AW: BIND 9.18.6 disables RSASHA1 at runtime?
Klaus Darilion
klaus.darilion at nic.at
Tue Sep 13 11:13:15 UTC 2022
> Can you propose log line?
>
> Should it be one line per algorithm? Or one line with all disabled? Or
> one one with all enabled? What log level? Log category? It it okay it
> will be almost always logging GOST? ...
I am not using Red Hat, but when debugging DNSSEC issues it would be helpful to have:
a) a single logline mentioning all supported algorithms at "info" level
b) a dedicate logline mentioning that SHA1 is not available and SHA1 signed zones will be downgraded to "unsigned", at "warn" level
regards
Klaus
More information about the bind-users
mailing list