DNSSEC and forward zone
David Carvalho
david at di.ubi.pt
Wed Apr 19 09:05:01 UTC 2023
Hello guys
Asking for your help, again.
So after setting up DNSSEC I've found I couldn't reach some internal sites
on my top domain, served by internal DNS servers
There's no need in hiding domains as my e-mail is shown here.
Top domain
ubi.pt (external DNS Servers authoritative)
Internal DNS servers (windows, Active directory - Recursive)
Internalsite1.ubi.pt
Internalsite2.ubi.pt
.
di.ubi.pt
(both authoritative and recursive for my networks)
Previously I had the following to get internal sites resolved, but now it
seems it is completely discarded by dnssec.
zone "ubi.pt" IN {
type forward;
forwarders { 192.168.100.1; 192.168.100.2; };
}
Is there any configuration to allow me to be able to access internal sites
served by internal dns servers, I guess not using DNSSEC?
Can this only be accomplished by adding these entries to my parent domain?
Thanks!
Kind regards
David Carvalho
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230419/45e1dc14/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 252 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230419/45e1dc14/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 3114 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230419/45e1dc14/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 4514 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230419/45e1dc14/attachment-0002.png>
More information about the bind-users
mailing list