From 36e5772a8e47011c4b176bfb74abcd65505829ab Mon Sep 17 00:00:00 2001
From: baltoche <baltoche@gmail.com>
Date: Tue, 5 Jan 2016 16:56:16 +0100
Subject: [PATCH] Update dns_update.py

---
 management/dns_update.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/management/dns_update.py b/management/dns_update.py
index 0aae94cf..d3ef2cbc 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -502,11 +502,12 @@ zone:
 
 def dnssec_choose_algo(domain, env):
 	if '.' in domain and domain.rsplit('.')[-1] in \
-		("email", "guide", "fund"):
+		("email", "guide", "fund", "be"):
 		# At GoDaddy, RSASHA256 is the only algorithm supported
 		# for .email and .guide.
 		# A variety of algorithms are supported for .fund. This
 		# is preferred.
+		# Gandi tells me that .be does not support RSASHA1-NSEC3-SHA1
 		return "RSASHA256"
 
 	# For any domain we were able to sign before, don't change the algorithm