Validating zones as a slave?
Jakob Schlyter
jakob at kirei.se
Fri Oct 9 06:45:59 UTC 2015
On 16 sep 2015, at 14:04, Tony Finch <dot at dotat.at> wrote:
> Some DNS users (e.g. ssh looking up SSHFP records) can be configured to
> trust the AD bit, but you don't get an AD bit if your recursive server is
> authoritative for a zone.
Unless you configure your BIND server to validate anyway using one recursive and one authoritative view, e.g.:
acl clients { 192.0.2.0/24; };
view "recursive" {
match-clients { clients; };
match-recursive-only yes;
recursion yes;
};
view "authoritative" {
match-clients { any; };
recursion no;
};
jakob
More information about the bind-workers
mailing list