Configuring a static root trust anchor prevents "dnssec-validation auto;" key maintenance

If any trusted-keys entry is configured for the root zone and dnssec-validation auto; is in effect, the built-in root trust anchor enabled by the latter will be used for DNSSEC validation purposes, but it will not be maintained using the RFC 5011 process.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information