Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Heads Up: Disable dnssec-lookaside now
New on LowEndTalk? Please Register and read our Community Rules.

Heads Up: Disable dnssec-lookaside now

szarkaszarka Member
edited June 20 in General

Just a little heads-up for those who are running BIND and might be recycling an old named.conf file…

ISC has deprecated dnssec-lookaside and, starting with BIND 12.0, named will refuse to start if dnssec-lookaside auto is set or if it's set to yes with as the trust anchor (the default in old versions of CentOS and probably most others).

If you're running BIND 11 with dnssec-lookaside auto, it's already being silently ignored, so removing it should have no impact now.

Sign In or Register to comment.