On Thu, 1 Jun 2023, Bonno Bloksma wrote:
My bind instance can reach the company dns server buy claims the response is
false/insecure
Does that maybe mean that my bind gets a "normal" response from the company dns
whereas the external dns at toplevel .nl. (being the parent zone) tells that any response
from a tio.nl dns server should be a secure response. And therefore bind does not accept
it?
Where does bind store this info and can I overrule it?
/etc/bind/named.conf.options:
dnssec-validation auto;
You'll have to check the docs but I think setting this to no or none (I
don't remember which) should mean that it doesn't complain.
But this is rather brute force. There may be a cleaner way to do it for
a single domain via trust anchors but it's not something I've tried to
do.
Tim.
