disable dnssec for particular domain

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Feb 6 16:12:11 UTC 2018

>On 06/02/2018 16:00, Matus UHLAR - fantomas wrote:
>> our customer uses a domain that is registered, but hidden
>> (doesn't exist in DNS).
>> The domain is used by multiple organizations and we are required to forward
>> lookups for the domain to foreign internal servers.
>> The problem is, that parent domain (.eu) indicates that the domain is to be
>> signed and since default bind installation validates DNSSEC, lookups are
>> refused:

On 06.02.18 16:08, Ray Bellis wrote:
>The statements above are mutually contradictory.
>If the domain is in use by multiple organisations, which of them put the
>DS record in the .eu zone?  If it doesn't exist in the DNS then there
>can be no DS record.
>Or is it the case that perhaps that the parent .eu zone is actually
>denying the existence of that zone?

yes - as I stated above, it's hidden from the world.

I was apparently wrong with saying about it to be signed.

Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol. 

More information about the bind-users mailing list