strange dnssec question
wdgarc88 at gmail.com
Wed Aug 18 00:23:52 UTC 2021
Thank you, so to be clear, what is mean to delegate zone, the black zone? I
am not dns expert unfortunately
On Wed, Aug 18, 2021 at 6:23 AM Mark Andrews <marka at isc.org> wrote:
> Delegate the zone. Do NOT add a DS for it.
> Mark Andrews
> On 17 Aug 2021, at 23:47, Edwardo Garcia <wdgarc88 at gmail.com> wrote:
> We have dnssec working for long time but need now to have a subdomain
> excluded, we are going to be use it to replace an internal blacklist, we
> have 14 smtp servers and it is cumbersome to keep in sync.
> So we have example.net signed,
> but we want black.example.net, and of course all addresses under, eg:
> 126.96.36.199.black.example.net to work, at present of course this presents
> SERVFAIL because dnssec, obvious "black" needs to be in example.net zone,
> nd its dns is ns999 whichwork when dnssec disabled but this is not optimum
> looking for suggestion or guidance to how we fix this please? Ir this is
> not possible?
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> bind-users mailing list
> bind-users at lists.isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users