Petr, Thanks for sharing that tidbit of info. Off the top of your head do you know if that can be disabled?
John -----Original Message----- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Petr Menšík Sent: Friday, March 24, 2023 8:32 AM To: bind-users@lists.isc.org Subject: Re: DNSSEC error resolving gpo.gov ? That is done also by bind 9.11, not only infoblox. It creates both digests on common operations. On 3/14/23 16:23, John W. Blue via bind-users wrote: > Keep in mind that SHA1 may not have been included by choice. > > If gpo.gov is using Infoblox there is a, what I like to call, Infoblox-ism in > play regarding DNSSEC where even if you choose RSA256 or RSA512 or whatever > it will create a SHA1. > > John > > -----Original Message----- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf > Of Stephane Bortzmeyer > Sent: Tuesday, March 14, 2023 10:17 AM > To: Alexandra Yang > Cc: bind-users@lists.isc.org > Subject: Re: DNSSEC error resolving gpo.gov ? > > On Tue, Mar 14, 2023 at 11:08:28AM -0400, Alexandra Yang > <draya...@gmail.com> wrote a message of 154 lines which said: > >> I wonder if anyone can shed some light on this, our nameserver(BIND >> 9.16.37 )keeps giving error on resolving gpo.gov and ns3.gpo.gov, >> here are the >> errors: > "DS record for zone gpo.gov with keytag 18496 was created by digest algorithm > 1 (SHA-1) which is deprecated." > https://zonemaster.fr/en/result/9161c8485223705c > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Petr Menšík Software Engineer, RHEL Red Hat, https://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users