OpenDNS today announced it has adopted DNSCurve to secure DNS

Evan Hunt each at isc.org
Thu Feb 25 23:41:19 UTC 2010


> > Or, if you think you might accidentally sign your zones or configure
> > trust anchors, you can:
> >
> >     dnssec-enable no;
> >     dnssec-validation no;
> >
> 
> OK - so if I do the above - will that prevent my recursive server from doing
> DNSSEC if it gets information from a DNSSEC signed zone?

Yes, but "don't configure any trust anchors" gets the job done too.  If
your configuration doesn't say "trusted-keys", "managed-keys", or
"dnssec-lookaside auto;" anywhere, then DNSSEC is not in use.

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.



More information about the bind-users mailing list