per zone dnssec setting
Shawn Zhou
shawnzhou00 at yahoo.com
Thu Jun 13 21:44:47 UTC 2019
Hi,
Does BIND9 allow per zone dnssec setting? I wanted to forward requests for certain zone to remote resolvers which doesn't support DNSSEC and also disable dnssec validation for that particular zone because forward-only resolver will return SERVFAIL to the client when the remote resolves don't support DNSSEC.
I was hoping I could configure dnssec on the zone level but that didn't appear to be supported (snippet from my test config):
zone "isc.org" { type forward; dnssec-validation no; forward only; forwarders { 208.67.220.220; };}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190613/957b9bd9/attachment-0001.html>
More information about the bind-users
mailing list