On 29.09.2011 23:06, Bill Owens wrote: > *except that perhaps those who enable this feature will use it as an excuse > to avoid enabling validation, which would be a very bad result, IMO. . .
My reading of the docs says that BIND's NXDOMAIN redirections won't break DNSSEC-signed results: "If the client has requested DNSSEC records (DO=1) and the NXDOMAIN response is signed then no substitution will occur." I didn't get it to work, yet, though. After enabling the redirect zone, BIND goes into an endless loop of zone_timer/zone_maintenance/zone_settimer. I'll try 9.9.0a2 later today. Hauke.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
