> That may have been the intent, but I can assure you that it isn't what
> actually happens!

Whoops.  You're right, and it's a bug.  The keys aren't read without
"dnssec-lookaside auto" being turned on, but if it is, then both keys are
loaded.  This works correctly in 9.8, but a little piece of code that was
supposed to have been committed to 9.7 seems to have been left out by
mistake.  My apologies; apparently we've made some people's systems more
secure than we intended. :/

If anyone is out there who wants to be using ISC DLV but does not want to
use the root key, comment the root key out of bind.keys.

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to