Hi everyone, I'm about to start DNSSEC validation on my resolvers (BIND 9.8) but wanted to know beforehand if there was a way to disable DNSSEC validation for particular domains. I searched the archives and found the answer to be "no" (at present time).
This change is going to impact thousands of users for us and I'm a bit worried about it. How do you deal with DNSSEC bogus data? I know that one should inform the corresponding party (SOA email record perhaps?) and be a good netizen but, what if these efforts fail? Do you temporarily become "authoritative" for that zone? or do you tell your users: "sorry, it's not on us; it's their fault"? Thanks in advance. -- Jorge p.d. I know there are DNSSEC mailing lists out there but wanted to know about BIND admins (where you currently don't have the option to disable validation for given domains). _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
