Re: Bind keeps adding RRSIGs to zone file after switching to dnssec policy

Thanks! That worked as expected. I blindly removed inline-signing without thinking about what it actually does. https://kb.isc.org/docs/aa-00626 J. On Sun, Mar 6, 2022 at 2:11 AM Mark Andrews wrote: > > You switched your server from ‘auto-dnssec maintain;’ to ‘dnssec-policy > mypolicy;’ > and re

Re: Bind keeps adding RRSIGs to zone file after switching to dnssec policy

You switched your server from ‘auto-dnssec maintain;’ to ‘dnssec-policy mypolicy;’ and removed ‘inline-signing yes;’. Put back ‘inline-signing yes;’ if you want named to maintain two instances of the zone. -- Mark Andrews > On 6 Mar 2022, at 03:49, Josef Vybíhal wrote: > > Hi everyone, >

Bind keeps adding RRSIGs to zone file after switching to dnssec policy

Hi everyone, today I switched more domains from inline-signing do dnssec-policy and I noticed something that I quite do not like. So I want to ask if that's normal and if there is a way to stop it from happening. I had this: zone "EXAMPLE.com" { type master; file "master/EXAMPLE.com.zone";