diff --git a/bin/named/config.c b/bin/named/config.c index f023c48ce7..6a8fc599fb 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -190,7 +190,7 @@ options {\n\ stale-answer-ttl 30; /* 30 seconds */\n\ stale-cache-enable false;\n\ stale-refresh-time 30; /* 30 seconds */\n\ - synth-from-dnssec no;\n\ + synth-from-dnssec yes;\n\ # topology \n\ transfer-format many-answers;\n\ v6-bias 50;\n\ diff --git a/bin/tests/system/synthfromdnssec/tests.sh b/bin/tests/system/synthfromdnssec/tests.sh index badeeb14bb..4b4ea83b56 100644 --- a/bin/tests/system/synthfromdnssec/tests.sh +++ b/bin/tests/system/synthfromdnssec/tests.sh @@ -16,6 +16,7 @@ set -e status=0 n=1 +synth_default=yes rm -f dig.out.* @@ -217,7 +218,7 @@ sleep 1 for ns in 2 4 5 6 do case $ns in - 2) ad=yes synth=no description="";; + 2) ad=yes synth=${synth_default} description="";; 4) ad=yes synth=no description="no";; 5) ad=yes synth=yes description="yes";; 6) ad=no synth=no description="yes; dnssec-validation no";; @@ -412,7 +413,6 @@ n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) - echo_i "check DNAME handling (synth-from-dnssec yes;) ($n)" ret=0 dig_with_opts dnamed.example. ns @10.53.0.5 > dig.out.ns5.test$n || ret=1 diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 3db804154c..d46ae8f4cb 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -2240,8 +2240,7 @@ Boolean Options ``synth-from-dnssec`` This option synthesizes answers from cached NSEC, NSEC3, and other RRsets that have been - proved to be correct using DNSSEC. The default is ``no``, but it will become - ``yes`` again in future releases. + proved to be correct using DNSSEC. The default is ``yes``. .. note:: DNSSEC validation must be enabled for this option to be effective. This initial implementation only covers synthesis of answers from