disable dnssec in bind resolver
Jan Buchholz
96devil at googlemail.com
Fri Jun 4 15:36:21 UTC 2010
i mean the parameter is the default.
my problem is, if a client want to resolve a ip-address from my
bind-server, the resolver set for some domains the D0 flag for the
question. And this behaviour don´t like my firewall.
Jan
2010/6/4 Lightner, Jeff <jlightner at water.com>:
> I don't understand that.
>
> Are you saying that "dnsec-validation no;" is in your named.conf or are you saying you don't believe it is necessary to set it there because by default validation is off? If the latter what does it hurt to try it? Obviously something isn't working the way you expect or you wouldn't have asked.
>
> -----Original Message-----
> From: bind-users-bounces+jlightner=water.com at lists.isc.org [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf Of Jan Buchholz
> Sent: Friday, June 04, 2010 10:50 AM
> To: Paul Wouters
> Cc: bind-users at lists.isc.org
> Subject: Re: disable dnssec in bind resolver
>
> 2010/6/4 Paul Wouters <paul at xelerance.com>:
>> On Fri, 4 Jun 2010, Jan Buchholz wrote:
>>
>>> how i can disable dnssec in the bind resolver ? My firewall don´t let
>>> packets with D0 flag through. I´ve tried 'dnssec-enable no;' , but
>>> this don´t fix the problem.
>>
>> I believe that only disables *serving* DNSSEC records.
>>
>> I think you want 'dnssec-validation no;'
>>
>> Paul
>>
>
> sorry, 'dnssec-validation no;' is already configured, because that´s
> the default.
>
> Jan
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> Proud partner. Susan G. Komen for the Cure.
>
> Please consider our environment before printing this e-mail or attachments.
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
> ----------------------------------
>
More information about the bind-users
mailing list