> PowerDNS Recursor used to ignore SHA-256 records in the face of > SHA-384 records, but this was considered a bug and recently fixed. [3] > I don't know if any other resolvers behave the same way. It would be > prudent not to chance it.
We were recently made aware of a .ch domain which rolled the keys and triggered this bug. Akamai CacheServe is also affected. The issue is being fixed there as well. So I second your recommendation for the time being. Daniel _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
