hi, On Mon, 09 May 2011 20:11 -0700, "Doug Barton" <do...@dougbarton.us> wrote: > ... > the fact that un-signed domains aren't returning data either is a problem.
that's not returning DATA *and* reporting a SERVFAIL. not sure if they're one and the same issue. > Split the features you described above into > separate servers, remove the views stuff on the resolver, and try again. I'm confused by this advice, and what exactly you're proposing I do here. I've run this single-instance bind9 server in split-horizon mode serving up internal data with recursion to the lan & just data with no recursion externally a couple of years with no apparent issues. I thought that was the purpose of internal/external views. Are you suggesting I need to run multiple bind9 servers, or some other config, to simply make DNSSEC validation work correctly for the LAN cleints? Thanks DCh _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users