That's good advice Greg, I thought I'd read up some more about that in the DNSSEC guide within the Admin. Reference Manual - https://bind9.readthedocs.io/en/v9.18.20/dnssec-guide.html - only it is not mentioned within that section (dnssec-validation is). It is in the Configuration Reference - https://bind9.readthedocs.io/en/v9.18.20/reference.html#namedconf-statement-validate-except - right under dnssec-validation (which ideally would mention it too).
I've create an enhancement request https://gitlab.isc.org/isc-projects/bind9/-/issues/4489 -- Stace On 12 Dec 2023, at 18:00, Greg Choules via bind-users wrote: > I really wouldn't recommend that. > If you have to, create exceptions for domains that won't validate correctly > by using the "validate-except {..." statement. > In parallel with that, encourage people with broken domains to fix them, > which makes life better for all of us. > > Cheers, Greg > > On Tue, 12 Dec 2023 at 17:42, Blason R <blaso...@gmail.com> wrote: > >> Thanks folks >> >> I just disabled DNSSEC validation from bind config file (globally) and >> those domains started resolving fine. >> >> -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users