[Unbound-users] Enable Dnssec

Jan-Piet Mens jpmens.dns at gmail.com
Sun Jun 10 08:51:34 UTC 2012


> I have a a macports unbound port. It is resolving as it should however I
> can't get the dnssec enabled. Could someone possibly point me in the right
> direction ? Should unbound be used without the dnssec being enabled ?

I'm not familiar with the macports port, because on Mac I now use the
bundled Unbound that comes with DNSSEC-Trigger [1].

If the port is new enough, you should have a utility called
`unbound-anchor' which obtains the root DNSSEC key and stores it in 
/etc/unbound/root.key. [Invoke that as `unbound-anchor -a'.]

Then make sure Unbound is actually using that key by configuring (in
unbound.conf):

        auto-trust-anchor-file: "/etc/unbound/root.key"

Restart Unbound and you should be fine. (Check the logs.)

        -JP


[1] http://www.nlnetlabs.nl/projects/dnssec-trigger/



More information about the Unbound-users mailing list