Unbound error with domain override and DNSSec

[lox]

Hello,

I have secured a domain with DNSSec, its DNS server being on the WAN. It has an office.domain.com subdomain.

I also have a local DNS server where that subdomain is set, so it resolves locally to local IPs. So I am adding a domain override in Unbound as such:

Code Select Expand


Domain                   IP
office.domain.com        10.25.65.16


And I get this error in Unbound:

Code Select Expand


2021-06-23T20:57:39 unbound[60568] [60568:1] info: NSEC3s for the referral proved no delegation
2021-06-23T20:57:39 unbound[60568] [60568:1] info: resolving office.domain.nc. DS IN
2021-06-23T20:57:39 unbound[60568] [60568:1] info: query response was ANSWER
2021-06-23T20:57:39 unbound[60568] [60568:1] info: reply from <office.domain.nc.> 10.25.65.16#53
2021-06-23T20:57:39 unbound[60568] [60568:1] info: response for office.domain.nc. A IN
2021-06-23T20:57:39 unbound[60568] [60568:1] info: resolving office.domain.nc. A IN


I understand that error. If I disable the DNSSec feature in unbound, it works.

But I am wondering if there is anyway to work around that (without disabling DNSSec checking), and have unbound give back the ANSWER returned by that local DNS server ?