I've been testing the dnssec-policy (9.15.8)feature, but either I've come across a bug, or my understanding of the configuration is incomplete.
Whenever BIND restarts, it adds a new key (or keys, depending on the policy) into the configured key directory. It uses this new key or keys to sign the zone, apparently ignoring previously created keys, although the DNSKEY records remain within the zone. I have observed the same behaviour if I initiate an rndc loadkeys <zone>. I've tried both the default policy and an explicitly configured policy with the same results. There's nothing in the logs indicating an error loading previous keys. Am I missing something? -- Kal Feher _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users