Carl,
can you add a “#” in front of "dnssec-policy” in bin/named/config.c
and see how that goes for you. That will comment out the default
‘dnssec-policy “none”;’.
Please let us know how that goes for you.
Mark
> On 29 Mar 2021, at 15:02, Carl Byington <[email protected]> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Mon, 2021-03-29 at 12:54 +1100, Mark Andrews wrote:
>> What do you have in options?
>
> options {
> directory "/var/named";
> allow-recursion { "friends"; };
> dnssec-enable yes;
> dnssec-validation auto;
> bindkeys-file "/etc/named.bind.keys";
> managed-keys-directory "/var/named/dynamic";
> listen-on-v6 {any;};
> ixfr-from-differences yes;
> max-journal-size 2m;
> notify yes;
> response-policy { zone "rpz.five-ten-sg.com";}
> qname-wait-recurse no;
> rate-limit {
> responses-per-second 500;
> errors-per-second 50;
> nxdomains-per-second 500;
> qps-scale 4000;
> exempt-clients { "friends"; };
> };
> max-recursion-queries 200; qname-minimization disabled;
> fetches-per-server 50;
> fetches-per-zone 50;
> server-id hostname;
> };
>
> This is on Centos 8. I will setup a VM tomorrow for more testing on
> this. For now, reverted back to 9.16.12.
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYGFRRxUcY2FybEBmaXZl
> LXRlbi1zZy5jb20ACgkQL6j7milTFsFm/wCbBpzr/W/QdtUMG0hhstYcI1wpsBcA
> nRdv220ju0R0IIEgbLzfbXs8CjHX
> =+zDb
> -----END PGP SIGNATURE-----
>
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
