per zone dnssec setting

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

per zone dnssec setting

Bind-Users forum mailing list
Hi,

Does BIND9 allow per zone dnssec setting? I wanted to forward requests for certain zone to remote resolvers which doesn't support DNSSEC and also disable dnssec validation for that particular zone because forward-only resolver will return SERVFAIL to the client when the remote resolves don't support DNSSEC.

I was hoping I could configure dnssec on the zone level but that didn't appear to be supported (snippet from my test config):

zone "isc.org" {
  type forward;
  dnssec-validation no;
  forward only;
  forwarders {
       208.67.220.220;
  };
}



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users