Bug 20872 - BIND - why is DNSSEC disabled in named.conf?
Summary: BIND - why is DNSSEC disabled in named.conf?
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal enhancement
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-16 11:10 CEST by Daniel Kastner
Modified: 2017-08-21 20:29 CEST (History)
1 user (show)

See Also:
Source RPM: bind
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Daniel Kastner 2017-05-16 11:10:09 CEST 
In Cauldron is a BIND 9.10.5.

In default /etc/named.conf is:

      dnssec-enable no;
      dnssec-validation no;
      dnssec-lookaside auto;

I wonder to know why is DNSSEC disabled in Mageia?

If you look here
https://ftp.isc.org/isc/bind9/cur/9.10/doc/arm/Bv9ARM.ch06.html
there is
  dnssec-enable (default is "yes")
  dnssec-validation (default is "yes", but is recommended to use "auto", see https://ftp.isc.org/isc/dnssec-guide/html/dnssec-guide.html section 3.3.1)
  dnssec-lookaside is useless now (or soon), see https://dlv.isc.org/

So my enhancement request is to enable DNSSEC in default named.conf.
Comment 1 Marja Van Waes 2017-05-19 20:10:59 CEST 
Assigning to the registered maintainer.

Source RPM: (none) => bind
Assignee: bugsquad => guillomovitch
CC: (none) => marja11

Comment 2 Guillaume Rousse 2017-05-20 14:46:56 CEST 
I don't know if there is a specific reason, but as that is just a default setting in a configuration file, I don't see either much reason to change it. On the other hand, Fedora seems to enable it by default, we could try to reach consistency. But not just before a new release.

Status: NEW => ASSIGNED

Comment 3 Guillaume Rousse 2017-08-21 20:29:02 CEST 
Done in release 9.11.2-2.mga7.

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.