Nick Tait via bind-users skrev den 2022-09-26 23:50:
On 27/09/2022 3:58 am, Benny Pedersen wrote:
imho dnssec-validation auto; have a bug as it validates domains
without DS set
hope bind developpers can confirm or deny it
Hi Benny.
Until DS records are published in the parent zone, the (signed) zone
is considered 'insecure', and validation doesn't occur. i.e. The
behaviour you described above is how it is supposed to work.
+1
https://gitlab.isc.org/isc-projects/bind9/-/issues/3465
https://www.irccloud.com/pastebin/YlJORfJK/delv%20plex.tv%20and%20later%20logs
just an example log
https://bugs.gentoo.org/872449 dont know if that will solve it or not
on some domains its possible to just do "rndc nta domain" to solve it
shurtly, as some domains cant be sent email to before its nta listed :/
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
