paypal.com DNSKEY no valid signature found
Bjørn Mork
bjorn at mork.no
Sun Mar 20 10:02:46 UTC 2022
Anand Buddhdev <anandb at ripe.net> writes:
> The zone is correctly signed, but with RSASHA1, which is not
> recommended. You may be on a Linux distro whose openssl disables old
> algorithms like RSASHA1, and so BIND will not be able to validate this zone.
Doesn't that violate a MUST in RFC 8624?
Mostly curious - I understand the challenges depending on system library
support...
Bjørn
More information about the bind-users
mailing list