On 01/09/2022 23:19, Mark Andrews wrote: Hi Mark,
Yes. You will need to restart the server.
Okay, I'm trying out 9.18.6 on an Oracle Linux 9 server. When starting BIND, it doesn't log anything about disabling RSASHA1. But when I query it for ietf.org/SOA, I get an unvalidated response. BIND also logs:
02-Sep-2022 10:27:13.839 dnssec: validating ietf.org/SOA: no valid signature found
I think it's fine for BIND to disable RSASHA1, but it might be better to log this when starting, so that it's clear to an operator.
Regards, Anand -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
