strange dnssec question
Edwardo Garcia
wdgarc88 at gmail.com
Wed Aug 18 00:23:52 UTC 2021
Hola Mark,
Thank you, so to be clear, what is mean to delegate zone, the black zone? I
am not dns expert unfortunately
On Wed, Aug 18, 2021 at 6:23 AM Mark Andrews <marka at isc.org> wrote:
> Delegate the zone. Do NOT add a DS for it.
>
> --
> Mark Andrews
>
> On 17 Aug 2021, at 23:47, Edwardo Garcia <wdgarc88 at gmail.com> wrote:
>
>
> Hola
>
> We have dnssec working for long time but need now to have a subdomain
> excluded, we are going to be use it to replace an internal blacklist, we
> have 14 smtp servers and it is cumbersome to keep in sync.
>
> So we have example.net signed,
> but we want black.example.net, and of course all addresses under, eg:
> 4.3.2.1.black.example.net to work, at present of course this presents
> SERVFAIL because dnssec, obvious "black" needs to be in example.net zone,
> nd its dns is ns999 whichwork when dnssec disabled but this is not optimum
>
> looking for suggestion or guidance to how we fix this please? Ir this is
> not possible?
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210818/22e2a3de/attachment.htm>
More information about the bind-users
mailing list