DNSSEC Debugger - dnssec-failed.org

Domain Name:

Time: 2024-05-12 14:33:52 UTC

Analyzing DNSSEC problems for dnssec-failed.org

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to c.root-servers.net for ./DNSKEY
	Received 865 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 865 octets ;; HEADER SECTION ;; id = 25356 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (3 records) . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN DNSKEY ( 256 3 8 AwEAAZBALoOFImwcJJg9Iu7Vy7ZyLjhtXfvO1c9k4vHjOpf9i7U1kKtrBvhnwsOni1sb50gkUayR tMDTUQqvljMMf4bpkyEtcE5evCzhHbFLq1coL5QOix3mfJm++FvIMaAt52nOvAdqR/luuI11bA1A mSCIJKAUx147DcfOHYKg3as+dznn3Iah4cWBMVzDe7PPsFS1AO6gU8EpmiRJ9VMNA09fOyDuq9+d 6sw8UUnJRMAFAuPLhUFjUAOuWOw74BC9lOtMQpbLMz8pX0CDKdOXDHjyj61nxSSWxPdUjeoxI17l QTpSPRtqRHFn5Fgj2e+9BVwhhWGDQN8kUVSJHZtQiI0= ) ; Key ID = 5613 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20240601000000 20240511000000 20326 . OgCibhptSNJS9XS2WD2CXYw0HsdjPXn82iYAtzkE7ma1H2BfchG8nRnFZJ9fbrCjXAhDPnKCkuId 8cuJ2PGuLzy9Q3d4zIt7Ow5o8YkpKGEJB6uVi1BRauxVzKgH7u5QnKf8d1AlKFikFdBHHLaZ97XG ci02qRRm1jpe+aY4sLnKHx1kTJozHJp+Xaml/nCiS4AXrCxNyc4EH2/oraODfaewFIOQjpsAMeAw tPrccpst4ZL/9jmZUdRSs3IHwMk9gvSwpZI0YVBWZocKg96CmQQgq9NNNGhpI5gXXdbP++bu4myT GIx8wR1vjK7nau9GJK+76Bt4bc+1FIfpq4mbSg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for .
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAZBALoOFImwcJJg9Iu7Vy7ZyLjhtXfvO1c9k4vHjOpf9i7U1kKtrBvhnwsOni1sb50gkUayR tMDTUQqvljMMf4bpkyEtcE5evCzhHbFLq1coL5QOix3mfJm++FvIMaAt52nOvAdqR/luuI11bA1A mSCIJKAUx147DcfOHYKg3as+dznn3Iah4cWBMVzDe7PPsFS1AO6gU8EpmiRJ9VMNA09fOyDuq9+d 6sw8UUnJRMAFAuPLhUFjUAOuWOw74BC9lOtMQpbLMz8pX0CDKdOXDHjyj61nxSSWxPdUjeoxI17l QTpSPRtqRHFn5Fgj2e+9BVwhhWGDQN8kUVSJHZtQiI0= ) ; Key ID = 5613`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20240601000000 20240511000000 20326 . OgCibhptSNJS9XS2WD2CXYw0HsdjPXn82iYAtzkE7ma1H2BfchG8nRnFZJ9fbrCjXAhDPnKCkuId 8cuJ2PGuLzy9Q3d4zIt7Ow5o8YkpKGEJB6uVi1BRauxVzKgH7u5QnKf8d1AlKFikFdBHHLaZ97XG ci02qRRm1jpe+aY4sLnKHx1kTJozHJp+Xaml/nCiS4AXrCxNyc4EH2/oraODfaewFIOQjpsAMeAw tPrccpst4ZL/9jmZUdRSs3IHwMk9gvSwpZI0YVBWZocKg96CmQQgq9NNNGhpI5gXXdbP++bu4myT GIx8wR1vjK7nau9GJK+76Bt4bc+1FIfpq4mbSg== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=5613 is now in the chain-of-trust
	Query to d.root-servers.net for dnssec-failed.org/A
	Received 783 bytes from 199.7.91.13
	;; Response received from [199.7.91.13] 783 octets ;; HEADER SECTION ;; id = 6594 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 13 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1450, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) org. 172800 IN NS a0.org.afilias-nst.info. org. 172800 IN NS a2.org.afilias-nst.info. org. 172800 IN NS b0.org.afilias-nst.org. org. 172800 IN NS b2.org.afilias-nst.org. org. 172800 IN NS c0.org.afilias-nst.info. org. 172800 IN NS d0.org.afilias-nst.org. org. 86400 IN DS ( 26974 8 2 4fede294c53f438a158c41d39489cd78a86beb0d8a0aeaff14745c0d16e1de32 ) org. 86400 IN RRSIG ( DS 8 1 86400 20240525050000 20240512040000 5613 . Ojq0v65JS98pkHJrmqsnLOgZhYf33IiF8RsMnori9JSYXwi+bIh88YUYMZrtHfP5nIAyWdv5fxk/ ScdciiH0exzZ07pXkJSES/wwSRIyUR/H6ktZlBI+pIDtll/lKYvCWbMhLRTb/SkpybZRZbJDnytj ZExp+vC2RYqe889ucaINgHSV1w+ijfo+2d7CHnsMMsh+1NOalBsclm3AC8dLxi4/WcvzOd4FhJYN 1sjin9f2VZj5cjHHMuYn7nlRo7TMfH1JhN967XuCQY2Li1F3FdN1fBQyFD/u3K4SxBf90vWgTqjj 3rWPvJLIHLyO5AzKftavPUXVXLfLzMay1EsWNQ== ) ;; ADDITIONAL SECTION (13 records) a0.org.afilias-nst.info. 172800 IN A 199.19.56.1 a2.org.afilias-nst.info. 172800 IN A 199.249.112.1 b0.org.afilias-nst.org. 172800 IN A 199.19.54.1 b2.org.afilias-nst.org. 172800 IN A 199.249.120.1 c0.org.afilias-nst.info. 172800 IN A 199.19.53.1 d0.org.afilias-nst.org. 172800 IN A 199.19.57.1 a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e::1 a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40::1 b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c::1 b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48::1 c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b::1 d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f::1 ;; { "EDNS-VERSION": 0 }
	Query to b.root-servers.net for org/DNSKEY
	Received 811 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 811 octets ;; HEADER SECTION ;; id = 18906 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 13 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; org. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) org. 172800 IN NS a0.org.afilias-nst.info. org. 172800 IN NS a2.org.afilias-nst.info. org. 172800 IN NS b0.org.afilias-nst.org. org. 172800 IN NS b2.org.afilias-nst.org. org. 172800 IN NS c0.org.afilias-nst.info. org. 172800 IN NS d0.org.afilias-nst.org. org. 86400 IN DS ( 26974 8 2 4fede294c53f438a158c41d39489cd78a86beb0d8a0aeaff14745c0d16e1de32 ) org. 86400 IN RRSIG ( DS 8 1 86400 20240525050000 20240512040000 5613 . Ojq0v65JS98pkHJrmqsnLOgZhYf33IiF8RsMnori9JSYXwi+bIh88YUYMZrtHfP5nIAyWdv5fxk/ ScdciiH0exzZ07pXkJSES/wwSRIyUR/H6ktZlBI+pIDtll/lKYvCWbMhLRTb/SkpybZRZbJDnytj ZExp+vC2RYqe889ucaINgHSV1w+ijfo+2d7CHnsMMsh+1NOalBsclm3AC8dLxi4/WcvzOd4FhJYN 1sjin9f2VZj5cjHHMuYn7nlRo7TMfH1JhN967XuCQY2Li1F3FdN1fBQyFD/u3K4SxBf90vWgTqjj 3rWPvJLIHLyO5AzKftavPUXVXLfLzMay1EsWNQ== ) ;; ADDITIONAL SECTION (13 records) b0.org.afilias-nst.org. 172800 IN A 199.19.54.1 b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c::1 b2.org.afilias-nst.org. 172800 IN A 199.249.120.1 b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48::1 d0.org.afilias-nst.org. 172800 IN A 199.19.57.1 d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f::1 a0.org.afilias-nst.info. 172800 IN A 199.19.56.1 a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e::1 a2.org.afilias-nst.info. 172800 IN A 199.249.112.1 a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40::1 c0.org.afilias-nst.info. 172800 IN A 199.19.53.1 c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b::1 ;; { "EDNS-VERSION": 0 }
	Found child zone org

org

	Checking DS between . and org
	Query to b.root-servers.net for org/DS
	Received 367 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 367 octets ;; HEADER SECTION ;; id = 61181 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; org. IN DS ;; ANSWER SECTION (2 records) org. 86400 IN DS ( 26974 8 2 4fede294c53f438a158c41d39489cd78a86beb0d8a0aeaff14745c0d16e1de32 ) org. 86400 IN RRSIG ( DS 8 1 86400 20240525050000 20240512040000 5613 . Ojq0v65JS98pkHJrmqsnLOgZhYf33IiF8RsMnori9JSYXwi+bIh88YUYMZrtHfP5nIAyWdv5fxk/ ScdciiH0exzZ07pXkJSES/wwSRIyUR/H6ktZlBI+pIDtll/lKYvCWbMhLRTb/SkpybZRZbJDnytj ZExp+vC2RYqe889ucaINgHSV1w+ijfo+2d7CHnsMMsh+1NOalBsclm3AC8dLxi4/WcvzOd4FhJYN 1sjin9f2VZj5cjHHMuYn7nlRo7TMfH1JhN967XuCQY2Li1F3FdN1fBQyFD/u3K4SxBf90vWgTqjj 3rWPvJLIHLyO5AzKftavPUXVXLfLzMay1EsWNQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for org in the . zone
	DS=26974/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`org. 86400 IN RRSIG ( DS 8 1 86400 20240525050000 20240512040000 5613 . Ojq0v65JS98pkHJrmqsnLOgZhYf33IiF8RsMnori9JSYXwi+bIh88YUYMZrtHfP5nIAyWdv5fxk/ ScdciiH0exzZ07pXkJSES/wwSRIyUR/H6ktZlBI+pIDtll/lKYvCWbMhLRTb/SkpybZRZbJDnytj ZExp+vC2RYqe889ucaINgHSV1w+ijfo+2d7CHnsMMsh+1NOalBsclm3AC8dLxi4/WcvzOd4FhJYN 1sjin9f2VZj5cjHHMuYn7nlRo7TMfH1JhN967XuCQY2Li1F3FdN1fBQyFD/u3K4SxBf90vWgTqjj 3rWPvJLIHLyO5AzKftavPUXVXLfLzMay1EsWNQ== )`
	RRSIG=5613 and DNSKEY=5613 verifies the DS RRset
	DS=26974/SHA-256 is now in the chain-of-trust
	`org. 86400 IN DS ( 26974 8 2 4fede294c53f438a158c41d39489cd78a86beb0d8a0aeaff14745c0d16e1de32 )`
	Query to a0.org.afilias-nst.info for org/DNSKEY
	Received 895 bytes from 199.19.56.1
	;; Response received from [199.19.56.1] 895 octets ;; HEADER SECTION ;; id = 62126 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; org. IN DNSKEY ;; ANSWER SECTION (4 records) org. 3600 IN DNSKEY ( 257 3 8 AwEAAexZJ/1wfyNCxNPrTZizaG7UlibGhP+AyogR6bqjptKweEgE4gD8GxRQJkt+Fn5pCoNqzmm1 ZnEoKqvm93uOYtbKkYQDGH+W69J66MSKpgIyS+mT/4iaXn+lpb5o99l/sf7lHMa975O/fqN6aPUl l4hUbN2T1LHv6HzQuQCtNRJA8jHGwX5q0NMmh2Z+yaG6B9cISerje9l5L+ID2ydJ6zXquYteoIUv X2xzqnXCdHPSvD+oL6R/weW+tztdFS1hok/1z3tn5NzmcaOLll9nXniCozEpLFEGPswyvtphWgCY hI8bBTqhUsIwfIwLSBQTEg2oCX7sS5CbXg44OqwhIW8= ) ; Key ID = 26974 org. 3600 IN DNSKEY ( 256 3 8 AwEAAa+oGr6axy8Mt1NFEA5KoU9ZkKtD3U0A8XQwRwjoBtcrq0QP3I/GsZi3QMpKowUmLFkDVtqw bkY4qgzX/RQ7cZZVDO6ZqHorqtp0p50nlsY+Puq1phi5lroAMJfAQjXuh5Fp+sXtBQ/8ztwzJYpz wsIG88d+7vBK8uvAyJPyeMEd ) ; Key ID = 55149 org. 3600 IN DNSKEY ( 256 3 8 AwEAAa4FGs7OxYymiv/SIJcOjqjEBmUwW9tHJiKdAfQo4lwNrFUxZQGeOT30wDI8i1/GeeQg22VB SqQVZqe4qGUHbnT0XGlLIDKrBRXOARMymLwFPZszDiWf0jNAbFE+vF3OJbxWD2z95LOfC5QpLw7p YBNLcGSJZvjjnAeuq3/taU/j ) ; Key ID = 3093 org. 3600 IN RRSIG ( DNSKEY 8 1 3600 20240530152824 20240509142824 26974 org. t6vwvTdw0/xEIYULhUjp4XzRh83Y4fmhoYNQld2i2bv34HDw1ZZBlNDNuHnAr16uppF//sPa1mlq /u0P17qbnioBEKN60fbhVBxocvF0XL4OnZNE85dBAJyCZriRoKJPiXPCJ3057hSFvEBUrDli0afu 3JRtz3U3IDcE6Jkl7nwDzQYTQp3h6xo65lNwA6Agn0Kl5hK8QvDl9y0yUr7QJNUt+KjlvMjIgO+T Bp7hBSu8PpJ7WwLKtl2vuKJYgWnL/jDDUf6/q9CeHn7zH8LwY3l8GqHJn2idn/fnZwGTn0GIvoLy nzFv1D/uVeTFTod1Usf3hrWc1YjgB4ideF8yeQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for org
	`org. 3600 IN DNSKEY ( 257 3 8 AwEAAexZJ/1wfyNCxNPrTZizaG7UlibGhP+AyogR6bqjptKweEgE4gD8GxRQJkt+Fn5pCoNqzmm1 ZnEoKqvm93uOYtbKkYQDGH+W69J66MSKpgIyS+mT/4iaXn+lpb5o99l/sf7lHMa975O/fqN6aPUl l4hUbN2T1LHv6HzQuQCtNRJA8jHGwX5q0NMmh2Z+yaG6B9cISerje9l5L+ID2ydJ6zXquYteoIUv X2xzqnXCdHPSvD+oL6R/weW+tztdFS1hok/1z3tn5NzmcaOLll9nXniCozEpLFEGPswyvtphWgCY hI8bBTqhUsIwfIwLSBQTEg2oCX7sS5CbXg44OqwhIW8= ) ; Key ID = 26974`
	`org. 3600 IN DNSKEY ( 256 3 8 AwEAAa+oGr6axy8Mt1NFEA5KoU9ZkKtD3U0A8XQwRwjoBtcrq0QP3I/GsZi3QMpKowUmLFkDVtqw bkY4qgzX/RQ7cZZVDO6ZqHorqtp0p50nlsY+Puq1phi5lroAMJfAQjXuh5Fp+sXtBQ/8ztwzJYpz wsIG88d+7vBK8uvAyJPyeMEd ) ; Key ID = 55149`
	`org. 3600 IN DNSKEY ( 256 3 8 AwEAAa4FGs7OxYymiv/SIJcOjqjEBmUwW9tHJiKdAfQo4lwNrFUxZQGeOT30wDI8i1/GeeQg22VB SqQVZqe4qGUHbnT0XGlLIDKrBRXOARMymLwFPZszDiWf0jNAbFE+vF3OJbxWD2z95LOfC5QpLw7p YBNLcGSJZvjjnAeuq3/taU/j ) ; Key ID = 3093`
	DNSKEY=26974/SEP is now in the chain-of-trust
	DS=26974/SHA-256 verifies DNSKEY=26974/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`org. 3600 IN RRSIG ( DNSKEY 8 1 3600 20240530152824 20240509142824 26974 org. t6vwvTdw0/xEIYULhUjp4XzRh83Y4fmhoYNQld2i2bv34HDw1ZZBlNDNuHnAr16uppF//sPa1mlq /u0P17qbnioBEKN60fbhVBxocvF0XL4OnZNE85dBAJyCZriRoKJPiXPCJ3057hSFvEBUrDli0afu 3JRtz3U3IDcE6Jkl7nwDzQYTQp3h6xo65lNwA6Agn0Kl5hK8QvDl9y0yUr7QJNUt+KjlvMjIgO+T Bp7hBSu8PpJ7WwLKtl2vuKJYgWnL/jDDUf6/q9CeHn7zH8LwY3l8GqHJn2idn/fnZwGTn0GIvoLy nzFv1D/uVeTFTod1Usf3hrWc1YjgB4ideF8yeQ== )`
	RRSIG=26974 and DNSKEY=26974/SEP verifies the DNSKEY RRset
	DNSKEY=55149 is now in the chain-of-trust
	DNSKEY=3093 is now in the chain-of-trust
	Query to d0.org.afilias-nst.org for dnssec-failed.org/A
	Received 409 bytes from 199.19.57.1
	;; Response received from [199.19.57.1] 409 octets ;; HEADER SECTION ;; id = 45499 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) dnssec-failed.org. 3600 IN NS dns104.comcast.net. dnssec-failed.org. 3600 IN NS dns105.comcast.net. dnssec-failed.org. 3600 IN NS dns102.comcast.net. dnssec-failed.org. 3600 IN NS dns101.comcast.net. dnssec-failed.org. 3600 IN NS dns103.comcast.net. dnssec-failed.org. 3600 IN DS ( 106 5 2 ae3424c9b171af3b202203767e5703426130d76ef6847175f2eed355f86ef1ce ) dnssec-failed.org. 3600 IN DS ( 106 5 1 4f219dce274f820ea81ea1150638dabe21eb27fc ) dnssec-failed.org. 3600 IN RRSIG ( DS 8 2 3600 20240530152824 20240509142824 3093 org. WvRo0Fw7QFsX9py2dWMGHQ7FG+txRZeEFWxcnoO3MVH8jkFOk2/BYLkg6IBms1ARKX2PgsfHPLyK bCSjC0+GkaA6cYDHTwKOtv69O3HQ2iwOQacISSgvCWadQ6Th2h9KYT2n7m5y3NXtIXogSaDYiGWx lxsXgNm/aT/CajuHLyQ= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to d0.org.afilias-nst.org for dnssec-failed.org/DNSKEY
	Received 409 bytes from 199.19.57.1
	;; Response received from [199.19.57.1] 409 octets ;; HEADER SECTION ;; id = 4285 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) dnssec-failed.org. 3600 IN NS dns104.comcast.net. dnssec-failed.org. 3600 IN NS dns102.comcast.net. dnssec-failed.org. 3600 IN NS dns103.comcast.net. dnssec-failed.org. 3600 IN NS dns105.comcast.net. dnssec-failed.org. 3600 IN NS dns101.comcast.net. dnssec-failed.org. 3600 IN DS ( 106 5 2 ae3424c9b171af3b202203767e5703426130d76ef6847175f2eed355f86ef1ce ) dnssec-failed.org. 3600 IN DS ( 106 5 1 4f219dce274f820ea81ea1150638dabe21eb27fc ) dnssec-failed.org. 3600 IN RRSIG ( DS 8 2 3600 20240530152824 20240509142824 3093 org. WvRo0Fw7QFsX9py2dWMGHQ7FG+txRZeEFWxcnoO3MVH8jkFOk2/BYLkg6IBms1ARKX2PgsfHPLyK bCSjC0+GkaA6cYDHTwKOtv69O3HQ2iwOQacISSgvCWadQ6Th2h9KYT2n7m5y3NXtIXogSaDYiGWx lxsXgNm/aT/CajuHLyQ= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found child zone dnssec-failed.org

dnssec-failed.org

	Checking DS between org and dnssec-failed.org
	Query to a0.org.afilias-nst.info for dnssec-failed.org/DS
	Received 293 bytes from 199.19.56.1
	;; Response received from [199.19.56.1] 293 octets ;; HEADER SECTION ;; id = 19646 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN DS ;; ANSWER SECTION (3 records) dnssec-failed.org. 3600 IN DS ( 106 5 1 4f219dce274f820ea81ea1150638dabe21eb27fc ) dnssec-failed.org. 3600 IN DS ( 106 5 2 ae3424c9b171af3b202203767e5703426130d76ef6847175f2eed355f86ef1ce ) dnssec-failed.org. 3600 IN RRSIG ( DS 8 2 3600 20240530152824 20240509142824 3093 org. WvRo0Fw7QFsX9py2dWMGHQ7FG+txRZeEFWxcnoO3MVH8jkFOk2/BYLkg6IBms1ARKX2PgsfHPLyK bCSjC0+GkaA6cYDHTwKOtv69O3HQ2iwOQacISSgvCWadQ6Th2h9KYT2n7m5y3NXtIXogSaDYiGWx lxsXgNm/aT/CajuHLyQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DS records for dnssec-failed.org in the org zone
	DS=106/SHA-1 uses a deprecated digest algorithm
	DS=106/SHA-1 has algorithm RSASHA1
	DS=106/SHA-256 has algorithm RSASHA1
	Found 1 RRSIGs over DS RRset
	`dnssec-failed.org. 3600 IN RRSIG ( DS 8 2 3600 20240530152824 20240509142824 3093 org. WvRo0Fw7QFsX9py2dWMGHQ7FG+txRZeEFWxcnoO3MVH8jkFOk2/BYLkg6IBms1ARKX2PgsfHPLyK bCSjC0+GkaA6cYDHTwKOtv69O3HQ2iwOQacISSgvCWadQ6Th2h9KYT2n7m5y3NXtIXogSaDYiGWx lxsXgNm/aT/CajuHLyQ= )`
	RRSIG=3093 and DNSKEY=3093 verifies the DS RRset
	DS=106/SHA-1 is now in the chain-of-trust
	`dnssec-failed.org. 3600 IN DS ( 106 5 1 4f219dce274f820ea81ea1150638dabe21eb27fc )`
	`dnssec-failed.org. 3600 IN DS ( 106 5 2 ae3424c9b171af3b202203767e5703426130d76ef6847175f2eed355f86ef1ce )`
	Query to dns104.comcast.net for dnssec-failed.org/DNSKEY
	Received 952 bytes from 68.87.68.244
	;; Response received from [68.87.68.244] 952 octets ;; HEADER SECTION ;; id = 62915 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN DNSKEY ;; ANSWER SECTION (4 records) dnssec-failed.org. 3600 IN DNSKEY ( 257 3 5 AwEAAb/f/pB/FLWoYp3j+HtldGkbUMT6caAw2rej0DZkgXVFOKn4PWi3BYjCozjEqxeramt+9b1S MuOSJ8vGKWr0YKrfyfJigsVxpsMgJ7QWcxeMACjC/oM8BPjDFBby/CgQQE63nPVX2SfDWCRhEhTO nsPZpKJvq66IHF/w+3u0IpyeplQWvO+HJ9OQPOQrstM7d/IPa7yKEtqS2nhBT0GWX2/GYhT6oE7F 4vc2VF9f6MjpB/pWPzkcx636YaxG9P0QRBvzdD/Wztcbz1Scgxw5sUlIkQAzWV1mJfvXF+7NqzGc c94/kMt1VUzN2kYASRyn1ALiFPfNLz4VMUvSw5fpNS0= ) ; Key ID = 29521 dnssec-failed.org. 3600 IN DNSKEY ( 256 3 5 AwEAAewq/QcrsNX3C/nAAWyNY74f/q9Rb2dGLc3LOIkQBATwzIcDTDHNRjtRDxjquImNpoDKybI2 hZ2e8mNKvCK/F/QXV5LafLwSzscqwvzJxEGZUA+JuiGu6kq/8OjE6EEAdYlk4ztN6OWfwuqj4Zol BjKPXCPodYvhj8gl7kqpopqr ) ; Key ID = 44973 dnssec-failed.org. 3600 IN RRSIG ( DNSKEY 5 2 3600 20240521145115 20240504144615 44973 dnssec-failed.org. Ee2h5hKYp/csFAD4y6vuQJ5QIp/rX91betFdW8bMCkY8qMYAoSEh5YFctc15xSvXZgW7mDoC2Ift u8UpEyIQLgTubAIU9ekD9sIwwdrJ2R9BshtlY3F+ow5b+VLARP5RMHkwt7+J2QjadgZuja0SStov B30Ll4QC+pPcLjNyds0= ) dnssec-failed.org. 3600 IN RRSIG ( DNSKEY 5 2 3600 20240901145115 20240504105115 29521 dnssec-failed.org. J7N9OrbsofVrpNB+tbowd0ZripZ5YyMUNxOeOje2tZK9jMywyUTAf4mxyFezp9Wm3wrsPuXg48FB 8Z24hANCT9SG8sBp5+xkns3OXJLsWcFx4s6gvNRUssKsNXIpZTHFsbQILBm2zKhkfrIVtFb/S3Bx XxzItRslZqt0lIOV0FH3VtEbRVLhMebPRbkjSEVBkJzGncME4LXYX/U4qtJYCj4KyEXH1FVEjVHz KeKt84+7aVDz0Av82aEelH1HHJf8uqhuSdb3o/60GRG3vIJTGc6I1QODAkOKuGJzy+qCtKkkJtgW mIrcxiacYjEE4Y17jBXaCoJg1NimEkp08cTpRw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for dnssec-failed.org
	`dnssec-failed.org. 3600 IN DNSKEY ( 257 3 5 AwEAAb/f/pB/FLWoYp3j+HtldGkbUMT6caAw2rej0DZkgXVFOKn4PWi3BYjCozjEqxeramt+9b1S MuOSJ8vGKWr0YKrfyfJigsVxpsMgJ7QWcxeMACjC/oM8BPjDFBby/CgQQE63nPVX2SfDWCRhEhTO nsPZpKJvq66IHF/w+3u0IpyeplQWvO+HJ9OQPOQrstM7d/IPa7yKEtqS2nhBT0GWX2/GYhT6oE7F 4vc2VF9f6MjpB/pWPzkcx636YaxG9P0QRBvzdD/Wztcbz1Scgxw5sUlIkQAzWV1mJfvXF+7NqzGc c94/kMt1VUzN2kYASRyn1ALiFPfNLz4VMUvSw5fpNS0= ) ; Key ID = 29521`
	`dnssec-failed.org. 3600 IN DNSKEY ( 256 3 5 AwEAAewq/QcrsNX3C/nAAWyNY74f/q9Rb2dGLc3LOIkQBATwzIcDTDHNRjtRDxjquImNpoDKybI2 hZ2e8mNKvCK/F/QXV5LafLwSzscqwvzJxEGZUA+JuiGu6kq/8OjE6EEAdYlk4ztN6OWfwuqj4Zol BjKPXCPodYvhj8gl7kqpopqr ) ; Key ID = 44973`
	DS=106/SHA-1 is published, but a corresponding DNSKEY is not
	None of the 2 DNSKEY records could be validated by any of the 2 DS records
	Found 2 RRSIGs over DNSKEY RRset
	`dnssec-failed.org. 3600 IN RRSIG ( DNSKEY 5 2 3600 20240521145115 20240504144615 44973 dnssec-failed.org. Ee2h5hKYp/csFAD4y6vuQJ5QIp/rX91betFdW8bMCkY8qMYAoSEh5YFctc15xSvXZgW7mDoC2Ift u8UpEyIQLgTubAIU9ekD9sIwwdrJ2R9BshtlY3F+ow5b+VLARP5RMHkwt7+J2QjadgZuja0SStov B30Ll4QC+pPcLjNyds0= )`
	`dnssec-failed.org. 3600 IN RRSIG ( DNSKEY 5 2 3600 20240901145115 20240504105115 29521 dnssec-failed.org. J7N9OrbsofVrpNB+tbowd0ZripZ5YyMUNxOeOje2tZK9jMywyUTAf4mxyFezp9Wm3wrsPuXg48FB 8Z24hANCT9SG8sBp5+xkns3OXJLsWcFx4s6gvNRUssKsNXIpZTHFsbQILBm2zKhkfrIVtFb/S3Bx XxzItRslZqt0lIOV0FH3VtEbRVLhMebPRbkjSEVBkJzGncME4LXYX/U4qtJYCj4KyEXH1FVEjVHz KeKt84+7aVDz0Av82aEelH1HHJf8uqhuSdb3o/60GRG3vIJTGc6I1QODAkOKuGJzy+qCtKkkJtgW mIrcxiacYjEE4Y17jBXaCoJg1NimEkp08cTpRw== )`
	RRSIG=44973 and DNSKEY=44973 verifies the DNSKEY RRset
	RRSIG=29521 and DNSKEY=29521/SEP verifies the DNSKEY RRset
	The DNSKEY RRset was not signed by any trusted keys
	Query to dns103.comcast.net for dnssec-failed.org/A
	Received 239 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 239 octets ;; HEADER SECTION ;; id = 43042 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (2 records) dnssec-failed.org. 300 IN A 96.99.227.255 dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns103.comcast.net is authoritative for dnssec-failed.org
	Found RRSIG signed by dnssec-failed.org zone
	Query to dns101.comcast.net for dnssec-failed.org/SOA
	Received 294 bytes from 69.252.250.103
	;; Response received from [69.252.250.103] 294 octets ;; HEADER SECTION ;; id = 8369 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN SOA ;; ANSWER SECTION (2 records) dnssec-failed.org. 86400 IN SOA ( dns101.comcast.org. dnsadmin.comcast.net. 2010102409 ;serial 900 ;refresh 180 ;retry 604800 ;expire 7200 ;minimum ) dnssec-failed.org. 86400 IN RRSIG ( SOA 5 2 86400 20240521145115 20240504144615 44973 dnssec-failed.org. hqtyzHfweMJ2GNsHOCLymh9Kuq1RG1yr3E4GIvjUG6lNzyzpUiLJZEfOs4YM5dC7GayPT3ws1iKG 8rHW1sSTmpl+6zsw+7oGY5D/aG371sxhQswH3/BZmua/DYVEYG7LG1HbeDJ122JrpIsb02HT7rkD AsVOdBi2HhBiUC083Nc= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns105.comcast.net for dnssec-failed.org/SOA
	Received 294 bytes from 68.87.72.244
	;; Response received from [68.87.72.244] 294 octets ;; HEADER SECTION ;; id = 2254 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN SOA ;; ANSWER SECTION (2 records) dnssec-failed.org. 86400 IN SOA ( dns101.comcast.org. dnsadmin.comcast.net. 2010102409 ;serial 900 ;refresh 180 ;retry 604800 ;expire 7200 ;minimum ) dnssec-failed.org. 86400 IN RRSIG ( SOA 5 2 86400 20240521145115 20240504144615 44973 dnssec-failed.org. hqtyzHfweMJ2GNsHOCLymh9Kuq1RG1yr3E4GIvjUG6lNzyzpUiLJZEfOs4YM5dC7GayPT3ws1iKG 8rHW1sSTmpl+6zsw+7oGY5D/aG371sxhQswH3/BZmua/DYVEYG7LG1HbeDJ122JrpIsb02HT7rkD AsVOdBi2HhBiUC083Nc= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns102.comcast.net for dnssec-failed.org/SOA
	Received 294 bytes from 68.87.85.132
	;; Response received from [68.87.85.132] 294 octets ;; HEADER SECTION ;; id = 35578 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN SOA ;; ANSWER SECTION (2 records) dnssec-failed.org. 86400 IN SOA ( dns101.comcast.org. dnsadmin.comcast.net. 2010102409 ;serial 900 ;refresh 180 ;retry 604800 ;expire 7200 ;minimum ) dnssec-failed.org. 86400 IN RRSIG ( SOA 5 2 86400 20240521145115 20240504144615 44973 dnssec-failed.org. hqtyzHfweMJ2GNsHOCLymh9Kuq1RG1yr3E4GIvjUG6lNzyzpUiLJZEfOs4YM5dC7GayPT3ws1iKG 8rHW1sSTmpl+6zsw+7oGY5D/aG371sxhQswH3/BZmua/DYVEYG7LG1HbeDJ122JrpIsb02HT7rkD AsVOdBi2HhBiUC083Nc= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns104.comcast.net for dnssec-failed.org/SOA
	Received 294 bytes from 68.87.68.244
	;; Response received from [68.87.68.244] 294 octets ;; HEADER SECTION ;; id = 21373 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN SOA ;; ANSWER SECTION (2 records) dnssec-failed.org. 86400 IN SOA ( dns101.comcast.org. dnsadmin.comcast.net. 2010102409 ;serial 900 ;refresh 180 ;retry 604800 ;expire 7200 ;minimum ) dnssec-failed.org. 86400 IN RRSIG ( SOA 5 2 86400 20240521145115 20240504144615 44973 dnssec-failed.org. hqtyzHfweMJ2GNsHOCLymh9Kuq1RG1yr3E4GIvjUG6lNzyzpUiLJZEfOs4YM5dC7GayPT3ws1iKG 8rHW1sSTmpl+6zsw+7oGY5D/aG371sxhQswH3/BZmua/DYVEYG7LG1HbeDJ122JrpIsb02HT7rkD AsVOdBi2HhBiUC083Nc= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns103.comcast.net for dnssec-failed.org/A
	Received 239 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 239 octets ;; HEADER SECTION ;; id = 6983 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (2 records) dnssec-failed.org. 300 IN A 96.99.227.255 dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dnssec-failed.org A RR has value 96.99.227.255
	Found 1 RRSIGs over A RRset
	`dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= )`
	RRSIG=44973 and DNSKEY=44973 verifies the A RRset

dnssec-failed.org

	Query to dns104.comcast.net for dnssec-failed.org/A
	Received 239 bytes from 68.87.68.244
	;; Response received from [68.87.68.244] 239 octets ;; HEADER SECTION ;; id = 26294 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (2 records) dnssec-failed.org. 300 IN A 96.99.227.255 dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns104.comcast.net is authoritative for dnssec-failed.org
	Found RRSIG signed by dnssec-failed.org zone
	Query to dns104.comcast.net for dnssec-failed.org/A
	Received 239 bytes from 68.87.68.244
	;; Response received from [68.87.68.244] 239 octets ;; HEADER SECTION ;; id = 15586 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (2 records) dnssec-failed.org. 300 IN A 96.99.227.255 dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dnssec-failed.org A RR has value 96.99.227.255
	Found 1 RRSIGs over A RRset
	`dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= )`
	RRSIG=44973 and DNSKEY=44973 verifies the A RRset

dnssec-failed.org

	Query to dns102.comcast.net for dnssec-failed.org/A
	Received 239 bytes from 68.87.85.132
	;; Response received from [68.87.85.132] 239 octets ;; HEADER SECTION ;; id = 59304 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (2 records) dnssec-failed.org. 300 IN A 96.99.227.255 dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns102.comcast.net is authoritative for dnssec-failed.org
	Found RRSIG signed by dnssec-failed.org zone
	Query to dns102.comcast.net for dnssec-failed.org/A
	Received 239 bytes from 68.87.85.132
	;; Response received from [68.87.85.132] 239 octets ;; HEADER SECTION ;; id = 5695 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (2 records) dnssec-failed.org. 300 IN A 96.99.227.255 dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dnssec-failed.org A RR has value 96.99.227.255
	Found 1 RRSIGs over A RRset
	`dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= )`
	RRSIG=44973 and DNSKEY=44973 verifies the A RRset

dnssec-failed.org

	Query to dns105.comcast.net for dnssec-failed.org/A
	Received 239 bytes from 68.87.72.244
	;; Response received from [68.87.72.244] 239 octets ;; HEADER SECTION ;; id = 52113 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (2 records) dnssec-failed.org. 300 IN A 96.99.227.255 dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns105.comcast.net is authoritative for dnssec-failed.org
	Found RRSIG signed by dnssec-failed.org zone
	Query to dns105.comcast.net for dnssec-failed.org/A
	Received 239 bytes from 68.87.72.244
	;; Response received from [68.87.72.244] 239 octets ;; HEADER SECTION ;; id = 2531 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (2 records) dnssec-failed.org. 300 IN A 96.99.227.255 dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dnssec-failed.org A RR has value 96.99.227.255
	Found 1 RRSIGs over A RRset
	`dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= )`
	RRSIG=44973 and DNSKEY=44973 verifies the A RRset

dnssec-failed.org

	Query to dns101.comcast.net for dnssec-failed.org/A
	Received 239 bytes from 69.252.250.103
	;; Response received from [69.252.250.103] 239 octets ;; HEADER SECTION ;; id = 10344 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (2 records) dnssec-failed.org. 300 IN A 96.99.227.255 dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns101.comcast.net is authoritative for dnssec-failed.org
	Found RRSIG signed by dnssec-failed.org zone
	Query to dns101.comcast.net for dnssec-failed.org/A
	Received 239 bytes from 69.252.250.103
	;; Response received from [69.252.250.103] 239 octets ;; HEADER SECTION ;; id = 60572 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; dnssec-failed.org. IN A ;; ANSWER SECTION (2 records) dnssec-failed.org. 300 IN A 96.99.227.255 dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dnssec-failed.org A RR has value 96.99.227.255
	Found 1 RRSIGs over A RRset
	`dnssec-failed.org. 300 IN RRSIG ( A 5 2 300 20240521145115 20240504144615 44973 dnssec-failed.org. pNkwjz+XFISqHZutCZ1ks/5xiXEnHfDSzHvEuvvu+noFPQ/hlFq64HI6e02UlxuDISctyX1BDtEq yH3vwMDj5tGsaRER7oAZjCFRvAFAXMahs8wKDIDGOuVm9h+J5Crtxpk/A3CgjUnq9w3GXeEAGeHQ ckvBDZps0d5pM+XPsKE= )`
	RRSIG=44973 and DNSKEY=44973 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test dnssec-failed.org at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: