On Wed, Jun 12, 2019 at 11:40:27PM +0000, Shawn Zhou via bind-users wrote: > The default BIND9 installation for CentOS7 has dnssec-validation set to > "yes" and it also includes managed-keys as well. Do those managed-keys > get updated automatically?
Yes, if the "managed-keys" statement is in named.conf (or included in it via an "include" statement) then the keys will be updated automatically. Based on what you copy-pasted, that appears to be the case. "dnssec-validation auto" causes named to use its built-in key for the root zone, so you don't have to put your own "managed-keys" statement into named.conf, but otherwise it's the same as "dnssec-validation yes". (BTW, a note in passing: we're changing the command from "managed-keys" to "dnssec-keys" over the next few years. The new syntax will be available in BIND 9.15.1, which should be out next week; the old syntax will be phased out later.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
