN	RRSIG	NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+unsafe.example.org. IN AAAA
+SECTION ANSWER
+; empty response
+ENTRY_END
+
+RANGE_END
+
+; NSEC
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN AAAA
+ENTRY_END
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com.        3600    IN      CNAME   unsafe.example.com.
+www.example.com.        3600    IN      RRSIG   CNAME 5 3 3600 20091012000000 20091010000000 30899 example.com. FJN0bZitZfxNQNTD1V2vcDBQ9cb4y4YGa35Ilr+VnrBiisAB9ZyrO8umvdtwzV1VPIlfFDQTJrKh5aZparLHPw== ;{id = 30899}
+SECTION AUTHORITY
+unsafe.example.com.     3600    IN      NSEC    v.example.com. NS RRSIG NSEC 
+unsafe.example.com.     3600    IN      RRSIG   NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899}
+ENTRY_END
+
+; NSEC3
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.org. IN AAAA
+ENTRY_END
+; recursion happens here.
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.org. IN AAAA
+SECTION ANSWER
+www.example.org.        3600    IN      CNAME   unsafe.example.org.
+www.example.org.        3600    IN      RRSIG   CNAME 5 3 3600 20091012000000 20091010000000 30899 example.org. ZgRbMnunAqa1K46GINIihekkI73/1PkGFSAJRn7bSTxBpLM+qiHJDU1+QgS2SjaSKHqNqbXy/eeG3qX9r9y87g== ;{id = 30899}
+SECTION AUTHORITY
+ltchu0548v0cof8f25u2pj4mjf4shcms.example.org.   3600    IN      NSEC3   1 0 1 -  ltchu0548v0cof8f25u2pj4mjf4shcmt NS 
+ltchu0548v0cof8f25u2pj4mjf4shcms.example.org.   3600    IN      RRSIG   NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametonodata.rpl b/src/test/resources/unbound/val_cnametonodata.rpl
new file mode 100644
index 000000000..4f9e8a945
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametonodata.rpl
@@ -0,0 +1,234 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname to nodata
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametonodata_nonsec.rpl b/src/test/resources/unbound/val_cnametonodata_nonsec.rpl
new file mode 100644
index 000000000..c1346ceb4
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametonodata_nonsec.rpl
@@ -0,0 +1,265 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname to nodata
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+; NSEC here ...
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+; NSEC here
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+;www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+;www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametonsec.rpl b/src/test/resources/unbound/val_cnametonsec.rpl
new file mode 100644
index 000000000..27a562f3a
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametonsec.rpl
@@ -0,0 +1,191 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to insecure NSEC delegation
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+; no NSECs to prove this, not needed in test, but could be there
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
+SECTION AUTHORITY
+sub.example.com. IN NSEC zzz.example.com. NS
+sub.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134802 20070829134802 2854 example.com. AJPvjSrqGbe3ZBOxV9J3XyFeOqrcPfIYPIWnlmj6G+PebJdAkvwIu9o= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; this server also serves the zone sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN SOA a. b. 1 2 3 4 5
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
+SECTION AUTHORITY
+sub.example.com. IN NSEC zzz.example.com. NS
+sub.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134802 20070829134802 2854 example.com. AJPvjSrqGbe3ZBOxV9J3XyFeOqrcPfIYPIWnlmj6G+PebJdAkvwIu9o= ;{id = 2854}
+sub.example.com. IN SOA a. b. 1 2 3 4 5
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametonx.rpl b/src/test/resources/unbound/val_cnametonx.rpl
new file mode 100644
index 000000000..fae397fe9
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametonx.rpl
@@ -0,0 +1,238 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname to nxdomain
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametooptin.rpl b/src/test/resources/unbound/val_cnametooptin.rpl
new file mode 100644
index 000000000..77a3c06bd
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametooptin.rpl
@@ -0,0 +1,195 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to insecure optin NSEC3
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
+SECTION AUTHORITY
+; NSEC3PARAM 1 0 1 -
+; example.com. -> 9vq38lj9qs6s1aruer131mbtsfnvek2p.
+; sub.example.com. -> 7t1ect6t5vp0s7se8si9d07roqupr3gc.
+; www.example.com. -> 0lverorlcjoa2lji5rik0otij3lgoj3l.
+7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. IN NSEC3 1 0 1 - 7t1ect6t5vp0s7se8si9d07roqupr3gd NS
+7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134802 20070829134802 2854 example.com. AIiTSxI4hTDiDzo+bMaOKSvjIyoChgjY19y2NQG/Mtt80sNbDBY126I= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; this server also serves the zone sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN SOA a. b. 1 2 3 4 5
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
+SECTION AUTHORITY
+7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. IN NSEC3 1 0 1 - 7t1ect6t5vp0s7se8si9d07roqupr3gd NS
+7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134802 20070829134802 2854 example.com. AIiTSxI4hTDiDzo+bMaOKSvjIyoChgjY19y2NQG/Mtt80sNbDBY126I= ;{id = 2854}
+sub.example.com. IN SOA a. b. 1 2 3 4 5
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametooptout.rpl b/src/test/resources/unbound/val_cnametooptout.rpl
new file mode 100644
index 000000000..c9e982253
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametooptout.rpl
@@ -0,0 +1,112 @@
+; config options
+server:
+	trust-anchor: "GOV. DS 26079 7 2 4ED5FFBC8A40262B56E1232135B929192804ACC006930D087AAB38A611C89041"
+	val-override-date: "20091113091234"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+forward-zone:
+	name: "."
+	forward-addr: 192.0.2.1
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to optout NSEC3 span NODATA
+
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.hud.gov. IN AAAA
+SECTION ANSWER
+www.hud.gov.    86400   IN      CNAME   www.content.hud.gov.
+www.hud.gov.    86400   IN      RRSIG   CNAME 7 3 86400 20091204150200 20091104150200 64775 hud.gov. taZtumaTp8eSlcj0vEGnY0Up05RtlC2NhHrtHDUdq1TskAPQH8Eu9AoVe6gKrFEyCC1ixprOhT8Ni661d/ZykdzgceZ8KgFIlSQ84Whm59yB2gcbXLen9rApF0+NuyRgdAph6yjMYMtfoRQWAASG7SqS/v52dkHNf/a9PXaDvHBvjoiTK+dXPKFulkmEl0KyhXBdsikl6/Xd68FF41FdDNzWS8ZzYCdd4CWaXXkwTtPSFsKyXGZeXOTxqGQJnD+hNBkn2sAca1oLiAsfaiCHec66I+rHGXT+mPB7HXez32jbbeInkgB7M2TUoRXehifuloR8sur8Xck9FPRv24Si8A== ;{id = 64775}
+SECTION AUTHORITY
+content.hud.gov.        86400   IN      NS      drfswitch.hud.gov.
+content.hud.gov.        86400   IN      NS      lanswitch.hud.gov.
+3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov.       86400   IN      NSEC3   1 1 5 abcd  42bsks495i3mb2s3f6nhusc6rfm54g4g A NS SOA MX RRSIG DNSKEY NSEC3PARAM  ; flags: optout
+3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov.       86400   IN      RRSIG   NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. APf75Nx4eY9eHov3T9hduDLuG4TJfVfEUEhSgm7HIZRvSPFgajHz2q+Wy6888G3C0T1Zft1qL2PdHMonK6H1OEE+NiOxroDsZaH+aWZjAsbIO86qQ2xcC+/Z9DsddQtONk0zAqpuYxHSn879rAk/BIKeDukNoBChHCSTy8olUFiYt7XEmjz5AOoc8R5VQhMQi/vmbmC0BoFOemDxxowG2MX27Hj2MbVBEJiT8xioFEk41jsdDI0WQtpnory2NT/UM4kWZdmDdxbpwu2F8oixe3oi4AOI9j3EukoOZT9f0Sx+tCg/I9zLNZJi+VuI5oUlpZkSH5EoUyRgK33eO+KJhQ== ;{id = 64775}
+GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov.       86400   IN      NSEC3   1 1 5 abcd  gvfjd9enpjtet8a14uhb8hlrfeon2b72 A RRSIG  ; flags: optout
+GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov.       86400   IN      RRSIG   NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. eQFg/RvJ640k+Fa5yIUZwkx8FvsYSivykYFjc6dOiGt7r3VprfxwGWeYpyjYr/+mzu0ugE5ePDjZWtr5naK3dvqmt7qKk4/nEvVDoUmrg7joIUmeTzami9RB9lzCq2O/ddempQ6jpwfjiIDuEKUxHMpBFpw8QQZnZSZHKKQCDB4pOj8U8J/wNJXCS+SP7plU1hEVroC+QXCOYS8NHY2wFyeuW7A+xvg9tyYp9PH6c5MoNMkRQt36Kdvfk1nk3osktwalJNLmMhDr/vtErFieGGD6E9Ud9Pg70bPF2G5nqwwLDRevy7hIFjaMDHfYrcWc4B5hrUSpGtLJkYog9vsd2w== ;{id = 64775}
+SECTION ADDITIONAL
+drfswitch.hud.gov.      86400   IN      A       170.97.167.1
+lanswitch.hud.gov.      86400   IN      A       170.97.67.78
+drfswitch.hud.gov.      86400   IN      RRSIG   A 7 3 86400 20091204150200 20091104150200 64775 hud.gov. ub6Anb7XgDMRsTYxqKDRUOYnntLetcJMXM9SVbG7Cb2n+ccp4OO38u6KnGO1i8U5rhTQ6WPlG6iKA+8U0mQuWp3fkzBaE+a5R3eEfzLlRE/MbjUqHjTb0MVYQnMWaA7YXmj/1BNFjBuAam+J3QnU4JR3RqN9WDmHXYx8IUEY9BYSWvTMhOnzebRu6z9MUBQWFfm69pFxf0Z1SkpInznU/mxGdGlslzxL8ScKAUMSBiQG1tyL90OEXW3Yp7kbOtpTxGrXucpMiMB9lXI/z9UiRJenZrJ7swyyyJ5Do0TjCiS3oS8RBhX8ou09sNftUmF9crKz/BdNq90wVYoHXYz9vg== ;{id = 64775}
+lanswitch.hud.gov.      86400   IN      RRSIG   A 7 3 86400 20091204150200 20091104150200 64775 hud.gov. QO+quzaZXrIBZy0JXhx85/8auhBj8dCqeidaUCs6rzCd/lgUDt7B/mH8IanU33o+PyKsBN+B5r9bavFFCNc4sPDUVwNcnZfKCyFQvvUnI3rztCJb/ESYnJ/xu/5g966cRLOajzAvvLAWZ6vT4p3b9+CpaONOJ19D08RpwsWnTkqiEP/UiXaWBpVwyt4JHN0oiNmMGshk5zjbHir1gUInd7QbJk3SpyiIgHT5Z4nhTUGkd1sIve++aIxjsQ8MVrE+INw4v56dJaoYD6bqQewmg2yAr9nYemYUHYi8+USy7/anEaUsOvk9zZfncevTfY/sOORFWoD15bHF2BWUo2YwaQ== ;{id = 64775}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.content.hud.gov. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+GOV. IN DNSKEY
+SECTION ANSWER
+GOV.    86400   IN      DNSKEY  256 3 7 AwEAAaQ6vDoHd2QDRBLwB+n63RxnmJExvIcOz7uv9gM+l8QSMAJTTCDpqJ8R+8UfYs97cn6LM3cT3kcl9V0GnjljNzNMk39W11Ej7htNcbf4u1n5z2e4WsnpjQJJmKoWv2FORIfJmLKbxzGILSK13mrDUETj9onhdtOsjkhcK/7S+h1d ;{id = 51998 (zsk), size = 1024b}
+GOV.    86400   IN      DNSKEY  257 3 7 AwEAAZ1OCt7zZxeaROvzXNCNlqQWIi++p5ABXSoxqJ65WQko6xrI9RImK7IBT5roFhXjBDGJ8ld9CYIEN94kK83K/QwUGCJ+v3vIQFi09IqsPeRdHTQyghWWbhzAZpnlZ16imXB4yFZjdbV2iM66KcgsESQMPEcIayDQJh6JEi1wmslrYvRRJ6YPOWrlLD0RmdtCaRuzlUE0RiWSem/i8vDFdmsSwChRMcORklKqjqt1+RBIiEFJGKIz7lGc9DXRwkBfb+halii+jrELiZAPzfO7rf08l3QlgHEuxclTTdEaxctPd2O2U/Hl9tRgkxRL/Zv1i0sEx2mOJGcUCeVm4Hf2aM8= ;{id = 26079 (ksk), size = 2048b}
+GOV.    86400   IN      RRSIG   DNSKEY 7 1 86400 20091117211705 20091112211705 26079 gov. OR2ltuGs0IxWqikvqWIoXLy7gPpWafolM+fyQ9uyuzPdxILo8QboVzfRr3Q8X/hOa6MRwR0KHGci2NH/29p9cekafdMbOer0kvh0hndnf+yGLuDcd9HLj5hpoZ5uecZ2r02OWtRHCKetAPF95SYrIQBzoqUNOswdDlSTW1R8v/BQ6UpztuUQcciZJxARbXlovzSkMbnoyjtehgKjXPP/Zy79vSwhjpTJ4XAsc2E3Tw1qAE7ZZUzYpN8uGmAQYVtZraQIjazE/A+xVo+XB0dZdhlM00xUs6GNuZytckUOqecBKZ2IKlxBe+kBEkj2nz1PBRAzmZUoS3ZZPkKaA6ygTA== ;{id = 26079}
+GOV.    86400   IN      RRSIG   DNSKEY 7 1 86400 20091117211705 20091112211705 51998 gov. VDizeuAywZB0tQm4kmbOSGhrK1eJYC9VSSND/wG7oTj/oWDAKMEke1XrQXGEoIFyBKZk5dHpUB6tmEA9RPLMwI51ue66pM9RRT1aNLba08r6TDzr6ZxKjtqBDj4Xy16h6PWZ2jC9JASGeNGINg6zCeVmU75yqXh6+X+KeypO64E= ;{id = 51998}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+hud.gov. IN DS
+SECTION ANSWER
+hud.gov.        86399   IN      DS      52146 7 2 54af554fc3ffc532bb898b9ab39f1276fd17b59d3e44772c3142ea62680d71c7 ; xihap-zehog-zybyz-zecaf-dyvym-nydun-pusan-zagil-kezyc-lutyn-tazog-gyted-sosig-depyk-dypeb-tasas-lexix
+hud.gov.        86399   IN      RRSIG   DS 7 2 86400 20091117211705 20091112211705 51998 gov. FHDstL7xVBBedCaG83M884pnxCV8PY9GjUulwH7BSTVIaFBJe/kxlKGTsD0j5x4QfezjBWKenjpvw5SiMGeQOnIJeA/z6Ze9QBCGVrbx0ZgoKEoSRyfD0vIjvM7J4T2PLgslI8fsMpWFs4KzmujKJNRVq4aFzFk9k8bFCJnEPJk= ;{id = 51998}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+hud.gov. IN DNSKEY
+SECTION ANSWER
+hud.gov.        86400   IN      DNSKEY  256 3 7 AwEAAcAOoW+zclZqs8kCGmm290DImA1DDfKqbifB1oGNjOcmz6xz6PigLa8ORaAG0zpabZwLMXyhMaKbseR+beGnOf2wh5N0oxN8grCNTJm+YAMeyvCn2dz3J8YEoclyST4bhU38MGFsEVVZukXsIniFfvnKfpVxArpO7ocbDXI+EN3RA8EHFTIHOCfEbCS7zyO0mtrdM88Y/tIX9fjsYUig6lfVUNISJUL4TyUMpmi8/hu2dLdTuXXIAEMx/vyQHVFq2ZZM0nnDJ9vJCZEgwFAjUE5/BjlrDgofonxdY8SLDbQvn11z/SPugKiA16bdO6i/ND4FjEhG2HUJHeeQCrZ61rE= ;{id = 64775 (zsk), size = 2048b}
+hud.gov.        86400   IN      DNSKEY  256 3 7 AwEAAfFubFVJ6m7jO8HvInmFEXivfnqZZpS7SnsucTlfGg5yhIayzS3tC0UMAt1QU+pEIyVH+qa2fG2+/45gAp+iG3zwyepyZuup8eo/SlXefWXZ9CIjBNaaptd2sSDsuF8mPtdQmtm3AbPqGEe7p7edIHHJBxPy90AzJQeKppyRcRcrGO3QNC9Glso177NbHZVZuY46V63RdaY3Qf5t7/03xy/Z68KWFEJKUCBxkHjAVIH0KaT9M37dPzs9L7F/+NyOLfMUzk87ctv4ivW9dcJRf79aulzoIV4LlGu0ZsrvxRZ5t+ind+GDeTvaKseH0NWF5Am2dG/QrHtewQL9qGztjN8= ;{id = 41402 (zsk), size = 2048b}
+hud.gov.        86400   IN      DNSKEY  257 3 7 AwEAAZ50d20TkOzWzJD+anUMSIMfGaI8m4If6DMax4NQnZ34yta6UOb907SRqBs2vJ+MpcJkyRuLx/Z9vGlfZQ7V9eBgI62EZwmfiitanwSFPZgCzM8nVswpDS+/CmaHhXUoLdgNgUYh4WSl/7fXroluC/18xyMl3ZGQRRjJftpQSMXubP/n9nCHZXE5YiDw1cRklqA4lLyNeXBgadWa8klekr89WNij454KApevbg0GSudEJw7IWzbOb09npvQ1hnLz8pmDsaahfIsGBvcHSUEJrjSkk3J1oHDj0B7Gxm+tZH4Er21RTucEWeroyIJSQmsYN+Cm0FyfgJ75bNEsRe5M4Vc= ;{id = 52146 (ksk), size = 2048b}
+hud.gov.        86400   IN      RRSIG   DNSKEY 7 2 86400 20091204150200 20091104150200 52146 hud.gov. KWIA6wH6BqwuF7d6dyTbfqbcLgbUG2ZKJA4vVfhWqOC76Xnt7gXPLeB2GQwwyhSR0s3IHIzAB0Uj+RAGGcz2NH5JanfxNC9rAvubYESXSlLr/FC33exLeOxGisJZzRnPpk5NynXwyT8TXul1ew48/Mpyi7j6+tlqakqHw2HlId7oblxO2cjN6JV0JLZ44l7tCw6ALYhamA48PQ1WeJbGcfH7buCEG7S1ceZSZlG6kml+u7pb65QL9AZjCnDIecXk7B3HMCdIT8zyrO8QK0GiLMMak9RogF/5gBiH/WDCq7146vcVneW/Hn/+hLnY104iOKuadJcbmStlMF5k0iBzng== ;{id = 52146}
+hud.gov.        86400   IN      RRSIG   DNSKEY 7 2 86400 20091204150200 20091104150200 64775 hud.gov. V0JSAtTmQn76T408nyntg1ydX5sVvq8RSCN/Bf+cqTPXMFlPpmOs4VQv791bY85n28qOehV7Ws2CrhfxbyFbyYRXPBtWkg6jH3JXicYPn7Abm7E5N2Y6Mkm1Z9xt/APCw+aSkt0swMJzYBO5P5aeDesIB+Pz5I+SLuOPin3GFjGYL+YB5j5rTY/Nqnp2eQytF0SoFdqCIPCP7l9ZtYdaxBDQNX3Hklm4dRYP5U9wL8sqaeUwgKjJTGcbXiXdPXF9+3AojshKMpk14lcplHcy+cQ4p5ehSngtDwdWtG8gcWKCg829I/1iOFcnPgJ1YK1DdPVEGTgUFgGGwTx+HYMsPA== ;{id = 64775}
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.hud.gov. IN AAAA
+ENTRY_END
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.hud.gov. IN AAAA
+SECTION ANSWER
+www.hud.gov.    86400   IN      CNAME   www.content.hud.gov.
+www.hud.gov.    86400   IN      RRSIG   CNAME 7 3 86400 20091204150200 20091104150200 64775 hud.gov. taZtumaTp8eSlcj0vEGnY0Up05RtlC2NhHrtHDUdq1TskAPQH8Eu9AoVe6gKrFEyCC1ixprOhT8Ni661d/ZykdzgceZ8KgFIlSQ84Whm59yB2gcbXLen9rApF0+NuyRgdAph6yjMYMtfoRQWAASG7SqS/v52dkHNf/a9PXaDvHBvjoiTK+dXPKFulkmEl0KyhXBdsikl6/Xd68FF41FdDNzWS8ZzYCdd4CWaXXkwTtPSFsKyXGZeXOTxqGQJnD+hNBkn2sAca1oLiAsfaiCHec66I+rHGXT+mPB7HXez32jbbeInkgB7M2TUoRXehifuloR8sur8Xck9FPRv24Si8A== ;{id = 64775}
+SECTION AUTHORITY
+3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov.       86400   IN      NSEC3   1 1 5 abcd  42bsks495i3mb2s3f6nhusc6rfm54g4g A NS SOA MX RRSIG DNSKEY NSEC3PARAM  ; flags: optout
+3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov.       86400   IN      RRSIG   NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. APf75Nx4eY9eHov3T9hduDLuG4TJfVfEUEhSgm7HIZRvSPFgajHz2q+Wy6888G3C0T1Zft1qL2PdHMonK6H1OEE+NiOxroDsZaH+aWZjAsbIO86qQ2xcC+/Z9DsddQtONk0zAqpuYxHSn879rAk/BIKeDukNoBChHCSTy8olUFiYt7XEmjz5AOoc8R5VQhMQi/vmbmC0BoFOemDxxowG2MX27Hj2MbVBEJiT8xioFEk41jsdDI0WQtpnory2NT/UM4kWZdmDdxbpwu2F8oixe3oi4AOI9j3EukoOZT9f0Sx+tCg/I9zLNZJi+VuI5oUlpZkSH5EoUyRgK33eO+KJhQ== ;{id = 64775}
+GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov.       86400   IN      NSEC3   1 1 5 abcd  gvfjd9enpjtet8a14uhb8hlrfeon2b72 A RRSIG  ; flags: optout
+GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov.       86400   IN      RRSIG   NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. eQFg/RvJ640k+Fa5yIUZwkx8FvsYSivykYFjc6dOiGt7r3VprfxwGWeYpyjYr/+mzu0ugE5ePDjZWtr5naK3dvqmt7qKk4/nEvVDoUmrg7joIUmeTzami9RB9lzCq2O/ddempQ6jpwfjiIDuEKUxHMpBFpw8QQZnZSZHKKQCDB4pOj8U8J/wNJXCS+SP7plU1hEVroC+QXCOYS8NHY2wFyeuW7A+xvg9tyYp9PH6c5MoNMkRQt36Kdvfk1nk3osktwalJNLmMhDr/vtErFieGGD6E9Ud9Pg70bPF2G5nqwwLDRevy7hIFjaMDHfYrcWc4B5hrUSpGtLJkYog9vsd2w== ;{id = 64775}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametopos.rpl b/src/test/resources/unbound/val_cnametopos.rpl
new file mode 100644
index 000000000..2f3c17347
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametopos.rpl
@@ -0,0 +1,234 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a cname to positive
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametoposnowc.rpl b/src/test/resources/unbound/val_cnametoposnowc.rpl
new file mode 100644
index 000000000..e036ba079
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametoposnowc.rpl
@@ -0,0 +1,266 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a cname to positive wildcard without proof
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+; missing proof
+;wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+;wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.net. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.net. IN AAAA
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametoposwc.rpl b/src/test/resources/unbound/val_cnametoposwc.rpl
new file mode 100644
index 000000000..b781fdcea
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametoposwc.rpl
@@ -0,0 +1,240 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a cname to positive wildcard
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnamewctonodata.rpl b/src/test/resources/unbound/val_cnamewctonodata.rpl
new file mode 100644
index 000000000..bd9b74a4b
--- /dev/null
+++ b/src/test/resources/unbound/val_cnamewctonodata.rpl
@@ -0,0 +1,238 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard cname to nodata
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854}
+SECTION AUTHORITY
+u.example.com. IN NSEC z.example.com. NSEC RRSIG
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854}
+SECTION AUTHORITY
+u.example.com. IN NSEC z.example.com. NSEC RRSIG
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854}
+www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnamewctonx.rpl b/src/test/resources/unbound/val_cnamewctonx.rpl
new file mode 100644
index 000000000..33c783d06
--- /dev/null
+++ b/src/test/resources/unbound/val_cnamewctonx.rpl
@@ -0,0 +1,242 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard cname to nxdomain
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854}
+SECTION AUTHORITY
+u.example.com. IN NSEC z.example.com. NSEC RRSIG
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854}
+SECTION AUTHORITY
+u.example.com. IN NSEC z.example.com. NSEC RRSIG
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854}
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnamewctoposwc.rpl b/src/test/resources/unbound/val_cnamewctoposwc.rpl
new file mode 100644
index 000000000..d02c77df2
--- /dev/null
+++ b/src/test/resources/unbound/val_cnamewctoposwc.rpl
@@ -0,0 +1,246 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard cname to positive wildcard
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+; *.example.com. IN	CNAME	www.example.net.
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFCA2HhM4cInPoUZ58o6t9CVlqv+kAhRjxWXvnFecgDxnDphpEVEoc0Ps6Q== ;{id = 2854}
+SECTION AUTHORITY
+; weird NSEC that denies everything. But validly signed, so valid.
+; extreme version of 'white lies' :-)
+example.com. 	IN	NSEC	example.com. SOA NS A NSEC RRSIG DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCSPaRH721mYjuTGb6fZ+nR3pnVxAIUAxEctE1hzMQSw0CWJSMLHS/A+Xk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFCA2HhM4cInPoUZ58o6t9CVlqv+kAhRjxWXvnFecgDxnDphpEVEoc0Ps6Q== ;{id = 2854}
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+example.com. 	IN	NSEC	example.com. SOA NS A NSEC RRSIG DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCSPaRH721mYjuTGb6fZ+nR3pnVxAIUAxEctE1hzMQSw0CWJSMLHS/A+Xk= ;{id = 2854}
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_deleg_nons.rpl b/src/test/resources/unbound/val_deleg_nons.rpl
new file mode 100644
index 000000000..6e8f1bd83
--- /dev/null
+++ b/src/test/resources/unbound/val_deleg_nons.rpl
@@ -0,0 +1,271 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unsigned delegation with no NS bit in NSEC
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns3.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+foo.www.example.com. IN A
+SECTION ANSWER
+foo.www.example.com. IN A 1.2.3.4
+; unsigned, no delegation.
+ENTRY_END
+
+; DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+; NSEC3 here: 1 0 1 1234
+; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b.
+h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT
+h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE=
+
+;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC
+;www.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI=
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; DS query for foo.www.example.com returns the referral without record.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+foo.www.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+mipf0g23547qunto04vboegh9vadsrpo.example.com. IN NSEC3 1 0 1 1234  mipf0g23547qunto04vboegh9vadsrpq TXT
+mipf0g23547qunto04vboegh9vadsrpo.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ADc6JrdKuTmIJe4sAjpKZSUZKdHdfhmREk2F5A5cftU9053b0/3ILQM=
+
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+
+
+;www.example.com. IN NS ns3.example.com.
+;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT
+;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE=
+;SECTION ADDITIONAL
+;ns3.example.com. IN A 1.2.3.5
+
+
+; NSEC3 here: 1 0 1 1234
+; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b.
+; *.www.example.com. -> cg2lpgpr8k7ck69h7bqu3od9pkht2o79.
+; foo.www.example.com. -> mipf0g23547qunto04vboegh9vadsrpo.
+
+;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT
+;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE=
+;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com. IN NSEC3 1 0 1 1234 cg2lpgpr8k7ck69h7bqu3od9pkht2o89 TXT
+;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ACzxBHMyDB5tTrXijboPSsB0ws1lJe3/B62QNAMcZv7l9DYNDEDKsXY=
+;mipf0g23547qunto04vboegh9vadsrph.example.com. IN NSEC3 1 0 1 1234 mipf0g23547qunto04vboegh9vadsrpp TXT
+;mipf0g23547qunto04vboegh9vadsrph.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AG2B7lrIVtBgg+WIt0yNYekGDBKkY7xkKfI0GLQ8q3brGy/+jubxba0=
+
+;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC
+;www.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI=
+
+;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+;example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+; ns3.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+foo.www.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+foo.www.example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+foo.www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+foo.www.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_dnametoolong.rpl b/src/test/resources/unbound/val_dnametoolong.rpl
new file mode 100644
index 000000000..6cd202ebb
--- /dev/null
+++ b/src/test/resources/unbound/val_dnametoolong.rpl
@@ -0,0 +1,258 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a dname too long response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR YXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+; length
+; www. = 4
+; long1234567890abcdef. = 21
+; long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.  = 12 * 21 = 252
+example.com. IN	DNAME	long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFBdWQE6lzktCN4vdAx9HY1zZe6dYAhUAghsHM4lSJAykdvp5p0wppml03K0= ;{id = 2854}
+; unsigned CNAME synthesis is too long
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO YXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com. IN	DNAME	long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFBdWQE6lzktCN4vdAx9HY1zZe6dYAhUAghsHM4lSJAykdvp5p0wppml03K0= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_dnametopos.rpl b/src/test/resources/unbound/val_dnametopos.rpl
new file mode 100644
index 000000000..6142c7728
--- /dev/null
+++ b/src/test/resources/unbound/val_dnametopos.rpl
@@ -0,0 +1,265 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a dname to positive
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com. IN	DNAME	example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
+; unsigned CNAME
+www.example.com. IN	CNAME	www.example.net.
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com.    3600    IN      DNAME   example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
+www.example.com.        0       IN      CNAME   www.example.net.
+www.example.net.        3600    IN      A       11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; Check cache response for DNAME
+; so 100+ the authority will not respond any more : must be from cache.
+STEP 110 TIME_PASSES ELAPSE 10
+
+STEP 120 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 130 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ttl
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com.    3590    IN      DNAME   example.net.
+example.com.    3590    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
+www.example.com.        3590    IN      CNAME   www.example.net.
+www.example.net.        3590    IN      A       11.12.13.14
+www.example.net.        3590    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_dnametoposwc.rpl b/src/test/resources/unbound/val_dnametoposwc.rpl
new file mode 100644
index 000000000..33895855a
--- /dev/null
+++ b/src/test/resources/unbound/val_dnametoposwc.rpl
@@ -0,0 +1,242 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a dname to positive wildcard
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com. IN	DNAME	example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
+; unsigned CNAME
+www.example.com. IN	CNAME	www.example.net.
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com. 3600 IN	DNAME	example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
+www.example.com. 0	IN	CNAME	www.example.net.
+www.example.net. 3600 IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_dnamewc.rpl b/src/test/resources/unbound/val_dnamewc.rpl
new file mode 100644
index 000000000..b011af88a
--- /dev/null
+++ b/src/test/resources/unbound/val_dnamewc.rpl
@@ -0,0 +1,268 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a wildcarded dname 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+; *.example.com. IN	DNAME	example.net.
+sub.example.com. IN	DNAME	example.net.
+sub.example.com.  3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFEyO+NY3QgAf/cF0mmZhsj3TqgoGAhRqJhHoCd+aA1FbBp16WGfk1HmeIg== ;{id = 2854}
+; unsigned CNAME; one interpretation of the wildcarded DNAME expansion
+www.sub.example.com. IN	CNAME	www.example.net.
+SECTION AUTHORITY
+; prove original does not exist
+ns.example.com.	IN	NSEC	www.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCCqvDUT+jMCvfm7OHL2IDY75JDmQIUfOtDiiyeSiwjuq3i3OuLnVRyoJ8= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.net. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.net. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_afterprime.rpl b/src/test/resources/unbound/val_ds_afterprime.rpl
new file mode 100644
index 000000000..733177da6
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_afterprime.rpl
@@ -0,0 +1,181 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test DS lookup after key prime is done.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DS
+SECTION AUTHORITY
+com.			900	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+example.com. IN DS
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+example.com. IN DS
+SECTION AUTHORITY
+com.			900	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_cname.rpl b/src/test/resources/unbound/val_ds_cname.rpl
new file mode 100644
index 000000000..7c3e41be3
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_cname.rpl
@@ -0,0 +1,205 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME response to DS 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+; not legal NOERROR/NODATA response, but leniently accepted (not validated)
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+; nothing here, not even NSECs
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN DS
+SECTION ANSWER
+www.example.com. IN CNAME zzz.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854}
+;*.example.com. IN CNAME zzz.example.com.
+;*.example.com.	3600	IN	RRSIG	CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854}
+
+SECTION AUTHORITY
+*.example.com. IN NSEC zzz.example.com. CNAME RRSIG NSEC
+*.example.com.	3600	IN	RRSIG	NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AJxl2TXciyhbKqSakVNtjlt8Bbkco02zpl5RlY88iqVmSa6ts+/guU4= ;{id = 2854}
+zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC
+zzz.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854}
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+zzz.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC
+zzz.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854}
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_cnamesub.rpl b/src/test/resources/unbound/val_ds_cnamesub.rpl
new file mode 100644
index 000000000..ac89a04e2
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_cnamesub.rpl
@@ -0,0 +1,278 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME response to DS in chain of trust
+; the CNAME is at a nonempty nonterminal name in the parent zone.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net. IN NS ns.example.net.
+SECTION ADDITIONAL
+ns.example.net. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+; not legal NOERROR/NODATA response, but leniently accepted (not validated)
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+;example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DS query for a.example.com, a CNAME
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.example.com. IN DS
+SECTION ANSWER
+a.example.com. IN CNAME zzz.example.net.
+a.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKM6/j6yowuwqbazKzi4fEsavcLwXo3PjglhH9KD68ANZOrdN9y1ZCc=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to DS query for sub.a.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub.a.example.com. IN DS
+SECTION ANSWER
+sub.a.example.com.	3600	IN	DS	57024 7 1 e54100bff773a794854808694c5d217267a53649
+sub.a.example.com.	3600	IN	RRSIG	DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; delegation down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.a.example.com. IN NS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.a.example.com.	3600	IN	DS	57024 7 1 e54100bff773a794854808694c5d217267a53649
+sub.a.example.com.	3600	IN	RRSIG	DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw=
+sub.a.example.com. IN NS ns.sub.a.example.com.
+SECTION ADDITIONAL
+ns.sub.a.example.com. IN A 1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.sub.a.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+
+; DNSKEY query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub.a.example.com. IN DNSKEY
+SECTION ANSWER
+sub.a.example.com.	3600	IN	DNSKEY	257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b}
+sub.a.example.com.	3600	IN	RRSIG	DNSKEY 7 4 3600 20070926134150 20070829134150 57024 sub.a.example.com. TB3rkkPBD/ESQR9WBpfq2aV+2howI+EJq2+om2EI6PiemQOdpN6ovLvKwCILb0LOsTEFfPpAvRCOuDzRC24sJqBgWpZ4xLxMTcQJ8hMvv7rIUfZotDPO2JYNHSRmpeQLuDGA6P+AtJLYIr7yfOltJmJ0aCJxy3Fm9RQxJxHVbEQ=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.sub.a.example.com. IN A
+SECTION ANSWER
+www.sub.a.example.com. IN A 10.20.30.40
+www.sub.a.example.com.	3600	IN	RRSIG	A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+zzz.example.net. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.net. IN SOA root. host. 1 2 3 4 5
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.a.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.a.example.com. IN A
+SECTION ANSWER
+www.sub.a.example.com.  3600    IN      A       10.20.30.40
+www.sub.a.example.com.  3600    IN      RRSIG   A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_cnamesubbogus.rpl b/src/test/resources/unbound/val_ds_cnamesubbogus.rpl
new file mode 100644
index 000000000..3f4234a4e
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_cnamesubbogus.rpl
@@ -0,0 +1,277 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-dsa: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with bogus CNAME response to DS in chain of trust
+; the CNAME is at a nonempty nonterminal name in the parent zone.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net. IN NS ns.example.net.
+SECTION ADDITIONAL
+ns.example.net. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+; not legal NOERROR/NODATA response, but leniently accepted (not validated)
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+;example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DS query for a.example.com, a CNAME
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.example.com. IN DS
+SECTION ANSWER
+;bogus CNAME, must fail validation
+a.example.com. IN CNAME zzzz.example.net.
+a.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKM6/j6yowuwqbazKzi4fEsavcLwXo3PjglhH9KD68ANZOrdN9y1ZCc=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to DS query for sub.a.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub.a.example.com. IN DS
+SECTION ANSWER
+sub.a.example.com.	3600	IN	DS	57024 7 1 e54100bff773a794854808694c5d217267a53649
+sub.a.example.com.	3600	IN	RRSIG	DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; delegation down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.a.example.com. IN NS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.a.example.com.	3600	IN	DS	57024 7 1 e54100bff773a794854808694c5d217267a53649
+sub.a.example.com.	3600	IN	RRSIG	DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw=
+sub.a.example.com. IN NS ns.sub.a.example.com.
+SECTION ADDITIONAL
+ns.sub.a.example.com. IN A 1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.sub.a.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+
+; DNSKEY query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub.a.example.com. IN DNSKEY
+SECTION ANSWER
+sub.a.example.com.	3600	IN	DNSKEY	257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b}
+sub.a.example.com.	3600	IN	RRSIG	DNSKEY 7 4 3600 20070926134150 20070829134150 57024 sub.a.example.com. TB3rkkPBD/ESQR9WBpfq2aV+2howI+EJq2+om2EI6PiemQOdpN6ovLvKwCILb0LOsTEFfPpAvRCOuDzRC24sJqBgWpZ4xLxMTcQJ8hMvv7rIUfZotDPO2JYNHSRmpeQLuDGA6P+AtJLYIr7yfOltJmJ0aCJxy3Fm9RQxJxHVbEQ=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.sub.a.example.com. IN A
+SECTION ANSWER
+www.sub.a.example.com. IN A 10.20.30.40
+www.sub.a.example.com.	3600	IN	RRSIG	A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+zzz.example.net. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.net. IN SOA root. host. 1 2 3 4 5
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.a.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.sub.a.example.com. IN A
+SECTION ANSWER
+;www.sub.a.example.com.  3600    IN      A       10.20.30.40
+;www.sub.a.example.com.  3600    IN      RRSIG   A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_gost.rpl b/src/test/resources/unbound/val_ds_gost.rpl
new file mode 100644
index 000000000..1d61af975
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_gost.rpl
@@ -0,0 +1,208 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-dsa: yes
+	bouncycastle: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with GOST DS digest
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; GOST DS for sub.example.com.
+sub.example.com.	3600	IN	DS	60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx
+
+; SHA DS for sub.example.com.
+;sub.example.com.	3600	IN	DS	60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax
+;sub.example.com.	3600	IN	DS	60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex
+
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADwjiGkzrz8RPRJ6LAB37cNEQxTXSaR6Stu/GwGvcQ7KVGH/Qw76ktI= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.	3600	IN	RRSIG	NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. LAgerMKnwGgapo7tDs2jV8kjA+RminByvkR6qHineRDv4SYbRdDlCtYcFR4CoYo9aigLPej1WBmaZjFV+/7AVA== ;{id = 60385}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. qYVQEwiVNWwRRoDJxK3c3LaXtfvOm/YzOEzXbN2MxPHZXHaa2nCzWLsILNstot/wTAbrk4wNcT16gKxF5JguNw== ;{id = 60385}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.	3600	IN	DNSKEY	256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b}
+sub.example.com.	3600	IN	RRSIG	DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.	3600	IN	RRSIG	NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 3y6qmOn5GIytQQtXmdhkyL0+8Um7uNzOA0m0CkWFtzN81T98jHdGcCGNC3CIGMyhKaWKqPlOoSwIfm55fa4qRA== ;{id = 60385}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. VS97UxG9Kn7DIYFCnBDJQ3n7sQ+aYF42/cU6s8jF1Y4nHSorKPFa0KHn0WVmaW33hA+Vs4BWTvJ1/JOpbiJskA== ;{id = 60385}
+
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
+
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_gost_downgrade.rpl b/src/test/resources/unbound/val_ds_gost_downgrade.rpl
new file mode 100644
index 000000000..3a589c194
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_gost_downgrade.rpl
@@ -0,0 +1,249 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	bouncycastle: yes
+	trust-anchor-signaling: no
+	harden-algo-downgrade: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with GOST DS digest downgrade attack
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; downgrade: false GOST, correct SHA
+
+
+sub.example.com.        3600    IN      DS      60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d028 
+
+; correct GOST DS for sub.example.com.
+; sub.example.com.        3600    IN      DS      60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx
+
+; SHA1 DS for sub.example.com.
+sub.example.com.       3600    IN      DS      60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax
+; SHA256 DS for sub.example.com.
+sub.example.com.       3600    IN      DS      60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex
+
+; signs SHA1, SHA2 and GOST DSes
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADB1PPtGoPKRrhNtRtkqeqpgnZdbPOdJMgjdZVxPfgGCoMTu3JFQVbo= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.	3600	IN	RRSIG	NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.sub.example.com. IN A
+SECTION ANSWER
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.	3600	IN	RRSIG	NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.	3600	IN	RRSIG	NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
+
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; must servfail bogus
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+;www.sub.example.com. 	3600	IN	A	11.11.11.11
+;www.sub.example.com.    3600    IN      RRSIG   A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_sha2.rpl b/src/test/resources/unbound/val_ds_sha2.rpl
new file mode 100644
index 000000000..4b9e97273
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_sha2.rpl
@@ -0,0 +1,206 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-dsa: yes
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with SHA256 DS digest
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; SHA256 DS for sub.example.com.
+sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AJ6FL7yKjrpEEO8WMKlG7TVZoGjgFblJeu0rkJCmJxfdeh6ysUlWQWs= ;{id = 2854}
+
+; SHA1 DS for sub.example.com.
+;sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_sha2_downgrade.rpl b/src/test/resources/unbound/val_ds_sha2_downgrade.rpl
new file mode 100644
index 000000000..b15f39bc5
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_sha2_downgrade.rpl
@@ -0,0 +1,229 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-dsa: yes
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	harden-algo-downgrade: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; Downgrade attack: false SHA2, correct SHA1
+
+; SHA256 DS for sub.example.com.
+;sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
+; BAD SHA256 DS
+sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000
+
+; SHA1 DS for sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; must servfail, BOGUS
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+;www.sub.example.com. 	3600	IN	A	11.11.11.11
+;www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_sha2_downgrade_override.rpl b/src/test/resources/unbound/val_ds_sha2_downgrade_override.rpl
new file mode 100644
index 000000000..20b03de40
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_sha2_downgrade_override.rpl
@@ -0,0 +1,227 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	val-digest-preference: "1,2"
+	val-min-rsa-size: 512
+	fake-dsa: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; Downgrade attack: false SHA2, correct SHA1
+
+; SHA256 DS for sub.example.com.
+;sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
+; BAD SHA256 DS
+sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000
+
+; SHA1 DS for sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; must NOT servfail, despite the BOGUS SHA2 as the digest order is overriden
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_sha2_lenient.rpl b/src/test/resources/unbound/val_ds_sha2_lenient.rpl
new file mode 100644
index 000000000..a6315737c
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_sha2_lenient.rpl
@@ -0,0 +1,230 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-dsa: yes
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	harden-algo-downgrade: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1 lenience
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; Downgrade attack: false SHA2, correct SHA1
+
+; SHA256 DS for sub.example.com.
+;sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
+; BAD SHA256 DS
+sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000
+
+; SHA1 DS for sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; must servfail, BOGUS
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_dsnsec.rpl b/src/test/resources/unbound/val_dsnsec.rpl
new file mode 100644
index 000000000..07dd40340
--- /dev/null
+++ b/src/test/resources/unbound/val_dsnsec.rpl
@@ -0,0 +1,287 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test pickup of DS NSEC from the cache.
+; make sure unbound does not pick up the wrong nsec.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; barely valid nodata for AAAA
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for   tub.example.com
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NXDOMAIN
+SECTION QUESTION
+tub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record
+example.com IN SOA ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854}
+; qname denial
+sub.example.com. IN	NSEC wub.example.com. NS DS RRSIG NSEC
+sub.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854}
+; wildcard denial
+example.com. IN NSEC blub.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.	3600	IN	RRSIG	NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; DS query for sub.example.com
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+;sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; query for a domain next to it, so the wrong NSEC gets in the cache.
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.tub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.tub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    3600    IN      SOA     ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854}
+sub.example.com.        3600    IN      NSEC    wub.example.com. NS DS RRSIG NSEC 
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854}
+example.com.    3600    IN      NSEC    blub.example.com. NS SOA RRSIG NSEC DNSKEY 
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; query of interest.
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_entds.rpl b/src/test/resources/unbound/val_entds.rpl
new file mode 100644
index 000000000..1adf4051b
--- /dev/null
+++ b/src/test/resources/unbound/val_entds.rpl
@@ -0,0 +1,279 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	val-min-rsa-size: 512
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with lots of ENTs in the chain of trust
+; query is for a.1.2.b.3.4.c.5.6.example.com.
+; labels 1-6 are empty nonterminals.
+; there are DNSKEYs at labels b, c, example.com.
+; and DSes at b and c.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for ENT DS queries.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+6.example.com. IN DS
+SECTION AUTHORITY
+example.com. NSEC c.5.6.example.com. SOA DNSKEY NS RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCoocKDsR+Hius4e+5zJPlXeeWNowIUO+pa14FBcWH/dCNK5R0vRrlWY5s= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+5.6.example.com. IN DS
+SECTION AUTHORITY
+example.com. NSEC c.5.6.example.com. SOA DNSKEY NS RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCoocKDsR+Hius4e+5zJPlXeeWNowIUO+pa14FBcWH/dCNK5R0vRrlWY5s= ;{id = 2854}
+ENTRY_END
+
+; response for query in question - delegation
+; and all other queries, receive a delegation to c.5.6.example.com.
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+a.1.2.b.3.4.c.5.6.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+c.5.6.example.com.	IN NS ns.c.5.6.example.com.
+c.5.6.example.com.      3600    IN      DS      2854 3 1 4449f16fa7d712283aa43cc8dcc8e07c05856e08
+c.5.6.example.com.      3600    IN      RRSIG   DS 3 5 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCgiF7eFL89mSqjUPEpQuL5QEa1OgIUWdfUmMkwVBwOgmxlxZIKfGs5od0= ;{id = 2854}
+SECTION ADDITIONAL
+ns.c.5.6.example.com.	IN	A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.c.5.6.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+c.5.6.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+c.5.6.example.com. IN DNSKEY
+SECTION ANSWER
+c.5.6.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+c.5.6.example.com.      3600    IN      RRSIG   DNSKEY 3 5 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MC0CFHsYd4tGO5BotXFzG9d8fzHkX576AhUAoZ2d1FNUBsrwxl6XSz/hoxme/4Q= ;{id = 2854}
+ENTRY_END
+
+; response to DS queries.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+4.c.5.6.example.com. IN DS
+SECTION AUTHORITY
+3.c.5.6.example.com.	IN NSEC b.3.4.c.5.6.example.com. NS DS RRSIG NSEC
+3.c.5.6.example.com.    3600    IN      RRSIG   NSEC 3 6 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MCwCFFFF5WwGibkPunDt0BW2W9lncACcAhQuFh7FbfCE1ulJqBFf1YxjvT/WHQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+3.4.c.5.6.example.com. IN DS
+SECTION AUTHORITY
+3.c.5.6.example.com.	IN NSEC b.3.4.c.5.6.example.com. NS DS RRSIG NSEC
+3.c.5.6.example.com.    3600    IN      RRSIG   NSEC 3 6 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MCwCFFFF5WwGibkPunDt0BW2W9lncACcAhQuFh7FbfCE1ulJqBFf1YxjvT/WHQ== ;{id = 2854}
+ENTRY_END
+
+; any other query gets a referral
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY AA QR NOERROR
+SECTION QUESTION
+; dnsjava: modify query to avoid overlap in query cache, match is not implemented
+4.c.5.6.example.com. IN NS
+SECTION AUTHORITY
+b.3.4.c.5.6.example.com. IN NS ns.b.3.4.c.5.6.example.com.
+b.3.4.c.5.6.example.com.        3600    IN      DS      30899 5 1 849ebbdefa338db3e6c3ddffd58851523ba701de
+b.3.4.c.5.6.example.com.        3600    IN      RRSIG   DS 3 8 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MC0CFEuXbvClpAOx7E1SXeH0d+Q4jpySAhUAtbEbQ8qtRF5chUOWNtg31ESAjWg= ;{id = 2854}
+SECTION ADDITIONAL
+ns.b.3.4.c.5.6.example.com. IN A 1.2.3.7
+ENTRY_END
+RANGE_END
+
+; ns.b.3.4.c.5.6.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+b.3.4.c.5.6.example.com.	IN	NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+b.3.4.c.5.6.example.com.	IN	DNSKEY
+SECTION ANSWER
+b.3.4.c.5.6.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+b.3.4.c.5.6.example.com.        3600    IN      RRSIG   DNSKEY 5 8 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. KNftlGVkrfvo3l3Wliq+i695MqJI9B8QnTVhCHKhFPZfEq0HCxV8gO3ZlaTUle1YEnr7+yXUritXlzjFOlf1hw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.1.2.b.3.4.c.5.6.example.com. IN A
+SECTION ANSWER
+a.1.2.b.3.4.c.5.6.example.com. IN A 11.11.11.11
+a.1.2.b.3.4.c.5.6.example.com.  3600    IN      RRSIG   A 5 11 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. GUZcUHhxAvc6FYwAzVJcTqsjz5L36bGA45dyeSupEGEhhUJj0wm/FaYCAlO8J+H2zcFEqbgK0KzHdrFmNHkgUQ== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.1.2.b.3.4.c.5.6.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+a.1.2.b.3.4.c.5.6.example.com. IN A
+SECTION ANSWER
+a.1.2.b.3.4.c.5.6.example.com. 3600	IN	A	11.11.11.11
+a.1.2.b.3.4.c.5.6.example.com.  3600    IN      RRSIG   A 5 11 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. GUZcUHhxAvc6FYwAzVJcTqsjz5L36bGA45dyeSupEGEhhUJj0wm/FaYCAlO8J+H2zcFEqbgK0KzHdrFmNHkgUQ== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_faildnskey.rpl b/src/test/resources/unbound/val_faildnskey.rpl
new file mode 100644
index 000000000..4c3139ac5
--- /dev/null
+++ b/src/test/resources/unbound/val_faildnskey.rpl
@@ -0,0 +1,170 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	# test that default value of harden-dnssec-stripped is still yes.
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with failed DNSKEY request
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+;REPLY QR AA NOERROR
+REPLY QR AA SERVFAIL
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+;example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+;example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+;SECTION AUTHORITY
+;example.com.	IN NS	ns.example.com.
+;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+;SECTION ADDITIONAL
+;ns.example.com.		IN 	A	1.2.3.4
+;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_faildnskey_ok.rpl b/src/test/resources/unbound/val_faildnskey_ok.rpl
new file mode 100644
index 000000000..d3ac00c47
--- /dev/null
+++ b/src/test/resources/unbound/val_faildnskey_ok.rpl
@@ -0,0 +1,180 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	harden-dnssec-stripped: no
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with failed DNSKEY request, but not hardened.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+;REPLY QR AA NOERROR
+REPLY QR AA SERVFAIL
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+;example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+;example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+;SECTION AUTHORITY
+;example.com.	IN NS	ns.example.com.
+;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+;SECTION ADDITIONAL
+;ns.example.com.		IN 	A	1.2.3.4
+;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_fwdds.rpl b/src/test/resources/unbound/val_fwdds.rpl
new file mode 100644
index 000000000..485e28693
--- /dev/null
+++ b/src/test/resources/unbound/val_fwdds.rpl
@@ -0,0 +1,231 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+forward-zone:
+	name: "sub.example.com"
+	forward-addr: 1.2.3.6
+CONFIG_END
+
+SCENARIO_BEGIN Test forward-zone with DS query
+; The fwd zone is linked validly with a DS to the public internet zone.
+; unbound just has to be able to ask the DS from the right server (not 
+; from the fwd).
+; Here the fwd is not even recursive, just the plain server for sub.example.com
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for DS of sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response for qtype DS.  This is not available here.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR SERVFAIL
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_keyprefetch.rpl b/src/test/resources/unbound/val_keyprefetch.rpl
new file mode 100644
index 000000000..d340a8a58
--- /dev/null
+++ b/src/test/resources/unbound/val_keyprefetch.rpl
@@ -0,0 +1,216 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	prefetch-key: yes
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with key prefetch
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_keyprefetch_verify.rpl b/src/test/resources/unbound/val_keyprefetch_verify.rpl
new file mode 100644
index 000000000..be66c2c3e
--- /dev/null
+++ b/src/test/resources/unbound/val_keyprefetch_verify.rpl
@@ -0,0 +1,250 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	prefetch-key: yes
+	prefetch: yes
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with key prefetch and verify with the anchor
+
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+STEP 20 TIME_PASSES ELAPSE 3400
+
+; now the key gets prefetched and has to be verified with the anchor,
+; not with the key itself.
+; this answer is from cache enyway.
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+ENTRY_END
+
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+STEP 50 TRAFFIC
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_mal_wc.rpl b/src/test/resources/unbound/val_mal_wc.rpl
new file mode 100644
index 000000000..5279092dc
--- /dev/null
+++ b/src/test/resources/unbound/val_mal_wc.rpl
@@ -0,0 +1,152 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata, wildcards and ENT
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+b.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+b.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+b.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    86394   IN      SOA     NS.IANA.ORG. NSTLD.IANA.ORG. 2007092000 1800 900 604800 86400
+example.com.    86394   IN      RRSIG   SOA 3 2 86394 20070926135752 20070829135752 2854 example.com. MCwCFFHjDbVjiPywHcXm669wMUJ7dlcoAhRfuauTUoExMSx96lTVYbBHOXtQEw== ;{id = 2854}
+
+; note that b.example.com. is an empty nonterminal
+*.example.com.  3600    IN      NSEC    *.b.example.com. A MX RRSIG NSEC 
+*.example.com.  3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFE9CopvxP6w/1HqnqxNluh1Qbgk0AhRgKrdjk/YoEm4tcYflNX6McDMCgQ== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+b.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+b.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    86394   IN      SOA     NS.IANA.ORG. NSTLD.IANA.ORG. 2007092000 1800 900 604800 86400
+example.com.    86394   IN      RRSIG   SOA 3 2 86394 20070926135752 20070829135752 2854 example.com. MCwCFFHjDbVjiPywHcXm669wMUJ7dlcoAhRfuauTUoExMSx96lTVYbBHOXtQEw== ;{id = 2854}
+*.example.com.  3600    IN      NSEC    *.b.example.com. A MX RRSIG NSEC 
+*.example.com.  3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFE9CopvxP6w/1HqnqxNluh1Qbgk0AhRgKrdjk/YoEm4tcYflNX6McDMCgQ== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_negcache_ds.rpl b/src/test/resources/unbound/val_negcache_ds.rpl
new file mode 100644
index 000000000..3a2c8d5dd
--- /dev/null
+++ b/src/test/resources/unbound/val_negcache_ds.rpl
@@ -0,0 +1,216 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with negative cache DS response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; query for missing DS record.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; the downstream validator wants the DS record.
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_negcache_dssoa.rpl b/src/test/resources/unbound/val_negcache_dssoa.rpl
new file mode 100644
index 000000000..0121d1ff6
--- /dev/null
+++ b/src/test/resources/unbound/val_negcache_dssoa.rpl
@@ -0,0 +1,256 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with negative cache DS response with cached SOA
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; query for missing DS record.
+; commented out, this query should not happen as negative cache works.
+;ENTRY_BEGIN
+;MATCH opcode qtype qname
+;ADJUST copy_id
+;REPLY QR NOERROR
+;SECTION QUESTION
+;sub.example.com. IN DS
+;SECTION ANSWER
+;SECTION AUTHORITY
+;example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+;example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+;sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+;sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+;SECTION ADDITIONAL
+;ns.sub.example.com. IN A 1.2.3.6
+;ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+nx.example.com. IN A
+SECTION AUTHORITY
+example.com.	7200 IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    7200 IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+nw.example.com.	7200	IN	NSEC	ny.example.com. A RRSIG 
+nw.example.com.	7200	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854}
+!.example.com. 7200 IN NSEC +.example.com. A RRSIG
+!.example.com.	7200	IN	RRSIG	NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854}
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; put the SOA into the cache
+STEP 14 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+nx.example.com. IN A
+ENTRY_END
+
+STEP 15 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+nx.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	7200 IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    7200    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+nw.example.com.	7200	IN	NSEC	ny.example.com. A RRSIG 
+nw.example.com.	7200	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854}
+!.example.com. 7200 IN NSEC +.example.com. A RRSIG
+!.example.com.	7200	IN	RRSIG	NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; the downstream validator wants the DS record.
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+example.com.	7200 IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    7200 IN RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_negcache_nodata.rpl b/src/test/resources/unbound/val_negcache_nodata.rpl
new file mode 100644
index 000000000..2fb9429ec
--- /dev/null
+++ b/src/test/resources/unbound/val_negcache_nodata.rpl
@@ -0,0 +1,167 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "testzone.nlnetlabs.nl.	IN	DS	2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b"
+	val-override-date: "20180213111425"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	trust-anchor-signaling: no
+	aggressive-nsec: yes
+
+stub-zone:
+	name: "testzone.nlnetlabs.nl"
+	stub-addr: 185.49.140.60
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with negative cache NXDOMAIN response (aggressive NSEC)
+
+; testzone.nlnetlabs.nl nameserver
+RANGE_BEGIN 0 100
+	ADDRESS 185.49.140.60
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+testzone.nlnetlabs.nl. IN DNSKEY
+SECTION ANSWER
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw=
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NS      ns.nlnetlabs.nl.
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI=
+SECTION ADDITIONAL
+ENTRY_END
+
+; NODATA response for alligator.testzone.nlnetlabs.nl A type
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+alligator.testzone.nlnetlabs.nl. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; NXDOMAIN response for emu.testzone.nlnetlabs.nl
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+emu.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      NSEC    duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc=
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; No answer for ant.testzone.nlnetlabs.nl
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+alligator.testzone.nlnetlabs.nl. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO AD NOERROR
+SECTION QUESTION
+alligator.testzone.nlnetlabs.nl. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; AAAA query for alligator.testzone.nlnetlabs.nl, which isn't on the testzone nameserver
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+alligator.testzone.nlnetlabs.nl. IN AAAA
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+alligator.testzone.nlnetlabs.nl. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+ENTRY_END
+
+STEP 40 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+emu.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+emu.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      NSEC    duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc=
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+ENTRY_END
+
+STEP 60 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ent.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+; query for ENT, must result in NOERROR answer
+STEP 70 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+ent.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      NSEC    duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_negcache_nta.rpl b/src/test/resources/unbound/val_negcache_nta.rpl
new file mode 100644
index 000000000..95c25fd94
--- /dev/null
+++ b/src/test/resources/unbound/val_negcache_nta.rpl
@@ -0,0 +1,121 @@
+; config options
+; The island of trust is at testzone.nlnetlabs.nl
+server:
+	trust-anchor: "testzone.nlnetlabs.nl.	IN	DS	2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b"
+	val-override-date: "20180213111425"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	trust-anchor-signaling: no
+	aggressive-nsec: yes
+	domain-insecure: "ant.testzone.nlnetlabs.nl"
+
+stub-zone:
+	name: "testzone.nlnetlabs.nl"
+	stub-addr: 185.49.140.60
+stub-zone:
+	name: "ant.testzone.nlnetlabs.nl"
+	stub-addr: 185.49.140.61
+CONFIG_END
+
+SCENARIO_BEGIN Test to not do aggressive NSEC for domains under NTA
+
+; testzone.nlnetlabs.nl nameserver
+RANGE_BEGIN 0 100
+	ADDRESS 185.49.140.60
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+testzone.nlnetlabs.nl. IN DNSKEY
+SECTION ANSWER
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw=
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NS      ns.nlnetlabs.nl.
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI=
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for antelope.testzone.nlnetlabs.nl.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+; ant.testzone.nlnetlabs.nl nameserver
+RANGE_BEGIN 0 100
+	ADDRESS 185.49.140.61
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ant.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+ant.testzone.nlnetlabs.nl.  10    IN      TXT      "domain under NTA"
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO AD NXDOMAIN
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; query for ant.testzone.nlnetlabs.nl, which is below an NTA
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ant.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+ant.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+ant.testzone.nlnetlabs.nl.  10    IN      TXT      "domain under NTA"
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_negcache_nxdomain.rpl b/src/test/resources/unbound/val_negcache_nxdomain.rpl
new file mode 100644
index 000000000..520c5775d
--- /dev/null
+++ b/src/test/resources/unbound/val_negcache_nxdomain.rpl
@@ -0,0 +1,110 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "testzone.nlnetlabs.nl.	IN	DS	2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b"
+	val-override-date: "20180213111425"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	trust-anchor-signaling: no
+	aggressive-nsec: yes
+
+stub-zone:
+	name: "testzone.nlnetlabs.nl"
+	stub-addr: 185.49.140.60
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with negative cache NXDOMAIN response (aggressive NSEC)
+
+; testzone.nlnetlabs.nl nameserver
+RANGE_BEGIN 0 100
+	ADDRESS 185.49.140.60
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+testzone.nlnetlabs.nl. IN DNSKEY
+SECTION ANSWER
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw=
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NS      ns.nlnetlabs.nl.
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI=
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for antelope.testzone.nlnetlabs.nl.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; No answer for ant.testzone.nlnetlabs.nl
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO AD NXDOMAIN
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; query for ant.testzone.nlnetlabs.nl, which isn't on the testzone nameserver
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ant.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+ant.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_noadwhennodo.rpl b/src/test/resources/unbound/val_noadwhennodo.rpl
new file mode 100644
index 000000000..46e1bad5a
--- /dev/null
+++ b/src/test/resources/unbound/val_noadwhennodo.rpl
@@ -0,0 +1,153 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test if AD bit is returned on non-DO query.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; it is validated, but no AD bit, because no AD was requested.
+; (this is a copy of val_positive.rpl).
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata.rpl b/src/test/resources/unbound/val_nodata.rpl
new file mode 100644
index 000000000..f19963467
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata.rpl
@@ -0,0 +1,150 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; Denies A, note this is the end of the NSEC chain.
+www.example.com.	IN	NSEC	example.com. RRSIG NSEC
+www.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCreYgWjFPE/E47n+KUp6vAPIfS4gIUaof1QcUQeIcsxVi1/M73CuHVwEc= ;{id = 2854}
+; Denies wildcard
+;example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+;example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+www.example.com.	IN	NSEC	example.com. RRSIG NSEC
+www.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCreYgWjFPE/E47n+KUp6vAPIfS4gIUaof1QcUQeIcsxVi1/M73CuHVwEc= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_ent.rpl b/src/test/resources/unbound/val_nodata_ent.rpl
new file mode 100644
index 000000000..96ba7dbbc
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_ent.rpl
@@ -0,0 +1,156 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata on empty nonterminal response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN      SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+; Denies A, note this is the end of the NSEC chain.
+u.example.com.	IN	NSEC	y.www.example.com. RRSIG NSEC
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCvUG2P/8Q8b02C6agrgtJX4YfBbwIUaF/fIuS4OFmGVNkFzgiLAkpze3M= ;{id = 2854}
+
+; Denies wildcard
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN      SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+u.example.com.	IN	NSEC	y.www.example.com. RRSIG NSEC
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCvUG2P/8Q8b02C6agrgtJX4YfBbwIUaF/fIuS4OFmGVNkFzgiLAkpze3M= ;{id = 2854}
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_entnx.rpl b/src/test/resources/unbound/val_nodata_entnx.rpl
new file mode 100644
index 000000000..c8e704e30
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_entnx.rpl
@@ -0,0 +1,151 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    IN      DS      29332 8 2 751f8b755718a7b4ef8920a4b42407520889c3d2142a64f6ffad9e12fa9fc262"
+	val-override-date: "20140301134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata on empty nonterminal response with rcode NXDOMAIN
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    3600    IN      NS      ns.example.com.
+example.com.    3600    IN      RRSIG   NS 8 2 3600 20140320093645 20140220093645 55566 example.com. Z+gwYHWVcSXkIYX35nm3bHzlARf1AsI51gH7lGUSwKoD+ZEePXgkqnVS3jrzl/VjeNrmGutpl1rP1tZvTLD5Hs7Q04BlmhS5X22jiGpfwfdaKbbBUNDuCLN31+W8A4B6PBA+jNO3m3+vYNctWfemWX2YTIxKIyOppFOZP2+ll4A=
+SECTION ADDITIONAL
+ns.example.com. 3600    IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 8 3 3600 20140320093645 20140220093645 55566 example.com. Fgdfl8Jp4xFHxHyjkjaso7pt0AdrRifUEP2fer8pNnW4KIH83uA4OjfYcMwdP4HqSBJFPb04wQLFoDrLDdFp3zSjHwQQm+4OIBffBMXQ42RSWFgjCygOzQ/vdBUsBDV9tf6y/ggQg+CVfI7l2oPrUwMQCrr69KdzzrRRlsivotM=
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
+example.com.    3600    IN      DNSKEY  257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b}
+example.com.    3600    IN      RRSIG   DNSKEY 8 2 3600 20140320093645 20140220093645 29332 example.com. Vjcu4FD2hbHO4jgRXBeWwhUU29DOyUhdcQuRBhcNNZPYS4/MNKrKzhqZ/5jGRx//UffVvZMrVjb2xbJXf0UALrBktbG/yRK0lETXu4JHVtUyCY8jiKlmSl4LabsYC5GvvoLCzXilYFtp1zzagorONmJtmBc9DiP3fp/ju0gZ45/pTn6cLY8cm2/ja5U5SQ4KQ4SVQsiNduvpLAm3CM2qkqOdspWtNEjjG92EXqgBg5lQ0pt5U2wKk3igecACGUiKzrc9qlSBoErS+rDYAZ3TKqUdW489o4hd0vOowvwgb7Z+lqleplyptlCAwpw/djNqA4dX+FTK/oB6lokX5bxnjQ==
+SECTION AUTHORITY
+example.com.    3600    IN      NS      ns.example.com.
+example.com.    3600    IN      RRSIG   NS 8 2 3600 20140320093645 20140220093645 55566 example.com. Z+gwYHWVcSXkIYX35nm3bHzlARf1AsI51gH7lGUSwKoD+ZEePXgkqnVS3jrzl/VjeNrmGutpl1rP1tZvTLD5Hs7Q04BlmhS5X22jiGpfwfdaKbbBUNDuCLN31+W8A4B6PBA+jNO3m3+vYNctWfemWX2YTIxKIyOppFOZP2+ll4A=
+SECTION ADDITIONAL
+ns.example.com. 3600    IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 8 3 3600 20140320093645 20140220093645 55566 example.com. Fgdfl8Jp4xFHxHyjkjaso7pt0AdrRifUEP2fer8pNnW4KIH83uA4OjfYcMwdP4HqSBJFPb04wQLFoDrLDdFp3zSjHwQQm+4OIBffBMXQ42RSWFgjCygOzQ/vdBUsBDV9tf6y/ggQg+CVfI7l2oPrUwMQCrr69KdzzrRRlsivotM=
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+0.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    3600    IN      SOA     ns.example.com. postmaster.example.com. 1337 1200 180 1209600 3600
+example.com.    3600    IN      RRSIG   SOA 8 2 3600 20140320093645 20140220093645 55566 example.com. dcglYOgcxQS6G0PIGitAvMsOUdChGmGAKKb9PYewds2CnoBZq9Tn5F27A4agfJJrUcMC1g3m/O9+kbIYSRs3L9qYwpV/hOu7WLAS/fw+8S3ASSWP2RE+uu0IC1qo0YdHtH5y/cNjqEUcH8uhD1CAYfgKdn3hWEwqXKpWAFrUE7U=
+; Denies A and wildcard
+example.com.    3600    IN      NSEC    0.0.0.0.example.com. NS SOA MX TXT RRSIG NSEC DNSKEY 
+example.com.    3600    IN      RRSIG   NSEC 8 2 3600 20140320093645 20140220093645 55566 example.com. dL8lR8Wsvow+dCR24E7BTG3NxzxVCJb0wxQ+k8gLVbQMMsMkQEh4gw2zOXkfX21764ULm6RxEww0ibuKnidXLGUEkCc6g+WL2hsnE2DUpwIGZXn/O3VamrB9+GJ+dbCj4NFl+IXNlrfQFsYOiw055jjQjZTxrsCzodnfxqDgwUg=
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+0.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+0.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    3600    IN      SOA     ns.example.com. postmaster.example.com. 1337 1200 180 1209600 3600
+example.com.    3600    IN      RRSIG   SOA 8 2 3600 20140320093645 20140220093645 55566 example.com. dcglYOgcxQS6G0PIGitAvMsOUdChGmGAKKb9PYewds2CnoBZq9Tn5F27A4agfJJrUcMC1g3m/O9+kbIYSRs3L9qYwpV/hOu7WLAS/fw+8S3ASSWP2RE+uu0IC1qo0YdHtH5y/cNjqEUcH8uhD1CAYfgKdn3hWEwqXKpWAFrUE7U=
+example.com.    3600    IN      NSEC    0.0.0.0.example.com. NS SOA MX TXT RRSIG NSEC DNSKEY 
+example.com.    3600    IN      RRSIG   NSEC 8 2 3600 20140320093645 20140220093645 55566 example.com. dL8lR8Wsvow+dCR24E7BTG3NxzxVCJb0wxQ+k8gLVbQMMsMkQEh4gw2zOXkfX21764ULm6RxEww0ibuKnidXLGUEkCc6g+WL2hsnE2DUpwIGZXn/O3VamrB9+GJ+dbCj4NFl+IXNlrfQFsYOiw055jjQjZTxrsCzodnfxqDgwUg=
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_entwc.rpl b/src/test/resources/unbound/val_nodata_entwc.rpl
new file mode 100644
index 000000000..c02e9521a
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_entwc.rpl
@@ -0,0 +1,156 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata on empty nonterminal response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN      SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+; Denies A, note this is the end of the NSEC chain.
+*.u.example.com.	IN	NSEC	y.www.example.com. RRSIG NSEC
+*.u.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEiVqFPbtbpIh8NrE/YjNCDPFYZgAhR9/9SDX2lwxckJZR299JcRRsjnqw== ;{id = 2854}
+
+; Denies wildcard
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN      SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+*.u.example.com.	IN	NSEC	y.www.example.com. RRSIG NSEC
+*.u.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEiVqFPbtbpIh8NrE/YjNCDPFYZgAhR9/9SDX2lwxckJZR299JcRRsjnqw== ;{id = 2854}
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_failsig.rpl b/src/test/resources/unbound/val_nodata_failsig.rpl
new file mode 100644
index 000000000..88b515649
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_failsig.rpl
@@ -0,0 +1,167 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata response with bogus RRSIG
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; Denies A, note this is the end of the NSEC chain.
+; this RRSIG is failed, we set to 0 base64 data to make this easy to detect
+www.example.com.	IN	NSEC	example.com. RRSIG NSEC
+;www.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDA8yqBITvLruoQjn/eqjYjwCwySAhUAk5/f3H1HKMsvM+spmmswwFtndyY= ;{id = 2854}
+;encode _something_ as base64 to make dnsjava happy
+www.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. QQ==
+; Denies wildcard
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_failwc.rpl b/src/test/resources/unbound/val_nodata_failwc.rpl
new file mode 100644
index 000000000..76fa8acac
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_failwc.rpl
@@ -0,0 +1,72 @@
+; config options
+; The island of trust is at nsecwc.nlnetlabs.nl
+server:
+	trust-anchor: "nsecwc.nlnetlabs.nl.	10024	IN	DS	565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E"
+	val-override-date: "20181202115531"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+stub-zone:
+	name: "nsecwc.nlnetlabs.nl"
+	stub-addr: "185.49.140.60"
+
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test.
+
+ ; ns.example.com.                                                                
+RANGE_BEGIN 0 100                                                                
+	ADDRESS 185.49.140.60
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+nsecwc.nlnetlabs.nl. IN DNSKEY
+SECTION ANSWER
+nsecwc.nlnetlabs.nl.	3600	IN	DNSKEY	257 3 8 AwEAAbTluF4BfJ/FT7Ak5a3VvYG1AqhT8FXxOsVwGTyueyE/hW+fMFMd QlLMf2Lf/gmsnFgn/p7GDmJBLlPTATmLeP3isvAZbK3MDEP2O5UjTVmt LZriTv8xfxYW6emCM54EQjWii64BFWrOeLm9zQqzyaLl53CbIIXqiacV KPteh8GX
+nsecwc.nlnetlabs.nl.	3600	IN	RRSIG	DNSKEY 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. q3bG4e8EtvXKDcNWcyYHeQxLF9l9aJKdmeSubyN6Qc3UVHugd6t3YSxD hlD+g43y7FcdnNHdAPh/jpgC4wtOb5J+5XAuESDHwesmIXOCTJjrb+A8 r+xQK+vsY8FhNZ2r81JZ/KQ/+TcCS5tbYeNZQgENduWAxgGiw3fdrMOV xiU=
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+_25._tcp.mail.nsecwc.nlnetlabs.nl. IN	TLSA
+SECTION ANSWER
+SECTION AUTHORITY
+nsecwc.nlnetlabs.nl.	3600	IN	SOA	ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+nsecwc.nlnetlabs.nl.	3600	IN	RRSIG	SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY=
+; NSEC has a label lenght of 3, indication that the original owner name is:
+; *.nsecwc.nlnetlabs.nl. The NSEC therefore does no prove the NODATA answer.
+_25._tcp.mail.nsecwc.nlnetlabs.nl. 3600	IN NSEC	delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC
+_25._tcp.mail.nsecwc.nlnetlabs.nl. 3600	IN RRSIG NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw=
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+_25._tcp.mail.nsecwc.nlnetlabs.nl. IN   TLSA
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+_25._tcp.mail.nsecwc.nlnetlabs.nl. IN   TLSA
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_hasdata.rpl b/src/test/resources/unbound/val_nodata_hasdata.rpl
new file mode 100644
index 000000000..18f420c5c
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_hasdata.rpl
@@ -0,0 +1,164 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata response, that proves the data.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; Denies A, note this is the end of the NSEC chain.
+www.example.com.	IN	NSEC	example.com. A RRSIG NSEC
+www.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDA8yqBITvLruoQjn/eqjYjwCwySAhUAk5/f3H1HKMsvM+spmmswwFtndyY= ;{id = 2854}
+; Denies wildcard
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_zonecut.rpl b/src/test/resources/unbound/val_nodata_zonecut.rpl
new file mode 100644
index 000000000..eb84ac01c
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_zonecut.rpl
@@ -0,0 +1,162 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata response from wrong side of zonecut 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; Denies A, note this is the end of the NSEC chain.
+; from wrong side of zone-cut
+www.example.com.	3600	IN	NSEC	example.com. NS DS RRSIG NSEC 
+www.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AA+3mzAYPyQ8G9EKxeyNM+UZY+RtCiS5BOkS8h4wSxMT3lfVdadGpn8= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc.rpl b/src/test/resources/unbound/val_nodatawc.rpl
new file mode 100644
index 000000000..542b65e82
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc.rpl
@@ -0,0 +1,152 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; wildcard, Denies A, note this is the end of the NSEC chain.
+*.example.com.	IN	NSEC	example.com. RRSIG NSEC
+*.example.com.        3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854}
+; this NSEC denies original query name
+ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+*.example.com.	IN	NSEC	example.com. RRSIG NSEC
+*.example.com.        3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854}
+ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc_badce.rpl b/src/test/resources/unbound/val_nodatawc_badce.rpl
new file mode 100644
index 000000000..49ee7f17a
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc_badce.rpl
@@ -0,0 +1,164 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata, bad closest encloser 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; wildcard is *.com, 
+*.com.	IN	NSEC	com. RRSIG NSEC
+*.com.  3600    IN      RRSIG   NSEC 3 1 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCdZKVAPYKe6WhoeuK4+J2hd3F2DgIUXv9Dif1uZsSjboLYVx7Wp0DEg78= ;{id = 2854}
+; this NSEC denies original query name from a different zone
+ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc_nodeny.rpl b/src/test/resources/unbound/val_nodatawc_nodeny.rpl
new file mode 100644
index 000000000..35f154ebc
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc_nodeny.rpl
@@ -0,0 +1,164 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata response without qdenial
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; wildcard, Denies A, note this is the end of the NSEC chain.
+*.example.com.	IN	NSEC	ns.example.com. RRSIG NSEC
+*.example.com.	IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFG0+PaReanKYupgDsJMHBBl7qaAOAhRApLLtiHNSl326iqVz/icLUJ6+Kg== ;{id = 2854}
+; this NSEC denies original query name
+;ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+;ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc_one.rpl b/src/test/resources/unbound/val_nodatawc_one.rpl
new file mode 100644
index 000000000..081d20c0b
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc_one.rpl
@@ -0,0 +1,147 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata response with one NSEC
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; wildcard, Denies A, note this is the end of the NSEC chain.
+*.example.com.	IN	NSEC	example.com. RRSIG NSEC
+*.example.com.        3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+*.example.com.	IN	NSEC	example.com. RRSIG NSEC
+*.example.com.        3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc_wcns.rpl b/src/test/resources/unbound/val_nodatawc_wcns.rpl
new file mode 100644
index 000000000..a3fca6a7c
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc_wcns.rpl
@@ -0,0 +1,158 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-dsa: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata response from parent zone with SOA
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; wildcard, denies A, but has NS and SOA
+*.example.com.	3600 IN	NSEC	ns.example.com. RRSIG NSEC NS SOA
+*.example.com.      3600    IN  RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AFmszt1f4/pJQypUHc3e7izNQnc/eDaK2gB73kt/0H0iYMpOlWjYr8E=
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc_wrongdeleg.rpl b/src/test/resources/unbound/val_nodatawc_wrongdeleg.rpl
new file mode 100644
index 000000000..2727515f5
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc_wrongdeleg.rpl
@@ -0,0 +1,158 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-dsa: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata response from parent zone
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; wildcard, denies A, but has NS without SOA
+*.example.com.	IN	NSEC	ns.example.com. RRSIG NSEC NS
+*.example.com.      3600    IN  RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AD9PK7JGmYA7yzAMBiDXZNiYf9I8fbNI4MRZ2xebru+u5MBafoXacR8=
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nokeyprime.rpl b/src/test/resources/unbound/val_nokeyprime.rpl
new file mode 100644
index 000000000..4675a382b
--- /dev/null
+++ b/src/test/resources/unbound/val_nokeyprime.rpl
@@ -0,0 +1,163 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with failed key prime, no keys.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; barely valid nodata for AAAA
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007101500 28800 7200 604800 18000
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror.rpl
new file mode 100644
index 000000000..b8d0277f0
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b1_nameerror.rpl
@@ -0,0 +1,135 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.1 name error.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NXDOMAIN
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that covers the "next closer" name (c.x.w.example)
+;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh
+
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+;; NSEC3 RR that matches the closest encloser (x.w.example)
+;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995
+
+b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+
+;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example)
+;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m
+
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.c.x.w.example. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror_noce.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror_noce.rpl
new file mode 100644
index 000000000..ab3e7639d
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b1_nameerror_noce.rpl
@@ -0,0 +1,145 @@
+; config options
+server:
+	trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.1 name error without ce NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NXDOMAIN
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.	RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that covers the "next closer" name (c.x.w.example)
+;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh
+
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+;; NSEC3 RR that matches the closest encloser (x.w.example)
+;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995
+
+; b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+; b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+
+;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example)
+;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m
+
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.c.x.w.example. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror_nonc.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror_nonc.rpl
new file mode 100644
index 000000000..e49b751de
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b1_nameerror_nonc.rpl
@@ -0,0 +1,147 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm 3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.1 name error without nc NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89ep O6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8 Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf 3bH+QsCtg== )
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NXDOMAIN
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd V I2LmKusbZsT0Q== )
+
+;; NSEC3 RR that covers the "next closer" name (c.x.w.example)
+;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh
+
+;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi 47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRx K9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+;; NSEC3 RR that matches the closest encloser (x.w.example)
+;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995
+
+b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUi wtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+
+;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example)
+;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m
+
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH +z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.c.x.w.example. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror_nowc.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror_nowc.rpl
new file mode 100644
index 000000000..60b2f7905
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b1_nameerror_nowc.rpl
@@ -0,0 +1,152 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.1 name error without wc NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NXDOMAIN
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that covers the "next closer" name (c.x.w.example)
+;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh
+
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+;; NSEC3 RR that matches the closest encloser (x.w.example)
+;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995
+
+b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+
+;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example)
+;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m
+
+
+;35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+;35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.c.x.w.example. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+; example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+; b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+; b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b21_nodataent.rpl b/src/test/resources/unbound/val_nsec3_b21_nodataent.rpl
new file mode 100644
index 000000000..90c5a0066
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b21_nodataent.rpl
@@ -0,0 +1,118 @@
+; config options
+server:
+	trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.2.1 no data empty nonterminal.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+y.w.example.        IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR matches the QNAME and shows that the A type bit is not set.
+ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. NSEC3 1 1 12 aabbccdd ( k8udemvp1j2f7eg6jebps17vp3n8i58h )
+ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj7 2F3kQ490fEdp7k1BUIfbcZtPbX3YCpE+sIt0 MpzVSKfTwx4uYA== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+y.w.example.        IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+y.w.example.        IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. NSEC3 1 1 12 aabbccdd ( k8udemvp1j2f7eg6jebps17vp3n8i58h )
+ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj7 2F3kQ490fEdp7k1BUIfbcZtPbX3YCpE+sIt0 MpzVSKfTwx4uYA== )
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b21_nodataent_wr.rpl b/src/test/resources/unbound/val_nsec3_b21_nodataent_wr.rpl
new file mode 100644
index 000000000..548a1d0ca
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b21_nodataent_wr.rpl
@@ -0,0 +1,136 @@
+; config options
+server:
+	trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.2.1 no data empty nonterminal, wrong rr.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+y.w.example.        IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR matches the QNAME and shows that the A type bit is not set.
+;ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. NSEC3 1 1 12 aabbccdd ( k8udemvp1j2f7eg6jebps17vp3n8i58h )
+;ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj7 2F3kQ490fEdp7k1BUIfbcZtPbX3YCpE+sIt0 MpzVSKfTwx4uYA== )
+
+; instead the wrong NSEC3 rr is included
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+y.w.example.        IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+y.w.example.        IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b2_nodata.rpl b/src/test/resources/unbound/val_nsec3_b2_nodata.rpl
new file mode 100644
index 000000000..d3da26308
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b2_nodata.rpl
@@ -0,0 +1,118 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.2 no data.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns1.example.        IN MX
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR matches the QNAME and shows that the MX type bit is not set.
+2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. NSEC3   1 1 12 aabbccdd ( 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG )
+2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN 4TFoNxZuP03gAXEI634YwOc4YBNITrj413iq NI6mRk/r1dOSUw== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ns1.example.        IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+ns1.example.        IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. NSEC3   1 1 12 aabbccdd ( 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG )
+2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN 4TFoNxZuP03gAXEI634YwOc4YBNITrj413iq NI6mRk/r1dOSUw== )
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b2_nodata_nons.rpl b/src/test/resources/unbound/val_nsec3_b2_nodata_nons.rpl
new file mode 100644
index 000000000..82007711c
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b2_nodata_nons.rpl
@@ -0,0 +1,140 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.2 no data, without NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+; response to DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns1.example.        IN DS
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns1.example.        IN MX
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR matches the QNAME and shows that the MX type bit is not set.
+;2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. NSEC3   1 1 12 aabbccdd ( 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG )
+;2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN 4TFoNxZuP03gAXEI634YwOc4YBNITrj413iq NI6mRk/r1dOSUw== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ns1.example.        IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+ns1.example.        IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b3_optout.rpl b/src/test/resources/unbound/val_nsec3_b3_optout.rpl
new file mode 100644
index 000000000..bdce280c5
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b3_optout.rpl
@@ -0,0 +1,216 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.3 referral to optout unsigned zone.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+c.example.       IN DS
+SECTION AUTHORITY
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+ENTRY_END
+
+RANGE_END
+
+; ns1.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+; ns2.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.8
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b3_optout_negcache.rpl b/src/test/resources/unbound/val_nsec3_b3_optout_negcache.rpl
new file mode 100644
index 000000000..f8ef6f87d
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b3_optout_negcache.rpl
@@ -0,0 +1,217 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.3 referral optout with negative cache.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+
+ENTRY_END
+
+
+; DS must be gotten from neg cache
+; ENTRY_BEGIN
+; MATCH opcode qtype qname
+; ADJUST copy_id
+; REPLY QR AA DO NOERROR
+; SECTION QUESTION
+; c.example.       IN DS
+; SECTION AUTHORITY
+; ;; NSEC3 RR that covers the "next closer" name (c.example)
+; ;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+; 
+; ;; NSEC3 RR that matches the closest encloser (example)
+; ;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+; ENTRY_END
+
+RANGE_END
+
+; ns1.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+; ns2.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.8
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b3_optout_noce.rpl b/src/test/resources/unbound/val_nsec3_b3_optout_noce.rpl
new file mode 100644
index 000000000..c078ed95a
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b3_optout_noce.rpl
@@ -0,0 +1,256 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.3 optout unsigned, without ce.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+c.example.       IN DS
+SECTION AUTHORITY
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+c.example.       IN MX
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+
+ENTRY_END
+RANGE_END
+
+; ns1.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns1.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns2.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+; ns2.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.8
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns1.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns2.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b3_optout_nonc.rpl b/src/test/resources/unbound/val_nsec3_b3_optout_nonc.rpl
new file mode 100644
index 000000000..dd84f48b3
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b3_optout_nonc.rpl
@@ -0,0 +1,257 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.3 optout unsigned, without nc.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+c.example.       IN DS
+SECTION AUTHORITY
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+;35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+;35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+c.example.       IN MX
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+
+ENTRY_END
+
+RANGE_END
+
+; ns1.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns1.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns2.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+; ns2.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.8
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns1.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns2.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b4_wild.rpl b/src/test/resources/unbound/val_nsec3_b4_wild.rpl
new file mode 100644
index 000000000..8efec7ede
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b4_wild.rpl
@@ -0,0 +1,156 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.4 wildcard expansion.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example. IN MX
+SECTION ANSWER
+a.z.w.example. MX      1 ai.example.
+a.z.w.example. RRSIG   MX 7 2 3600 20150420235959 20051021000000 ( 40430 example.  CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== )
+SECTION AUTHORITY
+example.       NS      ns1.example.
+example.       NS      ns2.example.
+example. RRSIG   NS 7 1 3600 20150420235959 20051021000000 ( 40430 example.  PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+SECTION ADDITIONAL
+ai.example.    A       192.0.2.9
+ai.example.    RRSIG   A 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== )
+ai.example.    AAAA    2001:db8:0:0:0:0:f00:baa9
+ai.example.    RRSIG   AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example.  LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== )
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.z.w.example. IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.z.w.example. IN MX
+SECTION ANSWER
+a.z.w.example. MX      1 ai.example.
+a.z.w.example. RRSIG   MX 7 2 3600 20150420235959 20051021000000 ( 40430 example.  CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== )
+SECTION AUTHORITY
+example.       NS      ns1.example.
+example.       NS      ns2.example.
+example. RRSIG   NS 7 1 3600 20150420235959 20051021000000 ( 40430 example.  PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+SECTION ADDITIONAL
+ai.example.    A       192.0.2.9
+ai.example.    AAAA    2001:db8:0:0:0:0:f00:baa9
+ai.example.    RRSIG   A 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== )
+ai.example.    RRSIG   AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example.  LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== )
+ENTRY_END
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b4_wild_wr.rpl b/src/test/resources/unbound/val_nsec3_b4_wild_wr.rpl
new file mode 100644
index 000000000..0ff070c8d
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b4_wild_wr.rpl
@@ -0,0 +1,167 @@
+; config options
+server:
+	trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.4 wildcard expansion, wrong NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example. IN MX
+SECTION ANSWER
+a.z.w.example. MX      1 ai.example.
+a.z.w.example. RRSIG   MX 7 2 3600 20150420235959 20051021000000 ( 40430 example.  CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== )
+SECTION AUTHORITY
+example.       NS      ns1.example.
+example.       NS      ns2.example.
+example. RRSIG   NS 7 1 3600 20150420235959 20051021000000 ( 40430 example.  PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+;q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+;q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+; The wrong NSEC3 here
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+
+SECTION ADDITIONAL
+ai.example.    A       192.0.2.9
+ai.example.    RRSIG   A 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== )
+ai.example.    AAAA    2001:db8:0:0:0:0:f00:baa9
+ai.example.    RRSIG   AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example.  LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== )
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.z.w.example. IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+a.z.w.example. IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata.rpl
new file mode 100644
index 000000000..64c7b67f6
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata.rpl
@@ -0,0 +1,157 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that matches the closest encloser (w.example)
+;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+;; NSEC3 RR that matches a wildcard at the closest encloser.
+;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata_noce.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata_noce.rpl
new file mode 100644
index 000000000..77cb6c5f0
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata_noce.rpl
@@ -0,0 +1,166 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without ce.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that matches the closest encloser (w.example)
+;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h
+;k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+;k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+;; NSEC3 RR that matches a wildcard at the closest encloser.
+;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata_nonc.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nonc.rpl
new file mode 100644
index 000000000..fa20f5ee7
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nonc.rpl
@@ -0,0 +1,166 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without nc.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that matches the closest encloser (w.example)
+;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+;q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+;q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+;; NSEC3 RR that matches a wildcard at the closest encloser.
+;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata_nowc.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nowc.rpl
new file mode 100644
index 000000000..bc74c6692
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nowc.rpl
@@ -0,0 +1,168 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without wc.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that matches the closest encloser (w.example)
+;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+;; NSEC3 RR that matches a wildcard at the closest encloser.
+;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en
+;r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
+;r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+; insecure! not bogus! (due to optout)
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_cname_ds.rpl b/src/test/resources/unbound/val_nsec3_cname_ds.rpl
new file mode 100644
index 000000000..a3c2b8a11
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_cname_ds.rpl
@@ -0,0 +1,214 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 CNAME for qtype DS.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION ANSWER
+; from *.sub.example.com. IN CNAME sub.example.com.
+www.sub.example.com. IN CNAME sub.example.com.
+www.sub.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFyXwAzONbrkZD3oQ50zRYXOr1vvAhQAmzDTm7YYloe6F96eBS1L+KE9hg== ;{id = 2854}
+SECTION AUTHORITY
+; cover qname next closer name, for the wildcard.
+; H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION ANSWER
+www.sub.example.com. IN CNAME sub.example.com.
+www.sub.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFyXwAzONbrkZD3oQ50zRYXOr1vvAhQAmzDTm7YYloe6F96eBS1L+KE9hg== ;{id = 2854}
+sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+SECTION AUTHORITY
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_cname_par.rpl b/src/test/resources/unbound/val_nsec3_cname_par.rpl
new file mode 100644
index 000000000..e07a4aea4
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_cname_par.rpl
@@ -0,0 +1,218 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 wildcard CNAME to parent.
+; to test the zone determination routines in nsec3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+; from *.sub.example.com. IN CNAME www.example.com.
+www.sub.example.com. IN CNAME www.example.com.
+www.sub.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFKPEuHCx2R69zF2Nd4c7Vu/4RUxAhRB9zHHPCihRU4HT5HhpPJxJykeFg== ;{id = 2854}
+SECTION AUTHORITY
+; cover qname next closer name, for the wildcard.
+; H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN CNAME www.example.com.
+www.sub.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFKPEuHCx2R69zF2Nd4c7Vu/4RUxAhRB9zHHPCihRU4HT5HhpPJxJykeFg== ;{id = 2854}
+SECTION AUTHORITY
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854}
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_cname_sub.rpl b/src/test/resources/unbound/val_nsec3_cname_sub.rpl
new file mode 100644
index 000000000..233afb086
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_cname_sub.rpl
@@ -0,0 +1,228 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 wildcard CNAME to subzone.
+; to test the zone determination routines in nsec3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+;from *.example.com. IN CNAME www.sub.example.com.
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCjVxqOi0bcgHgxVkwzJqIi6iNJswIUZxbmItvoyEczTclgVtHsr9Jmf+w= ;{id = 2854}
+SECTION AUTHORITY
+; cover qname next closer name.
+; H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com.	IN SOA	ns.sub.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+sub.example.com.        3600    IN      RRSIG   SOA 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBLls0z0ncWxTXzDt4uLAuJsr932AhQvVeUJevgwAL6mfmLL6fAf2IZ7mg== ;{id = 2854}
+
+; closest encloser, H(sub.example.com). = 8r1f0ieoutlnjc03meng9e3bn2n0o9pd
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd SOA NS MX RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBX1qVlth+YE+y57p5C7X00bLthDAhRIF2xoHF0exs29obE7JjVthwXfHA== ;{id = 2854}
+
+; wildcard denial, H(*.sub.example.com.) = hq432j8q183b54mejh50200pqo8rvlog
+hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd hq432j8q183b54mejh50200pqo9rvlog A RRSIG
+hq432j8q183b54mejh50200pqo7rvlog.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAOXoeUk1d0cxT9p1gUvBrybAQCSAhQ5eLWaK932TxxY4U6NAxgst4O4uA== ;{id = 2854}
+
+; next closer denial H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAuD3qb/+CWyqjBRt/RDjZvsSyCGAhQivfP3zr1+2Uknw9RhXUcUO0g6Lg== ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCjVxqOi0bcgHgxVkwzJqIi6iNJswIUZxbmItvoyEczTclgVtHsr9Jmf+w= ;{id = 2854}
+SECTION AUTHORITY
+SECTION AUTHORITY
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+sub.example.com.	IN SOA	ns.sub.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+sub.example.com.        3600    IN      RRSIG   SOA 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBLls0z0ncWxTXzDt4uLAuJsr932AhQvVeUJevgwAL6mfmLL6fAf2IZ7mg== ;{id = 2854}
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd SOA NS MX RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBX1qVlth+YE+y57p5C7X00bLthDAhRIF2xoHF0exs29obE7JjVthwXfHA== ;{id = 2854}
+hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd hq432j8q183b54mejh50200pqo9rvlog A RRSIG
+hq432j8q183b54mejh50200pqo7rvlog.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAOXoeUk1d0cxT9p1gUvBrybAQCSAhQ5eLWaK932TxxY4U6NAxgst4O4uA== ;{id = 2854}
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAuD3qb/+CWyqjBRt/RDjZvsSyCGAhQivfP3zr1+2Uknw9RhXUcUO0g6Lg== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_cnametocnamewctoposwc.rpl b/src/test/resources/unbound/val_nsec3_cnametocnamewctoposwc.rpl
new file mode 100644
index 000000000..5188676e7
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_cnametocnamewctoposwc.rpl
@@ -0,0 +1,209 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    IN      DNSKEY  257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b"
+	val-override-date: "20121030123249"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a regular cname to wildcard cname to wildcard response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.	120	IN	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 8 AwEAAdWzfjQD2bfQuoQGNYuS0ByosBxiTkoKcy9kMoWOQ/jx9rvTRhHImWxTxFtIyZOoRgn6E6mE71e5Y1q1nuyH544Em+4rNRMMW4bzecQmMmPk+B97MqW9aW6e4BwiCTt52IGfL++5GORYcaITw9UOlQLYH1oHHUNUC6ebHENofLTj ;{id = 64050 (zsk), size = 1024b}
+example.com.	3600	IN	DNSKEY	257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b ;{id = 46426 (ksk), size = 1024b}
+example.com.	3600	IN	RRSIG	DNSKEY 8 2 3600 20121126123249 20121029123249 46426 example.com. pisNb/A40XDEiMpcYtxc+yO6osISyfpqz+0UZ61pd70+TLXMF197zr9SqOVJHyRI6G2lSnFggxYrZDpxLbxOW0RY/KfjD3xlI14M/2DieJ1NdlQuYFGgTwxcoINUJ/wRd4YUxkF4JS0D4NBdQ0yQYR0KqDr84oyhnULEHX6WB7s=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION ANSWER
+start.example.com.	3600	IN	CNAME	x.y.z.wc.example.com.
+start.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. LHpx5n++Z0Jgjjalac+e7wdYSbfurqSDpLRAOI1PybTJkwrMvgDKfp0ycT4HwsLVy7spumZ/Ahg/5II9pai7jCiqv1Iyh6fx19ZVeClTFMOLotCK8xMHACYJIY39BhTwD2D3r9BxbK+RopUlXypwV02yzdY2xEnPCBJVDUn5d0g=
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
+SECTION AUTHORITY
+; H(z.wc.example.com.) = isn85psesctb6afn2q105mv966tqqepi.
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	NSEC3	1 0 1 abcd  isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg=
+; H(z.end.example.com.) = a62608t4becqb6233m87ar7a3648rj3b.
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	NSEC3	1 0 1 abcd  a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+x.y.z.wc.example.com. IN A
+SECTION ANSWER
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
+SECTION AUTHORITY
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	NSEC3	1 0 1 abcd  isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg=
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	NSEC3	1 0 1 abcd  a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGING
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+x.y.z.end.example.com. IN A
+SECTION ANSWER
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
+SECTION AUTHORITY
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	NSEC3	1 0 1 abcd  a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+RANGE_END
+
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+start.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION ANSWER
+start.example.com.	3600	IN	CNAME	x.y.z.wc.example.com.
+start.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. LHpx5n++Z0Jgjjalac+e7wdYSbfurqSDpLRAOI1PybTJkwrMvgDKfp0ycT4HwsLVy7spumZ/Ahg/5II9pai7jCiqv1Iyh6fx19ZVeClTFMOLotCK8xMHACYJIY39BhTwD2D3r9BxbK+RopUlXypwV02yzdY2xEnPCBJVDUn5d0g=
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
+SECTION AUTHORITY
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	NSEC3	1 0 1 abcd  isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg=
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	NSEC3	1 0 1 abcd  a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_entnodata_optout.rpl b/src/test/resources/unbound/val_nsec3_entnodata_optout.rpl
new file mode 100644
index 000000000..b0554707d
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_entnodata_optout.rpl
@@ -0,0 +1,202 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 response for NODATA ENT with optout. 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN DS
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; OPTOUT SPAN around it
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c=
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN A
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; OPTOUT SPAN around it
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c=
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ent.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+ent.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c=
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_entnodata_optout_badopt.rpl b/src/test/resources/unbound/val_nsec3_entnodata_optout_badopt.rpl
new file mode 100644
index 000000000..7bf202e3a
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_entnodata_optout_badopt.rpl
@@ -0,0 +1,198 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 response for NODATA ENT with optout. 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN DS
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; the span does not have OPTOUT
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AAaGjBrmbElksOWsOAU0vdNwbRKsbsQgOwhFkONaynSk9M+2QpJQ6+k=
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN A
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; the span does not have OPTOUT
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AAaGjBrmbElksOWsOAU0vdNwbRKsbsQgOwhFkONaynSk9M+2QpJQ6+k=
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ent.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+ent.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_entnodata_optout_match.rpl b/src/test/resources/unbound/val_nsec3_entnodata_optout_match.rpl
new file mode 100644
index 000000000..daea3809c
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_entnodata_optout_match.rpl
@@ -0,0 +1,202 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NODATA ENT with nsec3 optout matches the ent. 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN DS
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; OPTOUT
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ=
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN A
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; OPTOUT
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ=
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ent.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+ent.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      NSEC3   1 1 123 aabb00123456bbccdd  b6fuorg741ufili49mg9j4328ig54sqg NS SOA RRSIG DNSKEY 
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com.   3600    IN      NSEC3   1 1 123 aabb00123456bbccdd  2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ=
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_iter_high.rpl b/src/test/resources/unbound/val_nsec3_iter_high.rpl
new file mode 100644
index 000000000..2b78f0b7f
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_iter_high.rpl
@@ -0,0 +1,165 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	val-nsec3-keysize-iterations: "1024 100 2048 200 4096 500"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 with too high iterations
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; closest encloser, H(example.com).
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nodatawccname.rpl b/src/test/resources/unbound/val_nsec3_nodatawccname.rpl
new file mode 100644
index 000000000..48631bcb6
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nodatawccname.rpl
@@ -0,0 +1,170 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata NSEC3 abused wildcarded CNAME.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; closest encloser
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+
+; wildcard H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+4f3cnt8cu22tngec382jj4gde4rb47ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub CNAME RRSIG
+4f3cnt8cu22tngec382jj4gde4rb47ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFHo9PHBS+MkNWl2DVXH1h1Z8p0yFAhUAjBVKA5s0q5Bt8YOGdY1+9J6GmDU= ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nods.rpl b/src/test/resources/unbound/val_nsec3_nods.rpl
new file mode 100644
index 000000000..7151e11ee
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nods.rpl
@@ -0,0 +1,221 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 with no DS referral.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nods_badopt.rpl b/src/test/resources/unbound/val_nsec3_nods_badopt.rpl
new file mode 100644
index 000000000..6ddd47431
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nods_badopt.rpl
@@ -0,0 +1,249 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 with no DS with wrong optout bit.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEtLEiFNr2V6qJOHUxIRQ4ittparAhUAm+WN3aqAHEgiQQEeX9z4S0Ub/dM= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCategdxsiQTpOMHED1ehjPT7PO2gIUDJ9f/zGCEUHy/UVp97aOh0RRoks= ;{id = 2854}
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEtLEiFNr2V6qJOHUxIRQ4ittparAhUAm+WN3aqAHEgiQQEeX9z4S0Ub/dM= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCategdxsiQTpOMHED1ehjPT7PO2gIUDJ9f/zGCEUHy/UVp97aOh0RRoks= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nods_badsig.rpl b/src/test/resources/unbound/val_nsec3_nods_badsig.rpl
new file mode 100644
index 000000000..1c37d21e1
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nods_badsig.rpl
@@ -0,0 +1,238 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 with no DS referral with bad signature.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+; bad signature:
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20010926135752 20010829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+;8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+; bad signature
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20010926135752 20010829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+;8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nods_negcache.rpl b/src/test/resources/unbound/val_nsec3_nods_negcache.rpl
new file mode 100644
index 000000000..d2ba7309a
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nods_negcache.rpl
@@ -0,0 +1,222 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 with no DS referral from neg cache.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+; get DS proof from neg cache
+; ENTRY_BEGIN
+; MATCH opcode qtype qname
+; ADJUST copy_id
+; REPLY QR NOERROR
+; SECTION QUESTION
+; sub.example.com. IN DS
+; SECTION AUTHORITY
+; ; proof that there is no DS here.
+; ;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+; ;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; ; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+; 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+; 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+; ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nods_soa.rpl b/src/test/resources/unbound/val_nsec3_nods_soa.rpl
new file mode 100644
index 000000000..bbb0633aa
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nods_soa.rpl
@@ -0,0 +1,253 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 with no DS referral abuse of apex.
+; abusing subzone apex NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA SERVFAIL
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA SERVFAIL
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS SOA DNSKEY RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC4CFQCeKcyw76yvOvfa2+qtxv8bKcEyJwIVAJBeIGST4Y8Tk8YkQI0suee3Bxb1 ;{id = 2854}
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS SOA DNSKEY RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC4CFQCeKcyw76yvOvfa2+qtxv8bKcEyJwIVAJBeIGST4Y8Tk8YkQI0suee3Bxb1 ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_optout_ad.rpl b/src/test/resources/unbound/val_nsec3_optout_ad.rpl
new file mode 100644
index 000000000..99b456924
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_optout_ad.rpl
@@ -0,0 +1,362 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com. DS 57024 7 1 46d134be319b2cc910b9938f1cb25dc41abb27bf"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with optout NSEC3 response that gets no AD.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.	3600	IN	RRSIG	NS 7 2 3600 20070926134150 20070829134150 57024 example.com. fIE3H2v3wAm3GPajsdgJn+A8R4Cp7dMXf1PSUQ8BfklzMBMJjpc0oM/S7u/HVLYQs1jx8CMdw2TZEpIPfo6Rl0TekDqNtVk6IBw1H+zxDFwf3v7UdOjm8s6FfoEJcZ5yEFV/Lps82NzHCR9uqprhv6ddQdAeVNA5QHis1c5Y1P0= ;{id = 57024}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 7 3 3600 20070926134150 20070829134150 57024 example.com. b0iX5vuTqngB5F0ORFrFLx8sAeTHGJVcPpD34iNFY71ZoFnHrHfAMWC3RAWz+nQ1NmH1oDdA8NTYN/aQQNzwEz4VmVYA2PANBSiwSY3q3gp9PWZU6CfRNf2dU/210H0y35FroQpADszmwC+Hlbcvll+bQj3fSyT2W/69kRVssj4= ;{id = 57024}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b}
+example.com.	3600	IN	RRSIG	DNSKEY 7 2 3600 20070926134150 20070829134150 57024 example.com. lqOo8W7UffLZIKBoIJg8OAPkmCWptnstiLIg1bAtzuEZDZFr2KNZGv+5k6hbRJKYnZRLReY4v8G9Eg0GCC/44gLm8BZlnh/4jLOjMH9MKusFV/jNqz/HABITYn1pBwvVak7lzqN+bmL0KMyWf1MzPWilx4fM9YWinsQFILVLPL0= ;{id = 57024}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 7 2 3600 20070926134150 20070829134150 57024 example.com. fIE3H2v3wAm3GPajsdgJn+A8R4Cp7dMXf1PSUQ8BfklzMBMJjpc0oM/S7u/HVLYQs1jx8CMdw2TZEpIPfo6Rl0TekDqNtVk6IBw1H+zxDFwf3v7UdOjm8s6FfoEJcZ5yEFV/Lps82NzHCR9uqprhv6ddQdAeVNA5QHis1c5Y1P0= ;{id = 57024}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 7 3 3600 20070926134150 20070829134150 57024 example.com. b0iX5vuTqngB5F0ORFrFLx8sAeTHGJVcPpD34iNFY71ZoFnHrHfAMWC3RAWz+nQ1NmH1oDdA8NTYN/aQQNzwEz4VmVYA2PANBSiwSY3q3gp9PWZU6CfRNf2dU/210H0y35FroQpADszmwC+Hlbcvll+bQj3fSyT2W/69kRVssj4= ;{id = 57024}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+
+; optout
+; example.com. -> onib9mgub9h0rml3cdf5bgrj59dkjhvk.
+; sub.example.com. -> kg19n32806c832kijdnglq8p9m2r5mdj.
+; *.example.com. -> 4f3cnt8cu22tngec382jj4gde4rb47ub.
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
+
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+
+; optout
+; example.com. -> onib9mgub9h0rml3cdf5bgrj59dkjhvk.
+; sub.example.com. -> kg19n32806c832kijdnglq8p9m2r5mdj.
+; *.example.com. -> 4f3cnt8cu22tngec382jj4gde4rb47ub.
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
+
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+rub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+
+; optout
+; example.com. -> onib9mgub9h0rml3cdf5bgrj59dkjhvk.
+; rub.example.com. -> c2bqk3tb4foaenfbp1v0pdk6mor3r7vo.
+; *.example.com. -> 4f3cnt8cu22tngec382jj4gde4rb47ub.
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com. NSEC3 1 1 0 - f2bqk3tb4foaenfbp1v0pdk6mor3r7vo NS RRSIG
+
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jk6EYU9qTrmNeeKuQRG7iKyfNJnBt45MToPVpAQ+LoGDC3muy4bkWeKspj68cN9E5wNijfmm1eFK3khSSEnM50mfJbpiwlbKgL0VZz33Zn+Wu8b7sTtdDwDH7MUBLRwHeb7W+NtQIEXPLs4Z3BXHzAXy5ZpSjQ3PJZn6zBx4/dw= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+; wildcard expansion
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.wild.example.com. IN A
+SECTION ANSWER
+; *.wild.example.com. IN A 77.88.99.0
+a.wild.example.com. IN A 77.88.99.0
+a.wild.example.com.	3600	IN	RRSIG	A 7 3 3600 20070926134150 20070829134150 57024 example.com. GWV6cQprrpAsaYla5z7N9tppdb+X0ZjOsiWBuBueSACHU8CzsYPMbwKUZlTNbQ4mSVRRDa0rM1niYoZF9oqyAfbn5HBLi62TRjrBLHfvatDgSiZCa4mauUfzUS+U7FfUXikNIigG0aN0xdpJ//urmecjNSKg2aW4M0DYsm7keMI= ;{id = 57024}
+SECTION AUTHORITY
+; a.wild.example.com -> ad1535hlgg914unuuaei9jfh4ofr44uo.  covered by optout
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024}
+; for wild.example.com the closest encloser
+; wild.example.com -> 8aeigskl5tmraedgji7v1lqbmqs8qv7u.
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.wild.example.com. IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+; wildcard no data
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+; wild.example.com -> 8aeigskl5tmraedgji7v1lqbmqs8qv7u.
+; *.wild.example.com. -> nvec78au1hpuma9eebeji5n06eq33gbk.
+; the NSEC3 for the wildcard *.wild.example.com. , with optout, A RRSIG
+nvec78au1hpuma9eebeji5n06eq33gbk.example.com. IN NSEC3 1 1 0 - ovec78au1hpuma9eebeji5n06eq33gbk A RRSIG
+nvec78au1hpuma9eebeji5n06eq33gbk.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jE+b5p+stQumm+tLZdaBT+KBpwYI7wRXijRHWcqiUp2SY1uV7HxBdW8aedVTqpFe8kYbMUgI3pCOAitmiI9R6SJg3q7022QOb9y+0/xSmIDqxATVPTJbkzVBInfWrulRtn7o3HmOyoIc9/w7NnNxFYpwtFL08jTBRr8XRTWDM7Q= ;{id = 57024}
+; NSEC3 for the closest encloser, wild.example.com. (an empty nonterminal)
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024}
+; a.wild.example.com -> ad1535hlgg914unuuaei9jfh4ofr44uo.  covered by optout
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024}
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN MX
+ENTRY_END
+
+; recursion happens here.
+; no AD flag on this because an optout NSEC3 is used.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+sub.example.com. IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.    3600    IN      RRSIG   SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.   3600    IN      RRSIG   NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com.   3600    IN      RRSIG   NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+; no AD flag here because of RFC5155 9.2 section.
+; even though we are sure there is no DS, this is what the RFC says.
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.    3600    IN      RRSIG   SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.   3600    IN      RRSIG   NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com.   3600    IN      RRSIG   NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+STEP 40 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+rub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; no AD flag here because of RFC5155 9.2 section.
+; also for NXDOMAIN
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+rub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.    3600    IN      RRSIG   SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.   3600    IN      RRSIG   NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com. NSEC3 1 1 0 - f2bqk3tb4foaenfbp1v0pdk6mor3r7vo NS RRSIG
+22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jk6EYU9qTrmNeeKuQRG7iKyfNJnBt45MToPVpAQ+LoGDC3muy4bkWeKspj68cN9E5wNijfmm1eFK3khSSEnM50mfJbpiwlbKgL0VZz33Zn+Wu8b7sTtdDwDH7MUBLRwHeb7W+NtQIEXPLs4Z3BXHzAXy5ZpSjQ3PJZn6zBx4/dw= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+STEP 60 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.wild.example.com. IN A
+ENTRY_END
+
+; query is a wildcard expansion, covered by optout.
+; hence it is without AD flag (even though we are sure this wildcard exists,
+; we are not sure that there is no delegation covered by the optout span
+; with the name a.wild.example.com).
+STEP 70 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.wild.example.com. IN A
+SECTION ANSWER
+a.wild.example.com. IN A 77.88.99.0
+a.wild.example.com.	3600	IN	RRSIG	A 7 3 3600 20070926134150 20070829134150 57024 example.com. GWV6cQprrpAsaYla5z7N9tppdb+X0ZjOsiWBuBueSACHU8CzsYPMbwKUZlTNbQ4mSVRRDa0rM1niYoZF9oqyAfbn5HBLi62TRjrBLHfvatDgSiZCa4mauUfzUS+U7FfUXikNIigG0aN0xdpJ//urmecjNSKg2aW4M0DYsm7keMI= ;{id = 57024}
+SECTION AUTHORITY
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024}
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024}
+ENTRY_END
+
+STEP 80 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.wild.example.com. IN MX
+ENTRY_END
+
+; nodata wildcard expansion, we are sure that the wildcard does not have
+; the data that is requested, but there an optout flag set on the wildcard
+; expansion denial, thus we are not sure of a.wild.example.com delegation
+; under the optout.
+STEP 90 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.wild.example.com. IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+nvec78au1hpuma9eebeji5n06eq33gbk.example.com. IN NSEC3 1 1 0 - ovec78au1hpuma9eebeji5n06eq33gbk A RRSIG
+nvec78au1hpuma9eebeji5n06eq33gbk.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jE+b5p+stQumm+tLZdaBT+KBpwYI7wRXijRHWcqiUp2SY1uV7HxBdW8aedVTqpFe8kYbMUgI3pCOAitmiI9R6SJg3q7022QOb9y+0/xSmIDqxATVPTJbkzVBInfWrulRtn7o3HmOyoIc9/w7NnNxFYpwtFL08jTBRr8XRTWDM7Q= ;{id = 57024}
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024}
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_optout_cache.rpl b/src/test/resources/unbound/val_nsec3_optout_cache.rpl
new file mode 100644
index 000000000..215cca676
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_optout_cache.rpl
@@ -0,0 +1,280 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 span change and cache effects.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+; blacklisted address to stop it from using it, the negative answer uses its
+; nsec3-hash which is alittle inconvenient
+; ns.example.com. -> 7l9dbddmge35f7vr9mec78dqr6l3236k.
+ns.example.com. IN AAAA ::1
+ns.example.com. 3600    IN      RRSIG   AAAA 3 3 3600 20070926135752 20070829135752 2854 example.com. AExGBc6JU/xwwoSIeK/DtX8kr7AgOecx5Z2FnRiz/YSpnWGnFDt26ec=
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; DS query
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+example.com. IN SOA a. b. 1 2 3 4 5
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. AAkQt1yoMF7s4gCYlojFzi0ubw6Uo4uWPSJTz6Dp/2iWUVDbxDKpy+E=
+
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; proof that there is no DS here.
+; ce:
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig53sqh NS SOA DNSKEY NSEC3PARAM RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AKHQ0gnNP5WDab1yqbd+Bt12CSSff88sqeDR40dvhiWOcYA8mmyjYNA=
+
+; span around sub.example.com., same span as foo.example.com, but it has
+; just changed and it is now larger to accomodate sub.example.com.
+6obgmo062d9935unjnnj2su5otaj9334.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
+6obgmo062d9935unjnnj2su5otaj9334.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. ABzruSKUUcJRNlYDqZ4UmQH/WnzeXt9Gozp3chS4cR0sqsEeGjL54eQ=
+
+; span around sub.example.com. from previous delegation in nsec3-chain
+;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
+;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AF2FOKiIfOV9KrDTuP4RwnDI6lZnmhRHE+HAh8UHEq87uakYUEHfGUY=
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; proof that there is no DS here.
+; ce:
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig53sqh NS SOA DNSKEY NSEC3PARAM RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AKHQ0gnNP5WDab1yqbd+Bt12CSSff88sqeDR40dvhiWOcYA8mmyjYNA=
+
+; span around sub.example.com., same span as foo.example.com, but it has
+; just changed and it is now larger to accomodate sub.example.com.
+6obgmo062d9935unjnnj2su5otaj9334.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
+6obgmo062d9935unjnnj2su5otaj9334.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. ABzruSKUUcJRNlYDqZ4UmQH/WnzeXt9Gozp3chS4cR0sqsEeGjL54eQ=
+
+; span around sub.example.com. from previous delegation in nsec3-chain
+;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
+;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AF2FOKiIfOV9KrDTuP4RwnDI6lZnmhRHE+HAh8UHEq87uakYUEHfGUY=
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+foo.example.com. IN A
+SECTION AUTHORITY
+foo.example.com. IN NS ns.sub.example.com.
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+; foo.example.com. -> 7obgmo062d9935unjnnj2su5otaj9334.
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; proof that there is no DS here.
+; ce:
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig53sqh NS SOA DNSKEY NSEC3PARAM RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AKHQ0gnNP5WDab1yqbd+Bt12CSSff88sqeDR40dvhiWOcYA8mmyjYNA=
+
+; span around sub.example.com. from previous delegation in nsec3-chain
+; note it does not cover sub.example.com.
+6obgmo062d9935unjnnj2su5otaj9334.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 7r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
+6obgmo062d9935unjnnj2su5otaj9334.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. ABQZ49PmeXGxUmMebbKcYI/Y3mhMdlHmshohKTbGhEsNF11OjPYmr9c=
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.foo.example.com. IN A
+SECTION ANSWER
+www.foo.example.com. IN A 1.2.3.124
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.foo.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.foo.example.com. IN A
+SECTION ANSWER
+www.foo.example.com. IN A 1.2.3.124
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_wcany.rpl b/src/test/resources/unbound/val_nsec3_wcany.rpl
new file mode 100644
index 000000000..24bdaeb18
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_wcany.rpl
@@ -0,0 +1,162 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 wildcard qtype ANY response.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+; *.example.com. IN A 1.2.3.123
+; *.example.com. IN AAAA ::5
+; *.example.com. IN MX 10 mail.example.com.
+www.example.com.  3600    IN      MX      10 mail.example.com.
+www.example.com.  3600    IN      RRSIG   MX 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFBncNdBkFSOTvqF7RtZ4bZuojWF8AhQlEv7Iw8BpQ7YkZQidRDJdx+BrGw== ;{id = 2854}
+www.example.com.  3600    IN      AAAA    ::5
+www.example.com.  3600    IN      RRSIG   AAAA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCWSH0WGURY1mQwpL08SN1XF9p39AhUAgwbFk0frQC62UxhNfn4pu7iq8q4= ;{id = 2854}
+www.example.com.  3600    IN      A       1.2.3.123
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFCypz6dZfecwPbJ3BKrXEA7jw5kkAhRz1vprGL0idsKos8szoybKXe17Jw== ;{id = 2854}
+
+SECTION AUTHORITY
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN ANY
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+www.example.com.  3600    IN      MX      10 mail.example.com.
+www.example.com.  3600    IN      RRSIG   MX 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFBncNdBkFSOTvqF7RtZ4bZuojWF8AhQlEv7Iw8BpQ7YkZQidRDJdx+BrGw== ;{id = 2854}
+www.example.com.  3600    IN      AAAA    ::5
+www.example.com.  3600    IN      RRSIG   AAAA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCWSH0WGURY1mQwpL08SN1XF9p39AhUAgwbFk0frQC62UxhNfn4pu7iq8q4= ;{id = 2854}
+www.example.com.  3600    IN      A       1.2.3.123
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFCypz6dZfecwPbJ3BKrXEA7jw5kkAhRz1vprGL0idsKos8szoybKXe17Jw== ;{id = 2854}
+SECTION AUTHORITY
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_wcany_nodeny.rpl b/src/test/resources/unbound/val_nsec3_wcany_nodeny.rpl
new file mode 100644
index 000000000..2e27fb502
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_wcany_nodeny.rpl
@@ -0,0 +1,171 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 wildcard qtype ANY without denial.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+; *.example.com. IN A 1.2.3.123
+; *.example.com. IN AAAA ::5
+; *.example.com. IN MX 10 mail.example.com.
+www.example.com.  3600    IN      MX      10 mail.example.com.
+www.example.com.  3600    IN      RRSIG   MX 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFBncNdBkFSOTvqF7RtZ4bZuojWF8AhQlEv7Iw8BpQ7YkZQidRDJdx+BrGw== ;{id = 2854}
+www.example.com.  3600    IN      AAAA    ::5
+www.example.com.  3600    IN      RRSIG   AAAA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCWSH0WGURY1mQwpL08SN1XF9p39AhUAgwbFk0frQC62UxhNfn4pu7iq8q4= ;{id = 2854}
+www.example.com.  3600    IN      A       1.2.3.123
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFCypz6dZfecwPbJ3BKrXEA7jw5kkAhRz1vprGL0idsKos8szoybKXe17Jw== ;{id = 2854}
+
+SECTION AUTHORITY
+; no qname denial!
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+;s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+;s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN ANY
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx.rpl b/src/test/resources/unbound/val_nx.rpl
new file mode 100644
index 000000000..d0e4bb339
--- /dev/null
+++ b/src/test/resources/unbound/val_nx.rpl
@@ -0,0 +1,155 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_failwc.rpl b/src/test/resources/unbound/val_nx_failwc.rpl
new file mode 100644
index 000000000..eb2f5ba7e
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_failwc.rpl
@@ -0,0 +1,70 @@
+; config options
+; The island of trust is at nsecwc.nlnetlabs.nl
+server:
+	trust-anchor: "nsecwc.nlnetlabs.nl.	10024	IN	DS	565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E"
+	val-override-date: "20181202115531"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+stub-zone:
+	name: "nsecwc.nlnetlabs.nl"
+	stub-addr: "185.49.140.60"
+
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test.
+
+ ; ns.example.com.                                                                
+RANGE_BEGIN 0 100                                                                
+	ADDRESS 185.49.140.60
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+nsecwc.nlnetlabs.nl. IN DNSKEY
+SECTION ANSWER
+nsecwc.nlnetlabs.nl.	3600	IN	DNSKEY	257 3 8 AwEAAbTluF4BfJ/FT7Ak5a3VvYG1AqhT8FXxOsVwGTyueyE/hW+fMFMd QlLMf2Lf/gmsnFgn/p7GDmJBLlPTATmLeP3isvAZbK3MDEP2O5UjTVmt LZriTv8xfxYW6emCM54EQjWii64BFWrOeLm9zQqzyaLl53CbIIXqiacV KPteh8GX
+nsecwc.nlnetlabs.nl.	3600	IN	RRSIG	DNSKEY 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. q3bG4e8EtvXKDcNWcyYHeQxLF9l9aJKdmeSubyN6Qc3UVHugd6t3YSxD hlD+g43y7FcdnNHdAPh/jpgC4wtOb5J+5XAuESDHwesmIXOCTJjrb+A8 r+xQK+vsY8FhNZ2r81JZ/KQ/+TcCS5tbYeNZQgENduWAxgGiw3fdrMOV xiU=
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+a.nsecwc.nlnetlabs.nl. IN	TXT
+SECTION ANSWER
+SECTION AUTHORITY
+!.nsecwc.nlnetlabs.nl.	3600	IN	NSEC	delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC
+!.nsecwc.nlnetlabs.nl.	3600	IN	RRSIG	NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw=
+nsecwc.nlnetlabs.nl.	3600	IN	SOA	ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+nsecwc.nlnetlabs.nl.	3600	IN	RRSIG	SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY=
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.nsecwc.nlnetlabs.nl. IN   TXT
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+a.nsecwc.nlnetlabs.nl. IN   TXT
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nodeny.rpl b/src/test/resources/unbound/val_nx_nodeny.rpl
new file mode 100644
index 000000000..311b6ab7e
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nodeny.rpl
@@ -0,0 +1,165 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain response missing qname denial
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+;wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+;wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nowc.rpl b/src/test/resources/unbound/val_nx_nowc.rpl
new file mode 100644
index 000000000..3a5aa18dd
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nowc.rpl
@@ -0,0 +1,165 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain response missing wildcard denial
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+;example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+;example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_collision.rpl b/src/test/resources/unbound/val_nx_nsec3_collision.rpl
new file mode 100644
index 000000000..41cd0d6e7
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_collision.rpl
@@ -0,0 +1,188 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a collision.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; some collisions added here. Say different chains are being signed
+; and some colliding NSEC3 RRs are generated.
+
+; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s
+; for 1 1 8 - 
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHndWrEEbuzezs/4lxeiMgEuUsUbAhR72gJgd/Zmhf80yoxCauw9k5OkCw== ;{id = 2854}
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+; for 1 1 0 - 
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+; for 1 1 123 aaabb...
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHndWrEEbuzezs/4lxeiMgEuUsUbAhR72gJgd/Zmhf80yoxCauw9k5OkCw== ;{id = 2854}
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_collision2.rpl b/src/test/resources/unbound/val_nx_nsec3_collision2.rpl
new file mode 100644
index 000000000..5c8bed3fa
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_collision2.rpl
@@ -0,0 +1,185 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a salt mismatch.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; some collisions added here. Say different chains are being signed
+; and some colliding NSEC3 RRs are generated.
+
+; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s
+; for 1 1 8 - 
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD1r+7exm2FOOkSqFvmoLt/VrovAYWd5Ouz9m5MxGlLFbTU2ja2Hupk=
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+; for 1 1 0 - 
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+; for 1 1 123 aaabb...
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD1r+7exm2FOOkSqFvmoLt/VrovAYWd5Ouz9m5MxGlLFbTU2ja2Hupk=
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_collision3.rpl b/src/test/resources/unbound/val_nx_nsec3_collision3.rpl
new file mode 100644
index 000000000..f17aec4b1
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_collision3.rpl
@@ -0,0 +1,185 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a collision.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; some collisions added here. Say different chains are being signed
+; and some colliding NSEC3 RRs are generated.
+
+; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s
+; for 1 1 8 - 
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. ACVnRA7g5H4x/BMgcw6xpoS9amkqcAVSQA0G+QC4G3eIyjBbIogvHic=
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+; for 1 1 0 - 
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+; for 1 1 123 aaabb...
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. ACVnRA7g5H4x/BMgcw6xpoS9amkqcAVSQA0G+QC4G3eIyjBbIogvHic=
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_collision4.rpl b/src/test/resources/unbound/val_nx_nsec3_collision4.rpl
new file mode 100644
index 000000000..2d20bfd5e
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_collision4.rpl
@@ -0,0 +1,185 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a collision.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; some collisions added here. Say different chains are being signed
+; and some colliding NSEC3 RRs are generated.
+
+; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s
+; for 1 1 8 - 
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 255 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD8aB+T5nfcJUatP7WxLgUMzwByVMnTWY2T5ZDPKZri011kQC3lt7qQ=
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+; for 1 1 0 - 
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+; for 1 1 123 aaabb...
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 255 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD8aB+T5nfcJUatP7WxLgUMzwByVMnTWY2T5ZDPKZri011kQC3lt7qQ=
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_hashalg.rpl b/src/test/resources/unbound/val_nx_nsec3_hashalg.rpl
new file mode 100644
index 000000000..b4741103f
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_hashalg.rpl
@@ -0,0 +1,161 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unknown NSEC3 hash algorithm.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; closest encloser, H(example.com).
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN NSEC3 255 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AAjRJ6G5VolBi6wQ8fO1gzgDZTEAPVLPc0YhnDLLNfl1hYxJVyLqd6A=
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN NSEC3 255 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AAjRJ6G5VolBi6wQ8fO1gzgDZTEAPVLPc0YhnDLLNfl1hYxJVyLqd6A=
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_nsecmix.rpl b/src/test/resources/unbound/val_nx_nsec3_nsecmix.rpl
new file mode 100644
index 000000000..0396c6132
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_nsecmix.rpl
@@ -0,0 +1,167 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 responses that has an NSEC mixed in.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+    ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN  A   193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN  A   192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+    ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.     IN  A   1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+    ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.     IN  A   1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN SOA  ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+
+; NSEC3
+; closest encloser, H(example.com).
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN SOA  ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_params.rpl b/src/test/resources/unbound/val_nx_nsec3_params.rpl
new file mode 100644
index 000000000..dd3ab6b57
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_params.rpl
@@ -0,0 +1,164 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 several parameters.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; closest encloser, H(example.com).
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_overreach.rpl b/src/test/resources/unbound/val_nx_overreach.rpl
new file mode 100644
index 000000000..c63d4da5c
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_overreach.rpl
@@ -0,0 +1,166 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with overreaching NSEC record
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+; The overreaching NSEC record; it tries to deny other .com zones!
+wab.example.com.        IN      NSEC    wzz.foo.com. A NSEC RRSIG
+wab.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AEimIB2N5u7AQOb5IBMnckASZ4MlhBxziJy+zVUjLov/s7q85j8eWQc= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_pos_truncns.rpl b/src/test/resources/unbound/val_pos_truncns.rpl
new file mode 100644
index 000000000..57f320ea3
--- /dev/null
+++ b/src/test/resources/unbound/val_pos_truncns.rpl
@@ -0,0 +1,151 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with badly truncated positive response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+
+; Truncated, no signature for NS record.
+;;;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+;;;SECTION ADDITIONAL
+;;;ns.example.com.		IN 	A	1.2.3.4
+;;;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_positive.rpl b/src/test/resources/unbound/val_positive.rpl
new file mode 100644
index 000000000..512b1653a
--- /dev/null
+++ b/src/test/resources/unbound/val_positive.rpl
@@ -0,0 +1,154 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with positive response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_positive_nosigs.rpl b/src/test/resources/unbound/val_positive_nosigs.rpl
new file mode 100644
index 000000000..e57836f90
--- /dev/null
+++ b/src/test/resources/unbound/val_positive_nosigs.rpl
@@ -0,0 +1,181 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with positive response, signatures removed.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; barely valid nodata for AAAA
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DS query for subzone
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN DS
+SECTION ANSWER
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_positive_wc.rpl b/src/test/resources/unbound/val_positive_wc.rpl
new file mode 100644
index 000000000..5384acf63
--- /dev/null
+++ b/src/test/resources/unbound/val_positive_wc.rpl
@@ -0,0 +1,162 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with positive wildcard response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+; from
+; *.example.com. IN A	10.20.30.40
+www.example.com. IN A	10.20.30.40
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFFi0g6v/20JyUxoQq7XM0iQnaMMOAhRjhUCLZjMqR1tj2MGGOgfhb1BSyw== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+; denies www.example.com.
+ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFGbrr95DAxBIRKFmr4BUm5OxXWMUAhUAsduS0iF2Pa7FagrbAPrJxZ2KPNs= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFFi0g6v/20JyUxoQq7XM0iQnaMMOAhRjhUCLZjMqR1tj2MGGOgfhb1BSyw== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFGbrr95DAxBIRKFmr4BUm5OxXWMUAhUAsduS0iF2Pa7FagrbAPrJxZ2KPNs= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_positive_wc_nodeny.rpl b/src/test/resources/unbound/val_positive_wc_nodeny.rpl
new file mode 100644
index 000000000..e87611e89
--- /dev/null
+++ b/src/test/resources/unbound/val_positive_wc_nodeny.rpl
@@ -0,0 +1,169 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with positive wildcard without qname denial 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+; from
+; *.example.com. IN A	10.20.30.40
+www.example.com. IN A	10.20.30.40
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFFi0g6v/20JyUxoQq7XM0iQnaMMOAhRjhUCLZjMqR1tj2MGGOgfhb1BSyw== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+; denies www.example.com.
+; ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+; ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFGbrr95DAxBIRKFmr4BUm5OxXWMUAhUAsduS0iF2Pa7FagrbAPrJxZ2KPNs= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_qds_badanc.rpl b/src/test/resources/unbound/val_qds_badanc.rpl
new file mode 100644
index 000000000..dc686153f
--- /dev/null
+++ b/src/test/resources/unbound/val_qds_badanc.rpl
@@ -0,0 +1,224 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with DS query and a bad anchor
+; The anchor is the wrong side of the zone cut; no parent anchor.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_qds_oneanc.rpl b/src/test/resources/unbound/val_qds_oneanc.rpl
new file mode 100644
index 000000000..f21ab422b
--- /dev/null
+++ b/src/test/resources/unbound/val_qds_oneanc.rpl
@@ -0,0 +1,224 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with DS query and one anchor
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_qds_twoanc.rpl b/src/test/resources/unbound/val_qds_twoanc.rpl
new file mode 100644
index 000000000..4e4f2e732
--- /dev/null
+++ b/src/test/resources/unbound/val_qds_twoanc.rpl
@@ -0,0 +1,225 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with DS query and two anchors
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_refer_unsignadd.rpl b/src/test/resources/unbound/val_refer_unsignadd.rpl
new file mode 100644
index 000000000..90e0f0421
--- /dev/null
+++ b/src/test/resources/unbound/val_refer_unsignadd.rpl
@@ -0,0 +1,353 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	access-control: 127.0.0.1 allow_snoop
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a referral with unsigned additional
+; but the additional record is from a signed zone, 
+; and a proper proof for no DS or DSNKEY types is forthcoming.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+; Skip .com, to provide unsigned referral A record for ns.example.net
+; and go straight to example.com.
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.net	IN	A	1.2.3.5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.net	IN	A	1.2.3.5
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to example.com. DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	A 11.12.13.14
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; example.com zone in ns.example.net.
+; response to example.com. DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	A 11.12.13.14
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; example.net zone in ns.example.net.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; deny DS and DNSKEY types
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id 
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN DS
+SECTION AUTHORITY
+example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
+example.net.    3600    IN      RRSIG   SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
+ns.example.net	IN	NSEC	ns-new.example.net. A AAAA RRSIG NSEC
+ns.example.net. 3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. HLkPBWA8Hstub8e/zdp/A8xyI6+fnnMsA9oiZ20VBuSTaBknX0SXmVulNhVGfdmz9fYmYFUr1zjqvPFG+ErO8A== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id 
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN DNSKEY
+SECTION AUTHORITY
+example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
+example.net.    3600    IN      RRSIG   SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
+ns.example.net	IN	NSEC	ns-new.example.net. A RRSIG NSEC
+ns.example.net. 3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. fAbDxuMP6lMqi71Wa9nsByG7buoJpfxyQhjps6HXOPzOC24UCCjdvZfZltlRy7Yrfrs28MjHwYEmHFmCeFpfPw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id 
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN A
+SECTION ANSWER
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id 
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN AAAA
+SECTION AUTHORITY
+example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
+example.net.    3600    IN      RRSIG   SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
+ns.example.net	IN	NSEC	ns-new.example.net. A RRSIG NSEC
+ns.example.net. 3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. fAbDxuMP6lMqi71Wa9nsByG7buoJpfxyQhjps6HXOPzOC24UCCjdvZfZltlRy7Yrfrs28MjHwYEmHFmCeFpfPw== ;{id = 30899}
+ENTRY_END
+
+RANGE_END
+
+; prime cache with example.com. NS rrset.
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	A	11.12.13.14
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; test nonrec referral validation
+STEP 11 QUERY
+ENTRY_BEGIN
+REPLY DO
+SECTION QUESTION
+bla.example.com. IN A
+ENTRY_END
+
+STEP 12 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AD DO NOERROR
+SECTION QUESTION
+bla.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_referd.rpl b/src/test/resources/unbound/val_referd.rpl
new file mode 100644
index 000000000..d475f835e
--- /dev/null
+++ b/src/test/resources/unbound/val_referd.rpl
@@ -0,0 +1,176 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	harden-referral-path: no
+	access-control: 127.0.0.1 allow_snoop
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cache referral
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.	3600	IN	RRSIG	A 3 3 3600 20070926134150 20070829134150 2854 example.com. AD8qRJvXxOtmSuy8Ogyo0roA294qOtNT2E1m05kSU0jbxN4qLYn0OmU= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; first ask for +CD and get the data in the cache.
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD CD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 3 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA CD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+; now the data is in the cache, validate a referral from cache
+; note, no recursion desired
+STEP 5 QUERY
+ENTRY_BEGIN
+REPLY DO
+SECTION QUESTION
+bla.example.com. IN A
+ENTRY_END
+
+STEP 6 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AD DO NOERROR
+SECTION QUESTION
+bla.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.		IN 	NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_referglue.rpl b/src/test/resources/unbound/val_referglue.rpl
new file mode 100644
index 000000000..dd7e7de91
--- /dev/null
+++ b/src/test/resources/unbound/val_referglue.rpl
@@ -0,0 +1,301 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	directory: ""
+	access-control: 127.0.0.1 allow_snoop
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cache referral with unsigned glue
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns2.sub.example.com.	IN 	A 	100.200.30.40
+ENTRY_END
+
+; referral, for all types
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns2.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns2.sub.example.com.
+sub.example.com. IN NSEC tlib.example.com. NS RRSIG NSEC
+sub.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABdrfr+eKT1syk2qFlV01wLOqQdvNMpEtPmGAM6CrtyQAje/ddXSi9A= ;{id = 2854}
+ns2.sub.example.com.    IN      A       100.200.30.40
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns2.sub.example.com.	IN 	A 	100.200.30.40
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+; This is from an unsigned subzone
+ns2.sub.example.com.	IN 	A 	100.200.30.40
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN NSEC	www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEG4WWIYBDknWlr2d8S42UZHRuByAhRgnDELUAccGZTCVzG+xl/locivpA== ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns2.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 100.200.30.40
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+; This is from an unsigned subzone
+ns2.sub.example.com.	IN 	A 	100.200.30.40
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN NSEC	www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEG4WWIYBDknWlr2d8S42UZHRuByAhRgnDELUAccGZTCVzG+xl/locivpA== ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns2.sub.example.com. IN A
+SECTION ANSWER
+ns2.sub.example.com.    IN      A       100.200.30.40
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns2.sub.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+RANGE_END
+
+; first ask for +CD and get the data in the cache.
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD CD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 3 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA CD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+; already validated and thus stripped from the answer.
+;ns2.sub.example.com.	IN 	A 	100.200.30.40
+ENTRY_END
+
+; now the data is in the cache, validate a referral from cache
+; note, no recursion desired
+STEP 5 QUERY
+ENTRY_BEGIN
+REPLY DO
+SECTION QUESTION
+bla.example.com. IN A
+ENTRY_END
+
+STEP 6 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AD DO NOERROR
+SECTION QUESTION
+bla.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	3600 IN NS	ns.example.com.
+example.com.	3600 IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_rrsig.rpl b/src/test/resources/unbound/val_rrsig.rpl
new file mode 100644
index 000000000..0b672e0f2
--- /dev/null
+++ b/src/test/resources/unbound/val_rrsig.rpl
@@ -0,0 +1,170 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with qtype RRSIG response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query for A
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+ENTRY_END
+
+; RRSIG query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN RRSIG
+SECTION ANSWER
+;www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN RRSIG
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN RRSIG
+SECTION ANSWER
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_secds.rpl b/src/test/resources/unbound/val_secds.rpl
new file mode 100644
index 000000000..02a4d9280
--- /dev/null
+++ b/src/test/resources/unbound/val_secds.rpl
@@ -0,0 +1,215 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with secure delegation
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_secds_nosig.rpl b/src/test/resources/unbound/val_secds_nosig.rpl
new file mode 100644
index 000000000..1d652a802
--- /dev/null
+++ b/src/test/resources/unbound/val_secds_nosig.rpl
@@ -0,0 +1,233 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with no signatures after secure delegation
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; barely valid nodata for AAAA
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+;sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+;ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; barely valid nodata for AAAA
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+;sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+;ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.sub.example.com. IN A
+SECTION ANSWER
+ns.sub.example.com. IN A 1.2.3.6
+;ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+;sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+;sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+;ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+;www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_spurious_ns.rpl b/src/test/resources/unbound/val_spurious_ns.rpl
new file mode 100644
index 000000000..bd79db19c
--- /dev/null
+++ b/src/test/resources/unbound/val_spurious_ns.rpl
@@ -0,0 +1,155 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with spurious unsigned NS in auth section 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+; removed by spurious NS record removal code
+;;example.com.	IN NS	ns.example.com.
+;;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_stub_noroot.rpl b/src/test/resources/unbound/val_stub_noroot.rpl
new file mode 100644
index 000000000..7c21cd345
--- /dev/null
+++ b/src/test/resources/unbound/val_stub_noroot.rpl
@@ -0,0 +1,87 @@
+; config options
+server:
+	target-fetch-policy: "0 0 0 0 0"
+	trust-anchor: "lp0.eu. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3"
+	val-override-date: "20100913111500"
+	; the dlv anchor is completely ignored, but here to test that.
+	dlv-anchor: "dlv.isc.org. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 81.187.81.187
+stub-zone:
+        name: "lp0.eu"
+	stub-addr: 81.2.80.65
+	stub-prime: no
+CONFIG_END
+
+SCENARIO_BEGIN Test validation of stub zone without root prime.
+
+; this server does not respond. (for the root)
+RANGE_BEGIN 0 100
+	ADDRESS 81.187.81.187
+ENTRY_BEGIN
+MATCH
+ADJUST copy_id copy_query
+REPLY QR SERVFAIL
+SECTION QUESTION
+. IN NS
+ENTRY_END
+RANGE_END
+
+; lp0.eu server
+RANGE_BEGIN 0 100
+	ADDRESS 81.2.80.65
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+lp0.eu. IN DNSKEY
+SECTION ANSWER
+lp0.eu.	3600	IN	DNSKEY	257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30900 (ksk), size = 512b}
+lp0.eu.	3600	IN	RRSIG	DNSKEY 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. zWYOT1zmB2k7hMl7mke7k1UNp4lDveUxi2EnF0tW++j2/qJopiAAcFHBo2GOo88jHcLWycurf0Qo+YGXfFbpEg== ;{id = 30900}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+proxima.lp0.eu. IN A
+SECTION ANSWER
+proxima.lp0.eu. IN A 81.2.80.65
+proxima.lp0.eu.	3600	IN	RRSIG	A 5 3 3600 20101013111500 20100909111500 30900 lp0.eu. xwS3PLSlxh500pDYh/t6fnLzxQAra6n3nhzk4fVqLzwmneBIfcx4F/vO44wRzXSprz1UbMkVUcruTbQYlLFBEg== ;{id = 30900}
+SECTION AUTHORITY
+lp0.eu. IN NS proxima.lp0.eu.
+lp0.eu.	3600	IN	RRSIG	NS 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. KM7Zfwc1b0Ay8Ezer0ZAERPbmgGzKIrTfZMxzXzSkVx5DWirTtdgPTNVG/y9fkN4tUARNhElN2eb0ufb04Hdgw== ;{id = 30900}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+proxima.lp0.eu. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+proxima.lp0.eu. IN A
+SECTION ANSWER
+proxima.lp0.eu. IN A 81.2.80.65
+proxima.lp0.eu.	3600	IN	RRSIG	A 5 3 3600 20101013111500 20100909111500 30900 lp0.eu. xwS3PLSlxh500pDYh/t6fnLzxQAra6n3nhzk4fVqLzwmneBIfcx4F/vO44wRzXSprz1UbMkVUcruTbQYlLFBEg== ;{id = 30900}
+SECTION AUTHORITY
+lp0.eu. IN NS proxima.lp0.eu.
+lp0.eu.	3600	IN	RRSIG	NS 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. KM7Zfwc1b0Ay8Ezer0ZAERPbmgGzKIrTfZMxzXzSkVx5DWirTtdgPTNVG/y9fkN4tUARNhElN2eb0ufb04Hdgw== ;{id = 30900}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_stubds.rpl b/src/test/resources/unbound/val_stubds.rpl
new file mode 100644
index 000000000..7e1dfedec
--- /dev/null
+++ b/src/test/resources/unbound/val_stubds.rpl
@@ -0,0 +1,230 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+stub-zone:
+	name: "sub.example.com"
+	stub-addr: 1.2.3.6
+CONFIG_END
+
+SCENARIO_BEGIN Test stub with DS query
+; The stub zone is linked validly with a DS to the public internet zone.
+; unbound just has to be able to ask the DS from the right server (not 
+; from the stub).
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for DS of sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response for qtype DS.  This is not available here.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR SERVFAIL
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ta_algo_dnskey.rpl b/src/test/resources/unbound/val_ta_algo_dnskey.rpl
new file mode 100644
index 000000000..36988fce2
--- /dev/null
+++ b/src/test/resources/unbound/val_ta_algo_dnskey.rpl
@@ -0,0 +1,186 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with multiple algorithm trust anchor
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+www.example.com.    3600    IN  RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ta_algo_dnskey_dp.rpl b/src/test/resources/unbound/val_ta_algo_dnskey_dp.rpl
new file mode 100644
index 000000000..f4f002b91
--- /dev/null
+++ b/src/test/resources/unbound/val_ta_algo_dnskey_dp.rpl
@@ -0,0 +1,187 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	harden-algo-downgrade: no
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with multiple algorithm trust anchor without harden
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ta_algo_missing.rpl b/src/test/resources/unbound/val_ta_algo_missing.rpl
new file mode 100644
index 000000000..e8d5c349c
--- /dev/null
+++ b/src/test/resources/unbound/val_ta_algo_missing.rpl
@@ -0,0 +1,181 @@
+; config options
+; The island of trust is at example.com
+server:
+;	trust-anchor: "example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
+; dnssecjava behaves different than unbound by creating an in-memory DS record from a DNSKEY trust anchor
+; thus add a real one here to prevent a forced digest upgrade
+	trust-anchor: "example.com.	3600	IN	DS	2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+; this is the anchor that has no DNSKEY, thus causing the validation to fail with
+; harden-algo-downgrade enabled
+	trust-anchor: "example.com.	3600	IN	DS	30899 7 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	harden-algo-downgrade: yes
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with multiple algorithm missing one
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ta_algo_missing_dp.rpl b/src/test/resources/unbound/val_ta_algo_missing_dp.rpl
new file mode 100644
index 000000000..0ed78be3a
--- /dev/null
+++ b/src/test/resources/unbound/val_ta_algo_missing_dp.rpl
@@ -0,0 +1,190 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	trust-anchor: "example.com.	3600	IN	DS	30899 7 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	harden-algo-downgrade: no
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with multiple algorithm missing one
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.	3600	IN	A	10.20.30.40
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+www.example.com.	3600	IN	RRSIG	A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+
+SECTION AUTHORITY
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_twocname.rpl b/src/test/resources/unbound/val_twocname.rpl
new file mode 100644
index 000000000..d8e8cf316
--- /dev/null
+++ b/src/test/resources/unbound/val_twocname.rpl
@@ -0,0 +1,135 @@
+; config options
+server:
+	trust-anchor: "ORG. DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2"
+	val-override-date: "20091116100204"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+forward-zone:
+	name: "."
+	forward-addr: 192.0.2.1
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unsigned CNAME to signed CNAME to data
+
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+k.root-servers.org.  IN      A
+SECTION ANSWER
+k.root-servers.org.     3600    IN      CNAME   www.ripe.net.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.ripe.net.        IN      A
+SECTION ANSWER
+www.ripe.net.   900     IN      CNAME   aquila-www.ripe.net.
+www.ripe.net.   900     IN      RRSIG   CNAME 5 3 900 20091216060007 20091116060007 19386 ripe.net. NjCpVZC/LLnoV1pa91GSL9SP65n7eFKoe/OcuKzUPHumXIDrXnE23F1rNfbjYpVrQDEsG6iInI7Edh2MCS4NI4tLwrytEDgCX7ZnqIMIOV2/gJa5ZkLlmVT71Agnfi788q7ozEq14zlhY+brD5kyBiEcfOhH/qkX+zJuGdt1AcQwMxYn/GQ0Z32k5ulBnzrIFWObBksO ;{id = 19386}
+SECTION AUTHORITY
+ripe.net.       172800  IN      NS      ns3.nic.fr.
+ripe.net.       172800  IN      NS      sunic.sunet.se.
+ripe.net.       172800  IN      NS      ns-pri.ripe.net.
+ripe.net.       172800  IN      NS      sns-pb.isc.org.
+ripe.net.       172800  IN      RRSIG   NS 5 2 172800 20091216060007 20091116060007 19386 ripe.net. Km2zmkvPOjRddE+SlFBokj2QVroW/R8D2C6u6uCtFI5HVLZTV+oxrIw1ZYYWwe/Jf2CpVBzh3P6iHtWvojM8DHhfkO84wsO33ssqzIzq7e8nDOinqeeGB7yyl642xHCt0jObRewX1hU6Deubs42pFZmO6YKL8Tx6Jb5oe2yyoVebv4bX2qLoEPFw9plE0VavfD397Y4g ;{id = 19386}
+SECTION ADDITIONAL
+ns-pri.ripe.net.        172800  IN      A       193.0.0.195
+ns-pri.ripe.net.        172800  IN      AAAA    2001:610:240:0:53::3
+ns-pri.ripe.net.        172800  IN      RRSIG   A 5 3 172800 20091216060007 20091116060007 19386 ripe.net. BRxWwUNDivDxXnrPlj3/VPUBrf/bk8tKljRG0pQ/7XucTUMR9ae1huNVTC+FTrfZjggqU9/PZlyJ9TwI1lp7J1lEua1mByCHObzHlO7Cq/m7sjZ9cFvpIm6ke2c+xxjs3X8mHsiyftSsCCSvB43DLhgcJtib6QZlCpFxa4Y3sg1fx+1GENrbKlcuJGGqkdrAw0irvKEv ;{id = 19386}
+ns-pri.ripe.net.        172800  IN      RRSIG   AAAA 5 3 172800 20091216060007 20091116060007 19386 ripe.net. Ngd/GLGHakPj1A4rna19OPFpMPVSgCj7CgBtsuwjGwurMFEje4F4miNleazkdQKqe2kRMpB+Kg2OBnnRZpjR2PR9ZjRv6rss6/DL5qMRkDH6Xghwl5ZZzIONTgRSZlHKaHQZ7BHR2azZTo9wupK7VuE7f7EWmjBc5SDNiNOfwuEujUg2DvO1JOv16P2JLeQ3Vst4ovxW ;{id = 19386}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+aquila-www.ripe.net. IN      A
+SECTION ANSWER
+aquila-www.ripe.net.    600     IN      A       193.0.19.25
+aquila-www.ripe.net.    600     IN      RRSIG   A 5 3 600 20091216060007 20091116060007 19386 ripe.net. RuPSSATpwiS5hY4WTt7x9Hzq1tQ+ttWgq0hpgJPSorqJHlLbvgucXd8LhrcIFmBm/K/3sj9UYP1viCjbqfvjGToUdv+g4z9KrNq3FoAal6WSyTBgxAgvnHjNi9gRTZBm4O+rUQCKUD8XwlG6r3SKo6iOeSM84CHeQkGjsp5GNxpGnIagWkr5BzjKhaaUc+i82vk1SrNa ;{id = 19386}
+SECTION AUTHORITY
+ripe.net.       172800  IN      NS      ns3.nic.fr.
+ripe.net.       172800  IN      NS      sunic.sunet.se.
+ripe.net.       172800  IN      NS      ns-pri.ripe.net.
+ripe.net.       172800  IN      NS      sns-pb.isc.org.
+ripe.net.       172800  IN      RRSIG   NS 5 2 172800 20091216060007 20091116060007 19386 ripe.net. Km2zmkvPOjRddE+SlFBokj2QVroW/R8D2C6u6uCtFI5HVLZTV+oxrIw1ZYYWwe/Jf2CpVBzh3P6iHtWvojM8DHhfkO84wsO33ssqzIzq7e8nDOinqeeGB7yyl642xHCt0jObRewX1hU6Deubs42pFZmO6YKL8Tx6Jb5oe2yyoVebv4bX2qLoEPFw9plE0VavfD397Y4g ;{id = 19386}
+SECTION ADDITIONAL
+ns-pri.ripe.net.        172800  IN      A       193.0.0.195
+ns-pri.ripe.net.        172800  IN      AAAA    2001:610:240:0:53::3
+ns-pri.ripe.net.        172800  IN      RRSIG   A 5 3 172800 20091216060007 20091116060007 19386 ripe.net. BRxWwUNDivDxXnrPlj3/VPUBrf/bk8tKljRG0pQ/7XucTUMR9ae1huNVTC+FTrfZjggqU9/PZlyJ9TwI1lp7J1lEua1mByCHObzHlO7Cq/m7sjZ9cFvpIm6ke2c+xxjs3X8mHsiyftSsCCSvB43DLhgcJtib6QZlCpFxa4Y3sg1fx+1GENrbKlcuJGGqkdrAw0irvKEv ;{id = 19386}
+ns-pri.ripe.net.        172800  IN      RRSIG   AAAA 5 3 172800 20091216060007 20091116060007 19386 ripe.net. Ngd/GLGHakPj1A4rna19OPFpMPVSgCj7CgBtsuwjGwurMFEje4F4miNleazkdQKqe2kRMpB+Kg2OBnnRZpjR2PR9ZjRv6rss6/DL5qMRkDH6Xghwl5ZZzIONTgRSZlHKaHQZ7BHR2azZTo9wupK7VuE7f7EWmjBc5SDNiNOfwuEujUg2DvO1JOv16P2JLeQ3Vst4ovxW ;{id = 19386}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ORG. IN      DNSKEY
+SECTION ANSWER
+ORG.    900     IN      DNSKEY  256 3 7 AwEAAdV7bl0omw53nFPoUZSowSTSTDpQO4K8th19coBjlS0iMIWb0NF5YzGkoeditMS8ZLkgc9wS9txeH6XGHzwqJNc5eQcQEOasmC7vqaopoeN/GP/ZkUMbtNTcN1qzS9WzJ4gToxeNCHkAc7LZGh5XY/v1n599hk/ifotV/ZDGhN+H ;{id = 5273 (zsk), size = 1024b}
+ORG.    900     IN      DNSKEY  257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU= ;{id = 21366 (ksk), size = 2048b}
+ORG.    900     IN      DNSKEY  257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU= ;{id = 9795 (ksk), size = 2048b}
+ORG.    900     IN      DNSKEY  256 3 7 AwEAAaT7yoAEj5kX1rW40gMxUgPYGIc6hIPXihtK44jq6UQlZxTeFdsNX6aNaFpSq9pbI19y4JfQvCPPjw2248fwNzgwxfkdyRk7vzKagad2hs8wQ/C7vYuTUoTjrOBRwnsEHix+jYgKZH+lX1ZRKo/YXyMz05KWH+3j5y0VSrKBcdBZ ;{id = 53990 (zsk), size = 1024b}
+ORG.    900     IN      RRSIG   DNSKEY 7 1 900 20091123154522 20091109144522 5273 org. zHcY20bnIBzsl1CXmZdtt8PWPy079Ic3dQ/pLH2z1yCoC+kWGzLIlU/EcWa0rrQzqc9oK+v63xzXFoib3LewcijiGmKYtFcyi3HGfVdJrDFIxmN52x4pZerVZq9NA/FLQ8ZrobkVgYiEAmjMU1OesPPZPwwlPRdSG421q3o3N4Q= ;{id = 5273}
+ORG.    900     IN      RRSIG   DNSKEY 7 1 900 20091123154522 20091109144522 21366 org. Xlh0UQl+Ldig/jBS7Ty9rfeUztG5P7Brjr/Du+XlC7KjUkk/gNfpxgPmIKuA3ZLwgwTvEF6i7CD7b5gEKKC2P8Y5kQjKcjcDZl0+5W1IfpFF1Ka546erCy5cznXT23W5bzODNiraMs7KwvwMlD3LeOCiBeldPKeZ0yxWI/3YXmwAbkky4MApX9khSnilSaewcVSzQM/iOVuCR/+5esNvcKqjgWbT3M4vorzjc7YxVxF2BTgxybDOn4OkWvdeSlDiIVVS+VtxK0U7yIc59mpE7WxoRLtw/Qkd8bjh+KF5izQO2Q/7VxhkJ6pBxxumHwQahlgOQYxWMLqUc/EZnXSQpQ== ;{id = 21366}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+root-servers.org.    IN      DS
+SECTION ANSWER
+SECTION AUTHORITY
+h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org.   86399   IN      NSEC3   1 1 1 d399eaab  h9rsfb7fpf2l8hg35cmpc765tdk23rp6 NS SOA RRSIG DNSKEY NSEC3PARAM  ; flags: optout
+h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org.   86399   IN      RRSIG   NSEC3 7 2 86400 20091130090148 20091116080148 5273 org. FL7e/4Lhihh9LKAPDKNmlvEHbjkPY/6GLhtVMWtbSfBS8rAaHuInCD/tbQxCmFmT6e3HXHXkUcjC7BSDFPnlhtB8P2iNjvkdZJ72jVTXDY1P6LuK/OJhRT8DjFlHlvjdNgS5/0HCuGYU5A1GPkWGx1waUmblryPApb8HNSAmdYA= ;{id = 5273}
+i8i48ibuph5kgh999ld485qnt660qdag.org.   86399   IN      NSEC3   1 1 1 d399eaab  i94atlaqkvkoms2q45m5msds8r3414ft A RRSIG  ; flags: optout
+i8i48ibuph5kgh999ld485qnt660qdag.org.   86399   IN      RRSIG   NSEC3 7 2 86400 20091125010858 20091111000858 5273 org. WrWFYs2FuzPRYh+hgc8B3ZKL6jiMee2F1FsPNVEx9Ojv76BMELWomI0Zcd90NZbs7kvs5FP1G79s9o3oQHeWVfa6as8Wi6RLn97nX3FVqYI39r7GZnoKj8QGrCsRCatqK4Lsh426X0vzR5CwIA14/XL1w6UQ1KuTHlIu51RidA4= ;{id = 5273}
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+k.root-servers.org.  IN      A
+ENTRY_END
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+k.root-servers.org.  IN      A
+SECTION ANSWER
+k.root-servers.org. IN CNAME www.ripe.net.
+www.ripe.net.   900     IN      CNAME   aquila-www.ripe.net.
+www.ripe.net.   900     IN      RRSIG   CNAME 5 3 900 20091216060007 20091116060007 19386 ripe.net. NjCpVZC/LLnoV1pa91GSL9SP65n7eFKoe/OcuKzUPHumXIDrXnE23F1rNfbjYpVrQDEsG6iInI7Edh2MCS4NI4tLwrytEDgCX7ZnqIMIOV2/gJa5ZkLlmVT71Agnfi788q7ozEq14zlhY+brD5kyBiEcfOhH/qkX+zJuGdt1AcQwMxYn/GQ0Z32k5ulBnzrIFWObBksO ;{id = 19386}
+aquila-www.ripe.net.    600     IN      A       193.0.19.25
+aquila-www.ripe.net.    600     IN      RRSIG   A 5 3 600 20091216060007 20091116060007 19386 ripe.net. RuPSSATpwiS5hY4WTt7x9Hzq1tQ+ttWgq0hpgJPSorqJHlLbvgucXd8LhrcIFmBm/K/3sj9UYP1viCjbqfvjGToUdv+g4z9KrNq3FoAal6WSyTBgxAgvnHjNi9gRTZBm4O+rUQCKUD8XwlG6r3SKo6iOeSM84CHeQkGjsp5GNxpGnIagWkr5BzjKhaaUc+i82vk1SrNa ;{id = 19386}
+SECTION AUTHORITY
+ripe.net.       172800  IN      NS      ns3.nic.fr.
+ripe.net.       172800  IN      NS      sunic.sunet.se.
+ripe.net.       172800  IN      NS      ns-pri.ripe.net.
+ripe.net.       172800  IN      NS      sns-pb.isc.org.
+ripe.net.       172800  IN      RRSIG   NS 5 2 172800 20091216060007 20091116060007 19386 ripe.net. Km2zmkvPOjRddE+SlFBokj2QVroW/R8D2C6u6uCtFI5HVLZTV+oxrIw1ZYYWwe/Jf2CpVBzh3P6iHtWvojM8DHhfkO84wsO33ssqzIzq7e8nDOinqeeGB7yyl642xHCt0jObRewX1hU6Deubs42pFZmO6YKL8Tx6Jb5oe2yyoVebv4bX2qLoEPFw9plE0VavfD397Y4g ;{id = 19386}
+SECTION ADDITIONAL
+ns-pri.ripe.net.        172800  IN      A       193.0.0.195
+ns-pri.ripe.net.        172800  IN      AAAA    2001:610:240:0:53::3
+ns-pri.ripe.net.        172800  IN      RRSIG   A 5 3 172800 20091216060007 20091116060007 19386 ripe.net. BRxWwUNDivDxXnrPlj3/VPUBrf/bk8tKljRG0pQ/7XucTUMR9ae1huNVTC+FTrfZjggqU9/PZlyJ9TwI1lp7J1lEua1mByCHObzHlO7Cq/m7sjZ9cFvpIm6ke2c+xxjs3X8mHsiyftSsCCSvB43DLhgcJtib6QZlCpFxa4Y3sg1fx+1GENrbKlcuJGGqkdrAw0irvKEv ;{id = 19386}
+ns-pri.ripe.net.        172800  IN      RRSIG   AAAA 5 3 172800 20091216060007 20091116060007 19386 ripe.net. Ngd/GLGHakPj1A4rna19OPFpMPVSgCj7CgBtsuwjGwurMFEje4F4miNleazkdQKqe2kRMpB+Kg2OBnnRZpjR2PR9ZjRv6rss6/DL5qMRkDH6Xghwl5ZZzIONTgRSZlHKaHQZ7BHR2azZTo9wupK7VuE7f7EWmjBc5SDNiNOfwuEujUg2DvO1JOv16P2JLeQ3Vst4ovxW ;{id = 19386}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unalgo_anchor.rpl b/src/test/resources/unbound/val_unalgo_anchor.rpl
new file mode 100644
index 000000000..de6b28104
--- /dev/null
+++ b/src/test/resources/unbound/val_unalgo_anchor.rpl
@@ -0,0 +1,153 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 208 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unsupported algorithm trust anchor
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unalgo_dlv.rpl b/src/test/resources/unbound/val_unalgo_dlv.rpl
new file mode 100644
index 000000000..142beae8d
--- /dev/null
+++ b/src/test/resources/unbound/val_unalgo_dlv.rpl
@@ -0,0 +1,284 @@
+; config options
+; The island of trust is at example.com (the DLV repository)
+server:
+	dlv-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unknown algorithm DLV anchor
+; positive response for DLV.
+; but only has unknown algos
+; have to treat zone as insecure
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; DLV query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net.example.com. IN DLV
+SECTION ANSWER
+; algo 208 is unknown
+example.net.example.com.	3600	IN	DLV	30899 208 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
+example.net.example.com.	3600	IN	RRSIG	DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. AFBU1dN/KstcLfQQzy7ZKvPq+2hQg7D6QynqgwI3f8envPQGj782/NA= ;{id = 2854}
+;example.net.example.com.	3600	IN	DLV	30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
+;example.net.example.com.	3600	IN	RRSIG	DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net.example.com. IN DLV
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
+example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
+example.com.	3600	IN	RRSIG	NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+com.example.com. IN DLV
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
+example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
+example.com.	3600	IN	RRSIG	NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
+ENTRY_END
+
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+; DS RR is
+; example.net.	3600	IN	DS	30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
+; DNSKEY prime query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.    IN NS   ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.         IN      A       1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; NS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.    IN NS   ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.         IN      A       1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; www.example.net query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net.	3600	IN	A	10.20.30.40
+www.example.net.	3600	IN	RRSIG	A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
+SECTION AUTHORITY
+example.net.    IN NS   ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.         IN      A       1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.net. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net.	3600	IN	A	10.20.30.40
+www.example.net.	3600	IN	RRSIG	A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
+SECTION AUTHORITY
+example.net.    IN NS   ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.         IN      A       1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unalgo_ds.rpl b/src/test/resources/unbound/val_unalgo_ds.rpl
new file mode 100644
index 000000000..65db9b236
--- /dev/null
+++ b/src/test/resources/unbound/val_unalgo_ds.rpl
@@ -0,0 +1,203 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unknown algorithm delegation
+; DS has unknown algo only.
+; so subzone has to be treated as unsigned.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+; algorithm 208 is unknown.
+sub.example.com.        3600    IN      DS      30899 208 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AEMPMNVJAygL0TyRUU+MVgP4FA7jSIpVj6628IdLe7eY3OwWp3hUTnU= ;{id = 2854}
+;sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unsec_cname.rpl b/src/test/resources/unbound/val_unsec_cname.rpl
new file mode 100644
index 000000000..bfea21129
--- /dev/null
+++ b/src/test/resources/unbound/val_unsec_cname.rpl
@@ -0,0 +1,363 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with DS, unsec, cname sequence.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to c.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+c.c.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+c.example.com. IN	NS ns.c.example.com.
+c.example.com. IN NSEC d.example.com. NS RRSIG NSEC
+c.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDQ1xBqQ8Yxy7d7MbfAOg9g+dInHAhUAgP2w61bvME+hLWFiNg42Ny02/vo= ;{id = 2854}
+SECTION ADDITIONAL
+ns.c.example.com. IN A 1.2.3.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+c.example.com. IN NSEC d.example.com. NS RRSIG NSEC
+c.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDQ1xBqQ8Yxy7d7MbfAOg9g+dInHAhUAgP2w61bvME+hLWFiNg42Ny02/vo= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+; another delegation, validated unsecure.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+b.sub.example.com. IN NS ns.b.sub.example.com.
+b.sub.example.com. IN NSEC c.sub.example.com. NS NSEC RRSIG
+b.sub.example.com.      3600    IN      RRSIG   NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. KPdURTUrbQvc6OXtDZaH3+14uO2qPUPIFO86aTNZ/Ujy3d2RMSB7fkSSulDO6QDSBEUhr9WgbQr0/YoljCBirA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.b.sub.example.com. IN A 1.2.3.7
+ENTRY_END
+
+; b DS query.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+b.sub.example.com. IN DS
+SECTION AUTHORITY
+b.sub.example.com. IN NSEC c.sub.example.com. NS NSEC RRSIG
+b.sub.example.com.      3600    IN      RRSIG   NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. KPdURTUrbQvc6OXtDZaH3+14uO2qPUPIFO86aTNZ/Ujy3d2RMSB7fkSSulDO6QDSBEUhr9WgbQr0/YoljCBirA== ;{id = 30899}
+ENTRY_END
+RANGE_END
+
+; server ns.b.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+b.sub.example.com. IN NS
+SECTION ANSWER
+b.sub.example.com. IN NS ns.b.sub.example.com.
+SECTION ADDITIONAL
+ns.b.sub.example.com. IN A 1.2.3.7
+ENTRY_END
+
+ENTRY_BEGIN
+; query of interest, give a cname to another unsecure zone.
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION ANSWER
+a.b.sub.example.com. IN CNAME c.c.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN DS
+SECTION AUTHORITY
+b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7
+ENTRY_END
+RANGE_END
+
+; server ns.c.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.8
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.sub.example.com. IN NS
+SECTION ANSWER
+c.sub.example.com. IN NS ns.c.sub.example.com.
+SECTION ADDITIONAL
+ns.c.sub.example.com. IN A 1.2.3.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+c.example.com. IN NS
+SECTION ANSWER
+c.example.com. IN	NS ns.c.example.com.
+SECTION ADDITIONAL
+ns.c.example.com. IN A 1.2.3.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.c.example.com. IN A
+SECTION ANSWER
+c.c.example.com. IN A	11.11.11.11
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.c.example.com. IN DS
+SECTION AUTHORITY
+c.example.com. IN SOA C-EXAMPLE. c-example. 1 2 3 4 5
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.b.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION ANSWER
+a.b.sub.example.com. IN CNAME c.c.example.com.
+c.c.example.com. 	3600	IN	A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; test that a DS query does not get CNAME redirected, but instead
+; asked to the right server that has to respond to it.
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.b.sub.example.com. IN DS
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN DS
+SECTION AUTHORITY
+b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unsecds.rpl b/src/test/resources/unbound/val_unsecds.rpl
new file mode 100644
index 000000000..8678160ca
--- /dev/null
+++ b/src/test/resources/unbound/val_unsecds.rpl
@@ -0,0 +1,194 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with insecure delegation
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; query for missing DS record.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unsecds_negcache.rpl b/src/test/resources/unbound/val_unsecds_negcache.rpl
new file mode 100644
index 000000000..2e9b1e795
--- /dev/null
+++ b/src/test/resources/unbound/val_unsecds_negcache.rpl
@@ -0,0 +1,195 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with insecure delegation and DS negative cache
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; query for missing DS record.
+; get it from the negative cache instead!
+;ENTRY_BEGIN
+;MATCH opcode qtype qname
+;ADJUST copy_id
+;REPLY QR NOERROR
+;SECTION QUESTION
+;sub.example.com. IN DS
+;SECTION ANSWER
+;SECTION AUTHORITY
+;example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+;example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+;sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+;sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+;SECTION ADDITIONAL
+;ns.sub.example.com. IN A 1.2.3.6
+;ENTRY_END
+
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unsecds_qtypeds.rpl b/src/test/resources/unbound/val_unsecds_qtypeds.rpl
new file mode 100644
index 000000000..e277fd788
--- /dev/null
+++ b/src/test/resources/unbound/val_unsecds_qtypeds.rpl
@@ -0,0 +1,210 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with insecure delegation and qtype DS.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; query for missing DS record.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; query for missing DS record. on wrong side of zone cut.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com.	IN	SOA ns.sub.example.com. h.sub.example.com. 2007090504 1800 1800 2419200 7200
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_wild_pos.rpl b/src/test/resources/unbound/val_wild_pos.rpl
new file mode 100644
index 000000000..624d8e07b
--- /dev/null
+++ b/src/test/resources/unbound/val_wild_pos.rpl
@@ -0,0 +1,163 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with direct wildcard positive response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+*.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+*.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+*.example.com. IN A
+SECTION ANSWER
+*.example.com. IN A	10.20.30.40
+*.example.com.	3600	IN	RRSIG	A 3 2 3600 20070926134150 20070829134150 2854 example.com. AG3iIIzflgRHsIlOKiSHADHIn/NmfNgESAslc1wIjxys5r9w4CxNIGs= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+*.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+*.example.com. IN A
+SECTION ANSWER
+*.example.com. IN A	10.20.30.40
+*.example.com.	3600	IN	RRSIG	A 3 2 3600 20070926134150 20070829134150 2854 example.com. AG3iIIzflgRHsIlOKiSHADHIn/NmfNgESAslc1wIjxys5r9w4CxNIGs= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/zonefileEx2 b/src/test/resources/zonefileEx2
new file mode 100644
index 000000000..3a1342c06
--- /dev/null
+++ b/src/test/resources/zonefileEx2
@@ -0,0 +1,139 @@
+;; SPDX-License-Identifier: ISC
+;; Copyright (c) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+;;
+;; Permission to use, copy, modify, and/or distribute this software for
+;; any purpose with or without fee is hereby granted, provided that the
+;; above copyright notice and this permission notice appear in all
+;; copies.
+;;
+;; THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+;; WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+;; WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+;; THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+;; CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+;; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+;; NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+;; CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+example.com.		600 IN SOA ns1.example.com. admin.example.com. (
+				2014102104 ; serial
+				1800       ; refresh (30 minutes)
+				900        ; retry (15 minutes)
+				2419200    ; expire (4 weeks)
+				300        ; minimum (5 minutes)
+				)
+example.com.		300 IN RRSIG NSEC 8 2 300 (
+				20141126120153 20141027112239 60798 example.com.
+				U1je2BEXY7S/u4An8sKEp2Cb8b90+9mNBoFb9nXgkTvC
+				cJkT/4OIUIaO7EbsIASmlzjDwJEKSO/nPDFg3y6tsR0m
+				GT7H7AYAouwBhUlIrDrGQpxqRLJXA1kPkxboX4M2JGx4
+				rBcBsN/7lG5CGbjtLW3PMnJRELE5fBJBLZM1KLo= )
+example.com.		300 IN NSEC ftp.example.com. NS SOA RRSIG NSEC DNSKEY TYPE65534
+example.com.		600 IN RRSIG NS 8 2 600 (
+				20141126115318 20141027112239 60798 example.com.
+				TGC1gAksxHHDoltjJ8ETJ9qdr5MzFjA05vEllSNWBFe7
+				O71Payf8o4MISHNeUoZpu7Ys4zBiTRLqUaLeI0oSEnzM
+				r2QJkrfUHl1k8D/wCWApEUhMa1GxLIKMsEfgd3D5nK52
+				6LAVNihx5BKC1YxuYZXhhBMYQm7bIlUXFvxl3uE= )
+example.com.		600 IN RRSIG SOA 8 2 600 (
+				20141126122239 20141027112239 60798 example.com.
+				0ntLprFpg9bKWs5ArGvpZq8uFa9QPEfl6bOmfIwbNnEp
+				9PgBS97icRs27JDgIXGM4dWxXiPVX6sZ8jFulSp2mi2v
+				4dhtqMfb4S/rfxSmCphIz5PA+bngKSr5fhRI6tTM8fW1
+				l5V3zfKCPFracE0CgdcWIt0xViEs56Axj942f5w= )
+example.com.		0 IN RRSIG TYPE65534 8 2 0 (
+				20141126120153 20141027112239 60798 example.com.
+				Sv+7vfHXz4zlLSEuWs5Bt5boqSDVCK2GcOgAzVXnW9/0
+				zgk3v8VwSXRTRnwdsvl3SK6YsM9S/HNXk32AQs2PjXf4
+				2/cmv6VCOGSVGin/L5k4KWjpy0ESV2iY0hIIyeXWqUdB
+				ZUCu1+2GhHiA5+gKODn/8sg6x04g+lZe6wuhU44= )
+example.com.		600 IN RRSIG DNSKEY 8 2 600 (
+				20141126122239 20141027112239 45319 example.com.
+				F2vrBJqvloP5yNE6X1+b1XJ4gY6DlH1oyJz6pSULmGgQ
+				FFztyrCJoV4MI6TeFRXJKLTePewjcTzKlaRKJHZRElcM
+				QaClWr6RdZ2Uc1fFOBgYocrDZtGWdTVg7XCiLJ/ubrDH
+				7et9rSexmKEwI44T4Vf7w3e+kUQSzMBGfA9Z5Q8WnnBW
+				IDn4QFqRx0B02bVLV4giJbVp649ukIApVoHSpJvhrWq8
+				eSSdP2ojymzr4gAuQZzmZUJnxp7Q3ktuQgIokhLG4FDH
+				/O9qnhnOkUZFsxbBaDYVn5TIl1Kkmn3LH98JQE0z8a7D
+				WfqAPAFy0rKHkvyOA8FlimDW09OYeJS00A== )
+example.com.		600 IN RRSIG DNSKEY 8 2 600 (
+				20141126122239 20141027112239 60798 example.com.
+				PoUdallJO0ZF3iFmRoGoKh/iLAJVn52ABVEVku9LK34C
+				oh4Y29rgK4jd3DwxU7zDLadVs0Fo3JFHp2jdYCEm03BS
+				XE6d0cijZP5aFt8rO/grO/qbkdv+ScEi1kOhCKcvt3Kg
+				1mXhiZt4Jx3LeisUpD9mGa+m9ehcPYlAHPKoZMg= )
+example.com.		0 IN TYPE65534 \# 5 ( 08B1070001 )
+example.com.		0 IN TYPE65534 \# 5 ( 08ED7E0001 )
+example.com.		600 IN DNSKEY 256 3 8 (
+				AwEAAfbc/0ESumm1mPVkm025PfHKHNYW62yx0wyLN5LE
+				4DifN6FzIVSKSGdMOdq+z6vFGxzzjPDz7QZdeC6ttIUA
+				Bo4tG7dDrsWK+tG5cm4vuylsEVbnnW5i+gFG/02+RYmZ
+				ZT9AobXB5bVjfXl9SDBgpBluB35WUCAnK9WkRRUS08lf
+				) ; ZSK; alg = RSASHA256; key id = 60798
+example.com.		600 IN DNSKEY 257 3 8 (
+				AwEAAb4N53kPbdRTAwvJT8OYVeVhQIldwppMy7KBJ+8k
+				Uggx2PU3yP/qlq4Zjl0MMmqRiJhD/S+z9cJLNTZ9tHz1
+				7aZQjFyGAyuU3DGW16xfMolcIn+c8TpPCzBOFhxk6jvO
+				VLlz+Wgyi1ES+t29FjYYv5cVNRPmxXLRjlHFdO1DzX3N
+				dmcUoZ+VVJCvaML9+6UpL/6jitNsoU8JHnxT9B2CGKcw
+				N7VaK4l9Ida2BqY3/4UVqWzhj03/M5LK6cn1pEQbQMtY
+				R0TNJURBKdK8bH663h98i23tVX0/85IsCVBL4Dd2boa3
+				/7HPp7uZN1AjDvcRsOh1mqixwUGmVm1EskDIMy8=
+				) ; KSK; alg = RSASHA256; key id = 45319
+example.com.		600 IN NS ns1.example.com.
+ftp.example.com.	600 IN RRSIG A 8 3 600 (
+				20141126115318 20141027112239 60798 example.com.
+				PNATas8HPjc6tm7Ldfk7P61IlRVSQW085P9lDw8qwITc
+				TghDdAXHJBkCTXaDRWPyQZbGI5fNcxWLkf/HRbKREzQs
+				eyztZj2OBnBnnK0t8SWLyM4+OMsGH17z4ZvBmPO/Wgju
+				iSm98reH7J87yRlUMQHdPSwAP6q5tZeJbwpSkao= )
+ftp.example.com.	300 IN RRSIG NSEC 8 3 300 (
+				20141126115318 20141027112239 60798 example.com.
+				ohuvpkqlNR+TYOG79JizEV+SFjVbUKSB3hEfHOJszCIr
+				bcdPKTS0GgQS62N4ISwfvb735oQzc8pI5R+f+8MMn5c9
+				/yRnArTpPJOKDnyIiMaMLBU5sEp5wI+OLsLFMkLef4iK
+				gn+j608Qnoo7dXtWWQPv85FyaT9j3C+EV6rglCk= )
+ftp.example.com.	300 IN NSEC ns1.example.com. A RRSIG NSEC
+ftp.example.com.	600 IN A 192.168.1.200
+ns1.example.com.	600 IN RRSIG A 8 3 600 (
+				20141126115318 20141027112239 60798 example.com.
+				z1rnlU9oVnIhwxQey3Zo6ENYmWXtf97RiZng3u6VkE0n
+				yUC5S3sseZgD8Vc+uJsKVAvafM/k7NgS+P3pe5gN01Ln
+				+geKEMZ3pCHpzHG4UgJj4Xw/iuWOVAFURD26GNnPppDK
+				RNYPWIhA/9FF18vI3V9evNcHGxN+7rOOXF8Qbss= )
+ns1.example.com.	300 IN RRSIG NSEC 8 3 300 (
+				20141126115318 20141027112239 60798 example.com.
+				chH7c6aW6Qk14d4LB866jva9OcH52pJkeHpdslVmUbJ2
+				OkJQNhbpOekSjsroxDU4av3/Y49Dtg0lqoISvMMqwE5X
+				5sKmn+CMKFfMmi22ui+RsPXyDqjkx+JOsi/7kCx7DFJz
+				jF0a6KcsTWNV2QfZjQ50RyrSBBOkw6aqdUC3oF8= )
+ns1.example.com.	300 IN NSEC web.example.com. A RRSIG NSEC
+ns1.example.com.	600 IN A 192.168.1.1
+web.example.com.	600 IN RRSIG CNAME 8 3 600 (
+				20141126115318 20141027112239 60798 example.com.
+				VgHPC0WllAlHY56xMF3j8FI7MsxDhLJJBDBMSVSQpQkA
+				z81kfInYQL4YpAt25WrH7xt4pCmjVl3kUcDGAWWuSiQy
+				nh2O4CoY/tSqQ7Sr9UnE5SIvpW5yws8iROOHvJYuKAmu
+				8B3gYw1gp9xCMS4iBOIXTTq1KV2OHwo0cPXVyfI= )
+web.example.com.	300 IN RRSIG NSEC 8 3 300 (
+				20141126115318 20141027112239 60798 example.com.
+				zh+9fnIQlfpvc0oFRnNIPJoL/S5RQF4HuGwmLxoCxRVp
+				FCQoZbzNB0IVvaA+0XEslcHq3v4+0j9EeKKQw7xORaGu
+				TrzcoRGbjuKZlpvnVlxYkjCiEKVbkXd5yEMnbgolFkhH
+				NjFlozSyzypY0TY0UVRPXWhZ2shASae/ImqFiug= )
+web.example.com.	300 IN NSEC www.example.com. CNAME RRSIG NSEC
+web.example.com.	600 IN CNAME www.example.com.
+www.example.com.	600 IN RRSIG A 8 3 600 (
+				20141126120153 20141027112239 60798 example.com.
+				TLkMRs7I3QW8HRS3trNG307Y0/drO4k8uG8Bv8856qPo
+				33rbEajV49XBBQ+w8jynfKwxMNDfJhpSG0gxo7+0m75Y
+				HRBZ9Xe3EAMNt2/iu0CL6NHyN99qF9TPNbYnD2Zw077L
+				GSDOua1KFMxDqFU7rU0+YlKRGbSk1rqAJBqKEH4= )
+www.example.com.	300 IN RRSIG NSEC 8 3 300 (
+				20141126120153 20141027112239 60798 example.com.
+				GSyFVBgMROqDuoSJoDegX3EkdqA90skBTvi9tkPxoQPo
+				i8LlaD+wRmcXpYKE3vf/y0WpOOVQXbasyfFk8wGzFsde
+				fqpFsscbz3OYgnkwYcTvGXZF9802ytiC5txli9uxUqjc
+				lGL+SDl0woYhecwJD63fTDIMszlVR/eptIL9dLc= )
+www.example.com.	300 IN NSEC example.com. A RRSIG NSEC
+www.example.com.	600 IN A 192.168.1.100
diff --git a/src/test/resources/zonefileEx3 b/src/test/resources/zonefileEx3
new file mode 100644
index 000000000..5e4df8847
--- /dev/null
+++ b/src/test/resources/zonefileEx3
@@ -0,0 +1,7 @@
+$TTL 600
+example.com. IN SOA ns1.foo.com. john.doe.foo.com. 2023110717 28800 7200 604800 7200
+
+@ 86400 IN NS ns1.foo.com.
+@ 86400 IN NS ns2.foo.com.
+@ 86400 IN NS ns3.foo.com.
+@ IN A 1.2.3.4
diff --git a/src/test/resources/zonefileIncludeDirectiveComment b/src/test/resources/zonefileIncludeDirectiveComment
new file mode 100644
index 000000000..b2f78580a
--- /dev/null
+++ b/src/test/resources/zonefileIncludeDirectiveComment
@@ -0,0 +1 @@
+$INCLUDE zonefileEx1 ; include another zone file