In message <483759859.6291670.1398781076480.javamail.zim...@redhat.com>, Tomas H ozza writes: > Hi. > > I'm trying to disable DNSSEC/EDNS for the lwresd using the > following lwresd.conf: > > options { > directory "/var/named/"; > > dnssec-enable no; > dnssec-validation no; > > pid-file "/run/named/lwresd.pid"; > session-keyfile "/run/named/session.key"; > }; > > lwres { > search {example1.;}; > ndots 1; > }; > > But it seems that the 'dnssec-enable no;' statement has no > influence on the EDNS usage in queries sent by lwresd.
"dnssec-enable no;" controls how named responds to DO=1 queries. It is a no-op to lwresd as it is not processing DNS requests. > I was able to disable EDNS when lwres is run as named > using: > > server 0.0.0.0/0 { > edns no; > }; > > server ::/0 { > edns no; > }; Just add the server clauses to lwresd.conf. "lwresd -c lwresd.conf" is running as lwresd "lwresd -C resolv.conf" is running as lwresd "lwresd" is the same as "lwresd -C /etc/resolv.conf" "named -c named.conf" (with a lwres clause) is running as both named and lwresd "named -c named.conf" (without a lwres clause) is running as just named > in the configuration. However I was not able to disable EDNS > when running lwresd. > > We have a user that would like to disable EDNS to reduce the > overhead it adds and improve the performance. The DNSSEC is > not a priority for them. > > Is there way to disable DNSSEC/EDNS for lwresd? > > Thank you in advance. > > > Regards, > -- > Tomas Hozza > Software Engineer - EMEA ENG Developer Experience > > PGP: 1D9F3C2D > Red Hat Inc. http://cz.redhat.com > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users