A policy for removing named.conf options.
Matthijs Mekking
matthijs at isc.org
Thu Jun 13 13:00:46 UTC 2019
Hi,
On 6/13/19 2:40 PM, G.W. Haywood via bind-users wrote:
> Hi there,
>
> On Thu, 13 Jun 2019, Matthijs Mekking wrote:
>
>> We would like to hear your feedback.
>
> Thank you for the timely heads up.
>
>> | managed-keys | 9.15/9.16 | replaced with dnssec-keys |
>
> According to my changelogs for 'named.conf I removed 'managed-keys' and
> 'trusted-keys' three years ago, but still use 'managed-keys-directory'.
First of all, it is likely that you are using managed trust anchors that
are configured with 'managed-keys' in a bind.keys file. If not, I
believe that having `managed-keys-directory` is useless.
> Will the option 'managed-keys-directory' also be deprecated?
The option `managed-keys-directory` will stay because it will serve as
the directory to store the files that track managed DNSSEC keys (i.e.,
those configured using "initial-key" keyword in the new "dnssec-keys"
statement.
Best regards,
Matthijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190613/ddaf0c46/attachment.bin>
More information about the bind-users
mailing list