Re: paypal.com DNSKEY no valid signature found

Anand Buddhdev writes: > The zone is correctly signed, but with RSASHA1, which is not > recommended. You may be on a Linux distro whose openssl disables old > algorithms like RSASHA1, and so BIND will not be able to validate this zone. Doesn't that violate a MUST in RFC 8624? Mostly curious -

Re: paypal.com DNSKEY no valid signature found

14:17:41.725 info: error:0398:digital envelope >> routines::invalid digest:crypto/evp/pmeth_lib.c:959: >> 18-Mar-2022 14:17:41.725 info: validating paypal.com/DNSKEY: no valid >> signature found >> ... >> I'd imagine must some up-the-chain servers doing som

Re: paypal.com DNSKEY no valid signature found

/pmeth_lib.c:959: 18-Mar-2022 14:17:41.725 info: validating paypal.com/DNSKEY: no valid signature found ... I'd imagine must some up-the-chain servers doing something there - my local 'bind' does not point/use any specific forwarders. many thanks, L. It is SERVFAIL 9.16.23-RH on centOS

Re: paypal.com DNSKEY no valid signature found

:17:41.725 info: validating paypal.com/DNSKEY: no valid signature found ... I'd imagine must some up-the-chain servers doing something there - my local 'bind' does not point/use any specific forwarders. The zone is correctly signed, but with RSASHA1, which is not recommended.

Re: paypal.com DNSKEY no valid signature found

959: > 18-Mar-2022 14:17:41.725 info: validating paypal.com/DNSKEY: > no valid signature found > ... > I'd imagine must some up-the-chain servers doing something > there - my local 'bind' does not point/use any specific > forwarders. > > many thanks, L.

paypal.com DNSKEY no valid signature found

Hi guys how to troubleshoot that? ... 18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed (verify failure) 18-Mar-2022 14:17:41.725 info: error:0398:digital envelope routines::invalid digest:crypto/evp/pmeth_lib.c:959: 18-Mar-2022 14:17:41.725 info: validating paypal.com/DNSKEY: no