Disabling DNSSEC validation per zone?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Sep 3 08:34:44 UTC 2009
On Wed, Sep 02, 2009 at 01:18:33PM +0200,
Hauke Lampe <list+bindusers at hauke-lampe.de> wrote
a message of 95 lines which said:
> What we try to achieve is:
>
> - Validate DNSSEC signatures on resolvers close to the clients, using
> dlv.isc.org
> - Keep internal name resolution functioning, even if the connection to
> the outer internet is down
>
>
> I see the following options to do this. Please correct me if I missed some:
4. Create your own DLV zone, containing your zones but keep continuing
using dlv.isc.org. RFC 5074 describes in detail what to do if there
are several DLV zones (section 7 "Overlapping DLV Domains"). No idea
if BIND accepts it.
More information about the bind-users
mailing list