diff --git a/roles/base/tasks/crypto-policies.yml b/roles/base/tasks/crypto-policies.yml
index c9390081be..a077659ef1 100644
--- a/roles/base/tasks/crypto-policies.yml
+++ b/roles/base/tasks/crypto-policies.yml
@@ -25,3 +25,11 @@
   tags:
   - crypto-policies
   - base/crypto-policies
+
+- name: Set crypto-policy on RHEL9 dns servers to DEFAULT:SHA1
+  command: "update-crypto-policies --set DEFAULT:SHA1"
+  when: inventory_hostname.startswith(('ns01.iad2','ns02.iad2'))
+  check_mode: no
+  tags:
+  - crypto-policies
+  - base/crypto-policies