In message <500985c0.3000...@interlinx.bc.ca>, "Brian J. Murrell" writes:
> On 12-07-20 11:40 AM, Mark Andrews wrote:
> >=20
> > In message <500978a5.4070...@imperial.ac.uk>, Phil Mayers writes:
> >> On 20/07/12 16:21, Mark Andrews wrote:
> >>>
> >>> In message <50096c2b.1080...@interlinx.bc.ca>, "Brian J. Murrell" wri=
> tes:
> >>>> Just for good measure, since I think I have posted this before, but =
> here
> >>>> are the options I have set in my bind configuration with regard to d=
> nssec=3D
> >>>> :
> >>>>
> >>>> dnssec-enable yes;
> >>>> dnssec-validation yes;
> >>>> dnssec-lookaside auto;
> >=20
> > My bad. "dnssec-validation auto;" is what I was thinking about.
>
> Interesting. Is "auto" for that value different/better than "yes",
> which I have configured already?
>
> Cheers,
> b.
"dnssec-validation auto;" tells named to use the compiled
in root key in addition to enabling validation. Depending
on the version this is a plain trusted-key or a managed-key.
If NS_SYSCONFDIR/bind.keys exists and is readable its contents
override the built in contents.
The root key(s) and dlv.isc.org key(s) are loaded from this
file for dnssec-validation auto; and dnssec-lookaside auto;
respectively.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
