error (no valid DS)

Barry Margolin barmar at alum.mit.edu
Tue Nov 26 19:55:57 UTC 2013


In article <mailman.1763.1385483027.20661.bind-users at lists.isc.org>,
 Agustín Dixan Díaz Corrales <agustin.dixan at esilt.azcuba.cu> wrote:

> El 26/11/13 11:09, /dev/rob0 escribió:
> > On Tue, Nov 26, 2013 at 09:38:44AM -0500, Agustín Dixan Díaz Corrales wrote:
> >> solved!
> >
> > No, not solved ...
> >
> >> dnssec-enable no;
> >> dnssec-validation no;
> >
> > ... That's a workaround, not a solution. If you read up on the
> > reasons for DNSSEC, you'll understand that you have fixed this
> > problem by opening yourself up to other ones.
> >
> > Granted, DNSSEC usage involves a bit of pain these days, but I'm
> > hanging in there and continuing to validate. The only concession I
> > made was "dnssec-accept-expired yes;"
> >
>   copy that, it a tested the last "solution" but the cost is 
> security...thanks agains..

It's like solving the problem of the Check Engine light on your 
dashboard by putting black tape over the light.

-- 
Barry Margolin
Arlington, MA


More information about the bind-users mailing list