Hello All,
We are facing some resolution problems on a CENTOS resolver that deploys bind
9.11.36-S1 with DNSSEC being activated.
The logs in 'default.logs' shows the current errors :
X-Sep-2022 10:34:29.348 dnssec: info: validating shalltry.com/SOA: bad cache
hit (shalltry.com/DS)
X-Sep-2022 1
Hi,
Thanks for this confirmation. I had our registrar remove the digest
algorithm SHA1 DS
entry and this has worked as expected. No errors or warnings at any DNSSEC
checkers.
Maybe in the future dnssec-signzone won't generate the deprecated entry to
begin with.
On Tue, Sep 20, 2022 at 3:44 P
Maybe in the future dnssec-signzone won't generate the deprecated entry to
begin with.
BIND 9.16.0 stopped generating SHA1 digests [1] :
"DS and CDS records are now generated with SHA-256 digests only, instead of
both SHA-1 and SHA-256. This affects the default output of dnssec-dsfromk
Hi Salma.While I haven't experienced your problem before, I do recall having
'issues' with DNSSEC when my router was acting as a caching DNS resolver.My
suggestion is to check if you have an appliance 'helping' with DNS (e.g.
between these servers and the Internet?) and if so try turning that fu
4 matches
Mail list logo
