CHANGES, release notes

2026-06-12 19:49:59 -04:00 · 2019-02-07 22:45:28 -08:00 · 2019-02-07 22:45:28 -08:00 · bfd646795d
commit bfd646795d
parent 9b59425d06
2 changed files with 18 additions and 1 deletions
--- a/5
+++ b/5
@ -1,5 +1,10 @@
 5229.	[protocol]	Enforce known SSHFP fingerprint lengths. [GL #852]

+5228.	[cleanup]	If trusted-keys and managed-keys are configured
+			simultaneously for the same name, the key cannot
+			be rolled automatically. This configuration now
+			logs a warning. [GL #868]
+
 5224.	[bug]		Only test provide-ixfr on TCP streams. [GL #991]

 5223.	[bug]		Fixed a race in the filter-aaaa plugin accessing
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@ -123,7 +123,19 @@
    <itemizedlist>
      <listitem>
 	<para>
-	  None.
+	  When <command>trusted-keys</command> and
+	  <command>managed-keys</command> are both configured for the
+	  same name, or when <command>trusted-keys</command> is used to
+	  configure a trust anchor for the root zone and
+	  <command>dnssec-validation</command> is set to the default
+	  value of <literal>auto</literal>, automatic RFC 5011 key
+	  rollovers will fail.
+	</para>
+	<para>
+	  This combination of settings was never intended to work,
+	  but there was no check for it in the parser. This has been
+	  corrected; a warning is now logged. (In BIND 9.15 and
+	  higher this error will be fatal.) [GL #868]
 	</para>
      </listitem>
    </itemizedlist>