202.in-addr.arpa to 96.125.202.in-addr.arpa: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (202.125.97.32, 2001:df2:ee01:ee01::32, UDP_-_EDNS0_4096_D_KN)
RRSIG 96.125.202.in-addr.arpa/DNSKEY alg 7, id 31854: The Signature Expiration field of the RRSIG RR (2017-09-15 01:58:32+00:00) is 1210 days in the past.
RRSIG 96.125.202.in-addr.arpa/DNSKEY alg 7, id 31854: The Signature Expiration field of the RRSIG RR (2017-09-15 01:58:32+00:00) is 1210 days in the past.
RRSIG 96.125.202.in-addr.arpa/NS alg 7, id 27044: The Signature Expiration field of the RRSIG RR (2017-09-15 01:58:32+00:00) is 1210 days in the past.
RRSIG 96.125.202.in-addr.arpa/SOA alg 7, id 27044: The Signature Expiration field of the RRSIG RR (2017-09-15 01:58:32+00:00) is 1210 days in the past.
Warnings (14)
96.125.202.in-addr.arpa/DS (alg 7, id 31854): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
96.125.202.in-addr.arpa/DS (alg 7, id 31854): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
RRSIG 96.125.202.in-addr.arpa/DNSKEY alg 7, id 31854: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG 96.125.202.in-addr.arpa/DNSKEY alg 7, id 31854: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG 96.125.202.in-addr.arpa/DNSKEY alg 7, id 31854: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG 96.125.202.in-addr.arpa/DNSKEY alg 7, id 31854: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG 96.125.202.in-addr.arpa/NS alg 7, id 27044: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG 96.125.202.in-addr.arpa/NS alg 7, id 27044: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG 96.125.202.in-addr.arpa/SOA alg 7, id 27044: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG 96.125.202.in-addr.arpa/SOA alg 7, id 27044: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
arpa/DS (alg 8, id 42581): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
arpa/DS (alg 8, id 42581): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
arpa/DS (alg 8, id 42581): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
arpa/DS (alg 8, id 42581): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.