Bug 2070230

Summary:	disable SHA-1 in bind configuration in DEFAULT
Product:	Red Hat Enterprise Linux 9	Reporter:	Alexander Sosedkin <asosedki>
Component:	crypto-policies	Assignee:	Alexander Sosedkin <asosedki>
Status:	CLOSED ERRATA	QA Contact:	Ondrej Moriš <omoris>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	9.1	CC:	omoris, pemensik, peter.van.dijk, pgm-rhel-tools, sbroz, sjanderk
Target Milestone:	rc	Keywords:	Triaged
Target Release:	---	Flags:	pm-rhel: mirror+
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	crypto-policies-20220404-1.git845c0c1.el9	Doc Type:	No Doc Update
Doc Text:		Story Points:	---
Clone Of:
Clones:	2070923 (view as bug list)		Environment:
Last Closed:	2022-11-15 11:12:53 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	2073066, 2070495, 2070923, 2075672

Comment 13 Alexander Sosedkin 2022-04-13 12:51:59 UTC

*** Bug 2071546 has been marked as a duplicate of this bug. ***

Comment 15 Petr Menšík 2022-05-18 10:59:01 UTC

Note: bind follows crypto-policies by including configuration file "/etc/crypto-policies/back-ends/bind.config" from named.conf options section.

If SHA-1 names do not validate in your setup, ensure bind.config is included. Default shipped bind configuration file contains it already. Use it also in a custom configuration.

/etc/named.conf:

options {
# ...
    include "/etc/crypto-policies/back-ends/bind.config";
# ...
};

Comment 19 errata-xmlrpc 2022-11-15 11:12:53 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (crypto-policies bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8279