[CentOS] CentOS 6.10 bind DNSSEC issues

Wed Mar 25 17:46:02 UTC 2020
Chris Adams <linux at cmadams.net>

Once upon a time, Robert Heller <heller at deepsoft.com> said:
> Yes.  The installed ISC DLV key installed with 
> bind-9.8.2-0.68.rc1.el6_10.3.x86_64 seems to have expired and there does not 
> appear to be a new bind-9.8.2 RPM with a new key.  I guess you can *manually* 
> fetch a new key (look in the installed /etc/named.iscdlv.key file)

ISC DLV has been obsolete for a while now, you should disable it.

>         dnssec-lookaside auto;

I think setting this to "no" and restarting named should do it.
Chris Adams <linux at cmadams.net>