Sparklight and DNSSEC
Nick Tait
nick at tait.net.nz
Mon Sep 26 21:50:44 UTC 2022
On 27/09/2022 3:58 am, Benny Pedersen wrote:
> imho dnssec-validation auto; have a bug as it validates domains
> without DS set
>
> hope bind developpers can confirm or deny it
Hi Benny.
Until DS records are published in the parent zone, the (signed) zone is
considered 'insecure', and validation doesn't occur. i.e. The behaviour
you described above is how it is supposed to work.
Nick.
More information about the bind-users
mailing list