On 18/10/2017 1:17 AM, /dev/rob0 wrote:
> Um, validation is exclusively done on NON-authoritative lookup > results. I'm not sure what you are thinking. In order: This was pointed out previously. > 1. dnssec-enable no; would prevent your BIND server from serving > required records from a signed zone. It would prevent ANYONE from > being able to validate your signed zone. This is surely not what > you're seeking? Don't recall anyone suggesting this. > 2. dnssec-validation no; again, this has no effect when you're > serving authoritative data from a master or slave zone. This was my question to Viktor, "dnssec-validation no", based upon his previous post. I shall remove it. Mal
