Sunghwan Kim(IBI) <sh...@ibi.net> wrote: > > I would like to know what happens if dnssec-enable yes; dnssec-validation > no; in named.conf are being setting. > > Does it come SERVFAIL ?
No. (But see * below...) `dnssec-enable` is to do with handling of DNSSEC records and query flags: setting and recognizing the DO flag and returning RRSIG and NSEC(3) records in responses, etc. It's necessary if the server is authoritative for signed zones, or if it is validating, or has clients that validate. In general you should not have the `dnssec-enable` option in your configuration file unless you are doing something very strange: leave it out, the default is correct. (*) It's possible that if you have broken middleboxes in your network, your DNS server will not be able to make DNSSEC queries. If so, get the network fixed :-) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Irish Sea: East 5 to 7, occasionally 4 at first. Slight or moderate, occasionally rough later. Showers. Moderate or good. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
