[Pdns-users] DNSSEC + Split DNS
Brian Candler
b.candler at pobox.com
Thu Apr 9 08:54:56 UTC 2026
On 09/04/2026 09:38, Brian Candler wrote:
>
> If it's just a case of private, unsigned subdomains of test.com, then
> all you need to do is to set Negative Trust Anchors for these
> subdomains on your internal recursor(s), and it will be fine.
>
> See: https://doc.powerdns.com/recursor/settings.html#forward-zones
>
P.S. It's simpler in the new YAML syntax, as you don't need any LUA.
https://docs.powerdns.com/recursor/yamlsettings.html#negativetrustanchor
https://docs.powerdns.com/recursor/yamlsettings.html#rpz
More information about the Pdns-users
mailing list