Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 633
    • Issues 633
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 87
    • Merge requests 87
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #560
Closed
Open
Issue created Sep 26, 2018 by Evan Hunt@eachDeveloper

dnssec-keymgr doesn't work correctly with "."

When you run dnssec-keymgr with a given zone name the first time, it generates a KSK/ZSK set for that zone. Run it again for the same zone name, it should detect the existing keys and apply the key management policy to them, which in most cases means it won't do anything at all.

However, when you run dnssec-keymgr . multiple times, it generates a new keys for the root zone every single time. I haven't had time to figure out why it's doing this, but it's wrong.

(I'm not really expecting them to start using dnssec-keymgr to maintain the root keys, so it isn't the most urgent problem, but we should look into it anyway.)

Assignee
Assign to
Time tracking