DNSSec Setup ARM Manual vs KB article on adding inline-signing for non-dynamic zones

[E R]

As if DNSSec is not confusing enough...It seems the ARM manual that matches
my release is out of step with the web site.  I followed the "Easy-Start
Guide for Signing Authoritative Zones" in the ARM manual after manually
signing my test zone for my starting point.  The ARM says you ONLY need to
specify "dnssec-policy default;" in your zone, view or options clause for
the newer way to sign things.  I completed the steps successfully (except
for one command that no longer works as shown in the manual which is not
important).  I cannot find anything broken with BIND 9.16.23-RH (Extended
Support Version) when I follow the ARM manual.

This document https://kb.isc.org/docs/dnssec-key-and-signing-policy says I
need to have dynamic zone for things to work.  Don't need or design
anything other than a good ole static zone since an entry is changed like
3-4 times per year.  The newest ARM has a new section that mentions needing
to setup Dynamic DNS but it also states that BIND previously used implicit
inline-signing.  It is really difficult for a casual observer to sort this
out.  No reference to what they mean by "previously".

Did they break builds newer than 9.16.23 and that is why I am not seeing
any issues?  Or is it the fact that I am not an DNSSEC expert I am not
seeing a glaring issue?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230724/68e6c8e2/attachment.htm>