Fun with nsudpate and

Tony Finch dot at
Tue Jul 7 17:32:21 UTC 2020

@lbutlr <kremels at> wrote:
> The latest surprise was that dnssec-enable yes; is obsolete in Bind 9.16.

`dnssec-enable yes` has been the default since 2007, so that directive has
been useless for quite a long time :-) What changed in 9.16 is that you
now can't turn DNSSEC off. (Specifically, support for correctly serving
signed zones on authoritative servers, and support for DNSSEC-aware
clients of resolvers, whether or not any validation is happening.
`dnssec-validation` is a separate setting.)

f.anthony.n.finch  <dot at>
individual and social justice

More information about the bind-users mailing list