I am running bind 9.5.0, and have a dynamic zone with two ZSK set up in the pre-publish manner - one ZSK is "published" but not used for signing, one ZSK is "active" and signs all records. That's how I use them when I do a full re-sign with dnssec-signzone. But when I make a dynamic update to the zone, bind signs the updated record with both ZSKs. That makes sense because bind has no way to tell the two ZSKs apart.
So I guess my question is - does pre-publish work with dynamic update? If so, how is it configured? Thanks, Richard. _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
