A new option `-k` is added to `named-checkconf` that allows checking the `dnssec-policy` `keys` configuration against the configured key stores. If the found key files are not in sync with the given `dnssec-policy`, the check will fail.
This is useful to run before migrating to `dnssec-policy`.
Closes #5486
Backport of MR !10907
Merge branch 'backport-5486-named-checkconf-dnssec-policy-key-directory-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!11011
projects / thirdparty / bind9.git / commitdiff
