[Pdns-users] DNSSEC Validations and max-cache-bogus-ttl
Otto Moerbeek
otto at drijf.net
Wed Jun 11 15:30:52 UTC 2025
On Wed, Jun 11, 2025 at 04:56:14PM +0200, Jan-Piet Mens via Pdns-users wrote:
> > rec_control add-nta domain.example botched keyroll
> >
> > ....would set dnssec validations for domain.example. to "off"....?
>
> Correct, though the multple arguments as reason look a bit suspicious to me; I
> cannot test now, but it might be you have to quote the "botched keyroll"
> arguments.
Multiple "reason" arguments do not need to be quoted.
Note that adding an NTA using rec_control adds an NTA in a
non-persistent way. The NTA wil be gone after a restart. See
https://docs.powerdns.com/recursor/yamlsettings.html#dnssec-negative-trustanchors
for a permanent setting.
-Otto
More information about the Pdns-users
mailing list