mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Document a specific 'dnssec-validation yes' usage incompatibility

Browse Source 
Static trust anchor for the root zone can not be used with
'dnssec-validation auto'.
This commit is contained in:
Aram Sargsyan
2024-01-24 14:45:29 +00:00
parent d28fd93a58
commit 85f966a8f6
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
doc/arm/reference.rst
View File

@@ -2572,7 +2572,10 @@ Boolean Options
If set to ``auto``, DNSSEC validation is enabled and a default trust If set to ``auto``, DNSSEC validation is enabled and a default trust
anchor for the DNS root zone is used. This trust anchor is provided anchor for the DNS root zone is used. This trust anchor is provided
as part of BIND and is kept up-to-date using :ref:`rfc5011.support` key as part of BIND and is kept up-to-date using :ref:`rfc5011.support` key
management. management. Adding an explicit static key using the :any:`trust-anchors`
statement with a ``static-key`` anchor type (or using the deprecated
:any:`trusted-keys` statement) for the root zone is not supported with the
``auto`` setting, and is treated as a configuration error.
If set to ``yes``, DNSSEC validation is enabled, but a trust anchor must be If set to ``yes``, DNSSEC validation is enabled, but a trust anchor must be
manually configured using a :any:`trust-anchors` statement (or the manually configured using a :any:`trust-anchors` statement (or the