RE: bind9 and dns forward

To: debian-user@lists.debian.org
Subject: RE: bind9 and dns forward
From: Tim Woodall <debianuser@woodall.me.uk>
Date: Thu, 1 Jun 2023 19:00:14 +0100 (BST)
Message-id: <[🔎] alpine.DEB.2.21.2306011857470.5861@dirac.home.woodall.me.uk>
In-reply-to: <[🔎] AM6PR04MB5095E02AFCD7F266272DA5849D499@AM6PR04MB5095.eurprd04.prod.outlook.com>
References: <AM6PR04MB50950098FC30BF288508987E9D6B9@AM6PR04MB5095.eurprd04.prod.outlook.com> <875y9fqjbt.fsf@free.fr> <AM6PR04MB5095508A88EE5DF291C629A89D6F9@AM6PR04MB5095.eurprd04.prod.outlook.com> <87o7n2ncbd.fsf@free.fr> <VI1PR04MB5104CB7C1B1A80DDF89292E19D729@VI1PR04MB5104.eurprd04.prod.outlook.com> <87o7myt0ww.fsf@free.fr> <AM6PR04MB5095173A16A9FEA0947844BD9D719@AM6PR04MB5095.eurprd04.prod.outlook.com> <878rdzf5fh.fsf@free.fr> <AM6PR04MB5095F6BE6C5B8B5B9A80B8879D7C9@AM6PR04MB5095.eurprd04.prod.outlook.com> <AM6PR04MB50951ABCD64433E3670C53509D7C9@AM6PR04MB5095.eurprd04.prod.outlook.com> <87jzwzb2h5.fsf@free.fr> <[🔎] AM6PR04MB509549850A51DB0A792E222B9D499@AM6PR04MB5095.eurprd04.prod.outlook.com> <[🔎] 87bkhz48hs.fsf@free.fr> <[🔎] AM6PR04MB5095E02AFCD7F266272DA5849D499@AM6PR04MB5095.eurprd04.prod.outlook.com>

On Thu, 1 Jun 2023, Bonno Bloksma wrote:


My bind instance can reach the company dns server buy claims the response is false/insecure

Does that maybe mean that my bind gets a "normal" response from the company dns whereas the external dns at toplevel .nl. (being the parent zone) tells that any response from a tio.nl dns server should be a secure response. And therefore bind does not accept it?
Where does bind store this info and can I overrule it?


/etc/bind/named.conf.options:

        dnssec-validation auto;

You'll have to check the docs but I think setting this to no or none (I
don't remember which) should mean that it doesn't complain.

But this is rather brute force. There may be a cleaner way to do it for
a single domain via trust anchors but it's not something I've tried to
do.

Tim.

Reply to:

References:
- RE: bind9 and dns forward
  - From: Bonno Bloksma <b.bloksma@tio.nl>
- Re: bind9 and dns forward
  - From: Michel Verdier <mv524@free.fr>
- RE: bind9 and dns forward
  - From: Bonno Bloksma <b.bloksma@tio.nl>

Prev by Date: Re: Settings: focus when mouse over window?
Next by Date: Monthly FAQ for Debian-user list (Unmodified 1/6/2023)
Previous by thread: RE: bind9 and dns forward
Next by thread: Re: bind9 and dns forward
Index(es):
- Date
- Thread