BIND 9.18.6 disables RSASHA1 at runtime?
Anand Buddhdev
anandb at ripe.net
Thu Sep 1 12:59:13 UTC 2022
Hi BIND developers,
The release notes for 9.18.6 say:
"The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically
disabled on systems where they are disallowed by the security policy
(e.g. Red Hat Enterprise Linux 9)."
Does this happen at runtime when BIND starts?
If an administrator updates the security policy on an EL9 system and
allows SHA1, will BIND 9.18.6 then be able to validate zones signed with
RSASHA1?
Regards,
Anand
More information about the bind-users
mailing list