On 9/6/2011 9:13 AM, Tony Finch wrote:
Lyle Giese<l...@lcrcomputer.net> wrote:
zone "chaseprod.local"{
type forward;
forwarders {10.0.100.205;};};
This seemed to work until I added some stuff for DNSSEC to my named.conf.
In order to forward a zone in the presence of DNSSEC validation, the zone
has to have a valid delegation in the public DNS. You can't use forwarding
to splice some private namespace onto the public DNS.
There is a new "static-stub" zone type which should avoid this problem,
though it has a number of other differences from a forwarding
configuration.
Tony.
Changing zone to:
zone "chaseprod.local"{
type static-stub;
server-addresses {10.0.100.205;};};
And adding back in the DNSSEC stuff, it's still broke, but the output
from dig changes.
; <<>> DiG 9.8.0-P4 <<>> @127.0.0.1 chasew8s1.corp.chaseprod.local
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Very informative. But if I disable DNSSEC, resolution using a
static-stub zone does work.
Lyle Giese
LCR Computer Services, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
