On 11/01/2011 06:34 PM, Scott Morizot wrote:
Alternatively, you can sign 'policydomain.internal' and configure its key as one of the trust anchors on the validating name servers. The order of validation is, if I recall correctly, locally configured trust anchors, then chain of trust from root, and finally DLVs. So doing that should provide a successful validation for the domain.
So presumably you could also follow Lyle's suggestion - have a local "private" zone, signed, with a local trust anchor and an *in*secure delegation to "policydomain.internal"?
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
