Disable DNSSEC Validation for selected Domains
Daniel Stirnimann
daniel.stirnimann at switch.ch
Tue Jan 13 13:58:33 UTC 2015
Hello Stefan
You may also try to disable all DNSSEC algorithms for a zone:
https://lists.dns-oarc.net/pipermail/dns-operations/2014-October/012282.html
Regards,
Daniel
On 13.01.15 14:53, Stefan.Lasche at t-systems.com wrote:
> Hi Mukund
>
> and thanks a lot for pointing that out!
> It is already more than I was hoping for :)
>
> Regards,
> Stefan
>
>
>
>> BIND will get support for negative trust anchors in 9.11, which will provide the feature that you seek. An implementation is now in the master branch.
>>
>> https://tools.ietf.org/html/draft-livingood-negative-trust-anchors-07
>>
>> In partnership with our subscription customers who support future feature development by helping to fund our engineering work, we currently have a subscription branch where features critical to their current needs are backported from master and are currently available for their use. We are trialling the > negative trust anchors feature there now. If you absoutely need this now, please contact ISC about it.
>>
>> Another option is to run the master branch, but we don't recommend it as it is a development branch with several new features, some of which may be unstable or changing rapidly. Negative trust anchors will be released to the public in the 9.11 release.
>>
>> Mukund
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list