DNSSEC and forward zones
Vinny_Abello at Dell.com
Vinny_Abello at Dell.com
Tue Nov 1 18:12:39 UTC 2011
Hi Phil,
Thanks, however I can't control the domain in question unfortunately. It is what it is. We have to work with it. I totally understand why this doesn't work and actually agree with the design, however I just don't have a workaround or way to force forwarders for this domain with dnssec validation enabled on the resolver.
-Vinny
-----Original Message-----
From: bind-users-bounces+vinny_abello=dell.com at lists.isc.org [mailto:bind-users-bounces+vinny_abello=dell.com at lists.isc.org] On Behalf Of Phil Mayers
Sent: Tuesday, November 01, 2011 12:23 PM
To: bind-users at lists.isc.org
Subject: Re: DNSSEC and forward zones
On 01/11/11 16:14, Vinny_Abello at Dell.com wrote:
> resolution fail since NXDOMAIN is the valid answer... done, end of
> story. I thought the forwarder type would bypass this but apparently
> I am wrong. Is there some other way to handle this for non-existent
> domains just for testing purposes?
Don't do this. Use a domain you own, and can put a valid (insecure)
delegation into.
It might be possible with "type static-stub" in bind 9.8, but I don't
think so; I think it'll have the same effect.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list