disable dnssec for particular domain

Michelle Konzack linux4michelle at tamay-dogan.net
Tue Feb 6 16:24:51 UTC 2018

Good evening,

Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten:
> Hello,
> our customer uses a domain that is registered, but hidden
> (doesn't exist in DNS).

I hope you know what are you doing, because the DNS MUST exist!
Please read the general conditions for the EU Domain Registry!

> The domain is used by multiple organizations and we are required to
> forward
> lookups for the domain to foreign internal servers.

WHY register an .eu Domain at all?

If it is for internal use, setup your bind9 to serv the TLD .uhlar
and config all your clients to use your bin9 as there NS.

I do this with a bunch of TLDs which are only known to me and not a
singel bot is aware of it...

> The problem is, that parent domain (.eu) indicates that the domain is to
> be
> signed and since default bind installation validates DNSSEC, lookups are
> refused:

Forget about this and use your own private TLD

Thanks in advance

Michelle Konzack        Miila ITSystems @ TDnet
GNU/Linux Developer     00372-54541400

More information about the bind-users mailing list