X-RT-Interface: Web
MIME-Version: 1.0
X-Mailer: MIME-tools 5.508 (Entity 5.508)
In-Reply-To: <rt-4.4.1-88210-1518117007-1690.43670-0-0@isc.org>
Message-ID: <rt-4.4.1-88210-1518127711-1750.43670-0-0@isc.org>
X-RT-Original-Encoding: utf-8
References: <RT-Ticket-43670@isc.org>
 <rt-4.2.8-6373-1479354393-1893.43670-3-0@isc.org>
 <20161117035644.E572B5A5BED1@rock.dv.isc.org>
 <rt-4.2.8-65026-1479355016-990.43670-4-0@isc.org>
 <20180208190956.GA31608@jurassic>
 <rt-4.4.1-88210-1518117007-1690.43670-0-0@isc.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: binary
Content-Disposition: inline
RT-Send-CC:
Content-Length: 783

On Thu Feb 08 09:10:07 2018, muks wrote:
> On Thu, Nov 17, 2016 at 03:56:57AM +0000, Mark Andrews via RT wrote:
> > Warning for "." and "dlv.isc.org" when they match the built-in
> > managed keys would be appropriate.
> 
> Somehow this ticket seems to have dropped off the radar.
> 
> Please review rt43670.
> 
> 		Mukund
> 

No!!!  Named is used in private networks where trusted-keys for the root
is perfectly appropriate.

dlv.isc.org already has plenty of warnings.

A warning for a trusted-key for "." which matches the to be removed key without the added
key already being present would be the point where I would issue a warning.  Anything
else is going to generate noise or is us enforcing our policy ideas on the operator.

Also all this code should be bin lib/bind9/check.c