mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-26 19:34:04 -04:00
844bde0c70
When introducing the kasp logic, a full sign of the zone did not generate new signatures for the new active keys during a ZSK rollover. The introduced kasp logic ensured that the rollover is performed smoothly, as in the signatures are only replaced if the old signature is close to expiring (depending on the signatures-refresh option). Fix by maintaining a fullsign boolean value in the signing structure, that will ensure the RRsets are signed with the correct key, rather than a similar good key. In case of a fullsign, we can also remove signatures from inactive keys. Remove the unused dns_zone_signwithkey function. |
||
|---|---|---|
| .. | ||
| dns | ||
| dst | ||
| irs | ||
| .clang-format | ||
| meson.build | ||