per zone dnssec setting

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

per zone dnssec setting

Bind-Users forum mailing list

Does BIND9 allow per zone dnssec setting? I wanted to forward requests for certain zone to remote resolvers which doesn't support DNSSEC and also disable dnssec validation for that particular zone because forward-only resolver will return SERVFAIL to the client when the remote resolves don't support DNSSEC.

I was hoping I could configure dnssec on the zone level but that didn't appear to be supported (snippet from my test config):

zone "" {
  type forward;
  dnssec-validation no;
  forward only;
  forwarders {;

Please visit to unsubscribe from this list

bind-users mailing list
[hidden email]