On Wed, Feb 24, 2010 at 10:23 PM, Alan Clegg <acl...@isc.org> wrote: > Joe Baptista wrote: > > > dnssec-enable yes; > > and > > dnssec-validation yes; > > > > are the defaults since BIND 9.5 > > > > > > How do I turn it off. > > Since you edited out the most important part of my post, I'll repeat it > here before I answer your question: >
Sorry - not my intention. It's just that part of the post did not apply to me. My question was not related to an authoritative server but a recursive only server. > > Serving signed zones requires signed zone data to serve. > Validation requires configuration of trust anchors. > > To "turn it off", > > Don't sign your zones and don't configure trust anchors. > Like I said the server is recursive only - no zones served. > > Or, if you think you might accidentally sign your zones or configure > trust anchors, you can: > > dnssec-enable no; > dnssec-validation no; > OK - so if I do the above - will that prevent my recursive server from doing DNSSEC if it gets information from a DNSSEC signed zone? Thanks for your help here joe
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
