A policy for removing named.conf options.
G.W. Haywood
bind at jubileegroup.co.uk
Thu Jun 13 13:55:04 UTC 2019
Hello again,
On Thu, 13 Jun 2019, Matthijs Mekking wrote:
> On 6/13/19 2:40 PM, G.W. Haywood via bind-users wrote:
> > On Thu, 13 Jun 2019, Matthijs Mekking? wrote:
> >
> > > | managed-keys?????? | 9.15/9.16 | replaced with dnssec-keys |
> >
> > According to my changelogs for 'named.conf I removed 'managed-keys' and
> > 'trusted-keys' three years ago, but still use 'managed-keys-directory'.
>
> ... it is likely that you are using managed trust anchors that
> are configured with 'managed-keys' in a bind.keys file. ...
Correct. It says in that file that I'm not expected to do anything to
it - so I expect you'll take care of that when the time comes, yes?
To tell you about the use of configuration options, could you not set
up an ISC zone which BIND on startup will ping with a few packets?
You'd get a lot more (and more accurate) feedback than sending out a
plea on a mailing list. You could make it a compile time option, ask
for permission at build time, etc..
--
73,
Ged.
More information about the bind-users
mailing list