You might use an operating system / crypto library which do not support SHA1 anymore. paypal.com is signed with RSASHA1.
See warnings on https://dnsviz.net/d/paypal.com/YjSWxg/dnssec/ Just curious what answer to you get from your resolver? servfail or a missing ad-bit? Daniel On 18.03.22 15:25, lejeczek via bind-users wrote: > Hi guys > > how to troubleshoot that? > ... > 18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed > (verify failure) > 18-Mar-2022 14:17:41.725 info: error:03000098:digital > envelope routines::invalid digest:crypto/evp/pmeth_lib.c:959: > 18-Mar-2022 14:17:41.725 info: validating paypal.com/DNSKEY: > no valid signature found > ... > I'd imagine must some up-the-chain servers doing something > there - my local 'bind' does not point/use any specific > forwarders. > > many thanks, L. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
