Back to Verisign Labs Tools
Domain Name: Detail: more(+) / less(-) Time: 2024-10-04 12:19:26 UTC

Analyzing DNSSEC problems for bogus.d1a8n3.rootcanary.net

.
Found 3 DNSKEY records for .
DS=20326/SHA-256 verifies DNSKEY=20326/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
net
Found 1 DS records for net in the . zone
DS=37331/SHA-256 has algorithm ECDSAP256SHA256
Found 1 RRSIGs over DS RRset
RRSIG=61050 and DNSKEY=61050 verifies the DS RRset
Found 2 DNSKEY records for net
DS=37331/SHA-256 verifies DNSKEY=37331/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=37331 and DNSKEY=37331/SEP verifies the DNSKEY RRset
rootcanary.net
Found 1 DS records for rootcanary.net in the net zone
DS=64786/SHA-256 has algorithm RSASHA256
Found 1 RRSIGs over DS RRset
RRSIG=42924 and DNSKEY=42924 verifies the DS RRset
Found 2 DNSKEY records for rootcanary.net
DS=64786/SHA-256 verifies DNSKEY=64786/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=64786 and DNSKEY=64786/SEP verifies the DNSKEY RRset
ns2.surfnet.nl is authoritative for bogus.d1a8n3.rootcanary.net
d1a8n3.rootcanary.net
Found 1 DS records for d1a8n3.rootcanary.net in the rootcanary.net zone
DS=29230/SHA-1 uses a deprecated digest algorithm
DS=29230/SHA-1 has algorithm RSASHA256
Found 1 RRSIGs over DS RRset
RRSIG=25188 and DNSKEY=25188 verifies the DS RRset
Found 1 DNSKEY records for d1a8n3.rootcanary.net
DS=29230/SHA-1 verifies DNSKEY=29230/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=29230 and DNSKEY=29230/SEP verifies the DNSKEY RRset
sec2.rcode0.net is authoritative for bogus.d1a8n3.rootcanary.net
bogus.d1a8n3.rootcanary.net A RR has value 145.97.20.20
Found 1 RRSIGs over A RRset
RRSIG=29230 and DNSKEY=29230/SEP does not verify the A RRset (signature verification failed)
None of the 1 RRSIG and 1 DNSKEY records validate the A RRset
The A RRset was not signed by any trusted keys
d1a8n3.rootcanary.net
sec1.rcode0.net is authoritative for bogus.d1a8n3.rootcanary.net
bogus.d1a8n3.rootcanary.net A RR has value 145.97.20.20
Found 1 RRSIGs over A RRset
RRSIG=29230 and DNSKEY=29230/SEP does not verify the A RRset (signature verification failed)
None of the 1 RRSIG and 1 DNSKEY records validate the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test bogus.d1a8n3.rootcanary.net at dnsviz.net.

DNSSEC Debugger

↓ Advanced options