Hello Leen, On May 28, 2013, at 11:09 , Leen Besselink wrote:
>> >> * commit 496073b: Since 3.0, pdnssec secure-zone has always generated 3 >> keys: >> one KSK and two ZSK, with one ZSK active. For most, if not almost all, >> users, this inactive ZSK is never used. We now no longer generate this >> useless ZSK. The resulting smaller DNSKEY RRset improves interoperability >> with certain validators. Closes ticket 824. >> > > Peter, I assume this means it's still in the database and in the pdnssec > output, but > PowerDNS won't send it to DNS-clients ? The behaviour of pdns_server has not changed, and your current key sets are not affected. pdnssec secure-zone simply no longer adds the inactive key. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
