dnssec
Greg Choules
gregchoules+bindusers at googlemail.com
Mon Aug 11 15:20:39 UTC 2025
Hello Renzo.
There is no point spending time answering these questions for a version of
BIND that is now obsolete. As I suggested in your other post, follow the
instructions in the KB article and install 9.20. After that, if you still
have questions, come back.
Please also read the documentation at
https://bind9.readthedocs.io/en/latest/reference.html , which should
hopefully answer many of your questions before you get as far as the list.
Cheers, Greg
On Mon, 11 Aug 2025 at 16:00, Renzo Marengo <buckroger2011 at gmail.com> wrote:
> In bind 9.16.23 dnssec-enable is deprecated and my server is only cache
> server which forwards all requests; It is not authoritative for any zones.
>
> Dnssec is used to sign dns requests of my domain or all dns requests which
> server makes?
>
> 0. dnssec-enable no
> default is to enable dnssec, but I want to disable I can make it ?
>
> 1. dnssec-validation no
> Can I delete this entry if I wnat to disable dnssec ?
>
> 2. bindkeys-file "/etc/named.iscdlv.key"
> Can I delete this entry ? Eventually Bind would use built-in keys
>
> 3. managed-keys-directory "/var/named/dynamic"
> see above, I can delete this entry because I'm not interesting to
> dnssec
>
> 4. session-keyfile "/run/named/session.key"
> I can leave it ?
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250811/f9a347c2/attachment.htm>
More information about the bind-users
mailing list