[BUG] dnssec-signzone silently drops DS records when '-g' is used
Mark Andrews
Mark_Andrews at isc.org
Tue Sep 16 00:39:45 UTC 2008
In message <e90946380809151121k9afb519jabda6a291c1bd69a at mail.gmail.com>, "=?UTF
-8?Q?Ond=C5=99ej_Sur=C3=BD?=" writes:
> Hi,
> I just found quite serious bug in dnssec-signzone :-(.
It's not a bug. It was a deliberate decision to only include
generate DS records when -g is specified. You manage the
transition from secure to insecure by removing the keyset
of the child.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list