paypal.com DNSKEY no valid signature found
lejeczek
peljasz at yahoo.co.uk
Fri Mar 18 17:02:54 UTC 2022
On 18/03/2022 14:36, Daniel Stirnimann wrote:
> You might use an operating system / crypto library which do not support
> SHA1 anymore. paypal.com is signed with RSASHA1.
>
> See warnings on https://dnsviz.net/d/paypal.com/YjSWxg/dnssec/
>
> Just curious what answer to you get from your resolver?
> servfail or a missing ad-bit?
>
> Daniel
>
> On 18.03.22 15:25, lejeczek via bind-users wrote:
>> Hi guys
>>
>> how to troubleshoot that?
>> ...
>> 18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed
>> (verify failure)
>> 18-Mar-2022 14:17:41.725 info: error:03000098:digital
>> envelope routines::invalid digest:crypto/evp/pmeth_lib.c:959:
>> 18-Mar-2022 14:17:41.725 info: validating paypal.com/DNSKEY:
>> no valid signature found
>> ...
>> I'd imagine must some up-the-chain servers doing something
>> there - my local 'bind' does not point/use any specific
>> forwarders.
>>
>> many thanks, L.
It is SERVFAIL
9.16.23-RH on centOS 9
many thanks, L
More information about the bind-users
mailing list