<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>To disable DNSSEC validation for a domain from the command line -
I use: dig +cd <a href="http://eportal.incometax.gov.in">eportal.incometax.gov.in</a></p>
<p>Works as expected.<br>
<br>
Better answer is to get them to fix the problem.<br>
</p>
<div class="moz-cite-prefix">On 2023/08/30 17:08, Bob McDonald
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAM-YptdQneSPdZ4gTXweG_Vg01nOJjYKZ2VLkTBvx4a9bahLEQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Turning off validation for that domain fixes the
issue.
<div><br>
</div>
<div>When using dig to diagnose this issue, one might be tempted
to use the DNSSEC switch. However, the following command:</div>
<div><br>
</div>
<div>dig <a href="http://eportal.incometax.gov.in"
moz-do-not-send="true">eportal.incometax.gov.in</a>. <a
class="gmail_plusreply" id="plusReplyChip-0"
moz-do-not-send="true">+NODNSSEC</a></div>
<div><a class="gmail_plusreply" moz-do-not-send="true"><br>
</a></div>
<div>will NOT turn off DNSSEC validation.</div>
<div><br>
</div>
<div>The DNSSEC switch in dig is used to display the associated
DNSSEC records (if they exist). It doesn't affect validation.
You must make the options change indicated by Greg Choules in
his previous post to disable DNSSEC validation for a specific
domain.</div>
<div><br>
</div>
<div>Sorry if this is redundant or very rudimentary.</div>
<div><br>
</div>
<div>Bob</div>
</div>
</blockquote>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title>
<p>Mark James ELKINS - Posix Systems - (South) Africa<br>
<a class="moz-txt-link-abbreviated" href="mailto:mje@posix.co.za">mje@posix.co.za</a> Tel: <a href="tel:+27826010496">+27.826010496</a><br>
For fast, reliable, low cost Internet in ZA: <a
href="https://ftth.posix.co.za">https://ftth.posix.co.za</a><br>
<br>
<br>
</p>
</div>
</body>
</html>