+++ This bug was initially created as a clone of Bug #1223336 +++ Description of problem: As mentioned in Bug #1223325, ISC is planning to deprecate their DLV registry in the future. Currently, the default configuration shipped with BIND has DLV enabled. The usage of DLV should be removed from the default configuration. Version-Release number of selected component (if applicable): latest How reproducible: always Steps to Reproduce: 1. inspect /etc/named.conf installed by bind package Actual results: There is "dnssec-lookaside auto;" line in the options section of the default configuration. Expected results: There is NO "dnssec-lookaside auto;" line in the options section of the default configuration.
removed in bind-9.10.2-3.fc23
Wouldn't it make sense to remove the 'bindkeys-file "/etc/named.iscdlv.key";' line from the default configuration as well?
(In reply to Robert Scheck from comment #2) > Wouldn't it make sense to remove the 'bindkeys-file "/etc/named.iscdlv.key";' > line from the default configuration as well? Technically it could be removed. However it should not do any harm when left in the configuration. The file is named "named.iscdlv.key", however it contains also the root key. The file is from the BIND sources (just renamed from bind.keys) and if not found, then the keys compiled into the source are used. I just left it there, because when it is not specified, BIND looks for the file /etc/bind.keys. So when someone wants to use the DLV, the compiled in keys would be used (which should not be a real problem). I think I could comment it out with and provide short comment.
(In reply to Tomas Hozza from comment #3) > I think I could comment it out with and provide short comment. That would be great. Btw, /etc/named.root.key contains the same key, so there shouldn't be real need for /etc/named.iscdlv.key from my point of view.
(In reply to Robert Scheck from comment #4) > (In reply to Tomas Hozza from comment #3) > > I think I could comment it out with and provide short comment. > > That would be great. Btw, /etc/named.root.key contains the same key, so > there shouldn't be real need for /etc/named.iscdlv.key from my point of > view. I'm aware of that. Thank you.
Commented out with short description: http://pkgs.fedoraproject.org/cgit/rpms/bind.git/commit/?id=1a8262dde07fc595ad989bb63b23a59d4a353901