Problem upgrading to 9.18 - important feature being removed
Carsten Strotmann
carsten at strotmann.de
Tue Feb 27 15:06:18 UTC 2024
Hi Matthijs,
On 27 Feb 2024, at 15:54, Matthijs Mekking wrote:
> - When migrating to dnssec-policy, make sure the configuration matches your existing keys.
the most problems I've seen so far have to do with this step: admins "think" they have created a configuration that matches the current keys, but they haven't (for one reason or other, it happens for me, despite working a lot with DNSSEC and BIND 9).
It would be nice to have a "dry-run" mode in BIND 9, where BIND 9 would report steps it would do because of "dnssec-policy", but will not execute the changes.
That way, admins can create a configuration with "dry-run" mode enabled, check the logfiles, and if the actions in the log-file match the expectations, the "dry-run" mode can be removed and the new configuration will become active.
Greetings
Carsten
More information about the bind-users
mailing list