Add release note and change entry for [#1551]

2025-08-29 13:38:26 +00:00 · 2021-07-20 11:40:39 +02:00 · 2021-07-20 11:40:39 +02:00 · 1befaa5d45
commit 1befaa5d45
parent 94bb545087
2 changed files with 12 additions and 0 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+5690.	[func]		Change "dnssec-signzone" to honor the Predecessor and
+			Successor metadata values, and allow for gradual
+			replacement of RRSIGs. In other words, don't sign
+			with the successor key if there is an RRSIG from the
+			predecessor key that does not need to be refreshed.
+			[GL #1551]
+
 5689.	[placeholder]

 5688.	[bug]		Inline and dnssec-policy zones could fail to apply
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@ -66,6 +66,11 @@ Feature Changes
  record.  This allows a clean rollover from one DNS provider to another
  when using a multiple-signer DNSSEC configuration. :gl:`#2710`

+- ``dnssec-signzone`` is now able to retain signatures from inactive
+  predecessor keys without introducing additional signatures from the successor
+  key. This allows for a gradual replacement of RRSIGs as they reach expiry.
+  :gl:`#1551`
+
 Bug Fixes
 ~~~~~~~~~