Answers for www.dnssec-failed.org with dnssec-validation auto;
Bob McDonald
bmcdonaldjr at gmail.com
Thu Apr 18 01:44:35 UTC 2024
Would this be true for FreeBSD as well? I also have a bind 9.18.24
instance running on freeBSD
and it seems to be ok.
Bob
> The crypto policy stuff ultimately creates and maintains files in
/etc/crypto-policy/backends, which has a list of acceptable or
not-acceptable crypto settings.
> Whilst a "bind.config" is created, you aren't including it in your config
(this is fine), which suggests that the issue is with some of openssl
configurations (which will be system wide anyway).
> You can use the update-crypto-policies to update only the openssl
configuration to allow sha1, or you could manually recreate those files
(instead of the usual symlinks) and edit them individually as you please.
> Stuart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240417/909014c3/attachment.htm>
More information about the bind-users
mailing list