Comment 8 for bug 1384334

We added the option to the MAAS settings page as a convenience for users, since we also allow users to specify forwarders there. (it made sense that, when specifying forwarders, you should consider whether or not those forwarders support DNSSEC.)

Since this wasn't really a MAAS problem (rather, a BIND configuration option that MAAS will now manage for users), I'm not sure an SRU can be justified. So I suggest using the workaround in the description. That is, set the following option in /etc/bind/named.conf.options:

dnssec-validation no;

Either that, or just use MAAS 1.8 out the gate. (it's in the 'stable' PPA.) Note that later when you upgrade to MAAS 1.8+, we'll attempt to parse the existing named.conf.options and migrate your DNSSEC setting to the MAAS database.