Sure way to fail with DNSSEC: manually copying signed zones over and reloading BIND. And yes: doing just that.

Mon Sep 30 08:04:12 +0000 2013