OpenDNS today announced it has adopted DNSCurve to secure DNS
Joe Baptista
baptista at publicroot.org
Thu Feb 25 16:07:32 UTC 2010
On Wed, Feb 24, 2010 at 10:23 PM, Alan Clegg <aclegg at isc.org> wrote:
> Joe Baptista wrote:
>
> > dnssec-enable yes;
> > and
> > dnssec-validation yes;
> >
> > are the defaults since BIND 9.5
> >
> >
> > How do I turn it off.
>
> Since you edited out the most important part of my post, I'll repeat it
> here before I answer your question:
>
Sorry - not my intention. It's just that part of the post did not apply to
me. My question was not related to an authoritative server but a recursive
only server.
>
> Serving signed zones requires signed zone data to serve.
> Validation requires configuration of trust anchors.
>
> To "turn it off",
>
> Don't sign your zones and don't configure trust anchors.
>
Like I said the server is recursive only - no zones served.
>
> Or, if you think you might accidentally sign your zones or configure
> trust anchors, you can:
>
> dnssec-enable no;
> dnssec-validation no;
>
OK - so if I do the above - will that prevent my recursive server from doing
DNSSEC if it gets information from a DNSSEC signed zone?
Thanks for your help here
joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100225/2830553d/attachment.html>
More information about the bind-users
mailing list