When dnssec-validation stops working?
Joe Baptista
baptista at publicroot.org
Mon Aug 17 03:03:38 UTC 2009
On 8/16/09, John Marshall <john.marshall at riverwillow.com.au> wrote:
>
> I'm new at DNSSEC. This server is the first one we have configured.
> I have the following in the global configuration options:
>
> dnssec-enable yes;
> dnssec-validation yes;
> dnssec-lookaside . trust-anchor dlv.isc.org.;
my recommendation is
dnssec-enable no;
dnssec-validation no;
// dnssec-lookaside . trust-anchor dlv.isc.org.;
that should fix the problem.
then lobby the bind bunnies at isc to incorporate dnscurve into bind.
dnscurve is the future of dns security. dnssec is just a bad joke best
avoided at all costs.
cheers
joe baptista
--
Joe Baptista
www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.
----------------------------------------------------------------
Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
Personal: www.joebaptista.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090816/f1a869d3/attachment.html>
More information about the bind-users
mailing list