> While this is not a problem for BIND to load the zone it seems
> unexpected to me. Should dnssec-signzone not remove obsolete signatures?
Found out that this issue is fixed in BIND 9.11.0a1:
4305. [bug]dnssec-signzone was not removing unnecessary rrsigs
from the zone's apex.
Dear all,
I have the following test zone files:
8.example.com.signed
K8.example.com.+008+40162.key
K8.example.com.+008+40162.private
I edit the signed zone directly (8.example.com.signed) and remove for
example an A record and then resign the zone as following:
dnssec-signzone -z -o 8.example.c
2 matches
Mail list logo
