managed-keys vs trust-anchors
Ondřej Surý
ondrej at isc.org
Mon Jan 2 12:41:01 UTC 2023
Hi Bob,
no manually configured bind.keys file is needed. Just don't provide one and correct compiled-in
defaults will be used.
Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> On 2. 1. 2023, at 13:33, Bob McDonald <bmcdonaldjr at gmail.com> wrote:
>
> I've upgraded to bind 9.16.36.
>
> I went to the ISC site and picked up the bind.keys file.
>
> However, it is intended for use in bind 9.11 and contains the managed-keys clause. This throws an error in the syslog messages during startup. It appears to still function correctly.
>
> In the ARM for bind 9.16 it states that managed-keys clause is deprecated. Replacing the managed-keys clause with the trust-anchors clause seems to fix the issue. In the file itself it states the following:
>
> # This file is NOT expected to be user-configured.
>
> Perhaps I've missed something. If not, the documentation needs to be a bit more clear on this. Would it be helpful to have a version of the bind.keys file for bind 9.16 and above?
>
> Regards,
>
> Bob
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230102/362bd2d7/attachment.htm>
More information about the bind-users
mailing list