hi- in the arm, it says "dnssec-enable: Enable DNSSEC support in named. Unless set to yes, named behaves as if it does not support DNSSEC.". "behaves as if it does not support DNSSEC" seemed quite unequivocal to me, so i interpreted this to mean that if dnssec-enable no; is set, no dnssec operations/behavior of any kind would be seen, period, regardless of what other settings might be set. however, it seems that if dnssec-validation auto; is set [i didn't try dnssec-validation yes;], bind does perform dnssec related operations even though dnssec-enable no; is set [from looking briefly at logs with rndc trace 1, i see what appear to be attempts at validation - retrieving ds records, dnskey records, etc].
am i misinterpreting the documentation? misinterpreting the apparent behavior? something else? thanks -ben _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users