Hello.
I am currently testing Unbound.
My environment is
・RHEL 9.5
・Unbound 1.22.0
I got the tarball from “https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz” and built it with the option “–enable-systemd --with-libevent”.
My unbound.conf is as follows
update-crypto-policies —set LEGECY
systemctl unbound restart
Paul
Sent using a virtual keyboard on a phone
Dear Paul
Thank you very much.
I do not want to enable SHA-1.
I just want to know why SERVFAIL is returned for Unbound on a system where SHA-1 is supposed to be disabled.
The dnssec-failed.org is BOGUS, but on RHEL 9 it should be Insecure.
2025年3月7日(金) 10:18 Paul Wouters <paul@nohats.ca>:
Dear Paul
Thank you very much.
I do not want to enable SHA-1.
I just want to know why SERVFAIL is returned for Unbound on a system where SHA-1 is supposed to be disabled.
Because unbound tries sha1 and gets an error from the crypto library. If you want unbound to treat sha1 as unsigned, there is either a compile time flag or runtime flag to do that.
Paul