We don’t log rsamd5 is disabled now ec or ed curves when they are not supported by the crypto provider. Why should rsasha1 based algs be special?
-- Mark Andrews > On 2 Sep 2022, at 20:37, Anand Buddhdev <ana...@ripe.net> wrote: > > On 01/09/2022 23:19, Mark Andrews wrote: > > Hi Mark, > >> Yes. You will need to restart the server. > > Okay, I'm trying out 9.18.6 on an Oracle Linux 9 server. When starting BIND, > it doesn't log anything about disabling RSASHA1. But when I query it for > ietf.org/SOA, I get an unvalidated response. BIND also logs: > > 02-Sep-2022 10:27:13.839 dnssec: validating ietf.org/SOA: no valid signature > found > > I think it's fine for BIND to disable RSASHA1, but it might be better to log > this when starting, so that it's clear to an operator. > > Regards, > Anand > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
