DNSSEC Analyzer - dnssec-failed.org

Domain Name:

Time: 2012-05-18 17:59:58 UTC, NTP stratum 3

Analyzing DNSSEC problems for dnssec-failed.org

DS=19036/SHA1 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. 0 IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E ; xosih-kezeb-nulum-tohin-zafab-zyfom-hubur-masam-tikam-kelek-vyxex`
	`. 0 IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 ; xidep-pybec-tyvak-zonag-kesud-vohip-cumul-fysuk-bivac-pubam-hugeb-buzud-symes-tylaf-dosog-vufor-huxax`
	Query to f.root-servers.net for ./DNSKEY
	Received 736 bytes from 192.5.5.241
	;; Answer received from 192.5.5.241 (736 bytes) ;; HEADER SECTION ;; id = 45453 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (3 records) . 172800 IN DNSKEY 256 3 8 ( AwEAAbd0IPTQdvyndWSX6HHcB+JycMl1aCGT HSJUBs/y9S93el05VvXg1VqSF4vveB9rEuAZ 1z8RNWZ9ac+rlaK7PrI5RlCIyKKPbtHbpgQG kwai8O6BZ4J/ch7DGuhGJfvoECcWjsucs683 WFRtmfLx5WNdPxxi30Czt1zPqMWfY6YJ ) ; Key ID = 56158 . 172800 IN DNSKEY 257 3 8 ( AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxh JhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd 0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJR kxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/V HL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68 LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtu A6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoB Qzgul0sGIcGOYl7OyQdXfZ57relSQageu+ip AdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwh YB4N7knNnulqQxA+Uk1ihz0= ) ; Key ID = 19036 . 172800 IN RRSIG DNSKEY 8 0 172800 20120525235959 ( 20120511000000 19036 . MtzzHscNjLh7BQcxREmsMELOepbmiXhXuob47LYuJU5Eo N9qDG3eiV7otfXNi/sOzmcbV+mPuxd6kvjwVumGlcQdY9 3Fnf8CocL7WTW94Z85tV9PtVjWiYwtGhjPaO0zscgNcHe h0DEeSooXVFhpkc35fkDKSPfpV2LyBt+KpaFY2aCDLhrN qYdFaERDwsxeWVeZLB3yO631puhCL+D7WyRBff5ZiVQKt Cw4g4s0q1z+riHRktdXs68gy8QFcDWssJyW+mZa/gXmFa F+IDbOo2pvaagRZm5Qy0DE92LDwiALKfYhVq1uV4vBmRp gk+uHCyZjOHpY6nRh7gPuW1BALg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x8000
	Found 2 DNSKEY records for .
	`. 172800 IN DNSKEY 256 3 8 ( AwEAAbd0IPTQdvyndWSX6HHcB+JycMl1aCGT HSJUBs/y9S93el05VvXg1VqSF4vveB9rEuAZ 1z8RNWZ9ac+rlaK7PrI5RlCIyKKPbtHbpgQG kwai8O6BZ4J/ch7DGuhGJfvoECcWjsucs683 WFRtmfLx5WNdPxxi30Czt1zPqMWfY6YJ ) ; Key ID = 56158`
	`. 172800 IN DNSKEY 257 3 8 ( AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxh JhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd 0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJR kxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/V HL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68 LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtu A6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoB Qzgul0sGIcGOYl7OyQdXfZ57relSQageu+ip AdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwh YB4N7knNnulqQxA+Uk1ihz0= ) ; Key ID = 19036`
	DNSKEY=19036/SEP is now in the chain-of-trust
	DS=19036/SHA1 verifies DNSKEY=19036/SEP
	DS=19036/SHA256 verifies DNSKEY=19036/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG DNSKEY 8 0 172800 20120525235959 ( 20120511000000 19036 . MtzzHscNjLh7BQcxREmsMELOepbmiXhXuob47LYuJU5Eo N9qDG3eiV7otfXNi/sOzmcbV+mPuxd6kvjwVumGlcQdY9 3Fnf8CocL7WTW94Z85tV9PtVjWiYwtGhjPaO0zscgNcHe h0DEeSooXVFhpkc35fkDKSPfpV2LyBt+KpaFY2aCDLhrN qYdFaERDwsxeWVeZLB3yO631puhCL+D7WyRBff5ZiVQKt Cw4g4s0q1z+riHRktdXs68gy8QFcDWssJyW+mZa/gXmFa F+IDbOo2pvaagRZm5Qy0DE92LDwiALKfYhVq1uV4vBmRp gk+uHCyZjOHpY6nRh7gPuW1BALg== )`
	RRSIG=19036 and DNSKEY=19036/SEP verifies the DNSKEY RRset
	DNSKEY=56158 is now in the chain-of-trust
	Query to e.root-servers.net for dnssec-failed.org/A
	Received 694 bytes from 192.203.230.10
	;; Answer received from 192.203.230.10 (694 bytes) ;; HEADER SECTION ;; id = 49882 ;; qr = 1 opcode = QUERY aa = 0 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 9 arcount = 13 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) org. 172800 IN NS a0.org.afilias-nst.info. org. 172800 IN NS a2.org.afilias-nst.info. org. 172800 IN NS b0.org.afilias-nst.org. org. 172800 IN NS b2.org.afilias-nst.org. org. 172800 IN NS c0.org.afilias-nst.info. org. 172800 IN NS d0.org.afilias-nst.org. org. 86400 IN DS 21366 7 1 e6c1716cfb6bdc84e84ce1ab5510dac69173b5b2 ; xunis-cosik-savok-rulem-gapig-simip-rihec-bekis-kagol-fatur-dexex org. 86400 IN DS 21366 7 2 96eeb2ffd9b00cd4694e78278b5efdab0a80446567b69f634da078f0d90f01ba ; xohiv-vysez-zekir-byfit-gupug-vevod-lydih-vyzip-ridim-bycuk-hunir-kilek-fefep-buviz-bakeb-zeber-paxox org. 86400 IN RRSIG DS 8 1 86400 20120525000000 ( 20120517230000 56158 . E7YSu2O26bl3Y4O+vM/jO8BjWfJjwkaPL55PRGYaduTGK TzSzNpwd0RZIg7QqnEDNHYi/tELNW6JMvxxxWsVyvm4py tpMQJd/Q/mHvINtvVwRUilCdlcqlcjJ+o8TAGyjyuItv9 cYnh/8MX9NjS1ll5MeaqhqTMkR6pIUg2w2O0= ) ;; ADDITIONAL SECTION (13 records) a0.org.afilias-nst.info. 172800 IN A 199.19.56.1 a2.org.afilias-nst.info. 172800 IN A 199.249.112.1 b0.org.afilias-nst.org. 172800 IN A 199.19.54.1 b2.org.afilias-nst.org. 172800 IN A 199.249.120.1 c0.org.afilias-nst.info. 172800 IN A 199.19.53.1 d0.org.afilias-nst.org. 172800 IN A 199.19.57.1 a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e:0:0:0:0:1 a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40:0:0:0:0:1 b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c:0:0:0:0:1 b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48:0:0:0:0:1 c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b:0:0:0:0:1 d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f:0:0:0:0:1 ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x8000
	Query to g.root-servers.net for org/DNSKEY
	Received 677 bytes from 192.112.36.4
	;; Answer received from 192.112.36.4 (677 bytes) ;; HEADER SECTION ;; id = 56784 ;; qr = 1 opcode = QUERY aa = 0 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 9 arcount = 13 ;; QUESTION SECTION (1 record) ;; org. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) org. 172800 IN NS a2.org.afilias-nst.info. org. 172800 IN NS b0.org.afilias-nst.org. org. 172800 IN NS a0.org.afilias-nst.info. org. 172800 IN NS c0.org.afilias-nst.info. org. 172800 IN NS d0.org.afilias-nst.org. org. 172800 IN NS b2.org.afilias-nst.org. org. 86400 IN DS 21366 7 1 e6c1716cfb6bdc84e84ce1ab5510dac69173b5b2 ; xunis-cosik-savok-rulem-gapig-simip-rihec-bekis-kagol-fatur-dexex org. 86400 IN DS 21366 7 2 96eeb2ffd9b00cd4694e78278b5efdab0a80446567b69f634da078f0d90f01ba ; xohiv-vysez-zekir-byfit-gupug-vevod-lydih-vyzip-ridim-bycuk-hunir-kilek-fefep-buviz-bakeb-zeber-paxox org. 86400 IN RRSIG DS 8 1 86400 20120525000000 ( 20120517230000 56158 . E7YSu2O26bl3Y4O+vM/jO8BjWfJjwkaPL55PRGYaduTGK TzSzNpwd0RZIg7QqnEDNHYi/tELNW6JMvxxxWsVyvm4py tpMQJd/Q/mHvINtvVwRUilCdlcqlcjJ+o8TAGyjyuItv9 cYnh/8MX9NjS1ll5MeaqhqTMkR6pIUg2w2O0= ) ;; ADDITIONAL SECTION (13 records) a0.org.afilias-nst.info. 172800 IN A 199.19.56.1 a2.org.afilias-nst.info. 172800 IN A 199.249.112.1 b0.org.afilias-nst.org. 172800 IN A 199.19.54.1 b2.org.afilias-nst.org. 172800 IN A 199.249.120.1 c0.org.afilias-nst.info. 172800 IN A 199.19.53.1 d0.org.afilias-nst.org. 172800 IN A 199.19.57.1 a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e:0:0:0:0:1 a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40:0:0:0:0:1 b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c:0:0:0:0:1 b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48:0:0:0:0:1 c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b:0:0:0:0:1 d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f:0:0:0:0:1 ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x8000
	Found child zone org

org

	Checking DS between . and org
	Query to m.root-servers.net for org/DS
	Received 275 bytes from 202.12.27.33
	;; Answer received from 202.12.27.33 (275 bytes) ;; HEADER SECTION ;; id = 1597 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; QUESTION SECTION (1 record) ;; org. IN DS ;; ANSWER SECTION (3 records) org. 86400 IN DS 21366 7 1 e6c1716cfb6bdc84e84ce1ab5510dac69173b5b2 ; xunis-cosik-savok-rulem-gapig-simip-rihec-bekis-kagol-fatur-dexex org. 86400 IN DS 21366 7 2 96eeb2ffd9b00cd4694e78278b5efdab0a80446567b69f634da078f0d90f01ba ; xohiv-vysez-zekir-byfit-gupug-vevod-lydih-vyzip-ridim-bycuk-hunir-kilek-fefep-buviz-bakeb-zeber-paxox org. 86400 IN RRSIG DS 8 1 86400 20120525000000 ( 20120517230000 56158 . E7YSu2O26bl3Y4O+vM/jO8BjWfJjwkaPL55PRGYaduTGK TzSzNpwd0RZIg7QqnEDNHYi/tELNW6JMvxxxWsVyvm4py tpMQJd/Q/mHvINtvVwRUilCdlcqlcjJ+o8TAGyjyuItv9 cYnh/8MX9NjS1ll5MeaqhqTMkR6pIUg2w2O0= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x8000
	Found 2 DS records for org in the . zone
	Found 1 RRSIGs over DS RRset
	`org. 86400 IN RRSIG DS 8 1 86400 20120525000000 ( 20120517230000 56158 . E7YSu2O26bl3Y4O+vM/jO8BjWfJjwkaPL55PRGYaduTGK TzSzNpwd0RZIg7QqnEDNHYi/tELNW6JMvxxxWsVyvm4py tpMQJd/Q/mHvINtvVwRUilCdlcqlcjJ+o8TAGyjyuItv9 cYnh/8MX9NjS1ll5MeaqhqTMkR6pIUg2w2O0= )`
	RRSIG=56158 and DNSKEY=56158 verifies the DS RRset
	DS=21366/SHA1 is now in the chain-of-trust
	`org. 86400 IN DS 21366 7 1 e6c1716cfb6bdc84e84ce1ab5510dac69173b5b2 ; xunis-cosik-savok-rulem-gapig-simip-rihec-bekis-kagol-fatur-dexex`
	`org. 86400 IN DS 21366 7 2 96eeb2ffd9b00cd4694e78278b5efdab0a80446567b69f634da078f0d90f01ba ; xohiv-vysez-zekir-byfit-gupug-vevod-lydih-vyzip-ridim-bycuk-hunir-kilek-fefep-buviz-bakeb-zeber-paxox`
	Query to d0.org.afilias-nst.org for org/DNSKEY
	Received 1334 bytes from 199.19.57.1
	;; Answer received from 199.19.57.1 (1334 bytes) ;; HEADER SECTION ;; id = 12369 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 6 nscount = 0 arcount = 1 ;; QUESTION SECTION (1 record) ;; org. IN DNSKEY ;; ANSWER SECTION (6 records) org. 900 IN DNSKEY 256 3 7 ( AwEAAXiNTXYLtV1NhRjjp38e+faG0WK50hLS kmaOQ7OVpYxiDDsgW9Y2NNH3EeI+CKtEBpBw M6VWQQwecn2Nr02DeGSEp3Ckr6L4Ed7KWB46 19xyBuV86Cfp+XApNCpYOnVkpwSHVz1LswMq g6IX5MssFhw6s18Fo4FlalN0eQ1gE/lj ) ; Key ID = 12189 org. 900 IN DNSKEY 257 3 7 ( AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv +qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6 jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2T DNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZr M6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9C D/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL1 3h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/ sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpT P1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYw t1XhPVPU+wSIlzbaAQN49PU= ) ; Key ID = 21366 org. 900 IN DNSKEY 257 3 7 ( AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC 2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVV J+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc 4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrM DYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQ acbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebc gn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVW uhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopL JZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlx Aun3BtORPA2r8ti6MNoJEHU= ) ; Key ID = 9795 org. 900 IN DNSKEY 256 3 7 ( AwEAAXbaIlMinbM+VBcaLBcPd3PSxceMwZte v+p3bWa9SFYyOkHZkw5Ioqtpwthe9CnOY2C+ fZkYw3SumEhRgVsIZhijx2pX0fPHmef8iYt3 4X+HiWcGyCDynzzd98Kxh/mY1BqRpxj1EIgD 5ZjjWIe54UpKU+xjRGHJeJue2kaKF9ZF ) ; Key ID = 9992 org. 900 IN RRSIG DNSKEY 7 1 900 20120607155215 ( 20120517145215 9992 org. O/5Z8Abtzj8Pajf4bXmix0XULqMJj1gFMLM08rrV6Dlu9 vKA7dqRM0DZ1ZcQK6p+ft64NBZQ/GAu6p2bzN/46ViqW4 Oc2AcLK01AS6ge41nsIYvvhaUSNcq1HwiGXf2Di3C4PtI /UQLtTwJ7X3d1+qWlO0nRKdWhweYw4PHO7SQ= ) org. 900 IN RRSIG DNSKEY 7 1 900 20120607155215 ( 20120517145215 21366 org. MOckNxXfAarVgiB3Ems+7AXfKOWtaTnvqCzuJQ0qvOxHe qnlbvOD7lEIZ71o17Lnnjtw5gTWWmZiRxt8cROmgi1AoZ WJSprZh4xdxt8OvjgXmgq3ZBxxXe+sWVMmvWN/ZXary2Z sZ6SnhK1S6TQwFgpcQByNH/bM+dQlhcHiHKkrMwXtP9BZ PMo4b/1LEPGPY1nCib3MfQ5MTSMyL7uOjN7xtTshOkTAr ZT63fGed+0WLWdmzmLDmVPwkVmKgbaUOfWoz4B3YSCnrw EDU44HtQ7in4IBmomx//N0jGcHNg2BTq+GEJ6sg7jOHEi 5cVPWIfg4zAjYsti3ZQN734DnWA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x8000
	Found 4 DNSKEY records for org
	`org. 900 IN DNSKEY 256 3 7 ( AwEAAXiNTXYLtV1NhRjjp38e+faG0WK50hLS kmaOQ7OVpYxiDDsgW9Y2NNH3EeI+CKtEBpBw M6VWQQwecn2Nr02DeGSEp3Ckr6L4Ed7KWB46 19xyBuV86Cfp+XApNCpYOnVkpwSHVz1LswMq g6IX5MssFhw6s18Fo4FlalN0eQ1gE/lj ) ; Key ID = 12189`
	`org. 900 IN DNSKEY 257 3 7 ( AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv +qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6 jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2T DNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZr M6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9C D/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL1 3h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/ sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpT P1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYw t1XhPVPU+wSIlzbaAQN49PU= ) ; Key ID = 21366`
	`org. 900 IN DNSKEY 257 3 7 ( AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC 2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVV J+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc 4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrM DYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQ acbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebc gn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVW uhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopL JZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlx Aun3BtORPA2r8ti6MNoJEHU= ) ; Key ID = 9795`
	`org. 900 IN DNSKEY 256 3 7 ( AwEAAXbaIlMinbM+VBcaLBcPd3PSxceMwZte v+p3bWa9SFYyOkHZkw5Ioqtpwthe9CnOY2C+ fZkYw3SumEhRgVsIZhijx2pX0fPHmef8iYt3 4X+HiWcGyCDynzzd98Kxh/mY1BqRpxj1EIgD 5ZjjWIe54UpKU+xjRGHJeJue2kaKF9ZF ) ; Key ID = 9992`
	DNSKEY=21366/SEP is now in the chain-of-trust
	DS=21366/SHA1 verifies DNSKEY=21366/SEP
	DS=21366/SHA256 verifies DNSKEY=21366/SEP
	Found 2 RRSIGs over DNSKEY RRset
	`org. 900 IN RRSIG DNSKEY 7 1 900 20120607155215 ( 20120517145215 9992 org. O/5Z8Abtzj8Pajf4bXmix0XULqMJj1gFMLM08rrV6Dlu9 vKA7dqRM0DZ1ZcQK6p+ft64NBZQ/GAu6p2bzN/46ViqW4 Oc2AcLK01AS6ge41nsIYvvhaUSNcq1HwiGXf2Di3C4PtI /UQLtTwJ7X3d1+qWlO0nRKdWhweYw4PHO7SQ= )`
	`org. 900 IN RRSIG DNSKEY 7 1 900 20120607155215 ( 20120517145215 21366 org. MOckNxXfAarVgiB3Ems+7AXfKOWtaTnvqCzuJQ0qvOxHe qnlbvOD7lEIZ71o17Lnnjtw5gTWWmZiRxt8cROmgi1AoZ WJSprZh4xdxt8OvjgXmgq3ZBxxXe+sWVMmvWN/ZXary2Z sZ6SnhK1S6TQwFgpcQByNH/bM+dQlhcHiHKkrMwXtP9BZ PMo4b/1LEPGPY1nCib3MfQ5MTSMyL7uOjN7xtTshOkTAr ZT63fGed+0WLWdmzmLDmVPwkVmKgbaUOfWoz4B3YSCnrw EDU44HtQ7in4IBmomx//N0jGcHNg2BTq+GEJ6sg7jOHEi 5cVPWIfg4zAjYsti3ZQN734DnWA== )`
	RRSIG=9992 and DNSKEY=9992 verifies the DNSKEY RRset
	RRSIG=21366 and DNSKEY=21366/SEP verifies the DNSKEY RRset
	DNSKEY=12189 is now in the chain-of-trust
	DNSKEY=9795/SEP is now in the chain-of-trust
	DNSKEY=9992 is now in the chain-of-trust
	Query to c0.org.afilias-nst.info for dnssec-failed.org/A
	Received 598 bytes from 199.19.53.1
	;; Answer received from 199.19.53.1 (598 bytes) ;; HEADER SECTION ;; id = 28742 ;; qr = 1 opcode = QUERY aa = 0 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 10 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) dnssec-failed.org. 86400 IN NS dns102.comcast.org. dnssec-failed.org. 86400 IN NS dns105.comcast.org. dnssec-failed.org. 86400 IN NS dns104.comcast.org. dnssec-failed.org. 86400 IN NS dns101.comcast.org. dnssec-failed.org. 86400 IN NS dns103.comcast.org. dnssec-failed.org. 86400 IN DS 106 5 1 4f219dce274f820ea81ea1150638dabe21eb27fc ; xifod-cylos-vanyg-zabub-vupyc-vamac-hucyf-mekar-vimuv-rinez-sexex dnssec-failed.org. 86400 IN DS 106 5 2 ae3424c9b171af3b202203767e5703426130d76ef6847175f2eed355f86ef1ce ; xorif-gonis-nisyl-curif-rumad-dibel-kazuh-lubug-damyf-byhuk-vitem-gisol-husiv-vigeh-havik-vusos-vixix dnssec-failed.org. 86400 IN RRSIG DS 7 2 86400 20120607155215 ( 20120517145215 9992 org. O13e2BR8+/uWpJMx+BqOGmAYVIaghMeAXI742lj/QwG08 Iv2b2SyDoh7tVu3JW1nRvuCxrewayaL3MJi/ZdVT/c3D7 YAyyQSkKzkMGP/hjzFhHqWVlO9igSh4xCY3QQjxHW2YiS TpM02MTMvRWlm0H17jH7lQNVZIfKjBjTfVdo= ) ;; ADDITIONAL SECTION (10 records) dns101.comcast.org. 86400 IN A 68.87.29.164 dns101.comcast.org. 86400 IN AAAA 2001:558:1002:a:68:87:29:164 dns102.comcast.org. 86400 IN A 68.87.85.132 dns102.comcast.org. 86400 IN AAAA 2001:558:1004:7:68:87:85:132 dns103.comcast.org. 86400 IN A 68.87.76.228 dns103.comcast.org. 86400 IN AAAA 2001:558:1014:c:68:87:76:228 dns104.comcast.org. 86400 IN A 68.87.68.244 dns105.comcast.org. 86400 IN A 68.87.72.244 dns105.comcast.org. 86400 IN AAAA 2001:558:100e:5:68:87:72:244 ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x8000
	Query to a0.org.afilias-nst.info for dnssec-failed.org/DNSKEY
	Received 598 bytes from 199.19.56.1
	;; Answer received from 199.19.56.1 (598 bytes) ;; HEADER SECTION ;; id = 49968 ;; qr = 1 opcode = QUERY aa = 0 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 10 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) dnssec-failed.org. 86400 IN NS dns102.comcast.org. dnssec-failed.org. 86400 IN NS dns105.comcast.org. dnssec-failed.org. 86400 IN NS dns103.comcast.org. dnssec-failed.org. 86400 IN NS dns104.comcast.org. dnssec-failed.org. 86400 IN NS dns101.comcast.org. dnssec-failed.org. 86400 IN DS 106 5 2 ae3424c9b171af3b202203767e5703426130d76ef6847175f2eed355f86ef1ce ; xorif-gonis-nisyl-curif-rumad-dibel-kazuh-lubug-damyf-byhuk-vitem-gisol-husiv-vigeh-havik-vusos-vixix dnssec-failed.org. 86400 IN DS 106 5 1 4f219dce274f820ea81ea1150638dabe21eb27fc ; xifod-cylos-vanyg-zabub-vupyc-vamac-hucyf-mekar-vimuv-rinez-sexex dnssec-failed.org. 86400 IN RRSIG DS 7 2 86400 20120607155215 ( 20120517145215 9992 org. O13e2BR8+/uWpJMx+BqOGmAYVIaghMeAXI742lj/QwG08 Iv2b2SyDoh7tVu3JW1nRvuCxrewayaL3MJi/ZdVT/c3D7 YAyyQSkKzkMGP/hjzFhHqWVlO9igSh4xCY3QQjxHW2YiS TpM02MTMvRWlm0H17jH7lQNVZIfKjBjTfVdo= ) ;; ADDITIONAL SECTION (10 records) dns101.comcast.org. 86400 IN A 68.87.29.164 dns101.comcast.org. 86400 IN AAAA 2001:558:1002:a:68:87:29:164 dns102.comcast.org. 86400 IN A 68.87.85.132 dns102.comcast.org. 86400 IN AAAA 2001:558:1004:7:68:87:85:132 dns103.comcast.org. 86400 IN A 68.87.76.228 dns103.comcast.org. 86400 IN AAAA 2001:558:1014:c:68:87:76:228 dns104.comcast.org. 86400 IN A 68.87.68.244 dns105.comcast.org. 86400 IN A 68.87.72.244 dns105.comcast.org. 86400 IN AAAA 2001:558:100e:5:68:87:72:244 ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x8000
	Found child zone dnssec-failed.org

dnssec-failed.org

	Checking DS between org and dnssec-failed.org
	Query to c0.org.afilias-nst.info for dnssec-failed.org/DS
	Received 293 bytes from 199.19.53.1
	;; Answer received from 199.19.53.1 (293 bytes) ;; HEADER SECTION ;; id = 35886 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN DS ;; ANSWER SECTION (3 records) dnssec-failed.org. 86400 IN DS 106 5 2 ae3424c9b171af3b202203767e5703426130d76ef6847175f2eed355f86ef1ce ; xorif-gonis-nisyl-curif-rumad-dibel-kazuh-lubug-damyf-byhuk-vitem-gisol-husiv-vigeh-havik-vusos-vixix dnssec-failed.org. 86400 IN DS 106 5 1 4f219dce274f820ea81ea1150638dabe21eb27fc ; xifod-cylos-vanyg-zabub-vupyc-vamac-hucyf-mekar-vimuv-rinez-sexex dnssec-failed.org. 86400 IN RRSIG DS 7 2 86400 20120607155215 ( 20120517145215 9992 org. O13e2BR8+/uWpJMx+BqOGmAYVIaghMeAXI742lj/QwG08 Iv2b2SyDoh7tVu3JW1nRvuCxrewayaL3MJi/ZdVT/c3D7 YAyyQSkKzkMGP/hjzFhHqWVlO9igSh4xCY3QQjxHW2YiS TpM02MTMvRWlm0H17jH7lQNVZIfKjBjTfVdo= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x8000
	Found 2 DS records for dnssec-failed.org in the org zone
	Found 1 RRSIGs over DS RRset
	`dnssec-failed.org. 86400 IN RRSIG DS 7 2 86400 20120607155215 ( 20120517145215 9992 org. O13e2BR8+/uWpJMx+BqOGmAYVIaghMeAXI742lj/QwG08 Iv2b2SyDoh7tVu3JW1nRvuCxrewayaL3MJi/ZdVT/c3D7 YAyyQSkKzkMGP/hjzFhHqWVlO9igSh4xCY3QQjxHW2YiS TpM02MTMvRWlm0H17jH7lQNVZIfKjBjTfVdo= )`
	RRSIG=9992 and DNSKEY=9992 verifies the DS RRset
	DS=106/SHA256 is now in the chain-of-trust
	`dnssec-failed.org. 86400 IN DS 106 5 2 ae3424c9b171af3b202203767e5703426130d76ef6847175f2eed355f86ef1ce ; xorif-gonis-nisyl-curif-rumad-dibel-kazuh-lubug-damyf-byhuk-vitem-gisol-husiv-vigeh-havik-vusos-vixix`
	`dnssec-failed.org. 86400 IN DS 106 5 1 4f219dce274f820ea81ea1150638dabe21eb27fc ; xifod-cylos-vanyg-zabub-vupyc-vamac-hucyf-mekar-vimuv-rinez-sexex`
	Query to dns103.comcast.org for dnssec-failed.org/DNSKEY
	Received 1242 bytes from 68.87.76.228
	;; Answer received from 68.87.76.228 (1242 bytes) ;; HEADER SECTION ;; id = 49378 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 6 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN DNSKEY ;; ANSWER SECTION (4 records) dnssec-failed.org. 3600 IN DNSKEY 257 3 5 ( AwEAAb/f/pB/FLWoYp3j+HtldGkbUMT6caAw 2rej0DZkgXVFOKn4PWi3BYjCozjEqxeramt+ 9b1SMuOSJ8vGKWr0YKrfyfJigsVxpsMgJ7QW cxeMACjC/oM8BPjDFBby/CgQQE63nPVX2SfD WCRhEhTOnsPZpKJvq66IHF/w+3u0IpyeplQW vO+HJ9OQPOQrstM7d/IPa7yKEtqS2nhBT0GW X2/GYhT6oE7F4vc2VF9f6MjpB/pWPzkcx636 YaxG9P0QRBvzdD/Wztcbz1Scgxw5sUlIkQAz WV1mJfvXF+7NqzGcc94/kMt1VUzN2kYASRyn 1ALiFPfNLz4VMUvSw5fpNS0= ) ; Key ID = 29521 dnssec-failed.org. 3600 IN DNSKEY 256 3 5 ( AwEAAZh8jM2aRUz3vrysafR14itV/jUuLN27 T6h/WPFtqlji6HjWgz3DnxKdqWJZCUcGsCDT EM79Uu7qas/M8pEM0mmTcvh0nHEcVwcwHcMf 0t1IyF9c1YkLf7CTnkVFdHbVQeUzomlq52D9 ytEwCPDKvb7cCTeKckCA2+4CYSYyfeWR ) ; Key ID = 6060 dnssec-failed.org. 3600 IN RRSIG DNSKEY 5 2 3600 20120521181811 ( 20120514151311 6060 dnssec-failed.org. ZGsmR+xQiDEu9JD66ZCU1jirvzL6Fj/jJpR8+/7iWIFQ/ EIN9dMTKAH3X/Mls/aXmUb9e/rvWFZirtrhgxVQZyPw0T //LQustzRZg1fKMLaG5a8t7hr8im0iFsenlXZ8aHpxA9F vcyP3tHmg3Zg6aEE5nbwoD9eTyk3W4qn9tH4= ) dnssec-failed.org. 3600 IN RRSIG DNSKEY 5 2 3600 20140302151811 ( 20120312111811 29521 dnssec-failed.org. JV6znrMEHezl1ri3rDlzM6WpYeuLuKmhKgx623ma6Rmss aY7nTSwf2fuPWx1u5jtOFF+4jerll5J467HZPFUJ5A4wF Rm4qkB0mUHd1lfS4EOyocwIzIAzNMMxhqB3lEgJM3Cb3N 8H5NblRWpf8j07zPwUvmAh6kBm5WRyPEJIzdaXPEcHFzX rR6g1c565M2Rnqu6PXkjml3zxH4k6wpFyju55bMDjy2c6 OsDQsuvaZ88POF+qLH/0cCsSAF9NGM8IH4+jKGVlv3ZHr jYzIh5AIp758+7Dw+kUU/cntQqgpB2nkiu513z+Bw5o74 GL8E2Vo6WMssQi22T/Z0IawYYCw== ) ;; AUTHORITY SECTION (6 records) dnssec-failed.org. 7200 IN NS dns105.comcast.org. dnssec-failed.org. 7200 IN NS dns101.comcast.org. dnssec-failed.org. 7200 IN NS dns102.comcast.org. dnssec-failed.org. 7200 IN NS dns103.comcast.org. dnssec-failed.org. 7200 IN NS dns104.comcast.org. dnssec-failed.org. 7200 IN RRSIG NS 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FZQHKEfJukXz0mRwGbkvqdqV65uuc1q+oaDbSAvablRV/ IFmaZ/DDPdTLKCwwLOt+rCEqlcMmJsKngX6YqoVsWHpor Qqae8X3moiGleKND1b+IJls3q157QysDe86j4ZpOe5w70 r29D0l9cJMmiONFVuXDZinGgSkOq42qmZnMk= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	Found 2 DNSKEY records for dnssec-failed.org
	`dnssec-failed.org. 3600 IN DNSKEY 257 3 5 ( AwEAAb/f/pB/FLWoYp3j+HtldGkbUMT6caAw 2rej0DZkgXVFOKn4PWi3BYjCozjEqxeramt+ 9b1SMuOSJ8vGKWr0YKrfyfJigsVxpsMgJ7QW cxeMACjC/oM8BPjDFBby/CgQQE63nPVX2SfD WCRhEhTOnsPZpKJvq66IHF/w+3u0IpyeplQW vO+HJ9OQPOQrstM7d/IPa7yKEtqS2nhBT0GW X2/GYhT6oE7F4vc2VF9f6MjpB/pWPzkcx636 YaxG9P0QRBvzdD/Wztcbz1Scgxw5sUlIkQAz WV1mJfvXF+7NqzGcc94/kMt1VUzN2kYASRyn 1ALiFPfNLz4VMUvSw5fpNS0= ) ; Key ID = 29521`
	`dnssec-failed.org. 3600 IN DNSKEY 256 3 5 ( AwEAAZh8jM2aRUz3vrysafR14itV/jUuLN27 T6h/WPFtqlji6HjWgz3DnxKdqWJZCUcGsCDT EM79Uu7qas/M8pEM0mmTcvh0nHEcVwcwHcMf 0t1IyF9c1YkLf7CTnkVFdHbVQeUzomlq52D9 ytEwCPDKvb7cCTeKckCA2+4CYSYyfeWR ) ; Key ID = 6060`
	DS=106/SHA256 is published, but a corresponding DNSKEY is not
	None of the 2 DNSKEY records could be validated by any of the 2 DS records
	Found 2 RRSIGs over DNSKEY RRset
	`dnssec-failed.org. 3600 IN RRSIG DNSKEY 5 2 3600 20120521181811 ( 20120514151311 6060 dnssec-failed.org. ZGsmR+xQiDEu9JD66ZCU1jirvzL6Fj/jJpR8+/7iWIFQ/ EIN9dMTKAH3X/Mls/aXmUb9e/rvWFZirtrhgxVQZyPw0T //LQustzRZg1fKMLaG5a8t7hr8im0iFsenlXZ8aHpxA9F vcyP3tHmg3Zg6aEE5nbwoD9eTyk3W4qn9tH4= )`
	`dnssec-failed.org. 3600 IN RRSIG DNSKEY 5 2 3600 20140302151811 ( 20120312111811 29521 dnssec-failed.org. JV6znrMEHezl1ri3rDlzM6WpYeuLuKmhKgx623ma6Rmss aY7nTSwf2fuPWx1u5jtOFF+4jerll5J467HZPFUJ5A4wF Rm4qkB0mUHd1lfS4EOyocwIzIAzNMMxhqB3lEgJM3Cb3N 8H5NblRWpf8j07zPwUvmAh6kBm5WRyPEJIzdaXPEcHFzX rR6g1c565M2Rnqu6PXkjml3zxH4k6wpFyju55bMDjy2c6 OsDQsuvaZ88POF+qLH/0cCsSAF9NGM8IH4+jKGVlv3ZHr jYzIh5AIp758+7Dw+kUU/cntQqgpB2nkiu513z+Bw5o74 GL8E2Vo6WMssQi22T/Z0IawYYCw== )`
	RRSIG=6060 and DNSKEY=6060 verifies the DNSKEY RRset
	RRSIG=29521 and DNSKEY=29521/SEP verifies the DNSKEY RRset
	The DNSKEY RRset was not signed by any keys in the chain-of-trust
	Query to dns104.comcast.org for dnssec-failed.org/A
	Received 515 bytes from 68.87.68.244
	;; Answer received from 68.87.68.244 (515 bytes) ;; HEADER SECTION ;; id = 36028 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) dnssec-failed.org. 7200 IN SOA dns101.comcast.org. dnsadmin.comcast.net. ( 2010101519 ; Serial 900 ; Refresh 180 ; Retry 604800 ; Expire 7200 ) ; Minimum TTL dnssec-failed.org. 86400 IN RRSIG SOA 5 2 86400 20120521181811 ( 20120514151311 6060 dnssec-failed.org. Gy/VxMSt094s3AcIfaV0zGFJisDUo4plOAPBmprkyrhaz wsJlZFydFgoA7e6pDJOSl2q5xkEdWLjb8201Gh72BZ1zZ ALXE/jC/0933vv1NjSNp5UtqltG9QoFDIXsFxaNzz6D99 ybk5U+sBR54twQOyPH+yFFwIXkvybIu2mrTI= ) dnssec-failed.org. 7200 IN NSEC www.dnssec-failed.org. DNSKEY NS NSEC RRSIG SOA dnssec-failed.org. 7200 IN RRSIG NSEC 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FStvKdGOs/8KYQt3AkhYoot2FJIs8xgvjgBVI4rTiYRBw Y+F2kOvcO304vMtStSnThr5nJBJo5PYdkvSgfQtqpcCAi flIMgIfEmhF0frnAySZkTslPKOibfF6FH85tVYRT/kH8a KJRwNBP+c7VQmxng/BoYX31wB/XZsATre+vs= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	dnssec-failed.org is authoritative for dnssec-failed.org
	Found RRSIG signed by dnssec-failed.org zone
	Query to dns102.comcast.org for dnssec-failed.org/SOA
	Received 569 bytes from 68.87.85.132
	;; Answer received from 68.87.85.132 (569 bytes) ;; HEADER SECTION ;; id = 41 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 6 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN SOA ;; ANSWER SECTION (2 records) dnssec-failed.org. 86400 IN SOA dns101.comcast.org. dnsadmin.comcast.net. ( 2010101519 ; Serial 900 ; Refresh 180 ; Retry 604800 ; Expire 7200 ) ; Minimum TTL dnssec-failed.org. 86400 IN RRSIG SOA 5 2 86400 20120521181811 ( 20120514151311 6060 dnssec-failed.org. Gy/VxMSt094s3AcIfaV0zGFJisDUo4plOAPBmprkyrhaz wsJlZFydFgoA7e6pDJOSl2q5xkEdWLjb8201Gh72BZ1zZ ALXE/jC/0933vv1NjSNp5UtqltG9QoFDIXsFxaNzz6D99 ybk5U+sBR54twQOyPH+yFFwIXkvybIu2mrTI= ) ;; AUTHORITY SECTION (6 records) dnssec-failed.org. 7200 IN NS dns105.comcast.org. dnssec-failed.org. 7200 IN NS dns101.comcast.org. dnssec-failed.org. 7200 IN NS dns102.comcast.org. dnssec-failed.org. 7200 IN NS dns103.comcast.org. dnssec-failed.org. 7200 IN NS dns104.comcast.org. dnssec-failed.org. 7200 IN RRSIG NS 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FZQHKEfJukXz0mRwGbkvqdqV65uuc1q+oaDbSAvablRV/ IFmaZ/DDPdTLKCwwLOt+rCEqlcMmJsKngX6YqoVsWHpor Qqae8X3moiGleKND1b+IJls3q157QysDe86j4ZpOe5w70 r29D0l9cJMmiONFVuXDZinGgSkOq42qmZnMk= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	Query to dns105.comcast.org for dnssec-failed.org/SOA
	Received 569 bytes from 68.87.72.244
	;; Answer received from 68.87.72.244 (569 bytes) ;; HEADER SECTION ;; id = 54046 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 6 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN SOA ;; ANSWER SECTION (2 records) dnssec-failed.org. 86400 IN SOA dns101.comcast.org. dnsadmin.comcast.net. ( 2010101519 ; Serial 900 ; Refresh 180 ; Retry 604800 ; Expire 7200 ) ; Minimum TTL dnssec-failed.org. 86400 IN RRSIG SOA 5 2 86400 20120521181811 ( 20120514151311 6060 dnssec-failed.org. Gy/VxMSt094s3AcIfaV0zGFJisDUo4plOAPBmprkyrhaz wsJlZFydFgoA7e6pDJOSl2q5xkEdWLjb8201Gh72BZ1zZ ALXE/jC/0933vv1NjSNp5UtqltG9QoFDIXsFxaNzz6D99 ybk5U+sBR54twQOyPH+yFFwIXkvybIu2mrTI= ) ;; AUTHORITY SECTION (6 records) dnssec-failed.org. 7200 IN NS dns105.comcast.org. dnssec-failed.org. 7200 IN NS dns101.comcast.org. dnssec-failed.org. 7200 IN NS dns102.comcast.org. dnssec-failed.org. 7200 IN NS dns103.comcast.org. dnssec-failed.org. 7200 IN NS dns104.comcast.org. dnssec-failed.org. 7200 IN RRSIG NS 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FZQHKEfJukXz0mRwGbkvqdqV65uuc1q+oaDbSAvablRV/ IFmaZ/DDPdTLKCwwLOt+rCEqlcMmJsKngX6YqoVsWHpor Qqae8X3moiGleKND1b+IJls3q157QysDe86j4ZpOe5w70 r29D0l9cJMmiONFVuXDZinGgSkOq42qmZnMk= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	Query to dns101.comcast.org for dnssec-failed.org/SOA
	Received 569 bytes from 68.87.29.164
	;; Answer received from 68.87.29.164 (569 bytes) ;; HEADER SECTION ;; id = 12230 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 6 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN SOA ;; ANSWER SECTION (2 records) dnssec-failed.org. 86400 IN SOA dns101.comcast.org. dnsadmin.comcast.net. ( 2010101519 ; Serial 900 ; Refresh 180 ; Retry 604800 ; Expire 7200 ) ; Minimum TTL dnssec-failed.org. 86400 IN RRSIG SOA 5 2 86400 20120521181811 ( 20120514151311 6060 dnssec-failed.org. Gy/VxMSt094s3AcIfaV0zGFJisDUo4plOAPBmprkyrhaz wsJlZFydFgoA7e6pDJOSl2q5xkEdWLjb8201Gh72BZ1zZ ALXE/jC/0933vv1NjSNp5UtqltG9QoFDIXsFxaNzz6D99 ybk5U+sBR54twQOyPH+yFFwIXkvybIu2mrTI= ) ;; AUTHORITY SECTION (6 records) dnssec-failed.org. 7200 IN NS dns102.comcast.org. dnssec-failed.org. 7200 IN NS dns103.comcast.org. dnssec-failed.org. 7200 IN NS dns104.comcast.org. dnssec-failed.org. 7200 IN NS dns105.comcast.org. dnssec-failed.org. 7200 IN NS dns101.comcast.org. dnssec-failed.org. 7200 IN RRSIG NS 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FZQHKEfJukXz0mRwGbkvqdqV65uuc1q+oaDbSAvablRV/ IFmaZ/DDPdTLKCwwLOt+rCEqlcMmJsKngX6YqoVsWHpor Qqae8X3moiGleKND1b+IJls3q157QysDe86j4ZpOe5w70 r29D0l9cJMmiONFVuXDZinGgSkOq42qmZnMk= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	Query to dns104.comcast.org for dnssec-failed.org/SOA
	Received 569 bytes from 68.87.68.244
	;; Answer received from 68.87.68.244 (569 bytes) ;; HEADER SECTION ;; id = 10911 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 6 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN SOA ;; ANSWER SECTION (2 records) dnssec-failed.org. 86400 IN SOA dns101.comcast.org. dnsadmin.comcast.net. ( 2010101519 ; Serial 900 ; Refresh 180 ; Retry 604800 ; Expire 7200 ) ; Minimum TTL dnssec-failed.org. 86400 IN RRSIG SOA 5 2 86400 20120521181811 ( 20120514151311 6060 dnssec-failed.org. Gy/VxMSt094s3AcIfaV0zGFJisDUo4plOAPBmprkyrhaz wsJlZFydFgoA7e6pDJOSl2q5xkEdWLjb8201Gh72BZ1zZ ALXE/jC/0933vv1NjSNp5UtqltG9QoFDIXsFxaNzz6D99 ybk5U+sBR54twQOyPH+yFFwIXkvybIu2mrTI= ) ;; AUTHORITY SECTION (6 records) dnssec-failed.org. 7200 IN NS dns102.comcast.org. dnssec-failed.org. 7200 IN NS dns103.comcast.org. dnssec-failed.org. 7200 IN NS dns104.comcast.org. dnssec-failed.org. 7200 IN NS dns105.comcast.org. dnssec-failed.org. 7200 IN NS dns101.comcast.org. dnssec-failed.org. 7200 IN RRSIG NS 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FZQHKEfJukXz0mRwGbkvqdqV65uuc1q+oaDbSAvablRV/ IFmaZ/DDPdTLKCwwLOt+rCEqlcMmJsKngX6YqoVsWHpor Qqae8X3moiGleKND1b+IJls3q157QysDe86j4ZpOe5w70 r29D0l9cJMmiONFVuXDZinGgSkOq42qmZnMk= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	Query to dns103.comcast.org for dnssec-failed.org/SOA
	Received 569 bytes from 68.87.76.228
	;; Answer received from 68.87.76.228 (569 bytes) ;; HEADER SECTION ;; id = 35989 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 6 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN SOA ;; ANSWER SECTION (2 records) dnssec-failed.org. 86400 IN SOA dns101.comcast.org. dnsadmin.comcast.net. ( 2010101519 ; Serial 900 ; Refresh 180 ; Retry 604800 ; Expire 7200 ) ; Minimum TTL dnssec-failed.org. 86400 IN RRSIG SOA 5 2 86400 20120521181811 ( 20120514151311 6060 dnssec-failed.org. Gy/VxMSt094s3AcIfaV0zGFJisDUo4plOAPBmprkyrhaz wsJlZFydFgoA7e6pDJOSl2q5xkEdWLjb8201Gh72BZ1zZ ALXE/jC/0933vv1NjSNp5UtqltG9QoFDIXsFxaNzz6D99 ybk5U+sBR54twQOyPH+yFFwIXkvybIu2mrTI= ) ;; AUTHORITY SECTION (6 records) dnssec-failed.org. 7200 IN NS dns101.comcast.org. dnssec-failed.org. 7200 IN NS dns102.comcast.org. dnssec-failed.org. 7200 IN NS dns103.comcast.org. dnssec-failed.org. 7200 IN NS dns104.comcast.org. dnssec-failed.org. 7200 IN NS dns105.comcast.org. dnssec-failed.org. 7200 IN RRSIG NS 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FZQHKEfJukXz0mRwGbkvqdqV65uuc1q+oaDbSAvablRV/ IFmaZ/DDPdTLKCwwLOt+rCEqlcMmJsKngX6YqoVsWHpor Qqae8X3moiGleKND1b+IJls3q157QysDe86j4ZpOe5w70 r29D0l9cJMmiONFVuXDZinGgSkOq42qmZnMk= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	Query to dns104.comcast.org for dnssec-failed.org/A
	Received 515 bytes from 68.87.68.244
	;; Answer received from 68.87.68.244 (515 bytes) ;; HEADER SECTION ;; id = 2621 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) dnssec-failed.org. 7200 IN SOA dns101.comcast.org. dnsadmin.comcast.net. ( 2010101519 ; Serial 900 ; Refresh 180 ; Retry 604800 ; Expire 7200 ) ; Minimum TTL dnssec-failed.org. 86400 IN RRSIG SOA 5 2 86400 20120521181811 ( 20120514151311 6060 dnssec-failed.org. Gy/VxMSt094s3AcIfaV0zGFJisDUo4plOAPBmprkyrhaz wsJlZFydFgoA7e6pDJOSl2q5xkEdWLjb8201Gh72BZ1zZ ALXE/jC/0933vv1NjSNp5UtqltG9QoFDIXsFxaNzz6D99 ybk5U+sBR54twQOyPH+yFFwIXkvybIu2mrTI= ) dnssec-failed.org. 7200 IN NSEC www.dnssec-failed.org. DNSKEY NS NSEC RRSIG SOA dnssec-failed.org. 7200 IN RRSIG NSEC 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FStvKdGOs/8KYQt3AkhYoot2FJIs8xgvjgBVI4rTiYRBw Y+F2kOvcO304vMtStSnThr5nJBJo5PYdkvSgfQtqpcCAi flIMgIfEmhF0frnAySZkTslPKOibfF6FH85tVYRT/kH8a KJRwNBP+c7VQmxng/BoYX31wB/XZsATre+vs= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	Query to dns104.comcast.org for dnssec-failed.org/AAAA
	Received 515 bytes from 68.87.68.244
	;; Answer received from 68.87.68.244 (515 bytes) ;; HEADER SECTION ;; id = 8531 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN AAAA ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) dnssec-failed.org. 7200 IN SOA dns101.comcast.org. dnsadmin.comcast.net. ( 2010101519 ; Serial 900 ; Refresh 180 ; Retry 604800 ; Expire 7200 ) ; Minimum TTL dnssec-failed.org. 86400 IN RRSIG SOA 5 2 86400 20120521181811 ( 20120514151311 6060 dnssec-failed.org. Gy/VxMSt094s3AcIfaV0zGFJisDUo4plOAPBmprkyrhaz wsJlZFydFgoA7e6pDJOSl2q5xkEdWLjb8201Gh72BZ1zZ ALXE/jC/0933vv1NjSNp5UtqltG9QoFDIXsFxaNzz6D99 ybk5U+sBR54twQOyPH+yFFwIXkvybIu2mrTI= ) dnssec-failed.org. 7200 IN NSEC www.dnssec-failed.org. DNSKEY NS NSEC RRSIG SOA dnssec-failed.org. 7200 IN RRSIG NSEC 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FStvKdGOs/8KYQt3AkhYoot2FJIs8xgvjgBVI4rTiYRBw Y+F2kOvcO304vMtStSnThr5nJBJo5PYdkvSgfQtqpcCAi flIMgIfEmhF0frnAySZkTslPKOibfF6FH85tVYRT/kH8a KJRwNBP+c7VQmxng/BoYX31wB/XZsATre+vs= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	Query to dns104.comcast.org for dnssec-failed.org/MX
	Received 515 bytes from 68.87.68.244
	;; Answer received from 68.87.68.244 (515 bytes) ;; HEADER SECTION ;; id = 18013 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN MX ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) dnssec-failed.org. 7200 IN SOA dns101.comcast.org. dnsadmin.comcast.net. ( 2010101519 ; Serial 900 ; Refresh 180 ; Retry 604800 ; Expire 7200 ) ; Minimum TTL dnssec-failed.org. 86400 IN RRSIG SOA 5 2 86400 20120521181811 ( 20120514151311 6060 dnssec-failed.org. Gy/VxMSt094s3AcIfaV0zGFJisDUo4plOAPBmprkyrhaz wsJlZFydFgoA7e6pDJOSl2q5xkEdWLjb8201Gh72BZ1zZ ALXE/jC/0933vv1NjSNp5UtqltG9QoFDIXsFxaNzz6D99 ybk5U+sBR54twQOyPH+yFFwIXkvybIu2mrTI= ) dnssec-failed.org. 7200 IN NSEC www.dnssec-failed.org. DNSKEY NS NSEC RRSIG SOA dnssec-failed.org. 7200 IN RRSIG NSEC 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FStvKdGOs/8KYQt3AkhYoot2FJIs8xgvjgBVI4rTiYRBw Y+F2kOvcO304vMtStSnThr5nJBJo5PYdkvSgfQtqpcCAi flIMgIfEmhF0frnAySZkTslPKOibfF6FH85tVYRT/kH8a KJRwNBP+c7VQmxng/BoYX31wB/XZsATre+vs= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	Query to dns104.comcast.org for dnssec-failed.org/PTR
	Received 515 bytes from 68.87.68.244
	;; Answer received from 68.87.68.244 (515 bytes) ;; HEADER SECTION ;; id = 13892 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN PTR ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) dnssec-failed.org. 7200 IN SOA dns101.comcast.org. dnsadmin.comcast.net. ( 2010101519 ; Serial 900 ; Refresh 180 ; Retry 604800 ; Expire 7200 ) ; Minimum TTL dnssec-failed.org. 86400 IN RRSIG SOA 5 2 86400 20120521181811 ( 20120514151311 6060 dnssec-failed.org. Gy/VxMSt094s3AcIfaV0zGFJisDUo4plOAPBmprkyrhaz wsJlZFydFgoA7e6pDJOSl2q5xkEdWLjb8201Gh72BZ1zZ ALXE/jC/0933vv1NjSNp5UtqltG9QoFDIXsFxaNzz6D99 ybk5U+sBR54twQOyPH+yFFwIXkvybIu2mrTI= ) dnssec-failed.org. 7200 IN NSEC www.dnssec-failed.org. DNSKEY NS NSEC RRSIG SOA dnssec-failed.org. 7200 IN RRSIG NSEC 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FStvKdGOs/8KYQt3AkhYoot2FJIs8xgvjgBVI4rTiYRBw Y+F2kOvcO304vMtStSnThr5nJBJo5PYdkvSgfQtqpcCAi flIMgIfEmhF0frnAySZkTslPKOibfF6FH85tVYRT/kH8a KJRwNBP+c7VQmxng/BoYX31wB/XZsATre+vs= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	Query to dns104.comcast.org for dnssec-failed.org/TXT
	Received 515 bytes from 68.87.68.244
	;; Answer received from 68.87.68.244 (515 bytes) ;; HEADER SECTION ;; id = 13669 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN TXT ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) dnssec-failed.org. 7200 IN SOA dns101.comcast.org. dnsadmin.comcast.net. ( 2010101519 ; Serial 900 ; Refresh 180 ; Retry 604800 ; Expire 7200 ) ; Minimum TTL dnssec-failed.org. 86400 IN RRSIG SOA 5 2 86400 20120521181811 ( 20120514151311 6060 dnssec-failed.org. Gy/VxMSt094s3AcIfaV0zGFJisDUo4plOAPBmprkyrhaz wsJlZFydFgoA7e6pDJOSl2q5xkEdWLjb8201Gh72BZ1zZ ALXE/jC/0933vv1NjSNp5UtqltG9QoFDIXsFxaNzz6D99 ybk5U+sBR54twQOyPH+yFFwIXkvybIu2mrTI= ) dnssec-failed.org. 7200 IN NSEC www.dnssec-failed.org. DNSKEY NS NSEC RRSIG SOA dnssec-failed.org. 7200 IN RRSIG NSEC 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FStvKdGOs/8KYQt3AkhYoot2FJIs8xgvjgBVI4rTiYRBw Y+F2kOvcO304vMtStSnThr5nJBJo5PYdkvSgfQtqpcCAi flIMgIfEmhF0frnAySZkTslPKOibfF6FH85tVYRT/kH8a KJRwNBP+c7VQmxng/BoYX31wB/XZsATre+vs= ) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	Query to dns104.comcast.org for dnssec-failed.org/NS
	Received 336 bytes from 68.87.68.244
	;; Answer received from 68.87.68.244 (336 bytes) ;; HEADER SECTION ;; id = 64756 ;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0 ;; ra = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 6 nscount = 0 arcount = 1 ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN NS ;; ANSWER SECTION (6 records) dnssec-failed.org. 7200 IN NS dns101.comcast.org. dnssec-failed.org. 7200 IN NS dns102.comcast.org. dnssec-failed.org. 7200 IN NS dns103.comcast.org. dnssec-failed.org. 7200 IN NS dns104.comcast.org. dnssec-failed.org. 7200 IN NS dns105.comcast.org. dnssec-failed.org. 7200 IN RRSIG NS 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FZQHKEfJukXz0mRwGbkvqdqV65uuc1q+oaDbSAvablRV/ IFmaZ/DDPdTLKCwwLOt+rCEqlcMmJsKngX6YqoVsWHpor Qqae8X3moiGleKND1b+IJls3q157QysDe86j4ZpOe5w70 r29D0l9cJMmiONFVuXDZinGgSkOq42qmZnMk= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ; EDNS Version 0 UDP Packetsize: 4096 ; EDNS-RCODE: 0 (ONLY_RDATA) ; EDNS-FLAGS: 0x0000
	dnssec-failed.org NS RR has value dns101.comcast.org.
	dnssec-failed.org NS RR has value dns102.comcast.org.
	dnssec-failed.org NS RR has value dns103.comcast.org.
	dnssec-failed.org NS RR has value dns104.comcast.org.
	dnssec-failed.org NS RR has value dns105.comcast.org.
	Found 1 RRSIGs over NS RRset
	`dnssec-failed.org. 7200 IN RRSIG NS 5 2 7200 20120521181811 ( 20120514151311 6060 dnssec-failed.org. FZQHKEfJukXz0mRwGbkvqdqV65uuc1q+oaDbSAvablRV/ IFmaZ/DDPdTLKCwwLOt+rCEqlcMmJsKngX6YqoVsWHpor Qqae8X3moiGleKND1b+IJls3q157QysDe86j4ZpOe5w70 r29D0l9cJMmiONFVuXDZinGgSkOq42qmZnMk= )`
	RRSIG=6060 and DNSKEY=6060 verifies the NS RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test dnssec-failed.org at dnsviz.net.

DNSSEC Analyzer r47 2012-05-11 09:42:31

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: