paypal.com DNSKEY no valid signature found
Anand Buddhdev
anandb at ripe.net
Fri Mar 18 14:37:53 UTC 2022
On 18/03/2022 15:25, lejeczek via bind-users wrote:
Hi L,
> how to troubleshoot that?
> ...
> 18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed (verify failure)
> 18-Mar-2022 14:17:41.725 info: error:03000098:digital envelope
> routines::invalid digest:crypto/evp/pmeth_lib.c:959:
> 18-Mar-2022 14:17:41.725 info: validating paypal.com/DNSKEY: no valid
> signature found
> ...
> I'd imagine must some up-the-chain servers doing something there - my
> local 'bind' does not point/use any specific forwarders.
The zone is correctly signed, but with RSASHA1, which is not
recommended. You may be on a Linux distro whose openssl disables old
algorithms like RSASHA1, and so BIND will not be able to validate this zone.
Regards,
Anand
More information about the bind-users
mailing list