> First, dns-validation is 'off' by default in all BIND versions. It's > dnssec-enable that started defaulting to 'yes'.
Correct in the sense that there are no configured trust anchors, so validation doesn't happen. Incorrect in the sense that the "dnssec-validation" option *is* turned on by default, from BIND 9.5.0 onward. You're right that this isn't relevant to Jan's problem, though. -- Evan Hunt -- [email protected] Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
