private tld

Alan Clegg alan at
Tue Aug 20 23:27:46 UTC 2013

On Aug 20, 2013, at 6:15 PM, Maria <bind-lists at> wrote:

> My company uses a private tld. We are working on fixing that but the fix is going to take a while, especially if our solution ends up being trying to register it with icann.
> Our resolvers that all internet queries go through have a forward zone statement for that tld to some internal name servers. Unfortunately, when I turn on dnssec validation our resolvers go check out the root zone, see our private zone doesn't exist, and refuse to resolve records in the zone. Is there a solution I can put in place so we can do dnssec validation in the meantime while we work on ceasing to use the private tld?

Sign your private TLD and insert an explicit trust anchor for it on each of your recursive servers.

Alan Clegg | +1-919-355-8851 | alan at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the bind-users mailing list