I think the safest in this situation would be to add a Negative Trust Anchor
(NTA) [1] in order to temporarily disable DNSSEC validation in your Recursor
for that particular authoritative zone. While the NTA [2] is active you could
try contacting the operator of the (obviously) broken authoritative server and
get them to fix the zone.
-JP
[1] https://doc.powerdns.com/recursor/lua-config/dnssec.html#addNTA
[2] https://doc.powerdns.com/recursor/dnssec.html#ntas
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
