Hi Phil, Thanks, however I can't control the domain in question unfortunately. It is what it is. We have to work with it. I totally understand why this doesn't work and actually agree with the design, however I just don't have a workaround or way to force forwarders for this domain with dnssec validation enabled on the resolver.
-Vinny -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Phil Mayers Sent: Tuesday, November 01, 2011 12:23 PM To: [email protected] Subject: Re: DNSSEC and forward zones On 01/11/11 16:14, [email protected] wrote: > resolution fail since NXDOMAIN is the valid answer... done, end of > story. I thought the forwarder type would bypass this but apparently > I am wrong. Is there some other way to handle this for non-existent > domains just for testing purposes? Don't do this. Use a domain you own, and can put a valid (insecure) delegation into. It might be possible with "type static-stub" in bind 9.8, but I don't think so; I think it'll have the same effect. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
