NSEC proving non-existence of fi.muni.cz/DS: The SOA bit was set in the bitmap of the NSEC RR corresponding to the delegated name (fi.muni.cz). See RFC 4034, Sec. 5.2.
NSEC proving non-existence of fi.muni.cz/DS: The SOA bit was set in the bitmap of the NSEC RR corresponding to the delegated name (fi.muni.cz). See RFC 4034, Sec. 5.2.
RRSIG NSEC proving non-existence of fi.muni.cz/DS alg 13, id 56292: The Signer's Name field of the RRSIG RR (fi.muni.cz) does not match the name of the zone containing the RRset (muni.cz). See RFC 4035, Sec. 5.3.1.
muni.cz to fi.muni.cz: An SOA RR with owner name (fi.muni.cz) not matching the zone name (muni.cz) was returned with the NODATA response. See RFC 1034, Sec. 4.3.4, RFC 2308, Sec. 2.2. (147.251.4.33, 2001:718:801:404::33, UDP_-_EDNS0_4096_D_KN)
muni.cz zone: The server(s) responded over UDP with a malformed response or with an invalid RCODE. See RFC 1035, Sec. 4.1.1. (147.251.4.33, 2001:718:801:404::33)
muni.cz/DNSKEY: The response had an invalid RCODE (SERVFAIL). See RFC 1035, Sec. 4.1.1. (147.251.4.33, 2001:718:801:404::33, UDP_-_EDNS0_512_D_KN, UDP_-_NOEDNS_)