RE: DNSSEC and forward zone

Wed, 19 Apr 2023 02:55:48 -0700 

Anyway, It is working using your suggestion. Apparently everything is also fine 
 from the outside.

But I’ll have to check Petr Špaček post and study more.

Thanks!

David

 

 

From: Darren Ankney <darren.ank...@gmail.com> 
Sent: 19 April 2023 10:27
To: David Carvalho <da...@di.ubi.pt>
Cc: Bind Users Mailing List <bind-users@lists.isc.org>
Subject: Re: DNSSEC and forward zone

 

Hi David,

 

You can disable validation on one or more domains using "validate-except" - 
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-validate-except

 

Thank you,

 

Darren Ankney

 

On Wed, Apr 19, 2023 at 5:05 AM David Carvalho via bind-users 
<bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> > wrote:

Hello guys

Asking for your help, again.

 

So after setting up DNSSEC I’ve found I couldn’t reach some internal sites on 
my top domain, served by internal DNS servers

There’s no need in hiding domains as my e-mail is shown here.

 

Top domain

        
        


 

 




ubi.pt <http://ubi.pt>  (external DNS Servers authoritative)

 

          Internal DNS servers (windows, Active directory - Recursive)

     <http://Internalsite1.ubi.pt> Internalsite1.ubi.pt

                    <http://Internalsite2.ubi.pt> Internalsite2.ubi.pt

                …

 

 

di.ubi.pt <http://di.ubi.pt>  

(both authoritative and recursive for my networks)

 

Previously I had the following to get internal sites resolved, but now it seems 
it is completely discarded by dnssec.

 

zone "ubi.pt <http://ubi.pt> " IN {

        type forward;

        forwarders { 192.168.100.1; 192.168.100.2; };

}

 

Is there any configuration to allow me  to be able to access internal sites 
served by internal dns servers, I guess not using DNSSEC?

Can this only be accomplished by adding these entries to my parent domain?

Thanks!

 

Kind regards

David Carvalho

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> 
https://lists.isc.org/mailman/listinfo/bind-users


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to