Maintained by: NLnet Labs

[Unbound-users] Enable Dnssec

Jan-Piet Mens
Sun Jun 10 10:51:34 CEST 2012

> I have a a macports unbound port. It is resolving as it should however I
> can't get the dnssec enabled. Could someone possibly point me in the right
> direction ? Should unbound be used without the dnssec being enabled ?

I'm not familiar with the macports port, because on Mac I now use the
bundled Unbound that comes with DNSSEC-Trigger [1].

If the port is new enough, you should have a utility called
`unbound-anchor' which obtains the root DNSSEC key and stores it in 
/etc/unbound/root.key. [Invoke that as `unbound-anchor -a'.]

Then make sure Unbound is actually using that key by configuring (in

        auto-trust-anchor-file: "/etc/unbound/root.key"

Restart Unbound and you should be fine. (Check the logs.)