Re: paypal.com DNSKEY no valid signature found

2022-03-18 Thread Mark Andrews
> On 19 Mar 2022, at 01:37, Anand Buddhdev wrote: > > On 18/03/2022 15:25, lejeczek via bind-users wrote: > > Hi L, > >> how to troubleshoot that? >> ... >> 18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed (verify failure) >> 18-Mar-2022 14:17:41.725 info: error:0398:digital envel

Re: paypal.com DNSKEY no valid signature found

2022-03-18 Thread lejeczek via bind-users
On 18/03/2022 14:36, Daniel Stirnimann wrote: You might use an operating system / crypto library which do not support SHA1 anymore. paypal.com is signed with RSASHA1. See warnings on https://dnsviz.net/d/paypal.com/YjSWxg/dnssec/ Just curious what answer to you get from your resolver? servfa

Re: paypal.com DNSKEY no valid signature found

2022-03-18 Thread Anand Buddhdev
On 18/03/2022 15:25, lejeczek via bind-users wrote: Hi L, how to troubleshoot that? ... 18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed (verify failure) 18-Mar-2022 14:17:41.725 info: error:0398:digital envelope routines::invalid digest:crypto/evp/pmeth_lib.c:959: 18-Mar-2022 14:1

Re: paypal.com DNSKEY no valid signature found

2022-03-18 Thread Daniel Stirnimann
You might use an operating system / crypto library which do not support SHA1 anymore. paypal.com is signed with RSASHA1. See warnings on https://dnsviz.net/d/paypal.com/YjSWxg/dnssec/ Just curious what answer to you get from your resolver? servfail or a missing ad-bit? Daniel On 18.03.22 15:25,

paypal.com DNSKEY no valid signature found

2022-03-18 Thread lejeczek via bind-users
Hi guys how to troubleshoot that? ... 18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed (verify failure) 18-Mar-2022 14:17:41.725 info: error:0398:digital envelope routines::invalid digest:crypto/evp/pmeth_lib.c:959: 18-Mar-2022 14:17:41.725 info: validating paypal.com/DNSKEY: no va