paypal.com DNSKEY no valid signature found
Daniel Stirnimann
daniel.stirnimann at switch.ch
Fri Mar 18 14:36:43 UTC 2022
You might use an operating system / crypto library which do not support
SHA1 anymore. paypal.com is signed with RSASHA1.
See warnings on https://dnsviz.net/d/paypal.com/YjSWxg/dnssec/
Just curious what answer to you get from your resolver?
servfail or a missing ad-bit?
Daniel
On 18.03.22 15:25, lejeczek via bind-users wrote:
> Hi guys
>
> how to troubleshoot that?
> ...
> 18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed
> (verify failure)
> 18-Mar-2022 14:17:41.725 info: error:03000098:digital
> envelope routines::invalid digest:crypto/evp/pmeth_lib.c:959:
> 18-Mar-2022 14:17:41.725 info: validating paypal.com/DNSKEY:
> no valid signature found
> ...
> I'd imagine must some up-the-chain servers doing something
> there - my local 'bind' does not point/use any specific
> forwarders.
>
> many thanks, L.
More information about the bind-users
mailing list