RE: Questions about "dnssec validation" statement

Thu, 06 Mar 2025 05:11:25 -0800 

I haven't tried anything yet as I wanted to make sure I didn't break anything.

I can add the validation no to the zone and named-checkconf and see if it will 
take it.  I'll have to wait until after hours to try it.

Thanks

From: Evan McKinney <e...@evanm.nyc>
Sent: Thursday, March 6, 2025 8:05 AM
To: Chris Isaksen <chris.isak...@nysed.gov>
Cc: bind-users@lists.isc.org
Subject: Re: Questions about "dnssec validation" statement

Hi Chris

If you've got your global options set similarly to this
options {
    dnssec-validation auto; // Global validation enabled
    // ... other options ...
};

Have you been able to try something along the lines of this?
zone "no-dnssec.example" {
    type forward;
    forwarders { 192.0.2.1; };
    validation no;
};

-Evan


On 6 Mar 2025, at 07:56, Chris Isaksen 
<chris.isak...@nysed.gov<mailto:chris.isak...@nysed.gov>> wrote:

I was wondering if dnssec validation could be set to auto in the options 
section and then set it to 'no' in a particular zone?

We would like to use "dnssec validation auto"  but a few forwarding zones we 
have, we know do not use dnssec and queries fail if it's not set to no.

Thanks



Chris Isaksen
System Administrator
Server Support Unit
(518)-473-7580



Confidentiality Notice

This email including all attachments is confidential and intended solely for 
the use of the individual or entity to which it is addressed. This 
communication may contain information that is protected from disclosure under 
State and/or Federal law. Please notify the sender immediately if you have 
received this communication in error and delete this email from your system. If 
you are not the intended recipient you are notified that disclosing, copying, 
distributing or taking any action in reliance on the contents of this 
information is strictly prohibited.

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to