The following options can set if configuring either automatic of manual DNSSEC Validation.
- DNSSEC Must Be Secure—provides a list of domains and indicates if they must be signed or not for the server to accept answers. When the Secured check box is selected, the domains must be signed; when not selected, the domains don't need to be signed. This option can be set at the configuration, view, or server level.
- DNSSEC Accept Expired—when enabled, the server accepts expired DNSSEC signatures. This option can be set at the configuration, view, or server level.
Note: Enabling the DNSSEC Accept Expired
option leaves the server vulnerable to replay attacks.