Problem upgrading to 9.18 - important feature being removed
Jim P.
jimpop at domainmail.org
Tue Feb 27 15:39:33 UTC 2024
On Tue, 2024-02-27 at 16:06 +0100, Carsten Strotmann via bind-users
wrote:
> It would be nice to have a "dry-run" mode in BIND 9, where BIND 9
> would report steps it would do because of "dnssec-policy", but will
> not execute the changes.
**This** ^^^
There should also be an option to display the current configuration in
specific detail to easily create a new KASP (side question: why does DNS
need a new acronym?)
I don't do DNS as a full time job, so I'm in the dark on a lot of the
reasoning and needs for all these changes, BUT simple testing that I
have done have shown me that dnssec-policy fails often enough that I'm
planning on waiting until the last possible hour in hopes that there is
better tooling and simpler documentation. Not everyone running a DNS
server can afford the time to be an expert at bind9, and I doubt that
ISC only wants to have bind9 used by the 42 people who are experts of
bind9.
-Jim P.
More information about the bind-users
mailing list