Hi BIND developers,
The release notes for 9.18.6 say:
"The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically
disabled on systems where they are disallowed by the security policy
(e.g. Red Hat Enterprise Linux 9)."
Does this happen at runtime when BIND starts?
If an administrator updates the security policy on an EL9 system and
allows SHA1, will BIND 9.18.6 then be able to validate zones signed with
RSASHA1?
Regards,
Anand
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
