dnssec
Renzo Marengo
buckroger2011 at gmail.com
Mon Aug 11 15:00:06 UTC 2025
In bind 9.16.23 dnssec-enable is deprecated and my server is only cache
server which forwards all requests; It is not authoritative for any zones.
Dnssec is used to sign dns requests of my domain or all dns requests which
server makes?
0. dnssec-enable no
default is to enable dnssec, but I want to disable I can make it ?
1. dnssec-validation no
Can I delete this entry if I wnat to disable dnssec ?
2. bindkeys-file "/etc/named.iscdlv.key"
Can I delete this entry ? Eventually Bind would use built-in keys
3. managed-keys-directory "/var/named/dynamic"
see above, I can delete this entry because I'm not interesting to dnssec
4. session-keyfile "/run/named/session.key"
I can leave it ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250811/6fa5cb8b/attachment.htm>
More information about the bind-users
mailing list