insecurity proof failed for a domain
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Dec 14 16:10:15 UTC 2021
>On 13.12.21 08:18, John Thurston wrote:
>>If you update your resolver to 9.16, I think you can do exactly what
>>you want with the "validate-execpt" option.
>>
>>{rolls eyes} been there. done that. for exactly the same reason :/
On 14.12.21 16:58, Matus UHLAR - fantomas wrote:
>thanks, this helped.
>I assume I need to put "local" into validate-except {}.
>This should not be a problem since .local is reserved.
>
>I guess .local should have negative trust anchor in root zone.
looks like I possibly could achieve the same with bind 9.11 by using
rndc nta local
to "temporarily" disable checking of "local" domain.
BIND would periodically re-check (and fail) and prolong the nta anchor
apparently forefer.
the "validate-except" is however cleaner solution.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."
More information about the bind-users
mailing list