When dnssec-validation stops working?

Joe Baptista baptista at publicroot.org
Mon Aug 17 03:03:38 UTC 2009


On 8/16/09, John Marshall <john.marshall at riverwillow.com.au> wrote:
>
> I'm new at DNSSEC.  This server is the first one we have configured.
> I have the following in the global configuration options:
>
>         dnssec-enable yes;
>         dnssec-validation yes;
>         dnssec-lookaside . trust-anchor dlv.isc.org.;


my recommendation is

dnssec-enable no;
dnssec-validation no;
// dnssec-lookaside . trust-anchor dlv.isc.org.;

that should fix the problem.

then lobby the bind bunnies at isc to incorporate dnscurve into bind.
dnscurve is the future of dns security. dnssec is just a bad joke best
avoided at all costs.

cheers
joe baptista

-- 
Joe Baptista

www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.
----------------------------------------------------------------
  Office: +1 (360) 526-6077 (extension 052)
     Fax: +1 (509) 479-0084

Personal: www.joebaptista.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090816/f1a869d3/attachment.html>


More information about the bind-users mailing list