The tool 'dnssec-ksr' now allows for KSK generation, as well as planned KSK rollovers. When signing a bundle from a Key Signing Request (KSR), only the key that is active in that time frame is being used for signing. Also, the CDS and CDNSKEY records are now added and removed at the correct time.
Closes #4697
Closes #4705
Merge branch '4705-dnssec-ksr-only-sign-with-active-ksks' into 'main'
projects / thirdparty / bind9.git / commit
