Jack Tavares wrote: > >>From the release notes: > > > > --- 9.6.2-P2 released --- > > > > > > 2876. [bug] Named could return SERVFAIL for negative responses > > > > from unsigned zones. [RT #21131] > > > > Question: > > > > Does this bug only occur if dnssec is enabled? > > > > or only if dnssec validation is turned on? You're only open to experiencing this problem if an answer passes through the validator - so only if dnssec validation is enabled (meaning that you also have to have a trust anchor configured too). Per the ARM:
"To enable named to validate answers from other servers, the dnssec-enable and dnssec-validation options must both be set to yes (the default setting in BIND 9.5 and later), and at least one trust anchor must be configured with a trusted-keys statement in named.conf." > > > > or will it (potentially) occur regardless of whether or not either of these options are used? _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
