Re: dnssec-validation auto vs yes

On Wed, Jun 12, 2019 at 8:25 PM Evan Hunt wrote: > > On Wed, Jun 12, 2019 at 11:40:27PM +, Shawn Zhou via bind-users wrote: > > The default BIND9 installation for CentOS7 has dnssec-validation set to > > "yes" and it also includes managed-keys as well. Do those managed-keys > > get updated

Re: dnssec-validation auto vs yes

Shawn Zhou via bind-users wrote: > Thanks Even. Sounds like "dnssec-validation auto" is a more > future-proof option for what want it. I will use that instead. My recommendation is to avoid configuring or installing root trust anchors, and let named handle all that itself. In BIND 9.14 and

Re: dnssec-validation auto vs yes

Thanks Even. Sounds like "dnssec-validation auto" is a more future-proof option for what want it. I will use that instead. On Wednesday, June 12, 2019, 5:25:51 PM PDT, Evan Hunt wrote: On Wed, Jun 12, 2019 at 11:40:27PM +, Shawn Zhou via bind-users wrote: > The default BIND9

Re: dnssec-validation auto vs yes

On Wed, Jun 12, 2019 at 11:40:27PM +, Shawn Zhou via bind-users wrote: > The default BIND9 installation for CentOS7 has dnssec-validation set to > "yes" and it also includes managed-keys as well. Do those managed-keys > get updated automatically? Yes, if the "managed-keys" statement is in

dnssec-validation auto vs yes

Hi, The default BIND9 installation for CentOS7 has dnssec-validation set to "yes" and it also includes managed-keys as well. Do those managed-keys get updated automatically? It is not clear from reading  https://ftp.isc.org/isc/dnssec-guide/html/dnssec-guide.html#dnssec-validation-explained