root zone initial key in bind.keys
Evan Hunt
each at isc.org
Wed Feb 23 17:32:44 UTC 2011
> That may have been the intent, but I can assure you that it isn't what
> actually happens!
Whoops. You're right, and it's a bug. The keys aren't read without
"dnssec-lookaside auto" being turned on, but if it is, then both keys are
loaded. This works correctly in 9.8, but a little piece of code that was
supposed to have been committed to 9.7 seems to have been left out by
mistake. My apologies; apparently we've made some people's systems more
secure than we intended. :/
If anyone is out there who wants to be using ISC DLV but does not want to
use the root key, comment the root key out of bind.keys.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list