Jan-Piet wrote on 05/11/2012 02:17:53 AM: > Indeed, which brings on the question why BIND (still) doesn't have the > a "negative trust anchor" feature.
So how do we implement one? Create a separate caching server with DNSSEC validation turned off and forward all queries for the broken domain to it? Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users