[Pdns-users] Disable DNSSEC Digest Type

Peter van Dijk peter.van.dijk at powerdns.com
Fri Nov 19 11:04:06 UTC 2021

Hello Dave,

On Fri, 2021-11-19 at 12:24 +0200, Dave Strydom via Pdns-users wrote:
> Is there a way to prevent or disable 'pdnsutil secure-zone' generating the DS record with the SHA-1 digest type and only generate the SHA-256 and SHA-384?

secure-zone does not generate DSes, it only generates keys. DSes are
generated by show-zone, by the API, etcetera, when a user asks for
them. Those DSes are not stored by PowerDNS.

Now, if your question is, is there a way to prevent show-zone from
generating SHA-1 DSes, the current answer is no. Can I ask why you want

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

More information about the Pdns-users mailing list