I just posted this to Gab
This just came up in the last couple days since I last checked the DNSSEC chains on our domains.
DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1)#^https://dnsviz.net/d/fouroh-llc.kane-il.us/dnssec/
The latest RFC for this is #^https://tools.ietf.org/html/rfc4509
Both the SHA-1 and the SHA-256 digest is still required.
Is this an issue with the Verizon analyzer service?
Is there a (new) RFC I am not aware of?
Do you know a different tool for checking the DNSSEC configuration?