DNSSEC for recursive server

Adam Tkac atkac at redhat.com
Fri May 21 08:49:53 UTC 2010

On Fri, May 21, 2010 at 09:54:01AM +0300, Techi wrote:
> Hallo,
> I try to setup (=prepare) the our DNS servers for the DNSSEC era.
> I have a Centos 5.x with Bind 9.3.6-4. I have one problem and 2 questions.
> The problem is that the specific version seems to lack support for DNSSEC 
> validation! named-checkconf returns the following error:
> /etc/named.conf:212: unknown option 'dnssec-validation'
> !!!
> Now the questions:
> 1. I try to understand the concepts of DNSSEC and the signing of root zones. 
> As far as I understand, all I need to add in my bind's configuration are the 
> following lines:
> ****************************
>         dnssec-enable yes;
>         dnssec-validation yes;
> ****************************
> Is that correct?

DNSSEC validation & serving is controlled by one "global" DNSSEC
option in 9.3.X series:

options {
	dnssec yes;

Regards, Adam

Adam Tkac, Red Hat, Inc.

More information about the bind-users mailing list