Student Affairs Office of Technology

DNSSEC Testing


Table of Contents Installing Bind


Download BIND9.9.2-P2.ZIP from http://www.isc.org/software/bind/.


Extract the file on your desktop



Run the Visual C runtime redistributable, vcredist_x86.exe. Note this is the Visual C runtime 5.0.

Running Bind and Output

Running Dig Commands

$ dig +nodnssec +norec +ignore ns . @m.root-servers.net
$ dig +dnssec +norec +ignore ns . @m.root-servers.net
$ dig +dnssec +norec +ignore any . @m.root-servers.net
$ dig +dnssec +norec +vc any . @m.root-servers.net
$ dig +short rs.dns-oarc.net txt


Sample Output

; <<>> DiG 9.7.3 <<>> +dnssec +norec +ignore any . @m.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5024
;; flags: qr aa; QUERY: 1, ANSWER: 21, AUTHORITY: 0, ADDITIONAL: 23

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;.                              IN      ANY

;; ANSWER SECTION:
.                       86400   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2013042300 1800 900 604800 86400
.                       86400   IN      RRSIG   SOA 8 0 86400 20130430000000 20130422230000 20580 . n48DRAzy5EuJgHhaZcYhMOtbQANCmhr6NRhrFTnjc6F+zG8R98YapBGk tlsS9mCV6/NfDuV8fJExnlPMqM+QhoaNPow+uHGu3NfAJZeST8n3pOv7 7h6YzrRzYqbKZBu6nINRyFTyFNOlLo06FOqdFM43cV8c6Oq0hYEirVUK UAo=
.                       518400  IN      NS      g.root-servers.net.
.                       518400  IN      NS      e.root-servers.net.
.                       518400  IN      NS      b.root-servers.net.
.                       518400  IN      NS      m.root-servers.net.
.                       518400  IN      NS      l.root-servers.net.
.                       518400  IN      NS      i.root-servers.net.
.                       518400  IN      NS      d.root-servers.net.
.                       518400  IN      NS      j.root-servers.net.
.                       518400  IN      NS      h.root-servers.net.
.                       518400  IN      NS      a.root-servers.net.
.                       518400  IN      NS      c.root-servers.net.
.                       518400  IN      NS      f.root-servers.net.
.                       518400  IN      NS      k.root-servers.net.
.                       518400  IN      RRSIG   NS 8 0 518400 20130430000000 20130422230000 20580 . YfufeleFfFTkRf+WivisMZwaw9UYI/VjIJ4bqQMNIelapGE5IOeWAt7H JgTAVMmEpAYvdGYe58veu2ierQ2p/vqMGyQ/xRUNHSgkYs3IP+XBMPip iRlcnCmIMUH7lVyDY5EQNV6KhfKyoPPZ4slPM4i82bWnUupSN4y+9rDp Rzg=
.                       172800  IN      DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=
.                       172800  IN      DNSKEY  256 3 8 AwEAAc5byZvwmHUlCQt7WSeAr3OZ2ao4x0Yj/3UcbtFzQ0T67N7CpYmN qFmfvXxksS1/E+mtT0axFVDjiJjtklUsyqIm9ZlWGZKU3GZqI9Sfp1Bj Qkhi+yLa4m4y4z2N28rxWXsWHCY740PREnmUtgXRdthwABYaB2WPum3y RGxNCP1/
.                       172800  IN      RRSIG   DNSKEY 8 0 172800 20130505235959 20130421000000 19036 . I1luazwFgr+PPGu35qEDZ8pAV54ikOD6XfPL+UlwtTZMyEm9dJp2xG2h HIK4e+yFNxBqEBQexQpzOpjizO+h0cRU8ziHKXMM/GbF1U77vMZEUghs YdXYQlQDYlR9mXro442U4dzcWYuff+QYVBnoOh02kYdDeaLXRgpt53Yj 6pObkjwWd6RZCeLja1FU0gAQYaZpo1LIfILWOGlzR00kmQI+GJQrNxEF bPMqlWsx/Z4lFHC3krpvDAlUfCjATRlfljaG/8jrzvKbirIxzC++Yqfj jsoNMhRJhIbGvdszWpBHzzDLBme2lwycnzexvjJzlK8Xhlvpsl4CGOxY 4HfgAQ==
.                       86400   IN      NSEC    ac. NS SOA RRSIG NSEC DNSKEY
.                       86400   IN      RRSIG   NSEC 8 0 86400 20130430000000 20130422230000 20580 . DKik3WAXOXB7fywiaGGbt46whchag0dPz3D8FxFOaImCD8A4FpWNRwb3 IWbVAaF5XdxGuTvE42pYAi6VgVvLiEOungVOYpTD8SESW6oqAxR3JzOO fhD0OhvmOF1YeIIbTNYlF2pOAm59Nijfe5Z4HsXwQdTBH5zORmf0X2fO qV4=

;; ADDITIONAL SECTION:
a.root-servers.net.     3600000 IN      A       198.41.0.4
b.root-servers.net.     3600000 IN      A       192.228.79.201
c.root-servers.net.     3600000 IN      A       192.33.4.12
d.root-servers.net.     3600000 IN      A       199.7.91.13
e.root-servers.net.     3600000 IN      A       192.203.230.10
f.root-servers.net.     3600000 IN      A       192.5.5.241
g.root-servers.net.     3600000 IN      A       192.112.36.4
h.root-servers.net.     3600000 IN      A       128.63.2.53
i.root-servers.net.     3600000 IN      A       192.36.148.17
j.root-servers.net.     3600000 IN      A       192.58.128.30
k.root-servers.net.     3600000 IN      A       193.0.14.129
l.root-servers.net.     3600000 IN      A       199.7.83.42
m.root-servers.net.     3600000 IN      A       202.12.27.33
a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
h.root-servers.net.     3600000 IN      AAAA    2001:500:1::803f:235
i.root-servers.net.     3600000 IN      AAAA    2001:7fe::53
j.root-servers.net.     3600000 IN      AAAA    2001:503:c27::2:30
k.root-servers.net.     3600000 IN      AAAA    2001:7fd::1
l.root-servers.net.     3600000 IN      AAAA    2001:500:3::42
m.root-servers.net.     3600000 IN      AAAA    2001:dc3::35

;; Query time: 129 msec
;; SERVER: 202.12.27.33#53(202.12.27.33)
;; WHEN: Tue Apr 23 09:27:08 2013
;; MSG SIZE  rcvd: 1962
side-by-side error message

$ dig
The application has failed to start because its side-by-side configuration is in
correct. Please see the application event log or use the command-line sxstrace.e
xe tool for more detail.
This is caused by not having the Visual C runtime libraries installed.
Network Data, Wireshark


UDP traffic from $ dig +dnssec +norec +ignore any . @m.root-servers.net


Extended TCP traffic from $ dig +dnssec +norec +vc any . @m.root-servers.net


Basic short query with ICMP failure from $ dig +short rs.dns-oarc.net txt

Students:: Administration:: About us:: Contact us:: Giving to Student Affairs


Copyright © 2010 The Regents of the University of California
You are welcome toContact Student Affairs to ask questions or report problems with the Web site. Contact information for the Student Affairs Web team.