Fun with nsudpate and ac1.nstld.com
Tony Finch
dot at dotat.at
Tue Jul 7 17:32:21 UTC 2020
@lbutlr <kremels at kreme.com> wrote:
>
> The latest surprise was that dnssec-enable yes; is obsolete in Bind 9.16.
`dnssec-enable yes` has been the default since 2007, so that directive has
been useless for quite a long time :-) What changed in 9.16 is that you
now can't turn DNSSEC off. (Specifically, support for correctly serving
signed zones on authoritative servers, and support for DNSSEC-aware
clients of resolvers, whether or not any validation is happening.
`dnssec-validation` is a separate setting.)
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
individual and social justice
More information about the bind-users
mailing list