Disabling DNSSEC validation per zone?

Phil Mayers p.mayers at imperial.ac.uk
Fri Jul 8 15:41:20 UTC 2011

On 08/07/11 15:13, Daniel McDonald wrote:
> I have a number of zones being served by rbldnsd, with bind as a
> front-end. The zones are defined as forward only in named.conf.
> When I enable dnssec validatation, these zones report that they are
> insecure.
> 08-Jul-2011 08:55:58.700 dnssec: info: validating @0xb4260ad8:
> ips.backscatterer.local SOA: got insecure response; parent indicates it
> should be secure
> I’m not really certain which parent is reporting this

Well, backscatterer.local presumably.

What does:

dig @localhost ips.backscatterer.local ds


> Is there a way to disable dnssec validation on these zones, while still
> requiring it elsewhere?

I believe not.

More information about the bind-users mailing list