Hi Daniel,
> You may also try to disable all DNSSEC algorithms for a zone:
> https://lists.dns-oarc.net/pipermail/dns-operations/2014-October/012282.html
>
> Regards,
> Daniel
Also a nice idea for a workaround :) But it did not work for me.
This is what I tried:
Options {
forward only;
forwarders {
x.x.x.x;
}
dnssec-enable yes;
dnssec-validation auto;
dnssec-lookaside auto;
disable-algorithms "example." { "RSAMD5"; "RSA"; "DH"; "DSA";
"NSEC3DSA"; "ECC"; "RSASHA1"; "NSEC3RSASHA1"; "RSASHA256"; "RSASHA512";
"ECCGOST"; };
}
zone "example" IN {
type forward;
forward only;
forwarders { y.y.y.y; };
};
But BIND still tries to validate and fails...
Regards,
Stefan
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
