On 8/16/09, John Marshall <john.marsh...@riverwillow.com.au> wrote:
>
> I'm new at DNSSEC. This server is the first one we have configured.
> I have the following in the global configuration options:
>
> dnssec-enable yes;
> dnssec-validation yes;
> dnssec-lookaside . trust-anchor dlv.isc.org.;
my recommendation is
dnssec-enable no;
dnssec-validation no;
// dnssec-lookaside . trust-anchor dlv.isc.org.;
that should fix the problem.
then lobby the bind bunnies at isc to incorporate dnscurve into bind.
dnscurve is the future of dns security. dnssec is just a bad joke best
avoided at all costs.
cheers
joe baptista
--
Joe Baptista
www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.
----------------------------------------------------------------
Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
Personal: www.joebaptista.wordpress.com
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
