Non-disruptive migration to dnssec-policy possible?
Håkan Lindqvist
h+bind at qw.se
Thu Mar 26 23:26:48 UTC 2020
On 2020-03-26 23:00, Mark Andrews wrote:
> dnssec-policy should be independent of inline-signing. If it isn’t then it is a bug.
>
> It just people like editing master files rather than using nsupdate to make changes.
Ok, thank you for clarifying what should be expected.
I guess that leaves the question of whether I am reading too much into
the new behavior.
In addition to my DNSKEY issues, I do get two new files when switching a
zone to dnssec-policy: .signed + .signed.jnl.
To me this seems like the result of inline signing having been enabled,
but maybe this could happen for some other reason?
As for "inline-signing no;" not working, that actually appears to cause
an error regardless of dnssec-policy, so that may be a blemish that is
irrelevant to the overall question.
Anyway, that just leads to:
parser.c:2836: REQUIRE(obj != ((void *)0) && *obj == ((void *)0))
failed, back trace
#0 0x55ec613030a3 in ??
#1 0x7f598d6eda90 in ??
#2 0x7f598d77d9ba in ??
#3 0x55ec6130a23c in ??
#4 0x55ec6130f398 in ??
#5 0x55ec61323adc in ??
#6 0x55ec61324b2e in ??
#7 0x7f598d714e51 in ??
#8 0x7f598d1c2669 in ??
#9 0x7f598d0e4323 in ??
exiting (due to assertion failure)
/Håkan
More information about the bind-users
mailing list