Forward zone for private TLD doesn't work with DNSsec validation

[nprbsg]

The default values for the bind class configure a server with DNSsec enabled and validation enabled. This causes ServFail responses in forward zones for private TLDs due to the lack of proper delegation from the root zone.

[beddari]

Hmm. I think this should be documented, but not sure about changing the defaults. Any suggestions @nprbsg ?

[nerdlich]

Not an issue of this module, imho, rather a limitation of your setup. Ways around this (without deactivating DNSSEC):

• slave the private zone locally
• sign the private zone and install key as trust anchor in local recursor
• host the private TLD locally and delegate the actual zone to localhost (which then forwards)