Yes. You will need to restart the server. That all said if you are signing zones using RSASHA1 or NSEC3RSASHA1 you should transition to a newer algorithm if you want to have your zone validated by as many as possible.
-- Mark Andrews > On 1 Sep 2022, at 22:59, Anand Buddhdev <ana...@ripe.net> wrote: > > Hi BIND developers, > > The release notes for 9.18.6 say: > > "The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically > disabled on systems where they are disallowed by the security policy (e.g. > Red Hat Enterprise Linux 9)." > > Does this happen at runtime when BIND starts? > > If an administrator updates the security policy on an EL9 system and allows > SHA1, will BIND 9.18.6 then be able to validate zones signed with RSASHA1? > > Regards, > Anand > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
