auto-dnssec maintain and DNSKEY removal

Hi BIND, The documentation for auto-dnssec maintain suggests that named will remove DNSKEYs from zones when the deletion time marked in the metadata occurs [1]. Unfortunately, it seems this is not always the case. We are currently trying to diagnose the source of residual DNSKEYs in our zones

Re: mail.protection.outlook.com queries to ns1-proddns.glbdns.o365filtering.com

The load balancers are not RFC compliant. While NOTIMP is a valid rcode it was not intended to be returned for normal queries. If you look at RFC 1034 you should be getting a Name Error (NXDOMAIN) response. The server can't load records it doesn't implement so it it sees them it is supposed to

Re: Automatic DNSSEC signing workflow

On Fri, Jul 1, 2016 at 2:13 PM, dramaley wrote: > Hello. I'm running Bind 9.9.4 (the default that comes with RHEL 7). I'm > trying to figure out a workflow for doing DNS updates with auto-dnssec > turned on. When I have to update a zone file, I do so by editing the zone

Automatic DNSSEC signing workflow

Hello. I'm running Bind 9.9.4 (the default that comes with RHEL 7). I'm trying to figure out a workflow for doing DNS updates with auto-dnssec turned on. When I have to update a zone file, I do so by editing the zone file and incrementing the serial number, then restarting Bind. Unfortunately,