dnssec validation issue
Jaap Akkerhuis
jaap at NLnetLabs.nl
Fri Jun 19 08:00:13 UTC 2015
Eray Aslan writes:
> On Thu, Jun 18, 2015 at 07:26:28PM -0700, Carl Byington wrote:
> > On Fri, 2015-06-19 at 11:10 +1000, Mark Andrews wrote:
> > > To use the keys in "/etc/named.iscdlv.key" set "dnssec-validation
> > > auto;"
> > New centos rpms at http://www.five-ten-sg.com/mapper/bind with a default
> > named.conf that should actually work.
>
> With the root zone and most TLDs signed, I do not think it makes sense
> to use DLV anymore. While a typical DNSSEC resolver configuration has
> DLV enabled, I personally make the effort to disable it.
Furthermore, the whole dlv register is going to disappear in 2017
as announced at <https://www.isc.org/blogs/dlv/>.
jaap
More information about the bind-users
mailing list