View Single Post
Old 30th January 2010
Knobee Knobee is offline
Real Name: Alan Clegg
New User
 
Join Date: Jan 2010
Location: Apex, NC, USA
Posts: 9
Default

On a side-note, I'd like to make people aware of the upcoming release of BIND 9.7 -- it is currently at "rc2" and should be a full release shortly.

The primary reason for BIND 9.7 is the ease of configuration of DNSSEC (we are calling it the "DNSSEC for Humans" release).

There are a number of things that make 9.7 better on the authoritative server (automatic re-signing of zones, simpler key management, etc).

There are also a couple of things that allow you to configure validation on recursive servers very easily.

Adding this:
Code:
	dnssec-enable yes;
	dnssec-lookaside auto;
to your options section on a recursive server running BIND 9.7 will "do the right thing" with the trust anchors for dlv.isc.org and therefore allow your system to do validation based on the trust anchors available in the ISC DLV registry - aim your browser at dlv.isc.org for more information.

Knobee
Reply With Quote