--- 9.11.0rc1 released ---
+4452. [bug] The default key manager policy file is now
+ <sysdir>/dnssec-policy.conf (usually
+ /etc/dnssec-policy.conf). [RT #43064]
+
4451. [cleanup] Log more useful information if a PKCS#11 provider
library cannot be loaded. [RT #43076]
</para>
<para>
DNSSEC policy can be read from a configuration file (default
- <filename>/etc/dnssec.policy</filename>), from which the key
+ <filename>/etc/dnssec-policy.conf</filename>), from which the key
parameters, publication and rollover schedule, and desired
coverage duration for any given zone can be determined. This
file may be used to define individual DNSSEC policies on a
If <option>-c</option> is specified, then the DNSSEC
policy is read from <option>file</option>. (If not
specified, then the policy is read from
- <filename>/etc/policy.conf</filename>; if that file
+ <filename>/etc/dnssec-policy.conf</filename>; if that file
doesn't exist, a built-in global default policy is used.)
</para>
</listitem>
<refsection><info><title>POLICY CONFIGURATION</title></info>
<para>
- The <filename>policy.conf</filename> file can specify three kinds
+ The <filename>dnssec-policy.conf</filename> file can specify three kinds
of policies:
</para>
<itemizedlist>
if not os.path.exists(args.policyfile):
fatal('ERROR: Policy file "%s" not found' % args.policyfile)
else:
- args.policyfile = os.path.join(utils.sysconfdir, 'policy.conf')
+ args.policyfile = os.path.join(utils.sysconfdir,
+ 'dnssec-policy.conf')
if not os.path.exists(args.policyfile):
args.policyfile = None
projects / thirdparty / bind9.git / commitdiff
