Curiously, with "dnssec-validation auto;" commented out (but with "dnssec-enable yes;" un-commented) the server resolves external domains, but appears to not actually use DNSSEC?
Conversely, with "dnssec-enable yes;" commented out but with "dnssec-validation auto;" un-commented, the server fails to resolve external domains. -- |/"\ John D. Baker, KN5UKS NetBSD Darwin/MacOS X |\ / jdbaker[snail]consolidated[flyspeck]net OpenBSD FreeBSD | X No HTML/proprietary data in email. BSD just sits there and works! |/ \ GPGkeyID: D703 4A7E 479F 63F8 D3F4 BD99 9572 8F23 E4AD 1645
