[nsd-users] intentional bad DNSSEC and NSEC3
Michael A. Peters
mpeters at domblogger.net
Sun Apr 9 04:54:25 UTC 2017
Hello list,
I am attempting to create a single record in a zone file that will not
DNSSEC validate. The purpose of this is to give myself a means of
checking DNSSEC validation on my local systems.
What I am doing is creating both an A and AAAA record with the name
ffinvalid and then after signing the zone, using sed to change ffinvalid
to invalid.
What I don't know is what impact, if any, that will have on NSEC3
records. Will that break by NSEC3 records?
More information about the nsd-users
mailing list