Re: DNSSEC and forwarding

2022-04-13 Thread Mark Andrews
> On 14 Apr 2022, at 01:02, Duchscher, Dave J via bind-users > wrote: > > >> On Apr 13, 2022, at 12:00 AM, Grant Taylor via bind-users >> wrote: >> >> This Message Is From an External Sender >> This message came from outside your organization. >> On 4/12/22 7:18 PM, Duchscher, Dave J via b

Re: DNSSEC and forwarding

2022-04-13 Thread Benny Pedersen
On 2022-04-13 17:08, Nicholas Miller wrote: I believe this is the option you are looking for: validate-except { domain.example; }; rndc nta domain.example remember to define nta ttl in named.conf -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: DNSSEC and forwarding

2022-04-13 Thread Duchscher, Dave J via bind-users
On Apr 13, 2022, at 10:08 AM, Nicholas Miller wrote: > > I believe this is the option you are looking for: > > validate-except { domain.example; }; Thanks but that doesn't fix our problem. We use it to fix the problematic domains for now but that is a temporary solution. There is always

Re: DNSSEC and forwarding

2022-04-13 Thread Nicholas Miller
I believe this is the option you are looking for: validate-except { domain.example; }; _ Nicholas Miller, OIT, University of Colorado at Boulder > On Apr 13, 2022, at 9:02 AM, Duchscher, Dave J via bind-users > wrote: > > >> On

Re: DNSSEC and forwarding

2022-04-13 Thread Duchscher, Dave J via bind-users
> On Apr 13, 2022, at 12:00 AM, Grant Taylor via bind-users > wrote: > > This Message Is From an External Sender > This message came from outside your organization. > On 4/12/22 7:18 PM, Duchscher, Dave J via bind-users wrote: > > We are dropping this configuration and looking at doing somethi

Re: DNSSEC and forwarding

2022-04-12 Thread Grant Taylor via bind-users
On 4/12/22 7:18 PM, Duchscher, Dave J via bind-users wrote: We are dropping this configuration and looking at doing something else. I'm sorry to hear that. We have had intermittent issues with Slack, Microsoft, and a growing list of domains. Even have one that consistently fails. Are you ab

Re: DNSSEC and forwarding

2022-04-12 Thread Duchscher, Dave J via bind-users
On Mar 30, 2022, at 4:43 PM, Tony Finch wrote: > > > We have an internal DNS server that we would like to forward its > > outgoing queries to a main DNS server that connects to the outside world > > and is doing DNSSEC validation. The problem is that the DNSSEC > > validation doesn't work for qu

Re: DNSSEC and forwarding

2022-03-30 Thread Tony Finch
Duchscher, Dave J via bind-users wrote: > We have an internal DNS server that we would like to forward its > outgoing queries to a main DNS server that connects to the outside world > and is doing DNSSEC validation. The problem is that the DNSSEC > validation doesn't work for queries from the in