Thanks - i didnt know this parameter - so basically this... rec_control add-nta domain.example botched keyroll Added Negative Trust Anchor for domain.example. with reason 'botched keyroll'
....would set dnssec validations for domain.example. to "off"....? Am Mi., 11. Juni 2025 um 16:21 Uhr schrieb Jan-Piet Mens via Pdns-users < pdns-users@mailman.powerdns.com>: > I think the safest in this situation would be to add a Negative Trust > Anchor > (NTA) [1] in order to temporarily disable DNSSEC validation in your > Recursor > for that particular authoritative zone. While the NTA [2] is active you > could > try contacting the operator of the (obviously) broken authoritative server > and > get them to fix the zone. > > -JP > > [1] https://doc.powerdns.com/recursor/lua-config/dnssec.html#addNTA > [2] https://doc.powerdns.com/recursor/dnssec.html#ntas > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users >
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
