On Thu, Mar 26, 2020 at 3:35 PM Håkan Lindqvist via bind-users <
bind-users@lists.isc.org> wrote:
>
> A related thing that I've noticed in my tests is that "dnssec-policy x"
> seems to also imply "inline-signing yes"?
> Is this intended as a strict requirement, it seems a little awkward?
>
I'm sure ISC colleagues will elucidate more, but it sounds to me like a new
interpretation. of "inline-signing", i.e. the dnssec-policy feature takes
an unsigned local zone file as input, and generates and maintains a new
signed file ("origfile.signed"). UPDATEs continue to go to the orig file
and ("inline?") signed deltas go into the signed file (well journal first
and synced later). It would probably be helpful to have the mechanics of
this new feature written up in detail somewhere so that operators know what
is actually going on.
Shumon Huque
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
