insecurity proof failed for a domain
Matus UHLAR - fantomas
uhlar at fantomas.sk
Mon Dec 13 13:41:22 UTC 2021
Hello,
I need to internaly forward domain to different nameserver:
zone "xxxxx.local" {
type forward;
forward only;
forwarders {
100.1.2.3;
};
};
when I do this with bind 9.11 (debian 10), I get these messages:
Dec 13 14:26:55 mail named[13112]: validating xxxxx.local/A: got insecure response; parent indicates it should be secure
Dec 13 14:26:55 mail named[13112]: insecurity proof failed resolving 'xxxxx.local/ANY/IN': 100.1.2.3#53
Dec 13 14:26:55 mail named[13112]: validating xxxxx.local/NS: got insecure response; parent indicates it should be secure
Dec 13 14:26:55 mail named[13112]: validating xxxxx.local/SOA: got insecure response; parent indicates it should be secure
looks like I could avoig this by disabling dnssec but is there any way to
disable this checking only for domain "local" or "xxxxx.local"?
I have tried to create empty "local" domain but then I only received empty
responses for any requests.
(I know .local is for mdns, but I can't do anything with that).
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
More information about the bind-users
mailing list