per zone dnssec setting

Hi, Does BIND9 allow per zone dnssec setting? I wanted to forward requests for certain zone to remote resolvers which doesn't support DNSSEC and also disable dnssec validation for that particular zone because forward-only resolver will return SERVFAIL to the client when the remote resolves

Re: dnssec-validation auto vs yes

Thanks Even. Sounds like "dnssec-validation auto" is a more future-proof option for what want it. I will use that instead. On Wednesday, June 12, 2019, 5:25:51 PM PDT, Evan Hunt wrote: On Wed, Jun 12, 2019 at 11:40:27PM +0000, Shawn Zhou via bind-users wrote: > The

dnssec-validation auto vs yes

Hi, The default BIND9 installation for CentOS7 has dnssec-validation set to "yes" and it also includes managed-keys as well. Do those managed-keys get updated automatically? It is not clear from reading  https://ftp.isc.org/isc/dnssec-guide/html/dnssec-guide.html#dnssec-validation-explained  

how does BIND resolvers pick the authoritative servers to query

I am seeing occasional SERVFAILs when I flush BIND cache then run test queries with dig. Can someone let me know how BIND picks the authoritative server to query? >From what I know, BIND picks an authoritative server by assign random RTT to >authoritative servers then queries the one with

bugs with BIND 9.11.0-P3 edns client subnet

Hello all, Does anyone use BIND 9.11.0-P3 in recursive setup with edns client subnet support?When I dig against a local recursive resolver (BIND 9.11.0-P3) with '+subnet=' option, it doesn't send 'Client subnet' option to the authoritative server which also runs the same version of BIND;

Re: [dns-operations] bind edns-client-subnet

Hi Mukund,I filed a bug ISC-Bugs #45846. I wonder if what I saw was due to config issues or not. Does anyone also have similar problems? On Thursday, August 17, 2017, 7:09:07 PM PDT, Mukund Sivaraman wrote: On Fri, Aug 18, 2017 at 01:14:50AM +, Shawn Zhou wrote: >