diff --git a/xCAT-server/sbin/makenamed.conf b/xCAT-server/sbin/makenamed.conf
index d481bb76c..eaf197932 100755
--- a/xCAT-server/sbin/makenamed.conf
+++ b/xCAT-server/sbin/makenamed.conf
@@ -63,8 +63,19 @@ do
 	echo "		$i;"
 done >>$FILE
 echo "	};" >>$FILE
-BIND_VERSION=$(/usr/sbin/named -v | cut -d" " -f2)
-if [[ $BIND_VERSION > "9.16.5" ]]; then
+
+# Natural version compare against version of bind.
+# If version 9.16.6 or higher, turn off DNSSEC
+BIND_VERSION=$(/usr/sbin/named -v | cut -d" " -f2 | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+' | head -n1)
+CONTROL_BIND_VERSION="9.16.6"
+
+# "sort --version-sort" takes lines of version strings and sorts them.
+# Output is lines of versions in sorted order, last line is highest version number
+LAST_IN_COMPARE=`printf '%s\n' $BIND_VERSION $CONTROL_BIND_VERSION | sort --version-sort | tail -n1`
+
+if [ $BIND_VERSION = $LAST_IN_COMPARE ]; then
+        # current version of BIND was last in sorted order,
+        # therefor it is higher than CONTROL_BIND_VERSION
         echo "	dnssec-enable no;
 	dnssec-validation no;" >>$FILE
 fi