mil.id to tniad.mil.id: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (103.89.124.243, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_512_D_K)
mil.id to tniad.mil.id: The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no DS RR matched a DNSKEY with algorithm 13 that signs the zone's DNSKEY RRset. (103.89.124.243, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_512_D_K)
tniad.mil.id zone: The server(s) responded over TCP with a malformed response or with an invalid RCODE. (103.89.124.244)
tniad.mil.id zone: The server(s) responded over UDP with a malformed response or with an invalid RCODE. (103.89.124.244)
tniad.mil.id/A: No RRSIG covering the RRset was returned in the response. (103.89.124.243, UDP_-_EDNS0_4096_D_K)
tniad.mil.id/A: The response had an invalid RCODE (REFUSED). (103.89.124.244, UDP_-_EDNS0_4096_D_K)
tniad.mil.id/DNSKEY: The response had an invalid RCODE (REFUSED). (103.89.124.244, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_512_D_K)
tniad.mil.id/NS: No RRSIG covering the RRset was returned in the response. (103.89.124.243, UDP_-_EDNS0_4096_D_K)
tniad.mil.id/NS: The response had an invalid RCODE (REFUSED). (103.89.124.244, UDP_-_EDNS0_4096_D_K)
tniad.mil.id/SOA: No RRSIG covering the RRset was returned in the response. (103.89.124.243, TCP_-_EDNS0_4096_D, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_4096_D_K_0x20)
tniad.mil.id/SOA: The response had an invalid RCODE (REFUSED). (103.89.124.244, TCP_-_EDNS0_4096_D)
tniad.mil.id/SOA: The response had an invalid RCODE (REFUSED). (103.89.124.244, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_4096_D_K_0x20)
Warnings (18)
RRSIG mil.id/DNSKEY alg 10, id 23342: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG mil.id/DNSKEY alg 10, id 23342: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG mil.id/DNSKEY alg 10, id 27192: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG mil.id/DNSKEY alg 10, id 27192: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG tniad.mil.id/DS alg 10, id 23342: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
id/DNSKEY: The server appears to support DNS cookies but did not return a COOKIE option. (45.126.57.57, UDP_-_EDNS0_512_D_K)
id/DS (alg 8, id 26887): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
id/DS (alg 8, id 26887): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
id/DS (alg 8, id 26887): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
id/DS (alg 8, id 26887): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
mil.id/DNSKEY (alg 10, id 23342): The server appears to support DNS cookies but did not return a COOKIE option. (45.126.57.57, UDP_-_EDNS0_4096_D_K)
mil.id/DNSKEY (alg 10, id 27192): The server appears to support DNS cookies but did not return a COOKIE option. (45.126.57.57, UDP_-_EDNS0_4096_D_K)
mil.id/DS (alg 10, id 27192): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
mil.id/DS (alg 10, id 27192): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
mil.id/DS (alg 10, id 27192): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
mil.id/DS (alg 10, id 27192): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
tniad.mil.id/DS (alg 13, id 11885): The server appears to support DNS cookies but did not return a COOKIE option. (45.126.57.57, UDP_-_EDNS0_4096_D_K)
tniad.mil.id/DS (alg 13, id 11885): The server appears to support DNS cookies but did not return a COOKIE option. (45.126.57.57, UDP_-_EDNS0_4096_D_K)