DNSSEC resolution failures for certain domains after upgrading to 10.9.1
search cancel

DNSSEC resolution failures for certain domains after upgrading to 10.9.1

book

Article ID: 390508

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

After upgrading to Symantec Messaging Gateway (SMG) version 10.9.1, some users have reported DNSSEC resolution failures for certain domains. 

Cause

This issue is primarily related to the deprecation of weak cryptographic algorithms and digest types in the latest update.This version of SMG no longer supports the use of weak cryptographic algorithms or digests. As a result, domains using these deprecated algorithms or digests may experience DNSSEC validation failures when resolving their DNS records

Deprecated Algorithms:

  1. RSAMD5
  2. RSASHA1
  3. NSEC3RSASHA1
  4. DS
  5. NSEC3DSA
  6. ECCGOST

Deprecated Digests:

  1. SHA-1
  2. GOST

 

Resolution

To resolve DNSSEC resolution failures for domains affected by the upgrade to version 10.9.1, domain administrators must update their DNS records to use stronger cryptographic algorithms and secure digest methods.

Powered by Wolken Software