Hi Salma.While I haven't experienced your problem before, I do recall having
'issues' with DNSSEC when my router was acting as a caching DNS resolver.My
suggestion is to check if you have an appliance 'helping' with DNS (e.g.
between these servers and the Internet?) and if so try turning that fu
Maybe in the future dnssec-signzone won't generate the deprecated entry to
begin with.
BIND 9.16.0 stopped generating SHA1 digests [1] :
"DS and CDS records are now generated with SHA-256 digests only, instead of
both SHA-1 and SHA-256. This affects the default output of dnssec-dsfromk
Hi,
Thanks for this confirmation. I had our registrar remove the digest
algorithm SHA1 DS
entry and this has worked as expected. No errors or warnings at any DNSSEC
checkers.
Maybe in the future dnssec-signzone won't generate the deprecated entry to
begin with.
On Tue, Sep 20, 2022 at 3:44 P
Hello All,
We are facing some resolution problems on a CENTOS resolver that deploys bind
9.11.36-S1 with DNSSEC being activated.
The logs in 'default.logs' shows the current errors :
X-Sep-2022 10:34:29.348 dnssec: info: validating shalltry.com/SOA: bad cache
hit (shalltry.com/DS)
X-Sep-2022 1
4 matches
Mail list logo
