Re: bind9 and dns forward
Le 1 juin 2023 Bonno Bloksma a écrit :
> I can do that, but ... that is only for inbound traffic TO my dns server on this network.
> That part is working without any problem. Changing that will not change anything for the clients on this network.
You are right. I simply used to fix explicitely interfaces for
security and it's not the point here.
> My bind instance can reach the company dns server buy claims the response is false/insecure
> Does that maybe mean that my bind gets a "normal" response from the company
> dns whereas the external dns at toplevel .nl. (being the parent zone) tells
> that any response from a tio.nl dns server should be a secure response. And
> therefore bind does not accept it?
I reread all our mails and I miss to ask you this one (as answers via
external dns masked the real problem) :
dig tio.nl NS +cd
If you get an answer it's a dnssec problem with the error message in your
logs. If there is no answer it's another problem.
> Where does bind store this info and can I overrule it?
I am not sure but I think bind only cache in memory.
And it's definitely not the good solution but you could transfert the
full zone (or get a copy of the file) and serve it as master.
Reply to: