AW: Problems with (unsigned) forward zones, dnssec-validation auto and validate-except on BIND 9.16 and 9.17

Hello Tony, > The other things that can cause the behaviour you observed are synth-from- > dnssec and qname-minimization. thanks for the heads up concerning synth-from-dnssec; I thought the default was "no", but that seems to have changed somewhere between 9.14 and 9.16... I've just changed that

Problems with (unsigned) forward zones, dnssec-validation auto and validate-except on BIND 9.16 and 9.17

Dear list, I'm currently setting up a resolver using bind (tested with both 9.16 and 9.17), which uses multiple views to expose forwarded zones (under .lan and .local, old Windows-AD zones which I don't control and can't change.) under some of their views. All of the views have