why did it take 26 hours for DSState to change to omnipresent?

Hi there. Ever since I updated my BIND configuration to use the new dnssec-policy feature (a year or so ago) my KSK/CSK rollovers have been a complete shambles. My problems stem from the inference (based documentation and examples) that running "rndc dnssec -checkds published" tells BIND that

Re: per record responses based on originating IP

On 5/15/22 7:28 AM, Angus Clarke wrote: Hi Grant Hi Angus, maybe, I'm reading up ... poking around the manual, are you alluding to the "sortlist" directive? Yes, that's what I was referring to. So the concern with returning an ordered RRset is that the set could be large: Okay. I

Re: per record responses based on originating IP

Hi Grant > Before stepping up to views I'd stop to ask the question, would > returning multiple IPs in a preferred sort order suffice? maybe, I'm reading up ... > BIND has the ability to sort RRs differently based on different client > criteria. poking around the manual, are you alluding to