When dnssec-validation stops working?

Joe Baptista baptista at publicroot.org
Mon Aug 17 03:03:38 UTC 2009

On 8/16/09, John Marshall <john.marshall at riverwillow.com.au> wrote:
> I'm new at DNSSEC.  This server is the first one we have configured.
> I have the following in the global configuration options:
>         dnssec-enable yes;
>         dnssec-validation yes;
>         dnssec-lookaside . trust-anchor dlv.isc.org.;

my recommendation is

dnssec-enable no;
dnssec-validation no;
// dnssec-lookaside . trust-anchor dlv.isc.org.;

that should fix the problem.

then lobby the bind bunnies at isc to incorporate dnscurve into bind.
dnscurve is the future of dns security. dnssec is just a bad joke best
avoided at all costs.

joe baptista

Joe Baptista

PublicRoot Consortium
The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.
  Office: +1 (360) 526-6077 (extension 052)
     Fax: +1 (509) 479-0084

Personal: www.joebaptista.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090816/f1a869d3/attachment.html>

More information about the bind-users mailing list