OpenDNS today announced it has adopted DNSCurve to secure DNS

Alan Clegg aclegg at isc.org
Thu Feb 25 03:23:42 UTC 2010


Joe Baptista wrote:

>       dnssec-enable yes;
>     and
>       dnssec-validation yes;
> 
>     are the defaults since BIND 9.5
> 
> 
> How do I turn it off.

Since you edited out the most important part of my post, I'll repeat it
here before I answer your question:

    Serving signed zones requires signed zone data to serve.
    Validation requires configuration of trust anchors.

To "turn it off",

Don't sign your zones and don't configure trust anchors.

Or, if you think you might accidentally sign your zones or configure
trust anchors, you can:

     dnssec-enable no;
     dnssec-validation no;

AlanC

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100224/ff1eb554/attachment.bin>


More information about the bind-users mailing list