Matt Larson wrote:
I would love to see BIND's trusted-keys syntax deprecated. Not the ability to configure a trust anchor statically, mind you, just the syntax. Changing the syntax and refusing to start with trusted-key in the configuration file would force those who are dragging old config files behind them unchanged to update.
tough love is hard to give away. BIND9 ships inside a lot of packaged Linux systems, and i don't imagine that ISC would ask or that RH would agree to (another) deliberate invalidation of a working config file.
the old one can be made to generate syslog warnings. but there would be some lengthy crossover period during which both old and new config worked, so that eventually, ISC and RH could include a python or perl script that would convert old format to new.
it's doable, but not in the style you suggest, or in a short time. -- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
