From: Evan Hunt Date: Fri, 8 Feb 2019 06:45:28 +0000 (-0800) Subject: CHANGES, release notes X-Git-Tag: v9.15.0~9^2 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=cdc4388ac3e720367e8d808fe8061e91f06fc484;p=thirdparty%2Fbind9.git CHANGES, release notes --- diff --git a/CHANGES b/CHANGES index dd36dde318c..1e5b2dd211a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +5228. [func] If trusted-keys and managed-keys were configured + simultaneously for the same name, the key could + not be be rolled automatically. This is now + a fatal configuration error. [GL #868] + 5227. [placeholder] 5226. [placeholder] diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 18a9cc9c386..2781c728a80 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -132,7 +132,16 @@ - None. + When trusted-keys and + managed-keys were both configured for the + same name, or when trusted-keys was used to + configure a trust anchor for the root zone and + dnssec-validation was set to the default + value of auto, automatic RFC 5011 key + rollovers would be disabled. This combination of settings was + never intended to work, but there was no check for it in the + parser. This has been corrected, and it is now a fatal + configuration error. [GL #868]