diff --git a/CHANGES b/CHANGES index 857353d07f..18384ccd9f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,9 @@ --- 9.11.0rc1 released --- +4452. [bug] The default key manager policy file is now + /dnssec-policy.conf (usually + /etc/dnssec-policy.conf). [RT #43064] + 4451. [cleanup] Log more useful information if a PKCS#11 provider library cannot be loaded. [RT #43076] diff --git a/bin/python/dnssec-keymgr.docbook b/bin/python/dnssec-keymgr.docbook index 86a1cbc430..685b0730ad 100644 --- a/bin/python/dnssec-keymgr.docbook +++ b/bin/python/dnssec-keymgr.docbook @@ -60,7 +60,7 @@ DNSSEC policy can be read from a configuration file (default - /etc/dnssec.policy), from which the key + /etc/dnssec-policy.conf), from which the key parameters, publication and rollover schedule, and desired coverage duration for any given zone can be determined. This file may be used to define individual DNSSEC policies on a @@ -109,7 +109,7 @@ If is specified, then the DNSSEC policy is read from . (If not specified, then the policy is read from - /etc/policy.conf; if that file + /etc/dnssec-policy.conf; if that file doesn't exist, a built-in global default policy is used.) @@ -228,7 +228,7 @@ POLICY CONFIGURATION - The policy.conf file can specify three kinds + The dnssec-policy.conf file can specify three kinds of policies: diff --git a/bin/python/isc/keymgr.py.in b/bin/python/isc/keymgr.py.in index 702f1ace6c..98c003f8e2 100644 --- a/bin/python/isc/keymgr.py.in +++ b/bin/python/isc/keymgr.py.in @@ -109,7 +109,8 @@ def parse_args(): if not os.path.exists(args.policyfile): fatal('ERROR: Policy file "%s" not found' % args.policyfile) else: - args.policyfile = os.path.join(utils.sysconfdir, 'policy.conf') + args.policyfile = os.path.join(utils.sysconfdir, + 'dnssec-policy.conf') if not os.path.exists(args.policyfile): args.policyfile = None