Thanks Even. Sounds like "dnssec-validation auto" is a more future-proof
option for what want it. I will use that instead.
On Wednesday, June 12, 2019, 5:25:51 PM PDT, Evan Hunt <e...@isc.org>
wrote:
On Wed, Jun 12, 2019 at 11:40:27PM +0000, Shawn Zhou via bind-users wrote:
> The default BIND9 installation for CentOS7 has dnssec-validation set to
> "yes" and it also includes managed-keys as well. Do those managed-keys
> get updated automatically?
Yes, if the "managed-keys" statement is in named.conf (or included in
it via an "include" statement) then the keys will be updated automatically.
Based on what you copy-pasted, that appears to be the case.
"dnssec-validation auto" causes named to use its built-in key for the root
zone, so you don't have to put your own "managed-keys" statement into
named.conf, but otherwise it's the same as "dnssec-validation yes".
(BTW, a note in passing: we're changing the command from "managed-keys" to
"dnssec-keys" over the next few years. The new syntax will be available in
BIND 9.15.1, which should be out next week; the old syntax will be
phased out later.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
