2. Deprecating SHA-1 from DNSSEC Signatures and Delegation RRs

The RSASHA1 [RFC4034] and RSASHA1-NSEC3-SHA1 [RFC5155] algorithms MUST NOT be used when creating DS records. Operators of validating resolvers MUST treat RSASHA1 and RSASHA1-NSEC3-SHA1 DS records as insecure. If no other DS records of accepted cryptographic algorithms are available, the DNS records below the delegation point MUST be treated as insecure.

The RSASHA1 [RFC4034] and RSASHA1-NSEC3-SHA1 [RFC5155] algorithms MUST NOT be used when creating DNSKEY and RRSIG records. Validating resolver implementations ([RFC9499], Section 10) MUST continue to support validation using these algorithms as they are diminishing in use but still actively in use for some domains as of this publication. Operators of validating resolvers MUST treat DNSSEC signing algorithms RSASHA1 and RSASHA1-NSEC3-SHA1 as unsupported, rendering responses insecure if they cannot be validated by other supported signing algorithms.

---