DNSSEC Analyzer - bogus.d1a5n1.rootcanary.net

Domain Name:

Time: 2021-10-22 13:52:06 UTC, NTP stratum 16

Analyzing DNSSEC problems for bogus.d1a5n1.rootcanary.net

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to e.root-servers.net for ./DNSKEY
	Received 864 bytes from 192.203.230.10
	;; Response received from 192.203.230.10 (864 octets) ;; HEADER SECTION ;; id = 64233 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (3 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAY+oUaY0b7Z45vRD1ef/GykZqgHJtfdzRcnQNvGVQAqlH22QChtG+n1EMugw7T/6uDBAGlRI kXASdtHXhxStb9lPpyQe5/JIuMIlg+NhxKxEJ5e3J9SSPCavvDhH/BPrBCJwn8b68QAWRjVW6Rgd x63pUm7lfsimiWGMfplHNvcZWgVbKA9OI2o2lU8rT8n7zuwtlZPNpDLSI5GzrJgIiKR2Id16fmAg TJBOw14Xye/t4/BxTdxeMiiVFwA4KUV2VeqspHKSHFOz+lUIIqBRknEmYpSvnxnyi0n1n4tGnGP8 z6ZwRACi1Rw0nCu7BGOU9M6LpInRoW/W4KXLODr6xqU= ) ; Key ID = 14748 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20211111000000 20211021000000 20326 . bE6BYwH/IaOJL+OAhxQL8KcW31HhZ68V0wJ9zwOBRTRDZTXyMdW6saFS7JVuncscNyrFAqP/PAb2 5D35uDC9eIP0tmefKe0b4nrLAvQyUI6UrW0KlgCxFgjff0kJNuhDeYyz0dBSR55CxHRil6gK4AG5 Jb6BHEOVdHDmqLWS1iMGEj9USyClUVw2tJOrKqCgCpcLv7MqHGnjsBiL8/5Aim3CqylFapPWmg9D L5DHFcEzpODG2/rnfMmH7WR5dBls6/JAyoZISijxmGoiin8qe1a4nyFH/R5BfmH6EUULSz4sCiC6 quwCfikj+1uMWc/1UXKuy2AzuM/Ke/9mi5J3JQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAY+oUaY0b7Z45vRD1ef/GykZqgHJtfdzRcnQNvGVQAqlH22QChtG+n1EMugw7T/6uDBAGlRI kXASdtHXhxStb9lPpyQe5/JIuMIlg+NhxKxEJ5e3J9SSPCavvDhH/BPrBCJwn8b68QAWRjVW6Rgd x63pUm7lfsimiWGMfplHNvcZWgVbKA9OI2o2lU8rT8n7zuwtlZPNpDLSI5GzrJgIiKR2Id16fmAg TJBOw14Xye/t4/BxTdxeMiiVFwA4KUV2VeqspHKSHFOz+lUIIqBRknEmYpSvnxnyi0n1n4tGnGP8 z6ZwRACi1Rw0nCu7BGOU9M6LpInRoW/W4KXLODr6xqU= ) ; Key ID = 14748`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20211111000000 20211021000000 20326 . bE6BYwH/IaOJL+OAhxQL8KcW31HhZ68V0wJ9zwOBRTRDZTXyMdW6saFS7JVuncscNyrFAqP/PAb2 5D35uDC9eIP0tmefKe0b4nrLAvQyUI6UrW0KlgCxFgjff0kJNuhDeYyz0dBSR55CxHRil6gK4AG5 Jb6BHEOVdHDmqLWS1iMGEj9USyClUVw2tJOrKqCgCpcLv7MqHGnjsBiL8/5Aim3CqylFapPWmg9D L5DHFcEzpODG2/rnfMmH7WR5dBls6/JAyoZISijxmGoiin8qe1a4nyFH/R5BfmH6EUULSz4sCiC6 quwCfikj+1uMWc/1UXKuy2AzuM/Ke/9mi5J3JQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=14748 is now in the chain-of-trust
	Query to k.root-servers.net for bogus.d1a5n1.rootcanary.net/A
	Received 1184 bytes from 193.0.14.129
	;; Response received from 193.0.14.129 (1184 octets) ;; HEADER SECTION ;; id = 62060 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 15 arcount = 27 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (15 records) net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20211104050000 20211022040000 14748 . Oz3E1IlbsGe/tk6oT/AQsJO/0GK9uupWwZvHxAqcZQWhNN+jYj3ITSLVTRagQe7gasq5UoqYrucD ENus3C6EpTLsnqRNkb9Fq3AQpgY6Ns/eY3opvOExiOYptMCKula+XcgYw2gjKmUaGiSaqm3G1OQD xSdMfWgq2OKpJGKcLeTtqqRmwQL/8F+l7om06gBYCOIJo0GFOb97x+xzEGyUci7OK9EherJIhYIU 3O5pnzScxeWjSho34rpifoPBxDkdU0CGur6jKIvpcT2VEt30gJYR1WuA3mbn04TsI/4tlOmJiYoH Rv1TDa/vVH7s9HhVXe1k0LhUFHJKvXSabcBwXw== ) ;; ADDITIONAL SECTION (27 records) a.gtld-servers.net. 172800 IN A 192.5.6.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 f.gtld-servers.net. 172800 IN A 192.35.51.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 i.gtld-servers.net. 172800 IN A 192.43.172.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 m.gtld-servers.net. 172800 IN A 192.55.83.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Query to b.root-servers.net for net/DNSKEY
	Received 1160 bytes from 199.9.14.201
	;; Response received from 199.9.14.201 (1160 octets) ;; HEADER SECTION ;; id = 41169 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 15 arcount = 27 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (15 records) net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20211104050000 20211022040000 14748 . Oz3E1IlbsGe/tk6oT/AQsJO/0GK9uupWwZvHxAqcZQWhNN+jYj3ITSLVTRagQe7gasq5UoqYrucD ENus3C6EpTLsnqRNkb9Fq3AQpgY6Ns/eY3opvOExiOYptMCKula+XcgYw2gjKmUaGiSaqm3G1OQD xSdMfWgq2OKpJGKcLeTtqqRmwQL/8F+l7om06gBYCOIJo0GFOb97x+xzEGyUci7OK9EherJIhYIU 3O5pnzScxeWjSho34rpifoPBxDkdU0CGur6jKIvpcT2VEt30gJYR1WuA3mbn04TsI/4tlOmJiYoH Rv1TDa/vVH7s9HhVXe1k0LhUFHJKvXSabcBwXw== ) ;; ADDITIONAL SECTION (27 records) a.gtld-servers.net. 172800 IN A 192.5.6.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 b.gtld-servers.net. 172800 IN A 192.33.14.30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 c.gtld-servers.net. 172800 IN A 192.26.92.30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 d.gtld-servers.net. 172800 IN A 192.31.80.30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 e.gtld-servers.net. 172800 IN A 192.12.94.30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 f.gtld-servers.net. 172800 IN A 192.35.51.30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 g.gtld-servers.net. 172800 IN A 192.42.93.30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 h.gtld-servers.net. 172800 IN A 192.54.112.30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 i.gtld-servers.net. 172800 IN A 192.43.172.30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 j.gtld-servers.net. 172800 IN A 192.48.79.30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 k.gtld-servers.net. 172800 IN A 192.52.178.30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 l.gtld-servers.net. 172800 IN A 192.41.162.30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 m.gtld-servers.net. 172800 IN A 192.55.83.30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found child zone net

net

	Checking DS between . and net
	Query to l.root-servers.net for net/DS
	Received 367 bytes from 199.7.83.42
	;; Response received from 199.7.83.42 (367 octets) ;; HEADER SECTION ;; id = 6386 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DS ;; ANSWER SECTION (2 records) net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20211104050000 20211022040000 14748 . Oz3E1IlbsGe/tk6oT/AQsJO/0GK9uupWwZvHxAqcZQWhNN+jYj3ITSLVTRagQe7gasq5UoqYrucD ENus3C6EpTLsnqRNkb9Fq3AQpgY6Ns/eY3opvOExiOYptMCKula+XcgYw2gjKmUaGiSaqm3G1OQD xSdMfWgq2OKpJGKcLeTtqqRmwQL/8F+l7om06gBYCOIJo0GFOb97x+xzEGyUci7OK9EherJIhYIU 3O5pnzScxeWjSho34rpifoPBxDkdU0CGur6jKIvpcT2VEt30gJYR1WuA3mbn04TsI/4tlOmJiYoH Rv1TDa/vVH7s9HhVXe1k0LhUFHJKvXSabcBwXw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 1 DS records for net in the . zone
	DS=35886/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`net. 86400 IN RRSIG ( DS 8 1 86400 20211104050000 20211022040000 14748 . Oz3E1IlbsGe/tk6oT/AQsJO/0GK9uupWwZvHxAqcZQWhNN+jYj3ITSLVTRagQe7gasq5UoqYrucD ENus3C6EpTLsnqRNkb9Fq3AQpgY6Ns/eY3opvOExiOYptMCKula+XcgYw2gjKmUaGiSaqm3G1OQD xSdMfWgq2OKpJGKcLeTtqqRmwQL/8F+l7om06gBYCOIJo0GFOb97x+xzEGyUci7OK9EherJIhYIU 3O5pnzScxeWjSho34rpifoPBxDkdU0CGur6jKIvpcT2VEt30gJYR1WuA3mbn04TsI/4tlOmJiYoH Rv1TDa/vVH7s9HhVXe1k0LhUFHJKvXSabcBwXw== )`
	RRSIG=14748 and DNSKEY=14748 verifies the DS RRset
	DS=35886/SHA-256 is now in the chain-of-trust
	`net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee )`
	Query to d.gtld-servers.net for net/DNSKEY
	Received 775 bytes from 192.31.80.30
	;; Response received from 192.31.80.30 (775 octets) ;; HEADER SECTION ;; id = 59286 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DNSKEY ;; ANSWER SECTION (3 records) net. 86400 IN DNSKEY ( 257 3 8 AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmX SuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQD S4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ 0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00 zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn ) ; Key ID = 35886 net. 86400 IN DNSKEY ( 256 3 8 AQPc+XHppSgsIokAod79sL0jKA4sBuePSLrBBrcQCAJJSpxto7hsQWGUtmk0sFKAoVMrBto4lVpT BvHuDiaE+S98ptvBw7d5llp9dd9bZvX3Z47U+KVEE3zmPT887w+WZ05PDzib7hy+QMg/uug/F+lJ TIr+dGXCGvLyuWtvmWqV+hH0BL40DY2Wy4KE04NgfwWU3B5QqjFaVc9TK3R8BHl1 ) ; Key ID = 40649 net. 86400 IN RRSIG ( DNSKEY 8 1 86400 20211031162830 20211016162330 35886 net. bRk0kz8EUDZPOOxjh6V/4kVblE+ABKgubkjkgl1UlFG3U8F8Q5ATBjdzMW7lFddnM/ZFoFRfp90K AN7rwMdWaMKjA6LWWWzRGL+jk7gWLIQyut4rACPs/C6FKLeFSyO8Znpc1FZ0ftwVut0tD9r1Zfa3 b8X/tvdWdefXMXIEqewgtihLbPnjMoYimV3rYFDGSlU34zjWYq3J+r8I8mnfLg5D5v0bO/SWzCIz +0BClrv9f930D7O/CE86X3mSJTG9HoJ+4woEaimba65vqFnO79Cf/ojcMnVSpRyt1TDITz7Bkcg9 OaQX8v+o1GWl/+eZtTBM7PuaoeLwcrIE0FMaJQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for net
	`net. 86400 IN DNSKEY ( 257 3 8 AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmX SuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQD S4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ 0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00 zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn ) ; Key ID = 35886`
	`net. 86400 IN DNSKEY ( 256 3 8 AQPc+XHppSgsIokAod79sL0jKA4sBuePSLrBBrcQCAJJSpxto7hsQWGUtmk0sFKAoVMrBto4lVpT BvHuDiaE+S98ptvBw7d5llp9dd9bZvX3Z47U+KVEE3zmPT887w+WZ05PDzib7hy+QMg/uug/F+lJ TIr+dGXCGvLyuWtvmWqV+hH0BL40DY2Wy4KE04NgfwWU3B5QqjFaVc9TK3R8BHl1 ) ; Key ID = 40649`
	DNSKEY=35886/SEP is now in the chain-of-trust
	DS=35886/SHA-256 verifies DNSKEY=35886/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`net. 86400 IN RRSIG ( DNSKEY 8 1 86400 20211031162830 20211016162330 35886 net. bRk0kz8EUDZPOOxjh6V/4kVblE+ABKgubkjkgl1UlFG3U8F8Q5ATBjdzMW7lFddnM/ZFoFRfp90K AN7rwMdWaMKjA6LWWWzRGL+jk7gWLIQyut4rACPs/C6FKLeFSyO8Znpc1FZ0ftwVut0tD9r1Zfa3 b8X/tvdWdefXMXIEqewgtihLbPnjMoYimV3rYFDGSlU34zjWYq3J+r8I8mnfLg5D5v0bO/SWzCIz +0BClrv9f930D7O/CE86X3mSJTG9HoJ+4woEaimba65vqFnO79Cf/ojcMnVSpRyt1TDITz7Bkcg9 OaQX8v+o1GWl/+eZtTBM7PuaoeLwcrIE0FMaJQ== )`
	RRSIG=35886 and DNSKEY=35886/SEP verifies the DNSKEY RRset
	DNSKEY=40649 is now in the chain-of-trust
	Query to m.gtld-servers.net for bogus.d1a5n1.rootcanary.net/A
	Received 437 bytes from 192.55.83.30
	;; Response received from 192.55.83.30 (437 octets) ;; HEADER SECTION ;; id = 14110 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 3 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) rootcanary.net. 172800 IN NS ns1.surfnet.nl. rootcanary.net. 172800 IN NS ns2.surfnet.nl. rootcanary.net. 172800 IN NS ns3.surfnet.nl. rootcanary.net. 172800 IN NS ns1.zurich.surf.net. rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20211027053433 20211020042433 40649 net. 24iCFszIvQ4rJTX10eUqzam5rdHCq1XocohL9+UX8FB94wG66Dgecr1nCqupoXRY3R1CjIELCJ2g xq8gpkwWjx/eZ1g9SYMX6OEILImeflqKT26O8r5W0190bhCh4/4/Srr4Bh0u4SyFXh8ETnuOYBCP 5lGjSpayFNKMJ89zcCggnkqrilf/oKhhezb363f832Pc4m3P42IaBXWuhKdvZw== ) ;; ADDITIONAL SECTION (3 records) ns1.zurich.surf.net. 172800 IN A 195.176.255.9 ns1.zurich.surf.net. 172800 IN AAAA 2001:620:0:9::1103 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to b.gtld-servers.net for rootcanary.net/DNSKEY
	Received 424 bytes from 192.33.14.30
	;; Response received from 192.33.14.30 (424 octets) ;; HEADER SECTION ;; id = 36125 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 3 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) rootcanary.net. 172800 IN NS ns1.surfnet.nl. rootcanary.net. 172800 IN NS ns2.surfnet.nl. rootcanary.net. 172800 IN NS ns3.surfnet.nl. rootcanary.net. 172800 IN NS ns1.zurich.surf.net. rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20211027053433 20211020042433 40649 net. 24iCFszIvQ4rJTX10eUqzam5rdHCq1XocohL9+UX8FB94wG66Dgecr1nCqupoXRY3R1CjIELCJ2g xq8gpkwWjx/eZ1g9SYMX6OEILImeflqKT26O8r5W0190bhCh4/4/Srr4Bh0u4SyFXh8ETnuOYBCP 5lGjSpayFNKMJ89zcCggnkqrilf/oKhhezb363f832Pc4m3P42IaBXWuhKdvZw== ) ;; ADDITIONAL SECTION (3 records) ns1.zurich.surf.net. 172800 IN A 195.176.255.9 ns1.zurich.surf.net. 172800 IN AAAA 2001:620:0:9::1103 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone rootcanary.net

rootcanary.net

	Checking DS between net and rootcanary.net
	Query to e.gtld-servers.net for rootcanary.net/DS
	Received 1186 bytes from 192.12.94.30
	;; Response received from 192.12.94.30 (1186 octets) ;; HEADER SECTION ;; id = 20318 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 14 arcount = 23 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DS ;; ANSWER SECTION (2 records) rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20211027053433 20211020042433 40649 net. 24iCFszIvQ4rJTX10eUqzam5rdHCq1XocohL9+UX8FB94wG66Dgecr1nCqupoXRY3R1CjIELCJ2g xq8gpkwWjx/eZ1g9SYMX6OEILImeflqKT26O8r5W0190bhCh4/4/Srr4Bh0u4SyFXh8ETnuOYBCP 5lGjSpayFNKMJ89zcCggnkqrilf/oKhhezb363f832Pc4m3P42IaBXWuhKdvZw== ) ;; AUTHORITY SECTION (14 records) net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN RRSIG ( NS 8 1 172800 20211029054030 20211022043030 40649 net. XVocQgCzZYkE5bYkUieXySQc8FlJ2oA5ihEyA34SfzpDGh7vS3oPUaN0RXQd1T2H8Mlwp/uO+fFF caessviJUwMSdPBivx+aqI2kWC8CS7nCxnk+wJUDf9wDIjp/u8gRA2nHNLiNm1HHZhludKLSaUYU FxUYxm35qt/BVPWBLr4+I9n3AADAsF5UIV4Ei7DHpkvjC7t14mAfQBAcunXzsA== ) ;; ADDITIONAL SECTION (23 records) g.gtld-servers.net. 172800 IN A 192.42.93.30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 h.gtld-servers.net. 172800 IN A 192.54.112.30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 l.gtld-servers.net. 172800 IN A 192.41.162.30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 m.gtld-servers.net. 172800 IN A 192.55.83.30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 d.gtld-servers.net. 172800 IN A 192.31.80.30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 i.gtld-servers.net. 172800 IN A 192.43.172.30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 e.gtld-servers.net. 172800 IN A 192.12.94.30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 j.gtld-servers.net. 172800 IN A 192.48.79.30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 a.gtld-servers.net. 172800 IN A 192.5.6.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 k.gtld-servers.net. 172800 IN A 192.52.178.30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 b.gtld-servers.net. 172800 IN A 192.33.14.30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 1 DS records for rootcanary.net in the net zone
	DS=64786/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20211027053433 20211020042433 40649 net. 24iCFszIvQ4rJTX10eUqzam5rdHCq1XocohL9+UX8FB94wG66Dgecr1nCqupoXRY3R1CjIELCJ2g xq8gpkwWjx/eZ1g9SYMX6OEILImeflqKT26O8r5W0190bhCh4/4/Srr4Bh0u4SyFXh8ETnuOYBCP 5lGjSpayFNKMJ89zcCggnkqrilf/oKhhezb363f832Pc4m3P42IaBXWuhKdvZw== )`
	RRSIG=40649 and DNSKEY=40649 verifies the DS RRset
	DS=64786/SHA-256 is now in the chain-of-trust
	`rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 )`
	Query to ns1.surfnet.nl for rootcanary.net/DNSKEY
	Received 513 bytes from 192.87.106.101
	;; Response received from 192.87.106.101 (513 octets) ;; HEADER SECTION ;; id = 33135 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DNSKEY ;; ANSWER SECTION (3 records) rootcanary.net. 60 IN DNSKEY ( 256 3 8 AwEAAbTt2EpLNxL2BJh6zgrhiEBK1sfxYPvEQgQkM1O53+lnT+c8W+9lYMhI1m2mLwecKvq7ePok 5d1XO11UKUXV5pRD9d66qXLwDxMJ4krEMlOvmMS/HWskybkREtMdPdcv5eNdtuT8VeCPTGZuoNe2 oEK4NFSUU5eG0pkWo27Kl3oV ) ; Key ID = 25188 rootcanary.net. 60 IN DNSKEY ( 257 3 8 AwEAAdDk0xPx74/+J4BFAtodd6j2yTDoX9D+paSjzxVl+jMQmrsrQprdBxX3fale9f62j4oo7scf U+wabBXl56lehbw/wds6oVqDNun9ORQisXhIq9H+u3a9WtTAF+OQyPoSirRLYdNR7+wWvb88L27w 88+jL0gkFb8klGzr03EFrq6r ) ; Key ID = 64786 rootcanary.net. 60 IN RRSIG ( DNSKEY 8 2 60 20211204063704 20211019063704 64786 rootcanary.net. kkn3rQkXow3tQvf9G2uH1OOt1iI4I2wzSMQXuBWAUsiIg4bB3h+r2Yy6U8xnDevcwxVxHRyLQZwL n2RVfUlXXwaCLwST0y2y+fIpeLlbCqTJyv4XDOmpTZoCXjJw2iy6NLeF9OTtqFDne0GHlDn+MVus mVS2iaubTYA4TyfwMGM= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for rootcanary.net
	`rootcanary.net. 60 IN DNSKEY ( 256 3 8 AwEAAbTt2EpLNxL2BJh6zgrhiEBK1sfxYPvEQgQkM1O53+lnT+c8W+9lYMhI1m2mLwecKvq7ePok 5d1XO11UKUXV5pRD9d66qXLwDxMJ4krEMlOvmMS/HWskybkREtMdPdcv5eNdtuT8VeCPTGZuoNe2 oEK4NFSUU5eG0pkWo27Kl3oV ) ; Key ID = 25188`
	`rootcanary.net. 60 IN DNSKEY ( 257 3 8 AwEAAdDk0xPx74/+J4BFAtodd6j2yTDoX9D+paSjzxVl+jMQmrsrQprdBxX3fale9f62j4oo7scf U+wabBXl56lehbw/wds6oVqDNun9ORQisXhIq9H+u3a9WtTAF+OQyPoSirRLYdNR7+wWvb88L27w 88+jL0gkFb8klGzr03EFrq6r ) ; Key ID = 64786`
	DNSKEY=64786/SEP is now in the chain-of-trust
	DS=64786/SHA-256 verifies DNSKEY=64786/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`rootcanary.net. 60 IN RRSIG ( DNSKEY 8 2 60 20211204063704 20211019063704 64786 rootcanary.net. kkn3rQkXow3tQvf9G2uH1OOt1iI4I2wzSMQXuBWAUsiIg4bB3h+r2Yy6U8xnDevcwxVxHRyLQZwL n2RVfUlXXwaCLwST0y2y+fIpeLlbCqTJyv4XDOmpTZoCXjJw2iy6NLeF9OTtqFDne0GHlDn+MVus mVS2iaubTYA4TyfwMGM= )`
	RRSIG=64786 and DNSKEY=64786/SEP verifies the DNSKEY RRset
	DNSKEY=25188 is now in the chain-of-trust
	Query to ns1.surfnet.nl for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 192.87.106.101
	;; Response received from 192.87.106.101 (253 octets) ;; HEADER SECTION ;; id = 48527 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.17 bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. eZgSU/f1DDB8OMlWS/rFrzRwesYaFSAEUYX9qug1P8sxM6tGWdZxcQQ0m0DeXawAEuU6F4gvHPui bclsSQ86zJpDsoWEmo2agCo1jReWI1B+QBCygZXZrBY+HcWcbGQ39Wlw7HG+XKQqBF15TLbAuURF MkfSDVsTzeYK9+IKfxA= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	ns1.surfnet.nl is authoritative for bogus.d1a5n1.rootcanary.net
	Query to ns2.surfnet.nl for d1a5n1.rootcanary.net/DNSKEY
	Received 379 bytes from 192.87.36.2
	;; Response received from 192.87.36.2 (379 octets) ;; HEADER SECTION ;; id = 54866 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN DNSKEY ( 257 3 5 AwEAAc6wNvNDnpU/HfBoV/kxKEFdWbaszU01iu9kbHX4Y8M20KMrABy0DeUcTSDya5uVQMygWYuO YDPFo+8lfYl+hHhZK/e4/pENUWUm19xxxsmKIiWETS1223onenWuOvRe1nnb4TNUkg0R9rMNsRQE ejot28cShNLiAL5WMC52k49N ) ; Key ID = 14998 d1a5n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 5 3 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. E4LU+YrOfHxabW9pIPWrrL7NR3rrw6F08xzpT8w4HjrbjUZM5rXONgEjnQ1OEaGt4uynQAxn4oWz gbbX5JclDAL/a2rT1cFP2z/MIMDKCD6KmaMzE5jw3YwUCNbEg2mvpMalcHJylt9tHean5sDU9YdD XyGYj5YXYgH3nNk3OEU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone d1a5n1.rootcanary.net
	Attempting to learn nameservers for d1a5n1.rootcanary.net
	Query to ns1.surfnet.nl for d1a5n1.rootcanary.net/NS
	Received 276 bytes from 192.87.106.101
	;; Response received from 192.87.106.101 (276 octets) ;; HEADER SECTION ;; id = 26104 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN NS ;; ANSWER SECTION (3 records) d1a5n1.rootcanary.net. 60 IN NS sec2.rcode0.net. d1a5n1.rootcanary.net. 60 IN NS sec1.rcode0.net. d1a5n1.rootcanary.net. 60 IN RRSIG ( NS 5 3 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. k2phP4xNx9Y9zQkMlVHti3whQ0RmeCaZfhUBvzHII6/6VwkBbB96c4VKUW7VciIy42Wm8aOX3Ufa OBKdnqTX9KBMEARzhPR/ZPcSQS0LW343cVuEEaSuYttLYQ9KWyNwMUXC2N57t+sbNuj89p34csMC G7wSeKHNZBnahdkHwiA= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found d1a5n1.rootcanary.net nameservers: sec2.rcode0.net, sec1.rcode0.net

d1a5n1.rootcanary.net

	Checking DS between rootcanary.net and d1a5n1.rootcanary.net
	Query to ns2.surfnet.nl for d1a5n1.rootcanary.net/DS
	Received 260 bytes from 192.87.36.2
	;; Response received from 192.87.36.2 (260 octets) ;; HEADER SECTION ;; id = 39390 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN DS ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN DS ( 14998 5 1 80e0b97a25971000a46572c986f791cd1a18060c ) d1a5n1.rootcanary.net. 60 IN RRSIG ( DS 8 3 60 20211204063704 20211019063704 25188 rootcanary.net. FJXEKPWM/pfe/DRhlSMVW3nqvFK294zdSdtI6YpUzuwtmqKxb95eSdFzu0ciQ/fxm700ROSelShu 7ngIEYXEkWn+d30ckmOxLRu5XxkdfRbH5QW5fIgimXkUMcT2/QX6UKFgss+OOqAkz1C++xiDqcx/ GMwV3WFUpb7kDJ+ma4c= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 1 DS records for d1a5n1.rootcanary.net in the rootcanary.net zone
	DS=14998/SHA-1 has algorithm RSASHA1
	Found 1 RRSIGs over DS RRset
	`d1a5n1.rootcanary.net. 60 IN RRSIG ( DS 8 3 60 20211204063704 20211019063704 25188 rootcanary.net. FJXEKPWM/pfe/DRhlSMVW3nqvFK294zdSdtI6YpUzuwtmqKxb95eSdFzu0ciQ/fxm700ROSelShu 7ngIEYXEkWn+d30ckmOxLRu5XxkdfRbH5QW5fIgimXkUMcT2/QX6UKFgss+OOqAkz1C++xiDqcx/ GMwV3WFUpb7kDJ+ma4c= )`
	RRSIG=25188 and DNSKEY=25188 verifies the DS RRset
	DS=14998/SHA-1 is now in the chain-of-trust
	`d1a5n1.rootcanary.net. 60 IN DS ( 14998 5 1 80e0b97a25971000a46572c986f791cd1a18060c )`
	Query to sec1.rcode0.net for d1a5n1.rootcanary.net/DNSKEY
	Received 379 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (379 octets) ;; HEADER SECTION ;; id = 44609 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN DNSKEY ( 257 3 5 AwEAAc6wNvNDnpU/HfBoV/kxKEFdWbaszU01iu9kbHX4Y8M20KMrABy0DeUcTSDya5uVQMygWYuO YDPFo+8lfYl+hHhZK/e4/pENUWUm19xxxsmKIiWETS1223onenWuOvRe1nnb4TNUkg0R9rMNsRQE ejot28cShNLiAL5WMC52k49N ) ; Key ID = 14998 d1a5n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 5 3 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. E4LU+YrOfHxabW9pIPWrrL7NR3rrw6F08xzpT8w4HjrbjUZM5rXONgEjnQ1OEaGt4uynQAxn4oWz gbbX5JclDAL/a2rT1cFP2z/MIMDKCD6KmaMzE5jw3YwUCNbEg2mvpMalcHJylt9tHean5sDU9YdD XyGYj5YXYgH3nNk3OEU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found 1 DNSKEY records for d1a5n1.rootcanary.net
	`d1a5n1.rootcanary.net. 60 IN DNSKEY ( 257 3 5 AwEAAc6wNvNDnpU/HfBoV/kxKEFdWbaszU01iu9kbHX4Y8M20KMrABy0DeUcTSDya5uVQMygWYuO YDPFo+8lfYl+hHhZK/e4/pENUWUm19xxxsmKIiWETS1223onenWuOvRe1nnb4TNUkg0R9rMNsRQE ejot28cShNLiAL5WMC52k49N ) ; Key ID = 14998`
	DNSKEY=14998/SEP is now in the chain-of-trust
	DS=14998/SHA-1 verifies DNSKEY=14998/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`d1a5n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 5 3 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. E4LU+YrOfHxabW9pIPWrrL7NR3rrw6F08xzpT8w4HjrbjUZM5rXONgEjnQ1OEaGt4uynQAxn4oWz gbbX5JclDAL/a2rT1cFP2z/MIMDKCD6KmaMzE5jw3YwUCNbEg2mvpMalcHJylt9tHean5sDU9YdD XyGYj5YXYgH3nNk3OEU= )`
	RRSIG=14998 and DNSKEY=14998/SEP verifies the DNSKEY RRset
	Query to sec1.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (253 octets) ;; HEADER SECTION ;; id = 24988 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. eZgSU/f1DDB8OMlWS/rFrzRwesYaFSAEUYX9qug1P8sxM6tGWdZxcQQ0m0DeXawAEuU6F4gvHPui bclsSQ86zJpDsoWEmo2agCo1jReWI1B+QBCygZXZrBY+HcWcbGQ39Wlw7HG+XKQqBF15TLbAuURF MkfSDVsTzeYK9+IKfxA= ) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.17 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	sec1.rcode0.net is authoritative for bogus.d1a5n1.rootcanary.net
	Query to sec2.rcode0.net for bogus.d1a5n1.rootcanary.net/DNSKEY
	Received 532 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (532 octets) ;; HEADER SECTION ;; id = 32373 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) d1a5n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2021102004 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d1a5n1.rootcanary.net. 60 IN RRSIG ( SOA 5 3 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. QbmCIeMI7oB6yNG1xT53qoS5OGumU2MFnbBI8FJKh0J4d1yPfUgrJc7WStf4VXMgBXaMpfC9t5y2 ht2Ycs0NSTb3bLClPUk5tmTLwwEbF1QwOMLayL9hpN5i1uZmGjMZyrYYiaRynIpwPyXFNBra4/EC UGhrGKpGbs1Sb8yLl+s= ) bogus.d1a5n1.rootcanary.net. 60 IN NSEC ( ..bogus.d1a5n1.rootcanary.net. A AAAA RRSIG NSEC ) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( NSEC 5 4 86400 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. kN6s+Gv3O+YtQEo930AFsJAYDwZaWOlxyehV4J+eoxzyHQzZ1vDr0Ng2J3zLJSIzqAT1nWiyuCHg 8YmLAkZgQb9jCX6ykSWOJmbgzDuJtjJF9B0eniXthPqbvmORjnFr29ZbMSlxFTaiU0HhScknvP+5 Gfs0ARe/sOWIZmknEd0= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found RRSIG signed by d1a5n1.rootcanary.net zone
	Query to sec2.rcode0.net for d1a5n1.rootcanary.net/SOA
	Received 292 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (292 octets) ;; HEADER SECTION ;; id = 21834 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; d1a5n1.rootcanary.net. IN SOA ;; ANSWER SECTION (2 records) d1a5n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2021102004 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d1a5n1.rootcanary.net. 60 IN RRSIG ( SOA 5 3 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. QbmCIeMI7oB6yNG1xT53qoS5OGumU2MFnbBI8FJKh0J4d1yPfUgrJc7WStf4VXMgBXaMpfC9t5y2 ht2Ycs0NSTb3bLClPUk5tmTLwwEbF1QwOMLayL9hpN5i1uZmGjMZyrYYiaRynIpwPyXFNBra4/EC UGhrGKpGbs1Sb8yLl+s= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Query to sec1.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (253 octets) ;; HEADER SECTION ;; id = 59563 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. eZgSU/f1DDB8OMlWS/rFrzRwesYaFSAEUYX9qug1P8sxM6tGWdZxcQQ0m0DeXawAEuU6F4gvHPui bclsSQ86zJpDsoWEmo2agCo1jReWI1B+QBCygZXZrBY+HcWcbGQ39Wlw7HG+XKQqBF15TLbAuURF MkfSDVsTzeYK9+IKfxA= ) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.17 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	bogus.d1a5n1.rootcanary.net A RR has value 145.97.20.17
	Found 1 RRSIGs over A RRset
	`bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. eZgSU/f1DDB8OMlWS/rFrzRwesYaFSAEUYX9qug1P8sxM6tGWdZxcQQ0m0DeXawAEuU6F4gvHPui bclsSQ86zJpDsoWEmo2agCo1jReWI1B+QBCygZXZrBY+HcWcbGQ39Wlw7HG+XKQqBF15TLbAuURF MkfSDVsTzeYK9+IKfxA= )`
	RRSIG=14998 and DNSKEY=14998/SEP does not verify the A RRset (signature verification failed)
	None of the 1 RRSIG and 1 DNSKEY records validate the A RRset
	The A RRset was not signed by any trusted keys

d1a5n1.rootcanary.net

	Query to sec2.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (253 octets) ;; HEADER SECTION ;; id = 11905 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. eZgSU/f1DDB8OMlWS/rFrzRwesYaFSAEUYX9qug1P8sxM6tGWdZxcQQ0m0DeXawAEuU6F4gvHPui bclsSQ86zJpDsoWEmo2agCo1jReWI1B+QBCygZXZrBY+HcWcbGQ39Wlw7HG+XKQqBF15TLbAuURF MkfSDVsTzeYK9+IKfxA= ) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.17 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	sec2.rcode0.net is authoritative for bogus.d1a5n1.rootcanary.net
	Query to sec2.rcode0.net for bogus.d1a5n1.rootcanary.net/DNSKEY
	Received 532 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (532 octets) ;; HEADER SECTION ;; id = 38971 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) d1a5n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2021102004 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d1a5n1.rootcanary.net. 60 IN RRSIG ( SOA 5 3 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. QbmCIeMI7oB6yNG1xT53qoS5OGumU2MFnbBI8FJKh0J4d1yPfUgrJc7WStf4VXMgBXaMpfC9t5y2 ht2Ycs0NSTb3bLClPUk5tmTLwwEbF1QwOMLayL9hpN5i1uZmGjMZyrYYiaRynIpwPyXFNBra4/EC UGhrGKpGbs1Sb8yLl+s= ) bogus.d1a5n1.rootcanary.net. 60 IN NSEC ( ..bogus.d1a5n1.rootcanary.net. A AAAA RRSIG NSEC ) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( NSEC 5 4 86400 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. kN6s+Gv3O+YtQEo930AFsJAYDwZaWOlxyehV4J+eoxzyHQzZ1vDr0Ng2J3zLJSIzqAT1nWiyuCHg 8YmLAkZgQb9jCX6ykSWOJmbgzDuJtjJF9B0eniXthPqbvmORjnFr29ZbMSlxFTaiU0HhScknvP+5 Gfs0ARe/sOWIZmknEd0= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found RRSIG signed by d1a5n1.rootcanary.net zone
	Query to sec2.rcode0.net for bogus.d1a5n1.rootcanary.net/A
	Received 253 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (253 octets) ;; HEADER SECTION ;; id = 39327 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d1a5n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. eZgSU/f1DDB8OMlWS/rFrzRwesYaFSAEUYX9qug1P8sxM6tGWdZxcQQ0m0DeXawAEuU6F4gvHPui bclsSQ86zJpDsoWEmo2agCo1jReWI1B+QBCygZXZrBY+HcWcbGQ39Wlw7HG+XKQqBF15TLbAuURF MkfSDVsTzeYK9+IKfxA= ) bogus.d1a5n1.rootcanary.net. 60 IN A 145.97.20.17 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	bogus.d1a5n1.rootcanary.net A RR has value 145.97.20.17
	Found 1 RRSIGs over A RRset
	`bogus.d1a5n1.rootcanary.net. 60 IN RRSIG ( A 5 4 60 20211204063704 20211019063704 14998 d1a5n1.rootcanary.net. eZgSU/f1DDB8OMlWS/rFrzRwesYaFSAEUYX9qug1P8sxM6tGWdZxcQQ0m0DeXawAEuU6F4gvHPui bclsSQ86zJpDsoWEmo2agCo1jReWI1B+QBCygZXZrBY+HcWcbGQ39Wlw7HG+XKQqBF15TLbAuURF MkfSDVsTzeYK9+IKfxA= )`
	RRSIG=14998 and DNSKEY=14998/SEP does not verify the A RRset (signature verification failed)
	None of the 1 RRSIG and 1 DNSKEY records validate the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test bogus.d1a5n1.rootcanary.net at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: