Viktor Dukhovni <[email protected]> writes: > Many RedHat systems no longer support the > SHA1 DNSSEC algorithms 5 and 7 and your domain is "insecure" for > validating resolvers running on these systems.
This was a Redhat specific bug affecting validating resolver operations. It should be fixed by https://access.redhat.com/errata/RHBA-2022:8279 RSASHA1 validation is not optional. It's still a MUST: https://datatracker.ietf.org/doc/html/rfc8624#section-3.1 (and anyone who believe that's wrong should work to update the standard, not violate it. You'd think players like Redhat knew that) Bjørn
