In message , "=?UTF
-8?Q?Ond=C5=99ej_Sur=C3=BD?=" writes:
> Hi,
> I just found quite serious bug in dnssec-signzone :-(.


It's not a bug. It was a deliberate decision to only include
generate DS records when -g is specified. You manage the
transition from secure to insecure by removing the keyset
of the child.

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org