. to hsbc: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone.
hsbc zone: The server(s) responded over UDP with a malformed response or with an invalid RCODE. (156.154.144.76, 156.154.145.76, 156.154.156.76, 156.154.157.76, 156.154.158.76, 156.154.159.76, 2610:a1:1071::4c, 2610:a1:1072::4c, 2610:a1:1073::4c, 2610:a1:1074::4c, 2610:a1:1075::4c, 2610:a1:1076::4c)
hsbc/DNSKEY: The response had an invalid RCODE (SERVFAIL). (156.154.144.76, 156.154.145.76, 156.154.156.76, 156.154.157.76, 156.154.158.76, 156.154.159.76, 2610:a1:1071::4c, 2610:a1:1072::4c, 2610:a1:1073::4c, 2610:a1:1074::4c, 2610:a1:1075::4c, 2610:a1:1076::4c, UDP_-_EDNS0_512_D_KN, UDP_-_NOEDNS_)
Warnings (10)
hsbc/DS (alg 8, id 862): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
hsbc/DS (alg 8, id 862): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
hsbc/DS (alg 8, id 862): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
hsbc/DS (alg 8, id 862): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
hsbc/DS (alg 8, id 862): The server appears to support DNS cookies but did not return a COOKIE option. (193.0.14.129, UDP_-_EDNS0_4096_D_KN)
hsbc/DS (alg 8, id 862): The server appears to support DNS cookies but did not return a COOKIE option. (193.0.14.129, UDP_-_EDNS0_4096_D_KN)
nic.hsbc/DS (alg 8, id 47620): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
nic.hsbc/DS (alg 8, id 47620): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
nic.hsbc/DS (alg 8, id 47620): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
nic.hsbc/DS (alg 8, id 47620): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.