NXDOMAIN redirection in BIND 9.9
Hauke Lampe
lampe at hauke-lampe.de
Fri Sep 30 09:50:51 UTC 2011
On 29.09.2011 23:06, Bill Owens wrote:
> *except that perhaps those who enable this feature will use it as an excuse to avoid enabling validation, which would be a very bad result, IMO. . .
My reading of the docs says that BIND's NXDOMAIN redirections won't
break DNSSEC-signed results:
"If the client has requested DNSSEC records (DO=1) and the NXDOMAIN
response is signed then no substitution will occur."
I didn't get it to work, yet, though. After enabling the redirect zone,
BIND goes into an endless loop of zone_timer/zone_maintenance/zone_settimer.
I'll try 9.9.0a2 later today.
Hauke.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110930/19d9ec5e/attachment.bin>
More information about the bind-users
mailing list