Affects Version/s: OpenDNSSEC 2.0
Fix Version/s: None
Affects OpenDNSSEC 184.108.40.206 (is not available under versions).
I have a zone which has "manual" DNSKEY records in the unsigned source zone (this is needed for example when transferring a zone to another operator). These DNSKEY records are dormant.
When deleting the DNSKEY records from the source zone the signer does an AXFR of the zone but the records still remain, although they are no longer there in the source zone.
To reproduce this:
1) Add manual DNSKEY records to an unsigned zone
2) Let ods-signer sign the zone
3) Remove manual DNSKEY records from unsigned source zone
3) let ods-signer sign the zone again
Expected: The manual DNSKEY records are gone
Actual: The manual DNSKEY records are still in the signed zone