> That may have been the intent, but I can assure you that it isn't what > actually happens!
Whoops. You're right, and it's a bug. The keys aren't read without "dnssec-lookaside auto" being turned on, but if it is, then both keys are loaded. This works correctly in 9.8, but a little piece of code that was supposed to have been committed to 9.7 seems to have been left out by mistake. My apologies; apparently we've made some people's systems more secure than we intended. :/ If anyone is out there who wants to be using ISC DLV but does not want to use the root key, comment the root key out of bind.keys. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users