In a domain that runs DNSSEC, is it possible to exclude a single DNSSEC record? For example, would it be possible to have
mail.example.com running DNSSEC, but
www.example.com does not run DNSSEC? The reason for asking is that we have a web hosting provider that has problems configuring SSL / TLS for a site because we have DNSSEC working in DNS for our area?
I can not see a way to do this in Bind's documentation, but is there any other way?