strange dnssec question

Edwardo Garcia wdgarc88 at
Tue Aug 17 13:46:45 UTC 2021


We have dnssec working for long time but need now to have a subdomain
excluded, we are going to be use it to replace an internal blacklist, we
have 14 smtp servers and it is cumbersome to keep in sync.

So we have signed,
but we want, and of course all addresses under, eg:  to work, at present of course this presents
SERVFAIL because dnssec, obvious "black" needs to be in zone,
nd its dns is ns999 whichwork when dnssec disabled but this is not optimum

looking for suggestion or guidance to how we fix this please? Ir this is
not possible?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list