. to ag: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (199.249.124.1, 2001:500:44::1, UDP_-_EDNS0_4096_D_K)
. to ag: The DS RRset for the zone included algorithm 7 (RSASHA1NSEC3SHA1), but no DS RR matched a DNSKEY with algorithm 7 that signs the zone's DNSKEY RRset. (199.249.124.1, 2001:500:44::1, UDP_-_EDNS0_4096_D_K)
NSEC3 proving non-existence of hoevelmann.ag/DS: No RRSIG covering the RRset was returned in the response. (199.254.59.1, 199.254.60.1, 199.254.61.1, 199.254.62.1, 2001:500:25::1, 2001:500:26::1, 2001:500:27::1, 2001:500:28::1, 2001:500:4c::1, UDP_-_EDNS0_4096_D_K)
ag to hoevelmann.ag: No NSEC RR(s) were returned to validate the NODATA response. (199.249.116.1, 199.249.124.1, 2001:500:44::1, UDP_-_EDNS0_4096_D_K)
ag/DNSKEY (alg 7, id 24316): No RRSIG covering the RRset was returned in the response. (199.249.124.1, 2001:500:44::1, UDP_-_EDNS0_4096_D_K)
ag/DNSKEY (alg 7, id 58865): No RRSIG covering the RRset was returned in the response. (199.249.124.1, 2001:500:44::1, UDP_-_EDNS0_4096_D_K)
ag/DNSKEY (alg 7, id 65384): No RRSIG covering the RRset was returned in the response. (199.249.124.1, 2001:500:44::1, UDP_-_EDNS0_4096_D_K)
ag/SOA: No RRSIG covering the RRset was returned in the response. (199.249.116.1, 199.249.124.1, 199.254.59.1, 199.254.60.1, 199.254.61.1, 199.254.62.1, 2001:500:25::1, 2001:500:26::1, 2001:500:27::1, 2001:500:28::1, 2001:500:44::1, 2001:500:4c::1, UDP_-_EDNS0_4096_D_K)
Warnings (8)
RRSIG NSEC3 proving non-existence of hoevelmann.ag/DS alg 7, id 58865: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG ag/DNSKEY alg 7, id 24316: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG ag/DNSKEY alg 7, id 24316: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG ag/DNSKEY alg 7, id 24316: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
ag/DS (alg 7, id 55656): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
ag/DS (alg 7, id 55656): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
ag/DS (alg 7, id 55656): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
ag/DS (alg 7, id 55656): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.