AW: Deprecating auto-dnssec and inline-signing in 9.18+

Tim Daneliuk tundra at
Tue Aug 10 16:24:31 UTC 2021

On 8/10/21 10:07 AM, Matthijs Mekking wrote:
>> So just to be sure I'm doing the right thing, I've added this to my
>> options stanza:
>>      dnssec-policy "default";
>> Then restarted named and now all the signing magic is taken care of for
>> me for all zones?  (I was not previously using signing.)
> Correct.
> But you still need to manually submit the DS record to your registrar/parent and if you see the DS published run:
> rndc dnssec -checkds published <zone>.

I've never done any of the signing work before (other than for  master/slave).
Could you kindly point me to something like

      "DS Record Creation And Implementation For Dummies"?

Tim Daneliuk     tundra at
PGP Key:

More information about the bind-users mailing list