private tld
Timothy Morizot
tmorizot at gmail.com
Wed Aug 21 01:17:03 UTC 2013
DNSSEC sign the private TLD and configure its KSK as a trust anchor on the
recursive resolvers.
Alternatively, you can configure all your recursive resolvers as slaves for
the private zone. Authoritative responses aren't validated on a mixed
authoritative/recursive nameserver.
Those are the only two options that immediately spring to my mind.
Scott
On Aug 20, 2013 5:16 PM, "Maria" <bind-lists at iano.org> wrote:
> My company uses a private tld. We are working on fixing that but the fix
> is going to take a while, especially if our solution ends up being trying
> to register it with icann.
>
> Our resolvers that all internet queries go through have a forward zone
> statement for that tld to some internal name servers. Unfortunately, when I
> turn on dnssec validation our resolvers go check out the root zone, see our
> private zone doesn't exist, and refuse to resolve records in the zone. Is
> there a solution I can put in place so we can do dnssec validation in the
> meantime while we work on ceasing to use the private tld?
>
> Thanks,
> Maria
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130820/2f605570/attachment.html>
More information about the bind-users
mailing list