On Aug 20, 2013, at 6:15 PM, Maria <bind-li...@iano.org> wrote: > My company uses a private tld. We are working on fixing that but the fix is > going to take a while, especially if our solution ends up being trying to > register it with icann. > > Our resolvers that all internet queries go through have a forward zone > statement for that tld to some internal name servers. Unfortunately, when I > turn on dnssec validation our resolvers go check out the root zone, see our > private zone doesn't exist, and refuse to resolve records in the zone. Is > there a solution I can put in place so we can do dnssec validation in the > meantime while we work on ceasing to use the private tld?
Sign your private TLD and insert an explicit trust anchor for it on each of your recursive servers. AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
