Keep in mind that SHA1 may not have been included by choice. If gpo.gov is using Infoblox there is a, what I like to call, Infoblox-ism in play regarding DNSSEC where even if you choose RSA256 or RSA512 or whatever it will create a SHA1.
John -----Original Message----- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Stephane Bortzmeyer Sent: Tuesday, March 14, 2023 10:17 AM To: Alexandra Yang Cc: bind-users@lists.isc.org Subject: Re: DNSSEC error resolving gpo.gov ? On Tue, Mar 14, 2023 at 11:08:28AM -0400, Alexandra Yang <draya...@gmail.com> wrote a message of 154 lines which said: > I wonder if anyone can shed some light on this, our nameserver(BIND > 9.16.37 )keeps giving error on resolving gpo.gov and ns3.gpo.gov, here > are the > errors: "DS record for zone gpo.gov with keytag 18496 was created by digest algorithm 1 (SHA-1) which is deprecated." https://zonemaster.fr/en/result/9161c8485223705c -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users