[knot-resolver-users] How to disable DNSSEC validation for specific domains

Hello, There is a website I need to use in a daily basis that uses DNSSEC, however their keys have expired which causes validation to fail. I have contacted their support but they failed to resolve the issue so far. Since I can resolve the name when using `dig +cd`, I was hoping I could configure `kresd` to skip validation when resolving that specific domain. It seems that I should be able to do so by using the `policies` module and the `FLAGS` action: https://knot-resolver.readthedocs.io/en/stable/modules.html#actions I am not sure with flag/flags to use. I inspected the source and tried the following: policy.add(policy.suffix(policy.FLAGS('DNSSEC_CD'),{todname('example.org.')})) But this apparently had no effect. I also tried without the trailing dot and played with other flags, but no success. Does anybody know which flag I could set to bypass DNSSEC validation for the specified domain? Or, if the policy module is not the way to achieve that goal, is there any other way? # kresd --version Knot DNS Resolver, version 1.5.1 Any help will be greatly appreciated, // Leonardo.