Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
BIND
BIND
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 595
    • Issues 595
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 114
    • Merge Requests 114
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #560

Closed
Open
Opened Sep 26, 2018 by Evan Hunt@eachOwner

dnssec-keymgr doesn't work correctly with "."

When you run dnssec-keymgr with a given zone name the first time, it generates a KSK/ZSK set for that zone. Run it again for the same zone name, it should detect the existing keys and apply the key management policy to them, which in most cases means it won't do anything at all.

However, when you run dnssec-keymgr . multiple times, it generates a new keys for the root zone every single time. I haven't had time to figure out why it's doing this, but it's wrong.

(I'm not really expecting them to start using dnssec-keymgr to maintain the root keys, so it isn't the most urgent problem, but we should look into it anyway.)

Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: isc-projects/bind9#560