AW: Deprecating auto-dnssec and inline-signing in 9.18+

Tim Daneliuk tundra at
Tue Aug 10 13:51:04 UTC 2021

On 8/10/21 7:51 AM, Matthijs Mekking wrote:
> Hi Klaus,
> On 10-08-2021 13:38, Klaus Darilion wrote:
>> Hi Matthijs!
>>> We would like to encourage you to change your configurations to 'dnssec-policy'. See this KB article for migration help:
>> Some comments to this KB article and dnssec-policy:
>> - The article should mention how to retrieve the DS record from
>> Bind.

So just to be sure I'm doing the right thing, I've added this to my
options stanza:

    dnssec-policy "default";

Then restarted named and now all the signing magic is taken care of for
me for all zones?  (I was not previously using signing.)


Tim Daneliuk     tundra at
PGP Key:

More information about the bind-users mailing list