mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

Add release note and change entry for [#1551]

Browse Source
This commit is contained in:
Matthijs Mekking
2021-07-20 11:40:39 +02:00
parent 94bb545087
commit 1befaa5d45
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGES
View File

@@ -1,3 +1,10 @@
5690. [func] Change "dnssec-signzone" to honor the Predecessor and
Successor metadata values, and allow for gradual
replacement of RRSIGs. In other words, don't sign
with the successor key if there is an RRSIG from the
predecessor key that does not need to be refreshed.
[GL #1551]
5689. [placeholder] 5689. [placeholder]
5688. [bug] Inline and dnssec-policy zones could fail to apply 5688. [bug] Inline and dnssec-policy zones could fail to apply

5
doc/notes/notes-current.rst
View File

@@ -66,6 +66,11 @@ Feature Changes
record. This allows a clean rollover from one DNS provider to another record. This allows a clean rollover from one DNS provider to another
when using a multiple-signer DNSSEC configuration. :gl:`#2710` when using a multiple-signer DNSSEC configuration. :gl:`#2710`
- ``dnssec-signzone`` is now able to retain signatures from inactive
predecessor keys without introducing additional signatures from the successor
key. This allows for a gradual replacement of RRSIGs as they reach expiry.
:gl:`#1551`
Bug Fixes Bug Fixes
~~~~~~~~~ ~~~~~~~~~