disable dnssec in bind resolver
Paul Wouters
paul at xelerance.com
Fri Jun 4 16:15:32 UTC 2010
On Fri, 4 Jun 2010, Evan Hunt wrote:
> I'm pretty sure "dnssec-enable no" does suppress the DO bit. If it
> doesn't, that's probably a bug.
Yeah, I thought the default changed when all those NAT routers proved buggy.
> If it doesn't, though, try "edns no". You can't have a DO bit if you
> don't have a place to put one.
This seems a bit like "my left leg hurts, so i stabbed my right leg".
> And, fix the broken firewall as soon as possible. :)
Now that is solid advise :)
Paul
More information about the bind-users
mailing list