@lbutlr <krem...@kreme.com> wrote: > > The latest surprise was that dnssec-enable yes; is obsolete in Bind 9.16.
`dnssec-enable yes` has been the default since 2007, so that directive has been useless for quite a long time :-) What changed in 9.16 is that you now can't turn DNSSEC off. (Specifically, support for correctly serving signed zones on authoritative servers, and support for DNSSEC-aware clients of resolvers, whether or not any validation is happening. `dnssec-validation` is a separate setting.) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ individual and social justice _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users