AW: Disable DNSSEC Validation for selected Domains
Stefan.Lasche at t-systems.com
Stefan.Lasche at t-systems.com
Wed Jan 14 10:43:32 UTC 2015
Hi Daniel,
> You may also try to disable all DNSSEC algorithms for a zone:
> https://lists.dns-oarc.net/pipermail/dns-operations/2014-October/012282.html
>
> Regards,
> Daniel
Also a nice idea for a workaround :) But it did not work for me.
This is what I tried:
Options {
forward only;
forwarders {
x.x.x.x;
}
dnssec-enable yes;
dnssec-validation auto;
dnssec-lookaside auto;
disable-algorithms "example." { "RSAMD5"; "RSA"; "DH"; "DSA"; "NSEC3DSA"; "ECC"; "RSASHA1"; "NSEC3RSASHA1"; "RSASHA256"; "RSASHA512"; "ECCGOST"; };
}
zone "example" IN {
type forward;
forward only;
forwarders { y.y.y.y; };
};
But BIND still tries to validate and fails...
Regards,
Stefan
More information about the bind-users
mailing list