From marka@isc.org  Tue Sep 27 12:04:30 2016
In-Reply-To: Your message of "Tue, 27 Sep 2016 11:25:03 +0000." <rt-4.2.8-80897-1474975502-1076.43277-3-0@isc.org>
X-Spam-Status: No, score=-4.3 required=5.0 tests=ALL_TRUSTED,BAYES_00, RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0
X-RT-Interface: API
References: <RT-Ticket-43277@isc.org> <003501d218b1$c32e86d0$498b9470$@cn> <rt-4.2.8-80897-1474975502-1076.43277-3-0@isc.org>
content-type: text/plain; charset="utf-8"
Message-ID: <20160927120423.81F64551DA38@rock.dv.isc.org>
X-RT-Original-Encoding: utf-8
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by bugs.isc.org (Postfix) with ESMTP id 40A1D71B5A8 for <bind9-bugs@bugs.isc.org>; Tue, 27 Sep 2016 12:04:30 +0000 (UTC)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id B4F513493D1 for <bind9-bugs@isc.org>; Tue, 27 Sep 2016 12:04:28 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id A64B116007D for <bind9-bugs@isc.org>; Tue, 27 Sep 2016 12:04:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 906B116007C for <bind9-bugs@isc.org>; Tue, 27 Sep 2016 12:04:28 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id RN3FLEUJTpAl for <bind9-bugs@isc.org>; Tue, 27 Sep 2016 12:04:28 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 05CBB160041 for <bind9-bugs@isc.org>; Tue, 27 Sep 2016 12:04:28 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 81F64551DA38 for <bind9-bugs@isc.org>; Tue, 27 Sep 2016 22:04:23 +1000 (EST)
Delivered-To: bind9-bugs@bugs.isc.org
Subject: Re: [ISC-Bugs #43277] FW: Yeti KSK rollover: resolver BIND9 issue
Return-Path: <marka@isc.org>
X-Original-To: bind9-bugs@bugs.isc.org
Date: Tue, 27 Sep 2016 22:04:23 +1000
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org
To: bind9-bugs@isc.org
From: "Mark Andrews" <marka@isc.org>
RT-Message-ID: <rt-4.2.8-80897-1474977871-25.43277-0-0@isc.org>
Content-Length: 399


The managed keys clause needs to be current as of the view creation
time.  Inheriting from other views with the same, now stale, managed
key may not give you a valid trusted key for the new view as there
may have been a fork in the chain of trusted keys.

Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org