Disabling DNSSEC validation per zone?
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jul 8 15:41:20 UTC 2011
On 08/07/11 15:13, Daniel McDonald wrote:
> I have a number of zones being served by rbldnsd, with bind as a
> front-end. The zones are defined as forward only in named.conf.
>
> When I enable dnssec validatation, these zones report that they are
> insecure.
> 08-Jul-2011 08:55:58.700 dnssec: info: validating @0xb4260ad8:
> ips.backscatterer.local SOA: got insecure response; parent indicates it
> should be secure
>
> I’m not really certain which parent is reporting this
Well, backscatterer.local presumably.
What does:
dig @localhost ips.backscatterer.local ds
...say?
>
> Is there a way to disable dnssec validation on these zones, while still
> requiring it elsewhere?
I believe not.
More information about the bind-users
mailing list