contact to daemon.contact: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone.
contact zone: The server(s) were not responsive to queries over UDP. (2a01:8840:f6::34)
daemon.contact/DNSKEY: No response was received from the server over UDP (tried 12 times). (156.38.157.204, UDP_-_NOEDNS_)
daemon.contact/DNSKEY: No response was received from the server over UDP (tried 13 times). (195.154.230.217, UDP_-_EDNS0_4096_D)
daemon.contact/DNSKEY: No response was received from the server over UDP (tried 4 times). (195.154.230.217, UDP_-_EDNS0_512_D_KN)
Warnings (5)
RRSIG flag.daemon.contact/A alg 10, id 15758: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG flag.daemon.contact/A alg 10, id 54000: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG flowm.daemon.contact/CNAME alg 10, id 15758: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG flowm.daemon.contact/CNAME alg 10, id 54000: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
flag.daemon.contact/A: No response was received from the server over UDP (tried 6 times) until the COOKIE EDNS option was removed (however, this server appeared to respond legitimately to other queries with the COOKIE EDNS option present). (195.154.230.217, UDP_-_EDNS0_4096_D_KN)