Example: Configuring DNSSEC
DNS-enabled devices run a DNS resolver (proxy) that listens on loopback address 127.0.0.1 or ::1. The DNS resolver performs a hostname resolution for DNSSEC. Users need to set name server IP address to 127.0.0.1 or ::1 so the DNS resolver forwards all DNS queries to DNSSEC instead of to DNS. If the name server IP address is not set, DNS will handle all queries instead of to DNSSEC.
The following example shows how to set the server IP address to 127.0.0.1:
[edit] user@host# set system name-server 127.0.0.1
The DNSSEC feature is enabled by default. You can disable DNSSEC in the server by using the following CLI command:
[edit] set system services dns dnssec disable