[Pdns-users] dnssec domain validates as bogus
remi.gacogne at powerdns.com
Fri Mar 9 15:20:02 UTC 2018
On 03/09/2018 03:44 PM, Greg Antic wrote:
> We are running recursor 4.1.1. We are having a problem with a domain
> that is signed with bogus dnssec records, the domain is cape-epic.com.
> We have tried the different dnssec modes but only process-no-validate
> allows the domain to be resolved. We tried adding an nta for the domain
> but the domain still would not resolve.
> Does anyone have any suggestions how we can accommodate and still
> resolve bogus domains but still offer dnssec validation?
Running with dnssec=process should only return a ServFail if the client
actually asks for DNSSEC validation, as described in .
Adding a NTA should also work, would you mind sharing your configuration
and a trace (running with --trace or enabling it for this single domain
via rec_control trace-regex 'cape-epic.com')?
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Pdns-users