diff options
Diffstat (limited to 'contrib/bind9/KNOWN-DEFECTS')
-rw-r--r-- | contrib/bind9/KNOWN-DEFECTS | 15 |
1 files changed, 0 insertions, 15 deletions
diff --git a/contrib/bind9/KNOWN-DEFECTS b/contrib/bind9/KNOWN-DEFECTS deleted file mode 100644 index 83d7175..0000000 --- a/contrib/bind9/KNOWN-DEFECTS +++ /dev/null @@ -1,15 +0,0 @@ -dnssec-signzone was designed so that it could sign a zone partially, using -only a subset of the DNSSEC keys needed to produce a fully-signed zone. -This permits a zone administrator, for example, to sign a zone with one -key on one machine, move the resulting partially-signed zone to a second -machine, and sign it again with a second key. - -An unfortunate side-effect of this flexibility is that dnssec-signzone -does not check to make sure it's signing a zone with any valid keys at -all. An attempt to sign a zone without any keys will appear to succeed, -producing a "signed" zone with no signatures. There is no warning issued -when a zone is not signed. - -This will be corrected in a future release. In the meantime, ISC -recommends examining the output of dnssec-signzone to confirm that -the zone is properly signed by all keys before using it. |