disable dnssec in bind resolver

Paul Wouters paul at xelerance.com
Fri Jun 4 16:15:32 UTC 2010


On Fri, 4 Jun 2010, Evan Hunt wrote:

> I'm pretty sure "dnssec-enable no" does suppress the DO bit.  If it
> doesn't, that's probably a bug.

Yeah, I thought the default changed when all those NAT routers proved buggy.

> If it doesn't, though, try "edns no".  You can't have a DO bit if you
> don't have a place to put one.

This seems a bit like "my left leg hurts, so i stabbed my right leg".

> And, fix the broken firewall as soon as possible. :)

Now that is solid advise :)

Paul



More information about the bind-users mailing list