``disable-algorithms`` could cause DNSSEC validation failures when the parent zone was
signed with the algorithms that were being disabled for the child zone.
This has been fixed; `disable-algorithms` now works
on a whole-of-zone basis.
If the zone's name is at or below the ``disable-algorithms`` name the algorithm
is disabled for that zone, using deepest match when there are multiple
``disable-algorithms`` clauses.
Closes #5165
Backport of MR !10837
Merge branch 'backport-5165-use-signer-name-when-disabling-dnssec-algorithms-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!11014
projects / thirdparty / bind9.git / commitdiff
