To disable DNSSEC validation for a domain from the command line - I
use: dig +cd eportal.incometax.gov.in <http://eportal.incometax.gov.in>
Works as expected.
Better answer is to get them to fix the problem.
On 2023/08/30 17:08, Bob McDonald wrote:
Turning off validation for that domain fixes the issue.
When using dig to diagnose this issue, one might be tempted to use the
DNSSEC switch. However, the following command:
dig eportal.incometax.gov.in <http://eportal.incometax.gov.in>. +NODNSSEC
will NOT turn off DNSSEC validation.
The DNSSEC switch in dig is used to display the associated DNSSEC
records (if they exist). It doesn't affect validation. You must make
the options change indicated by Greg Choules in his previous post to
disable DNSSEC validation for a specific domain.
Sorry if this is redundant or very rudimentary.
Bob
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users