Yes, that seems to be the argument. I would like to understand why it seems to be that many environments are set up with a forwarder that does not support DNSSEC. (is this by choice? is it a particular vendor, or old DNS server which does not forward the queries properly? misconfigured firewall rules?)
There are three possible values for the BIND dnssec-validation option: 'yes', 'no', and 'auto'. By saying "enabled with automatic keys", we just mean the default value of "dnssec-validation auto;" in the BIND configuration file. See also: http://users.isc.org/~jreed/dnssec-guide/dnssec-guide.html #dnssec-validation-explained -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1500683 Title: By default DNSSEC is enabled with automatic keys To manage notifications about this bug go to: https://bugs.launchpad.net/maas/+bug/1500683/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs