Hi, Does BIND9 allow per zone dnssec setting? I wanted to forward requests for certain zone to remote resolvers which doesn't support DNSSEC and also disable dnssec validation for that particular zone because forward-only resolver will return SERVFAIL to the client when the remote resolves don't support DNSSEC. I was hoping I could configure dnssec on the zone level but that didn't appear to be supported (snippet from my test config): zone "isc.org" { type forward; dnssec-validation no; forward only; forwarders { 208.67.220.220; };}
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users