Hi Kal, thanks for testing the new feature. This sounds like a bug to me. Could you please fill issue in our GitLab (https://gitlab.isc.org/), so we don’t lose track of the bug.
Thank you, -- Ondřej Surý — ISC > On 2 Feb 2020, at 10:53, Kal Feher via bind-users <bind-users@lists.isc.org> > wrote: > > I've been testing the dnssec-policy (9.15.8)feature, but either I've > come across a bug, or my understanding of the configuration is incomplete. > > Whenever BIND restarts, it adds a new key (or keys, depending on the > policy) into the configured key directory. It uses this new key or keys > to sign the zone, apparently ignoring previously created keys, although > the DNSKEY records remain within the zone. I have observed the same > behaviour if I initiate an rndc loadkeys <zone>. > > I've tried both the default policy and an explicitly configured policy > with the same results. > > There's nothing in the logs indicating an error loading previous keys. > > Am I missing something? > > -- > > Kal Feher > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
