disable dnssec for particular domain
Reindl Harald
h.reindl at thelounge.net
Tue Feb 6 16:05:39 UTC 2018
Am 06.02.2018 um 17:00 schrieb Matus UHLAR - fantomas:
> our customer uses a domain that is registered, but hidden
> (doesn't exist in DNS).
>
> The domain is used by multiple organizations and we are required to forward
> lookups for the domain to foreign internal servers.
>
> The problem is, that parent domain (.eu) indicates that the domain is to be
> signed and since default bind installation validates DNSSEC, lookups are
> refused:
why does the parent domain indicate that?
DNSSEC is per domain and not per TLD
> Feb 6 15:49:36 mon named[30183]: validating @0xf4806910: testa.eu MX:
> got insecure response; parent indicates it should be secure
>
> Is it currently possible to avoid validating this particular domain?
>
> can I do anything other on my side than disabling DNSSEC validation at all?
>
> I have bind9.8, going to upgrade to 9.9.5
> (could probably go to 9.11 if needed)
More information about the bind-users
mailing list