Hello,
our customer uses a domain that is registered, but hidden
(doesn't exist in DNS).
The domain is used by multiple organizations and we are required to forward
lookups for the domain to foreign internal servers.
The problem is, that parent domain (.eu) indicates that the domain is to be
signed and since default bind installation validates DNSSEC, lookups are
refused:
Feb 6 15:49:36 mon named[30183]: validating @0xf4806910: testa.eu MX: got
insecure response; parent indicates it should be secure
Is it currently possible to avoid validating this particular domain?
can I do anything other on my side than disabling DNSSEC validation at all?
I have bind9.8, going to upgrade to 9.9.5
(could probably go to 9.11 if needed)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Eagles may soar, but weasels don't get sucked into jet engines.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
