dnssec validation issue

Eray Aslan eraya at a21an.org
Fri Jun 19 05:58:08 UTC 2015


On Thu, Jun 18, 2015 at 07:26:28PM -0700, Carl Byington wrote:
> On Fri, 2015-06-19 at 11:10 +1000, Mark Andrews wrote:
> > To use the keys in "/etc/named.iscdlv.key" set "dnssec-validation
> > auto;"
> New centos rpms at http://www.five-ten-sg.com/mapper/bind with a default
> named.conf that should actually work.

With the root zone and most TLDs signed, I do not think it makes sense
to use DLV anymore.  While a typical DNSSEC resolver configuration has
DLV enabled, I personally make the effort to disable it.

-- 
Eray


More information about the bind-users mailing list