bind9-clone / KNOWN-DEFECTS

dnssec-signzone was designed so that it could sign a zone partially, using
only a subset of the DNSSEC keys needed to produce a fully-signed zone.
This permits a zone administrator, for example, to sign a zone with one
key on one machine, move the resulting partially-signed zone to a second
machine, and sign it again with a second key.

An unfortunate side-effect of this flexibility is that dnssec-signzone
does not check to make sure it's signing a zone with any valid keys at
all.  An attempt to sign a zone without any keys will appear to succeed,
producing a "signed" zone with no signatures.  There is no warning issued
when a zone is not signed.

This will be corrected in a future release.  In the meantime, ISC
recommends examining the output of dnssec-signzone to confirm that
the zone is properly signed by all keys before using it.
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.