Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 569
    • Issues 569
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 111
    • Merge requests 111
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Merge requests
  • !659

Resolve "Merge trusted-key and managed-keys"

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged Evan Hunt requested to merge 6-deprecate-trusted-keys into master Aug 16, 2018
  • Overview 77
  • Commits 9
  • Pipelines 24
  • Changes 76

This is an initial pass at marking trusted-keys as deprecated but still retaining its functionality for the time being.

  • trusted-keys is now flagged as deprecated, but it still works
  • managed-keys can be used to configure permanent trust anchors by using the "static" keyword in place of "initial-key"
  • trusted-keys is no longer allowed in bind.keys

If we decide this is good idea, then we should also add "dnssec-keys" as a new synonym for "managed-keys", and phase "managed-keys" out too, since it's no longer an accurate description. Also, if we do this, it still needs a lot of work, including a lot of updated documentation, and updating the tests to use the new syntax (though they work now with the old syntax).

I'm really not sure it's worth doing, though. ICANN's decided to roll the key, and if people with old trusted-keys configurations get bit by it, presumably they'll all be smarter next time.

Closes #6 (closed)

Edited Jun 05, 2019 by Evan Hunt
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: 6-deprecate-trusted-keys