Is it possible to disable DNSSEC for specific forward zones ?
Issue
- Recently we tried to enable DNSSEC validation within our DNS infrastructure. Unfortunately there is no possibility to enable DNSSEC based on DNS zones. The only way to enable DNSSEC is on a global level.
- Within our DNS infrastructure we have to use forward zone statements. Those zones are internal zones not available within the public Internet. The master zone is located on customer site and is not DNSSEC enabled. So we have to disable DNSSEC for those DNS zones. Otherwise bind tries to validate those zones and fails.
Environment
- Red Hat Enterprise Linux (RHEL)
- Bind (version < 10)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.