Bind 9.11 serving up false answers for a single domain. (OT)

Ondřej Surý ondrej at
Thu Feb 11 07:48:51 UTC 2021

> On 11. 2. 2021, at 7:01, Stuart at wrote:
> It's one of those old compatibility things.

Also called *downgrade attack vector*.

Stuart, there’s absolutely no reason to keep any SHA1 in the DNS at the time I am writing this message.

Ondřej Surý (He/Him)
ondrej at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <>

More information about the bind-users mailing list