Jack Tavares wrote:
From the release notes:
--- 9.6.2-P2 released ---
2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]
Question:
Does this bug only occur if dnssec is enabled?
or only if dnssec validation is turned on?
You're only open to experiencing this problem if an answer passes
through the validator - so only if dnssec validation is enabled (meaning
that you also have to have a trust anchor configured too). Per the ARM:
To enable named to validate answers from other servers, the
dnssec-enable and dnssec-validation options must both be set to yes (the
default setting in BIND 9.5 and later), and at least one trust anchor
must be configured with a trusted-keys statement in named.conf.
or will it (potentially) occur regardless of whether or not either
of these options are used?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
