DNSSEC Analyzer - bogus.d1a5n1.rootcanary.net

Domain Name:

Time: 2023-01-30 02:25:39 UTC, NTP stratum 4

Analyzing DNSSEC problems for bogus.d1a5n1.rootcanary.net

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to g.root-servers.net for ./DNSKEY
	Received 865 bytes from 192.112.36.4
	;; Response received from 192.112.36.4 (865 octets) ;; HEADER SECTION ;; id = 50519 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (3 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAcVnO2jZFx4756Rb/yAhJnsl72eemsObU43nclmXwqdJlp+kC5WQjGYkqLT5xkaUCPhkr4NK LLrIBZXeSGazc6gx/yrrMtUpXcQvax6kfDJPTu974OmeEbtjyyP7ZG5tUfSwNWt/4EuxDNmZTESG 8jU0ZLjYIB11pK0gSXQbMVPyIyGtFGHMPx6UxWn6zUzpECWRFbqEvkA6Y13zeJ1jG2Rki/zs7a/o 13FTl/kI9013Eh6l6Kc2zxbc14GS8fpM0/xQIrZZyeiXj/2C4RcsPeqWuNj9m0qSQrbrCZtLHb20 U8x1uue4iwSX9y7LpwZd6vjYd1d6dgBa1Xxgc/TC+m8= ) ; Key ID = 951 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20230211000000 20230121000000 20326 . UTKe6Ir/OYc+YxQKtVtll09sl7Iirz0ajr6Wtu6KZjDoXg0hSze1NKIlth7kqvXY0q1lBub5Biyk SeACSmjDUZKJ3JK4tSgMg/UqWi/Se6v8fRfv120nJZKWmUg4Iy8GXJGDLmbghz4hHW62pZ2KKDaN Fm2+u7AcRFPmyCDGCxouTFZUfjQGiO8p3+T1BESqbq+zwMF78Mls/e5qtTqSF9mQBJNGJ99FIbPc p006e5KFaP5DoL9dtbUOvmLZVzmtBiEpQUUxD/FXWQwZckKbebF8/Ja8FdctXYngrJOwaYyxnVkc 8julOAEtzRlmJOzFHVyau1QESCOfT5F1SlYrpg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 2 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAcVnO2jZFx4756Rb/yAhJnsl72eemsObU43nclmXwqdJlp+kC5WQjGYkqLT5xkaUCPhkr4NK LLrIBZXeSGazc6gx/yrrMtUpXcQvax6kfDJPTu974OmeEbtjyyP7ZG5tUfSwNWt/4EuxDNmZTESG 8jU0ZLjYIB11pK0gSXQbMVPyIyGtFGHMPx6UxWn6zUzpECWRFbqEvkA6Y13zeJ1jG2Rki/zs7a/o 13FTl/kI9013Eh6l6Kc2zxbc14GS8fpM0/xQIrZZyeiXj/2C4RcsPeqWuNj9m0qSQrbrCZtLHb20 U8x1uue4iwSX9y7LpwZd6vjYd1d6dgBa1Xxgc/TC+m8= ) ; Key ID = 951`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20230211000000 20230121000000 20326 . UTKe6Ir/OYc+YxQKtVtll09sl7Iirz0ajr6Wtu6KZjDoXg0hSze1NKIlth7kqvXY0q1lBub5Biyk SeACSmjDUZKJ3JK4tSgMg/UqWi/Se6v8fRfv120nJZKWmUg4Iy8GXJGDLmbghz4hHW62pZ2KKDaN Fm2+u7AcRFPmyCDGCxouTFZUfjQGiO8p3+T1BESqbq+zwMF78Mls/e5qtTqSF9mQBJNGJ99FIbPc p006e5KFaP5DoL9dtbUOvmLZVzmtBiEpQUUxD/FXWQwZckKbebF8/Ja8FdctXYngrJOwaYyxnVkc 8julOAEtzRlmJOzFHVyau1QESCOfT5F1SlYrpg== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=951 is now in the chain-of-trust
	Query to l.root-servers.net for bogus.d1a5n1.rootcanary.net/A
	Received 1184 bytes from 199.7.83.42
	;; Response received from 199.7.83.42 (1184 octets) ;; HEADER SECTION ;; id = 24802 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 15 arcount = 27 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (15 records) net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20230211170000 20230129160000 951 . v1uMBK+lvYUb4lqhsBvNV2SCMZPOUEmXkkzRCWVIkckicIYs4dB8wHg366Acv3V4mGBa+F4SgOnh HUFTgDHLzG+W1KfSfRKFIryPmVX3rDfyDx/4qNoxic1IAb4D46u6sC68JlgeHchGW4ys4XSJG+Pj zGKaRcdtHn8BsnfTVEgQOyC7xtWT96+g9suu3l7ZKiwDic18rfszUxl+/Hd3Ae/7ZArXw4JOS5fs kGGG8yHthGG4WpRr/DZA93tlmTAZd36JoztiPcFq7QelH8XkQdb9OyPQlLaHQ6ZHMNbrrzZb8dfv tkrWt/yML6+CVHsIyobgRFAzO7hhYo7QmJi39Q== ) ;; ADDITIONAL SECTION (27 records) a.gtld-servers.net. 172800 IN A 192.5.6.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 b.gtld-servers.net. 172800 IN A 192.33.14.30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 c.gtld-servers.net. 172800 IN A 192.26.92.30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 d.gtld-servers.net. 172800 IN A 192.31.80.30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 e.gtld-servers.net. 172800 IN A 192.12.94.30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 f.gtld-servers.net. 172800 IN A 192.35.51.30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 g.gtld-servers.net. 172800 IN A 192.42.93.30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 h.gtld-servers.net. 172800 IN A 192.54.112.30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 i.gtld-servers.net. 172800 IN A 192.43.172.30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 j.gtld-servers.net. 172800 IN A 192.48.79.30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 k.gtld-servers.net. 172800 IN A 192.52.178.30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 l.gtld-servers.net. 172800 IN A 192.41.162.30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 m.gtld-servers.net. 172800 IN A 192.55.83.30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to l.root-servers.net for net/DNSKEY
	Received 1160 bytes from 199.7.83.42
	;; Response received from 199.7.83.42 (1160 octets) ;; HEADER SECTION ;; id = 28873 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 15 arcount = 27 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (15 records) net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20230211170000 20230129160000 951 . v1uMBK+lvYUb4lqhsBvNV2SCMZPOUEmXkkzRCWVIkckicIYs4dB8wHg366Acv3V4mGBa+F4SgOnh HUFTgDHLzG+W1KfSfRKFIryPmVX3rDfyDx/4qNoxic1IAb4D46u6sC68JlgeHchGW4ys4XSJG+Pj zGKaRcdtHn8BsnfTVEgQOyC7xtWT96+g9suu3l7ZKiwDic18rfszUxl+/Hd3Ae/7ZArXw4JOS5fs kGGG8yHthGG4WpRr/DZA93tlmTAZd36JoztiPcFq7QelH8XkQdb9OyPQlLaHQ6ZHMNbrrzZb8dfv tkrWt/yML6+CVHsIyobgRFAzO7hhYo7QmJi39Q== ) ;; ADDITIONAL SECTION (27 records) a.gtld-servers.net. 172800 IN A 192.5.6.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 f.gtld-servers.net. 172800 IN A 192.35.51.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 i.gtld-servers.net. 172800 IN A 192.43.172.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 m.gtld-servers.net. 172800 IN A 192.55.83.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone net

net

	Checking DS between . and net
	Query to a.root-servers.net for net/DS
	Received 367 bytes from 198.41.0.4
	;; Response received from 198.41.0.4 (367 octets) ;; HEADER SECTION ;; id = 39860 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DS ;; ANSWER SECTION (2 records) net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20230211170000 20230129160000 951 . v1uMBK+lvYUb4lqhsBvNV2SCMZPOUEmXkkzRCWVIkckicIYs4dB8wHg366Acv3V4mGBa+F4SgOnh HUFTgDHLzG+W1KfSfRKFIryPmVX3rDfyDx/4qNoxic1IAb4D46u6sC68JlgeHchGW4ys4XSJG+Pj zGKaRcdtHn8BsnfTVEgQOyC7xtWT96+g9suu3l7ZKiwDic18rfszUxl+/Hd3Ae/7ZArXw4JOS5fs kGGG8yHthGG4WpRr/DZA93tlmTAZd36JoztiPcFq7QelH8XkQdb9OyPQlLaHQ6ZHMNbrrzZb8dfv tkrWt/yML6+CVHsIyobgRFAzO7hhYo7QmJi39Q== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 1 DS records for net in the . zone
	DS=35886/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`net. 86400 IN RRSIG ( DS 8 1 86400 20230211170000 20230129160000 951 . v1uMBK+lvYUb4lqhsBvNV2SCMZPOUEmXkkzRCWVIkckicIYs4dB8wHg366Acv3V4mGBa+F4SgOnh HUFTgDHLzG+W1KfSfRKFIryPmVX3rDfyDx/4qNoxic1IAb4D46u6sC68JlgeHchGW4ys4XSJG+Pj zGKaRcdtHn8BsnfTVEgQOyC7xtWT96+g9suu3l7ZKiwDic18rfszUxl+/Hd3Ae/7ZArXw4JOS5fs kGGG8yHthGG4WpRr/DZA93tlmTAZd36JoztiPcFq7QelH8XkQdb9OyPQlLaHQ6ZHMNbrrzZb8dfv tkrWt/yML6+CVHsIyobgRFAzO7hhYo7QmJi39Q== )`
	RRSIG=951 and DNSKEY=951 verifies the DS RRset
	DS=35886/SHA-256 is now in the chain-of-trust
	`net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee )`
	Query to b.gtld-servers.net for net/DNSKEY
	Received 775 bytes from 192.33.14.30
	;; Response received from 192.33.14.30 (775 octets) ;; HEADER SECTION ;; id = 7129 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DNSKEY ;; ANSWER SECTION (3 records) net. 86400 IN DNSKEY ( 257 3 8 AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmX SuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQD S4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ 0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00 zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn ) ; Key ID = 35886 net. 86400 IN DNSKEY ( 256 3 8 AQPf7vsAfzjJD1aeWaC0Ax5NDw2Fdlyje7LENBYOvy22ufgtlBlKIUsbWCZapHJtKXTLUTOv3ylo wY0+5cD6+mGEJ1JF56SCIX00U7w2S77Qx4Oa/I4hCKQTvI7Kk6/klrTvbIDEdDZB/t62DprcXhLc o3o2NQ746bAdzZvoRQtKYekgb4a6BjDxBi11bN/qoA1zFfl23Gmu6LTlt4Hnj39F ) ; Key ID = 27254 net. 86400 IN RRSIG ( DNSKEY 8 1 86400 20230213172830 20230129172330 35886 net. TzyaOnmi0BBOuZ/XF9l7Zyzk34tsbSylwSY9xcYuofEd1u59Y++zS+Qs6Twe5DLu/2euvmUZjwlY SrX1uJBO2C833I6xgA7ED3wCiEIKzdrFlNJUEyEGUF0JN2Cptyl25PpSaxlp6z1uQUi21RMZZ+nG yCWWRiinW6SLddr+zuholvNLeosLYzQZIlu29M4DoW1NLmLIHQXo7LUjycsAwDW7ZAw/scLPQLF0 gFXyeWlTZVQPaOTzTv3l9fv8X2c7DTnXqnMISfoNiWzTI0q0jxQl7oYLKwideGPKvPHbhKwL+Q+x EzOCMsPExRsjHDZX7xlEKMDMrFx0wLayM6jChw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for net
	`net. 86400 IN DNSKEY ( 257 3 8 AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmX SuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQD S4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ 0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00 zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn ) ; Key ID = 35886`
	`net. 86400 IN DNSKEY ( 256 3 8 AQPf7vsAfzjJD1aeWaC0Ax5NDw2Fdlyje7LENBYOvy22ufgtlBlKIUsbWCZapHJtKXTLUTOv3ylo wY0+5cD6+mGEJ1JF56SCIX00U7w2S77Qx4Oa/I4hCKQTvI7Kk6/klrTvbIDEdDZB/t62DprcXhLc o3o2NQ746bAdzZvoRQtKYekgb4a6BjDxBi11bN/qoA1zFfl23Gmu6LTlt4Hnj39F ) ; Key ID = 27254`
	DNSKEY=35886/SEP is now in the chain-of-trust
	DS=35886/SHA-256 verifies DNSKEY=35886/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`net. 86400 IN RRSIG ( DNSKEY 8 1 86400 20230213172830 20230129172330 35886 net. TzyaOnmi0BBOuZ/XF9l7Zyzk34tsbSylwSY9xcYuofEd1u59Y++zS+Qs6Twe5DLu/2euvmUZjwlY SrX1uJBO2C833I6xgA7ED3wCiEIKzdrFlNJUEyEGUF0JN2Cptyl25PpSaxlp6z1uQUi21RMZZ+nG yCWWRiinW6SLddr+zuholvNLeosLYzQZIlu29M4DoW1NLmLIHQXo7LUjycsAwDW7ZAw/scLPQLF0 gFXyeWlTZVQPaOTzTv3l9fv8X2c7DTnXqnMISfoNiWzTI0q0jxQl7oYLKwideGPKvPHbhKwL+Q+x EzOCMsPExRsjHDZX7xlEKMDMrFx0wLayM6jChw== )`
	RRSIG=35886 and DNSKEY=35886/SEP verifies the DNSKEY RRset
	DNSKEY=27254 is now in the chain-of-trust
	Query to c.gtld-servers.net for bogus.d1a5n1.rootcanary.net/A
	Received 437 bytes from 192.26.92.30
	;; Response received from 192.26.92.30 (437 octets) ;; HEADER SECTION ;; id = 25237 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 3 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) rootcanary.net. 172800 IN NS ns1.surfnet.nl. rootcanary.net. 172800 IN NS ns2.surfnet.nl. rootcanary.net. 172800 IN NS ns3.surfnet.nl. rootcanary.net. 172800 IN NS ns1.zurich.surf.net. rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20230203070520 20230127055520 27254 net. zyxyJ00CooD6ACJjSwDeUi2dWWZ70WA6WmnegC5R55yFk7q8S57RVelcetK08x5o7IyXVSqOcEdJ PDHO2v72guwx71hxAV5EyifjHmVluoN7/JuJ/Fq4OIbjG8y/msDQ0AL7AOVVV1WesWyG7mqiTVeA QpNAu7lUB1AnhMKuyFA/lhvKql6arQv94EgMSdpGfi250s8H/3KOmCeHyP/gkw== ) ;; ADDITIONAL SECTION (3 records) ns1.zurich.surf.net. 172800 IN A 195.176.255.9 ns1.zurich.surf.net. 172800 IN AAAA 2001:620:0:9::1103 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to m.gtld-servers.net for rootcanary.net/DNSKEY
	Received 424 bytes from 192.55.83.30
	;; Response received from 192.55.83.30 (424 octets) ;; HEADER SECTION ;; id = 44263 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 3 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) rootcanary.net. 172800 IN NS ns1.surfnet.nl. rootcanary.net. 172800 IN NS ns2.surfnet.nl. rootcanary.net. 172800 IN NS ns3.surfnet.nl. rootcanary.net. 172800 IN NS ns1.zurich.surf.net. rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20230203070520 20230127055520 27254 net. zyxyJ00CooD6ACJjSwDeUi2dWWZ70WA6WmnegC5R55yFk7q8S57RVelcetK08x5o7IyXVSqOcEdJ PDHO2v72guwx71hxAV5EyifjHmVluoN7/JuJ/Fq4OIbjG8y/msDQ0AL7AOVVV1WesWyG7mqiTVeA QpNAu7lUB1AnhMKuyFA/lhvKql6arQv94EgMSdpGfi250s8H/3KOmCeHyP/gkw== ) ;; ADDITIONAL SECTION (3 records) ns1.zurich.surf.net. 172800 IN A 195.176.255.9 ns1.zurich.surf.net. 172800 IN AAAA 2001:620:0:9::1103 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone rootcanary.net

rootcanary.net

	Checking DS between net and rootcanary.net
	Query to m.gtld-servers.net for rootcanary.net/DS
	Received 1186 bytes from 192.55.83.30
	;; Response received from 192.55.83.30 (1186 octets) ;; HEADER SECTION ;; id = 6940 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 14 arcount = 23 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DS ;; ANSWER SECTION (2 records) rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20230203070520 20230127055520 27254 net. zyxyJ00CooD6ACJjSwDeUi2dWWZ70WA6WmnegC5R55yFk7q8S57RVelcetK08x5o7IyXVSqOcEdJ PDHO2v72guwx71hxAV5EyifjHmVluoN7/JuJ/Fq4OIbjG8y/msDQ0AL7AOVVV1WesWyG7mqiTVeA QpNAu7lUB1AnhMKuyFA/lhvKql6arQv94EgMSdpGfi250s8H/3KOmCeHyP/gkw== ) ;; AUTHORITY SECTION (14 records) net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN RRSIG ( NS 8 1 172800 20230205071256 20230129060256 27254 net. xF/rAvqjcsV0NGYI/7qG2KLBF3TPgxT82IDf6UdRUoIyeae/IE/Bz8JRhmAICRgCoxmoN70YNtgh mlfUconmESaMU5YeEesyWvqXQQdLBh4cuUJ+Hc367W4EqgbRDOFy4iTSEX8Ud9Zm68ngKdlzTAE9 qIazee+1/JKMVpRYqoTwCPTBqinamz6R/Jo4LK4smrcYBwzUy7uS14/4+MFxlQ== ) ;; ADDITIONAL SECTION (23 records) b.gtld-servers.net. 172800 IN A 192.33.14.30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 c.gtld-servers.net. 172800 IN A 192.26.92.30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 g.gtld-servers.net. 172800 IN A 192.42.93.30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 f.gtld-servers.net. 172800 IN A 192.35.51.30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 d.gtld-servers.net. 172800 IN A 192.31.80.30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 a.gtld-servers.net. 172800 IN A 192.5.6.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 j.gtld-servers.net. 172800 IN A 192.48.79.30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 l.gtld-servers.net. 172800 IN A 192.41.162.30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 k.gtld-servers.net. 172800 IN A 192.52.178.30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 i.gtld-servers.net. 172800 IN A 192.43.172.30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 e.gtld-servers.net. 172800 IN A 192.12.94.30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 1 DS records for rootcanary.net in the net zone
	DS=64786/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20230203070520 20230127055520 27254 net. zyxyJ00CooD6ACJjSwDeUi2dWWZ70WA6WmnegC5R55yFk7q8S57RVelcetK08x5o7IyXVSqOcEdJ PDHO2v72guwx71hxAV5EyifjHmVluoN7/JuJ/Fq4OIbjG8y/msDQ0AL7AOVVV1WesWyG7mqiTVeA QpNAu7lUB1AnhMKuyFA/lhvKql6arQv94EgMSdpGfi250s8H/3KOmCeHyP/gkw== )`
	RRSIG=27254 and DNSKEY=27254 verifies the DS RRset
	DS=64786/SHA-256 is now in the chain-of-trust
	`rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 )`
	Query to ns2.surfnet.nl for rootcanary.net/DNSKEY
	Received 513 bytes from 192.87.36.2
	;; Response received from 192.87.36.2 (513 octets) ;; HEADER SECTION ;; id = 10734 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DNSKEY ;; ANSWER SECTION (3 records) rootcanary.net. 60 IN DNSKEY ( 256 3 8 AwEAAbTt2EpLNxL2BJh6zgrhiEBK1sfxYPvEQgQkM1O53+lnT+c8W+9lYMhI1m2mLwecKvq7ePok 5d1XO11UKUXV5pRD9d66qXLwDxMJ4krEMlOvmMS/HWskybkREtMdPdcv5eNdtuT8VeCPTGZuoNe2 oEK4NFSUU5eG0pkWo27Kl3oV ) ; Key ID = 25188 rootcanary.net. 60 IN DNSKEY ( 257 3 8 AwEAAdDk0xPx74/+J4BFAtodd6j2yTDoX9D+paSjzxVl+jMQmrsrQprdBxX3fale9f62j4oo7scf U+wabBXl56lehbw/wds6oVqDNun9ORQisXhIq9H+u3a9WtTAF+OQyPoSirRLYdNR7+wWvb88L27w 88+jL0gkFb8klGzr03EFrq6r ) ; Key ID = 64786 rootcanary.net. 60 IN RRSIG ( DNSKEY 8 2 60 20230311073702 20230124073702 64786 rootcanary.net. klZfvZf6YqaoDin4+cn0cfqR6Rlu4T2h/UlroOyR+oCugL285Jk7Xtou8oypn2qsXAwsAD9r058r lSSMF4kkaT+ROGNxA/FhWVUD/nW4YhzkGfosXcaNIhqK849ONSbvUImoo3MtA573f1eXhsWqAb7I EXrM8FbNvl4obufc9XM= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for rootcanary.net
	`rootcanary.net. 60 IN DNSKEY ( 256 3 8 AwEAAbTt2EpLNxL2BJh6zgrhiEBK1sfxYPvEQgQkM1O53+lnT+c8W+9lYMhI1m2mLwecKvq7ePok 5d1XO11UKUXV5pRD9d66qXLwDxMJ4krEMlOvmMS/HWskybkREtMdPdcv5eNdtuT8VeCPTGZuoNe2 oEK4NFSUU5eG0pkWo27Kl3oV ) ; Key ID = 25188`
	`rootcanary.net. 60 IN DNSKEY ( 257 3 8 AwEAAdDk0xPx74/+J4BFAtodd6j2yTDoX9D+paSjzxVl+jMQmrsrQprdBxX3fale9f62j4oo7scf U+wabBXl56lehbw/wds6oVqDNun9ORQisXhIq9H+u3a9WtTAF+OQyPoSirRLYdNR7+wWvb88L27w 88+jL0gkFb8klGzr03EFrq6r ) ; Key ID = 64786`
	DNSKEY=64786/SEP is now in the chain-of-trust
	DS=64786/SHA-256 verifies DNSKEY=64786/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`rootcanary.net. 60 IN RRSIG ( DNSKEY 8 2 60 20230311073702 20230124073702 64786 rootcanary.net. klZfvZf6YqaoDin4+cn0cfqR6Rlu4T2h/UlroOyR+oCugL285Jk7Xtou8oypn2qsXAwsAD9r058r lSSMF4kkaT+ROGNxA/FhWVUD/nW4YhzkGfosXcaNIhqK849ONSbvUImoo3MtA573f1eXhsWqAb7I EXrM8FbNvl4obufc9XM= )`
	RRSIG=64786 and DNSKEY=64786/SEP verifies the DNSKEY RRset
	DNSKEY=25188 is now in the chain-of-trust
	Query to ns2.surfnet.nl for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 192.87.36.2
	;; Response received from 192.87.36.2 (253 octets) ;; HEADER SECTION ;; id = 9989 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.20 bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. addni65s4NkJ1aS1OfyaKXe+yNr2zzimIeKLQNyCefry2ams7CqJPhukh3eg0/50ubRMBAToj83y 1/ipp0c30EKswWxJH3Q2Gvg20qN1lG9UrF4sKJfVGcyqYp4KeorFZDbcdwlsLQ9Y6CQQGODbaYON 9LLg3hY140cT7e1x2ro= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	ns2.surfnet.nl is authoritative for bogus.d1a5n1.rootcanary.net
	Query to ns3.surfnet.nl for d1a5n1.rootcanary.net/DNSKEY
	Received 379 bytes from 195.169.124.71
	;; Response received from 195.169.124.71 (379 octets) ;; HEADER SECTION ;; id = 33734 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN DNSKEY ( 257 3 5 AwEAAc6wNvNDnpU/HfBoV/kxKEFdWbaszU01iu9kbHX4Y8M20KMrABy0DeUcTSDya5uVQMygWYuO YDPFo+8lfYl+hHhZK/e4/pENUWUm19xxxsmKIiWETS1223onenWuOvRe1nnb4TNUkg0R9rMNsRQE ejot28cShNLiAL5WMC52k49N ) ; Key ID = 14998 d1a5n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 5 3 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. It3v1XXekQWk6hX3SVq7KFWe8kqLaKhzDS++Z/PU2zjSFNmckMRoRgrpFcDm1R5foaPKV3iTbIDI LsAjz5+Hg6GCYRSxWXRtbJQoAz74okXNHC9lCXenbauPuxZQplh8jRuvelj4bmvkNGGUpzc7Qdm0 h0uSSOJN+8xXfT4+axg= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone d1a5n1.rootcanary.net
	Attempting to learn nameservers for d1a5n1.rootcanary.net
	Query to ns1.zurich.surf.net for d1a5n1.rootcanary.net/NS
	Received 276 bytes from 195.176.255.9
	;; Response received from 195.176.255.9 (276 octets) ;; HEADER SECTION ;; id = 45459 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN NS ;; ANSWER SECTION (3 records) d1a5n1.rootcanary.net. 60 IN NS sec1.rcode0.net. d1a5n1.rootcanary.net. 60 IN NS sec2.rcode0.net. d1a5n1.rootcanary.net. 60 IN RRSIG ( NS 5 3 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. I5zUDv+vnyTENnrSKro4l+3PHz9PqgfeIekCQNvutKzjr7Ho8mfUr/uKcqCGIX9SlYUlEUUCYxyi rIjybtD2TVnuZ+75gB69GOZK4Rch3+vVN0xy5BR47HXIQ7H/+WbldU0O7y+9uQ2kyTXNhAobjuSu Pe5n0F7f0ardEkYSehU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found d1a5n1.rootcanary.net nameservers: sec1.rcode0.net, sec2.rcode0.net

d1a5n1.rootcanary.net

	Checking DS between rootcanary.net and d1a5n1.rootcanary.net
	Query to ns1.surfnet.nl for d1a5n1.rootcanary.net/DS
	Received 260 bytes from 192.87.106.101
	;; Response received from 192.87.106.101 (260 octets) ;; HEADER SECTION ;; id = 706 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN DS ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN DS ( 14998 5 1 80e0b97a25971000a46572c986f791cd1a18060c ) d1a5n1.rootcanary.net. 60 IN RRSIG ( DS 8 3 60 20230311073702 20230124073702 25188 rootcanary.net. Z6mWDNyL1OyRcDzLXUkbMLtEMkoZkudBCh6SXG8SIm8VSE9SfNrtHog/D99OrhATIcFRsBRiIcOm tY5UI7EBi7acl/AtOQfN9pknQVWoyuZZtF3FMZ8zc78YxDIJ41lJzlYlOxwUeMs/Ka/e1mtCFL5V OzSPgI3jogtRsFZgIFg= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 1 DS records for d1a5n1.rootcanary.net in the rootcanary.net zone
	DS=14998/SHA-1 has algorithm RSASHA1
	Found 1 RRSIGs over DS RRset
	`d1a5n1.rootcanary.net. 60 IN RRSIG ( DS 8 3 60 20230311073702 20230124073702 25188 rootcanary.net. Z6mWDNyL1OyRcDzLXUkbMLtEMkoZkudBCh6SXG8SIm8VSE9SfNrtHog/D99OrhATIcFRsBRiIcOm tY5UI7EBi7acl/AtOQfN9pknQVWoyuZZtF3FMZ8zc78YxDIJ41lJzlYlOxwUeMs/Ka/e1mtCFL5V OzSPgI3jogtRsFZgIFg= )`
	RRSIG=25188 and DNSKEY=25188 verifies the DS RRset
	DS=14998/SHA-1 is now in the chain-of-trust
	`d1a5n1.rootcanary.net. 60 IN DS ( 14998 5 1 80e0b97a25971000a46572c986f791cd1a18060c )`
	Query to sec2.rcode0.net for d1a5n1.rootcanary.net/DNSKEY
	Received 379 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (379 octets) ;; HEADER SECTION ;; id = 9654 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 5 3 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. It3v1XXekQWk6hX3SVq7KFWe8kqLaKhzDS++Z/PU2zjSFNmckMRoRgrpFcDm1R5foaPKV3iTbIDI LsAjz5+Hg6GCYRSxWXRtbJQoAz74okXNHC9lCXenbauPuxZQplh8jRuvelj4bmvkNGGUpzc7Qdm0 h0uSSOJN+8xXfT4+axg= ) d1a5n1.rootcanary.net. 60 IN DNSKEY ( 257 3 5 AwEAAc6wNvNDnpU/HfBoV/kxKEFdWbaszU01iu9kbHX4Y8M20KMrABy0DeUcTSDya5uVQMygWYuO YDPFo+8lfYl+hHhZK/e4/pENUWUm19xxxsmKIiWETS1223onenWuOvRe1nnb4TNUkg0R9rMNsRQE ejot28cShNLiAL5WMC52k49N ) ; Key ID = 14998 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found 1 DNSKEY records for d1a5n1.rootcanary.net
	`d1a5n1.rootcanary.net. 60 IN DNSKEY ( 257 3 5 AwEAAc6wNvNDnpU/HfBoV/kxKEFdWbaszU01iu9kbHX4Y8M20KMrABy0DeUcTSDya5uVQMygWYuO YDPFo+8lfYl+hHhZK/e4/pENUWUm19xxxsmKIiWETS1223onenWuOvRe1nnb4TNUkg0R9rMNsRQE ejot28cShNLiAL5WMC52k49N ) ; Key ID = 14998`
	DNSKEY=14998/SEP is now in the chain-of-trust
	DS=14998/SHA-1 verifies DNSKEY=14998/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`d1a5n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 5 3 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. It3v1XXekQWk6hX3SVq7KFWe8kqLaKhzDS++Z/PU2zjSFNmckMRoRgrpFcDm1R5foaPKV3iTbIDI LsAjz5+Hg6GCYRSxWXRtbJQoAz74okXNHC9lCXenbauPuxZQplh8jRuvelj4bmvkNGGUpzc7Qdm0 h0uSSOJN+8xXfT4+axg= )`
	RRSIG=14998 and DNSKEY=14998/SEP verifies the DNSKEY RRset
	Query to sec1.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (253 octets) ;; HEADER SECTION ;; id = 61707 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.20 bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. addni65s4NkJ1aS1OfyaKXe+yNr2zzimIeKLQNyCefry2ams7CqJPhukh3eg0/50ubRMBAToj83y 1/ipp0c30EKswWxJH3Q2Gvg20qN1lG9UrF4sKJfVGcyqYp4KeorFZDbcdwlsLQ9Y6CQQGODbaYON 9LLg3hY140cT7e1x2ro= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	sec1.rcode0.net is authoritative for bogus.d1a5n1.rootcanary.net
	Query to sec2.rcode0.net for bogus.d1a5n1.rootcanary.net/DNSKEY
	Received 530 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (530 octets) ;; HEADER SECTION ;; id = 19743 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) d1a5n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2023012505 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d1a5n1.rootcanary.net. 60 IN RRSIG ( SOA 5 3 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. exjT00P//iSbELYx8i5Dcd0vFU5PM04PLsy6wLpRqrjw0BM3OAhyus+UlvmdFEEVHdnYgkWFvx4S gWUAJC24cKasxOhQJkl6GCDf1SUIW3sme9e0d7CaMd46iND+bGxqvHcCOxT42JrmTGehhVSmNv61 Qydf+nCzEMWlyzG2r8g= ) bogus.d1a5n1.rootcanary.net. 60 IN NSEC ( *.bogus.d1a5n1.rootcanary.net. A AAAA RRSIG NSEC ) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( NSEC 5 4 86400 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. YILu+gp40mbUMDJ9tYCU9OEFr24doKZ+JinGrn+sncvr0LD9ZY5RkNsBsXkXRxPAPc53V5fN+wwt eTF7tsFMMXM/PjECLnoEDZXhinQU3dhZL0UseDQD5qyIGkVWGErHq7zj3+nKWOuA/1SOw4iI7+Dq 3gyfRAlWTf9mhRD/t+Q= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found RRSIG signed by d1a5n1.rootcanary.net zone
	Query to sec2.rcode0.net for d1a5n1.rootcanary.net/SOA
	Received 292 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (292 octets) ;; HEADER SECTION ;; id = 39052 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN SOA ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2023012505 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d1a5n1.rootcanary.net. 60 IN RRSIG ( SOA 5 3 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. exjT00P//iSbELYx8i5Dcd0vFU5PM04PLsy6wLpRqrjw0BM3OAhyus+UlvmdFEEVHdnYgkWFvx4S gWUAJC24cKasxOhQJkl6GCDf1SUIW3sme9e0d7CaMd46iND+bGxqvHcCOxT42JrmTGehhVSmNv61 Qydf+nCzEMWlyzG2r8g= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Query to sec1.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (253 octets) ;; HEADER SECTION ;; id = 49460 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.20 bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. addni65s4NkJ1aS1OfyaKXe+yNr2zzimIeKLQNyCefry2ams7CqJPhukh3eg0/50ubRMBAToj83y 1/ipp0c30EKswWxJH3Q2Gvg20qN1lG9UrF4sKJfVGcyqYp4KeorFZDbcdwlsLQ9Y6CQQGODbaYON 9LLg3hY140cT7e1x2ro= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	bogus.d1a5n1.rootcanary.net A RR has value 145.97.20.20
	Found 1 RRSIGs over A RRset
	`bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. addni65s4NkJ1aS1OfyaKXe+yNr2zzimIeKLQNyCefry2ams7CqJPhukh3eg0/50ubRMBAToj83y 1/ipp0c30EKswWxJH3Q2Gvg20qN1lG9UrF4sKJfVGcyqYp4KeorFZDbcdwlsLQ9Y6CQQGODbaYON 9LLg3hY140cT7e1x2ro= )`
	RRSIG=14998 and DNSKEY=14998/SEP does not verify the A RRset (signature verification failed)
	None of the 1 RRSIG and 1 DNSKEY records validate the A RRset
	The A RRset was not signed by any trusted keys

d1a5n1.rootcanary.net

	Query to sec2.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (253 octets) ;; HEADER SECTION ;; id = 495 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. addni65s4NkJ1aS1OfyaKXe+yNr2zzimIeKLQNyCefry2ams7CqJPhukh3eg0/50ubRMBAToj83y 1/ipp0c30EKswWxJH3Q2Gvg20qN1lG9UrF4sKJfVGcyqYp4KeorFZDbcdwlsLQ9Y6CQQGODbaYON 9LLg3hY140cT7e1x2ro= ) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.20 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	sec2.rcode0.net is authoritative for bogus.d1a5n1.rootcanary.net
	Query to sec2.rcode0.net for bogus.d1a5n1.rootcanary.net/DNSKEY
	Received 530 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (530 octets) ;; HEADER SECTION ;; id = 36504 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) d1a5n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2023012505 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d1a5n1.rootcanary.net. 60 IN RRSIG ( SOA 5 3 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. exjT00P//iSbELYx8i5Dcd0vFU5PM04PLsy6wLpRqrjw0BM3OAhyus+UlvmdFEEVHdnYgkWFvx4S gWUAJC24cKasxOhQJkl6GCDf1SUIW3sme9e0d7CaMd46iND+bGxqvHcCOxT42JrmTGehhVSmNv61 Qydf+nCzEMWlyzG2r8g= ) bogus.d1a5n1.rootcanary.net. 60 IN NSEC ( *.bogus.d1a5n1.rootcanary.net. A AAAA RRSIG NSEC ) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( NSEC 5 4 86400 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. YILu+gp40mbUMDJ9tYCU9OEFr24doKZ+JinGrn+sncvr0LD9ZY5RkNsBsXkXRxPAPc53V5fN+wwt eTF7tsFMMXM/PjECLnoEDZXhinQU3dhZL0UseDQD5qyIGkVWGErHq7zj3+nKWOuA/1SOw4iI7+Dq 3gyfRAlWTf9mhRD/t+Q= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found RRSIG signed by d1a5n1.rootcanary.net zone
	Query to sec2.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (253 octets) ;; HEADER SECTION ;; id = 48738 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. addni65s4NkJ1aS1OfyaKXe+yNr2zzimIeKLQNyCefry2ams7CqJPhukh3eg0/50ubRMBAToj83y 1/ipp0c30EKswWxJH3Q2Gvg20qN1lG9UrF4sKJfVGcyqYp4KeorFZDbcdwlsLQ9Y6CQQGODbaYON 9LLg3hY140cT7e1x2ro= ) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.20 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	bogus.d1a5n1.rootcanary.net A RR has value 145.97.20.20
	Found 1 RRSIGs over A RRset
	`bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20230311073702 20230124073702 14998 d1a5n1.rootcanary.net. addni65s4NkJ1aS1OfyaKXe+yNr2zzimIeKLQNyCefry2ams7CqJPhukh3eg0/50ubRMBAToj83y 1/ipp0c30EKswWxJH3Q2Gvg20qN1lG9UrF4sKJfVGcyqYp4KeorFZDbcdwlsLQ9Y6CQQGODbaYON 9LLg3hY140cT7e1x2ro= )`
	RRSIG=14998 and DNSKEY=14998/SEP does not verify the A RRset (signature verification failed)
	None of the 1 RRSIG and 1 DNSKEY records validate the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test bogus.d1a5n1.rootcanary.net at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: