DNSSec mess with SHA1
Petr Špaček
pspacek at isc.org
Fri Dec 15 13:40:09 UTC 2023
On 15. 12. 23 14:28, Scott Morizot wrote:
> On Fri, Dec 15, 2023 at 6:58 AM Petr Špaček <pspacek at isc.org
> <mailto:pspacek at isc.org>> wrote:
>
> Hello.
>
> It smells like a packaging issue to me. Stock BIND (not an obsolete Red
> Hat-Frankenstein version) should detect this condition and threat
> domains as insecure.
>
>
> And I think that answers the one question I had. I was curious what BIND
> would do at build time on a system like that and it sounds like it would
> pick it up during build. I didn't have a system available with the
> described issue on which I could do a full build and see what happened.
We do runtime detection at startup because it's configurable, build time
would not work properly.
--
Petr Špaček
Internet Systems Consortium
More information about the bind-users
mailing list