diff options
author | grehan <grehan@FreeBSD.org> | 2011-07-18 22:00:21 +0000 |
---|---|---|
committer | grehan <grehan@FreeBSD.org> | 2011-07-18 22:00:21 +0000 |
commit | 1823067d93fba5ecf7990fee39428954fa5cbf1b (patch) | |
tree | 02a0ea02eab1c6db10baf7c805a29a81132bbe98 /contrib/bind9/KNOWN-DEFECTS | |
parent | cba736c8eee565e8ba803c9ef7c7f06aefb162ed (diff) | |
parent | 9a6ff5ad378cfaaa99c5162e2b0f6e4cb6a3c796 (diff) | |
download | FreeBSD-src-1823067d93fba5ecf7990fee39428954fa5cbf1b.zip FreeBSD-src-1823067d93fba5ecf7990fee39428954fa5cbf1b.tar.gz |
IFC @ r224187
Diffstat (limited to 'contrib/bind9/KNOWN-DEFECTS')
-rw-r--r-- | contrib/bind9/KNOWN-DEFECTS | 15 |
1 files changed, 0 insertions, 15 deletions
diff --git a/contrib/bind9/KNOWN-DEFECTS b/contrib/bind9/KNOWN-DEFECTS deleted file mode 100644 index 83d7175..0000000 --- a/contrib/bind9/KNOWN-DEFECTS +++ /dev/null @@ -1,15 +0,0 @@ -dnssec-signzone was designed so that it could sign a zone partially, using -only a subset of the DNSSEC keys needed to produce a fully-signed zone. -This permits a zone administrator, for example, to sign a zone with one -key on one machine, move the resulting partially-signed zone to a second -machine, and sign it again with a second key. - -An unfortunate side-effect of this flexibility is that dnssec-signzone -does not check to make sure it's signing a zone with any valid keys at -all. An attempt to sign a zone without any keys will appear to succeed, -producing a "signed" zone with no signatures. There is no warning issued -when a zone is not signed. - -This will be corrected in a future release. In the meantime, ISC -recommends examining the output of dnssec-signzone to confirm that -the zone is properly signed by all keys before using it. |