dnssec-policy behaviour
Ondřej Surý
ondrej at isc.org
Sun Feb 2 10:21:54 UTC 2020
Hi Kal,
thanks for testing the new feature. This sounds like a bug to me. Could you please fill issue in our GitLab (https://gitlab.isc.org/), so we don’t lose track of the bug.
Thank you,
--
Ondřej Surý — ISC
> On 2 Feb 2020, at 10:53, Kal Feher via bind-users <bind-users at lists.isc.org> wrote:
>
> I've been testing the dnssec-policy (9.15.8)feature, but either I've
> come across a bug, or my understanding of the configuration is incomplete.
>
> Whenever BIND restarts, it adds a new key (or keys, depending on the
> policy) into the configured key directory. It uses this new key or keys
> to sign the zone, apparently ignoring previously created keys, although
> the DNSKEY records remain within the zone. I have observed the same
> behaviour if I initiate an rndc loadkeys <zone>.
>
> I've tried both the default policy and an explicitly configured policy
> with the same results.
>
> There's nothing in the logs indicating an error loading previous keys.
>
> Am I missing something?
>
> --
>
> Kal Feher
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list