9.7.0a3: dnssec-signzone signs with passive keys?
each at isc.org
Wed Sep 16 20:50:05 UTC 2009
> Re-signing the signed zone file, however, also includes signatures from
> the passive ZSK, *unless* I remove the DNSKEY records from the zone file
> before signing. I guess this is due to the keys already in the signed
> zone file overriding the -S switch:
Yes, that's a bug. Thank you very much, we'll address it in the next
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users