radio to n7dmr.radio: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (108.162.192.147, 108.162.193.146, 172.64.32.147, 172.64.33.146, 173.245.58.147, 173.245.59.146, 2606:4700:50::adf5:3a93, 2606:4700:58::adf5:3b92, 2803:f800:50::6ca2:c093, 2803:f800:50::6ca2:c192, 2a06:98c1:50::ac40:2093, 2a06:98c1:50::ac40:2192, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
radio to n7dmr.radio: The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no DS RR matched a DNSKEY with algorithm 13 that signs the zone's DNSKEY RRset. (108.162.192.147, 108.162.193.146, 172.64.32.147, 172.64.33.146, 173.245.58.147, 173.245.59.146, 2606:4700:50::adf5:3a93, 2606:4700:58::adf5:3b92, 2803:f800:50::6ca2:c093, 2803:f800:50::6ca2:c192, 2a06:98c1:50::ac40:2093, 2a06:98c1:50::ac40:2192, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
Warnings (3)
RRSIG n7dmr.radio/DS alg 10, id 38247: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG radio/DNSKEY alg 10, id 62727: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG radio/DNSKEY alg 10, id 62727: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).