Re: [dns-operations] How to tell bind to ignore DNSSEC for a domain/zone

Livingood, Jason Fri, 10 Oct 2014 16:51:46 -0700

Ah! A Negative Trust Anchor. :-)

>From an upcoming draft on the subject. Let me know if you think this does
the trick or not.

You can achive this functionality by disabling all DNSSEC algorithms
   for a zone.  The operator can see which algorithms the zone is using,
   or simply disable all supported algorithms.

   This gets placed in the "global options" section of the config file.

   disable-algorithms "foo.example.com." {"RSAMD5", "RSA", "DH",
     "DSA", "NSEC3DSA", "ECC", "RSASHA1", "NSEC3RSASHA1",
     "RSASHA256", "RSASHA512", "ECCGOST", "ECDSAP256SHA256",
     "ECDSAP384SHA384"; };

- Jason

On 10/10/14, 5:56 PM, "Franck Martin" <[email protected]> wrote:

>I see that unbound has a statement to tell, this domain dnssec does not
>work, ignore dnssec validation for it.
>
>How do you do the same with bind?

_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Re: [dns-operations] How to tell bind to ignore DNSSEC for a domain/zone

Reply via email to