Crypto policy DEFAULT and FIPS would never pass on any name signed by RSASHA1 or under such zone. Make all those signatures insecure regardless on policy. It would make it insecure even in cases where it were not mandatory, but would not fail with SERVFAIL in any crypto-policy setting.
Resolves: rhbz#2070495