``disable-algorithms`` could cause DNSSEC validation failures when the parent zone was
signed with the algorithms that were being disabled for the child zone.
This has been fixed; `disable-algorithms` now works
on a whole-of-zone basis.
If the zone's name is at or below the ``disable-algorithms`` name the algorithm
is disabled for that zone, using deepest match when there are multiple
``disable-algorithms`` clauses.
Closes #5165
Merge branch '5165-use-signer-name-when-disabling-dnssec-algorithms' into 'main'
See merge request isc-projects/bind9!10837
projects / thirdparty / bind9.git / commitdiff
