SHA-1 DNSSEC algorithms disabled

For a long time, SHA-1 hash algorithms are considered non-secure. The bit-length is insufficient for the current computer power. In January 2020, researchers described an attack that has the potential for dangerous and far-reaching consequences in the DNS ecosystem.

Therefore we will disable the use of the following SHA-1 based DNSSEC algorithms:

• Algorithm 3: DSA/SHA1
• Algorithm 5: RSA/SHA-1
• Algorithm 7: RSASHA1-NSEC3-SHA1

You can do a key rollover to upgrade the algorithm. First check your “Default DNSSEC Algoritm” under Configuration > Settings, we advise to use Algorithm number 13. Then in the menu click on “Domains” and then “Rollover all domains”. Or you can choose which domain you want to upgrade, go to the domain details page and click “Key Rollover Domain”.