[v9_18] Don't delete CDS DELETE after zone sign (!6126) · Merge requests · ISC Open Source Projects / BIND

Matthijs Mekking requested to merge 2931-cds-delete-removed-on-signing-v9_18 into v9_18 Apr 13, 2022

Add a test case for a dynamically added CDS DELETE record and make sure it is not removed when signing the zone. This happens because BIND maintains CDS and CDNSKEY publishing and it will only allow CDS DELETE records if the zone is transitioning to insecure. This is a state that can be identified when using KASP through 'dnssec-policy', but not when using 'auto-dnssec'.

(cherry picked from commit f08277f9)

Closes #2931 (closed)

[v9_18] Don't delete CDS DELETE after zone sign

Merge request reports