Commit 4de43d28 authored by Jeremy C. Reed's avatar Jeremy C. Reed
Browse files

improve dnssec-enable and dnssec-validation documentation

This is for #37362
Okayed via jabber
No CHANGES entry
parent 1acae3ea
......@@ -6867,8 +6867,11 @@ options {
Enable DNSSEC support in <command>named</command>. Unless set to <userinput>yes</userinput>,
<command>named</command> behaves as if it does not support DNSSEC.
This indicates whether DNSSEC-related resource
records are to be returned by <command>named</command>.
If set to <userinput>no</userinput>,
<command>named</command> will not return DNSSEC-related
resource records unless specifically queried for.
The default is <userinput>yes</userinput>.
......@@ -6891,6 +6894,14 @@ options {
<command>managed-keys</command> statement. The default
is <userinput>yes</userinput>.
Whenever the resolver sends out queries to an
EDNS-compliant server, it always sets the DO bit
indicating it can support DNSSEC responses even if
<command>dnssec-validation</command> is off.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment