Sparklight and DNSSEC
Bjørn Mork
bjorn at mork.no
Mon Sep 26 06:50:08 UTC 2022
Petr Špaček <pspacek at isc.org> writes:
> named.conf statement 'dnssec-enabled yes;' allows forwarding DNSSEC
> signatures (and other metadata) without validating them.
>
> named.conf statement 'dnssec-validation auto;' then enables DNSSEC
> validation itself.
>
> In other words, it is possible to allow DNSSEC to work for forwarders
> without doing validation itself. If the ISP in question resists
> enabling DNSSEC then at least 'dnssec-enabled yes; dnssec-validation
> no;' configuration would improve situation for people who care.
Thanks. Did not know this. Sorry for the disinformation.
Bjørn
More information about the bind-users
mailing list