From 3a0e2fe8326d89432243cbb85b33d32666df1858 Mon Sep 17 00:00:00 2001
From: Mark Gurevich <gurevich@us.ibm.com>
Date: Wed, 9 Mar 2022 16:20:49 -0500
Subject: [PATCH] Turn off DNSSEC on Service Node for bind 9.16.6

---
 xCAT-server/sbin/makenamed.conf | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/xCAT-server/sbin/makenamed.conf b/xCAT-server/sbin/makenamed.conf
index 66487f9d9..d481bb76c 100755
--- a/xCAT-server/sbin/makenamed.conf
+++ b/xCAT-server/sbin/makenamed.conf
@@ -62,6 +62,11 @@ for i in $(grep "^nameserver" /etc/resolv.conf | awk '{print $2}')
 do
 	echo "		$i;"
 done >>$FILE
-echo "	};
-};" >>$FILE
+echo "	};" >>$FILE
+BIND_VERSION=$(/usr/sbin/named -v | cut -d" " -f2)
+if [[ $BIND_VERSION > "9.16.5" ]]; then
+        echo "	dnssec-enable no;
+	dnssec-validation no;" >>$FILE
+fi
+echo "};" >>$FILE