# Bind9.11 - dnssec - unknown options



## bryn1u (May 13, 2018)

Hello guys,

I have a Bind911 server which works well. I want to add dnssec options to the named.conf. I have added lines like below and after restart im getting issue:

```
/usr/local/etc/namedb/named.conf:382: unknown option 'dnssec-enable'
/usr/local/etc/namedb/named.conf:383: unknown option 'dnssec-validation'
/usr/local/etc/namedb/named.conf:384: unknown option 'dnssec-lookaside'
/usr/local/etc/rc.d/named: ERROR: named-checkconf for /usr/local/etc/namedb/named.conf failed
```
named.conf

```
(...)
dnssec-enable yes;
dnssec-validation auto;
dnssec-lookaside auto;

zone "domain.pl" IN {
        type master;
        file "/usr/local/etc/namedb/dynamic/domain.pl.zone.db";
};
```

Someone can tell me what im doing wrong ?
Thank you,


----------



## ShelLuser (May 13, 2018)

Simple issue really: you placed the instructions in the wrong section. Well, specifically I think you didn't placed them in any section, which is actually required.

Check named.conf(5). You'll notice that dnssec-enable is mentioned as part of options {}; and a part of view {};, but nothing else. As such you can only use this inside those sections.

Move those three into the options section (at the beginning of your config file) and you'll be fine.


----------



## bryn1u (May 13, 2018)

Ehhh. I forgot about it. Thank's 

By the way:

```
dnssec-lookaside auto;
```
Is not supported any more


----------

