Am 06.02.2018 um 17:00 schrieb Matus UHLAR - fantomas:
our customer uses a domain that is registered, but hidden
(doesn't exist in DNS).

The domain is used by multiple organizations and we are required to forward
lookups for the domain to foreign internal servers.

The problem is, that parent domain (.eu) indicates that the domain is to be
signed and since default bind installation validates DNSSEC, lookups are
refused:

why does the parent domain indicate that?
DNSSEC is per domain and not per TLD

FebĀ  6 15:49:36 mon named[30183]: validating @0xf4806910: testa.eu MX: got insecure response; parent indicates it should be secure

Is it currently possible to avoid validating this particular domain?

can I do anything other on my side than disabling DNSSEC validation at all?

I have bind9.8, going to upgrade to 9.9.5
(could probably go to 9.11 if needed)
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to