Re: Bind 9.10.3: forwarded zone on a recursive server

The simplest way is to slave the zone. Named won’t attempt to validate zone content it serves. If you have other applications that validate zone content sign your own zone and distribute trust anchors for them. Mark On 20 Nov 2017, at 12:45 pm, Ivan Kurnosov wrote: > > >

Re: Bind 9.10.3: forwarded zone on a recursive server

Found it. It's caused by `dnssec`. If I enable it - the root servers are not being touched. Then the question is - can I still have `dnssec` and somehow internet-availability-tolerant configuration? On 20 November 2017 at 14:36, Ivan Kurnosov wrote: > I'm having a really

Re: Bind 9.10.3: forwarded zone on a recursive server

err: a typo in the last email `s/enable/disable/` On 20 November 2017 at 14:45, Ivan Kurnosov wrote: > Found it. It's caused by `dnssec`. If I enable it - the root servers are > not being touched. > > Then the question is - can I still have `dnssec` and somehow >

Re: Bind 9.10.3: forwarded zone on a recursive server

Right, it looks a bit dirty but makes sense. Thanks. On 20 November 2017 at 15:13, Mark Andrews wrote: > The simplest way is to slave the zone. Named won’t attempt to validate > zone > content it serves. If you have other applications that validate zone > content > sign your

Bind 9.10.3: forwarded zone on a recursive server

I'm having a really simple recursive DNS for a small office, that has a forwarded zone (being resolved by another local server). The config looks like options { directory "/var/cache/bind"; dnssec-validation auto; auth-nxdomain no; listen-on-v6 { none; }; recursion yes;