bind9 configure forward zone for local domain without DNSSEC for this zone only

Solution 1:

I found an answer. Following line in /etc/bind/named.conf.options fixes it:

--->        dnssec-must-be-secure mydomain.local no;   <---

So, full text of /etc/bind/named.conf.options will be (skipping comments):

options {
        directory "/var/cache/bind";

        forwarders {
                192.168.1.1;
        };

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-must-be-secure mydomain.local no;

        auth-nxdomain no;
        listen-on-v6 { any; };
};

UPDATE: Actually, at this point I cannot tell if I indeed fixed bind with that line or didn't. Somehow all queries succeed now, with or without this line. If an expert is present here, please chip in