mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00
Code Issues Releases Wiki Activity

Document a specific 'dnssec-validation yes' usage incompatibility

Browse Source 
Static trust anchor for the root zone can not be used with
'dnssec-validation auto'.
This commit is contained in:
Aram Sargsyan 2024-01-24 14:45:29 +00:00
parent d28fd93a58
commit 85f966a8f6
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/arm/reference.rst
View File

@ -2572,7 +2572,10 @@ Boolean Options
If set to ``auto``, DNSSEC validation is enabled and a default trust
anchor for the DNS root zone is used. This trust anchor is provided
as part of BIND and is kept up-to-date using :ref:`rfc5011.support` key
management.
management. Adding an explicit static key using the :any:`trust-anchors`
statement with a ``static-key`` anchor type (or using the deprecated
:any:`trusted-keys` statement) for the root zone is not supported with the
``auto`` setting, and is treated as a configuration error.
If set to ``yes``, DNSSEC validation is enabled, but a trust anchor must be
manually configured using a :any:`trust-anchors` statement (or the