Deprecating auto-dnssec and inline-signing in 9.18+

Matthijs Mekking Tue, 10 Aug 2021 01:03:52 -0700

Hi users,

We are planning to deprecate the options 'auto-dnssec' and'inline-signing' in BIND 9.18. The reason for this is because'dnssec-policy' is the preferred way of maintaining your DNSSEC zone.

Deprecating means that you can still use the options in 9.18, but awarning will be logged and it is very likely that the options will beremoved in BIND 9.20.

We would like to encourage you to change your configurations to'dnssec-policy'. See this KB article for migration help:


    https://kb.isc.org/docs/dnssec-key-and-signing-policy

Do you have reasons for keeping 'inline-signing' or 'auto-dnssec'configurations? Is there a use case that is not (yet) covered by'dnssec-policy'? Any other concerns? Please let us know.


Best regards,

Matthijs
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Deprecating auto-dnssec and inline-signing in 9.18+

Reply via email to