Re: CDS/CDNSKEY are not published with BIND-9.16.1 and dnssec-policies

Hi Tom, Because you just started signing your zone. The DNSKEY and RRSIG records are published but have to wait a TTL time to before the DS may be published, to avoid a situation where a resolver fetches the DS but still has the corresponding DNSKEY query in the negative cache. This time is

CDS/CDNSKEY are not published with BIND-9.16.1 and dnssec-policies

Hi Using BIND-9.16.1. In the last ISC dnssec webinar (https://www.youtube.com/watch?v=2aB__FZZQ84) I heared, that CDS/CDNSKEY records automatically should be published when using dnssec-policies. My policy looks like this: dnssec-policy "test-policy" { dnskey-ttl 60; keys {