dnssec-policy should be independent of inline-signing. If it isn’t then it is
a bug.
It just people like editing master files rather than using nsupdate to make
changes.
> On 27 Mar 2020, at 08:02, Shumon Huque <shu...@gmail.com> wrote:
>
> On Thu, Mar 26, 2020 at 3:35 PM Håkan Lindqvist via bind-users
> <bind-users@lists.isc.org> wrote:
>
> A related thing that I've noticed in my tests is that "dnssec-policy x"
> seems to also imply "inline-signing yes"?
> Is this intended as a strict requirement, it seems a little awkward?
>
> I'm sure ISC colleagues will elucidate more, but it sounds to me like a new
> interpretation. of "inline-signing", i.e. the dnssec-policy feature takes an
> unsigned local zone file as input, and generates and maintains a new signed
> file ("origfile.signed"). UPDATEs continue to go to the orig file and
> ("inline?") signed deltas go into the signed file (well journal first and
> synced later). It would probably be helpful to have the mechanics of this new
> feature written up in detail somewhere so that operators know what is
> actually going on.
>
> Shumon Huque
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
