How to Disable DNSSEC functionality from DNSCACHE service

How to Disable DNSSEC functionality from DNSCACHE service

   KB 24581        Last updated on 2023-10-28  

(0 votes)


Instances of name resolution failure may arise when the master DNS service lacks support for DNSSEC functionality.


To address this concern, the DNSSEC functionality within the MTA (Message Transfer Agent) server should be disabled, as it is enabled by default.

Check the current status of the DNSSEC functionality by running the command:

 zmlocalconfig zimbra_enable_dnssec

If the output shows that zimbra_enable_dnssec is set to "true", then DNSSEC is currently enabled.

Disable DNSSEC:

Change the value of zimbra_enable_dnssec to false using the following command:

 zmlocalconfig -e zimbra_enable_dnssec=false

Restart Services:

Restart both the zmconfigd and zmdnscache services to apply the changes:

 zmconfigdctl restart
 zmdnscachectl restart

By following these steps, the DNSSEC functionality will be disabled on the MTA server, addressing the issue of name resolution failure linked to DNSSEC incompatibility with the master DNS service.

Submitted by: Sandesh Satam
Verified Against: ZCS 8.8 ZCS 9.0 ZCS 10.0 Date Created: 2023-08-29
Article ID: Date Modified: 2023-10-28

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search