dnssec-failed.org domain uses RSA/SHA1 algorithm, which is considered
insecure by Fedora 33+ policy.