> > Is it really much of a hassle to leave the obsolete options in the > > parser, but just ignore them?
IMHO, it depends on the option. For something like "managed-keys" and "trusted-keys", there are clear security implications. Once those are no longer effective, it would be dangerous to have named ignore them - even with a logged warning. Operators who didn't notice the log message wouldn't realize they were running without the security they'd configured. For something like "cleaning-interval" or "max-acache-size", IMHO it would be safe to let it slide. With "dnssec-enable" or "queryport-pool-ports", maybe those fall somewhere in between, I could see arguments either way. In any case, if we're going to make a policy that covers the whole range of possibilities, then it needs to address the case when an option must removed, and how to ensure operators aren't blindsided by that. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
