In message , "=?UTF
-8?Q?Ond=C5=99ej_Sur=C3=BD?=" writes:
> Hi,
> I just found quite serious bug in dnssec-signzone :-(.

It's not a bug. It was a deliberate decision to only include
generate DS records when -g is specified. You manage the
transition from secure to insecure by removing the keyset
of the child.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: