Carsten Strotmann on Nostr: With DNSSEC and global forwarding enabled, a Windows Server DNS resolver seems to ...
With DNSSEC and global forwarding enabled, a Windows Server DNS resolver seems to sometimes (on higher query loads) ignore the “forward-only” configuration and starts resolving DS- and DNSKEY-records directly (without forwarding).
This breaks DNSSEC validation in cases where a firewall only allows DNS communication between the Windows DNS resolver and the Forwarding-Server. Seen on Windows 2016 / 2019.
Does anyone confirm this issue? Is it an implementation bug?
#WindowsServer #DNS #DNSSEC
This breaks DNSSEC validation in cases where a firewall only allows DNS communication between the Windows DNS resolver and the Forwarding-Server. Seen on Windows 2016 / 2019.
Does anyone confirm this issue? Is it an implementation bug?
#WindowsServer #DNS #DNSSEC