Disabling DNSSEC until...
Robert Moskowitz
rgm at htt-consult.com
Sun Mar 3 13:10:43 UTC 2013
I solve the EDNS problem, probably on my Juniper SSG5. This will
initially have to wait until Juniper gets back to me, or I corner some
of their developers at IETF in a couple weeks. Alternatively I replace
the SSG5...
And I change my registry to one that supports DNSSEC.
Commenting all the lines about DNSSEC does not seem to totally stop it,
as I see the following message after restarting named:
Mar 3 07:48:45 onlo named[7049]: managed-keys-zone ./IN/external:
loaded serial 352
And eventhough rigel and klovia were restarted with all the DNSSEC lines
commented out, I am still getting the 'no valid RRSIG' messages for
htt. I suspect I am dealing with defaults here and will have to
explicitly state:
dnssec-enable no;
dnssec-validation no;
Anything else I need to do to really turn dnssec off for now?
More information about the bind-users
mailing list