Skip to content

[v9_18] Don't delete CDS DELETE after zone sign

Matthijs Mekking requested to merge 2931-cds-delete-removed-on-signing-v9_18 into v9_18

Add a test case for a dynamically added CDS DELETE record and make sure it is not removed when signing the zone. This happens because BIND maintains CDS and CDNSKEY publishing and it will only allow CDS DELETE records if the zone is transitioning to insecure. This is a state that can be identified when using KASP through 'dnssec-policy', but not when using 'auto-dnssec'.

(cherry picked from commit f08277f9)

Closes #2931 (closed)

Merge request reports