Deprecating auto-dnssec and inline-signing in 9.18+
Matthijs Mekking
matthijs at isc.org
Tue Aug 10 08:02:59 UTC 2021
Hi users,
We are planning to deprecate the options 'auto-dnssec' and
'inline-signing' in BIND 9.18. The reason for this is because
'dnssec-policy' is the preferred way of maintaining your DNSSEC zone.
Deprecating means that you can still use the options in 9.18, but a
warning will be logged and it is very likely that the options will be
removed in BIND 9.20.
We would like to encourage you to change your configurations to
'dnssec-policy'. See this KB article for migration help:
https://kb.isc.org/docs/dnssec-key-and-signing-policy
Do you have reasons for keeping 'inline-signing' or 'auto-dnssec'
configurations? Is there a use case that is not (yet) covered by
'dnssec-policy'? Any other concerns? Please let us know.
Best regards,
Matthijs
More information about the bind-users
mailing list