bind.keys vs trusted-keys.key? Re: BIND 9.8.1 is now available

Paul Wouters paul at
Thu Sep 1 20:33:33 UTC 2011

On Thu, 1 Sep 2011, Mark Andrews wrote:

>     * The root key is now provided in the file bind.keys allowing DNSSEC
>       validation to be switched on at start up by adding
>       "dnssec-validation auto;" to named.conf. If the root key provided
>       has expired, named will log the expiration and validation will not
>       work. More information and the most current copy of bind.keys can
>       be found at *Please note this feature
>       was actually added in 9.8.0 but was not included in the 9.8.0
>       release notes. [RT #21727]

Is this location and format used by the dig command now too? Dig used
to want some /etc/trusted-key.key file before when using +sigchase.


More information about the bind-workers mailing list