Dns forwarders not validating
So it's critical to troubleshoot DNS problems as fast as possible. Here are10 of my favorite DNS troubleshooting techniques.
When DNS problems occur, one of the first things you should do is verify that the DNS server still has network connectivity.
Forwarders on an authoritative Windows 2012 DNS Server, if enabled for external resolution, must only forward to either an internal, non-AD-integrated DNS server or to the Do D Enterprise Recursive Services (ERS).
If you connect via IP then the CN is completely ignored and the certificate verification requires that an IP Subject Alternate Name is added to the certificate.
If you connect via hostname the CN=* will work, or even CN=will work.
Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]
The specification for a digital signature mechanism in the context of the DNS infrastructure is in IETF's DNSSEC standard.
In the interim, please use Go1.2, or the 221 branch (fully noting that it is NOT acceptable to us.