Forward zone for private TLD doesn't work with DNSsec validation
Opened this issue · 2 comments
nprbsg commented
The default values for the bind
class configure a server with DNSsec enabled and validation enabled. This causes ServFail responses in forward
zones for private TLDs due to the lack of proper delegation from the root zone.
beddari commented
Hmm. I think this should be documented, but not sure about changing the defaults. Any suggestions @nprbsg ?
nerdlich commented
Not an issue of this module, imho, rather a limitation of your setup. Ways around this (without deactivating DNSSEC):
- slave the private zone locally
- sign the private zone and install key as trust anchor in local recursor
- host the private TLD locally and delegate the actual zone to localhost (which then forwards)