How to disable DNSSEC/EDNS for lwresd

Tomas Hozza thozza at
Tue Apr 29 14:17:56 UTC 2014


I'm trying to disable DNSSEC/EDNS for the lwresd using the
following lwresd.conf:

options {
	directory "/var/named/";

	dnssec-enable no;
	dnssec-validation no;

	pid-file "/run/named/";
	session-keyfile "/run/named/session.key";

lwres {
	search {example1.;};
	ndots 1;

But it seems that the 'dnssec-enable no;' statement has no
influence on the EDNS usage in queries sent by lwresd.

I was able to disable EDNS when lwres is run as named

server {
        edns no;

server ::/0 {
        edns no;

in the configuration. However I was not able to disable EDNS
when running lwresd.

We have a user that would like to disable EDNS to reduce the
overhead it adds and improve the performance. The DNSSEC is
not a priority for them.

Is there way to disable DNSSEC/EDNS for lwresd?

Thank you in advance.

Tomas Hozza
Software Engineer - EMEA ENG Developer Experience

Red Hat Inc.                     

More information about the bind-users mailing list