DNSSEC error resolving gpo.gov ?

Alexandra Yang drayales at gmail.com
Tue Mar 14 15:35:38 UTC 2023 

I wonder if any of your nameserver resolve it just fine, like 8.8.8.8
works, and the verification through verisign site gives no error,
https://dnssec-analyzer.verisignlabs.com/gpo.gov

Also this one only warning instead of hard fail, or maybe these web check
are not up-to-date:
https://dnsviz.net/d/gpo.gov/dnssec/


On Tue, Mar 14, 2023 at 11:24 AM John W. Blue via bind-users <
bind-users at lists.isc.org> wrote:

> Keep in mind that SHA1 may not have been included by choice.
>
> If gpo.gov is using Infoblox there is a, what I like to call,
> Infoblox-ism in play regarding DNSSEC where even if you choose RSA256 or
> RSA512 or whatever it will create a SHA1.
>
> John
>
> -----Original Message-----
> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of
> Stephane Bortzmeyer
> Sent: Tuesday, March 14, 2023 10:17 AM
> To: Alexandra Yang
> Cc: bind-users at lists.isc.org
> Subject: Re: DNSSEC error resolving gpo.gov ?
>
> On Tue, Mar 14, 2023 at 11:08:28AM -0400,  Alexandra Yang <
> drayales at gmail.com> wrote  a message of 154 lines which said:
>
> > I wonder if anyone can shed some light on this, our nameserver(BIND
> > 9.16.37 )keeps giving error on resolving gpo.gov and ns3.gpo.gov, here
> > are the
> > errors:
>
> "DS record for zone gpo.gov with keytag 18496 was created by digest
> algorithm 1 (SHA-1) which is deprecated."
> https://zonemaster.fr/en/result/9161c8485223705c
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230314/ed785532/attachment-0001.htm>

More information about the bind-users mailing list