rndc -checkds halts CDS publication

The new function rndc dnssec -checkds changes the key manager logic such that the DS only becomes RUMOURED when the given rndc command is sent to named. However, this DS state is also used to determine whether the CDS can be published in the child zone.

In other words, the CDS now only gets published once the user said the DS was already in the parent.

This bug is only in development code as the rndc dnssec -checkds did not make the August release and thus the fix will not require a release note.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information