uscg.gov zone: The server(s) responded over TCP with a malformed response or with an invalid RCODE. (152.121.33.3)
uscg.gov/DNSKEY: No response was received from the server over UDP (tried 4 times). (152.121.2.19, 152.121.33.3, UDP_-_EDNS0_512_D_KN)
uscg.gov/NS: No response was received from the server over UDP (tried 12 times). (152.121.33.3, UDP_-_NOEDNS_)
uscg.gov/SOA: No response was received from the server over TCP (tried 3 times). (152.121.33.3, TCP_-_EDNS0_4096_D_N)
uscg.gov/TXT: DNSSEC was effectively downgraded because no response was received from the server over UDP (tried 10 times) with the DO bit set. (152.121.33.3, UDP_-_EDNS0_4096_)
uscg.gov/TXT: No response was received from the server over UDP (tried 10 times) until the DO EDNS flag was cleared (however, this server appeared to respond legitimately to other queries with the DO EDNS flag set). (152.121.33.3, UDP_-_EDNS0_4096_D_KN)
uscg.gov/TXT: The DNSSEC records necessary to validate the response could not be retrieved from the server. (152.121.33.3, UDP_-_EDNS0_4096_D_KN)
Warnings (21)
RRSIG uscg.gov/DNSKEY alg 7, id 28025: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 28025: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 28025: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 41789: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 41789: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 41789: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 41789: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 41789: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 8508: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 8508: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 8508: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 8508: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/DNSKEY alg 7, id 8508: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/NS alg 7, id 41789: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/SOA alg 7, id 41789: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
RRSIG uscg.gov/TXT alg 7, id 41789: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
uscg.gov/DNSKEY (alg 7, id 28025): The DNSKEY RR was not found in the DNSKEY RRset returned by one or more servers. (152.121.2.19, 152.121.50.3, UDP_-_EDNS0_4096_D_KN)
uscg.gov/DS (alg 7, id 8508): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
uscg.gov/DS (alg 7, id 8508): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
uscg.gov/DS (alg 7, id 8508): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
uscg.gov/DS (alg 7, id 8508): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.