Skip to content

Resolve "Merge trusted-key and managed-keys"

Evan Hunt requested to merge 6-deprecate-trusted-keys into master

This is an initial pass at marking trusted-keys as deprecated but still retaining its functionality for the time being.

  • trusted-keys is now flagged as deprecated, but it still works
  • managed-keys can be used to configure permanent trust anchors by using the "static" keyword in place of "initial-key"
  • trusted-keys is no longer allowed in bind.keys

If we decide this is good idea, then we should also add "dnssec-keys" as a new synonym for "managed-keys", and phase "managed-keys" out too, since it's no longer an accurate description. Also, if we do this, it still needs a lot of work, including a lot of updated documentation, and updating the tests to use the new syntax (though they work now with the old syntax).

I'm really not sure it's worth doing, though. ICANN's decided to roll the key, and if people with old trusted-keys configurations get bit by it, presumably they'll all be smarter next time.

Closes #6 (closed)

Edited by Evan Hunt

Merge request reports