proper setup of dnssec-validation to _always_ resolve, and retrieve DATA and status flags ?
dchilton+bind at bestmail.us
dchilton+bind at bestmail.us
Tue May 10 03:37:41 UTC 2011
hi,
On Mon, 09 May 2011 20:11 -0700, "Doug Barton" <dougb at dougbarton.us>
wrote:
> ...
> the fact that un-signed domains aren't returning data either is a problem.
that's not returning DATA *and* reporting a SERVFAIL. not sure if
they're one and the same issue.
> Split the features you described above into
> separate servers, remove the views stuff on the resolver, and try again.
I'm confused by this advice, and what exactly you're proposing I do
here.
I've run this single-instance bind9 server in split-horizon mode serving
up internal data with recursion to the lan & just data with no recursion
externally a couple of years with no apparent issues. I thought that
was the purpose of internal/external views.
Are you suggesting I need to run multiple bind9 servers, or some other
config, to simply make DNSSEC validation work correctly for the LAN
cleints?
Thanks
DCh
More information about the bind-users
mailing list