DNSSEC and forward zone

[David Carvalho]

Hello guys

Asking for your help, again.

 

So after setting up DNSSEC I've found I couldn't reach some internal sites
on my top domain, served by internal DNS servers

There's no need in hiding domains as my e-mail is shown here.

 

Top domain


	
		
 

 


ubi.pt (external DNS Servers authoritative)

 

          Internal DNS servers (windows, Active directory - Recursive)

    Internalsite1.ubi.pt

                   Internalsite2.ubi.pt

                .

 

 

di.ubi.pt 

(both authoritative and recursive for my networks)

 

Previously I had the following to get internal sites resolved, but now it
seems it is completely discarded by dnssec.

 

zone "ubi.pt" IN {

        type forward;

        forwarders { 192.168.100.1; 192.168.100.2; };

}

 

Is there any configuration to allow me  to be able to access internal sites
served by internal dns servers, I guess not using DNSSEC?

Can this only be accomplished by adding these entries to my parent domain?

Thanks!

 

Kind regards

David Carvalho

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230419/45e1dc14/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 252 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230419/45e1dc14/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 3114 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230419/45e1dc14/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 4514 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230419/45e1dc14/attachment-0002.png>