That is done also by bind 9.11, not only infoblox. It creates both
digests on common operations.
On 3/14/23 16:23, John W. Blue via bind-users wrote:
Keep in mind that SHA1 may not have been included by choice.
If gpo.gov is using Infoblox there is a, what I like to call, Infoblox-ism in
play regarding DNSSEC where even if you choose RSA256 or RSA512 or whatever it
will create a SHA1.
John
-----Original Message-----
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of
Stephane Bortzmeyer
Sent: Tuesday, March 14, 2023 10:17 AM
To: Alexandra Yang
Cc: bind-users@lists.isc.org
Subject: Re: DNSSEC error resolving gpo.gov ?
On Tue, Mar 14, 2023 at 11:08:28AM -0400, Alexandra Yang <draya...@gmail.com>
wrote a message of 154 lines which said:
I wonder if anyone can shed some light on this, our nameserver(BIND
9.16.37 )keeps giving error on resolving gpo.gov and ns3.gpo.gov, here
are the
errors:
"DS record for zone gpo.gov with keytag 18496 was created by digest algorithm 1
(SHA-1) which is deprecated."
https://zonemaster.fr/en/result/9161c8485223705c
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
