DNSSEC error resolving gpo.gov ?
John W. Blue
john.blue at rrcic.com
Tue Mar 14 15:23:51 UTC 2023
Keep in mind that SHA1 may not have been included by choice.
If gpo.gov is using Infoblox there is a, what I like to call, Infoblox-ism in play regarding DNSSEC where even if you choose RSA256 or RSA512 or whatever it will create a SHA1.
John
-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Stephane Bortzmeyer
Sent: Tuesday, March 14, 2023 10:17 AM
To: Alexandra Yang
Cc: bind-users at lists.isc.org
Subject: Re: DNSSEC error resolving gpo.gov ?
On Tue, Mar 14, 2023 at 11:08:28AM -0400, Alexandra Yang <drayales at gmail.com> wrote a message of 154 lines which said:
> I wonder if anyone can shed some light on this, our nameserver(BIND
> 9.16.37 )keeps giving error on resolving gpo.gov and ns3.gpo.gov, here
> are the
> errors:
"DS record for zone gpo.gov with keytag 18496 was created by digest algorithm 1 (SHA-1) which is deprecated."
https://zonemaster.fr/en/result/9161c8485223705c
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list