9.7.0a3: dnssec-signzone signs with passive keys?

Evan Hunt each at isc.org
Wed Sep 16 20:50:05 UTC 2009

> Re-signing the signed zone file, however, also includes signatures from
> the passive ZSK, *unless* I remove the DNSKEY records from the zone file
> before signing. I guess this is due to the keys already in the signed
> zone file overriding the -S switch:

Yes, that's a bug.  Thank you very much, we'll address it in the next

Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.

More information about the bind-users mailing list