On Fri, 20 Mar 2020, Jarle Greipsland wrote: > r...@reedmedia.net writes: > > I was able to reproduce maybe the problem. I think the version of named > > is bad (it is unsupported). > Might it have to do with the fact that the (only) DS RR for > protonmail.ch uses digest type 4 (i.e. SHA-384), which is an > optional algorithm? What is the support of our BIND version for > the SHA-384 algorithm?
I was wondering about that but the BIND code then (9.10.5-P1) has the SHA-384 algorithm support src/external/bsd/bind/dist/lib/isc/sha2.c and the DS code has the digest_type support for DNS_DSDIGEST_SHA384 src/external/bsd/bind/dist/lib/dns/rdata/generic/ds_43.c Also I was able to find some current domains that only have type "4" that work (mxz.ch, v4bl.org, agimm.org, ampau.org). I do think it has something to do with the netbsd build separate from netbsd build, it works fine. I didn't track this down yet. You can also use delv to see named like behaviour: delv protonmail.ch delv -d 99 protonmail.ch
