'inline-signing' might go away and be replaced by dnssec-policy ?
Jan-Piet Mens
list at mens.de
Wed Oct 26 19:41:15 UTC 2022
Retried my named.conf with BIND 9.19.7-dev (Development Release) <id:e004ca4> which reports:
26-Oct-2022 21:31:42.021 /private/tmp/b/named.conf:11: 'inline-signing yes;' must also be configured explicitly for zones using dnssec-policy without a configured 'allow-update' or 'update-policy'. See https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
If I add an allow-update{} or inline-signing{} stanza, the server starts and
neither combination overwrites the primary zone file.
-JP
More information about the bind-users
mailing list