BIND 9.18.6 disables RSASHA1 at runtime?
Anand Buddhdev
anandb at ripe.net
Fri Sep 2 10:37:31 UTC 2022
On 01/09/2022 23:19, Mark Andrews wrote:
Hi Mark,
> Yes. You will need to restart the server.
Okay, I'm trying out 9.18.6 on an Oracle Linux 9 server. When starting
BIND, it doesn't log anything about disabling RSASHA1. But when I query
it for ietf.org/SOA, I get an unvalidated response. BIND also logs:
02-Sep-2022 10:27:13.839 dnssec: validating ietf.org/SOA: no valid
signature found
I think it's fine for BIND to disable RSASHA1, but it might be better to
log this when starting, so that it's clear to an operator.
Regards,
Anand
More information about the bind-users
mailing list