On 18/03/2022 15:25, lejeczek via bind-users wrote:
Hi L,
how to troubleshoot that?
...
18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed (verify failure)
18-Mar-2022 14:17:41.725 info: error:03000098:digital envelope
routines::invalid digest:crypto/evp/pmeth_lib.c:959:
18-Mar-2022 14:17:41.725 info: validating paypal.com/DNSKEY: no valid
signature found
...
I'd imagine must some up-the-chain servers doing something there - my
local 'bind' does not point/use any specific forwarders.
The zone is correctly signed, but with RSASHA1, which is not
recommended. You may be on a Linux distro whose openssl disables old
algorithms like RSASHA1, and so BIND will not be able to validate this zone.
Regards,
Anand
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
