Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

bind: deprecate managed-keys

Browse source 
This has been replaced with the "trust-anchors" keyword, per
section 8.21.1 New Features of the Bind 9 Administrator Reference
Manual:

• In order to clarify the configuration of DNSSEC keys, the trusted-keys and managed-keys statements have been deprecated, and the new trust-anchors statement should now be used for both types of key.
  When used with the keyword initial-key, trust-anchors has the same behavior as managed-keys, i.e., it configures a trust anchor that is to be maintained via RFC 5011.
  When used with the new keyword static-key, trust-anchors has the same behavior as trusted-keys, i.e., it configures a permanent trust anchor that will not automatically be updated. (This usage is not recommended for the root key.) [GL #6]

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This commit is contained in:
Philip Prindeville 2021-10-27 21:45:59 -06:00
parent 5dd6c8ad46
commit a39a8372b3
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/bind/files/bind/bind.keys
View file

@ -19,7 +19,7 @@
# replace this file with a current version. The latest version of
# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
managed-keys {
trust-anchors {
# ISC DLV: See https://www.isc.org/solutions/dlv for details.
#
# NOTE: The ISC DLV zone is being phased out as of February 2017;