DNSSEC and forward zones

Phil Mayers p.mayers at imperial.ac.uk
Tue Nov 1 16:23:04 UTC 2011

On 01/11/11 16:14, Vinny_Abello at Dell.com wrote:

> resolution fail since NXDOMAIN is the valid answer... done, end of
> story. I thought the forwarder type would bypass this but apparently
> I am wrong. Is there some other way to handle this for non-existent
> domains just for testing purposes?

Don't do this. Use a domain you own, and can put a valid (insecure) 
delegation into.

It might be possible with "type static-stub" in bind 9.8, but I don't 
think so; I think it'll have the same effect.

More information about the bind-users mailing list