Can we have a couple of reproducers please? We do run tests on RHEL-like 8,9,10 and no current test caught failure like that, so having a solid reproducer would be nice.
Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 31. 10. 2025, at 13:05, [email protected] wrote: > > >> >> No. Algorithm 5 and 7 are skipped earlier and should never reach the >> code affected. > > However, the observed behavior, which started this, is that a zone > signed with both algorithm 7 and algorithm 13, failed. The client > (me) received SERVFAIL. > >> No crypto policy will change any of this, you do not have to lower >> your security defaults to avoid that. > > Well, the policy change that Bjørn made definitely make the zone > in question resolve again. > >> Please wait few days, proper fixed are on the way! > > Unfortunately the real world doesn't have that kind of patience. > > Steinar Haug, AS2116 > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
