Le 1 juin 2023 Bonno Bloksma a écrit : > I can do that, but ... that is only for inbound traffic TO my dns server on > this network. > That part is working without any problem. Changing that will not change > anything for the clients on this network.
You are right. I simply used to fix explicitely interfaces for security and it's not the point here. > My bind instance can reach the company dns server buy claims the response is > false/insecure > Does that maybe mean that my bind gets a "normal" response from the company > dns whereas the external dns at toplevel .nl. (being the parent zone) tells > that any response from a tio.nl dns server should be a secure response. And > therefore bind does not accept it? I reread all our mails and I miss to ask you this one (as answers via external dns masked the real problem) : dig tio.nl NS +cd If you get an answer it's a dnssec problem with the error message in your logs. If there is no answer it's another problem. > Where does bind store this info and can I overrule it? I am not sure but I think bind only cache in memory. And it's definitely not the good solution but you could transfert the full zone (or get a copy of the file) and serve it as master.
