OpenDNS today announced it has adopted DNSCurve to secure DNS
Evan Hunt
each at isc.org
Thu Feb 25 23:41:19 UTC 2010
> > Or, if you think you might accidentally sign your zones or configure
> > trust anchors, you can:
> >
> > dnssec-enable no;
> > dnssec-validation no;
> >
>
> OK - so if I do the above - will that prevent my recursive server from doing
> DNSSEC if it gets information from a DNSSEC signed zone?
Yes, but "don't configure any trust anchors" gets the job done too. If
your configuration doesn't say "trusted-keys", "managed-keys", or
"dnssec-lookaside auto;" anywhere, then DNSSEC is not in use.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list