[Pdns-users] [Pdns-dev] PowerDNS Authoritative Server 3.3 Release Candidate 1 available
Peter van Dijk
peter.van.dijk at netherlabs.nl
Tue May 28 11:19:32 UTC 2013
Hello Leen,
On May 28, 2013, at 11:09 , Leen Besselink wrote:
>>
>> * commit 496073b: Since 3.0, pdnssec secure-zone has always generated 3 keys:
>> one KSK and two ZSK, with one ZSK active. For most, if not almost all,
>> users, this inactive ZSK is never used. We now no longer generate this
>> useless ZSK. The resulting smaller DNSKEY RRset improves interoperability
>> with certain validators. Closes ticket 824.
>>
>
> Peter, I assume this means it's still in the database and in the pdnssec output, but
> PowerDNS won't send it to DNS-clients ?
The behaviour of pdns_server has not changed, and your current key sets are not affected. pdnssec secure-zone simply no longer adds the inactive key.
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
More information about the Pdns-users
mailing list