Heads Up: Disable dnssec-lookaside now
Just a little heads-up for those who are running BIND and might be recycling an old named.conf file…
ISC has deprecated dnssec-lookaside and, starting with BIND 12.0, named will refuse to start if
dnssec-lookaside auto is set or if it's set to yes with dlv.isc.org as the trust anchor (the default in old versions of CentOS and probably most others).
If you're running BIND 11 with
dnssec-lookaside auto, it's already being silently ignored, so removing it should have no impact now.