On 23-09-2022 21:59, Ed Daniel wrote:
As per your previous email 17:54 where you share Sparklight response, Quad9 uses strict DNS checking iirc, you should add another couple of cloud DNS resolvers like 1.1.1.1 and 8.8.8.8 that fall back to resolve when DNSSEC is broken at destination.
As I hinted in response to the mail you sent earlier, you could set this up to do your own recursive queries from the root servers going up the chain of trust. Domains that have DNSSEC disabled will just work. Only broken DNSSEC enabled domains will not be answered.
I use Unbound for that purpose, but it can be done using BIND as well. -- Sandro -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
