gov to macpac.gov: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (216.59.57.7, 216.59.60.7, 2602:ffe2:54::7, TCP_-_EDNS0_4096_D_KN)
macpac.gov/DS (alg 10, id 65286): The cryptographic hash in the Digest field of the DS RR does not match the computed value.
macpac.gov/DS (alg 10, id 65286): The cryptographic hash in the Digest field of the DS RR does not match the computed value.
Warnings (7)
RRSIG macpac.gov/A alg 10, id 22386: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/DNSKEY alg 10, id 65286: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/DNSKEY alg 10, id 65286: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/MX alg 10, id 22386: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/NS alg 10, id 22386: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/SOA alg 10, id 22386: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/TXT alg 10, id 22386: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).