Single nameserver doesn't show signed SOA-RRs

Mark Andrews marka at
Thu Jun 30 03:43:55 UTC 2011

In message <20110630031511.GN14980 at>, Stefan Foerster writes:
> * Mark Andrews <marka at>:
> > Contact the adminstrator of the server and request that they stop
> > disabling dnssec.  "dnssec-enable yes;" is the default for all
> > version except 9.3.x.
> Are you sure that has DNSSEC disabled? The admin told me
> he had added "dnssec-enable yes;" to the named.conf file.

But has he reloaded/reconfigured the server?

"dig any @" shows the server has the

"dig soa @ +dnssec" show that they arn't
being returned when requested and it also shows DO being returned
which means there is nothing stripping out the DO bit on the way
to the server or on the way back.

> Cheers
> Stefan
> _______________________________________________
> Please visit to unsubscribe
>  from this list
> bind-users mailing list
> bind-users at
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list