Adding first DNSKEY record with update (9.6.0 vs 9.6.1)
Chris Thompson
cet1 at cam.ac.uk
Tue Jul 14 16:01:53 UTC 2009
In BIND 9.6.0 one could take an unsigned zone and add an initial
KSK and ZSK to it using nsupdate (and if the right files were in the
key directory, it would sign everything correctly). In BIND 9.6.1
this no longer works: it returns REFUSED. It's unclear to me whether
this change was intended - if so I can't work out which entry in the
CHANGES file it corresponds to.
Both 9.6.0 and 9.6.1 give REFUSED if one attempts to delete the
last KSK (although they let you remove all the ZSKs).
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list