rbldnsd and DNSSEC compatibility issues - any suggestions?

[Fred Morris]

On Mon, 14 Sep 2020, Mark Andrews wrote:
> [...] All
> the queries to the recursive server with this configuration not answered by
> the server will leak.  The configuration needs “forward only;” to be added
> to prevent the leak.  We see this all the time.
>
> zone “non-existant-tld” {
> 	type forward;
> 	forwarders { <address>; };
> 	forward only;
> };

Worth making note of! :-)

> Remember forwarding started off as a performance measure.  Falling back to
> talking to the root servers is desired in that scenario.

--

Fred Morris