Anyway, It is working using your suggestion. Apparently everything is also fine from the outside.
But I’ll have to check Petr Špaček post and study more. Thanks! David From: Darren Ankney <darren.ank...@gmail.com> Sent: 19 April 2023 10:27 To: David Carvalho <da...@di.ubi.pt> Cc: Bind Users Mailing List <bind-users@lists.isc.org> Subject: Re: DNSSEC and forward zone Hi David, You can disable validation on one or more domains using "validate-except" - https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-validate-except Thank you, Darren Ankney On Wed, Apr 19, 2023 at 5:05 AM David Carvalho via bind-users <bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> > wrote: Hello guys Asking for your help, again. So after setting up DNSSEC I’ve found I couldn’t reach some internal sites on my top domain, served by internal DNS servers There’s no need in hiding domains as my e-mail is shown here. Top domain ubi.pt <http://ubi.pt> (external DNS Servers authoritative) Internal DNS servers (windows, Active directory - Recursive) <http://Internalsite1.ubi.pt> Internalsite1.ubi.pt <http://Internalsite2.ubi.pt> Internalsite2.ubi.pt … di.ubi.pt <http://di.ubi.pt> (both authoritative and recursive for my networks) Previously I had the following to get internal sites resolved, but now it seems it is completely discarded by dnssec. zone "ubi.pt <http://ubi.pt> " IN { type forward; forwarders { 192.168.100.1; 192.168.100.2; }; } Is there any configuration to allow me to be able to access internal sites served by internal dns servers, I guess not using DNSSEC? Can this only be accomplished by adding these entries to my parent domain? Thanks! Kind regards David Carvalho -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users