. to hsbc: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone.
NSEC3 proving non-existence of nic.hsbc/DS: The SOA bit was set in the bitmap of the NSEC3 RR corresponding to the delegated name (nic.hsbc).
NSEC3 proving non-existence of nic.hsbc/DS: The SOA bit was set in the bitmap of the NSEC3 RR corresponding to the delegated name (nic.hsbc).
RRSIG NSEC3 proving non-existence of nic.hsbc/DS alg 8, id 6633: The Signer's Name field of the RRSIG RR (nic.hsbc) does not match the name of the zone containing the RRset (hsbc).
hsbc to nic.hsbc: An SOA RR with owner name (nic.hsbc) not matching the zone name (hsbc) was returned with the NODATA response. (156.154.144.76, 156.154.145.76, 156.154.156.76, 156.154.157.76, 156.154.158.76, 156.154.159.76, 2610:a1:1071::4c, 2610:a1:1072::4c, 2610:a1:1073::4c, 2610:a1:1074::4c, 2610:a1:1075::4c, 2610:a1:1076::4c, UDP_-_EDNS0_4096_D_KN)
hsbc zone: The server(s) responded over UDP with a malformed response or with an invalid RCODE. (156.154.144.76, 156.154.145.76, 156.154.156.76, 156.154.157.76, 156.154.158.76, 156.154.159.76, 2610:a1:1071::4c, 2610:a1:1072::4c, 2610:a1:1073::4c, 2610:a1:1074::4c, 2610:a1:1075::4c, 2610:a1:1076::4c)
hsbc/DNSKEY: The response had an invalid RCODE (SERVFAIL). (156.154.144.76, 156.154.145.76, 156.154.156.76, 156.154.157.76, 156.154.158.76, 156.154.159.76, 2610:a1:1071::4c, 2610:a1:1072::4c, 2610:a1:1073::4c, 2610:a1:1074::4c, 2610:a1:1075::4c, 2610:a1:1076::4c, UDP_-_EDNS0_512_D_KN, UDP_-_NOEDNS_)
Warnings (7)
hsbc/DS (alg 8, id 862): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
hsbc/DS (alg 8, id 862): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
hsbc/DS (alg 8, id 862): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
hsbc/DS (alg 8, id 862): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
hsbc/DS (alg 8, id 862): The server appears to support DNS cookies but did not return a COOKIE option. (193.0.14.129, UDP_-_EDNS0_4096_D_KN)
hsbc/DS (alg 8, id 862): The server appears to support DNS cookies but did not return a COOKIE option. (193.0.14.129, UDP_-_EDNS0_4096_D_KN)
nic.hsbc/NS: No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2610:a1:1072::4c, 2610:a1:1076::4c, UDP_-_EDNS0_4096_D_KN)