> Re-signing the signed zone file, however, also includes signatures from > the passive ZSK, *unless* I remove the DNSKEY records from the zone file > before signing. I guess this is due to the keys already in the signed > zone file overriding the -S switch:
Yes, that's a bug. Thank you very much, we'll address it in the next release. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
