bind.keys vs trusted-keys.key? Re: BIND 9.8.1 is now available
Paul Wouters
paul at xelerance.com
Thu Sep 1 20:33:33 UTC 2011
On Thu, 1 Sep 2011, Mark Andrews wrote:
> * The root key is now provided in the file bind.keys allowing DNSSEC
> validation to be switched on at start up by adding
> "dnssec-validation auto;" to named.conf. If the root key provided
> has expired, named will log the expiration and validation will not
> work. More information and the most current copy of bind.keys can
> be found at http://www.isc.org/bind-keys. *Please note this feature
> was actually added in 9.8.0 but was not included in the 9.8.0
> release notes. [RT #21727]
Is this location and format used by the dig command now too? Dig used
to want some /etc/trusted-key.key file before when using +sigchase.
Paul
More information about the bind-workers
mailing list