On 18/03/2022 14:36, Daniel Stirnimann wrote:
You might use an operating system / crypto library which do not support
SHA1 anymore. paypal.com is signed with RSASHA1.
See warnings on https://dnsviz.net/d/paypal.com/YjSWxg/dnssec/
Just curious what answer to you get from your resolver?
servfail or a missing ad-bit?
Daniel
On 18.03.22 15:25, lejeczek via bind-users wrote:
Hi guys
how to troubleshoot that?
...
18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed
(verify failure)
18-Mar-2022 14:17:41.725 info: error:03000098:digital
envelope routines::invalid digest:crypto/evp/pmeth_lib.c:959:
18-Mar-2022 14:17:41.725 info: validating paypal.com/DNSKEY:
no valid signature found
...
I'd imagine must some up-the-chain servers doing something
there - my local 'bind' does not point/use any specific
forwarders.
many thanks, L.
It is SERVFAIL
9.16.23-RH on centOS 9
many thanks, L
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
