mnordhoff/gist:9286a264633fc12a262213a8d389f517

## gistfile1.txt
$ dpkg -l bind9
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version            Architecture Description
+++-==============-==================-============-=================================
ii  bind9          1:9.18.18-0ubuntu2 amd64        Internet Domain Name Server

$ named -V
BIND 9.18.18-0ubuntu2-Ubuntu (Extended Support Version) <id:>
running on Linux x86_64 6.5.0-17-generic #17-Ubuntu SMP PREEMPT_DYNAMIC Thu Jan 11 14:01:59 UTC 2024
built by make with  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=/usr/src/bind9-1:9.18.18-0ubuntu2 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 13.2.0
compiled with OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
linked to OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with libnghttp2 version: 1.55.1
linked to libnghttp2 version: 1.55.1
compiled with libxml2 version: 2.9.14
linked to libxml2 version: 20914
compiled with json-c version: 0.17
linked to json-c version: 0.17
compiled with zlib version: 1.2.13
linked to zlib version: 1.2.13
linked to maxminddb version: 1.7.1
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes

default paths:
  named configuration:  /etc/bind/named.conf
  rndc configuration:   /etc/bind/rndc.conf
  DNSSEC root key:      /etc/bind/bind.keys
  nsupdate session key: //run/named/session.key
  named PID file:       //run/named/named.pid
  named lock file:      //run/named/named.lock
  geoip-directory:      /usr/share/GeoIP

$ dig paste.debian.net

; <<>> DiG 9.18.18-0ubuntu2-Ubuntu <<>> paste.debian.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35996
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: bbd076caba3dd4350100000065cd4e981c339e8bf9033935 (good)
;; QUESTION SECTION:
;paste.debian.net.              IN      A

;; ANSWER SECTION:
paste.debian.net.       3600    IN      CNAME   apu.snow-crash.org.
apu.snow-crash.org.     900     IN      CNAME   p.snow-crash.org.
p.snow-crash.org.       900     IN      A       148.251.236.38

;; Query time: 891 msec
;; SERVER: ::1#53(::1) (UDP)
;; WHEN: Wed Feb 14 23:36:56 UTC 2024
;; MSG SIZE  rcvd: 137

## gistfile2.txt
$ dpkg -l bind9
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version              Architecture Description
+++-==============-====================-============-=================================
ii  bind9          1:9.18.18-0ubuntu2.1 amd64        Internet Domain Name Server

$ named -V
BIND 9.18.18-0ubuntu2.1-Ubuntu (Extended Support Version) <id:>
running on Linux x86_64 6.5.0-17-generic #17-Ubuntu SMP PREEMPT_DYNAMIC Thu Jan 11 14:01:59 UTC 2024
built by make with  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-VCKaAa/bind9-9.18.18=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/bind9-VCKaAa/bind9-9.18.18=/usr/src/bind9-1:9.18.18-0ubuntu2.1 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 13.2.0
compiled with OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
linked to OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with libnghttp2 version: 1.55.1
linked to libnghttp2 version: 1.55.1
compiled with libxml2 version: 2.9.14
linked to libxml2 version: 20914
compiled with json-c version: 0.17
linked to json-c version: 0.17
compiled with zlib version: 1.2.13
linked to zlib version: 1.2.13
linked to maxminddb version: 1.7.1
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes

default paths:
  named configuration:  /etc/bind/named.conf
  rndc configuration:   /etc/bind/rndc.conf
  DNSSEC root key:      /etc/bind/bind.keys
  nsupdate session key: //run/named/session.key
  named PID file:       //run/named/named.pid
  named lock file:      //run/named/named.lock
  geoip-directory:      /usr/share/GeoIP

$ dig paste.debian.net

; <<>> DiG 9.18.18-0ubuntu2.1-Ubuntu <<>> paste.debian.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64069
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 16c3f8e23732f9c20100000065cd4f6d8636269754885075 (good)
;; QUESTION SECTION:
;paste.debian.net.              IN      A

;; Query time: 2564 msec
;; SERVER: ::1#53(::1) (UDP)
;; WHEN: Wed Feb 14 23:40:29 UTC 2024
;; MSG SIZE  rcvd: 73

2024-02-14T23:40:28.938336+00:00 localhost named[2540]: validating apu.snow-crash.org/CNAME: verify failed due to bad signature (keyid=41523): RRSIG has expired
2024-02-14T23:40:28.938919+00:00 localhost named[2540]: validating apu.snow-crash.org/CNAME: no valid signature found
2024-02-14T23:40:28.939091+00:00 localhost named[2540]: RRSIG has expired resolving 'apu.snow-crash.org/A/IN': 37.120.176.165#53
2024-02-14T23:40:29.386449+00:00 localhost named[2540]: validating apu.snow-crash.org/CNAME: verify failed due to bad signature (keyid=41523): RRSIG has expired
2024-02-14T23:40:29.386718+00:00 localhost named[2540]: validating apu.snow-crash.org/CNAME: no valid signature found
2024-02-14T23:40:29.386876+00:00 localhost named[2540]: RRSIG has expired resolving 'apu.snow-crash.org/A/IN': 148.251.236.38#53
2024-02-14T23:40:29.868476+00:00 localhost named[2540]: validating apu.snow-crash.org/CNAME: verify failed due to bad signature (keyid=41523): RRSIG has expired
2024-02-14T23:40:29.868740+00:00 localhost named[2540]: validating apu.snow-crash.org/CNAME: no valid signature found
2024-02-14T23:40:29.868864+00:00 localhost named[2540]: RRSIG has expired resolving 'apu.snow-crash.org/A/IN': 2a01:4f8:201:3437::2#53

$ dig +cd paste.debian.net

; <<>> DiG 9.18.18-0ubuntu2.1-Ubuntu <<>> +cd paste.debian.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1245
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 3c939edd1c8db4e00100000065cd5167f3b19690e61f8573 (good)
;; QUESTION SECTION:
;paste.debian.net.              IN      A

;; ANSWER SECTION:
paste.debian.net.       3577    IN      CNAME   apu.snow-crash.org.
apu.snow-crash.org.     900     IN      CNAME   p.snow-crash.org.
p.snow-crash.org.       3577    IN      A       148.251.236.38

;; Query time: 439 msec
;; SERVER: ::1#53(::1) (UDP)
;; WHEN: Wed Feb 14 23:48:55 UTC 2024
;; MSG SIZE  rcvd: 137
	$ dpkg -l bind9
	Desired=Unknown/Install/Remove/Purge/Hold
	\| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
	\|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
	\|\|/ Name Version Architecture Description
	+++-==============-==================-============-=================================
	ii bind9 1:9.18.18-0ubuntu2 amd64 Internet Domain Name Server

	$ named -V
	BIND 9.18.18-0ubuntu2-Ubuntu (Extended Support Version) <id:>
	running on Linux x86_64 6.5.0-17-generic #17-Ubuntu SMP PREEMPT_DYNAMIC Thu Jan 11 14:01:59 UTC 2024
	built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=/usr/src/bind9-1:9.18.18-0ubuntu2 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
	compiled by GCC 13.2.0
	compiled with OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
	linked to OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
	compiled with libuv version: 1.44.2
	linked to libuv version: 1.44.2
	compiled with libnghttp2 version: 1.55.1
	linked to libnghttp2 version: 1.55.1
	compiled with libxml2 version: 2.9.14
	linked to libxml2 version: 20914
	compiled with json-c version: 0.17
	linked to json-c version: 0.17
	compiled with zlib version: 1.2.13
	linked to zlib version: 1.2.13
	linked to maxminddb version: 1.7.1
	threads support is enabled
	DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
	DS algorithms: SHA-1 SHA-256 SHA-384
	HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
	TKEY mode 2 support (Diffie-Hellman): yes
	TKEY mode 3 support (GSS-API): yes

	default paths:
	named configuration: /etc/bind/named.conf
	rndc configuration: /etc/bind/rndc.conf
	DNSSEC root key: /etc/bind/bind.keys
	nsupdate session key: //run/named/session.key
	named PID file: //run/named/named.pid
	named lock file: //run/named/named.lock
	geoip-directory: /usr/share/GeoIP

	$ dig paste.debian.net

	; <<>> DiG 9.18.18-0ubuntu2-Ubuntu <<>> paste.debian.net
	;; global options: +cmd
	;; Got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35996
	;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

	;; OPT PSEUDOSECTION:
	; EDNS: version: 0, flags:; udp: 1232
	; COOKIE: bbd076caba3dd4350100000065cd4e981c339e8bf9033935 (good)
	;; QUESTION SECTION:
	;paste.debian.net. IN A

	;; ANSWER SECTION:
	paste.debian.net. 3600 IN CNAME apu.snow-crash.org.
	apu.snow-crash.org. 900 IN CNAME p.snow-crash.org.
	p.snow-crash.org. 900 IN A 148.251.236.38

	;; Query time: 891 msec
	;; SERVER: ::1#53(::1) (UDP)
	;; WHEN: Wed Feb 14 23:36:56 UTC 2024
	;; MSG SIZE rcvd: 137