On Tue, 5 Nov 2024, Robert Wagner wrote:
Crypto question - You mention using RSASHA512, but the record shows ed25519 (elliptic curve) crypto. Any chance you can standardize on one or the other (RSA or ECC)? This may not be an issue, but it seems odd.
That's a fair question. Those choices were made about a decade apart, and it didn't occur to me to make them consistent! And I did migrate the zone signing to ed25519 at the same time I upgraded to 9.20 (as what I was doing before -- can't recall exactly -- got deprecated).
But surely the zone signing doesn't come into play, as the nsupdate attempt got rejected before it had a chance to modify the contents of the zone?
Regardless I'll try adjusting the algorithm choice in case it does make a difference.
Malcolm -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
