DNSSEC Analyzer - bogus.d1a5n1.rootcanary.net

Domain Name:

Time: 2022-06-26 08:58:00 UTC, NTP stratum 16

Analyzing DNSSEC problems for bogus.d1a5n1.rootcanary.net

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to h.root-servers.net for ./DNSKEY
	Received 1139 bytes from 198.97.190.53
	;; Response received from 198.97.190.53 (1139 octets) ;; HEADER SECTION ;; id = 34954 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAaQVKIqdmeLCaF4lq+IoKpejId9qqoIbZJ6cjB5MfyJYX3KVFXYyJ9rt4jKOwf4m2BoDOY66 V1upRumF+eu502HXzdOdJlioRLA9YiRyLgvfjzyfUYrExYT4/TDTS4XfQX2UcJDN5C7SQ9UxebZk /VjQfPAUU+hZKOcjOVRFbAHom4tIi+Rin0laGlAi8ZY5WUZypYKR0xvprtG0eXeOBMjbUt1EnhmO 2Bs52zC8B0cMjq6fMiYFUqtziALccsQczGngIDR0dIvvL54ky1JNNp19Ldy9ir27s7eRCYGbYI1W zR05/d4/nCmDSHkQS2BiesYufuWZZwm+FsitupCciwE= ) ; Key ID = 20826 . 172800 IN DNSKEY ( 256 3 8 AwEAAak/ZU9wDNQD7XTAGTDkn32UR8I6auRDekbGky+yyWKdUHmwAJv90YHCUTib8aVBgNgbxkee ZGRx3W4+XhMZbfUr5fMwmD3u9P2yzJpbRtjGNM/XZvzGs9HHNymz3Bp851anHZfNy6pJud265/XM KzFlAY8sMJjum0hvx/DuCDELLyhsvdfOD9rHM93UXO0bcAjvI8tjZsGI+Pfp9KdxF9vS/sAzpFXK sldix+e6xv8rRS6WPg2LAooxF+eO5DgFSilYmnyCK4VPJ7ntjD/8m0bs128ZT1eY3oXCbojDv59l LAgrdGSbcVxQF2KHoUHDmkOC5BzG/1xRtW4v/3y4/H8= ) ; Key ID = 47671 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20220711000000 20220620000000 20326 . CpFdBbv0lZXwIPLDhPn959HSJfQ4vp8r97A/rN0SPFlS4fQigB3EDXz0oeg2ENRPMn6HmrZpp0vB KMKfCXf3oC/4tioT7m18+xA05quW5+h/vJaOA0Iw7zOhTpQr1hTVaUwj/d0NV9JaCqZabjtj7ClN E/+aOBaCdVSXpy3re0WUk7FianexlLd5pL09RHGlH5eRyp8hAt5HqwrUvONfm7zgkhtO8RPtJSjN R5ZB9HDrcjDHiYzkbuw300LTphtzryG/XKwnQqv6E0iL+M6d4g7h9IQWpmM1lyjVM2sgZYGDPnBb N9kgNUCiF6HUHV12LmAJteZAQI65qARGFwADYg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAaQVKIqdmeLCaF4lq+IoKpejId9qqoIbZJ6cjB5MfyJYX3KVFXYyJ9rt4jKOwf4m2BoDOY66 V1upRumF+eu502HXzdOdJlioRLA9YiRyLgvfjzyfUYrExYT4/TDTS4XfQX2UcJDN5C7SQ9UxebZk /VjQfPAUU+hZKOcjOVRFbAHom4tIi+Rin0laGlAi8ZY5WUZypYKR0xvprtG0eXeOBMjbUt1EnhmO 2Bs52zC8B0cMjq6fMiYFUqtziALccsQczGngIDR0dIvvL54ky1JNNp19Ldy9ir27s7eRCYGbYI1W zR05/d4/nCmDSHkQS2BiesYufuWZZwm+FsitupCciwE= ) ; Key ID = 20826`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAak/ZU9wDNQD7XTAGTDkn32UR8I6auRDekbGky+yyWKdUHmwAJv90YHCUTib8aVBgNgbxkee ZGRx3W4+XhMZbfUr5fMwmD3u9P2yzJpbRtjGNM/XZvzGs9HHNymz3Bp851anHZfNy6pJud265/XM KzFlAY8sMJjum0hvx/DuCDELLyhsvdfOD9rHM93UXO0bcAjvI8tjZsGI+Pfp9KdxF9vS/sAzpFXK sldix+e6xv8rRS6WPg2LAooxF+eO5DgFSilYmnyCK4VPJ7ntjD/8m0bs128ZT1eY3oXCbojDv59l LAgrdGSbcVxQF2KHoUHDmkOC5BzG/1xRtW4v/3y4/H8= ) ; Key ID = 47671`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20220711000000 20220620000000 20326 . CpFdBbv0lZXwIPLDhPn959HSJfQ4vp8r97A/rN0SPFlS4fQigB3EDXz0oeg2ENRPMn6HmrZpp0vB KMKfCXf3oC/4tioT7m18+xA05quW5+h/vJaOA0Iw7zOhTpQr1hTVaUwj/d0NV9JaCqZabjtj7ClN E/+aOBaCdVSXpy3re0WUk7FianexlLd5pL09RHGlH5eRyp8hAt5HqwrUvONfm7zgkhtO8RPtJSjN R5ZB9HDrcjDHiYzkbuw300LTphtzryG/XKwnQqv6E0iL+M6d4g7h9IQWpmM1lyjVM2sgZYGDPnBb N9kgNUCiF6HUHV12LmAJteZAQI65qARGFwADYg== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=20826 is now in the chain-of-trust
	DNSKEY=47671 is now in the chain-of-trust
	Query to g.root-servers.net for bogus.d1a5n1.rootcanary.net/A
	Received 1190 bytes from 192.112.36.4
	;; Response received from 192.112.36.4 (1190 octets) ;; HEADER SECTION ;; id = 34636 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 15 arcount = 27 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (15 records) net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20220709050000 20220626040000 47671 . NCYnTsQB9cmgIHuoVRyh7qDP3eHMeocTHiRk2jrCLKF+xdQrKHoKw7Izi1zopx3rWmxSD4+FchfB 3mDj0rJjb8UBmjqtFjo8RNGJy4d+QzggdNXagR++cfty8v6zq3vFuOSoMAjxjnJiiYIjQnAn/bda 1dNmEiHYaZl7LJGtHqLHy8RWXpqgmcfYnrNTHTsc3h8hTNt42wzKslwuWXZzl34zuFjXU+SH6X+m kiSUpyzFNcAc48BzxEsUQVj3P+K1n46f6bBCPO+Hk3tSHrNZCJJJHaUXy5ndMJjapAAmOPaAN9s4 fkuaUx0AV4QtzRrHwQjsuJXbtNVxNvCt91aYMQ== ) ;; ADDITIONAL SECTION (27 records) m.gtld-servers.net. 172800 IN A 192.55.83.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 i.gtld-servers.net. 172800 IN A 192.43.172.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 f.gtld-servers.net. 172800 IN A 192.35.51.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 a.gtld-servers.net. 172800 IN A 192.5.6.30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Query to l.root-servers.net for net/DNSKEY
	Received 1160 bytes from 199.7.83.42
	;; Response received from 199.7.83.42 (1160 octets) ;; HEADER SECTION ;; id = 26625 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 15 arcount = 27 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (15 records) net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20220709050000 20220626040000 47671 . NCYnTsQB9cmgIHuoVRyh7qDP3eHMeocTHiRk2jrCLKF+xdQrKHoKw7Izi1zopx3rWmxSD4+FchfB 3mDj0rJjb8UBmjqtFjo8RNGJy4d+QzggdNXagR++cfty8v6zq3vFuOSoMAjxjnJiiYIjQnAn/bda 1dNmEiHYaZl7LJGtHqLHy8RWXpqgmcfYnrNTHTsc3h8hTNt42wzKslwuWXZzl34zuFjXU+SH6X+m kiSUpyzFNcAc48BzxEsUQVj3P+K1n46f6bBCPO+Hk3tSHrNZCJJJHaUXy5ndMJjapAAmOPaAN9s4 fkuaUx0AV4QtzRrHwQjsuJXbtNVxNvCt91aYMQ== ) ;; ADDITIONAL SECTION (27 records) a.gtld-servers.net. 172800 IN A 192.5.6.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 f.gtld-servers.net. 172800 IN A 192.35.51.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 i.gtld-servers.net. 172800 IN A 192.43.172.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 m.gtld-servers.net. 172800 IN A 192.55.83.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone net

net

	Checking DS between . and net
	Query to g.root-servers.net for net/DS
	Received 367 bytes from 192.112.36.4
	;; Response received from 192.112.36.4 (367 octets) ;; HEADER SECTION ;; id = 5154 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DS ;; ANSWER SECTION (2 records) net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20220709050000 20220626040000 47671 . NCYnTsQB9cmgIHuoVRyh7qDP3eHMeocTHiRk2jrCLKF+xdQrKHoKw7Izi1zopx3rWmxSD4+FchfB 3mDj0rJjb8UBmjqtFjo8RNGJy4d+QzggdNXagR++cfty8v6zq3vFuOSoMAjxjnJiiYIjQnAn/bda 1dNmEiHYaZl7LJGtHqLHy8RWXpqgmcfYnrNTHTsc3h8hTNt42wzKslwuWXZzl34zuFjXU+SH6X+m kiSUpyzFNcAc48BzxEsUQVj3P+K1n46f6bBCPO+Hk3tSHrNZCJJJHaUXy5ndMJjapAAmOPaAN9s4 fkuaUx0AV4QtzRrHwQjsuJXbtNVxNvCt91aYMQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 1 DS records for net in the . zone
	DS=35886/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`net. 86400 IN RRSIG ( DS 8 1 86400 20220709050000 20220626040000 47671 . NCYnTsQB9cmgIHuoVRyh7qDP3eHMeocTHiRk2jrCLKF+xdQrKHoKw7Izi1zopx3rWmxSD4+FchfB 3mDj0rJjb8UBmjqtFjo8RNGJy4d+QzggdNXagR++cfty8v6zq3vFuOSoMAjxjnJiiYIjQnAn/bda 1dNmEiHYaZl7LJGtHqLHy8RWXpqgmcfYnrNTHTsc3h8hTNt42wzKslwuWXZzl34zuFjXU+SH6X+m kiSUpyzFNcAc48BzxEsUQVj3P+K1n46f6bBCPO+Hk3tSHrNZCJJJHaUXy5ndMJjapAAmOPaAN9s4 fkuaUx0AV4QtzRrHwQjsuJXbtNVxNvCt91aYMQ== )`
	RRSIG=47671 and DNSKEY=47671 verifies the DS RRset
	DS=35886/SHA-256 is now in the chain-of-trust
	`net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee )`
	Query to f.gtld-servers.net for net/DNSKEY
	Received 775 bytes from 192.35.51.30
	;; Response received from 192.35.51.30 (775 octets) ;; HEADER SECTION ;; id = 701 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DNSKEY ;; ANSWER SECTION (3 records) net. 86400 IN DNSKEY ( 257 3 8 AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmX SuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQD S4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ 0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00 zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn ) ; Key ID = 35886 net. 86400 IN DNSKEY ( 256 3 8 AQO+m7sq4jFLL3oPzm7zMcRcatNYY+DAENb1geUDPXTrHF73R1wGEg1tES+z96fClv7hkWfqN2/b iKLzb09UddNO0qKzwXKJ16P9E43JHbCS7HgiKhHglUDNeoDFN6zllX7ZXSOQau6RXqTb6xSoYxoP ukK4Q0UiFXjpZNyxwzo25t2rlaUa0+IykjJVzp43JqFdWRYt10TxLvAVgtyVxm2r ) ; Key ID = 45728 net. 86400 IN RRSIG ( DNSKEY 8 1 86400 20220708162830 20220623162330 35886 net. coEqXoa87I1IB4A4fuhMpSRoWERmtQSw0wyP3XYYDrvxhcZ/uv8lhCQzWCvOP4ZYdVpEG3VQuNby 2qxAkRWnM+PX30yUlCHc+qE8BMPpFNJWYR8YzbvKSW8nY+irYtOJwcmgK9rF7NG9M3wcU4oYnnPt sVb1x/pSuLX2jJxY9/9C0rDBO7tVB3BdcA1F6+Fw2dGrBxnLxJnXk5RJqptLqcB72xiguMy8Fm6m /CH263/jIraG+OLpGzb0E/BQ9qGDF0Gn6dIsU3yBvPegfNdzVQeyNl6V2qMKY4uDTIO/1C2U9NY8 W2BiZO75Pa4eRqU4xIt5MrGjAy890N5EPPXCYg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for net
	`net. 86400 IN DNSKEY ( 257 3 8 AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmX SuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQD S4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ 0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00 zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn ) ; Key ID = 35886`
	`net. 86400 IN DNSKEY ( 256 3 8 AQO+m7sq4jFLL3oPzm7zMcRcatNYY+DAENb1geUDPXTrHF73R1wGEg1tES+z96fClv7hkWfqN2/b iKLzb09UddNO0qKzwXKJ16P9E43JHbCS7HgiKhHglUDNeoDFN6zllX7ZXSOQau6RXqTb6xSoYxoP ukK4Q0UiFXjpZNyxwzo25t2rlaUa0+IykjJVzp43JqFdWRYt10TxLvAVgtyVxm2r ) ; Key ID = 45728`
	DNSKEY=35886/SEP is now in the chain-of-trust
	DS=35886/SHA-256 verifies DNSKEY=35886/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`net. 86400 IN RRSIG ( DNSKEY 8 1 86400 20220708162830 20220623162330 35886 net. coEqXoa87I1IB4A4fuhMpSRoWERmtQSw0wyP3XYYDrvxhcZ/uv8lhCQzWCvOP4ZYdVpEG3VQuNby 2qxAkRWnM+PX30yUlCHc+qE8BMPpFNJWYR8YzbvKSW8nY+irYtOJwcmgK9rF7NG9M3wcU4oYnnPt sVb1x/pSuLX2jJxY9/9C0rDBO7tVB3BdcA1F6+Fw2dGrBxnLxJnXk5RJqptLqcB72xiguMy8Fm6m /CH263/jIraG+OLpGzb0E/BQ9qGDF0Gn6dIsU3yBvPegfNdzVQeyNl6V2qMKY4uDTIO/1C2U9NY8 W2BiZO75Pa4eRqU4xIt5MrGjAy890N5EPPXCYg== )`
	RRSIG=35886 and DNSKEY=35886/SEP verifies the DNSKEY RRset
	DNSKEY=45728 is now in the chain-of-trust
	Query to c.gtld-servers.net for bogus.d1a5n1.rootcanary.net/A
	Received 437 bytes from 192.26.92.30
	;; Response received from 192.26.92.30 (437 octets) ;; HEADER SECTION ;; id = 56877 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 3 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) rootcanary.net. 172800 IN NS ns1.surfnet.nl. rootcanary.net. 172800 IN NS ns2.surfnet.nl. rootcanary.net. 172800 IN NS ns3.surfnet.nl. rootcanary.net. 172800 IN NS ns1.zurich.surf.net. rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20220702055346 20220625044346 45728 net. ga5kzy3wzjHMSNWFlJKhdLsuks9cCD4UcZVJ44dy41/P58xeoXiUxelRM/R+2FD8kdLS/kGhdETD JnY32TTRE5EnPCMabyFZt86U+UJaqNE+1c91KNLCe+JFF1882DX8SZCvPw4UIRoLWNplWvhTKgvt tg+FmD241hqVuAXmMw93zLEQPdcf8yGzGyI9thrRATLgYRd+EVG+GZrxZnVGNA== ) ;; ADDITIONAL SECTION (3 records) ns1.zurich.surf.net. 172800 IN A 195.176.255.9 ns1.zurich.surf.net. 172800 IN AAAA 2001:620:0:9::1103 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to j.gtld-servers.net for rootcanary.net/DNSKEY
	Received 424 bytes from 192.48.79.30
	;; Response received from 192.48.79.30 (424 octets) ;; HEADER SECTION ;; id = 11841 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 3 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) rootcanary.net. 172800 IN NS ns1.surfnet.nl. rootcanary.net. 172800 IN NS ns2.surfnet.nl. rootcanary.net. 172800 IN NS ns3.surfnet.nl. rootcanary.net. 172800 IN NS ns1.zurich.surf.net. rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20220702055346 20220625044346 45728 net. ga5kzy3wzjHMSNWFlJKhdLsuks9cCD4UcZVJ44dy41/P58xeoXiUxelRM/R+2FD8kdLS/kGhdETD JnY32TTRE5EnPCMabyFZt86U+UJaqNE+1c91KNLCe+JFF1882DX8SZCvPw4UIRoLWNplWvhTKgvt tg+FmD241hqVuAXmMw93zLEQPdcf8yGzGyI9thrRATLgYRd+EVG+GZrxZnVGNA== ) ;; ADDITIONAL SECTION (3 records) ns1.zurich.surf.net. 172800 IN A 195.176.255.9 ns1.zurich.surf.net. 172800 IN AAAA 2001:620:0:9::1103 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone rootcanary.net

rootcanary.net

	Checking DS between net and rootcanary.net
	Query to i.gtld-servers.net for rootcanary.net/DS
	Received 1186 bytes from 192.43.172.30
	;; Response received from 192.43.172.30 (1186 octets) ;; HEADER SECTION ;; id = 34569 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 14 arcount = 23 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DS ;; ANSWER SECTION (2 records) rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20220702055346 20220625044346 45728 net. ga5kzy3wzjHMSNWFlJKhdLsuks9cCD4UcZVJ44dy41/P58xeoXiUxelRM/R+2FD8kdLS/kGhdETD JnY32TTRE5EnPCMabyFZt86U+UJaqNE+1c91KNLCe+JFF1882DX8SZCvPw4UIRoLWNplWvhTKgvt tg+FmD241hqVuAXmMw93zLEQPdcf8yGzGyI9thrRATLgYRd+EVG+GZrxZnVGNA== ) ;; AUTHORITY SECTION (14 records) net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN RRSIG ( NS 8 1 172800 20220630060208 20220623045208 45728 net. mte9W9HLh0216uVkRfpurOli+U7SGYrQ52t7xqOM1v4LI9DSGaTHzAuu5hKkbBUumm+Nae/5BvTl bePzXs4Y5Zb/ebpsaIqhz5x91p45HZzY1fIhWAkUscltz1ck3Fd6ju5DlDfGpWWFnW/nz0H99wMb Ejx0Loz5GMz5MhWrkJhJ4s/rSlnacYRJeGNm9Jz43P5VXUnBQoaTwKXE0LZ07Q== ) ;; ADDITIONAL SECTION (23 records) f.gtld-servers.net. 172800 IN A 192.35.51.30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 d.gtld-servers.net. 172800 IN A 192.31.80.30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 m.gtld-servers.net. 172800 IN A 192.55.83.30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 e.gtld-servers.net. 172800 IN A 192.12.94.30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 i.gtld-servers.net. 172800 IN A 192.43.172.30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 g.gtld-servers.net. 172800 IN A 192.42.93.30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 l.gtld-servers.net. 172800 IN A 192.41.162.30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 b.gtld-servers.net. 172800 IN A 192.33.14.30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 a.gtld-servers.net. 172800 IN A 192.5.6.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 k.gtld-servers.net. 172800 IN A 192.52.178.30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 c.gtld-servers.net. 172800 IN A 192.26.92.30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 1 DS records for rootcanary.net in the net zone
	DS=64786/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20220702055346 20220625044346 45728 net. ga5kzy3wzjHMSNWFlJKhdLsuks9cCD4UcZVJ44dy41/P58xeoXiUxelRM/R+2FD8kdLS/kGhdETD JnY32TTRE5EnPCMabyFZt86U+UJaqNE+1c91KNLCe+JFF1882DX8SZCvPw4UIRoLWNplWvhTKgvt tg+FmD241hqVuAXmMw93zLEQPdcf8yGzGyI9thrRATLgYRd+EVG+GZrxZnVGNA== )`
	RRSIG=45728 and DNSKEY=45728 verifies the DS RRset
	DS=64786/SHA-256 is now in the chain-of-trust
	`rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 )`
	Query to ns2.surfnet.nl for rootcanary.net/DNSKEY
	Received 513 bytes from 192.87.36.2
	;; Response received from 192.87.36.2 (513 octets) ;; HEADER SECTION ;; id = 23955 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DNSKEY ;; ANSWER SECTION (3 records) rootcanary.net. 60 IN DNSKEY ( 257 3 8 AwEAAdDk0xPx74/+J4BFAtodd6j2yTDoX9D+paSjzxVl+jMQmrsrQprdBxX3fale9f62j4oo7scf U+wabBXl56lehbw/wds6oVqDNun9ORQisXhIq9H+u3a9WtTAF+OQyPoSirRLYdNR7+wWvb88L27w 88+jL0gkFb8klGzr03EFrq6r ) ; Key ID = 64786 rootcanary.net. 60 IN DNSKEY ( 256 3 8 AwEAAbTt2EpLNxL2BJh6zgrhiEBK1sfxYPvEQgQkM1O53+lnT+c8W+9lYMhI1m2mLwecKvq7ePok 5d1XO11UKUXV5pRD9d66qXLwDxMJ4krEMlOvmMS/HWskybkREtMdPdcv5eNdtuT8VeCPTGZuoNe2 oEK4NFSUU5eG0pkWo27Kl3oV ) ; Key ID = 25188 rootcanary.net. 60 IN RRSIG ( DNSKEY 8 2 60 20220806063717 20220621063717 64786 rootcanary.net. XAzX2PNBAdNt73BnPwIa8rQznQwIhz5aXmrm6TPXxvijZhG8D6bfQa8+fZNr9VIy1ptyZbr7niiv sG2OILI+ikcLBpUtEdEmZ5aLMkePww2tcPtitbCqtS9Ut0Def9FjBp9P3JLNSdBGY3+pMLH/kYxg JWCqKxDp5l4x4JA8+HI= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for rootcanary.net
	`rootcanary.net. 60 IN DNSKEY ( 257 3 8 AwEAAdDk0xPx74/+J4BFAtodd6j2yTDoX9D+paSjzxVl+jMQmrsrQprdBxX3fale9f62j4oo7scf U+wabBXl56lehbw/wds6oVqDNun9ORQisXhIq9H+u3a9WtTAF+OQyPoSirRLYdNR7+wWvb88L27w 88+jL0gkFb8klGzr03EFrq6r ) ; Key ID = 64786`
	`rootcanary.net. 60 IN DNSKEY ( 256 3 8 AwEAAbTt2EpLNxL2BJh6zgrhiEBK1sfxYPvEQgQkM1O53+lnT+c8W+9lYMhI1m2mLwecKvq7ePok 5d1XO11UKUXV5pRD9d66qXLwDxMJ4krEMlOvmMS/HWskybkREtMdPdcv5eNdtuT8VeCPTGZuoNe2 oEK4NFSUU5eG0pkWo27Kl3oV ) ; Key ID = 25188`
	DNSKEY=64786/SEP is now in the chain-of-trust
	DS=64786/SHA-256 verifies DNSKEY=64786/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`rootcanary.net. 60 IN RRSIG ( DNSKEY 8 2 60 20220806063717 20220621063717 64786 rootcanary.net. XAzX2PNBAdNt73BnPwIa8rQznQwIhz5aXmrm6TPXxvijZhG8D6bfQa8+fZNr9VIy1ptyZbr7niiv sG2OILI+ikcLBpUtEdEmZ5aLMkePww2tcPtitbCqtS9Ut0Def9FjBp9P3JLNSdBGY3+pMLH/kYxg JWCqKxDp5l4x4JA8+HI= )`
	RRSIG=64786 and DNSKEY=64786/SEP verifies the DNSKEY RRset
	DNSKEY=25188 is now in the chain-of-trust
	Query to ns3.surfnet.nl for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 195.169.124.71
	;; Response received from 195.169.124.71 (253 octets) ;; HEADER SECTION ;; id = 20126 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.20 bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. Or0tkgVKBZsWcvevRbMfsbd7SG4s75Cx49cokR0em4d2K0GiMFAwHJlY1X+b4pQi41AVEgGRxylK ntHECBP5fWVvi+i9Yq1QtYc6nsfnA3nGxiTOJ9lfEcFaQW9vpuMMXLd0LjTMaJZN9ii8rX0gDD+C XyWhfzLGDcjnEDawAlA= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	ns3.surfnet.nl is authoritative for bogus.d1a5n1.rootcanary.net
	Query to ns2.surfnet.nl for d1a5n1.rootcanary.net/DNSKEY
	Received 379 bytes from 192.87.36.2
	;; Response received from 192.87.36.2 (379 octets) ;; HEADER SECTION ;; id = 52157 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN DNSKEY ( 257 3 5 AwEAAc6wNvNDnpU/HfBoV/kxKEFdWbaszU01iu9kbHX4Y8M20KMrABy0DeUcTSDya5uVQMygWYuO YDPFo+8lfYl+hHhZK/e4/pENUWUm19xxxsmKIiWETS1223onenWuOvRe1nnb4TNUkg0R9rMNsRQE ejot28cShNLiAL5WMC52k49N ) ; Key ID = 14998 d1a5n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 5 3 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. aP/x9gAi2TCwi8+SPuwZX4Df/ZsuRKB0zqIqf25ZC14b1tGI+pVGVWaUq07hyEtAlhE4WgTb+YUP xGQPjY22GCTIzZ4ZYZJSVWNaiyc4Cr+ws5HqQxawYRFGsNE4K3uy7yLDd9Mc+Aow+g7stDBra83Y 7VKa9U990fgy8RdjZYI= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone d1a5n1.rootcanary.net
	Attempting to learn nameservers for d1a5n1.rootcanary.net
	Query to ns1.surfnet.nl for d1a5n1.rootcanary.net/NS
	Received 276 bytes from 192.87.106.101
	;; Response received from 192.87.106.101 (276 octets) ;; HEADER SECTION ;; id = 15577 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN NS ;; ANSWER SECTION (3 records) d1a5n1.rootcanary.net. 60 IN NS sec2.rcode0.net. d1a5n1.rootcanary.net. 60 IN NS sec1.rcode0.net. d1a5n1.rootcanary.net. 60 IN RRSIG ( NS 5 3 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. ipkJ63jzaJixLa5/VMST7PCzuIT/Dmr1t0Wpgw3LKRXLPj1CcdGOuzvUlx2ELebmkBEXInfeoGcp khM77pqi6oKMigJd678NB/1Grr+osAKUGfWiO97wDFE63IUybuXEn9mkBD1trtaRmHT5skFPPPxK Ph1F2wsLg8cinhYGcZk= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found d1a5n1.rootcanary.net nameservers: sec2.rcode0.net, sec1.rcode0.net

d1a5n1.rootcanary.net

	Checking DS between rootcanary.net and d1a5n1.rootcanary.net
	Query to ns3.surfnet.nl for d1a5n1.rootcanary.net/DS
	Received 260 bytes from 195.169.124.71
	;; Response received from 195.169.124.71 (260 octets) ;; HEADER SECTION ;; id = 57982 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN DS ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN DS ( 14998 5 1 80e0b97a25971000a46572c986f791cd1a18060c ) d1a5n1.rootcanary.net. 60 IN RRSIG ( DS 8 3 60 20220806063717 20220621063717 25188 rootcanary.net. XXhmu+O7Hrb18V4Mbs2D5dr0G2N3Ez8Fzgbzq4UbDdbIawLlkKeNRw0ayRNYTFUiV/2sREvEhl/q YEx22++9D8wBLww44CYIIhaHVL0fY8MsqgaCnTSvuYxTMmUS1PIvsIe/6/JQ9R+k+rbzi82HUU+q P6FjxVzlBCDRvxeIPKM= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 1 DS records for d1a5n1.rootcanary.net in the rootcanary.net zone
	DS=14998/SHA-1 has algorithm RSASHA1
	Found 1 RRSIGs over DS RRset
	`d1a5n1.rootcanary.net. 60 IN RRSIG ( DS 8 3 60 20220806063717 20220621063717 25188 rootcanary.net. XXhmu+O7Hrb18V4Mbs2D5dr0G2N3Ez8Fzgbzq4UbDdbIawLlkKeNRw0ayRNYTFUiV/2sREvEhl/q YEx22++9D8wBLww44CYIIhaHVL0fY8MsqgaCnTSvuYxTMmUS1PIvsIe/6/JQ9R+k+rbzi82HUU+q P6FjxVzlBCDRvxeIPKM= )`
	RRSIG=25188 and DNSKEY=25188 verifies the DS RRset
	DS=14998/SHA-1 is now in the chain-of-trust
	`d1a5n1.rootcanary.net. 60 IN DS ( 14998 5 1 80e0b97a25971000a46572c986f791cd1a18060c )`
	Query to sec1.rcode0.net for d1a5n1.rootcanary.net/DNSKEY
	Received 379 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (379 octets) ;; HEADER SECTION ;; id = 57900 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 5 3 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. aP/x9gAi2TCwi8+SPuwZX4Df/ZsuRKB0zqIqf25ZC14b1tGI+pVGVWaUq07hyEtAlhE4WgTb+YUP xGQPjY22GCTIzZ4ZYZJSVWNaiyc4Cr+ws5HqQxawYRFGsNE4K3uy7yLDd9Mc+Aow+g7stDBra83Y 7VKa9U990fgy8RdjZYI= ) d1a5n1.rootcanary.net. 60 IN DNSKEY ( 257 3 5 AwEAAc6wNvNDnpU/HfBoV/kxKEFdWbaszU01iu9kbHX4Y8M20KMrABy0DeUcTSDya5uVQMygWYuO YDPFo+8lfYl+hHhZK/e4/pENUWUm19xxxsmKIiWETS1223onenWuOvRe1nnb4TNUkg0R9rMNsRQE ejot28cShNLiAL5WMC52k49N ) ; Key ID = 14998 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found 1 DNSKEY records for d1a5n1.rootcanary.net
	`d1a5n1.rootcanary.net. 60 IN DNSKEY ( 257 3 5 AwEAAc6wNvNDnpU/HfBoV/kxKEFdWbaszU01iu9kbHX4Y8M20KMrABy0DeUcTSDya5uVQMygWYuO YDPFo+8lfYl+hHhZK/e4/pENUWUm19xxxsmKIiWETS1223onenWuOvRe1nnb4TNUkg0R9rMNsRQE ejot28cShNLiAL5WMC52k49N ) ; Key ID = 14998`
	DNSKEY=14998/SEP is now in the chain-of-trust
	DS=14998/SHA-1 verifies DNSKEY=14998/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`d1a5n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 5 3 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. aP/x9gAi2TCwi8+SPuwZX4Df/ZsuRKB0zqIqf25ZC14b1tGI+pVGVWaUq07hyEtAlhE4WgTb+YUP xGQPjY22GCTIzZ4ZYZJSVWNaiyc4Cr+ws5HqQxawYRFGsNE4K3uy7yLDd9Mc+Aow+g7stDBra83Y 7VKa9U990fgy8RdjZYI= )`
	RRSIG=14998 and DNSKEY=14998/SEP verifies the DNSKEY RRset
	Query to sec2.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (253 octets) ;; HEADER SECTION ;; id = 46314 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. Or0tkgVKBZsWcvevRbMfsbd7SG4s75Cx49cokR0em4d2K0GiMFAwHJlY1X+b4pQi41AVEgGRxylK ntHECBP5fWVvi+i9Yq1QtYc6nsfnA3nGxiTOJ9lfEcFaQW9vpuMMXLd0LjTMaJZN9ii8rX0gDD+C XyWhfzLGDcjnEDawAlA= ) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.20 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	sec2.rcode0.net is authoritative for bogus.d1a5n1.rootcanary.net
	Query to sec1.rcode0.net for bogus.d1a5n1.rootcanary.net/DNSKEY
	Received 530 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (530 octets) ;; HEADER SECTION ;; id = 65421 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) d1a5n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2022062205 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d1a5n1.rootcanary.net. 60 IN RRSIG ( SOA 5 3 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. pLX2Jd+5I+Na6neYS2XHytuorODql1AMyzJ8Kds8BYEOqyjgrnY3v4LZt55/Aq1B8hIYxLybxpki M7CM9bPzU4vXToNbsQrXwgijmdzfWEeicd7jpajqsIDyBmIQB+SdXkL8QYqOqwZkP3pCoqvXZOgz 6+qs+oSq5vPaORX6/io= ) bogus.d1a5n1.rootcanary.net. 60 IN NSEC ( *.bogus.d1a5n1.rootcanary.net. A AAAA RRSIG NSEC ) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( NSEC 5 4 86400 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. O2xBCUcP3LqMWwDadCBc0G+kIIyWYUwruUTT6nsJ5Zlm10a13D4y6yLkr7uSXhJ3gURXN9zAxzz4 X81UqqxRjCDyphH/G676lWkzv6gT+0wuqua+fCmX7wmr0b0MvPwwdA4yyA9SsLPZsBCyvq6kQCwW xtE8ujidJgXPtzZ5/Rk= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found RRSIG signed by d1a5n1.rootcanary.net zone
	Query to sec1.rcode0.net for d1a5n1.rootcanary.net/SOA
	Received 292 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (292 octets) ;; HEADER SECTION ;; id = 31059 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN SOA ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN RRSIG ( SOA 5 3 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. pLX2Jd+5I+Na6neYS2XHytuorODql1AMyzJ8Kds8BYEOqyjgrnY3v4LZt55/Aq1B8hIYxLybxpki M7CM9bPzU4vXToNbsQrXwgijmdzfWEeicd7jpajqsIDyBmIQB+SdXkL8QYqOqwZkP3pCoqvXZOgz 6+qs+oSq5vPaORX6/io= ) d1a5n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2022062205 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Query to sec2.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (253 octets) ;; HEADER SECTION ;; id = 49277 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. Or0tkgVKBZsWcvevRbMfsbd7SG4s75Cx49cokR0em4d2K0GiMFAwHJlY1X+b4pQi41AVEgGRxylK ntHECBP5fWVvi+i9Yq1QtYc6nsfnA3nGxiTOJ9lfEcFaQW9vpuMMXLd0LjTMaJZN9ii8rX0gDD+C XyWhfzLGDcjnEDawAlA= ) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.20 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	bogus.d1a5n1.rootcanary.net A RR has value 145.97.20.20
	Found 1 RRSIGs over A RRset
	`bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. Or0tkgVKBZsWcvevRbMfsbd7SG4s75Cx49cokR0em4d2K0GiMFAwHJlY1X+b4pQi41AVEgGRxylK ntHECBP5fWVvi+i9Yq1QtYc6nsfnA3nGxiTOJ9lfEcFaQW9vpuMMXLd0LjTMaJZN9ii8rX0gDD+C XyWhfzLGDcjnEDawAlA= )`
	RRSIG=14998 and DNSKEY=14998/SEP does not verify the A RRset (signature verification failed)
	None of the 1 RRSIG and 1 DNSKEY records validate the A RRset
	The A RRset was not signed by any trusted keys

d1a5n1.rootcanary.net

	Query to sec1.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (253 octets) ;; HEADER SECTION ;; id = 48218 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. Or0tkgVKBZsWcvevRbMfsbd7SG4s75Cx49cokR0em4d2K0GiMFAwHJlY1X+b4pQi41AVEgGRxylK ntHECBP5fWVvi+i9Yq1QtYc6nsfnA3nGxiTOJ9lfEcFaQW9vpuMMXLd0LjTMaJZN9ii8rX0gDD+C XyWhfzLGDcjnEDawAlA= ) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.20 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	sec1.rcode0.net is authoritative for bogus.d1a5n1.rootcanary.net
	Query to sec1.rcode0.net for bogus.d1a5n1.rootcanary.net/DNSKEY
	Received 530 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (530 octets) ;; HEADER SECTION ;; id = 48758 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) d1a5n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2022062205 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d1a5n1.rootcanary.net. 60 IN RRSIG ( SOA 5 3 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. pLX2Jd+5I+Na6neYS2XHytuorODql1AMyzJ8Kds8BYEOqyjgrnY3v4LZt55/Aq1B8hIYxLybxpki M7CM9bPzU4vXToNbsQrXwgijmdzfWEeicd7jpajqsIDyBmIQB+SdXkL8QYqOqwZkP3pCoqvXZOgz 6+qs+oSq5vPaORX6/io= ) bogus.d1a5n1.rootcanary.net. 60 IN NSEC ( *.bogus.d1a5n1.rootcanary.net. A AAAA RRSIG NSEC ) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( NSEC 5 4 86400 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. O2xBCUcP3LqMWwDadCBc0G+kIIyWYUwruUTT6nsJ5Zlm10a13D4y6yLkr7uSXhJ3gURXN9zAxzz4 X81UqqxRjCDyphH/G676lWkzv6gT+0wuqua+fCmX7wmr0b0MvPwwdA4yyA9SsLPZsBCyvq6kQCwW xtE8ujidJgXPtzZ5/Rk= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found RRSIG signed by d1a5n1.rootcanary.net zone
	Query to sec1.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (253 octets) ;; HEADER SECTION ;; id = 58398 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. Or0tkgVKBZsWcvevRbMfsbd7SG4s75Cx49cokR0em4d2K0GiMFAwHJlY1X+b4pQi41AVEgGRxylK ntHECBP5fWVvi+i9Yq1QtYc6nsfnA3nGxiTOJ9lfEcFaQW9vpuMMXLd0LjTMaJZN9ii8rX0gDD+C XyWhfzLGDcjnEDawAlA= ) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.20 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	bogus.d1a5n1.rootcanary.net A RR has value 145.97.20.20
	Found 1 RRSIGs over A RRset
	`bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20220806063717 20220621063717 14998 d1a5n1.rootcanary.net. Or0tkgVKBZsWcvevRbMfsbd7SG4s75Cx49cokR0em4d2K0GiMFAwHJlY1X+b4pQi41AVEgGRxylK ntHECBP5fWVvi+i9Yq1QtYc6nsfnA3nGxiTOJ9lfEcFaQW9vpuMMXLd0LjTMaJZN9ii8rX0gDD+C XyWhfzLGDcjnEDawAlA= )`
	RRSIG=14998 and DNSKEY=14998/SEP does not verify the A RRset (signature verification failed)
	None of the 1 RRSIG and 1 DNSKEY records validate the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test bogus.d1a5n1.rootcanary.net at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: