DNSSEC for recursive server
Adam Tkac
atkac at redhat.com
Fri May 21 08:49:53 UTC 2010
On Fri, May 21, 2010 at 09:54:01AM +0300, Techi wrote:
> Hallo,
> I try to setup (=prepare) the our DNS servers for the DNSSEC era.
> I have a Centos 5.x with Bind 9.3.6-4. I have one problem and 2 questions.
> The problem is that the specific version seems to lack support for DNSSEC
> validation! named-checkconf returns the following error:
> /etc/named.conf:212: unknown option 'dnssec-validation'
>
> !!!
> Now the questions:
> 1. I try to understand the concepts of DNSSEC and the signing of root zones.
> As far as I understand, all I need to add in my bind's configuration are the
> following lines:
> ****************************
> dnssec-enable yes;
> dnssec-validation yes;
> ****************************
> Is that correct?
DNSSEC validation & serving is controlled by one "global" DNSSEC
option in 9.3.X series:
options {
...
dnssec yes;
...
};
Regards, Adam
--
Adam Tkac, Red Hat, Inc.
More information about the bind-users
mailing list