OpenDNS today announced it has adopted DNSCurve to secure DNS

Joe Baptista baptista at publicroot.org
Thu Feb 25 16:07:32 UTC 2010


On Wed, Feb 24, 2010 at 10:23 PM, Alan Clegg <aclegg at isc.org> wrote:

> Joe Baptista wrote:
>
> >       dnssec-enable yes;
> >     and
> >       dnssec-validation yes;
> >
> >     are the defaults since BIND 9.5
> >
> >
> > How do I turn it off.
>
> Since you edited out the most important part of my post, I'll repeat it
> here before I answer your question:
>

Sorry - not my intention. It's just that part of the post did not apply to
me. My question was not related to an authoritative server but a recursive
only server.


>
>    Serving signed zones requires signed zone data to serve.
>    Validation requires configuration of trust anchors.
>
> To "turn it off",
>
> Don't sign your zones and don't configure trust anchors.
>

Like I said the server is recursive only - no zones served.


>
> Or, if you think you might accidentally sign your zones or configure
> trust anchors, you can:
>
>     dnssec-enable no;
>     dnssec-validation no;
>

OK - so if I do the above - will that prevent my recursive server from doing
DNSSEC if it gets information from a DNSSEC signed zone?


Thanks for your help here
joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100225/2830553d/attachment.html>


More information about the bind-users mailing list