Re: dnssec-signzone retains obsolete signatures

Daniel Stirnimann Sat, 02 Apr 2016 07:07:43 -0700

> While this is not a problem for BIND to load the zone it seems
> unexpected to me. Should dnssec-signzone not remove obsolete signatures?


Found out that this issue is fixed in BIND 9.11.0a1:

4305. [bug]    dnssec-signzone was not removing unnecessary rrsigs
               from the zone's apex. [RT #41483]

Specifically, it was fixed on the 28th Jan 2016:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=832ab79d1f8bc4edf638780b306888da30ac3a1e

I believe the wording "from the zone's apex" is wrong as it removes
unnecessary rrsigs from the whole zone.

Daniel
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dnssec-signzone retains obsolete signatures

Reply via email to