A manual rollover when the zone is in an invalid DNSSEC state causes predecessor keys to be removed too quickly. Additional safeguards to prevent this have been added. DNSSEC records will not be removed from the zone until the underlying state machine has moved back into a valid DNSSEC state.
Closes #5458
Merge branch '5458-safeguard-against-key-rollovers-when-in-invalid-state' into 'main'
projects / thirdparty / bind9.git / commitdiff
