Is it possible to disable DNSSEC for specific forward zones ?

Solution Unverified - Updated -

Issue

  • Recently we tried to enable DNSSEC validation within our DNS infrastructure. Unfortunately there is no possibility to enable DNSSEC based on DNS zones. The only way to enable DNSSEC is on a global level.
  • Within our DNS infrastructure we have to use forward zone statements. Those zones are internal zones not available within the public Internet. The master zone is located on customer site and is not DNSSEC enabled. So we have to disable DNSSEC for those DNS zones. Otherwise bind tries to validate those zones and fails.

Environment

  • Red Hat Enterprise Linux (RHEL)
  • Bind (version < 10)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content