PKCS#11 vs OpenSSL (BIND Future Development Question)

Hi all, BIND 9 currently supports two major cryptography provider libraries - OpenSSL[1] and PKCS#11. The PKCS#11 interface is very fragile, as the different vendors implement different parts of the standard, and BIND needs to be compiled with a specific PKCS#11 provider defined at the compile

BIND rejecting key to update a zone

I'm sure this is something obvious I'm overlooking while I futz around with setting up an RPZ (9.10.3-P4-Debian) BIND config has: key "dns-update" {     algorithm HMAC-SHA512;     secret "KEYREDACTED=="; }; and zone "test.rpz." {     type master;     allow-transfer { key "dns-ts