Hi Matthijs! > We would like to encourage you to change your configurations to > 'dnssec-policy'. See this KB article for migration help: > > https://kb.isc.org/docs/dnssec-key-and-signing-policy
Some comments to this KB article and dnssec-policy: - The article should mention how to retrieve the DS record from Bind. - How does Bind handle duplicate keyids when generating new keys? Will Bind ensure that there will not be any duplicate key ideas or will it just use the duplicate keys? In the latter case the " rndc dnssec -checkds -key 12345 ..." commands will be ambiguous. (From an user perspective duplicate keyids should be avoided) Thanks Klaus _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
