Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15916
| From | Tony Finch <dot@dotat.at> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: Fun with nsudpate and ac1.nstld.com |
| Date | 2020-07-07 18:32 +0100 |
| Message-ID | <mailman.628.1594143116.942.bind-users@lists.isc.org> (permalink) |
| References | (1 earlier) <CAAeHe+wJ5tDcq__F0tbGXtm-9jURmajCjDQPJSgJR7b5DaaUbw@mail.gmail.com> <9ABC733A-A0FB-4569-B037-90ACBB82AE4D@kreme.com> <A118175B-E33A-462A-9BD3-6D3C2EB0E4D2@isc.org> <D8B5190D-5B3F-4F34-9A3F-F10D1C856B22@kreme.com> <alpine.DEB.2.20.2007071826470.21235@grey.csi.cam.ac.uk> |
@lbutlr <kremels@kreme.com> wrote: > > The latest surprise was that dnssec-enable yes; is obsolete in Bind 9.16. `dnssec-enable yes` has been the default since 2007, so that directive has been useless for quite a long time :-) What changed in 9.16 is that you now can't turn DNSSEC off. (Specifically, support for correctly serving signed zones on authoritative servers, and support for DNSSEC-aware clients of resolvers, whether or not any validation is happening. `dnssec-validation` is a separate setting.) Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ individual and social justice
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: Fun with nsudpate and ac1.nstld.com Tony Finch <dot@dotat.at> - 2020-07-07 18:32 +0100
csiph-web