@lbutlr <[email protected]> wrote: > > The latest surprise was that dnssec-enable yes; is obsolete in Bind 9.16.
`dnssec-enable yes` has been the default since 2007, so that directive has been useless for quite a long time :-) What changed in 9.16 is that you now can't turn DNSSEC off. (Specifically, support for correctly serving signed zones on authoritative servers, and support for DNSSEC-aware clients of resolvers, whether or not any validation is happening. `dnssec-validation` is a separate setting.) Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ individual and social justice _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
