Joe Baptista wrote: > dnssec-enable yes; > and > dnssec-validation yes; > > are the defaults since BIND 9.5 > > > How do I turn it off.
Since you edited out the most important part of my post, I'll repeat it
here before I answer your question:
Serving signed zones requires signed zone data to serve.
Validation requires configuration of trust anchors.
To "turn it off",
Don't sign your zones and don't configure trust anchors.
Or, if you think you might accidentally sign your zones or configure
trust anchors, you can:
dnssec-enable no;
dnssec-validation no;
AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
