[Pdns-users] [Pdns-dev] PowerDNS Authoritative Server 3.3 Release Candidate 1 available

Peter van Dijk peter.van.dijk at netherlabs.nl
Tue May 28 11:19:32 UTC 2013

Hello Leen,

On May 28, 2013, at 11:09 , Leen Besselink wrote:

>>  * commit 496073b: Since 3.0, pdnssec secure-zone has always generated 3 keys:
>>    one KSK and two ZSK, with one ZSK active. For most, if not almost all,
>>    users, this inactive ZSK is never used. We now no longer generate this
>>    useless ZSK. The resulting smaller DNSKEY RRset improves interoperability
>>    with certain validators. Closes ticket 824.
> Peter, I assume this means it's still in the database and in the pdnssec output, but
> PowerDNS won't send it to DNS-clients ?

The behaviour of pdns_server has not changed, and your current key sets are not affected. pdnssec secure-zone simply no longer adds the inactive key.

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

More information about the Pdns-users mailing list