Launch a query to find a RRset of type (lookup_list).tail == (current_lookup)(lookup_list).head != (current_lookup)(lookup_list).tail != (current_lookup) ;; No trusted key, +sigchase option is disabled isn't a subdomain of any Trusted Keys: +sigchase option is disableignoring launch_next_query because !pendingisc_buffer_reserve(&_tmp, 2) == ISC_R_SUCCESSisc_buffer_availablelength(&query->slbuf) >= 2Usending a request in launch_next_queryisc_time_now((&query->time_sent)) == 0;; Skipping mapped address '%s' event->ev_type == (((2) << 16) + 4);; Connection to %s(%s) for %s failed: %s. event->ev_type == (((2) << 16) + 1)(sevent->bufferlist).tail == (b)(sevent->bufferlist).head == (b)(sevent->bufferlist).head != (b)(sevent->bufferlist).tail != (b);; communications error to %s: %s ((query->recvlist).head == ((void *)0))recving with lookup=%p, query=%presubmitted recv request with length %d, recvcount=%dworking on lookup %p, query %precving with lookup=%p, query=%p, sock=%pevent->ev_type == (((1) << 16) + 2)resending UDP request to first servermaking new TCP request, %d tries left;; connection timed out; no servers could be reachedevent->ev_type == (((2) << 16) + 2)((lookup_list).head) == ((void *)0)((pthread_mutex_destroy(((&lookup_lock))) == 0) ? 0 : 34) == 0Destroy the messages kept for sigchaserdata.type == ((dns_rdatatype_t)dns_rdatatype_dnskey);; Ok, find a Trusted Key in the DNSKEY RRset: %d keyrdata.type == ((dns_rdatatype_t)dns_rdatatype_dnskey)Oops: impossible to build new DS rdata;; OK a DS valids a DNSKEY in the RRset;; Now verify that this DNSKEY validates the DNSKEY RRset;; This DS is NOT the DS for the chasing KEY: FAILED Launch a query to find a RRset of type ;; NS RRset is missing to continue validation: FAILED chase_nsrdataset != ((void *)0) ;; No Answers: Validation FAILED
;; RRSIG is missing for continue validation: FAILED
;; RRSIG of the RRset to chase:chase_sigrdataset != ((void *)0) ;; DNSKEY is missing to continue validation: FAILED
;; DNSKEYset that signs the RRset to chase:chase_keyrdataset != ((void *)0) ;; RRSIG for DNSKEY is missing to continue validation : FAILED
;; RRSIG of the DNSKEYset that signs the RRset to chase:chase_sigkeyrdataset != ((void *)0) ;; WARNING There is no DS for the zone: ;; WARNING : NO RRSIG DS : RRSIG DS should come with DS ;; RRSIG of the DSset of the DNSKEYset;; nothing in authority section : impossible to validate the non-existence : FAILEDThere is a NSEC for this zone in the AUTHORITY section:;; no RRSIG NSEC in authority section: impossible to validate the non-existence: FAILEDOK the NSEC said that the type doesn't exist There isn't RRSIG NSEC for the zone We want to prove the non-existence of a type of rdata %d or of the zone: We have a NSEC for this zone :OKprove_nx: OK type does not existthere is no NSEC for this zone: validating that the zone doesn't existno answer or authority sectionno response but there is a delegation in authority section: no response and no delegation in authority section but a reference to: ;; RRSIG of DNSKEY is missing to continue validation: FAILED chase_dsrdataset != ((void *)0)chase_sigdsrdataset != ((void *)0) ;; chain of trust can't be validated: FAILED
;; RRset is missing to continue validation SHOULD NOT APPEND: FAILED
;; RRSIG is missing to continue validation SHOULD NOT APPEND: FAILED
;; We are in a Grand Father Problem: See 2.2.1 in RFC 3658;; and we try to continue chain of trust validation of the zone: ;;NSset is missing to continue validation: FAILED
;; DSset is missing to continue validation: FAILED
;; Impossible to verify the DSset: FAILED
;; Impossible to verify the non-existence, the NSEC RRset can't be validated: FAILED
;; Impossible to verify the NSEC RR to prove the non-existence : FAILED
;; Impossible to verify the non-existence: FAILED
;; OK the query doesn't have response but we have validate this fact : SUCCESS
;; RRsig of RRset is missing to continue validation SHOULD NOT APPEND: FAILED
;; Impossible to verify the RRset : FAILED
;; FINISH : we have validate the DNSSEC chain of trust: SUCCESS
;; Impossible to verify the Non-existence, the NSEC RRset can't be validated: FAILED
No Answers and impossible to prove the unsecurity : Validation FAILED ;; An NSEC prove the non-existence of a answers, Now we want validate this NSEC
;; WE HAVE MATERIAL, WE NOW DO VALIDATION;; No DNSKEY is valid to check the RRSIG of the RRset: FAILED;; OK We found DNSKEY (or more) to validate the RRset ;; Ok this DNSKEY is a Trusted Key, DNSSEC validation is ok: SUCCESS ;; Now, we are going to validate this DNSKEY by the DS;; the DNSKEY isn't trusted-key and there isn't DS to validate the DNSKEY: FAILED;; ERROR no DS validates a DNSKEY in the DNSKEY RRset: FAILED;; OK this DNSKEY (validated by the DS) validates the RRset of the DNSKEYs, thus the DNSKEY validates the RRset;; Now, we want to validate the DS : recursive callisc_time_now((&query->time_recv)) == 0(sevent->bufferlist).tail == (&query->recvbuf)(sevent->bufferlist).head == (&query->recvbuf)(sevent->bufferlist).head != (&query->recvbuf)(sevent->bufferlist).tail != (&query->recvbuf);; reply from unexpected source: %s, expected %s ;; %s: ID mismatch: expected ID %u, got %u ;; ERROR: short (< header size) message;; Warning: ID mismatch: expected ID %u, got %u ;; Warning: short (< header size) message received;; Warning: query response not set;; Warning: Message parser reports malformed message packet.;; Warning: Opcode mismatch: expected %s, got %s;; Question section mismatch: got %s/%s/%s ;; BADVERS, retrying with EDNS version %u. ;; Truncated, retrying in TCP mode.;; Got %s from %s, trying next server ;; Couldn't verify signature: %s ;; expected opt record in responseMemory allocation failure in %s:%d; Transfer failed. Didn't start with SOA answer.../../../bin/dig/dighost.cinvalid %s '%s': %s %s: out of memoryisc_time_now((&t)) == 0%u.%06u: query != ((void *)0)clear_query(%p)send_done not yet called(lookup->q).tail == (query)(lookup->q).head == (query)(lookup->q).head != (query)(lookup->q).tail != (query)sockcount=%demptyfullcheck_if_done()list %ssockcount == 0recvcount == 0shutting downcancel_lookup()force_timeout ()isc_event_allocate: %sfrom string is too longACE string is too long%s: %sisc_hex_decodestringisc_hex_totextbringup_timer()have local timeout of %disc_timer_createservname != ((void *)0)make_server(%s)copy_server_list()%%%uflush_server_list()(server_list).tail == (ps)(server_list).head == (ps)(server_list).head != (ps)(server_list).tail != (ps)memory allocation failureclone_server_list()make_empty_lookup()!free_nowIDN_DISABLEASCIICHARSETclone_lookup()looknew != ((void *)0)requeue_lookup()too many lookupsnext_origin()following up %ssetup_text_key()dns_name_initcouldn't parse digest bitsinvalid prefix '%s' .0invalid address '%s'hmac != ((void *)0)unknown key type '%.*s'hmac-md5hmac-md5-digest-bits [0..128]hmac-sha1hmac-sha1-digest-bits [0..160]hmac-sha224hmac-sha224-digest-bits [0..224]hmac-sha256hmac-sha256-digest-bits [0..256]hmac-sha384hmac-sha384-digest-bits [0..384]hmac-sha512hmac-sha512-digest-bits [0..512]setup_file_key()secretalgorithmsetup_system()can't find IPv4 networkingcan't find IPv6 networkinglwres_context_create failed/etc/resolv.confparse of %s failedcreate_search_list()verbose is onndots is %d.tries is %d.timeout is %d.127.0.0.1add_nameserver failed::1dns_name_settotextfiltersetup_libs()isc_mem_createdigisc_log_createdefault_debugisc_log_usechannelisc_taskmgr_createisc_task_createisc_timermgr_createisc_socketmgr_createisc_entropy_createdst_lib_initisc_mempool_createCOMMPOOLisc_mutex_inittoo many ednsoptsednsoptbad edns code point: %sdestroyfreeing buffer %plookup != ((void *)0)try_clear_lookup(%p)query to %s still pendingquery to %s still connectingsetup_lookup(%p)dns_message_createresetting lookup counter.cloning server listdns_message_gettempnameidn_textname: %strying origin %strying idn origin %susing root origin'%s' is not a legal name (%s)recursive queryAA queryAD queryCD queryZ queryadd_question()dns_message_gettemprdataset()insert_soa()dns_message_gettemprdataisc_rdata_fromstructdns_message_gettemprdatalistdns_message_gettemprdatasetinitializing keysdns_message_settsigkeydns_compress_initdns_message_renderbeginplen == 0plen <= 32plen <= 128add_opt()dns_message_buildoptdns_message_setoptdns_message_rendersectiondns_message_renderenddone rendering;; QUERY SIZE: %u
count == 1found NS set;; BAD (HORIZONTAL) REFERRAL;; BAD REFERRALfound NS %sadding server %si > 0cancel_all()isc_mutex_locksuccessunlock_lookup %s:%disc_mutex_unlock(lookup_list).tail == (l)(lookup_list).head == (l)(lookup_list).head != (l)(lookup_list).tail != (l)print_typeempty rdatasetsigrdata tostruct siginfodns_name_totext for zone: %s /etc/trusted-key.key./trusted-key.key ;; ERROR : is not a subdomain of: FAILED empty RRSIG datasetstr != ((void *)0)nameFromStringstart_lookup()current_lookup == ((void *)0) ;; The queried zone: check_next_lookup(%p)still have a workerlaunch_next_query()sockcount >= 0isc_socket_recvvrecvcount=%disc_socket_sendvsendcount=%dsend_tcp_connect(%p);; No acceptable nameserversquery->sock == ((void *)0)isc_socket_createisc_socket_bindisc_socket_connectsending next, since searching(l->q).tail == (query)(l->q).head == (query)(l->q).head != (query)(l->q).tail != (query)connect_done()query->waiting_connectin cancel handlersockcount > 0unsuccessful connection: %stcp_length_done()recvcount >= 0b == &query->lengthbufsend_udp(%p)sending a requestquery->sock != ((void *)0)isc_socket_sendtovdo_lookup()connect_timeout()trying next server...send_done()sendcount >= 0destroy_libs()freeing taskfreeing taskmgrsendcount == 0freeing commctxfreeing socketmgrfreeing timermgrfreeing key %pdestroy DST libdetach from entropychase_msg->msg != ((void *)0)Removing log contextDestroy memorydns_name_dupempty DS dataset;; VERIFYING RRset for with DNSKEY:%d: %s dns_dnssec_keyfromrdataempty DNSKEY datasetempty DSset datasetdns_rdata_tostruct for DSempty KEY datasetns name: %s for zone: %s with nameservers:;; NO ANSWERS: %s ;; RRset to chase:chase_rdataset != ((void *)0) ;; DSset of the DNSKEYsetprove_nx: ERROR type existdns_rcode_totext failederror response code %.*s
;; DNSKEYset: ;; RRSIG of the DNSKEYset: ;; DSset: ;; RRSIGset of DSset;; cleanandgo ;; The Answer:No trusted keys presentWARNING in TCP modeSERVFAIL replyrecursion not availablerecv_done()lookup=%p, query=%pb == &query->recvbufno longer pending. Got %sin recv cancel handler;; communications error: %s getting initial querysigdns_message_getquerytsigdns_message_setquerytsigbefore parse starts;; Got bad packet: %s %u bytes %02x dns_opcode_totext;; BADCOOKIE, retrying%s. sending query %p freeing querysig buffer %pafter parseisc_timer_resetin TRACE codein NSSEARCH codedns_message_create in %s:%disc_buffer_copyregionstill pending.check_for_more_data(); Transfer failed.got the second rr as nonsoagot an SOAthis is the first serial %ugot up to date responsedoing axfr, got second SOAdoing ixfr, got empty zonethis is the second serial %ugot a match for ixfrdone with ixfrmeaningless soa %uLLQNSIDDAUDHUN3UECSEXPIRECOOKIEKEEPALIVEPADDINGPADCHAINKEY-TAGEDECLIENT-TAGSERVER-TAGDEVICEIDD�����������l�������$��|��;ll`������������������������D���`P���x�����P����@���0����������H������������P�����(��t �������`�����,p��`��������0����������D ���x ��� ��� �� ��D �� ��� ��`�0`�\P�@����P����`����������������� ���H ���� P��� ���� @ ��0������������ )��`�)���P+���p2��0P5��p6���p7���08��4 9��� ;���p;��� <��4=��p>���0?����?��,�@��xPA����A����B����F��0pG��X`K���pP���PU��[��l@_����_����b�� �e��LPf��ll���`l����n��8�p���@r����u��(@v��l�|����}������(@���t��� ���P���|����p���<����P���������zRx�`���/D$4����@FJw�?:*3$"\��0t������ 8���F�B�A �A(�D�q (A ABBK�����0AAU�����8Ds��&P ���B�B�B �B(�A0�A8�G� L�+ 8A0A(B BBBALth����B�B�B �E(�D0�A8�N�� 8A0A(B BBBE`����� F�B�B �B(�A0�A8�G� L�& 8A0A(B BBBD��&a�&F�&A�&8(4���F�P�K �H(�N0� (D ABBAHd����B�E�D �I(�D0` (A ABBB\(F ABB(�|���MA�A�D � AAG@�����B�E�H �D(�D0�D@C 0A(A BBBJ ���4��HH��|F�B�B �B(�A0�A8�G�B 8A0A(B BBBG$�H��4E�D�G aAAH�`��gF�E�B �J(�D0�G8�G�� 8A0A(B BBBA���E�D�G�H(����B�G�B �L(�A0�A8�GPw 8A0A(B BBBA(t����A�P�I G DAA�L��eH�D A0�����F�A�A �J�� AABD$���OA�� O� E 0���A�@ GJ E$@����A�M�D lAA hT���A�N � AAH�����F�B�B �B(�A0�A8�G�@ 8A0A(B BBBA0�T��5B�I�A �G0� AABE`��&J�H$x���B�E�B �B(�D0�A8�G�D 8A0A(B BBBK4p����B�F�A ��(F0_(H CAB,�����F�A�A �� ABHH�4���B�B�B �B(�K0�A8�D�� 8A0A(B BBBB,$���]F�J�A �� ABG@T���?F�B�B �A(�A0�G�� 0A(A BBBA(�����F�C�D ��AB(�(���E�J�D T AAGL����F�D�D �K(�D0. (D ABBD~ (D ABBA(@���E�M�F � DAG@l`��B�B�B �A(�A0�G�~ 0A(A BBBKh���cF�I�B �B(�A0�A8�G�= 8A0A(B BBBED�F�O�J�E�B�L� ��0 ��]D E AL �L` ���F�B�B �B(�A0�A8�D� 8A0A(B BBBI(� ��E�A�D@� AAGT� ��F�I�B �A(�A0�DpM 0A(A BBBDGxG�J�E�Ip<4 H�[F�D�E �A(�A0�P (A BBBHt h���ME�~ E0� �����F�H�A �D0T AABEL� ����F�B�B �B(�A0�A8�D� 8A0A(B BBBA<X���F�K�B �A(�K0�� (I IBBO8T(���B�A�A �} CBJy FBG`����&F�B�B �B(�A0�A8�G� L�3� 8A0A(B BBBF��3B�3T�3H�30�����F�D�D �I@O AABFH(T��RF�G�E �B(�F0�G8�G�V 8A0A(B BBBHLth��B�B�B �B(�A0�A8�G�