Hi Chris, > While you wait for this to become generally available, you can do what I like > to do for my customers: Use two layers of recursive DNS servers. The first > layer takes queries from clients, knows about your insecure domains > (through stub zones, slave zones, or conditional forwarding), and does not > perform DNSSEC validation. The first layer globally forwards to the second > layer, which does DNSSEC validation and recursion.
Funny thing is, that I have tried something similar already, placing a validating server in the first layer and forwarding problematic Domains to a non-validating server in the second layer. This didn't help. Now that I read your message, I see that it should have been the other way around to make it work ;) Regards, Stefan _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
