I solve the EDNS problem, probably on my Juniper SSG5. This will
initially have to wait until Juniper gets back to me, or I corner some
of their developers at IETF in a couple weeks. Alternatively I replace
the SSG5...
And I change my registry to one that supports DNSSEC.
Commenting all the lines about DNSSEC does not seem to totally stop it,
as I see the following message after restarting named:
Mar 3 07:48:45 onlo named[7049]: managed-keys-zone ./IN/external:
loaded serial 352
And eventhough rigel and klovia were restarted with all the DNSSEC lines
commented out, I am still getting the 'no valid RRSIG' messages for
htt. I suspect I am dealing with defaults here and will have to
explicitly state:
dnssec-enable no;
dnssec-validation no;
Anything else I need to do to really turn dnssec off for now?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
