strange dnssec question

Mark Andrews marka at isc.org
Tue Aug 17 20:23:30 UTC 2021


Delegate the zone. Do NOT add a DS for it.

-- 
Mark Andrews

> On 17 Aug 2021, at 23:47, Edwardo Garcia <wdgarc88 at gmail.com> wrote:
> 
> 
> Hola
> 
> We have dnssec working for long time but need now to have a subdomain excluded, we are going to be use it to replace an internal blacklist, we have 14 smtp servers and it is cumbersome to keep in sync.
> 
> So we have example.net signed,
> but we want black.example.net, and of course all addresses under, eg:  4.3.2.1.black.example.net  to work, at present of course this presents SERVFAIL because dnssec, obvious "black" needs to be in example.net zone, nd its dns is ns999 whichwork when dnssec disabled but this is not optimum
> 
> looking for suggestion or guidance to how we fix this please? Ir this is not possible?
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210818/76561da0/attachment.htm>


More information about the bind-users mailing list