Bug 20872

Summary: BIND - why is DNSSEC disabled in named.conf?
Product: Mageia Reporter: Daniel Kastner <kastner>
Component: RPM PackagesAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: Normal CC: marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: bind CVE:
Status comment:

Description Daniel Kastner 2017-05-16 11:10:09 CEST 
In Cauldron is a BIND 9.10.5.

In default /etc/named.conf is:

      dnssec-enable no;
      dnssec-validation no;
      dnssec-lookaside auto;

I wonder to know why is DNSSEC disabled in Mageia?

If you look here
https://ftp.isc.org/isc/bind9/cur/9.10/doc/arm/Bv9ARM.ch06.html
there is
  dnssec-enable (default is "yes")
  dnssec-validation (default is "yes", but is recommended to use "auto", see https://ftp.isc.org/isc/dnssec-guide/html/dnssec-guide.html section 3.3.1)
  dnssec-lookaside is useless now (or soon), see https://dlv.isc.org/

So my enhancement request is to enable DNSSEC in default named.conf.
Comment 1 Marja Van Waes 2017-05-19 20:10:59 CEST 
Assigning to the registered maintainer.

Source RPM: (none) => bind
Assignee: bugsquad => guillomovitch
CC: (none) => marja11

Comment 2 Guillaume Rousse 2017-05-20 14:46:56 CEST 
I don't know if there is a specific reason, but as that is just a default setting in a configuration file, I don't see either much reason to change it. On the other hand, Fedora seems to enable it by default, we could try to reach consistency. But not just before a new release.

Status: NEW => ASSIGNED

Comment 3 Guillaume Rousse 2017-08-21 20:29:02 CEST 
Done in release 9.11.2-2.mga7.

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED