Authoritative answers can be found from:nslookup 9.11.36-RedHat-9.11.36-16.el8_10.2 nslookup [-opt ...] # interactive mode using default server nslookup [-opt ...] - server # interactive mode using 'server' nslookup [-opt ...] host # just look up 'host' using default server nslookup [-opt ...] host server # just look up 'host' using 'server' done, and starting to shut down(search_list).tail == (search)(search_list).head == (search)(search_list).head != (search)(search_list).tail != (search)lookold->ednsopts[i].value != ((void *)0)memory allocation failure in %s:%d(lookup->connecting).tail == (query)(lookup->connecting).head == (query)(lookup->connecting).head != (query)(lookup->connecting).tail != (query)(query->recvlist).tail == (&query->recvbuf)(query->recvlist).head == (&query->recvbuf)(query->recvlist).head != (&query->recvbuf)(query->recvlist).tail != (&query->recvbuf)(query->lengthlist).tail == (&query->lengthbuf)(query->lengthlist).head == (&query->lengthbuf)(query->lengthlist).head != (&query->lengthbuf)(query->lengthlist).tail != (&query->lengthbuf)query->recvspace != ((void *)0)Bad ACE string '%s' (%s), use +noidnout'%s' is not a legal IDNA2008 name (%s), use +noidnoutCannot represent '%s' in the current locale nor ascii (%s), use +noidnout or a different locale;; Warning: cannot represent '%s' in the current localeencoded ASC string is too long'%s' is not a legal IDN name (%s), use +noidninmsg->cc_ok == 0 && msg->cc_bad == 0;; Warning: Client COOKIE mismatch;; Warning: COOKIE bad token (too short)isc_buffer_reserve(&_tmp, 1) == ISC_R_SUCCESSisc_buffer_availablelength(&hexbuf) >= 1Ucouldn't get address for '%s': %sbefore insertion, init@%p -> %p, new@%p -> %pafter insertion, init -> %p, new = %p, new -> %pisc_buffer_reserve(&_tmp, _length) == ISC_R_SUCCESSisc_buffer_availablelength(namebuf) >= _length;; Couldn't create key %s: %s sap != ((void *)0) && *sap == ((void *)0)invalid prefix length in '%s': %s ;; Warning, ignoring invalid TSIG algorithm %s key must have algorithm and secret;; Couldn't create key %s: bad algorithm Couldn't read key from %s: %s unable to generate cookie secretcan't find either v4 or v6 networkingfreeing server %p belonging to %p(lookup->my_server_list).tail == ((dig_server_t *)ptr)(lookup->my_server_list).head == ((dig_server_t *)ptr)(lookup->my_server_list).head != ((dig_server_t *)ptr)(lookup->my_server_list).tail != ((dig_server_t *)ptr)convert textname to IDN encodingconvert origin to IDN encoding'%s' is not in legal name syntax (%s)dns_name_isabsolute(lookup->name)starting to render the messageisc_buffer_availablelength(&b) >= (unsigned int) (unsigned)addrli + lookup->ednsoptscnt <= (100U + 5)create query %p linked to lookup %pcouldn't get address for '%s': %s (lookup->my_server_list).tail == (srv)(lookup->my_server_list).head == (srv)(lookup->my_server_list).head != (srv)(lookup->my_server_list).tail != (srv)canceling pending query %p, belonging to %pcanceling connecting query %p, belonging to %pError in the queried type: %d
Launch a query to find a RRset of type (lookup_list).tail == (current_lookup)(lookup_list).head != (current_lookup)(lookup_list).tail != (current_lookup) ;; No trusted key, +sigchase option is disabled isn't a subdomain of any Trusted Keys: +sigchase option is disableignoring launch_next_query because !pendingisc_buffer_reserve(&_tmp, 2) == ISC_R_SUCCESSisc_buffer_availablelength(&query->slbuf) >= 2Usending a request in launch_next_queryisc_time_now((&query->time_sent)) == 0;; Skipping mapped address '%s' event->ev_type == (((2) << 16) + 4);; Connection to %s(%s) for %s failed: %s. event->ev_type == (((2) << 16) + 1)(sevent->bufferlist).tail == (b)(sevent->bufferlist).head == (b)(sevent->bufferlist).head != (b)(sevent->bufferlist).tail != (b);; communications error to %s: %s ((query->recvlist).head == ((void *)0))recving with lookup=%p, query=%presubmitted recv request with length %d, recvcount=%dworking on lookup %p, query %precving with lookup=%p, query=%p, sock=%pevent->ev_type == (((1) << 16) + 2)resending UDP request to first servermaking new TCP request, %d tries left;; connection timed out; no servers could be reachedevent->ev_type == (((2) << 16) + 2)((lookup_list).head) == ((void *)0)((pthread_mutex_destroy(((&lookup_lock))) == 0) ? 0 : 34) == 0Destroy the messages kept for sigchaserdata.type == ((dns_rdatatype_t)dns_rdatatype_dnskey);; Ok, find a Trusted Key in the DNSKEY RRset: %d keyrdata.type == ((dns_rdatatype_t)dns_rdatatype_dnskey)Oops: impossible to build new DS rdata;; OK a DS valids a DNSKEY in the RRset;; Now verify that this DNSKEY validates the DNSKEY RRset;; This DS is NOT the DS for the chasing KEY: FAILED Launch a query to find a RRset of type ;; NS RRset is missing to continue validation: FAILED chase_nsrdataset != ((void *)0) ;; No Answers: Validation FAILED
;; RRSIG is missing for continue validation: FAILED
;; RRSIG of the RRset to chase:chase_sigrdataset != ((void *)0) ;; DNSKEY is missing to continue validation: FAILED
;; DNSKEYset that signs the RRset to chase:chase_keyrdataset != ((void *)0) ;; RRSIG for DNSKEY is missing to continue validation : FAILED
;; RRSIG of the DNSKEYset that signs the RRset to chase:chase_sigkeyrdataset != ((void *)0) ;; WARNING There is no DS for the zone: ;; WARNING : NO RRSIG DS : RRSIG DS should come with DS ;; RRSIG of the DSset of the DNSKEYset;; nothing in authority section : impossible to validate the non-existence : FAILEDThere is a NSEC for this zone in the AUTHORITY section:;; no RRSIG NSEC in authority section: impossible to validate the non-existence: FAILEDOK the NSEC said that the type doesn't exist There isn't RRSIG NSEC for the zone We want to prove the non-existence of a type of rdata %d or of the zone: We have a NSEC for this zone :OKprove_nx: OK type does not existthere is no NSEC for this zone: validating that the zone doesn't existno answer or authority sectionno response but there is a delegation in authority section: no response and no delegation in authority section but a reference to: ;; RRSIG of DNSKEY is missing to continue validation: FAILED chase_dsrdataset != ((void *)0)chase_sigdsrdataset != ((void *)0) ;; chain of trust can't be validated: FAILED
;; RRset is missing to continue validation SHOULD NOT APPEND: FAILED
;; RRSIG is missing to continue validation SHOULD NOT APPEND: FAILED
;; We are in a Grand Father Problem: See 2.2.1 in RFC 3658;; and we try to continue chain of trust validation of the zone: ;;NSset is missing to continue validation: FAILED
;; DSset is missing to continue validation: FAILED
;; Impossible to verify the DSset: FAILED
;; Impossible to verify the non-existence, the NSEC RRset can't be validated: FAILED
;; Impossible to verify the NSEC RR to prove the non-existence : FAILED
;; Impossible to verify the non-existence: FAILED
;; OK the query doesn't have response but we have validate this fact : SUCCESS
;; RRsig of RRset is missing to continue validation SHOULD NOT APPEND: FAILED
;; Impossible to verify the RRset : FAILED
;; FINISH : we have validate the DNSSEC chain of trust: SUCCESS
;; Impossible to verify the Non-existence, the NSEC RRset can't be validated: FAILED
No Answers and impossible to prove the unsecurity : Validation FAILED ;; An NSEC prove the non-existence of a answers, Now we want validate this NSEC
;; WE HAVE MATERIAL, WE NOW DO VALIDATION;; No DNSKEY is valid to check the RRSIG of the RRset: FAILED;; OK We found DNSKEY (or more) to validate the RRset ;; Ok this DNSKEY is a Trusted Key, DNSSEC validation is ok: SUCCESS ;; Now, we are going to validate this DNSKEY by the DS;; the DNSKEY isn't trusted-key and there isn't DS to validate the DNSKEY: FAILED;; ERROR no DS validates a DNSKEY in the DNSKEY RRset: FAILED;; OK this DNSKEY (validated by the DS) validates the RRset of the DNSKEYs, thus the DNSKEY validates the RRset;; Now, we want to validate the DS : recursive callisc_time_now((&query->time_recv)) == 0(sevent->bufferlist).tail == (&query->recvbuf)(sevent->bufferlist).head == (&query->recvbuf)(sevent->bufferlist).head != (&query->recvbuf)(sevent->bufferlist).tail != (&query->recvbuf);; reply from unexpected source: %s, expected %s ;; %s: ID mismatch: expected ID %u, got %u ;; ERROR: short (< header size) message;; Warning: ID mismatch: expected ID %u, got %u ;; Warning: short (< header size) message received;; Warning: query response not set;; Warning: Message parser reports malformed message packet.;; Warning: Opcode mismatch: expected %s, got %s;; Question section mismatch: got %s/%s/%s ;; BADVERS, retrying with EDNS version %u. ;; Truncated, retrying in TCP mode.;; Got %s from %s, trying next server ;; Couldn't verify signature: %s ;; expected opt record in responseMemory allocation failure in %s:%d; Transfer failed. Didn't start with SOA answer.../../../bin/dig/dighost.cinvalid %s '%s': %s %s: out of memoryisc_time_now((&t)) == 0%u.%06u: query != ((void *)0)clear_query(%p)send_done not yet called(lookup->q).tail == (query)(lookup->q).head == (query)(lookup->q).head != (query)(lookup->q).tail != (query)sockcount=%demptyfullcheck_if_done()list %ssockcount == 0recvcount == 0shutting downcancel_lookup()force_timeout ()isc_event_allocate: %sfrom string is too longACE string is too long%s: %sisc_hex_decodestringisc_hex_totextbringup_timer()have local timeout of %disc_timer_createservname != ((void *)0)make_server(%s)copy_server_list()%%%uflush_server_list()(server_list).tail == (ps)(server_list).head == (ps)(server_list).head != (ps)(server_list).tail != (ps)clone_server_list()make_empty_lookup()!free_nowIDN_DISABLEASCIICHARSETclone_lookup()looknew != ((void *)0)requeue_lookup()too many lookupsnext_origin()following up %ssetup_text_key()dns_name_initcouldn't parse digest bitsinvalid prefix '%s' .0invalid address '%s'hmac != ((void *)0)unknown key type '%.*s'hmac-md5hmac-md5-digest-bits [0..128]hmac-sha1hmac-sha1-digest-bits [0..160]hmac-sha224hmac-sha224-digest-bits [0..224]hmac-sha256hmac-sha256-digest-bits [0..256]hmac-sha384hmac-sha384-digest-bits [0..384]hmac-sha512hmac-sha512-digest-bits [0..512]setup_file_key()secretalgorithmsetup_system()can't find IPv4 networkingcan't find IPv6 networkinglwres_context_create failed/etc/resolv.confparse of %s failedcreate_search_list()verbose is onndots is %d.tries is %d.timeout is %d.127.0.0.1add_nameserver failed::1dns_name_settotextfiltersetup_libs()isc_mem_createdigisc_log_createdefault_debugisc_log_usechannelisc_taskmgr_createisc_task_createisc_timermgr_createisc_socketmgr_createisc_entropy_createdst_lib_initisc_mempool_createCOMMPOOLisc_mutex_inittoo many ednsoptsednsoptbad edns code point: %sdestroyfreeing buffer %plookup != ((void *)0)try_clear_lookup(%p)query to %s still pendingquery to %s still connectingsetup_lookup(%p)dns_message_createresetting lookup counter.cloning server listdns_message_gettempnameidn_textname: %strying origin %strying idn origin %susing root origin'%s' is not a legal name (%s)recursive queryAA queryAD queryCD queryZ queryadd_question()dns_message_gettemprdataset()insert_soa()dns_message_gettemprdataisc_rdata_fromstructdns_message_gettemprdatalistdns_message_gettemprdatasetinitializing keysdns_message_settsigkeydns_compress_initdns_message_renderbeginplen == 0plen <= 32plen <= 128add_opt()dns_message_buildoptdns_message_setoptdns_message_rendersectiondns_message_renderenddone rendering;; QUERY SIZE: %u
count == 1found NS set;; BAD (HORIZONTAL) REFERRAL;; BAD REFERRALfound NS %sadding server %si > 0cancel_all()isc_mutex_locksuccessunlock_lookup %s:%disc_mutex_unlock(lookup_list).tail == (l)(lookup_list).head == (l)(lookup_list).head != (l)(lookup_list).tail != (l)print_typeempty rdatasetsigrdata tostruct siginfodns_name_totext for zone: %s /etc/trusted-key.key./trusted-key.key ;; ERROR : is not a subdomain of: FAILED empty RRSIG datasetstr != ((void *)0)nameFromStringstart_lookup()current_lookup == ((void *)0) ;; The queried zone: check_next_lookup(%p)still have a workerlaunch_next_query()sockcount >= 0isc_socket_recvvrecvcount=%disc_socket_sendvsendcount=%dsend_tcp_connect(%p);; No acceptable nameserversquery->sock == ((void *)0)isc_socket_createisc_socket_bindisc_socket_connectsending next, since searching(l->q).tail == (query)(l->q).head == (query)(l->q).head != (query)(l->q).tail != (query)connect_done()query->waiting_connectin cancel handlersockcount > 0unsuccessful connection: %stcp_length_done()recvcount >= 0b == &query->lengthbufsend_udp(%p)sending a requestquery->sock != ((void *)0)isc_socket_sendtovdo_lookup()connect_timeout()trying next server...send_done()sendcount >= 0destroy_libs()freeing taskfreeing taskmgrsendcount == 0freeing commctxfreeing socketmgrfreeing timermgrfreeing key %pdestroy DST libdetach from entropychase_msg->msg != ((void *)0)Removing log contextDestroy memorydns_name_dupempty DS dataset;; VERIFYING RRset for with DNSKEY:%d: %s dns_dnssec_keyfromrdataempty DNSKEY datasetempty DSset datasetdns_rdata_tostruct for DSempty KEY datasetns name: %s for zone: %s with nameservers:;; NO ANSWERS: %s ;; RRset to chase:chase_rdataset != ((void *)0) ;; DSset of the DNSKEYsetprove_nx: ERROR type existdns_rcode_totext failederror response code %.*s
;; DNSKEYset: ;; RRSIG of the DNSKEYset: ;; DSset: ;; RRSIGset of DSset;; cleanandgo ;; The Answer:No trusted keys presentWARNING in TCP modeSERVFAIL replyrecursion not availablerecv_done()lookup=%p, query=%pb == &query->recvbufno longer pending. Got %sin recv cancel handler;; communications error: %s getting initial querysigdns_message_getquerytsigdns_message_setquerytsigbefore parse starts;; Got bad packet: %s %u bytes %02x dns_opcode_totext;; BADCOOKIE, retrying%s. sending query %p freeing querysig buffer %pafter parseisc_timer_resetin TRACE codein NSSEARCH codedns_message_create in %s:%disc_buffer_copyregionstill pending.check_for_more_data(); Transfer failed.got the second rr as nonsoagot an SOAthis is the first serial %ugot up to date responsedoing axfr, got second SOAdoing ixfr, got empty zonethis is the second serial %ugot a match for ixfrdone with ixfrmeaningless soa %uLLQNSIDDAUDHUN3UECSEXPIRECOOKIEKEEPALIVEPADDINGPADCHAINKEY-TAGEDECLIENT-TAGSERVER-TAGDEVICEID �����������H��h�������X��;�u�z�������|����,�������$,���8<���LL���`����|����l����ܣ�������8̬��h�������������|���@��|���������|���`���|��X����l�����������,��< l��d ���� ���� ��� <��H ���h L��� ���� |��� �����4|���������������P\�����\����@ <�l <�� ,�� ���X,����<�����������������X���������,��|��8 ��l�����������8�(����)���,+��L2��l,5����5���L7��$8��p�8����:��L;��4�;��p�<����=���?��4�?��h�@���,A���\A����B��$�F��lLG���<K���LP��,U��X�Z���_����_�� �b��\|e���,f����k���<l��$\n��t�p���r��|u��dv����|����}��,܂��d������������L,������L���x|����|������$zRx�X���/D$4�v���FJw�?:*3$"\�����t����������YD O A�(���XD N A�l���XD N A<����eB�B�A �K(�G�W (A ABBD@D���F�B�B �A(�A0�D@i 0A(A BBBG,�L���9A�C�G� & AAA@�\���MB�B�B �D(�A0�D@� 0A(A BBBF �h���A�G@L AK Ĩ��A�G@L AKHD ���VB�E�B �B(�A0�A8�G�� 8A0A(B BBBA8�4���bB�B�A �A(�G@� (A ABBB@�h���F�B�B �A(�A0�D@