[dns-operations] DNSSEC and FIPS-140

Jim Reid jim at rfc1035.com
Sat Dec 1 14:46:56 UTC 2018

> On 1 Dec 2018, at 14:31, James Stevens <James.Stevens at jrcs.co.uk> wrote:
> The reason for the confusion is that PowerDNS is unable to return a RRSIG for NSEC or NSEC3 if MD5 is disabled at the O/S level. It just crashes.
> But I have no idea why it would need it??
> I need to look at the source.

I think you need to take this discussion to a PowerDNS forum/mailing list. What you're saying doesn't seem possible. It's highly unlikely a query will cause a DNS server to crash because "MD5 is disabled at the O/S Level" (whatever you mean by that). However if your OS has a mangled SSL library, all bets are off.

More information about the dns-operations mailing list