Add dnssec-validation setting per new BIND9 defaults.

author Matt Birkholz <matt@birchwood-abbey.net>

Thu, 20 Nov 2025 23:21:55 +0000 (16:21 -0700)

committer Matt Birkholz <matt@birchwood-abbey.net>

Thu, 20 Nov 2025 23:21:55 +0000 (16:21 -0700)
author Matt Birkholz <matt@birchwood-abbey.net>
Thu, 20 Nov 2025 23:21:55 +0000 (16:21 -0700)
committer Matt Birkholz <matt@birchwood-abbey.net>
Thu, 20 Nov 2025 23:21:55 +0000 (16:21 -0700)
diff --git a/README.org b/README.org

index cc4ce363103b1b092392a8f0e2170f7ba9251f5c..d053a47fc20f4a5360b28ced5a89c46d15c3e0e1 100644 (file)
--- a/README.org
+++ b/README.org
@@ -2695,6 +2695,8 @@ options {
         allow-recursion { trusted; };
         allow-query-cache { trusted; };
  
+       dnssec-validation yes;
+
         listen-on {
                 {{ core_addr }};
                 localhost;
diff --git a/roles_t/core/tasks/main.yml b/roles_t/core/tasks/main.yml

index 65fb66e5c86c4f1adc6ffadd6d5c62b9f4e217d4..93c466deb5077a95ce773d485033a37c0196b514 100644 (file)
--- a/roles_t/core/tasks/main.yml
+++ b/roles_t/core/tasks/main.yml
@@ -126,6 +126,8 @@
         allow-recursion { trusted; };
         allow-query-cache { trusted; };
        
+       dnssec-validation yes;
+      
         listen-on {
                 {{ core_addr }};
                 localhost;
author	Matt Birkholz <matt@birchwood-abbey.net>
	Thu, 20 Nov 2025 23:21:55 +0000 (16:21 -0700)
committer	Matt Birkholz <matt@birchwood-abbey.net>
	Thu, 20 Nov 2025 23:21:55 +0000 (16:21 -0700)
README.org		patch \| blob \| history
roles_t/core/tasks/main.yml		patch \| blob \| history