diff --git a/CHANGES b/CHANGES
index 9f813bb1cf..1e9a7be985 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5345. [func] Key-style trust anchors and DS-style trust anchors
+ can now both be used for the same name. [GL !2892]
+
5344. [bug] Handle accept() errors properly in netmgr. [GL !2880]
5343. [func] Add statistics counters to the netmgr. [GL #1311]
diff --git a/bin/tests/system/checkconf/bad-ds-key-1.conf b/bin/tests/system/checkconf/good-ds-key-1.conf
similarity index 100%
rename from bin/tests/system/checkconf/bad-ds-key-1.conf
rename to bin/tests/system/checkconf/good-ds-key-1.conf
diff --git a/bin/tests/system/checkconf/bad-ds-key-2.conf b/bin/tests/system/checkconf/good-ds-key-2.conf
similarity index 100%
rename from bin/tests/system/checkconf/bad-ds-key-2.conf
rename to bin/tests/system/checkconf/good-ds-key-2.conf
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index d8715ec5c1..bc86ee9fd7 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -10986,8 +10986,7 @@ example.com CNAME rpz-tcp-only.
It is not possible to mix static with initial trust anchors
- for the same domain name. It is also not possible to mix
- key with ds trust anchors.
+ for the same domain name.
The first time named runs with an
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index e5097e8a62..4cb376f976 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -3593,64 +3593,6 @@ record_ds_keys(isc_symtab_t *symtab, isc_mem_t *mctx, const cfg_obj_t *keylist)
return (ret);
}
-static isc_result_t
-check_non_ds_keys(isc_symtab_t *symtab, const cfg_obj_t *keylist,
- isc_log_t *logctx)
-{
- isc_result_t result, ret = ISC_R_SUCCESS;
- const cfg_listelt_t *elt;
- dns_fixedname_t fixed;
- dns_name_t *name;
- char namebuf[DNS_NAME_FORMATSIZE];
-
- name = dns_fixedname_initname(&fixed);
-
- for (elt = cfg_list_first(keylist);
- elt != NULL;
- elt = cfg_list_next(elt))
- {
- const cfg_obj_t *obj = cfg_listelt_value(elt);
- const cfg_obj_t *init = NULL;
- const char *str;
- isc_symvalue_t symvalue;
-
- init = cfg_tuple_get(obj, "anchortype");
- if (cfg_obj_isvoid(init) ||
- strcasecmp(cfg_obj_asstring(init), "static-ds") == 0 ||
- strcasecmp(cfg_obj_asstring(init), "initial-ds") == 0)
- {
- /* DS-style entry, skip it */
- continue;
- }
-
- str = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
- result = dns_name_fromstring(name, str, 0, NULL);
- if (result != ISC_R_SUCCESS) {
- continue;
- }
-
- dns_name_format(name, namebuf, sizeof(namebuf));
- result = isc_symtab_lookup(symtab, namebuf, 1, &symvalue);
- if (result == ISC_R_SUCCESS) {
- const char *file = cfg_obj_file(symvalue.as_cpointer);
- unsigned int line = cfg_obj_line(symvalue.as_cpointer);
- if (file == NULL) {
- file = "";
- }
- cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
- "ds-style and key-style keys "
- "cannot be used for the "
- "same domain. "
- "ds-style defined at "
- "%s:%u", file, line);
-
- ret = ISC_R_FAILURE;
- }
- }
-
- return (ret);
-}
-
/*
* Check for conflicts between static and initialiizing keys.
*/
@@ -3739,8 +3681,7 @@ check_ta_conflicts(const cfg_obj_t *global_ta, const cfg_obj_t *view_ta,
/*
* Next, ensure that there's no conflict between the
- * static keys and the trust-anchors configured with "initial-key",
- * or between DS-style and DNSKEY-style trust-anchors.
+ * static keys and the trust-anchors configured with "initial-key".
*/
for (elt = cfg_list_first(global_ta);
elt != NULL;
@@ -3751,11 +3692,6 @@ check_ta_conflicts(const cfg_obj_t *global_ta, const cfg_obj_t *view_ta,
if (result == ISC_R_SUCCESS) {
result = tresult;
}
-
- tresult = check_non_ds_keys(dstab, keylist, logctx);
- if (result == ISC_R_SUCCESS) {
- result = tresult;
- }
}
for (elt = cfg_list_first(view_ta);
@@ -3767,11 +3703,6 @@ check_ta_conflicts(const cfg_obj_t *global_ta, const cfg_obj_t *view_ta,
if (result == ISC_R_SUCCESS) {
result = tresult;
}
-
- tresult = check_non_ds_keys(dstab, keylist, logctx);
- if (result == ISC_R_SUCCESS) {
- result = tresult;
- }
}
cleanup: